diff options
7 files changed, 45883 insertions, 0 deletions
diff --git a/bip39-standalone.html b/bip39-standalone.html
new file mode 100644
index 0000000..9ee29f4
--- /dev/null
+++ b/bip39-standalone.html
@@ -0,0 +1,22946 @@
1<!DOCTYPE html>
3 <head lang="en">
4 <meta charset="utf-8" />
BIP39 - Mnemonic Code
6 <!--<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">-->
7 <style>
9 * Bootstrap v3.2.0 (http://getbootstrap.com)
10 * Copyright 2011-2014 Twitter, Inc.
11 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
13 </style>
15 <meta content="Mnemonic code for generating deterministic keys" name="description"/>
16 <meta content="width=device-width, initial-scale=1.0" name="viewport" />
17 <meta content="bitcoin mnemonic converter" name="description" />
18 <meta content="DC POS" name="author" />
20 <style>
21 .feedback-container {
22 position: fixed;
23 top: 0;
24 width: 100%;
25 text-align: center;
26 z-index: 4;
27 }
28 .feedback {
29 display: table;
30 padding: 0.5em 1em;
31 background-color: orange;
32 margin: 0 auto;
33 font-size: 2em;
34 color: #444;
35 border: 2px solid #555;
36 border-top: 0;
37 border-bottom-left-radius: 20px 20px;
38 border-bottom-right-radius: 20px 20px;
39 }
40 </style>
41 </head>
42 <body>
43 <div class="container">
Mnemonic Code Converter
46 <hr>
47 <div class="row">
48 <div class="col-md-12">
Phrase
50 <form class="form-horizontal" role="form">
51 <div class="col-sm-2"></div>
52 <div class="col-sm-10">
For more info see the BIP39 spec
54 </div>
55 <div class="form-group">
BIP39 Phrase
57 <div class="col-sm-10">
58 <textarea id="phrase" class="phrase form-control"></textarea>
59 </div>
60 </div>
61 <div class="form-group">
Number of words
63 <div class="col-sm-10">
64 <div class="input-group">
65 <input type="number" class="strength form-control" id="strength" value="12">
66 <span class="input-group-btn">
Generate Random Phrase
68 </span>
69 </div>
70 </div>
71 </div>
72 <div class="form-group">
BIP32 Root Key
74 <div class="col-sm-10">
75 <textarea id="root-key" class="root-key form-control" disabled="disabled"></textarea>
76 </div>
77 </div>
78 </form>
79 </div>
80 </div>
82 <hr>
84 <div class="row">
85 <div class="col-md-12">
Derivation Path
87 <ul class="derivation-type nav nav-tabs" role="tablist">
88 <li class="active">
BIP44
BIP32
91 </ul>
92 <div class="derivation-type tab-content">
93 <div id="bip44" class="tab-pane active">
94 <form class="form-horizontal" role="form">
95 <br>
96 <div class="col-sm-2"></div>
97 <div class="col-sm-10">
For more info see the BIP44 spec
99 </div>
100 <div class="form-group">
101 <label for="purpose" class="col-sm-2 control-label">
102 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#purpose" target="_blank">Purpose</a>
103 </label>
104 <div class="col-sm-10">
105 <input id="purpose" type="text" class="purpose form-control" value="44">
106 </div>
107 </div>
108 <div class="form-group">
109 <label for="coin" class="col-sm-2 control-label">
110 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#registered-coin-types" target="_blank">Coin</a>
111 </label>
112 <div class="col-sm-10">
113 <input id="coin" type="text" class="coin form-control" value="0">
114 </div>
115 </div>
116 <div class="form-group">
117 <label for="account" class="col-sm-2 control-label">
118 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#account" target="_blank">Account</a>
119 </label>
120 <div class="col-sm-10">
121 <input id="account" type="text" class="account form-control" value="0">
122 </div>
123 </div>
124 <div class="form-group">
125 <label for="change" class="col-sm-2 control-label">
126 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#change" target="_blank">External / Internal</a>
127 </label>
128 <div class="col-sm-10">
129 <input id="change" type="text" class="change form-control" value="0">
130 </div>
131 </div>
132 <div class="form-group">
133 <label for="bip44-path" class="col-sm-2 control-label">BIP32 Derivation Path</label>
134 <div class="col-sm-10">
135 <input id="bip44-path" type="text" class="path form-control" value="m/44'/0'/0'/0" disabled="disabled">
136 </div>
137 </div>
138 </form>
139 </div>
140 <div id="bip32" class="tab-pane">
141 <form class="form-horizontal" role="form">
142 <br>
143 <div class="col-sm-2"></div>
144 <div class="col-sm-10">
For more info see the BIP32 spec
146 </div>
147 <div class="form-group">
148 <label for="bip32-path" class="col-sm-2 control-label">BIP32 Derivation Path</label>
149 <div class="col-sm-10">
150 <input id="bip32-path" type="text" class="path form-control" value="m/0">
151 </div>
152 </div>
153 </form>
154 </div>
155 </div>
156 <form class="form-horizontal" role="form">
157 <div class="form-group">
158 <label for="extended-priv-key" class="col-sm-2 control-label">BIP32 Extended Key</label>
159 <div class="col-sm-10">
160 <textarea id="extended-priv-key" class="extended-priv-key form-control" disabled="disabled"></textarea>
161 </div>
162 </div>
163 <div class="form-group">
164 <label for="extended-pub-key" class="col-sm-2 control-label">BIP32 Extended Key (addresses only)</label>
165 <div class="col-sm-10">
166 <textarea id="extended-pub-key" class="extended-pub-key form-control" disabled="disabled"></textarea>
167 </div>
168 </div>
169 </form>
170 </div>
171 </div>
173 <hr>
175 <div class="row">
176 <div class="col-md-12">
Derived Addresses
Note these addreses are derived from the BIP32 Extended Key
179 <table class="table table-striped">
180 <thead>
181 <th>
182 <div class="input-group">
183 Index&nbsp;&nbsp;
184 <button class="index-toggle">Toggle</button>
185 </div>
186 </th>
187 <th>
188 <div class="input-group">
189 Address&nbsp;&nbsp;
190 <button class="address-toggle">Toggle</button>
191 </div>
192 </th>
193 <th>
194 <div class="input-group">
195 Private Key&nbsp;&nbsp;
196 <button class="private-key-toggle">Toggle</button>
197 </div>
198 </th>
199 </thead>
200 <tbody class="addresses">
201 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
202 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
203 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
204 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
205 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
206 </tbody>
207 </table>
208 </div>
209 </div>
210 <span>Show next </button>
211 <input type="number" class="rows-to-add" value="20">
212 <button class="more">Show</button>
214 <hr>
216 <div class="row">
217 <div class="col-md-12">
More info
BIP39 Mnemonic code for generating deterministic keys
220 <p>
221 Read more at the
official BIP39 spec
223 </p>
BIP32 Hierarchical Deterministic Wallets
225 <p>
226 Read more at the
official BIP32 spec
228 and see the demo at
229 <a href="http://bip32.org/" target="_blank">bip32.org</a>
230 </p>
BIP44 Multi-Account Hierarchy for Deterministic Wallets
232 <p>
233 Read more at the
official BIP44 spec
235 </p>
Private Keys
237 <p>
238 Use private keys at
239 <a href="https://brainwallet.github.io/" target="_blank">brainwallet.org</a>,
240 but be careful - it can be easy to make mistakes if you
241 don't know what you're doing
242 </p>
243 </div>
244 </div>
245 </div>
247 <div class="feedback-container">
248 <div class="feedback"></div>
249 </div>
251 <script type="text/template" id="address-row-template">
252 <tr>
253 <td class="index"><span></span></td>
254 <td class="address"><span></span></td>
255 <td class="privkey"><span></span></td>
256 </tr>
257 </script>
259 <!--<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>-->
260 <script>
261/*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */
265 </script>
267 <!--<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>-->
268 <script>
270 * Bootstrap v3.2.0 (http://getbootstrap.com)
271 * Copyright 2011-2014 Twitter, Inc.
272 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
273 */
275 </script>
277 <!--<script src="/js/bitcoinjs-1-0-0.js"></script>-->
278 <script>
2766 buf[offset + i] = byte
2767 }
2768 return i
2771function utf8Write (buf, string, offset, length) {
2772 var charsWritten = blitBuffer(utf8ToBytes(string), buf, offset, length)
2773 return charsWritten
2776function asciiWrite (buf, string, offset, length) {
2777 var charsWritten = blitBuffer(asciiToBytes(string), buf, offset, length)
2778 return charsWritten
2781function binaryWrite (buf, string, offset, length) {
2782 return asciiWrite(buf, string, offset, length)
2785function base64Write (buf, string, offset, length) {
2786 var charsWritten = blitBuffer(base64ToBytes(string), buf, offset, length)
2787 return charsWritten
2790function utf16leWrite (buf, string, offset, length) {
2791 var charsWritten = blitBuffer(utf16leToBytes(string), buf, offset, length)
2792 return charsWritten
2795Buffer.prototype.write = function (string, offset, length, encoding) {
2796 // Support both (string, offset, length, encoding)
2797 // and the legacy (string, encoding, offset, length)
2798 if (isFinite(offset)) {
2799 if (!isFinite(length)) {
2800 encoding = length
2801 length = undefined
2802 }
2803 } else { // legacy
2804 var swap = encoding
2805 encoding = offset
2806 offset = length
2807 length = swap
2808 }
2810 offset = Number(offset) || 0
2811 var remaining = this.length - offset
2812 if (!length) {
2813 length = remaining
2814 } else {
2815 length = Number(length)
2816 if (length > remaining) {
2817 length = remaining
2818 }
2819 }
2820 encoding = String(encoding || 'utf8').toLowerCase()
2822 var ret
2823 switch (encoding) {
2824 case 'hex':
2825 ret = hexWrite(this, string, offset, length)
2826 break
2827 case 'utf8':
2828 case 'utf-8':
2829 ret = utf8Write(this, string, offset, length)
2830 break
2831 case 'ascii':
2832 ret = asciiWrite(this, string, offset, length)
2833 break
2834 case 'binary':
2835 ret = binaryWrite(this, string, offset, length)
2836 break
2837 case 'base64':
2838 ret = base64Write(this, string, offset, length)
2839 break
2840 case 'ucs2':
2841 case 'ucs-2':
2842 case 'utf16le':
2843 case 'utf-16le':
2844 ret = utf16leWrite(this, string, offset, length)
2845 break
2846 default:
2847 throw new Error('Unknown encoding')
2848 }
2849 return ret
2852Buffer.prototype.toString = function (encoding, start, end) {
2853 var self = this
2855 encoding = String(encoding || 'utf8').toLowerCase()
2856 start = Number(start) || 0
2857 end = (end === undefined) ? self.length : Number(end)
2859 // Fastpath empty strings
2860 if (end === start)
2861 return ''
2863 var ret
2864 switch (encoding) {
2865 case 'hex':
2866 ret = hexSlice(self, start, end)
2867 break
2868 case 'utf8':
2869 case 'utf-8':
2870 ret = utf8Slice(self, start, end)
2871 break
2872 case 'ascii':
2873 ret = asciiSlice(self, start, end)
2874 break
2875 case 'binary':
2876 ret = binarySlice(self, start, end)
2877 break
2878 case 'base64':
2879 ret = base64Slice(self, start, end)
2880 break
2881 case 'ucs2':
2882 case 'ucs-2':
2883 case 'utf16le':
2884 case 'utf-16le':
2885 ret = utf16leSlice(self, start, end)
2886 break
2887 default:
2888 throw new Error('Unknown encoding')
2889 }
2890 return ret
2893Buffer.prototype.toJSON = function () {
2894 return {
2895 type: 'Buffer',
2896 data: Array.prototype.slice.call(this._arr || this, 0)
2897 }
2900Buffer.prototype.equals = function (b) {
2901 assert(Buffer.isBuffer(b), 'Argument must be a Buffer')
2902 return Buffer.compare(this, b) === 0
2905Buffer.prototype.compare = function (b) {
2906 assert(Buffer.isBuffer(b), 'Argument must be a Buffer')
2907 return Buffer.compare(this, b)
2910// copy(targetBuffer, targetStart=0, sourceStart=0, sourceEnd=buffer.length)
2911Buffer.prototype.copy = function (target, target_start, start, end) {
2912 var source = this
2914 if (!start) start = 0
2915 if (!end && end !== 0) end = this.length
2916 if (!target_start) target_start = 0
2918 // Copy 0 bytes; we're done
2919 if (end === start) return
2920 if (target.length === 0 || source.length === 0) return
2922 // Fatal error conditions
2923 assert(end >= start, 'sourceEnd < sourceStart')
2924 assert(target_start >= 0 && target_start < target.length,
2925 'targetStart out of bounds')
2926 assert(start >= 0 && start < source.length, 'sourceStart out of bounds')
2927 assert(end >= 0 && end <= source.length, 'sourceEnd out of bounds')
2929 // Are we oob?
2930 if (end > this.length)
2931 end = this.length
2932 if (target.length - target_start < end - start)
2933 end = target.length - target_start + start
2935 var len = end - start
2937 if (len < 100 || !Buffer._useTypedArrays) {
2938 for (var i = 0; i < len; i++) {
2939 target[i + target_start] = this[i + start]
2940 }
2941 } else {
2942 target._set(this.subarray(start, start + len), target_start)
2943 }
2946function base64Slice (buf, start, end) {
2947 if (start === 0 && end === buf.length) {
2948 return base64.fromByteArray(buf)
2949 } else {
2950 return base64.fromByteArray(buf.slice(start, end))
2951 }
2954function utf8Slice (buf, start, end) {
2955 var res = ''
2956 var tmp = ''
2957 end = Math.min(buf.length, end)
2959 for (var i = start; i < end; i++) {
2960 if (buf[i] <= 0x7F) {
2961 res += decodeUtf8Char(tmp) + String.fromCharCode(buf[i])
2962 tmp = ''
2963 } else {
2964 tmp += '%' + buf[i].toString(16)
2965 }
2966 }
2968 return res + decodeUtf8Char(tmp)
2971function asciiSlice (buf, start, end) {
2972 var ret = ''
2973 end = Math.min(buf.length, end)
2975 for (var i = start; i < end; i++) {
2976 ret += String.fromCharCode(buf[i])
2977 }
2978 return ret
2981function binarySlice (buf, start, end) {
2982 return asciiSlice(buf, start, end)
2985function hexSlice (buf, start, end) {
2986 var len = buf.length
2988 if (!start || start < 0) start = 0
2989 if (!end || end < 0 || end > len) end = len
2991 var out = ''
2992 for (var i = start; i < end; i++) {
2993 out += toHex(buf[i])
2994 }
2995 return out
2998function utf16leSlice (buf, start, end) {
2999 var bytes = buf.slice(start, end)
3000 var res = ''
3001 for (var i = 0; i < bytes.length; i += 2) {
3002 res += String.fromCharCode(bytes[i] + bytes[i + 1] * 256)
3003 }
3004 return res
3007Buffer.prototype.slice = function (start, end) {
3008 var len = this.length
3009 start = clamp(start, len, 0)
3010 end = clamp(end, len, len)
3012 if (Buffer._useTypedArrays) {
3013 return Buffer._augment(this.subarray(start, end))
3014 } else {
3015 var sliceLen = end - start
3016 var newBuf = new Buffer(sliceLen, undefined, true)
3017 for (var i = 0; i < sliceLen; i++) {
3018 newBuf[i] = this[i + start]
3019 }
3020 return newBuf
3021 }
3024// `get` will be removed in Node 0.13+
3025Buffer.prototype.get = function (offset) {
3026 console.log('.get() is deprecated. Access using array indexes instead.')
3027 return this.readUInt8(offset)
3030// `set` will be removed in Node 0.13+
3031Buffer.prototype.set = function (v, offset) {
3032 console.log('.set() is deprecated. Access using array indexes instead.')
3033 return this.writeUInt8(v, offset)
3036Buffer.prototype.readUInt8 = function (offset, noAssert) {
3037 if (!noAssert) {
3038 assert(offset !== undefined && offset !== null, 'missing offset')
3039 assert(offset < this.length, 'Trying to read beyond buffer length')
3040 }
3042 if (offset >= this.length)
3043 return
3045 return this[offset]
3048function readUInt16 (buf, offset, littleEndian, noAssert) {
3049 if (!noAssert) {
3050 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3051 assert(offset !== undefined && offset !== null, 'missing offset')
3052 assert(offset + 1 < buf.length, 'Trying to read beyond buffer length')
3053 }
3055 var len = buf.length
3056 if (offset >= len)
3057 return
3059 var val
3060 if (littleEndian) {
3061 val = buf[offset]
3062 if (offset + 1 < len)
3063 val |= buf[offset + 1] << 8
3064 } else {
3065 val = buf[offset] << 8
3066 if (offset + 1 < len)
3067 val |= buf[offset + 1]
3068 }
3069 return val
3072Buffer.prototype.readUInt16LE = function (offset, noAssert) {
3073 return readUInt16(this, offset, true, noAssert)
3076Buffer.prototype.readUInt16BE = function (offset, noAssert) {
3077 return readUInt16(this, offset, false, noAssert)
3080function readUInt32 (buf, offset, littleEndian, noAssert) {
3081 if (!noAssert) {
3082 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3083 assert(offset !== undefined && offset !== null, 'missing offset')
3084 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
3085 }
3087 var len = buf.length
3088 if (offset >= len)
3089 return
3091 var val
3092 if (littleEndian) {
3093 if (offset + 2 < len)
3094 val = buf[offset + 2] << 16
3095 if (offset + 1 < len)
3096 val |= buf[offset + 1] << 8
3097 val |= buf[offset]
3098 if (offset + 3 < len)
3099 val = val + (buf[offset + 3] << 24 >>> 0)
3100 } else {
3101 if (offset + 1 < len)
3102 val = buf[offset + 1] << 16
3103 if (offset + 2 < len)
3104 val |= buf[offset + 2] << 8
3105 if (offset + 3 < len)
3106 val |= buf[offset + 3]
3107 val = val + (buf[offset] << 24 >>> 0)
3108 }
3109 return val
3112Buffer.prototype.readUInt32LE = function (offset, noAssert) {
3113 return readUInt32(this, offset, true, noAssert)
3116Buffer.prototype.readUInt32BE = function (offset, noAssert) {
3117 return readUInt32(this, offset, false, noAssert)
3120Buffer.prototype.readInt8 = function (offset, noAssert) {
3121 if (!noAssert) {
3122 assert(offset !== undefined && offset !== null,
3123 'missing offset')
3124 assert(offset < this.length, 'Trying to read beyond buffer length')
3125 }
3127 if (offset >= this.length)
3128 return
3130 var neg = this[offset] & 0x80
3131 if (neg)
3132 return (0xff - this[offset] + 1) * -1
3133 else
3134 return this[offset]
3137function readInt16 (buf, offset, littleEndian, noAssert) {
3138 if (!noAssert) {
3139 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3140 assert(offset !== undefined && offset !== null, 'missing offset')
3141 assert(offset + 1 < buf.length, 'Trying to read beyond buffer length')
3142 }
3144 var len = buf.length
3145 if (offset >= len)
3146 return
3148 var val = readUInt16(buf, offset, littleEndian, true)
3149 var neg = val & 0x8000
3150 if (neg)
3151 return (0xffff - val + 1) * -1
3152 else
3153 return val
3156Buffer.prototype.readInt16LE = function (offset, noAssert) {
3157 return readInt16(this, offset, true, noAssert)
3160Buffer.prototype.readInt16BE = function (offset, noAssert) {
3161 return readInt16(this, offset, false, noAssert)
3164function readInt32 (buf, offset, littleEndian, noAssert) {
3165 if (!noAssert) {
3166 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3167 assert(offset !== undefined && offset !== null, 'missing offset')
3168 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
3169 }
3171 var len = buf.length
3172 if (offset >= len)
3173 return
3175 var val = readUInt32(buf, offset, littleEndian, true)
3176 var neg = val & 0x80000000
3177 if (neg)
3178 return (0xffffffff - val + 1) * -1
3179 else
3180 return val
3183Buffer.prototype.readInt32LE = function (offset, noAssert) {
3184 return readInt32(this, offset, true, noAssert)
3187Buffer.prototype.readInt32BE = function (offset, noAssert) {
3188 return readInt32(this, offset, false, noAssert)
3191function readFloat (buf, offset, littleEndian, noAssert) {
3192 if (!noAssert) {
3193 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3194 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
3195 }
3197 return ieee754.read(buf, offset, littleEndian, 23, 4)
3200Buffer.prototype.readFloatLE = function (offset, noAssert) {
3201 return readFloat(this, offset, true, noAssert)
3204Buffer.prototype.readFloatBE = function (offset, noAssert) {
3205 return readFloat(this, offset, false, noAssert)
3208function readDouble (buf, offset, littleEndian, noAssert) {
3209 if (!noAssert) {
3210 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3211 assert(offset + 7 < buf.length, 'Trying to read beyond buffer length')
3212 }
3214 return ieee754.read(buf, offset, littleEndian, 52, 8)
3217Buffer.prototype.readDoubleLE = function (offset, noAssert) {
3218 return readDouble(this, offset, true, noAssert)
3221Buffer.prototype.readDoubleBE = function (offset, noAssert) {
3222 return readDouble(this, offset, false, noAssert)
3225Buffer.prototype.writeUInt8 = function (value, offset, noAssert) {
3226 if (!noAssert) {
3227 assert(value !== undefined && value !== null, 'missing value')
3228 assert(offset !== undefined && offset !== null, 'missing offset')
3229 assert(offset < this.length, 'trying to write beyond buffer length')
3230 verifuint(value, 0xff)
3231 }
3233 if (offset >= this.length) return
3235 this[offset] = value
3236 return offset + 1
3239function writeUInt16 (buf, value, offset, littleEndian, noAssert) {
3240 if (!noAssert) {
3241 assert(value !== undefined && value !== null, 'missing value')
3242 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3243 assert(offset !== undefined && offset !== null, 'missing offset')
3244 assert(offset + 1 < buf.length, 'trying to write beyond buffer length')
3245 verifuint(value, 0xffff)
3246 }
3248 var len = buf.length
3249 if (offset >= len)
3250 return
3252 for (var i = 0, j = Math.min(len - offset, 2); i < j; i++) {
3253 buf[offset + i] =
3254 (value & (0xff << (8 * (littleEndian ? i : 1 - i)))) >>>
3255 (littleEndian ? i : 1 - i) * 8
3256 }
3257 return offset + 2
3260Buffer.prototype.writeUInt16LE = function (value, offset, noAssert) {
3261 return writeUInt16(this, value, offset, true, noAssert)
3264Buffer.prototype.writeUInt16BE = function (value, offset, noAssert) {
3265 return writeUInt16(this, value, offset, false, noAssert)
3268function writeUInt32 (buf, value, offset, littleEndian, noAssert) {
3269 if (!noAssert) {
3270 assert(value !== undefined && value !== null, 'missing value')
3271 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3272 assert(offset !== undefined && offset !== null, 'missing offset')
3273 assert(offset + 3 < buf.length, 'trying to write beyond buffer length')
3274 verifuint(value, 0xffffffff)
3275 }
3277 var len = buf.length
3278 if (offset >= len)
3279 return
3281 for (var i = 0, j = Math.min(len - offset, 4); i < j; i++) {
3282 buf[offset + i] =
3283 (value >>> (littleEndian ? i : 3 - i) * 8) & 0xff
3284 }
3285 return offset + 4
3288Buffer.prototype.writeUInt32LE = function (value, offset, noAssert) {
3289 return writeUInt32(this, value, offset, true, noAssert)
3292Buffer.prototype.writeUInt32BE = function (value, offset, noAssert) {
3293 return writeUInt32(this, value, offset, false, noAssert)
3296Buffer.prototype.writeInt8 = function (value, offset, noAssert) {
3297 if (!noAssert) {
3298 assert(value !== undefined && value !== null, 'missing value')
3299 assert(offset !== undefined && offset !== null, 'missing offset')
3300 assert(offset < this.length, 'Trying to write beyond buffer length')
3301 verifsint(value, 0x7f, -0x80)
3302 }
3304 if (offset >= this.length)
3305 return
3307 if (value >= 0)
3308 this.writeUInt8(value, offset, noAssert)
3309 else
3310 this.writeUInt8(0xff + value + 1, offset, noAssert)
3311 return offset + 1
3314function writeInt16 (buf, value, offset, littleEndian, noAssert) {
3315 if (!noAssert) {
3316 assert(value !== undefined && value !== null, 'missing value')
3317 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3318 assert(offset !== undefined && offset !== null, 'missing offset')
3319 assert(offset + 1 < buf.length, 'Trying to write beyond buffer length')
3320 verifsint(value, 0x7fff, -0x8000)
3321 }
3323 var len = buf.length
3324 if (offset >= len)
3325 return
3327 if (value >= 0)
3328 writeUInt16(buf, value, offset, littleEndian, noAssert)
3329 else
3330 writeUInt16(buf, 0xffff + value + 1, offset, littleEndian, noAssert)
3331 return offset + 2
3334Buffer.prototype.writeInt16LE = function (value, offset, noAssert) {
3335 return writeInt16(this, value, offset, true, noAssert)
3338Buffer.prototype.writeInt16BE = function (value, offset, noAssert) {
3339 return writeInt16(this, value, offset, false, noAssert)
3342function writeInt32 (buf, value, offset, littleEndian, noAssert) {
3343 if (!noAssert) {
3344 assert(value !== undefined && value !== null, 'missing value')
3345 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3346 assert(offset !== undefined && offset !== null, 'missing offset')
3347 assert(offset + 3 < buf.length, 'Trying to write beyond buffer length')
3348 verifsint(value, 0x7fffffff, -0x80000000)
3349 }
3351 var len = buf.length
3352 if (offset >= len)
3353 return
3355 if (value >= 0)
3356 writeUInt32(buf, value, offset, littleEndian, noAssert)
3357 else
3358 writeUInt32(buf, 0xffffffff + value + 1, offset, littleEndian, noAssert)
3359 return offset + 4
3362Buffer.prototype.writeInt32LE = function (value, offset, noAssert) {
3363 return writeInt32(this, value, offset, true, noAssert)
3366Buffer.prototype.writeInt32BE = function (value, offset, noAssert) {
3367 return writeInt32(this, value, offset, false, noAssert)
3370function writeFloat (buf, value, offset, littleEndian, noAssert) {
3371 if (!noAssert) {
3372 assert(value !== undefined && value !== null, 'missing value')
3373 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3374 assert(offset !== undefined && offset !== null, 'missing offset')
3375 assert(offset + 3 < buf.length, 'Trying to write beyond buffer length')
3376 verifIEEE754(value, 3.4028234663852886e+38, -3.4028234663852886e+38)
3377 }
3379 var len = buf.length
3380 if (offset >= len)
3381 return
3383 ieee754.write(buf, value, offset, littleEndian, 23, 4)
3384 return offset + 4
3387Buffer.prototype.writeFloatLE = function (value, offset, noAssert) {
3388 return writeFloat(this, value, offset, true, noAssert)
3391Buffer.prototype.writeFloatBE = function (value, offset, noAssert) {
3392 return writeFloat(this, value, offset, false, noAssert)
3395function writeDouble (buf, value, offset, littleEndian, noAssert) {
3396 if (!noAssert) {
3397 assert(value !== undefined && value !== null, 'missing value')
3398 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3399 assert(offset !== undefined && offset !== null, 'missing offset')
3400 assert(offset + 7 < buf.length,
3401 'Trying to write beyond buffer length')
3402 verifIEEE754(value, 1.7976931348623157E+308, -1.7976931348623157E+308)
3403 }
3405 var len = buf.length
3406 if (offset >= len)
3407 return
3409 ieee754.write(buf, value, offset, littleEndian, 52, 8)
3410 return offset + 8
3413Buffer.prototype.writeDoubleLE = function (value, offset, noAssert) {
3414 return writeDouble(this, value, offset, true, noAssert)
3417Buffer.prototype.writeDoubleBE = function (value, offset, noAssert) {
3418 return writeDouble(this, value, offset, false, noAssert)
3421// fill(value, start=0, end=buffer.length)
3422Buffer.prototype.fill = function (value, start, end) {
3423 if (!value) value = 0
3424 if (!start) start = 0
3425 if (!end) end = this.length
3427 assert(end >= start, 'end < start')
3429 // Fill 0 bytes; we're done
3430 if (end === start) return
3431 if (this.length === 0) return
3433 assert(start >= 0 && start < this.length, 'start out of bounds')
3434 assert(end >= 0 && end <= this.length, 'end out of bounds')
3436 var i
3437 if (typeof value === 'number') {
3438 for (i = start; i < end; i++) {
3439 this[i] = value
3440 }
3441 } else {
3442 var bytes = utf8ToBytes(value.toString())
3443 var len = bytes.length
3444 for (i = start; i < end; i++) {
3445 this[i] = bytes[i % len]
3446 }
3447 }
3449 return this
3452Buffer.prototype.inspect = function () {
3453 var out = []
3454 var len = this.length
3455 for (var i = 0; i < len; i++) {
3456 out[i] = toHex(this[i])
3457 if (i === exports.INSPECT_MAX_BYTES) {
3458 out[i + 1] = '...'
3459 break
3460 }
3461 }
3462 return '<Buffer ' + out.join(' ') + '>'
3466 * Creates a new `ArrayBuffer` with the *copied* memory of the buffer instance.
3467 * Added in Node 0.12. Only available in browsers that support ArrayBuffer.
3468 */
3469Buffer.prototype.toArrayBuffer = function () {
3470 if (typeof Uint8Array !== 'undefined') {
3471 if (Buffer._useTypedArrays) {
3472 return (new Buffer(this)).buffer
3473 } else {
3474 var buf = new Uint8Array(this.length)
3475 for (var i = 0, len = buf.length; i < len; i += 1) {
3476 buf[i] = this[i]
3477 }
3478 return buf.buffer
3479 }
3480 } else {
3481 throw new Error('Buffer.toArrayBuffer not supported in this browser')
3482 }
3486// ================
3488var BP = Buffer.prototype
3491 * Augment a Uint8Array *instance* (not the Uint8Array class!) with Buffer methods
3492 */
3493Buffer._augment = function (arr) {
3494 arr._isBuffer = true
3496 // save reference to original Uint8Array get/set methods before overwriting
3497 arr._get = arr.get
3498 arr._set = arr.set
3500 // deprecated, will be removed in node 0.13+
3501 arr.get = BP.get
3502 arr.set = BP.set
3504 arr.write = BP.write
3505 arr.toString = BP.toString
3506 arr.toLocaleString = BP.toString
3507 arr.toJSON = BP.toJSON
3508 arr.equals = BP.equals
3509 arr.compare = BP.compare
3510 arr.copy = BP.copy
3511 arr.slice = BP.slice
3512 arr.readUInt8 = BP.readUInt8
3513 arr.readUInt16LE = BP.readUInt16LE
3514 arr.readUInt16BE = BP.readUInt16BE
3515 arr.readUInt32LE = BP.readUInt32LE
3516 arr.readUInt32BE = BP.readUInt32BE
3517 arr.readInt8 = BP.readInt8
3518 arr.readInt16LE = BP.readInt16LE
3519 arr.readInt16BE = BP.readInt16BE
3520 arr.readInt32LE = BP.readInt32LE
3521 arr.readInt32BE = BP.readInt32BE
3522 arr.readFloatLE = BP.readFloatLE
3523 arr.readFloatBE = BP.readFloatBE
3524 arr.readDoubleLE = BP.readDoubleLE
3525 arr.readDoubleBE = BP.readDoubleBE
3526 arr.writeUInt8 = BP.writeUInt8
3527 arr.writeUInt16LE = BP.writeUInt16LE
3528 arr.writeUInt16BE = BP.writeUInt16BE
3529 arr.writeUInt32LE = BP.writeUInt32LE
3530 arr.writeUInt32BE = BP.writeUInt32BE
3531 arr.writeInt8 = BP.writeInt8
3532 arr.writeInt16LE = BP.writeInt16LE
3533 arr.writeInt16BE = BP.writeInt16BE
3534 arr.writeInt32LE = BP.writeInt32LE
3535 arr.writeInt32BE = BP.writeInt32BE
3536 arr.writeFloatLE = BP.writeFloatLE
3537 arr.writeFloatBE = BP.writeFloatBE
3538 arr.writeDoubleLE = BP.writeDoubleLE
3539 arr.writeDoubleBE = BP.writeDoubleBE
3540 arr.fill = BP.fill
3541 arr.inspect = BP.inspect
3542 arr.toArrayBuffer = BP.toArrayBuffer
3544 return arr
3547var INVALID_BASE64_RE = /[^+\/0-9A-z]/g
3549function base64clean (str) {
3550 // Node strips out invalid characters like \n and \t from the string, base64-js does not
3551 str = stringtrim(str).replace(INVALID_BASE64_RE, '')
3552 // Node allows for non-padded base64 strings (missing trailing ===), base64-js does not
3553 while (str.length % 4 !== 0) {
3554 str = str + '='
3555 }
3556 return str
3559function stringtrim (str) {
3560 if (str.trim) return str.trim()
3561 return str.replace(/^\s+|\s+$/g, '')
3564// slice(start, end)
3565function clamp (index, len, defaultValue) {
3566 if (typeof index !== 'number') return defaultValue
3567 index = ~~index; // Coerce to integer.
3568 if (index >= len) return len
3569 if (index >= 0) return index
3570 index += len
3571 if (index >= 0) return index
3572 return 0
3575function coerce (length) {
3576 // Coerce length to a number (possibly NaN), round up
3577 // in case it's fractional (e.g. 123.456) then do a
3578 // double negate to coerce a NaN to 0. Easy, right?
3579 length = ~~Math.ceil(+length)
3580 return length < 0 ? 0 : length
3583function isArray (subject) {
3584 return (Array.isArray || function (subject) {
3585 return Object.prototype.toString.call(subject) === '[object Array]'
3586 })(subject)
3589function isArrayish (subject) {
3590 return isArray(subject) || Buffer.isBuffer(subject) ||
3591 subject && typeof subject === 'object' &&
3592 typeof subject.length === 'number'
3595function toHex (n) {
3596 if (n < 16) return '0' + n.toString(16)
3597 return n.toString(16)
3600function utf8ToBytes (str) {
3601 var byteArray = []
3602 for (var i = 0; i < str.length; i++) {
3603 var b = str.charCodeAt(i)
3604 if (b <= 0x7F) {
3605 byteArray.push(b)
3606 } else {
3607 var start = i
3608 if (b >= 0xD800 && b <= 0xDFFF) i++
3609 var h = encodeURIComponent(str.slice(start, i+1)).substr(1).split('%')
3610 for (var j = 0; j < h.length; j++) {
3611 byteArray.push(parseInt(h[j], 16))
3612 }
3613 }
3614 }
3615 return byteArray
3618function asciiToBytes (str) {
3619 var byteArray = []
3620 for (var i = 0; i < str.length; i++) {
3621 // Node's code seems to be doing this and not & 0x7F..
3622 byteArray.push(str.charCodeAt(i) & 0xFF)
3623 }
3624 return byteArray
3627function utf16leToBytes (str) {
3628 var c, hi, lo
3629 var byteArray = []
3630 for (var i = 0; i < str.length; i++) {
3631 c = str.charCodeAt(i)
3632 hi = c >> 8
3633 lo = c % 256
3634 byteArray.push(lo)
3635 byteArray.push(hi)
3636 }
3638 return byteArray
3641function base64ToBytes (str) {
3642 return base64.toByteArray(str)
3645function blitBuffer (src, dst, offset, length) {
3646 for (var i = 0; i < length; i++) {
3647 if ((i + offset >= dst.length) || (i >= src.length))
3648 break
3649 dst[i + offset] = src[i]
3650 }
3651 return i
3654function decodeUtf8Char (str) {
3655 try {
3656 return decodeURIComponent(str)
3657 } catch (err) {
3658 return String.fromCharCode(0xFFFD) // UTF 8 invalid char
3659 }
3663 * We have to make sure that the value is a valid integer. This means that it
3664 * is non-negative. It has no fractional component and that it does not
3665 * exceed the maximum allowed value.
3666 */
3667function verifuint (value, max) {
3668 assert(typeof value === 'number', 'cannot write a non-number as a number')
3669 assert(value >= 0, 'specified a negative value for writing an unsigned value')
3670 assert(value <= max, 'value is larger than maximum value for type')
3671 assert(Math.floor(value) === value, 'value has a fractional component')
3674function verifsint (value, max, min) {
3675 assert(typeof value === 'number', 'cannot write a non-number as a number')
3676 assert(value <= max, 'value larger than maximum allowed value')
3677 assert(value >= min, 'value smaller than minimum allowed value')
3678 assert(Math.floor(value) === value, 'value has a fractional component')
3681function verifIEEE754 (value, max, min) {
3682 assert(typeof value === 'number', 'cannot write a non-number as a number')
3683 assert(value <= max, 'value larger than maximum allowed value')
3684 assert(value >= min, 'value smaller than minimum allowed value')
3687function assert (test, message) {
3688 if (!test) throw new Error(message || 'Failed assertion')
3692var lookup = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
3694;(function (exports) {
3695 'use strict';
3697 var Arr = (typeof Uint8Array !== 'undefined')
3698 ? Uint8Array
3699 : Array
3701 var PLUS = '+'.charCodeAt(0)
3702 var SLASH = '/'.charCodeAt(0)
3703 var NUMBER = '0'.charCodeAt(0)
3704 var LOWER = 'a'.charCodeAt(0)
3705 var UPPER = 'A'.charCodeAt(0)
3707 function decode (elt) {
3708 var code = elt.charCodeAt(0)
3709 if (code === PLUS)
3710 return 62 // '+'
3711 if (code === SLASH)
3712 return 63 // '/'
3713 if (code < NUMBER)
3714 return -1 //no match
3715 if (code < NUMBER + 10)
3716 return code - NUMBER + 26 + 26
3717 if (code < UPPER + 26)
3718 return code - UPPER
3719 if (code < LOWER + 26)
3720 return code - LOWER + 26
3721 }
3723 function b64ToByteArray (b64) {
3724 var i, j, l, tmp, placeHolders, arr
3726 if (b64.length % 4 > 0) {
3727 throw new Error('Invalid string. Length must be a multiple of 4')
3728 }
3730 // the number of equal signs (place holders)
3731 // if there are two placeholders, than the two characters before it
3732 // represent one byte
3733 // if there is only one, then the three characters before it represent 2 bytes
3734 // this is just a cheap hack to not do indexOf twice
3735 var len = b64.length
3736 placeHolders = '=' === b64.charAt(len - 2) ? 2 : '=' === b64.charAt(len - 1) ? 1 : 0
3738 // base64 is 4/3 + up to two characters of the original data
3739 arr = new Arr(b64.length * 3 / 4 - placeHolders)
3741 // if there are placeholders, only get up to the last complete 4 chars
3742 l = placeHolders > 0 ? b64.length - 4 : b64.length
3744 var L = 0
3746 function push (v) {
3747 arr[L++] = v
3748 }
3750 for (i = 0, j = 0; i < l; i += 4, j += 3) {
3751 tmp = (decode(b64.charAt(i)) << 18) | (decode(b64.charAt(i + 1)) << 12) | (decode(b64.charAt(i + 2)) << 6) | decode(b64.charAt(i + 3))
3752 push((tmp & 0xFF0000) >> 16)
3753 push((tmp & 0xFF00) >> 8)
3754 push(tmp & 0xFF)
3755 }
3757 if (placeHolders === 2) {
3758 tmp = (decode(b64.charAt(i)) << 2) | (decode(b64.charAt(i + 1)) >> 4)
3759 push(tmp & 0xFF)
3760 } else if (placeHolders === 1) {
3761 tmp = (decode(b64.charAt(i)) << 10) | (decode(b64.charAt(i + 1)) << 4) | (decode(b64.charAt(i + 2)) >> 2)
3762 push((tmp >> 8) & 0xFF)
3763 push(tmp & 0xFF)
3764 }
3766 return arr
3767 }
3769 function uint8ToBase64 (uint8) {
3770 var i,
3771 extraBytes = uint8.length % 3, // if we have 1 byte left, pad 2 bytes
3772 output = "",
3773 temp, length
3775 function encode (num) {
3776 return lookup.charAt(num)
3777 }
3779 function tripletToBase64 (num) {
3780 return encode(num >> 18 & 0x3F) + encode(num >> 12 & 0x3F) + encode(num >> 6 & 0x3F) + encode(num & 0x3F)
3781 }
3783 // go through the array every three bytes, we'll deal with trailing stuff later
3784 for (i = 0, length = uint8.length - extraBytes; i < length; i += 3) {
3785 temp = (uint8[i] << 16) + (uint8[i + 1] << 8) + (uint8[i + 2])
3786 output += tripletToBase64(temp)
3787 }
3789 // pad the end with zeros, but make sure to not forget the extra bytes
3790 switch (extraBytes) {
3791 case 1:
3792 temp = uint8[uint8.length - 1]
3793 output += encode(temp >> 2)
3794 output += encode((temp << 4) & 0x3F)
3795 output += '=='
3796 break
3797 case 2:
3798 temp = (uint8[uint8.length - 2] << 8) + (uint8[uint8.length - 1])
3799 output += encode(temp >> 10)
3800 output += encode((temp >> 4) & 0x3F)
3801 output += encode((temp << 2) & 0x3F)
3802 output += '='
3803 break
3804 }
3806 return output
3807 }
3809 exports.toByteArray = b64ToByteArray
3810 exports.fromByteArray = uint8ToBase64
3811}(typeof exports === 'undefined' ? (this.base64js = {}) : exports))
3814exports.read = function(buffer, offset, isLE, mLen, nBytes) {
3815 var e, m,
3816 eLen = nBytes * 8 - mLen - 1,
3817 eMax = (1 << eLen) - 1,
3818 eBias = eMax >> 1,
3819 nBits = -7,
3820 i = isLE ? (nBytes - 1) : 0,
3821 d = isLE ? -1 : 1,
3822 s = buffer[offset + i];
3824 i += d;
3826 e = s & ((1 << (-nBits)) - 1);
3827 s >>= (-nBits);
3828 nBits += eLen;
3829 for (; nBits > 0; e = e * 256 + buffer[offset + i], i += d, nBits -= 8){};
3831 m = e & ((1 << (-nBits)) - 1);
3832 e >>= (-nBits);
3833 nBits += mLen;
3834 for (; nBits > 0; m = m * 256 + buffer[offset + i], i += d, nBits -= 8){};
3836 if (e === 0) {
3837 e = 1 - eBias;
3838 } else if (e === eMax) {
3839 return m ? NaN : ((s ? -1 : 1) * Infinity);
3840 } else {
3841 m = m + Math.pow(2, mLen);
3842 e = e - eBias;
3843 }
3844 return (s ? -1 : 1) * m * Math.pow(2, e - mLen);
3847exports.write = function(buffer, value, offset, isLE, mLen, nBytes) {
3848 var e, m, c,
3849 eLen = nBytes * 8 - mLen - 1,
3850 eMax = (1 << eLen) - 1,
3851 eBias = eMax >> 1,
3852 rt = (mLen === 23 ? Math.pow(2, -24) - Math.pow(2, -77) : 0),
3853 i = isLE ? 0 : (nBytes - 1),
3854 d = isLE ? 1 : -1,
3855 s = value < 0 || (value === 0 && 1 / value < 0) ? 1 : 0;
3857 value = Math.abs(value);
3859 if (isNaN(value) || value === Infinity) {
3860 m = isNaN(value) ? 1 : 0;
3861 e = eMax;
3862 } else {
3863 e = Math.floor(Math.log(value) / Math.LN2);
3864 if (value * (c = Math.pow(2, -e)) < 1) {
3865 e--;
3866 c *= 2;
3867 }
3868 if (e + eBias >= 1) {
3869 value += rt / c;
3870 } else {
3871 value += rt * Math.pow(2, 1 - eBias);
3872 }
3873 if (value * c >= 2) {
3874 e++;
3875 c /= 2;
3876 }
3878 if (e + eBias >= eMax) {
3879 m = 0;
3880 e = eMax;
3881 } else if (e + eBias >= 1) {
3882 m = (value * c - 1) * Math.pow(2, mLen);
3883 e = e + eBias;
3884 } else {
3885 m = value * Math.pow(2, eBias - 1) * Math.pow(2, mLen);
3886 e = 0;
3887 }
3888 }
3890 for (; mLen >= 8; buffer[offset + i] = m & 0xff, i += d, m /= 256, mLen -= 8){};
3892 e = (e << mLen) | m;
3893 eLen += mLen;
3894 for (; eLen > 0; buffer[offset + i] = e & 0xff, i += d, e /= 256, eLen -= 8){};
3896 buffer[offset + i - d] |= s * 128;
3900if (typeof Object.create === 'function') {
3901 // implementation from standard node.js 'util' module
3902 module.exports = function inherits(ctor, superCtor) {
3903 ctor.super_ = superCtor
3904 ctor.prototype = Object.create(superCtor.prototype, {
3905 constructor: {
3906 value: ctor,
3907 enumerable: false,
3908 writable: true,
3909 configurable: true
3910 }
3911 });
3912 };
3913} else {
3914 // old school shim for old browsers
3915 module.exports = function inherits(ctor, superCtor) {
3916 ctor.super_ = superCtor
3917 var TempCtor = function () {}
3918 TempCtor.prototype = superCtor.prototype
3919 ctor.prototype = new TempCtor()
3920 ctor.prototype.constructor = ctor
3921 }
3925// shim for using process in browser
3927var process = module.exports = {};
3929process.nextTick = (function () {
3930 var canSetImmediate = typeof window !== 'undefined'
3931 && window.setImmediate;
3932 var canPost = typeof window !== 'undefined'
3933 && window.postMessage && window.addEventListener
3934 ;
3936 if (canSetImmediate) {
3937 return function (f) { return window.setImmediate(f) };
3938 }
3940 if (canPost) {
3941 var queue = [];
3942 window.addEventListener('message', function (ev) {
3943 var source = ev.source;
3944 if ((source === window || source === null) && ev.data === 'process-tick') {
3945 ev.stopPropagation();
3946 if (queue.length > 0) {
3947 var fn = queue.shift();
3948 fn();
3949 }
3950 }
3951 }, true);
3953 return function nextTick(fn) {
3954 queue.push(fn);
3955 window.postMessage('process-tick', '*');
3956 };
3957 }
3959 return function nextTick(fn) {
3960 setTimeout(fn, 0);
3961 };
3964process.title = 'browser';
3965process.browser = true;
3966process.env = {};
3967process.argv = [];
3969function noop() {}
3971process.on = noop;
3972process.addListener = noop;
3973process.once = noop;
3974process.off = noop;
3975process.removeListener = noop;
3976process.removeAllListeners = noop;
3977process.emit = noop;
3979process.binding = function (name) {
3980 throw new Error('process.binding is not supported');
3983// TODO(shtylman)
3984process.cwd = function () { return '/' };
3985process.chdir = function (dir) {
3986 throw new Error('process.chdir is not supported');
3994(function (Buffer){
3995// Base58 encoding/decoding
3996// Originally written by Mike Hearn for BitcoinJ
3997// Copyright (c) 2011 Google Inc
3998// Ported to JavaScript by Stefan Thomas
3999// Merged Buffer refactorings from base58-native by Stephen Pair
4000// Copyright (c) 2013 BitPay Inc
4002var assert = _dereq_('assert')
4003var BigInteger = _dereq_('bigi')
4005var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
4006var ALPHABET_BUF = new Buffer(ALPHABET, 'ascii')
4007var ALPHABET_MAP = {}
4008for(var i = 0; i < ALPHABET.length; i++) {
4009 ALPHABET_MAP[ALPHABET.charAt(i)] = BigInteger.valueOf(i)
4011var BASE = new BigInteger('58')
4013function encode(buffer) {
4014 var bi = BigInteger.fromBuffer(buffer)
4015 var result = new Buffer(buffer.length << 1)
4017 var i = result.length - 1
4018 while (bi.signum() > 0) {
4019 var remainder = bi.mod(BASE)
4020 bi = bi.divide(BASE)
4022 result[i] = ALPHABET_BUF[remainder.intValue()]
4023 i--
4024 }
4026 // deal with leading zeros
4027 var j = 0
4028 while (buffer[j] === 0) {
4029 result[i] = ALPHABET_BUF[0]
4030 j++
4031 i--
4032 }
4034 return result.slice(i + 1, result.length).toString('ascii')
4037function decode(string) {
4038 if (string.length === 0) return new Buffer(0)
4040 var num = BigInteger.ZERO
4042 for (var i = 0; i < string.length; i++) {
4043 num = num.multiply(BASE)
4045 var figure = ALPHABET_MAP[string.charAt(i)]
4046 assert.notEqual(figure, undefined, 'Non-base58 character')
4048 num = num.add(figure)
4049 }
4051 // deal with leading zeros
4052 var j = 0
4053 while ((j < string.length) && (string[j] === ALPHABET[0])) {
4054 j++
4055 }
4057 var buffer = num.toBuffer()
4058 var leadingZeros = new Buffer(j)
4059 leadingZeros.fill(0)
4061 return Buffer.concat([leadingZeros, buffer])
4064module.exports = {
4065 encode: encode,
4066 decode: decode
4071(function (Buffer){
4072var createHash = _dereq_('sha.js')
4074var md5 = toConstructor(_dereq_('./md5'))
4075var rmd160 = toConstructor(_dereq_('ripemd160'))
4077function toConstructor (fn) {
4078 return function () {
4079 var buffers = []
4080 var m= {
4081 update: function (data, enc) {
4082 if(!Buffer.isBuffer(data)) data = new Buffer(data, enc)
4083 buffers.push(data)
4084 return this
4085 },
4086 digest: function (enc) {
4087 var buf = Buffer.concat(buffers)
4088 var r = fn(buf)
4089 buffers = null
4090 return enc ? r.toString(enc) : r
4091 }
4092 }
4093 return m
4094 }
4097module.exports = function (alg) {
4098 if('md5' === alg) return new md5()
4099 if('rmd160' === alg) return new rmd160()
4100 return createHash(alg)
4105(function (Buffer){
4106var createHash = _dereq_('./create-hash')
4108var blocksize = 64
4109var zeroBuffer = new Buffer(blocksize); zeroBuffer.fill(0)
4111module.exports = Hmac
4113function Hmac (alg, key) {
4114 if(!(this instanceof Hmac)) return new Hmac(alg, key)
4115 this._opad = opad
4116 this._alg = alg
4118 key = this._key = !Buffer.isBuffer(key) ? new Buffer(key) : key
4120 if(key.length > blocksize) {
4121 key = createHash(alg).update(key).digest()
4122 } else if(key.length < blocksize) {
4123 key = Buffer.concat([key, zeroBuffer], blocksize)
4124 }
4126 var ipad = this._ipad = new Buffer(blocksize)
4127 var opad = this._opad = new Buffer(blocksize)
4129 for(var i = 0; i < blocksize; i++) {
4130 ipad[i] = key[i] ^ 0x36
4131 opad[i] = key[i] ^ 0x5C
4132 }
4134 this._hash = createHash(alg).update(ipad)
4137Hmac.prototype.update = function (data, enc) {
4138 this._hash.update(data, enc)
4139 return this
4142Hmac.prototype.digest = function (enc) {
4143 var h = this._hash.digest()
4144 return createHash(this._alg).update(this._opad).update(h).digest(enc)
4150(function (Buffer){
4151var intSize = 4;
4152var zeroBuffer = new Buffer(intSize); zeroBuffer.fill(0);
4153var chrsz = 8;
4155function toArray(buf, bigEndian) {
4156 if ((buf.length % intSize) !== 0) {
4157 var len = buf.length + (intSize - (buf.length % intSize));
4158 buf = Buffer.concat([buf, zeroBuffer], len);
4159 }
4161 var arr = [];
4162 var fn = bigEndian ? buf.readInt32BE : buf.readInt32LE;
4163 for (var i = 0; i < buf.length; i += intSize) {
4164 arr.push(fn.call(buf, i));
4165 }
4166 return arr;
4169function toBuffer(arr, size, bigEndian) {
4170 var buf = new Buffer(size);
4171 var fn = bigEndian ? buf.writeInt32BE : buf.writeInt32LE;
4172 for (var i = 0; i < arr.length; i++) {
4173 fn.call(buf, arr[i], i * 4, true);
4174 }
4175 return buf;
4178function hash(buf, fn, hashSize, bigEndian) {
4179 if (!Buffer.isBuffer(buf)) buf = new Buffer(buf);
4180 var arr = fn(toArray(buf, bigEndian), buf.length * chrsz);
4181 return toBuffer(arr, hashSize, bigEndian);
4184module.exports = { hash: hash };
4188(function (Buffer){
4189var rng = _dereq_('./rng')
4191function error () {
4192 var m = [].slice.call(arguments).join(' ')
4193 throw new Error([
4194 m,
4195 'we accept pull requests',
4196 'http://github.com/dominictarr/crypto-browserify'
4197 ].join('\n'))
4200exports.createHash = _dereq_('./create-hash')
4202exports.createHmac = _dereq_('./create-hmac')
4204exports.randomBytes = function(size, callback) {
4205 if (callback && callback.call) {
4206 try {
4207 callback.call(this, undefined, new Buffer(rng(size)))
4208 } catch (err) { callback(err) }
4209 } else {
4210 return new Buffer(rng(size))
4211 }
4214function each(a, f) {
4215 for(var i in a)
4216 f(a[i], i)
4219exports.getHashes = function () {
4220 return ['sha1', 'sha256', 'md5', 'rmd160']
4224var p = _dereq_('./pbkdf2')(exports.createHmac)
4225exports.pbkdf2 = p.pbkdf2
4226exports.pbkdf2Sync = p.pbkdf2Sync
4229// the least I can do is make error messages for the rest of the node.js/crypto api.
4231, 'createCipher'
4232, 'createCipheriv'
4233, 'createDecipher'
4234, 'createDecipheriv'
4235, 'createSign'
4236, 'createVerify'
4237, 'createDiffieHellman'
4238], function (name) {
4239 exports[name] = function () {
4240 error('sorry,', name, 'is not implemented yet')
4241 }
4247 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
4248 * Digest Algorithm, as defined in RFC 1321.
4249 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
4250 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4251 * Distributed under the BSD License
4252 * See http://pajhome.org.uk/crypt/md5 for more info.
4253 */
4255var helpers = _dereq_('./helpers');
4258 * Calculate the MD5 of an array of little-endian words, and a bit length
4259 */
4260function core_md5(x, len)
4262 /* append padding */
4263 x[len >> 5] |= 0x80 << ((len) % 32);
4264 x[(((len + 64) >>> 9) << 4) + 14] = len;
4266 var a = 1732584193;
4267 var b = -271733879;
4268 var c = -1732584194;
4269 var d = 271733878;
4271 for(var i = 0; i < x.length; i += 16)
4272 {
4273 var olda = a;
4274 var oldb = b;
4275 var oldc = c;
4276 var oldd = d;
4278 a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
4279 d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
4280 c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
4281 b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
4282 a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
4283 d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
4284 c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
4285 b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
4286 a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
4287 d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
4288 c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
4289 b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
4290 a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
4291 d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
4292 c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
4293 b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
4295 a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
4296 d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
4297 c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
4298 b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
4299 a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
4300 d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
4301 c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
4302 b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
4303 a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
4304 d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
4305 c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
4306 b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
4307 a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
4308 d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
4309 c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
4310 b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
4312 a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
4313 d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
4314 c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
4315 b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
4316 a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
4317 d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
4318 c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
4319 b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
4320 a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
4321 d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
4322 c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
4323 b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
4324 a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
4325 d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
4326 c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
4327 b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
4329 a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
4330 d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
4331 c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
4332 b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
4333 a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
4334 d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
4335 c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
4336 b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
4337 a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
4338 d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
4339 c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
4340 b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
4341 a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
4342 d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
4343 c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
4344 b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
4346 a = safe_add(a, olda);
4347 b = safe_add(b, oldb);
4348 c = safe_add(c, oldc);
4349 d = safe_add(d, oldd);
4350 }
4351 return Array(a, b, c, d);
4356 * These functions implement the four basic operations the algorithm uses.
4357 */
4358function md5_cmn(q, a, b, x, s, t)
4360 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
4362function md5_ff(a, b, c, d, x, s, t)
4364 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
4366function md5_gg(a, b, c, d, x, s, t)
4368 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
4370function md5_hh(a, b, c, d, x, s, t)
4372 return md5_cmn(b ^ c ^ d, a, b, x, s, t);
4374function md5_ii(a, b, c, d, x, s, t)
4376 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
4380 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
4381 * to work around bugs in some JS interpreters.
4382 */
4383function safe_add(x, y)
4385 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4386 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4387 return (msw << 16) | (lsw & 0xFFFF);
4391 * Bitwise rotate a 32-bit number to the left.
4392 */
4393function bit_rol(num, cnt)
4395 return (num << cnt) | (num >>> (32 - cnt));
4398module.exports = function md5(buf) {
4399 return helpers.hash(buf, core_md5, 16);
4403(function (Buffer){
4405module.exports = ripemd160
4410CryptoJS v3.1.2
4412(c) 2009-2013 by Jeff Mott. All rights reserved.
4415/** @preserve
4416(c) 2012 by Cédric Mesnil. All rights reserved.
4418Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
4420 - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
4421 - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
4426// Constants table
4427var zl = [
4428 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
4429 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
4430 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
4431 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4432 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13];
4433var zr = [
4434 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
4435 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
4436 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
4437 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
4438 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11];
4439var sl = [
4440 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
4441 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
4442 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
4443 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
4444 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ];
4445var sr = [
4446 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
4447 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
4448 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
4449 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
4450 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ];
4452var hl = [ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E];
4453var hr = [ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000];
4455var bytesToWords = function (bytes) {
4456 var words = [];
4457 for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
4458 words[b >>> 5] |= bytes[i] << (24 - b % 32);
4459 }
4460 return words;
4463var wordsToBytes = function (words) {
4464 var bytes = [];
4465 for (var b = 0; b < words.length * 32; b += 8) {
4466 bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
4467 }
4468 return bytes;
4471var processBlock = function (H, M, offset) {
4473 // Swap endian
4474 for (var i = 0; i < 16; i++) {
4475 var offset_i = offset + i;
4476 var M_offset_i = M[offset_i];
4478 // Swap
4479 M[offset_i] = (
4480 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
4481 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
4482 );
4483 }
4485 // Working variables
4486 var al, bl, cl, dl, el;
4487 var ar, br, cr, dr, er;
4489 ar = al = H[0];
4490 br = bl = H[1];
4491 cr = cl = H[2];
4492 dr = dl = H[3];
4493 er = el = H[4];
4494 // Computation
4495 var t;
4496 for (var i = 0; i < 80; i += 1) {
4497 t = (al + M[offset+zl[i]])|0;
4498 if (i<16){
4499 t += f1(bl,cl,dl) + hl[0];
4500 } else if (i<32) {
4501 t += f2(bl,cl,dl) + hl[1];
4502 } else if (i<48) {
4503 t += f3(bl,cl,dl) + hl[2];
4504 } else if (i<64) {
4505 t += f4(bl,cl,dl) + hl[3];
4506 } else {// if (i<80) {
4507 t += f5(bl,cl,dl) + hl[4];
4508 }
4509 t = t|0;
4510 t = rotl(t,sl[i]);
4511 t = (t+el)|0;
4512 al = el;
4513 el = dl;
4514 dl = rotl(cl, 10);
4515 cl = bl;
4516 bl = t;
4518 t = (ar + M[offset+zr[i]])|0;
4519 if (i<16){
4520 t += f5(br,cr,dr) + hr[0];
4521 } else if (i<32) {
4522 t += f4(br,cr,dr) + hr[1];
4523 } else if (i<48) {
4524 t += f3(br,cr,dr) + hr[2];
4525 } else if (i<64) {
4526 t += f2(br,cr,dr) + hr[3];
4527 } else {// if (i<80) {
4528 t += f1(br,cr,dr) + hr[4];
4529 }
4530 t = t|0;
4531 t = rotl(t,sr[i]) ;
4532 t = (t+er)|0;
4533 ar = er;
4534 er = dr;
4535 dr = rotl(cr, 10);
4536 cr = br;
4537 br = t;
4538 }
4539 // Intermediate hash value
4540 t = (H[1] + cl + dr)|0;
4541 H[1] = (H[2] + dl + er)|0;
4542 H[2] = (H[3] + el + ar)|0;
4543 H[3] = (H[4] + al + br)|0;
4544 H[4] = (H[0] + bl + cr)|0;
4545 H[0] = t;
4548function f1(x, y, z) {
4549 return ((x) ^ (y) ^ (z));
4552function f2(x, y, z) {
4553 return (((x)&(y)) | ((~x)&(z)));
4556function f3(x, y, z) {
4557 return (((x) | (~(y))) ^ (z));
4560function f4(x, y, z) {
4561 return (((x) & (z)) | ((y)&(~(z))));
4564function f5(x, y, z) {
4565 return ((x) ^ ((y) |(~(z))));
4568function rotl(x,n) {
4569 return (x<<n) | (x>>>(32-n));
4572function ripemd160(message) {
4573 var H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0];
4575 if (typeof message == 'string')
4576 message = new Buffer(message, 'utf8');
4578 var m = bytesToWords(message);
4580 var nBitsLeft = message.length * 8;
4581 var nBitsTotal = message.length * 8;
4583 // Add padding
4584 m[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
4585 m[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
4586 (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
4587 (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
4588 );
4590 for (var i=0 ; i<m.length; i += 16) {
4591 processBlock(H, m, i);
4592 }
4594 // Swap endian
4595 for (var i = 0; i < 5; i++) {
4596 // Shortcut
4597 var H_i = H[i];
4599 // Swap
4600 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
4601 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
4602 }
4604 var digestbytes = wordsToBytes(H);
4605 return new Buffer(digestbytes);
4612var u = _dereq_('./util')
4613var write = u.write
4614var fill = u.zeroFill
4616module.exports = function (Buffer) {
4618 //prototype class for hash functions
4619 function Hash (blockSize, finalSize) {
4620 this._block = new Buffer(blockSize) //new Uint32Array(blockSize/4)
4621 this._finalSize = finalSize
4622 this._blockSize = blockSize
4623 this._len = 0
4624 this._s = 0
4625 }
4627 Hash.prototype.init = function () {
4628 this._s = 0
4629 this._len = 0
4630 }
4632 function lengthOf(data, enc) {
4633 if(enc == null) return data.byteLength || data.length
4634 if(enc == 'ascii' || enc == 'binary') return data.length
4635 if(enc == 'hex') return data.length/2
4636 if(enc == 'base64') return data.length/3
4637 }
4639 Hash.prototype.update = function (data, enc) {
4640 var bl = this._blockSize
4642 //I'd rather do this with a streaming encoder, like the opposite of
4643 //http://nodejs.org/api/string_decoder.html
4644 var length
4645 if(!enc && 'string' === typeof data)
4646 enc = 'utf8'
4648 if(enc) {
4649 if(enc === 'utf-8')
4650 enc = 'utf8'
4652 if(enc === 'base64' || enc === 'utf8')
4653 data = new Buffer(data, enc), enc = null
4655 length = lengthOf(data, enc)
4656 } else
4657 length = data.byteLength || data.length
4659 var l = this._len += length
4660 var s = this._s = (this._s || 0)
4661 var f = 0
4662 var buffer = this._block
4663 while(s < l) {
4664 var t = Math.min(length, f + bl)
4665 write(buffer, data, enc, s%bl, f, t)
4666 var ch = (t - f);
4667 s += ch; f += ch
4669 if(!(s%bl))
4670 this._update(buffer)
4671 }
4672 this._s = s
4674 return this
4676 }
4678 Hash.prototype.digest = function (enc) {
4679 var bl = this._blockSize
4680 var fl = this._finalSize
4681 var len = this._len*8
4683 var x = this._block
4685 var bits = len % (bl*8)
4687 //add end marker, so that appending 0's creats a different hash.
4688 x[this._len % bl] = 0x80
4689 fill(this._block, this._len % bl + 1)
4691 if(bits >= fl*8) {
4692 this._update(this._block)
4693 u.zeroFill(this._block, 0)
4694 }
4696 //TODO: handle case where the bit length is > Math.pow(2, 29)
4697 x.writeInt32BE(len, fl + 4) //big endian
4699 var hash = this._update(this._block) || this._hash()
4700 if(enc == null) return hash
4701 return hash.toString(enc)
4702 }
4704 Hash.prototype._update = function () {
4705 throw new Error('_update must be implemented by subclass')
4706 }
4708 return Hash
4712var exports = module.exports = function (alg) {
4713 var Alg = exports[alg]
4714 if(!Alg) throw new Error(alg + ' is not supported (we accept pull requests)')
4715 return new Alg()
4718var Buffer = _dereq_('buffer').Buffer
4719var Hash = _dereq_('./hash')(Buffer)
4721exports.sha =
4722exports.sha1 = _dereq_('./sha1')(Buffer, Hash)
4723exports.sha256 = _dereq_('./sha256')(Buffer, Hash)
4727 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
4728 * in FIPS PUB 180-1
4729 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
4730 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4731 * Distributed under the BSD License
4732 * See http://pajhome.org.uk/crypt/md5 for details.
4733 */
4734module.exports = function (Buffer, Hash) {
4736 var inherits = _dereq_('util').inherits
4738 inherits(Sha1, Hash)
4740 var A = 0|0
4741 var B = 4|0
4742 var C = 8|0
4743 var D = 12|0
4744 var E = 16|0
4746 var BE = false
4747 var LE = true
4749 var W = new Int32Array(80)
4751 var POOL = []
4753 function Sha1 () {
4754 if(POOL.length)
4755 return POOL.pop().init()
4757 if(!(this instanceof Sha1)) return new Sha1()
4758 this._w = W
4759 Hash.call(this, 16*4, 14*4)
4761 this._h = null
4762 this.init()
4763 }
4765 Sha1.prototype.init = function () {
4766 this._a = 0x67452301
4767 this._b = 0xefcdab89
4768 this._c = 0x98badcfe
4769 this._d = 0x10325476
4770 this._e = 0xc3d2e1f0
4772 Hash.prototype.init.call(this)
4773 return this
4774 }
4776 Sha1.prototype._POOL = POOL
4778 // assume that array is a Uint32Array with length=16,
4779 // and that if it is the last block, it already has the length and the 1 bit appended.
4782 var isDV = new Buffer(1) instanceof DataView
4783 function readInt32BE (X, i) {
4784 return isDV
4785 ? X.getInt32(i, false)
4786 : X.readInt32BE(i)
4787 }
4789 Sha1.prototype._update = function (array) {
4791 var X = this._block
4792 var h = this._h
4793 var a, b, c, d, e, _a, _b, _c, _d, _e
4795 a = _a = this._a
4796 b = _b = this._b
4797 c = _c = this._c
4798 d = _d = this._d
4799 e = _e = this._e
4801 var w = this._w
4803 for(var j = 0; j < 80; j++) {
4804 var W = w[j]
4805 = j < 16
4806 //? X.getInt32(j*4, false)
4807 //? readInt32BE(X, j*4) //*/ X.readInt32BE(j*4) //*/
4808 ? X.readInt32BE(j*4)
4809 : rol(w[j - 3] ^ w[j - 8] ^ w[j - 14] ^ w[j - 16], 1)
4811 var t =
4812 add(
4813 add(rol(a, 5), sha1_ft(j, b, c, d)),
4814 add(add(e, W), sha1_kt(j))
4815 );
4817 e = d
4818 d = c
4819 c = rol(b, 30)
4820 b = a
4821 a = t
4822 }
4824 this._a = add(a, _a)
4825 this._b = add(b, _b)
4826 this._c = add(c, _c)
4827 this._d = add(d, _d)
4828 this._e = add(e, _e)
4829 }
4831 Sha1.prototype._hash = function () {
4832 if(POOL.length < 100) POOL.push(this)
4833 var H = new Buffer(20)
4834 //console.log(this._a|0, this._b|0, this._c|0, this._d|0, this._e|0)
4835 H.writeInt32BE(this._a|0, A)
4836 H.writeInt32BE(this._b|0, B)
4837 H.writeInt32BE(this._c|0, C)
4838 H.writeInt32BE(this._d|0, D)
4839 H.writeInt32BE(this._e|0, E)
4840 return H
4841 }
4843 /*
4844 * Perform the appropriate triplet combination function for the current
4845 * iteration
4846 */
4847 function sha1_ft(t, b, c, d) {
4848 if(t < 20) return (b & c) | ((~b) & d);
4849 if(t < 40) return b ^ c ^ d;
4850 if(t < 60) return (b & c) | (b & d) | (c & d);
4851 return b ^ c ^ d;
4852 }
4854 /*
4855 * Determine the appropriate additive constant for the current iteration
4856 */
4857 function sha1_kt(t) {
4858 return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
4859 (t < 60) ? -1894007588 : -899497514;
4860 }
4862 /*
4863 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
4864 * to work around bugs in some JS interpreters.
4865 * //dominictarr: this is 10 years old, so maybe this can be dropped?)
4866 *
4867 */
4868 function add(x, y) {
4869 return (x + y ) | 0
4870 //lets see how this goes on testling.
4871 // var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4872 // var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4873 // return (msw << 16) | (lsw & 0xFFFF);
4874 }
4876 /*
4877 * Bitwise rotate a 32-bit number to the left.
4878 */
4879 function rol(num, cnt) {
4880 return (num << cnt) | (num >>> (32 - cnt));
4881 }
4883 return Sha1
4889 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
4890 * in FIPS 180-2
4891 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
4892 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4893 *
4894 */
4896var inherits = _dereq_('util').inherits
4897var BE = false
4898var LE = true
4899var u = _dereq_('./util')
4901module.exports = function (Buffer, Hash) {
4903 var K = [
4904 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
4905 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
4906 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
4907 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
4908 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
4909 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
4910 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
4911 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
4912 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
4913 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
4914 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
4915 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
4916 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
4917 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
4918 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
4919 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
4920 ]
4922 inherits(Sha256, Hash)
4923 var W = new Array(64)
4924 var POOL = []
4925 function Sha256() {
4926 // Closure compiler warning - this code lacks side effects - thus commented out
4927 // if(POOL.length) {
4928 // return POOL.shift().init()
4929 // }
4930 //this._data = new Buffer(32)
4932 this.init()
4934 this._w = W //new Array(64)
4936 Hash.call(this, 16*4, 14*4)
4937 };
4939 Sha256.prototype.init = function () {
4941 this._a = 0x6a09e667|0
4942 this._b = 0xbb67ae85|0
4943 this._c = 0x3c6ef372|0
4944 this._d = 0xa54ff53a|0
4945 this._e = 0x510e527f|0
4946 this._f = 0x9b05688c|0
4947 this._g = 0x1f83d9ab|0
4948 this._h = 0x5be0cd19|0
4950 this._len = this._s = 0
4952 return this
4953 }
4955 var safe_add = function(x, y) {
4956 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4957 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4958 return (msw << 16) | (lsw & 0xFFFF);
4959 }
4961 function S (X, n) {
4962 return (X >>> n) | (X << (32 - n));
4963 }
4965 function R (X, n) {
4966 return (X >>> n);
4967 }
4969 function Ch (x, y, z) {
4970 return ((x & y) ^ ((~x) & z));
4971 }
4973 function Maj (x, y, z) {
4974 return ((x & y) ^ (x & z) ^ (y & z));
4975 }
4977 function Sigma0256 (x) {
4978 return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
4979 }
4981 function Sigma1256 (x) {
4982 return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
4983 }
4985 function Gamma0256 (x) {
4986 return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
4987 }
4989 function Gamma1256 (x) {
4990 return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
4991 }
4993 Sha256.prototype._update = function(m) {
4994 var M = this._block
4995 var W = this._w
4996 var a, b, c, d, e, f, g, h
4997 var T1, T2
4999 a = this._a | 0
5000 b = this._b | 0
5001 c = this._c | 0
5002 d = this._d | 0
5003 e = this._e | 0
5004 f = this._f | 0
5005 g = this._g | 0
5006 h = this._h | 0
5008 for (var j = 0; j < 64; j++) {
5009 var w = W[j] = j < 16
5010 ? M.readInt32BE(j * 4)
5011 : Gamma1256(W[j - 2]) + W[j - 7] + Gamma0256(W[j - 15]) + W[j - 16]
5013 T1 = h + Sigma1256(e) + Ch(e, f, g) + K[j] + w
5015 T2 = Sigma0256(a) + Maj(a, b, c);
5016 h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a = T1 + T2;
5017 }
5019 this._a = (a + this._a) | 0
5020 this._b = (b + this._b) | 0
5021 this._c = (c + this._c) | 0
5022 this._d = (d + this._d) | 0
5023 this._e = (e + this._e) | 0
5024 this._f = (f + this._f) | 0
5025 this._g = (g + this._g) | 0
5026 this._h = (h + this._h) | 0
5028 };
5030 Sha256.prototype._hash = function () {
5031 if(POOL.length < 10)
5032 POOL.push(this)
5034 var H = new Buffer(32)
5036 H.writeInt32BE(this._a, 0)
5037 H.writeInt32BE(this._b, 4)
5038 H.writeInt32BE(this._c, 8)
5039 H.writeInt32BE(this._d, 12)
5040 H.writeInt32BE(this._e, 16)
5041 H.writeInt32BE(this._f, 20)
5042 H.writeInt32BE(this._g, 24)
5043 H.writeInt32BE(this._h, 28)
5045 return H
5046 }
5048 return Sha256
5053exports.write = write
5054exports.zeroFill = zeroFill
5056exports.toString = toString
5058function write (buffer, string, enc, start, from, to, LE) {
5059 var l = (to - from)
5060 if(enc === 'ascii' || enc === 'binary') {
5061 for( var i = 0; i < l; i++) {
5062 buffer[start + i] = string.charCodeAt(i + from)
5063 }
5064 }
5065 else if(enc == null) {
5066 for( var i = 0; i < l; i++) {
5067 buffer[start + i] = string[i + from]
5068 }
5069 }
5070 else if(enc === 'hex') {
5071 for(var i = 0; i < l; i++) {
5072 var j = from + i
5073 buffer[start + i] = parseInt(string[j*2] + string[(j*2)+1], 16)
5074 }
5075 }
5076 else if(enc === 'base64') {
5077 throw new Error('base64 encoding not yet supported')
5078 }
5079 else
5080 throw new Error(enc +' encoding not yet supported')
5083//always fill to the end!
5084function zeroFill(buf, from) {
5085 for(var i = from; i < buf.length; i++)
5086 buf[i] = 0
5091(function (Buffer){
5092// JavaScript PBKDF2 Implementation
5093// Based on http://git.io/qsv2zw
5094// Licensed under LGPL v3
5095// Copyright (c) 2013 jduncanator
5097var blocksize = 64
5098var zeroBuffer = new Buffer(blocksize); zeroBuffer.fill(0)
5100module.exports = function (createHmac, exports) {
5101 exports = exports || {}
5103 exports.pbkdf2 = function(password, salt, iterations, keylen, cb) {
5104 if('function' !== typeof cb)
5105 throw new Error('No callback provided to pbkdf2');
5106 setTimeout(function () {
5107 cb(null, exports.pbkdf2Sync(password, salt, iterations, keylen))
5108 })
5109 }
5111 exports.pbkdf2Sync = function(key, salt, iterations, keylen) {
5112 if('number' !== typeof iterations)
5113 throw new TypeError('Iterations not a number')
5114 if(iterations < 0)
5115 throw new TypeError('Bad iterations')
5116 if('number' !== typeof keylen)
5117 throw new TypeError('Key length not a number')
5118 if(keylen < 0)
5119 throw new TypeError('Bad key length')
5121 //stretch key to the correct length that hmac wants it,
5122 //otherwise this will happen every time hmac is called
5123 //twice per iteration.
5124 var key = !Buffer.isBuffer(key) ? new Buffer(key) : key
5126 if(key.length > blocksize) {
5127 key = createHash(alg).update(key).digest()
5128 } else if(key.length < blocksize) {
5129 key = Buffer.concat([key, zeroBuffer], blocksize)
5130 }
5132 var HMAC;
5133 var cplen, p = 0, i = 1, itmp = new Buffer(4), digtmp;
5134 var out = new Buffer(keylen);
5135 out.fill(0);
5136 while(keylen) {
5137 if(keylen > 20)
5138 cplen = 20;
5139 else
5140 cplen = keylen;
5142 /* We are unlikely to ever use more than 256 blocks (5120 bits!)
5143 * but just in case...
5144 */
5145 itmp[0] = (i >> 24) & 0xff;
5146 itmp[1] = (i >> 16) & 0xff;
5147 itmp[2] = (i >> 8) & 0xff;
5148 itmp[3] = i & 0xff;
5150 HMAC = createHmac('sha1', key);
5151 HMAC.update(salt)
5152 HMAC.update(itmp);
5153 digtmp = HMAC.digest();
5154 digtmp.copy(out, p, 0, cplen);
5156 for(var j = 1; j < iterations; j++) {
5157 HMAC = createHmac('sha1', key);
5158 HMAC.update(digtmp);
5159 digtmp = HMAC.digest();
5160 for(var k = 0; k < cplen; k++) {
5161 out[k] ^= digtmp[k];
5162 }
5163 }
5164 keylen -= cplen;
5165 i++;
5166 p += cplen;
5167 }
5169 return out;
5170 }
5172 return exports
5177(function (Buffer){
5178// Original code adapted from Robert Kieffer.
5179// details at https://github.com/broofa/node-uuid
5182(function() {
5183 var _global = this;
5185 var mathRNG, whatwgRNG;
5187 // NOTE: Math.random() does not guarantee "cryptographic quality"
5188 mathRNG = function(size) {
5189 var bytes = new Buffer(size);
5190 var r;
5192 for (var i = 0, r; i < size; i++) {
5193 if ((i & 0x03) == 0) r = Math.random() * 0x100000000;
5194 bytes[i] = r >>> ((i & 0x03) << 3) & 0xff;
5195 }
5197 return bytes;
5198 }
5200 if (_global.crypto && crypto.getRandomValues) {
5201 whatwgRNG = function(size) {
5202 var bytes = new Buffer(size); //in browserify, this is an extended Uint8Array
5203 crypto.getRandomValues(bytes);
5204 return bytes;
5205 }
5206 }
5208 module.exports = whatwgRNG || mathRNG;
5214;(function (root, factory, undef) {
5215 if (typeof exports === "object") {
5216 // CommonJS
5217 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
5218 }
5219 else if (typeof define === "function" && define.amd) {
5220 // AMD
5221 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
5222 }
5223 else {
5224 // Global (browser)
5225 factory(root.CryptoJS);
5226 }
5227}(this, function (CryptoJS) {
5229 (function () {
5230 // Shortcuts
5231 var C = CryptoJS;
5232 var C_lib = C.lib;
5233 var BlockCipher = C_lib.BlockCipher;
5234 var C_algo = C.algo;
5236 // Lookup tables
5237 var SBOX = [];
5238 var INV_SBOX = [];
5239 var SUB_MIX_0 = [];
5240 var SUB_MIX_1 = [];
5241 var SUB_MIX_2 = [];
5242 var SUB_MIX_3 = [];
5243 var INV_SUB_MIX_0 = [];
5244 var INV_SUB_MIX_1 = [];
5245 var INV_SUB_MIX_2 = [];
5246 var INV_SUB_MIX_3 = [];
5248 // Compute lookup tables
5249 (function () {
5250 // Compute double table
5251 var d = [];
5252 for (var i = 0; i < 256; i++) {
5253 if (i < 128) {
5254 d[i] = i << 1;
5255 } else {
5256 d[i] = (i << 1) ^ 0x11b;
5257 }
5258 }
5260 // Walk GF(2^8)
5261 var x = 0;
5262 var xi = 0;
5263 for (var i = 0; i < 256; i++) {
5264 // Compute sbox
5265 var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
5266 sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
5267 SBOX[x] = sx;
5268 INV_SBOX[sx] = x;
5270 // Compute multiplication
5271 var x2 = d[x];
5272 var x4 = d[x2];
5273 var x8 = d[x4];
5275 // Compute sub bytes, mix columns tables
5276 var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
5277 SUB_MIX_0[x] = (t << 24) | (t >>> 8);
5278 SUB_MIX_1[x] = (t << 16) | (t >>> 16);
5279 SUB_MIX_2[x] = (t << 8) | (t >>> 24);
5280 SUB_MIX_3[x] = t;
5282 // Compute inv sub bytes, inv mix columns tables
5283 var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
5284 INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
5285 INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
5286 INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
5287 INV_SUB_MIX_3[sx] = t;
5289 // Compute next counter
5290 if (!x) {
5291 x = xi = 1;
5292 } else {
5293 x = x2 ^ d[d[d[x8 ^ x2]]];
5294 xi ^= d[d[xi]];
5295 }
5296 }
5297 }());
5299 // Precomputed Rcon lookup
5300 var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
5302 /**
5303 * AES block cipher algorithm.
5304 */
5305 var AES = C_algo.AES = BlockCipher.extend({
5306 _doReset: function () {
5307 // Shortcuts
5308 var key = this._key;
5309 var keyWords = key.words;
5310 var keySize = key.sigBytes / 4;
5312 // Compute number of rounds
5313 var nRounds = this._nRounds = keySize + 6
5315 // Compute number of key schedule rows
5316 var ksRows = (nRounds + 1) * 4;
5318 // Compute key schedule
5319 var keySchedule = this._keySchedule = [];
5320 for (var ksRow = 0; ksRow < ksRows; ksRow++) {
5321 if (ksRow < keySize) {
5322 keySchedule[ksRow] = keyWords[ksRow];
5323 } else {
5324 var t = keySchedule[ksRow - 1];
5326 if (!(ksRow % keySize)) {
5327 // Rot word
5328 t = (t << 8) | (t >>> 24);
5330 // Sub word
5331 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
5333 // Mix Rcon
5334 t ^= RCON[(ksRow / keySize) | 0] << 24;
5335 } else if (keySize > 6 && ksRow % keySize == 4) {
5336 // Sub word
5337 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
5338 }
5340 keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
5341 }
5342 }
5344 // Compute inv key schedule
5345 var invKeySchedule = this._invKeySchedule = [];
5346 for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
5347 var ksRow = ksRows - invKsRow;
5349 if (invKsRow % 4) {
5350 var t = keySchedule[ksRow];
5351 } else {
5352 var t = keySchedule[ksRow - 4];
5353 }
5355 if (invKsRow < 4 || ksRow <= 4) {
5356 invKeySchedule[invKsRow] = t;
5357 } else {
5358 invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
5359 INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
5360 }
5361 }
5362 },
5364 encryptBlock: function (M, offset) {
5365 this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
5366 },
5368 decryptBlock: function (M, offset) {
5369 // Swap 2nd and 4th rows
5370 var t = M[offset + 1];
5371 M[offset + 1] = M[offset + 3];
5372 M[offset + 3] = t;
5374 this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
5376 // Inv swap 2nd and 4th rows
5377 var t = M[offset + 1];
5378 M[offset + 1] = M[offset + 3];
5379 M[offset + 3] = t;
5380 },
5382 _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
5383 // Shortcut
5384 var nRounds = this._nRounds;
5386 // Get input, add round key
5387 var s0 = M[offset] ^ keySchedule[0];
5388 var s1 = M[offset + 1] ^ keySchedule[1];
5389 var s2 = M[offset + 2] ^ keySchedule[2];
5390 var s3 = M[offset + 3] ^ keySchedule[3];
5392 // Key schedule row counter
5393 var ksRow = 4;
5395 // Rounds
5396 for (var round = 1; round < nRounds; round++) {
5397 // Shift rows, sub bytes, mix columns, add round key
5398 var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
5399 var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
5400 var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
5401 var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
5403 // Update state
5404 s0 = t0;
5405 s1 = t1;
5406 s2 = t2;
5407 s3 = t3;
5408 }
5410 // Shift rows, sub bytes, add round key
5411 var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
5412 var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
5413 var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
5414 var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
5416 // Set output
5417 M[offset] = t0;
5418 M[offset + 1] = t1;
5419 M[offset + 2] = t2;
5420 M[offset + 3] = t3;
5421 },
5423 keySize: 256/32
5424 });
5426 /**
5427 * Shortcut functions to the cipher's object interface.
5428 *
5429 * @example
5430 *
5431 * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
5432 * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
5433 */
5434 C.AES = BlockCipher._createHelper(AES);
5435 }());
5438 return CryptoJS.AES;
5442;(function (root, factory) {
5443 if (typeof exports === "object") {
5444 // CommonJS
5445 module.exports = exports = factory(_dereq_("./core"));
5446 }
5447 else if (typeof define === "function" && define.amd) {
5448 // AMD
5449 define(["./core"], factory);
5450 }
5451 else {
5452 // Global (browser)
5453 factory(root.CryptoJS);
5454 }
5455}(this, function (CryptoJS) {
5457 /**
5458 * Cipher core components.
5459 */
5460 CryptoJS.lib.Cipher || (function (undefined) {
5461 // Shortcuts
5462 var C = CryptoJS;
5463 var C_lib = C.lib;
5464 var Base = C_lib.Base;
5465 var WordArray = C_lib.WordArray;
5466 var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
5467 var C_enc = C.enc;
5468 var Utf8 = C_enc.Utf8;
5469 var Base64 = C_enc.Base64;
5470 var C_algo = C.algo;
5471 var EvpKDF = C_algo.EvpKDF;
5473 /**
5474 * Abstract base cipher template.
5475 *
5476 * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
5477 * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
5478 * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
5479 * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
5480 */
5481 var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
5482 /**
5483 * Configuration options.
5484 *
5485 * @property {WordArray} iv The IV to use for this operation.
5486 */
5487 cfg: Base.extend(),
5489 /**
5490 * Creates this cipher in encryption mode.
5491 *
5492 * @param {WordArray} key The key.
5493 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5494 *
5495 * @return {Cipher} A cipher instance.
5496 *
5497 * @static
5498 *
5499 * @example
5500 *
5501 * var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
5502 */
5503 createEncryptor: function (key, cfg) {
5504 return this.create(this._ENC_XFORM_MODE, key, cfg);
5505 },
5507 /**
5508 * Creates this cipher in decryption mode.
5509 *
5510 * @param {WordArray} key The key.
5511 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5512 *
5513 * @return {Cipher} A cipher instance.
5514 *
5515 * @static
5516 *
5517 * @example
5518 *
5519 * var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
5520 */
5521 createDecryptor: function (key, cfg) {
5522 return this.create(this._DEC_XFORM_MODE, key, cfg);
5523 },
5525 /**
5526 * Initializes a newly created cipher.
5527 *
5528 * @param {number} xformMode Either the encryption or decryption transormation mode constant.
5529 * @param {WordArray} key The key.
5530 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5531 *
5532 * @example
5533 *
5534 * var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
5535 */
5536 init: function (xformMode, key, cfg) {
5537 // Apply config defaults
5538 this.cfg = this.cfg.extend(cfg);
5540 // Store transform mode and key
5541 this._xformMode = xformMode;
5542 this._key = key;
5544 // Set initial values
5545 this.reset();
5546 },
5548 /**
5549 * Resets this cipher to its initial state.
5550 *
5551 * @example
5552 *
5553 * cipher.reset();
5554 */
5555 reset: function () {
5556 // Reset data buffer
5557 BufferedBlockAlgorithm.reset.call(this);
5559 // Perform concrete-cipher logic
5560 this._doReset();
5561 },
5563 /**
5564 * Adds data to be encrypted or decrypted.
5565 *
5566 * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
5567 *
5568 * @return {WordArray} The data after processing.
5569 *
5570 * @example
5571 *
5572 * var encrypted = cipher.process('data');
5573 * var encrypted = cipher.process(wordArray);
5574 */
5575 process: function (dataUpdate) {
5576 // Append
5577 this._append(dataUpdate);
5579 // Process available blocks
5580 return this._process();
5581 },
5583 /**
5584 * Finalizes the encryption or decryption process.
5585 * Note that the finalize operation is effectively a destructive, read-once operation.
5586 *
5587 * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
5588 *
5589 * @return {WordArray} The data after final processing.
5590 *
5591 * @example
5592 *
5593 * var encrypted = cipher.finalize();
5594 * var encrypted = cipher.finalize('data');
5595 * var encrypted = cipher.finalize(wordArray);
5596 */
5597 finalize: function (dataUpdate) {
5598 // Final data update
5599 if (dataUpdate) {
5600 this._append(dataUpdate);
5601 }
5603 // Perform concrete-cipher logic
5604 var finalProcessedData = this._doFinalize();
5606 return finalProcessedData;
5607 },
5609 keySize: 128/32,
5611 ivSize: 128/32,
5613 _ENC_XFORM_MODE: 1,
5615 _DEC_XFORM_MODE: 2,
5617 /**
5618 * Creates shortcut functions to a cipher's object interface.
5619 *
5620 * @param {Cipher} cipher The cipher to create a helper for.
5621 *
5622 * @return {Object} An object with encrypt and decrypt shortcut functions.
5623 *
5624 * @static
5625 *
5626 * @example
5627 *
5628 * var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
5629 */
5630 _createHelper: (function () {
5631 function selectCipherStrategy(key) {
5632 if (typeof key == 'string') {
5633 return PasswordBasedCipher;
5634 } else {
5635 return SerializableCipher;
5636 }
5637 }
5639 return function (cipher) {
5640 return {
5641 encrypt: function (message, key, cfg) {
5642 return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
5643 },
5645 decrypt: function (ciphertext, key, cfg) {
5646 return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
5647 }
5648 };
5649 };
5650 }())
5651 });
5653 /**
5654 * Abstract base stream cipher template.
5655 *
5656 * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
5657 */
5658 var StreamCipher = C_lib.StreamCipher = Cipher.extend({
5659 _doFinalize: function () {
5660 // Process partial blocks
5661 var finalProcessedBlocks = this._process(!!'flush');
5663 return finalProcessedBlocks;
5664 },
5666 blockSize: 1
5667 });
5669 /**
5670 * Mode namespace.
5671 */
5672 var C_mode = C.mode = {};
5674 /**
5675 * Abstract base block cipher mode template.
5676 */
5677 var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
5678 /**
5679 * Creates this mode for encryption.
5680 *
5681 * @param {Cipher} cipher A block cipher instance.
5682 * @param {Array} iv The IV words.
5683 *
5684 * @static
5685 *
5686 * @example
5687 *
5688 * var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
5689 */
5690 createEncryptor: function (cipher, iv) {
5691 return this.Encryptor.create(cipher, iv);
5692 },
5694 /**
5695 * Creates this mode for decryption.
5696 *
5697 * @param {Cipher} cipher A block cipher instance.
5698 * @param {Array} iv The IV words.
5699 *
5700 * @static
5701 *
5702 * @example
5703 *
5704 * var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
5705 */
5706 createDecryptor: function (cipher, iv) {
5707 return this.Decryptor.create(cipher, iv);
5708 },
5710 /**
5711 * Initializes a newly created mode.
5712 *
5713 * @param {Cipher} cipher A block cipher instance.
5714 * @param {Array} iv The IV words.
5715 *
5716 * @example
5717 *
5718 * var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
5719 */
5720 init: function (cipher, iv) {
5721 this._cipher = cipher;
5722 this._iv = iv;
5723 }
5724 });
5726 /**
5727 * Cipher Block Chaining mode.
5728 */
5729 var CBC = C_mode.CBC = (function () {
5730 /**
5731 * Abstract base CBC mode.
5732 */
5733 var CBC = BlockCipherMode.extend();
5735 /**
5736 * CBC encryptor.
5737 */
5738 CBC.Encryptor = CBC.extend({
5739 /**
5740 * Processes the data block at offset.
5741 *
5742 * @param {Array} words The data words to operate on.
5743 * @param {number} offset The offset where the block starts.
5744 *
5745 * @example
5746 *
5747 * mode.processBlock(data.words, offset);
5748 */
5749 processBlock: function (words, offset) {
5750 // Shortcuts
5751 var cipher = this._cipher;
5752 var blockSize = cipher.blockSize;
5754 // XOR and encrypt
5755 xorBlock.call(this, words, offset, blockSize);
5756 cipher.encryptBlock(words, offset);
5758 // Remember this block to use with next block
5759 this._prevBlock = words.slice(offset, offset + blockSize);
5760 }
5761 });
5763 /**
5764 * CBC decryptor.
5765 */
5766 CBC.Decryptor = CBC.extend({
5767 /**
5768 * Processes the data block at offset.
5769 *
5770 * @param {Array} words The data words to operate on.
5771 * @param {number} offset The offset where the block starts.
5772 *
5773 * @example
5774 *
5775 * mode.processBlock(data.words, offset);
5776 */
5777 processBlock: function (words, offset) {
5778 // Shortcuts
5779 var cipher = this._cipher;
5780 var blockSize = cipher.blockSize;
5782 // Remember this block to use with next block
5783 var thisBlock = words.slice(offset, offset + blockSize);
5785 // Decrypt and XOR
5786 cipher.decryptBlock(words, offset);
5787 xorBlock.call(this, words, offset, blockSize);
5789 // This block becomes the previous block
5790 this._prevBlock = thisBlock;
5791 }
5792 });
5794 function xorBlock(words, offset, blockSize) {
5795 // Shortcut
5796 var iv = this._iv;
5798 // Choose mixing block
5799 if (iv) {
5800 var block = iv;
5802 // Remove IV for subsequent blocks
5803 this._iv = undefined;
5804 } else {
5805 var block = this._prevBlock;
5806 }
5808 // XOR blocks
5809 for (var i = 0; i < blockSize; i++) {
5810 words[offset + i] ^= block[i];
5811 }
5812 }
5814 return CBC;
5815 }());
5817 /**
5818 * Padding namespace.
5819 */
5820 var C_pad = C.pad = {};
5822 /**
5823 * PKCS #5/7 padding strategy.
5824 */
5825 var Pkcs7 = C_pad.Pkcs7 = {
5826 /**
5827 * Pads data using the algorithm defined in PKCS #5/7.
5828 *
5829 * @param {WordArray} data The data to pad.
5830 * @param {number} blockSize The multiple that the data should be padded to.
5831 *
5832 * @static
5833 *
5834 * @example
5835 *
5836 * CryptoJS.pad.Pkcs7.pad(wordArray, 4);
5837 */
5838 pad: function (data, blockSize) {
5839 // Shortcut
5840 var blockSizeBytes = blockSize * 4;
5842 // Count padding bytes
5843 var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
5845 // Create padding word
5846 var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
5848 // Create padding
5849 var paddingWords = [];
5850 for (var i = 0; i < nPaddingBytes; i += 4) {
5851 paddingWords.push(paddingWord);
5852 }
5853 var padding = WordArray.create(paddingWords, nPaddingBytes);
5855 // Add padding
5856 data.concat(padding);
5857 },
5859 /**
5860 * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
5861 *
5862 * @param {WordArray} data The data to unpad.
5863 *
5864 * @static
5865 *
5866 * @example
5867 *
5868 * CryptoJS.pad.Pkcs7.unpad(wordArray);
5869 */
5870 unpad: function (data) {
5871 // Get number of padding bytes from last byte
5872 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
5874 // Remove padding
5875 data.sigBytes -= nPaddingBytes;
5876 }
5877 };
5879 /**
5880 * Abstract base block cipher template.
5881 *
5882 * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
5883 */
5884 var BlockCipher = C_lib.BlockCipher = Cipher.extend({
5885 /**
5886 * Configuration options.
5887 *
5888 * @property {Mode} mode The block mode to use. Default: CBC
5889 * @property {Padding} padding The padding strategy to use. Default: Pkcs7
5890 */
5891 cfg: Cipher.cfg.extend({
5892 mode: CBC,
5893 padding: Pkcs7
5894 }),
5896 reset: function () {
5897 // Reset cipher
5898 Cipher.reset.call(this);
5900 // Shortcuts
5901 var cfg = this.cfg;
5902 var iv = cfg.iv;
5903 var mode = cfg.mode;
5905 // Reset block mode
5906 if (this._xformMode == this._ENC_XFORM_MODE) {
5907 var modeCreator = mode.createEncryptor;
5908 } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
5909 var modeCreator = mode.createDecryptor;
5911 // Keep at least one block in the buffer for unpadding
5912 this._minBufferSize = 1;
5913 }
5914 this._mode = modeCreator.call(mode, this, iv && iv.words);
5915 },
5917 _doProcessBlock: function (words, offset) {
5918 this._mode.processBlock(words, offset);
5919 },
5921 _doFinalize: function () {
5922 // Shortcut
5923 var padding = this.cfg.padding;
5925 // Finalize
5926 if (this._xformMode == this._ENC_XFORM_MODE) {
5927 // Pad data
5928 padding.pad(this._data, this.blockSize);
5930 // Process final blocks
5931 var finalProcessedBlocks = this._process(!!'flush');
5932 } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
5933 // Process final blocks
5934 var finalProcessedBlocks = this._process(!!'flush');
5936 // Unpad data
5937 padding.unpad(finalProcessedBlocks);
5938 }
5940 return finalProcessedBlocks;
5941 },
5943 blockSize: 128/32
5944 });
5946 /**
5947 * A collection of cipher parameters.
5948 *
5949 * @property {WordArray} ciphertext The raw ciphertext.
5950 * @property {WordArray} key The key to this ciphertext.
5951 * @property {WordArray} iv The IV used in the ciphering operation.
5952 * @property {WordArray} salt The salt used with a key derivation function.
5953 * @property {Cipher} algorithm The cipher algorithm.
5954 * @property {Mode} mode The block mode used in the ciphering operation.
5955 * @property {Padding} padding The padding scheme used in the ciphering operation.
5956 * @property {number} blockSize The block size of the cipher.
5957 * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
5958 */
5959 var CipherParams = C_lib.CipherParams = Base.extend({
5960 /**
5961 * Initializes a newly created cipher params object.
5962 *
5963 * @param {Object} cipherParams An object with any of the possible cipher parameters.
5964 *
5965 * @example
5966 *
5967 * var cipherParams = CryptoJS.lib.CipherParams.create({
5968 * ciphertext: ciphertextWordArray,
5969 * key: keyWordArray,
5970 * iv: ivWordArray,
5971 * salt: saltWordArray,
5972 * algorithm: CryptoJS.algo.AES,
5973 * mode: CryptoJS.mode.CBC,
5974 * padding: CryptoJS.pad.PKCS7,
5975 * blockSize: 4,
5976 * formatter: CryptoJS.format.OpenSSL
5977 * });
5978 */
5979 init: function (cipherParams) {
5980 this.mixIn(cipherParams);
5981 },
5983 /**
5984 * Converts this cipher params object to a string.
5985 *
5986 * @param {Format} formatter (Optional) The formatting strategy to use.
5987 *
5988 * @return {string} The stringified cipher params.
5989 *
5990 * @throws Error If neither the formatter nor the default formatter is set.
5991 *
5992 * @example
5993 *
5994 * var string = cipherParams + '';
5995 * var string = cipherParams.toString();
5996 * var string = cipherParams.toString(CryptoJS.format.OpenSSL);
5997 */
5998 toString: function (formatter) {
5999 return (formatter || this.formatter).stringify(this);
6000 }
6001 });
6003 /**
6004 * Format namespace.
6005 */
6006 var C_format = C.format = {};
6008 /**
6009 * OpenSSL formatting strategy.
6010 */
6011 var OpenSSLFormatter = C_format.OpenSSL = {
6012 /**
6013 * Converts a cipher params object to an OpenSSL-compatible string.
6014 *
6015 * @param {CipherParams} cipherParams The cipher params object.
6016 *
6017 * @return {string} The OpenSSL-compatible string.
6018 *
6019 * @static
6020 *
6021 * @example
6022 *
6023 * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
6024 */
6025 stringify: function (cipherParams) {
6026 // Shortcuts
6027 var ciphertext = cipherParams.ciphertext;
6028 var salt = cipherParams.salt;
6030 // Format
6031 if (salt) {
6032 var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
6033 } else {
6034 var wordArray = ciphertext;
6035 }
6037 return wordArray.toString(Base64);
6038 },
6040 /**
6041 * Converts an OpenSSL-compatible string to a cipher params object.
6042 *
6043 * @param {string} openSSLStr The OpenSSL-compatible string.
6044 *
6045 * @return {CipherParams} The cipher params object.
6046 *
6047 * @static
6048 *
6049 * @example
6050 *
6051 * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
6052 */
6053 parse: function (openSSLStr) {
6054 // Parse base64
6055 var ciphertext = Base64.parse(openSSLStr);
6057 // Shortcut
6058 var ciphertextWords = ciphertext.words;
6060 // Test for salt
6061 if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
6062 // Extract salt
6063 var salt = WordArray.create(ciphertextWords.slice(2, 4));
6065 // Remove salt from ciphertext
6066 ciphertextWords.splice(0, 4);
6067 ciphertext.sigBytes -= 16;
6068 }
6070 return CipherParams.create({ ciphertext: ciphertext, salt: salt });
6071 }
6072 };
6074 /**
6075 * A cipher wrapper that returns ciphertext as a serializable cipher params object.
6076 */
6077 var SerializableCipher = C_lib.SerializableCipher = Base.extend({
6078 /**
6079 * Configuration options.
6080 *
6081 * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
6082 */
6083 cfg: Base.extend({
6084 format: OpenSSLFormatter
6085 }),
6087 /**
6088 * Encrypts a message.
6089 *
6090 * @param {Cipher} cipher The cipher algorithm to use.
6091 * @param {WordArray|string} message The message to encrypt.
6092 * @param {WordArray} key The key.
6093 * @param {Object} cfg (Optional) The configuration options to use for this operation.
6094 *
6095 * @return {CipherParams} A cipher params object.
6096 *
6097 * @static
6098 *
6099 * @example
6100 *
6101 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
6102 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
6103 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
6104 */
6105 encrypt: function (cipher, message, key, cfg) {
6106 // Apply config defaults
6107 cfg = this.cfg.extend(cfg);
6109 // Encrypt
6110 var encryptor = cipher.createEncryptor(key, cfg);
6111 var ciphertext = encryptor.finalize(message);
6113 // Shortcut
6114 var cipherCfg = encryptor.cfg;
6116 // Create and return serializable cipher params
6117 return CipherParams.create({
6118 ciphertext: ciphertext,
6119 key: key,
6120 iv: cipherCfg.iv,
6121 algorithm: cipher,
6122 mode: cipherCfg.mode,
6123 padding: cipherCfg.padding,
6124 blockSize: cipher.blockSize,
6125 formatter: cfg.format
6126 });
6127 },
6129 /**
6130 * Decrypts serialized ciphertext.
6131 *
6132 * @param {Cipher} cipher The cipher algorithm to use.
6133 * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
6134 * @param {WordArray} key The key.
6135 * @param {Object} cfg (Optional) The configuration options to use for this operation.
6136 *
6137 * @return {WordArray} The plaintext.
6138 *
6139 * @static
6140 *
6141 * @example
6142 *
6143 * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
6144 * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
6145 */
6146 decrypt: function (cipher, ciphertext, key, cfg) {
6147 // Apply config defaults
6148 cfg = this.cfg.extend(cfg);
6150 // Convert string to CipherParams
6151 ciphertext = this._parse(ciphertext, cfg.format);
6153 // Decrypt
6154 var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
6156 return plaintext;
6157 },
6159 /**
6160 * Converts serialized ciphertext to CipherParams,
6161 * else assumed CipherParams already and returns ciphertext unchanged.
6162 *
6163 * @param {CipherParams|string} ciphertext The ciphertext.
6164 * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
6165 *
6166 * @return {CipherParams} The unserialized ciphertext.
6167 *
6168 * @static
6169 *
6170 * @example
6171 *
6172 * var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
6173 */
6174 _parse: function (ciphertext, format) {
6175 if (typeof ciphertext == 'string') {
6176 return format.parse(ciphertext, this);
6177 } else {
6178 return ciphertext;
6179 }
6180 }
6181 });
6183 /**
6184 * Key derivation function namespace.
6185 */
6186 var C_kdf = C.kdf = {};
6188 /**
6189 * OpenSSL key derivation function.
6190 */
6191 var OpenSSLKdf = C_kdf.OpenSSL = {
6192 /**
6193 * Derives a key and IV from a password.
6194 *
6195 * @param {string} password The password to derive from.
6196 * @param {number} keySize The size in words of the key to generate.
6197 * @param {number} ivSize The size in words of the IV to generate.
6198 * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
6199 *
6200 * @return {CipherParams} A cipher params object with the key, IV, and salt.
6201 *
6202 * @static
6203 *
6204 * @example
6205 *
6206 * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
6207 * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
6208 */
6209 execute: function (password, keySize, ivSize, salt) {
6210 // Generate random salt
6211 if (!salt) {
6212 salt = WordArray.random(64/8);
6213 }
6215 // Derive key and IV
6216 var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
6218 // Separate key and IV
6219 var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
6220 key.sigBytes = keySize * 4;
6222 // Return params
6223 return CipherParams.create({ key: key, iv: iv, salt: salt });
6224 }
6225 };
6227 /**
6228 * A serializable cipher wrapper that derives the key from a password,
6229 * and returns ciphertext as a serializable cipher params object.
6230 */
6231 var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
6232 /**
6233 * Configuration options.
6234 *
6235 * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
6236 */
6237 cfg: SerializableCipher.cfg.extend({
6238 kdf: OpenSSLKdf
6239 }),
6241 /**
6242 * Encrypts a message using a password.
6243 *
6244 * @param {Cipher} cipher The cipher algorithm to use.
6245 * @param {WordArray|string} message The message to encrypt.
6246 * @param {string} password The password.
6247 * @param {Object} cfg (Optional) The configuration options to use for this operation.
6248 *
6249 * @return {CipherParams} A cipher params object.
6250 *
6251 * @static
6252 *
6253 * @example
6254 *
6255 * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
6256 * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
6257 */
6258 encrypt: function (cipher, message, password, cfg) {
6259 // Apply config defaults
6260 cfg = this.cfg.extend(cfg);
6262 // Derive key and other params
6263 var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
6265 // Add IV to config
6266 cfg.iv = derivedParams.iv;
6268 // Encrypt
6269 var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
6271 // Mix in derived params
6272 ciphertext.mixIn(derivedParams);
6274 return ciphertext;
6275 },
6277 /**
6278 * Decrypts serialized ciphertext using a password.
6279 *
6280 * @param {Cipher} cipher The cipher algorithm to use.
6281 * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
6282 * @param {string} password The password.
6283 * @param {Object} cfg (Optional) The configuration options to use for this operation.
6284 *
6285 * @return {WordArray} The plaintext.
6286 *
6287 * @static
6288 *
6289 * @example
6290 *
6291 * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
6292 * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
6293 */
6294 decrypt: function (cipher, ciphertext, password, cfg) {
6295 // Apply config defaults
6296 cfg = this.cfg.extend(cfg);
6298 // Convert string to CipherParams
6299 ciphertext = this._parse(ciphertext, cfg.format);
6301 // Derive key and other params
6302 var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
6304 // Add IV to config
6305 cfg.iv = derivedParams.iv;
6307 // Decrypt
6308 var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
6310 return plaintext;
6311 }
6312 });
6313 }());
6318;(function (root, factory) {
6319 if (typeof exports === "object") {
6320 // CommonJS
6321 module.exports = exports = factory();
6322 }
6323 else if (typeof define === "function" && define.amd) {
6324 // AMD
6325 define([], factory);
6326 }
6327 else {
6328 // Global (browser)
6329 root.CryptoJS = factory();
6330 }
6331}(this, function () {
6333 /**
6334 * CryptoJS core components.
6335 */
6336 var CryptoJS = CryptoJS || (function (Math, undefined) {
6337 /**
6338 * CryptoJS namespace.
6339 */
6340 var C = {};
6342 /**
6343 * Library namespace.
6344 */
6345 var C_lib = C.lib = {};
6347 /**
6348 * Base object for prototypal inheritance.
6349 */
6350 var Base = C_lib.Base = (function () {
6351 function F() {}
6353 return {
6354 /**
6355 * Creates a new object that inherits from this object.
6356 *
6357 * @param {Object} overrides Properties to copy into the new object.
6358 *
6359 * @return {Object} The new object.
6360 *
6361 * @static
6362 *
6363 * @example
6364 *
6365 * var MyType = CryptoJS.lib.Base.extend({
6366 * field: 'value',
6367 *
6368 * method: function () {
6369 * }
6370 * });
6371 */
6372 extend: function (overrides) {
6373 // Spawn
6374 F.prototype = this;
6375 var subtype = new F();
6377 // Augment
6378 if (overrides) {
6379 subtype.mixIn(overrides);
6380 }
6382 // Create default initializer
6383 if (!subtype.hasOwnProperty('init')) {
6384 subtype.init = function () {
6385 subtype.$super.init.apply(this, arguments);
6386 };
6387 }
6389 // Initializer's prototype is the subtype object
6390 subtype.init.prototype = subtype;
6392 // Reference supertype
6393 subtype.$super = this;
6395 return subtype;
6396 },
6398 /**
6399 * Extends this object and runs the init method.
6400 * Arguments to create() will be passed to init().
6401 *
6402 * @return {Object} The new object.
6403 *
6404 * @static
6405 *
6406 * @example
6407 *
6408 * var instance = MyType.create();
6409 */
6410 create: function () {
6411 var instance = this.extend();
6412 instance.init.apply(instance, arguments);
6414 return instance;
6415 },
6417 /**
6418 * Initializes a newly created object.
6419 * Override this method to add some logic when your objects are created.
6420 *
6421 * @example
6422 *
6423 * var MyType = CryptoJS.lib.Base.extend({
6424 * init: function () {
6425 * // ...
6426 * }
6427 * });
6428 */
6429 init: function () {
6430 },
6432 /**
6433 * Copies properties into this object.
6434 *
6435 * @param {Object} properties The properties to mix in.
6436 *
6437 * @example
6438 *
6439 * MyType.mixIn({
6440 * field: 'value'
6441 * });
6442 */
6443 mixIn: function (properties) {
6444 for (var propertyName in properties) {
6445 if (properties.hasOwnProperty(propertyName)) {
6446 this[propertyName] = properties[propertyName];
6447 }
6448 }
6450 // IE won't copy toString using the loop above
6451 if (properties.hasOwnProperty('toString')) {
6452 this.toString = properties.toString;
6453 }
6454 },
6456 /**
6457 * Creates a copy of this object.
6458 *
6459 * @return {Object} The clone.
6460 *
6461 * @example
6462 *
6463 * var clone = instance.clone();
6464 */
6465 clone: function () {
6466 return this.init.prototype.extend(this);
6467 }
6468 };
6469 }());
6471 /**
6472 * An array of 32-bit words.
6473 *
6474 * @property {Array} words The array of 32-bit words.
6475 * @property {number} sigBytes The number of significant bytes in this word array.
6476 */
6477 var WordArray = C_lib.WordArray = Base.extend({
6478 /**
6479 * Initializes a newly created word array.
6480 *
6481 * @param {Array} words (Optional) An array of 32-bit words.
6482 * @param {number} sigBytes (Optional) The number of significant bytes in the words.
6483 *
6484 * @example
6485 *
6486 * var wordArray = CryptoJS.lib.WordArray.create();
6487 * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
6488 * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
6489 */
6490 init: function (words, sigBytes) {
6491 words = this.words = words || [];
6493 if (sigBytes != undefined) {
6494 this.sigBytes = sigBytes;
6495 } else {
6496 this.sigBytes = words.length * 4;
6497 }
6498 },
6500 /**
6501 * Converts this word array to a string.
6502 *
6503 * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
6504 *
6505 * @return {string} The stringified word array.
6506 *
6507 * @example
6508 *
6509 * var string = wordArray + '';
6510 * var string = wordArray.toString();
6511 * var string = wordArray.toString(CryptoJS.enc.Utf8);
6512 */
6513 toString: function (encoder) {
6514 return (encoder || Hex).stringify(this);
6515 },
6517 /**
6518 * Concatenates a word array to this word array.
6519 *
6520 * @param {WordArray} wordArray The word array to append.
6521 *
6522 * @return {WordArray} This word array.
6523 *
6524 * @example
6525 *
6526 * wordArray1.concat(wordArray2);
6527 */
6528 concat: function (wordArray) {
6529 // Shortcuts
6530 var thisWords = this.words;
6531 var thatWords = wordArray.words;
6532 var thisSigBytes = this.sigBytes;
6533 var thatSigBytes = wordArray.sigBytes;
6535 // Clamp excess bits
6536 this.clamp();
6538 // Concat
6539 if (thisSigBytes % 4) {
6540 // Copy one byte at a time
6541 for (var i = 0; i < thatSigBytes; i++) {
6542 var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6543 thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
6544 }
6545 } else if (thatWords.length > 0xffff) {
6546 // Copy one word at a time
6547 for (var i = 0; i < thatSigBytes; i += 4) {
6548 thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
6549 }
6550 } else {
6551 // Copy all words at once
6552 thisWords.push.apply(thisWords, thatWords);
6553 }
6554 this.sigBytes += thatSigBytes;
6556 // Chainable
6557 return this;
6558 },
6560 /**
6561 * Removes insignificant bits.
6562 *
6563 * @example
6564 *
6565 * wordArray.clamp();
6566 */
6567 clamp: function () {
6568 // Shortcuts
6569 var words = this.words;
6570 var sigBytes = this.sigBytes;
6572 // Clamp
6573 words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
6574 words.length = Math.ceil(sigBytes / 4);
6575 },
6577 /**
6578 * Creates a copy of this word array.
6579 *
6580 * @return {WordArray} The clone.
6581 *
6582 * @example
6583 *
6584 * var clone = wordArray.clone();
6585 */
6586 clone: function () {
6587 var clone = Base.clone.call(this);
6588 clone.words = this.words.slice(0);
6590 return clone;
6591 },
6593 /**
6594 * Creates a word array filled with random bytes.
6595 *
6596 * @param {number} nBytes The number of random bytes to generate.
6597 *
6598 * @return {WordArray} The random word array.
6599 *
6600 * @static
6601 *
6602 * @example
6603 *
6604 * var wordArray = CryptoJS.lib.WordArray.random(16);
6605 */
6606 random: function (nBytes) {
6607 var words = [];
6608 for (var i = 0; i < nBytes; i += 4) {
6609 words.push((Math.random() * 0x100000000) | 0);
6610 }
6612 return new WordArray.init(words, nBytes);
6613 }
6614 });
6616 /**
6617 * Encoder namespace.
6618 */
6619 var C_enc = C.enc = {};
6621 /**
6622 * Hex encoding strategy.
6623 */
6624 var Hex = C_enc.Hex = {
6625 /**
6626 * Converts a word array to a hex string.
6627 *
6628 * @param {WordArray} wordArray The word array.
6629 *
6630 * @return {string} The hex string.
6631 *
6632 * @static
6633 *
6634 * @example
6635 *
6636 * var hexString = CryptoJS.enc.Hex.stringify(wordArray);
6637 */
6638 stringify: function (wordArray) {
6639 // Shortcuts
6640 var words = wordArray.words;
6641 var sigBytes = wordArray.sigBytes;
6643 // Convert
6644 var hexChars = [];
6645 for (var i = 0; i < sigBytes; i++) {
6646 var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6647 hexChars.push((bite >>> 4).toString(16));
6648 hexChars.push((bite & 0x0f).toString(16));
6649 }
6651 return hexChars.join('');
6652 },
6654 /**
6655 * Converts a hex string to a word array.
6656 *
6657 * @param {string} hexStr The hex string.
6658 *
6659 * @return {WordArray} The word array.
6660 *
6661 * @static
6662 *
6663 * @example
6664 *
6665 * var wordArray = CryptoJS.enc.Hex.parse(hexString);
6666 */
6667 parse: function (hexStr) {
6668 // Shortcut
6669 var hexStrLength = hexStr.length;
6671 // Convert
6672 var words = [];
6673 for (var i = 0; i < hexStrLength; i += 2) {
6674 words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
6675 }
6677 return new WordArray.init(words, hexStrLength / 2);
6678 }
6679 };
6681 /**
6682 * Latin1 encoding strategy.
6683 */
6684 var Latin1 = C_enc.Latin1 = {
6685 /**
6686 * Converts a word array to a Latin1 string.
6687 *
6688 * @param {WordArray} wordArray The word array.
6689 *
6690 * @return {string} The Latin1 string.
6691 *
6692 * @static
6693 *
6694 * @example
6695 *
6696 * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
6697 */
6698 stringify: function (wordArray) {
6699 // Shortcuts
6700 var words = wordArray.words;
6701 var sigBytes = wordArray.sigBytes;
6703 // Convert
6704 var latin1Chars = [];
6705 for (var i = 0; i < sigBytes; i++) {
6706 var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6707 latin1Chars.push(String.fromCharCode(bite));
6708 }
6710 return latin1Chars.join('');
6711 },
6713 /**
6714 * Converts a Latin1 string to a word array.
6715 *
6716 * @param {string} latin1Str The Latin1 string.
6717 *
6718 * @return {WordArray} The word array.
6719 *
6720 * @static
6721 *
6722 * @example
6723 *
6724 * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
6725 */
6726 parse: function (latin1Str) {
6727 // Shortcut
6728 var latin1StrLength = latin1Str.length;
6730 // Convert
6731 var words = [];
6732 for (var i = 0; i < latin1StrLength; i++) {
6733 words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
6734 }
6736 return new WordArray.init(words, latin1StrLength);
6737 }
6738 };
6740 /**
6741 * UTF-8 encoding strategy.
6742 */
6743 var Utf8 = C_enc.Utf8 = {
6744 /**
6745 * Converts a word array to a UTF-8 string.
6746 *
6747 * @param {WordArray} wordArray The word array.
6748 *
6749 * @return {string} The UTF-8 string.
6750 *
6751 * @static
6752 *
6753 * @example
6754 *
6755 * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
6756 */
6757 stringify: function (wordArray) {
6758 try {
6759 return decodeURIComponent(escape(Latin1.stringify(wordArray)));
6760 } catch (e) {
6761 throw new Error('Malformed UTF-8 data');
6762 }
6763 },
6765 /**
6766 * Converts a UTF-8 string to a word array.
6767 *
6768 * @param {string} utf8Str The UTF-8 string.
6769 *
6770 * @return {WordArray} The word array.
6771 *
6772 * @static
6773 *
6774 * @example
6775 *
6776 * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
6777 */
6778 parse: function (utf8Str) {
6779 return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
6780 }
6781 };
6783 /**
6784 * Abstract buffered block algorithm template.
6785 *
6786 * The property blockSize must be implemented in a concrete subtype.
6787 *
6788 * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
6789 */
6790 var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
6791 /**
6792 * Resets this block algorithm's data buffer to its initial state.
6793 *
6794 * @example
6795 *
6796 * bufferedBlockAlgorithm.reset();
6797 */
6798 reset: function () {
6799 // Initial values
6800 this._data = new WordArray.init();
6801 this._nDataBytes = 0;
6802 },
6804 /**
6805 * Adds new data to this block algorithm's buffer.
6806 *
6807 * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
6808 *
6809 * @example
6810 *
6811 * bufferedBlockAlgorithm._append('data');
6812 * bufferedBlockAlgorithm._append(wordArray);
6813 */
6814 _append: function (data) {
6815 // Convert string to WordArray, else assume WordArray already
6816 if (typeof data == 'string') {
6817 data = Utf8.parse(data);
6818 }
6820 // Append
6821 this._data.concat(data);
6822 this._nDataBytes += data.sigBytes;
6823 },
6825 /**
6826 * Processes available data blocks.
6827 *
6828 * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
6829 *
6830 * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
6831 *
6832 * @return {WordArray} The processed data.
6833 *
6834 * @example
6835 *
6836 * var processedData = bufferedBlockAlgorithm._process();
6837 * var processedData = bufferedBlockAlgorithm._process(!!'flush');
6838 */
6839 _process: function (doFlush) {
6840 // Shortcuts
6841 var data = this._data;
6842 var dataWords = data.words;
6843 var dataSigBytes = data.sigBytes;
6844 var blockSize = this.blockSize;
6845 var blockSizeBytes = blockSize * 4;
6847 // Count blocks ready
6848 var nBlocksReady = dataSigBytes / blockSizeBytes;
6849 if (doFlush) {
6850 // Round up to include partial blocks
6851 nBlocksReady = Math.ceil(nBlocksReady);
6852 } else {
6853 // Round down to include only full blocks,
6854 // less the number of blocks that must remain in the buffer
6855 nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
6856 }
6858 // Count words ready
6859 var nWordsReady = nBlocksReady * blockSize;
6861 // Count bytes ready
6862 var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
6864 // Process blocks
6865 if (nWordsReady) {
6866 for (var offset = 0; offset < nWordsReady; offset += blockSize) {
6867 // Perform concrete-algorithm logic
6868 this._doProcessBlock(dataWords, offset);
6869 }
6871 // Remove processed words
6872 var processedWords = dataWords.splice(0, nWordsReady);
6873 data.sigBytes -= nBytesReady;
6874 }
6876 // Return processed words
6877 return new WordArray.init(processedWords, nBytesReady);
6878 },
6880 /**
6881 * Creates a copy of this object.
6882 *
6883 * @return {Object} The clone.
6884 *
6885 * @example
6886 *
6887 * var clone = bufferedBlockAlgorithm.clone();
6888 */
6889 clone: function () {
6890 var clone = Base.clone.call(this);
6891 clone._data = this._data.clone();
6893 return clone;
6894 },
6896 _minBufferSize: 0
6897 });
6899 /**
6900 * Abstract hasher template.
6901 *
6902 * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
6903 */
6904 var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
6905 /**
6906 * Configuration options.
6907 */
6908 cfg: Base.extend(),
6910 /**
6911 * Initializes a newly created hasher.
6912 *
6913 * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
6914 *
6915 * @example
6916 *
6917 * var hasher = CryptoJS.algo.SHA256.create();
6918 */
6919 init: function (cfg) {
6920 // Apply config defaults
6921 this.cfg = this.cfg.extend(cfg);
6923 // Set initial values
6924 this.reset();
6925 },
6927 /**
6928 * Resets this hasher to its initial state.
6929 *
6930 * @example
6931 *
6932 * hasher.reset();
6933 */
6934 reset: function () {
6935 // Reset data buffer
6936 BufferedBlockAlgorithm.reset.call(this);
6938 // Perform concrete-hasher logic
6939 this._doReset();
6940 },
6942 /**
6943 * Updates this hasher with a message.
6944 *
6945 * @param {WordArray|string} messageUpdate The message to append.
6946 *
6947 * @return {Hasher} This hasher.
6948 *
6949 * @example
6950 *
6951 * hasher.update('message');
6952 * hasher.update(wordArray);
6953 */
6954 update: function (messageUpdate) {
6955 // Append
6956 this._append(messageUpdate);
6958 // Update the hash
6959 this._process();
6961 // Chainable
6962 return this;
6963 },
6965 /**
6966 * Finalizes the hash computation.
6967 * Note that the finalize operation is effectively a destructive, read-once operation.
6968 *
6969 * @param {WordArray|string} messageUpdate (Optional) A final message update.
6970 *
6971 * @return {WordArray} The hash.
6972 *
6973 * @example
6974 *
6975 * var hash = hasher.finalize();
6976 * var hash = hasher.finalize('message');
6977 * var hash = hasher.finalize(wordArray);
6978 */
6979 finalize: function (messageUpdate) {
6980 // Final message update
6981 if (messageUpdate) {
6982 this._append(messageUpdate);
6983 }
6985 // Perform concrete-hasher logic
6986 var hash = this._doFinalize();
6988 return hash;
6989 },
6991 blockSize: 512/32,
6993 /**
6994 * Creates a shortcut function to a hasher's object interface.
6995 *
6996 * @param {Hasher} hasher The hasher to create a helper for.
6997 *
6998 * @return {Function} The shortcut function.
6999 *
7000 * @static
7001 *
7002 * @example
7003 *
7004 * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
7005 */
7006 _createHelper: function (hasher) {
7007 return function (message, cfg) {
7008 return new hasher.init(cfg).finalize(message);
7009 };
7010 },
7012 /**
7013 * Creates a shortcut function to the HMAC's object interface.
7014 *
7015 * @param {Hasher} hasher The hasher to use in this HMAC helper.
7016 *
7017 * @return {Function} The shortcut function.
7018 *
7019 * @static
7020 *
7021 * @example
7022 *
7023 * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
7024 */
7025 _createHmacHelper: function (hasher) {
7026 return function (message, key) {
7027 return new C_algo.HMAC.init(hasher, key).finalize(message);
7028 };
7029 }
7030 });
7032 /**
7033 * Algorithm namespace.
7034 */
7035 var C_algo = C.algo = {};
7037 return C;
7038 }(Math));
7041 return CryptoJS;
7045;(function (root, factory) {
7046 if (typeof exports === "object") {
7047 // CommonJS
7048 module.exports = exports = factory(_dereq_("./core"));
7049 }
7050 else if (typeof define === "function" && define.amd) {
7051 // AMD
7052 define(["./core"], factory);
7053 }
7054 else {
7055 // Global (browser)
7056 factory(root.CryptoJS);
7057 }
7058}(this, function (CryptoJS) {
7060 (function () {
7061 // Shortcuts
7062 var C = CryptoJS;
7063 var C_lib = C.lib;
7064 var WordArray = C_lib.WordArray;
7065 var C_enc = C.enc;
7067 /**
7068 * Base64 encoding strategy.
7069 */
7070 var Base64 = C_enc.Base64 = {
7071 /**
7072 * Converts a word array to a Base64 string.
7073 *
7074 * @param {WordArray} wordArray The word array.
7075 *
7076 * @return {string} The Base64 string.
7077 *
7078 * @static
7079 *
7080 * @example
7081 *
7082 * var base64String = CryptoJS.enc.Base64.stringify(wordArray);
7083 */
7084 stringify: function (wordArray) {
7085 // Shortcuts
7086 var words = wordArray.words;
7087 var sigBytes = wordArray.sigBytes;
7088 var map = this._map;
7090 // Clamp excess bits
7091 wordArray.clamp();
7093 // Convert
7094 var base64Chars = [];
7095 for (var i = 0; i < sigBytes; i += 3) {
7096 var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
7097 var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
7098 var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
7100 var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
7102 for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
7103 base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
7104 }
7105 }
7107 // Add padding
7108 var paddingChar = map.charAt(64);
7109 if (paddingChar) {
7110 while (base64Chars.length % 4) {
7111 base64Chars.push(paddingChar);
7112 }
7113 }
7115 return base64Chars.join('');
7116 },
7118 /**
7119 * Converts a Base64 string to a word array.
7120 *
7121 * @param {string} base64Str The Base64 string.
7122 *
7123 * @return {WordArray} The word array.
7124 *
7125 * @static
7126 *
7127 * @example
7128 *
7129 * var wordArray = CryptoJS.enc.Base64.parse(base64String);
7130 */
7131 parse: function (base64Str) {
7132 // Shortcuts
7133 var base64StrLength = base64Str.length;
7134 var map = this._map;
7136 // Ignore padding
7137 var paddingChar = map.charAt(64);
7138 if (paddingChar) {
7139 var paddingIndex = base64Str.indexOf(paddingChar);
7140 if (paddingIndex != -1) {
7141 base64StrLength = paddingIndex;
7142 }
7143 }
7145 // Convert
7146 var words = [];
7147 var nBytes = 0;
7148 for (var i = 0; i < base64StrLength; i++) {
7149 if (i % 4) {
7150 var bits1 = map.indexOf(base64Str.charAt(i - 1)) << ((i % 4) * 2);
7151 var bits2 = map.indexOf(base64Str.charAt(i)) >>> (6 - (i % 4) * 2);
7152 words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8);
7153 nBytes++;
7154 }
7155 }
7157 return WordArray.create(words, nBytes);
7158 },
7160 _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
7161 };
7162 }());
7165 return CryptoJS.enc.Base64;
7169;(function (root, factory) {
7170 if (typeof exports === "object") {
7171 // CommonJS
7172 module.exports = exports = factory(_dereq_("./core"));
7173 }
7174 else if (typeof define === "function" && define.amd) {
7175 // AMD
7176 define(["./core"], factory);
7177 }
7178 else {
7179 // Global (browser)
7180 factory(root.CryptoJS);
7181 }
7182}(this, function (CryptoJS) {
7184 (function () {
7185 // Shortcuts
7186 var C = CryptoJS;
7187 var C_lib = C.lib;
7188 var WordArray = C_lib.WordArray;
7189 var C_enc = C.enc;
7191 /**
7192 * UTF-16 BE encoding strategy.
7193 */
7194 var Utf16BE = C_enc.Utf16 = C_enc.Utf16BE = {
7195 /**
7196 * Converts a word array to a UTF-16 BE string.
7197 *
7198 * @param {WordArray} wordArray The word array.
7199 *
7200 * @return {string} The UTF-16 BE string.
7201 *
7202 * @static
7203 *
7204 * @example
7205 *
7206 * var utf16String = CryptoJS.enc.Utf16.stringify(wordArray);
7207 */
7208 stringify: function (wordArray) {
7209 // Shortcuts
7210 var words = wordArray.words;
7211 var sigBytes = wordArray.sigBytes;
7213 // Convert
7214 var utf16Chars = [];
7215 for (var i = 0; i < sigBytes; i += 2) {
7216 var codePoint = (words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff;
7217 utf16Chars.push(String.fromCharCode(codePoint));
7218 }
7220 return utf16Chars.join('');
7221 },
7223 /**
7224 * Converts a UTF-16 BE string to a word array.
7225 *
7226 * @param {string} utf16Str The UTF-16 BE string.
7227 *
7228 * @return {WordArray} The word array.
7229 *
7230 * @static
7231 *
7232 * @example
7233 *
7234 * var wordArray = CryptoJS.enc.Utf16.parse(utf16String);
7235 */
7236 parse: function (utf16Str) {
7237 // Shortcut
7238 var utf16StrLength = utf16Str.length;
7240 // Convert
7241 var words = [];
7242 for (var i = 0; i < utf16StrLength; i++) {
7243 words[i >>> 1] |= utf16Str.charCodeAt(i) << (16 - (i % 2) * 16);
7244 }
7246 return WordArray.create(words, utf16StrLength * 2);
7247 }
7248 };
7250 /**
7251 * UTF-16 LE encoding strategy.
7252 */
7253 C_enc.Utf16LE = {
7254 /**
7255 * Converts a word array to a UTF-16 LE string.
7256 *
7257 * @param {WordArray} wordArray The word array.
7258 *
7259 * @return {string} The UTF-16 LE string.
7260 *
7261 * @static
7262 *
7263 * @example
7264 *
7265 * var utf16Str = CryptoJS.enc.Utf16LE.stringify(wordArray);
7266 */
7267 stringify: function (wordArray) {
7268 // Shortcuts
7269 var words = wordArray.words;
7270 var sigBytes = wordArray.sigBytes;
7272 // Convert
7273 var utf16Chars = [];
7274 for (var i = 0; i < sigBytes; i += 2) {
7275 var codePoint = swapEndian((words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff);
7276 utf16Chars.push(String.fromCharCode(codePoint));
7277 }
7279 return utf16Chars.join('');
7280 },
7282 /**
7283 * Converts a UTF-16 LE string to a word array.
7284 *
7285 * @param {string} utf16Str The UTF-16 LE string.
7286 *
7287 * @return {WordArray} The word array.
7288 *
7289 * @static
7290 *
7291 * @example
7292 *
7293 * var wordArray = CryptoJS.enc.Utf16LE.parse(utf16Str);
7294 */
7295 parse: function (utf16Str) {
7296 // Shortcut
7297 var utf16StrLength = utf16Str.length;
7299 // Convert
7300 var words = [];
7301 for (var i = 0; i < utf16StrLength; i++) {
7302 words[i >>> 1] |= swapEndian(utf16Str.charCodeAt(i) << (16 - (i % 2) * 16));
7303 }
7305 return WordArray.create(words, utf16StrLength * 2);
7306 }
7307 };
7309 function swapEndian(word) {
7310 return ((word << 8) & 0xff00ff00) | ((word >>> 8) & 0x00ff00ff);
7311 }
7312 }());
7315 return CryptoJS.enc.Utf16;
7319;(function (root, factory, undef) {
7320 if (typeof exports === "object") {
7321 // CommonJS
7322 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha1"), _dereq_("./hmac"));
7323 }
7324 else if (typeof define === "function" && define.amd) {
7325 // AMD
7326 define(["./core", "./sha1", "./hmac"], factory);
7327 }
7328 else {
7329 // Global (browser)
7330 factory(root.CryptoJS);
7331 }
7332}(this, function (CryptoJS) {
7334 (function () {
7335 // Shortcuts
7336 var C = CryptoJS;
7337 var C_lib = C.lib;
7338 var Base = C_lib.Base;
7339 var WordArray = C_lib.WordArray;
7340 var C_algo = C.algo;
7341 var MD5 = C_algo.MD5;
7343 /**
7344 * This key derivation function is meant to conform with EVP_BytesToKey.
7345 * www.openssl.org/docs/crypto/EVP_BytesToKey.html
7346 */
7347 var EvpKDF = C_algo.EvpKDF = Base.extend({
7348 /**
7349 * Configuration options.
7350 *
7351 * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
7352 * @property {Hasher} hasher The hash algorithm to use. Default: MD5
7353 * @property {number} iterations The number of iterations to perform. Default: 1
7354 */
7355 cfg: Base.extend({
7356 keySize: 128/32,
7357 hasher: MD5,
7358 iterations: 1
7359 }),
7361 /**
7362 * Initializes a newly created key derivation function.
7363 *
7364 * @param {Object} cfg (Optional) The configuration options to use for the derivation.
7365 *
7366 * @example
7367 *
7368 * var kdf = CryptoJS.algo.EvpKDF.create();
7369 * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8 });
7370 * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8, iterations: 1000 });
7371 */
7372 init: function (cfg) {
7373 this.cfg = this.cfg.extend(cfg);
7374 },
7376 /**
7377 * Derives a key from a password.
7378 *
7379 * @param {WordArray|string} password The password.
7380 * @param {WordArray|string} salt A salt.
7381 *
7382 * @return {WordArray} The derived key.
7383 *
7384 * @example
7385 *
7386 * var key = kdf.compute(password, salt);
7387 */
7388 compute: function (password, salt) {
7389 // Shortcut
7390 var cfg = this.cfg;
7392 // Init hasher
7393 var hasher = cfg.hasher.create();
7395 // Initial values
7396 var derivedKey = WordArray.create();
7398 // Shortcuts
7399 var derivedKeyWords = derivedKey.words;
7400 var keySize = cfg.keySize;
7401 var iterations = cfg.iterations;
7403 // Generate key
7404 while (derivedKeyWords.length < keySize) {
7405 if (block) {
7406 hasher.update(block);
7407 }
7408 var block = hasher.update(password).finalize(salt);
7409 hasher.reset();
7411 // Iterations
7412 for (var i = 1; i < iterations; i++) {
7413 block = hasher.finalize(block);
7414 hasher.reset();
7415 }
7417 derivedKey.concat(block);
7418 }
7419 derivedKey.sigBytes = keySize * 4;
7421 return derivedKey;
7422 }
7423 });
7425 /**
7426 * Derives a key from a password.
7427 *
7428 * @param {WordArray|string} password The password.
7429 * @param {WordArray|string} salt A salt.
7430 * @param {Object} cfg (Optional) The configuration options to use for this computation.
7431 *
7432 * @return {WordArray} The derived key.
7433 *
7434 * @static
7435 *
7436 * @example
7437 *
7438 * var key = CryptoJS.EvpKDF(password, salt);
7439 * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8 });
7440 * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8, iterations: 1000 });
7441 */
7442 C.EvpKDF = function (password, salt, cfg) {
7443 return EvpKDF.create(cfg).compute(password, salt);
7444 };
7445 }());
7448 return CryptoJS.EvpKDF;
7452;(function (root, factory, undef) {
7453 if (typeof exports === "object") {
7454 // CommonJS
7455 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7456 }
7457 else if (typeof define === "function" && define.amd) {
7458 // AMD
7459 define(["./core", "./cipher-core"], factory);
7460 }
7461 else {
7462 // Global (browser)
7463 factory(root.CryptoJS);
7464 }
7465}(this, function (CryptoJS) {
7467 (function (undefined) {
7468 // Shortcuts
7469 var C = CryptoJS;
7470 var C_lib = C.lib;
7471 var CipherParams = C_lib.CipherParams;
7472 var C_enc = C.enc;
7473 var Hex = C_enc.Hex;
7474 var C_format = C.format;
7476 var HexFormatter = C_format.Hex = {
7477 /**
7478 * Converts the ciphertext of a cipher params object to a hexadecimally encoded string.
7479 *
7480 * @param {CipherParams} cipherParams The cipher params object.
7481 *
7482 * @return {string} The hexadecimally encoded string.
7483 *
7484 * @static
7485 *
7486 * @example
7487 *
7488 * var hexString = CryptoJS.format.Hex.stringify(cipherParams);
7489 */
7490 stringify: function (cipherParams) {
7491 return cipherParams.ciphertext.toString(Hex);
7492 },
7494 /**
7495 * Converts a hexadecimally encoded ciphertext string to a cipher params object.
7496 *
7497 * @param {string} input The hexadecimally encoded string.
7498 *
7499 * @return {CipherParams} The cipher params object.
7500 *
7501 * @static
7502 *
7503 * @example
7504 *
7505 * var cipherParams = CryptoJS.format.Hex.parse(hexString);
7506 */
7507 parse: function (input) {
7508 var ciphertext = Hex.parse(input);
7509 return CipherParams.create({ ciphertext: ciphertext });
7510 }
7511 };
7512 }());
7515 return CryptoJS.format.Hex;
7519;(function (root, factory) {
7520 if (typeof exports === "object") {
7521 // CommonJS
7522 module.exports = exports = factory(_dereq_("./core"));
7523 }
7524 else if (typeof define === "function" && define.amd) {
7525 // AMD
7526 define(["./core"], factory);
7527 }
7528 else {
7529 // Global (browser)
7530 factory(root.CryptoJS);
7531 }
7532}(this, function (CryptoJS) {
7534 (function () {
7535 // Shortcuts
7536 var C = CryptoJS;
7537 var C_lib = C.lib;
7538 var Base = C_lib.Base;
7539 var C_enc = C.enc;
7540 var Utf8 = C_enc.Utf8;
7541 var C_algo = C.algo;
7543 /**
7544 * HMAC algorithm.
7545 */
7546 var HMAC = C_algo.HMAC = Base.extend({
7547 /**
7548 * Initializes a newly created HMAC.
7549 *
7550 * @param {Hasher} hasher The hash algorithm to use.
7551 * @param {WordArray|string} key The secret key.
7552 *
7553 * @example
7554 *
7555 * var hmacHasher = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
7556 */
7557 init: function (hasher, key) {
7558 // Init hasher
7559 hasher = this._hasher = new hasher.init();
7561 // Convert string to WordArray, else assume WordArray already
7562 if (typeof key == 'string') {
7563 key = Utf8.parse(key);
7564 }
7566 // Shortcuts
7567 var hasherBlockSize = hasher.blockSize;
7568 var hasherBlockSizeBytes = hasherBlockSize * 4;
7570 // Allow arbitrary length keys
7571 if (key.sigBytes > hasherBlockSizeBytes) {
7572 key = hasher.finalize(key);
7573 }
7575 // Clamp excess bits
7576 key.clamp();
7578 // Clone key for inner and outer pads
7579 var oKey = this._oKey = key.clone();
7580 var iKey = this._iKey = key.clone();
7582 // Shortcuts
7583 var oKeyWords = oKey.words;
7584 var iKeyWords = iKey.words;
7586 // XOR keys with pad constants
7587 for (var i = 0; i < hasherBlockSize; i++) {
7588 oKeyWords[i] ^= 0x5c5c5c5c;
7589 iKeyWords[i] ^= 0x36363636;
7590 }
7591 oKey.sigBytes = iKey.sigBytes = hasherBlockSizeBytes;
7593 // Set initial values
7594 this.reset();
7595 },
7597 /**
7598 * Resets this HMAC to its initial state.
7599 *
7600 * @example
7601 *
7602 * hmacHasher.reset();
7603 */
7604 reset: function () {
7605 // Shortcut
7606 var hasher = this._hasher;
7608 // Reset
7609 hasher.reset();
7610 hasher.update(this._iKey);
7611 },
7613 /**
7614 * Updates this HMAC with a message.
7615 *
7616 * @param {WordArray|string} messageUpdate The message to append.
7617 *
7618 * @return {HMAC} This HMAC instance.
7619 *
7620 * @example
7621 *
7622 * hmacHasher.update('message');
7623 * hmacHasher.update(wordArray);
7624 */
7625 update: function (messageUpdate) {
7626 this._hasher.update(messageUpdate);
7628 // Chainable
7629 return this;
7630 },
7632 /**
7633 * Finalizes the HMAC computation.
7634 * Note that the finalize operation is effectively a destructive, read-once operation.
7635 *
7636 * @param {WordArray|string} messageUpdate (Optional) A final message update.
7637 *
7638 * @return {WordArray} The HMAC.
7639 *
7640 * @example
7641 *
7642 * var hmac = hmacHasher.finalize();
7643 * var hmac = hmacHasher.finalize('message');
7644 * var hmac = hmacHasher.finalize(wordArray);
7645 */
7646 finalize: function (messageUpdate) {
7647 // Shortcut
7648 var hasher = this._hasher;
7650 // Compute HMAC
7651 var innerHash = hasher.finalize(messageUpdate);
7652 hasher.reset();
7653 var hmac = hasher.finalize(this._oKey.clone().concat(innerHash));
7655 return hmac;
7656 }
7657 });
7658 }());
7663;(function (root, factory, undef) {
7664 if (typeof exports === "object") {
7665 // CommonJS
7666 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"), _dereq_("./lib-typedarrays"), _dereq_("./enc-utf16"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./sha1"), _dereq_("./sha256"), _dereq_("./sha224"), _dereq_("./sha512"), _dereq_("./sha384"), _dereq_("./sha3"), _dereq_("./ripemd160"), _dereq_("./hmac"), _dereq_("./pbkdf2"), _dereq_("./evpkdf"), _dereq_("./cipher-core"), _dereq_("./mode-cfb"), _dereq_("./mode-ctr"), _dereq_("./mode-ctr-gladman"), _dereq_("./mode-ofb"), _dereq_("./mode-ecb"), _dereq_("./pad-ansix923"), _dereq_("./pad-iso10126"), _dereq_("./pad-iso97971"), _dereq_("./pad-zeropadding"), _dereq_("./pad-nopadding"), _dereq_("./format-hex"), _dereq_("./aes"), _dereq_("./tripledes"), _dereq_("./rc4"), _dereq_("./rabbit"), _dereq_("./rabbit-legacy"));
7667 }
7668 else if (typeof define === "function" && define.amd) {
7669 // AMD
7670 define(["./core", "./x64-core", "./lib-typedarrays", "./enc-utf16", "./enc-base64", "./md5", "./sha1", "./sha256", "./sha224", "./sha512", "./sha384", "./sha3", "./ripemd160", "./hmac", "./pbkdf2", "./evpkdf", "./cipher-core", "./mode-cfb", "./mode-ctr", "./mode-ctr-gladman", "./mode-ofb", "./mode-ecb", "./pad-ansix923", "./pad-iso10126", "./pad-iso97971", "./pad-zeropadding", "./pad-nopadding", "./format-hex", "./aes", "./tripledes", "./rc4", "./rabbit", "./rabbit-legacy"], factory);
7671 }
7672 else {
7673 // Global (browser)
7674 factory(root.CryptoJS);
7675 }
7676}(this, function (CryptoJS) {
7678 return CryptoJS;
7682;(function (root, factory) {
7683 if (typeof exports === "object") {
7684 // CommonJS
7685 module.exports = exports = factory(_dereq_("./core"));
7686 }
7687 else if (typeof define === "function" && define.amd) {
7688 // AMD
7689 define(["./core"], factory);
7690 }
7691 else {
7692 // Global (browser)
7693 factory(root.CryptoJS);
7694 }
7695}(this, function (CryptoJS) {
7697 (function () {
7698 // Check if typed arrays are supported
7699 if (typeof ArrayBuffer != 'function') {
7700 return;
7701 }
7703 // Shortcuts
7704 var C = CryptoJS;
7705 var C_lib = C.lib;
7706 var WordArray = C_lib.WordArray;
7708 // Reference original init
7709 var superInit = WordArray.init;
7711 // Augment WordArray.init to handle typed arrays
7712 var subInit = WordArray.init = function (typedArray) {
7713 // Convert buffers to uint8
7714 if (typedArray instanceof ArrayBuffer) {
7715 typedArray = new Uint8Array(typedArray);
7716 }
7718 // Convert other array views to uint8
7719 if (
7720 typedArray instanceof Int8Array ||
7721 typedArray instanceof Uint8ClampedArray ||
7722 typedArray instanceof Int16Array ||
7723 typedArray instanceof Uint16Array ||
7724 typedArray instanceof Int32Array ||
7725 typedArray instanceof Uint32Array ||
7726 typedArray instanceof Float32Array ||
7727 typedArray instanceof Float64Array
7728 ) {
7729 typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
7730 }
7732 // Handle Uint8Array
7733 if (typedArray instanceof Uint8Array) {
7734 // Shortcut
7735 var typedArrayByteLength = typedArray.byteLength;
7737 // Extract bytes
7738 var words = [];
7739 for (var i = 0; i < typedArrayByteLength; i++) {
7740 words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8);
7741 }
7743 // Initialize this word array
7744 superInit.call(this, words, typedArrayByteLength);
7745 } else {
7746 // Else call normal init
7747 superInit.apply(this, arguments);
7748 }
7749 };
7751 subInit.prototype = WordArray;
7752 }());
7755 return CryptoJS.lib.WordArray;
7759;(function (root, factory) {
7760 if (typeof exports === "object") {
7761 // CommonJS
7762 module.exports = exports = factory(_dereq_("./core"));
7763 }
7764 else if (typeof define === "function" && define.amd) {
7765 // AMD
7766 define(["./core"], factory);
7767 }
7768 else {
7769 // Global (browser)
7770 factory(root.CryptoJS);
7771 }
7772}(this, function (CryptoJS) {
7774 (function (Math) {
7775 // Shortcuts
7776 var C = CryptoJS;
7777 var C_lib = C.lib;
7778 var WordArray = C_lib.WordArray;
7779 var Hasher = C_lib.Hasher;
7780 var C_algo = C.algo;
7782 // Constants table
7783 var T = [];
7785 // Compute constants
7786 (function () {
7787 for (var i = 0; i < 64; i++) {
7788 T[i] = (Math.abs(Math.sin(i + 1)) * 0x100000000) | 0;
7789 }
7790 }());
7792 /**
7793 * MD5 hash algorithm.
7794 */
7795 var MD5 = C_algo.MD5 = Hasher.extend({
7796 _doReset: function () {
7797 this._hash = new WordArray.init([
7798 0x67452301, 0xefcdab89,
7799 0x98badcfe, 0x10325476
7800 ]);
7801 },
7803 _doProcessBlock: function (M, offset) {
7804 // Swap endian
7805 for (var i = 0; i < 16; i++) {
7806 // Shortcuts
7807 var offset_i = offset + i;
7808 var M_offset_i = M[offset_i];
7810 M[offset_i] = (
7811 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
7812 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
7813 );
7814 }
7816 // Shortcuts
7817 var H = this._hash.words;
7819 var M_offset_0 = M[offset + 0];
7820 var M_offset_1 = M[offset + 1];
7821 var M_offset_2 = M[offset + 2];
7822 var M_offset_3 = M[offset + 3];
7823 var M_offset_4 = M[offset + 4];
7824 var M_offset_5 = M[offset + 5];
7825 var M_offset_6 = M[offset + 6];
7826 var M_offset_7 = M[offset + 7];
7827 var M_offset_8 = M[offset + 8];
7828 var M_offset_9 = M[offset + 9];
7829 var M_offset_10 = M[offset + 10];
7830 var M_offset_11 = M[offset + 11];
7831 var M_offset_12 = M[offset + 12];
7832 var M_offset_13 = M[offset + 13];
7833 var M_offset_14 = M[offset + 14];
7834 var M_offset_15 = M[offset + 15];
7836 // Working varialbes
7837 var a = H[0];
7838 var b = H[1];
7839 var c = H[2];
7840 var d = H[3];
7842 // Computation
7843 a = FF(a, b, c, d, M_offset_0, 7, T[0]);
7844 d = FF(d, a, b, c, M_offset_1, 12, T[1]);
7845 c = FF(c, d, a, b, M_offset_2, 17, T[2]);
7846 b = FF(b, c, d, a, M_offset_3, 22, T[3]);
7847 a = FF(a, b, c, d, M_offset_4, 7, T[4]);
7848 d = FF(d, a, b, c, M_offset_5, 12, T[5]);
7849 c = FF(c, d, a, b, M_offset_6, 17, T[6]);
7850 b = FF(b, c, d, a, M_offset_7, 22, T[7]);
7851 a = FF(a, b, c, d, M_offset_8, 7, T[8]);
7852 d = FF(d, a, b, c, M_offset_9, 12, T[9]);
7853 c = FF(c, d, a, b, M_offset_10, 17, T[10]);
7854 b = FF(b, c, d, a, M_offset_11, 22, T[11]);
7855 a = FF(a, b, c, d, M_offset_12, 7, T[12]);
7856 d = FF(d, a, b, c, M_offset_13, 12, T[13]);
7857 c = FF(c, d, a, b, M_offset_14, 17, T[14]);
7858 b = FF(b, c, d, a, M_offset_15, 22, T[15]);
7860 a = GG(a, b, c, d, M_offset_1, 5, T[16]);
7861 d = GG(d, a, b, c, M_offset_6, 9, T[17]);
7862 c = GG(c, d, a, b, M_offset_11, 14, T[18]);
7863 b = GG(b, c, d, a, M_offset_0, 20, T[19]);
7864 a = GG(a, b, c, d, M_offset_5, 5, T[20]);
7865 d = GG(d, a, b, c, M_offset_10, 9, T[21]);
7866 c = GG(c, d, a, b, M_offset_15, 14, T[22]);
7867 b = GG(b, c, d, a, M_offset_4, 20, T[23]);
7868 a = GG(a, b, c, d, M_offset_9, 5, T[24]);
7869 d = GG(d, a, b, c, M_offset_14, 9, T[25]);
7870 c = GG(c, d, a, b, M_offset_3, 14, T[26]);
7871 b = GG(b, c, d, a, M_offset_8, 20, T[27]);
7872 a = GG(a, b, c, d, M_offset_13, 5, T[28]);
7873 d = GG(d, a, b, c, M_offset_2, 9, T[29]);
7874 c = GG(c, d, a, b, M_offset_7, 14, T[30]);
7875 b = GG(b, c, d, a, M_offset_12, 20, T[31]);
7877 a = HH(a, b, c, d, M_offset_5, 4, T[32]);
7878 d = HH(d, a, b, c, M_offset_8, 11, T[33]);
7879 c = HH(c, d, a, b, M_offset_11, 16, T[34]);
7880 b = HH(b, c, d, a, M_offset_14, 23, T[35]);
7881 a = HH(a, b, c, d, M_offset_1, 4, T[36]);
7882 d = HH(d, a, b, c, M_offset_4, 11, T[37]);
7883 c = HH(c, d, a, b, M_offset_7, 16, T[38]);
7884 b = HH(b, c, d, a, M_offset_10, 23, T[39]);
7885 a = HH(a, b, c, d, M_offset_13, 4, T[40]);
7886 d = HH(d, a, b, c, M_offset_0, 11, T[41]);
7887 c = HH(c, d, a, b, M_offset_3, 16, T[42]);
7888 b = HH(b, c, d, a, M_offset_6, 23, T[43]);
7889 a = HH(a, b, c, d, M_offset_9, 4, T[44]);
7890 d = HH(d, a, b, c, M_offset_12, 11, T[45]);
7891 c = HH(c, d, a, b, M_offset_15, 16, T[46]);
7892 b = HH(b, c, d, a, M_offset_2, 23, T[47]);
7894 a = II(a, b, c, d, M_offset_0, 6, T[48]);
7895 d = II(d, a, b, c, M_offset_7, 10, T[49]);
7896 c = II(c, d, a, b, M_offset_14, 15, T[50]);
7897 b = II(b, c, d, a, M_offset_5, 21, T[51]);
7898 a = II(a, b, c, d, M_offset_12, 6, T[52]);
7899 d = II(d, a, b, c, M_offset_3, 10, T[53]);
7900 c = II(c, d, a, b, M_offset_10, 15, T[54]);
7901 b = II(b, c, d, a, M_offset_1, 21, T[55]);
7902 a = II(a, b, c, d, M_offset_8, 6, T[56]);
7903 d = II(d, a, b, c, M_offset_15, 10, T[57]);
7904 c = II(c, d, a, b, M_offset_6, 15, T[58]);
7905 b = II(b, c, d, a, M_offset_13, 21, T[59]);
7906 a = II(a, b, c, d, M_offset_4, 6, T[60]);
7907 d = II(d, a, b, c, M_offset_11, 10, T[61]);
7908 c = II(c, d, a, b, M_offset_2, 15, T[62]);
7909 b = II(b, c, d, a, M_offset_9, 21, T[63]);
7911 // Intermediate hash value
7912 H[0] = (H[0] + a) | 0;
7913 H[1] = (H[1] + b) | 0;
7914 H[2] = (H[2] + c) | 0;
7915 H[3] = (H[3] + d) | 0;
7916 },
7918 _doFinalize: function () {
7919 // Shortcuts
7920 var data = this._data;
7921 var dataWords = data.words;
7923 var nBitsTotal = this._nDataBytes * 8;
7924 var nBitsLeft = data.sigBytes * 8;
7926 // Add padding
7927 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
7929 var nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
7930 var nBitsTotalL = nBitsTotal;
7931 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = (
7932 (((nBitsTotalH << 8) | (nBitsTotalH >>> 24)) & 0x00ff00ff) |
7933 (((nBitsTotalH << 24) | (nBitsTotalH >>> 8)) & 0xff00ff00)
7934 );
7935 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
7936 (((nBitsTotalL << 8) | (nBitsTotalL >>> 24)) & 0x00ff00ff) |
7937 (((nBitsTotalL << 24) | (nBitsTotalL >>> 8)) & 0xff00ff00)
7938 );
7940 data.sigBytes = (dataWords.length + 1) * 4;
7942 // Hash final blocks
7943 this._process();
7945 // Shortcuts
7946 var hash = this._hash;
7947 var H = hash.words;
7949 // Swap endian
7950 for (var i = 0; i < 4; i++) {
7951 // Shortcut
7952 var H_i = H[i];
7954 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
7955 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
7956 }
7958 // Return final computed hash
7959 return hash;
7960 },
7962 clone: function () {
7963 var clone = Hasher.clone.call(this);
7964 clone._hash = this._hash.clone();
7966 return clone;
7967 }
7968 });
7970 function FF(a, b, c, d, x, s, t) {
7971 var n = a + ((b & c) | (~b & d)) + x + t;
7972 return ((n << s) | (n >>> (32 - s))) + b;
7973 }
7975 function GG(a, b, c, d, x, s, t) {
7976 var n = a + ((b & d) | (c & ~d)) + x + t;
7977 return ((n << s) | (n >>> (32 - s))) + b;
7978 }
7980 function HH(a, b, c, d, x, s, t) {
7981 var n = a + (b ^ c ^ d) + x + t;
7982 return ((n << s) | (n >>> (32 - s))) + b;
7983 }
7985 function II(a, b, c, d, x, s, t) {
7986 var n = a + (c ^ (b | ~d)) + x + t;
7987 return ((n << s) | (n >>> (32 - s))) + b;
7988 }
7990 /**
7991 * Shortcut function to the hasher's object interface.
7992 *
7993 * @param {WordArray|string} message The message to hash.
7994 *
7995 * @return {WordArray} The hash.
7996 *
7997 * @static
7998 *
7999 * @example
8000 *
8001 * var hash = CryptoJS.MD5('message');
8002 * var hash = CryptoJS.MD5(wordArray);
8003 */
8004 C.MD5 = Hasher._createHelper(MD5);
8006 /**
8007 * Shortcut function to the HMAC's object interface.
8008 *
8009 * @param {WordArray|string} message The message to hash.
8010 * @param {WordArray|string} key The secret key.
8011 *
8012 * @return {WordArray} The HMAC.
8013 *
8014 * @static
8015 *
8016 * @example
8017 *
8018 * var hmac = CryptoJS.HmacMD5(message, key);
8019 */
8020 C.HmacMD5 = Hasher._createHmacHelper(MD5);
8021 }(Math));
8024 return CryptoJS.MD5;
8028;(function (root, factory, undef) {
8029 if (typeof exports === "object") {
8030 // CommonJS
8031 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8032 }
8033 else if (typeof define === "function" && define.amd) {
8034 // AMD
8035 define(["./core", "./cipher-core"], factory);
8036 }
8037 else {
8038 // Global (browser)
8039 factory(root.CryptoJS);
8040 }
8041}(this, function (CryptoJS) {
8043 /**
8044 * Cipher Feedback block mode.
8045 */
8046 CryptoJS.mode.CFB = (function () {
8047 var CFB = CryptoJS.lib.BlockCipherMode.extend();
8049 CFB.Encryptor = CFB.extend({
8050 processBlock: function (words, offset) {
8051 // Shortcuts
8052 var cipher = this._cipher;
8053 var blockSize = cipher.blockSize;
8055 generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
8057 // Remember this block to use with next block
8058 this._prevBlock = words.slice(offset, offset + blockSize);
8059 }
8060 });
8062 CFB.Decryptor = CFB.extend({
8063 processBlock: function (words, offset) {
8064 // Shortcuts
8065 var cipher = this._cipher;
8066 var blockSize = cipher.blockSize;
8068 // Remember this block to use with next block
8069 var thisBlock = words.slice(offset, offset + blockSize);
8071 generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
8073 // This block becomes the previous block
8074 this._prevBlock = thisBlock;
8075 }
8076 });
8078 function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) {
8079 // Shortcut
8080 var iv = this._iv;
8082 // Generate keystream
8083 if (iv) {
8084 var keystream = iv.slice(0);
8086 // Remove IV for subsequent blocks
8087 this._iv = undefined;
8088 } else {
8089 var keystream = this._prevBlock;
8090 }
8091 cipher.encryptBlock(keystream, 0);
8093 // Encrypt
8094 for (var i = 0; i < blockSize; i++) {
8095 words[offset + i] ^= keystream[i];
8096 }
8097 }
8099 return CFB;
8100 }());
8103 return CryptoJS.mode.CFB;
8107;(function (root, factory, undef) {
8108 if (typeof exports === "object") {
8109 // CommonJS
8110 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8111 }
8112 else if (typeof define === "function" && define.amd) {
8113 // AMD
8114 define(["./core", "./cipher-core"], factory);
8115 }
8116 else {
8117 // Global (browser)
8118 factory(root.CryptoJS);
8119 }
8120}(this, function (CryptoJS) {
8122 /** @preserve
8123 * Counter block mode compatible with Dr Brian Gladman fileenc.c
8124 * derived from CryptoJS.mode.CTR
8125 * Jan Hruby jhruby.web@gmail.com
8126 */
8127 CryptoJS.mode.CTRGladman = (function () {
8128 var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
8130 function incWord(word)
8131 {
8132 if (((word >> 24) & 0xff) === 0xff) { //overflow
8133 var b1 = (word >> 16)&0xff;
8134 var b2 = (word >> 8)&0xff;
8135 var b3 = word & 0xff;
8137 if (b1 === 0xff) // overflow b1
8138 {
8139 b1 = 0;
8140 if (b2 === 0xff)
8141 {
8142 b2 = 0;
8143 if (b3 === 0xff)
8144 {
8145 b3 = 0;
8146 }
8147 else
8148 {
8149 ++b3;
8150 }
8151 }
8152 else
8153 {
8154 ++b2;
8155 }
8156 }
8157 else
8158 {
8159 ++b1;
8160 }
8162 word = 0;
8163 word += (b1 << 16);
8164 word += (b2 << 8);
8165 word += b3;
8166 }
8167 else
8168 {
8169 word += (0x01 << 24);
8170 }
8171 return word;
8172 }
8174 function incCounter(counter)
8175 {
8176 if ((counter[0] = incWord(counter[0])) === 0)
8177 {
8178 // encr_data in fileenc.c from Dr Brian Gladman's counts only with DWORD j < 8
8179 counter[1] = incWord(counter[1]);
8180 }
8181 return counter;
8182 }
8184 var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
8185 processBlock: function (words, offset) {
8186 // Shortcuts
8187 var cipher = this._cipher
8188 var blockSize = cipher.blockSize;
8189 var iv = this._iv;
8190 var counter = this._counter;
8192 // Generate keystream
8193 if (iv) {
8194 counter = this._counter = iv.slice(0);
8196 // Remove IV for subsequent blocks
8197 this._iv = undefined;
8198 }
8200 incCounter(counter);
8202 var keystream = counter.slice(0);
8203 cipher.encryptBlock(keystream, 0);
8205 // Encrypt
8206 for (var i = 0; i < blockSize; i++) {
8207 words[offset + i] ^= keystream[i];
8208 }
8209 }
8210 });
8212 CTRGladman.Decryptor = Encryptor;
8214 return CTRGladman;
8215 }());
8220 return CryptoJS.mode.CTRGladman;
8224;(function (root, factory, undef) {
8225 if (typeof exports === "object") {
8226 // CommonJS
8227 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8228 }
8229 else if (typeof define === "function" && define.amd) {
8230 // AMD
8231 define(["./core", "./cipher-core"], factory);
8232 }
8233 else {
8234 // Global (browser)
8235 factory(root.CryptoJS);
8236 }
8237}(this, function (CryptoJS) {
8239 /**
8240 * Counter block mode.
8241 */
8242 CryptoJS.mode.CTR = (function () {
8243 var CTR = CryptoJS.lib.BlockCipherMode.extend();
8245 var Encryptor = CTR.Encryptor = CTR.extend({
8246 processBlock: function (words, offset) {
8247 // Shortcuts
8248 var cipher = this._cipher
8249 var blockSize = cipher.blockSize;
8250 var iv = this._iv;
8251 var counter = this._counter;
8253 // Generate keystream
8254 if (iv) {
8255 counter = this._counter = iv.slice(0);
8257 // Remove IV for subsequent blocks
8258 this._iv = undefined;
8259 }
8260 var keystream = counter.slice(0);
8261 cipher.encryptBlock(keystream, 0);
8263 // Increment counter
8264 counter[blockSize - 1] = (counter[blockSize - 1] + 1) | 0
8266 // Encrypt
8267 for (var i = 0; i < blockSize; i++) {
8268 words[offset + i] ^= keystream[i];
8269 }
8270 }
8271 });
8273 CTR.Decryptor = Encryptor;
8275 return CTR;
8276 }());
8279 return CryptoJS.mode.CTR;
8283;(function (root, factory, undef) {
8284 if (typeof exports === "object") {
8285 // CommonJS
8286 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8287 }
8288 else if (typeof define === "function" && define.amd) {
8289 // AMD
8290 define(["./core", "./cipher-core"], factory);
8291 }
8292 else {
8293 // Global (browser)
8294 factory(root.CryptoJS);
8295 }
8296}(this, function (CryptoJS) {
8298 /**
8299 * Electronic Codebook block mode.
8300 */
8301 CryptoJS.mode.ECB = (function () {
8302 var ECB = CryptoJS.lib.BlockCipherMode.extend();
8304 ECB.Encryptor = ECB.extend({
8305 processBlock: function (words, offset) {
8306 this._cipher.encryptBlock(words, offset);
8307 }
8308 });
8310 ECB.Decryptor = ECB.extend({
8311 processBlock: function (words, offset) {
8312 this._cipher.decryptBlock(words, offset);
8313 }
8314 });
8316 return ECB;
8317 }());
8320 return CryptoJS.mode.ECB;
8324;(function (root, factory, undef) {
8325 if (typeof exports === "object") {
8326 // CommonJS
8327 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8328 }
8329 else if (typeof define === "function" && define.amd) {
8330 // AMD
8331 define(["./core", "./cipher-core"], factory);
8332 }
8333 else {
8334 // Global (browser)
8335 factory(root.CryptoJS);
8336 }
8337}(this, function (CryptoJS) {
8339 /**
8340 * Output Feedback block mode.
8341 */
8342 CryptoJS.mode.OFB = (function () {
8343 var OFB = CryptoJS.lib.BlockCipherMode.extend();
8345 var Encryptor = OFB.Encryptor = OFB.extend({
8346 processBlock: function (words, offset) {
8347 // Shortcuts
8348 var cipher = this._cipher
8349 var blockSize = cipher.blockSize;
8350 var iv = this._iv;
8351 var keystream = this._keystream;
8353 // Generate keystream
8354 if (iv) {
8355 keystream = this._keystream = iv.slice(0);
8357 // Remove IV for subsequent blocks
8358 this._iv = undefined;
8359 }
8360 cipher.encryptBlock(keystream, 0);
8362 // Encrypt
8363 for (var i = 0; i < blockSize; i++) {
8364 words[offset + i] ^= keystream[i];
8365 }
8366 }
8367 });
8369 OFB.Decryptor = Encryptor;
8371 return OFB;
8372 }());
8375 return CryptoJS.mode.OFB;
8379;(function (root, factory, undef) {
8380 if (typeof exports === "object") {
8381 // CommonJS
8382 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8383 }
8384 else if (typeof define === "function" && define.amd) {
8385 // AMD
8386 define(["./core", "./cipher-core"], factory);
8387 }
8388 else {
8389 // Global (browser)
8390 factory(root.CryptoJS);
8391 }
8392}(this, function (CryptoJS) {
8394 /**
8395 * ANSI X.923 padding strategy.
8396 */
8397 CryptoJS.pad.AnsiX923 = {
8398 pad: function (data, blockSize) {
8399 // Shortcuts
8400 var dataSigBytes = data.sigBytes;
8401 var blockSizeBytes = blockSize * 4;
8403 // Count padding bytes
8404 var nPaddingBytes = blockSizeBytes - dataSigBytes % blockSizeBytes;
8406 // Compute last byte position
8407 var lastBytePos = dataSigBytes + nPaddingBytes - 1;
8409 // Pad
8410 data.clamp();
8411 data.words[lastBytePos >>> 2] |= nPaddingBytes << (24 - (lastBytePos % 4) * 8);
8412 data.sigBytes += nPaddingBytes;
8413 },
8415 unpad: function (data) {
8416 // Get number of padding bytes from last byte
8417 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
8419 // Remove padding
8420 data.sigBytes -= nPaddingBytes;
8421 }
8422 };
8425 return CryptoJS.pad.Ansix923;
8429;(function (root, factory, undef) {
8430 if (typeof exports === "object") {
8431 // CommonJS
8432 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8433 }
8434 else if (typeof define === "function" && define.amd) {
8435 // AMD
8436 define(["./core", "./cipher-core"], factory);
8437 }
8438 else {
8439 // Global (browser)
8440 factory(root.CryptoJS);
8441 }
8442}(this, function (CryptoJS) {
8444 /**
8445 * ISO 10126 padding strategy.
8446 */
8447 CryptoJS.pad.Iso10126 = {
8448 pad: function (data, blockSize) {
8449 // Shortcut
8450 var blockSizeBytes = blockSize * 4;
8452 // Count padding bytes
8453 var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
8455 // Pad
8456 data.concat(CryptoJS.lib.WordArray.random(nPaddingBytes - 1)).
8457 concat(CryptoJS.lib.WordArray.create([nPaddingBytes << 24], 1));
8458 },
8460 unpad: function (data) {
8461 // Get number of padding bytes from last byte
8462 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
8464 // Remove padding
8465 data.sigBytes -= nPaddingBytes;
8466 }
8467 };
8470 return CryptoJS.pad.Iso10126;
8474;(function (root, factory, undef) {
8475 if (typeof exports === "object") {
8476 // CommonJS
8477 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8478 }
8479 else if (typeof define === "function" && define.amd) {
8480 // AMD
8481 define(["./core", "./cipher-core"], factory);
8482 }
8483 else {
8484 // Global (browser)
8485 factory(root.CryptoJS);
8486 }
8487}(this, function (CryptoJS) {
8489 /**
8490 * ISO/IEC 9797-1 Padding Method 2.
8491 */
8492 CryptoJS.pad.Iso97971 = {
8493 pad: function (data, blockSize) {
8494 // Add 0x80 byte
8495 data.concat(CryptoJS.lib.WordArray.create([0x80000000], 1));
8497 // Zero pad the rest
8498 CryptoJS.pad.ZeroPadding.pad(data, blockSize);
8499 },
8501 unpad: function (data) {
8502 // Remove zero padding
8503 CryptoJS.pad.ZeroPadding.unpad(data);
8505 // Remove one more byte -- the 0x80 byte
8506 data.sigBytes--;
8507 }
8508 };
8511 return CryptoJS.pad.Iso97971;
8515;(function (root, factory, undef) {
8516 if (typeof exports === "object") {
8517 // CommonJS
8518 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8519 }
8520 else if (typeof define === "function" && define.amd) {
8521 // AMD
8522 define(["./core", "./cipher-core"], factory);
8523 }
8524 else {
8525 // Global (browser)
8526 factory(root.CryptoJS);
8527 }
8528}(this, function (CryptoJS) {
8530 /**
8531 * A noop padding strategy.
8532 */
8533 CryptoJS.pad.NoPadding = {
8534 pad: function () {
8535 },
8537 unpad: function () {
8538 }
8539 };
8542 return CryptoJS.pad.NoPadding;
8546;(function (root, factory, undef) {
8547 if (typeof exports === "object") {
8548 // CommonJS
8549 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8550 }
8551 else if (typeof define === "function" && define.amd) {
8552 // AMD
8553 define(["./core", "./cipher-core"], factory);
8554 }
8555 else {
8556 // Global (browser)
8557 factory(root.CryptoJS);
8558 }
8559}(this, function (CryptoJS) {
8561 /**
8562 * Zero padding strategy.
8563 */
8564 CryptoJS.pad.ZeroPadding = {
8565 pad: function (data, blockSize) {
8566 // Shortcut
8567 var blockSizeBytes = blockSize * 4;
8569 // Pad
8570 data.clamp();
8571 data.sigBytes += blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);
8572 },
8574 unpad: function (data) {
8575 // Shortcut
8576 var dataWords = data.words;
8578 // Unpad
8579 var i = data.sigBytes - 1;
8580 while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) {
8581 i--;
8582 }
8583 data.sigBytes = i + 1;
8584 }
8585 };
8588 return CryptoJS.pad.ZeroPadding;
8592;(function (root, factory, undef) {
8593 if (typeof exports === "object") {
8594 // CommonJS
8595 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha1"), _dereq_("./hmac"));
8596 }
8597 else if (typeof define === "function" && define.amd) {
8598 // AMD
8599 define(["./core", "./sha1", "./hmac"], factory);
8600 }
8601 else {
8602 // Global (browser)
8603 factory(root.CryptoJS);
8604 }
8605}(this, function (CryptoJS) {
8607 (function () {
8608 // Shortcuts
8609 var C = CryptoJS;
8610 var C_lib = C.lib;
8611 var Base = C_lib.Base;
8612 var WordArray = C_lib.WordArray;
8613 var C_algo = C.algo;
8614 var SHA1 = C_algo.SHA1;
8615 var HMAC = C_algo.HMAC;
8617 /**
8618 * Password-Based Key Derivation Function 2 algorithm.
8619 */
8620 var PBKDF2 = C_algo.PBKDF2 = Base.extend({
8621 /**
8622 * Configuration options.
8623 *
8624 * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
8625 * @property {Hasher} hasher The hasher to use. Default: SHA1
8626 * @property {number} iterations The number of iterations to perform. Default: 1
8627 */
8628 cfg: Base.extend({
8629 keySize: 128/32,
8630 hasher: SHA1,
8631 iterations: 1
8632 }),
8634 /**
8635 * Initializes a newly created key derivation function.
8636 *
8637 * @param {Object} cfg (Optional) The configuration options to use for the derivation.
8638 *
8639 * @example
8640 *
8641 * var kdf = CryptoJS.algo.PBKDF2.create();
8642 * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
8643 * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
8644 */
8645 init: function (cfg) {
8646 this.cfg = this.cfg.extend(cfg);
8647 },
8649 /**
8650 * Computes the Password-Based Key Derivation Function 2.
8651 *
8652 * @param {WordArray|string} password The password.
8653 * @param {WordArray|string} salt A salt.
8654 *
8655 * @return {WordArray} The derived key.
8656 *
8657 * @example
8658 *
8659 * var key = kdf.compute(password, salt);
8660 */
8661 compute: function (password, salt) {
8662 // Shortcut
8663 var cfg = this.cfg;
8665 // Init HMAC
8666 var hmac = HMAC.create(cfg.hasher, password);
8668 // Initial values
8669 var derivedKey = WordArray.create();
8670 var blockIndex = WordArray.create([0x00000001]);
8672 // Shortcuts
8673 var derivedKeyWords = derivedKey.words;
8674 var blockIndexWords = blockIndex.words;
8675 var keySize = cfg.keySize;
8676 var iterations = cfg.iterations;
8678 // Generate key
8679 while (derivedKeyWords.length < keySize) {
8680 var block = hmac.update(salt).finalize(blockIndex);
8681 hmac.reset();
8683 // Shortcuts
8684 var blockWords = block.words;
8685 var blockWordsLength = blockWords.length;
8687 // Iterations
8688 var intermediate = block;
8689 for (var i = 1; i < iterations; i++) {
8690 intermediate = hmac.finalize(intermediate);
8691 hmac.reset();
8693 // Shortcut
8694 var intermediateWords = intermediate.words;
8696 // XOR intermediate with block
8697 for (var j = 0; j < blockWordsLength; j++) {
8698 blockWords[j] ^= intermediateWords[j];
8699 }
8700 }
8702 derivedKey.concat(block);
8703 blockIndexWords[0]++;
8704 }
8705 derivedKey.sigBytes = keySize * 4;
8707 return derivedKey;
8708 }
8709 });
8711 /**
8712 * Computes the Password-Based Key Derivation Function 2.
8713 *
8714 * @param {WordArray|string} password The password.
8715 * @param {WordArray|string} salt A salt.
8716 * @param {Object} cfg (Optional) The configuration options to use for this computation.
8717 *
8718 * @return {WordArray} The derived key.
8719 *
8720 * @static
8721 *
8722 * @example
8723 *
8724 * var key = CryptoJS.PBKDF2(password, salt);
8725 * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
8726 * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
8727 */
8728 C.PBKDF2 = function (password, salt, cfg) {
8729 return PBKDF2.create(cfg).compute(password, salt);
8730 };
8731 }());
8734 return CryptoJS.PBKDF2;
8738;(function (root, factory, undef) {
8739 if (typeof exports === "object") {
8740 // CommonJS
8741 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8742 }
8743 else if (typeof define === "function" && define.amd) {
8744 // AMD
8745 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8746 }
8747 else {
8748 // Global (browser)
8749 factory(root.CryptoJS);
8750 }
8751}(this, function (CryptoJS) {
8753 (function () {
8754 // Shortcuts
8755 var C = CryptoJS;
8756 var C_lib = C.lib;
8757 var StreamCipher = C_lib.StreamCipher;
8758 var C_algo = C.algo;
8760 // Reusable objects
8761 var S = [];
8762 var C_ = [];
8763 var G = [];
8765 /**
8766 * Rabbit stream cipher algorithm.
8767 *
8768 * This is a legacy version that neglected to convert the key to little-endian.
8769 * This error doesn't affect the cipher's security,
8770 * but it does affect its compatibility with other implementations.
8771 */
8772 var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
8773 _doReset: function () {
8774 // Shortcuts
8775 var K = this._key.words;
8776 var iv = this.cfg.iv;
8778 // Generate initial state values
8779 var X = this._X = [
8780 K[0], (K[3] << 16) | (K[2] >>> 16),
8781 K[1], (K[0] << 16) | (K[3] >>> 16),
8782 K[2], (K[1] << 16) | (K[0] >>> 16),
8783 K[3], (K[2] << 16) | (K[1] >>> 16)
8784 ];
8786 // Generate initial counter values
8787 var C = this._C = [
8788 (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
8789 (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
8790 (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
8791 (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
8792 ];
8794 // Carry bit
8795 this._b = 0;
8797 // Iterate the system four times
8798 for (var i = 0; i < 4; i++) {
8799 nextState.call(this);
8800 }
8802 // Modify the counters
8803 for (var i = 0; i < 8; i++) {
8804 C[i] ^= X[(i + 4) & 7];
8805 }
8807 // IV setup
8808 if (iv) {
8809 // Shortcuts
8810 var IV = iv.words;
8811 var IV_0 = IV[0];
8812 var IV_1 = IV[1];
8814 // Generate four subvectors
8815 var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
8816 var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
8817 var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
8818 var i3 = (i2 << 16) | (i0 & 0x0000ffff);
8820 // Modify counter values
8821 C[0] ^= i0;
8822 C[1] ^= i1;
8823 C[2] ^= i2;
8824 C[3] ^= i3;
8825 C[4] ^= i0;
8826 C[5] ^= i1;
8827 C[6] ^= i2;
8828 C[7] ^= i3;
8830 // Iterate the system four times
8831 for (var i = 0; i < 4; i++) {
8832 nextState.call(this);
8833 }
8834 }
8835 },
8837 _doProcessBlock: function (M, offset) {
8838 // Shortcut
8839 var X = this._X;
8841 // Iterate the system
8842 nextState.call(this);
8844 // Generate four keystream words
8845 S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
8846 S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
8847 S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
8848 S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
8850 for (var i = 0; i < 4; i++) {
8851 // Swap endian
8852 S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
8853 (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
8855 // Encrypt
8856 M[offset + i] ^= S[i];
8857 }
8858 },
8860 blockSize: 128/32,
8862 ivSize: 64/32
8863 });
8865 function nextState() {
8866 // Shortcuts
8867 var X = this._X;
8868 var C = this._C;
8870 // Save old counter values
8871 for (var i = 0; i < 8; i++) {
8872 C_[i] = C[i];
8873 }
8875 // Calculate new counter values
8876 C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
8877 C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
8878 C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
8879 C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
8880 C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
8881 C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
8882 C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
8883 C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
8884 this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
8886 // Calculate the g-values
8887 for (var i = 0; i < 8; i++) {
8888 var gx = X[i] + C[i];
8890 // Construct high and low argument for squaring
8891 var ga = gx & 0xffff;
8892 var gb = gx >>> 16;
8894 // Calculate high and low result of squaring
8895 var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
8896 var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
8898 // High XOR low
8899 G[i] = gh ^ gl;
8900 }
8902 // Calculate new state values
8903 X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
8904 X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
8905 X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
8906 X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
8907 X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
8908 X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
8909 X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
8910 X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
8911 }
8913 /**
8914 * Shortcut functions to the cipher's object interface.
8915 *
8916 * @example
8917 *
8918 * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
8919 * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
8920 */
8921 C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
8922 }());
8925 return CryptoJS.RabbitLegacy;
8929;(function (root, factory, undef) {
8930 if (typeof exports === "object") {
8931 // CommonJS
8932 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8933 }
8934 else if (typeof define === "function" && define.amd) {
8935 // AMD
8936 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8937 }
8938 else {
8939 // Global (browser)
8940 factory(root.CryptoJS);
8941 }
8942}(this, function (CryptoJS) {
8944 (function () {
8945 // Shortcuts
8946 var C = CryptoJS;
8947 var C_lib = C.lib;
8948 var StreamCipher = C_lib.StreamCipher;
8949 var C_algo = C.algo;
8951 // Reusable objects
8952 var S = [];
8953 var C_ = [];
8954 var G = [];
8956 /**
8957 * Rabbit stream cipher algorithm
8958 */
8959 var Rabbit = C_algo.Rabbit = StreamCipher.extend({
8960 _doReset: function () {
8961 // Shortcuts
8962 var K = this._key.words;
8963 var iv = this.cfg.iv;
8965 // Swap endian
8966 for (var i = 0; i < 4; i++) {
8967 K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
8968 (((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
8969 }
8971 // Generate initial state values
8972 var X = this._X = [
8973 K[0], (K[3] << 16) | (K[2] >>> 16),
8974 K[1], (K[0] << 16) | (K[3] >>> 16),
8975 K[2], (K[1] << 16) | (K[0] >>> 16),
8976 K[3], (K[2] << 16) | (K[1] >>> 16)
8977 ];
8979 // Generate initial counter values
8980 var C = this._C = [
8981 (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
8982 (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
8983 (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
8984 (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
8985 ];
8987 // Carry bit
8988 this._b = 0;
8990 // Iterate the system four times
8991 for (var i = 0; i < 4; i++) {
8992 nextState.call(this);
8993 }
8995 // Modify the counters
8996 for (var i = 0; i < 8; i++) {
8997 C[i] ^= X[(i + 4) & 7];
8998 }
9000 // IV setup
9001 if (iv) {
9002 // Shortcuts
9003 var IV = iv.words;
9004 var IV_0 = IV[0];
9005 var IV_1 = IV[1];
9007 // Generate four subvectors
9008 var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
9009 var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
9010 var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
9011 var i3 = (i2 << 16) | (i0 & 0x0000ffff);
9013 // Modify counter values
9014 C[0] ^= i0;
9015 C[1] ^= i1;
9016 C[2] ^= i2;
9017 C[3] ^= i3;
9018 C[4] ^= i0;
9019 C[5] ^= i1;
9020 C[6] ^= i2;
9021 C[7] ^= i3;
9023 // Iterate the system four times
9024 for (var i = 0; i < 4; i++) {
9025 nextState.call(this);
9026 }
9027 }
9028 },
9030 _doProcessBlock: function (M, offset) {
9031 // Shortcut
9032 var X = this._X;
9034 // Iterate the system
9035 nextState.call(this);
9037 // Generate four keystream words
9038 S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
9039 S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
9040 S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
9041 S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
9043 for (var i = 0; i < 4; i++) {
9044 // Swap endian
9045 S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
9046 (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
9048 // Encrypt
9049 M[offset + i] ^= S[i];
9050 }
9051 },
9053 blockSize: 128/32,
9055 ivSize: 64/32
9056 });
9058 function nextState() {
9059 // Shortcuts
9060 var X = this._X;
9061 var C = this._C;
9063 // Save old counter values
9064 for (var i = 0; i < 8; i++) {
9065 C_[i] = C[i];
9066 }
9068 // Calculate new counter values
9069 C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
9070 C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
9071 C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
9072 C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
9073 C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
9074 C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
9075 C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
9076 C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
9077 this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
9079 // Calculate the g-values
9080 for (var i = 0; i < 8; i++) {
9081 var gx = X[i] + C[i];
9083 // Construct high and low argument for squaring
9084 var ga = gx & 0xffff;
9085 var gb = gx >>> 16;
9087 // Calculate high and low result of squaring
9088 var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
9089 var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
9091 // High XOR low
9092 G[i] = gh ^ gl;
9093 }
9095 // Calculate new state values
9096 X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
9097 X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
9098 X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
9099 X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
9100 X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
9101 X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
9102 X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
9103 X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
9104 }
9106 /**
9107 * Shortcut functions to the cipher's object interface.
9108 *
9109 * @example
9110 *
9111 * var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
9112 * var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
9113 */
9114 C.Rabbit = StreamCipher._createHelper(Rabbit);
9115 }());
9118 return CryptoJS.Rabbit;
9122;(function (root, factory, undef) {
9123 if (typeof exports === "object") {
9124 // CommonJS
9125 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
9126 }
9127 else if (typeof define === "function" && define.amd) {
9128 // AMD
9129 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
9130 }
9131 else {
9132 // Global (browser)
9133 factory(root.CryptoJS);
9134 }
9135}(this, function (CryptoJS) {
9137 (function () {
9138 // Shortcuts
9139 var C = CryptoJS;
9140 var C_lib = C.lib;
9141 var StreamCipher = C_lib.StreamCipher;
9142 var C_algo = C.algo;
9144 /**
9145 * RC4 stream cipher algorithm.
9146 */
9147 var RC4 = C_algo.RC4 = StreamCipher.extend({
9148 _doReset: function () {
9149 // Shortcuts
9150 var key = this._key;
9151 var keyWords = key.words;
9152 var keySigBytes = key.sigBytes;
9154 // Init sbox
9155 var S = this._S = [];
9156 for (var i = 0; i < 256; i++) {
9157 S[i] = i;
9158 }
9160 // Key setup
9161 for (var i = 0, j = 0; i < 256; i++) {
9162 var keyByteIndex = i % keySigBytes;
9163 var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
9165 j = (j + S[i] + keyByte) % 256;
9167 // Swap
9168 var t = S[i];
9169 S[i] = S[j];
9170 S[j] = t;
9171 }
9173 // Counters
9174 this._i = this._j = 0;
9175 },
9177 _doProcessBlock: function (M, offset) {
9178 M[offset] ^= generateKeystreamWord.call(this);
9179 },
9181 keySize: 256/32,
9183 ivSize: 0
9184 });
9186 function generateKeystreamWord() {
9187 // Shortcuts
9188 var S = this._S;
9189 var i = this._i;
9190 var j = this._j;
9192 // Generate keystream word
9193 var keystreamWord = 0;
9194 for (var n = 0; n < 4; n++) {
9195 i = (i + 1) % 256;
9196 j = (j + S[i]) % 256;
9198 // Swap
9199 var t = S[i];
9200 S[i] = S[j];
9201 S[j] = t;
9203 keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
9204 }
9206 // Update counters
9207 this._i = i;
9208 this._j = j;
9210 return keystreamWord;
9211 }
9213 /**
9214 * Shortcut functions to the cipher's object interface.
9215 *
9216 * @example
9217 *
9218 * var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
9219 * var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
9220 */
9221 C.RC4 = StreamCipher._createHelper(RC4);
9223 /**
9224 * Modified RC4 stream cipher algorithm.
9225 */
9226 var RC4Drop = C_algo.RC4Drop = RC4.extend({
9227 /**
9228 * Configuration options.
9229 *
9230 * @property {number} drop The number of keystream words to drop. Default 192
9231 */
9232 cfg: RC4.cfg.extend({
9233 drop: 192
9234 }),
9236 _doReset: function () {
9237 RC4._doReset.call(this);
9239 // Drop
9240 for (var i = this.cfg.drop; i > 0; i--) {
9241 generateKeystreamWord.call(this);
9242 }
9243 }
9244 });
9246 /**
9247 * Shortcut functions to the cipher's object interface.
9248 *
9249 * @example
9250 *
9251 * var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
9252 * var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
9253 */
9254 C.RC4Drop = StreamCipher._createHelper(RC4Drop);
9255 }());
9258 return CryptoJS.RC4;
9262;(function (root, factory) {
9263 if (typeof exports === "object") {
9264 // CommonJS
9265 module.exports = exports = factory(_dereq_("./core"));
9266 }
9267 else if (typeof define === "function" && define.amd) {
9268 // AMD
9269 define(["./core"], factory);
9270 }
9271 else {
9272 // Global (browser)
9273 factory(root.CryptoJS);
9274 }
9275}(this, function (CryptoJS) {
9277 /** @preserve
9278 (c) 2012 by Cédric Mesnil. All rights reserved.
9280 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
9282 - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
9283 - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
9286 */
9288 (function (Math) {
9289 // Shortcuts
9290 var C = CryptoJS;
9291 var C_lib = C.lib;
9292 var WordArray = C_lib.WordArray;
9293 var Hasher = C_lib.Hasher;
9294 var C_algo = C.algo;
9296 // Constants table
9297 var _zl = WordArray.create([
9298 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
9299 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
9300 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
9301 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
9302 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13]);
9303 var _zr = WordArray.create([
9304 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
9305 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
9306 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
9307 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
9308 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11]);
9309 var _sl = WordArray.create([
9310 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
9311 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
9312 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
9313 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9314 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ]);
9315 var _sr = WordArray.create([
9316 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9317 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9318 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
9319 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
9320 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ]);
9322 var _hl = WordArray.create([ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]);
9323 var _hr = WordArray.create([ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]);
9325 /**
9326 * RIPEMD160 hash algorithm.
9327 */
9328 var RIPEMD160 = C_algo.RIPEMD160 = Hasher.extend({
9329 _doReset: function () {
9330 this._hash = WordArray.create([0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]);
9331 },
9333 _doProcessBlock: function (M, offset) {
9335 // Swap endian
9336 for (var i = 0; i < 16; i++) {
9337 // Shortcuts
9338 var offset_i = offset + i;
9339 var M_offset_i = M[offset_i];
9341 // Swap
9342 M[offset_i] = (
9343 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
9344 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
9345 );
9346 }
9347 // Shortcut
9348 var H = this._hash.words;
9349 var hl = _hl.words;
9350 var hr = _hr.words;
9351 var zl = _zl.words;
9352 var zr = _zr.words;
9353 var sl = _sl.words;
9354 var sr = _sr.words;
9356 // Working variables
9357 var al, bl, cl, dl, el;
9358 var ar, br, cr, dr, er;
9360 ar = al = H[0];
9361 br = bl = H[1];
9362 cr = cl = H[2];
9363 dr = dl = H[3];
9364 er = el = H[4];
9365 // Computation
9366 var t;
9367 for (var i = 0; i < 80; i += 1) {
9368 t = (al + M[offset+zl[i]])|0;
9369 if (i<16){
9370 t += f1(bl,cl,dl) + hl[0];
9371 } else if (i<32) {
9372 t += f2(bl,cl,dl) + hl[1];
9373 } else if (i<48) {
9374 t += f3(bl,cl,dl) + hl[2];
9375 } else if (i<64) {
9376 t += f4(bl,cl,dl) + hl[3];
9377 } else {// if (i<80) {
9378 t += f5(bl,cl,dl) + hl[4];
9379 }
9380 t = t|0;
9381 t = rotl(t,sl[i]);
9382 t = (t+el)|0;
9383 al = el;
9384 el = dl;
9385 dl = rotl(cl, 10);
9386 cl = bl;
9387 bl = t;
9389 t = (ar + M[offset+zr[i]])|0;
9390 if (i<16){
9391 t += f5(br,cr,dr) + hr[0];
9392 } else if (i<32) {
9393 t += f4(br,cr,dr) + hr[1];
9394 } else if (i<48) {
9395 t += f3(br,cr,dr) + hr[2];
9396 } else if (i<64) {
9397 t += f2(br,cr,dr) + hr[3];
9398 } else {// if (i<80) {
9399 t += f1(br,cr,dr) + hr[4];
9400 }
9401 t = t|0;
9402 t = rotl(t,sr[i]) ;
9403 t = (t+er)|0;
9404 ar = er;
9405 er = dr;
9406 dr = rotl(cr, 10);
9407 cr = br;
9408 br = t;
9409 }
9410 // Intermediate hash value
9411 t = (H[1] + cl + dr)|0;
9412 H[1] = (H[2] + dl + er)|0;
9413 H[2] = (H[3] + el + ar)|0;
9414 H[3] = (H[4] + al + br)|0;
9415 H[4] = (H[0] + bl + cr)|0;
9416 H[0] = t;
9417 },
9419 _doFinalize: function () {
9420 // Shortcuts
9421 var data = this._data;
9422 var dataWords = data.words;
9424 var nBitsTotal = this._nDataBytes * 8;
9425 var nBitsLeft = data.sigBytes * 8;
9427 // Add padding
9428 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9429 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
9430 (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
9431 (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
9432 );
9433 data.sigBytes = (dataWords.length + 1) * 4;
9435 // Hash final blocks
9436 this._process();
9438 // Shortcuts
9439 var hash = this._hash;
9440 var H = hash.words;
9442 // Swap endian
9443 for (var i = 0; i < 5; i++) {
9444 // Shortcut
9445 var H_i = H[i];
9447 // Swap
9448 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
9449 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
9450 }
9452 // Return final computed hash
9453 return hash;
9454 },
9456 clone: function () {
9457 var clone = Hasher.clone.call(this);
9458 clone._hash = this._hash.clone();
9460 return clone;
9461 }
9462 });
9465 function f1(x, y, z) {
9466 return ((x) ^ (y) ^ (z));
9468 }
9470 function f2(x, y, z) {
9471 return (((x)&(y)) | ((~x)&(z)));
9472 }
9474 function f3(x, y, z) {
9475 return (((x) | (~(y))) ^ (z));
9476 }
9478 function f4(x, y, z) {
9479 return (((x) & (z)) | ((y)&(~(z))));
9480 }
9482 function f5(x, y, z) {
9483 return ((x) ^ ((y) |(~(z))));
9485 }
9487 function rotl(x,n) {
9488 return (x<<n) | (x>>>(32-n));
9489 }
9492 /**
9493 * Shortcut function to the hasher's object interface.
9494 *
9495 * @param {WordArray|string} message The message to hash.
9496 *
9497 * @return {WordArray} The hash.
9498 *
9499 * @static
9500 *
9501 * @example
9502 *
9503 * var hash = CryptoJS.RIPEMD160('message');
9504 * var hash = CryptoJS.RIPEMD160(wordArray);
9505 */
9506 C.RIPEMD160 = Hasher._createHelper(RIPEMD160);
9508 /**
9509 * Shortcut function to the HMAC's object interface.
9510 *
9511 * @param {WordArray|string} message The message to hash.
9512 * @param {WordArray|string} key The secret key.
9513 *
9514 * @return {WordArray} The HMAC.
9515 *
9516 * @static
9517 *
9518 * @example
9519 *
9520 * var hmac = CryptoJS.HmacRIPEMD160(message, key);
9521 */
9522 C.HmacRIPEMD160 = Hasher._createHmacHelper(RIPEMD160);
9523 }(Math));
9526 return CryptoJS.RIPEMD160;
9530;(function (root, factory) {
9531 if (typeof exports === "object") {
9532 // CommonJS
9533 module.exports = exports = factory(_dereq_("./core"));
9534 }
9535 else if (typeof define === "function" && define.amd) {
9536 // AMD
9537 define(["./core"], factory);
9538 }
9539 else {
9540 // Global (browser)
9541 factory(root.CryptoJS);
9542 }
9543}(this, function (CryptoJS) {
9545 (function () {
9546 // Shortcuts
9547 var C = CryptoJS;
9548 var C_lib = C.lib;
9549 var WordArray = C_lib.WordArray;
9550 var Hasher = C_lib.Hasher;
9551 var C_algo = C.algo;
9553 // Reusable object
9554 var W = [];
9556 /**
9557 * SHA-1 hash algorithm.
9558 */
9559 var SHA1 = C_algo.SHA1 = Hasher.extend({
9560 _doReset: function () {
9561 this._hash = new WordArray.init([
9562 0x67452301, 0xefcdab89,
9563 0x98badcfe, 0x10325476,
9564 0xc3d2e1f0
9565 ]);
9566 },
9568 _doProcessBlock: function (M, offset) {
9569 // Shortcut
9570 var H = this._hash.words;
9572 // Working variables
9573 var a = H[0];
9574 var b = H[1];
9575 var c = H[2];
9576 var d = H[3];
9577 var e = H[4];
9579 // Computation
9580 for (var i = 0; i < 80; i++) {
9581 if (i < 16) {
9582 W[i] = M[offset + i] | 0;
9583 } else {
9584 var n = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
9585 W[i] = (n << 1) | (n >>> 31);
9586 }
9588 var t = ((a << 5) | (a >>> 27)) + e + W[i];
9589 if (i < 20) {
9590 t += ((b & c) | (~b & d)) + 0x5a827999;
9591 } else if (i < 40) {
9592 t += (b ^ c ^ d) + 0x6ed9eba1;
9593 } else if (i < 60) {
9594 t += ((b & c) | (b & d) | (c & d)) - 0x70e44324;
9595 } else /* if (i < 80) */ {
9596 t += (b ^ c ^ d) - 0x359d3e2a;
9597 }
9599 e = d;
9600 d = c;
9601 c = (b << 30) | (b >>> 2);
9602 b = a;
9603 a = t;
9604 }
9606 // Intermediate hash value
9607 H[0] = (H[0] + a) | 0;
9608 H[1] = (H[1] + b) | 0;
9609 H[2] = (H[2] + c) | 0;
9610 H[3] = (H[3] + d) | 0;
9611 H[4] = (H[4] + e) | 0;
9612 },
9614 _doFinalize: function () {
9615 // Shortcuts
9616 var data = this._data;
9617 var dataWords = data.words;
9619 var nBitsTotal = this._nDataBytes * 8;
9620 var nBitsLeft = data.sigBytes * 8;
9622 // Add padding
9623 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9624 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
9625 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
9626 data.sigBytes = dataWords.length * 4;
9628 // Hash final blocks
9629 this._process();
9631 // Return final computed hash
9632 return this._hash;
9633 },
9635 clone: function () {
9636 var clone = Hasher.clone.call(this);
9637 clone._hash = this._hash.clone();
9639 return clone;
9640 }
9641 });
9643 /**
9644 * Shortcut function to the hasher's object interface.
9645 *
9646 * @param {WordArray|string} message The message to hash.
9647 *
9648 * @return {WordArray} The hash.
9649 *
9650 * @static
9651 *
9652 * @example
9653 *
9654 * var hash = CryptoJS.SHA1('message');
9655 * var hash = CryptoJS.SHA1(wordArray);
9656 */
9657 C.SHA1 = Hasher._createHelper(SHA1);
9659 /**
9660 * Shortcut function to the HMAC's object interface.
9661 *
9662 * @param {WordArray|string} message The message to hash.
9663 * @param {WordArray|string} key The secret key.
9664 *
9665 * @return {WordArray} The HMAC.
9666 *
9667 * @static
9668 *
9669 * @example
9670 *
9671 * var hmac = CryptoJS.HmacSHA1(message, key);
9672 */
9673 C.HmacSHA1 = Hasher._createHmacHelper(SHA1);
9674 }());
9677 return CryptoJS.SHA1;
9681;(function (root, factory, undef) {
9682 if (typeof exports === "object") {
9683 // CommonJS
9684 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha256"));
9685 }
9686 else if (typeof define === "function" && define.amd) {
9687 // AMD
9688 define(["./core", "./sha256"], factory);
9689 }
9690 else {
9691 // Global (browser)
9692 factory(root.CryptoJS);
9693 }
9694}(this, function (CryptoJS) {
9696 (function () {
9697 // Shortcuts
9698 var C = CryptoJS;
9699 var C_lib = C.lib;
9700 var WordArray = C_lib.WordArray;
9701 var C_algo = C.algo;
9702 var SHA256 = C_algo.SHA256;
9704 /**
9705 * SHA-224 hash algorithm.
9706 */
9707 var SHA224 = C_algo.SHA224 = SHA256.extend({
9708 _doReset: function () {
9709 this._hash = new WordArray.init([
9710 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
9711 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
9712 ]);
9713 },
9715 _doFinalize: function () {
9716 var hash = SHA256._doFinalize.call(this);
9718 hash.sigBytes -= 4;
9720 return hash;
9721 }
9722 });
9724 /**
9725 * Shortcut function to the hasher's object interface.
9726 *
9727 * @param {WordArray|string} message The message to hash.
9728 *
9729 * @return {WordArray} The hash.
9730 *
9731 * @static
9732 *
9733 * @example
9734 *
9735 * var hash = CryptoJS.SHA224('message');
9736 * var hash = CryptoJS.SHA224(wordArray);
9737 */
9738 C.SHA224 = SHA256._createHelper(SHA224);
9740 /**
9741 * Shortcut function to the HMAC's object interface.
9742 *
9743 * @param {WordArray|string} message The message to hash.
9744 * @param {WordArray|string} key The secret key.
9745 *
9746 * @return {WordArray} The HMAC.
9747 *
9748 * @static
9749 *
9750 * @example
9751 *
9752 * var hmac = CryptoJS.HmacSHA224(message, key);
9753 */
9754 C.HmacSHA224 = SHA256._createHmacHelper(SHA224);
9755 }());
9758 return CryptoJS.SHA224;
9762;(function (root, factory) {
9763 if (typeof exports === "object") {
9764 // CommonJS
9765 module.exports = exports = factory(_dereq_("./core"));
9766 }
9767 else if (typeof define === "function" && define.amd) {
9768 // AMD
9769 define(["./core"], factory);
9770 }
9771 else {
9772 // Global (browser)
9773 factory(root.CryptoJS);
9774 }
9775}(this, function (CryptoJS) {
9777 (function (Math) {
9778 // Shortcuts
9779 var C = CryptoJS;
9780 var C_lib = C.lib;
9781 var WordArray = C_lib.WordArray;
9782 var Hasher = C_lib.Hasher;
9783 var C_algo = C.algo;
9785 // Initialization and round constants tables
9786 var H = [];
9787 var K = [];
9789 // Compute constants
9790 (function () {
9791 function isPrime(n) {
9792 var sqrtN = Math.sqrt(n);
9793 for (var factor = 2; factor <= sqrtN; factor++) {
9794 if (!(n % factor)) {
9795 return false;
9796 }
9797 }
9799 return true;
9800 }
9802 function getFractionalBits(n) {
9803 return ((n - (n | 0)) * 0x100000000) | 0;
9804 }
9806 var n = 2;
9807 var nPrime = 0;
9808 while (nPrime < 64) {
9809 if (isPrime(n)) {
9810 if (nPrime < 8) {
9811 H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));
9812 }
9813 K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));
9815 nPrime++;
9816 }
9818 n++;
9819 }
9820 }());
9822 // Reusable object
9823 var W = [];
9825 /**
9826 * SHA-256 hash algorithm.
9827 */
9828 var SHA256 = C_algo.SHA256 = Hasher.extend({
9829 _doReset: function () {
9830 this._hash = new WordArray.init(H.slice(0));
9831 },
9833 _doProcessBlock: function (M, offset) {
9834 // Shortcut
9835 var H = this._hash.words;
9837 // Working variables
9838 var a = H[0];
9839 var b = H[1];
9840 var c = H[2];
9841 var d = H[3];
9842 var e = H[4];
9843 var f = H[5];
9844 var g = H[6];
9845 var h = H[7];
9847 // Computation
9848 for (var i = 0; i < 64; i++) {
9849 if (i < 16) {
9850 W[i] = M[offset + i] | 0;
9851 } else {
9852 var gamma0x = W[i - 15];
9853 var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^
9854 ((gamma0x << 14) | (gamma0x >>> 18)) ^
9855 (gamma0x >>> 3);
9857 var gamma1x = W[i - 2];
9858 var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^
9859 ((gamma1x << 13) | (gamma1x >>> 19)) ^
9860 (gamma1x >>> 10);
9862 W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];
9863 }
9865 var ch = (e & f) ^ (~e & g);
9866 var maj = (a & b) ^ (a & c) ^ (b & c);
9868 var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));
9869 var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));
9871 var t1 = h + sigma1 + ch + K[i] + W[i];
9872 var t2 = sigma0 + maj;
9874 h = g;
9875 g = f;
9876 f = e;
9877 e = (d + t1) | 0;
9878 d = c;
9879 c = b;
9880 b = a;
9881 a = (t1 + t2) | 0;
9882 }
9884 // Intermediate hash value
9885 H[0] = (H[0] + a) | 0;
9886 H[1] = (H[1] + b) | 0;
9887 H[2] = (H[2] + c) | 0;
9888 H[3] = (H[3] + d) | 0;
9889 H[4] = (H[4] + e) | 0;
9890 H[5] = (H[5] + f) | 0;
9891 H[6] = (H[6] + g) | 0;
9892 H[7] = (H[7] + h) | 0;
9893 },
9895 _doFinalize: function () {
9896 // Shortcuts
9897 var data = this._data;
9898 var dataWords = data.words;
9900 var nBitsTotal = this._nDataBytes * 8;
9901 var nBitsLeft = data.sigBytes * 8;
9903 // Add padding
9904 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9905 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
9906 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
9907 data.sigBytes = dataWords.length * 4;
9909 // Hash final blocks
9910 this._process();
9912 // Return final computed hash
9913 return this._hash;
9914 },
9916 clone: function () {
9917 var clone = Hasher.clone.call(this);
9918 clone._hash = this._hash.clone();
9920 return clone;
9921 }
9922 });
9924 /**
9925 * Shortcut function to the hasher's object interface.
9926 *
9927 * @param {WordArray|string} message The message to hash.
9928 *
9929 * @return {WordArray} The hash.
9930 *
9931 * @static
9932 *
9933 * @example
9934 *
9935 * var hash = CryptoJS.SHA256('message');
9936 * var hash = CryptoJS.SHA256(wordArray);
9937 */
9938 C.SHA256 = Hasher._createHelper(SHA256);
9940 /**
9941 * Shortcut function to the HMAC's object interface.
9942 *
9943 * @param {WordArray|string} message The message to hash.
9944 * @param {WordArray|string} key The secret key.
9945 *
9946 * @return {WordArray} The HMAC.
9947 *
9948 * @static
9949 *
9950 * @example
9951 *
9952 * var hmac = CryptoJS.HmacSHA256(message, key);
9953 */
9954 C.HmacSHA256 = Hasher._createHmacHelper(SHA256);
9955 }(Math));
9958 return CryptoJS.SHA256;
9962;(function (root, factory, undef) {
9963 if (typeof exports === "object") {
9964 // CommonJS
9965 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"));
9966 }
9967 else if (typeof define === "function" && define.amd) {
9968 // AMD
9969 define(["./core", "./x64-core"], factory);
9970 }
9971 else {
9972 // Global (browser)
9973 factory(root.CryptoJS);
9974 }
9975}(this, function (CryptoJS) {
9977 (function (Math) {
9978 // Shortcuts
9979 var C = CryptoJS;
9980 var C_lib = C.lib;
9981 var WordArray = C_lib.WordArray;
9982 var Hasher = C_lib.Hasher;
9983 var C_x64 = C.x64;
9984 var X64Word = C_x64.Word;
9985 var C_algo = C.algo;
9987 // Constants tables
9988 var RHO_OFFSETS = [];
9989 var PI_INDEXES = [];
9990 var ROUND_CONSTANTS = [];
9992 // Compute Constants
9993 (function () {
9994 // Compute rho offset constants
9995 var x = 1, y = 0;
9996 for (var t = 0; t < 24; t++) {
9997 RHO_OFFSETS[x + 5 * y] = ((t + 1) * (t + 2) / 2) % 64;
9999 var newX = y % 5;
10000 var newY = (2 * x + 3 * y) % 5;
10001 x = newX;
10002 y = newY;
10003 }
10005 // Compute pi index constants
10006 for (var x = 0; x < 5; x++) {
10007 for (var y = 0; y < 5; y++) {
10008 PI_INDEXES[x + 5 * y] = y + ((2 * x + 3 * y) % 5) * 5;
10009 }
10010 }
10012 // Compute round constants
10013 var LFSR = 0x01;
10014 for (var i = 0; i < 24; i++) {
10015 var roundConstantMsw = 0;
10016 var roundConstantLsw = 0;
10018 for (var j = 0; j < 7; j++) {
10019 if (LFSR & 0x01) {
10020 var bitPosition = (1 << j) - 1;
10021 if (bitPosition < 32) {
10022 roundConstantLsw ^= 1 << bitPosition;
10023 } else /* if (bitPosition >= 32) */ {
10024 roundConstantMsw ^= 1 << (bitPosition - 32);
10025 }
10026 }
10028 // Compute next LFSR
10029 if (LFSR & 0x80) {
10030 // Primitive polynomial over GF(2): x^8 + x^6 + x^5 + x^4 + 1
10031 LFSR = (LFSR << 1) ^ 0x71;
10032 } else {
10033 LFSR <<= 1;
10034 }
10035 }
10037 ROUND_CONSTANTS[i] = X64Word.create(roundConstantMsw, roundConstantLsw);
10038 }
10039 }());
10041 // Reusable objects for temporary values
10042 var T = [];
10043 (function () {
10044 for (var i = 0; i < 25; i++) {
10045 T[i] = X64Word.create();
10046 }
10047 }());
10049 /**
10050 * SHA-3 hash algorithm.
10051 */
10052 var SHA3 = C_algo.SHA3 = Hasher.extend({
10053 /**
10054 * Configuration options.
10055 *
10056 * @property {number} outputLength
10057 * The desired number of bits in the output hash.
10058 * Only values permitted are: 224, 256, 384, 512.
10059 * Default: 512
10060 */
10061 cfg: Hasher.cfg.extend({
10062 outputLength: 512
10063 }),
10065 _doReset: function () {
10066 var state = this._state = []
10067 for (var i = 0; i < 25; i++) {
10068 state[i] = new X64Word.init();
10069 }
10071 this.blockSize = (1600 - 2 * this.cfg.outputLength) / 32;
10072 },
10074 _doProcessBlock: function (M, offset) {
10075 // Shortcuts
10076 var state = this._state;
10077 var nBlockSizeLanes = this.blockSize / 2;
10079 // Absorb
10080 for (var i = 0; i < nBlockSizeLanes; i++) {
10081 // Shortcuts
10082 var M2i = M[offset + 2 * i];
10083 var M2i1 = M[offset + 2 * i + 1];
10085 // Swap endian
10086 M2i = (
10087 (((M2i << 8) | (M2i >>> 24)) & 0x00ff00ff) |
10088 (((M2i << 24) | (M2i >>> 8)) & 0xff00ff00)
10089 );
10090 M2i1 = (
10091 (((M2i1 << 8) | (M2i1 >>> 24)) & 0x00ff00ff) |
10092 (((M2i1 << 24) | (M2i1 >>> 8)) & 0xff00ff00)
10093 );
10095 // Absorb message into state
10096 var lane = state[i];
10097 lane.high ^= M2i1;
10098 lane.low ^= M2i;
10099 }
10101 // Rounds
10102 for (var round = 0; round < 24; round++) {
10103 // Theta
10104 for (var x = 0; x < 5; x++) {
10105 // Mix column lanes
10106 var tMsw = 0, tLsw = 0;
10107 for (var y = 0; y < 5; y++) {
10108 var lane = state[x + 5 * y];
10109 tMsw ^= lane.high;
10110 tLsw ^= lane.low;
10111 }
10113 // Temporary values
10114 var Tx = T[x];
10115 Tx.high = tMsw;
10116 Tx.low = tLsw;
10117 }
10118 for (var x = 0; x < 5; x++) {
10119 // Shortcuts
10120 var Tx4 = T[(x + 4) % 5];
10121 var Tx1 = T[(x + 1) % 5];
10122 var Tx1Msw = Tx1.high;
10123 var Tx1Lsw = Tx1.low;
10125 // Mix surrounding columns
10126 var tMsw = Tx4.high ^ ((Tx1Msw << 1) | (Tx1Lsw >>> 31));
10127 var tLsw = Tx4.low ^ ((Tx1Lsw << 1) | (Tx1Msw >>> 31));
10128 for (var y = 0; y < 5; y++) {
10129 var lane = state[x + 5 * y];
10130 lane.high ^= tMsw;
10131 lane.low ^= tLsw;
10132 }
10133 }
10135 // Rho Pi
10136 for (var laneIndex = 1; laneIndex < 25; laneIndex++) {
10137 // Shortcuts
10138 var lane = state[laneIndex];
10139 var laneMsw = lane.high;
10140 var laneLsw = lane.low;
10141 var rhoOffset = RHO_OFFSETS[laneIndex];
10143 // Rotate lanes
10144 if (rhoOffset < 32) {
10145 var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset));
10146 var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset));
10147 } else /* if (rhoOffset >= 32) */ {
10148 var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset));
10149 var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset));
10150 }
10152 // Transpose lanes
10153 var TPiLane = T[PI_INDEXES[laneIndex]];
10154 TPiLane.high = tMsw;
10155 TPiLane.low = tLsw;
10156 }
10158 // Rho pi at x = y = 0
10159 var T0 = T[0];
10160 var state0 = state[0];
10161 T0.high = state0.high;
10162 T0.low = state0.low;
10164 // Chi
10165 for (var x = 0; x < 5; x++) {
10166 for (var y = 0; y < 5; y++) {
10167 // Shortcuts
10168 var laneIndex = x + 5 * y;
10169 var lane = state[laneIndex];
10170 var TLane = T[laneIndex];
10171 var Tx1Lane = T[((x + 1) % 5) + 5 * y];
10172 var Tx2Lane = T[((x + 2) % 5) + 5 * y];
10174 // Mix rows
10175 lane.high = TLane.high ^ (~Tx1Lane.high & Tx2Lane.high);
10176 lane.low = TLane.low ^ (~Tx1Lane.low & Tx2Lane.low);
10177 }
10178 }
10180 // Iota
10181 var lane = state[0];
10182 var roundConstant = ROUND_CONSTANTS[round];
10183 lane.high ^= roundConstant.high;
10184 lane.low ^= roundConstant.low;;
10185 }
10186 },
10188 _doFinalize: function () {
10189 // Shortcuts
10190 var data = this._data;
10191 var dataWords = data.words;
10192 var nBitsTotal = this._nDataBytes * 8;
10193 var nBitsLeft = data.sigBytes * 8;
10194 var blockSizeBits = this.blockSize * 32;
10196 // Add padding
10197 dataWords[nBitsLeft >>> 5] |= 0x1 << (24 - nBitsLeft % 32);
10198 dataWords[((Math.ceil((nBitsLeft + 1) / blockSizeBits) * blockSizeBits) >>> 5) - 1] |= 0x80;
10199 data.sigBytes = dataWords.length * 4;
10201 // Hash final blocks
10202 this._process();
10204 // Shortcuts
10205 var state = this._state;
10206 var outputLengthBytes = this.cfg.outputLength / 8;
10207 var outputLengthLanes = outputLengthBytes / 8;
10209 // Squeeze
10210 var hashWords = [];
10211 for (var i = 0; i < outputLengthLanes; i++) {
10212 // Shortcuts
10213 var lane = state[i];
10214 var laneMsw = lane.high;
10215 var laneLsw = lane.low;
10217 // Swap endian
10218 laneMsw = (
10219 (((laneMsw << 8) | (laneMsw >>> 24)) & 0x00ff00ff) |
10220 (((laneMsw << 24) | (laneMsw >>> 8)) & 0xff00ff00)
10221 );
10222 laneLsw = (
10223 (((laneLsw << 8) | (laneLsw >>> 24)) & 0x00ff00ff) |
10224 (((laneLsw << 24) | (laneLsw >>> 8)) & 0xff00ff00)
10225 );
10227 // Squeeze state to retrieve hash
10228 hashWords.push(laneLsw);
10229 hashWords.push(laneMsw);
10230 }
10232 // Return final computed hash
10233 return new WordArray.init(hashWords, outputLengthBytes);
10234 },
10236 clone: function () {
10237 var clone = Hasher.clone.call(this);
10239 var state = clone._state = this._state.slice(0);
10240 for (var i = 0; i < 25; i++) {
10241 state[i] = state[i].clone();
10242 }
10244 return clone;
10245 }
10246 });
10248 /**
10249 * Shortcut function to the hasher's object interface.
10250 *
10251 * @param {WordArray|string} message The message to hash.
10252 *
10253 * @return {WordArray} The hash.
10254 *
10255 * @static
10256 *
10257 * @example
10258 *
10259 * var hash = CryptoJS.SHA3('message');
10260 * var hash = CryptoJS.SHA3(wordArray);
10261 */
10262 C.SHA3 = Hasher._createHelper(SHA3);
10264 /**
10265 * Shortcut function to the HMAC's object interface.
10266 *
10267 * @param {WordArray|string} message The message to hash.
10268 * @param {WordArray|string} key The secret key.
10269 *
10270 * @return {WordArray} The HMAC.
10271 *
10272 * @static
10273 *
10274 * @example
10275 *
10276 * var hmac = CryptoJS.HmacSHA3(message, key);
10277 */
10278 C.HmacSHA3 = Hasher._createHmacHelper(SHA3);
10279 }(Math));
10282 return CryptoJS.SHA3;
10286;(function (root, factory, undef) {
10287 if (typeof exports === "object") {
10288 // CommonJS
10289 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"), _dereq_("./sha512"));
10290 }
10291 else if (typeof define === "function" && define.amd) {
10292 // AMD
10293 define(["./core", "./x64-core", "./sha512"], factory);
10294 }
10295 else {
10296 // Global (browser)
10297 factory(root.CryptoJS);
10298 }
10299}(this, function (CryptoJS) {
10301 (function () {
10302 // Shortcuts
10303 var C = CryptoJS;
10304 var C_x64 = C.x64;
10305 var X64Word = C_x64.Word;
10306 var X64WordArray = C_x64.WordArray;
10307 var C_algo = C.algo;
10308 var SHA512 = C_algo.SHA512;
10310 /**
10311 * SHA-384 hash algorithm.
10312 */
10313 var SHA384 = C_algo.SHA384 = SHA512.extend({
10314 _doReset: function () {
10315 this._hash = new X64WordArray.init([
10316 new X64Word.init(0xcbbb9d5d, 0xc1059ed8), new X64Word.init(0x629a292a, 0x367cd507),
10317 new X64Word.init(0x9159015a, 0x3070dd17), new X64Word.init(0x152fecd8, 0xf70e5939),
10318 new X64Word.init(0x67332667, 0xffc00b31), new X64Word.init(0x8eb44a87, 0x68581511),
10319 new X64Word.init(0xdb0c2e0d, 0x64f98fa7), new X64Word.init(0x47b5481d, 0xbefa4fa4)
10320 ]);
10321 },
10323 _doFinalize: function () {
10324 var hash = SHA512._doFinalize.call(this);
10326 hash.sigBytes -= 16;
10328 return hash;
10329 }
10330 });
10332 /**
10333 * Shortcut function to the hasher's object interface.
10334 *
10335 * @param {WordArray|string} message The message to hash.
10336 *
10337 * @return {WordArray} The hash.
10338 *
10339 * @static
10340 *
10341 * @example
10342 *
10343 * var hash = CryptoJS.SHA384('message');
10344 * var hash = CryptoJS.SHA384(wordArray);
10345 */
10346 C.SHA384 = SHA512._createHelper(SHA384);
10348 /**
10349 * Shortcut function to the HMAC's object interface.
10350 *
10351 * @param {WordArray|string} message The message to hash.
10352 * @param {WordArray|string} key The secret key.
10353 *
10354 * @return {WordArray} The HMAC.
10355 *
10356 * @static
10357 *
10358 * @example
10359 *
10360 * var hmac = CryptoJS.HmacSHA384(message, key);
10361 */
10362 C.HmacSHA384 = SHA512._createHmacHelper(SHA384);
10363 }());
10366 return CryptoJS.SHA384;
10370;(function (root, factory, undef) {
10371 if (typeof exports === "object") {
10372 // CommonJS
10373 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"));
10374 }
10375 else if (typeof define === "function" && define.amd) {
10376 // AMD
10377 define(["./core", "./x64-core"], factory);
10378 }
10379 else {
10380 // Global (browser)
10381 factory(root.CryptoJS);
10382 }
10383}(this, function (CryptoJS) {
10385 (function () {
10386 // Shortcuts
10387 var C = CryptoJS;
10388 var C_lib = C.lib;
10389 var Hasher = C_lib.Hasher;
10390 var C_x64 = C.x64;
10391 var X64Word = C_x64.Word;
10392 var X64WordArray = C_x64.WordArray;
10393 var C_algo = C.algo;
10395 function X64Word_create() {
10396 return X64Word.create.apply(X64Word, arguments);
10397 }
10399 // Constants
10400 var K = [
10401 X64Word_create(0x428a2f98, 0xd728ae22), X64Word_create(0x71374491, 0x23ef65cd),
10402 X64Word_create(0xb5c0fbcf, 0xec4d3b2f), X64Word_create(0xe9b5dba5, 0x8189dbbc),
10403 X64Word_create(0x3956c25b, 0xf348b538), X64Word_create(0x59f111f1, 0xb605d019),
10404 X64Word_create(0x923f82a4, 0xaf194f9b), X64Word_create(0xab1c5ed5, 0xda6d8118),
10405 X64Word_create(0xd807aa98, 0xa3030242), X64Word_create(0x12835b01, 0x45706fbe),
10406 X64Word_create(0x243185be, 0x4ee4b28c), X64Word_create(0x550c7dc3, 0xd5ffb4e2),
10407 X64Word_create(0x72be5d74, 0xf27b896f), X64Word_create(0x80deb1fe, 0x3b1696b1),
10408 X64Word_create(0x9bdc06a7, 0x25c71235), X64Word_create(0xc19bf174, 0xcf692694),
10409 X64Word_create(0xe49b69c1, 0x9ef14ad2), X64Word_create(0xefbe4786, 0x384f25e3),
10410 X64Word_create(0x0fc19dc6, 0x8b8cd5b5), X64Word_create(0x240ca1cc, 0x77ac9c65),
10411 X64Word_create(0x2de92c6f, 0x592b0275), X64Word_create(0x4a7484aa, 0x6ea6e483),
10412 X64Word_create(0x5cb0a9dc, 0xbd41fbd4), X64Word_create(0x76f988da, 0x831153b5),
10413 X64Word_create(0x983e5152, 0xee66dfab), X64Word_create(0xa831c66d, 0x2db43210),
10414 X64Word_create(0xb00327c8, 0x98fb213f), X64Word_create(0xbf597fc7, 0xbeef0ee4),
10415 X64Word_create(0xc6e00bf3, 0x3da88fc2), X64Word_create(0xd5a79147, 0x930aa725),
10416 X64Word_create(0x06ca6351, 0xe003826f), X64Word_create(0x14292967, 0x0a0e6e70),
10417 X64Word_create(0x27b70a85, 0x46d22ffc), X64Word_create(0x2e1b2138, 0x5c26c926),
10418 X64Word_create(0x4d2c6dfc, 0x5ac42aed), X64Word_create(0x53380d13, 0x9d95b3df),
10419 X64Word_create(0x650a7354, 0x8baf63de), X64Word_create(0x766a0abb, 0x3c77b2a8),
10420 X64Word_create(0x81c2c92e, 0x47edaee6), X64Word_create(0x92722c85, 0x1482353b),
10421 X64Word_create(0xa2bfe8a1, 0x4cf10364), X64Word_create(0xa81a664b, 0xbc423001),
10422 X64Word_create(0xc24b8b70, 0xd0f89791), X64Word_create(0xc76c51a3, 0x0654be30),
10423 X64Word_create(0xd192e819, 0xd6ef5218), X64Word_create(0xd6990624, 0x5565a910),
10424 X64Word_create(0xf40e3585, 0x5771202a), X64Word_create(0x106aa070, 0x32bbd1b8),
10425 X64Word_create(0x19a4c116, 0xb8d2d0c8), X64Word_create(0x1e376c08, 0x5141ab53),
10426 X64Word_create(0x2748774c, 0xdf8eeb99), X64Word_create(0x34b0bcb5, 0xe19b48a8),
10427 X64Word_create(0x391c0cb3, 0xc5c95a63), X64Word_create(0x4ed8aa4a, 0xe3418acb),
10428 X64Word_create(0x5b9cca4f, 0x7763e373), X64Word_create(0x682e6ff3, 0xd6b2b8a3),
10429 X64Word_create(0x748f82ee, 0x5defb2fc), X64Word_create(0x78a5636f, 0x43172f60),
10430 X64Word_create(0x84c87814, 0xa1f0ab72), X64Word_create(0x8cc70208, 0x1a6439ec),
10431 X64Word_create(0x90befffa, 0x23631e28), X64Word_create(0xa4506ceb, 0xde82bde9),
10432 X64Word_create(0xbef9a3f7, 0xb2c67915), X64Word_create(0xc67178f2, 0xe372532b),
10433 X64Word_create(0xca273ece, 0xea26619c), X64Word_create(0xd186b8c7, 0x21c0c207),
10434 X64Word_create(0xeada7dd6, 0xcde0eb1e), X64Word_create(0xf57d4f7f, 0xee6ed178),
10435 X64Word_create(0x06f067aa, 0x72176fba), X64Word_create(0x0a637dc5, 0xa2c898a6),
10436 X64Word_create(0x113f9804, 0xbef90dae), X64Word_create(0x1b710b35, 0x131c471b),
10437 X64Word_create(0x28db77f5, 0x23047d84), X64Word_create(0x32caab7b, 0x40c72493),
10438 X64Word_create(0x3c9ebe0a, 0x15c9bebc), X64Word_create(0x431d67c4, 0x9c100d4c),
10439 X64Word_create(0x4cc5d4be, 0xcb3e42b6), X64Word_create(0x597f299c, 0xfc657e2a),
10440 X64Word_create(0x5fcb6fab, 0x3ad6faec), X64Word_create(0x6c44198c, 0x4a475817)
10441 ];
10443 // Reusable objects
10444 var W = [];
10445 (function () {
10446 for (var i = 0; i < 80; i++) {
10447 W[i] = X64Word_create();
10448 }
10449 }());
10451 /**
10452 * SHA-512 hash algorithm.
10453 */
10454 var SHA512 = C_algo.SHA512 = Hasher.extend({
10455 _doReset: function () {
10456 this._hash = new X64WordArray.init([
10457 new X64Word.init(0x6a09e667, 0xf3bcc908), new X64Word.init(0xbb67ae85, 0x84caa73b),
10458 new X64Word.init(0x3c6ef372, 0xfe94f82b), new X64Word.init(0xa54ff53a, 0x5f1d36f1),
10459 new X64Word.init(0x510e527f, 0xade682d1), new X64Word.init(0x9b05688c, 0x2b3e6c1f),
10460 new X64Word.init(0x1f83d9ab, 0xfb41bd6b), new X64Word.init(0x5be0cd19, 0x137e2179)
10461 ]);
10462 },
10464 _doProcessBlock: function (M, offset) {
10465 // Shortcuts
10466 var H = this._hash.words;
10468 var H0 = H[0];
10469 var H1 = H[1];
10470 var H2 = H[2];
10471 var H3 = H[3];
10472 var H4 = H[4];
10473 var H5 = H[5];
10474 var H6 = H[6];
10475 var H7 = H[7];
10477 var H0h = H0.high;
10478 var H0l = H0.low;
10479 var H1h = H1.high;
10480 var H1l = H1.low;
10481 var H2h = H2.high;
10482 var H2l = H2.low;
10483 var H3h = H3.high;
10484 var H3l = H3.low;
10485 var H4h = H4.high;
10486 var H4l = H4.low;
10487 var H5h = H5.high;
10488 var H5l = H5.low;
10489 var H6h = H6.high;
10490 var H6l = H6.low;
10491 var H7h = H7.high;
10492 var H7l = H7.low;
10494 // Working variables
10495 var ah = H0h;
10496 var al = H0l;
10497 var bh = H1h;
10498 var bl = H1l;
10499 var ch = H2h;
10500 var cl = H2l;
10501 var dh = H3h;
10502 var dl = H3l;
10503 var eh = H4h;
10504 var el = H4l;
10505 var fh = H5h;
10506 var fl = H5l;
10507 var gh = H6h;
10508 var gl = H6l;
10509 var hh = H7h;
10510 var hl = H7l;
10512 // Rounds
10513 for (var i = 0; i < 80; i++) {
10514 // Shortcut
10515 var Wi = W[i];
10517 // Extend message
10518 if (i < 16) {
10519 var Wih = Wi.high = M[offset + i * 2] | 0;
10520 var Wil = Wi.low = M[offset + i * 2 + 1] | 0;
10521 } else {
10522 // Gamma0
10523 var gamma0x = W[i - 15];
10524 var gamma0xh = gamma0x.high;
10525 var gamma0xl = gamma0x.low;
10526 var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
10527 var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
10529 // Gamma1
10530 var gamma1x = W[i - 2];
10531 var gamma1xh = gamma1x.high;
10532 var gamma1xl = gamma1x.low;
10533 var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
10534 var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
10536 // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
10537 var Wi7 = W[i - 7];
10538 var Wi7h = Wi7.high;
10539 var Wi7l = Wi7.low;
10541 var Wi16 = W[i - 16];
10542 var Wi16h = Wi16.high;
10543 var Wi16l = Wi16.low;
10545 var Wil = gamma0l + Wi7l;
10546 var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
10547 var Wil = Wil + gamma1l;
10548 var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
10549 var Wil = Wil + Wi16l;
10550 var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
10552 Wi.high = Wih;
10553 Wi.low = Wil;
10554 }
10556 var chh = (eh & fh) ^ (~eh & gh);
10557 var chl = (el & fl) ^ (~el & gl);
10558 var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
10559 var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
10561 var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
10562 var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
10563 var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
10564 var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
10566 // t1 = h + sigma1 + ch + K[i] + W[i]
10567 var Ki = K[i];
10568 var Kih = Ki.high;
10569 var Kil = Ki.low;
10571 var t1l = hl + sigma1l;
10572 var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
10573 var t1l = t1l + chl;
10574 var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
10575 var t1l = t1l + Kil;
10576 var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
10577 var t1l = t1l + Wil;
10578 var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
10580 // t2 = sigma0 + maj
10581 var t2l = sigma0l + majl;
10582 var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
10584 // Update working variables
10585 hh = gh;
10586 hl = gl;
10587 gh = fh;
10588 gl = fl;
10589 fh = eh;
10590 fl = el;
10591 el = (dl + t1l) | 0;
10592 eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
10593 dh = ch;
10594 dl = cl;
10595 ch = bh;
10596 cl = bl;
10597 bh = ah;
10598 bl = al;
10599 al = (t1l + t2l) | 0;
10600 ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
10601 }
10603 // Intermediate hash value
10604 H0l = H0.low = (H0l + al);
10605 H0.high = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
10606 H1l = H1.low = (H1l + bl);
10607 H1.high = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
10608 H2l = H2.low = (H2l + cl);
10609 H2.high = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
10610 H3l = H3.low = (H3l + dl);
10611 H3.high = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
10612 H4l = H4.low = (H4l + el);
10613 H4.high = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
10614 H5l = H5.low = (H5l + fl);
10615 H5.high = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
10616 H6l = H6.low = (H6l + gl);
10617 H6.high = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
10618 H7l = H7.low = (H7l + hl);
10619 H7.high = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
10620 },
10622 _doFinalize: function () {
10623 // Shortcuts
10624 var data = this._data;
10625 var dataWords = data.words;
10627 var nBitsTotal = this._nDataBytes * 8;
10628 var nBitsLeft = data.sigBytes * 8;
10630 // Add padding
10631 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
10632 dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 30] = Math.floor(nBitsTotal / 0x100000000);
10633 dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 31] = nBitsTotal;
10634 data.sigBytes = dataWords.length * 4;
10636 // Hash final blocks
10637 this._process();
10639 // Convert hash to 32-bit word array before returning
10640 var hash = this._hash.toX32();
10642 // Return final computed hash
10643 return hash;
10644 },
10646 clone: function () {
10647 var clone = Hasher.clone.call(this);
10648 clone._hash = this._hash.clone();
10650 return clone;
10651 },
10653 blockSize: 1024/32
10654 });
10656 /**
10657 * Shortcut function to the hasher's object interface.
10658 *
10659 * @param {WordArray|string} message The message to hash.
10660 *
10661 * @return {WordArray} The hash.
10662 *
10663 * @static
10664 *
10665 * @example
10666 *
10667 * var hash = CryptoJS.SHA512('message');
10668 * var hash = CryptoJS.SHA512(wordArray);
10669 */
10670 C.SHA512 = Hasher._createHelper(SHA512);
10672 /**
10673 * Shortcut function to the HMAC's object interface.
10674 *
10675 * @param {WordArray|string} message The message to hash.
10676 * @param {WordArray|string} key The secret key.
10677 *
10678 * @return {WordArray} The HMAC.
10679 *
10680 * @static
10681 *
10682 * @example
10683 *
10684 * var hmac = CryptoJS.HmacSHA512(message, key);
10685 */
10686 C.HmacSHA512 = Hasher._createHmacHelper(SHA512);
10687 }());
10690 return CryptoJS.SHA512;
10694;(function (root, factory, undef) {
10695 if (typeof exports === "object") {
10696 // CommonJS
10697 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
10698 }
10699 else if (typeof define === "function" && define.amd) {
10700 // AMD
10701 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
10702 }
10703 else {
10704 // Global (browser)
10705 factory(root.CryptoJS);
10706 }
10707}(this, function (CryptoJS) {
10709 (function () {
10710 // Shortcuts
10711 var C = CryptoJS;
10712 var C_lib = C.lib;
10713 var WordArray = C_lib.WordArray;
10714 var BlockCipher = C_lib.BlockCipher;
10715 var C_algo = C.algo;
10717 // Permuted Choice 1 constants
10718 var PC1 = [
10719 57, 49, 41, 33, 25, 17, 9, 1,
10720 58, 50, 42, 34, 26, 18, 10, 2,
10721 59, 51, 43, 35, 27, 19, 11, 3,
10722 60, 52, 44, 36, 63, 55, 47, 39,
10723 31, 23, 15, 7, 62, 54, 46, 38,
10724 30, 22, 14, 6, 61, 53, 45, 37,
10725 29, 21, 13, 5, 28, 20, 12, 4
10726 ];
10728 // Permuted Choice 2 constants
10729 var PC2 = [
10730 14, 17, 11, 24, 1, 5,
10731 3, 28, 15, 6, 21, 10,
10732 23, 19, 12, 4, 26, 8,
10733 16, 7, 27, 20, 13, 2,
10734 41, 52, 31, 37, 47, 55,
10735 30, 40, 51, 45, 33, 48,
10736 44, 49, 39, 56, 34, 53,
10737 46, 42, 50, 36, 29, 32
10738 ];
10740 // Cumulative bit shift constants
10741 var BIT_SHIFTS = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
10743 // SBOXes and round permutation constants
10744 var SBOX_P = [
10745 {
10746 0x0: 0x808200,
10747 0x10000000: 0x8000,
10748 0x20000000: 0x808002,
10749 0x30000000: 0x2,
10750 0x40000000: 0x200,
10751 0x50000000: 0x808202,
10752 0x60000000: 0x800202,
10753 0x70000000: 0x800000,
10754 0x80000000: 0x202,
10755 0x90000000: 0x800200,
10756 0xa0000000: 0x8200,
10757 0xb0000000: 0x808000,
10758 0xc0000000: 0x8002,
10759 0xd0000000: 0x800002,
10760 0xe0000000: 0x0,
10761 0xf0000000: 0x8202,
10762 0x8000000: 0x0,
10763 0x18000000: 0x808202,
10764 0x28000000: 0x8202,
10765 0x38000000: 0x8000,
10766 0x48000000: 0x808200,
10767 0x58000000: 0x200,
10768 0x68000000: 0x808002,
10769 0x78000000: 0x2,
10770 0x88000000: 0x800200,
10771 0x98000000: 0x8200,
10772 0xa8000000: 0x808000,
10773 0xb8000000: 0x800202,
10774 0xc8000000: 0x800002,
10775 0xd8000000: 0x8002,
10776 0xe8000000: 0x202,
10777 0xf8000000: 0x800000,
10778 0x1: 0x8000,
10779 0x10000001: 0x2,
10780 0x20000001: 0x808200,
10781 0x30000001: 0x800000,
10782 0x40000001: 0x808002,
10783 0x50000001: 0x8200,
10784 0x60000001: 0x200,
10785 0x70000001: 0x800202,
10786 0x80000001: 0x808202,
10787 0x90000001: 0x808000,
10788 0xa0000001: 0x800002,
10789 0xb0000001: 0x8202,
10790 0xc0000001: 0x202,
10791 0xd0000001: 0x800200,
10792 0xe0000001: 0x8002,
10793 0xf0000001: 0x0,
10794 0x8000001: 0x808202,
10795 0x18000001: 0x808000,
10796 0x28000001: 0x800000,
10797 0x38000001: 0x200,
10798 0x48000001: 0x8000,
10799 0x58000001: 0x800002,
10800 0x68000001: 0x2,
10801 0x78000001: 0x8202,
10802 0x88000001: 0x8002,
10803 0x98000001: 0x800202,
10804 0xa8000001: 0x202,
10805 0xb8000001: 0x808200,
10806 0xc8000001: 0x800200,
10807 0xd8000001: 0x0,
10808 0xe8000001: 0x8200,
10809 0xf8000001: 0x808002
10810 },
10811 {
10812 0x0: 0x40084010,
10813 0x1000000: 0x4000,
10814 0x2000000: 0x80000,
10815 0x3000000: 0x40080010,
10816 0x4000000: 0x40000010,
10817 0x5000000: 0x40084000,
10818 0x6000000: 0x40004000,
10819 0x7000000: 0x10,
10820 0x8000000: 0x84000,
10821 0x9000000: 0x40004010,
10822 0xa000000: 0x40000000,
10823 0xb000000: 0x84010,
10824 0xc000000: 0x80010,
10825 0xd000000: 0x0,
10826 0xe000000: 0x4010,
10827 0xf000000: 0x40080000,
10828 0x800000: 0x40004000,
10829 0x1800000: 0x84010,
10830 0x2800000: 0x10,
10831 0x3800000: 0x40004010,
10832 0x4800000: 0x40084010,
10833 0x5800000: 0x40000000,
10834 0x6800000: 0x80000,
10835 0x7800000: 0x40080010,
10836 0x8800000: 0x80010,
10837 0x9800000: 0x0,
10838 0xa800000: 0x4000,
10839 0xb800000: 0x40080000,
10840 0xc800000: 0x40000010,
10841 0xd800000: 0x84000,
10842 0xe800000: 0x40084000,
10843 0xf800000: 0x4010,
10844 0x10000000: 0x0,
10845 0x11000000: 0x40080010,
10846 0x12000000: 0x40004010,
10847 0x13000000: 0x40084000,
10848 0x14000000: 0x40080000,
10849 0x15000000: 0x10,
10850 0x16000000: 0x84010,
10851 0x17000000: 0x4000,
10852 0x18000000: 0x4010,
10853 0x19000000: 0x80000,
10854 0x1a000000: 0x80010,
10855 0x1b000000: 0x40000010,
10856 0x1c000000: 0x84000,
10857 0x1d000000: 0x40004000,
10858 0x1e000000: 0x40000000,
10859 0x1f000000: 0x40084010,
10860 0x10800000: 0x84010,
10861 0x11800000: 0x80000,
10862 0x12800000: 0x40080000,
10863 0x13800000: 0x4000,
10864 0x14800000: 0x40004000,
10865 0x15800000: 0x40084010,
10866 0x16800000: 0x10,
10867 0x17800000: 0x40000000,
10868 0x18800000: 0x40084000,
10869 0x19800000: 0x40000010,
10870 0x1a800000: 0x40004010,
10871 0x1b800000: 0x80010,
10872 0x1c800000: 0x0,
10873 0x1d800000: 0x4010,
10874 0x1e800000: 0x40080010,
10875 0x1f800000: 0x84000
10876 },
10877 {
10878 0x0: 0x104,
10879 0x100000: 0x0,
10880 0x200000: 0x4000100,
10881 0x300000: 0x10104,
10882 0x400000: 0x10004,
10883 0x500000: 0x4000004,
10884 0x600000: 0x4010104,
10885 0x700000: 0x4010000,
10886 0x800000: 0x4000000,
10887 0x900000: 0x4010100,
10888 0xa00000: 0x10100,
10889 0xb00000: 0x4010004,
10890 0xc00000: 0x4000104,
10891 0xd00000: 0x10000,
10892 0xe00000: 0x4,
10893 0xf00000: 0x100,
10894 0x80000: 0x4010100,
10895 0x180000: 0x4010004,
10896 0x280000: 0x0,
10897 0x380000: 0x4000100,
10898 0x480000: 0x4000004,
10899 0x580000: 0x10000,
10900 0x680000: 0x10004,
10901 0x780000: 0x104,
10902 0x880000: 0x4,
10903 0x980000: 0x100,
10904 0xa80000: 0x4010000,
10905 0xb80000: 0x10104,
10906 0xc80000: 0x10100,
10907 0xd80000: 0x4000104,
10908 0xe80000: 0x4010104,
10909 0xf80000: 0x4000000,
10910 0x1000000: 0x4010100,
10911 0x1100000: 0x10004,
10912 0x1200000: 0x10000,
10913 0x1300000: 0x4000100,
10914 0x1400000: 0x100,
10915 0x1500000: 0x4010104,
10916 0x1600000: 0x4000004,
10917 0x1700000: 0x0,
10918 0x1800000: 0x4000104,
10919 0x1900000: 0x4000000,
10920 0x1a00000: 0x4,
10921 0x1b00000: 0x10100,
10922 0x1c00000: 0x4010000,
10923 0x1d00000: 0x104,
10924 0x1e00000: 0x10104,
10925 0x1f00000: 0x4010004,
10926 0x1080000: 0x4000000,
10927 0x1180000: 0x104,
10928 0x1280000: 0x4010100,
10929 0x1380000: 0x0,
10930 0x1480000: 0x10004,
10931 0x1580000: 0x4000100,
10932 0x1680000: 0x100,
10933 0x1780000: 0x4010004,
10934 0x1880000: 0x10000,
10935 0x1980000: 0x4010104,
10936 0x1a80000: 0x10104,
10937 0x1b80000: 0x4000004,
10938 0x1c80000: 0x4000104,
10939 0x1d80000: 0x4010000,
10940 0x1e80000: 0x4,
10941 0x1f80000: 0x10100
10942 },
10943 {
10944 0x0: 0x80401000,
10945 0x10000: 0x80001040,
10946 0x20000: 0x401040,
10947 0x30000: 0x80400000,
10948 0x40000: 0x0,
10949 0x50000: 0x401000,
10950 0x60000: 0x80000040,
10951 0x70000: 0x400040,
10952 0x80000: 0x80000000,
10953 0x90000: 0x400000,
10954 0xa0000: 0x40,
10955 0xb0000: 0x80001000,
10956 0xc0000: 0x80400040,
10957 0xd0000: 0x1040,
10958 0xe0000: 0x1000,
10959 0xf0000: 0x80401040,
10960 0x8000: 0x80001040,
10961 0x18000: 0x40,
10962 0x28000: 0x80400040,
10963 0x38000: 0x80001000,
10964 0x48000: 0x401000,
10965 0x58000: 0x80401040,
10966 0x68000: 0x0,
10967 0x78000: 0x80400000,
10968 0x88000: 0x1000,
10969 0x98000: 0x80401000,
10970 0xa8000: 0x400000,
10971 0xb8000: 0x1040,
10972 0xc8000: 0x80000000,
10973 0xd8000: 0x400040,
10974 0xe8000: 0x401040,
10975 0xf8000: 0x80000040,
10976 0x100000: 0x400040,
10977 0x110000: 0x401000,
10978 0x120000: 0x80000040,
10979 0x130000: 0x0,
10980 0x140000: 0x1040,
10981 0x150000: 0x80400040,
10982 0x160000: 0x80401000,
10983 0x170000: 0x80001040,
10984 0x180000: 0x80401040,
10985 0x190000: 0x80000000,
10986 0x1a0000: 0x80400000,
10987 0x1b0000: 0x401040,
10988 0x1c0000: 0x80001000,
10989 0x1d0000: 0x400000,
10990 0x1e0000: 0x40,
10991 0x1f0000: 0x1000,
10992 0x108000: 0x80400000,
10993 0x118000: 0x80401040,
10994 0x128000: 0x0,
10995 0x138000: 0x401000,
10996 0x148000: 0x400040,
10997 0x158000: 0x80000000,
10998 0x168000: 0x80001040,
10999 0x178000: 0x40,
11000 0x188000: 0x80000040,
11001 0x198000: 0x1000,
11002 0x1a8000: 0x80001000,
11003 0x1b8000: 0x80400040,
11004 0x1c8000: 0x1040,
11005 0x1d8000: 0x80401000,
11006 0x1e8000: 0x400000,
11007 0x1f8000: 0x401040
11008 },
11009 {
11010 0x0: 0x80,
11011 0x1000: 0x1040000,
11012 0x2000: 0x40000,
11013 0x3000: 0x20000000,
11014 0x4000: 0x20040080,
11015 0x5000: 0x1000080,
11016 0x6000: 0x21000080,
11017 0x7000: 0x40080,
11018 0x8000: 0x1000000,
11019 0x9000: 0x20040000,
11020 0xa000: 0x20000080,
11021 0xb000: 0x21040080,
11022 0xc000: 0x21040000,
11023 0xd000: 0x0,
11024 0xe000: 0x1040080,
11025 0xf000: 0x21000000,
11026 0x800: 0x1040080,
11027 0x1800: 0x21000080,
11028 0x2800: 0x80,
11029 0x3800: 0x1040000,
11030 0x4800: 0x40000,
11031 0x5800: 0x20040080,
11032 0x6800: 0x21040000,
11033 0x7800: 0x20000000,
11034 0x8800: 0x20040000,
11035 0x9800: 0x0,
11036 0xa800: 0x21040080,
11037 0xb800: 0x1000080,
11038 0xc800: 0x20000080,
11039 0xd800: 0x21000000,
11040 0xe800: 0x1000000,
11041 0xf800: 0x40080,
11042 0x10000: 0x40000,
11043 0x11000: 0x80,
11044 0x12000: 0x20000000,
11045 0x13000: 0x21000080,
11046 0x14000: 0x1000080,
11047 0x15000: 0x21040000,
11048 0x16000: 0x20040080,
11049 0x17000: 0x1000000,
11050 0x18000: 0x21040080,
11051 0x19000: 0x21000000,
11052 0x1a000: 0x1040000,
11053 0x1b000: 0x20040000,
11054 0x1c000: 0x40080,
11055 0x1d000: 0x20000080,
11056 0x1e000: 0x0,
11057 0x1f000: 0x1040080,
11058 0x10800: 0x21000080,
11059 0x11800: 0x1000000,
11060 0x12800: 0x1040000,
11061 0x13800: 0x20040080,
11062 0x14800: 0x20000000,
11063 0x15800: 0x1040080,
11064 0x16800: 0x80,
11065 0x17800: 0x21040000,
11066 0x18800: 0x40080,
11067 0x19800: 0x21040080,
11068 0x1a800: 0x0,
11069 0x1b800: 0x21000000,
11070 0x1c800: 0x1000080,
11071 0x1d800: 0x40000,
11072 0x1e800: 0x20040000,
11073 0x1f800: 0x20000080
11074 },
11075 {
11076 0x0: 0x10000008,
11077 0x100: 0x2000,
11078 0x200: 0x10200000,
11079 0x300: 0x10202008,
11080 0x400: 0x10002000,
11081 0x500: 0x200000,
11082 0x600: 0x200008,
11083 0x700: 0x10000000,
11084 0x800: 0x0,
11085 0x900: 0x10002008,
11086 0xa00: 0x202000,
11087 0xb00: 0x8,
11088 0xc00: 0x10200008,
11089 0xd00: 0x202008,
11090 0xe00: 0x2008,
11091 0xf00: 0x10202000,
11092 0x80: 0x10200000,
11093 0x180: 0x10202008,
11094 0x280: 0x8,
11095 0x380: 0x200000,
11096 0x480: 0x202008,
11097 0x580: 0x10000008,
11098 0x680: 0x10002000,
11099 0x780: 0x2008,
11100 0x880: 0x200008,
11101 0x980: 0x2000,
11102 0xa80: 0x10002008,
11103 0xb80: 0x10200008,
11104 0xc80: 0x0,
11105 0xd80: 0x10202000,
11106 0xe80: 0x202000,
11107 0xf80: 0x10000000,
11108 0x1000: 0x10002000,
11109 0x1100: 0x10200008,
11110 0x1200: 0x10202008,
11111 0x1300: 0x2008,
11112 0x1400: 0x200000,
11113 0x1500: 0x10000000,
11114 0x1600: 0x10000008,
11115 0x1700: 0x202000,
11116 0x1800: 0x202008,
11117 0x1900: 0x0,
11118 0x1a00: 0x8,
11119 0x1b00: 0x10200000,
11120 0x1c00: 0x2000,
11121 0x1d00: 0x10002008,
11122 0x1e00: 0x10202000,
11123 0x1f00: 0x200008,
11124 0x1080: 0x8,
11125 0x1180: 0x202000,
11126 0x1280: 0x200000,
11127 0x1380: 0x10000008,
11128 0x1480: 0x10002000,
11129 0x1580: 0x2008,
11130 0x1680: 0x10202008,
11131 0x1780: 0x10200000,
11132 0x1880: 0x10202000,
11133 0x1980: 0x10200008,
11134 0x1a80: 0x2000,
11135 0x1b80: 0x202008,
11136 0x1c80: 0x200008,
11137 0x1d80: 0x0,
11138 0x1e80: 0x10000000,
11139 0x1f80: 0x10002008
11140 },
11141 {
11142 0x0: 0x100000,
11143 0x10: 0x2000401,
11144 0x20: 0x400,
11145 0x30: 0x100401,
11146 0x40: 0x2100401,
11147 0x50: 0x0,
11148 0x60: 0x1,
11149 0x70: 0x2100001,
11150 0x80: 0x2000400,
11151 0x90: 0x100001,
11152 0xa0: 0x2000001,
11153 0xb0: 0x2100400,
11154 0xc0: 0x2100000,
11155 0xd0: 0x401,
11156 0xe0: 0x100400,
11157 0xf0: 0x2000000,
11158 0x8: 0x2100001,
11159 0x18: 0x0,
11160 0x28: 0x2000401,
11161 0x38: 0x2100400,
11162 0x48: 0x100000,
11163 0x58: 0x2000001,
11164 0x68: 0x2000000,
11165 0x78: 0x401,
11166 0x88: 0x100401,
11167 0x98: 0x2000400,
11168 0xa8: 0x2100000,
11169 0xb8: 0x100001,
11170 0xc8: 0x400,
11171 0xd8: 0x2100401,
11172 0xe8: 0x1,
11173 0xf8: 0x100400,
11174 0x100: 0x2000000,
11175 0x110: 0x100000,
11176 0x120: 0x2000401,
11177 0x130: 0x2100001,
11178 0x140: 0x100001,
11179 0x150: 0x2000400,
11180 0x160: 0x2100400,
11181 0x170: 0x100401,
11182 0x180: 0x401,
11183 0x190: 0x2100401,
11184 0x1a0: 0x100400,
11185 0x1b0: 0x1,
11186 0x1c0: 0x0,
11187 0x1d0: 0x2100000,
11188 0x1e0: 0x2000001,
11189 0x1f0: 0x400,
11190 0x108: 0x100400,
11191 0x118: 0x2000401,
11192 0x128: 0x2100001,
11193 0x138: 0x1,
11194 0x148: 0x2000000,
11195 0x158: 0x100000,
11196 0x168: 0x401,
11197 0x178: 0x2100400,
11198 0x188: 0x2000001,
11199 0x198: 0x2100000,
11200 0x1a8: 0x0,
11201 0x1b8: 0x2100401,
11202 0x1c8: 0x100401,
11203 0x1d8: 0x400,
11204 0x1e8: 0x2000400,
11205 0x1f8: 0x100001
11206 },
11207 {
11208 0x0: 0x8000820,
11209 0x1: 0x20000,
11210 0x2: 0x8000000,
11211 0x3: 0x20,
11212 0x4: 0x20020,
11213 0x5: 0x8020820,
11214 0x6: 0x8020800,
11215 0x7: 0x800,
11216 0x8: 0x8020000,
11217 0x9: 0x8000800,
11218 0xa: 0x20800,
11219 0xb: 0x8020020,
11220 0xc: 0x820,
11221 0xd: 0x0,
11222 0xe: 0x8000020,
11223 0xf: 0x20820,
11224 0x80000000: 0x800,
11225 0x80000001: 0x8020820,
11226 0x80000002: 0x8000820,
11227 0x80000003: 0x8000000,
11228 0x80000004: 0x8020000,
11229 0x80000005: 0x20800,
11230 0x80000006: 0x20820,
11231 0x80000007: 0x20,
11232 0x80000008: 0x8000020,
11233 0x80000009: 0x820,
11234 0x8000000a: 0x20020,
11235 0x8000000b: 0x8020800,
11236 0x8000000c: 0x0,
11237 0x8000000d: 0x8020020,
11238 0x8000000e: 0x8000800,
11239 0x8000000f: 0x20000,
11240 0x10: 0x20820,
11241 0x11: 0x8020800,
11242 0x12: 0x20,
11243 0x13: 0x800,
11244 0x14: 0x8000800,
11245 0x15: 0x8000020,
11246 0x16: 0x8020020,
11247 0x17: 0x20000,
11248 0x18: 0x0,
11249 0x19: 0x20020,
11250 0x1a: 0x8020000,
11251 0x1b: 0x8000820,
11252 0x1c: 0x8020820,
11253 0x1d: 0x20800,
11254 0x1e: 0x820,
11255 0x1f: 0x8000000,
11256 0x80000010: 0x20000,
11257 0x80000011: 0x800,
11258 0x80000012: 0x8020020,
11259 0x80000013: 0x20820,
11260 0x80000014: 0x20,
11261 0x80000015: 0x8020000,
11262 0x80000016: 0x8000000,
11263 0x80000017: 0x8000820,
11264 0x80000018: 0x8020820,
11265 0x80000019: 0x8000020,
11266 0x8000001a: 0x8000800,
11267 0x8000001b: 0x0,
11268 0x8000001c: 0x20800,
11269 0x8000001d: 0x820,
11270 0x8000001e: 0x20020,
11271 0x8000001f: 0x8020800
11272 }
11273 ];
11275 // Masks that select the SBOX input
11276 var SBOX_MASK = [
11277 0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
11278 0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
11279 ];
11281 /**
11282 * DES block cipher algorithm.
11283 */
11284 var DES = C_algo.DES = BlockCipher.extend({
11285 _doReset: function () {
11286 // Shortcuts
11287 var key = this._key;
11288 var keyWords = key.words;
11290 // Select 56 bits according to PC1
11291 var keyBits = [];
11292 for (var i = 0; i < 56; i++) {
11293 var keyBitPos = PC1[i] - 1;
11294 keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
11295 }
11297 // Assemble 16 subkeys
11298 var subKeys = this._subKeys = [];
11299 for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
11300 // Create subkey
11301 var subKey = subKeys[nSubKey] = [];
11303 // Shortcut
11304 var bitShift = BIT_SHIFTS[nSubKey];
11306 // Select 48 bits according to PC2
11307 for (var i = 0; i < 24; i++) {
11308 // Select from the left 28 key bits
11309 subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
11311 // Select from the right 28 key bits
11312 subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
11313 }
11315 // Since each subkey is applied to an expanded 32-bit input,
11316 // the subkey can be broken into 8 values scaled to 32-bits,
11317 // which allows the key to be used without expansion
11318 subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
11319 for (var i = 1; i < 7; i++) {
11320 subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
11321 }
11322 subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
11323 }
11325 // Compute inverse subkeys
11326 var invSubKeys = this._invSubKeys = [];
11327 for (var i = 0; i < 16; i++) {
11328 invSubKeys[i] = subKeys[15 - i];
11329 }
11330 },
11332 encryptBlock: function (M, offset) {
11333 this._doCryptBlock(M, offset, this._subKeys);
11334 },
11336 decryptBlock: function (M, offset) {
11337 this._doCryptBlock(M, offset, this._invSubKeys);
11338 },
11340 _doCryptBlock: function (M, offset, subKeys) {
11341 // Get input
11342 this._lBlock = M[offset];
11343 this._rBlock = M[offset + 1];
11345 // Initial permutation
11346 exchangeLR.call(this, 4, 0x0f0f0f0f);
11347 exchangeLR.call(this, 16, 0x0000ffff);
11348 exchangeRL.call(this, 2, 0x33333333);
11349 exchangeRL.call(this, 8, 0x00ff00ff);
11350 exchangeLR.call(this, 1, 0x55555555);
11352 // Rounds
11353 for (var round = 0; round < 16; round++) {
11354 // Shortcuts
11355 var subKey = subKeys[round];
11356 var lBlock = this._lBlock;
11357 var rBlock = this._rBlock;
11359 // Feistel function
11360 var f = 0;
11361 for (var i = 0; i < 8; i++) {
11362 f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
11363 }
11364 this._lBlock = rBlock;
11365 this._rBlock = lBlock ^ f;
11366 }
11368 // Undo swap from last round
11369 var t = this._lBlock;
11370 this._lBlock = this._rBlock;
11371 this._rBlock = t;
11373 // Final permutation
11374 exchangeLR.call(this, 1, 0x55555555);
11375 exchangeRL.call(this, 8, 0x00ff00ff);
11376 exchangeRL.call(this, 2, 0x33333333);
11377 exchangeLR.call(this, 16, 0x0000ffff);
11378 exchangeLR.call(this, 4, 0x0f0f0f0f);
11380 // Set output
11381 M[offset] = this._lBlock;
11382 M[offset + 1] = this._rBlock;
11383 },
11385 keySize: 64/32,
11387 ivSize: 64/32,
11389 blockSize: 64/32
11390 });
11392 // Swap bits across the left and right words
11393 function exchangeLR(offset, mask) {
11394 var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
11395 this._rBlock ^= t;
11396 this._lBlock ^= t << offset;
11397 }
11399 function exchangeRL(offset, mask) {
11400 var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
11401 this._lBlock ^= t;
11402 this._rBlock ^= t << offset;
11403 }
11405 /**
11406 * Shortcut functions to the cipher's object interface.
11407 *
11408 * @example
11409 *
11410 * var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
11411 * var plaintext = CryptoJS.DES.decrypt(ciphertext, key, cfg);
11412 */
11413 C.DES = BlockCipher._createHelper(DES);
11415 /**
11416 * Triple-DES block cipher algorithm.
11417 */
11418 var TripleDES = C_algo.TripleDES = BlockCipher.extend({
11419 _doReset: function () {
11420 // Shortcuts
11421 var key = this._key;
11422 var keyWords = key.words;
11424 // Create DES instances
11425 this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2)));
11426 this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4)));
11427 this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6)));
11428 },
11430 encryptBlock: function (M, offset) {
11431 this._des1.encryptBlock(M, offset);
11432 this._des2.decryptBlock(M, offset);
11433 this._des3.encryptBlock(M, offset);
11434 },
11436 decryptBlock: function (M, offset) {
11437 this._des3.decryptBlock(M, offset);
11438 this._des2.encryptBlock(M, offset);
11439 this._des1.decryptBlock(M, offset);
11440 },
11442 keySize: 192/32,
11444 ivSize: 64/32,
11446 blockSize: 64/32
11447 });
11449 /**
11450 * Shortcut functions to the cipher's object interface.
11451 *
11452 * @example
11453 *
11454 * var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
11455 * var plaintext = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
11456 */
11457 C.TripleDES = BlockCipher._createHelper(TripleDES);
11458 }());
11461 return CryptoJS.TripleDES;
11465;(function (root, factory) {
11466 if (typeof exports === "object") {
11467 // CommonJS
11468 module.exports = exports = factory(_dereq_("./core"));
11469 }
11470 else if (typeof define === "function" && define.amd) {
11471 // AMD
11472 define(["./core"], factory);
11473 }
11474 else {
11475 // Global (browser)
11476 factory(root.CryptoJS);
11477 }
11478}(this, function (CryptoJS) {
11480 (function (undefined) {
11481 // Shortcuts
11482 var C = CryptoJS;
11483 var C_lib = C.lib;
11484 var Base = C_lib.Base;
11485 var X32WordArray = C_lib.WordArray;
11487 /**
11488 * x64 namespace.
11489 */
11490 var C_x64 = C.x64 = {};
11492 /**
11493 * A 64-bit word.
11494 */
11495 var X64Word = C_x64.Word = Base.extend({
11496 /**
11497 * Initializes a newly created 64-bit word.
11498 *
11499 * @param {number} high The high 32 bits.
11500 * @param {number} low The low 32 bits.
11501 *
11502 * @example
11503 *
11504 * var x64Word = CryptoJS.x64.Word.create(0x00010203, 0x04050607);
11505 */
11506 init: function (high, low) {
11507 this.high = high;
11508 this.low = low;
11509 }
11511 /**
11512 * Bitwise NOTs this word.
11513 *
11514 * @return {X64Word} A new x64-Word object after negating.
11515 *
11516 * @example
11517 *
11518 * var negated = x64Word.not();
11519 */
11520 // not: function () {
11521 // var high = ~this.high;
11522 // var low = ~this.low;
11524 // return X64Word.create(high, low);
11525 // },
11527 /**
11528 * Bitwise ANDs this word with the passed word.
11529 *
11530 * @param {X64Word} word The x64-Word to AND with this word.
11531 *
11532 * @return {X64Word} A new x64-Word object after ANDing.
11533 *
11534 * @example
11535 *
11536 * var anded = x64Word.and(anotherX64Word);
11537 */
11538 // and: function (word) {
11539 // var high = this.high & word.high;
11540 // var low = this.low & word.low;
11542 // return X64Word.create(high, low);
11543 // },
11545 /**
11546 * Bitwise ORs this word with the passed word.
11547 *
11548 * @param {X64Word} word The x64-Word to OR with this word.
11549 *
11550 * @return {X64Word} A new x64-Word object after ORing.
11551 *
11552 * @example
11553 *
11554 * var ored = x64Word.or(anotherX64Word);
11555 */
11556 // or: function (word) {
11557 // var high = this.high | word.high;
11558 // var low = this.low | word.low;
11560 // return X64Word.create(high, low);
11561 // },
11563 /**
11564 * Bitwise XORs this word with the passed word.
11565 *
11566 * @param {X64Word} word The x64-Word to XOR with this word.
11567 *
11568 * @return {X64Word} A new x64-Word object after XORing.
11569 *
11570 * @example
11571 *
11572 * var xored = x64Word.xor(anotherX64Word);
11573 */
11574 // xor: function (word) {
11575 // var high = this.high ^ word.high;
11576 // var low = this.low ^ word.low;
11578 // return X64Word.create(high, low);
11579 // },
11581 /**
11582 * Shifts this word n bits to the left.
11583 *
11584 * @param {number} n The number of bits to shift.
11585 *
11586 * @return {X64Word} A new x64-Word object after shifting.
11587 *
11588 * @example
11589 *
11590 * var shifted = x64Word.shiftL(25);
11591 */
11592 // shiftL: function (n) {
11593 // if (n < 32) {
11594 // var high = (this.high << n) | (this.low >>> (32 - n));
11595 // var low = this.low << n;
11596 // } else {
11597 // var high = this.low << (n - 32);
11598 // var low = 0;
11599 // }
11601 // return X64Word.create(high, low);
11602 // },
11604 /**
11605 * Shifts this word n bits to the right.
11606 *
11607 * @param {number} n The number of bits to shift.
11608 *
11609 * @return {X64Word} A new x64-Word object after shifting.
11610 *
11611 * @example
11612 *
11613 * var shifted = x64Word.shiftR(7);
11614 */
11615 // shiftR: function (n) {
11616 // if (n < 32) {
11617 // var low = (this.low >>> n) | (this.high << (32 - n));
11618 // var high = this.high >>> n;
11619 // } else {
11620 // var low = this.high >>> (n - 32);
11621 // var high = 0;
11622 // }
11624 // return X64Word.create(high, low);
11625 // },
11627 /**
11628 * Rotates this word n bits to the left.
11629 *
11630 * @param {number} n The number of bits to rotate.
11631 *
11632 * @return {X64Word} A new x64-Word object after rotating.
11633 *
11634 * @example
11635 *
11636 * var rotated = x64Word.rotL(25);
11637 */
11638 // rotL: function (n) {
11639 // return this.shiftL(n).or(this.shiftR(64 - n));
11640 // },
11642 /**
11643 * Rotates this word n bits to the right.
11644 *
11645 * @param {number} n The number of bits to rotate.
11646 *
11647 * @return {X64Word} A new x64-Word object after rotating.
11648 *
11649 * @example
11650 *
11651 * var rotated = x64Word.rotR(7);
11652 */
11653 // rotR: function (n) {
11654 // return this.shiftR(n).or(this.shiftL(64 - n));
11655 // },
11657 /**
11658 * Adds this word with the passed word.
11659 *
11660 * @param {X64Word} word The x64-Word to add with this word.
11661 *
11662 * @return {X64Word} A new x64-Word object after adding.
11663 *
11664 * @example
11665 *
11666 * var added = x64Word.add(anotherX64Word);
11667 */
11668 // add: function (word) {
11669 // var low = (this.low + word.low) | 0;
11670 // var carry = (low >>> 0) < (this.low >>> 0) ? 1 : 0;
11671 // var high = (this.high + word.high + carry) | 0;
11673 // return X64Word.create(high, low);
11674 // }
11675 });
11677 /**
11678 * An array of 64-bit words.
11679 *
11680 * @property {Array} words The array of CryptoJS.x64.Word objects.
11681 * @property {number} sigBytes The number of significant bytes in this word array.
11682 */
11683 var X64WordArray = C_x64.WordArray = Base.extend({
11684 /**
11685 * Initializes a newly created word array.
11686 *
11687 * @param {Array} words (Optional) An array of CryptoJS.x64.Word objects.
11688 * @param {number} sigBytes (Optional) The number of significant bytes in the words.
11689 *
11690 * @example
11691 *
11692 * var wordArray = CryptoJS.x64.WordArray.create();
11693 *
11694 * var wordArray = CryptoJS.x64.WordArray.create([
11695 * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
11696 * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
11697 * ]);
11698 *
11699 * var wordArray = CryptoJS.x64.WordArray.create([
11700 * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
11701 * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
11702 * ], 10);
11703 */
11704 init: function (words, sigBytes) {
11705 words = this.words = words || [];
11707 if (sigBytes != undefined) {
11708 this.sigBytes = sigBytes;
11709 } else {
11710 this.sigBytes = words.length * 8;
11711 }
11712 },
11714 /**
11715 * Converts this 64-bit word array to a 32-bit word array.
11716 *
11717 * @return {CryptoJS.lib.WordArray} This word array's data as a 32-bit word array.
11718 *
11719 * @example
11720 *
11721 * var x32WordArray = x64WordArray.toX32();
11722 */
11723 toX32: function () {
11724 // Shortcuts
11725 var x64Words = this.words;
11726 var x64WordsLength = x64Words.length;
11728 // Convert
11729 var x32Words = [];
11730 for (var i = 0; i < x64WordsLength; i++) {
11731 var x64Word = x64Words[i];
11732 x32Words.push(x64Word.high);
11733 x32Words.push(x64Word.low);
11734 }
11736 return X32WordArray.create(x32Words, this.sigBytes);
11737 },
11739 /**
11740 * Creates a copy of this word array.
11741 *
11742 * @return {X64WordArray} The clone.
11743 *
11744 * @example
11745 *
11746 * var clone = x64WordArray.clone();
11747 */
11748 clone: function () {
11749 var clone = Base.clone.call(this);
11751 // Clone "words" array
11752 var words = clone.words = this.words.slice(0);
11754 // Clone each X64Word object
11755 var wordsLength = words.length;
11756 for (var i = 0; i < wordsLength; i++) {
11757 words[i] = words[i].clone();
11758 }
11760 return clone;
11761 }
11762 });
11763 }());
11766 return CryptoJS;
11770var assert = _dereq_('assert')
11771var BigInteger = _dereq_('bigi')
11773var Point = _dereq_('./point')
11775function Curve(p, a, b, Gx, Gy, n, h) {
11776 this.p = p
11777 this.a = a
11778 this.b = b
11779 this.G = Point.fromAffine(this, Gx, Gy)
11780 this.n = n
11781 this.h = h
11783 this.infinity = new Point(this, null, null, BigInteger.ZERO)
11785 // result caching
11786 this.pOverFour = p.add(BigInteger.ONE).shiftRight(2)
11789Curve.prototype.pointFromX = function(isOdd, x) {
11790 var alpha = x.pow(3).add(this.a.multiply(x)).add(this.b).mod(this.p)
11791 var beta = alpha.modPow(this.pOverFour, this.p)
11793 var y = beta
11794 if (beta.isEven() ^ !isOdd) {
11795 y = this.p.subtract(y) // -y % p
11796 }
11798 return Point.fromAffine(this, x, y)
11801Curve.prototype.isInfinity = function(Q) {
11802 if (Q === this.infinity) return true
11804 return Q.z.signum() === 0 && Q.y.signum() !== 0
11807Curve.prototype.isOnCurve = function(Q) {
11808 if (this.isInfinity(Q)) return true
11810 var x = Q.affineX
11811 var y = Q.affineY
11812 var a = this.a
11813 var b = this.b
11814 var p = this.p
11816 // Check that xQ and yQ are integers in the interval [0, p - 1]
11817 if (x.signum() < 0 || x.compareTo(p) >= 0) return false
11818 if (y.signum() < 0 || y.compareTo(p) >= 0) return false
11820 // and check that y^2 = x^3 + ax + b (mod p)
11821 var lhs = y.square().mod(p)
11822 var rhs = x.pow(3).add(a.multiply(x)).add(b).mod(p)
11823 return lhs.equals(rhs)
11827 * Validate an elliptic curve point.
11828 *
11829 * See SEC 1, section Elliptic Curve Public Key Validation Primitive
11830 */
11831Curve.prototype.validate = function(Q) {
11832 // Check Q != O
11833 assert(!this.isInfinity(Q), 'Point is at infinity')
11834 assert(this.isOnCurve(Q), 'Point is not on the curve')
11836 // Check nQ = O (where Q is a scalar multiple of G)
11837 var nQ = Q.multiply(this.n)
11838 assert(this.isInfinity(nQ), 'Point is not a scalar multiple of G')
11840 return true
11843module.exports = Curve
11847 "secp128r1": {
11848 "p": "fffffffdffffffffffffffffffffffff",
11849 "a": "fffffffdfffffffffffffffffffffffc",
11850 "b": "e87579c11079f43dd824993c2cee5ed3",
11851 "n": "fffffffe0000000075a30d1b9038a115",
11852 "h": "01",
11853 "Gx": "161ff7528b899b2d0c28607ca52c5b86",
11854 "Gy": "cf5ac8395bafeb13c02da292dded7a83"
11855 },
11856 "secp160k1": {
11857 "p": "fffffffffffffffffffffffffffffffeffffac73",
11858 "a": "00",
11859 "b": "07",
11860 "n": "0100000000000000000001b8fa16dfab9aca16b6b3",
11861 "h": "01",
11862 "Gx": "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
11863 "Gy": "938cf935318fdced6bc28286531733c3f03c4fee"
11864 },
11865 "secp160r1": {
11866 "p": "ffffffffffffffffffffffffffffffff7fffffff",
11867 "a": "ffffffffffffffffffffffffffffffff7ffffffc",
11868 "b": "1c97befc54bd7a8b65acf89f81d4d4adc565fa45",
11869 "n": "0100000000000000000001f4c8f927aed3ca752257",
11870 "h": "01",
11871 "Gx": "4a96b5688ef573284664698968c38bb913cbfc82",
11872 "Gy": "23a628553168947d59dcc912042351377ac5fb32"
11873 },
11874 "secp192k1": {
11875 "p": "fffffffffffffffffffffffffffffffffffffffeffffee37",
11876 "a": "00",
11877 "b": "03",
11878 "n": "fffffffffffffffffffffffe26f2fc170f69466a74defd8d",
11879 "h": "01",
11880 "Gx": "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
11881 "Gy": "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d"
11882 },
11883 "secp192r1": {
11884 "p": "fffffffffffffffffffffffffffffffeffffffffffffffff",
11885 "a": "fffffffffffffffffffffffffffffffefffffffffffffffc",
11886 "b": "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
11887 "n": "ffffffffffffffffffffffff99def836146bc9b1b4d22831",
11888 "h": "01",
11889 "Gx": "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
11890 "Gy": "07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
11891 },
11892 "secp224r1": {
11893 "p": "ffffffffffffffffffffffffffffffff000000000000000000000001",
11894 "a": "fffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
11895 "b": "b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
11896 "n": "ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d",
11897 "h": "01",
11898 "Gx": "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
11899 "Gy": "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34"
11900 },
11901 "secp256k1": {
11902 "p": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
11903 "a": "00",
11904 "b": "07",
11905 "n": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
11906 "h": "01",
11907 "Gx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
11908 "Gy": "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"
11909 },
11910 "secp256r1": {
11911 "p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
11912 "a": "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
11913 "b": "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
11914 "n": "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
11915 "h": "01",
11916 "Gx": "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
11917 "Gy": "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
11918 }
11922var Point = _dereq_('./point')
11923var Curve = _dereq_('./curve')
11925var getCurveByName = _dereq_('./names')
11927module.exports = {
11928 Curve: Curve,
11929 Point: Point,
11930 getCurveByName: getCurveByName
11934var BigInteger = _dereq_('bigi')
11936var curves = _dereq_('./curves')
11937var Curve = _dereq_('./curve')
11939function getCurveByName(name) {
11940 var curve = curves[name]
11941 if (!curve) return null
11943 var p = new BigInteger(curve.p, 16)
11944 var a = new BigInteger(curve.a, 16)
11945 var b = new BigInteger(curve.b, 16)
11946 var n = new BigInteger(curve.n, 16)
11947 var h = new BigInteger(curve.h, 16)
11948 var Gx = new BigInteger(curve.Gx, 16)
11949 var Gy = new BigInteger(curve.Gy, 16)
11951 return new Curve(p, a, b, Gx, Gy, n, h)
11954module.exports = getCurveByName
11957(function (Buffer){
11958var assert = _dereq_('assert')
11959var BigInteger = _dereq_('bigi')
11961var THREE = BigInteger.valueOf(3)
11963function Point(curve, x, y, z) {
11964 assert.notStrictEqual(z, undefined, 'Missing Z coordinate')
11966 this.curve = curve
11967 this.x = x
11968 this.y = y
11969 this.z = z
11970 this._zInv = null
11972 this.compressed = true
11975Object.defineProperty(Point.prototype, 'zInv', {
11976 get: function() {
11977 if (this._zInv === null) {
11978 this._zInv = this.z.modInverse(this.curve.p)
11979 }
11981 return this._zInv
11982 }
11985Object.defineProperty(Point.prototype, 'affineX', {
11986 get: function() {
11987 return this.x.multiply(this.zInv).mod(this.curve.p)
11988 }
11991Object.defineProperty(Point.prototype, 'affineY', {
11992 get: function() {
11993 return this.y.multiply(this.zInv).mod(this.curve.p)
11994 }
11997Point.fromAffine = function(curve, x, y) {
11998 return new Point(curve, x, y, BigInteger.ONE)
12001Point.prototype.equals = function(other) {
12002 if (other === this) return true
12003 if (this.curve.isInfinity(this)) return this.curve.isInfinity(other)
12004 if (this.curve.isInfinity(other)) return this.curve.isInfinity(this)
12006 // u = Y2 * Z1 - Y1 * Z2
12007 var u = other.y.multiply(this.z).subtract(this.y.multiply(other.z)).mod(this.curve.p)
12009 if (u.signum() !== 0) return false
12011 // v = X2 * Z1 - X1 * Z2
12012 var v = other.x.multiply(this.z).subtract(this.x.multiply(other.z)).mod(this.curve.p)
12014 return v.signum() === 0
12017Point.prototype.negate = function() {
12018 var y = this.curve.p.subtract(this.y)
12020 return new Point(this.curve, this.x, y, this.z)
12023Point.prototype.add = function(b) {
12024 if (this.curve.isInfinity(this)) return b
12025 if (this.curve.isInfinity(b)) return this
12027 var x1 = this.x
12028 var y1 = this.y
12029 var x2 = b.x
12030 var y2 = b.y
12032 // u = Y2 * Z1 - Y1 * Z2
12033 var u = y2.multiply(this.z).subtract(y1.multiply(b.z)).mod(this.curve.p)
12034 // v = X2 * Z1 - X1 * Z2
12035 var v = x2.multiply(this.z).subtract(x1.multiply(b.z)).mod(this.curve.p)
12037 if (v.signum() === 0) {
12038 if (u.signum() === 0) {
12039 return this.twice() // this == b, so double
12040 }
12042 return this.curve.infinity // this = -b, so infinity
12043 }
12045 var v2 = v.square()
12046 var v3 = v2.multiply(v)
12047 var x1v2 = x1.multiply(v2)
12048 var zu2 = u.square().multiply(this.z)
12050 // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)
12051 var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.p)
12052 // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3
12053 var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.p)
12054 // z3 = v^3 * z1 * z2
12055 var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.p)
12057 return new Point(this.curve, x3, y3, z3)
12060Point.prototype.twice = function() {
12061 if (this.curve.isInfinity(this)) return this
12062 if (this.y.signum() === 0) return this.curve.infinity
12064 var x1 = this.x
12065 var y1 = this.y
12067 var y1z1 = y1.multiply(this.z)
12068 var y1sqz1 = y1z1.multiply(y1).mod(this.curve.p)
12069 var a = this.curve.a
12071 // w = 3 * x1^2 + a * z1^2
12072 var w = x1.square().multiply(THREE)
12074 if (a.signum() !== 0) {
12075 w = w.add(this.z.square().multiply(a))
12076 }
12078 w = w.mod(this.curve.p)
12079 // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)
12080 var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.p)
12081 // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3
12082 var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.pow(3)).mod(this.curve.p)
12083 // z3 = 8 * (y1 * z1)^3
12084 var z3 = y1z1.pow(3).shiftLeft(3).mod(this.curve.p)
12086 return new Point(this.curve, x3, y3, z3)
12089// Simple NAF (Non-Adjacent Form) multiplication algorithm
12090// TODO: modularize the multiplication algorithm
12091Point.prototype.multiply = function(k) {
12092 if (this.curve.isInfinity(this)) return this
12093 if (k.signum() === 0) return this.curve.infinity
12095 var e = k
12096 var h = e.multiply(THREE)
12098 var neg = this.negate()
12099 var R = this
12101 for (var i = h.bitLength() - 2; i > 0; --i) {
12102 R = R.twice()
12104 var hBit = h.testBit(i)
12105 var eBit = e.testBit(i)
12107 if (hBit != eBit) {
12108 R = R.add(hBit ? this : neg)
12109 }
12110 }
12112 return R
12115// Compute this*j + x*k (simultaneous multiplication)
12116Point.prototype.multiplyTwo = function(j, x, k) {
12117 var i
12119 if (j.bitLength() > k.bitLength())
12120 i = j.bitLength() - 1
12121 else
12122 i = k.bitLength() - 1
12124 var R = this.curve.infinity
12125 var both = this.add(x)
12127 while (i >= 0) {
12128 R = R.twice()
12130 var jBit = j.testBit(i)
12131 var kBit = k.testBit(i)
12133 if (jBit) {
12134 if (kBit) {
12135 R = R.add(both)
12137 } else {
12138 R = R.add(this)
12139 }
12141 } else {
12142 if (kBit) {
12143 R = R.add(x)
12144 }
12145 }
12146 --i
12147 }
12149 return R
12152Point.prototype.getEncoded = function(compressed) {
12153 if (compressed == undefined) compressed = this.compressed
12154 if (this.curve.isInfinity(this)) return new Buffer('00', 'hex') // Infinity point encoded is simply '00'
12156 var x = this.affineX
12157 var y = this.affineY
12159 var buffer
12161 // Determine size of q in bytes
12162 var byteLength = Math.floor((this.curve.p.bitLength() + 7) / 8)
12164 // 0x02/0x03 | X
12165 if (compressed) {
12166 buffer = new Buffer(1 + byteLength)
12167 buffer.writeUInt8(y.isEven() ? 0x02 : 0x03, 0)
12169 // 0x04 | X | Y
12170 } else {
12171 buffer = new Buffer(1 + byteLength + byteLength)
12172 buffer.writeUInt8(0x04, 0)
12174 y.toBuffer(byteLength).copy(buffer, 1 + byteLength)
12175 }
12177 x.toBuffer(byteLength).copy(buffer, 1)
12179 return buffer
12182Point.decodeFrom = function(curve, buffer) {
12183 var type = buffer.readUInt8(0)
12184 var compressed = (type !== 4)
12186 var x = BigInteger.fromBuffer(buffer.slice(1, 33))
12187 var byteLength = Math.floor((curve.p.bitLength() + 7) / 8)
12189 var Q
12190 if (compressed) {
12191 assert.equal(buffer.length, byteLength + 1, 'Invalid sequence length')
12192 assert(type === 0x02 || type === 0x03, 'Invalid sequence tag')
12194 var isOdd = (type === 0x03)
12195 Q = curve.pointFromX(isOdd, x)
12197 } else {
12198 assert.equal(buffer.length, 1 + byteLength + byteLength, 'Invalid sequence length')
12200 var y = BigInteger.fromBuffer(buffer.slice(1 + byteLength))
12201 Q = Point.fromAffine(curve, x, y)
12202 }
12204 Q.compressed = compressed
12205 return Q
12208Point.prototype.toString = function () {
12209 if (this.curve.isInfinity(this)) return '(INFINITY)'
12211 return '(' + this.affineX.toString() + ',' + this.affineY.toString() + ')'
12214module.exports = Point
12218(function (process,Buffer){
12219// Closure compiler error - result of 'not' operator not being used
12222'use strict'
12224//*** UMD BEGIN
12225if (typeof define !== 'undefined' && define.amd) { //require.js / AMD
12226 define([], function() {
12227 return secureRandom
12228 })
12229} else if (typeof module !== 'undefined' && module.exports) { //CommonJS
12230 module.exports = secureRandom
12231} else { //script / browser
12232 globals.secureRandom = secureRandom
12234//*** UMD END
12236//options.type is the only valid option
12237function secureRandom(count, options) {
12238 options = options || {type: 'Array'}
12239 //we check for process.pid to prevent browserify from tricking us
12240 if (typeof process != 'undefined' && typeof process.pid == 'number') {
12241 return nodeRandom(count, options)
12242 } else {
12243 var crypto = window.crypto || window.msCrypto
12244 if (!crypto) throw new Error("Your browser does not support window.crypto.")
12245 return browserRandom(count, options)
12246 }
12249function nodeRandom(count, options) {
12250 var crypto = _dereq_('crypto')
12251 var buf = crypto.randomBytes(count)
12253 switch (options.type) {
12254 case 'Array':
12255 return [].slice.call(buf)
12256 case 'Buffer':
12257 return buf
12258 case 'Uint8Array':
12259 var arr = new Uint8Array(count)
12260 for (var i = 0; i < count; ++i) { arr[i] = buf.readUInt8(i) }
12261 return arr
12262 default:
12263 throw new Error(options.type + " is unsupported.")
12264 }
12267function browserRandom(count, options) {
12268 var nativeArr = new Uint8Array(count)
12269 var crypto = window.crypto || window.msCrypto
12270 crypto.getRandomValues(nativeArr)
12272 switch (options.type) {
12273 case 'Array':
12274 return [].slice.call(nativeArr)
12275 case 'Buffer':
12276 try { var b = new Buffer(1) } catch(e) { throw new Error('Buffer not supported in this environment. Use Node.js or Browserify for browser support.')}
12277 return new Buffer(nativeArr)
12278 case 'Uint8Array':
12279 return nativeArr
12280 default:
12281 throw new Error(options.type + " is unsupported.")
12282 }
12285secureRandom.randomArray = function(byteCount) {
12286 return secureRandom(byteCount, {type: 'Array'})
12289secureRandom.randomUint8Array = function(byteCount) {
12290 return secureRandom(byteCount, {type: 'Uint8Array'})
12293secureRandom.randomBuffer = function(byteCount) {
12294 return secureRandom(byteCount, {type: 'Buffer'})
12302(function (Buffer){
12303var assert = _dereq_('assert')
12304var base58check = _dereq_('./base58check')
12305var networks = _dereq_('./networks')
12306var scripts = _dereq_('./scripts')
12308function findScriptTypeByVersion(version) {
12309 for (var networkName in networks) {
12310 var network = networks[networkName]
12312 if (version === network.pubKeyHash) return 'pubkeyhash'
12313 if (version === network.scriptHash) return 'scripthash'
12314 }
12317function Address(hash, version) {
12318 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
12319 assert.strictEqual(hash.length, 20, 'Invalid hash length')
12320 assert.strictEqual(version & 0xff, version, 'Invalid version byte')
12322 this.hash = hash
12323 this.version = version
12326// Import functions
12327Address.fromBase58Check = function(string) {
12328 var payload = base58check.decode(string)
12329 var version = payload.readUInt8(0)
12330 var hash = payload.slice(1)
12332 return new Address(hash, version)
12335Address.fromOutputScript = function(script, network) {
12336 network = network || networks.bitcoin
12338 var type = scripts.classifyOutput(script)
12340 if (type === 'pubkeyhash') return new Address(script.chunks[2], network.pubKeyHash)
12341 if (type === 'scripthash') return new Address(script.chunks[1], network.scriptHash)
12343 assert(false, type + ' has no matching Address')
12346// Export functions
12347Address.prototype.toBase58Check = function () {
12348 var payload = new Buffer(21)
12349 payload.writeUInt8(this.version, 0)
12350 this.hash.copy(payload, 1)
12352 return base58check.encode(payload)
12355Address.prototype.toOutputScript = function() {
12356 var scriptType = findScriptTypeByVersion(this.version)
12358 if (scriptType === 'pubkeyhash') return scripts.pubKeyHashOutput(this.hash)
12359 if (scriptType === 'scripthash') return scripts.scriptHashOutput(this.hash)
12361 assert(false, this.toString() + ' has no matching Script')
12364Address.prototype.toString = Address.prototype.toBase58Check
12366module.exports = Address
12370(function (Buffer){
12371// https://en.bitcoin.it/wiki/Base58Check_encoding
12372var assert = _dereq_('assert')
12373var base58 = _dereq_('bs58')
12374var crypto = _dereq_('./crypto')
12376// Encode a buffer as a base58-check-encoded string
12377function encode(payload) {
12378 var checksum = crypto.hash256(payload).slice(0, 4)
12380 return base58.encode(Buffer.concat([
12381 payload,
12382 checksum
12383 ]))
12386// Decode a base58-check-encoded string to a buffer
12387function decode(string) {
12388 var buffer = base58.decode(string)
12390 var payload = buffer.slice(0, -4)
12391 var checksum = buffer.slice(-4)
12392 var newChecksum = crypto.hash256(payload).slice(0, 4)
12394 assert.deepEqual(newChecksum, checksum, 'Invalid checksum')
12396 return payload
12399module.exports = {
12400 encode: encode,
12401 decode: decode
12406var assert = _dereq_('assert')
12407var opcodes = _dereq_('./opcodes')
12409// https://github.com/feross/buffer/blob/master/index.js#L1127
12410function verifuint(value, max) {
12411 assert(typeof value === 'number', 'cannot write a non-number as a number')
12412 assert(value >= 0, 'specified a negative value for writing an unsigned value')
12413 assert(value <= max, 'value is larger than maximum value for type')
12414 assert(Math.floor(value) === value, 'value has a fractional component')
12417function pushDataSize(i) {
12418 return i < opcodes.OP_PUSHDATA1 ? 1
12419 : i < 0xff ? 2
12420 : i < 0xffff ? 3
12421 : 5
12424function readPushDataInt(buffer, offset) {
12425 var opcode = buffer.readUInt8(offset)
12426 var number, size
12428 // ~6 bit
12429 if (opcode < opcodes.OP_PUSHDATA1) {
12430 number = opcode
12431 size = 1
12433 // 8 bit
12434 } else if (opcode === opcodes.OP_PUSHDATA1) {
12435 number = buffer.readUInt8(offset + 1)
12436 size = 2
12438 // 16 bit
12439 } else if (opcode === opcodes.OP_PUSHDATA2) {
12440 number = buffer.readUInt16LE(offset + 1)
12441 size = 3
12443 // 32 bit
12444 } else {
12445 assert.equal(opcode, opcodes.OP_PUSHDATA4, 'Unexpected opcode')
12447 number = buffer.readUInt32LE(offset + 1)
12448 size = 5
12450 }
12452 return {
12453 opcode: opcode,
12454 number: number,
12455 size: size
12456 }
12459function readUInt64LE(buffer, offset) {
12460 var a = buffer.readUInt32LE(offset)
12461 var b = buffer.readUInt32LE(offset + 4)
12462 b *= 0x100000000
12464 verifuint(b + a, 0x001fffffffffffff)
12466 return b + a
12469function readVarInt(buffer, offset) {
12470 var t = buffer.readUInt8(offset)
12471 var number, size
12473 // 8 bit
12474 if (t < 253) {
12475 number = t
12476 size = 1
12478 // 16 bit
12479 } else if (t < 254) {
12480 number = buffer.readUInt16LE(offset + 1)
12481 size = 3
12483 // 32 bit
12484 } else if (t < 255) {
12485 number = buffer.readUInt32LE(offset + 1)
12486 size = 5
12488 // 64 bit
12489 } else {
12490 number = readUInt64LE(buffer, offset + 1)
12491 size = 9
12492 }
12494 return {
12495 number: number,
12496 size: size
12497 }
12500function writePushDataInt(buffer, number, offset) {
12501 var size = pushDataSize(number)
12503 // ~6 bit
12504 if (size === 1) {
12505 buffer.writeUInt8(number, offset)
12507 // 8 bit
12508 } else if (size === 2) {
12509 buffer.writeUInt8(opcodes.OP_PUSHDATA1, offset)
12510 buffer.writeUInt8(number, offset + 1)
12512 // 16 bit
12513 } else if (size === 3) {
12514 buffer.writeUInt8(opcodes.OP_PUSHDATA2, offset)
12515 buffer.writeUInt16LE(number, offset + 1)
12517 // 32 bit
12518 } else {
12519 buffer.writeUInt8(opcodes.OP_PUSHDATA4, offset)
12520 buffer.writeUInt32LE(number, offset + 1)
12522 }
12524 return size
12527function writeUInt64LE(buffer, value, offset) {
12528 verifuint(value, 0x001fffffffffffff)
12530 buffer.writeInt32LE(value & -1, offset)
12531 buffer.writeUInt32LE(Math.floor(value / 0x100000000), offset + 4)
12534function varIntSize(i) {
12535 return i < 253 ? 1
12536 : i < 0x10000 ? 3
12537 : i < 0x100000000 ? 5
12538 : 9
12541function writeVarInt(buffer, number, offset) {
12542 var size = varIntSize(number)
12544 // 8 bit
12545 if (size === 1) {
12546 buffer.writeUInt8(number, offset)
12548 // 16 bit
12549 } else if (size === 3) {
12550 buffer.writeUInt8(253, offset)
12551 buffer.writeUInt16LE(number, offset + 1)
12553 // 32 bit
12554 } else if (size === 5) {
12555 buffer.writeUInt8(254, offset)
12556 buffer.writeUInt32LE(number, offset + 1)
12558 // 64 bit
12559 } else {
12560 buffer.writeUInt8(255, offset)
12561 writeUInt64LE(buffer, number, offset + 1)
12562 }
12564 return size
12567module.exports = {
12568 pushDataSize: pushDataSize,
12569 readPushDataInt: readPushDataInt,
12570 readUInt64LE: readUInt64LE,
12571 readVarInt: readVarInt,
12572 varIntSize: varIntSize,
12573 writePushDataInt: writePushDataInt,
12574 writeUInt64LE: writeUInt64LE,
12575 writeVarInt: writeVarInt
12579(function (Buffer){
12580var assert = _dereq_('assert')
12581var Crypto = _dereq_('crypto-js')
12582var WordArray = Crypto.lib.WordArray
12584function bufferToWordArray(buffer) {
12585 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got', buffer)
12587 var words = []
12588 for (var i = 0, b = 0; i < buffer.length; i++, b += 8) {
12589 words[b >>> 5] |= buffer[i] << (24 - b % 32)
12590 }
12592 return new WordArray.init(words, buffer.length)
12595function wordArrayToBuffer(wordArray) {
12596 assert(Array.isArray(wordArray.words), 'Expected WordArray, got' + wordArray)
12598 var words = wordArray.words
12599 var buffer = new Buffer(words.length * 4)
12601 words.forEach(function(value, i) {
12602 buffer.writeInt32BE(value & -1, i * 4)
12603 })
12605 return buffer
12608module.exports = {
12609 bufferToWordArray: bufferToWordArray,
12610 wordArrayToBuffer: wordArrayToBuffer
12615(function (Buffer){
12616// Crypto, crypto, where art thou crypto
12617var assert = _dereq_('assert')
12618var CryptoJS = _dereq_('crypto-js')
12619var crypto = _dereq_('crypto')
12620var convert = _dereq_('./convert')
12622function hash160(buffer) {
12623 return ripemd160(sha256(buffer))
12626function hash256(buffer) {
12627 return sha256(sha256(buffer))
12630function ripemd160(buffer) {
12631 return crypto.createHash('rmd160').update(buffer).digest()
12634function sha1(buffer) {
12635 return crypto.createHash('sha1').update(buffer).digest()
12638function sha256(buffer) {
12639 return crypto.createHash('sha256').update(buffer).digest()
12642// FIXME: Name not consistent with others
12643function HmacSHA256(buffer, secret) {
12644 return crypto.createHmac('sha256', secret).update(buffer).digest()
12647function HmacSHA512(data, secret) {
12648 assert(Buffer.isBuffer(data), 'Expected Buffer for data, got ' + data)
12649 assert(Buffer.isBuffer(secret), 'Expected Buffer for secret, got ' + secret)
12651 var dataWords = convert.bufferToWordArray(data)
12652 var secretWords = convert.bufferToWordArray(secret)
12654 var hash = CryptoJS.HmacSHA512(dataWords, secretWords)
12656 return convert.wordArrayToBuffer(hash)
12659module.exports = {
12660 ripemd160: ripemd160,
12661 sha1: sha1,
12662 sha256: sha256,
12663 hash160: hash160,
12664 hash256: hash256,
12665 HmacSHA256: HmacSHA256,
12666 HmacSHA512: HmacSHA512
12671(function (Buffer){
12672var assert = _dereq_('assert')
12673var crypto = _dereq_('./crypto')
12675var BigInteger = _dereq_('bigi')
12676var ECSignature = _dereq_('./ecsignature')
12677var Point = _dereq_('ecurve').Point
12679// https://tools.ietf.org/html/rfc6979#section-3.2
12680function deterministicGenerateK(curve, hash, d) {
12681 assert(Buffer.isBuffer(hash), 'Hash must be a Buffer, not ' + hash)
12682 assert.equal(hash.length, 32, 'Hash must be 256 bit')
12683 assert(d instanceof BigInteger, 'Private key must be a BigInteger')
12685 var x = d.toBuffer(32)
12686 var k = new Buffer(32)
12687 var v = new Buffer(32)
12689 // Step B
12690 v.fill(1)
12692 // Step C
12693 k.fill(0)
12695 // Step D
12696 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0]), x, hash]), k)
12698 // Step E
12699 v = crypto.HmacSHA256(v, k)
12701 // Step F
12702 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([1]), x, hash]), k)
12704 // Step G
12705 v = crypto.HmacSHA256(v, k)
12707 // Step H1/H2a, ignored as tlen === qlen (256 bit)
12708 // Step H2b
12709 v = crypto.HmacSHA256(v, k)
12711 var T = BigInteger.fromBuffer(v)
12713 // Step H3, repeat until T is within the interval [1, n - 1]
12714 while ((T.signum() <= 0) || (T.compareTo(curve.n) >= 0)) {
12715 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0])]), k)
12716 v = crypto.HmacSHA256(v, k)
12718 T = BigInteger.fromBuffer(v)
12719 }
12721 return T
12724function sign(curve, hash, d) {
12725 var k = deterministicGenerateK(curve, hash, d)
12727 var n = curve.n
12728 var G = curve.G
12729 var Q = G.multiply(k)
12730 var e = BigInteger.fromBuffer(hash)
12732 var r = Q.affineX.mod(n)
12733 assert.notEqual(r.signum(), 0, 'Invalid R value')
12735 var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n)
12736 assert.notEqual(s.signum(), 0, 'Invalid S value')
12738 var N_OVER_TWO = n.shiftRight(1)
12740 // enforce low S values, see bip62: 'low s values in signatures'
12741 if (s.compareTo(N_OVER_TWO) > 0) {
12742 s = n.subtract(s)
12743 }
12745 return new ECSignature(r, s)
12748function verify(curve, hash, signature, Q) {
12749 var e = BigInteger.fromBuffer(hash)
12751 return verifyRaw(curve, e, signature, Q)
12754function verifyRaw(curve, e, signature, Q) {
12755 var n = curve.n
12756 var G = curve.G
12758 var r = signature.r
12759 var s = signature.s
12761 if (r.signum() === 0 || r.compareTo(n) >= 0) return false
12762 if (s.signum() === 0 || s.compareTo(n) >= 0) return false
12764 var c = s.modInverse(n)
12766 var u1 = e.multiply(c).mod(n)
12767 var u2 = r.multiply(c).mod(n)
12769 var point = G.multiplyTwo(u1, Q, u2)
12770 var v = point.affineX.mod(n)
12772 return v.equals(r)
12776 * Recover a public key from a signature.
12777 *
12778 * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
12779 * Key Recovery Operation".
12780 *
12781 * http://www.secg.org/download/aid-780/sec1-v2.pdf
12782 */
12783function recoverPubKey(curve, e, signature, i) {
12784 assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
12786 var r = signature.r
12787 var s = signature.s
12789 // A set LSB signifies that the y-coordinate is odd
12790 var isYOdd = i & 1
12792 // The more significant bit specifies whether we should use the
12793 // first or second candidate key.
12794 var isSecondKey = i >> 1
12796 var n = curve.n
12797 var G = curve.G
12799 // 1.1 Let x = r + jn
12800 var x = isSecondKey ? r.add(n) : r
12801 var R = curve.pointFromX(isYOdd, x)
12803 // 1.4 Check that nR is at infinity
12804 var nR = R.multiply(n)
12805 assert(curve.isInfinity(nR), 'nR is not a valid curve point')
12807 // Compute -e from e
12808 var eNeg = e.negate().mod(n)
12810 // 1.6.1 Compute Q = r^-1 (sR - eG)
12811 // Q = r^-1 (sR + -eG)
12812 var rInv = r.modInverse(n)
12814 var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
12815 curve.validate(Q)
12817 return Q
12821 * Calculate pubkey extraction parameter.
12822 *
12823 * When extracting a pubkey from a signature, we have to
12824 * distinguish four different cases. Rather than putting this
12825 * burden on the verifier, Bitcoin includes a 2-bit value with the
12826 * signature.
12827 *
12828 * This function simply tries all four cases and returns the value
12829 * that resulted in a successful pubkey recovery.
12830 */
12831function calcPubKeyRecoveryParam(curve, e, signature, Q) {
12832 for (var i = 0; i < 4; i++) {
12833 var Qprime = recoverPubKey(curve, e, signature, i)
12835 // 1.6.2 Verify Q
12836 if (Qprime.equals(Q)) {
12837 return i
12838 }
12839 }
12841 throw new Error('Unable to find valid recovery factor')
12844module.exports = {
12845 calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
12846 deterministicGenerateK: deterministicGenerateK,
12847 recoverPubKey: recoverPubKey,
12848 sign: sign,
12849 verify: verify,
12850 verifyRaw: verifyRaw
12855(function (Buffer){
12856var assert = _dereq_('assert')
12857var base58check = _dereq_('./base58check')
12858var ecdsa = _dereq_('./ecdsa')
12859var networks = _dereq_('./networks')
12860var secureRandom = _dereq_('secure-random')
12862var BigInteger = _dereq_('bigi')
12863var ECPubKey = _dereq_('./ecpubkey')
12865var ecurve = _dereq_('ecurve')
12866var curve = ecurve.getCurveByName('secp256k1')
12868function ECKey(d, compressed) {
12869 assert(d.signum() > 0, 'Private key must be greater than 0')
12870 assert(d.compareTo(curve.n) < 0, 'Private key must be less than the curve order')
12872 var Q = curve.G.multiply(d)
12874 this.d = d
12875 this.pub = new ECPubKey(Q, compressed)
12878// Static constructors
12879ECKey.fromWIF = function(string) {
12880 var payload = base58check.decode(string)
12881 var compressed = false
12883 // Ignore the version byte
12884 payload = payload.slice(1)
12886 if (payload.length === 33) {
12887 assert.strictEqual(payload[32], 0x01, 'Invalid compression flag')
12889 // Truncate the compression flag
12890 payload = payload.slice(0, -1)
12891 compressed = true
12892 }
12894 assert.equal(payload.length, 32, 'Invalid WIF payload length')
12896 var d = BigInteger.fromBuffer(payload)
12897 return new ECKey(d, compressed)
12900ECKey.makeRandom = function(compressed, rng) {
12901 rng = rng || secureRandom.randomBuffer
12903 var buffer = rng(32)
12904 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got ' + buffer)
12906 var d = BigInteger.fromBuffer(buffer)
12907 d = d.mod(curve.n)
12909 return new ECKey(d, compressed)
12912// Export functions
12913ECKey.prototype.toWIF = function(network) {
12914 network = network || networks.bitcoin
12916 var bufferLen = this.pub.compressed ? 34 : 33
12917 var buffer = new Buffer(bufferLen)
12919 buffer.writeUInt8(network.wif, 0)
12920 this.d.toBuffer(32).copy(buffer, 1)
12922 if (this.pub.compressed) {
12923 buffer.writeUInt8(0x01, 33)
12924 }
12926 return base58check.encode(buffer)
12929// Operations
12930ECKey.prototype.sign = function(hash) {
12931 return ecdsa.sign(curve, hash, this.d)
12934module.exports = ECKey
12938(function (Buffer){
12939var assert = _dereq_('assert')
12940var crypto = _dereq_('./crypto')
12941var ecdsa = _dereq_('./ecdsa')
12942var networks = _dereq_('./networks')
12944var Address = _dereq_('./address')
12946var ecurve = _dereq_('ecurve')
12947var curve = ecurve.getCurveByName('secp256k1')
12949function ECPubKey(Q, compressed) {
12950 assert(Q instanceof ecurve.Point, 'Expected Point, got ' + Q)
12952 if (compressed == undefined) compressed = true
12953 assert.strictEqual(typeof compressed, 'boolean', 'Expected boolean, got ' + compressed)
12955 this.compressed = compressed
12956 this.Q = Q
12959// Static constructors
12960ECPubKey.fromBuffer = function(buffer) {
12961 var Q = ecurve.Point.decodeFrom(curve, buffer)
12962 return new ECPubKey(Q, Q.compressed)
12965ECPubKey.fromHex = function(hex) {
12966 return ECPubKey.fromBuffer(new Buffer(hex, 'hex'))
12969// Operations
12970ECPubKey.prototype.getAddress = function(network) {
12971 network = network || networks.bitcoin
12973 return new Address(crypto.hash160(this.toBuffer()), network.pubKeyHash)
12976ECPubKey.prototype.verify = function(hash, signature) {
12977 return ecdsa.verify(curve, hash, signature, this.Q)
12980// Export functions
12981ECPubKey.prototype.toBuffer = function() {
12982 return this.Q.getEncoded(this.compressed)
12985ECPubKey.prototype.toHex = function() {
12986 return this.toBuffer().toString('hex')
12989module.exports = ECPubKey
12993(function (Buffer){
12994var assert = _dereq_('assert')
12995var BigInteger = _dereq_('bigi')
12997function ECSignature(r, s) {
12998 assert(r instanceof BigInteger, 'Expected BigInteger, got ' + r)
12999 assert(s instanceof BigInteger, 'Expected BigInteger, got ' + s)
13000 this.r = r
13001 this.s = s
13004// Import operations
13005ECSignature.parseCompact = function(buffer) {
13006 assert.equal(buffer.length, 65, 'Invalid signature length')
13007 var i = buffer.readUInt8(0) - 27
13009 // At most 3 bits
13010 assert.equal(i, i & 7, 'Invalid signature parameter')
13011 var compressed = !!(i & 4)
13013 // Recovery param only
13014 i = i & 3
13016 var r = BigInteger.fromBuffer(buffer.slice(1, 33))
13017 var s = BigInteger.fromBuffer(buffer.slice(33))
13019 return {
13020 compressed: compressed,
13021 i: i,
13022 signature: new ECSignature(r, s)
13023 }
13026ECSignature.fromDER = function(buffer) {
13027 assert.equal(buffer.readUInt8(0), 0x30, 'Not a DER sequence')
13028 assert.equal(buffer.readUInt8(1), buffer.length - 2, 'Invalid sequence length')
13029 assert.equal(buffer.readUInt8(2), 0x02, 'Expected a DER integer')
13031 var rLen = buffer.readUInt8(3)
13032 assert(rLen > 0, 'R length is zero')
13034 var offset = 4 + rLen
13035 assert.equal(buffer.readUInt8(offset), 0x02, 'Expected a DER integer (2)')
13037 var sLen = buffer.readUInt8(offset + 1)
13038 assert(sLen > 0, 'S length is zero')
13040 var rB = buffer.slice(4, offset)
13041 var sB = buffer.slice(offset + 2)
13042 offset += 2 + sLen
13044 if (rLen > 1 && rB.readUInt8(0) === 0x00) {
13045 assert(rB.readUInt8(1) & 0x80, 'R value excessively padded')
13046 }
13048 if (sLen > 1 && sB.readUInt8(0) === 0x00) {
13049 assert(sB.readUInt8(1) & 0x80, 'S value excessively padded')
13050 }
13052 assert.equal(offset, buffer.length, 'Invalid DER encoding')
13053 var r = BigInteger.fromDERInteger(rB)
13054 var s = BigInteger.fromDERInteger(sB)
13056 assert(r.signum() >= 0, 'R value is negative')
13057 assert(s.signum() >= 0, 'S value is negative')
13059 return new ECSignature(r, s)
13062// FIXME: 0x00, 0x04, 0x80 are SIGHASH_* boundary constants, importing Transaction causes a circular dependency
13063ECSignature.parseScriptSignature = function(buffer) {
13064 var hashType = buffer.readUInt8(buffer.length - 1)
13065 var hashTypeMod = hashType & ~0x80
13067 assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType')
13069 return {
13070 signature: ECSignature.fromDER(buffer.slice(0, -1)),
13071 hashType: hashType
13072 }
13075// Export operations
13076ECSignature.prototype.toCompact = function(i, compressed) {
13077 if (compressed) i += 4
13078 i += 27
13080 var buffer = new Buffer(65)
13081 buffer.writeUInt8(i, 0)
13083 this.r.toBuffer(32).copy(buffer, 1)
13084 this.s.toBuffer(32).copy(buffer, 33)
13086 return buffer
13089ECSignature.prototype.toDER = function() {
13090 var rBa = this.r.toDERInteger()
13091 var sBa = this.s.toDERInteger()
13093 var sequence = []
13094 sequence.push(0x02) // INTEGER
13095 sequence.push(rBa.length)
13096 sequence = sequence.concat(rBa)
13098 sequence.push(0x02) // INTEGER
13099 sequence.push(sBa.length)
13100 sequence = sequence.concat(sBa)
13102 sequence.unshift(sequence.length)
13103 sequence.unshift(0x30) // SEQUENCE
13105 return new Buffer(sequence)
13108ECSignature.prototype.toScriptSignature = function(hashType) {
13109 var hashTypeBuffer = new Buffer(1)
13110 hashTypeBuffer.writeUInt8(hashType, 0)
13112 return Buffer.concat([this.toDER(), hashTypeBuffer])
13115module.exports = ECSignature
13119(function (Buffer){
13120var assert = _dereq_('assert')
13121var base58check = _dereq_('./base58check')
13122var crypto = _dereq_('./crypto')
13123var networks = _dereq_('./networks')
13125var BigInteger = _dereq_('bigi')
13126var ECKey = _dereq_('./eckey')
13127var ECPubKey = _dereq_('./ecpubkey')
13129var ecurve = _dereq_('ecurve')
13130var curve = ecurve.getCurveByName('secp256k1')
13132function findBIP32ParamsByVersion(version) {
13133 for (var name in networks) {
13134 var network = networks[name]
13136 for (var type in network.bip32) {
13137 if (version != network.bip32[type]) continue
13139 return {
13140 isPrivate: (type === 'private'),
13141 network: network
13142 }
13143 }
13144 }
13146 assert(false, 'Could not find version ' + version.toString(16))
13149function HDNode(K, chainCode, network) {
13150 network = network || networks.bitcoin
13152 assert(Buffer.isBuffer(chainCode), 'Expected Buffer, got ' + chainCode)
13153 assert(network.bip32, 'Unknown BIP32 constants for network')
13155 this.chainCode = chainCode
13156 this.depth = 0
13157 this.index = 0
13158 this.network = network
13160 if (K instanceof BigInteger) {
13161 this.privKey = new ECKey(K, true)
13162 this.pubKey = this.privKey.pub
13163 } else {
13164 this.pubKey = new ECPubKey(K, true)
13165 }
13168HDNode.MASTER_SECRET = new Buffer('Bitcoin seed')
13169HDNode.HIGHEST_BIT = 0x80000000
13170HDNode.LENGTH = 78
13172HDNode.fromSeedBuffer = function(seed, network) {
13173 var I = crypto.HmacSHA512(seed, HDNode.MASTER_SECRET)
13174 var IL = I.slice(0, 32)
13175 var IR = I.slice(32)
13177 // In case IL is 0 or >= n, the master key is invalid
13178 // This is handled by `new ECKey` in the HDNode constructor
13179 var pIL = BigInteger.fromBuffer(IL)
13181 return new HDNode(pIL, IR, network)
13184HDNode.fromSeedHex = function(hex, network) {
13185 return HDNode.fromSeedBuffer(new Buffer(hex, 'hex'), network)
13188HDNode.fromBase58 = function(string) {
13189 return HDNode.fromBuffer(base58check.decode(string))
13192HDNode.fromBuffer = function(buffer) {
13193 assert.strictEqual(buffer.length, HDNode.LENGTH, 'Invalid buffer length')
13195 // 4 byte: version bytes
13196 var version = buffer.readUInt32BE(0)
13197 var params = findBIP32ParamsByVersion(version)
13199 // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ...
13200 var depth = buffer.readUInt8(4)
13202 // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
13203 var parentFingerprint = buffer.readUInt32BE(5)
13204 if (depth === 0) {
13205 assert.strictEqual(parentFingerprint, 0x00000000, 'Invalid parent fingerprint')
13206 }
13208 // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
13209 // This is encoded in MSB order. (0x00000000 if master key)
13210 var index = buffer.readUInt32BE(9)
13211 assert(depth > 0 || index === 0, 'Invalid index')
13213 // 32 bytes: the chain code
13214 var chainCode = buffer.slice(13, 45)
13215 var hd
13217 // 33 bytes: private key data (0x00 + k)
13218 if (params.isPrivate) {
13219 assert.strictEqual(buffer.readUInt8(45), 0x00, 'Invalid private key')
13220 var data = buffer.slice(46, 78)
13221 var d = BigInteger.fromBuffer(data)
13222 hd = new HDNode(d, chainCode, params.network)
13224 // 33 bytes: public key data (0x02 + X or 0x03 + X)
13225 } else {
13226 var data = buffer.slice(45, 78)
13227 var Q = ecurve.Point.decodeFrom(curve, data)
13228 assert.equal(Q.compressed, true, 'Invalid public key')
13230 // Verify that the X coordinate in the public point corresponds to a point on the curve.
13231 // If not, the extended public key is invalid.
13232 curve.validate(Q)
13234 hd = new HDNode(Q, chainCode, params.network)
13235 }
13237 hd.depth = depth
13238 hd.index = index
13239 hd.parentFingerprint = parentFingerprint
13241 return hd
13244HDNode.fromHex = function(hex) {
13245 return HDNode.fromBuffer(new Buffer(hex, 'hex'))
13248HDNode.prototype.getIdentifier = function() {
13249 return crypto.hash160(this.pubKey.toBuffer())
13252HDNode.prototype.getFingerprint = function() {
13253 return this.getIdentifier().slice(0, 4)
13256HDNode.prototype.getAddress = function() {
13257 return this.pubKey.getAddress(this.network)
13260HDNode.prototype.toBase58 = function(isPrivate) {
13261 return base58check.encode(this.toBuffer(isPrivate))
13264HDNode.prototype.toBuffer = function(isPrivate) {
13265 if (isPrivate == undefined) isPrivate = !!this.privKey
13267 // Version
13268 var version = isPrivate ? this.network.bip32.private : this.network.bip32.public
13269 var buffer = new Buffer(HDNode.LENGTH)
13271 // 4 bytes: version bytes
13272 buffer.writeUInt32BE(version, 0)
13274 // Depth
13275 // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ....
13276 buffer.writeUInt8(this.depth, 4)
13278 // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
13279 var fingerprint = (this.depth === 0) ? 0x00000000 : this.parentFingerprint
13280 buffer.writeUInt32BE(fingerprint, 5)
13282 // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
13283 // This is encoded in Big endian. (0x00000000 if master key)
13284 buffer.writeUInt32BE(this.index, 9)
13286 // 32 bytes: the chain code
13287 this.chainCode.copy(buffer, 13)
13289 // 33 bytes: the public key or private key data
13290 if (isPrivate) {
13291 assert(this.privKey, 'Missing private key')
13293 // 0x00 + k for private keys
13294 buffer.writeUInt8(0, 45)
13295 this.privKey.d.toBuffer(32).copy(buffer, 46)
13296 } else {
13298 // X9.62 encoding for public keys
13299 this.pubKey.toBuffer().copy(buffer, 45)
13300 }
13302 return buffer
13305HDNode.prototype.toHex = function(isPrivate) {
13306 return this.toBuffer(isPrivate).toString('hex')
13309// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-derivation-ckd-functions
13310HDNode.prototype.derive = function(index) {
13311 var isHardened = index >= HDNode.HIGHEST_BIT
13312 var indexBuffer = new Buffer(4)
13313 indexBuffer.writeUInt32BE(index, 0)
13315 var data
13317 // Hardened child
13318 if (isHardened) {
13319 assert(this.privKey, 'Could not derive hardened child key')
13321 // data = 0x00 || ser256(kpar) || ser32(index)
13322 data = Buffer.concat([
13323 this.privKey.d.toBuffer(33),
13324 indexBuffer
13325 ])
13327 // Normal child
13328 } else {
13329 // data = serP(point(kpar)) || ser32(index)
13330 // = serP(Kpar) || ser32(index)
13331 data = Buffer.concat([
13332 this.pubKey.toBuffer(),
13333 indexBuffer
13334 ])
13335 }
13337 var I = crypto.HmacSHA512(data, this.chainCode)
13338 var IL = I.slice(0, 32)
13339 var IR = I.slice(32)
13341 var pIL = BigInteger.fromBuffer(IL)
13343 // In case parse256(IL) >= n, proceed with the next value for i
13344 if (pIL.compareTo(curve.n) >= 0) {
13345 return this.derive(index + 1)
13346 }
13348 // Private parent key -> private child key
13349 var hd
13350 if (this.privKey) {
13351 // ki = parse256(IL) + kpar (mod n)
13352 var ki = pIL.add(this.privKey.d).mod(curve.n)
13354 // In case ki == 0, proceed with the next value for i
13355 if (ki.signum() === 0) {
13356 return this.derive(index + 1)
13357 }
13359 hd = new HDNode(ki, IR, this.network)
13361 // Public parent key -> public child key
13362 } else {
13363 // Ki = point(parse256(IL)) + Kpar
13364 // = G*IL + Kpar
13365 var Ki = curve.G.multiply(pIL).add(this.pubKey.Q)
13367 // In case Ki is the point at infinity, proceed with the next value for i
13368 if (curve.isInfinity(Ki)) {
13369 return this.derive(index + 1)
13370 }
13372 hd = new HDNode(Ki, IR, this.network)
13373 }
13375 hd.depth = this.depth + 1
13376 hd.index = index
13377 hd.parentFingerprint = this.getFingerprint().readUInt32BE(0)
13379 return hd
13382HDNode.prototype.deriveHardened = function(index) {
13383 // Only derives hardened private keys by default
13384 return this.derive(index + HDNode.HIGHEST_BIT)
13387HDNode.prototype.toString = HDNode.prototype.toBase58
13389module.exports = HDNode
13393module.exports = {
13394 Address: _dereq_('./address'),
13395 base58check: _dereq_('./base58check'),
13396 bufferutils: _dereq_('./bufferutils'),
13397 convert: _dereq_('./convert'),
13398 crypto: _dereq_('./crypto'),
13399 ecdsa: _dereq_('./ecdsa'),
13400 ECKey: _dereq_('./eckey'),
13401 ECPubKey: _dereq_('./ecpubkey'),
13402 ECSignature: _dereq_('./ecsignature'),
13403 Message: _dereq_('./message'),
13404 opcodes: _dereq_('./opcodes'),
13405 HDNode: _dereq_('./hdnode'),
13406 Script: _dereq_('./script'),
13407 scripts: _dereq_('./scripts'),
13408 Transaction: _dereq_('./transaction'),
13409 networks: _dereq_('./networks'),
13410 Wallet: _dereq_('./wallet')
13414(function (Buffer){
13415/// Implements Bitcoin's feature for signing arbitrary messages.
13416var Address = _dereq_('./address')
13417var BigInteger = _dereq_('bigi')
13418var bufferutils = _dereq_('./bufferutils')
13419var crypto = _dereq_('./crypto')
13420var ecdsa = _dereq_('./ecdsa')
13421var networks = _dereq_('./networks')
13423var Address = _dereq_('./address')
13424var ECPubKey = _dereq_('./ecpubkey')
13425var ECSignature = _dereq_('./ecsignature')
13427var ecurve = _dereq_('ecurve')
13428var ecparams = ecurve.getCurveByName('secp256k1')
13430function magicHash(message, network) {
13431 var magicPrefix = new Buffer(network.magicPrefix)
13432 var messageBuffer = new Buffer(message)
13433 var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length))
13434 bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0)
13436 var buffer = Buffer.concat([magicPrefix, lengthBuffer, messageBuffer])
13437 return crypto.hash256(buffer)
13440function sign(privKey, message, network) {
13441 network = network || networks.bitcoin
13443 var hash = magicHash(message, network)
13444 var signature = privKey.sign(hash)
13445 var e = BigInteger.fromBuffer(hash)
13446 var i = ecdsa.calcPubKeyRecoveryParam(ecparams, e, signature, privKey.pub.Q)
13448 return signature.toCompact(i, privKey.pub.compressed)
13451// TODO: network could be implied from address
13452function verify(address, signatureBuffer, message, network) {
13453 if (address instanceof Address) {
13454 address = address.toString()
13455 }
13456 network = network || networks.bitcoin
13458 var hash = magicHash(message, network)
13459 var parsed = ECSignature.parseCompact(signatureBuffer)
13460 var e = BigInteger.fromBuffer(hash)
13461 var Q = ecdsa.recoverPubKey(ecparams, e, parsed.signature, parsed.i)
13463 var pubKey = new ECPubKey(Q, parsed.compressed)
13464 return pubKey.getAddress(network).toString() === address
13467module.exports = {
13468 magicHash: magicHash,
13469 sign: sign,
13470 verify: verify
13475// https://en.bitcoin.it/wiki/List_of_address_prefixes
13476// Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
13478var networks = {
13479 bitcoin: {
13480 magicPrefix: '\x18Bitcoin Signed Message:\n',
13481 bip32: {
13482 public: 0x0488b21e,
13483 private: 0x0488ade4
13484 },
13485 pubKeyHash: 0x00,
13486 scriptHash: 0x05,
13487 wif: 0x80,
13488 dustThreshold: 546, // https://github.com/bitcoin/bitcoin/blob/v0.9.2/src/core.h#L151-L162
13489 feePerKb: 10000, // https://github.com/bitcoin/bitcoin/blob/v0.9.2/src/main.cpp#L53
13490 estimateFee: estimateFee('bitcoin')
13491 },
13492 dogecoin: {
13493 magicPrefix: '\x19Dogecoin Signed Message:\n',
13494 bip32: {
13495 public: 0x02facafd,
13496 private: 0x02fac398
13497 },
13498 pubKeyHash: 0x1e,
13499 scriptHash: 0x16,
13500 wif: 0x9e,
13501 dustThreshold: 0, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/core.h#L155-L160
13502 dustSoftThreshold: 100000000, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/main.h#L62
13503 feePerKb: 100000000, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/main.cpp#L58
13504 estimateFee: estimateFee('dogecoin')
13505 },
13506 litecoin: {
13507 magicPrefix: '\x19Litecoin Signed Message:\n',
13508 bip32: {
13509 public: 0x019da462,
13510 private: 0x019d9cfe
13511 },
13512 pubKeyHash: 0x30,
13513 scriptHash: 0x05,
13514 wif: 0xb0,
13515 dustThreshold: 0, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.cpp#L360-L365
13516 dustSoftThreshold: 100000, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.h#L53
13517 feePerKb: 100000, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.cpp#L56
13518 estimateFee: estimateFee('litecoin')
13519 },
13520 testnet: {
13521 magicPrefix: '\x18Bitcoin Signed Message:\n',
13522 bip32: {
13523 public: 0x043587cf,
13524 private: 0x04358394
13525 },
13526 pubKeyHash: 0x6f,
13527 scriptHash: 0xc4,
13528 wif: 0xef,
13529 dustThreshold: 546,
13530 feePerKb: 10000,
13531 estimateFee: estimateFee('testnet')
13532 }
13535function estimateFee(type) {
13536 return function(tx) {
13537 var network = networks[type]
13538 var baseFee = network.feePerKb
13539 var byteSize = tx.toBuffer().length
13541 var fee = baseFee * Math.ceil(byteSize / 1000)
13542 if (network.dustSoftThreshold == undefined) return fee
13544 tx.outs.forEach(function(e){
13545 if (e.value < network.dustSoftThreshold) {
13546 fee += baseFee
13547 }
13548 })
13550 return fee
13551 }
13554module.exports = networks
13557module.exports = {
13558 // push value
13559 OP_FALSE : 0,
13560 OP_0 : 0,
13561 OP_PUSHDATA1 : 76,
13562 OP_PUSHDATA2 : 77,
13563 OP_PUSHDATA4 : 78,
13564 OP_1NEGATE : 79,
13565 OP_RESERVED : 80,
13566 OP_1 : 81,
13567 OP_TRUE : 81,
13568 OP_2 : 82,
13569 OP_3 : 83,
13570 OP_4 : 84,
13571 OP_5 : 85,
13572 OP_6 : 86,
13573 OP_7 : 87,
13574 OP_8 : 88,
13575 OP_9 : 89,
13576 OP_10 : 90,
13577 OP_11 : 91,
13578 OP_12 : 92,
13579 OP_13 : 93,
13580 OP_14 : 94,
13581 OP_15 : 95,
13582 OP_16 : 96,
13584 // control
13585 OP_NOP : 97,
13586 OP_VER : 98,
13587 OP_IF : 99,
13588 OP_NOTIF : 100,
13589 OP_VERIF : 101,
13590 OP_VERNOTIF : 102,
13591 OP_ELSE : 103,
13592 OP_ENDIF : 104,
13593 OP_VERIFY : 105,
13594 OP_RETURN : 106,
13596 // stack ops
13597 OP_TOALTSTACK : 107,
13598 OP_FROMALTSTACK : 108,
13599 OP_2DROP : 109,
13600 OP_2DUP : 110,
13601 OP_3DUP : 111,
13602 OP_2OVER : 112,
13603 OP_2ROT : 113,
13604 OP_2SWAP : 114,
13605 OP_IFDUP : 115,
13606 OP_DEPTH : 116,
13607 OP_DROP : 117,
13608 OP_DUP : 118,
13609 OP_NIP : 119,
13610 OP_OVER : 120,
13611 OP_PICK : 121,
13612 OP_ROLL : 122,
13613 OP_ROT : 123,
13614 OP_SWAP : 124,
13615 OP_TUCK : 125,
13617 // splice ops
13618 OP_CAT : 126,
13619 OP_SUBSTR : 127,
13620 OP_LEFT : 128,
13621 OP_RIGHT : 129,
13622 OP_SIZE : 130,
13624 // bit logic
13625 OP_INVERT : 131,
13626 OP_AND : 132,
13627 OP_OR : 133,
13628 OP_XOR : 134,
13629 OP_EQUAL : 135,
13630 OP_EQUALVERIFY : 136,
13631 OP_RESERVED1 : 137,
13632 OP_RESERVED2 : 138,
13634 // numeric
13635 OP_1ADD : 139,
13636 OP_1SUB : 140,
13637 OP_2MUL : 141,
13638 OP_2DIV : 142,
13639 OP_NEGATE : 143,
13640 OP_ABS : 144,
13641 OP_NOT : 145,
13642 OP_0NOTEQUAL : 146,
13644 OP_ADD : 147,
13645 OP_SUB : 148,
13646 OP_MUL : 149,
13647 OP_DIV : 150,
13648 OP_MOD : 151,
13649 OP_LSHIFT : 152,
13650 OP_RSHIFT : 153,
13652 OP_BOOLAND : 154,
13653 OP_BOOLOR : 155,
13654 OP_NUMEQUAL : 156,
13656 OP_NUMNOTEQUAL : 158,
13657 OP_LESSTHAN : 159,
13658 OP_GREATERTHAN : 160,
13661 OP_MIN : 163,
13662 OP_MAX : 164,
13664 OP_WITHIN : 165,
13666 // crypto
13667 OP_RIPEMD160 : 166,
13668 OP_SHA1 : 167,
13669 OP_SHA256 : 168,
13670 OP_HASH160 : 169,
13671 OP_HASH256 : 170,
13673 OP_CHECKSIG : 172,
13678 // expansion
13679 OP_NOP1 : 176,
13680 OP_NOP2 : 177,
13681 OP_NOP3 : 178,
13682 OP_NOP4 : 179,
13683 OP_NOP5 : 180,
13684 OP_NOP6 : 181,
13685 OP_NOP7 : 182,
13686 OP_NOP8 : 183,
13687 OP_NOP9 : 184,
13688 OP_NOP10 : 185,
13690 // template matching params
13691 OP_PUBKEYHASH : 253,
13692 OP_PUBKEY : 254,
13697(function (Buffer){
13698var assert = _dereq_('assert')
13699var bufferutils = _dereq_('./bufferutils')
13700var crypto = _dereq_('./crypto')
13701var opcodes = _dereq_('./opcodes')
13703function Script(buffer, chunks) {
13704 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got ' + buffer)
13705 assert(Array.isArray(chunks), 'Expected Array, got ' + chunks)
13707 this.buffer = buffer
13708 this.chunks = chunks
13711// Import operations
13712Script.fromASM = function(asm) {
13713 var strChunks = asm.split(' ')
13715 var chunks = strChunks.map(function(strChunk) {
13716 if (strChunk in opcodes) {
13717 return opcodes[strChunk]
13719 } else {
13720 return new Buffer(strChunk, 'hex')
13721 }
13722 })
13724 return Script.fromChunks(chunks)
13727Script.fromBuffer = function(buffer) {
13728 var chunks = []
13730 var i = 0
13732 while (i < buffer.length) {
13733 var opcode = buffer.readUInt8(i)
13735 if ((opcode > opcodes.OP_0) && (opcode <= opcodes.OP_PUSHDATA4)) {
13736 var d = bufferutils.readPushDataInt(buffer, i)
13737 i += d.size
13739 var data = buffer.slice(i, i + d.number)
13740 i += d.number
13742 chunks.push(data)
13744 } else {
13745 chunks.push(opcode)
13747 i += 1
13748 }
13749 }
13751 return new Script(buffer, chunks)
13754Script.fromChunks = function(chunks) {
13755 assert(Array.isArray(chunks), 'Expected Array, got ' + chunks)
13757 var bufferSize = chunks.reduce(function(accum, chunk) {
13758 if (Buffer.isBuffer(chunk)) {
13759 return accum + bufferutils.pushDataSize(chunk.length) + chunk.length
13760 }
13762 return accum + 1
13763 }, 0.0)
13765 var buffer = new Buffer(bufferSize)
13766 var offset = 0
13768 chunks.forEach(function(chunk) {
13769 if (Buffer.isBuffer(chunk)) {
13770 offset += bufferutils.writePushDataInt(buffer, chunk.length, offset)
13772 chunk.copy(buffer, offset)
13773 offset += chunk.length
13775 } else {
13776 buffer.writeUInt8(chunk, offset)
13777 offset += 1
13778 }
13779 })
13781 assert.equal(offset, buffer.length, 'Could not decode chunks')
13782 return new Script(buffer, chunks)
13785Script.fromHex = function(hex) {
13786 return Script.fromBuffer(new Buffer(hex, 'hex'))
13789// Constants
13790Script.EMPTY = Script.fromChunks([])
13792// Operations
13793Script.prototype.getHash = function() {
13794 return crypto.hash160(this.buffer)
13797// FIXME: doesn't work for data chunks, maybe time to use buffertools.compare...
13798Script.prototype.without = function(needle) {
13799 return Script.fromChunks(this.chunks.filter(function(op) {
13800 return op !== needle
13801 }))
13804// Export operations
13805var reverseOps = []
13806for (var op in opcodes) {
13807 var code = opcodes[op]
13808 reverseOps[code] = op
13811Script.prototype.toASM = function() {
13812 return this.chunks.map(function(chunk) {
13813 if (Buffer.isBuffer(chunk)) {
13814 return chunk.toString('hex')
13816 } else {
13817 return reverseOps[chunk]
13818 }
13819 }).join(' ')
13822Script.prototype.toBuffer = function() {
13823 return this.buffer
13826Script.prototype.toHex = function() {
13827 return this.toBuffer().toString('hex')
13830module.exports = Script
13834(function (Buffer){
13835var assert = _dereq_('assert')
13836var opcodes = _dereq_('./opcodes')
13838// FIXME: use ECPubKey, currently the circular dependency breaks everything.
13840// Solutions:
13841// * Remove ECPubKey.getAddress
13842// - Minimal change, but likely unpopular
13843// * Move all script related functionality out of Address
13844// - Means a lot of changes to Transaction/Wallet
13845// * Ignore it (existing solution)
13846// * Some form of hackery with commonjs
13848var ecurve = _dereq_('ecurve')
13849var curve = ecurve.getCurveByName('secp256k1')
13851var ECSignature = _dereq_('./ecsignature')
13852var Script = _dereq_('./script')
13854function classifyOutput(script) {
13855 assert(script instanceof Script, 'Expected Script, got ', script)
13857 if (isPubKeyHashOutput.call(script)) {
13858 return 'pubkeyhash'
13859 } else if (isScriptHashOutput.call(script)) {
13860 return 'scripthash'
13861 } else if (isMultisigOutput.call(script)) {
13862 return 'multisig'
13863 } else if (isPubKeyOutput.call(script)) {
13864 return 'pubkey'
13865 } else if (isNulldataOutput.call(script)) {
13866 return 'nulldata'
13867 } else {
13868 return 'nonstandard'
13869 }
13872function classifyInput(script) {
13873 assert(script instanceof Script, 'Expected Script, got ', script)
13875 if (isPubKeyHashInput.call(script)) {
13876 return 'pubkeyhash'
13877 } else if (isScriptHashInput.call(script)) {
13878 return 'scripthash'
13879 } else if (isMultisigInput.call(script)) {
13880 return 'multisig'
13881 } else if (isPubKeyInput.call(script)) {
13882 return 'pubkey'
13883 } else {
13884 return 'nonstandard'
13885 }
13888function isCanonicalPubKey(buffer) {
13889 if (!Buffer.isBuffer(buffer)) return false
13891 try {
13892 // FIXME: boo
13893 ecurve.Point.decodeFrom(curve, buffer)
13894 } catch (e) {
13895 if (!(e.message.match(/Invalid sequence (length|tag)/))) throw e
13897 return false
13898 }
13900 return true
13903function isCanonicalSignature(buffer) {
13904 if (!Buffer.isBuffer(buffer)) return false
13906 try {
13907 ECSignature.parseScriptSignature(buffer)
13908 } catch(e) {
13909 if (!(e.message.match(/Not a DER sequence|Invalid sequence length|Expected a DER integer|R length is zero|S length is zero|R value excessively padded|S value excessively padded|R value is negative|S value is negative|Invalid hashType/))) throw e
13911 return false
13912 }
13914 return true
13917function isPubKeyHashInput() {
13918 return this.chunks.length === 2 &&
13919 isCanonicalSignature(this.chunks[0]) &&
13920 isCanonicalPubKey(this.chunks[1])
13923function isPubKeyHashOutput() {
13924 return this.chunks.length === 5 &&
13925 this.chunks[0] === opcodes.OP_DUP &&
13926 this.chunks[1] === opcodes.OP_HASH160 &&
13927 Buffer.isBuffer(this.chunks[2]) &&
13928 this.chunks[2].length === 20 &&
13929 this.chunks[3] === opcodes.OP_EQUALVERIFY &&
13930 this.chunks[4] === opcodes.OP_CHECKSIG
13933function isPubKeyInput() {
13934 return this.chunks.length === 1 &&
13935 isCanonicalSignature(this.chunks[0])
13938function isPubKeyOutput() {
13939 return this.chunks.length === 2 &&
13940 isCanonicalPubKey(this.chunks[0]) &&
13941 this.chunks[1] === opcodes.OP_CHECKSIG
13944function isScriptHashInput() {
13945 if (this.chunks.length < 2) return false
13946 var lastChunk = this.chunks[this.chunks.length - 1]
13948 if (!Buffer.isBuffer(lastChunk)) return false
13950 var scriptSig = Script.fromChunks(this.chunks.slice(0, -1))
13951 var scriptPubKey = Script.fromBuffer(lastChunk)
13953 return classifyInput(scriptSig) === classifyOutput(scriptPubKey)
13956function isScriptHashOutput() {
13957 return this.chunks.length === 3 &&
13958 this.chunks[0] === opcodes.OP_HASH160 &&
13959 Buffer.isBuffer(this.chunks[1]) &&
13960 this.chunks[1].length === 20 &&
13961 this.chunks[2] === opcodes.OP_EQUAL
13964function isMultisigInput() {
13965 return this.chunks[0] === opcodes.OP_0 &&
13966 this.chunks.slice(1).every(isCanonicalSignature)
13969function isMultisigOutput() {
13970 if (this.chunks < 4) return false
13971 if (this.chunks[this.chunks.length - 1] !== opcodes.OP_CHECKMULTISIG) return false
13973 var mOp = this.chunks[0]
13974 if (mOp === opcodes.OP_0) return false
13975 if (mOp < opcodes.OP_1) return false
13976 if (mOp > opcodes.OP_16) return false
13978 var nOp = this.chunks[this.chunks.length - 2]
13979 if (nOp === opcodes.OP_0) return false
13980 if (nOp < opcodes.OP_1) return false
13981 if (nOp > opcodes.OP_16) return false
13983 var m = mOp - (opcodes.OP_1 - 1)
13984 var n = nOp - (opcodes.OP_1 - 1)
13985 if (n < m) return false
13987 var pubKeys = this.chunks.slice(1, -2)
13988 if (n < pubKeys.length) return false
13990 return pubKeys.every(isCanonicalPubKey)
13993function isNulldataOutput() {
13994 return this.chunks[0] === opcodes.OP_RETURN
13997// Standard Script Templates
13998// {pubKey} OP_CHECKSIG
13999function pubKeyOutput(pubKey) {
14000 return Script.fromChunks([
14001 pubKey.toBuffer(),
14002 opcodes.OP_CHECKSIG
14003 ])
14007function pubKeyHashOutput(hash) {
14008 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
14010 return Script.fromChunks([
14011 opcodes.OP_DUP,
14012 opcodes.OP_HASH160,
14013 hash,
14014 opcodes.OP_EQUALVERIFY,
14015 opcodes.OP_CHECKSIG
14016 ])
14019// OP_HASH160 {scriptHash} OP_EQUAL
14020function scriptHashOutput(hash) {
14021 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
14023 return Script.fromChunks([
14024 opcodes.OP_HASH160,
14025 hash,
14026 opcodes.OP_EQUAL
14027 ])
14030// m [pubKeys ...] n OP_CHECKMULTISIG
14031function multisigOutput(m, pubKeys) {
14032 assert(Array.isArray(pubKeys), 'Expected Array, got ' + pubKeys)
14033 assert(pubKeys.length >= m, 'Not enough pubKeys provided')
14035 var pubKeyBuffers = pubKeys.map(function(pubKey) {
14036 return pubKey.toBuffer()
14037 })
14038 var n = pubKeys.length
14040 return Script.fromChunks([].concat(
14041 (opcodes.OP_1 - 1) + m,
14042 pubKeyBuffers,
14043 (opcodes.OP_1 - 1) + n,
14044 opcodes.OP_CHECKMULTISIG
14045 ))
14048// {signature}
14049function pubKeyInput(signature) {
14050 assert(Buffer.isBuffer(signature), 'Expected Buffer, got ' + signature)
14052 return Script.fromChunks([signature])
14055// {signature} {pubKey}
14056function pubKeyHashInput(signature, pubKey) {
14057 assert(Buffer.isBuffer(signature), 'Expected Buffer, got ' + signature)
14059 return Script.fromChunks([signature, pubKey.toBuffer()])
14062// <scriptSig> {serialized scriptPubKey script}
14063function scriptHashInput(scriptSig, scriptPubKey) {
14064 return Script.fromChunks([].concat(
14065 scriptSig.chunks,
14066 scriptPubKey.toBuffer()
14067 ))
14070// OP_0 [signatures ...]
14071function multisigInput(signatures, scriptPubKey) {
14072 if (scriptPubKey) {
14073 assert(isMultisigOutput.call(scriptPubKey))
14075 var m = scriptPubKey.chunks[0]
14076 var k = m - (opcodes.OP_1 - 1)
14077 assert(k <= signatures.length, 'Not enough signatures provided')
14078 }
14080 return Script.fromChunks([].concat(opcodes.OP_0, signatures))
14083module.exports = {
14084 classifyInput: classifyInput,
14085 classifyOutput: classifyOutput,
14086 multisigInput: multisigInput,
14087 multisigOutput: multisigOutput,
14088 pubKeyHashInput: pubKeyHashInput,
14089 pubKeyHashOutput: pubKeyHashOutput,
14090 pubKeyInput: pubKeyInput,
14091 pubKeyOutput: pubKeyOutput,
14092 scriptHashInput: scriptHashInput,
14093 scriptHashOutput: scriptHashOutput
14098(function (Buffer){
14099var assert = _dereq_('assert')
14100var bufferutils = _dereq_('./bufferutils')
14101var crypto = _dereq_('./crypto')
14102var opcodes = _dereq_('./opcodes')
14103var scripts = _dereq_('./scripts')
14105var Address = _dereq_('./address')
14106var ECKey = _dereq_('./eckey')
14107var ECSignature = _dereq_('./ecsignature')
14108var Script = _dereq_('./script')
14110Transaction.DEFAULT_SEQUENCE = 0xffffffff
14111Transaction.SIGHASH_ALL = 0x01
14112Transaction.SIGHASH_NONE = 0x02
14113Transaction.SIGHASH_SINGLE = 0x03
14114Transaction.SIGHASH_ANYONECANPAY = 0x80
14116function Transaction() {
14117 this.version = 1
14118 this.locktime = 0
14119 this.ins = []
14120 this.outs = []
14124 * Create a new txin.
14125 *
14126 * Can be called with any of:
14127 *
14128 * - A transaction and an index
14129 * - A transaction hash and an index
14130 *
14131 * Note that this method does not sign the created input.
14132 */
14133Transaction.prototype.addInput = function(tx, index, sequence) {
14134 if (sequence == undefined) sequence = Transaction.DEFAULT_SEQUENCE
14136 var hash
14138 if (typeof tx === 'string') {
14139 hash = new Buffer(tx, 'hex')
14141 // TxId hex is big-endian, we need little-endian
14142 Array.prototype.reverse.call(hash)
14144 } else if (tx instanceof Transaction) {
14145 hash = tx.getHash()
14147 } else {
14148 hash = tx
14149 }
14151 assert(Buffer.isBuffer(hash), 'Expected Transaction, txId or txHash, got ' + tx)
14152 assert.equal(hash.length, 32, 'Expected hash length of 32, got ' + hash.length)
14153 assert.equal(typeof index, 'number', 'Expected number index, got ' + index)
14155 return (this.ins.push({
14156 hash: hash,
14157 index: index,
14158 script: Script.EMPTY,
14159 sequence: sequence
14160 }) - 1)
14164 * Create a new txout.
14165 *
14166 * Can be called with:
14167 *
14168 * - A base58 address string and a value
14169 * - An Address object and a value
14170 * - A scriptPubKey Script and a value
14171 */
14172Transaction.prototype.addOutput = function(scriptPubKey, value) {
14173 // Attempt to get a valid address if it's a base58 address string
14174 if (typeof scriptPubKey === 'string') {
14175 scriptPubKey = Address.fromBase58Check(scriptPubKey)
14176 }
14178 // Attempt to get a valid script if it's an Address object
14179 if (scriptPubKey instanceof Address) {
14180 var address = scriptPubKey
14182 scriptPubKey = address.toOutputScript()
14183 }
14185 return (this.outs.push({
14186 script: scriptPubKey,
14187 value: value,
14188 }) - 1)
14191Transaction.prototype.toBuffer = function () {
14192 var txInSize = this.ins.reduce(function(a, x) {
14193 return a + (40 + bufferutils.varIntSize(x.script.buffer.length) + x.script.buffer.length)
14194 }, 0)
14196 var txOutSize = this.outs.reduce(function(a, x) {
14197 return a + (8 + bufferutils.varIntSize(x.script.buffer.length) + x.script.buffer.length)
14198 }, 0)
14200 var buffer = new Buffer(
14201 8 +
14202 bufferutils.varIntSize(this.ins.length) +
14203 bufferutils.varIntSize(this.outs.length) +
14204 txInSize +
14205 txOutSize
14206 )
14208 var offset = 0
14209 function writeSlice(slice) {
14210 slice.copy(buffer, offset)
14211 offset += slice.length
14212 }
14213 function writeUInt32(i) {
14214 buffer.writeUInt32LE(i, offset)
14215 offset += 4
14216 }
14217 function writeUInt64(i) {
14218 bufferutils.writeUInt64LE(buffer, i, offset)
14219 offset += 8
14220 }
14221 function writeVarInt(i) {
14222 var n = bufferutils.writeVarInt(buffer, i, offset)
14223 offset += n
14224 }
14226 writeUInt32(this.version)
14227 writeVarInt(this.ins.length)
14229 this.ins.forEach(function(txin) {
14230 writeSlice(txin.hash)
14231 writeUInt32(txin.index)
14232 writeVarInt(txin.script.buffer.length)
14233 writeSlice(txin.script.buffer)
14234 writeUInt32(txin.sequence)
14235 })
14237 writeVarInt(this.outs.length)
14238 this.outs.forEach(function(txout) {
14239 writeUInt64(txout.value)
14240 writeVarInt(txout.script.buffer.length)
14241 writeSlice(txout.script.buffer)
14242 })
14244 writeUInt32(this.locktime)
14246 return buffer
14249Transaction.prototype.toHex = function() {
14250 return this.toBuffer().toString('hex')
14254 * Hash transaction for signing a specific input.
14255 *
14256 * Bitcoin uses a different hash for each signed transaction input. This
14257 * method copies the transaction, makes the necessary changes based on the
14258 * hashType, serializes and finally hashes the result. This hash can then be
14259 * used to sign the transaction input in question.
14260 */
14261Transaction.prototype.hashForSignature = function(prevOutScript, inIndex, hashType) {
14262 assert(inIndex >= 0, 'Invalid vin index')
14263 assert(inIndex < this.ins.length, 'Invalid vin index')
14264 assert(prevOutScript instanceof Script, 'Invalid Script object')
14266 var txTmp = this.clone()
14267 var hashScript = prevOutScript.without(opcodes.OP_CODESEPARATOR)
14269 // Blank out other inputs' signatures
14270 txTmp.ins.forEach(function(txin) {
14271 txin.script = Script.EMPTY
14272 })
14273 txTmp.ins[inIndex].script = hashScript
14275 var hashTypeModifier = hashType & 0x1f
14276 if (hashTypeModifier === Transaction.SIGHASH_NONE) {
14277 assert(false, 'SIGHASH_NONE not yet supported')
14279 } else if (hashTypeModifier === Transaction.SIGHASH_SINGLE) {
14280 assert(false, 'SIGHASH_SINGLE not yet supported')
14282 }
14284 if (hashType & Transaction.SIGHASH_ANYONECANPAY) {
14285 assert(false, 'SIGHASH_ANYONECANPAY not yet supported')
14286 }
14288 var hashTypeBuffer = new Buffer(4)
14289 hashTypeBuffer.writeInt32LE(hashType, 0)
14291 var buffer = Buffer.concat([txTmp.toBuffer(), hashTypeBuffer])
14292 return crypto.hash256(buffer)
14295Transaction.prototype.getHash = function () {
14296 return crypto.hash256(this.toBuffer())
14299Transaction.prototype.getId = function () {
14300 var buffer = this.getHash()
14302 // Big-endian is used for TxHash
14303 Array.prototype.reverse.call(buffer)
14305 return buffer.toString('hex')
14308Transaction.prototype.clone = function () {
14309 var newTx = new Transaction()
14310 newTx.version = this.version
14311 newTx.locktime = this.locktime
14313 newTx.ins = this.ins.map(function(txin) {
14314 return {
14315 hash: txin.hash,
14316 index: txin.index,
14317 script: txin.script,
14318 sequence: txin.sequence
14319 }
14320 })
14322 newTx.outs = this.outs.map(function(txout) {
14323 return {
14324 script: txout.script,
14325 value: txout.value
14326 }
14327 })
14329 return newTx
14332Transaction.fromBuffer = function(buffer) {
14333 var offset = 0
14334 function readSlice(n) {
14335 offset += n
14336 return buffer.slice(offset - n, offset)
14337 }
14338 function readUInt32() {
14339 var i = buffer.readUInt32LE(offset)
14340 offset += 4
14341 return i
14342 }
14343 function readUInt64() {
14344 var i = bufferutils.readUInt64LE(buffer, offset)
14345 offset += 8
14346 return i
14347 }
14348 function readVarInt() {
14349 var vi = bufferutils.readVarInt(buffer, offset)
14350 offset += vi.size
14351 return vi.number
14352 }
14354 var tx = new Transaction()
14355 tx.version = readUInt32()
14357 var vinLen = readVarInt()
14358 for (var i = 0; i < vinLen; ++i) {
14359 var hash = readSlice(32)
14360 var vout = readUInt32()
14361 var scriptLen = readVarInt()
14362 var script = readSlice(scriptLen)
14363 var sequence = readUInt32()
14365 tx.ins.push({
14366 hash: hash,
14367 index: vout,
14368 script: Script.fromBuffer(script),
14369 sequence: sequence
14370 })
14371 }
14373 var voutLen = readVarInt()
14374 for (i = 0; i < voutLen; ++i) {
14375 var value = readUInt64()
14376 var scriptLen = readVarInt()
14377 var script = readSlice(scriptLen)
14379 tx.outs.push({
14380 value: value,
14381 script: Script.fromBuffer(script)
14382 })
14383 }
14385 tx.locktime = readUInt32()
14386 assert.equal(offset, buffer.length, 'Transaction has unexpected data')
14388 return tx
14391Transaction.fromHex = function(hex) {
14392 return Transaction.fromBuffer(new Buffer(hex, 'hex'))
14396 * Signs a pubKeyHash output at some index with the given key
14397 */
14398Transaction.prototype.sign = function(index, privKey, hashType) {
14399 var prevOutScript = privKey.pub.getAddress().toOutputScript()
14400 var signature = this.signInput(index, prevOutScript, privKey, hashType)
14402 // FIXME: Assumed prior TX was pay-to-pubkey-hash
14403 var scriptSig = scripts.pubKeyHashInput(signature, privKey.pub)
14404 this.setInputScript(index, scriptSig)
14407Transaction.prototype.signInput = function(index, prevOutScript, privKey, hashType) {
14408 hashType = hashType || Transaction.SIGHASH_ALL
14410 var hash = this.hashForSignature(prevOutScript, index, hashType)
14411 var signature = privKey.sign(hash)
14413 return signature.toScriptSignature(hashType)
14416Transaction.prototype.setInputScript = function(index, script) {
14417 this.ins[index].script = script
14420// FIXME: could be validateInput(index, prevTxOut, pub)
14421Transaction.prototype.validateInput = function(index, prevOutScript, pubKey, buffer) {
14422 var parsed = ECSignature.parseScriptSignature(buffer)
14423 var hash = this.hashForSignature(prevOutScript, index, parsed.hashType)
14425 return pubKey.verify(hash, parsed.signature)
14428module.exports = Transaction
14432(function (Buffer){
14433var assert = _dereq_('assert')
14434var networks = _dereq_('./networks')
14435var rng = _dereq_('secure-random')
14437var Address = _dereq_('./address')
14438var HDNode = _dereq_('./hdnode')
14439var Transaction = _dereq_('./transaction')
14441function Wallet(seed, network) {
14442 network = network || networks.bitcoin
14444 // Stored in a closure to make accidental serialization less likely
14445 var masterkey = null
14446 var me = this
14447 var accountZero = null
14448 var internalAccount = null
14449 var externalAccount = null
14451 // Addresses
14452 this.addresses = []
14453 this.changeAddresses = []
14455 // Transaction output data
14456 this.outputs = {}
14458 // Make a new master key
14459 this.newMasterKey = function(seed) {
14460 seed = seed || new Buffer(rng(32))
14461 masterkey = HDNode.fromSeedBuffer(seed, network)
14463 // HD first-level child derivation method should be hardened
14464 // See https://bitcointalk.org/index.php?topic=405179.msg4415254#msg4415254
14465 accountZero = masterkey.deriveHardened(0)
14466 externalAccount = accountZero.derive(0)
14467 internalAccount = accountZero.derive(1)
14469 me.addresses = []
14470 me.changeAddresses = []
14472 me.outputs = {}
14473 }
14475 this.newMasterKey(seed)
14477 this.generateAddress = function() {
14478 var key = externalAccount.derive(this.addresses.length)
14479 this.addresses.push(key.getAddress().toString())
14480 return this.addresses[this.addresses.length - 1]
14481 }
14483 this.generateChangeAddress = function() {
14484 var key = internalAccount.derive(this.changeAddresses.length)
14485 this.changeAddresses.push(key.getAddress().toString())
14486 return this.changeAddresses[this.changeAddresses.length - 1]
14487 }
14489 this.getBalance = function() {
14490 return this.getUnspentOutputs().reduce(function(memo, output){
14491 return memo + output.value
14492 }, 0)
14493 }
14495 this.getUnspentOutputs = function() {
14496 var utxo = []
14498 for(var key in this.outputs){
14499 var output = this.outputs[key]
14500 if(!output.to) utxo.push(outputToUnspentOutput(output))
14501 }
14503 return utxo
14504 }
14506 this.setUnspentOutputs = function(utxo) {
14507 var outputs = {}
14509 utxo.forEach(function(uo){
14510 validateUnspentOutput(uo)
14511 var o = unspentOutputToOutput(uo)
14512 outputs[o.from] = o
14513 })
14515 this.outputs = outputs
14516 }
14518 function outputToUnspentOutput(output){
14519 var hashAndIndex = output.from.split(":")
14521 return {
14522 hash: hashAndIndex[0],
14523 outputIndex: parseInt(hashAndIndex[1]),
14524 address: output.address,
14525 value: output.value,
14526 pending: output.pending
14527 }
14528 }
14530 function unspentOutputToOutput(o) {
14531 var hash = o.hash
14532 var key = hash + ":" + o.outputIndex
14533 return {
14534 from: key,
14535 address: o.address,
14536 value: o.value,
14537 pending: o.pending
14538 }
14539 }
14541 function validateUnspentOutput(uo) {
14542 var missingField
14544 if (isNullOrUndefined(uo.hash)) {
14545 missingField = "hash"
14546 }
14548 var requiredKeys = ['outputIndex', 'address', 'value']
14549 requiredKeys.forEach(function (key) {
14550 if (isNullOrUndefined(uo[key])){
14551 missingField = key
14552 }
14553 })
14555 if (missingField) {
14556 var message = [
14557 'Invalid unspent output: key', missingField, 'is missing.',
14558 'A valid unspent output must contain'
14559 ]
14560 message.push(requiredKeys.join(', '))
14561 message.push("and hash")
14562 throw new Error(message.join(' '))
14563 }
14564 }
14566 function isNullOrUndefined(value) {
14567 return value == undefined
14568 }
14570 this.processPendingTx = function(tx){
14571 processTx(tx, true)
14572 }
14574 this.processConfirmedTx = function(tx){
14575 processTx(tx, false)
14576 }
14578 function processTx(tx, isPending) {
14579 var txid = tx.getId()
14581 tx.outs.forEach(function(txOut, i) {
14582 var address
14584 try {
14585 address = Address.fromOutputScript(txOut.script, network).toString()
14586 } catch(e) {
14587 if (!(e.message.match(/has no matching Address/))) throw e
14588 }
14590 if (isMyAddress(address)) {
14591 var output = txid + ':' + i
14593 me.outputs[output] = {
14594 from: output,
14595 value: txOut.value,
14596 address: address,
14597 pending: isPending
14598 }
14599 }
14600 })
14602 tx.ins.forEach(function(txIn, i) {
14603 // copy and convert to big-endian hex
14604 var txinId = new Buffer(txIn.hash)
14605 Array.prototype.reverse.call(txinId)
14606 txinId = txinId.toString('hex')
14608 var output = txinId + ':' + txIn.index
14610 if (!(output in me.outputs)) return
14612 if (isPending) {
14613 me.outputs[output].to = txid + ':' + i
14614 me.outputs[output].pending = true
14615 } else {
14616 delete me.outputs[output]
14617 }
14618 })
14619 }
14621 this.createTx = function(to, value, fixedFee, changeAddress) {
14622 assert(value > network.dustThreshold, value + ' must be above dust threshold (' + network.dustThreshold + ' Satoshis)')
14624 var utxos = getCandidateOutputs(value)
14625 var accum = 0
14626 var subTotal = value
14627 var addresses = []
14629 var tx = new Transaction()
14630 tx.addOutput(to, value)
14632 for (var i = 0; i < utxos.length; ++i) {
14633 var utxo = utxos[i]
14634 addresses.push(utxo.address)
14636 var outpoint = utxo.from.split(':')
14637 tx.addInput(outpoint[0], parseInt(outpoint[1]))
14639 var fee = fixedFee == undefined ? estimateFeePadChangeOutput(tx) : fixedFee
14641 accum += utxo.value
14642 subTotal = value + fee
14643 if (accum >= subTotal) {
14644 var change = accum - subTotal
14646 if (change > network.dustThreshold) {
14647 tx.addOutput(changeAddress || getChangeAddress(), change)
14648 }
14650 break
14651 }
14652 }
14654 assert(accum >= subTotal, 'Not enough funds (incl. fee): ' + accum + ' < ' + subTotal)
14656 this.signWith(tx, addresses)
14657 return tx
14658 }
14660 function getCandidateOutputs() {
14661 var unspent = []
14663 for (var key in me.outputs) {
14664 var output = me.outputs[key]
14665 if (!output.pending) unspent.push(output)
14666 }
14668 var sortByValueDesc = unspent.sort(function(o1, o2){
14669 return o2.value - o1.value
14670 })
14672 return sortByValueDesc
14673 }
14675 function estimateFeePadChangeOutput(tx) {
14676 var tmpTx = tx.clone()
14677 tmpTx.addOutput(getChangeAddress(), network.dustSoftThreshold || 0)
14679 return network.estimateFee(tmpTx)
14680 }
14682 function getChangeAddress() {
14683 if(me.changeAddresses.length === 0) me.generateChangeAddress();
14684 return me.changeAddresses[me.changeAddresses.length - 1]
14685 }
14687 this.signWith = function(tx, addresses) {
14688 assert.equal(tx.ins.length, addresses.length, 'Number of addresses must match number of transaction inputs')
14690 addresses.forEach(function(address, i) {
14691 var key = me.getPrivateKeyForAddress(address)
14693 tx.sign(i, key)
14694 })
14696 return tx
14697 }
14699 this.getMasterKey = function() { return masterkey }
14700 this.getAccountZero = function() { return accountZero }
14701 this.getInternalAccount = function() { return internalAccount }
14702 this.getExternalAccount = function() { return externalAccount }
14704 this.getPrivateKey = function(index) {
14705 return externalAccount.derive(index).privKey
14706 }
14708 this.getInternalPrivateKey = function(index) {
14709 return internalAccount.derive(index).privKey
14710 }
14712 this.getPrivateKeyForAddress = function(address) {
14713 var index
14714 if((index = this.addresses.indexOf(address)) > -1) {
14715 return this.getPrivateKey(index)
14716 } else if((index = this.changeAddresses.indexOf(address)) > -1) {
14717 return this.getInternalPrivateKey(index)
14718 } else {
14719 throw new Error('Unknown address. Make sure the address is from the keychain and has been generated.')
14720 }
14721 }
14723 function isReceiveAddress(address){
14724 return me.addresses.indexOf(address) > -1
14725 }
14727 function isChangeAddress(address){
14728 return me.changeAddresses.indexOf(address) > -1
14729 }
14731 function isMyAddress(address) {
14732 return isReceiveAddress(address) || isChangeAddress(address)
14733 }
14736module.exports = Wallet
14742 </script>
14744 <!--<script src="/js/asmcrypto.js"></script>-->
14747// https://rawgit.com/tresorit/asmcrypto.js/598a1098504f1b2d0e615bc51dd8404afd2d338b/asmcrypto.js
14748// Provides PBKDF2 functionality
14749// It's faster than CryptoJS
14750// Couldn't get SJCL working as desired
14753(function(exports, global) {
14754 "use strict";
14755 global["asmCrypto"] = exports;
14756 function string_to_bytes(str) {
14757 var i, len = str.length, arr = new Uint8Array(len);
14758 for (i = 0; i < len; i += 1) {
14759 arr[i] = str.charCodeAt(i);
14760 }
14761 return arr;
14762 }
14763 function hex_to_bytes(str) {
14764 var arr = [], len = str.length, i;
14765 if (len & 1) {
14766 str = "0" + str;
14767 len++;
14768 }
14769 for (i = 0; i < len; i += 2) {
14770 arr.push(parseInt(str.substr(i, 2), 16));
14771 }
14772 return new Uint8Array(arr);
14773 }
14774 function base64_to_bytes(str) {
14775 return string_to_bytes(atob(str));
14776 }
14777 function bytes_to_string(arr) {
14778 var str = "";
14779 for (var i = 0; i < arr.length; i++) str += String.fromCharCode(arr[i]);
14780 return str;
14781 }
14782 function bytes_to_hex(arr) {
14783 var sz = (arr.byteLength || arr.length) / arr.length, str = "";
14784 for (var i = 0; i < arr.length; i++) {
14785 var h = arr[i].toString(16);
14786 if (h.length < 2 * sz) str += "00000000000000".substr(0, 2 * sz - h.length);
14787 str += h;
14788 }
14789 return str;
14790 }
14791 function bytes_to_base64(arr) {
14792 return btoa(bytes_to_string(arr));
14793 }
14794 function pow2_ceil(a) {
14795 a -= 1;
14796 a |= a >>> 1;
14797 a |= a >>> 2;
14798 a |= a >>> 4;
14799 a |= a >>> 8;
14800 a |= a >>> 16;
14801 a += 1;
14802 return a;
14803 }
14804 function is_number(a) {
14805 return typeof a === "number";
14806 }
14807 function is_string(a) {
14808 return typeof a === "string";
14809 }
14810 function is_buffer(a) {
14811 return a instanceof ArrayBuffer;
14812 }
14813 function is_bytes(a) {
14814 return a instanceof Uint8Array;
14815 }
14816 function is_typed_array(a) {
14817 return a instanceof Int8Array || a instanceof Uint8Array || a instanceof Int16Array || a instanceof Uint16Array || a instanceof Int32Array || a instanceof Uint32Array || a instanceof Float32Array || a instanceof Float64Array;
14818 }
14819 function IllegalStateError() {
14820 Error.apply(this, arguments);
14821 }
14822 IllegalStateError.prototype = new Error();
14823 function IllegalArgumentError() {
14824 Error.apply(this, arguments);
14825 }
14826 IllegalArgumentError.prototype = new Error();
14827 function SecurityError() {
14828 Error.apply(this, arguments);
14829 }
14830 IllegalArgumentError.prototype = new Error();
14831 var _aes_tables = [ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125, 198, 248, 238, 246, 255, 214, 222, 145, 96, 2, 206, 86, 231, 181, 77, 236, 143, 31, 137, 250, 239, 178, 142, 251, 65, 179, 95, 69, 35, 83, 228, 155, 117, 225, 61, 76, 108, 126, 245, 131, 104, 81, 209, 249, 226, 171, 98, 42, 8, 149, 70, 157, 48, 55, 10, 47, 14, 36, 27, 223, 205, 78, 127, 234, 18, 29, 88, 52, 54, 220, 180, 91, 164, 118, 183, 125, 82, 221, 94, 19, 166, 185, 0, 193, 64, 227, 121, 182, 212, 141, 103, 114, 148, 152, 176, 133, 187, 197, 79, 237, 134, 154, 102, 17, 138, 233, 4, 254, 160, 120, 37, 75, 162, 93, 128, 5, 63, 33, 112, 241, 99, 119, 175, 66, 32, 229, 253, 191, 129, 24, 38, 195, 190, 53, 136, 46, 147, 85, 252, 122, 200, 186, 50, 230, 192, 25, 158, 163, 68, 84, 59, 11, 140, 199, 107, 40, 167, 188, 22, 173, 219, 100, 116, 20, 146, 12, 72, 184, 159, 189, 67, 196, 57, 49, 211, 242, 213, 139, 110, 218, 1, 177, 156, 73, 216, 172, 243, 207, 202, 244, 71, 16, 111, 240, 74, 92, 56, 87, 115, 151, 203, 161, 232, 62, 150, 97, 13, 15, 224, 124, 113, 204, 144, 6, 247, 28, 194, 106, 174, 105, 23, 153, 58, 39, 217, 235, 43, 34, 210, 169, 7, 51, 45, 60, 21, 201, 135, 170, 80, 165, 3, 89, 9, 26, 101, 215, 132, 208, 130, 41, 90, 30, 123, 168, 109, 44, 165, 132, 153, 141, 13, 189, 177, 84, 80, 3, 169, 125, 25, 98, 230, 154, 69, 157, 64, 135, 21, 235, 201, 11, 236, 103, 253, 234, 191, 247, 150, 91, 194, 28, 174, 106, 90, 65, 2, 79, 92, 244, 52, 8, 147, 115, 83, 63, 12, 82, 101, 94, 40, 161, 15, 181, 9, 54, 155, 61, 38, 105, 205, 159, 27, 158, 116, 46, 45, 178, 238, 251, 246, 77, 97, 206, 123, 62, 113, 151, 245, 104, 0, 44, 96, 31, 200, 237, 190, 70, 217, 75, 222, 212, 232, 74, 107, 42, 229, 22, 197, 215, 85, 148, 207, 16, 6, 129, 240, 68, 186, 227, 243, 254, 192, 138, 173, 188, 72, 4, 223, 193, 117, 99, 48, 26, 14, 109, 76, 20, 53, 47, 225, 162, 204, 57, 87, 242, 130, 71, 172, 231, 43, 149, 160, 152, 209, 127, 102, 126, 171, 131, 202, 41, 211, 60, 121, 226, 29, 118, 59, 86, 78, 30, 219, 10, 108, 228, 93, 110, 239, 166, 168, 164, 55, 139, 50, 67, 89, 183, 140, 100, 210, 224, 180, 250, 7, 37, 175, 142, 233, 24, 213, 136, 111, 114, 36, 241, 199, 81, 35, 124, 156, 33, 221, 220, 134, 133, 144, 66, 196, 170, 216, 5, 1, 18, 163, 95, 249, 208, 145, 88, 39, 185, 56, 19, 179, 51, 187, 112, 137, 167, 182, 34, 146, 32, 73, 255, 120, 122, 143, 248, 128, 23, 218, 49, 198, 184, 195, 176, 119, 17, 203, 252, 214, 58, 0, 9, 18, 27, 36, 45, 54, 63, 72, 65, 90, 83, 108, 101, 126, 119, 144, 153, 130, 139, 180, 189, 166, 175, 216, 209, 202, 195, 252, 245, 238, 231, 59, 50, 41, 32, 31, 22, 13, 4, 115, 122, 97, 104, 87, 94, 69, 76, 171, 162, 185, 176, 143, 134, 157, 148, 227, 234, 241, 248, 199, 206, 213, 220, 118, 127, 100, 109, 82, 91, 64, 73, 62, 55, 44, 37, 26, 19, 8, 1, 230, 239, 244, 253, 194, 203, 208, 217, 174, 167, 188, 181, 138, 131, 152, 145, 77, 68, 95, 86, 105, 96, 123, 114, 5, 12, 23, 30, 33, 40, 51, 58, 221, 212, 207, 198, 249, 240, 235, 226, 149, 156, 135, 142, 177, 184, 163, 170, 236, 229, 254, 247, 200, 193, 218, 211, 164, 173, 182, 191, 128, 137, 146, 155, 124, 117, 110, 103, 88, 81, 74, 67, 52, 61, 38, 47, 16, 25, 2, 11, 215, 222, 197, 204, 243, 250, 225, 232, 159, 150, 141, 132, 187, 178, 169, 160, 71, 78, 85, 92, 99, 106, 113, 120, 15, 6, 29, 20, 43, 34, 57, 48, 154, 147, 136, 129, 190, 183, 172, 165, 210, 219, 192, 201, 246, 255, 228, 237, 10, 3, 24, 17, 46, 39, 60, 53, 66, 75, 80, 89, 102, 111, 116, 125, 161, 168, 179, 186, 133, 140, 151, 158, 233, 224, 251, 242, 205, 196, 223, 214, 49, 56, 35, 42, 21, 28, 7, 14, 121, 112, 107, 98, 93, 84, 79, 70, 0, 11, 22, 29, 44, 39, 58, 49, 88, 83, 78, 69, 116, 127, 98, 105, 176, 187, 166, 173, 156, 151, 138, 129, 232, 227, 254, 245, 196, 207, 210, 217, 123, 112, 109, 102, 87, 92, 65, 74, 35, 40, 53, 62, 15, 4, 25, 18, 203, 192, 221, 214, 231, 236, 241, 250, 147, 152, 133, 142, 191, 180, 169, 162, 246, 253, 224, 235, 218, 209, 204, 199, 174, 165, 184, 179, 130, 137, 148, 159, 70, 77, 80, 91, 106, 97, 124, 119, 30, 21, 8, 3, 50, 57, 36, 47, 141, 134, 155, 144, 161, 170, 183, 188, 213, 222, 195, 200, 249, 242, 239, 228, 61, 54, 43, 32, 17, 26, 7, 12, 101, 110, 115, 120, 73, 66, 95, 84, 247, 252, 225, 234, 219, 208, 205, 198, 175, 164, 185, 178, 131, 136, 149, 158, 71, 76, 81, 90, 107, 96, 125, 118, 31, 20, 9, 2, 51, 56, 37, 46, 140, 135, 154, 145, 160, 171, 182, 189, 212, 223, 194, 201, 248, 243, 238, 229, 60, 55, 42, 33, 16, 27, 6, 13, 100, 111, 114, 121, 72, 67, 94, 85, 1, 10, 23, 28, 45, 38, 59, 48, 89, 82, 79, 68, 117, 126, 99, 104, 177, 186, 167, 172, 157, 150, 139, 128, 233, 226, 255, 244, 197, 206, 211, 216, 122, 113, 108, 103, 86, 93, 64, 75, 34, 41, 52, 63, 14, 5, 24, 19, 202, 193, 220, 215, 230, 237, 240, 251, 146, 153, 132, 143, 190, 181, 168, 163, 0, 13, 26, 23, 52, 57, 46, 35, 104, 101, 114, 127, 92, 81, 70, 75, 208, 221, 202, 199, 228, 233, 254, 243, 184, 181, 162, 175, 140, 129, 150, 155, 187, 182, 161, 172, 143, 130, 149, 152, 211, 222, 201, 196, 231, 234, 253, 240, 107, 102, 113, 124, 95, 82, 69, 72, 3, 14, 25, 20, 55, 58, 45, 32, 109, 96, 119, 122, 89, 84, 67, 78, 5, 8, 31, 18, 49, 60, 43, 38, 189, 176, 167, 170, 137, 132, 147, 158, 213, 216, 207, 194, 225, 236, 251, 246, 214, 219, 204, 193, 226, 239, 248, 245, 190, 179, 164, 169, 138, 135, 144, 157, 6, 11, 28, 17, 50, 63, 40, 37, 110, 99, 116, 121, 90, 87, 64, 77, 218, 215, 192, 205, 238, 227, 244, 249, 178, 191, 168, 165, 134, 139, 156, 145, 10, 7, 16, 29, 62, 51, 36, 41, 98, 111, 120, 117, 86, 91, 76, 65, 97, 108, 123, 118, 85, 88, 79, 66, 9, 4, 19, 30, 61, 48, 39, 42, 177, 188, 171, 166, 133, 136, 159, 146, 217, 212, 195, 206, 237, 224, 247, 250, 183, 186, 173, 160, 131, 142, 153, 148, 223, 210, 197, 200, 235, 230, 241, 252, 103, 106, 125, 112, 83, 94, 73, 68, 15, 2, 21, 24, 59, 54, 33, 44, 12, 1, 22, 27, 56, 53, 34, 47, 100, 105, 126, 115, 80, 93, 74, 71, 220, 209, 198, 203, 232, 229, 242, 255, 180, 185, 174, 163, 128, 141, 154, 151, 0, 14, 28, 18, 56, 54, 36, 42, 112, 126, 108, 98, 72, 70, 84, 90, 224, 238, 252, 242, 216, 214, 196, 202, 144, 158, 140, 130, 168, 166, 180, 186, 219, 213, 199, 201, 227, 237, 255, 241, 171, 165, 183, 185, 147, 157, 143, 129, 59, 53, 39, 41, 3, 13, 31, 17, 75, 69, 87, 89, 115, 125, 111, 97, 173, 163, 177, 191, 149, 155, 137, 135, 221, 211, 193, 207, 229, 235, 249, 247, 77, 67, 81, 95, 117, 123, 105, 103, 61, 51, 33, 47, 5, 11, 25, 23, 118, 120, 106, 100, 78, 64, 82, 92, 6, 8, 26, 20, 62, 48, 34, 44, 150, 152, 138, 132, 174, 160, 178, 188, 230, 232, 250, 244, 222, 208, 194, 204, 65, 79, 93, 83, 121, 119, 101, 107, 49, 63, 45, 35, 9, 7, 21, 27, 161, 175, 189, 179, 153, 151, 133, 139, 209, 223, 205, 195, 233, 231, 245, 251, 154, 148, 134, 136, 162, 172, 190, 176, 234, 228, 246, 248, 210, 220, 206, 192, 122, 116, 102, 104, 66, 76, 94, 80, 10, 4, 22, 24, 50, 60, 46, 32, 236, 226, 240, 254, 212, 218, 200, 198, 156, 146, 128, 142, 164, 170, 184, 182, 12, 2, 16, 30, 52, 58, 40, 38, 124, 114, 96, 110, 68, 74, 88, 86, 55, 57, 43, 37, 15, 1, 19, 29, 71, 73, 91, 85, 127, 113, 99, 109, 215, 217, 203, 197, 239, 225, 243, 253, 167, 169, 187, 181, 159, 145, 131, 141 ];
14832 var _aes_heap_start = 2048;
14833 function _aes_asm(stdlib, foreign, buffer) {
14834 // Closure Compiler warning - commented out
14835 //"use asm";
14836 var S0 = 0, S1 = 0, S2 = 0, S3 = 0, S4 = 0, S5 = 0, S6 = 0, S7 = 0, S8 = 0, S9 = 0, SA = 0, SB = 0, SC = 0, SD = 0, SE = 0, SF = 0;
14837 var keySize = 0;
14838 var R00 = 0, R01 = 0, R02 = 0, R03 = 0, R04 = 0, R05 = 0, R06 = 0, R07 = 0, R08 = 0, R09 = 0, R0A = 0, R0B = 0, R0C = 0, R0D = 0, R0E = 0, R0F = 0, R10 = 0, R11 = 0, R12 = 0, R13 = 0, R14 = 0, R15 = 0, R16 = 0, R17 = 0, R18 = 0, R19 = 0, R1A = 0, R1B = 0, R1C = 0, R1D = 0, R1E = 0, R1F = 0, R20 = 0, R21 = 0, R22 = 0, R23 = 0, R24 = 0, R25 = 0, R26 = 0, R27 = 0, R28 = 0, R29 = 0, R2A = 0, R2B = 0, R2C = 0, R2D = 0, R2E = 0, R2F = 0, R30 = 0, R31 = 0, R32 = 0, R33 = 0, R34 = 0, R35 = 0, R36 = 0, R37 = 0, R38 = 0, R39 = 0, R3A = 0, R3B = 0, R3C = 0, R3D = 0, R3E = 0, R3F = 0, R40 = 0, R41 = 0, R42 = 0, R43 = 0, R44 = 0, R45 = 0, R46 = 0, R47 = 0, R48 = 0, R49 = 0, R4A = 0, R4B = 0, R4C = 0, R4D = 0, R4E = 0, R4F = 0, R50 = 0, R51 = 0, R52 = 0, R53 = 0, R54 = 0, R55 = 0, R56 = 0, R57 = 0, R58 = 0, R59 = 0, R5A = 0, R5B = 0, R5C = 0, R5D = 0, R5E = 0, R5F = 0, R60 = 0, R61 = 0, R62 = 0, R63 = 0, R64 = 0, R65 = 0, R66 = 0, R67 = 0, R68 = 0, R69 = 0, R6A = 0, R6B = 0, R6C = 0, R6D = 0, R6E = 0, R6F = 0, R70 = 0, R71 = 0, R72 = 0, R73 = 0, R74 = 0, R75 = 0, R76 = 0, R77 = 0, R78 = 0, R79 = 0, R7A = 0, R7B = 0, R7C = 0, R7D = 0, R7E = 0, R7F = 0, R80 = 0, R81 = 0, R82 = 0, R83 = 0, R84 = 0, R85 = 0, R86 = 0, R87 = 0, R88 = 0, R89 = 0, R8A = 0, R8B = 0, R8C = 0, R8D = 0, R8E = 0, R8F = 0, R90 = 0, R91 = 0, R92 = 0, R93 = 0, R94 = 0, R95 = 0, R96 = 0, R97 = 0, R98 = 0, R99 = 0, R9A = 0, R9B = 0, R9C = 0, R9D = 0, R9E = 0, R9F = 0, RA0 = 0, RA1 = 0, RA2 = 0, RA3 = 0, RA4 = 0, RA5 = 0, RA6 = 0, RA7 = 0, RA8 = 0, RA9 = 0, RAA = 0, RAB = 0, RAC = 0, RAD = 0, RAE = 0, RAF = 0, RB0 = 0, RB1 = 0, RB2 = 0, RB3 = 0, RB4 = 0, RB5 = 0, RB6 = 0, RB7 = 0, RB8 = 0, RB9 = 0, RBA = 0, RBB = 0, RBC = 0, RBD = 0, RBE = 0, RBF = 0, RC0 = 0, RC1 = 0, RC2 = 0, RC3 = 0, RC4 = 0, RC5 = 0, RC6 = 0, RC7 = 0, RC8 = 0, RC9 = 0, RCA = 0, RCB = 0, RCC = 0, RCD = 0, RCE = 0, RCF = 0, RD0 = 0, RD1 = 0, RD2 = 0, RD3 = 0, RD4 = 0, RD5 = 0, RD6 = 0, RD7 = 0, RD8 = 0, RD9 = 0, RDA = 0, RDB = 0, RDC = 0, RDD = 0, RDE = 0, RDF = 0, RE0 = 0, RE1 = 0, RE2 = 0, RE3 = 0, RE4 = 0, RE5 = 0, RE6 = 0, RE7 = 0, RE8 = 0, RE9 = 0, REA = 0, REB = 0, REC = 0, RED = 0, REE = 0, REF = 0;
14839 var HEAP = new stdlib.Uint8Array(buffer);
14840 function _expand_key_128() {
14841 var sbox = 0;
14842 R10 = R00 ^ HEAP[sbox | R0D] ^ 1;
14843 R11 = R01 ^ HEAP[sbox | R0E];
14844 R12 = R02 ^ HEAP[sbox | R0F];
14845 R13 = R03 ^ HEAP[sbox | R0C];
14846 R14 = R04 ^ R10;
14847 R15 = R05 ^ R11;
14848 R16 = R06 ^ R12;
14849 R17 = R07 ^ R13;
14850 R18 = R08 ^ R14;
14851 R19 = R09 ^ R15;
14852 R1A = R0A ^ R16;
14853 R1B = R0B ^ R17;
14854 R1C = R0C ^ R18;
14855 R1D = R0D ^ R19;
14856 R1E = R0E ^ R1A;
14857 R1F = R0F ^ R1B;
14858 R20 = R10 ^ HEAP[sbox | R1D] ^ 2;
14859 R21 = R11 ^ HEAP[sbox | R1E];
14860 R22 = R12 ^ HEAP[sbox | R1F];
14861 R23 = R13 ^ HEAP[sbox | R1C];
14862 R24 = R14 ^ R20;
14863 R25 = R15 ^ R21;
14864 R26 = R16 ^ R22;
14865 R27 = R17 ^ R23;
14866 R28 = R18 ^ R24;
14867 R29 = R19 ^ R25;
14868 R2A = R1A ^ R26;
14869 R2B = R1B ^ R27;
14870 R2C = R1C ^ R28;
14871 R2D = R1D ^ R29;
14872 R2E = R1E ^ R2A;
14873 R2F = R1F ^ R2B;
14874 R30 = R20 ^ HEAP[sbox | R2D] ^ 4;
14875 R31 = R21 ^ HEAP[sbox | R2E];
14876 R32 = R22 ^ HEAP[sbox | R2F];
14877 R33 = R23 ^ HEAP[sbox | R2C];
14878 R34 = R24 ^ R30;
14879 R35 = R25 ^ R31;
14880 R36 = R26 ^ R32;
14881 R37 = R27 ^ R33;
14882 R38 = R28 ^ R34;
14883 R39 = R29 ^ R35;
14884 R3A = R2A ^ R36;
14885 R3B = R2B ^ R37;
14886 R3C = R2C ^ R38;
14887 R3D = R2D ^ R39;
14888 R3E = R2E ^ R3A;
14889 R3F = R2F ^ R3B;
14890 R40 = R30 ^ HEAP[sbox | R3D] ^ 8;
14891 R41 = R31 ^ HEAP[sbox | R3E];
14892 R42 = R32 ^ HEAP[sbox | R3F];
14893 R43 = R33 ^ HEAP[sbox | R3C];
14894 R44 = R34 ^ R40;
14895 R45 = R35 ^ R41;
14896 R46 = R36 ^ R42;
14897 R47 = R37 ^ R43;
14898 R48 = R38 ^ R44;
14899 R49 = R39 ^ R45;
14900 R4A = R3A ^ R46;
14901 R4B = R3B ^ R47;
14902 R4C = R3C ^ R48;
14903 R4D = R3D ^ R49;
14904 R4E = R3E ^ R4A;
14905 R4F = R3F ^ R4B;
14906 R50 = R40 ^ HEAP[sbox | R4D] ^ 16;
14907 R51 = R41 ^ HEAP[sbox | R4E];
14908 R52 = R42 ^ HEAP[sbox | R4F];
14909 R53 = R43 ^ HEAP[sbox | R4C];
14910 R54 = R44 ^ R50;
14911 R55 = R45 ^ R51;
14912 R56 = R46 ^ R52;
14913 R57 = R47 ^ R53;
14914 R58 = R48 ^ R54;
14915 R59 = R49 ^ R55;
14916 R5A = R4A ^ R56;
14917 R5B = R4B ^ R57;
14918 R5C = R4C ^ R58;
14919 R5D = R4D ^ R59;
14920 R5E = R4E ^ R5A;
14921 R5F = R4F ^ R5B;
14922 R60 = R50 ^ HEAP[sbox | R5D] ^ 32;
14923 R61 = R51 ^ HEAP[sbox | R5E];
14924 R62 = R52 ^ HEAP[sbox | R5F];
14925 R63 = R53 ^ HEAP[sbox | R5C];
14926 R64 = R54 ^ R60;
14927 R65 = R55 ^ R61;
14928 R66 = R56 ^ R62;
14929 R67 = R57 ^ R63;
14930 R68 = R58 ^ R64;
14931 R69 = R59 ^ R65;
14932 R6A = R5A ^ R66;
14933 R6B = R5B ^ R67;
14934 R6C = R5C ^ R68;
14935 R6D = R5D ^ R69;
14936 R6E = R5E ^ R6A;
14937 R6F = R5F ^ R6B;
14938 R70 = R60 ^ HEAP[sbox | R6D] ^ 64;
14939 R71 = R61 ^ HEAP[sbox | R6E];
14940 R72 = R62 ^ HEAP[sbox | R6F];
14941 R73 = R63 ^ HEAP[sbox | R6C];
14942 R74 = R64 ^ R70;
14943 R75 = R65 ^ R71;
14944 R76 = R66 ^ R72;
14945 R77 = R67 ^ R73;
14946 R78 = R68 ^ R74;
14947 R79 = R69 ^ R75;
14948 R7A = R6A ^ R76;
14949 R7B = R6B ^ R77;
14950 R7C = R6C ^ R78;
14951 R7D = R6D ^ R79;
14952 R7E = R6E ^ R7A;
14953 R7F = R6F ^ R7B;
14954 R80 = R70 ^ HEAP[sbox | R7D] ^ 128;
14955 R81 = R71 ^ HEAP[sbox | R7E];
14956 R82 = R72 ^ HEAP[sbox | R7F];
14957 R83 = R73 ^ HEAP[sbox | R7C];
14958 R84 = R74 ^ R80;
14959 R85 = R75 ^ R81;
14960 R86 = R76 ^ R82;
14961 R87 = R77 ^ R83;
14962 R88 = R78 ^ R84;
14963 R89 = R79 ^ R85;
14964 R8A = R7A ^ R86;
14965 R8B = R7B ^ R87;
14966 R8C = R7C ^ R88;
14967 R8D = R7D ^ R89;
14968 R8E = R7E ^ R8A;
14969 R8F = R7F ^ R8B;
14970 R90 = R80 ^ HEAP[sbox | R8D] ^ 27;
14971 R91 = R81 ^ HEAP[sbox | R8E];
14972 R92 = R82 ^ HEAP[sbox | R8F];
14973 R93 = R83 ^ HEAP[sbox | R8C];
14974 R94 = R84 ^ R90;
14975 R95 = R85 ^ R91;
14976 R96 = R86 ^ R92;
14977 R97 = R87 ^ R93;
14978 R98 = R88 ^ R94;
14979 R99 = R89 ^ R95;
14980 R9A = R8A ^ R96;
14981 R9B = R8B ^ R97;
14982 R9C = R8C ^ R98;
14983 R9D = R8D ^ R99;
14984 R9E = R8E ^ R9A;
14985 R9F = R8F ^ R9B;
14986 RA0 = R90 ^ HEAP[sbox | R9D] ^ 54;
14987 RA1 = R91 ^ HEAP[sbox | R9E];
14988 RA2 = R92 ^ HEAP[sbox | R9F];
14989 RA3 = R93 ^ HEAP[sbox | R9C];
14990 RA4 = R94 ^ RA0;
14991 RA5 = R95 ^ RA1;
14992 RA6 = R96 ^ RA2;
14993 RA7 = R97 ^ RA3;
14994 RA8 = R98 ^ RA4;
14995 RA9 = R99 ^ RA5;
14996 RAA = R9A ^ RA6;
14997 RAB = R9B ^ RA7;
14998 RAC = R9C ^ RA8;
14999 RAD = R9D ^ RA9;
15000 RAE = R9E ^ RAA;
15001 RAF = R9F ^ RAB;
15002 }
15003 function _expand_key_256() {
15004 var sbox = 0;
15005 R20 = R00 ^ HEAP[sbox | R1D] ^ 1;
15006 R21 = R01 ^ HEAP[sbox | R1E];
15007 R22 = R02 ^ HEAP[sbox | R1F];
15008 R23 = R03 ^ HEAP[sbox | R1C];
15009 R24 = R04 ^ R20;
15010 R25 = R05 ^ R21;
15011 R26 = R06 ^ R22;
15012 R27 = R07 ^ R23;
15013 R28 = R08 ^ R24;
15014 R29 = R09 ^ R25;
15015 R2A = R0A ^ R26;
15016 R2B = R0B ^ R27;
15017 R2C = R0C ^ R28;
15018 R2D = R0D ^ R29;
15019 R2E = R0E ^ R2A;
15020 R2F = R0F ^ R2B;
15021 R30 = R10 ^ HEAP[sbox | R2C];
15022 R31 = R11 ^ HEAP[sbox | R2D];
15023 R32 = R12 ^ HEAP[sbox | R2E];
15024 R33 = R13 ^ HEAP[sbox | R2F];
15025 R34 = R14 ^ R30;
15026 R35 = R15 ^ R31;
15027 R36 = R16 ^ R32;
15028 R37 = R17 ^ R33;
15029 R38 = R18 ^ R34;
15030 R39 = R19 ^ R35;
15031 R3A = R1A ^ R36;
15032 R3B = R1B ^ R37;
15033 R3C = R1C ^ R38;
15034 R3D = R1D ^ R39;
15035 R3E = R1E ^ R3A;
15036 R3F = R1F ^ R3B;
15037 R40 = R20 ^ HEAP[sbox | R3D] ^ 2;
15038 R41 = R21 ^ HEAP[sbox | R3E];
15039 R42 = R22 ^ HEAP[sbox | R3F];
15040 R43 = R23 ^ HEAP[sbox | R3C];
15041 R44 = R24 ^ R40;
15042 R45 = R25 ^ R41;
15043 R46 = R26 ^ R42;
15044 R47 = R27 ^ R43;
15045 R48 = R28 ^ R44;
15046 R49 = R29 ^ R45;
15047 R4A = R2A ^ R46;
15048 R4B = R2B ^ R47;
15049 R4C = R2C ^ R48;
15050 R4D = R2D ^ R49;
15051 R4E = R2E ^ R4A;
15052 R4F = R2F ^ R4B;
15053 R50 = R30 ^ HEAP[sbox | R4C];
15054 R51 = R31 ^ HEAP[sbox | R4D];
15055 R52 = R32 ^ HEAP[sbox | R4E];
15056 R53 = R33 ^ HEAP[sbox | R4F];
15057 R54 = R34 ^ R50;
15058 R55 = R35 ^ R51;
15059 R56 = R36 ^ R52;
15060 R57 = R37 ^ R53;
15061 R58 = R38 ^ R54;
15062 R59 = R39 ^ R55;
15063 R5A = R3A ^ R56;
15064 R5B = R3B ^ R57;
15065 R5C = R3C ^ R58;
15066 R5D = R3D ^ R59;
15067 R5E = R3E ^ R5A;
15068 R5F = R3F ^ R5B;
15069 R60 = R40 ^ HEAP[sbox | R5D] ^ 4;
15070 R61 = R41 ^ HEAP[sbox | R5E];
15071 R62 = R42 ^ HEAP[sbox | R5F];
15072 R63 = R43 ^ HEAP[sbox | R5C];
15073 R64 = R44 ^ R60;
15074 R65 = R45 ^ R61;
15075 R66 = R46 ^ R62;
15076 R67 = R47 ^ R63;
15077 R68 = R48 ^ R64;
15078 R69 = R49 ^ R65;
15079 R6A = R4A ^ R66;
15080 R6B = R4B ^ R67;
15081 R6C = R4C ^ R68;
15082 R6D = R4D ^ R69;
15083 R6E = R4E ^ R6A;
15084 R6F = R4F ^ R6B;
15085 R70 = R50 ^ HEAP[sbox | R6C];
15086 R71 = R51 ^ HEAP[sbox | R6D];
15087 R72 = R52 ^ HEAP[sbox | R6E];
15088 R73 = R53 ^ HEAP[sbox | R6F];
15089 R74 = R54 ^ R70;
15090 R75 = R55 ^ R71;
15091 R76 = R56 ^ R72;
15092 R77 = R57 ^ R73;
15093 R78 = R58 ^ R74;
15094 R79 = R59 ^ R75;
15095 R7A = R5A ^ R76;
15096 R7B = R5B ^ R77;
15097 R7C = R5C ^ R78;
15098 R7D = R5D ^ R79;
15099 R7E = R5E ^ R7A;
15100 R7F = R5F ^ R7B;
15101 R80 = R60 ^ HEAP[sbox | R7D] ^ 8;
15102 R81 = R61 ^ HEAP[sbox | R7E];
15103 R82 = R62 ^ HEAP[sbox | R7F];
15104 R83 = R63 ^ HEAP[sbox | R7C];
15105 R84 = R64 ^ R80;
15106 R85 = R65 ^ R81;
15107 R86 = R66 ^ R82;
15108 R87 = R67 ^ R83;
15109 R88 = R68 ^ R84;
15110 R89 = R69 ^ R85;
15111 R8A = R6A ^ R86;
15112 R8B = R6B ^ R87;
15113 R8C = R6C ^ R88;
15114 R8D = R6D ^ R89;
15115 R8E = R6E ^ R8A;
15116 R8F = R6F ^ R8B;
15117 R90 = R70 ^ HEAP[sbox | R8C];
15118 R91 = R71 ^ HEAP[sbox | R8D];
15119 R92 = R72 ^ HEAP[sbox | R8E];
15120 R93 = R73 ^ HEAP[sbox | R8F];
15121 R94 = R74 ^ R90;
15122 R95 = R75 ^ R91;
15123 R96 = R76 ^ R92;
15124 R97 = R77 ^ R93;
15125 R98 = R78 ^ R94;
15126 R99 = R79 ^ R95;
15127 R9A = R7A ^ R96;
15128 R9B = R7B ^ R97;
15129 R9C = R7C ^ R98;
15130 R9D = R7D ^ R99;
15131 R9E = R7E ^ R9A;
15132 R9F = R7F ^ R9B;
15133 RA0 = R80 ^ HEAP[sbox | R9D] ^ 16;
15134 RA1 = R81 ^ HEAP[sbox | R9E];
15135 RA2 = R82 ^ HEAP[sbox | R9F];
15136 RA3 = R83 ^ HEAP[sbox | R9C];
15137 RA4 = R84 ^ RA0;
15138 RA5 = R85 ^ RA1;
15139 RA6 = R86 ^ RA2;
15140 RA7 = R87 ^ RA3;
15141 RA8 = R88 ^ RA4;
15142 RA9 = R89 ^ RA5;
15143 RAA = R8A ^ RA6;
15144 RAB = R8B ^ RA7;
15145 RAC = R8C ^ RA8;
15146 RAD = R8D ^ RA9;
15147 RAE = R8E ^ RAA;
15148 RAF = R8F ^ RAB;
15149 RB0 = R90 ^ HEAP[sbox | RAC];
15150 RB1 = R91 ^ HEAP[sbox | RAD];
15151 RB2 = R92 ^ HEAP[sbox | RAE];
15152 RB3 = R93 ^ HEAP[sbox | RAF];
15153 RB4 = R94 ^ RB0;
15154 RB5 = R95 ^ RB1;
15155 RB6 = R96 ^ RB2;
15156 RB7 = R97 ^ RB3;
15157 RB8 = R98 ^ RB4;
15158 RB9 = R99 ^ RB5;
15159 RBA = R9A ^ RB6;
15160 RBB = R9B ^ RB7;
15161 RBC = R9C ^ RB8;
15162 RBD = R9D ^ RB9;
15163 RBE = R9E ^ RBA;
15164 RBF = R9F ^ RBB;
15165 RC0 = RA0 ^ HEAP[sbox | RBD] ^ 32;
15166 RC1 = RA1 ^ HEAP[sbox | RBE];
15167 RC2 = RA2 ^ HEAP[sbox | RBF];
15168 RC3 = RA3 ^ HEAP[sbox | RBC];
15169 RC4 = RA4 ^ RC0;
15170 RC5 = RA5 ^ RC1;
15171 RC6 = RA6 ^ RC2;
15172 RC7 = RA7 ^ RC3;
15173 RC8 = RA8 ^ RC4;
15174 RC9 = RA9 ^ RC5;
15175 RCA = RAA ^ RC6;
15176 RCB = RAB ^ RC7;
15177 RCC = RAC ^ RC8;
15178 RCD = RAD ^ RC9;
15179 RCE = RAE ^ RCA;
15180 RCF = RAF ^ RCB;
15181 RD0 = RB0 ^ HEAP[sbox | RCC];
15182 RD1 = RB1 ^ HEAP[sbox | RCD];
15183 RD2 = RB2 ^ HEAP[sbox | RCE];
15184 RD3 = RB3 ^ HEAP[sbox | RCF];
15185 RD4 = RB4 ^ RD0;
15186 RD5 = RB5 ^ RD1;
15187 RD6 = RB6 ^ RD2;
15188 RD7 = RB7 ^ RD3;
15189 RD8 = RB8 ^ RD4;
15190 RD9 = RB9 ^ RD5;
15191 RDA = RBA ^ RD6;
15192 RDB = RBB ^ RD7;
15193 RDC = RBC ^ RD8;
15194 RDD = RBD ^ RD9;
15195 RDE = RBE ^ RDA;
15196 RDF = RBF ^ RDB;
15197 RE0 = RC0 ^ HEAP[sbox | RDD] ^ 64;
15198 RE1 = RC1 ^ HEAP[sbox | RDE];
15199 RE2 = RC2 ^ HEAP[sbox | RDF];
15200 RE3 = RC3 ^ HEAP[sbox | RDC];
15201 RE4 = RC4 ^ RE0;
15202 RE5 = RC5 ^ RE1;
15203 RE6 = RC6 ^ RE2;
15204 RE7 = RC7 ^ RE3;
15205 RE8 = RC8 ^ RE4;
15206 RE9 = RC9 ^ RE5;
15207 REA = RCA ^ RE6;
15208 REB = RCB ^ RE7;
15209 REC = RCC ^ RE8;
15210 RED = RCD ^ RE9;
15211 REE = RCE ^ REA;
15212 REF = RCF ^ REB;
15213 }
15214 function _encrypt(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
15215 s0 = s0 | 0;
15216 s1 = s1 | 0;
15217 s2 = s2 | 0;
15218 s3 = s3 | 0;
15219 s4 = s4 | 0;
15220 s5 = s5 | 0;
15221 s6 = s6 | 0;
15222 s7 = s7 | 0;
15223 s8 = s8 | 0;
15224 s9 = s9 | 0;
15225 sA = sA | 0;
15226 sB = sB | 0;
15227 sC = sC | 0;
15228 sD = sD | 0;
15229 sE = sE | 0;
15230 sF = sF | 0;
15231 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, tA = 0, tB = 0, tC = 0, tD = 0, tE = 0, tF = 0, sbox = 0, x2_sbox = 512, x3_sbox = 768;
15232 s0 = s0 ^ R00;
15233 s1 = s1 ^ R01;
15234 s2 = s2 ^ R02;
15235 s3 = s3 ^ R03;
15236 s4 = s4 ^ R04;
15237 s5 = s5 ^ R05;
15238 s6 = s6 ^ R06;
15239 s7 = s7 ^ R07;
15240 s8 = s8 ^ R08;
15241 s9 = s9 ^ R09;
15242 sA = sA ^ R0A;
15243 sB = sB ^ R0B;
15244 sC = sC ^ R0C;
15245 sD = sD ^ R0D;
15246 sE = sE ^ R0E;
15247 sF = sF ^ R0F;
15248 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R10;
15249 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R11;
15250 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R12;
15251 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R13;
15252 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R14;
15253 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R15;
15254 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R16;
15255 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R17;
15256 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R18;
15257 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R19;
15258 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R1A;
15259 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R1B;
15260 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R1C;
15261 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R1D;
15262 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R1E;
15263 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R1F;
15264 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R20;
15265 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R21;
15266 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R22;
15267 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R23;
15268 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R24;
15269 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R25;
15270 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R26;
15271 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R27;
15272 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R28;
15273 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R29;
15274 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R2A;
15275 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R2B;
15276 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R2C;
15277 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R2D;
15278 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R2E;
15279 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R2F;
15280 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R30;
15281 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R31;
15282 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R32;
15283 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R33;
15284 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R34;
15285 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R35;
15286 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R36;
15287 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R37;
15288 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R38;
15289 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R39;
15290 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R3A;
15291 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R3B;
15292 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R3C;
15293 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R3D;
15294 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R3E;
15295 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R3F;
15296 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R40;
15297 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R41;
15298 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R42;
15299 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R43;
15300 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R44;
15301 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R45;
15302 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R46;
15303 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R47;
15304 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R48;
15305 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R49;
15306 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R4A;
15307 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R4B;
15308 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R4C;
15309 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R4D;
15310 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R4E;
15311 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R4F;
15312 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R50;
15313 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R51;
15314 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R52;
15315 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R53;
15316 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R54;
15317 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R55;
15318 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R56;
15319 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R57;
15320 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R58;
15321 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R59;
15322 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R5A;
15323 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R5B;
15324 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R5C;
15325 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R5D;
15326 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R5E;
15327 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R5F;
15328 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R60;
15329 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R61;
15330 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R62;
15331 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R63;
15332 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R64;
15333 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R65;
15334 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R66;
15335 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R67;
15336 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R68;
15337 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R69;
15338 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R6A;
15339 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R6B;
15340 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R6C;
15341 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R6D;
15342 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R6E;
15343 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R6F;
15344 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R70;
15345 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R71;
15346 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R72;
15347 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R73;
15348 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R74;
15349 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R75;
15350 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R76;
15351 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R77;
15352 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R78;
15353 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R79;
15354 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R7A;
15355 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R7B;
15356 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R7C;
15357 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R7D;
15358 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R7E;
15359 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R7F;
15360 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R80;
15361 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R81;
15362 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R82;
15363 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R83;
15364 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R84;
15365 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R85;
15366 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R86;
15367 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R87;
15368 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R88;
15369 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R89;
15370 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R8A;
15371 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R8B;
15372 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R8C;
15373 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R8D;
15374 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R8E;
15375 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R8F;
15376 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R90;
15377 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R91;
15378 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R92;
15379 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R93;
15380 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R94;
15381 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R95;
15382 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R96;
15383 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R97;
15384 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R98;
15385 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R99;
15386 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R9A;
15387 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R9B;
15388 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R9C;
15389 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R9D;
15390 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R9E;
15391 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R9F;
15392 if ((keySize | 0) == 16) {
15393 S0 = HEAP[sbox | t0] ^ RA0;
15394 S1 = HEAP[sbox | t5] ^ RA1;
15395 S2 = HEAP[sbox | tA] ^ RA2;
15396 S3 = HEAP[sbox | tF] ^ RA3;
15397 S4 = HEAP[sbox | t4] ^ RA4;
15398 S5 = HEAP[sbox | t9] ^ RA5;
15399 S6 = HEAP[sbox | tE] ^ RA6;
15400 S7 = HEAP[sbox | t3] ^ RA7;
15401 S8 = HEAP[sbox | t8] ^ RA8;
15402 S9 = HEAP[sbox | tD] ^ RA9;
15403 SA = HEAP[sbox | t2] ^ RAA;
15404 SB = HEAP[sbox | t7] ^ RAB;
15405 SC = HEAP[sbox | tC] ^ RAC;
15406 SD = HEAP[sbox | t1] ^ RAD;
15407 SE = HEAP[sbox | t6] ^ RAE;
15408 SF = HEAP[sbox | tB] ^ RAF;
15409 return;
15410 }
15411 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ RA0;
15412 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ RA1;
15413 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ RA2;
15414 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ RA3;
15415 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ RA4;
15416 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ RA5;
15417 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ RA6;
15418 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ RA7;
15419 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ RA8;
15420 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ RA9;
15421 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ RAA;
15422 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ RAB;
15423 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ RAC;
15424 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ RAD;
15425 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ RAE;
15426 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ RAF;
15427 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ RB0;
15428 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ RB1;
15429 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ RB2;
15430 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ RB3;
15431 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ RB4;
15432 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ RB5;
15433 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ RB6;
15434 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ RB7;
15435 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ RB8;
15436 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ RB9;
15437 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ RBA;
15438 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ RBB;
15439 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ RBC;
15440 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ RBD;
15441 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ RBE;
15442 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ RBF;
15443 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ RC0;
15444 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ RC1;
15445 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ RC2;
15446 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ RC3;
15447 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ RC4;
15448 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ RC5;
15449 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ RC6;
15450 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ RC7;
15451 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ RC8;
15452 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ RC9;
15453 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ RCA;
15454 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ RCB;
15455 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ RCC;
15456 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ RCD;
15457 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ RCE;
15458 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ RCF;
15459 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ RD0;
15460 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ RD1;
15461 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ RD2;
15462 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ RD3;
15463 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ RD4;
15464 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ RD5;
15465 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ RD6;
15466 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ RD7;
15467 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ RD8;
15468 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ RD9;
15469 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ RDA;
15470 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ RDB;
15471 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ RDC;
15472 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ RDD;
15473 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ RDE;
15474 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ RDF;
15475 S0 = HEAP[sbox | t0] ^ RE0;
15476 S1 = HEAP[sbox | t5] ^ RE1;
15477 S2 = HEAP[sbox | tA] ^ RE2;
15478 S3 = HEAP[sbox | tF] ^ RE3;
15479 S4 = HEAP[sbox | t4] ^ RE4;
15480 S5 = HEAP[sbox | t9] ^ RE5;
15481 S6 = HEAP[sbox | tE] ^ RE6;
15482 S7 = HEAP[sbox | t3] ^ RE7;
15483 S8 = HEAP[sbox | t8] ^ RE8;
15484 S9 = HEAP[sbox | tD] ^ RE9;
15485 SA = HEAP[sbox | t2] ^ REA;
15486 SB = HEAP[sbox | t7] ^ REB;
15487 SC = HEAP[sbox | tC] ^ REC;
15488 SD = HEAP[sbox | t1] ^ RED;
15489 SE = HEAP[sbox | t6] ^ REE;
15490 SF = HEAP[sbox | tB] ^ REF;
15491 }
15492 function _decrypt(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
15493 s0 = s0 | 0;
15494 s1 = s1 | 0;
15495 s2 = s2 | 0;
15496 s3 = s3 | 0;
15497 s4 = s4 | 0;
15498 s5 = s5 | 0;
15499 s6 = s6 | 0;
15500 s7 = s7 | 0;
15501 s8 = s8 | 0;
15502 s9 = s9 | 0;
15503 sA = sA | 0;
15504 sB = sB | 0;
15505 sC = sC | 0;
15506 sD = sD | 0;
15507 sE = sE | 0;
15508 sF = sF | 0;
15509 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, tA = 0, tB = 0, tC = 0, tD = 0, tE = 0, tF = 0, inv_sbox = 256, x9 = 1024, xB = 1280, xD = 1536, xE = 1792;
15510 if ((keySize | 0) == 32) {
15511 t0 = HEAP[inv_sbox | s0 ^ RE0] ^ RD0;
15512 t1 = HEAP[inv_sbox | sD ^ RED] ^ RD1;
15513 t2 = HEAP[inv_sbox | sA ^ REA] ^ RD2;
15514 t3 = HEAP[inv_sbox | s7 ^ RE7] ^ RD3;
15515 t4 = HEAP[inv_sbox | s4 ^ RE4] ^ RD4;
15516 t5 = HEAP[inv_sbox | s1 ^ RE1] ^ RD5;
15517 t6 = HEAP[inv_sbox | sE ^ REE] ^ RD6;
15518 t7 = HEAP[inv_sbox | sB ^ REB] ^ RD7;
15519 t8 = HEAP[inv_sbox | s8 ^ RE8] ^ RD8;
15520 t9 = HEAP[inv_sbox | s5 ^ RE5] ^ RD9;
15521 tA = HEAP[inv_sbox | s2 ^ RE2] ^ RDA;
15522 tB = HEAP[inv_sbox | sF ^ REF] ^ RDB;
15523 tC = HEAP[inv_sbox | sC ^ REC] ^ RDC;
15524 tD = HEAP[inv_sbox | s9 ^ RE9] ^ RDD;
15525 tE = HEAP[inv_sbox | s6 ^ RE6] ^ RDE;
15526 tF = HEAP[inv_sbox | s3 ^ RE3] ^ RDF;
15527 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15528 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15529 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15530 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15531 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15532 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15533 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15534 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15535 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15536 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15537 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15538 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15539 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15540 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15541 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15542 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15543 t0 = HEAP[inv_sbox | s0] ^ RC0;
15544 t1 = HEAP[inv_sbox | s1] ^ RC1;
15545 t2 = HEAP[inv_sbox | s2] ^ RC2;
15546 t3 = HEAP[inv_sbox | s3] ^ RC3;
15547 t4 = HEAP[inv_sbox | s4] ^ RC4;
15548 t5 = HEAP[inv_sbox | s5] ^ RC5;
15549 t6 = HEAP[inv_sbox | s6] ^ RC6;
15550 t7 = HEAP[inv_sbox | s7] ^ RC7;
15551 t8 = HEAP[inv_sbox | s8] ^ RC8;
15552 t9 = HEAP[inv_sbox | s9] ^ RC9;
15553 tA = HEAP[inv_sbox | sA] ^ RCA;
15554 tB = HEAP[inv_sbox | sB] ^ RCB;
15555 tC = HEAP[inv_sbox | sC] ^ RCC;
15556 tD = HEAP[inv_sbox | sD] ^ RCD;
15557 tE = HEAP[inv_sbox | sE] ^ RCE;
15558 tF = HEAP[inv_sbox | sF] ^ RCF;
15559 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15560 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15561 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15562 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15563 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15564 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15565 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15566 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15567 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15568 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15569 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15570 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15571 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15572 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15573 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15574 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15575 t0 = HEAP[inv_sbox | s0] ^ RB0;
15576 t1 = HEAP[inv_sbox | s1] ^ RB1;
15577 t2 = HEAP[inv_sbox | s2] ^ RB2;
15578 t3 = HEAP[inv_sbox | s3] ^ RB3;
15579 t4 = HEAP[inv_sbox | s4] ^ RB4;
15580 t5 = HEAP[inv_sbox | s5] ^ RB5;
15581 t6 = HEAP[inv_sbox | s6] ^ RB6;
15582 t7 = HEAP[inv_sbox | s7] ^ RB7;
15583 t8 = HEAP[inv_sbox | s8] ^ RB8;
15584 t9 = HEAP[inv_sbox | s9] ^ RB9;
15585 tA = HEAP[inv_sbox | sA] ^ RBA;
15586 tB = HEAP[inv_sbox | sB] ^ RBB;
15587 tC = HEAP[inv_sbox | sC] ^ RBC;
15588 tD = HEAP[inv_sbox | sD] ^ RBD;
15589 tE = HEAP[inv_sbox | sE] ^ RBE;
15590 tF = HEAP[inv_sbox | sF] ^ RBF;
15591 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15592 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15593 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15594 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15595 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15596 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15597 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15598 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15599 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15600 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15601 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15602 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15603 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15604 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15605 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15606 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15607 t0 = HEAP[inv_sbox | s0] ^ RA0;
15608 t1 = HEAP[inv_sbox | s1] ^ RA1;
15609 t2 = HEAP[inv_sbox | s2] ^ RA2;
15610 t3 = HEAP[inv_sbox | s3] ^ RA3;
15611 t4 = HEAP[inv_sbox | s4] ^ RA4;
15612 t5 = HEAP[inv_sbox | s5] ^ RA5;
15613 t6 = HEAP[inv_sbox | s6] ^ RA6;
15614 t7 = HEAP[inv_sbox | s7] ^ RA7;
15615 t8 = HEAP[inv_sbox | s8] ^ RA8;
15616 t9 = HEAP[inv_sbox | s9] ^ RA9;
15617 tA = HEAP[inv_sbox | sA] ^ RAA;
15618 tB = HEAP[inv_sbox | sB] ^ RAB;
15619 tC = HEAP[inv_sbox | sC] ^ RAC;
15620 tD = HEAP[inv_sbox | sD] ^ RAD;
15621 tE = HEAP[inv_sbox | sE] ^ RAE;
15622 tF = HEAP[inv_sbox | sF] ^ RAF;
15623 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15624 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15625 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15626 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15627 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15628 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15629 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15630 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15631 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15632 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15633 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15634 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15635 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15636 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15637 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15638 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15639 t0 = HEAP[inv_sbox | s0] ^ R90;
15640 t1 = HEAP[inv_sbox | s1] ^ R91;
15641 t2 = HEAP[inv_sbox | s2] ^ R92;
15642 t3 = HEAP[inv_sbox | s3] ^ R93;
15643 t4 = HEAP[inv_sbox | s4] ^ R94;
15644 t5 = HEAP[inv_sbox | s5] ^ R95;
15645 t6 = HEAP[inv_sbox | s6] ^ R96;
15646 t7 = HEAP[inv_sbox | s7] ^ R97;
15647 t8 = HEAP[inv_sbox | s8] ^ R98;
15648 t9 = HEAP[inv_sbox | s9] ^ R99;
15649 tA = HEAP[inv_sbox | sA] ^ R9A;
15650 tB = HEAP[inv_sbox | sB] ^ R9B;
15651 tC = HEAP[inv_sbox | sC] ^ R9C;
15652 tD = HEAP[inv_sbox | sD] ^ R9D;
15653 tE = HEAP[inv_sbox | sE] ^ R9E;
15654 tF = HEAP[inv_sbox | sF] ^ R9F;
15655 } else {
15656 t0 = HEAP[inv_sbox | s0 ^ RA0] ^ R90;
15657 t1 = HEAP[inv_sbox | sD ^ RAD] ^ R91;
15658 t2 = HEAP[inv_sbox | sA ^ RAA] ^ R92;
15659 t3 = HEAP[inv_sbox | s7 ^ RA7] ^ R93;
15660 t4 = HEAP[inv_sbox | s4 ^ RA4] ^ R94;
15661 t5 = HEAP[inv_sbox | s1 ^ RA1] ^ R95;
15662 t6 = HEAP[inv_sbox | sE ^ RAE] ^ R96;
15663 t7 = HEAP[inv_sbox | sB ^ RAB] ^ R97;
15664 t8 = HEAP[inv_sbox | s8 ^ RA8] ^ R98;
15665 t9 = HEAP[inv_sbox | s5 ^ RA5] ^ R99;
15666 tA = HEAP[inv_sbox | s2 ^ RA2] ^ R9A;
15667 tB = HEAP[inv_sbox | sF ^ RAF] ^ R9B;
15668 tC = HEAP[inv_sbox | sC ^ RAC] ^ R9C;
15669 tD = HEAP[inv_sbox | s9 ^ RA9] ^ R9D;
15670 tE = HEAP[inv_sbox | s6 ^ RA6] ^ R9E;
15671 tF = HEAP[inv_sbox | s3 ^ RA3] ^ R9F;
15672 }
15673 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15674 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15675 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15676 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15677 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15678 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15679 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15680 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15681 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15682 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15683 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15684 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15685 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15686 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15687 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15688 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15689 t0 = HEAP[inv_sbox | s0] ^ R80;
15690 t1 = HEAP[inv_sbox | s1] ^ R81;
15691 t2 = HEAP[inv_sbox | s2] ^ R82;
15692 t3 = HEAP[inv_sbox | s3] ^ R83;
15693 t4 = HEAP[inv_sbox | s4] ^ R84;
15694 t5 = HEAP[inv_sbox | s5] ^ R85;
15695 t6 = HEAP[inv_sbox | s6] ^ R86;
15696 t7 = HEAP[inv_sbox | s7] ^ R87;
15697 t8 = HEAP[inv_sbox | s8] ^ R88;
15698 t9 = HEAP[inv_sbox | s9] ^ R89;
15699 tA = HEAP[inv_sbox | sA] ^ R8A;
15700 tB = HEAP[inv_sbox | sB] ^ R8B;
15701 tC = HEAP[inv_sbox | sC] ^ R8C;
15702 tD = HEAP[inv_sbox | sD] ^ R8D;
15703 tE = HEAP[inv_sbox | sE] ^ R8E;
15704 tF = HEAP[inv_sbox | sF] ^ R8F;
15705 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15706 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15707 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15708 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15709 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15710 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15711 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15712 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15713 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15714 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15715 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15716 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15717 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15718 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15719 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15720 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15721 t0 = HEAP[inv_sbox | s0] ^ R70;
15722 t1 = HEAP[inv_sbox | s1] ^ R71;
15723 t2 = HEAP[inv_sbox | s2] ^ R72;
15724 t3 = HEAP[inv_sbox | s3] ^ R73;
15725 t4 = HEAP[inv_sbox | s4] ^ R74;
15726 t5 = HEAP[inv_sbox | s5] ^ R75;
15727 t6 = HEAP[inv_sbox | s6] ^ R76;
15728 t7 = HEAP[inv_sbox | s7] ^ R77;
15729 t8 = HEAP[inv_sbox | s8] ^ R78;
15730 t9 = HEAP[inv_sbox | s9] ^ R79;
15731 tA = HEAP[inv_sbox | sA] ^ R7A;
15732 tB = HEAP[inv_sbox | sB] ^ R7B;
15733 tC = HEAP[inv_sbox | sC] ^ R7C;
15734 tD = HEAP[inv_sbox | sD] ^ R7D;
15735 tE = HEAP[inv_sbox | sE] ^ R7E;
15736 tF = HEAP[inv_sbox | sF] ^ R7F;
15737 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15738 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15739 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15740 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15741 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15742 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15743 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15744 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15745 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15746 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15747 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15748 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15749 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15750 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15751 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15752 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15753 t0 = HEAP[inv_sbox | s0] ^ R60;
15754 t1 = HEAP[inv_sbox | s1] ^ R61;
15755 t2 = HEAP[inv_sbox | s2] ^ R62;
15756 t3 = HEAP[inv_sbox | s3] ^ R63;
15757 t4 = HEAP[inv_sbox | s4] ^ R64;
15758 t5 = HEAP[inv_sbox | s5] ^ R65;
15759 t6 = HEAP[inv_sbox | s6] ^ R66;
15760 t7 = HEAP[inv_sbox | s7] ^ R67;
15761 t8 = HEAP[inv_sbox | s8] ^ R68;
15762 t9 = HEAP[inv_sbox | s9] ^ R69;
15763 tA = HEAP[inv_sbox | sA] ^ R6A;
15764 tB = HEAP[inv_sbox | sB] ^ R6B;
15765 tC = HEAP[inv_sbox | sC] ^ R6C;
15766 tD = HEAP[inv_sbox | sD] ^ R6D;
15767 tE = HEAP[inv_sbox | sE] ^ R6E;
15768 tF = HEAP[inv_sbox | sF] ^ R6F;
15769 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15770 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15771 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15772 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15773 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15774 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15775 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15776 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15777 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15778 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15779 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15780 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15781 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15782 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15783 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15784 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15785 t0 = HEAP[inv_sbox | s0] ^ R50;
15786 t1 = HEAP[inv_sbox | s1] ^ R51;
15787 t2 = HEAP[inv_sbox | s2] ^ R52;
15788 t3 = HEAP[inv_sbox | s3] ^ R53;
15789 t4 = HEAP[inv_sbox | s4] ^ R54;
15790 t5 = HEAP[inv_sbox | s5] ^ R55;
15791 t6 = HEAP[inv_sbox | s6] ^ R56;
15792 t7 = HEAP[inv_sbox | s7] ^ R57;
15793 t8 = HEAP[inv_sbox | s8] ^ R58;
15794 t9 = HEAP[inv_sbox | s9] ^ R59;
15795 tA = HEAP[inv_sbox | sA] ^ R5A;
15796 tB = HEAP[inv_sbox | sB] ^ R5B;
15797 tC = HEAP[inv_sbox | sC] ^ R5C;
15798 tD = HEAP[inv_sbox | sD] ^ R5D;
15799 tE = HEAP[inv_sbox | sE] ^ R5E;
15800 tF = HEAP[inv_sbox | sF] ^ R5F;
15801 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15802 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15803 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15804 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15805 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15806 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15807 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15808 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15809 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15810 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15811 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15812 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15813 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15814 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15815 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15816 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15817 t0 = HEAP[inv_sbox | s0] ^ R40;
15818 t1 = HEAP[inv_sbox | s1] ^ R41;
15819 t2 = HEAP[inv_sbox | s2] ^ R42;
15820 t3 = HEAP[inv_sbox | s3] ^ R43;
15821 t4 = HEAP[inv_sbox | s4] ^ R44;
15822 t5 = HEAP[inv_sbox | s5] ^ R45;
15823 t6 = HEAP[inv_sbox | s6] ^ R46;
15824 t7 = HEAP[inv_sbox | s7] ^ R47;
15825 t8 = HEAP[inv_sbox | s8] ^ R48;
15826 t9 = HEAP[inv_sbox | s9] ^ R49;
15827 tA = HEAP[inv_sbox | sA] ^ R4A;
15828 tB = HEAP[inv_sbox | sB] ^ R4B;
15829 tC = HEAP[inv_sbox | sC] ^ R4C;
15830 tD = HEAP[inv_sbox | sD] ^ R4D;
15831 tE = HEAP[inv_sbox | sE] ^ R4E;
15832 tF = HEAP[inv_sbox | sF] ^ R4F;
15833 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15834 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15835 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15836 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15837 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15838 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15839 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15840 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15841 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15842 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15843 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15844 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15845 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15846 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15847 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15848 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15849 t0 = HEAP[inv_sbox | s0] ^ R30;
15850 t1 = HEAP[inv_sbox | s1] ^ R31;
15851 t2 = HEAP[inv_sbox | s2] ^ R32;
15852 t3 = HEAP[inv_sbox | s3] ^ R33;
15853 t4 = HEAP[inv_sbox | s4] ^ R34;
15854 t5 = HEAP[inv_sbox | s5] ^ R35;
15855 t6 = HEAP[inv_sbox | s6] ^ R36;
15856 t7 = HEAP[inv_sbox | s7] ^ R37;
15857 t8 = HEAP[inv_sbox | s8] ^ R38;
15858 t9 = HEAP[inv_sbox | s9] ^ R39;
15859 tA = HEAP[inv_sbox | sA] ^ R3A;
15860 tB = HEAP[inv_sbox | sB] ^ R3B;
15861 tC = HEAP[inv_sbox | sC] ^ R3C;
15862 tD = HEAP[inv_sbox | sD] ^ R3D;
15863 tE = HEAP[inv_sbox | sE] ^ R3E;
15864 tF = HEAP[inv_sbox | sF] ^ R3F;
15865 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15866 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15867 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15868 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15869 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15870 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15871 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15872 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15873 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15874 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15875 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15876 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15877 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15878 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15879 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15880 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15881 t0 = HEAP[inv_sbox | s0] ^ R20;
15882 t1 = HEAP[inv_sbox | s1] ^ R21;
15883 t2 = HEAP[inv_sbox | s2] ^ R22;
15884 t3 = HEAP[inv_sbox | s3] ^ R23;
15885 t4 = HEAP[inv_sbox | s4] ^ R24;
15886 t5 = HEAP[inv_sbox | s5] ^ R25;
15887 t6 = HEAP[inv_sbox | s6] ^ R26;
15888 t7 = HEAP[inv_sbox | s7] ^ R27;
15889 t8 = HEAP[inv_sbox | s8] ^ R28;
15890 t9 = HEAP[inv_sbox | s9] ^ R29;
15891 tA = HEAP[inv_sbox | sA] ^ R2A;
15892 tB = HEAP[inv_sbox | sB] ^ R2B;
15893 tC = HEAP[inv_sbox | sC] ^ R2C;
15894 tD = HEAP[inv_sbox | sD] ^ R2D;
15895 tE = HEAP[inv_sbox | sE] ^ R2E;
15896 tF = HEAP[inv_sbox | sF] ^ R2F;
15897 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15898 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15899 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15900 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15901 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15902 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15903 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15904 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15905 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15906 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15907 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15908 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15909 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15910 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15911 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15912 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15913 t0 = HEAP[inv_sbox | s0] ^ R10;
15914 t1 = HEAP[inv_sbox | s1] ^ R11;
15915 t2 = HEAP[inv_sbox | s2] ^ R12;
15916 t3 = HEAP[inv_sbox | s3] ^ R13;
15917 t4 = HEAP[inv_sbox | s4] ^ R14;
15918 t5 = HEAP[inv_sbox | s5] ^ R15;
15919 t6 = HEAP[inv_sbox | s6] ^ R16;
15920 t7 = HEAP[inv_sbox | s7] ^ R17;
15921 t8 = HEAP[inv_sbox | s8] ^ R18;
15922 t9 = HEAP[inv_sbox | s9] ^ R19;
15923 tA = HEAP[inv_sbox | sA] ^ R1A;
15924 tB = HEAP[inv_sbox | sB] ^ R1B;
15925 tC = HEAP[inv_sbox | sC] ^ R1C;
15926 tD = HEAP[inv_sbox | sD] ^ R1D;
15927 tE = HEAP[inv_sbox | sE] ^ R1E;
15928 tF = HEAP[inv_sbox | sF] ^ R1F;
15929 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
15930 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
15931 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
15932 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
15933 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
15934 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
15935 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
15936 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
15937 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
15938 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
15939 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
15940 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
15941 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
15942 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
15943 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
15944 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
15945 S0 = HEAP[inv_sbox | s0] ^ R00;
15946 S1 = HEAP[inv_sbox | s1] ^ R01;
15947 S2 = HEAP[inv_sbox | s2] ^ R02;
15948 S3 = HEAP[inv_sbox | s3] ^ R03;
15949 S4 = HEAP[inv_sbox | s4] ^ R04;
15950 S5 = HEAP[inv_sbox | s5] ^ R05;
15951 S6 = HEAP[inv_sbox | s6] ^ R06;
15952 S7 = HEAP[inv_sbox | s7] ^ R07;
15953 S8 = HEAP[inv_sbox | s8] ^ R08;
15954 S9 = HEAP[inv_sbox | s9] ^ R09;
15955 SA = HEAP[inv_sbox | sA] ^ R0A;
15956 SB = HEAP[inv_sbox | sB] ^ R0B;
15957 SC = HEAP[inv_sbox | sC] ^ R0C;
15958 SD = HEAP[inv_sbox | sD] ^ R0D;
15959 SE = HEAP[inv_sbox | sE] ^ R0E;
15960 SF = HEAP[inv_sbox | sF] ^ R0F;
15961 }
15962 function init_state(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
15963 s0 = s0 | 0;
15964 s1 = s1 | 0;
15965 s2 = s2 | 0;
15966 s3 = s3 | 0;
15967 s4 = s4 | 0;
15968 s5 = s5 | 0;
15969 s6 = s6 | 0;
15970 s7 = s7 | 0;
15971 s8 = s8 | 0;
15972 s9 = s9 | 0;
15973 sA = sA | 0;
15974 sB = sB | 0;
15975 sC = sC | 0;
15976 sD = sD | 0;
15977 sE = sE | 0;
15978 sF = sF | 0;
15979 S0 = s0;
15980 S1 = s1;
15981 S2 = s2;
15982 S3 = s3;
15983 S4 = s4;
15984 S5 = s5;
15985 S6 = s6;
15986 S7 = s7;
15987 S8 = s8;
15988 S9 = s9;
15989 SA = sA;
15990 SB = sB;
15991 SC = sC;
15992 SD = sD;
15993 SE = sE;
15994 SF = sF;
15995 }
15996 function save_state(offset) {
15997 offset = offset | 0;
15998 HEAP[offset] = S0;
15999 HEAP[offset | 1] = S1;
16000 HEAP[offset | 2] = S2;
16001 HEAP[offset | 3] = S3;
16002 HEAP[offset | 4] = S4;
16003 HEAP[offset | 5] = S5;
16004 HEAP[offset | 6] = S6;
16005 HEAP[offset | 7] = S7;
16006 HEAP[offset | 8] = S8;
16007 HEAP[offset | 9] = S9;
16008 HEAP[offset | 10] = SA;
16009 HEAP[offset | 11] = SB;
16010 HEAP[offset | 12] = SC;
16011 HEAP[offset | 13] = SD;
16012 HEAP[offset | 14] = SE;
16013 HEAP[offset | 15] = SF;
16014 }
16015 function init_key_128(k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, kA, kB, kC, kD, kE, kF) {
16016 k0 = k0 | 0;
16017 k1 = k1 | 0;
16018 k2 = k2 | 0;
16019 k3 = k3 | 0;
16020 k4 = k4 | 0;
16021 k5 = k5 | 0;
16022 k6 = k6 | 0;
16023 k7 = k7 | 0;
16024 k8 = k8 | 0;
16025 k9 = k9 | 0;
16026 kA = kA | 0;
16027 kB = kB | 0;
16028 kC = kC | 0;
16029 kD = kD | 0;
16030 kE = kE | 0;
16031 kF = kF | 0;
16032 R00 = k0;
16033 R01 = k1;
16034 R02 = k2;
16035 R03 = k3;
16036 R04 = k4;
16037 R05 = k5;
16038 R06 = k6;
16039 R07 = k7;
16040 R08 = k8;
16041 R09 = k9;
16042 R0A = kA;
16043 R0B = kB;
16044 R0C = kC;
16045 R0D = kD;
16046 R0E = kE;
16047 R0F = kF;
16048 keySize = 16;
16049 _expand_key_128();
16050 }
16051 function init_key_256(k00, k01, k02, k03, k04, k05, k06, k07, k08, k09, k0A, k0B, k0C, k0D, k0E, k0F, k10, k11, k12, k13, k14, k15, k16, k17, k18, k19, k1A, k1B, k1C, k1D, k1E, k1F) {
16052 k00 = k00 | 0;
16053 k01 = k01 | 0;
16054 k02 = k02 | 0;
16055 k03 = k03 | 0;
16056 k04 = k04 | 0;
16057 k05 = k05 | 0;
16058 k06 = k06 | 0;
16059 k07 = k07 | 0;
16060 k08 = k08 | 0;
16061 k09 = k09 | 0;
16062 k0A = k0A | 0;
16063 k0B = k0B | 0;
16064 k0C = k0C | 0;
16065 k0D = k0D | 0;
16066 k0E = k0E | 0;
16067 k0F = k0F | 0;
16068 k10 = k10 | 0;
16069 k11 = k11 | 0;
16070 k12 = k12 | 0;
16071 k13 = k13 | 0;
16072 k14 = k14 | 0;
16073 k15 = k15 | 0;
16074 k16 = k16 | 0;
16075 k17 = k17 | 0;
16076 k18 = k18 | 0;
16077 k19 = k19 | 0;
16078 k1A = k1A | 0;
16079 k1B = k1B | 0;
16080 k1C = k1C | 0;
16081 k1D = k1D | 0;
16082 k1E = k1E | 0;
16083 k1F = k1F | 0;
16084 R00 = k00;
16085 R01 = k01;
16086 R02 = k02;
16087 R03 = k03;
16088 R04 = k04;
16089 R05 = k05;
16090 R06 = k06;
16091 R07 = k07;
16092 R08 = k08;
16093 R09 = k09;
16094 R0A = k0A;
16095 R0B = k0B;
16096 R0C = k0C;
16097 R0D = k0D;
16098 R0E = k0E;
16099 R0F = k0F;
16100 R10 = k10;
16101 R11 = k11;
16102 R12 = k12;
16103 R13 = k13;
16104 R14 = k14;
16105 R15 = k15;
16106 R16 = k16;
16107 R17 = k17;
16108 R18 = k18;
16109 R19 = k19;
16110 R1A = k1A;
16111 R1B = k1B;
16112 R1C = k1C;
16113 R1D = k1D;
16114 R1E = k1E;
16115 R1F = k1F;
16116 keySize = 32;
16117 _expand_key_256();
16118 }
16119 function cbc_encrypt(offset, length) {
16120 offset = offset | 0;
16121 length = length | 0;
16122 var encrypted = 0;
16123 if (offset & 15) return -1;
16124 while ((length | 0) >= 16) {
16125 _encrypt(S0 ^ HEAP[offset], S1 ^ HEAP[offset | 1], S2 ^ HEAP[offset | 2], S3 ^ HEAP[offset | 3], S4 ^ HEAP[offset | 4], S5 ^ HEAP[offset | 5], S6 ^ HEAP[offset | 6], S7 ^ HEAP[offset | 7], S8 ^ HEAP[offset | 8], S9 ^ HEAP[offset | 9], SA ^ HEAP[offset | 10], SB ^ HEAP[offset | 11], SC ^ HEAP[offset | 12], SD ^ HEAP[offset | 13], SE ^ HEAP[offset | 14], SF ^ HEAP[offset | 15]);
16126 HEAP[offset] = S0;
16127 HEAP[offset | 1] = S1;
16128 HEAP[offset | 2] = S2;
16129 HEAP[offset | 3] = S3;
16130 HEAP[offset | 4] = S4;
16131 HEAP[offset | 5] = S5;
16132 HEAP[offset | 6] = S6;
16133 HEAP[offset | 7] = S7;
16134 HEAP[offset | 8] = S8;
16135 HEAP[offset | 9] = S9;
16136 HEAP[offset | 10] = SA;
16137 HEAP[offset | 11] = SB;
16138 HEAP[offset | 12] = SC;
16139 HEAP[offset | 13] = SD;
16140 HEAP[offset | 14] = SE;
16141 HEAP[offset | 15] = SF;
16142 offset = offset + 16 | 0;
16143 length = length - 16 | 0;
16144 encrypted = encrypted + 16 | 0;
16145 }
16146 return encrypted | 0;
16147 }
16148 function cbc_decrypt(offset, length) {
16149 offset = offset | 0;
16150 length = length | 0;
16151 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, decrypted = 0;
16152 if (offset & 15) return -1;
16153 iv0 = S0;
16154 iv1 = S1;
16155 iv2 = S2;
16156 iv3 = S3;
16157 iv4 = S4;
16158 iv5 = S5;
16159 iv6 = S6;
16160 iv7 = S7;
16161 iv8 = S8;
16162 iv9 = S9;
16163 ivA = SA;
16164 ivB = SB;
16165 ivC = SC;
16166 ivD = SD;
16167 ivE = SE;
16168 ivF = SF;
16169 while ((length | 0) >= 16) {
16170 _decrypt(HEAP[offset] | 0, HEAP[offset | 1] | 0, HEAP[offset | 2] | 0, HEAP[offset | 3] | 0, HEAP[offset | 4] | 0, HEAP[offset | 5] | 0, HEAP[offset | 6] | 0, HEAP[offset | 7] | 0, HEAP[offset | 8] | 0, HEAP[offset | 9] | 0, HEAP[offset | 10] | 0, HEAP[offset | 11] | 0, HEAP[offset | 12] | 0, HEAP[offset | 13] | 0, HEAP[offset | 14] | 0, HEAP[offset | 15] | 0);
16171 S0 = S0 ^ iv0;
16172 iv0 = HEAP[offset] | 0;
16173 S1 = S1 ^ iv1;
16174 iv1 = HEAP[offset | 1] | 0;
16175 S2 = S2 ^ iv2;
16176 iv2 = HEAP[offset | 2] | 0;
16177 S3 = S3 ^ iv3;
16178 iv3 = HEAP[offset | 3] | 0;
16179 S4 = S4 ^ iv4;
16180 iv4 = HEAP[offset | 4] | 0;
16181 S5 = S5 ^ iv5;
16182 iv5 = HEAP[offset | 5] | 0;
16183 S6 = S6 ^ iv6;
16184 iv6 = HEAP[offset | 6] | 0;
16185 S7 = S7 ^ iv7;
16186 iv7 = HEAP[offset | 7] | 0;
16187 S8 = S8 ^ iv8;
16188 iv8 = HEAP[offset | 8] | 0;
16189 S9 = S9 ^ iv9;
16190 iv9 = HEAP[offset | 9] | 0;
16191 SA = SA ^ ivA;
16192 ivA = HEAP[offset | 10] | 0;
16193 SB = SB ^ ivB;
16194 ivB = HEAP[offset | 11] | 0;
16195 SC = SC ^ ivC;
16196 ivC = HEAP[offset | 12] | 0;
16197 SD = SD ^ ivD;
16198 ivD = HEAP[offset | 13] | 0;
16199 SE = SE ^ ivE;
16200 ivE = HEAP[offset | 14] | 0;
16201 SF = SF ^ ivF;
16202 ivF = HEAP[offset | 15] | 0;
16203 HEAP[offset] = S0;
16204 HEAP[offset | 1] = S1;
16205 HEAP[offset | 2] = S2;
16206 HEAP[offset | 3] = S3;
16207 HEAP[offset | 4] = S4;
16208 HEAP[offset | 5] = S5;
16209 HEAP[offset | 6] = S6;
16210 HEAP[offset | 7] = S7;
16211 HEAP[offset | 8] = S8;
16212 HEAP[offset | 9] = S9;
16213 HEAP[offset | 10] = SA;
16214 HEAP[offset | 11] = SB;
16215 HEAP[offset | 12] = SC;
16216 HEAP[offset | 13] = SD;
16217 HEAP[offset | 14] = SE;
16218 HEAP[offset | 15] = SF;
16219 offset = offset + 16 | 0;
16220 length = length - 16 | 0;
16221 decrypted = decrypted + 16 | 0;
16222 }
16223 S0 = iv0;
16224 S1 = iv1;
16225 S2 = iv2;
16226 S3 = iv3;
16227 S4 = iv4;
16228 S5 = iv5;
16229 S6 = iv6;
16230 S7 = iv7;
16231 S8 = iv8;
16232 S9 = iv9;
16233 SA = ivA;
16234 SB = ivB;
16235 SC = ivC;
16236 SD = ivD;
16237 SE = ivE;
16238 SF = ivF;
16239 return decrypted | 0;
16240 }
16241 function cbc_mac(offset, length, output) {
16242 offset = offset | 0;
16243 length = length | 0;
16244 output = output | 0;
16245 if (offset & 15) return -1;
16246 if (~output) if (output & 31) return -1;
16247 while ((length | 0) >= 16) {
16248 _encrypt(S0 ^ HEAP[offset], S1 ^ HEAP[offset | 1], S2 ^ HEAP[offset | 2], S3 ^ HEAP[offset | 3], S4 ^ HEAP[offset | 4], S5 ^ HEAP[offset | 5], S6 ^ HEAP[offset | 6], S7 ^ HEAP[offset | 7], S8 ^ HEAP[offset | 8], S9 ^ HEAP[offset | 9], SA ^ HEAP[offset | 10], SB ^ HEAP[offset | 11], SC ^ HEAP[offset | 12], SD ^ HEAP[offset | 13], SE ^ HEAP[offset | 14], SF ^ HEAP[offset | 15]);
16249 offset = offset + 16 | 0;
16250 length = length - 16 | 0;
16251 }
16252 if ((length | 0) > 0) {
16253 S0 = S0 ^ HEAP[offset];
16254 if ((length | 0) > 1) S1 = S1 ^ HEAP[offset | 1];
16255 if ((length | 0) > 2) S2 = S2 ^ HEAP[offset | 2];
16256 if ((length | 0) > 3) S3 = S3 ^ HEAP[offset | 3];
16257 if ((length | 0) > 4) S4 = S4 ^ HEAP[offset | 4];
16258 if ((length | 0) > 5) S5 = S5 ^ HEAP[offset | 5];
16259 if ((length | 0) > 6) S6 = S6 ^ HEAP[offset | 6];
16260 if ((length | 0) > 7) S7 = S7 ^ HEAP[offset | 7];
16261 if ((length | 0) > 8) S8 = S8 ^ HEAP[offset | 8];
16262 if ((length | 0) > 9) S9 = S9 ^ HEAP[offset | 9];
16263 if ((length | 0) > 10) SA = SA ^ HEAP[offset | 10];
16264 if ((length | 0) > 11) SB = SB ^ HEAP[offset | 11];
16265 if ((length | 0) > 12) SC = SC ^ HEAP[offset | 12];
16266 if ((length | 0) > 13) SD = SD ^ HEAP[offset | 13];
16267 if ((length | 0) > 14) SE = SE ^ HEAP[offset | 14];
16268 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
16269 offset = offset + length | 0;
16270 length = 0;
16271 }
16272 if (~output) {
16273 HEAP[output | 0] = S0;
16274 HEAP[output | 1] = S1;
16275 HEAP[output | 2] = S2;
16276 HEAP[output | 3] = S3;
16277 HEAP[output | 4] = S4;
16278 HEAP[output | 5] = S5;
16279 HEAP[output | 6] = S6;
16280 HEAP[output | 7] = S7;
16281 HEAP[output | 8] = S8;
16282 HEAP[output | 9] = S9;
16283 HEAP[output | 10] = SA;
16284 HEAP[output | 11] = SB;
16285 HEAP[output | 12] = SC;
16286 HEAP[output | 13] = SD;
16287 HEAP[output | 14] = SE;
16288 HEAP[output | 15] = SF;
16289 }
16290 return 0;
16291 }
16292 function ccm_encrypt(offset, length, nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8, nonce9, nonceA, nonceB, nonceC, nonceD, counter0, counter1) {
16293 offset = offset | 0;
16294 length = length | 0;
16295 nonce0 = nonce0 | 0;
16296 nonce1 = nonce1 | 0;
16297 nonce2 = nonce2 | 0;
16298 nonce3 = nonce3 | 0;
16299 nonce4 = nonce4 | 0;
16300 nonce5 = nonce5 | 0;
16301 nonce6 = nonce6 | 0;
16302 nonce7 = nonce7 | 0;
16303 nonce8 = nonce8 | 0;
16304 nonce9 = nonce9 | 0;
16305 nonceA = nonceA | 0;
16306 nonceB = nonceB | 0;
16307 nonceC = nonceC | 0;
16308 nonceD = nonceD | 0;
16309 counter0 = counter0 | 0;
16310 counter1 = counter1 | 0;
16311 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0, sA = 0, sB = 0, sC = 0, sD = 0, sE = 0, sF = 0, encrypted = 0;
16312 if (offset & 15) return -1;
16313 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
16314 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
16315 while ((length | 0) >= 16) {
16316 s0 = HEAP[offset] | 0;
16317 s1 = HEAP[offset | 1] | 0;
16318 s2 = HEAP[offset | 2] | 0;
16319 s3 = HEAP[offset | 3] | 0;
16320 s4 = HEAP[offset | 4] | 0;
16321 s5 = HEAP[offset | 5] | 0;
16322 s6 = HEAP[offset | 6] | 0;
16323 s7 = HEAP[offset | 7] | 0;
16324 s8 = HEAP[offset | 8] | 0;
16325 s9 = HEAP[offset | 9] | 0;
16326 sA = HEAP[offset | 10] | 0;
16327 sB = HEAP[offset | 11] | 0;
16328 sC = HEAP[offset | 12] | 0;
16329 sD = HEAP[offset | 13] | 0;
16330 sE = HEAP[offset | 14] | 0;
16331 sF = HEAP[offset | 15] | 0;
16332 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
16333 HEAP[offset] = s0 ^ S0;
16334 HEAP[offset | 1] = s1 ^ S1;
16335 HEAP[offset | 2] = s2 ^ S2;
16336 HEAP[offset | 3] = s3 ^ S3;
16337 HEAP[offset | 4] = s4 ^ S4;
16338 HEAP[offset | 5] = s5 ^ S5;
16339 HEAP[offset | 6] = s6 ^ S6;
16340 HEAP[offset | 7] = s7 ^ S7;
16341 HEAP[offset | 8] = s8 ^ S8;
16342 HEAP[offset | 9] = s9 ^ S9;
16343 HEAP[offset | 10] = sA ^ SA;
16344 HEAP[offset | 11] = sB ^ SB;
16345 HEAP[offset | 12] = sC ^ SC;
16346 HEAP[offset | 13] = sD ^ SD;
16347 HEAP[offset | 14] = sE ^ SE;
16348 HEAP[offset | 15] = sF ^ SF;
16349 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
16350 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
16351 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
16352 encrypted = encrypted + 16 | 0;
16353 offset = offset + 16 | 0;
16354 length = length - 16 | 0;
16355 counter1 = counter1 + 1 | 0;
16356 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
16357 }
16358 if ((length | 0) > 0) {
16359 s0 = HEAP[offset] | 0;
16360 s1 = (length | 0) > 1 ? HEAP[offset | 1] | 0 : 0;
16361 s2 = (length | 0) > 2 ? HEAP[offset | 2] | 0 : 0;
16362 s3 = (length | 0) > 3 ? HEAP[offset | 3] | 0 : 0;
16363 s4 = (length | 0) > 4 ? HEAP[offset | 4] | 0 : 0;
16364 s5 = (length | 0) > 5 ? HEAP[offset | 5] | 0 : 0;
16365 s6 = (length | 0) > 6 ? HEAP[offset | 6] | 0 : 0;
16366 s7 = (length | 0) > 7 ? HEAP[offset | 7] | 0 : 0;
16367 s8 = (length | 0) > 8 ? HEAP[offset | 8] | 0 : 0;
16368 s9 = (length | 0) > 9 ? HEAP[offset | 9] | 0 : 0;
16369 sA = (length | 0) > 10 ? HEAP[offset | 10] | 0 : 0;
16370 sB = (length | 0) > 11 ? HEAP[offset | 11] | 0 : 0;
16371 sC = (length | 0) > 12 ? HEAP[offset | 12] | 0 : 0;
16372 sD = (length | 0) > 13 ? HEAP[offset | 13] | 0 : 0;
16373 sE = (length | 0) > 14 ? HEAP[offset | 14] | 0 : 0;
16374 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
16375 HEAP[offset] = s0 ^ S0;
16376 if ((length | 0) > 1) HEAP[offset | 1] = s1 ^ S1;
16377 if ((length | 0) > 2) HEAP[offset | 2] = s2 ^ S2;
16378 if ((length | 0) > 3) HEAP[offset | 3] = s3 ^ S3;
16379 if ((length | 0) > 4) HEAP[offset | 4] = s4 ^ S4;
16380 if ((length | 0) > 5) HEAP[offset | 5] = s5 ^ S5;
16381 if ((length | 0) > 6) HEAP[offset | 6] = s6 ^ S6;
16382 if ((length | 0) > 7) HEAP[offset | 7] = s7 ^ S7;
16383 if ((length | 0) > 8) HEAP[offset | 8] = s8 ^ S8;
16384 if ((length | 0) > 9) HEAP[offset | 9] = s9 ^ S9;
16385 if ((length | 0) > 10) HEAP[offset | 10] = sA ^ SA;
16386 if ((length | 0) > 11) HEAP[offset | 11] = sB ^ SB;
16387 if ((length | 0) > 12) HEAP[offset | 12] = sC ^ SC;
16388 if ((length | 0) > 13) HEAP[offset | 13] = sD ^ SD;
16389 if ((length | 0) > 14) HEAP[offset | 14] = sE ^ SE;
16390 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, ivF);
16391 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
16392 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
16393 encrypted = encrypted + length | 0;
16394 offset = offset + length | 0;
16395 length = 0;
16396 counter1 = counter1 + 1 | 0;
16397 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
16398 }
16399 return encrypted | 0;
16400 }
16401 function ccm_decrypt(offset, length, nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8, nonce9, nonceA, nonceB, nonceC, nonceD, counter0, counter1) {
16402 offset = offset | 0;
16403 length = length | 0;
16404 nonce0 = nonce0 | 0;
16405 nonce1 = nonce1 | 0;
16406 nonce2 = nonce2 | 0;
16407 nonce3 = nonce3 | 0;
16408 nonce4 = nonce4 | 0;
16409 nonce5 = nonce5 | 0;
16410 nonce6 = nonce6 | 0;
16411 nonce7 = nonce7 | 0;
16412 nonce8 = nonce8 | 0;
16413 nonce9 = nonce9 | 0;
16414 nonceA = nonceA | 0;
16415 nonceB = nonceB | 0;
16416 nonceC = nonceC | 0;
16417 nonceD = nonceD | 0;
16418 counter0 = counter0 | 0;
16419 counter1 = counter1 | 0;
16420 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0, sA = 0, sB = 0, sC = 0, sD = 0, sE = 0, sF = 0, decrypted = 0;
16421 if (offset & 15) return -1;
16422 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
16423 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
16424 while ((length | 0) >= 16) {
16425 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
16426 HEAP[offset] = s0 = HEAP[offset] ^ S0;
16427 HEAP[offset | 1] = s1 = HEAP[offset | 1] ^ S1;
16428 HEAP[offset | 2] = s2 = HEAP[offset | 2] ^ S2;
16429 HEAP[offset | 3] = s3 = HEAP[offset | 3] ^ S3;
16430 HEAP[offset | 4] = s4 = HEAP[offset | 4] ^ S4;
16431 HEAP[offset | 5] = s5 = HEAP[offset | 5] ^ S5;
16432 HEAP[offset | 6] = s6 = HEAP[offset | 6] ^ S6;
16433 HEAP[offset | 7] = s7 = HEAP[offset | 7] ^ S7;
16434 HEAP[offset | 8] = s8 = HEAP[offset | 8] ^ S8;
16435 HEAP[offset | 9] = s9 = HEAP[offset | 9] ^ S9;
16436 HEAP[offset | 10] = sA = HEAP[offset | 10] ^ SA;
16437 HEAP[offset | 11] = sB = HEAP[offset | 11] ^ SB;
16438 HEAP[offset | 12] = sC = HEAP[offset | 12] ^ SC;
16439 HEAP[offset | 13] = sD = HEAP[offset | 13] ^ SD;
16440 HEAP[offset | 14] = sE = HEAP[offset | 14] ^ SE;
16441 HEAP[offset | 15] = sF = HEAP[offset | 15] ^ SF;
16442 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
16443 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
16444 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
16445 decrypted = decrypted + 16 | 0;
16446 offset = offset + 16 | 0;
16447 length = length - 16 | 0;
16448 counter1 = counter1 + 1 | 0;
16449 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
16450 }
16451 if ((length | 0) > 0) {
16452 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
16453 s0 = HEAP[offset] ^ S0;
16454 s1 = (length | 0) > 1 ? HEAP[offset | 1] ^ S1 : 0;
16455 s2 = (length | 0) > 2 ? HEAP[offset | 2] ^ S2 : 0;
16456 s3 = (length | 0) > 3 ? HEAP[offset | 3] ^ S3 : 0;
16457 s4 = (length | 0) > 4 ? HEAP[offset | 4] ^ S4 : 0;
16458 s5 = (length | 0) > 5 ? HEAP[offset | 5] ^ S5 : 0;
16459 s6 = (length | 0) > 6 ? HEAP[offset | 6] ^ S6 : 0;
16460 s7 = (length | 0) > 7 ? HEAP[offset | 7] ^ S7 : 0;
16461 s8 = (length | 0) > 8 ? HEAP[offset | 8] ^ S8 : 0;
16462 s9 = (length | 0) > 9 ? HEAP[offset | 9] ^ S9 : 0;
16463 sA = (length | 0) > 10 ? HEAP[offset | 10] ^ SA : 0;
16464 sB = (length | 0) > 11 ? HEAP[offset | 11] ^ SB : 0;
16465 sC = (length | 0) > 12 ? HEAP[offset | 12] ^ SC : 0;
16466 sD = (length | 0) > 13 ? HEAP[offset | 13] ^ SD : 0;
16467 sE = (length | 0) > 14 ? HEAP[offset | 14] ^ SE : 0;
16468 sF = (length | 0) > 15 ? HEAP[offset | 15] ^ SF : 0;
16469 HEAP[offset] = s0;
16470 if ((length | 0) > 1) HEAP[offset | 1] = s1;
16471 if ((length | 0) > 2) HEAP[offset | 2] = s2;
16472 if ((length | 0) > 3) HEAP[offset | 3] = s3;
16473 if ((length | 0) > 4) HEAP[offset | 4] = s4;
16474 if ((length | 0) > 5) HEAP[offset | 5] = s5;
16475 if ((length | 0) > 6) HEAP[offset | 6] = s6;
16476 if ((length | 0) > 7) HEAP[offset | 7] = s7;
16477 if ((length | 0) > 8) HEAP[offset | 8] = s8;
16478 if ((length | 0) > 9) HEAP[offset | 9] = s9;
16479 if ((length | 0) > 10) HEAP[offset | 10] = sA;
16480 if ((length | 0) > 11) HEAP[offset | 11] = sB;
16481 if ((length | 0) > 12) HEAP[offset | 12] = sC;
16482 if ((length | 0) > 13) HEAP[offset | 13] = sD;
16483 if ((length | 0) > 14) HEAP[offset | 14] = sE;
16484 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
16485 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
16486 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
16487 decrypted = decrypted + length | 0;
16488 offset = offset + length | 0;
16489 length = 0;
16490 counter1 = counter1 + 1 | 0;
16491 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
16492 }
16493 return decrypted | 0;
16494 }
16495 function cfb_encrypt(offset, length) {
16496 offset = offset | 0;
16497 length = length | 0;
16498 var encrypted = 0;
16499 if (offset & 15) return -1;
16500 while ((length | 0) >= 16) {
16501 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
16502 S0 = S0 ^ HEAP[offset];
16503 S1 = S1 ^ HEAP[offset | 1];
16504 S2 = S2 ^ HEAP[offset | 2];
16505 S3 = S3 ^ HEAP[offset | 3];
16506 S4 = S4 ^ HEAP[offset | 4];
16507 S5 = S5 ^ HEAP[offset | 5];
16508 S6 = S6 ^ HEAP[offset | 6];
16509 S7 = S7 ^ HEAP[offset | 7];
16510 S8 = S8 ^ HEAP[offset | 8];
16511 S9 = S9 ^ HEAP[offset | 9];
16512 SA = SA ^ HEAP[offset | 10];
16513 SB = SB ^ HEAP[offset | 11];
16514 SC = SC ^ HEAP[offset | 12];
16515 SD = SD ^ HEAP[offset | 13];
16516 SE = SE ^ HEAP[offset | 14];
16517 SF = SF ^ HEAP[offset | 15];
16518 HEAP[offset] = S0;
16519 HEAP[offset | 1] = S1;
16520 HEAP[offset | 2] = S2;
16521 HEAP[offset | 3] = S3;
16522 HEAP[offset | 4] = S4;
16523 HEAP[offset | 5] = S5;
16524 HEAP[offset | 6] = S6;
16525 HEAP[offset | 7] = S7;
16526 HEAP[offset | 8] = S8;
16527 HEAP[offset | 9] = S9;
16528 HEAP[offset | 10] = SA;
16529 HEAP[offset | 11] = SB;
16530 HEAP[offset | 12] = SC;
16531 HEAP[offset | 13] = SD;
16532 HEAP[offset | 14] = SE;
16533 HEAP[offset | 15] = SF;
16534 offset = offset + 16 | 0;
16535 length = length - 16 | 0;
16536 encrypted = encrypted + 16 | 0;
16537 }
16538 if ((length | 0) > 0) {
16539 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
16540 HEAP[offset] = HEAP[offset] ^ S0;
16541 if ((length | 0) > 1) HEAP[offset | 1] = HEAP[offset | 1] ^ S1;
16542 if ((length | 0) > 2) HEAP[offset | 2] = HEAP[offset | 2] ^ S2;
16543 if ((length | 0) > 3) HEAP[offset | 3] = HEAP[offset | 3] ^ S3;
16544 if ((length | 0) > 4) HEAP[offset | 4] = HEAP[offset | 4] ^ S4;
16545 if ((length | 0) > 5) HEAP[offset | 5] = HEAP[offset | 5] ^ S5;
16546 if ((length | 0) > 6) HEAP[offset | 6] = HEAP[offset | 6] ^ S6;
16547 if ((length | 0) > 7) HEAP[offset | 7] = HEAP[offset | 7] ^ S7;
16548 if ((length | 0) > 8) HEAP[offset | 8] = HEAP[offset | 8] ^ S8;
16549 if ((length | 0) > 9) HEAP[offset | 9] = HEAP[offset | 9] ^ S9;
16550 if ((length | 0) > 10) HEAP[offset | 10] = HEAP[offset | 10] ^ SA;
16551 if ((length | 0) > 11) HEAP[offset | 11] = HEAP[offset | 11] ^ SB;
16552 if ((length | 0) > 12) HEAP[offset | 12] = HEAP[offset | 12] ^ SC;
16553 if ((length | 0) > 13) HEAP[offset | 13] = HEAP[offset | 13] ^ SD;
16554 if ((length | 0) > 14) HEAP[offset | 14] = HEAP[offset | 14] ^ SE;
16555 encrypted = encrypted + length | 0;
16556 offset = offset + length | 0;
16557 length = 0;
16558 }
16559 return encrypted | 0;
16560 }
16561 function cfb_decrypt(offset, length) {
16562 offset = offset | 0;
16563 length = length | 0;
16564 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, decrypted = 0;
16565 if (offset & 15) return -1;
16566 while ((length | 0) >= 16) {
16567 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
16568 iv0 = HEAP[offset] | 0;
16569 iv1 = HEAP[offset | 1] | 0;
16570 iv2 = HEAP[offset | 2] | 0;
16571 iv3 = HEAP[offset | 3] | 0;
16572 iv4 = HEAP[offset | 4] | 0;
16573 iv5 = HEAP[offset | 5] | 0;
16574 iv6 = HEAP[offset | 6] | 0;
16575 iv7 = HEAP[offset | 7] | 0;
16576 iv8 = HEAP[offset | 8] | 0;
16577 iv9 = HEAP[offset | 9] | 0;
16578 ivA = HEAP[offset | 10] | 0;
16579 ivB = HEAP[offset | 11] | 0;
16580 ivC = HEAP[offset | 12] | 0;
16581 ivD = HEAP[offset | 13] | 0;
16582 ivE = HEAP[offset | 14] | 0;
16583 ivF = HEAP[offset | 15] | 0;
16584 HEAP[offset] = S0 ^ iv0;
16585 HEAP[offset | 1] = S1 ^ iv1;
16586 HEAP[offset | 2] = S2 ^ iv2;
16587 HEAP[offset | 3] = S3 ^ iv3;
16588 HEAP[offset | 4] = S4 ^ iv4;
16589 HEAP[offset | 5] = S5 ^ iv5;
16590 HEAP[offset | 6] = S6 ^ iv6;
16591 HEAP[offset | 7] = S7 ^ iv7;
16592 HEAP[offset | 8] = S8 ^ iv8;
16593 HEAP[offset | 9] = S9 ^ iv9;
16594 HEAP[offset | 10] = SA ^ ivA;
16595 HEAP[offset | 11] = SB ^ ivB;
16596 HEAP[offset | 12] = SC ^ ivC;
16597 HEAP[offset | 13] = SD ^ ivD;
16598 HEAP[offset | 14] = SE ^ ivE;
16599 HEAP[offset | 15] = SF ^ ivF;
16600 S0 = iv0;
16601 S1 = iv1;
16602 S2 = iv2;
16603 S3 = iv3;
16604 S4 = iv4;
16605 S5 = iv5;
16606 S6 = iv6;
16607 S7 = iv7;
16608 S8 = iv8;
16609 S9 = iv9;
16610 SA = ivA;
16611 SB = ivB;
16612 SC = ivC;
16613 SD = ivD;
16614 SE = ivE;
16615 SF = ivF;
16616 offset = offset + 16 | 0;
16617 length = length - 16 | 0;
16618 decrypted = decrypted + 16 | 0;
16619 }
16620 if ((length | 0) > 0) {
16621 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
16622 HEAP[offset] = HEAP[offset] ^ S0;
16623 if ((length | 0) > 1) HEAP[offset | 1] = HEAP[offset | 1] ^ S1;
16624 if ((length | 0) > 2) HEAP[offset | 2] = HEAP[offset | 2] ^ S2;
16625 if ((length | 0) > 3) HEAP[offset | 3] = HEAP[offset | 3] ^ S3;
16626 if ((length | 0) > 4) HEAP[offset | 4] = HEAP[offset | 4] ^ S4;
16627 if ((length | 0) > 5) HEAP[offset | 5] = HEAP[offset | 5] ^ S5;
16628 if ((length | 0) > 6) HEAP[offset | 6] = HEAP[offset | 6] ^ S6;
16629 if ((length | 0) > 7) HEAP[offset | 7] = HEAP[offset | 7] ^ S7;
16630 if ((length | 0) > 8) HEAP[offset | 8] = HEAP[offset | 8] ^ S8;
16631 if ((length | 0) > 9) HEAP[offset | 9] = HEAP[offset | 9] ^ S9;
16632 if ((length | 0) > 10) HEAP[offset | 10] = HEAP[offset | 10] ^ SA;
16633 if ((length | 0) > 11) HEAP[offset | 11] = HEAP[offset | 11] ^ SB;
16634 if ((length | 0) > 12) HEAP[offset | 12] = HEAP[offset | 12] ^ SC;
16635 if ((length | 0) > 13) HEAP[offset | 13] = HEAP[offset | 13] ^ SD;
16636 if ((length | 0) > 14) HEAP[offset | 14] = HEAP[offset | 14] ^ SE;
16637 decrypted = decrypted + length | 0;
16638 offset = offset + length | 0;
16639 length = 0;
16640 }
16641 return decrypted | 0;
16642 }
16643 return {
16644 init_state: init_state,
16645 save_state: save_state,
16646 init_key_128: init_key_128,
16647 init_key_256: init_key_256,
16648 cbc_encrypt: cbc_encrypt,
16649 cbc_decrypt: cbc_decrypt,
16650 cbc_mac: cbc_mac,
16651 ccm_encrypt: ccm_encrypt,
16652 ccm_decrypt: ccm_decrypt,
16653 cfb_encrypt: cfb_encrypt,
16654 cfb_decrypt: cfb_decrypt
16655 };
16656 }
16657 function aes_asm(stdlib, foreign, buffer) {
16658 var heap = new Uint8Array(buffer);
16659 heap.set(_aes_tables);
16660 return _aes_asm(stdlib, foreign, buffer);
16661 }
16662 var _aes_block_size = 16;
16663 function _aes_constructor(options) {
16664 options = options || {};
16665 options.heapSize = options.heapSize || 4096;
16666 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
16667 this.BLOCK_SIZE = _aes_block_size;
16668 this.heap = options.heap || new Uint8Array(options.heapSize);
16669 this.asm = options.asm || aes_asm(global, null, this.heap.buffer);
16670 this.pos = _aes_heap_start;
16671 this.len = 0;
16672 this.key = null;
16673 this.result = null;
16674 this.reset(options);
16675 }
16676 function _aes_reset(options) {
16677 options = options || {};
16678 this.result = null;
16679 this.pos = _aes_heap_start;
16680 this.len = 0;
16681 var asm = this.asm;
16682 var key = options.key;
16683 if (key !== undefined) {
16684 if (is_buffer(key) || is_bytes(key)) {
16685 key = new Uint8Array(key);
16686 } else if (is_string(key)) {
16687 var str = key;
16688 key = new Uint8Array(str.length);
16689 for (var i = 0; i < str.length; ++i) key[i] = str.charCodeAt(i);
16690 } else {
16691 throw new TypeError("unexpected key type");
16692 }
16693 if (key.length === 16) {
16694 this.key = key;
16695 asm.init_key_128.call(asm, key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], key[8], key[9], key[10], key[11], key[12], key[13], key[14], key[15]);
16696 } else if (key.length === 24) {
16697 throw new IllegalArgumentError("illegal key size");
16698 } else if (key.length === 32) {
16699 this.key = key;
16700 asm.init_key_256.call(asm, key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], key[8], key[9], key[10], key[11], key[12], key[13], key[14], key[15], key[16], key[17], key[18], key[19], key[20], key[21], key[22], key[23], key[24], key[25], key[26], key[27], key[28], key[29], key[30], key[31]);
16701 } else {
16702 throw new IllegalArgumentError("illegal key size");
16703 }
16704 }
16705 return this;
16706 }
16707 function _aes_init_iv(iv) {
16708 var asm = this.asm;
16709 if (iv !== undefined) {
16710 if (is_buffer(iv) || is_bytes(iv)) {
16711 iv = new Uint8Array(iv);
16712 } else if (is_string(iv)) {
16713 var str = iv;
16714 iv = new Uint8Array(str.length);
16715 for (var i = 0; i < str.length; ++i) iv[i] = str.charCodeAt(i);
16716 } else {
16717 throw new TypeError("unexpected iv type");
16718 }
16719 if (iv.length !== _aes_block_size) throw new IllegalArgumentError("illegal iv size");
16720 this.iv = iv;
16721 asm.init_state.call(asm, iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7], iv[8], iv[9], iv[10], iv[11], iv[12], iv[13], iv[14], iv[15]);
16722 } else {
16723 this.iv = null;
16724 asm.init_state.call(asm, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
16725 }
16726 }
16727 function _aes_heap_write(heap, hpos, data, dpos, dlen) {
16728 var hlen = heap.byteLength - hpos, wlen = hlen < dlen ? hlen : dlen;
16729 if (is_buffer(data) || is_bytes(data)) {
16730 heap.set(new Uint8Array(data.buffer || data, dpos, wlen), hpos);
16731 } else if (is_string(data)) {
16732 for (var i = 0; i < wlen; ++i) heap[hpos + i] = data.charCodeAt(dpos + i);
16733 } else {
16734 throw new TypeError("unexpected data type");
16735 }
16736 return wlen;
16737 }
16738 function cbc_aes_constructor(options) {
16739 this.padding = true;
16740 this.mode = "cbc";
16741 this.iv = null;
16742 _aes_constructor.call(this, options);
16743 }
16744 function cbc_aes_encrypt_constructor(options) {
16745 cbc_aes_constructor.call(this, options);
16746 }
16747 function cbc_aes_decrypt_constructor(options) {
16748 cbc_aes_constructor.call(this, options);
16749 }
16750 function cbc_aes_reset(options) {
16751 options = options || {};
16752 _aes_reset.call(this, options);
16753 var padding = options.padding;
16754 if (padding !== undefined) {
16755 this.padding = !!padding;
16756 } else {
16757 this.padding = true;
16758 }
16759 _aes_init_iv.call(this, options.iv);
16760 return this;
16761 }
16762 function cbc_aes_encrypt_process(data) {
16763 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
16764 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
16765 var result = new Uint8Array(rlen);
16766 while (dlen > 0) {
16767 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
16768 len += wlen;
16769 dpos += wlen;
16770 dlen -= wlen;
16771 wlen = asm.cbc_encrypt(pos, len);
16772 result.set(heap.subarray(pos, pos + wlen), rpos);
16773 rpos += wlen;
16774 if (wlen < len) {
16775 pos += wlen;
16776 len -= wlen;
16777 } else {
16778 pos = _aes_heap_start;
16779 len = 0;
16780 }
16781 }
16782 this.result = result;
16783 this.pos = pos;
16784 this.len = len;
16785 return this;
16786 }
16787 function cbc_aes_encrypt_finish() {
16788 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
16789 var asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len, rlen = _aes_block_size * Math.ceil(len / _aes_block_size);
16790 if (len % _aes_block_size === 0) {
16791 if (padding) rlen += _aes_block_size;
16792 } else if (!padding) {
16793 throw new IllegalArgumentError("data length must be a multiple of " + _aes_block_size);
16794 }
16795 var result = new Uint8Array(rlen);
16796 if (len < rlen) {
16797 var plen = _aes_block_size - len % _aes_block_size;
16798 for (var p = 0; p < plen; ++p) heap[pos + len + p] = plen;
16799 len += plen;
16800 }
16801 asm.cbc_encrypt(pos, len);
16802 result.set(heap.subarray(pos, pos + len));
16803 this.result = result;
16804 this.pos = _aes_heap_start;
16805 this.len = 0;
16806 return this;
16807 }
16808 function cbc_aes_encrypt(data) {
16809 var result1 = cbc_aes_encrypt_process.call(this, data).result, result2 = cbc_aes_encrypt_finish.call(this).result, result;
16810 result = new Uint8Array(result1.length + result2.length);
16811 result.set(result1);
16812 result.set(result2, result1.length);
16813 this.result = result;
16814 return this;
16815 }
16816 function cbc_aes_decrypt_process(data) {
16817 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
16818 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
16819 var result = new Uint8Array(rlen);
16820 while (dlen > 0) {
16821 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
16822 len += wlen;
16823 dpos += wlen;
16824 dlen -= wlen;
16825 wlen = asm.cbc_decrypt(pos, len - (padding && dlen === 0 && len % _aes_block_size === 0 ? _aes_block_size : 0));
16826 result.set(heap.subarray(pos, pos + wlen), rpos);
16827 rpos += wlen;
16828 if (wlen < len) {
16829 pos += wlen;
16830 len -= wlen;
16831 } else {
16832 pos = _aes_heap_start;
16833 len = 0;
16834 }
16835 }
16836 this.result = result.subarray(0, rpos);
16837 this.pos = pos;
16838 this.len = len;
16839 return this;
16840 }
16841 function cbc_aes_decrypt_finish() {
16842 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
16843 var asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len;
16844 if (len === 0) {
16845 if (!padding) {
16846 this.result = new Uint8Array(0);
16847 this.pos = _aes_heap_start;
16848 this.len = 0;
16849 return this;
16850 } else {
16851 throw new IllegalStateError("padding not found");
16852 }
16853 }
16854 if (len % _aes_block_size !== 0) throw new IllegalArgumentError("data length must be a multiple of " + _aes_block_size);
16855 var result = new Uint8Array(len);
16856 asm.cbc_decrypt(pos, len);
16857 result.set(heap.subarray(pos, pos + len));
16858 if (padding) {
16859 var pad = result[len - 1];
16860 result = result.subarray(0, len - pad);
16861 }
16862 this.result = result;
16863 this.pos = _aes_heap_start;
16864 this.len = 0;
16865 return this;
16866 }
16867 function cbc_aes_decrypt(data) {
16868 var result1 = cbc_aes_decrypt_process.call(this, data).result, result2 = cbc_aes_decrypt_finish.call(this).result, result;
16869 result = new Uint8Array(result1.length + result2.length);
16870 result.set(result1);
16871 result.set(result2, result1.length);
16872 this.result = result;
16873 return this;
16874 }
16875 var cbc_aes_encrypt_prototype = cbc_aes_encrypt_constructor.prototype;
16876 cbc_aes_encrypt_prototype.reset = cbc_aes_reset;
16877 cbc_aes_encrypt_prototype.process = cbc_aes_encrypt_process;
16878 cbc_aes_encrypt_prototype.finish = cbc_aes_encrypt_finish;
16879 var cbc_aes_decrypt_prototype = cbc_aes_decrypt_constructor.prototype;
16880 cbc_aes_decrypt_prototype.reset = cbc_aes_reset;
16881 cbc_aes_decrypt_prototype.process = cbc_aes_decrypt_process;
16882 cbc_aes_decrypt_prototype.finish = cbc_aes_decrypt_finish;
16883 var cbc_aes_prototype = cbc_aes_constructor.prototype;
16884 cbc_aes_prototype.reset = cbc_aes_reset;
16885 cbc_aes_prototype.encrypt = cbc_aes_encrypt;
16886 cbc_aes_prototype.decrypt = cbc_aes_decrypt;
16887 function _cbc_mac_process(data) {
16888 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, wlen = 0;
16889 while (dlen > 0) {
16890 wlen = _aes_heap_write(this.heap, _aes_heap_start, data, dpos, dlen);
16891 this.asm.cbc_mac(_aes_heap_start, wlen, -1);
16892 dpos += wlen;
16893 dlen -= wlen;
16894 }
16895 }
16896 var _ccm_adata_maxLength = 65279, _ccm_data_maxLength = 68719476720;
16897 function ccm_aes_constructor(options) {
16898 this.padding = false;
16899 this.mode = "ccm";
16900 this.tagSize = _aes_block_size;
16901 this.lengthSize = 4;
16902 this.nonce = null;
16903 this.adata = null;
16904 this.iv = null;
16905 this.dataLength = -1;
16906 this.dataLeft = -1;
16907 this.counter = 1;
16908 _aes_constructor.call(this, options);
16909 }
16910 function ccm_aes_encrypt_constructor(options) {
16911 ccm_aes_constructor.call(this, options);
16912 }
16913 function ccm_aes_decrypt_constructor(options) {
16914 ccm_aes_constructor.call(this, options);
16915 }
16916 function _ccm_calculate_iv() {
16917 var nonce = this.nonce, adata = this.adata, tagSize = this.tagSize, lengthSize = this.lengthSize, dataLength = this.dataLength;
16918 var data = new Uint8Array(_aes_block_size + (adata ? 2 + adata.byteLength : 0));
16919 data[0] = (adata ? 64 : 0) | tagSize - 2 << 2 | lengthSize - 1;
16920 data.set(nonce, 1);
16921 if (lengthSize > 4) data[11] = (dataLength - (dataLength >>> 0)) / 4294967296 & 15;
16922 if (lengthSize > 3) data[12] = dataLength >>> 24;
16923 if (lengthSize > 2) data[13] = dataLength >>> 16 & 255;
16924 data[14] = dataLength >>> 8 & 255;
16925 data[15] = dataLength & 255;
16926 if (adata) {
16927 data[16] = adata.byteLength >>> 8 & 255;
16928 data[17] = adata.byteLength & 255;
16929 data.set(adata, 18);
16930 }
16931 _cbc_mac_process.call(this, data);
16932 this.asm.save_state(_aes_heap_start);
16933 this.iv = new Uint8Array(this.heap.subarray(_aes_heap_start, _aes_heap_start + _aes_block_size));
16934 }
16935 function ccm_aes_reset(options) {
16936 options = options || {};
16937 _aes_reset.call(this, options);
16938 _aes_init_iv.call(this, options.iv);
16939 var tagSize = options.tagSize;
16940 if (tagSize !== undefined) {
16941 if (!is_number(tagSize)) throw new TypeError("tagSize must be a number");
16942 if (tagSize < 4 || tagSize > 16 || tagSize & 1) throw new IllegalArgumentError("illegal tagSize value");
16943 this.tagSize = tagSize;
16944 } else {
16945 this.tagSize = _aes_block_size;
16946 }
16947 var lengthSize = options.lengthSize, nonce = options.nonce;
16948 if (nonce !== undefined) {
16949 if (is_buffer(nonce) || is_bytes(nonce)) {
16950 nonce = new Uint8Array(nonce);
16951 } else if (is_string(nonce)) {
16952 var str = nonce;
16953 nonce = new Uint8Array(str.length);
16954 for (var i = 0; i < str.length; ++i) nonce[i] = str.charCodeAt(i);
16955 } else {
16956 throw new TypeError("unexpected nonce type");
16957 }
16958 if (nonce.length < 10 || nonce.length > 13) throw new IllegalArgumentError("illegal nonce length");
16959 lengthSize = lengthSize || 15 - nonce.length;
16960 this.nonce = nonce;
16961 } else {
16962 this.nonce = null;
16963 }
16964 if (lengthSize !== undefined) {
16965 if (!is_number(lengthSize)) throw new TypeError("lengthSize must be a number");
16966 if (lengthSize < 2 || lengthSize > 5 || nonce.length + lengthSize !== 15) throw new IllegalArgumentError("illegal lengthSize value");
16967 this.lengthSize = lengthSize;
16968 } else {
16969 this.lengthSize = lengthSize = 4;
16970 }
16971 var iv = this.iv;
16972 var counter = options.counter;
16973 if (counter !== undefined) {
16974 if (iv === null) throw new IllegalStateError("iv is also required");
16975 if (!is_number(counter)) throw new TypeError("counter must be a number");
16976 this.counter = counter;
16977 } else {
16978 this.counter = 1;
16979 }
16980 var dataLength = options.dataLength;
16981 if (dataLength !== undefined) {
16982 if (!is_number(dataLength)) throw new TypeError("dataLength must be a number");
16983 if (dataLength < 0 || dataLength > _ccm_data_maxLength || dataLength > Math.pow(2, 8 * lengthSize) - 1) throw new IllegalArgumentError("illegal dataLength value");
16984 this.dataLength = dataLength;
16985 var dataLeft = options.dataLeft || dataLength;
16986 if (!is_number(dataLeft)) throw new TypeError("dataLeft must be a number");
16987 if (dataLeft < 0 || dataLeft > dataLength) throw new IllegalArgumentError("illegal dataLeft value");
16988 this.dataLeft = dataLeft;
16989 } else {
16990 this.dataLength = dataLength = -1;
16991 this.dataLeft = dataLength;
16992 }
16993 var adata = options.adata;
16994 if (adata !== undefined) {
16995 if (iv !== null) throw new IllegalStateError("you must specify either adata or iv, not both");
16996 if (is_buffer(adata) || is_bytes(adata)) {
16997 adata = new Uint8Array(adata);
16998 } else if (is_string(adata)) {
16999 var str = adata;
17000 adata = new Uint8Array(str.length);
17001 for (var i = 0; i < str.length; ++i) adata[i] = str.charCodeAt(i);
17002 } else {
17003 throw new TypeError("unexpected adata type");
17004 }
17005 if (adata.byteLength === 0 || adata.byteLength > _ccm_adata_maxLength) throw new IllegalArgumentError("illegal adata length");
17006 this.adata = adata;
17007 this.counter = 1;
17008 } else {
17009 this.adata = adata = null;
17010 }
17011 if (dataLength !== -1) _ccm_calculate_iv.call(this);
17012 return this;
17013 }
17014 function ccm_aes_encrypt_process(data) {
17015 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17016 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
17017 if ((counter - 1 << 4) + len + dlen > _ccm_data_maxLength) throw new RangeError("counter overflow");
17018 var result = new Uint8Array(rlen);
17019 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
17020 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
17021 while (dlen > 0) {
17022 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
17023 len += wlen;
17024 dpos += wlen;
17025 dlen -= wlen;
17026 asm_args[0] = pos;
17027 asm_args[1] = len & ~15;
17028 asm_args[16] = counter / 4294967296 >>> 0;
17029 asm_args[17] = counter >>> 0;
17030 wlen = asm.ccm_encrypt.apply(asm, asm_args);
17031 result.set(heap.subarray(pos, pos + wlen), rpos);
17032 counter += wlen >>> 4;
17033 rpos += wlen;
17034 if (wlen < len) {
17035 pos += wlen;
17036 len -= wlen;
17037 } else {
17038 pos = _aes_heap_start;
17039 len = 0;
17040 }
17041 }
17042 this.result = result;
17043 this.counter = counter;
17044 this.pos = pos;
17045 this.len = len;
17046 return this;
17047 }
17048 function ccm_aes_encrypt_finish() {
17049 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17050 var asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, wlen = 0;
17051 var result = new Uint8Array(len + tagSize);
17052 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
17053 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
17054 asm_args[0] = pos;
17055 asm_args[1] = len;
17056 asm_args[16] = counter / 4294967296 >>> 0;
17057 asm_args[17] = counter >>> 0;
17058 wlen = asm.ccm_encrypt.apply(asm, asm_args);
17059 result.set(heap.subarray(pos, pos + wlen));
17060 counter = 1;
17061 pos = _aes_heap_start;
17062 len = 0;
17063 asm.save_state(_aes_heap_start);
17064 asm_args[0] = _aes_heap_start, asm_args[1] = _aes_block_size, asm_args[16] = 0;
17065 asm_args[17] = 0;
17066 asm.ccm_encrypt.apply(asm, asm_args);
17067 result.set(heap.subarray(_aes_heap_start, _aes_heap_start + tagSize), wlen);
17068 this.result = result;
17069 this.counter = counter;
17070 this.pos = pos;
17071 this.len = len;
17072 return this;
17073 }
17074 function ccm_aes_encrypt(data) {
17075 this.dataLength = this.dataLeft = data.byteLength || data.length || 0;
17076 var result1 = ccm_aes_encrypt_process.call(this, data).result, result2 = ccm_aes_encrypt_finish.call(this).result, result;
17077 result = new Uint8Array(result1.length + result2.length);
17078 result.set(result1);
17079 result.set(result2, result1.length);
17080 this.result = result;
17081 return this;
17082 }
17083 function ccm_aes_decrypt_process(data) {
17084 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17085 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
17086 if ((counter - 1 << 4) + len + dlen > _ccm_data_maxLength) throw new RangeError("counter overflow");
17087 var result = new Uint8Array(rlen);
17088 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
17089 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
17090 while (dlen > 0) {
17091 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
17092 len += wlen;
17093 dpos += wlen;
17094 dlen -= wlen;
17095 asm_args[0] = pos;
17096 asm_args[1] = len + dlen - tagSize >= _aes_block_size ? dlen >= tagSize ? len & ~15 : len + dlen - tagSize & ~15 : 0;
17097 asm_args[16] = counter / 4294967296 >>> 0;
17098 asm_args[17] = counter >>> 0;
17099 wlen = asm.ccm_decrypt.apply(asm, asm_args);
17100 result.set(heap.subarray(pos, pos + wlen), rpos);
17101 counter += wlen >>> 4;
17102 rpos += wlen;
17103 if (wlen < len) {
17104 pos += wlen;
17105 len -= wlen;
17106 } else {
17107 pos = _aes_heap_start;
17108 len = 0;
17109 }
17110 }
17111 this.result = result.subarray(0, rpos);
17112 this.counter = counter;
17113 this.pos = pos;
17114 this.len = len;
17115 return this;
17116 }
17117 function ccm_aes_decrypt_finish() {
17118 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17119 var asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, rlen = len - tagSize, wlen = 0;
17120 if (len < tagSize) throw new IllegalStateError("authentication tag not found");
17121 var result = new Uint8Array(rlen), atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));
17122 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
17123 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
17124 asm_args[0] = pos;
17125 asm_args[1] = rlen;
17126 asm_args[16] = counter / 4294967296 >>> 0;
17127 asm_args[17] = counter >>> 0;
17128 wlen = asm.ccm_decrypt.apply(asm, asm_args);
17129 result.set(heap.subarray(pos, pos + wlen));
17130 counter = 1;
17131 pos = _aes_heap_start;
17132 len = 0;
17133 asm.save_state(_aes_heap_start);
17134 asm_args[0] = _aes_heap_start, asm_args[1] = _aes_block_size, asm_args[16] = 0;
17135 asm_args[17] = 0;
17136 asm.ccm_encrypt.apply(asm, asm_args);
17137 var acheck = 0;
17138 for (var i = 0; i < tagSize; ++i) acheck |= atag[i] ^ heap[_aes_heap_start + i];
17139 if (acheck) throw new SecurityError("data integrity check failed");
17140 this.result = result;
17141 this.counter = counter;
17142 this.pos = pos;
17143 this.len = len;
17144 return this;
17145 }
17146 function ccm_aes_decrypt(data) {
17147 this.dataLength = this.dataLeft = data.byteLength || data.length || 0;
17148 var result1 = ccm_aes_decrypt_process.call(this, data).result, result2 = ccm_aes_decrypt_finish.call(this).result, result;
17149 result = new Uint8Array(result1.length + result2.length);
17150 result.set(result1);
17151 result.set(result2, result1.length);
17152 this.result = result;
17153 return this;
17154 }
17155 var ccm_aes_prototype = ccm_aes_constructor.prototype;
17156 ccm_aes_prototype.reset = ccm_aes_reset;
17157 ccm_aes_prototype.encrypt = ccm_aes_encrypt;
17158 ccm_aes_prototype.decrypt = ccm_aes_decrypt;
17159 var ccm_aes_encrypt_prototype = ccm_aes_encrypt_constructor.prototype;
17160 ccm_aes_encrypt_prototype.reset = ccm_aes_reset;
17161 ccm_aes_encrypt_prototype.process = ccm_aes_encrypt_process;
17162 ccm_aes_encrypt_prototype.finish = ccm_aes_encrypt_finish;
17163 var ccm_aes_decrypt_prototype = ccm_aes_decrypt_constructor.prototype;
17164 ccm_aes_decrypt_prototype.reset = ccm_aes_reset;
17165 ccm_aes_decrypt_prototype.process = ccm_aes_decrypt_process;
17166 ccm_aes_decrypt_prototype.finish = ccm_aes_decrypt_finish;
17167 function cfb_aes_constructor(options) {
17168 this.padding = false;
17169 this.mode = "cfb";
17170 this.iv = null;
17171 _aes_constructor.call(this, options);
17172 }
17173 function cfb_aes_encrypt_constructor(options) {
17174 cfb_aes_constructor.call(this, options);
17175 }
17176 function cfb_aes_decrypt_constructor(options) {
17177 cfb_aes_constructor.call(this, options);
17178 }
17179 function cfb_aes_reset(options) {
17180 options = options || {};
17181 _aes_reset.call(this, options);
17182 _aes_init_iv.call(this, options.iv);
17183 return this;
17184 }
17185 function cfb_aes_encrypt_process(data) {
17186 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17187 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
17188 var result = new Uint8Array(rlen);
17189 while (dlen > 0) {
17190 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
17191 len += wlen;
17192 dpos += wlen;
17193 dlen -= wlen;
17194 wlen = asm.cfb_encrypt(pos, _aes_block_size * Math.floor(len / _aes_block_size));
17195 result.set(heap.subarray(pos, pos + wlen), rpos);
17196 rpos += wlen;
17197 if (wlen < len) {
17198 pos += wlen;
17199 len -= wlen;
17200 } else {
17201 pos = _aes_heap_start;
17202 len = 0;
17203 }
17204 }
17205 this.result = result;
17206 this.pos = pos;
17207 this.len = len;
17208 return this;
17209 }
17210 function cfb_aes_encrypt_finish() {
17211 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17212 var asm = this.asm, heap = this.heap, pos = this.pos, len = this.len;
17213 var result = new Uint8Array(len);
17214 asm.cfb_encrypt(pos, len);
17215 result.set(heap.subarray(pos, pos + len));
17216 this.result = result;
17217 this.pos = _aes_heap_start;
17218 this.len = 0;
17219 return this;
17220 }
17221 function cfb_aes_encrypt(data) {
17222 var result1 = cfb_aes_encrypt_process.call(this, data).result, result2 = cfb_aes_encrypt_finish.call(this).result, result;
17223 result = new Uint8Array(result1.length + result2.length);
17224 result.set(result1);
17225 result.set(result2, result1.length);
17226 this.result = result;
17227 return this;
17228 }
17229 function cfb_aes_decrypt_process(data) {
17230 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17231 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
17232 var result = new Uint8Array(rlen);
17233 while (dlen > 0) {
17234 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
17235 len += wlen;
17236 dpos += wlen;
17237 dlen -= wlen;
17238 wlen = asm.cfb_decrypt(pos, _aes_block_size * Math.floor(len / _aes_block_size));
17239 result.set(heap.subarray(pos, pos + wlen), rpos);
17240 rpos += wlen;
17241 if (wlen < len) {
17242 pos += wlen;
17243 len -= wlen;
17244 } else {
17245 pos = _aes_heap_start;
17246 len = 0;
17247 }
17248 }
17249 this.result = result.subarray(0, rpos);
17250 this.pos = pos;
17251 this.len = len;
17252 return this;
17253 }
17254 function cfb_aes_decrypt_finish() {
17255 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
17256 var asm = this.asm, heap = this.heap, pos = this.pos, len = this.len;
17257 if (len === 0) {
17258 this.result = new Uint8Array(0);
17259 this.pos = _aes_heap_start;
17260 this.len = 0;
17261 return this;
17262 }
17263 var result = new Uint8Array(len);
17264 asm.cfb_decrypt(pos, len);
17265 result.set(heap.subarray(pos, pos + len));
17266 this.result = result;
17267 this.pos = _aes_heap_start;
17268 this.len = 0;
17269 return this;
17270 }
17271 function cfb_aes_decrypt(data) {
17272 var result1 = cfb_aes_decrypt_process.call(this, data).result, result2 = cfb_aes_decrypt_finish.call(this).result, result;
17273 result = new Uint8Array(result1.length + result2.length);
17274 result.set(result1);
17275 result.set(result2, result1.length);
17276 this.result = result;
17277 return this;
17278 }
17279 var cfb_aes_encrypt_prototype = cfb_aes_encrypt_constructor.prototype;
17280 cfb_aes_encrypt_prototype.reset = cfb_aes_reset;
17281 cfb_aes_encrypt_prototype.process = cfb_aes_encrypt_process;
17282 cfb_aes_encrypt_prototype.finish = cfb_aes_encrypt_finish;
17283 var cfb_aes_decrypt_prototype = cfb_aes_decrypt_constructor.prototype;
17284 cfb_aes_decrypt_prototype.reset = cfb_aes_reset;
17285 cfb_aes_decrypt_prototype.process = cfb_aes_decrypt_process;
17286 cfb_aes_decrypt_prototype.finish = cfb_aes_decrypt_finish;
17287 var cfb_aes_prototype = cfb_aes_constructor.prototype;
17288 cfb_aes_prototype.reset = cfb_aes_reset;
17289 cfb_aes_prototype.encrypt = cfb_aes_encrypt;
17290 cfb_aes_prototype.decrypt = cfb_aes_decrypt;
17291 function sha256_asm(stdlib, foreign, buffer) {
17292 // Closure Compiler warning - commented out
17293 //"use asm";
17294 var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, TOTAL = 0;
17295 var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;
17296 var HEAP = new stdlib.Uint8Array(buffer);
17297 function _core(w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15) {
17298 w0 = w0 | 0;
17299 w1 = w1 | 0;
17300 w2 = w2 | 0;
17301 w3 = w3 | 0;
17302 w4 = w4 | 0;
17303 w5 = w5 | 0;
17304 w6 = w6 | 0;
17305 w7 = w7 | 0;
17306 w8 = w8 | 0;
17307 w9 = w9 | 0;
17308 w10 = w10 | 0;
17309 w11 = w11 | 0;
17310 w12 = w12 | 0;
17311 w13 = w13 | 0;
17312 w14 = w14 | 0;
17313 w15 = w15 | 0;
17314 var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, t = 0;
17315 a = H0;
17316 b = H1;
17317 c = H2;
17318 d = H3;
17319 e = H4;
17320 f = H5;
17321 g = H6;
17322 h = H7;
17323 t = w0 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1116352408 | 0;
17324 h = g;
17325 g = f;
17326 f = e;
17327 e = d + t | 0;
17328 d = c;
17329 c = b;
17330 b = a;
17331 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17332 t = w1 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1899447441 | 0;
17333 h = g;
17334 g = f;
17335 f = e;
17336 e = d + t | 0;
17337 d = c;
17338 c = b;
17339 b = a;
17340 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17341 t = w2 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3049323471 | 0;
17342 h = g;
17343 g = f;
17344 f = e;
17345 e = d + t | 0;
17346 d = c;
17347 c = b;
17348 b = a;
17349 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17350 t = w3 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3921009573 | 0;
17351 h = g;
17352 g = f;
17353 f = e;
17354 e = d + t | 0;
17355 d = c;
17356 c = b;
17357 b = a;
17358 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17359 t = w4 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 961987163 | 0;
17360 h = g;
17361 g = f;
17362 f = e;
17363 e = d + t | 0;
17364 d = c;
17365 c = b;
17366 b = a;
17367 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17368 t = w5 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1508970993 | 0;
17369 h = g;
17370 g = f;
17371 f = e;
17372 e = d + t | 0;
17373 d = c;
17374 c = b;
17375 b = a;
17376 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17377 t = w6 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2453635748 | 0;
17378 h = g;
17379 g = f;
17380 f = e;
17381 e = d + t | 0;
17382 d = c;
17383 c = b;
17384 b = a;
17385 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17386 t = w7 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2870763221 | 0;
17387 h = g;
17388 g = f;
17389 f = e;
17390 e = d + t | 0;
17391 d = c;
17392 c = b;
17393 b = a;
17394 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17395 t = w8 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3624381080 | 0;
17396 h = g;
17397 g = f;
17398 f = e;
17399 e = d + t | 0;
17400 d = c;
17401 c = b;
17402 b = a;
17403 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17404 t = w9 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 310598401 | 0;
17405 h = g;
17406 g = f;
17407 f = e;
17408 e = d + t | 0;
17409 d = c;
17410 c = b;
17411 b = a;
17412 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17413 t = w10 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 607225278 | 0;
17414 h = g;
17415 g = f;
17416 f = e;
17417 e = d + t | 0;
17418 d = c;
17419 c = b;
17420 b = a;
17421 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17422 t = w11 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1426881987 | 0;
17423 h = g;
17424 g = f;
17425 f = e;
17426 e = d + t | 0;
17427 d = c;
17428 c = b;
17429 b = a;
17430 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17431 t = w12 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1925078388 | 0;
17432 h = g;
17433 g = f;
17434 f = e;
17435 e = d + t | 0;
17436 d = c;
17437 c = b;
17438 b = a;
17439 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17440 t = w13 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2162078206 | 0;
17441 h = g;
17442 g = f;
17443 f = e;
17444 e = d + t | 0;
17445 d = c;
17446 c = b;
17447 b = a;
17448 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17449 t = w14 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2614888103 | 0;
17450 h = g;
17451 g = f;
17452 f = e;
17453 e = d + t | 0;
17454 d = c;
17455 c = b;
17456 b = a;
17457 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17458 t = w15 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3248222580 | 0;
17459 h = g;
17460 g = f;
17461 f = e;
17462 e = d + t | 0;
17463 d = c;
17464 c = b;
17465 b = a;
17466 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17467 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
17468 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3835390401 | 0;
17469 h = g;
17470 g = f;
17471 f = e;
17472 e = d + t | 0;
17473 d = c;
17474 c = b;
17475 b = a;
17476 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17477 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
17478 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 4022224774 | 0;
17479 h = g;
17480 g = f;
17481 f = e;
17482 e = d + t | 0;
17483 d = c;
17484 c = b;
17485 b = a;
17486 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17487 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
17488 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 264347078 | 0;
17489 h = g;
17490 g = f;
17491 f = e;
17492 e = d + t | 0;
17493 d = c;
17494 c = b;
17495 b = a;
17496 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17497 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
17498 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 604807628 | 0;
17499 h = g;
17500 g = f;
17501 f = e;
17502 e = d + t | 0;
17503 d = c;
17504 c = b;
17505 b = a;
17506 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17507 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
17508 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 770255983 | 0;
17509 h = g;
17510 g = f;
17511 f = e;
17512 e = d + t | 0;
17513 d = c;
17514 c = b;
17515 b = a;
17516 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17517 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
17518 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1249150122 | 0;
17519 h = g;
17520 g = f;
17521 f = e;
17522 e = d + t | 0;
17523 d = c;
17524 c = b;
17525 b = a;
17526 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17527 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
17528 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1555081692 | 0;
17529 h = g;
17530 g = f;
17531 f = e;
17532 e = d + t | 0;
17533 d = c;
17534 c = b;
17535 b = a;
17536 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17537 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
17538 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1996064986 | 0;
17539 h = g;
17540 g = f;
17541 f = e;
17542 e = d + t | 0;
17543 d = c;
17544 c = b;
17545 b = a;
17546 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17547 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
17548 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2554220882 | 0;
17549 h = g;
17550 g = f;
17551 f = e;
17552 e = d + t | 0;
17553 d = c;
17554 c = b;
17555 b = a;
17556 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17557 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
17558 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2821834349 | 0;
17559 h = g;
17560 g = f;
17561 f = e;
17562 e = d + t | 0;
17563 d = c;
17564 c = b;
17565 b = a;
17566 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17567 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
17568 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2952996808 | 0;
17569 h = g;
17570 g = f;
17571 f = e;
17572 e = d + t | 0;
17573 d = c;
17574 c = b;
17575 b = a;
17576 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17577 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
17578 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3210313671 | 0;
17579 h = g;
17580 g = f;
17581 f = e;
17582 e = d + t | 0;
17583 d = c;
17584 c = b;
17585 b = a;
17586 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17587 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
17588 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3336571891 | 0;
17589 h = g;
17590 g = f;
17591 f = e;
17592 e = d + t | 0;
17593 d = c;
17594 c = b;
17595 b = a;
17596 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17597 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
17598 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3584528711 | 0;
17599 h = g;
17600 g = f;
17601 f = e;
17602 e = d + t | 0;
17603 d = c;
17604 c = b;
17605 b = a;
17606 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17607 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
17608 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 113926993 | 0;
17609 h = g;
17610 g = f;
17611 f = e;
17612 e = d + t | 0;
17613 d = c;
17614 c = b;
17615 b = a;
17616 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17617 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
17618 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 338241895 | 0;
17619 h = g;
17620 g = f;
17621 f = e;
17622 e = d + t | 0;
17623 d = c;
17624 c = b;
17625 b = a;
17626 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17627 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
17628 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 666307205 | 0;
17629 h = g;
17630 g = f;
17631 f = e;
17632 e = d + t | 0;
17633 d = c;
17634 c = b;
17635 b = a;
17636 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17637 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
17638 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 773529912 | 0;
17639 h = g;
17640 g = f;
17641 f = e;
17642 e = d + t | 0;
17643 d = c;
17644 c = b;
17645 b = a;
17646 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17647 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
17648 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1294757372 | 0;
17649 h = g;
17650 g = f;
17651 f = e;
17652 e = d + t | 0;
17653 d = c;
17654 c = b;
17655 b = a;
17656 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17657 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
17658 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1396182291 | 0;
17659 h = g;
17660 g = f;
17661 f = e;
17662 e = d + t | 0;
17663 d = c;
17664 c = b;
17665 b = a;
17666 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17667 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
17668 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1695183700 | 0;
17669 h = g;
17670 g = f;
17671 f = e;
17672 e = d + t | 0;
17673 d = c;
17674 c = b;
17675 b = a;
17676 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17677 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
17678 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1986661051 | 0;
17679 h = g;
17680 g = f;
17681 f = e;
17682 e = d + t | 0;
17683 d = c;
17684 c = b;
17685 b = a;
17686 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17687 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
17688 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2177026350 | 0;
17689 h = g;
17690 g = f;
17691 f = e;
17692 e = d + t | 0;
17693 d = c;
17694 c = b;
17695 b = a;
17696 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17697 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
17698 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2456956037 | 0;
17699 h = g;
17700 g = f;
17701 f = e;
17702 e = d + t | 0;
17703 d = c;
17704 c = b;
17705 b = a;
17706 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17707 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
17708 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2730485921 | 0;
17709 h = g;
17710 g = f;
17711 f = e;
17712 e = d + t | 0;
17713 d = c;
17714 c = b;
17715 b = a;
17716 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17717 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
17718 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2820302411 | 0;
17719 h = g;
17720 g = f;
17721 f = e;
17722 e = d + t | 0;
17723 d = c;
17724 c = b;
17725 b = a;
17726 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17727 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
17728 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3259730800 | 0;
17729 h = g;
17730 g = f;
17731 f = e;
17732 e = d + t | 0;
17733 d = c;
17734 c = b;
17735 b = a;
17736 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17737 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
17738 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3345764771 | 0;
17739 h = g;
17740 g = f;
17741 f = e;
17742 e = d + t | 0;
17743 d = c;
17744 c = b;
17745 b = a;
17746 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17747 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
17748 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3516065817 | 0;
17749 h = g;
17750 g = f;
17751 f = e;
17752 e = d + t | 0;
17753 d = c;
17754 c = b;
17755 b = a;
17756 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17757 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
17758 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3600352804 | 0;
17759 h = g;
17760 g = f;
17761 f = e;
17762 e = d + t | 0;
17763 d = c;
17764 c = b;
17765 b = a;
17766 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17767 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
17768 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 4094571909 | 0;
17769 h = g;
17770 g = f;
17771 f = e;
17772 e = d + t | 0;
17773 d = c;
17774 c = b;
17775 b = a;
17776 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17777 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
17778 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 275423344 | 0;
17779 h = g;
17780 g = f;
17781 f = e;
17782 e = d + t | 0;
17783 d = c;
17784 c = b;
17785 b = a;
17786 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17787 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
17788 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 430227734 | 0;
17789 h = g;
17790 g = f;
17791 f = e;
17792 e = d + t | 0;
17793 d = c;
17794 c = b;
17795 b = a;
17796 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17797 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
17798 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 506948616 | 0;
17799 h = g;
17800 g = f;
17801 f = e;
17802 e = d + t | 0;
17803 d = c;
17804 c = b;
17805 b = a;
17806 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17807 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
17808 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 659060556 | 0;
17809 h = g;
17810 g = f;
17811 f = e;
17812 e = d + t | 0;
17813 d = c;
17814 c = b;
17815 b = a;
17816 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17817 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
17818 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 883997877 | 0;
17819 h = g;
17820 g = f;
17821 f = e;
17822 e = d + t | 0;
17823 d = c;
17824 c = b;
17825 b = a;
17826 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17827 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
17828 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 958139571 | 0;
17829 h = g;
17830 g = f;
17831 f = e;
17832 e = d + t | 0;
17833 d = c;
17834 c = b;
17835 b = a;
17836 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17837 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
17838 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1322822218 | 0;
17839 h = g;
17840 g = f;
17841 f = e;
17842 e = d + t | 0;
17843 d = c;
17844 c = b;
17845 b = a;
17846 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17847 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
17848 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1537002063 | 0;
17849 h = g;
17850 g = f;
17851 f = e;
17852 e = d + t | 0;
17853 d = c;
17854 c = b;
17855 b = a;
17856 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17857 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
17858 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1747873779 | 0;
17859 h = g;
17860 g = f;
17861 f = e;
17862 e = d + t | 0;
17863 d = c;
17864 c = b;
17865 b = a;
17866 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17867 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
17868 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1955562222 | 0;
17869 h = g;
17870 g = f;
17871 f = e;
17872 e = d + t | 0;
17873 d = c;
17874 c = b;
17875 b = a;
17876 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17877 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
17878 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2024104815 | 0;
17879 h = g;
17880 g = f;
17881 f = e;
17882 e = d + t | 0;
17883 d = c;
17884 c = b;
17885 b = a;
17886 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17887 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
17888 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2227730452 | 0;
17889 h = g;
17890 g = f;
17891 f = e;
17892 e = d + t | 0;
17893 d = c;
17894 c = b;
17895 b = a;
17896 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17897 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
17898 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2361852424 | 0;
17899 h = g;
17900 g = f;
17901 f = e;
17902 e = d + t | 0;
17903 d = c;
17904 c = b;
17905 b = a;
17906 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17907 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
17908 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2428436474 | 0;
17909 h = g;
17910 g = f;
17911 f = e;
17912 e = d + t | 0;
17913 d = c;
17914 c = b;
17915 b = a;
17916 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17917 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
17918 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2756734187 | 0;
17919 h = g;
17920 g = f;
17921 f = e;
17922 e = d + t | 0;
17923 d = c;
17924 c = b;
17925 b = a;
17926 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17927 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
17928 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3204031479 | 0;
17929 h = g;
17930 g = f;
17931 f = e;
17932 e = d + t | 0;
17933 d = c;
17934 c = b;
17935 b = a;
17936 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17937 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
17938 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3329325298 | 0;
17939 h = g;
17940 g = f;
17941 f = e;
17942 e = d + t | 0;
17943 d = c;
17944 c = b;
17945 b = a;
17946 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
17947 H0 = H0 + a | 0;
17948 H1 = H1 + b | 0;
17949 H2 = H2 + c | 0;
17950 H3 = H3 + d | 0;
17951 H4 = H4 + e | 0;
17952 H5 = H5 + f | 0;
17953 H6 = H6 + g | 0;
17954 H7 = H7 + h | 0;
17955 }
17956 function _core_heap(offset) {
17957 offset = offset | 0;
17958 _core(HEAP[offset | 0] << 24 | HEAP[offset | 1] << 16 | HEAP[offset | 2] << 8 | HEAP[offset | 3], HEAP[offset | 4] << 24 | HEAP[offset | 5] << 16 | HEAP[offset | 6] << 8 | HEAP[offset | 7], HEAP[offset | 8] << 24 | HEAP[offset | 9] << 16 | HEAP[offset | 10] << 8 | HEAP[offset | 11], HEAP[offset | 12] << 24 | HEAP[offset | 13] << 16 | HEAP[offset | 14] << 8 | HEAP[offset | 15], HEAP[offset | 16] << 24 | HEAP[offset | 17] << 16 | HEAP[offset | 18] << 8 | HEAP[offset | 19], HEAP[offset | 20] << 24 | HEAP[offset | 21] << 16 | HEAP[offset | 22] << 8 | HEAP[offset | 23], HEAP[offset | 24] << 24 | HEAP[offset | 25] << 16 | HEAP[offset | 26] << 8 | HEAP[offset | 27], HEAP[offset | 28] << 24 | HEAP[offset | 29] << 16 | HEAP[offset | 30] << 8 | HEAP[offset | 31], HEAP[offset | 32] << 24 | HEAP[offset | 33] << 16 | HEAP[offset | 34] << 8 | HEAP[offset | 35], HEAP[offset | 36] << 24 | HEAP[offset | 37] << 16 | HEAP[offset | 38] << 8 | HEAP[offset | 39], HEAP[offset | 40] << 24 | HEAP[offset | 41] << 16 | HEAP[offset | 42] << 8 | HEAP[offset | 43], HEAP[offset | 44] << 24 | HEAP[offset | 45] << 16 | HEAP[offset | 46] << 8 | HEAP[offset | 47], HEAP[offset | 48] << 24 | HEAP[offset | 49] << 16 | HEAP[offset | 50] << 8 | HEAP[offset | 51], HEAP[offset | 52] << 24 | HEAP[offset | 53] << 16 | HEAP[offset | 54] << 8 | HEAP[offset | 55], HEAP[offset | 56] << 24 | HEAP[offset | 57] << 16 | HEAP[offset | 58] << 8 | HEAP[offset | 59], HEAP[offset | 60] << 24 | HEAP[offset | 61] << 16 | HEAP[offset | 62] << 8 | HEAP[offset | 63]);
17959 }
17960 function _state_to_heap(output) {
17961 output = output | 0;
17962 HEAP[output | 0] = H0 >>> 24;
17963 HEAP[output | 1] = H0 >>> 16 & 255;
17964 HEAP[output | 2] = H0 >>> 8 & 255;
17965 HEAP[output | 3] = H0 & 255;
17966 HEAP[output | 4] = H1 >>> 24;
17967 HEAP[output | 5] = H1 >>> 16 & 255;
17968 HEAP[output | 6] = H1 >>> 8 & 255;
17969 HEAP[output | 7] = H1 & 255;
17970 HEAP[output | 8] = H2 >>> 24;
17971 HEAP[output | 9] = H2 >>> 16 & 255;
17972 HEAP[output | 10] = H2 >>> 8 & 255;
17973 HEAP[output | 11] = H2 & 255;
17974 HEAP[output | 12] = H3 >>> 24;
17975 HEAP[output | 13] = H3 >>> 16 & 255;
17976 HEAP[output | 14] = H3 >>> 8 & 255;
17977 HEAP[output | 15] = H3 & 255;
17978 HEAP[output | 16] = H4 >>> 24;
17979 HEAP[output | 17] = H4 >>> 16 & 255;
17980 HEAP[output | 18] = H4 >>> 8 & 255;
17981 HEAP[output | 19] = H4 & 255;
17982 HEAP[output | 20] = H5 >>> 24;
17983 HEAP[output | 21] = H5 >>> 16 & 255;
17984 HEAP[output | 22] = H5 >>> 8 & 255;
17985 HEAP[output | 23] = H5 & 255;
17986 HEAP[output | 24] = H6 >>> 24;
17987 HEAP[output | 25] = H6 >>> 16 & 255;
17988 HEAP[output | 26] = H6 >>> 8 & 255;
17989 HEAP[output | 27] = H6 & 255;
17990 HEAP[output | 28] = H7 >>> 24;
17991 HEAP[output | 29] = H7 >>> 16 & 255;
17992 HEAP[output | 30] = H7 >>> 8 & 255;
17993 HEAP[output | 31] = H7 & 255;
17994 }
17995 function reset() {
17996 H0 = 1779033703;
17997 H1 = 3144134277;
17998 H2 = 1013904242;
17999 H3 = 2773480762;
18000 H4 = 1359893119;
18001 H5 = 2600822924;
18002 H6 = 528734635;
18003 H7 = 1541459225;
18004 TOTAL = 0;
18005 }
18006 function init(h0, h1, h2, h3, h4, h5, h6, h7, total) {
18007 h0 = h0 | 0;
18008 h1 = h1 | 0;
18009 h2 = h2 | 0;
18010 h3 = h3 | 0;
18011 h4 = h4 | 0;
18012 h5 = h5 | 0;
18013 h6 = h6 | 0;
18014 h7 = h7 | 0;
18015 total = total | 0;
18016 H0 = h0;
18017 H1 = h1;
18018 H2 = h2;
18019 H3 = h3;
18020 H4 = h4;
18021 H5 = h5;
18022 H6 = h6;
18023 H7 = h7;
18024 TOTAL = total;
18025 }
18026 function process(offset, length) {
18027 offset = offset | 0;
18028 length = length | 0;
18029 var hashed = 0;
18030 if (offset & 63) return -1;
18031 while ((length | 0) >= 64) {
18032 _core_heap(offset);
18033 offset = offset + 64 | 0;
18034 length = length - 64 | 0;
18035 hashed = hashed + 64 | 0;
18036 }
18037 TOTAL = TOTAL + hashed | 0;
18038 return hashed | 0;
18039 }
18040 function finish(offset, length, output) {
18041 offset = offset | 0;
18042 length = length | 0;
18043 output = output | 0;
18044 var hashed = 0, i = 0;
18045 if (offset & 63) return -1;
18046 if (~output) if (output & 31) return -1;
18047 if ((length | 0) >= 64) {
18048 hashed = process(offset, length) | 0;
18049 if ((hashed | 0) == -1) return -1;
18050 offset = offset + hashed | 0;
18051 length = length - hashed | 0;
18052 }
18053 hashed = hashed + length | 0;
18054 TOTAL = TOTAL + length | 0;
18055 HEAP[offset | length] = 128;
18056 if ((length | 0) >= 56) {
18057 for (i = length + 1 | 0; (i | 0) < 64; i = i + 1 | 0) HEAP[offset | i] = 0;
18058 _core_heap(offset);
18059 length = 0;
18060 HEAP[offset | 0] = 0;
18061 }
18062 for (i = length + 1 | 0; (i | 0) < 59; i = i + 1 | 0) HEAP[offset | i] = 0;
18063 HEAP[offset | 59] = TOTAL >>> 29;
18064 HEAP[offset | 60] = TOTAL >>> 21 & 255;
18065 HEAP[offset | 61] = TOTAL >>> 13 & 255;
18066 HEAP[offset | 62] = TOTAL >>> 5 & 255;
18067 HEAP[offset | 63] = TOTAL << 3 & 255;
18068 _core_heap(offset);
18069 if (~output) _state_to_heap(output);
18070 return hashed | 0;
18071 }
18072 function hmac_reset() {
18073 H0 = I0;
18074 H1 = I1;
18075 H2 = I2;
18076 H3 = I3;
18077 H4 = I4;
18078 H5 = I5;
18079 H6 = I6;
18080 H7 = I7;
18081 TOTAL = 64;
18082 }
18083 function _hmac_opad() {
18084 H0 = O0;
18085 H1 = O1;
18086 H2 = O2;
18087 H3 = O3;
18088 H4 = O4;
18089 H5 = O5;
18090 H6 = O6;
18091 H7 = O7;
18092 TOTAL = 64;
18093 }
18094 function hmac_init(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15) {
18095 p0 = p0 | 0;
18096 p1 = p1 | 0;
18097 p2 = p2 | 0;
18098 p3 = p3 | 0;
18099 p4 = p4 | 0;
18100 p5 = p5 | 0;
18101 p6 = p6 | 0;
18102 p7 = p7 | 0;
18103 p8 = p8 | 0;
18104 p9 = p9 | 0;
18105 p10 = p10 | 0;
18106 p11 = p11 | 0;
18107 p12 = p12 | 0;
18108 p13 = p13 | 0;
18109 p14 = p14 | 0;
18110 p15 = p15 | 0;
18111 reset();
18112 _core(p0 ^ 1549556828, p1 ^ 1549556828, p2 ^ 1549556828, p3 ^ 1549556828, p4 ^ 1549556828, p5 ^ 1549556828, p6 ^ 1549556828, p7 ^ 1549556828, p8 ^ 1549556828, p9 ^ 1549556828, p10 ^ 1549556828, p11 ^ 1549556828, p12 ^ 1549556828, p13 ^ 1549556828, p14 ^ 1549556828, p15 ^ 1549556828);
18113 O0 = H0;
18114 O1 = H1;
18115 O2 = H2;
18116 O3 = H3;
18117 O4 = H4;
18118 O5 = H5;
18119 O6 = H6;
18120 O7 = H7;
18121 reset();
18122 _core(p0 ^ 909522486, p1 ^ 909522486, p2 ^ 909522486, p3 ^ 909522486, p4 ^ 909522486, p5 ^ 909522486, p6 ^ 909522486, p7 ^ 909522486, p8 ^ 909522486, p9 ^ 909522486, p10 ^ 909522486, p11 ^ 909522486, p12 ^ 909522486, p13 ^ 909522486, p14 ^ 909522486, p15 ^ 909522486);
18123 I0 = H0;
18124 I1 = H1;
18125 I2 = H2;
18126 I3 = H3;
18127 I4 = H4;
18128 I5 = H5;
18129 I6 = H6;
18130 I7 = H7;
18131 TOTAL = 64;
18132 }
18133 function hmac_finish(offset, length, output) {
18134 offset = offset | 0;
18135 length = length | 0;
18136 output = output | 0;
18137 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, hashed = 0;
18138 if (offset & 63) return -1;
18139 if (~output) if (output & 31) return -1;
18140 hashed = finish(offset, length, -1) | 0;
18141 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
18142 _hmac_opad();
18143 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
18144 if (~output) _state_to_heap(output);
18145 return hashed | 0;
18146 }
18147 function pbkdf2_generate_block(offset, length, block, count, output) {
18148 offset = offset | 0;
18149 length = length | 0;
18150 block = block | 0;
18151 count = count | 0;
18152 output = output | 0;
18153 var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;
18154 if (offset & 63) return -1;
18155 if (~output) if (output & 31) return -1;
18156 HEAP[offset + length | 0] = block >>> 24;
18157 HEAP[offset + length + 1 | 0] = block >>> 16 & 255;
18158 HEAP[offset + length + 2 | 0] = block >>> 8 & 255;
18159 HEAP[offset + length + 3 | 0] = block & 255;
18160 // Closure compiler warning - The result of the 'bitor' operator is not being used
18161 //hmac_finish(offset, length + 4 | 0, -1) | 0;
18162 hmac_finish(offset, length + 4 | 0, -1);
18163 h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5,
18164 h6 = t6 = H6, h7 = t7 = H7;
18165 count = count - 1 | 0;
18166 while ((count | 0) > 0) {
18167 hmac_reset();
18168 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
18169 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
18170 _hmac_opad();
18171 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
18172 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
18173 h0 = h0 ^ H0;
18174 h1 = h1 ^ H1;
18175 h2 = h2 ^ H2;
18176 h3 = h3 ^ H3;
18177 h4 = h4 ^ H4;
18178 h5 = h5 ^ H5;
18179 h6 = h6 ^ H6;
18180 h7 = h7 ^ H7;
18181 count = count - 1 | 0;
18182 }
18183 H0 = h0;
18184 H1 = h1;
18185 H2 = h2;
18186 H3 = h3;
18187 H4 = h4;
18188 H5 = h5;
18189 H6 = h6;
18190 H7 = h7;
18191 if (~output) _state_to_heap(output);
18192 return 0;
18193 }
18194 return {
18195 reset: reset,
18196 init: init,
18197 process: process,
18198 finish: finish,
18199 hmac_reset: hmac_reset,
18200 hmac_init: hmac_init,
18201 hmac_finish: hmac_finish,
18202 pbkdf2_generate_block: pbkdf2_generate_block
18203 };
18204 }
18205 var _sha256_block_size = 64, _sha256_hash_size = 32;
18206 function sha256_constructor(options) {
18207 options = options || {};
18208 options.heapSize = options.heapSize || 4096;
18209 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
18210 this.heap = options.heap || new Uint8Array(options.heapSize);
18211 this.asm = options.asm || sha256_asm(global, null, this.heap.buffer);
18212 this.BLOCK_SIZE = _sha256_block_size;
18213 this.HASH_SIZE = _sha256_hash_size;
18214 this.reset();
18215 }
18216 function sha256_reset() {
18217 this.result = null;
18218 this.pos = 0;
18219 this.len = 0;
18220 this.asm.reset();
18221 return this;
18222 }
18223 function sha256_process(data) {
18224 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
18225 var dpos = 0, dlen = 0, clen = 0;
18226 if (is_buffer(data) || is_bytes(data)) {
18227 dpos = data.byteOffset || 0;
18228 dlen = data.byteLength;
18229 } else if (is_string(data)) {
18230 dlen = data.length;
18231 } else {
18232 throw new TypeError("data isn't of expected type");
18233 }
18234 while (dlen > 0) {
18235 clen = this.heap.byteLength - this.pos - this.len;
18236 clen = clen < dlen ? clen : dlen;
18237 if (is_buffer(data) || is_bytes(data)) {
18238 this.heap.set(new Uint8Array(data.buffer || data, dpos, clen), this.pos + this.len);
18239 } else {
18240 for (var i = 0; i < clen; i++) this.heap[this.pos + this.len + i] = data.charCodeAt(dpos + i);
18241 }
18242 this.len += clen;
18243 dpos += clen;
18244 dlen -= clen;
18245 clen = this.asm.process(this.pos, this.len);
18246 if (clen < this.len) {
18247 this.pos += clen;
18248 this.len -= clen;
18249 } else {
18250 this.pos = 0;
18251 this.len = 0;
18252 }
18253 }
18254 return this;
18255 }
18256 function sha256_finish() {
18257 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
18258 this.asm.finish(this.pos, this.len, 0);
18259 this.result = new Uint8Array(_sha256_hash_size);
18260 this.result.set(this.heap.subarray(0, _sha256_hash_size));
18261 this.pos = 0;
18262 this.len = 0;
18263 return this;
18264 }
18265 sha256_constructor.BLOCK_SIZE = _sha256_block_size;
18266 sha256_constructor.HASH_SIZE = _sha256_hash_size;
18267 var sha256_prototype = sha256_constructor.prototype;
18268 sha256_prototype.reset = sha256_reset;
18269 sha256_prototype.process = sha256_process;
18270 sha256_prototype.finish = sha256_finish;
18271 function sha512_asm(stdlib, foreign, buffer) {
18272 // Closure Compiler warning - commented out
18273 //"use asm";
18274 var H0h = 0, H0l = 0, H1h = 0, H1l = 0, H2h = 0, H2l = 0, H3h = 0, H3l = 0, H4h = 0, H4l = 0, H5h = 0, H5l = 0, H6h = 0, H6l = 0, H7h = 0, H7l = 0, TOTAL = 0;
18275 var I0h = 0, I0l = 0, I1h = 0, I1l = 0, I2h = 0, I2l = 0, I3h = 0, I3l = 0, I4h = 0, I4l = 0, I5h = 0, I5l = 0, I6h = 0, I6l = 0, I7h = 0, I7l = 0, O0h = 0, O0l = 0, O1h = 0, O1l = 0, O2h = 0, O2l = 0, O3h = 0, O3l = 0, O4h = 0, O4l = 0, O5h = 0, O5l = 0, O6h = 0, O6l = 0, O7h = 0, O7l = 0;
18276 var HEAP = new stdlib.Uint8Array(buffer);
18277 function _core(w0h, w0l, w1h, w1l, w2h, w2l, w3h, w3l, w4h, w4l, w5h, w5l, w6h, w6l, w7h, w7l, w8h, w8l, w9h, w9l, w10h, w10l, w11h, w11l, w12h, w12l, w13h, w13l, w14h, w14l, w15h, w15l) {
18278 w0h = w0h | 0;
18279 w0l = w0l | 0;
18280 w1h = w1h | 0;
18281 w1l = w1l | 0;
18282 w2h = w2h | 0;
18283 w2l = w2l | 0;
18284 w3h = w3h | 0;
18285 w3l = w3l | 0;
18286 w4h = w4h | 0;
18287 w4l = w4l | 0;
18288 w5h = w5h | 0;
18289 w5l = w5l | 0;
18290 w6h = w6h | 0;
18291 w6l = w6l | 0;
18292 w7h = w7h | 0;
18293 w7l = w7l | 0;
18294 w8h = w8h | 0;
18295 w8l = w8l | 0;
18296 w9h = w9h | 0;
18297 w9l = w9l | 0;
18298 w10h = w10h | 0;
18299 w10l = w10l | 0;
18300 w11h = w11h | 0;
18301 w11l = w11l | 0;
18302 w12h = w12h | 0;
18303 w12l = w12l | 0;
18304 w13h = w13h | 0;
18305 w13l = w13l | 0;
18306 w14h = w14h | 0;
18307 w14l = w14l | 0;
18308 w15h = w15h | 0;
18309 w15l = w15l | 0;
18310 var ah = 0, al = 0, bh = 0, bl = 0, ch = 0, cl = 0, dh = 0, dl = 0, eh = 0, el = 0, fh = 0, fl = 0, gh = 0, gl = 0, hh = 0, hl = 0, th = 0, tl = 0, xl = 0;
18311 ah = H0h;
18312 al = H0l;
18313 bh = H1h;
18314 bl = H1l;
18315 ch = H2h;
18316 cl = H2l;
18317 dh = H3h;
18318 dl = H3l;
18319 eh = H4h;
18320 el = H4l;
18321 fh = H5h;
18322 fl = H5l;
18323 gh = H6h;
18324 gl = H6l;
18325 hh = H7h;
18326 hl = H7l;
18327 tl = 3609767458 + w0l | 0;
18328 th = 1116352408 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
18329 tl = tl + hl | 0;
18330 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18331 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18332 tl = tl + xl | 0;
18333 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18334 xl = gl ^ el & (fl ^ gl) | 0;
18335 tl = tl + xl | 0;
18336 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18337 hl = gl;
18338 hh = gh;
18339 gl = fl;
18340 gh = fh;
18341 fl = el;
18342 fh = eh;
18343 el = dl + tl | 0;
18344 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18345 dl = cl;
18346 dh = ch;
18347 cl = bl;
18348 ch = bh;
18349 bl = al;
18350 bh = ah;
18351 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18352 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18353 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18354 al = al + xl | 0;
18355 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18356 tl = 602891725 + w1l | 0;
18357 th = 1899447441 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
18358 tl = tl + hl | 0;
18359 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18360 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18361 tl = tl + xl | 0;
18362 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18363 xl = gl ^ el & (fl ^ gl) | 0;
18364 tl = tl + xl | 0;
18365 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18366 hl = gl;
18367 hh = gh;
18368 gl = fl;
18369 gh = fh;
18370 fl = el;
18371 fh = eh;
18372 el = dl + tl | 0;
18373 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18374 dl = cl;
18375 dh = ch;
18376 cl = bl;
18377 ch = bh;
18378 bl = al;
18379 bh = ah;
18380 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18381 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18382 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18383 al = al + xl | 0;
18384 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18385 tl = 3964484399 + w2l | 0;
18386 th = 3049323471 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
18387 tl = tl + hl | 0;
18388 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18389 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18390 tl = tl + xl | 0;
18391 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18392 xl = gl ^ el & (fl ^ gl) | 0;
18393 tl = tl + xl | 0;
18394 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18395 hl = gl;
18396 hh = gh;
18397 gl = fl;
18398 gh = fh;
18399 fl = el;
18400 fh = eh;
18401 el = dl + tl | 0;
18402 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18403 dl = cl;
18404 dh = ch;
18405 cl = bl;
18406 ch = bh;
18407 bl = al;
18408 bh = ah;
18409 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18410 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18411 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18412 al = al + xl | 0;
18413 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18414 tl = 2173295548 + w3l | 0;
18415 th = 3921009573 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
18416 tl = tl + hl | 0;
18417 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18418 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18419 tl = tl + xl | 0;
18420 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18421 xl = gl ^ el & (fl ^ gl) | 0;
18422 tl = tl + xl | 0;
18423 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18424 hl = gl;
18425 hh = gh;
18426 gl = fl;
18427 gh = fh;
18428 fl = el;
18429 fh = eh;
18430 el = dl + tl | 0;
18431 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18432 dl = cl;
18433 dh = ch;
18434 cl = bl;
18435 ch = bh;
18436 bl = al;
18437 bh = ah;
18438 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18439 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18440 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18441 al = al + xl | 0;
18442 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18443 tl = 4081628472 + w4l | 0;
18444 th = 961987163 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
18445 tl = tl + hl | 0;
18446 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18447 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18448 tl = tl + xl | 0;
18449 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18450 xl = gl ^ el & (fl ^ gl) | 0;
18451 tl = tl + xl | 0;
18452 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18453 hl = gl;
18454 hh = gh;
18455 gl = fl;
18456 gh = fh;
18457 fl = el;
18458 fh = eh;
18459 el = dl + tl | 0;
18460 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18461 dl = cl;
18462 dh = ch;
18463 cl = bl;
18464 ch = bh;
18465 bl = al;
18466 bh = ah;
18467 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18468 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18469 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18470 al = al + xl | 0;
18471 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18472 tl = 3053834265 + w5l | 0;
18473 th = 1508970993 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
18474 tl = tl + hl | 0;
18475 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18476 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18477 tl = tl + xl | 0;
18478 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18479 xl = gl ^ el & (fl ^ gl) | 0;
18480 tl = tl + xl | 0;
18481 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18482 hl = gl;
18483 hh = gh;
18484 gl = fl;
18485 gh = fh;
18486 fl = el;
18487 fh = eh;
18488 el = dl + tl | 0;
18489 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18490 dl = cl;
18491 dh = ch;
18492 cl = bl;
18493 ch = bh;
18494 bl = al;
18495 bh = ah;
18496 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18497 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18498 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18499 al = al + xl | 0;
18500 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18501 tl = 2937671579 + w6l | 0;
18502 th = 2453635748 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
18503 tl = tl + hl | 0;
18504 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18505 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18506 tl = tl + xl | 0;
18507 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18508 xl = gl ^ el & (fl ^ gl) | 0;
18509 tl = tl + xl | 0;
18510 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18511 hl = gl;
18512 hh = gh;
18513 gl = fl;
18514 gh = fh;
18515 fl = el;
18516 fh = eh;
18517 el = dl + tl | 0;
18518 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18519 dl = cl;
18520 dh = ch;
18521 cl = bl;
18522 ch = bh;
18523 bl = al;
18524 bh = ah;
18525 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18526 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18527 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18528 al = al + xl | 0;
18529 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18530 tl = 3664609560 + w7l | 0;
18531 th = 2870763221 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
18532 tl = tl + hl | 0;
18533 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18534 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18535 tl = tl + xl | 0;
18536 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18537 xl = gl ^ el & (fl ^ gl) | 0;
18538 tl = tl + xl | 0;
18539 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18540 hl = gl;
18541 hh = gh;
18542 gl = fl;
18543 gh = fh;
18544 fl = el;
18545 fh = eh;
18546 el = dl + tl | 0;
18547 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18548 dl = cl;
18549 dh = ch;
18550 cl = bl;
18551 ch = bh;
18552 bl = al;
18553 bh = ah;
18554 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18555 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18556 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18557 al = al + xl | 0;
18558 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18559 tl = 2734883394 + w8l | 0;
18560 th = 3624381080 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
18561 tl = tl + hl | 0;
18562 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18563 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18564 tl = tl + xl | 0;
18565 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18566 xl = gl ^ el & (fl ^ gl) | 0;
18567 tl = tl + xl | 0;
18568 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18569 hl = gl;
18570 hh = gh;
18571 gl = fl;
18572 gh = fh;
18573 fl = el;
18574 fh = eh;
18575 el = dl + tl | 0;
18576 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18577 dl = cl;
18578 dh = ch;
18579 cl = bl;
18580 ch = bh;
18581 bl = al;
18582 bh = ah;
18583 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18584 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18585 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18586 al = al + xl | 0;
18587 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18588 tl = 1164996542 + w9l | 0;
18589 th = 310598401 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
18590 tl = tl + hl | 0;
18591 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18592 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18593 tl = tl + xl | 0;
18594 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18595 xl = gl ^ el & (fl ^ gl) | 0;
18596 tl = tl + xl | 0;
18597 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18598 hl = gl;
18599 hh = gh;
18600 gl = fl;
18601 gh = fh;
18602 fl = el;
18603 fh = eh;
18604 el = dl + tl | 0;
18605 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18606 dl = cl;
18607 dh = ch;
18608 cl = bl;
18609 ch = bh;
18610 bl = al;
18611 bh = ah;
18612 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18613 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18614 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18615 al = al + xl | 0;
18616 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18617 tl = 1323610764 + w10l | 0;
18618 th = 607225278 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
18619 tl = tl + hl | 0;
18620 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18621 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18622 tl = tl + xl | 0;
18623 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18624 xl = gl ^ el & (fl ^ gl) | 0;
18625 tl = tl + xl | 0;
18626 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18627 hl = gl;
18628 hh = gh;
18629 gl = fl;
18630 gh = fh;
18631 fl = el;
18632 fh = eh;
18633 el = dl + tl | 0;
18634 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18635 dl = cl;
18636 dh = ch;
18637 cl = bl;
18638 ch = bh;
18639 bl = al;
18640 bh = ah;
18641 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18642 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18643 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18644 al = al + xl | 0;
18645 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18646 tl = 3590304994 + w11l | 0;
18647 th = 1426881987 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
18648 tl = tl + hl | 0;
18649 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18650 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18651 tl = tl + xl | 0;
18652 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18653 xl = gl ^ el & (fl ^ gl) | 0;
18654 tl = tl + xl | 0;
18655 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18656 hl = gl;
18657 hh = gh;
18658 gl = fl;
18659 gh = fh;
18660 fl = el;
18661 fh = eh;
18662 el = dl + tl | 0;
18663 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18664 dl = cl;
18665 dh = ch;
18666 cl = bl;
18667 ch = bh;
18668 bl = al;
18669 bh = ah;
18670 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18671 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18672 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18673 al = al + xl | 0;
18674 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18675 tl = 4068182383 + w12l | 0;
18676 th = 1925078388 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
18677 tl = tl + hl | 0;
18678 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18679 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18680 tl = tl + xl | 0;
18681 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18682 xl = gl ^ el & (fl ^ gl) | 0;
18683 tl = tl + xl | 0;
18684 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18685 hl = gl;
18686 hh = gh;
18687 gl = fl;
18688 gh = fh;
18689 fl = el;
18690 fh = eh;
18691 el = dl + tl | 0;
18692 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18693 dl = cl;
18694 dh = ch;
18695 cl = bl;
18696 ch = bh;
18697 bl = al;
18698 bh = ah;
18699 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18700 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18701 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18702 al = al + xl | 0;
18703 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18704 tl = 991336113 + w13l | 0;
18705 th = 2162078206 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
18706 tl = tl + hl | 0;
18707 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18708 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18709 tl = tl + xl | 0;
18710 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18711 xl = gl ^ el & (fl ^ gl) | 0;
18712 tl = tl + xl | 0;
18713 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18714 hl = gl;
18715 hh = gh;
18716 gl = fl;
18717 gh = fh;
18718 fl = el;
18719 fh = eh;
18720 el = dl + tl | 0;
18721 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18722 dl = cl;
18723 dh = ch;
18724 cl = bl;
18725 ch = bh;
18726 bl = al;
18727 bh = ah;
18728 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18729 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18730 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18731 al = al + xl | 0;
18732 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18733 tl = 633803317 + w14l | 0;
18734 th = 2614888103 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
18735 tl = tl + hl | 0;
18736 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18737 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18738 tl = tl + xl | 0;
18739 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18740 xl = gl ^ el & (fl ^ gl) | 0;
18741 tl = tl + xl | 0;
18742 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18743 hl = gl;
18744 hh = gh;
18745 gl = fl;
18746 gh = fh;
18747 fl = el;
18748 fh = eh;
18749 el = dl + tl | 0;
18750 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18751 dl = cl;
18752 dh = ch;
18753 cl = bl;
18754 ch = bh;
18755 bl = al;
18756 bh = ah;
18757 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18758 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18759 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18760 al = al + xl | 0;
18761 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18762 tl = 3479774868 + w15l | 0;
18763 th = 3248222580 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
18764 tl = tl + hl | 0;
18765 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18766 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18767 tl = tl + xl | 0;
18768 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18769 xl = gl ^ el & (fl ^ gl) | 0;
18770 tl = tl + xl | 0;
18771 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18772 hl = gl;
18773 hh = gh;
18774 gl = fl;
18775 gh = fh;
18776 fl = el;
18777 fh = eh;
18778 el = dl + tl | 0;
18779 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18780 dl = cl;
18781 dh = ch;
18782 cl = bl;
18783 ch = bh;
18784 bl = al;
18785 bh = ah;
18786 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18787 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18788 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18789 al = al + xl | 0;
18790 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18791 w0l = w0l + w9l | 0;
18792 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
18793 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
18794 w0l = w0l + xl | 0;
18795 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18796 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
18797 w0l = w0l + xl | 0;
18798 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18799 tl = 2666613458 + w0l | 0;
18800 th = 3835390401 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
18801 tl = tl + hl | 0;
18802 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18803 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18804 tl = tl + xl | 0;
18805 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18806 xl = gl ^ el & (fl ^ gl) | 0;
18807 tl = tl + xl | 0;
18808 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18809 hl = gl;
18810 hh = gh;
18811 gl = fl;
18812 gh = fh;
18813 fl = el;
18814 fh = eh;
18815 el = dl + tl | 0;
18816 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18817 dl = cl;
18818 dh = ch;
18819 cl = bl;
18820 ch = bh;
18821 bl = al;
18822 bh = ah;
18823 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18824 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18825 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18826 al = al + xl | 0;
18827 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18828 w1l = w1l + w10l | 0;
18829 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
18830 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
18831 w1l = w1l + xl | 0;
18832 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18833 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
18834 w1l = w1l + xl | 0;
18835 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18836 tl = 944711139 + w1l | 0;
18837 th = 4022224774 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
18838 tl = tl + hl | 0;
18839 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18840 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18841 tl = tl + xl | 0;
18842 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18843 xl = gl ^ el & (fl ^ gl) | 0;
18844 tl = tl + xl | 0;
18845 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18846 hl = gl;
18847 hh = gh;
18848 gl = fl;
18849 gh = fh;
18850 fl = el;
18851 fh = eh;
18852 el = dl + tl | 0;
18853 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18854 dl = cl;
18855 dh = ch;
18856 cl = bl;
18857 ch = bh;
18858 bl = al;
18859 bh = ah;
18860 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18861 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18862 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18863 al = al + xl | 0;
18864 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18865 w2l = w2l + w11l | 0;
18866 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
18867 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
18868 w2l = w2l + xl | 0;
18869 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18870 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
18871 w2l = w2l + xl | 0;
18872 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18873 tl = 2341262773 + w2l | 0;
18874 th = 264347078 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
18875 tl = tl + hl | 0;
18876 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18877 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18878 tl = tl + xl | 0;
18879 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18880 xl = gl ^ el & (fl ^ gl) | 0;
18881 tl = tl + xl | 0;
18882 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18883 hl = gl;
18884 hh = gh;
18885 gl = fl;
18886 gh = fh;
18887 fl = el;
18888 fh = eh;
18889 el = dl + tl | 0;
18890 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18891 dl = cl;
18892 dh = ch;
18893 cl = bl;
18894 ch = bh;
18895 bl = al;
18896 bh = ah;
18897 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18898 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18899 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18900 al = al + xl | 0;
18901 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18902 w3l = w3l + w12l | 0;
18903 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
18904 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
18905 w3l = w3l + xl | 0;
18906 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18907 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
18908 w3l = w3l + xl | 0;
18909 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18910 tl = 2007800933 + w3l | 0;
18911 th = 604807628 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
18912 tl = tl + hl | 0;
18913 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18914 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18915 tl = tl + xl | 0;
18916 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18917 xl = gl ^ el & (fl ^ gl) | 0;
18918 tl = tl + xl | 0;
18919 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18920 hl = gl;
18921 hh = gh;
18922 gl = fl;
18923 gh = fh;
18924 fl = el;
18925 fh = eh;
18926 el = dl + tl | 0;
18927 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18928 dl = cl;
18929 dh = ch;
18930 cl = bl;
18931 ch = bh;
18932 bl = al;
18933 bh = ah;
18934 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18935 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18936 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18937 al = al + xl | 0;
18938 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18939 w4l = w4l + w13l | 0;
18940 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
18941 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
18942 w4l = w4l + xl | 0;
18943 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18944 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
18945 w4l = w4l + xl | 0;
18946 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18947 tl = 1495990901 + w4l | 0;
18948 th = 770255983 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
18949 tl = tl + hl | 0;
18950 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18951 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18952 tl = tl + xl | 0;
18953 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18954 xl = gl ^ el & (fl ^ gl) | 0;
18955 tl = tl + xl | 0;
18956 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18957 hl = gl;
18958 hh = gh;
18959 gl = fl;
18960 gh = fh;
18961 fl = el;
18962 fh = eh;
18963 el = dl + tl | 0;
18964 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
18965 dl = cl;
18966 dh = ch;
18967 cl = bl;
18968 ch = bh;
18969 bl = al;
18970 bh = ah;
18971 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
18972 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
18973 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
18974 al = al + xl | 0;
18975 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18976 w5l = w5l + w14l | 0;
18977 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
18978 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
18979 w5l = w5l + xl | 0;
18980 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18981 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
18982 w5l = w5l + xl | 0;
18983 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18984 tl = 1856431235 + w5l | 0;
18985 th = 1249150122 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
18986 tl = tl + hl | 0;
18987 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
18988 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
18989 tl = tl + xl | 0;
18990 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18991 xl = gl ^ el & (fl ^ gl) | 0;
18992 tl = tl + xl | 0;
18993 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
18994 hl = gl;
18995 hh = gh;
18996 gl = fl;
18997 gh = fh;
18998 fl = el;
18999 fh = eh;
19000 el = dl + tl | 0;
19001 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19002 dl = cl;
19003 dh = ch;
19004 cl = bl;
19005 ch = bh;
19006 bl = al;
19007 bh = ah;
19008 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19009 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19010 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19011 al = al + xl | 0;
19012 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19013 w6l = w6l + w15l | 0;
19014 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
19015 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
19016 w6l = w6l + xl | 0;
19017 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19018 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
19019 w6l = w6l + xl | 0;
19020 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19021 tl = 3175218132 + w6l | 0;
19022 th = 1555081692 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
19023 tl = tl + hl | 0;
19024 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19025 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19026 tl = tl + xl | 0;
19027 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19028 xl = gl ^ el & (fl ^ gl) | 0;
19029 tl = tl + xl | 0;
19030 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19031 hl = gl;
19032 hh = gh;
19033 gl = fl;
19034 gh = fh;
19035 fl = el;
19036 fh = eh;
19037 el = dl + tl | 0;
19038 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19039 dl = cl;
19040 dh = ch;
19041 cl = bl;
19042 ch = bh;
19043 bl = al;
19044 bh = ah;
19045 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19046 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19047 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19048 al = al + xl | 0;
19049 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19050 w7l = w7l + w0l | 0;
19051 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
19052 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
19053 w7l = w7l + xl | 0;
19054 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19055 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
19056 w7l = w7l + xl | 0;
19057 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19058 tl = 2198950837 + w7l | 0;
19059 th = 1996064986 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
19060 tl = tl + hl | 0;
19061 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19062 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19063 tl = tl + xl | 0;
19064 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19065 xl = gl ^ el & (fl ^ gl) | 0;
19066 tl = tl + xl | 0;
19067 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19068 hl = gl;
19069 hh = gh;
19070 gl = fl;
19071 gh = fh;
19072 fl = el;
19073 fh = eh;
19074 el = dl + tl | 0;
19075 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19076 dl = cl;
19077 dh = ch;
19078 cl = bl;
19079 ch = bh;
19080 bl = al;
19081 bh = ah;
19082 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19083 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19084 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19085 al = al + xl | 0;
19086 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19087 w8l = w8l + w1l | 0;
19088 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
19089 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
19090 w8l = w8l + xl | 0;
19091 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19092 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
19093 w8l = w8l + xl | 0;
19094 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19095 tl = 3999719339 + w8l | 0;
19096 th = 2554220882 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
19097 tl = tl + hl | 0;
19098 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19099 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19100 tl = tl + xl | 0;
19101 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19102 xl = gl ^ el & (fl ^ gl) | 0;
19103 tl = tl + xl | 0;
19104 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19105 hl = gl;
19106 hh = gh;
19107 gl = fl;
19108 gh = fh;
19109 fl = el;
19110 fh = eh;
19111 el = dl + tl | 0;
19112 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19113 dl = cl;
19114 dh = ch;
19115 cl = bl;
19116 ch = bh;
19117 bl = al;
19118 bh = ah;
19119 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19120 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19121 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19122 al = al + xl | 0;
19123 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19124 w9l = w9l + w2l | 0;
19125 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
19126 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
19127 w9l = w9l + xl | 0;
19128 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19129 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
19130 w9l = w9l + xl | 0;
19131 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19132 tl = 766784016 + w9l | 0;
19133 th = 2821834349 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
19134 tl = tl + hl | 0;
19135 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19136 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19137 tl = tl + xl | 0;
19138 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19139 xl = gl ^ el & (fl ^ gl) | 0;
19140 tl = tl + xl | 0;
19141 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19142 hl = gl;
19143 hh = gh;
19144 gl = fl;
19145 gh = fh;
19146 fl = el;
19147 fh = eh;
19148 el = dl + tl | 0;
19149 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19150 dl = cl;
19151 dh = ch;
19152 cl = bl;
19153 ch = bh;
19154 bl = al;
19155 bh = ah;
19156 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19157 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19158 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19159 al = al + xl | 0;
19160 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19161 w10l = w10l + w3l | 0;
19162 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
19163 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
19164 w10l = w10l + xl | 0;
19165 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19166 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
19167 w10l = w10l + xl | 0;
19168 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19169 tl = 2566594879 + w10l | 0;
19170 th = 2952996808 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
19171 tl = tl + hl | 0;
19172 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19173 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19174 tl = tl + xl | 0;
19175 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19176 xl = gl ^ el & (fl ^ gl) | 0;
19177 tl = tl + xl | 0;
19178 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19179 hl = gl;
19180 hh = gh;
19181 gl = fl;
19182 gh = fh;
19183 fl = el;
19184 fh = eh;
19185 el = dl + tl | 0;
19186 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19187 dl = cl;
19188 dh = ch;
19189 cl = bl;
19190 ch = bh;
19191 bl = al;
19192 bh = ah;
19193 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19194 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19195 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19196 al = al + xl | 0;
19197 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19198 w11l = w11l + w4l | 0;
19199 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
19200 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
19201 w11l = w11l + xl | 0;
19202 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19203 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
19204 w11l = w11l + xl | 0;
19205 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19206 tl = 3203337956 + w11l | 0;
19207 th = 3210313671 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
19208 tl = tl + hl | 0;
19209 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19210 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19211 tl = tl + xl | 0;
19212 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19213 xl = gl ^ el & (fl ^ gl) | 0;
19214 tl = tl + xl | 0;
19215 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19216 hl = gl;
19217 hh = gh;
19218 gl = fl;
19219 gh = fh;
19220 fl = el;
19221 fh = eh;
19222 el = dl + tl | 0;
19223 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19224 dl = cl;
19225 dh = ch;
19226 cl = bl;
19227 ch = bh;
19228 bl = al;
19229 bh = ah;
19230 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19231 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19232 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19233 al = al + xl | 0;
19234 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19235 w12l = w12l + w5l | 0;
19236 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
19237 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
19238 w12l = w12l + xl | 0;
19239 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19240 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
19241 w12l = w12l + xl | 0;
19242 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19243 tl = 1034457026 + w12l | 0;
19244 th = 3336571891 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
19245 tl = tl + hl | 0;
19246 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19247 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19248 tl = tl + xl | 0;
19249 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19250 xl = gl ^ el & (fl ^ gl) | 0;
19251 tl = tl + xl | 0;
19252 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19253 hl = gl;
19254 hh = gh;
19255 gl = fl;
19256 gh = fh;
19257 fl = el;
19258 fh = eh;
19259 el = dl + tl | 0;
19260 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19261 dl = cl;
19262 dh = ch;
19263 cl = bl;
19264 ch = bh;
19265 bl = al;
19266 bh = ah;
19267 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19268 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19269 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19270 al = al + xl | 0;
19271 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19272 w13l = w13l + w6l | 0;
19273 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
19274 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
19275 w13l = w13l + xl | 0;
19276 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19277 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
19278 w13l = w13l + xl | 0;
19279 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19280 tl = 2466948901 + w13l | 0;
19281 th = 3584528711 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
19282 tl = tl + hl | 0;
19283 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19284 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19285 tl = tl + xl | 0;
19286 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19287 xl = gl ^ el & (fl ^ gl) | 0;
19288 tl = tl + xl | 0;
19289 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19290 hl = gl;
19291 hh = gh;
19292 gl = fl;
19293 gh = fh;
19294 fl = el;
19295 fh = eh;
19296 el = dl + tl | 0;
19297 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19298 dl = cl;
19299 dh = ch;
19300 cl = bl;
19301 ch = bh;
19302 bl = al;
19303 bh = ah;
19304 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19305 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19306 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19307 al = al + xl | 0;
19308 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19309 w14l = w14l + w7l | 0;
19310 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
19311 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
19312 w14l = w14l + xl | 0;
19313 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19314 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
19315 w14l = w14l + xl | 0;
19316 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19317 tl = 3758326383 + w14l | 0;
19318 th = 113926993 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
19319 tl = tl + hl | 0;
19320 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19321 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19322 tl = tl + xl | 0;
19323 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19324 xl = gl ^ el & (fl ^ gl) | 0;
19325 tl = tl + xl | 0;
19326 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19327 hl = gl;
19328 hh = gh;
19329 gl = fl;
19330 gh = fh;
19331 fl = el;
19332 fh = eh;
19333 el = dl + tl | 0;
19334 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19335 dl = cl;
19336 dh = ch;
19337 cl = bl;
19338 ch = bh;
19339 bl = al;
19340 bh = ah;
19341 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19342 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19343 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19344 al = al + xl | 0;
19345 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19346 w15l = w15l + w8l | 0;
19347 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
19348 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
19349 w15l = w15l + xl | 0;
19350 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19351 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
19352 w15l = w15l + xl | 0;
19353 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19354 tl = 168717936 + w15l | 0;
19355 th = 338241895 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
19356 tl = tl + hl | 0;
19357 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19358 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19359 tl = tl + xl | 0;
19360 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19361 xl = gl ^ el & (fl ^ gl) | 0;
19362 tl = tl + xl | 0;
19363 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19364 hl = gl;
19365 hh = gh;
19366 gl = fl;
19367 gh = fh;
19368 fl = el;
19369 fh = eh;
19370 el = dl + tl | 0;
19371 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19372 dl = cl;
19373 dh = ch;
19374 cl = bl;
19375 ch = bh;
19376 bl = al;
19377 bh = ah;
19378 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19379 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19380 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19381 al = al + xl | 0;
19382 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19383 w0l = w0l + w9l | 0;
19384 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
19385 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
19386 w0l = w0l + xl | 0;
19387 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19388 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
19389 w0l = w0l + xl | 0;
19390 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19391 tl = 1188179964 + w0l | 0;
19392 th = 666307205 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
19393 tl = tl + hl | 0;
19394 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19395 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19396 tl = tl + xl | 0;
19397 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19398 xl = gl ^ el & (fl ^ gl) | 0;
19399 tl = tl + xl | 0;
19400 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19401 hl = gl;
19402 hh = gh;
19403 gl = fl;
19404 gh = fh;
19405 fl = el;
19406 fh = eh;
19407 el = dl + tl | 0;
19408 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19409 dl = cl;
19410 dh = ch;
19411 cl = bl;
19412 ch = bh;
19413 bl = al;
19414 bh = ah;
19415 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19416 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19417 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19418 al = al + xl | 0;
19419 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19420 w1l = w1l + w10l | 0;
19421 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
19422 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
19423 w1l = w1l + xl | 0;
19424 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19425 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
19426 w1l = w1l + xl | 0;
19427 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19428 tl = 1546045734 + w1l | 0;
19429 th = 773529912 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
19430 tl = tl + hl | 0;
19431 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19432 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19433 tl = tl + xl | 0;
19434 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19435 xl = gl ^ el & (fl ^ gl) | 0;
19436 tl = tl + xl | 0;
19437 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19438 hl = gl;
19439 hh = gh;
19440 gl = fl;
19441 gh = fh;
19442 fl = el;
19443 fh = eh;
19444 el = dl + tl | 0;
19445 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19446 dl = cl;
19447 dh = ch;
19448 cl = bl;
19449 ch = bh;
19450 bl = al;
19451 bh = ah;
19452 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19453 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19454 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19455 al = al + xl | 0;
19456 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19457 w2l = w2l + w11l | 0;
19458 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
19459 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
19460 w2l = w2l + xl | 0;
19461 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19462 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
19463 w2l = w2l + xl | 0;
19464 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19465 tl = 1522805485 + w2l | 0;
19466 th = 1294757372 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
19467 tl = tl + hl | 0;
19468 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19469 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19470 tl = tl + xl | 0;
19471 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19472 xl = gl ^ el & (fl ^ gl) | 0;
19473 tl = tl + xl | 0;
19474 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19475 hl = gl;
19476 hh = gh;
19477 gl = fl;
19478 gh = fh;
19479 fl = el;
19480 fh = eh;
19481 el = dl + tl | 0;
19482 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19483 dl = cl;
19484 dh = ch;
19485 cl = bl;
19486 ch = bh;
19487 bl = al;
19488 bh = ah;
19489 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19490 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19491 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19492 al = al + xl | 0;
19493 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19494 w3l = w3l + w12l | 0;
19495 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
19496 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
19497 w3l = w3l + xl | 0;
19498 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19499 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
19500 w3l = w3l + xl | 0;
19501 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19502 tl = 2643833823 + w3l | 0;
19503 th = 1396182291 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
19504 tl = tl + hl | 0;
19505 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19506 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19507 tl = tl + xl | 0;
19508 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19509 xl = gl ^ el & (fl ^ gl) | 0;
19510 tl = tl + xl | 0;
19511 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19512 hl = gl;
19513 hh = gh;
19514 gl = fl;
19515 gh = fh;
19516 fl = el;
19517 fh = eh;
19518 el = dl + tl | 0;
19519 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19520 dl = cl;
19521 dh = ch;
19522 cl = bl;
19523 ch = bh;
19524 bl = al;
19525 bh = ah;
19526 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19527 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19528 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19529 al = al + xl | 0;
19530 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19531 w4l = w4l + w13l | 0;
19532 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
19533 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
19534 w4l = w4l + xl | 0;
19535 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19536 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
19537 w4l = w4l + xl | 0;
19538 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19539 tl = 2343527390 + w4l | 0;
19540 th = 1695183700 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
19541 tl = tl + hl | 0;
19542 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19543 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19544 tl = tl + xl | 0;
19545 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19546 xl = gl ^ el & (fl ^ gl) | 0;
19547 tl = tl + xl | 0;
19548 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19549 hl = gl;
19550 hh = gh;
19551 gl = fl;
19552 gh = fh;
19553 fl = el;
19554 fh = eh;
19555 el = dl + tl | 0;
19556 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19557 dl = cl;
19558 dh = ch;
19559 cl = bl;
19560 ch = bh;
19561 bl = al;
19562 bh = ah;
19563 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19564 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19565 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19566 al = al + xl | 0;
19567 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19568 w5l = w5l + w14l | 0;
19569 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
19570 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
19571 w5l = w5l + xl | 0;
19572 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19573 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
19574 w5l = w5l + xl | 0;
19575 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19576 tl = 1014477480 + w5l | 0;
19577 th = 1986661051 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
19578 tl = tl + hl | 0;
19579 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19580 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19581 tl = tl + xl | 0;
19582 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19583 xl = gl ^ el & (fl ^ gl) | 0;
19584 tl = tl + xl | 0;
19585 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19586 hl = gl;
19587 hh = gh;
19588 gl = fl;
19589 gh = fh;
19590 fl = el;
19591 fh = eh;
19592 el = dl + tl | 0;
19593 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19594 dl = cl;
19595 dh = ch;
19596 cl = bl;
19597 ch = bh;
19598 bl = al;
19599 bh = ah;
19600 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19601 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19602 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19603 al = al + xl | 0;
19604 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19605 w6l = w6l + w15l | 0;
19606 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
19607 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
19608 w6l = w6l + xl | 0;
19609 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19610 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
19611 w6l = w6l + xl | 0;
19612 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19613 tl = 1206759142 + w6l | 0;
19614 th = 2177026350 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
19615 tl = tl + hl | 0;
19616 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19617 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19618 tl = tl + xl | 0;
19619 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19620 xl = gl ^ el & (fl ^ gl) | 0;
19621 tl = tl + xl | 0;
19622 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19623 hl = gl;
19624 hh = gh;
19625 gl = fl;
19626 gh = fh;
19627 fl = el;
19628 fh = eh;
19629 el = dl + tl | 0;
19630 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19631 dl = cl;
19632 dh = ch;
19633 cl = bl;
19634 ch = bh;
19635 bl = al;
19636 bh = ah;
19637 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19638 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19639 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19640 al = al + xl | 0;
19641 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19642 w7l = w7l + w0l | 0;
19643 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
19644 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
19645 w7l = w7l + xl | 0;
19646 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19647 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
19648 w7l = w7l + xl | 0;
19649 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19650 tl = 344077627 + w7l | 0;
19651 th = 2456956037 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
19652 tl = tl + hl | 0;
19653 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19654 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19655 tl = tl + xl | 0;
19656 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19657 xl = gl ^ el & (fl ^ gl) | 0;
19658 tl = tl + xl | 0;
19659 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19660 hl = gl;
19661 hh = gh;
19662 gl = fl;
19663 gh = fh;
19664 fl = el;
19665 fh = eh;
19666 el = dl + tl | 0;
19667 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19668 dl = cl;
19669 dh = ch;
19670 cl = bl;
19671 ch = bh;
19672 bl = al;
19673 bh = ah;
19674 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19675 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19676 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19677 al = al + xl | 0;
19678 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19679 w8l = w8l + w1l | 0;
19680 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
19681 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
19682 w8l = w8l + xl | 0;
19683 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19684 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
19685 w8l = w8l + xl | 0;
19686 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19687 tl = 1290863460 + w8l | 0;
19688 th = 2730485921 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
19689 tl = tl + hl | 0;
19690 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19691 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19692 tl = tl + xl | 0;
19693 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19694 xl = gl ^ el & (fl ^ gl) | 0;
19695 tl = tl + xl | 0;
19696 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19697 hl = gl;
19698 hh = gh;
19699 gl = fl;
19700 gh = fh;
19701 fl = el;
19702 fh = eh;
19703 el = dl + tl | 0;
19704 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19705 dl = cl;
19706 dh = ch;
19707 cl = bl;
19708 ch = bh;
19709 bl = al;
19710 bh = ah;
19711 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19712 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19713 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19714 al = al + xl | 0;
19715 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19716 w9l = w9l + w2l | 0;
19717 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
19718 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
19719 w9l = w9l + xl | 0;
19720 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19721 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
19722 w9l = w9l + xl | 0;
19723 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19724 tl = 3158454273 + w9l | 0;
19725 th = 2820302411 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
19726 tl = tl + hl | 0;
19727 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19728 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19729 tl = tl + xl | 0;
19730 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19731 xl = gl ^ el & (fl ^ gl) | 0;
19732 tl = tl + xl | 0;
19733 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19734 hl = gl;
19735 hh = gh;
19736 gl = fl;
19737 gh = fh;
19738 fl = el;
19739 fh = eh;
19740 el = dl + tl | 0;
19741 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19742 dl = cl;
19743 dh = ch;
19744 cl = bl;
19745 ch = bh;
19746 bl = al;
19747 bh = ah;
19748 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19749 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19750 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19751 al = al + xl | 0;
19752 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19753 w10l = w10l + w3l | 0;
19754 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
19755 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
19756 w10l = w10l + xl | 0;
19757 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19758 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
19759 w10l = w10l + xl | 0;
19760 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19761 tl = 3505952657 + w10l | 0;
19762 th = 3259730800 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
19763 tl = tl + hl | 0;
19764 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19765 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19766 tl = tl + xl | 0;
19767 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19768 xl = gl ^ el & (fl ^ gl) | 0;
19769 tl = tl + xl | 0;
19770 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19771 hl = gl;
19772 hh = gh;
19773 gl = fl;
19774 gh = fh;
19775 fl = el;
19776 fh = eh;
19777 el = dl + tl | 0;
19778 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19779 dl = cl;
19780 dh = ch;
19781 cl = bl;
19782 ch = bh;
19783 bl = al;
19784 bh = ah;
19785 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19786 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19787 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19788 al = al + xl | 0;
19789 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19790 w11l = w11l + w4l | 0;
19791 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
19792 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
19793 w11l = w11l + xl | 0;
19794 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19795 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
19796 w11l = w11l + xl | 0;
19797 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19798 tl = 106217008 + w11l | 0;
19799 th = 3345764771 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
19800 tl = tl + hl | 0;
19801 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19802 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19803 tl = tl + xl | 0;
19804 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19805 xl = gl ^ el & (fl ^ gl) | 0;
19806 tl = tl + xl | 0;
19807 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19808 hl = gl;
19809 hh = gh;
19810 gl = fl;
19811 gh = fh;
19812 fl = el;
19813 fh = eh;
19814 el = dl + tl | 0;
19815 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19816 dl = cl;
19817 dh = ch;
19818 cl = bl;
19819 ch = bh;
19820 bl = al;
19821 bh = ah;
19822 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19823 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19824 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19825 al = al + xl | 0;
19826 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19827 w12l = w12l + w5l | 0;
19828 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
19829 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
19830 w12l = w12l + xl | 0;
19831 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19832 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
19833 w12l = w12l + xl | 0;
19834 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19835 tl = 3606008344 + w12l | 0;
19836 th = 3516065817 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
19837 tl = tl + hl | 0;
19838 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19839 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19840 tl = tl + xl | 0;
19841 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19842 xl = gl ^ el & (fl ^ gl) | 0;
19843 tl = tl + xl | 0;
19844 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19845 hl = gl;
19846 hh = gh;
19847 gl = fl;
19848 gh = fh;
19849 fl = el;
19850 fh = eh;
19851 el = dl + tl | 0;
19852 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19853 dl = cl;
19854 dh = ch;
19855 cl = bl;
19856 ch = bh;
19857 bl = al;
19858 bh = ah;
19859 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19860 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19861 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19862 al = al + xl | 0;
19863 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19864 w13l = w13l + w6l | 0;
19865 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
19866 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
19867 w13l = w13l + xl | 0;
19868 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19869 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
19870 w13l = w13l + xl | 0;
19871 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19872 tl = 1432725776 + w13l | 0;
19873 th = 3600352804 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
19874 tl = tl + hl | 0;
19875 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19876 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19877 tl = tl + xl | 0;
19878 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19879 xl = gl ^ el & (fl ^ gl) | 0;
19880 tl = tl + xl | 0;
19881 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19882 hl = gl;
19883 hh = gh;
19884 gl = fl;
19885 gh = fh;
19886 fl = el;
19887 fh = eh;
19888 el = dl + tl | 0;
19889 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19890 dl = cl;
19891 dh = ch;
19892 cl = bl;
19893 ch = bh;
19894 bl = al;
19895 bh = ah;
19896 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19897 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19898 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19899 al = al + xl | 0;
19900 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19901 w14l = w14l + w7l | 0;
19902 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
19903 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
19904 w14l = w14l + xl | 0;
19905 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19906 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
19907 w14l = w14l + xl | 0;
19908 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19909 tl = 1467031594 + w14l | 0;
19910 th = 4094571909 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
19911 tl = tl + hl | 0;
19912 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19913 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19914 tl = tl + xl | 0;
19915 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19916 xl = gl ^ el & (fl ^ gl) | 0;
19917 tl = tl + xl | 0;
19918 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19919 hl = gl;
19920 hh = gh;
19921 gl = fl;
19922 gh = fh;
19923 fl = el;
19924 fh = eh;
19925 el = dl + tl | 0;
19926 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19927 dl = cl;
19928 dh = ch;
19929 cl = bl;
19930 ch = bh;
19931 bl = al;
19932 bh = ah;
19933 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19934 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19935 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19936 al = al + xl | 0;
19937 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19938 w15l = w15l + w8l | 0;
19939 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
19940 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
19941 w15l = w15l + xl | 0;
19942 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19943 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
19944 w15l = w15l + xl | 0;
19945 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19946 tl = 851169720 + w15l | 0;
19947 th = 275423344 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
19948 tl = tl + hl | 0;
19949 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19950 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19951 tl = tl + xl | 0;
19952 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19953 xl = gl ^ el & (fl ^ gl) | 0;
19954 tl = tl + xl | 0;
19955 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19956 hl = gl;
19957 hh = gh;
19958 gl = fl;
19959 gh = fh;
19960 fl = el;
19961 fh = eh;
19962 el = dl + tl | 0;
19963 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
19964 dl = cl;
19965 dh = ch;
19966 cl = bl;
19967 ch = bh;
19968 bl = al;
19969 bh = ah;
19970 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
19971 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
19972 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
19973 al = al + xl | 0;
19974 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19975 w0l = w0l + w9l | 0;
19976 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
19977 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
19978 w0l = w0l + xl | 0;
19979 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19980 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
19981 w0l = w0l + xl | 0;
19982 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19983 tl = 3100823752 + w0l | 0;
19984 th = 430227734 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
19985 tl = tl + hl | 0;
19986 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
19987 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
19988 tl = tl + xl | 0;
19989 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19990 xl = gl ^ el & (fl ^ gl) | 0;
19991 tl = tl + xl | 0;
19992 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
19993 hl = gl;
19994 hh = gh;
19995 gl = fl;
19996 gh = fh;
19997 fl = el;
19998 fh = eh;
19999 el = dl + tl | 0;
20000 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20001 dl = cl;
20002 dh = ch;
20003 cl = bl;
20004 ch = bh;
20005 bl = al;
20006 bh = ah;
20007 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20008 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20009 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20010 al = al + xl | 0;
20011 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20012 w1l = w1l + w10l | 0;
20013 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
20014 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
20015 w1l = w1l + xl | 0;
20016 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20017 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
20018 w1l = w1l + xl | 0;
20019 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20020 tl = 1363258195 + w1l | 0;
20021 th = 506948616 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
20022 tl = tl + hl | 0;
20023 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20024 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20025 tl = tl + xl | 0;
20026 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20027 xl = gl ^ el & (fl ^ gl) | 0;
20028 tl = tl + xl | 0;
20029 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20030 hl = gl;
20031 hh = gh;
20032 gl = fl;
20033 gh = fh;
20034 fl = el;
20035 fh = eh;
20036 el = dl + tl | 0;
20037 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20038 dl = cl;
20039 dh = ch;
20040 cl = bl;
20041 ch = bh;
20042 bl = al;
20043 bh = ah;
20044 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20045 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20046 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20047 al = al + xl | 0;
20048 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20049 w2l = w2l + w11l | 0;
20050 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
20051 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
20052 w2l = w2l + xl | 0;
20053 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20054 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
20055 w2l = w2l + xl | 0;
20056 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20057 tl = 3750685593 + w2l | 0;
20058 th = 659060556 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
20059 tl = tl + hl | 0;
20060 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20061 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20062 tl = tl + xl | 0;
20063 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20064 xl = gl ^ el & (fl ^ gl) | 0;
20065 tl = tl + xl | 0;
20066 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20067 hl = gl;
20068 hh = gh;
20069 gl = fl;
20070 gh = fh;
20071 fl = el;
20072 fh = eh;
20073 el = dl + tl | 0;
20074 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20075 dl = cl;
20076 dh = ch;
20077 cl = bl;
20078 ch = bh;
20079 bl = al;
20080 bh = ah;
20081 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20082 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20083 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20084 al = al + xl | 0;
20085 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20086 w3l = w3l + w12l | 0;
20087 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
20088 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
20089 w3l = w3l + xl | 0;
20090 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20091 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
20092 w3l = w3l + xl | 0;
20093 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20094 tl = 3785050280 + w3l | 0;
20095 th = 883997877 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
20096 tl = tl + hl | 0;
20097 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20098 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20099 tl = tl + xl | 0;
20100 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20101 xl = gl ^ el & (fl ^ gl) | 0;
20102 tl = tl + xl | 0;
20103 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20104 hl = gl;
20105 hh = gh;
20106 gl = fl;
20107 gh = fh;
20108 fl = el;
20109 fh = eh;
20110 el = dl + tl | 0;
20111 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20112 dl = cl;
20113 dh = ch;
20114 cl = bl;
20115 ch = bh;
20116 bl = al;
20117 bh = ah;
20118 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20119 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20120 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20121 al = al + xl | 0;
20122 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20123 w4l = w4l + w13l | 0;
20124 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
20125 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
20126 w4l = w4l + xl | 0;
20127 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20128 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
20129 w4l = w4l + xl | 0;
20130 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20131 tl = 3318307427 + w4l | 0;
20132 th = 958139571 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
20133 tl = tl + hl | 0;
20134 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20135 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20136 tl = tl + xl | 0;
20137 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20138 xl = gl ^ el & (fl ^ gl) | 0;
20139 tl = tl + xl | 0;
20140 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20141 hl = gl;
20142 hh = gh;
20143 gl = fl;
20144 gh = fh;
20145 fl = el;
20146 fh = eh;
20147 el = dl + tl | 0;
20148 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20149 dl = cl;
20150 dh = ch;
20151 cl = bl;
20152 ch = bh;
20153 bl = al;
20154 bh = ah;
20155 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20156 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20157 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20158 al = al + xl | 0;
20159 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20160 w5l = w5l + w14l | 0;
20161 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
20162 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
20163 w5l = w5l + xl | 0;
20164 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20165 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
20166 w5l = w5l + xl | 0;
20167 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20168 tl = 3812723403 + w5l | 0;
20169 th = 1322822218 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
20170 tl = tl + hl | 0;
20171 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20172 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20173 tl = tl + xl | 0;
20174 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20175 xl = gl ^ el & (fl ^ gl) | 0;
20176 tl = tl + xl | 0;
20177 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20178 hl = gl;
20179 hh = gh;
20180 gl = fl;
20181 gh = fh;
20182 fl = el;
20183 fh = eh;
20184 el = dl + tl | 0;
20185 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20186 dl = cl;
20187 dh = ch;
20188 cl = bl;
20189 ch = bh;
20190 bl = al;
20191 bh = ah;
20192 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20193 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20194 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20195 al = al + xl | 0;
20196 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20197 w6l = w6l + w15l | 0;
20198 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
20199 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
20200 w6l = w6l + xl | 0;
20201 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20202 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
20203 w6l = w6l + xl | 0;
20204 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20205 tl = 2003034995 + w6l | 0;
20206 th = 1537002063 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
20207 tl = tl + hl | 0;
20208 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20209 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20210 tl = tl + xl | 0;
20211 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20212 xl = gl ^ el & (fl ^ gl) | 0;
20213 tl = tl + xl | 0;
20214 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20215 hl = gl;
20216 hh = gh;
20217 gl = fl;
20218 gh = fh;
20219 fl = el;
20220 fh = eh;
20221 el = dl + tl | 0;
20222 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20223 dl = cl;
20224 dh = ch;
20225 cl = bl;
20226 ch = bh;
20227 bl = al;
20228 bh = ah;
20229 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20230 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20231 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20232 al = al + xl | 0;
20233 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20234 w7l = w7l + w0l | 0;
20235 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
20236 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
20237 w7l = w7l + xl | 0;
20238 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20239 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
20240 w7l = w7l + xl | 0;
20241 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20242 tl = 3602036899 + w7l | 0;
20243 th = 1747873779 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
20244 tl = tl + hl | 0;
20245 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20246 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20247 tl = tl + xl | 0;
20248 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20249 xl = gl ^ el & (fl ^ gl) | 0;
20250 tl = tl + xl | 0;
20251 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20252 hl = gl;
20253 hh = gh;
20254 gl = fl;
20255 gh = fh;
20256 fl = el;
20257 fh = eh;
20258 el = dl + tl | 0;
20259 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20260 dl = cl;
20261 dh = ch;
20262 cl = bl;
20263 ch = bh;
20264 bl = al;
20265 bh = ah;
20266 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20267 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20268 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20269 al = al + xl | 0;
20270 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20271 w8l = w8l + w1l | 0;
20272 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
20273 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
20274 w8l = w8l + xl | 0;
20275 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20276 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
20277 w8l = w8l + xl | 0;
20278 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20279 tl = 1575990012 + w8l | 0;
20280 th = 1955562222 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
20281 tl = tl + hl | 0;
20282 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20283 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20284 tl = tl + xl | 0;
20285 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20286 xl = gl ^ el & (fl ^ gl) | 0;
20287 tl = tl + xl | 0;
20288 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20289 hl = gl;
20290 hh = gh;
20291 gl = fl;
20292 gh = fh;
20293 fl = el;
20294 fh = eh;
20295 el = dl + tl | 0;
20296 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20297 dl = cl;
20298 dh = ch;
20299 cl = bl;
20300 ch = bh;
20301 bl = al;
20302 bh = ah;
20303 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20304 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20305 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20306 al = al + xl | 0;
20307 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20308 w9l = w9l + w2l | 0;
20309 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
20310 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
20311 w9l = w9l + xl | 0;
20312 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20313 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
20314 w9l = w9l + xl | 0;
20315 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20316 tl = 1125592928 + w9l | 0;
20317 th = 2024104815 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
20318 tl = tl + hl | 0;
20319 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20320 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20321 tl = tl + xl | 0;
20322 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20323 xl = gl ^ el & (fl ^ gl) | 0;
20324 tl = tl + xl | 0;
20325 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20326 hl = gl;
20327 hh = gh;
20328 gl = fl;
20329 gh = fh;
20330 fl = el;
20331 fh = eh;
20332 el = dl + tl | 0;
20333 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20334 dl = cl;
20335 dh = ch;
20336 cl = bl;
20337 ch = bh;
20338 bl = al;
20339 bh = ah;
20340 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20341 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20342 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20343 al = al + xl | 0;
20344 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20345 w10l = w10l + w3l | 0;
20346 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
20347 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
20348 w10l = w10l + xl | 0;
20349 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20350 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
20351 w10l = w10l + xl | 0;
20352 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20353 tl = 2716904306 + w10l | 0;
20354 th = 2227730452 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
20355 tl = tl + hl | 0;
20356 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20357 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20358 tl = tl + xl | 0;
20359 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20360 xl = gl ^ el & (fl ^ gl) | 0;
20361 tl = tl + xl | 0;
20362 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20363 hl = gl;
20364 hh = gh;
20365 gl = fl;
20366 gh = fh;
20367 fl = el;
20368 fh = eh;
20369 el = dl + tl | 0;
20370 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20371 dl = cl;
20372 dh = ch;
20373 cl = bl;
20374 ch = bh;
20375 bl = al;
20376 bh = ah;
20377 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20378 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20379 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20380 al = al + xl | 0;
20381 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20382 w11l = w11l + w4l | 0;
20383 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
20384 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
20385 w11l = w11l + xl | 0;
20386 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20387 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
20388 w11l = w11l + xl | 0;
20389 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20390 tl = 442776044 + w11l | 0;
20391 th = 2361852424 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
20392 tl = tl + hl | 0;
20393 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20394 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20395 tl = tl + xl | 0;
20396 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20397 xl = gl ^ el & (fl ^ gl) | 0;
20398 tl = tl + xl | 0;
20399 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20400 hl = gl;
20401 hh = gh;
20402 gl = fl;
20403 gh = fh;
20404 fl = el;
20405 fh = eh;
20406 el = dl + tl | 0;
20407 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20408 dl = cl;
20409 dh = ch;
20410 cl = bl;
20411 ch = bh;
20412 bl = al;
20413 bh = ah;
20414 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20415 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20416 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20417 al = al + xl | 0;
20418 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20419 w12l = w12l + w5l | 0;
20420 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
20421 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
20422 w12l = w12l + xl | 0;
20423 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20424 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
20425 w12l = w12l + xl | 0;
20426 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20427 tl = 593698344 + w12l | 0;
20428 th = 2428436474 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
20429 tl = tl + hl | 0;
20430 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20431 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20432 tl = tl + xl | 0;
20433 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20434 xl = gl ^ el & (fl ^ gl) | 0;
20435 tl = tl + xl | 0;
20436 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20437 hl = gl;
20438 hh = gh;
20439 gl = fl;
20440 gh = fh;
20441 fl = el;
20442 fh = eh;
20443 el = dl + tl | 0;
20444 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20445 dl = cl;
20446 dh = ch;
20447 cl = bl;
20448 ch = bh;
20449 bl = al;
20450 bh = ah;
20451 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20452 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20453 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20454 al = al + xl | 0;
20455 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20456 w13l = w13l + w6l | 0;
20457 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
20458 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
20459 w13l = w13l + xl | 0;
20460 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20461 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
20462 w13l = w13l + xl | 0;
20463 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20464 tl = 3733110249 + w13l | 0;
20465 th = 2756734187 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
20466 tl = tl + hl | 0;
20467 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20468 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20469 tl = tl + xl | 0;
20470 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20471 xl = gl ^ el & (fl ^ gl) | 0;
20472 tl = tl + xl | 0;
20473 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20474 hl = gl;
20475 hh = gh;
20476 gl = fl;
20477 gh = fh;
20478 fl = el;
20479 fh = eh;
20480 el = dl + tl | 0;
20481 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20482 dl = cl;
20483 dh = ch;
20484 cl = bl;
20485 ch = bh;
20486 bl = al;
20487 bh = ah;
20488 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20489 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20490 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20491 al = al + xl | 0;
20492 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20493 w14l = w14l + w7l | 0;
20494 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
20495 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
20496 w14l = w14l + xl | 0;
20497 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20498 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
20499 w14l = w14l + xl | 0;
20500 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20501 tl = 2999351573 + w14l | 0;
20502 th = 3204031479 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
20503 tl = tl + hl | 0;
20504 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20505 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20506 tl = tl + xl | 0;
20507 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20508 xl = gl ^ el & (fl ^ gl) | 0;
20509 tl = tl + xl | 0;
20510 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20511 hl = gl;
20512 hh = gh;
20513 gl = fl;
20514 gh = fh;
20515 fl = el;
20516 fh = eh;
20517 el = dl + tl | 0;
20518 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20519 dl = cl;
20520 dh = ch;
20521 cl = bl;
20522 ch = bh;
20523 bl = al;
20524 bh = ah;
20525 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20526 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20527 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20528 al = al + xl | 0;
20529 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20530 w15l = w15l + w8l | 0;
20531 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
20532 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
20533 w15l = w15l + xl | 0;
20534 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20535 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
20536 w15l = w15l + xl | 0;
20537 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20538 tl = 3815920427 + w15l | 0;
20539 th = 3329325298 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
20540 tl = tl + hl | 0;
20541 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20542 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20543 tl = tl + xl | 0;
20544 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20545 xl = gl ^ el & (fl ^ gl) | 0;
20546 tl = tl + xl | 0;
20547 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20548 hl = gl;
20549 hh = gh;
20550 gl = fl;
20551 gh = fh;
20552 fl = el;
20553 fh = eh;
20554 el = dl + tl | 0;
20555 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20556 dl = cl;
20557 dh = ch;
20558 cl = bl;
20559 ch = bh;
20560 bl = al;
20561 bh = ah;
20562 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20563 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20564 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20565 al = al + xl | 0;
20566 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20567 w0l = w0l + w9l | 0;
20568 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
20569 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
20570 w0l = w0l + xl | 0;
20571 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20572 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
20573 w0l = w0l + xl | 0;
20574 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20575 tl = 3928383900 + w0l | 0;
20576 th = 3391569614 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
20577 tl = tl + hl | 0;
20578 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20579 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20580 tl = tl + xl | 0;
20581 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20582 xl = gl ^ el & (fl ^ gl) | 0;
20583 tl = tl + xl | 0;
20584 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20585 hl = gl;
20586 hh = gh;
20587 gl = fl;
20588 gh = fh;
20589 fl = el;
20590 fh = eh;
20591 el = dl + tl | 0;
20592 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20593 dl = cl;
20594 dh = ch;
20595 cl = bl;
20596 ch = bh;
20597 bl = al;
20598 bh = ah;
20599 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20600 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20601 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20602 al = al + xl | 0;
20603 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20604 w1l = w1l + w10l | 0;
20605 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
20606 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
20607 w1l = w1l + xl | 0;
20608 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20609 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
20610 w1l = w1l + xl | 0;
20611 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20612 tl = 566280711 + w1l | 0;
20613 th = 3515267271 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
20614 tl = tl + hl | 0;
20615 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20616 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20617 tl = tl + xl | 0;
20618 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20619 xl = gl ^ el & (fl ^ gl) | 0;
20620 tl = tl + xl | 0;
20621 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20622 hl = gl;
20623 hh = gh;
20624 gl = fl;
20625 gh = fh;
20626 fl = el;
20627 fh = eh;
20628 el = dl + tl | 0;
20629 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20630 dl = cl;
20631 dh = ch;
20632 cl = bl;
20633 ch = bh;
20634 bl = al;
20635 bh = ah;
20636 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20637 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20638 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20639 al = al + xl | 0;
20640 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20641 w2l = w2l + w11l | 0;
20642 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
20643 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
20644 w2l = w2l + xl | 0;
20645 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20646 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
20647 w2l = w2l + xl | 0;
20648 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20649 tl = 3454069534 + w2l | 0;
20650 th = 3940187606 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
20651 tl = tl + hl | 0;
20652 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20653 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20654 tl = tl + xl | 0;
20655 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20656 xl = gl ^ el & (fl ^ gl) | 0;
20657 tl = tl + xl | 0;
20658 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20659 hl = gl;
20660 hh = gh;
20661 gl = fl;
20662 gh = fh;
20663 fl = el;
20664 fh = eh;
20665 el = dl + tl | 0;
20666 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20667 dl = cl;
20668 dh = ch;
20669 cl = bl;
20670 ch = bh;
20671 bl = al;
20672 bh = ah;
20673 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20674 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20675 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20676 al = al + xl | 0;
20677 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20678 w3l = w3l + w12l | 0;
20679 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
20680 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
20681 w3l = w3l + xl | 0;
20682 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20683 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
20684 w3l = w3l + xl | 0;
20685 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20686 tl = 4000239992 + w3l | 0;
20687 th = 4118630271 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
20688 tl = tl + hl | 0;
20689 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20690 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20691 tl = tl + xl | 0;
20692 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20693 xl = gl ^ el & (fl ^ gl) | 0;
20694 tl = tl + xl | 0;
20695 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20696 hl = gl;
20697 hh = gh;
20698 gl = fl;
20699 gh = fh;
20700 fl = el;
20701 fh = eh;
20702 el = dl + tl | 0;
20703 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20704 dl = cl;
20705 dh = ch;
20706 cl = bl;
20707 ch = bh;
20708 bl = al;
20709 bh = ah;
20710 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20711 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20712 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20713 al = al + xl | 0;
20714 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20715 w4l = w4l + w13l | 0;
20716 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
20717 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
20718 w4l = w4l + xl | 0;
20719 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20720 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
20721 w4l = w4l + xl | 0;
20722 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20723 tl = 1914138554 + w4l | 0;
20724 th = 116418474 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
20725 tl = tl + hl | 0;
20726 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20727 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20728 tl = tl + xl | 0;
20729 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20730 xl = gl ^ el & (fl ^ gl) | 0;
20731 tl = tl + xl | 0;
20732 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20733 hl = gl;
20734 hh = gh;
20735 gl = fl;
20736 gh = fh;
20737 fl = el;
20738 fh = eh;
20739 el = dl + tl | 0;
20740 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20741 dl = cl;
20742 dh = ch;
20743 cl = bl;
20744 ch = bh;
20745 bl = al;
20746 bh = ah;
20747 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20748 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20749 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20750 al = al + xl | 0;
20751 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20752 w5l = w5l + w14l | 0;
20753 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
20754 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
20755 w5l = w5l + xl | 0;
20756 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20757 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
20758 w5l = w5l + xl | 0;
20759 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20760 tl = 2731055270 + w5l | 0;
20761 th = 174292421 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
20762 tl = tl + hl | 0;
20763 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20764 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20765 tl = tl + xl | 0;
20766 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20767 xl = gl ^ el & (fl ^ gl) | 0;
20768 tl = tl + xl | 0;
20769 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20770 hl = gl;
20771 hh = gh;
20772 gl = fl;
20773 gh = fh;
20774 fl = el;
20775 fh = eh;
20776 el = dl + tl | 0;
20777 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20778 dl = cl;
20779 dh = ch;
20780 cl = bl;
20781 ch = bh;
20782 bl = al;
20783 bh = ah;
20784 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20785 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20786 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20787 al = al + xl | 0;
20788 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20789 w6l = w6l + w15l | 0;
20790 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
20791 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
20792 w6l = w6l + xl | 0;
20793 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20794 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
20795 w6l = w6l + xl | 0;
20796 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20797 tl = 3203993006 + w6l | 0;
20798 th = 289380356 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
20799 tl = tl + hl | 0;
20800 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20801 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20802 tl = tl + xl | 0;
20803 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20804 xl = gl ^ el & (fl ^ gl) | 0;
20805 tl = tl + xl | 0;
20806 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20807 hl = gl;
20808 hh = gh;
20809 gl = fl;
20810 gh = fh;
20811 fl = el;
20812 fh = eh;
20813 el = dl + tl | 0;
20814 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20815 dl = cl;
20816 dh = ch;
20817 cl = bl;
20818 ch = bh;
20819 bl = al;
20820 bh = ah;
20821 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20822 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20823 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20824 al = al + xl | 0;
20825 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20826 w7l = w7l + w0l | 0;
20827 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
20828 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
20829 w7l = w7l + xl | 0;
20830 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20831 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
20832 w7l = w7l + xl | 0;
20833 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20834 tl = 320620315 + w7l | 0;
20835 th = 460393269 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
20836 tl = tl + hl | 0;
20837 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20838 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20839 tl = tl + xl | 0;
20840 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20841 xl = gl ^ el & (fl ^ gl) | 0;
20842 tl = tl + xl | 0;
20843 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20844 hl = gl;
20845 hh = gh;
20846 gl = fl;
20847 gh = fh;
20848 fl = el;
20849 fh = eh;
20850 el = dl + tl | 0;
20851 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20852 dl = cl;
20853 dh = ch;
20854 cl = bl;
20855 ch = bh;
20856 bl = al;
20857 bh = ah;
20858 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20859 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20860 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20861 al = al + xl | 0;
20862 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20863 w8l = w8l + w1l | 0;
20864 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
20865 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
20866 w8l = w8l + xl | 0;
20867 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20868 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
20869 w8l = w8l + xl | 0;
20870 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20871 tl = 587496836 + w8l | 0;
20872 th = 685471733 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
20873 tl = tl + hl | 0;
20874 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20875 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20876 tl = tl + xl | 0;
20877 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20878 xl = gl ^ el & (fl ^ gl) | 0;
20879 tl = tl + xl | 0;
20880 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20881 hl = gl;
20882 hh = gh;
20883 gl = fl;
20884 gh = fh;
20885 fl = el;
20886 fh = eh;
20887 el = dl + tl | 0;
20888 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20889 dl = cl;
20890 dh = ch;
20891 cl = bl;
20892 ch = bh;
20893 bl = al;
20894 bh = ah;
20895 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20896 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20897 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20898 al = al + xl | 0;
20899 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20900 w9l = w9l + w2l | 0;
20901 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
20902 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
20903 w9l = w9l + xl | 0;
20904 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20905 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
20906 w9l = w9l + xl | 0;
20907 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20908 tl = 1086792851 + w9l | 0;
20909 th = 852142971 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
20910 tl = tl + hl | 0;
20911 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20912 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20913 tl = tl + xl | 0;
20914 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20915 xl = gl ^ el & (fl ^ gl) | 0;
20916 tl = tl + xl | 0;
20917 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20918 hl = gl;
20919 hh = gh;
20920 gl = fl;
20921 gh = fh;
20922 fl = el;
20923 fh = eh;
20924 el = dl + tl | 0;
20925 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20926 dl = cl;
20927 dh = ch;
20928 cl = bl;
20929 ch = bh;
20930 bl = al;
20931 bh = ah;
20932 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20933 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20934 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20935 al = al + xl | 0;
20936 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20937 w10l = w10l + w3l | 0;
20938 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
20939 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
20940 w10l = w10l + xl | 0;
20941 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20942 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
20943 w10l = w10l + xl | 0;
20944 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20945 tl = 365543100 + w10l | 0;
20946 th = 1017036298 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
20947 tl = tl + hl | 0;
20948 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20949 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20950 tl = tl + xl | 0;
20951 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20952 xl = gl ^ el & (fl ^ gl) | 0;
20953 tl = tl + xl | 0;
20954 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20955 hl = gl;
20956 hh = gh;
20957 gl = fl;
20958 gh = fh;
20959 fl = el;
20960 fh = eh;
20961 el = dl + tl | 0;
20962 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
20963 dl = cl;
20964 dh = ch;
20965 cl = bl;
20966 ch = bh;
20967 bl = al;
20968 bh = ah;
20969 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
20970 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
20971 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
20972 al = al + xl | 0;
20973 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20974 w11l = w11l + w4l | 0;
20975 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
20976 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
20977 w11l = w11l + xl | 0;
20978 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20979 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
20980 w11l = w11l + xl | 0;
20981 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20982 tl = 2618297676 + w11l | 0;
20983 th = 1126000580 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
20984 tl = tl + hl | 0;
20985 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
20986 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
20987 tl = tl + xl | 0;
20988 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20989 xl = gl ^ el & (fl ^ gl) | 0;
20990 tl = tl + xl | 0;
20991 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
20992 hl = gl;
20993 hh = gh;
20994 gl = fl;
20995 gh = fh;
20996 fl = el;
20997 fh = eh;
20998 el = dl + tl | 0;
20999 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
21000 dl = cl;
21001 dh = ch;
21002 cl = bl;
21003 ch = bh;
21004 bl = al;
21005 bh = ah;
21006 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
21007 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
21008 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
21009 al = al + xl | 0;
21010 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21011 w12l = w12l + w5l | 0;
21012 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
21013 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
21014 w12l = w12l + xl | 0;
21015 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21016 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
21017 w12l = w12l + xl | 0;
21018 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21019 tl = 3409855158 + w12l | 0;
21020 th = 1288033470 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
21021 tl = tl + hl | 0;
21022 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
21023 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
21024 tl = tl + xl | 0;
21025 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21026 xl = gl ^ el & (fl ^ gl) | 0;
21027 tl = tl + xl | 0;
21028 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21029 hl = gl;
21030 hh = gh;
21031 gl = fl;
21032 gh = fh;
21033 fl = el;
21034 fh = eh;
21035 el = dl + tl | 0;
21036 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
21037 dl = cl;
21038 dh = ch;
21039 cl = bl;
21040 ch = bh;
21041 bl = al;
21042 bh = ah;
21043 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
21044 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
21045 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
21046 al = al + xl | 0;
21047 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21048 w13l = w13l + w6l | 0;
21049 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
21050 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
21051 w13l = w13l + xl | 0;
21052 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21053 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
21054 w13l = w13l + xl | 0;
21055 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21056 tl = 4234509866 + w13l | 0;
21057 th = 1501505948 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
21058 tl = tl + hl | 0;
21059 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
21060 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
21061 tl = tl + xl | 0;
21062 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21063 xl = gl ^ el & (fl ^ gl) | 0;
21064 tl = tl + xl | 0;
21065 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21066 hl = gl;
21067 hh = gh;
21068 gl = fl;
21069 gh = fh;
21070 fl = el;
21071 fh = eh;
21072 el = dl + tl | 0;
21073 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
21074 dl = cl;
21075 dh = ch;
21076 cl = bl;
21077 ch = bh;
21078 bl = al;
21079 bh = ah;
21080 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
21081 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
21082 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
21083 al = al + xl | 0;
21084 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21085 w14l = w14l + w7l | 0;
21086 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
21087 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
21088 w14l = w14l + xl | 0;
21089 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21090 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
21091 w14l = w14l + xl | 0;
21092 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21093 tl = 987167468 + w14l | 0;
21094 th = 1607167915 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
21095 tl = tl + hl | 0;
21096 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
21097 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
21098 tl = tl + xl | 0;
21099 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21100 xl = gl ^ el & (fl ^ gl) | 0;
21101 tl = tl + xl | 0;
21102 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21103 hl = gl;
21104 hh = gh;
21105 gl = fl;
21106 gh = fh;
21107 fl = el;
21108 fh = eh;
21109 el = dl + tl | 0;
21110 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
21111 dl = cl;
21112 dh = ch;
21113 cl = bl;
21114 ch = bh;
21115 bl = al;
21116 bh = ah;
21117 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
21118 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
21119 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
21120 al = al + xl | 0;
21121 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21122 w15l = w15l + w8l | 0;
21123 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
21124 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
21125 w15l = w15l + xl | 0;
21126 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21127 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
21128 w15l = w15l + xl | 0;
21129 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21130 tl = 1246189591 + w15l | 0;
21131 th = 1816402316 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
21132 tl = tl + hl | 0;
21133 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
21134 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
21135 tl = tl + xl | 0;
21136 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21137 xl = gl ^ el & (fl ^ gl) | 0;
21138 tl = tl + xl | 0;
21139 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21140 hl = gl;
21141 hh = gh;
21142 gl = fl;
21143 gh = fh;
21144 fl = el;
21145 fh = eh;
21146 el = dl + tl | 0;
21147 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
21148 dl = cl;
21149 dh = ch;
21150 cl = bl;
21151 ch = bh;
21152 bl = al;
21153 bh = ah;
21154 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
21155 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
21156 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
21157 al = al + xl | 0;
21158 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
21159 H0l = H0l + al | 0;
21160 H0h = H0h + ah + (H0l >>> 0 < al >>> 0 ? 1 : 0) | 0;
21161 H1l = H1l + bl | 0;
21162 H1h = H1h + bh + (H1l >>> 0 < bl >>> 0 ? 1 : 0) | 0;
21163 H2l = H2l + cl | 0;
21164 H2h = H2h + ch + (H2l >>> 0 < cl >>> 0 ? 1 : 0) | 0;
21165 H3l = H3l + dl | 0;
21166 H3h = H3h + dh + (H3l >>> 0 < dl >>> 0 ? 1 : 0) | 0;
21167 H4l = H4l + el | 0;
21168 H4h = H4h + eh + (H4l >>> 0 < el >>> 0 ? 1 : 0) | 0;
21169 H5l = H5l + fl | 0;
21170 H5h = H5h + fh + (H5l >>> 0 < fl >>> 0 ? 1 : 0) | 0;
21171 H6l = H6l + gl | 0;
21172 H6h = H6h + gh + (H6l >>> 0 < gl >>> 0 ? 1 : 0) | 0;
21173 H7l = H7l + hl | 0;
21174 H7h = H7h + hh + (H7l >>> 0 < hl >>> 0 ? 1 : 0) | 0;
21175 }
21176 function _core_heap(offset) {
21177 offset = offset | 0;
21178 _core(HEAP[offset | 0] << 24 | HEAP[offset | 1] << 16 | HEAP[offset | 2] << 8 | HEAP[offset | 3], HEAP[offset | 4] << 24 | HEAP[offset | 5] << 16 | HEAP[offset | 6] << 8 | HEAP[offset | 7], HEAP[offset | 8] << 24 | HEAP[offset | 9] << 16 | HEAP[offset | 10] << 8 | HEAP[offset | 11], HEAP[offset | 12] << 24 | HEAP[offset | 13] << 16 | HEAP[offset | 14] << 8 | HEAP[offset | 15], HEAP[offset | 16] << 24 | HEAP[offset | 17] << 16 | HEAP[offset | 18] << 8 | HEAP[offset | 19], HEAP[offset | 20] << 24 | HEAP[offset | 21] << 16 | HEAP[offset | 22] << 8 | HEAP[offset | 23], HEAP[offset | 24] << 24 | HEAP[offset | 25] << 16 | HEAP[offset | 26] << 8 | HEAP[offset | 27], HEAP[offset | 28] << 24 | HEAP[offset | 29] << 16 | HEAP[offset | 30] << 8 | HEAP[offset | 31], HEAP[offset | 32] << 24 | HEAP[offset | 33] << 16 | HEAP[offset | 34] << 8 | HEAP[offset | 35], HEAP[offset | 36] << 24 | HEAP[offset | 37] << 16 | HEAP[offset | 38] << 8 | HEAP[offset | 39], HEAP[offset | 40] << 24 | HEAP[offset | 41] << 16 | HEAP[offset | 42] << 8 | HEAP[offset | 43], HEAP[offset | 44] << 24 | HEAP[offset | 45] << 16 | HEAP[offset | 46] << 8 | HEAP[offset | 47], HEAP[offset | 48] << 24 | HEAP[offset | 49] << 16 | HEAP[offset | 50] << 8 | HEAP[offset | 51], HEAP[offset | 52] << 24 | HEAP[offset | 53] << 16 | HEAP[offset | 54] << 8 | HEAP[offset | 55], HEAP[offset | 56] << 24 | HEAP[offset | 57] << 16 | HEAP[offset | 58] << 8 | HEAP[offset | 59], HEAP[offset | 60] << 24 | HEAP[offset | 61] << 16 | HEAP[offset | 62] << 8 | HEAP[offset | 63], HEAP[offset | 64] << 24 | HEAP[offset | 65] << 16 | HEAP[offset | 66] << 8 | HEAP[offset | 67], HEAP[offset | 68] << 24 | HEAP[offset | 69] << 16 | HEAP[offset | 70] << 8 | HEAP[offset | 71], HEAP[offset | 72] << 24 | HEAP[offset | 73] << 16 | HEAP[offset | 74] << 8 | HEAP[offset | 75], HEAP[offset | 76] << 24 | HEAP[offset | 77] << 16 | HEAP[offset | 78] << 8 | HEAP[offset | 79], HEAP[offset | 80] << 24 | HEAP[offset | 81] << 16 | HEAP[offset | 82] << 8 | HEAP[offset | 83], HEAP[offset | 84] << 24 | HEAP[offset | 85] << 16 | HEAP[offset | 86] << 8 | HEAP[offset | 87], HEAP[offset | 88] << 24 | HEAP[offset | 89] << 16 | HEAP[offset | 90] << 8 | HEAP[offset | 91], HEAP[offset | 92] << 24 | HEAP[offset | 93] << 16 | HEAP[offset | 94] << 8 | HEAP[offset | 95], HEAP[offset | 96] << 24 | HEAP[offset | 97] << 16 | HEAP[offset | 98] << 8 | HEAP[offset | 99], HEAP[offset | 100] << 24 | HEAP[offset | 101] << 16 | HEAP[offset | 102] << 8 | HEAP[offset | 103], HEAP[offset | 104] << 24 | HEAP[offset | 105] << 16 | HEAP[offset | 106] << 8 | HEAP[offset | 107], HEAP[offset | 108] << 24 | HEAP[offset | 109] << 16 | HEAP[offset | 110] << 8 | HEAP[offset | 111], HEAP[offset | 112] << 24 | HEAP[offset | 113] << 16 | HEAP[offset | 114] << 8 | HEAP[offset | 115], HEAP[offset | 116] << 24 | HEAP[offset | 117] << 16 | HEAP[offset | 118] << 8 | HEAP[offset | 119], HEAP[offset | 120] << 24 | HEAP[offset | 121] << 16 | HEAP[offset | 122] << 8 | HEAP[offset | 123], HEAP[offset | 124] << 24 | HEAP[offset | 125] << 16 | HEAP[offset | 126] << 8 | HEAP[offset | 127]);
21179 }
21180 function _state_to_heap(output) {
21181 output = output | 0;
21182 HEAP[output | 0] = H0h >>> 24;
21183 HEAP[output | 1] = H0h >>> 16 & 255;
21184 HEAP[output | 2] = H0h >>> 8 & 255;
21185 HEAP[output | 3] = H0h & 255;
21186 HEAP[output | 4] = H0l >>> 24;
21187 HEAP[output | 5] = H0l >>> 16 & 255;
21188 HEAP[output | 6] = H0l >>> 8 & 255;
21189 HEAP[output | 7] = H0l & 255;
21190 HEAP[output | 8] = H1h >>> 24;
21191 HEAP[output | 9] = H1h >>> 16 & 255;
21192 HEAP[output | 10] = H1h >>> 8 & 255;
21193 HEAP[output | 11] = H1h & 255;
21194 HEAP[output | 12] = H1l >>> 24;
21195 HEAP[output | 13] = H1l >>> 16 & 255;
21196 HEAP[output | 14] = H1l >>> 8 & 255;
21197 HEAP[output | 15] = H1l & 255;
21198 HEAP[output | 16] = H2h >>> 24;
21199 HEAP[output | 17] = H2h >>> 16 & 255;
21200 HEAP[output | 18] = H2h >>> 8 & 255;
21201 HEAP[output | 19] = H2h & 255;
21202 HEAP[output | 20] = H2l >>> 24;
21203 HEAP[output | 21] = H2l >>> 16 & 255;
21204 HEAP[output | 22] = H2l >>> 8 & 255;
21205 HEAP[output | 23] = H2l & 255;
21206 HEAP[output | 24] = H3h >>> 24;
21207 HEAP[output | 25] = H3h >>> 16 & 255;
21208 HEAP[output | 26] = H3h >>> 8 & 255;
21209 HEAP[output | 27] = H3h & 255;
21210 HEAP[output | 28] = H3l >>> 24;
21211 HEAP[output | 29] = H3l >>> 16 & 255;
21212 HEAP[output | 30] = H3l >>> 8 & 255;
21213 HEAP[output | 31] = H3l & 255;
21214 HEAP[output | 32] = H4h >>> 24;
21215 HEAP[output | 33] = H4h >>> 16 & 255;
21216 HEAP[output | 34] = H4h >>> 8 & 255;
21217 HEAP[output | 35] = H4h & 255;
21218 HEAP[output | 36] = H4l >>> 24;
21219 HEAP[output | 37] = H4l >>> 16 & 255;
21220 HEAP[output | 38] = H4l >>> 8 & 255;
21221 HEAP[output | 39] = H4l & 255;
21222 HEAP[output | 40] = H5h >>> 24;
21223 HEAP[output | 41] = H5h >>> 16 & 255;
21224 HEAP[output | 42] = H5h >>> 8 & 255;
21225 HEAP[output | 43] = H5h & 255;
21226 HEAP[output | 44] = H5l >>> 24;
21227 HEAP[output | 45] = H5l >>> 16 & 255;
21228 HEAP[output | 46] = H5l >>> 8 & 255;
21229 HEAP[output | 47] = H5l & 255;
21230 HEAP[output | 48] = H6h >>> 24;
21231 HEAP[output | 49] = H6h >>> 16 & 255;
21232 HEAP[output | 50] = H6h >>> 8 & 255;
21233 HEAP[output | 51] = H6h & 255;
21234 HEAP[output | 52] = H6l >>> 24;
21235 HEAP[output | 53] = H6l >>> 16 & 255;
21236 HEAP[output | 54] = H6l >>> 8 & 255;
21237 HEAP[output | 55] = H6l & 255;
21238 HEAP[output | 56] = H7h >>> 24;
21239 HEAP[output | 57] = H7h >>> 16 & 255;
21240 HEAP[output | 58] = H7h >>> 8 & 255;
21241 HEAP[output | 59] = H7h & 255;
21242 HEAP[output | 60] = H7l >>> 24;
21243 HEAP[output | 61] = H7l >>> 16 & 255;
21244 HEAP[output | 62] = H7l >>> 8 & 255;
21245 HEAP[output | 63] = H7l & 255;
21246 }
21247 function reset() {
21248 H0h = 1779033703;
21249 H0l = 4089235720;
21250 H1h = 3144134277;
21251 H1l = 2227873595;
21252 H2h = 1013904242;
21253 H2l = 4271175723;
21254 H3h = 2773480762;
21255 H3l = 1595750129;
21256 H4h = 1359893119;
21257 H4l = 2917565137;
21258 H5h = 2600822924;
21259 H5l = 725511199;
21260 H6h = 528734635;
21261 H6l = 4215389547;
21262 H7h = 1541459225;
21263 H7l = 327033209;
21264 TOTAL = 0;
21265 }
21266 function init(h0h, h0l, h1h, h1l, h2h, h2l, h3h, h3l, h4h, h4l, h5h, h5l, h6h, h6l, h7h, h7l, total) {
21267 h0h = h0h | 0;
21268 h0l = h0l | 0;
21269 h1h = h1h | 0;
21270 h1l = h1l | 0;
21271 h2h = h2h | 0;
21272 h2l = h2l | 0;
21273 h3h = h3h | 0;
21274 h3l = h3l | 0;
21275 h4h = h4h | 0;
21276 h4l = h4l | 0;
21277 h5h = h5h | 0;
21278 h5l = h5l | 0;
21279 h6h = h6h | 0;
21280 h6l = h6l | 0;
21281 h7h = h7h | 0;
21282 h7l = h7l | 0;
21283 total = total | 0;
21284 H0h = h0h;
21285 H0l = h0l;
21286 H1h = h1h;
21287 H1l = h1l;
21288 H2h = h2h;
21289 H2l = h2l;
21290 H3h = h3h;
21291 H3l = h3l;
21292 H4h = h4h;
21293 H4l = h4l;
21294 H5h = h5h;
21295 H5l = h5l;
21296 H6h = h6h;
21297 H6l = h6l;
21298 H7h = h7h;
21299 H7l = h7l;
21300 TOTAL = total;
21301 }
21302 function process(offset, length) {
21303 offset = offset | 0;
21304 length = length | 0;
21305 var hashed = 0;
21306 if (offset & 127) return -1;
21307 while ((length | 0) >= 128) {
21308 _core_heap(offset);
21309 offset = offset + 128 | 0;
21310 length = length - 128 | 0;
21311 hashed = hashed + 128 | 0;
21312 }
21313 TOTAL = TOTAL + hashed | 0;
21314 return hashed | 0;
21315 }
21316 function finish(offset, length, output) {
21317 offset = offset | 0;
21318 length = length | 0;
21319 output = output | 0;
21320 var hashed = 0, i = 0;
21321 if (offset & 127) return -1;
21322 if (~output) if (output & 63) return -1;
21323 if ((length | 0) >= 128) {
21324 hashed = process(offset, length) | 0;
21325 if ((hashed | 0) == -1) return -1;
21326 offset = offset + hashed | 0;
21327 length = length - hashed | 0;
21328 }
21329 hashed = hashed + length | 0;
21330 TOTAL = TOTAL + length | 0;
21331 HEAP[offset | length] = 128;
21332 if ((length | 0) >= 112) {
21333 for (i = length + 1 | 0; (i | 0) < 128; i = i + 1 | 0) HEAP[offset | i] = 0;
21334 _core_heap(offset);
21335 length = 0;
21336 HEAP[offset | 0] = 0;
21337 }
21338 for (i = length + 1 | 0; (i | 0) < 123; i = i + 1 | 0) HEAP[offset | i] = 0;
21339 HEAP[offset | 123] = TOTAL >>> 29;
21340 HEAP[offset | 124] = TOTAL >>> 21 & 255;
21341 HEAP[offset | 125] = TOTAL >>> 13 & 255;
21342 HEAP[offset | 126] = TOTAL >>> 5 & 255;
21343 HEAP[offset | 127] = TOTAL << 3 & 255;
21344 _core_heap(offset);
21345 if (~output) _state_to_heap(output);
21346 return hashed | 0;
21347 }
21348 function hmac_reset() {
21349 H0h = I0h;
21350 H0l = I0l;
21351 H1h = I1h;
21352 H1l = I1l;
21353 H2h = I2h;
21354 H2l = I2l;
21355 H3h = I3h;
21356 H3l = I3l;
21357 H4h = I4h;
21358 H4l = I4l;
21359 H5h = I5h;
21360 H5l = I5l;
21361 H6h = I6h;
21362 H6l = I6l;
21363 H7h = I7h;
21364 H7l = I7l;
21365 TOTAL = 128;
21366 }
21367 function _hmac_opad() {
21368 H0h = O0h;
21369 H0l = O0l;
21370 H1h = O1h;
21371 H1l = O1l;
21372 H2h = O2h;
21373 H2l = O2l;
21374 H3h = O3h;
21375 H3l = O3l;
21376 H4h = O4h;
21377 H4l = O4l;
21378 H5h = O5h;
21379 H5l = O5l;
21380 H6h = O6h;
21381 H6l = O6l;
21382 H7h = O7h;
21383 H7l = O7l;
21384 TOTAL = 128;
21385 }
21386 function hmac_init(p0h, p0l, p1h, p1l, p2h, p2l, p3h, p3l, p4h, p4l, p5h, p5l, p6h, p6l, p7h, p7l, p8h, p8l, p9h, p9l, p10h, p10l, p11h, p11l, p12h, p12l, p13h, p13l, p14h, p14l, p15h, p15l) {
21387 p0h = p0h | 0;
21388 p0l = p0l | 0;
21389 p1h = p1h | 0;
21390 p1l = p1l | 0;
21391 p2h = p2h | 0;
21392 p2l = p2l | 0;
21393 p3h = p3h | 0;
21394 p3l = p3l | 0;
21395 p4h = p4h | 0;
21396 p4l = p4l | 0;
21397 p5h = p5h | 0;
21398 p5l = p5l | 0;
21399 p6h = p6h | 0;
21400 p6l = p6l | 0;
21401 p7h = p7h | 0;
21402 p7l = p7l | 0;
21403 p8h = p8h | 0;
21404 p8l = p8l | 0;
21405 p9h = p9h | 0;
21406 p9l = p9l | 0;
21407 p10h = p10h | 0;
21408 p10l = p10l | 0;
21409 p11h = p11h | 0;
21410 p11l = p11l | 0;
21411 p12h = p12h | 0;
21412 p12l = p12l | 0;
21413 p13h = p13h | 0;
21414 p13l = p13l | 0;
21415 p14h = p14h | 0;
21416 p14l = p14l | 0;
21417 p15h = p15h | 0;
21418 p15l = p15l | 0;
21419 reset();
21420 _core(p0h ^ 1549556828, p0l ^ 1549556828, p1h ^ 1549556828, p1l ^ 1549556828, p2h ^ 1549556828, p2l ^ 1549556828, p3h ^ 1549556828, p3l ^ 1549556828, p4h ^ 1549556828, p4l ^ 1549556828, p5h ^ 1549556828, p5l ^ 1549556828, p6h ^ 1549556828, p6l ^ 1549556828, p7h ^ 1549556828, p7l ^ 1549556828, p8h ^ 1549556828, p8l ^ 1549556828, p9h ^ 1549556828, p9l ^ 1549556828, p10h ^ 1549556828, p10l ^ 1549556828, p11h ^ 1549556828, p11l ^ 1549556828, p12h ^ 1549556828, p12l ^ 1549556828, p13h ^ 1549556828, p13l ^ 1549556828, p14h ^ 1549556828, p14l ^ 1549556828, p15h ^ 1549556828, p15l ^ 1549556828);
21421 O0h = H0h;
21422 O0l = H0l;
21423 O1h = H1h;
21424 O1l = H1l;
21425 O2h = H2h;
21426 O2l = H2l;
21427 O3h = H3h;
21428 O3l = H3l;
21429 O4h = H4h;
21430 O4l = H4l;
21431 O5h = H5h;
21432 O5l = H5l;
21433 O6h = H6h;
21434 O6l = H6l;
21435 O7h = H7h;
21436 O7l = H7l;
21437 reset();
21438 _core(p0h ^ 909522486, p0l ^ 909522486, p1h ^ 909522486, p1l ^ 909522486, p2h ^ 909522486, p2l ^ 909522486, p3h ^ 909522486, p3l ^ 909522486, p4h ^ 909522486, p4l ^ 909522486, p5h ^ 909522486, p5l ^ 909522486, p6h ^ 909522486, p6l ^ 909522486, p7h ^ 909522486, p7l ^ 909522486, p8h ^ 909522486, p8l ^ 909522486, p9h ^ 909522486, p9l ^ 909522486, p10h ^ 909522486, p10l ^ 909522486, p11h ^ 909522486, p11l ^ 909522486, p12h ^ 909522486, p12l ^ 909522486, p13h ^ 909522486, p13l ^ 909522486, p14h ^ 909522486, p14l ^ 909522486, p15h ^ 909522486, p15l ^ 909522486);
21439 I0h = H0h;
21440 I0l = H0l;
21441 I1h = H1h;
21442 I1l = H1l;
21443 I2h = H2h;
21444 I2l = H2l;
21445 I3h = H3h;
21446 I3l = H3l;
21447 I4h = H4h;
21448 I4l = H4l;
21449 I5h = H5h;
21450 I5l = H5l;
21451 I6h = H6h;
21452 I6l = H6l;
21453 I7h = H7h;
21454 I7l = H7l;
21455 TOTAL = 128;
21456 }
21457 function hmac_finish(offset, length, output) {
21458 offset = offset | 0;
21459 length = length | 0;
21460 output = output | 0;
21461 var t0h = 0, t0l = 0, t1h = 0, t1l = 0, t2h = 0, t2l = 0, t3h = 0, t3l = 0, t4h = 0, t4l = 0, t5h = 0, t5l = 0, t6h = 0, t6l = 0, t7h = 0, t7l = 0, hashed = 0;
21462 if (offset & 127) return -1;
21463 if (~output) if (output & 63) return -1;
21464 hashed = finish(offset, length, -1) | 0;
21465 t0h = H0h;
21466 t0l = H0l;
21467 t1h = H1h;
21468 t1l = H1l;
21469 t2h = H2h;
21470 t2l = H2l;
21471 t3h = H3h;
21472 t3l = H3l;
21473 t4h = H4h;
21474 t4l = H4l;
21475 t5h = H5h;
21476 t5l = H5l;
21477 t6h = H6h;
21478 t6l = H6l;
21479 t7h = H7h;
21480 t7l = H7l;
21481 _hmac_opad();
21482 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
21483 if (~output) _state_to_heap(output);
21484 return hashed | 0;
21485 }
21486 function pbkdf2_generate_block(offset, length, block, count, output) {
21487 offset = offset | 0;
21488 length = length | 0;
21489 block = block | 0;
21490 count = count | 0;
21491 output = output | 0;
21492 var h0h = 0, h0l = 0, h1h = 0, h1l = 0, h2h = 0, h2l = 0, h3h = 0, h3l = 0, h4h = 0, h4l = 0, h5h = 0, h5l = 0, h6h = 0, h6l = 0, h7h = 0, h7l = 0, t0h = 0, t0l = 0, t1h = 0, t1l = 0, t2h = 0, t2l = 0, t3h = 0, t3l = 0, t4h = 0, t4l = 0, t5h = 0, t5l = 0, t6h = 0, t6l = 0, t7h = 0, t7l = 0;
21493 if (offset & 127) return -1;
21494 if (~output) if (output & 63) return -1;
21495 HEAP[offset + length | 0] = block >>> 24;
21496 HEAP[offset + length + 1 | 0] = block >>> 16 & 255;
21497 HEAP[offset + length + 2 | 0] = block >>> 8 & 255;
21498 HEAP[offset + length + 3 | 0] = block & 255;
21499 // Closure compiler warning - The result of the 'bitor' operator is not being used
21500 //hmac_finish(offset, length + 4 | 0, -1) | 0;
21501 hmac_finish(offset, length + 4 | 0, -1);
21502 h0h = t0h = H0h;
21503 h0l = t0l = H0l;
21504 h1h = t1h = H1h;
21505 h1l = t1l = H1l;
21506 h2h = t2h = H2h;
21507 h2l = t2l = H2l;
21508 h3h = t3h = H3h;
21509 h3l = t3l = H3l;
21510 h4h = t4h = H4h;
21511 h4l = t4l = H4l;
21512 h5h = t5h = H5h;
21513 h5l = t5l = H5l;
21514 h6h = t6h = H6h;
21515 h6l = t6l = H6l;
21516 h7h = t7h = H7h;
21517 h7l = t7l = H7l;
21518 count = count - 1 | 0;
21519 while ((count | 0) > 0) {
21520 hmac_reset();
21521 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
21522 t0h = H0h;
21523 t0l = H0l;
21524 t1h = H1h;
21525 t1l = H1l;
21526 t2h = H2h;
21527 t2l = H2l;
21528 t3h = H3h;
21529 t3l = H3l;
21530 t4h = H4h;
21531 t4l = H4l;
21532 t5h = H5h;
21533 t5l = H5l;
21534 t6h = H6h;
21535 t6l = H6l;
21536 t7h = H7h;
21537 t7l = H7l;
21538 _hmac_opad();
21539 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
21540 t0h = H0h;
21541 t0l = H0l;
21542 t1h = H1h;
21543 t1l = H1l;
21544 t2h = H2h;
21545 t2l = H2l;
21546 t3h = H3h;
21547 t3l = H3l;
21548 t4h = H4h;
21549 t4l = H4l;
21550 t5h = H5h;
21551 t5l = H5l;
21552 t6h = H6h;
21553 t6l = H6l;
21554 t7h = H7h;
21555 t7l = H7l;
21556 h0h = h0h ^ H0h;
21557 h0l = h0l ^ H0l;
21558 h1h = h1h ^ H1h;
21559 h1l = h1l ^ H1l;
21560 h2h = h2h ^ H2h;
21561 h2l = h2l ^ H2l;
21562 h3h = h3h ^ H3h;
21563 h3l = h3l ^ H3l;
21564 h4h = h4h ^ H4h;
21565 h4l = h4l ^ H4l;
21566 h5h = h5h ^ H5h;
21567 h5l = h5l ^ H5l;
21568 h6h = h6h ^ H6h;
21569 h6l = h6l ^ H6l;
21570 h7h = h7h ^ H7h;
21571 h7l = h7l ^ H7l;
21572 count = count - 1 | 0;
21573 }
21574 H0h = h0h;
21575 H0l = h0l;
21576 H1h = h1h;
21577 H1l = h1l;
21578 H2h = h2h;
21579 H2l = h2l;
21580 H3h = h3h;
21581 H3l = h3l;
21582 H4h = h4h;
21583 H4l = h4l;
21584 H5h = h5h;
21585 H5l = h5l;
21586 H6h = h6h;
21587 H6l = h6l;
21588 H7h = h7h;
21589 H7l = h7l;
21590 if (~output) _state_to_heap(output);
21591 return 0;
21592 }
21593 return {
21594 reset: reset,
21595 init: init,
21596 process: process,
21597 finish: finish,
21598 hmac_reset: hmac_reset,
21599 hmac_init: hmac_init,
21600 hmac_finish: hmac_finish,
21601 pbkdf2_generate_block: pbkdf2_generate_block
21602 };
21603 }
21604 var _sha512_block_size = 128, _sha512_hash_size = 64;
21605 function sha512_constructor(options) {
21606 options = options || {};
21607 options.heapSize = options.heapSize || 4096;
21608 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
21609 this.heap = options.heap || new Uint8Array(options.heapSize);
21610 this.asm = options.asm || sha512_asm(global, null, this.heap.buffer);
21611 this.BLOCK_SIZE = _sha512_block_size;
21612 this.HASH_SIZE = _sha512_hash_size;
21613 this.reset();
21614 }
21615 function sha512_reset() {
21616 this.result = null;
21617 this.pos = 0;
21618 this.len = 0;
21619 this.asm.reset();
21620 return this;
21621 }
21622 function sha512_process(data) {
21623 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21624 var dpos = 0, dlen = 0, clen = 0;
21625 if (is_buffer(data) || is_bytes(data)) {
21626 dpos = data.byteOffset || 0;
21627 dlen = data.byteLength;
21628 } else if (is_string(data)) {
21629 dlen = data.length;
21630 } else {
21631 throw new TypeError("data isn't of expected type");
21632 }
21633 while (dlen > 0) {
21634 clen = this.heap.byteLength - this.pos - this.len;
21635 clen = clen < dlen ? clen : dlen;
21636 if (is_buffer(data) || is_bytes(data)) {
21637 this.heap.set(new Uint8Array(data.buffer || data, dpos, clen), this.pos + this.len);
21638 } else {
21639 for (var i = 0; i < clen; i++) this.heap[this.pos + this.len + i] = data.charCodeAt(dpos + i);
21640 }
21641 this.len += clen;
21642 dpos += clen;
21643 dlen -= clen;
21644 clen = this.asm.process(this.pos, this.len);
21645 if (clen < this.len) {
21646 this.pos += clen;
21647 this.len -= clen;
21648 } else {
21649 this.pos = 0;
21650 this.len = 0;
21651 }
21652 }
21653 return this;
21654 }
21655 function sha512_finish() {
21656 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21657 this.asm.finish(this.pos, this.len, 0);
21658 this.result = new Uint8Array(_sha512_hash_size);
21659 this.result.set(this.heap.subarray(0, _sha512_hash_size));
21660 this.pos = 0;
21661 this.len = 0;
21662 return this;
21663 }
21664 sha512_constructor.BLOCK_SIZE = _sha512_block_size;
21665 sha512_constructor.HASH_SIZE = _sha512_hash_size;
21666 var sha512_prototype = sha512_constructor.prototype;
21667 sha512_prototype.reset = sha512_reset;
21668 sha512_prototype.process = sha512_process;
21669 sha512_prototype.finish = sha512_finish;
21670 function hmac_constructor(options) {
21671 options = options || {};
21672 if (!options.hash) throw new SyntaxError("option 'hash' is required");
21673 if (!options.hash.HASH_SIZE) throw new SyntaxError("option 'hash' supplied doesn't seem to be a valid hash function");
21674 this.hash = options.hash;
21675 this.BLOCK_SIZE = this.hash.BLOCK_SIZE;
21676 this.HMAC_SIZE = this.hash.HASH_SIZE;
21677 this.key = null;
21678 this.verify = null;
21679 this.result = null;
21680 if (options.password !== undefined || options.verify !== undefined) this.reset(options);
21681 return this;
21682 }
21683 function hmac_sha256_constructor(options) {
21684 options = options || {};
21685 if (!(options.hash instanceof sha256_constructor)) options.hash = new sha256_constructor(options);
21686 hmac_constructor.call(this, options);
21687 return this;
21688 }
21689 function hmac_sha512_constructor(options) {
21690 options = options || {};
21691 if (!(options.hash instanceof sha512_constructor)) options.hash = new sha512_constructor(options);
21692 hmac_constructor.call(this, options);
21693 return this;
21694 }
21695 function _hmac_key(hash, password) {
21696 var key;
21697 if (is_buffer(password) || is_bytes(password)) {
21698 key = new Uint8Array(hash.BLOCK_SIZE);
21699 if (password.byteLength > hash.BLOCK_SIZE) {
21700 key.set(new Uint8Array(hash.reset().process(password).finish().result));
21701 } else if (is_buffer(password)) {
21702 key.set(new Uint8Array(password));
21703 } else {
21704 key.set(password);
21705 }
21706 } else if (is_string(password)) {
21707 key = new Uint8Array(hash.BLOCK_SIZE);
21708 if (password.length > hash.BLOCK_SIZE) {
21709 key.set(new Uint8Array(hash.reset().process(password).finish().result));
21710 } else {
21711 for (var i = 0; i < password.length; ++i) key[i] = password.charCodeAt(i);
21712 }
21713 } else {
21714 throw new TypeError("password isn't of expected type");
21715 }
21716 return key;
21717 }
21718 function _hmac_init_verify(verify) {
21719 if (is_buffer(verify) || is_bytes(verify)) {
21720 verify = new Uint8Array(verify);
21721 } else if (is_string(verify)) {
21722 verify = string_to_bytes(verify);
21723 } else {
21724 throw new TypeError("verify tag isn't of expected type");
21725 }
21726 if (verify.length !== this.HMAC_SIZE) throw new IllegalArgumentError("illegal verification tag size");
21727 this.verify = verify;
21728 }
21729 function hmac_reset(options) {
21730 options = options || {};
21731 var password = options.password;
21732 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
21733 this.result = null;
21734 this.hash.reset();
21735 if (password || is_string(password)) this.key = _hmac_key(this.hash, password);
21736 var ipad = new Uint8Array(this.key);
21737 for (var i = 0; i < ipad.length; ++i) ipad[i] ^= 54;
21738 this.hash.process(ipad);
21739 var verify = options.verify;
21740 if (verify !== undefined) {
21741 _hmac_init_verify.call(this, verify);
21742 } else {
21743 this.verify = null;
21744 }
21745 return this;
21746 }
21747 function hmac_sha256_reset(options) {
21748 options = options || {};
21749 var password = options.password;
21750 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
21751 this.result = null;
21752 this.hash.reset();
21753 if (password || is_string(password)) {
21754 this.key = _hmac_key(this.hash, password);
21755 this.hash.reset().asm.hmac_init(this.key[0] << 24 | this.key[1] << 16 | this.key[2] << 8 | this.key[3], this.key[4] << 24 | this.key[5] << 16 | this.key[6] << 8 | this.key[7], this.key[8] << 24 | this.key[9] << 16 | this.key[10] << 8 | this.key[11], this.key[12] << 24 | this.key[13] << 16 | this.key[14] << 8 | this.key[15], this.key[16] << 24 | this.key[17] << 16 | this.key[18] << 8 | this.key[19], this.key[20] << 24 | this.key[21] << 16 | this.key[22] << 8 | this.key[23], this.key[24] << 24 | this.key[25] << 16 | this.key[26] << 8 | this.key[27], this.key[28] << 24 | this.key[29] << 16 | this.key[30] << 8 | this.key[31], this.key[32] << 24 | this.key[33] << 16 | this.key[34] << 8 | this.key[35], this.key[36] << 24 | this.key[37] << 16 | this.key[38] << 8 | this.key[39], this.key[40] << 24 | this.key[41] << 16 | this.key[42] << 8 | this.key[43], this.key[44] << 24 | this.key[45] << 16 | this.key[46] << 8 | this.key[47], this.key[48] << 24 | this.key[49] << 16 | this.key[50] << 8 | this.key[51], this.key[52] << 24 | this.key[53] << 16 | this.key[54] << 8 | this.key[55], this.key[56] << 24 | this.key[57] << 16 | this.key[58] << 8 | this.key[59], this.key[60] << 24 | this.key[61] << 16 | this.key[62] << 8 | this.key[63]);
21756 } else {
21757 this.hash.asm.hmac_reset();
21758 }
21759 var verify = options.verify;
21760 if (verify !== undefined) {
21761 _hmac_init_verify.call(this, verify);
21762 } else {
21763 this.verify = null;
21764 }
21765 return this;
21766 }
21767 function hmac_sha512_reset(options) {
21768 options = options || {};
21769 var password = options.password;
21770 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
21771 this.result = null;
21772 this.hash.reset();
21773 if (password || is_string(password)) {
21774 this.key = _hmac_key(this.hash, password);
21775 this.hash.reset().asm.hmac_init(this.key[0] << 24 | this.key[1] << 16 | this.key[2] << 8 | this.key[3], this.key[4] << 24 | this.key[5] << 16 | this.key[6] << 8 | this.key[7], this.key[8] << 24 | this.key[9] << 16 | this.key[10] << 8 | this.key[11], this.key[12] << 24 | this.key[13] << 16 | this.key[14] << 8 | this.key[15], this.key[16] << 24 | this.key[17] << 16 | this.key[18] << 8 | this.key[19], this.key[20] << 24 | this.key[21] << 16 | this.key[22] << 8 | this.key[23], this.key[24] << 24 | this.key[25] << 16 | this.key[26] << 8 | this.key[27], this.key[28] << 24 | this.key[29] << 16 | this.key[30] << 8 | this.key[31], this.key[32] << 24 | this.key[33] << 16 | this.key[34] << 8 | this.key[35], this.key[36] << 24 | this.key[37] << 16 | this.key[38] << 8 | this.key[39], this.key[40] << 24 | this.key[41] << 16 | this.key[42] << 8 | this.key[43], this.key[44] << 24 | this.key[45] << 16 | this.key[46] << 8 | this.key[47], this.key[48] << 24 | this.key[49] << 16 | this.key[50] << 8 | this.key[51], this.key[52] << 24 | this.key[53] << 16 | this.key[54] << 8 | this.key[55], this.key[56] << 24 | this.key[57] << 16 | this.key[58] << 8 | this.key[59], this.key[60] << 24 | this.key[61] << 16 | this.key[62] << 8 | this.key[63], this.key[64] << 24 | this.key[65] << 16 | this.key[66] << 8 | this.key[67], this.key[68] << 24 | this.key[69] << 16 | this.key[70] << 8 | this.key[71], this.key[72] << 24 | this.key[73] << 16 | this.key[74] << 8 | this.key[75], this.key[76] << 24 | this.key[77] << 16 | this.key[78] << 8 | this.key[79], this.key[80] << 24 | this.key[81] << 16 | this.key[82] << 8 | this.key[83], this.key[84] << 24 | this.key[85] << 16 | this.key[86] << 8 | this.key[87], this.key[88] << 24 | this.key[89] << 16 | this.key[90] << 8 | this.key[91], this.key[92] << 24 | this.key[93] << 16 | this.key[94] << 8 | this.key[95], this.key[96] << 24 | this.key[97] << 16 | this.key[98] << 8 | this.key[99], this.key[100] << 24 | this.key[101] << 16 | this.key[102] << 8 | this.key[103], this.key[104] << 24 | this.key[105] << 16 | this.key[106] << 8 | this.key[107], this.key[108] << 24 | this.key[109] << 16 | this.key[110] << 8 | this.key[111], this.key[112] << 24 | this.key[113] << 16 | this.key[114] << 8 | this.key[115], this.key[116] << 24 | this.key[117] << 16 | this.key[118] << 8 | this.key[119], this.key[120] << 24 | this.key[121] << 16 | this.key[122] << 8 | this.key[123], this.key[124] << 24 | this.key[125] << 16 | this.key[126] << 8 | this.key[127]);
21776 } else {
21777 this.hash.asm.hmac_reset();
21778 }
21779 var verify = options.verify;
21780 if (verify !== undefined) {
21781 _hmac_init_verify.call(this, verify);
21782 } else {
21783 this.verify = null;
21784 }
21785 return this;
21786 }
21787 function hmac_process(data) {
21788 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
21789 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21790 this.hash.process(data);
21791 return this;
21792 }
21793 function hmac_finish() {
21794 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
21795 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21796 var inner_result = this.hash.finish().result;
21797 var opad = new Uint8Array(this.key);
21798 for (var i = 0; i < opad.length; ++i) opad[i] ^= 92;
21799 var verify = this.verify;
21800 var result = this.hash.reset().process(opad).process(inner_result).finish().result;
21801 if (verify) {
21802 if (verify.length === result.length) {
21803 var diff = 0;
21804 for (var i = 0; i < verify.length; i++) {
21805 diff |= verify[i] ^ result[i];
21806 }
21807 this.result = !diff;
21808 } else {
21809 this.result = false;
21810 }
21811 } else {
21812 this.result = result;
21813 }
21814 return this;
21815 }
21816 function hmac_sha256_finish() {
21817 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
21818 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21819 var hash = this.hash, asm = this.hash.asm, heap = this.hash.heap;
21820 asm.hmac_finish(hash.pos, hash.len, 0);
21821 var verify = this.verify;
21822 var result = new Uint8Array(_sha256_hash_size);
21823 result.set(heap.subarray(0, _sha256_hash_size));
21824 if (verify) {
21825 if (verify.length === result.length) {
21826 var diff = 0;
21827 for (var i = 0; i < verify.length; i++) {
21828 diff |= verify[i] ^ result[i];
21829 }
21830 this.result = !diff;
21831 } else {
21832 this.result = false;
21833 }
21834 } else {
21835 this.result = result;
21836 }
21837 return this;
21838 }
21839 function hmac_sha512_finish() {
21840 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
21841 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21842 var hash = this.hash, asm = this.hash.asm, heap = this.hash.heap;
21843 asm.hmac_finish(hash.pos, hash.len, 0);
21844 var verify = this.verify;
21845 var result = new Uint8Array(_sha512_hash_size);
21846 result.set(heap.subarray(0, _sha512_hash_size));
21847 if (verify) {
21848 if (verify.length === result.length) {
21849 var diff = 0;
21850 for (var i = 0; i < verify.length; i++) {
21851 diff |= verify[i] ^ result[i];
21852 }
21853 this.result = !diff;
21854 } else {
21855 this.result = false;
21856 }
21857 } else {
21858 this.result = result;
21859 }
21860 return this;
21861 }
21862 var hmac_prototype = hmac_constructor.prototype;
21863 hmac_prototype.reset = hmac_reset;
21864 hmac_prototype.process = hmac_process;
21865 hmac_prototype.finish = hmac_finish;
21866 hmac_sha256_constructor.BLOCK_SIZE = sha256_constructor.BLOCK_SIZE;
21867 hmac_sha256_constructor.HMAC_SIZE = sha256_constructor.HASH_SIZE;
21868 var hmac_sha256_prototype = hmac_sha256_constructor.prototype;
21869 hmac_sha256_prototype.reset = hmac_sha256_reset;
21870 hmac_sha256_prototype.process = hmac_process;
21871 hmac_sha256_prototype.finish = hmac_sha256_finish;
21872 hmac_sha512_constructor.BLOCK_SIZE = sha512_constructor.BLOCK_SIZE;
21873 hmac_sha512_constructor.HMAC_SIZE = sha512_constructor.HASH_SIZE;
21874 var hmac_sha512_prototype = hmac_sha512_constructor.prototype;
21875 hmac_sha512_prototype.reset = hmac_sha512_reset;
21876 hmac_sha512_prototype.process = hmac_process;
21877 hmac_sha512_prototype.finish = hmac_sha512_finish;
21878 function pbkdf2_constructor(options) {
21879 options = options || {};
21880 if (!options.hmac) throw new SyntaxError("option 'hmac' is required");
21881 if (!options.hmac.HMAC_SIZE) throw new SyntaxError("option 'hmac' supplied doesn't seem to be a valid HMAC function");
21882 this.hmac = options.hmac;
21883 this.count = options.count || 4096;
21884 this.length = options.length || this.hmac.HMAC_SIZE;
21885 this.result = null;
21886 var password = options.password;
21887 if (password || is_string(password)) this.reset(options);
21888 return this;
21889 }
21890 function pbkdf2_hmac_sha256_constructor(options) {
21891 options = options || {};
21892 if (!(options.hmac instanceof hmac_sha256_constructor)) options.hmac = new hmac_sha256_constructor(options);
21893 pbkdf2_constructor.call(this, options);
21894 return this;
21895 }
21896 function pbkdf2_hmac_sha512_constructor(options) {
21897 options = options || {};
21898 if (!(options.hmac instanceof hmac_sha512_constructor)) options.hmac = new hmac_sha512_constructor(options);
21899 pbkdf2_constructor.call(this, options);
21900 return this;
21901 }
21902 function pbkdf2_reset(options) {
21903 this.result = null;
21904 this.hmac.reset(options);
21905 return this;
21906 }
21907 function pbkdf2_generate(salt, count, length) {
21908 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21909 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
21910 count = count || this.count;
21911 length = length || this.length;
21912 this.result = new Uint8Array(length);
21913 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
21914 for (var i = 1; i <= blocks; ++i) {
21915 var j = (i - 1) * this.hmac.HMAC_SIZE;
21916 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
21917 var tmp = new Uint8Array(this.hmac.reset().process(salt).process(new Uint8Array([ i >>> 24 & 255, i >>> 16 & 255, i >>> 8 & 255, i & 255 ])).finish().result);
21918 this.result.set(tmp.subarray(0, l), j);
21919 for (var k = 1; k < count; ++k) {
21920 tmp = new Uint8Array(this.hmac.reset().process(tmp).finish().result);
21921 for (var r = 0; r < l; ++r) this.result[j + r] ^= tmp[r];
21922 }
21923 }
21924 return this;
21925 }
21926 function pbkdf2_hmac_sha256_generate(salt, count, length) {
21927 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21928 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
21929 count = count || this.count;
21930 length = length || this.length;
21931 this.result = new Uint8Array(length);
21932 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
21933 for (var i = 1; i <= blocks; ++i) {
21934 var j = (i - 1) * this.hmac.HMAC_SIZE;
21935 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
21936 this.hmac.reset().process(salt);
21937 this.hmac.hash.asm.pbkdf2_generate_block(this.hmac.hash.pos, this.hmac.hash.len, i, count, 0);
21938 this.result.set(this.hmac.hash.heap.subarray(0, l), j);
21939 }
21940 return this;
21941 }
21942 function pbkdf2_hmac_sha512_generate(salt, count, length) {
21943 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
21944 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
21945 count = count || this.count;
21946 length = length || this.length;
21947 this.result = new Uint8Array(length);
21948 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
21949 for (var i = 1; i <= blocks; ++i) {
21950 var j = (i - 1) * this.hmac.HMAC_SIZE;
21951 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
21952 this.hmac.reset().process(salt);
21953 this.hmac.hash.asm.pbkdf2_generate_block(this.hmac.hash.pos, this.hmac.hash.len, i, count, 0);
21954 this.result.set(this.hmac.hash.heap.subarray(0, l), j);
21955 }
21956 return this;
21957 }
21958 var pbkdf2_prototype = pbkdf2_constructor.prototype;
21959 pbkdf2_prototype.reset = pbkdf2_reset;
21960 pbkdf2_prototype.generate = pbkdf2_generate;
21961 var pbkdf2_hmac_sha256_prototype = pbkdf2_hmac_sha256_constructor.prototype;
21962 pbkdf2_hmac_sha256_prototype.reset = pbkdf2_reset;
21963 pbkdf2_hmac_sha256_prototype.generate = pbkdf2_hmac_sha256_generate;
21964 var pbkdf2_hmac_sha512_prototype = pbkdf2_hmac_sha512_constructor.prototype;
21965 pbkdf2_hmac_sha512_prototype.reset = pbkdf2_reset;
21966 pbkdf2_hmac_sha512_prototype.generate = pbkdf2_hmac_sha512_generate;
21967 global.IllegalStateError = IllegalStateError;
21968 global.IllegalArgumentError = IllegalArgumentError;
21969 global.SecurityError = SecurityError;
21970 exports.string_to_bytes = string_to_bytes;
21971 exports.hex_to_bytes = hex_to_bytes;
21972 exports.base64_to_bytes = base64_to_bytes;
21973 exports.bytes_to_string = bytes_to_string;
21974 exports.bytes_to_hex = bytes_to_hex;
21975 exports.bytes_to_base64 = bytes_to_base64;
21976 var SHA256_instance = new sha256_constructor({
21977 heapSize: 1048576
21978 });
21979 function sha256_bytes(data) {
21980 if (data === undefined) throw new SyntaxError("data required");
21981 return SHA256_instance.reset().process(data).finish().result;
21982 }
21983 function sha256_hex(data) {
21984 var result = sha256_bytes(data);
21985 return bytes_to_hex(result);
21986 }
21987 function sha256_base64(data) {
21988 var result = sha256_bytes(data);
21989 return bytes_to_base64(result);
21990 }
21991 exports.SHA256 = {
21992 bytes: sha256_bytes,
21993 hex: sha256_hex,
21994 base64: sha256_base64
21995 };
21996 var SHA512_instance = new sha512_constructor({
21997 heapSize: 1048576
21998 });
21999 function sha512_bytes(data) {
22000 if (data === undefined) throw new SyntaxError("data required");
22001 return SHA512_instance.reset().process(data).finish().result;
22002 }
22003 function sha512_hex(data) {
22004 var result = sha512_bytes(data);
22005 return bytes_to_hex(result);
22006 }
22007 function sha512_base64(data) {
22008 var result = sha512_bytes(data);
22009 return bytes_to_base64(result);
22010 }
22011 exports.SHA512 = {
22012 bytes: sha512_bytes,
22013 hex: sha512_hex,
22014 base64: sha512_base64
22015 };
22016 var hmac_sha256_instance = new hmac_sha256_constructor({
22017 hash: SHA256_instance
22018 });
22019 function hmac_sha256_bytes(data, password) {
22020 if (data === undefined) throw new SyntaxError("data required");
22021 if (password === undefined) throw new SyntaxError("password required");
22022 return hmac_sha256_instance.reset({
22023 password: password
22024 }).process(data).finish().result;
22025 }
22026 function hmac_sha256_hex(data, password) {
22027 var result = hmac_sha256_bytes(data, password);
22028 return bytes_to_hex(result);
22029 }
22030 function hmac_sha256_base64(data, password) {
22031 var result = hmac_sha256_bytes(data, password);
22032 return bytes_to_base64(result);
22033 }
22034 exports.HMAC = exports.HMAC_SHA256 = {
22035 bytes: hmac_sha256_bytes,
22036 hex: hmac_sha256_hex,
22037 base64: hmac_sha256_base64
22038 };
22039 var hmac_sha512_instance = new hmac_sha512_constructor({
22040 hash: SHA512_instance
22041 });
22042 function hmac_sha512_bytes(data, password) {
22043 if (data === undefined) throw new SyntaxError("data required");
22044 if (password === undefined) throw new SyntaxError("password required");
22045 return hmac_sha512_instance.reset({
22046 password: password
22047 }).process(data).finish().result;
22048 }
22049 function hmac_sha512_hex(data, password) {
22050 var result = hmac_sha512_bytes(data, password);
22051 return bytes_to_hex(result);
22052 }
22053 function hmac_sha512_base64(data, password) {
22054 var result = hmac_sha512_bytes(data, password);
22055 return bytes_to_base64(result);
22056 }
22057 exports.HMAC_SHA512 = {
22058 bytes: hmac_sha512_bytes,
22059 hex: hmac_sha512_hex,
22060 base64: hmac_sha512_base64
22061 };
22062 var pbkdf2_hmac_sha256_instance = new pbkdf2_hmac_sha256_constructor({
22063 hmac: hmac_sha256_instance
22064 });
22065 function pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen) {
22066 if (password === undefined) throw new SyntaxError("password required");
22067 if (salt === undefined) throw new SyntaxError("salt required");
22068 return pbkdf2_hmac_sha256_instance.reset({
22069 password: password
22070 }).generate(salt, iterations, dklen).result;
22071 }
22072 function pbkdf2_hmac_sha256_hex(password, salt, iterations, dklen) {
22073 var result = pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen);
22074 return bytes_to_hex(result);
22075 }
22076 function pbkdf2_hmac_sha256_base64(password, salt, iterations, dklen) {
22077 var result = pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen);
22078 return bytes_to_base64(result);
22079 }
22080 exports.PBKDF2 = exports.PBKDF2_HMAC_SHA256 = {
22081 bytes: pbkdf2_hmac_sha256_bytes,
22082 hex: pbkdf2_hmac_sha256_hex,
22083 base64: pbkdf2_hmac_sha256_base64
22084 };
22085 var pbkdf2_hmac_sha512_instance = new pbkdf2_hmac_sha512_constructor({
22086 hmac: hmac_sha512_instance
22087 });
22088 function pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen) {
22089 if (password === undefined) throw new SyntaxError("password required");
22090 if (salt === undefined) throw new SyntaxError("salt required");
22091 return pbkdf2_hmac_sha512_instance.reset({
22092 password: password
22093 }).generate(salt, iterations, dklen).result;
22094 }
22095 function pbkdf2_hmac_sha512_hex(password, salt, iterations, dklen) {
22096 var result = pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen);
22097 return bytes_to_hex(result);
22098 }
22099 function pbkdf2_hmac_sha512_base64(password, salt, iterations, dklen) {
22100 var result = pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen);
22101 return bytes_to_base64(result);
22102 }
22103 exports.PBKDF2_HMAC_SHA512 = {
22104 bytes: pbkdf2_hmac_sha512_bytes,
22105 hex: pbkdf2_hmac_sha512_hex,
22106 base64: pbkdf2_hmac_sha512_base64
22107 };
22108 var cbc_aes_instance = new cbc_aes_constructor({
22109 heapSize: 1048576
22110 });
22111 function cbc_aes_encrypt_bytes(data, key, padding, iv) {
22112 if (data === undefined) throw new SyntaxError("data required");
22113 if (key === undefined) throw new SyntaxError("key required");
22114 return cbc_aes_instance.reset({
22115 key: key,
22116 padding: padding,
22117 iv: iv
22118 }).encrypt(data).result;
22119 }
22120 function cbc_aes_decrypt_bytes(data, key, padding, iv) {
22121 if (data === undefined) throw new SyntaxError("data required");
22122 if (key === undefined) throw new SyntaxError("key required");
22123 return cbc_aes_instance.reset({
22124 key: key,
22125 padding: padding,
22126 iv: iv
22127 }).decrypt(data).result;
22128 }
22129 exports.AES = exports.AES_CBC = {
22130 encrypt: cbc_aes_encrypt_bytes,
22131 decrypt: cbc_aes_decrypt_bytes
22132 };
22133 var ccm_aes_instance = new ccm_aes_constructor({
22134 heap: cbc_aes_instance.heap,
22135 asm: cbc_aes_instance.asm
22136 });
22137 function ccm_aes_encrypt_bytes(data, key, nonce, adata, tagSize) {
22138 if (data === undefined) throw new SyntaxError("data required");
22139 if (key === undefined) throw new SyntaxError("key required");
22140 if (nonce === undefined) throw new SyntaxError("nonce required");
22141 var dataLength = data.byteLength || data.length || 0;
22142 return ccm_aes_instance.reset({
22143 key: key,
22144 nonce: nonce,
22145 adata: adata,
22146 tagSize: tagSize,
22147 dataLength: dataLength
22148 }).encrypt(data).result;
22149 }
22150 function ccm_aes_decrypt_bytes(data, key, nonce, adata, tagSize) {
22151 if (data === undefined) throw new SyntaxError("data required");
22152 if (key === undefined) throw new SyntaxError("key required");
22153 if (nonce === undefined) throw new SyntaxError("nonce required");
22154 var dataLength = data.byteLength || data.length || 0;
22155 tagSize = tagSize || _aes_block_size;
22156 return ccm_aes_instance.reset({
22157 key: key,
22158 nonce: nonce,
22159 adata: adata,
22160 tagSize: tagSize,
22161 dataLength: dataLength - tagSize
22162 }).decrypt(data).result;
22163 }
22164 exports.AES_CCM = {
22165 encrypt: ccm_aes_encrypt_bytes,
22166 decrypt: ccm_aes_decrypt_bytes
22167 };
22168 var cfb_aes_instance = new cfb_aes_constructor({
22169 heap: cbc_aes_instance.heap,
22170 asm: cbc_aes_instance.asm
22171 });
22172 function cfb_aes_encrypt_bytes(data, key, padding, iv) {
22173 if (data === undefined) throw new SyntaxError("data required");
22174 if (key === undefined) throw new SyntaxError("key required");
22175 return cfb_aes_instance.reset({
22176 key: key,
22177 padding: padding,
22178 iv: iv
22179 }).encrypt(data).result;
22180 }
22181 function cfb_aes_decrypt_bytes(data, key, padding, iv) {
22182 if (data === undefined) throw new SyntaxError("data required");
22183 if (key === undefined) throw new SyntaxError("key required");
22184 return cfb_aes_instance.reset({
22185 key: key,
22186 padding: padding,
22187 iv: iv
22188 }).decrypt(data).result;
22189 }
22190 exports.AES_CFB = {
22191 encrypt: cfb_aes_encrypt_bytes,
22192 decrypt: cfb_aes_decrypt_bytes
22193 };
22194 var cfb_aes_decrypt_instance = new cfb_aes_decrypt_constructor({
22195 heap: cbc_aes_instance.heap,
22196 asm: cbc_aes_instance.asm
22197 });
22198 function cfb_aes_decrypt_init(key, padding, iv) {
22199 if (key === undefined) throw new SyntaxError("key required");
22200 return cfb_aes_decrypt_instance.reset({
22201 key: key,
22202 padding: padding,
22203 iv: iv
22204 });
22205 }
22206 exports.AES_CFB = exports.AES_CFB || {};
22207 exports.AES_CFB.decryptor = {
22208 init: cfb_aes_decrypt_init
22209 };
22210})({}, function() {
22211 return this;
22215 <!--<script src="/js/jsbip39.js"></script>-->
22218 * Copyright (c) 2013 Pavol Rusnak
22219 *
22220 * Permission is hereby granted, free of charge, to any person obtaining a copy of
22221 * this software and associated documentation files (the "Software"), to deal in
22222 * the Software without restriction, including without limitation the rights to
22223 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
22224 * of the Software, and to permit persons to whom the Software is furnished to do
22225 * so, subject to the following conditions:
22226 *
22227 * The above copyright notice and this permission notice shall be included in all
22228 * copies or substantial portions of the Software.
22229 *
22236 */
22239 * Javascript port from python by Ian Coleman
22240 *
22241 * Includes code from asmCrypto
22242 * https://github.com/tresorit/asmcrypto.js
22243 */
22245var Mnemonic = function(language) {
22247 var PBKDF2_ROUNDS = 2048;
22248 var RADIX = 2048;
22250 var self = this;
22251 var wordlist = [];
22253 function init() {
22254 wordlist = WORDLISTS[language];
22255 if (wordlist.length != RADIX) {
22256 err = 'Wordlist should contain ' + RADIX + ' words, but it contains ' + wordlist.length + ' words.';
22257 throw err;
22258 }
22259 }
22261 self.generate = function(strength) {
22262 strength = strength || 128;
22263 var r = strength % 32;
22264 if (r > 0) {
22265 throw 'Strength should be divisible by 32, but it is not (' + r + ').';
22266 }
22267 var hasStrongCrypto = 'crypto' in window && window['crypto'] !== null;
22268 if (!hasStrongCrypto) {
22269 throw 'Mnemonic should be generated with strong randomness, but crypto.getRandomValues is unavailable';
22270 }
22271 var buffer = new Uint8Array(strength / 8);
22272 var data = crypto.getRandomValues(buffer);
22273 return self.toMnemonic(data);
22274 }
22276 self.toMnemonic = function(data) {
22277 if (data.length % 4 > 0) {
22278 throw 'Data length in bits should be divisible by 32, but it is not (' + data.length + ' bytes = ' + data.length*8 + ' bits).'
22279 }
22281 //h = hashlib.sha256(data).hexdigest()
22282 var uintArray = new Uint8Array(data);
22283 var h = asmCrypto.SHA256.bytes(uintArray);
22285 // b is a binary string, eg '00111010101100...'
22286 //b = bin(int(binascii.hexlify(data), 16))[2:].zfill(len(data) * 8) + \
22287 // bin(int(h, 16))[2:].zfill(256)[:len(data) * 8 / 32]
22288 //
22289 // a = bin(int(binascii.hexlify(data), 16))[2:].zfill(len(data) * 8)
22290 // c = bin(int(h, 16))[2:].zfill(256)
22291 // d = c[:len(data) * 8 / 32]
22292 var a = byteArrayToBinaryString(data);
22293 var c = byteArrayToBinaryString(h);
22294 var d = c.substring(0, data.length * 8 / 32);
22295 // b = line1 + line2
22296 var b = a + d;
22298 var result = [];
22299 var blen = b.length / 11;
22300 for (var i=0; i<blen; i++) {
22301 var idx = parseInt(b.substring(i * 11, (i + 1) * 11), 2);
22302 result.push(wordlist[idx]);
22303 }
22304 return result.join(' ');
22305 }
22307 self.check = function(mnemonic) {
22308 var mnemonic = mnemonic.split(' ')
22309 if (mnemonic.length % 3 > 0) {
22310 return false
22311 }
22312 // idx = map(lambda x: bin(self.wordlist.index(x))[2:].zfill(11), mnemonic)
22313 var idx = [];
22314 for (var i=0; i<mnemonic.length; i++) {
22315 var word = mnemonic[i];
22316 var wordIndex = wordlist.indexOf(word);
22317 if (wordIndex == -1) {
22318 return false;
22319 }
22320 var binaryIndex = zfill(wordIndex.toString(2), 11);
22321 idx.push(binaryIndex);
22322 }
22323 var b = idx.join('');
22324 var l = b.length;
22325 //d = b[:l / 33 * 32]
22326 //h = b[-l / 33:]
22327 var d = b.substring(0, l / 33 * 32);
22328 var h = b.substring(l - l / 33, l);
22329 //nd = binascii.unhexlify(hex(int(d, 2))[2:].rstrip('L').zfill(l / 33 * 8))
22330 //nh = bin(int(hashlib.sha256(nd).hexdigest(), 16))[2:].zfill(256)[:l / 33]
22331 var nd = binaryStringToByteArray(d);
22332 var ndHash = asmCrypto.SHA256.bytes(nd);
22333 var ndBstr = zfill(byteArrayToBinaryString(ndHash), 256);
22334 var nh = ndBstr.substring(0,l/33);
22335 return h == nh;
22336 }
22338 self.toSeed = function(mnemonic, passphrase) {
22339 passphrase = passphrase || '';
22340 mnemonic = normalizeString(mnemonic)
22341 passphrase = normalizeString(passphrase)
22342 passphrase = "mnemonic" + passphrase;
22343 //return PBKDF2(mnemonic, 'mnemonic' + passphrase, iterations=PBKDF2_ROUNDS, macmodule=hmac, digestmodule=hashlib.sha512).read(64)
22344 return asmCrypto.PBKDF2_HMAC_SHA512.hex(mnemonic, passphrase, PBKDF2_ROUNDS, 512/8);
22345 }
22347 function normalizeString(str) {
22348 if (typeof str.normalize == "function") {
22349 return str.normalize("NFKD");
22350 }
22351 else {
22352 // TODO find a library to do this
22353 // Not supported on firefox mobile
22354 console.warn("NFKD Normalization is unavailable");
22355 return str;
22356 }
22357 }
22359 function byteArrayToBinaryString(data) {
22360 var bin = "";
22361 for (var i=0; i<data.length; i++) {
22362 bin += zfill(data[i].toString(2), 8);
22363 }
22364 return bin;
22365 }
22367 function binaryStringToByteArray(str) {
22368 var arrayLen = str.length / 8;
22369 var array = new Uint8Array(arrayLen);
22370 for (var i=0; i<arrayLen; i++) {
22371 var valueStr = str.substring(0,8);
22372 var value = parseInt(valueStr, 2);
22373 array[i] = value;
22374 str = str.slice(8);
22375 }
22376 return array;
22377 }
22379 // Pad a numeric string on the left with zero digits until the given width
22380 // is reached.
22381 // Note this differs to the python implementation because it does not
22382 // handle numbers starting with a sign.
22383 function zfill(source, length) {
22384 source = source.toString();
22385 while (source.length < length) {
22386 source = '0' + source;
22387 }
22388 return source;
22389 }
22391 init();
22395WORDLISTS = {
22396"english": [
22605 <!--<script src="/js/index.js"></script>-->
22607(function() {
22609 var mnemonic = new Mnemonic("english");
22610 var bip32RootKey = null;
22611 var bip32ExtendedKey = null;
22612 var network = Bitcoin.networks.bitcoin;
22613 var addressRowTemplate = $("#address-row-template");
22615 var phraseChangeTimeoutEvent = null;
22617 var DOM = {};
22618 DOM.phrase = $(".phrase");
22619 DOM.generate = $(".generate");
22620 DOM.rootKey = $(".root-key");
22621 DOM.extendedPrivKey = $(".extended-priv-key");
22622 DOM.extendedPubKey = $(".extended-pub-key");
22623 DOM.bip32path = $("#bip32-path");
22624 DOM.bip44path = $("#bip44-path");
22625 DOM.bip44purpose = $("#bip44 .purpose");
22626 DOM.bip44coin = $("#bip44 .coin");
22627 DOM.bip44account = $("#bip44 .account");
22628 DOM.bip44change = $("#bip44 .change");
22629 DOM.strength = $(".strength");
22630 DOM.addresses = $(".addresses");
22631 DOM.rowsToAdd = $(".rows-to-add");
22632 DOM.more = $(".more");
22633 DOM.feedback = $(".feedback");
22634 DOM.tab = $(".derivation-type a");
22635 DOM.indexToggle = $(".index-toggle");
22636 DOM.addressToggle = $(".address-toggle");
22637 DOM.privateKeyToggle = $(".private-key-toggle");
22639 var derivationPath = DOM.bip44path.val();
22641 function init() {
22642 // Events
22643 DOM.phrase.on("keyup", delayedPhraseChanged);
22644 DOM.generate.on("click", generateClicked);
22645 DOM.more.on("click", showMore);
22646 DOM.bip32path.on("keyup", bip32Changed);
22647 DOM.bip44purpose.on("keyup", bip44Changed);
22648 DOM.bip44coin.on("keyup", bip44Changed);
22649 DOM.bip44account.on("keyup", bip44Changed);
22650 DOM.bip44change.on("keyup", bip44Changed);
22651 DOM.tab.on("click", tabClicked);
22652 DOM.indexToggle.on("click", toggleIndexes);
22653 DOM.addressToggle.on("click", toggleAddresses);
22654 DOM.privateKeyToggle.on("click", togglePrivateKeys);
22655 disableForms();
22656 hidePending();
22657 hideValidationError();
22658 }
22660 // Event handlers
22662 function delayedPhraseChanged() {
22663 hideValidationError();
22664 showPending();
22665 if (phraseChangeTimeoutEvent != null) {
22666 clearTimeout(phraseChangeTimeoutEvent);
22667 }
22668 phraseChangeTimeoutEvent = setTimeout(phraseChanged, 400);
22669 }
22671 function phraseChanged() {
22672 showPending();
22673 hideValidationError();
22674 // Get the mnemonic phrase
22675 var phrase = DOM.phrase.val();
22676 var errorText = findPhraseErrors(phrase);
22677 if (errorText) {
22678 showValidationError(errorText);
22679 return;
22680 }
22681 // Get the derivation path
22682 var errorText = findDerivationPathErrors();
22683 if (errorText) {
22684 showValidationError(errorText);
22685 return;
22686 }
22687 // Calculate and display
22688 calcBip32Seed(phrase, derivationPath);
22689 displayBip32Info();
22690 hidePending();
22691 }
22693 function generateClicked() {
22694 clearDisplay();
22695 showPending();
22696 setTimeout(function() {
22697 var phrase = generateRandomPhrase();
22698 if (!phrase) {
22699 return;
22700 }
22701 phraseChanged();
22702 }, 50);
22703 }
22705 function tabClicked(e) {
22706 var activePath = $(e.target.getAttribute("href") + " .path");
22707 derivationPath = activePath.val();
22708 derivationChanged();
22709 }
22711 function derivationChanged() {
22712 delayedPhraseChanged();
22713 }
22715 function bip32Changed() {
22716 derivationPath = DOM.bip32path.val();
22717 derivationChanged();
22718 }
22720 function bip44Changed() {
22721 setBip44DerivationPath();
22722 derivationPath = DOM.bip44path.val();
22723 derivationChanged();
22724 }
22726 function toggleIndexes() {
22727 $("td.index span").toggleClass("invisible");
22728 }
22730 function toggleAddresses() {
22731 $("td.address span").toggleClass("invisible");
22732 }
22734 function togglePrivateKeys() {
22735 $("td.privkey span").toggleClass("invisible");
22736 }
22738 // Private methods
22740 function generateRandomPhrase() {
22741 if (!hasStrongRandom()) {
22742 var errorText = "This browser does not support strong randomness";
22743 showValidationError(errorText);
22744 return;
22745 }
22746 var numWords = parseInt(DOM.strength.val());
22747 // Check strength is an integer
22748 if (isNaN(numWords)) {
22749 DOM.strength.val("12");
22750 numWords = 12;
22751 }
22752 // Check strength is a multiple of 32, if not round it down
22753 if (numWords % 3 != 0) {
22754 numWords = Math.floor(numWords / 3) * 3;
22755 DOM.strength.val(numWords);
22756 }
22757 // Check strength is at least 32
22758 if (numWords == 0) {
22759 numWords = 3;
22760 DOM.strength.val(numWords);
22761 }
22762 var strength = numWords / 3 * 32;
22763 var words = mnemonic.generate(strength);
22764 DOM.phrase.val(words);
22765 return words;
22766 }
22768 function calcBip32Seed(phrase, path) {
22769 var seed = mnemonic.toSeed(phrase);
22770 var seedHash = Bitcoin.crypto.sha256(seed).toString("hex");
22771 bip32RootKey = Bitcoin.HDNode.fromSeedHex(seedHash, network);
22772 bip32ExtendedKey = bip32RootKey;
22773 // Derive the key from the path
22774 var pathBits = path.split("/");
22775 for (var i=0; i<pathBits.length; i++) {
22776 var bit = pathBits[i];
22777 var index = parseInt(bit);
22778 if (isNaN(index)) {
22779 continue;
22780 }
22781 var hardened = bit[bit.length-1] == "'";
22782 if (hardened) {
22783 bip32ExtendedKey = bip32ExtendedKey.deriveHardened(index);
22784 }
22785 else {
22786 bip32ExtendedKey = bip32ExtendedKey.derive(index);
22787 }
22788 }
22789 }
22791 function showValidationError(errorText) {
22792 DOM.feedback
22793 .text(errorText)
22794 .show();
22795 }
22797 function hideValidationError() {
22798 DOM.feedback
22799 .text("")
22800 .hide();
22801 }
22803 function findPhraseErrors(phrase) {
22804 // TODO make this right
22805 // Preprocess the words
22806 var parts = phrase.split(" ");
22807 var proper = [];
22808 for (var i=0; i<parts.length; i++) {
22809 var part = parts[i];
22810 if (part.length > 0) {
22811 // TODO check that lowercasing is always valid to do
22812 proper.push(part.toLowerCase());
22813 }
22814 }
22815 // TODO some levenstein on the words
22816 var properPhrase = proper.join(' ');
22817 // Check the words are valid
22818 var isValid = mnemonic.check(properPhrase);
22819 if (!isValid) {
22820 return "Invalid mnemonic";
22821 }
22822 return false;
22823 }
22825 function findDerivationPathErrors(path) {
22826 // TODO
22827 return false;
22828 }
22830 function displayBip32Info() {
22831 // Display the key
22832 var rootKey = bip32RootKey.toBase58();
22833 DOM.rootKey.val(rootKey);
22834 var extendedPrivKey = bip32ExtendedKey.toBase58();
22835 DOM.extendedPrivKey.val(extendedPrivKey);
22836 var extendedPubKey = bip32ExtendedKey.toBase58(false);
22837 DOM.extendedPubKey.val(extendedPubKey);
22838 // Display the addresses and privkeys
22839 clearAddressesList();
22840 displayAddresses(0, 20);
22841 }
22843 function displayAddresses(start, total) {
22844 for (var i=0; i<total; i++) {
22845 var index = i+ start;
22846 var key = bip32ExtendedKey.derive(index);
22847 var address = key.getAddress().toString();
22848 var privkey = key.privKey.toWIF();
22849 addAddressToList(index, address, privkey);
22850 }
22851 }
22853 function showMore() {
22854 var start = DOM.addresses.children().length;
22855 var rowsToAdd = parseInt(DOM.rowsToAdd.val());
22856 if (isNaN(rowsToAdd)) {
22857 rowsToAdd = 20;
22858 DOM.rowsToAdd.val("20");
22859 }
22860 if (rowsToAdd > 200) {
22861 var msg = "Generating " + rowsToAdd + " rows could take a while. ";
22862 msg += "Do you want to continue?";
22863 if (!confirm(msg)) {
22864 return;
22865 }
22866 }
22867 showPending();
22868 setTimeout(function() {
22869 displayAddresses(start, rowsToAdd);
22870 hidePending();
22871 }, 50);
22872 }
22874 function clearDisplay() {
22875 clearAddressesList();
22876 clearKey();
22877 hideValidationError();
22878 }
22880 function clearAddressesList() {
22881 DOM.addresses.empty();
22882 }
22884 function clearKey() {
22885 DOM.rootKey.val("");
22886 DOM.extendedPrivKey.val("");
22887 DOM.extendedPubKey.val("");
22888 }
22890 function addAddressToList(index, address, privkey) {
22891 var row = $(addressRowTemplate.html());
22892 row.find(".index span").text(index);
22893 row.find(".address span").text(address);
22894 row.find(".privkey span").text(privkey);
22895 DOM.addresses.append(row);
22896 }
22898 function hasStrongRandom() {
22899 return 'crypto' in window && window['crypto'] !== null;
22900 }
22902 function disableForms() {
22903 $("form").on("submit", function(e) {
22904 e.preventDefault();
22905 });
22906 }
22908 function setBip44DerivationPath() {
22909 var purpose = parseIntNoNaN(DOM.bip44purpose.val(), 44);
22910 var coin = parseIntNoNaN(DOM.bip44coin.val(), 0);
22911 var account = parseIntNoNaN(DOM.bip44account.val(), 0);
22912 var change = parseIntNoNaN(DOM.bip44change.val(), 0);
22913 var path = "m/";
22914 path += purpose + "'/";
22915 path += coin + "'/";
22916 path += account + "'/";
22917 path += change;
22918 DOM.bip44path.val(path);
22919 }
22921 function parseIntNoNaN(val, defaultVal) {
22922 var v = parseInt(val);
22923 if (isNaN(v)) {
22924 return defaultVal;
22925 }
22926 return v;
22927 }
22929 function showPending() {
22930 DOM.feedback
22931 .text("Calculating...")
22932 .show();
22933 }
22935 function hidePending() {
22936 DOM.feedback
22937 .text("")
22938 .hide();
22939 }
22941 init();
22945 </body>
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..aca2bd8
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,27 @@
1# BIP39 Tool
3A tool for converting BIP39 mnemonic phrases to addresses and private keys.
5## Online Version
7Coming soon
9## Standalone offline version
11Download `bip39-standalone.html`
13Open the file in a browser by double clicking it.
15## Usage
17Enter your BIP39 phrase into the 'BIP39 Phrase' field, or press
18'Generate Random Phrase'
20If required, set the derivation path, although the defaults are quite usable.
22See the table for a list of addresses generated from the phrase.
24Toggle columns to blank to easily copy/paste a single column of data, eg to
25import private keys into a wallet or supply someone with a list of addresses.
27The BIP32 keys can be used at [bip32.org](https://bip32.org) if desired.
diff --git a/src/index.html b/src/index.html
new file mode 100644
index 0000000..a6ac95b
--- /dev/null
+++ b/src/index.html
@@ -0,0 +1,257 @@
1<!DOCTYPE html>
3 <head lang="en">
4 <meta charset="utf-8" />
5 <title>BIP39 - Mnemonic Code</title>
6 <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
7 <meta content="Mnemonic code for generating deterministic keys" name="description"/>
8 <meta content="width=device-width, initial-scale=1.0" name="viewport" />
9 <meta content="bitcoin mnemonic converter" name="description" />
10 <meta content="DC POS" name="author" />
12 <style>
13 .feedback-container {
14 position: fixed;
15 top: 0;
16 width: 100%;
17 text-align: center;
18 z-index: 4;
19 }
20 .feedback {
21 display: table;
22 padding: 0.5em 1em;
23 background-color: orange;
24 margin: 0 auto;
25 font-size: 2em;
26 color: #444;
27 border: 2px solid #555;
28 border-top: 0;
29 border-bottom-left-radius: 20px 20px;
30 border-bottom-right-radius: 20px 20px;
31 }
32 </style>
33 </head>
34 <body>
35 <div class="container">
37 <h1 class="text-center">Mnemonic Code Converter</h1>
38 <hr>
39 <div class="row">
40 <div class="col-md-12">
41 <h2>Phrase</h2>
42 <form class="form-horizontal" role="form">
43 <div class="col-sm-2"></div>
44 <div class="col-sm-10">
45 <p>For more info see the <a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki" target="_blank">BIP39 spec</a></p>
46 </div>
47 <div class="form-group">
48 <label for="phrase" class="col-sm-2 control-label">BIP39 Phrase</label>
49 <div class="col-sm-10">
50 <textarea id="phrase" class="phrase form-control"></textarea>
51 </div>
52 </div>
53 <div class="form-group">
54 <label for="strength" class="col-sm-2 control-label">Number of words</label>
55 <div class="col-sm-10">
56 <div class="input-group">
57 <input type="number" class="strength form-control" id="strength" value="12">
58 <span class="input-group-btn">
59 <button class="btn generate">Generate Random Phrase</button>
60 </span>
61 </div>
62 </div>
63 </div>
64 <div class="form-group">
65 <label for="root-key" class="col-sm-2 control-label">BIP32 Root Key</label>
66 <div class="col-sm-10">
67 <textarea id="root-key" class="root-key form-control" disabled="disabled"></textarea>
68 </div>
69 </div>
70 </form>
71 </div>
72 </div>
74 <hr>
76 <div class="row">
77 <div class="col-md-12">
78 <h2>Derivation Path</h2>
79 <ul class="derivation-type nav nav-tabs" role="tablist">
80 <li class="active">
81 <a href="#bip44" role="tab" data-toggle="tab">BIP44</a></li>
82 <li><a href="#bip32" role="tab" data-toggle="tab">BIP32</a></li>
83 </ul>
84 <div class="derivation-type tab-content">
85 <div id="bip44" class="tab-pane active">
86 <form class="form-horizontal" role="form">
87 <br>
88 <div class="col-sm-2"></div>
89 <div class="col-sm-10">
90 <p>For more info see the <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki" target="_blank">BIP44 spec</a></p>
91 </div>
92 <div class="form-group">
93 <label for="purpose" class="col-sm-2 control-label">
94 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#purpose" target="_blank">Purpose</a>
95 </label>
96 <div class="col-sm-10">
97 <input id="purpose" type="text" class="purpose form-control" value="44">
98 </div>
99 </div>
100 <div class="form-group">
101 <label for="coin" class="col-sm-2 control-label">
102 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#registered-coin-types" target="_blank">Coin</a>
103 </label>
104 <div class="col-sm-10">
105 <input id="coin" type="text" class="coin form-control" value="0">
106 </div>
107 </div>
108 <div class="form-group">
109 <label for="account" class="col-sm-2 control-label">
110 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#account" target="_blank">Account</a>
111 </label>
112 <div class="col-sm-10">
113 <input id="account" type="text" class="account form-control" value="0">
114 </div>
115 </div>
116 <div class="form-group">
117 <label for="change" class="col-sm-2 control-label">
118 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#change" target="_blank">External / Internal</a>
119 </label>
120 <div class="col-sm-10">
121 <input id="change" type="text" class="change form-control" value="0">
122 </div>
123 </div>
124 <div class="form-group">
125 <label for="bip44-path" class="col-sm-2 control-label">BIP32 Derivation Path</label>
126 <div class="col-sm-10">
127 <input id="bip44-path" type="text" class="path form-control" value="m/44'/0'/0'/0" disabled="disabled">
128 </div>
129 </div>
130 </form>
131 </div>
132 <div id="bip32" class="tab-pane">
133 <form class="form-horizontal" role="form">
134 <br>
135 <div class="col-sm-2"></div>
136 <div class="col-sm-10">
137 <p>For more info see the <a href="https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki" target="_blank">BIP32 spec</a></p>
138 </div>
139 <div class="form-group">
140 <label for="bip32-path" class="col-sm-2 control-label">BIP32 Derivation Path</label>
141 <div class="col-sm-10">
142 <input id="bip32-path" type="text" class="path form-control" value="m/0">
143 </div>
144 </div>
145 </form>
146 </div>
147 </div>
148 <form class="form-horizontal" role="form">
149 <div class="form-group">
150 <label for="extended-priv-key" class="col-sm-2 control-label">BIP32 Extended Key</label>
151 <div class="col-sm-10">
152 <textarea id="extended-priv-key" class="extended-priv-key form-control" disabled="disabled"></textarea>
153 </div>
154 </div>
155 <div class="form-group">
156 <label for="extended-pub-key" class="col-sm-2 control-label">BIP32 Extended Key (addresses only)</label>
157 <div class="col-sm-10">
158 <textarea id="extended-pub-key" class="extended-pub-key form-control" disabled="disabled"></textarea>
159 </div>
160 </div>
161 </form>
162 </div>
163 </div>
165 <hr>
167 <div class="row">
168 <div class="col-md-12">
169 <h2>Derived Addresses</h2>
170 <p>Note these addreses are derived from the <strong>BIP32 Extended Key</strong></p>
171 <table class="table table-striped">
172 <thead>
173 <th>
174 <div class="input-group">
175 Index&nbsp;&nbsp;
176 <button class="index-toggle">Toggle</button>
177 </div>
178 </th>
179 <th>
180 <div class="input-group">
181 Address&nbsp;&nbsp;
182 <button class="address-toggle">Toggle</button>
183 </div>
184 </th>
185 <th>
186 <div class="input-group">
187 Private Key&nbsp;&nbsp;
188 <button class="private-key-toggle">Toggle</button>
189 </div>
190 </th>
191 </thead>
192 <tbody class="addresses">
193 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
194 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
195 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
196 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
197 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
198 </tbody>
199 </table>
200 </div>
201 </div>
202 <span>Show next </button>
203 <input type="number" class="rows-to-add" value="20">
204 <button class="more">Show</button>
206 <hr>
208 <div class="row">
209 <div class="col-md-12">
210 <h2>More info</h2>
211 <h3>BIP39 <span class="small">Mnemonic code for generating deterministic keys</span></h3>
212 <p>
213 Read more at the
214 <a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki">official BIP39 spec</a>
215 </p>
216 <h3>BIP32 <span class="small">Hierarchical Deterministic Wallets</span></h3>
217 <p>
218 Read more at the
219 <a href="https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki" target="_blank">official BIP32 spec</a>
220 and see the demo at
221 <a href="http://bip32.org/" target="_blank">bip32.org</a>
222 </p>
223 <h3>BIP44 <span class="small">Multi-Account Hierarchy for Deterministic Wallets</span></h3>
224 <p>
225 Read more at the
226 <a href="https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki" target="_blank">official BIP44 spec</a>
227 </p>
228 <h3>Private Keys</h3>
229 <p>
230 Use private keys at
231 <a href="https://brainwallet.github.io/" target="_blank">brainwallet.org</a>,
232 but be careful - it can be easy to make mistakes if you
233 don't know what you're doing
234 </p>
235 </div>
236 </div>
237 </div>
239 <div class="feedback-container">
240 <div class="feedback"></div>
241 </div>
243 <script type="text/template" id="address-row-template">
244 <tr>
245 <td class="index"><span></span></td>
246 <td class="address"><span></span></td>
247 <td class="privkey"><span></span></td>
248 </tr>
249 </script>
250 <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
251 <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
252 <script src="/js/bitcoinjs-1-0-0.js"></script>
253 <script src="/js/asmcrypto.js"></script>
254 <script src="/js/jsbip39.js"></script>
255 <script src="/js/index.js"></script>
256 </body>
diff --git a/src/js/asmcrypto.js b/src/js/asmcrypto.js
new file mode 100644
index 0000000..6e5cd5f
--- /dev/null
+++ b/src/js/asmcrypto.js
@@ -0,0 +1,7467 @@
2// https://rawgit.com/tresorit/asmcrypto.js/598a1098504f1b2d0e615bc51dd8404afd2d338b/asmcrypto.js
3// Provides PBKDF2 functionality
4// It's faster than CryptoJS
5// Couldn't get SJCL working as desired
8(function(exports, global) {
9 "use strict";
10 global["asmCrypto"] = exports;
11 function string_to_bytes(str) {
12 var i, len = str.length, arr = new Uint8Array(len);
13 for (i = 0; i < len; i += 1) {
14 arr[i] = str.charCodeAt(i);
15 }
16 return arr;
17 }
18 function hex_to_bytes(str) {
19 var arr = [], len = str.length, i;
20 if (len & 1) {
21 str = "0" + str;
22 len++;
23 }
24 for (i = 0; i < len; i += 2) {
25 arr.push(parseInt(str.substr(i, 2), 16));
26 }
27 return new Uint8Array(arr);
28 }
29 function base64_to_bytes(str) {
30 return string_to_bytes(atob(str));
31 }
32 function bytes_to_string(arr) {
33 var str = "";
34 for (var i = 0; i < arr.length; i++) str += String.fromCharCode(arr[i]);
35 return str;
36 }
37 function bytes_to_hex(arr) {
38 var sz = (arr.byteLength || arr.length) / arr.length, str = "";
39 for (var i = 0; i < arr.length; i++) {
40 var h = arr[i].toString(16);
41 if (h.length < 2 * sz) str += "00000000000000".substr(0, 2 * sz - h.length);
42 str += h;
43 }
44 return str;
45 }
46 function bytes_to_base64(arr) {
47 return btoa(bytes_to_string(arr));
48 }
49 function pow2_ceil(a) {
50 a -= 1;
51 a |= a >>> 1;
52 a |= a >>> 2;
53 a |= a >>> 4;
54 a |= a >>> 8;
55 a |= a >>> 16;
56 a += 1;
57 return a;
58 }
59 function is_number(a) {
60 return typeof a === "number";
61 }
62 function is_string(a) {
63 return typeof a === "string";
64 }
65 function is_buffer(a) {
66 return a instanceof ArrayBuffer;
67 }
68 function is_bytes(a) {
69 return a instanceof Uint8Array;
70 }
71 function is_typed_array(a) {
72 return a instanceof Int8Array || a instanceof Uint8Array || a instanceof Int16Array || a instanceof Uint16Array || a instanceof Int32Array || a instanceof Uint32Array || a instanceof Float32Array || a instanceof Float64Array;
73 }
74 function IllegalStateError() {
75 Error.apply(this, arguments);
76 }
77 IllegalStateError.prototype = new Error();
78 function IllegalArgumentError() {
79 Error.apply(this, arguments);
80 }
81 IllegalArgumentError.prototype = new Error();
82 function SecurityError() {
83 Error.apply(this, arguments);
84 }
85 IllegalArgumentError.prototype = new Error();
86 var _aes_tables = [ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125, 198, 248, 238, 246, 255, 214, 222, 145, 96, 2, 206, 86, 231, 181, 77, 236, 143, 31, 137, 250, 239, 178, 142, 251, 65, 179, 95, 69, 35, 83, 228, 155, 117, 225, 61, 76, 108, 126, 245, 131, 104, 81, 209, 249, 226, 171, 98, 42, 8, 149, 70, 157, 48, 55, 10, 47, 14, 36, 27, 223, 205, 78, 127, 234, 18, 29, 88, 52, 54, 220, 180, 91, 164, 118, 183, 125, 82, 221, 94, 19, 166, 185, 0, 193, 64, 227, 121, 182, 212, 141, 103, 114, 148, 152, 176, 133, 187, 197, 79, 237, 134, 154, 102, 17, 138, 233, 4, 254, 160, 120, 37, 75, 162, 93, 128, 5, 63, 33, 112, 241, 99, 119, 175, 66, 32, 229, 253, 191, 129, 24, 38, 195, 190, 53, 136, 46, 147, 85, 252, 122, 200, 186, 50, 230, 192, 25, 158, 163, 68, 84, 59, 11, 140, 199, 107, 40, 167, 188, 22, 173, 219, 100, 116, 20, 146, 12, 72, 184, 159, 189, 67, 196, 57, 49, 211, 242, 213, 139, 110, 218, 1, 177, 156, 73, 216, 172, 243, 207, 202, 244, 71, 16, 111, 240, 74, 92, 56, 87, 115, 151, 203, 161, 232, 62, 150, 97, 13, 15, 224, 124, 113, 204, 144, 6, 247, 28, 194, 106, 174, 105, 23, 153, 58, 39, 217, 235, 43, 34, 210, 169, 7, 51, 45, 60, 21, 201, 135, 170, 80, 165, 3, 89, 9, 26, 101, 215, 132, 208, 130, 41, 90, 30, 123, 168, 109, 44, 165, 132, 153, 141, 13, 189, 177, 84, 80, 3, 169, 125, 25, 98, 230, 154, 69, 157, 64, 135, 21, 235, 201, 11, 236, 103, 253, 234, 191, 247, 150, 91, 194, 28, 174, 106, 90, 65, 2, 79, 92, 244, 52, 8, 147, 115, 83, 63, 12, 82, 101, 94, 40, 161, 15, 181, 9, 54, 155, 61, 38, 105, 205, 159, 27, 158, 116, 46, 45, 178, 238, 251, 246, 77, 97, 206, 123, 62, 113, 151, 245, 104, 0, 44, 96, 31, 200, 237, 190, 70, 217, 75, 222, 212, 232, 74, 107, 42, 229, 22, 197, 215, 85, 148, 207, 16, 6, 129, 240, 68, 186, 227, 243, 254, 192, 138, 173, 188, 72, 4, 223, 193, 117, 99, 48, 26, 14, 109, 76, 20, 53, 47, 225, 162, 204, 57, 87, 242, 130, 71, 172, 231, 43, 149, 160, 152, 209, 127, 102, 126, 171, 131, 202, 41, 211, 60, 121, 226, 29, 118, 59, 86, 78, 30, 219, 10, 108, 228, 93, 110, 239, 166, 168, 164, 55, 139, 50, 67, 89, 183, 140, 100, 210, 224, 180, 250, 7, 37, 175, 142, 233, 24, 213, 136, 111, 114, 36, 241, 199, 81, 35, 124, 156, 33, 221, 220, 134, 133, 144, 66, 196, 170, 216, 5, 1, 18, 163, 95, 249, 208, 145, 88, 39, 185, 56, 19, 179, 51, 187, 112, 137, 167, 182, 34, 146, 32, 73, 255, 120, 122, 143, 248, 128, 23, 218, 49, 198, 184, 195, 176, 119, 17, 203, 252, 214, 58, 0, 9, 18, 27, 36, 45, 54, 63, 72, 65, 90, 83, 108, 101, 126, 119, 144, 153, 130, 139, 180, 189, 166, 175, 216, 209, 202, 195, 252, 245, 238, 231, 59, 50, 41, 32, 31, 22, 13, 4, 115, 122, 97, 104, 87, 94, 69, 76, 171, 162, 185, 176, 143, 134, 157, 148, 227, 234, 241, 248, 199, 206, 213, 220, 118, 127, 100, 109, 82, 91, 64, 73, 62, 55, 44, 37, 26, 19, 8, 1, 230, 239, 244, 253, 194, 203, 208, 217, 174, 167, 188, 181, 138, 131, 152, 145, 77, 68, 95, 86, 105, 96, 123, 114, 5, 12, 23, 30, 33, 40, 51, 58, 221, 212, 207, 198, 249, 240, 235, 226, 149, 156, 135, 142, 177, 184, 163, 170, 236, 229, 254, 247, 200, 193, 218, 211, 164, 173, 182, 191, 128, 137, 146, 155, 124, 117, 110, 103, 88, 81, 74, 67, 52, 61, 38, 47, 16, 25, 2, 11, 215, 222, 197, 204, 243, 250, 225, 232, 159, 150, 141, 132, 187, 178, 169, 160, 71, 78, 85, 92, 99, 106, 113, 120, 15, 6, 29, 20, 43, 34, 57, 48, 154, 147, 136, 129, 190, 183, 172, 165, 210, 219, 192, 201, 246, 255, 228, 237, 10, 3, 24, 17, 46, 39, 60, 53, 66, 75, 80, 89, 102, 111, 116, 125, 161, 168, 179, 186, 133, 140, 151, 158, 233, 224, 251, 242, 205, 196, 223, 214, 49, 56, 35, 42, 21, 28, 7, 14, 121, 112, 107, 98, 93, 84, 79, 70, 0, 11, 22, 29, 44, 39, 58, 49, 88, 83, 78, 69, 116, 127, 98, 105, 176, 187, 166, 173, 156, 151, 138, 129, 232, 227, 254, 245, 196, 207, 210, 217, 123, 112, 109, 102, 87, 92, 65, 74, 35, 40, 53, 62, 15, 4, 25, 18, 203, 192, 221, 214, 231, 236, 241, 250, 147, 152, 133, 142, 191, 180, 169, 162, 246, 253, 224, 235, 218, 209, 204, 199, 174, 165, 184, 179, 130, 137, 148, 159, 70, 77, 80, 91, 106, 97, 124, 119, 30, 21, 8, 3, 50, 57, 36, 47, 141, 134, 155, 144, 161, 170, 183, 188, 213, 222, 195, 200, 249, 242, 239, 228, 61, 54, 43, 32, 17, 26, 7, 12, 101, 110, 115, 120, 73, 66, 95, 84, 247, 252, 225, 234, 219, 208, 205, 198, 175, 164, 185, 178, 131, 136, 149, 158, 71, 76, 81, 90, 107, 96, 125, 118, 31, 20, 9, 2, 51, 56, 37, 46, 140, 135, 154, 145, 160, 171, 182, 189, 212, 223, 194, 201, 248, 243, 238, 229, 60, 55, 42, 33, 16, 27, 6, 13, 100, 111, 114, 121, 72, 67, 94, 85, 1, 10, 23, 28, 45, 38, 59, 48, 89, 82, 79, 68, 117, 126, 99, 104, 177, 186, 167, 172, 157, 150, 139, 128, 233, 226, 255, 244, 197, 206, 211, 216, 122, 113, 108, 103, 86, 93, 64, 75, 34, 41, 52, 63, 14, 5, 24, 19, 202, 193, 220, 215, 230, 237, 240, 251, 146, 153, 132, 143, 190, 181, 168, 163, 0, 13, 26, 23, 52, 57, 46, 35, 104, 101, 114, 127, 92, 81, 70, 75, 208, 221, 202, 199, 228, 233, 254, 243, 184, 181, 162, 175, 140, 129, 150, 155, 187, 182, 161, 172, 143, 130, 149, 152, 211, 222, 201, 196, 231, 234, 253, 240, 107, 102, 113, 124, 95, 82, 69, 72, 3, 14, 25, 20, 55, 58, 45, 32, 109, 96, 119, 122, 89, 84, 67, 78, 5, 8, 31, 18, 49, 60, 43, 38, 189, 176, 167, 170, 137, 132, 147, 158, 213, 216, 207, 194, 225, 236, 251, 246, 214, 219, 204, 193, 226, 239, 248, 245, 190, 179, 164, 169, 138, 135, 144, 157, 6, 11, 28, 17, 50, 63, 40, 37, 110, 99, 116, 121, 90, 87, 64, 77, 218, 215, 192, 205, 238, 227, 244, 249, 178, 191, 168, 165, 134, 139, 156, 145, 10, 7, 16, 29, 62, 51, 36, 41, 98, 111, 120, 117, 86, 91, 76, 65, 97, 108, 123, 118, 85, 88, 79, 66, 9, 4, 19, 30, 61, 48, 39, 42, 177, 188, 171, 166, 133, 136, 159, 146, 217, 212, 195, 206, 237, 224, 247, 250, 183, 186, 173, 160, 131, 142, 153, 148, 223, 210, 197, 200, 235, 230, 241, 252, 103, 106, 125, 112, 83, 94, 73, 68, 15, 2, 21, 24, 59, 54, 33, 44, 12, 1, 22, 27, 56, 53, 34, 47, 100, 105, 126, 115, 80, 93, 74, 71, 220, 209, 198, 203, 232, 229, 242, 255, 180, 185, 174, 163, 128, 141, 154, 151, 0, 14, 28, 18, 56, 54, 36, 42, 112, 126, 108, 98, 72, 70, 84, 90, 224, 238, 252, 242, 216, 214, 196, 202, 144, 158, 140, 130, 168, 166, 180, 186, 219, 213, 199, 201, 227, 237, 255, 241, 171, 165, 183, 185, 147, 157, 143, 129, 59, 53, 39, 41, 3, 13, 31, 17, 75, 69, 87, 89, 115, 125, 111, 97, 173, 163, 177, 191, 149, 155, 137, 135, 221, 211, 193, 207, 229, 235, 249, 247, 77, 67, 81, 95, 117, 123, 105, 103, 61, 51, 33, 47, 5, 11, 25, 23, 118, 120, 106, 100, 78, 64, 82, 92, 6, 8, 26, 20, 62, 48, 34, 44, 150, 152, 138, 132, 174, 160, 178, 188, 230, 232, 250, 244, 222, 208, 194, 204, 65, 79, 93, 83, 121, 119, 101, 107, 49, 63, 45, 35, 9, 7, 21, 27, 161, 175, 189, 179, 153, 151, 133, 139, 209, 223, 205, 195, 233, 231, 245, 251, 154, 148, 134, 136, 162, 172, 190, 176, 234, 228, 246, 248, 210, 220, 206, 192, 122, 116, 102, 104, 66, 76, 94, 80, 10, 4, 22, 24, 50, 60, 46, 32, 236, 226, 240, 254, 212, 218, 200, 198, 156, 146, 128, 142, 164, 170, 184, 182, 12, 2, 16, 30, 52, 58, 40, 38, 124, 114, 96, 110, 68, 74, 88, 86, 55, 57, 43, 37, 15, 1, 19, 29, 71, 73, 91, 85, 127, 113, 99, 109, 215, 217, 203, 197, 239, 225, 243, 253, 167, 169, 187, 181, 159, 145, 131, 141 ];
87 var _aes_heap_start = 2048;
88 function _aes_asm(stdlib, foreign, buffer) {
89 // Closure Compiler warning - commented out
90 //"use asm";
91 var S0 = 0, S1 = 0, S2 = 0, S3 = 0, S4 = 0, S5 = 0, S6 = 0, S7 = 0, S8 = 0, S9 = 0, SA = 0, SB = 0, SC = 0, SD = 0, SE = 0, SF = 0;
92 var keySize = 0;
93 var R00 = 0, R01 = 0, R02 = 0, R03 = 0, R04 = 0, R05 = 0, R06 = 0, R07 = 0, R08 = 0, R09 = 0, R0A = 0, R0B = 0, R0C = 0, R0D = 0, R0E = 0, R0F = 0, R10 = 0, R11 = 0, R12 = 0, R13 = 0, R14 = 0, R15 = 0, R16 = 0, R17 = 0, R18 = 0, R19 = 0, R1A = 0, R1B = 0, R1C = 0, R1D = 0, R1E = 0, R1F = 0, R20 = 0, R21 = 0, R22 = 0, R23 = 0, R24 = 0, R25 = 0, R26 = 0, R27 = 0, R28 = 0, R29 = 0, R2A = 0, R2B = 0, R2C = 0, R2D = 0, R2E = 0, R2F = 0, R30 = 0, R31 = 0, R32 = 0, R33 = 0, R34 = 0, R35 = 0, R36 = 0, R37 = 0, R38 = 0, R39 = 0, R3A = 0, R3B = 0, R3C = 0, R3D = 0, R3E = 0, R3F = 0, R40 = 0, R41 = 0, R42 = 0, R43 = 0, R44 = 0, R45 = 0, R46 = 0, R47 = 0, R48 = 0, R49 = 0, R4A = 0, R4B = 0, R4C = 0, R4D = 0, R4E = 0, R4F = 0, R50 = 0, R51 = 0, R52 = 0, R53 = 0, R54 = 0, R55 = 0, R56 = 0, R57 = 0, R58 = 0, R59 = 0, R5A = 0, R5B = 0, R5C = 0, R5D = 0, R5E = 0, R5F = 0, R60 = 0, R61 = 0, R62 = 0, R63 = 0, R64 = 0, R65 = 0, R66 = 0, R67 = 0, R68 = 0, R69 = 0, R6A = 0, R6B = 0, R6C = 0, R6D = 0, R6E = 0, R6F = 0, R70 = 0, R71 = 0, R72 = 0, R73 = 0, R74 = 0, R75 = 0, R76 = 0, R77 = 0, R78 = 0, R79 = 0, R7A = 0, R7B = 0, R7C = 0, R7D = 0, R7E = 0, R7F = 0, R80 = 0, R81 = 0, R82 = 0, R83 = 0, R84 = 0, R85 = 0, R86 = 0, R87 = 0, R88 = 0, R89 = 0, R8A = 0, R8B = 0, R8C = 0, R8D = 0, R8E = 0, R8F = 0, R90 = 0, R91 = 0, R92 = 0, R93 = 0, R94 = 0, R95 = 0, R96 = 0, R97 = 0, R98 = 0, R99 = 0, R9A = 0, R9B = 0, R9C = 0, R9D = 0, R9E = 0, R9F = 0, RA0 = 0, RA1 = 0, RA2 = 0, RA3 = 0, RA4 = 0, RA5 = 0, RA6 = 0, RA7 = 0, RA8 = 0, RA9 = 0, RAA = 0, RAB = 0, RAC = 0, RAD = 0, RAE = 0, RAF = 0, RB0 = 0, RB1 = 0, RB2 = 0, RB3 = 0, RB4 = 0, RB5 = 0, RB6 = 0, RB7 = 0, RB8 = 0, RB9 = 0, RBA = 0, RBB = 0, RBC = 0, RBD = 0, RBE = 0, RBF = 0, RC0 = 0, RC1 = 0, RC2 = 0, RC3 = 0, RC4 = 0, RC5 = 0, RC6 = 0, RC7 = 0, RC8 = 0, RC9 = 0, RCA = 0, RCB = 0, RCC = 0, RCD = 0, RCE = 0, RCF = 0, RD0 = 0, RD1 = 0, RD2 = 0, RD3 = 0, RD4 = 0, RD5 = 0, RD6 = 0, RD7 = 0, RD8 = 0, RD9 = 0, RDA = 0, RDB = 0, RDC = 0, RDD = 0, RDE = 0, RDF = 0, RE0 = 0, RE1 = 0, RE2 = 0, RE3 = 0, RE4 = 0, RE5 = 0, RE6 = 0, RE7 = 0, RE8 = 0, RE9 = 0, REA = 0, REB = 0, REC = 0, RED = 0, REE = 0, REF = 0;
94 var HEAP = new stdlib.Uint8Array(buffer);
95 function _expand_key_128() {
96 var sbox = 0;
97 R10 = R00 ^ HEAP[sbox | R0D] ^ 1;
98 R11 = R01 ^ HEAP[sbox | R0E];
99 R12 = R02 ^ HEAP[sbox | R0F];
100 R13 = R03 ^ HEAP[sbox | R0C];
101 R14 = R04 ^ R10;
102 R15 = R05 ^ R11;
103 R16 = R06 ^ R12;
104 R17 = R07 ^ R13;
105 R18 = R08 ^ R14;
106 R19 = R09 ^ R15;
107 R1A = R0A ^ R16;
108 R1B = R0B ^ R17;
109 R1C = R0C ^ R18;
110 R1D = R0D ^ R19;
111 R1E = R0E ^ R1A;
112 R1F = R0F ^ R1B;
113 R20 = R10 ^ HEAP[sbox | R1D] ^ 2;
114 R21 = R11 ^ HEAP[sbox | R1E];
115 R22 = R12 ^ HEAP[sbox | R1F];
116 R23 = R13 ^ HEAP[sbox | R1C];
117 R24 = R14 ^ R20;
118 R25 = R15 ^ R21;
119 R26 = R16 ^ R22;
120 R27 = R17 ^ R23;
121 R28 = R18 ^ R24;
122 R29 = R19 ^ R25;
123 R2A = R1A ^ R26;
124 R2B = R1B ^ R27;
125 R2C = R1C ^ R28;
126 R2D = R1D ^ R29;
127 R2E = R1E ^ R2A;
128 R2F = R1F ^ R2B;
129 R30 = R20 ^ HEAP[sbox | R2D] ^ 4;
130 R31 = R21 ^ HEAP[sbox | R2E];
131 R32 = R22 ^ HEAP[sbox | R2F];
132 R33 = R23 ^ HEAP[sbox | R2C];
133 R34 = R24 ^ R30;
134 R35 = R25 ^ R31;
135 R36 = R26 ^ R32;
136 R37 = R27 ^ R33;
137 R38 = R28 ^ R34;
138 R39 = R29 ^ R35;
139 R3A = R2A ^ R36;
140 R3B = R2B ^ R37;
141 R3C = R2C ^ R38;
142 R3D = R2D ^ R39;
143 R3E = R2E ^ R3A;
144 R3F = R2F ^ R3B;
145 R40 = R30 ^ HEAP[sbox | R3D] ^ 8;
146 R41 = R31 ^ HEAP[sbox | R3E];
147 R42 = R32 ^ HEAP[sbox | R3F];
148 R43 = R33 ^ HEAP[sbox | R3C];
149 R44 = R34 ^ R40;
150 R45 = R35 ^ R41;
151 R46 = R36 ^ R42;
152 R47 = R37 ^ R43;
153 R48 = R38 ^ R44;
154 R49 = R39 ^ R45;
155 R4A = R3A ^ R46;
156 R4B = R3B ^ R47;
157 R4C = R3C ^ R48;
158 R4D = R3D ^ R49;
159 R4E = R3E ^ R4A;
160 R4F = R3F ^ R4B;
161 R50 = R40 ^ HEAP[sbox | R4D] ^ 16;
162 R51 = R41 ^ HEAP[sbox | R4E];
163 R52 = R42 ^ HEAP[sbox | R4F];
164 R53 = R43 ^ HEAP[sbox | R4C];
165 R54 = R44 ^ R50;
166 R55 = R45 ^ R51;
167 R56 = R46 ^ R52;
168 R57 = R47 ^ R53;
169 R58 = R48 ^ R54;
170 R59 = R49 ^ R55;
171 R5A = R4A ^ R56;
172 R5B = R4B ^ R57;
173 R5C = R4C ^ R58;
174 R5D = R4D ^ R59;
175 R5E = R4E ^ R5A;
176 R5F = R4F ^ R5B;
177 R60 = R50 ^ HEAP[sbox | R5D] ^ 32;
178 R61 = R51 ^ HEAP[sbox | R5E];
179 R62 = R52 ^ HEAP[sbox | R5F];
180 R63 = R53 ^ HEAP[sbox | R5C];
181 R64 = R54 ^ R60;
182 R65 = R55 ^ R61;
183 R66 = R56 ^ R62;
184 R67 = R57 ^ R63;
185 R68 = R58 ^ R64;
186 R69 = R59 ^ R65;
187 R6A = R5A ^ R66;
188 R6B = R5B ^ R67;
189 R6C = R5C ^ R68;
190 R6D = R5D ^ R69;
191 R6E = R5E ^ R6A;
192 R6F = R5F ^ R6B;
193 R70 = R60 ^ HEAP[sbox | R6D] ^ 64;
194 R71 = R61 ^ HEAP[sbox | R6E];
195 R72 = R62 ^ HEAP[sbox | R6F];
196 R73 = R63 ^ HEAP[sbox | R6C];
197 R74 = R64 ^ R70;
198 R75 = R65 ^ R71;
199 R76 = R66 ^ R72;
200 R77 = R67 ^ R73;
201 R78 = R68 ^ R74;
202 R79 = R69 ^ R75;
203 R7A = R6A ^ R76;
204 R7B = R6B ^ R77;
205 R7C = R6C ^ R78;
206 R7D = R6D ^ R79;
207 R7E = R6E ^ R7A;
208 R7F = R6F ^ R7B;
209 R80 = R70 ^ HEAP[sbox | R7D] ^ 128;
210 R81 = R71 ^ HEAP[sbox | R7E];
211 R82 = R72 ^ HEAP[sbox | R7F];
212 R83 = R73 ^ HEAP[sbox | R7C];
213 R84 = R74 ^ R80;
214 R85 = R75 ^ R81;
215 R86 = R76 ^ R82;
216 R87 = R77 ^ R83;
217 R88 = R78 ^ R84;
218 R89 = R79 ^ R85;
219 R8A = R7A ^ R86;
220 R8B = R7B ^ R87;
221 R8C = R7C ^ R88;
222 R8D = R7D ^ R89;
223 R8E = R7E ^ R8A;
224 R8F = R7F ^ R8B;
225 R90 = R80 ^ HEAP[sbox | R8D] ^ 27;
226 R91 = R81 ^ HEAP[sbox | R8E];
227 R92 = R82 ^ HEAP[sbox | R8F];
228 R93 = R83 ^ HEAP[sbox | R8C];
229 R94 = R84 ^ R90;
230 R95 = R85 ^ R91;
231 R96 = R86 ^ R92;
232 R97 = R87 ^ R93;
233 R98 = R88 ^ R94;
234 R99 = R89 ^ R95;
235 R9A = R8A ^ R96;
236 R9B = R8B ^ R97;
237 R9C = R8C ^ R98;
238 R9D = R8D ^ R99;
239 R9E = R8E ^ R9A;
240 R9F = R8F ^ R9B;
241 RA0 = R90 ^ HEAP[sbox | R9D] ^ 54;
242 RA1 = R91 ^ HEAP[sbox | R9E];
243 RA2 = R92 ^ HEAP[sbox | R9F];
244 RA3 = R93 ^ HEAP[sbox | R9C];
245 RA4 = R94 ^ RA0;
246 RA5 = R95 ^ RA1;
247 RA6 = R96 ^ RA2;
248 RA7 = R97 ^ RA3;
249 RA8 = R98 ^ RA4;
250 RA9 = R99 ^ RA5;
251 RAA = R9A ^ RA6;
252 RAB = R9B ^ RA7;
253 RAC = R9C ^ RA8;
254 RAD = R9D ^ RA9;
255 RAE = R9E ^ RAA;
256 RAF = R9F ^ RAB;
257 }
258 function _expand_key_256() {
259 var sbox = 0;
260 R20 = R00 ^ HEAP[sbox | R1D] ^ 1;
261 R21 = R01 ^ HEAP[sbox | R1E];
262 R22 = R02 ^ HEAP[sbox | R1F];
263 R23 = R03 ^ HEAP[sbox | R1C];
264 R24 = R04 ^ R20;
265 R25 = R05 ^ R21;
266 R26 = R06 ^ R22;
267 R27 = R07 ^ R23;
268 R28 = R08 ^ R24;
269 R29 = R09 ^ R25;
270 R2A = R0A ^ R26;
271 R2B = R0B ^ R27;
272 R2C = R0C ^ R28;
273 R2D = R0D ^ R29;
274 R2E = R0E ^ R2A;
275 R2F = R0F ^ R2B;
276 R30 = R10 ^ HEAP[sbox | R2C];
277 R31 = R11 ^ HEAP[sbox | R2D];
278 R32 = R12 ^ HEAP[sbox | R2E];
279 R33 = R13 ^ HEAP[sbox | R2F];
280 R34 = R14 ^ R30;
281 R35 = R15 ^ R31;
282 R36 = R16 ^ R32;
283 R37 = R17 ^ R33;
284 R38 = R18 ^ R34;
285 R39 = R19 ^ R35;
286 R3A = R1A ^ R36;
287 R3B = R1B ^ R37;
288 R3C = R1C ^ R38;
289 R3D = R1D ^ R39;
290 R3E = R1E ^ R3A;
291 R3F = R1F ^ R3B;
292 R40 = R20 ^ HEAP[sbox | R3D] ^ 2;
293 R41 = R21 ^ HEAP[sbox | R3E];
294 R42 = R22 ^ HEAP[sbox | R3F];
295 R43 = R23 ^ HEAP[sbox | R3C];
296 R44 = R24 ^ R40;
297 R45 = R25 ^ R41;
298 R46 = R26 ^ R42;
299 R47 = R27 ^ R43;
300 R48 = R28 ^ R44;
301 R49 = R29 ^ R45;
302 R4A = R2A ^ R46;
303 R4B = R2B ^ R47;
304 R4C = R2C ^ R48;
305 R4D = R2D ^ R49;
306 R4E = R2E ^ R4A;
307 R4F = R2F ^ R4B;
308 R50 = R30 ^ HEAP[sbox | R4C];
309 R51 = R31 ^ HEAP[sbox | R4D];
310 R52 = R32 ^ HEAP[sbox | R4E];
311 R53 = R33 ^ HEAP[sbox | R4F];
312 R54 = R34 ^ R50;
313 R55 = R35 ^ R51;
314 R56 = R36 ^ R52;
315 R57 = R37 ^ R53;
316 R58 = R38 ^ R54;
317 R59 = R39 ^ R55;
318 R5A = R3A ^ R56;
319 R5B = R3B ^ R57;
320 R5C = R3C ^ R58;
321 R5D = R3D ^ R59;
322 R5E = R3E ^ R5A;
323 R5F = R3F ^ R5B;
324 R60 = R40 ^ HEAP[sbox | R5D] ^ 4;
325 R61 = R41 ^ HEAP[sbox | R5E];
326 R62 = R42 ^ HEAP[sbox | R5F];
327 R63 = R43 ^ HEAP[sbox | R5C];
328 R64 = R44 ^ R60;
329 R65 = R45 ^ R61;
330 R66 = R46 ^ R62;
331 R67 = R47 ^ R63;
332 R68 = R48 ^ R64;
333 R69 = R49 ^ R65;
334 R6A = R4A ^ R66;
335 R6B = R4B ^ R67;
336 R6C = R4C ^ R68;
337 R6D = R4D ^ R69;
338 R6E = R4E ^ R6A;
339 R6F = R4F ^ R6B;
340 R70 = R50 ^ HEAP[sbox | R6C];
341 R71 = R51 ^ HEAP[sbox | R6D];
342 R72 = R52 ^ HEAP[sbox | R6E];
343 R73 = R53 ^ HEAP[sbox | R6F];
344 R74 = R54 ^ R70;
345 R75 = R55 ^ R71;
346 R76 = R56 ^ R72;
347 R77 = R57 ^ R73;
348 R78 = R58 ^ R74;
349 R79 = R59 ^ R75;
350 R7A = R5A ^ R76;
351 R7B = R5B ^ R77;
352 R7C = R5C ^ R78;
353 R7D = R5D ^ R79;
354 R7E = R5E ^ R7A;
355 R7F = R5F ^ R7B;
356 R80 = R60 ^ HEAP[sbox | R7D] ^ 8;
357 R81 = R61 ^ HEAP[sbox | R7E];
358 R82 = R62 ^ HEAP[sbox | R7F];
359 R83 = R63 ^ HEAP[sbox | R7C];
360 R84 = R64 ^ R80;
361 R85 = R65 ^ R81;
362 R86 = R66 ^ R82;
363 R87 = R67 ^ R83;
364 R88 = R68 ^ R84;
365 R89 = R69 ^ R85;
366 R8A = R6A ^ R86;
367 R8B = R6B ^ R87;
368 R8C = R6C ^ R88;
369 R8D = R6D ^ R89;
370 R8E = R6E ^ R8A;
371 R8F = R6F ^ R8B;
372 R90 = R70 ^ HEAP[sbox | R8C];
373 R91 = R71 ^ HEAP[sbox | R8D];
374 R92 = R72 ^ HEAP[sbox | R8E];
375 R93 = R73 ^ HEAP[sbox | R8F];
376 R94 = R74 ^ R90;
377 R95 = R75 ^ R91;
378 R96 = R76 ^ R92;
379 R97 = R77 ^ R93;
380 R98 = R78 ^ R94;
381 R99 = R79 ^ R95;
382 R9A = R7A ^ R96;
383 R9B = R7B ^ R97;
384 R9C = R7C ^ R98;
385 R9D = R7D ^ R99;
386 R9E = R7E ^ R9A;
387 R9F = R7F ^ R9B;
388 RA0 = R80 ^ HEAP[sbox | R9D] ^ 16;
389 RA1 = R81 ^ HEAP[sbox | R9E];
390 RA2 = R82 ^ HEAP[sbox | R9F];
391 RA3 = R83 ^ HEAP[sbox | R9C];
392 RA4 = R84 ^ RA0;
393 RA5 = R85 ^ RA1;
394 RA6 = R86 ^ RA2;
395 RA7 = R87 ^ RA3;
396 RA8 = R88 ^ RA4;
397 RA9 = R89 ^ RA5;
398 RAA = R8A ^ RA6;
399 RAB = R8B ^ RA7;
400 RAC = R8C ^ RA8;
401 RAD = R8D ^ RA9;
402 RAE = R8E ^ RAA;
403 RAF = R8F ^ RAB;
404 RB0 = R90 ^ HEAP[sbox | RAC];
405 RB1 = R91 ^ HEAP[sbox | RAD];
406 RB2 = R92 ^ HEAP[sbox | RAE];
407 RB3 = R93 ^ HEAP[sbox | RAF];
408 RB4 = R94 ^ RB0;
409 RB5 = R95 ^ RB1;
410 RB6 = R96 ^ RB2;
411 RB7 = R97 ^ RB3;
412 RB8 = R98 ^ RB4;
413 RB9 = R99 ^ RB5;
414 RBA = R9A ^ RB6;
415 RBB = R9B ^ RB7;
416 RBC = R9C ^ RB8;
417 RBD = R9D ^ RB9;
418 RBE = R9E ^ RBA;
419 RBF = R9F ^ RBB;
420 RC0 = RA0 ^ HEAP[sbox | RBD] ^ 32;
421 RC1 = RA1 ^ HEAP[sbox | RBE];
422 RC2 = RA2 ^ HEAP[sbox | RBF];
423 RC3 = RA3 ^ HEAP[sbox | RBC];
424 RC4 = RA4 ^ RC0;
425 RC5 = RA5 ^ RC1;
426 RC6 = RA6 ^ RC2;
427 RC7 = RA7 ^ RC3;
428 RC8 = RA8 ^ RC4;
429 RC9 = RA9 ^ RC5;
430 RCA = RAA ^ RC6;
431 RCB = RAB ^ RC7;
432 RCC = RAC ^ RC8;
433 RCD = RAD ^ RC9;
434 RCE = RAE ^ RCA;
435 RCF = RAF ^ RCB;
436 RD0 = RB0 ^ HEAP[sbox | RCC];
437 RD1 = RB1 ^ HEAP[sbox | RCD];
438 RD2 = RB2 ^ HEAP[sbox | RCE];
439 RD3 = RB3 ^ HEAP[sbox | RCF];
440 RD4 = RB4 ^ RD0;
441 RD5 = RB5 ^ RD1;
442 RD6 = RB6 ^ RD2;
443 RD7 = RB7 ^ RD3;
444 RD8 = RB8 ^ RD4;
445 RD9 = RB9 ^ RD5;
446 RDA = RBA ^ RD6;
447 RDB = RBB ^ RD7;
448 RDC = RBC ^ RD8;
449 RDD = RBD ^ RD9;
450 RDE = RBE ^ RDA;
451 RDF = RBF ^ RDB;
452 RE0 = RC0 ^ HEAP[sbox | RDD] ^ 64;
453 RE1 = RC1 ^ HEAP[sbox | RDE];
454 RE2 = RC2 ^ HEAP[sbox | RDF];
455 RE3 = RC3 ^ HEAP[sbox | RDC];
456 RE4 = RC4 ^ RE0;
457 RE5 = RC5 ^ RE1;
458 RE6 = RC6 ^ RE2;
459 RE7 = RC7 ^ RE3;
460 RE8 = RC8 ^ RE4;
461 RE9 = RC9 ^ RE5;
462 REA = RCA ^ RE6;
463 REB = RCB ^ RE7;
464 REC = RCC ^ RE8;
465 RED = RCD ^ RE9;
466 REE = RCE ^ REA;
467 REF = RCF ^ REB;
468 }
469 function _encrypt(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
470 s0 = s0 | 0;
471 s1 = s1 | 0;
472 s2 = s2 | 0;
473 s3 = s3 | 0;
474 s4 = s4 | 0;
475 s5 = s5 | 0;
476 s6 = s6 | 0;
477 s7 = s7 | 0;
478 s8 = s8 | 0;
479 s9 = s9 | 0;
480 sA = sA | 0;
481 sB = sB | 0;
482 sC = sC | 0;
483 sD = sD | 0;
484 sE = sE | 0;
485 sF = sF | 0;
486 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, tA = 0, tB = 0, tC = 0, tD = 0, tE = 0, tF = 0, sbox = 0, x2_sbox = 512, x3_sbox = 768;
487 s0 = s0 ^ R00;
488 s1 = s1 ^ R01;
489 s2 = s2 ^ R02;
490 s3 = s3 ^ R03;
491 s4 = s4 ^ R04;
492 s5 = s5 ^ R05;
493 s6 = s6 ^ R06;
494 s7 = s7 ^ R07;
495 s8 = s8 ^ R08;
496 s9 = s9 ^ R09;
497 sA = sA ^ R0A;
498 sB = sB ^ R0B;
499 sC = sC ^ R0C;
500 sD = sD ^ R0D;
501 sE = sE ^ R0E;
502 sF = sF ^ R0F;
503 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R10;
504 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R11;
505 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R12;
506 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R13;
507 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R14;
508 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R15;
509 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R16;
510 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R17;
511 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R18;
512 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R19;
513 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R1A;
514 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R1B;
515 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R1C;
516 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R1D;
517 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R1E;
518 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R1F;
519 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R20;
520 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R21;
521 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R22;
522 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R23;
523 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R24;
524 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R25;
525 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R26;
526 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R27;
527 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R28;
528 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R29;
529 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R2A;
530 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R2B;
531 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R2C;
532 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R2D;
533 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R2E;
534 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R2F;
535 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R30;
536 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R31;
537 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R32;
538 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R33;
539 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R34;
540 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R35;
541 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R36;
542 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R37;
543 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R38;
544 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R39;
545 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R3A;
546 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R3B;
547 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R3C;
548 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R3D;
549 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R3E;
550 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R3F;
551 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R40;
552 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R41;
553 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R42;
554 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R43;
555 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R44;
556 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R45;
557 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R46;
558 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R47;
559 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R48;
560 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R49;
561 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R4A;
562 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R4B;
563 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R4C;
564 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R4D;
565 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R4E;
566 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R4F;
567 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R50;
568 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R51;
569 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R52;
570 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R53;
571 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R54;
572 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R55;
573 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R56;
574 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R57;
575 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R58;
576 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R59;
577 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R5A;
578 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R5B;
579 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R5C;
580 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R5D;
581 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R5E;
582 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R5F;
583 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R60;
584 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R61;
585 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R62;
586 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R63;
587 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R64;
588 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R65;
589 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R66;
590 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R67;
591 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R68;
592 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R69;
593 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R6A;
594 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R6B;
595 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R6C;
596 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R6D;
597 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R6E;
598 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R6F;
599 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R70;
600 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R71;
601 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R72;
602 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R73;
603 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R74;
604 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R75;
605 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R76;
606 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R77;
607 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R78;
608 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R79;
609 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R7A;
610 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R7B;
611 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R7C;
612 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R7D;
613 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R7E;
614 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R7F;
615 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ R80;
616 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ R81;
617 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ R82;
618 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ R83;
619 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ R84;
620 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ R85;
621 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ R86;
622 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ R87;
623 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ R88;
624 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ R89;
625 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ R8A;
626 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ R8B;
627 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ R8C;
628 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ R8D;
629 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ R8E;
630 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ R8F;
631 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ R90;
632 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ R91;
633 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ R92;
634 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ R93;
635 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ R94;
636 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ R95;
637 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ R96;
638 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ R97;
639 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ R98;
640 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ R99;
641 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ R9A;
642 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ R9B;
643 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ R9C;
644 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ R9D;
645 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ R9E;
646 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ R9F;
647 if ((keySize | 0) == 16) {
648 S0 = HEAP[sbox | t0] ^ RA0;
649 S1 = HEAP[sbox | t5] ^ RA1;
650 S2 = HEAP[sbox | tA] ^ RA2;
651 S3 = HEAP[sbox | tF] ^ RA3;
652 S4 = HEAP[sbox | t4] ^ RA4;
653 S5 = HEAP[sbox | t9] ^ RA5;
654 S6 = HEAP[sbox | tE] ^ RA6;
655 S7 = HEAP[sbox | t3] ^ RA7;
656 S8 = HEAP[sbox | t8] ^ RA8;
657 S9 = HEAP[sbox | tD] ^ RA9;
658 SA = HEAP[sbox | t2] ^ RAA;
659 SB = HEAP[sbox | t7] ^ RAB;
660 SC = HEAP[sbox | tC] ^ RAC;
661 SD = HEAP[sbox | t1] ^ RAD;
662 SE = HEAP[sbox | t6] ^ RAE;
663 SF = HEAP[sbox | tB] ^ RAF;
664 return;
665 }
666 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ RA0;
667 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ RA1;
668 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ RA2;
669 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ RA3;
670 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ RA4;
671 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ RA5;
672 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ RA6;
673 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ RA7;
674 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ RA8;
675 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ RA9;
676 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ RAA;
677 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ RAB;
678 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ RAC;
679 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ RAD;
680 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ RAE;
681 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ RAF;
682 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ RB0;
683 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ RB1;
684 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ RB2;
685 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ RB3;
686 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ RB4;
687 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ RB5;
688 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ RB6;
689 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ RB7;
690 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ RB8;
691 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ RB9;
692 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ RBA;
693 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ RBB;
694 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ RBC;
695 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ RBD;
696 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ RBE;
697 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ RBF;
698 s0 = HEAP[x2_sbox | t0] ^ HEAP[x3_sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[sbox | tF] ^ RC0;
699 s1 = HEAP[sbox | t0] ^ HEAP[x2_sbox | t5] ^ HEAP[x3_sbox | tA] ^ HEAP[sbox | tF] ^ RC1;
700 s2 = HEAP[sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[x2_sbox | tA] ^ HEAP[x3_sbox | tF] ^ RC2;
701 s3 = HEAP[x3_sbox | t0] ^ HEAP[sbox | t5] ^ HEAP[sbox | tA] ^ HEAP[x2_sbox | tF] ^ RC3;
702 s4 = HEAP[x2_sbox | t4] ^ HEAP[x3_sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[sbox | t3] ^ RC4;
703 s5 = HEAP[sbox | t4] ^ HEAP[x2_sbox | t9] ^ HEAP[x3_sbox | tE] ^ HEAP[sbox | t3] ^ RC5;
704 s6 = HEAP[sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[x2_sbox | tE] ^ HEAP[x3_sbox | t3] ^ RC6;
705 s7 = HEAP[x3_sbox | t4] ^ HEAP[sbox | t9] ^ HEAP[sbox | tE] ^ HEAP[x2_sbox | t3] ^ RC7;
706 s8 = HEAP[x2_sbox | t8] ^ HEAP[x3_sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[sbox | t7] ^ RC8;
707 s9 = HEAP[sbox | t8] ^ HEAP[x2_sbox | tD] ^ HEAP[x3_sbox | t2] ^ HEAP[sbox | t7] ^ RC9;
708 sA = HEAP[sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[x2_sbox | t2] ^ HEAP[x3_sbox | t7] ^ RCA;
709 sB = HEAP[x3_sbox | t8] ^ HEAP[sbox | tD] ^ HEAP[sbox | t2] ^ HEAP[x2_sbox | t7] ^ RCB;
710 sC = HEAP[x2_sbox | tC] ^ HEAP[x3_sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[sbox | tB] ^ RCC;
711 sD = HEAP[sbox | tC] ^ HEAP[x2_sbox | t1] ^ HEAP[x3_sbox | t6] ^ HEAP[sbox | tB] ^ RCD;
712 sE = HEAP[sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[x2_sbox | t6] ^ HEAP[x3_sbox | tB] ^ RCE;
713 sF = HEAP[x3_sbox | tC] ^ HEAP[sbox | t1] ^ HEAP[sbox | t6] ^ HEAP[x2_sbox | tB] ^ RCF;
714 t0 = HEAP[x2_sbox | s0] ^ HEAP[x3_sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[sbox | sF] ^ RD0;
715 t1 = HEAP[sbox | s0] ^ HEAP[x2_sbox | s5] ^ HEAP[x3_sbox | sA] ^ HEAP[sbox | sF] ^ RD1;
716 t2 = HEAP[sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[x2_sbox | sA] ^ HEAP[x3_sbox | sF] ^ RD2;
717 t3 = HEAP[x3_sbox | s0] ^ HEAP[sbox | s5] ^ HEAP[sbox | sA] ^ HEAP[x2_sbox | sF] ^ RD3;
718 t4 = HEAP[x2_sbox | s4] ^ HEAP[x3_sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[sbox | s3] ^ RD4;
719 t5 = HEAP[sbox | s4] ^ HEAP[x2_sbox | s9] ^ HEAP[x3_sbox | sE] ^ HEAP[sbox | s3] ^ RD5;
720 t6 = HEAP[sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[x2_sbox | sE] ^ HEAP[x3_sbox | s3] ^ RD6;
721 t7 = HEAP[x3_sbox | s4] ^ HEAP[sbox | s9] ^ HEAP[sbox | sE] ^ HEAP[x2_sbox | s3] ^ RD7;
722 t8 = HEAP[x2_sbox | s8] ^ HEAP[x3_sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[sbox | s7] ^ RD8;
723 t9 = HEAP[sbox | s8] ^ HEAP[x2_sbox | sD] ^ HEAP[x3_sbox | s2] ^ HEAP[sbox | s7] ^ RD9;
724 tA = HEAP[sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[x2_sbox | s2] ^ HEAP[x3_sbox | s7] ^ RDA;
725 tB = HEAP[x3_sbox | s8] ^ HEAP[sbox | sD] ^ HEAP[sbox | s2] ^ HEAP[x2_sbox | s7] ^ RDB;
726 tC = HEAP[x2_sbox | sC] ^ HEAP[x3_sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[sbox | sB] ^ RDC;
727 tD = HEAP[sbox | sC] ^ HEAP[x2_sbox | s1] ^ HEAP[x3_sbox | s6] ^ HEAP[sbox | sB] ^ RDD;
728 tE = HEAP[sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[x2_sbox | s6] ^ HEAP[x3_sbox | sB] ^ RDE;
729 tF = HEAP[x3_sbox | sC] ^ HEAP[sbox | s1] ^ HEAP[sbox | s6] ^ HEAP[x2_sbox | sB] ^ RDF;
730 S0 = HEAP[sbox | t0] ^ RE0;
731 S1 = HEAP[sbox | t5] ^ RE1;
732 S2 = HEAP[sbox | tA] ^ RE2;
733 S3 = HEAP[sbox | tF] ^ RE3;
734 S4 = HEAP[sbox | t4] ^ RE4;
735 S5 = HEAP[sbox | t9] ^ RE5;
736 S6 = HEAP[sbox | tE] ^ RE6;
737 S7 = HEAP[sbox | t3] ^ RE7;
738 S8 = HEAP[sbox | t8] ^ RE8;
739 S9 = HEAP[sbox | tD] ^ RE9;
740 SA = HEAP[sbox | t2] ^ REA;
741 SB = HEAP[sbox | t7] ^ REB;
742 SC = HEAP[sbox | tC] ^ REC;
743 SD = HEAP[sbox | t1] ^ RED;
744 SE = HEAP[sbox | t6] ^ REE;
745 SF = HEAP[sbox | tB] ^ REF;
746 }
747 function _decrypt(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
748 s0 = s0 | 0;
749 s1 = s1 | 0;
750 s2 = s2 | 0;
751 s3 = s3 | 0;
752 s4 = s4 | 0;
753 s5 = s5 | 0;
754 s6 = s6 | 0;
755 s7 = s7 | 0;
756 s8 = s8 | 0;
757 s9 = s9 | 0;
758 sA = sA | 0;
759 sB = sB | 0;
760 sC = sC | 0;
761 sD = sD | 0;
762 sE = sE | 0;
763 sF = sF | 0;
764 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, tA = 0, tB = 0, tC = 0, tD = 0, tE = 0, tF = 0, inv_sbox = 256, x9 = 1024, xB = 1280, xD = 1536, xE = 1792;
765 if ((keySize | 0) == 32) {
766 t0 = HEAP[inv_sbox | s0 ^ RE0] ^ RD0;
767 t1 = HEAP[inv_sbox | sD ^ RED] ^ RD1;
768 t2 = HEAP[inv_sbox | sA ^ REA] ^ RD2;
769 t3 = HEAP[inv_sbox | s7 ^ RE7] ^ RD3;
770 t4 = HEAP[inv_sbox | s4 ^ RE4] ^ RD4;
771 t5 = HEAP[inv_sbox | s1 ^ RE1] ^ RD5;
772 t6 = HEAP[inv_sbox | sE ^ REE] ^ RD6;
773 t7 = HEAP[inv_sbox | sB ^ REB] ^ RD7;
774 t8 = HEAP[inv_sbox | s8 ^ RE8] ^ RD8;
775 t9 = HEAP[inv_sbox | s5 ^ RE5] ^ RD9;
776 tA = HEAP[inv_sbox | s2 ^ RE2] ^ RDA;
777 tB = HEAP[inv_sbox | sF ^ REF] ^ RDB;
778 tC = HEAP[inv_sbox | sC ^ REC] ^ RDC;
779 tD = HEAP[inv_sbox | s9 ^ RE9] ^ RDD;
780 tE = HEAP[inv_sbox | s6 ^ RE6] ^ RDE;
781 tF = HEAP[inv_sbox | s3 ^ RE3] ^ RDF;
782 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
783 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
784 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
785 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
786 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
787 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
788 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
789 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
790 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
791 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
792 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
793 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
794 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
795 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
796 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
797 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
798 t0 = HEAP[inv_sbox | s0] ^ RC0;
799 t1 = HEAP[inv_sbox | s1] ^ RC1;
800 t2 = HEAP[inv_sbox | s2] ^ RC2;
801 t3 = HEAP[inv_sbox | s3] ^ RC3;
802 t4 = HEAP[inv_sbox | s4] ^ RC4;
803 t5 = HEAP[inv_sbox | s5] ^ RC5;
804 t6 = HEAP[inv_sbox | s6] ^ RC6;
805 t7 = HEAP[inv_sbox | s7] ^ RC7;
806 t8 = HEAP[inv_sbox | s8] ^ RC8;
807 t9 = HEAP[inv_sbox | s9] ^ RC9;
808 tA = HEAP[inv_sbox | sA] ^ RCA;
809 tB = HEAP[inv_sbox | sB] ^ RCB;
810 tC = HEAP[inv_sbox | sC] ^ RCC;
811 tD = HEAP[inv_sbox | sD] ^ RCD;
812 tE = HEAP[inv_sbox | sE] ^ RCE;
813 tF = HEAP[inv_sbox | sF] ^ RCF;
814 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
815 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
816 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
817 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
818 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
819 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
820 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
821 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
822 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
823 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
824 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
825 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
826 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
827 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
828 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
829 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
830 t0 = HEAP[inv_sbox | s0] ^ RB0;
831 t1 = HEAP[inv_sbox | s1] ^ RB1;
832 t2 = HEAP[inv_sbox | s2] ^ RB2;
833 t3 = HEAP[inv_sbox | s3] ^ RB3;
834 t4 = HEAP[inv_sbox | s4] ^ RB4;
835 t5 = HEAP[inv_sbox | s5] ^ RB5;
836 t6 = HEAP[inv_sbox | s6] ^ RB6;
837 t7 = HEAP[inv_sbox | s7] ^ RB7;
838 t8 = HEAP[inv_sbox | s8] ^ RB8;
839 t9 = HEAP[inv_sbox | s9] ^ RB9;
840 tA = HEAP[inv_sbox | sA] ^ RBA;
841 tB = HEAP[inv_sbox | sB] ^ RBB;
842 tC = HEAP[inv_sbox | sC] ^ RBC;
843 tD = HEAP[inv_sbox | sD] ^ RBD;
844 tE = HEAP[inv_sbox | sE] ^ RBE;
845 tF = HEAP[inv_sbox | sF] ^ RBF;
846 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
847 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
848 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
849 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
850 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
851 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
852 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
853 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
854 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
855 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
856 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
857 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
858 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
859 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
860 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
861 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
862 t0 = HEAP[inv_sbox | s0] ^ RA0;
863 t1 = HEAP[inv_sbox | s1] ^ RA1;
864 t2 = HEAP[inv_sbox | s2] ^ RA2;
865 t3 = HEAP[inv_sbox | s3] ^ RA3;
866 t4 = HEAP[inv_sbox | s4] ^ RA4;
867 t5 = HEAP[inv_sbox | s5] ^ RA5;
868 t6 = HEAP[inv_sbox | s6] ^ RA6;
869 t7 = HEAP[inv_sbox | s7] ^ RA7;
870 t8 = HEAP[inv_sbox | s8] ^ RA8;
871 t9 = HEAP[inv_sbox | s9] ^ RA9;
872 tA = HEAP[inv_sbox | sA] ^ RAA;
873 tB = HEAP[inv_sbox | sB] ^ RAB;
874 tC = HEAP[inv_sbox | sC] ^ RAC;
875 tD = HEAP[inv_sbox | sD] ^ RAD;
876 tE = HEAP[inv_sbox | sE] ^ RAE;
877 tF = HEAP[inv_sbox | sF] ^ RAF;
878 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
879 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
880 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
881 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
882 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
883 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
884 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
885 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
886 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
887 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
888 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
889 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
890 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
891 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
892 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
893 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
894 t0 = HEAP[inv_sbox | s0] ^ R90;
895 t1 = HEAP[inv_sbox | s1] ^ R91;
896 t2 = HEAP[inv_sbox | s2] ^ R92;
897 t3 = HEAP[inv_sbox | s3] ^ R93;
898 t4 = HEAP[inv_sbox | s4] ^ R94;
899 t5 = HEAP[inv_sbox | s5] ^ R95;
900 t6 = HEAP[inv_sbox | s6] ^ R96;
901 t7 = HEAP[inv_sbox | s7] ^ R97;
902 t8 = HEAP[inv_sbox | s8] ^ R98;
903 t9 = HEAP[inv_sbox | s9] ^ R99;
904 tA = HEAP[inv_sbox | sA] ^ R9A;
905 tB = HEAP[inv_sbox | sB] ^ R9B;
906 tC = HEAP[inv_sbox | sC] ^ R9C;
907 tD = HEAP[inv_sbox | sD] ^ R9D;
908 tE = HEAP[inv_sbox | sE] ^ R9E;
909 tF = HEAP[inv_sbox | sF] ^ R9F;
910 } else {
911 t0 = HEAP[inv_sbox | s0 ^ RA0] ^ R90;
912 t1 = HEAP[inv_sbox | sD ^ RAD] ^ R91;
913 t2 = HEAP[inv_sbox | sA ^ RAA] ^ R92;
914 t3 = HEAP[inv_sbox | s7 ^ RA7] ^ R93;
915 t4 = HEAP[inv_sbox | s4 ^ RA4] ^ R94;
916 t5 = HEAP[inv_sbox | s1 ^ RA1] ^ R95;
917 t6 = HEAP[inv_sbox | sE ^ RAE] ^ R96;
918 t7 = HEAP[inv_sbox | sB ^ RAB] ^ R97;
919 t8 = HEAP[inv_sbox | s8 ^ RA8] ^ R98;
920 t9 = HEAP[inv_sbox | s5 ^ RA5] ^ R99;
921 tA = HEAP[inv_sbox | s2 ^ RA2] ^ R9A;
922 tB = HEAP[inv_sbox | sF ^ RAF] ^ R9B;
923 tC = HEAP[inv_sbox | sC ^ RAC] ^ R9C;
924 tD = HEAP[inv_sbox | s9 ^ RA9] ^ R9D;
925 tE = HEAP[inv_sbox | s6 ^ RA6] ^ R9E;
926 tF = HEAP[inv_sbox | s3 ^ RA3] ^ R9F;
927 }
928 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
929 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
930 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
931 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
932 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
933 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
934 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
935 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
936 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
937 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
938 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
939 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
940 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
941 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
942 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
943 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
944 t0 = HEAP[inv_sbox | s0] ^ R80;
945 t1 = HEAP[inv_sbox | s1] ^ R81;
946 t2 = HEAP[inv_sbox | s2] ^ R82;
947 t3 = HEAP[inv_sbox | s3] ^ R83;
948 t4 = HEAP[inv_sbox | s4] ^ R84;
949 t5 = HEAP[inv_sbox | s5] ^ R85;
950 t6 = HEAP[inv_sbox | s6] ^ R86;
951 t7 = HEAP[inv_sbox | s7] ^ R87;
952 t8 = HEAP[inv_sbox | s8] ^ R88;
953 t9 = HEAP[inv_sbox | s9] ^ R89;
954 tA = HEAP[inv_sbox | sA] ^ R8A;
955 tB = HEAP[inv_sbox | sB] ^ R8B;
956 tC = HEAP[inv_sbox | sC] ^ R8C;
957 tD = HEAP[inv_sbox | sD] ^ R8D;
958 tE = HEAP[inv_sbox | sE] ^ R8E;
959 tF = HEAP[inv_sbox | sF] ^ R8F;
960 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
961 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
962 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
963 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
964 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
965 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
966 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
967 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
968 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
969 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
970 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
971 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
972 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
973 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
974 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
975 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
976 t0 = HEAP[inv_sbox | s0] ^ R70;
977 t1 = HEAP[inv_sbox | s1] ^ R71;
978 t2 = HEAP[inv_sbox | s2] ^ R72;
979 t3 = HEAP[inv_sbox | s3] ^ R73;
980 t4 = HEAP[inv_sbox | s4] ^ R74;
981 t5 = HEAP[inv_sbox | s5] ^ R75;
982 t6 = HEAP[inv_sbox | s6] ^ R76;
983 t7 = HEAP[inv_sbox | s7] ^ R77;
984 t8 = HEAP[inv_sbox | s8] ^ R78;
985 t9 = HEAP[inv_sbox | s9] ^ R79;
986 tA = HEAP[inv_sbox | sA] ^ R7A;
987 tB = HEAP[inv_sbox | sB] ^ R7B;
988 tC = HEAP[inv_sbox | sC] ^ R7C;
989 tD = HEAP[inv_sbox | sD] ^ R7D;
990 tE = HEAP[inv_sbox | sE] ^ R7E;
991 tF = HEAP[inv_sbox | sF] ^ R7F;
992 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
993 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
994 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
995 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
996 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
997 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
998 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
999 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1000 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1001 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1002 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1003 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1004 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1005 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1006 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1007 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1008 t0 = HEAP[inv_sbox | s0] ^ R60;
1009 t1 = HEAP[inv_sbox | s1] ^ R61;
1010 t2 = HEAP[inv_sbox | s2] ^ R62;
1011 t3 = HEAP[inv_sbox | s3] ^ R63;
1012 t4 = HEAP[inv_sbox | s4] ^ R64;
1013 t5 = HEAP[inv_sbox | s5] ^ R65;
1014 t6 = HEAP[inv_sbox | s6] ^ R66;
1015 t7 = HEAP[inv_sbox | s7] ^ R67;
1016 t8 = HEAP[inv_sbox | s8] ^ R68;
1017 t9 = HEAP[inv_sbox | s9] ^ R69;
1018 tA = HEAP[inv_sbox | sA] ^ R6A;
1019 tB = HEAP[inv_sbox | sB] ^ R6B;
1020 tC = HEAP[inv_sbox | sC] ^ R6C;
1021 tD = HEAP[inv_sbox | sD] ^ R6D;
1022 tE = HEAP[inv_sbox | sE] ^ R6E;
1023 tF = HEAP[inv_sbox | sF] ^ R6F;
1024 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1025 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1026 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1027 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1028 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1029 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1030 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1031 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1032 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1033 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1034 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1035 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1036 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1037 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1038 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1039 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1040 t0 = HEAP[inv_sbox | s0] ^ R50;
1041 t1 = HEAP[inv_sbox | s1] ^ R51;
1042 t2 = HEAP[inv_sbox | s2] ^ R52;
1043 t3 = HEAP[inv_sbox | s3] ^ R53;
1044 t4 = HEAP[inv_sbox | s4] ^ R54;
1045 t5 = HEAP[inv_sbox | s5] ^ R55;
1046 t6 = HEAP[inv_sbox | s6] ^ R56;
1047 t7 = HEAP[inv_sbox | s7] ^ R57;
1048 t8 = HEAP[inv_sbox | s8] ^ R58;
1049 t9 = HEAP[inv_sbox | s9] ^ R59;
1050 tA = HEAP[inv_sbox | sA] ^ R5A;
1051 tB = HEAP[inv_sbox | sB] ^ R5B;
1052 tC = HEAP[inv_sbox | sC] ^ R5C;
1053 tD = HEAP[inv_sbox | sD] ^ R5D;
1054 tE = HEAP[inv_sbox | sE] ^ R5E;
1055 tF = HEAP[inv_sbox | sF] ^ R5F;
1056 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1057 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1058 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1059 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1060 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1061 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1062 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1063 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1064 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1065 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1066 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1067 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1068 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1069 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1070 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1071 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1072 t0 = HEAP[inv_sbox | s0] ^ R40;
1073 t1 = HEAP[inv_sbox | s1] ^ R41;
1074 t2 = HEAP[inv_sbox | s2] ^ R42;
1075 t3 = HEAP[inv_sbox | s3] ^ R43;
1076 t4 = HEAP[inv_sbox | s4] ^ R44;
1077 t5 = HEAP[inv_sbox | s5] ^ R45;
1078 t6 = HEAP[inv_sbox | s6] ^ R46;
1079 t7 = HEAP[inv_sbox | s7] ^ R47;
1080 t8 = HEAP[inv_sbox | s8] ^ R48;
1081 t9 = HEAP[inv_sbox | s9] ^ R49;
1082 tA = HEAP[inv_sbox | sA] ^ R4A;
1083 tB = HEAP[inv_sbox | sB] ^ R4B;
1084 tC = HEAP[inv_sbox | sC] ^ R4C;
1085 tD = HEAP[inv_sbox | sD] ^ R4D;
1086 tE = HEAP[inv_sbox | sE] ^ R4E;
1087 tF = HEAP[inv_sbox | sF] ^ R4F;
1088 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1089 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1090 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1091 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1092 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1093 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1094 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1095 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1096 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1097 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1098 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1099 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1100 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1101 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1102 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1103 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1104 t0 = HEAP[inv_sbox | s0] ^ R30;
1105 t1 = HEAP[inv_sbox | s1] ^ R31;
1106 t2 = HEAP[inv_sbox | s2] ^ R32;
1107 t3 = HEAP[inv_sbox | s3] ^ R33;
1108 t4 = HEAP[inv_sbox | s4] ^ R34;
1109 t5 = HEAP[inv_sbox | s5] ^ R35;
1110 t6 = HEAP[inv_sbox | s6] ^ R36;
1111 t7 = HEAP[inv_sbox | s7] ^ R37;
1112 t8 = HEAP[inv_sbox | s8] ^ R38;
1113 t9 = HEAP[inv_sbox | s9] ^ R39;
1114 tA = HEAP[inv_sbox | sA] ^ R3A;
1115 tB = HEAP[inv_sbox | sB] ^ R3B;
1116 tC = HEAP[inv_sbox | sC] ^ R3C;
1117 tD = HEAP[inv_sbox | sD] ^ R3D;
1118 tE = HEAP[inv_sbox | sE] ^ R3E;
1119 tF = HEAP[inv_sbox | sF] ^ R3F;
1120 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1121 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1122 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1123 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1124 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1125 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1126 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1127 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1128 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1129 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1130 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1131 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1132 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1133 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1134 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1135 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1136 t0 = HEAP[inv_sbox | s0] ^ R20;
1137 t1 = HEAP[inv_sbox | s1] ^ R21;
1138 t2 = HEAP[inv_sbox | s2] ^ R22;
1139 t3 = HEAP[inv_sbox | s3] ^ R23;
1140 t4 = HEAP[inv_sbox | s4] ^ R24;
1141 t5 = HEAP[inv_sbox | s5] ^ R25;
1142 t6 = HEAP[inv_sbox | s6] ^ R26;
1143 t7 = HEAP[inv_sbox | s7] ^ R27;
1144 t8 = HEAP[inv_sbox | s8] ^ R28;
1145 t9 = HEAP[inv_sbox | s9] ^ R29;
1146 tA = HEAP[inv_sbox | sA] ^ R2A;
1147 tB = HEAP[inv_sbox | sB] ^ R2B;
1148 tC = HEAP[inv_sbox | sC] ^ R2C;
1149 tD = HEAP[inv_sbox | sD] ^ R2D;
1150 tE = HEAP[inv_sbox | sE] ^ R2E;
1151 tF = HEAP[inv_sbox | sF] ^ R2F;
1152 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1153 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1154 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1155 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1156 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1157 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1158 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1159 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1160 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1161 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1162 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1163 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1164 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1165 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1166 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1167 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1168 t0 = HEAP[inv_sbox | s0] ^ R10;
1169 t1 = HEAP[inv_sbox | s1] ^ R11;
1170 t2 = HEAP[inv_sbox | s2] ^ R12;
1171 t3 = HEAP[inv_sbox | s3] ^ R13;
1172 t4 = HEAP[inv_sbox | s4] ^ R14;
1173 t5 = HEAP[inv_sbox | s5] ^ R15;
1174 t6 = HEAP[inv_sbox | s6] ^ R16;
1175 t7 = HEAP[inv_sbox | s7] ^ R17;
1176 t8 = HEAP[inv_sbox | s8] ^ R18;
1177 t9 = HEAP[inv_sbox | s9] ^ R19;
1178 tA = HEAP[inv_sbox | sA] ^ R1A;
1179 tB = HEAP[inv_sbox | sB] ^ R1B;
1180 tC = HEAP[inv_sbox | sC] ^ R1C;
1181 tD = HEAP[inv_sbox | sD] ^ R1D;
1182 tE = HEAP[inv_sbox | sE] ^ R1E;
1183 tF = HEAP[inv_sbox | sF] ^ R1F;
1184 s0 = HEAP[xE | t0] ^ HEAP[xB | t1] ^ HEAP[xD | t2] ^ HEAP[x9 | t3];
1185 s1 = HEAP[x9 | tC] ^ HEAP[xE | tD] ^ HEAP[xB | tE] ^ HEAP[xD | tF];
1186 s2 = HEAP[xD | t8] ^ HEAP[x9 | t9] ^ HEAP[xE | tA] ^ HEAP[xB | tB];
1187 s3 = HEAP[xB | t4] ^ HEAP[xD | t5] ^ HEAP[x9 | t6] ^ HEAP[xE | t7];
1188 s4 = HEAP[xE | t4] ^ HEAP[xB | t5] ^ HEAP[xD | t6] ^ HEAP[x9 | t7];
1189 s5 = HEAP[x9 | t0] ^ HEAP[xE | t1] ^ HEAP[xB | t2] ^ HEAP[xD | t3];
1190 s6 = HEAP[xD | tC] ^ HEAP[x9 | tD] ^ HEAP[xE | tE] ^ HEAP[xB | tF];
1191 s7 = HEAP[xB | t8] ^ HEAP[xD | t9] ^ HEAP[x9 | tA] ^ HEAP[xE | tB];
1192 s8 = HEAP[xE | t8] ^ HEAP[xB | t9] ^ HEAP[xD | tA] ^ HEAP[x9 | tB];
1193 s9 = HEAP[x9 | t4] ^ HEAP[xE | t5] ^ HEAP[xB | t6] ^ HEAP[xD | t7];
1194 sA = HEAP[xD | t0] ^ HEAP[x9 | t1] ^ HEAP[xE | t2] ^ HEAP[xB | t3];
1195 sB = HEAP[xB | tC] ^ HEAP[xD | tD] ^ HEAP[x9 | tE] ^ HEAP[xE | tF];
1196 sC = HEAP[xE | tC] ^ HEAP[xB | tD] ^ HEAP[xD | tE] ^ HEAP[x9 | tF];
1197 sD = HEAP[x9 | t8] ^ HEAP[xE | t9] ^ HEAP[xB | tA] ^ HEAP[xD | tB];
1198 sE = HEAP[xD | t4] ^ HEAP[x9 | t5] ^ HEAP[xE | t6] ^ HEAP[xB | t7];
1199 sF = HEAP[xB | t0] ^ HEAP[xD | t1] ^ HEAP[x9 | t2] ^ HEAP[xE | t3];
1200 S0 = HEAP[inv_sbox | s0] ^ R00;
1201 S1 = HEAP[inv_sbox | s1] ^ R01;
1202 S2 = HEAP[inv_sbox | s2] ^ R02;
1203 S3 = HEAP[inv_sbox | s3] ^ R03;
1204 S4 = HEAP[inv_sbox | s4] ^ R04;
1205 S5 = HEAP[inv_sbox | s5] ^ R05;
1206 S6 = HEAP[inv_sbox | s6] ^ R06;
1207 S7 = HEAP[inv_sbox | s7] ^ R07;
1208 S8 = HEAP[inv_sbox | s8] ^ R08;
1209 S9 = HEAP[inv_sbox | s9] ^ R09;
1210 SA = HEAP[inv_sbox | sA] ^ R0A;
1211 SB = HEAP[inv_sbox | sB] ^ R0B;
1212 SC = HEAP[inv_sbox | sC] ^ R0C;
1213 SD = HEAP[inv_sbox | sD] ^ R0D;
1214 SE = HEAP[inv_sbox | sE] ^ R0E;
1215 SF = HEAP[inv_sbox | sF] ^ R0F;
1216 }
1217 function init_state(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, sA, sB, sC, sD, sE, sF) {
1218 s0 = s0 | 0;
1219 s1 = s1 | 0;
1220 s2 = s2 | 0;
1221 s3 = s3 | 0;
1222 s4 = s4 | 0;
1223 s5 = s5 | 0;
1224 s6 = s6 | 0;
1225 s7 = s7 | 0;
1226 s8 = s8 | 0;
1227 s9 = s9 | 0;
1228 sA = sA | 0;
1229 sB = sB | 0;
1230 sC = sC | 0;
1231 sD = sD | 0;
1232 sE = sE | 0;
1233 sF = sF | 0;
1234 S0 = s0;
1235 S1 = s1;
1236 S2 = s2;
1237 S3 = s3;
1238 S4 = s4;
1239 S5 = s5;
1240 S6 = s6;
1241 S7 = s7;
1242 S8 = s8;
1243 S9 = s9;
1244 SA = sA;
1245 SB = sB;
1246 SC = sC;
1247 SD = sD;
1248 SE = sE;
1249 SF = sF;
1250 }
1251 function save_state(offset) {
1252 offset = offset | 0;
1253 HEAP[offset] = S0;
1254 HEAP[offset | 1] = S1;
1255 HEAP[offset | 2] = S2;
1256 HEAP[offset | 3] = S3;
1257 HEAP[offset | 4] = S4;
1258 HEAP[offset | 5] = S5;
1259 HEAP[offset | 6] = S6;
1260 HEAP[offset | 7] = S7;
1261 HEAP[offset | 8] = S8;
1262 HEAP[offset | 9] = S9;
1263 HEAP[offset | 10] = SA;
1264 HEAP[offset | 11] = SB;
1265 HEAP[offset | 12] = SC;
1266 HEAP[offset | 13] = SD;
1267 HEAP[offset | 14] = SE;
1268 HEAP[offset | 15] = SF;
1269 }
1270 function init_key_128(k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, kA, kB, kC, kD, kE, kF) {
1271 k0 = k0 | 0;
1272 k1 = k1 | 0;
1273 k2 = k2 | 0;
1274 k3 = k3 | 0;
1275 k4 = k4 | 0;
1276 k5 = k5 | 0;
1277 k6 = k6 | 0;
1278 k7 = k7 | 0;
1279 k8 = k8 | 0;
1280 k9 = k9 | 0;
1281 kA = kA | 0;
1282 kB = kB | 0;
1283 kC = kC | 0;
1284 kD = kD | 0;
1285 kE = kE | 0;
1286 kF = kF | 0;
1287 R00 = k0;
1288 R01 = k1;
1289 R02 = k2;
1290 R03 = k3;
1291 R04 = k4;
1292 R05 = k5;
1293 R06 = k6;
1294 R07 = k7;
1295 R08 = k8;
1296 R09 = k9;
1297 R0A = kA;
1298 R0B = kB;
1299 R0C = kC;
1300 R0D = kD;
1301 R0E = kE;
1302 R0F = kF;
1303 keySize = 16;
1304 _expand_key_128();
1305 }
1306 function init_key_256(k00, k01, k02, k03, k04, k05, k06, k07, k08, k09, k0A, k0B, k0C, k0D, k0E, k0F, k10, k11, k12, k13, k14, k15, k16, k17, k18, k19, k1A, k1B, k1C, k1D, k1E, k1F) {
1307 k00 = k00 | 0;
1308 k01 = k01 | 0;
1309 k02 = k02 | 0;
1310 k03 = k03 | 0;
1311 k04 = k04 | 0;
1312 k05 = k05 | 0;
1313 k06 = k06 | 0;
1314 k07 = k07 | 0;
1315 k08 = k08 | 0;
1316 k09 = k09 | 0;
1317 k0A = k0A | 0;
1318 k0B = k0B | 0;
1319 k0C = k0C | 0;
1320 k0D = k0D | 0;
1321 k0E = k0E | 0;
1322 k0F = k0F | 0;
1323 k10 = k10 | 0;
1324 k11 = k11 | 0;
1325 k12 = k12 | 0;
1326 k13 = k13 | 0;
1327 k14 = k14 | 0;
1328 k15 = k15 | 0;
1329 k16 = k16 | 0;
1330 k17 = k17 | 0;
1331 k18 = k18 | 0;
1332 k19 = k19 | 0;
1333 k1A = k1A | 0;
1334 k1B = k1B | 0;
1335 k1C = k1C | 0;
1336 k1D = k1D | 0;
1337 k1E = k1E | 0;
1338 k1F = k1F | 0;
1339 R00 = k00;
1340 R01 = k01;
1341 R02 = k02;
1342 R03 = k03;
1343 R04 = k04;
1344 R05 = k05;
1345 R06 = k06;
1346 R07 = k07;
1347 R08 = k08;
1348 R09 = k09;
1349 R0A = k0A;
1350 R0B = k0B;
1351 R0C = k0C;
1352 R0D = k0D;
1353 R0E = k0E;
1354 R0F = k0F;
1355 R10 = k10;
1356 R11 = k11;
1357 R12 = k12;
1358 R13 = k13;
1359 R14 = k14;
1360 R15 = k15;
1361 R16 = k16;
1362 R17 = k17;
1363 R18 = k18;
1364 R19 = k19;
1365 R1A = k1A;
1366 R1B = k1B;
1367 R1C = k1C;
1368 R1D = k1D;
1369 R1E = k1E;
1370 R1F = k1F;
1371 keySize = 32;
1372 _expand_key_256();
1373 }
1374 function cbc_encrypt(offset, length) {
1375 offset = offset | 0;
1376 length = length | 0;
1377 var encrypted = 0;
1378 if (offset & 15) return -1;
1379 while ((length | 0) >= 16) {
1380 _encrypt(S0 ^ HEAP[offset], S1 ^ HEAP[offset | 1], S2 ^ HEAP[offset | 2], S3 ^ HEAP[offset | 3], S4 ^ HEAP[offset | 4], S5 ^ HEAP[offset | 5], S6 ^ HEAP[offset | 6], S7 ^ HEAP[offset | 7], S8 ^ HEAP[offset | 8], S9 ^ HEAP[offset | 9], SA ^ HEAP[offset | 10], SB ^ HEAP[offset | 11], SC ^ HEAP[offset | 12], SD ^ HEAP[offset | 13], SE ^ HEAP[offset | 14], SF ^ HEAP[offset | 15]);
1381 HEAP[offset] = S0;
1382 HEAP[offset | 1] = S1;
1383 HEAP[offset | 2] = S2;
1384 HEAP[offset | 3] = S3;
1385 HEAP[offset | 4] = S4;
1386 HEAP[offset | 5] = S5;
1387 HEAP[offset | 6] = S6;
1388 HEAP[offset | 7] = S7;
1389 HEAP[offset | 8] = S8;
1390 HEAP[offset | 9] = S9;
1391 HEAP[offset | 10] = SA;
1392 HEAP[offset | 11] = SB;
1393 HEAP[offset | 12] = SC;
1394 HEAP[offset | 13] = SD;
1395 HEAP[offset | 14] = SE;
1396 HEAP[offset | 15] = SF;
1397 offset = offset + 16 | 0;
1398 length = length - 16 | 0;
1399 encrypted = encrypted + 16 | 0;
1400 }
1401 return encrypted | 0;
1402 }
1403 function cbc_decrypt(offset, length) {
1404 offset = offset | 0;
1405 length = length | 0;
1406 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, decrypted = 0;
1407 if (offset & 15) return -1;
1408 iv0 = S0;
1409 iv1 = S1;
1410 iv2 = S2;
1411 iv3 = S3;
1412 iv4 = S4;
1413 iv5 = S5;
1414 iv6 = S6;
1415 iv7 = S7;
1416 iv8 = S8;
1417 iv9 = S9;
1418 ivA = SA;
1419 ivB = SB;
1420 ivC = SC;
1421 ivD = SD;
1422 ivE = SE;
1423 ivF = SF;
1424 while ((length | 0) >= 16) {
1425 _decrypt(HEAP[offset] | 0, HEAP[offset | 1] | 0, HEAP[offset | 2] | 0, HEAP[offset | 3] | 0, HEAP[offset | 4] | 0, HEAP[offset | 5] | 0, HEAP[offset | 6] | 0, HEAP[offset | 7] | 0, HEAP[offset | 8] | 0, HEAP[offset | 9] | 0, HEAP[offset | 10] | 0, HEAP[offset | 11] | 0, HEAP[offset | 12] | 0, HEAP[offset | 13] | 0, HEAP[offset | 14] | 0, HEAP[offset | 15] | 0);
1426 S0 = S0 ^ iv0;
1427 iv0 = HEAP[offset] | 0;
1428 S1 = S1 ^ iv1;
1429 iv1 = HEAP[offset | 1] | 0;
1430 S2 = S2 ^ iv2;
1431 iv2 = HEAP[offset | 2] | 0;
1432 S3 = S3 ^ iv3;
1433 iv3 = HEAP[offset | 3] | 0;
1434 S4 = S4 ^ iv4;
1435 iv4 = HEAP[offset | 4] | 0;
1436 S5 = S5 ^ iv5;
1437 iv5 = HEAP[offset | 5] | 0;
1438 S6 = S6 ^ iv6;
1439 iv6 = HEAP[offset | 6] | 0;
1440 S7 = S7 ^ iv7;
1441 iv7 = HEAP[offset | 7] | 0;
1442 S8 = S8 ^ iv8;
1443 iv8 = HEAP[offset | 8] | 0;
1444 S9 = S9 ^ iv9;
1445 iv9 = HEAP[offset | 9] | 0;
1446 SA = SA ^ ivA;
1447 ivA = HEAP[offset | 10] | 0;
1448 SB = SB ^ ivB;
1449 ivB = HEAP[offset | 11] | 0;
1450 SC = SC ^ ivC;
1451 ivC = HEAP[offset | 12] | 0;
1452 SD = SD ^ ivD;
1453 ivD = HEAP[offset | 13] | 0;
1454 SE = SE ^ ivE;
1455 ivE = HEAP[offset | 14] | 0;
1456 SF = SF ^ ivF;
1457 ivF = HEAP[offset | 15] | 0;
1458 HEAP[offset] = S0;
1459 HEAP[offset | 1] = S1;
1460 HEAP[offset | 2] = S2;
1461 HEAP[offset | 3] = S3;
1462 HEAP[offset | 4] = S4;
1463 HEAP[offset | 5] = S5;
1464 HEAP[offset | 6] = S6;
1465 HEAP[offset | 7] = S7;
1466 HEAP[offset | 8] = S8;
1467 HEAP[offset | 9] = S9;
1468 HEAP[offset | 10] = SA;
1469 HEAP[offset | 11] = SB;
1470 HEAP[offset | 12] = SC;
1471 HEAP[offset | 13] = SD;
1472 HEAP[offset | 14] = SE;
1473 HEAP[offset | 15] = SF;
1474 offset = offset + 16 | 0;
1475 length = length - 16 | 0;
1476 decrypted = decrypted + 16 | 0;
1477 }
1478 S0 = iv0;
1479 S1 = iv1;
1480 S2 = iv2;
1481 S3 = iv3;
1482 S4 = iv4;
1483 S5 = iv5;
1484 S6 = iv6;
1485 S7 = iv7;
1486 S8 = iv8;
1487 S9 = iv9;
1488 SA = ivA;
1489 SB = ivB;
1490 SC = ivC;
1491 SD = ivD;
1492 SE = ivE;
1493 SF = ivF;
1494 return decrypted | 0;
1495 }
1496 function cbc_mac(offset, length, output) {
1497 offset = offset | 0;
1498 length = length | 0;
1499 output = output | 0;
1500 if (offset & 15) return -1;
1501 if (~output) if (output & 31) return -1;
1502 while ((length | 0) >= 16) {
1503 _encrypt(S0 ^ HEAP[offset], S1 ^ HEAP[offset | 1], S2 ^ HEAP[offset | 2], S3 ^ HEAP[offset | 3], S4 ^ HEAP[offset | 4], S5 ^ HEAP[offset | 5], S6 ^ HEAP[offset | 6], S7 ^ HEAP[offset | 7], S8 ^ HEAP[offset | 8], S9 ^ HEAP[offset | 9], SA ^ HEAP[offset | 10], SB ^ HEAP[offset | 11], SC ^ HEAP[offset | 12], SD ^ HEAP[offset | 13], SE ^ HEAP[offset | 14], SF ^ HEAP[offset | 15]);
1504 offset = offset + 16 | 0;
1505 length = length - 16 | 0;
1506 }
1507 if ((length | 0) > 0) {
1508 S0 = S0 ^ HEAP[offset];
1509 if ((length | 0) > 1) S1 = S1 ^ HEAP[offset | 1];
1510 if ((length | 0) > 2) S2 = S2 ^ HEAP[offset | 2];
1511 if ((length | 0) > 3) S3 = S3 ^ HEAP[offset | 3];
1512 if ((length | 0) > 4) S4 = S4 ^ HEAP[offset | 4];
1513 if ((length | 0) > 5) S5 = S5 ^ HEAP[offset | 5];
1514 if ((length | 0) > 6) S6 = S6 ^ HEAP[offset | 6];
1515 if ((length | 0) > 7) S7 = S7 ^ HEAP[offset | 7];
1516 if ((length | 0) > 8) S8 = S8 ^ HEAP[offset | 8];
1517 if ((length | 0) > 9) S9 = S9 ^ HEAP[offset | 9];
1518 if ((length | 0) > 10) SA = SA ^ HEAP[offset | 10];
1519 if ((length | 0) > 11) SB = SB ^ HEAP[offset | 11];
1520 if ((length | 0) > 12) SC = SC ^ HEAP[offset | 12];
1521 if ((length | 0) > 13) SD = SD ^ HEAP[offset | 13];
1522 if ((length | 0) > 14) SE = SE ^ HEAP[offset | 14];
1523 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1524 offset = offset + length | 0;
1525 length = 0;
1526 }
1527 if (~output) {
1528 HEAP[output | 0] = S0;
1529 HEAP[output | 1] = S1;
1530 HEAP[output | 2] = S2;
1531 HEAP[output | 3] = S3;
1532 HEAP[output | 4] = S4;
1533 HEAP[output | 5] = S5;
1534 HEAP[output | 6] = S6;
1535 HEAP[output | 7] = S7;
1536 HEAP[output | 8] = S8;
1537 HEAP[output | 9] = S9;
1538 HEAP[output | 10] = SA;
1539 HEAP[output | 11] = SB;
1540 HEAP[output | 12] = SC;
1541 HEAP[output | 13] = SD;
1542 HEAP[output | 14] = SE;
1543 HEAP[output | 15] = SF;
1544 }
1545 return 0;
1546 }
1547 function ccm_encrypt(offset, length, nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8, nonce9, nonceA, nonceB, nonceC, nonceD, counter0, counter1) {
1548 offset = offset | 0;
1549 length = length | 0;
1550 nonce0 = nonce0 | 0;
1551 nonce1 = nonce1 | 0;
1552 nonce2 = nonce2 | 0;
1553 nonce3 = nonce3 | 0;
1554 nonce4 = nonce4 | 0;
1555 nonce5 = nonce5 | 0;
1556 nonce6 = nonce6 | 0;
1557 nonce7 = nonce7 | 0;
1558 nonce8 = nonce8 | 0;
1559 nonce9 = nonce9 | 0;
1560 nonceA = nonceA | 0;
1561 nonceB = nonceB | 0;
1562 nonceC = nonceC | 0;
1563 nonceD = nonceD | 0;
1564 counter0 = counter0 | 0;
1565 counter1 = counter1 | 0;
1566 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0, sA = 0, sB = 0, sC = 0, sD = 0, sE = 0, sF = 0, encrypted = 0;
1567 if (offset & 15) return -1;
1568 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1569 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1570 while ((length | 0) >= 16) {
1571 s0 = HEAP[offset] | 0;
1572 s1 = HEAP[offset | 1] | 0;
1573 s2 = HEAP[offset | 2] | 0;
1574 s3 = HEAP[offset | 3] | 0;
1575 s4 = HEAP[offset | 4] | 0;
1576 s5 = HEAP[offset | 5] | 0;
1577 s6 = HEAP[offset | 6] | 0;
1578 s7 = HEAP[offset | 7] | 0;
1579 s8 = HEAP[offset | 8] | 0;
1580 s9 = HEAP[offset | 9] | 0;
1581 sA = HEAP[offset | 10] | 0;
1582 sB = HEAP[offset | 11] | 0;
1583 sC = HEAP[offset | 12] | 0;
1584 sD = HEAP[offset | 13] | 0;
1585 sE = HEAP[offset | 14] | 0;
1586 sF = HEAP[offset | 15] | 0;
1587 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1588 HEAP[offset] = s0 ^ S0;
1589 HEAP[offset | 1] = s1 ^ S1;
1590 HEAP[offset | 2] = s2 ^ S2;
1591 HEAP[offset | 3] = s3 ^ S3;
1592 HEAP[offset | 4] = s4 ^ S4;
1593 HEAP[offset | 5] = s5 ^ S5;
1594 HEAP[offset | 6] = s6 ^ S6;
1595 HEAP[offset | 7] = s7 ^ S7;
1596 HEAP[offset | 8] = s8 ^ S8;
1597 HEAP[offset | 9] = s9 ^ S9;
1598 HEAP[offset | 10] = sA ^ SA;
1599 HEAP[offset | 11] = sB ^ SB;
1600 HEAP[offset | 12] = sC ^ SC;
1601 HEAP[offset | 13] = sD ^ SD;
1602 HEAP[offset | 14] = sE ^ SE;
1603 HEAP[offset | 15] = sF ^ SF;
1604 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
1605 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1606 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1607 encrypted = encrypted + 16 | 0;
1608 offset = offset + 16 | 0;
1609 length = length - 16 | 0;
1610 counter1 = counter1 + 1 | 0;
1611 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1612 }
1613 if ((length | 0) > 0) {
1614 s0 = HEAP[offset] | 0;
1615 s1 = (length | 0) > 1 ? HEAP[offset | 1] | 0 : 0;
1616 s2 = (length | 0) > 2 ? HEAP[offset | 2] | 0 : 0;
1617 s3 = (length | 0) > 3 ? HEAP[offset | 3] | 0 : 0;
1618 s4 = (length | 0) > 4 ? HEAP[offset | 4] | 0 : 0;
1619 s5 = (length | 0) > 5 ? HEAP[offset | 5] | 0 : 0;
1620 s6 = (length | 0) > 6 ? HEAP[offset | 6] | 0 : 0;
1621 s7 = (length | 0) > 7 ? HEAP[offset | 7] | 0 : 0;
1622 s8 = (length | 0) > 8 ? HEAP[offset | 8] | 0 : 0;
1623 s9 = (length | 0) > 9 ? HEAP[offset | 9] | 0 : 0;
1624 sA = (length | 0) > 10 ? HEAP[offset | 10] | 0 : 0;
1625 sB = (length | 0) > 11 ? HEAP[offset | 11] | 0 : 0;
1626 sC = (length | 0) > 12 ? HEAP[offset | 12] | 0 : 0;
1627 sD = (length | 0) > 13 ? HEAP[offset | 13] | 0 : 0;
1628 sE = (length | 0) > 14 ? HEAP[offset | 14] | 0 : 0;
1629 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1630 HEAP[offset] = s0 ^ S0;
1631 if ((length | 0) > 1) HEAP[offset | 1] = s1 ^ S1;
1632 if ((length | 0) > 2) HEAP[offset | 2] = s2 ^ S2;
1633 if ((length | 0) > 3) HEAP[offset | 3] = s3 ^ S3;
1634 if ((length | 0) > 4) HEAP[offset | 4] = s4 ^ S4;
1635 if ((length | 0) > 5) HEAP[offset | 5] = s5 ^ S5;
1636 if ((length | 0) > 6) HEAP[offset | 6] = s6 ^ S6;
1637 if ((length | 0) > 7) HEAP[offset | 7] = s7 ^ S7;
1638 if ((length | 0) > 8) HEAP[offset | 8] = s8 ^ S8;
1639 if ((length | 0) > 9) HEAP[offset | 9] = s9 ^ S9;
1640 if ((length | 0) > 10) HEAP[offset | 10] = sA ^ SA;
1641 if ((length | 0) > 11) HEAP[offset | 11] = sB ^ SB;
1642 if ((length | 0) > 12) HEAP[offset | 12] = sC ^ SC;
1643 if ((length | 0) > 13) HEAP[offset | 13] = sD ^ SD;
1644 if ((length | 0) > 14) HEAP[offset | 14] = sE ^ SE;
1645 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, ivF);
1646 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1647 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1648 encrypted = encrypted + length | 0;
1649 offset = offset + length | 0;
1650 length = 0;
1651 counter1 = counter1 + 1 | 0;
1652 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1653 }
1654 return encrypted | 0;
1655 }
1656 function ccm_decrypt(offset, length, nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8, nonce9, nonceA, nonceB, nonceC, nonceD, counter0, counter1) {
1657 offset = offset | 0;
1658 length = length | 0;
1659 nonce0 = nonce0 | 0;
1660 nonce1 = nonce1 | 0;
1661 nonce2 = nonce2 | 0;
1662 nonce3 = nonce3 | 0;
1663 nonce4 = nonce4 | 0;
1664 nonce5 = nonce5 | 0;
1665 nonce6 = nonce6 | 0;
1666 nonce7 = nonce7 | 0;
1667 nonce8 = nonce8 | 0;
1668 nonce9 = nonce9 | 0;
1669 nonceA = nonceA | 0;
1670 nonceB = nonceB | 0;
1671 nonceC = nonceC | 0;
1672 nonceD = nonceD | 0;
1673 counter0 = counter0 | 0;
1674 counter1 = counter1 | 0;
1675 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, s0 = 0, s1 = 0, s2 = 0, s3 = 0, s4 = 0, s5 = 0, s6 = 0, s7 = 0, s8 = 0, s9 = 0, sA = 0, sB = 0, sC = 0, sD = 0, sE = 0, sF = 0, decrypted = 0;
1676 if (offset & 15) return -1;
1677 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1678 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1679 while ((length | 0) >= 16) {
1680 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1681 HEAP[offset] = s0 = HEAP[offset] ^ S0;
1682 HEAP[offset | 1] = s1 = HEAP[offset | 1] ^ S1;
1683 HEAP[offset | 2] = s2 = HEAP[offset | 2] ^ S2;
1684 HEAP[offset | 3] = s3 = HEAP[offset | 3] ^ S3;
1685 HEAP[offset | 4] = s4 = HEAP[offset | 4] ^ S4;
1686 HEAP[offset | 5] = s5 = HEAP[offset | 5] ^ S5;
1687 HEAP[offset | 6] = s6 = HEAP[offset | 6] ^ S6;
1688 HEAP[offset | 7] = s7 = HEAP[offset | 7] ^ S7;
1689 HEAP[offset | 8] = s8 = HEAP[offset | 8] ^ S8;
1690 HEAP[offset | 9] = s9 = HEAP[offset | 9] ^ S9;
1691 HEAP[offset | 10] = sA = HEAP[offset | 10] ^ SA;
1692 HEAP[offset | 11] = sB = HEAP[offset | 11] ^ SB;
1693 HEAP[offset | 12] = sC = HEAP[offset | 12] ^ SC;
1694 HEAP[offset | 13] = sD = HEAP[offset | 13] ^ SD;
1695 HEAP[offset | 14] = sE = HEAP[offset | 14] ^ SE;
1696 HEAP[offset | 15] = sF = HEAP[offset | 15] ^ SF;
1697 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
1698 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1699 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1700 decrypted = decrypted + 16 | 0;
1701 offset = offset + 16 | 0;
1702 length = length - 16 | 0;
1703 counter1 = counter1 + 1 | 0;
1704 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1705 }
1706 if ((length | 0) > 0) {
1707 _encrypt(nonce0, nonce1, nonce2, nonce3, nonce4, nonce5, nonce6, nonce7, nonce8 ^ counter0 >>> 24, nonce9 ^ counter0 >>> 16 & 255, nonceA ^ counter0 >>> 8 & 255, nonceB ^ counter0 & 255, nonceC ^ counter1 >>> 24, nonceD ^ counter1 >>> 16 & 255, counter1 >>> 8 & 255, counter1 & 255);
1708 s0 = HEAP[offset] ^ S0;
1709 s1 = (length | 0) > 1 ? HEAP[offset | 1] ^ S1 : 0;
1710 s2 = (length | 0) > 2 ? HEAP[offset | 2] ^ S2 : 0;
1711 s3 = (length | 0) > 3 ? HEAP[offset | 3] ^ S3 : 0;
1712 s4 = (length | 0) > 4 ? HEAP[offset | 4] ^ S4 : 0;
1713 s5 = (length | 0) > 5 ? HEAP[offset | 5] ^ S5 : 0;
1714 s6 = (length | 0) > 6 ? HEAP[offset | 6] ^ S6 : 0;
1715 s7 = (length | 0) > 7 ? HEAP[offset | 7] ^ S7 : 0;
1716 s8 = (length | 0) > 8 ? HEAP[offset | 8] ^ S8 : 0;
1717 s9 = (length | 0) > 9 ? HEAP[offset | 9] ^ S9 : 0;
1718 sA = (length | 0) > 10 ? HEAP[offset | 10] ^ SA : 0;
1719 sB = (length | 0) > 11 ? HEAP[offset | 11] ^ SB : 0;
1720 sC = (length | 0) > 12 ? HEAP[offset | 12] ^ SC : 0;
1721 sD = (length | 0) > 13 ? HEAP[offset | 13] ^ SD : 0;
1722 sE = (length | 0) > 14 ? HEAP[offset | 14] ^ SE : 0;
1723 sF = (length | 0) > 15 ? HEAP[offset | 15] ^ SF : 0;
1724 HEAP[offset] = s0;
1725 if ((length | 0) > 1) HEAP[offset | 1] = s1;
1726 if ((length | 0) > 2) HEAP[offset | 2] = s2;
1727 if ((length | 0) > 3) HEAP[offset | 3] = s3;
1728 if ((length | 0) > 4) HEAP[offset | 4] = s4;
1729 if ((length | 0) > 5) HEAP[offset | 5] = s5;
1730 if ((length | 0) > 6) HEAP[offset | 6] = s6;
1731 if ((length | 0) > 7) HEAP[offset | 7] = s7;
1732 if ((length | 0) > 8) HEAP[offset | 8] = s8;
1733 if ((length | 0) > 9) HEAP[offset | 9] = s9;
1734 if ((length | 0) > 10) HEAP[offset | 10] = sA;
1735 if ((length | 0) > 11) HEAP[offset | 11] = sB;
1736 if ((length | 0) > 12) HEAP[offset | 12] = sC;
1737 if ((length | 0) > 13) HEAP[offset | 13] = sD;
1738 if ((length | 0) > 14) HEAP[offset | 14] = sE;
1739 _encrypt(s0 ^ iv0, s1 ^ iv1, s2 ^ iv2, s3 ^ iv3, s4 ^ iv4, s5 ^ iv5, s6 ^ iv6, s7 ^ iv7, s8 ^ iv8, s9 ^ iv9, sA ^ ivA, sB ^ ivB, sC ^ ivC, sD ^ ivD, sE ^ ivE, sF ^ ivF);
1740 iv0 = S0, iv1 = S1, iv2 = S2, iv3 = S3, iv4 = S4, iv5 = S5, iv6 = S6, iv7 = S7,
1741 iv8 = S8, iv9 = S9, ivA = SA, ivB = SB, ivC = SC, ivD = SD, ivE = SE, ivF = SF;
1742 decrypted = decrypted + length | 0;
1743 offset = offset + length | 0;
1744 length = 0;
1745 counter1 = counter1 + 1 | 0;
1746 if ((counter1 | 0) == 0) counter0 = counter0 + 1 | 0;
1747 }
1748 return decrypted | 0;
1749 }
1750 function cfb_encrypt(offset, length) {
1751 offset = offset | 0;
1752 length = length | 0;
1753 var encrypted = 0;
1754 if (offset & 15) return -1;
1755 while ((length | 0) >= 16) {
1756 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1757 S0 = S0 ^ HEAP[offset];
1758 S1 = S1 ^ HEAP[offset | 1];
1759 S2 = S2 ^ HEAP[offset | 2];
1760 S3 = S3 ^ HEAP[offset | 3];
1761 S4 = S4 ^ HEAP[offset | 4];
1762 S5 = S5 ^ HEAP[offset | 5];
1763 S6 = S6 ^ HEAP[offset | 6];
1764 S7 = S7 ^ HEAP[offset | 7];
1765 S8 = S8 ^ HEAP[offset | 8];
1766 S9 = S9 ^ HEAP[offset | 9];
1767 SA = SA ^ HEAP[offset | 10];
1768 SB = SB ^ HEAP[offset | 11];
1769 SC = SC ^ HEAP[offset | 12];
1770 SD = SD ^ HEAP[offset | 13];
1771 SE = SE ^ HEAP[offset | 14];
1772 SF = SF ^ HEAP[offset | 15];
1773 HEAP[offset] = S0;
1774 HEAP[offset | 1] = S1;
1775 HEAP[offset | 2] = S2;
1776 HEAP[offset | 3] = S3;
1777 HEAP[offset | 4] = S4;
1778 HEAP[offset | 5] = S5;
1779 HEAP[offset | 6] = S6;
1780 HEAP[offset | 7] = S7;
1781 HEAP[offset | 8] = S8;
1782 HEAP[offset | 9] = S9;
1783 HEAP[offset | 10] = SA;
1784 HEAP[offset | 11] = SB;
1785 HEAP[offset | 12] = SC;
1786 HEAP[offset | 13] = SD;
1787 HEAP[offset | 14] = SE;
1788 HEAP[offset | 15] = SF;
1789 offset = offset + 16 | 0;
1790 length = length - 16 | 0;
1791 encrypted = encrypted + 16 | 0;
1792 }
1793 if ((length | 0) > 0) {
1794 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1795 HEAP[offset] = HEAP[offset] ^ S0;
1796 if ((length | 0) > 1) HEAP[offset | 1] = HEAP[offset | 1] ^ S1;
1797 if ((length | 0) > 2) HEAP[offset | 2] = HEAP[offset | 2] ^ S2;
1798 if ((length | 0) > 3) HEAP[offset | 3] = HEAP[offset | 3] ^ S3;
1799 if ((length | 0) > 4) HEAP[offset | 4] = HEAP[offset | 4] ^ S4;
1800 if ((length | 0) > 5) HEAP[offset | 5] = HEAP[offset | 5] ^ S5;
1801 if ((length | 0) > 6) HEAP[offset | 6] = HEAP[offset | 6] ^ S6;
1802 if ((length | 0) > 7) HEAP[offset | 7] = HEAP[offset | 7] ^ S7;
1803 if ((length | 0) > 8) HEAP[offset | 8] = HEAP[offset | 8] ^ S8;
1804 if ((length | 0) > 9) HEAP[offset | 9] = HEAP[offset | 9] ^ S9;
1805 if ((length | 0) > 10) HEAP[offset | 10] = HEAP[offset | 10] ^ SA;
1806 if ((length | 0) > 11) HEAP[offset | 11] = HEAP[offset | 11] ^ SB;
1807 if ((length | 0) > 12) HEAP[offset | 12] = HEAP[offset | 12] ^ SC;
1808 if ((length | 0) > 13) HEAP[offset | 13] = HEAP[offset | 13] ^ SD;
1809 if ((length | 0) > 14) HEAP[offset | 14] = HEAP[offset | 14] ^ SE;
1810 encrypted = encrypted + length | 0;
1811 offset = offset + length | 0;
1812 length = 0;
1813 }
1814 return encrypted | 0;
1815 }
1816 function cfb_decrypt(offset, length) {
1817 offset = offset | 0;
1818 length = length | 0;
1819 var iv0 = 0, iv1 = 0, iv2 = 0, iv3 = 0, iv4 = 0, iv5 = 0, iv6 = 0, iv7 = 0, iv8 = 0, iv9 = 0, ivA = 0, ivB = 0, ivC = 0, ivD = 0, ivE = 0, ivF = 0, decrypted = 0;
1820 if (offset & 15) return -1;
1821 while ((length | 0) >= 16) {
1822 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1823 iv0 = HEAP[offset] | 0;
1824 iv1 = HEAP[offset | 1] | 0;
1825 iv2 = HEAP[offset | 2] | 0;
1826 iv3 = HEAP[offset | 3] | 0;
1827 iv4 = HEAP[offset | 4] | 0;
1828 iv5 = HEAP[offset | 5] | 0;
1829 iv6 = HEAP[offset | 6] | 0;
1830 iv7 = HEAP[offset | 7] | 0;
1831 iv8 = HEAP[offset | 8] | 0;
1832 iv9 = HEAP[offset | 9] | 0;
1833 ivA = HEAP[offset | 10] | 0;
1834 ivB = HEAP[offset | 11] | 0;
1835 ivC = HEAP[offset | 12] | 0;
1836 ivD = HEAP[offset | 13] | 0;
1837 ivE = HEAP[offset | 14] | 0;
1838 ivF = HEAP[offset | 15] | 0;
1839 HEAP[offset] = S0 ^ iv0;
1840 HEAP[offset | 1] = S1 ^ iv1;
1841 HEAP[offset | 2] = S2 ^ iv2;
1842 HEAP[offset | 3] = S3 ^ iv3;
1843 HEAP[offset | 4] = S4 ^ iv4;
1844 HEAP[offset | 5] = S5 ^ iv5;
1845 HEAP[offset | 6] = S6 ^ iv6;
1846 HEAP[offset | 7] = S7 ^ iv7;
1847 HEAP[offset | 8] = S8 ^ iv8;
1848 HEAP[offset | 9] = S9 ^ iv9;
1849 HEAP[offset | 10] = SA ^ ivA;
1850 HEAP[offset | 11] = SB ^ ivB;
1851 HEAP[offset | 12] = SC ^ ivC;
1852 HEAP[offset | 13] = SD ^ ivD;
1853 HEAP[offset | 14] = SE ^ ivE;
1854 HEAP[offset | 15] = SF ^ ivF;
1855 S0 = iv0;
1856 S1 = iv1;
1857 S2 = iv2;
1858 S3 = iv3;
1859 S4 = iv4;
1860 S5 = iv5;
1861 S6 = iv6;
1862 S7 = iv7;
1863 S8 = iv8;
1864 S9 = iv9;
1865 SA = ivA;
1866 SB = ivB;
1867 SC = ivC;
1868 SD = ivD;
1869 SE = ivE;
1870 SF = ivF;
1871 offset = offset + 16 | 0;
1872 length = length - 16 | 0;
1873 decrypted = decrypted + 16 | 0;
1874 }
1875 if ((length | 0) > 0) {
1876 _encrypt(S0, S1, S2, S3, S4, S5, S6, S7, S8, S9, SA, SB, SC, SD, SE, SF);
1877 HEAP[offset] = HEAP[offset] ^ S0;
1878 if ((length | 0) > 1) HEAP[offset | 1] = HEAP[offset | 1] ^ S1;
1879 if ((length | 0) > 2) HEAP[offset | 2] = HEAP[offset | 2] ^ S2;
1880 if ((length | 0) > 3) HEAP[offset | 3] = HEAP[offset | 3] ^ S3;
1881 if ((length | 0) > 4) HEAP[offset | 4] = HEAP[offset | 4] ^ S4;
1882 if ((length | 0) > 5) HEAP[offset | 5] = HEAP[offset | 5] ^ S5;
1883 if ((length | 0) > 6) HEAP[offset | 6] = HEAP[offset | 6] ^ S6;
1884 if ((length | 0) > 7) HEAP[offset | 7] = HEAP[offset | 7] ^ S7;
1885 if ((length | 0) > 8) HEAP[offset | 8] = HEAP[offset | 8] ^ S8;
1886 if ((length | 0) > 9) HEAP[offset | 9] = HEAP[offset | 9] ^ S9;
1887 if ((length | 0) > 10) HEAP[offset | 10] = HEAP[offset | 10] ^ SA;
1888 if ((length | 0) > 11) HEAP[offset | 11] = HEAP[offset | 11] ^ SB;
1889 if ((length | 0) > 12) HEAP[offset | 12] = HEAP[offset | 12] ^ SC;
1890 if ((length | 0) > 13) HEAP[offset | 13] = HEAP[offset | 13] ^ SD;
1891 if ((length | 0) > 14) HEAP[offset | 14] = HEAP[offset | 14] ^ SE;
1892 decrypted = decrypted + length | 0;
1893 offset = offset + length | 0;
1894 length = 0;
1895 }
1896 return decrypted | 0;
1897 }
1898 return {
1899 init_state: init_state,
1900 save_state: save_state,
1901 init_key_128: init_key_128,
1902 init_key_256: init_key_256,
1903 cbc_encrypt: cbc_encrypt,
1904 cbc_decrypt: cbc_decrypt,
1905 cbc_mac: cbc_mac,
1906 ccm_encrypt: ccm_encrypt,
1907 ccm_decrypt: ccm_decrypt,
1908 cfb_encrypt: cfb_encrypt,
1909 cfb_decrypt: cfb_decrypt
1910 };
1911 }
1912 function aes_asm(stdlib, foreign, buffer) {
1913 var heap = new Uint8Array(buffer);
1914 heap.set(_aes_tables);
1915 return _aes_asm(stdlib, foreign, buffer);
1916 }
1917 var _aes_block_size = 16;
1918 function _aes_constructor(options) {
1919 options = options || {};
1920 options.heapSize = options.heapSize || 4096;
1921 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
1922 this.BLOCK_SIZE = _aes_block_size;
1923 this.heap = options.heap || new Uint8Array(options.heapSize);
1924 this.asm = options.asm || aes_asm(global, null, this.heap.buffer);
1925 this.pos = _aes_heap_start;
1926 this.len = 0;
1927 this.key = null;
1928 this.result = null;
1929 this.reset(options);
1930 }
1931 function _aes_reset(options) {
1932 options = options || {};
1933 this.result = null;
1934 this.pos = _aes_heap_start;
1935 this.len = 0;
1936 var asm = this.asm;
1937 var key = options.key;
1938 if (key !== undefined) {
1939 if (is_buffer(key) || is_bytes(key)) {
1940 key = new Uint8Array(key);
1941 } else if (is_string(key)) {
1942 var str = key;
1943 key = new Uint8Array(str.length);
1944 for (var i = 0; i < str.length; ++i) key[i] = str.charCodeAt(i);
1945 } else {
1946 throw new TypeError("unexpected key type");
1947 }
1948 if (key.length === 16) {
1949 this.key = key;
1950 asm.init_key_128.call(asm, key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], key[8], key[9], key[10], key[11], key[12], key[13], key[14], key[15]);
1951 } else if (key.length === 24) {
1952 throw new IllegalArgumentError("illegal key size");
1953 } else if (key.length === 32) {
1954 this.key = key;
1955 asm.init_key_256.call(asm, key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], key[8], key[9], key[10], key[11], key[12], key[13], key[14], key[15], key[16], key[17], key[18], key[19], key[20], key[21], key[22], key[23], key[24], key[25], key[26], key[27], key[28], key[29], key[30], key[31]);
1956 } else {
1957 throw new IllegalArgumentError("illegal key size");
1958 }
1959 }
1960 return this;
1961 }
1962 function _aes_init_iv(iv) {
1963 var asm = this.asm;
1964 if (iv !== undefined) {
1965 if (is_buffer(iv) || is_bytes(iv)) {
1966 iv = new Uint8Array(iv);
1967 } else if (is_string(iv)) {
1968 var str = iv;
1969 iv = new Uint8Array(str.length);
1970 for (var i = 0; i < str.length; ++i) iv[i] = str.charCodeAt(i);
1971 } else {
1972 throw new TypeError("unexpected iv type");
1973 }
1974 if (iv.length !== _aes_block_size) throw new IllegalArgumentError("illegal iv size");
1975 this.iv = iv;
1976 asm.init_state.call(asm, iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7], iv[8], iv[9], iv[10], iv[11], iv[12], iv[13], iv[14], iv[15]);
1977 } else {
1978 this.iv = null;
1979 asm.init_state.call(asm, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
1980 }
1981 }
1982 function _aes_heap_write(heap, hpos, data, dpos, dlen) {
1983 var hlen = heap.byteLength - hpos, wlen = hlen < dlen ? hlen : dlen;
1984 if (is_buffer(data) || is_bytes(data)) {
1985 heap.set(new Uint8Array(data.buffer || data, dpos, wlen), hpos);
1986 } else if (is_string(data)) {
1987 for (var i = 0; i < wlen; ++i) heap[hpos + i] = data.charCodeAt(dpos + i);
1988 } else {
1989 throw new TypeError("unexpected data type");
1990 }
1991 return wlen;
1992 }
1993 function cbc_aes_constructor(options) {
1994 this.padding = true;
1995 this.mode = "cbc";
1996 this.iv = null;
1997 _aes_constructor.call(this, options);
1998 }
1999 function cbc_aes_encrypt_constructor(options) {
2000 cbc_aes_constructor.call(this, options);
2001 }
2002 function cbc_aes_decrypt_constructor(options) {
2003 cbc_aes_constructor.call(this, options);
2004 }
2005 function cbc_aes_reset(options) {
2006 options = options || {};
2007 _aes_reset.call(this, options);
2008 var padding = options.padding;
2009 if (padding !== undefined) {
2010 this.padding = !!padding;
2011 } else {
2012 this.padding = true;
2013 }
2014 _aes_init_iv.call(this, options.iv);
2015 return this;
2016 }
2017 function cbc_aes_encrypt_process(data) {
2018 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2019 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2020 var result = new Uint8Array(rlen);
2021 while (dlen > 0) {
2022 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2023 len += wlen;
2024 dpos += wlen;
2025 dlen -= wlen;
2026 wlen = asm.cbc_encrypt(pos, len);
2027 result.set(heap.subarray(pos, pos + wlen), rpos);
2028 rpos += wlen;
2029 if (wlen < len) {
2030 pos += wlen;
2031 len -= wlen;
2032 } else {
2033 pos = _aes_heap_start;
2034 len = 0;
2035 }
2036 }
2037 this.result = result;
2038 this.pos = pos;
2039 this.len = len;
2040 return this;
2041 }
2042 function cbc_aes_encrypt_finish() {
2043 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2044 var asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len, rlen = _aes_block_size * Math.ceil(len / _aes_block_size);
2045 if (len % _aes_block_size === 0) {
2046 if (padding) rlen += _aes_block_size;
2047 } else if (!padding) {
2048 throw new IllegalArgumentError("data length must be a multiple of " + _aes_block_size);
2049 }
2050 var result = new Uint8Array(rlen);
2051 if (len < rlen) {
2052 var plen = _aes_block_size - len % _aes_block_size;
2053 for (var p = 0; p < plen; ++p) heap[pos + len + p] = plen;
2054 len += plen;
2055 }
2056 asm.cbc_encrypt(pos, len);
2057 result.set(heap.subarray(pos, pos + len));
2058 this.result = result;
2059 this.pos = _aes_heap_start;
2060 this.len = 0;
2061 return this;
2062 }
2063 function cbc_aes_encrypt(data) {
2064 var result1 = cbc_aes_encrypt_process.call(this, data).result, result2 = cbc_aes_encrypt_finish.call(this).result, result;
2065 result = new Uint8Array(result1.length + result2.length);
2066 result.set(result1);
2067 result.set(result2, result1.length);
2068 this.result = result;
2069 return this;
2070 }
2071 function cbc_aes_decrypt_process(data) {
2072 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2073 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2074 var result = new Uint8Array(rlen);
2075 while (dlen > 0) {
2076 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2077 len += wlen;
2078 dpos += wlen;
2079 dlen -= wlen;
2080 wlen = asm.cbc_decrypt(pos, len - (padding && dlen === 0 && len % _aes_block_size === 0 ? _aes_block_size : 0));
2081 result.set(heap.subarray(pos, pos + wlen), rpos);
2082 rpos += wlen;
2083 if (wlen < len) {
2084 pos += wlen;
2085 len -= wlen;
2086 } else {
2087 pos = _aes_heap_start;
2088 len = 0;
2089 }
2090 }
2091 this.result = result.subarray(0, rpos);
2092 this.pos = pos;
2093 this.len = len;
2094 return this;
2095 }
2096 function cbc_aes_decrypt_finish() {
2097 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2098 var asm = this.asm, heap = this.heap, padding = this.padding, pos = this.pos, len = this.len;
2099 if (len === 0) {
2100 if (!padding) {
2101 this.result = new Uint8Array(0);
2102 this.pos = _aes_heap_start;
2103 this.len = 0;
2104 return this;
2105 } else {
2106 throw new IllegalStateError("padding not found");
2107 }
2108 }
2109 if (len % _aes_block_size !== 0) throw new IllegalArgumentError("data length must be a multiple of " + _aes_block_size);
2110 var result = new Uint8Array(len);
2111 asm.cbc_decrypt(pos, len);
2112 result.set(heap.subarray(pos, pos + len));
2113 if (padding) {
2114 var pad = result[len - 1];
2115 result = result.subarray(0, len - pad);
2116 }
2117 this.result = result;
2118 this.pos = _aes_heap_start;
2119 this.len = 0;
2120 return this;
2121 }
2122 function cbc_aes_decrypt(data) {
2123 var result1 = cbc_aes_decrypt_process.call(this, data).result, result2 = cbc_aes_decrypt_finish.call(this).result, result;
2124 result = new Uint8Array(result1.length + result2.length);
2125 result.set(result1);
2126 result.set(result2, result1.length);
2127 this.result = result;
2128 return this;
2129 }
2130 var cbc_aes_encrypt_prototype = cbc_aes_encrypt_constructor.prototype;
2131 cbc_aes_encrypt_prototype.reset = cbc_aes_reset;
2132 cbc_aes_encrypt_prototype.process = cbc_aes_encrypt_process;
2133 cbc_aes_encrypt_prototype.finish = cbc_aes_encrypt_finish;
2134 var cbc_aes_decrypt_prototype = cbc_aes_decrypt_constructor.prototype;
2135 cbc_aes_decrypt_prototype.reset = cbc_aes_reset;
2136 cbc_aes_decrypt_prototype.process = cbc_aes_decrypt_process;
2137 cbc_aes_decrypt_prototype.finish = cbc_aes_decrypt_finish;
2138 var cbc_aes_prototype = cbc_aes_constructor.prototype;
2139 cbc_aes_prototype.reset = cbc_aes_reset;
2140 cbc_aes_prototype.encrypt = cbc_aes_encrypt;
2141 cbc_aes_prototype.decrypt = cbc_aes_decrypt;
2142 function _cbc_mac_process(data) {
2143 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, wlen = 0;
2144 while (dlen > 0) {
2145 wlen = _aes_heap_write(this.heap, _aes_heap_start, data, dpos, dlen);
2146 this.asm.cbc_mac(_aes_heap_start, wlen, -1);
2147 dpos += wlen;
2148 dlen -= wlen;
2149 }
2150 }
2151 var _ccm_adata_maxLength = 65279, _ccm_data_maxLength = 68719476720;
2152 function ccm_aes_constructor(options) {
2153 this.padding = false;
2154 this.mode = "ccm";
2155 this.tagSize = _aes_block_size;
2156 this.lengthSize = 4;
2157 this.nonce = null;
2158 this.adata = null;
2159 this.iv = null;
2160 this.dataLength = -1;
2161 this.dataLeft = -1;
2162 this.counter = 1;
2163 _aes_constructor.call(this, options);
2164 }
2165 function ccm_aes_encrypt_constructor(options) {
2166 ccm_aes_constructor.call(this, options);
2167 }
2168 function ccm_aes_decrypt_constructor(options) {
2169 ccm_aes_constructor.call(this, options);
2170 }
2171 function _ccm_calculate_iv() {
2172 var nonce = this.nonce, adata = this.adata, tagSize = this.tagSize, lengthSize = this.lengthSize, dataLength = this.dataLength;
2173 var data = new Uint8Array(_aes_block_size + (adata ? 2 + adata.byteLength : 0));
2174 data[0] = (adata ? 64 : 0) | tagSize - 2 << 2 | lengthSize - 1;
2175 data.set(nonce, 1);
2176 if (lengthSize > 4) data[11] = (dataLength - (dataLength >>> 0)) / 4294967296 & 15;
2177 if (lengthSize > 3) data[12] = dataLength >>> 24;
2178 if (lengthSize > 2) data[13] = dataLength >>> 16 & 255;
2179 data[14] = dataLength >>> 8 & 255;
2180 data[15] = dataLength & 255;
2181 if (adata) {
2182 data[16] = adata.byteLength >>> 8 & 255;
2183 data[17] = adata.byteLength & 255;
2184 data.set(adata, 18);
2185 }
2186 _cbc_mac_process.call(this, data);
2187 this.asm.save_state(_aes_heap_start);
2188 this.iv = new Uint8Array(this.heap.subarray(_aes_heap_start, _aes_heap_start + _aes_block_size));
2189 }
2190 function ccm_aes_reset(options) {
2191 options = options || {};
2192 _aes_reset.call(this, options);
2193 _aes_init_iv.call(this, options.iv);
2194 var tagSize = options.tagSize;
2195 if (tagSize !== undefined) {
2196 if (!is_number(tagSize)) throw new TypeError("tagSize must be a number");
2197 if (tagSize < 4 || tagSize > 16 || tagSize & 1) throw new IllegalArgumentError("illegal tagSize value");
2198 this.tagSize = tagSize;
2199 } else {
2200 this.tagSize = _aes_block_size;
2201 }
2202 var lengthSize = options.lengthSize, nonce = options.nonce;
2203 if (nonce !== undefined) {
2204 if (is_buffer(nonce) || is_bytes(nonce)) {
2205 nonce = new Uint8Array(nonce);
2206 } else if (is_string(nonce)) {
2207 var str = nonce;
2208 nonce = new Uint8Array(str.length);
2209 for (var i = 0; i < str.length; ++i) nonce[i] = str.charCodeAt(i);
2210 } else {
2211 throw new TypeError("unexpected nonce type");
2212 }
2213 if (nonce.length < 10 || nonce.length > 13) throw new IllegalArgumentError("illegal nonce length");
2214 lengthSize = lengthSize || 15 - nonce.length;
2215 this.nonce = nonce;
2216 } else {
2217 this.nonce = null;
2218 }
2219 if (lengthSize !== undefined) {
2220 if (!is_number(lengthSize)) throw new TypeError("lengthSize must be a number");
2221 if (lengthSize < 2 || lengthSize > 5 || nonce.length + lengthSize !== 15) throw new IllegalArgumentError("illegal lengthSize value");
2222 this.lengthSize = lengthSize;
2223 } else {
2224 this.lengthSize = lengthSize = 4;
2225 }
2226 var iv = this.iv;
2227 var counter = options.counter;
2228 if (counter !== undefined) {
2229 if (iv === null) throw new IllegalStateError("iv is also required");
2230 if (!is_number(counter)) throw new TypeError("counter must be a number");
2231 this.counter = counter;
2232 } else {
2233 this.counter = 1;
2234 }
2235 var dataLength = options.dataLength;
2236 if (dataLength !== undefined) {
2237 if (!is_number(dataLength)) throw new TypeError("dataLength must be a number");
2238 if (dataLength < 0 || dataLength > _ccm_data_maxLength || dataLength > Math.pow(2, 8 * lengthSize) - 1) throw new IllegalArgumentError("illegal dataLength value");
2239 this.dataLength = dataLength;
2240 var dataLeft = options.dataLeft || dataLength;
2241 if (!is_number(dataLeft)) throw new TypeError("dataLeft must be a number");
2242 if (dataLeft < 0 || dataLeft > dataLength) throw new IllegalArgumentError("illegal dataLeft value");
2243 this.dataLeft = dataLeft;
2244 } else {
2245 this.dataLength = dataLength = -1;
2246 this.dataLeft = dataLength;
2247 }
2248 var adata = options.adata;
2249 if (adata !== undefined) {
2250 if (iv !== null) throw new IllegalStateError("you must specify either adata or iv, not both");
2251 if (is_buffer(adata) || is_bytes(adata)) {
2252 adata = new Uint8Array(adata);
2253 } else if (is_string(adata)) {
2254 var str = adata;
2255 adata = new Uint8Array(str.length);
2256 for (var i = 0; i < str.length; ++i) adata[i] = str.charCodeAt(i);
2257 } else {
2258 throw new TypeError("unexpected adata type");
2259 }
2260 if (adata.byteLength === 0 || adata.byteLength > _ccm_adata_maxLength) throw new IllegalArgumentError("illegal adata length");
2261 this.adata = adata;
2262 this.counter = 1;
2263 } else {
2264 this.adata = adata = null;
2265 }
2266 if (dataLength !== -1) _ccm_calculate_iv.call(this);
2267 return this;
2268 }
2269 function ccm_aes_encrypt_process(data) {
2270 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2271 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2272 if ((counter - 1 << 4) + len + dlen > _ccm_data_maxLength) throw new RangeError("counter overflow");
2273 var result = new Uint8Array(rlen);
2274 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2275 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2276 while (dlen > 0) {
2277 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2278 len += wlen;
2279 dpos += wlen;
2280 dlen -= wlen;
2281 asm_args[0] = pos;
2282 asm_args[1] = len & ~15;
2283 asm_args[16] = counter / 4294967296 >>> 0;
2284 asm_args[17] = counter >>> 0;
2285 wlen = asm.ccm_encrypt.apply(asm, asm_args);
2286 result.set(heap.subarray(pos, pos + wlen), rpos);
2287 counter += wlen >>> 4;
2288 rpos += wlen;
2289 if (wlen < len) {
2290 pos += wlen;
2291 len -= wlen;
2292 } else {
2293 pos = _aes_heap_start;
2294 len = 0;
2295 }
2296 }
2297 this.result = result;
2298 this.counter = counter;
2299 this.pos = pos;
2300 this.len = len;
2301 return this;
2302 }
2303 function ccm_aes_encrypt_finish() {
2304 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2305 var asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, wlen = 0;
2306 var result = new Uint8Array(len + tagSize);
2307 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2308 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2309 asm_args[0] = pos;
2310 asm_args[1] = len;
2311 asm_args[16] = counter / 4294967296 >>> 0;
2312 asm_args[17] = counter >>> 0;
2313 wlen = asm.ccm_encrypt.apply(asm, asm_args);
2314 result.set(heap.subarray(pos, pos + wlen));
2315 counter = 1;
2316 pos = _aes_heap_start;
2317 len = 0;
2318 asm.save_state(_aes_heap_start);
2319 asm_args[0] = _aes_heap_start, asm_args[1] = _aes_block_size, asm_args[16] = 0;
2320 asm_args[17] = 0;
2321 asm.ccm_encrypt.apply(asm, asm_args);
2322 result.set(heap.subarray(_aes_heap_start, _aes_heap_start + tagSize), wlen);
2323 this.result = result;
2324 this.counter = counter;
2325 this.pos = pos;
2326 this.len = len;
2327 return this;
2328 }
2329 function ccm_aes_encrypt(data) {
2330 this.dataLength = this.dataLeft = data.byteLength || data.length || 0;
2331 var result1 = ccm_aes_encrypt_process.call(this, data).result, result2 = ccm_aes_encrypt_finish.call(this).result, result;
2332 result = new Uint8Array(result1.length + result2.length);
2333 result.set(result1);
2334 result.set(result2, result1.length);
2335 this.result = result;
2336 return this;
2337 }
2338 function ccm_aes_decrypt_process(data) {
2339 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2340 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2341 if ((counter - 1 << 4) + len + dlen > _ccm_data_maxLength) throw new RangeError("counter overflow");
2342 var result = new Uint8Array(rlen);
2343 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2344 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2345 while (dlen > 0) {
2346 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2347 len += wlen;
2348 dpos += wlen;
2349 dlen -= wlen;
2350 asm_args[0] = pos;
2351 asm_args[1] = len + dlen - tagSize >= _aes_block_size ? dlen >= tagSize ? len & ~15 : len + dlen - tagSize & ~15 : 0;
2352 asm_args[16] = counter / 4294967296 >>> 0;
2353 asm_args[17] = counter >>> 0;
2354 wlen = asm.ccm_decrypt.apply(asm, asm_args);
2355 result.set(heap.subarray(pos, pos + wlen), rpos);
2356 counter += wlen >>> 4;
2357 rpos += wlen;
2358 if (wlen < len) {
2359 pos += wlen;
2360 len -= wlen;
2361 } else {
2362 pos = _aes_heap_start;
2363 len = 0;
2364 }
2365 }
2366 this.result = result.subarray(0, rpos);
2367 this.counter = counter;
2368 this.pos = pos;
2369 this.len = len;
2370 return this;
2371 }
2372 function ccm_aes_decrypt_finish() {
2373 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2374 var asm = this.asm, heap = this.heap, nonce = this.nonce, counter = this.counter, tagSize = this.tagSize, pos = this.pos, len = this.len, rlen = len - tagSize, wlen = 0;
2375 if (len < tagSize) throw new IllegalStateError("authentication tag not found");
2376 var result = new Uint8Array(rlen), atag = new Uint8Array(heap.subarray(pos + rlen, pos + len));
2377 var asm_args = [ 0, 0, this.lengthSize - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 ];
2378 for (var i = 0; i < nonce.length; i++) asm_args[3 + i] = nonce[i];
2379 asm_args[0] = pos;
2380 asm_args[1] = rlen;
2381 asm_args[16] = counter / 4294967296 >>> 0;
2382 asm_args[17] = counter >>> 0;
2383 wlen = asm.ccm_decrypt.apply(asm, asm_args);
2384 result.set(heap.subarray(pos, pos + wlen));
2385 counter = 1;
2386 pos = _aes_heap_start;
2387 len = 0;
2388 asm.save_state(_aes_heap_start);
2389 asm_args[0] = _aes_heap_start, asm_args[1] = _aes_block_size, asm_args[16] = 0;
2390 asm_args[17] = 0;
2391 asm.ccm_encrypt.apply(asm, asm_args);
2392 var acheck = 0;
2393 for (var i = 0; i < tagSize; ++i) acheck |= atag[i] ^ heap[_aes_heap_start + i];
2394 if (acheck) throw new SecurityError("data integrity check failed");
2395 this.result = result;
2396 this.counter = counter;
2397 this.pos = pos;
2398 this.len = len;
2399 return this;
2400 }
2401 function ccm_aes_decrypt(data) {
2402 this.dataLength = this.dataLeft = data.byteLength || data.length || 0;
2403 var result1 = ccm_aes_decrypt_process.call(this, data).result, result2 = ccm_aes_decrypt_finish.call(this).result, result;
2404 result = new Uint8Array(result1.length + result2.length);
2405 result.set(result1);
2406 result.set(result2, result1.length);
2407 this.result = result;
2408 return this;
2409 }
2410 var ccm_aes_prototype = ccm_aes_constructor.prototype;
2411 ccm_aes_prototype.reset = ccm_aes_reset;
2412 ccm_aes_prototype.encrypt = ccm_aes_encrypt;
2413 ccm_aes_prototype.decrypt = ccm_aes_decrypt;
2414 var ccm_aes_encrypt_prototype = ccm_aes_encrypt_constructor.prototype;
2415 ccm_aes_encrypt_prototype.reset = ccm_aes_reset;
2416 ccm_aes_encrypt_prototype.process = ccm_aes_encrypt_process;
2417 ccm_aes_encrypt_prototype.finish = ccm_aes_encrypt_finish;
2418 var ccm_aes_decrypt_prototype = ccm_aes_decrypt_constructor.prototype;
2419 ccm_aes_decrypt_prototype.reset = ccm_aes_reset;
2420 ccm_aes_decrypt_prototype.process = ccm_aes_decrypt_process;
2421 ccm_aes_decrypt_prototype.finish = ccm_aes_decrypt_finish;
2422 function cfb_aes_constructor(options) {
2423 this.padding = false;
2424 this.mode = "cfb";
2425 this.iv = null;
2426 _aes_constructor.call(this, options);
2427 }
2428 function cfb_aes_encrypt_constructor(options) {
2429 cfb_aes_constructor.call(this, options);
2430 }
2431 function cfb_aes_decrypt_constructor(options) {
2432 cfb_aes_constructor.call(this, options);
2433 }
2434 function cfb_aes_reset(options) {
2435 options = options || {};
2436 _aes_reset.call(this, options);
2437 _aes_init_iv.call(this, options.iv);
2438 return this;
2439 }
2440 function cfb_aes_encrypt_process(data) {
2441 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2442 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2443 var result = new Uint8Array(rlen);
2444 while (dlen > 0) {
2445 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2446 len += wlen;
2447 dpos += wlen;
2448 dlen -= wlen;
2449 wlen = asm.cfb_encrypt(pos, _aes_block_size * Math.floor(len / _aes_block_size));
2450 result.set(heap.subarray(pos, pos + wlen), rpos);
2451 rpos += wlen;
2452 if (wlen < len) {
2453 pos += wlen;
2454 len -= wlen;
2455 } else {
2456 pos = _aes_heap_start;
2457 len = 0;
2458 }
2459 }
2460 this.result = result;
2461 this.pos = pos;
2462 this.len = len;
2463 return this;
2464 }
2465 function cfb_aes_encrypt_finish() {
2466 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2467 var asm = this.asm, heap = this.heap, pos = this.pos, len = this.len;
2468 var result = new Uint8Array(len);
2469 asm.cfb_encrypt(pos, len);
2470 result.set(heap.subarray(pos, pos + len));
2471 this.result = result;
2472 this.pos = _aes_heap_start;
2473 this.len = 0;
2474 return this;
2475 }
2476 function cfb_aes_encrypt(data) {
2477 var result1 = cfb_aes_encrypt_process.call(this, data).result, result2 = cfb_aes_encrypt_finish.call(this).result, result;
2478 result = new Uint8Array(result1.length + result2.length);
2479 result.set(result1);
2480 result.set(result2, result1.length);
2481 this.result = result;
2482 return this;
2483 }
2484 function cfb_aes_decrypt_process(data) {
2485 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2486 var dpos = data.byteOffset || 0, dlen = data.byteLength || data.length || 0, asm = this.asm, heap = this.heap, pos = this.pos, len = this.len, rpos = 0, rlen = _aes_block_size * Math.floor((len + dlen) / _aes_block_size), wlen = 0;
2487 var result = new Uint8Array(rlen);
2488 while (dlen > 0) {
2489 wlen = _aes_heap_write(heap, pos + len, data, dpos, dlen);
2490 len += wlen;
2491 dpos += wlen;
2492 dlen -= wlen;
2493 wlen = asm.cfb_decrypt(pos, _aes_block_size * Math.floor(len / _aes_block_size));
2494 result.set(heap.subarray(pos, pos + wlen), rpos);
2495 rpos += wlen;
2496 if (wlen < len) {
2497 pos += wlen;
2498 len -= wlen;
2499 } else {
2500 pos = _aes_heap_start;
2501 len = 0;
2502 }
2503 }
2504 this.result = result.subarray(0, rpos);
2505 this.pos = pos;
2506 this.len = len;
2507 return this;
2508 }
2509 function cfb_aes_decrypt_finish() {
2510 if (!this.key) throw new IllegalStateError("no key is associated with the instance");
2511 var asm = this.asm, heap = this.heap, pos = this.pos, len = this.len;
2512 if (len === 0) {
2513 this.result = new Uint8Array(0);
2514 this.pos = _aes_heap_start;
2515 this.len = 0;
2516 return this;
2517 }
2518 var result = new Uint8Array(len);
2519 asm.cfb_decrypt(pos, len);
2520 result.set(heap.subarray(pos, pos + len));
2521 this.result = result;
2522 this.pos = _aes_heap_start;
2523 this.len = 0;
2524 return this;
2525 }
2526 function cfb_aes_decrypt(data) {
2527 var result1 = cfb_aes_decrypt_process.call(this, data).result, result2 = cfb_aes_decrypt_finish.call(this).result, result;
2528 result = new Uint8Array(result1.length + result2.length);
2529 result.set(result1);
2530 result.set(result2, result1.length);
2531 this.result = result;
2532 return this;
2533 }
2534 var cfb_aes_encrypt_prototype = cfb_aes_encrypt_constructor.prototype;
2535 cfb_aes_encrypt_prototype.reset = cfb_aes_reset;
2536 cfb_aes_encrypt_prototype.process = cfb_aes_encrypt_process;
2537 cfb_aes_encrypt_prototype.finish = cfb_aes_encrypt_finish;
2538 var cfb_aes_decrypt_prototype = cfb_aes_decrypt_constructor.prototype;
2539 cfb_aes_decrypt_prototype.reset = cfb_aes_reset;
2540 cfb_aes_decrypt_prototype.process = cfb_aes_decrypt_process;
2541 cfb_aes_decrypt_prototype.finish = cfb_aes_decrypt_finish;
2542 var cfb_aes_prototype = cfb_aes_constructor.prototype;
2543 cfb_aes_prototype.reset = cfb_aes_reset;
2544 cfb_aes_prototype.encrypt = cfb_aes_encrypt;
2545 cfb_aes_prototype.decrypt = cfb_aes_decrypt;
2546 function sha256_asm(stdlib, foreign, buffer) {
2547 // Closure Compiler warning - commented out
2548 //"use asm";
2549 var H0 = 0, H1 = 0, H2 = 0, H3 = 0, H4 = 0, H5 = 0, H6 = 0, H7 = 0, TOTAL = 0;
2550 var I0 = 0, I1 = 0, I2 = 0, I3 = 0, I4 = 0, I5 = 0, I6 = 0, I7 = 0, O0 = 0, O1 = 0, O2 = 0, O3 = 0, O4 = 0, O5 = 0, O6 = 0, O7 = 0;
2551 var HEAP = new stdlib.Uint8Array(buffer);
2552 function _core(w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15) {
2553 w0 = w0 | 0;
2554 w1 = w1 | 0;
2555 w2 = w2 | 0;
2556 w3 = w3 | 0;
2557 w4 = w4 | 0;
2558 w5 = w5 | 0;
2559 w6 = w6 | 0;
2560 w7 = w7 | 0;
2561 w8 = w8 | 0;
2562 w9 = w9 | 0;
2563 w10 = w10 | 0;
2564 w11 = w11 | 0;
2565 w12 = w12 | 0;
2566 w13 = w13 | 0;
2567 w14 = w14 | 0;
2568 w15 = w15 | 0;
2569 var a = 0, b = 0, c = 0, d = 0, e = 0, f = 0, g = 0, h = 0, t = 0;
2570 a = H0;
2571 b = H1;
2572 c = H2;
2573 d = H3;
2574 e = H4;
2575 f = H5;
2576 g = H6;
2577 h = H7;
2578 t = w0 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1116352408 | 0;
2579 h = g;
2580 g = f;
2581 f = e;
2582 e = d + t | 0;
2583 d = c;
2584 c = b;
2585 b = a;
2586 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2587 t = w1 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1899447441 | 0;
2588 h = g;
2589 g = f;
2590 f = e;
2591 e = d + t | 0;
2592 d = c;
2593 c = b;
2594 b = a;
2595 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2596 t = w2 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3049323471 | 0;
2597 h = g;
2598 g = f;
2599 f = e;
2600 e = d + t | 0;
2601 d = c;
2602 c = b;
2603 b = a;
2604 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2605 t = w3 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3921009573 | 0;
2606 h = g;
2607 g = f;
2608 f = e;
2609 e = d + t | 0;
2610 d = c;
2611 c = b;
2612 b = a;
2613 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2614 t = w4 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 961987163 | 0;
2615 h = g;
2616 g = f;
2617 f = e;
2618 e = d + t | 0;
2619 d = c;
2620 c = b;
2621 b = a;
2622 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2623 t = w5 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1508970993 | 0;
2624 h = g;
2625 g = f;
2626 f = e;
2627 e = d + t | 0;
2628 d = c;
2629 c = b;
2630 b = a;
2631 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2632 t = w6 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2453635748 | 0;
2633 h = g;
2634 g = f;
2635 f = e;
2636 e = d + t | 0;
2637 d = c;
2638 c = b;
2639 b = a;
2640 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2641 t = w7 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2870763221 | 0;
2642 h = g;
2643 g = f;
2644 f = e;
2645 e = d + t | 0;
2646 d = c;
2647 c = b;
2648 b = a;
2649 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2650 t = w8 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3624381080 | 0;
2651 h = g;
2652 g = f;
2653 f = e;
2654 e = d + t | 0;
2655 d = c;
2656 c = b;
2657 b = a;
2658 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2659 t = w9 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 310598401 | 0;
2660 h = g;
2661 g = f;
2662 f = e;
2663 e = d + t | 0;
2664 d = c;
2665 c = b;
2666 b = a;
2667 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2668 t = w10 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 607225278 | 0;
2669 h = g;
2670 g = f;
2671 f = e;
2672 e = d + t | 0;
2673 d = c;
2674 c = b;
2675 b = a;
2676 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2677 t = w11 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1426881987 | 0;
2678 h = g;
2679 g = f;
2680 f = e;
2681 e = d + t | 0;
2682 d = c;
2683 c = b;
2684 b = a;
2685 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2686 t = w12 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1925078388 | 0;
2687 h = g;
2688 g = f;
2689 f = e;
2690 e = d + t | 0;
2691 d = c;
2692 c = b;
2693 b = a;
2694 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2695 t = w13 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2162078206 | 0;
2696 h = g;
2697 g = f;
2698 f = e;
2699 e = d + t | 0;
2700 d = c;
2701 c = b;
2702 b = a;
2703 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2704 t = w14 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2614888103 | 0;
2705 h = g;
2706 g = f;
2707 f = e;
2708 e = d + t | 0;
2709 d = c;
2710 c = b;
2711 b = a;
2712 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2713 t = w15 + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3248222580 | 0;
2714 h = g;
2715 g = f;
2716 f = e;
2717 e = d + t | 0;
2718 d = c;
2719 c = b;
2720 b = a;
2721 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2722 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
2723 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3835390401 | 0;
2724 h = g;
2725 g = f;
2726 f = e;
2727 e = d + t | 0;
2728 d = c;
2729 c = b;
2730 b = a;
2731 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2732 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
2733 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 4022224774 | 0;
2734 h = g;
2735 g = f;
2736 f = e;
2737 e = d + t | 0;
2738 d = c;
2739 c = b;
2740 b = a;
2741 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2742 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
2743 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 264347078 | 0;
2744 h = g;
2745 g = f;
2746 f = e;
2747 e = d + t | 0;
2748 d = c;
2749 c = b;
2750 b = a;
2751 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2752 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
2753 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 604807628 | 0;
2754 h = g;
2755 g = f;
2756 f = e;
2757 e = d + t | 0;
2758 d = c;
2759 c = b;
2760 b = a;
2761 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2762 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
2763 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 770255983 | 0;
2764 h = g;
2765 g = f;
2766 f = e;
2767 e = d + t | 0;
2768 d = c;
2769 c = b;
2770 b = a;
2771 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2772 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
2773 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1249150122 | 0;
2774 h = g;
2775 g = f;
2776 f = e;
2777 e = d + t | 0;
2778 d = c;
2779 c = b;
2780 b = a;
2781 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2782 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
2783 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1555081692 | 0;
2784 h = g;
2785 g = f;
2786 f = e;
2787 e = d + t | 0;
2788 d = c;
2789 c = b;
2790 b = a;
2791 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2792 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
2793 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1996064986 | 0;
2794 h = g;
2795 g = f;
2796 f = e;
2797 e = d + t | 0;
2798 d = c;
2799 c = b;
2800 b = a;
2801 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2802 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
2803 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2554220882 | 0;
2804 h = g;
2805 g = f;
2806 f = e;
2807 e = d + t | 0;
2808 d = c;
2809 c = b;
2810 b = a;
2811 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2812 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
2813 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2821834349 | 0;
2814 h = g;
2815 g = f;
2816 f = e;
2817 e = d + t | 0;
2818 d = c;
2819 c = b;
2820 b = a;
2821 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2822 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
2823 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2952996808 | 0;
2824 h = g;
2825 g = f;
2826 f = e;
2827 e = d + t | 0;
2828 d = c;
2829 c = b;
2830 b = a;
2831 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2832 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
2833 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3210313671 | 0;
2834 h = g;
2835 g = f;
2836 f = e;
2837 e = d + t | 0;
2838 d = c;
2839 c = b;
2840 b = a;
2841 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2842 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
2843 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3336571891 | 0;
2844 h = g;
2845 g = f;
2846 f = e;
2847 e = d + t | 0;
2848 d = c;
2849 c = b;
2850 b = a;
2851 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2852 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
2853 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3584528711 | 0;
2854 h = g;
2855 g = f;
2856 f = e;
2857 e = d + t | 0;
2858 d = c;
2859 c = b;
2860 b = a;
2861 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2862 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
2863 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 113926993 | 0;
2864 h = g;
2865 g = f;
2866 f = e;
2867 e = d + t | 0;
2868 d = c;
2869 c = b;
2870 b = a;
2871 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2872 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
2873 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 338241895 | 0;
2874 h = g;
2875 g = f;
2876 f = e;
2877 e = d + t | 0;
2878 d = c;
2879 c = b;
2880 b = a;
2881 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2882 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
2883 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 666307205 | 0;
2884 h = g;
2885 g = f;
2886 f = e;
2887 e = d + t | 0;
2888 d = c;
2889 c = b;
2890 b = a;
2891 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2892 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
2893 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 773529912 | 0;
2894 h = g;
2895 g = f;
2896 f = e;
2897 e = d + t | 0;
2898 d = c;
2899 c = b;
2900 b = a;
2901 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2902 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
2903 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1294757372 | 0;
2904 h = g;
2905 g = f;
2906 f = e;
2907 e = d + t | 0;
2908 d = c;
2909 c = b;
2910 b = a;
2911 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2912 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
2913 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1396182291 | 0;
2914 h = g;
2915 g = f;
2916 f = e;
2917 e = d + t | 0;
2918 d = c;
2919 c = b;
2920 b = a;
2921 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2922 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
2923 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1695183700 | 0;
2924 h = g;
2925 g = f;
2926 f = e;
2927 e = d + t | 0;
2928 d = c;
2929 c = b;
2930 b = a;
2931 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2932 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
2933 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1986661051 | 0;
2934 h = g;
2935 g = f;
2936 f = e;
2937 e = d + t | 0;
2938 d = c;
2939 c = b;
2940 b = a;
2941 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2942 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
2943 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2177026350 | 0;
2944 h = g;
2945 g = f;
2946 f = e;
2947 e = d + t | 0;
2948 d = c;
2949 c = b;
2950 b = a;
2951 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2952 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
2953 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2456956037 | 0;
2954 h = g;
2955 g = f;
2956 f = e;
2957 e = d + t | 0;
2958 d = c;
2959 c = b;
2960 b = a;
2961 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2962 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
2963 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2730485921 | 0;
2964 h = g;
2965 g = f;
2966 f = e;
2967 e = d + t | 0;
2968 d = c;
2969 c = b;
2970 b = a;
2971 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2972 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
2973 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2820302411 | 0;
2974 h = g;
2975 g = f;
2976 f = e;
2977 e = d + t | 0;
2978 d = c;
2979 c = b;
2980 b = a;
2981 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2982 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
2983 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3259730800 | 0;
2984 h = g;
2985 g = f;
2986 f = e;
2987 e = d + t | 0;
2988 d = c;
2989 c = b;
2990 b = a;
2991 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
2992 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
2993 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3345764771 | 0;
2994 h = g;
2995 g = f;
2996 f = e;
2997 e = d + t | 0;
2998 d = c;
2999 c = b;
3000 b = a;
3001 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3002 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
3003 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3516065817 | 0;
3004 h = g;
3005 g = f;
3006 f = e;
3007 e = d + t | 0;
3008 d = c;
3009 c = b;
3010 b = a;
3011 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3012 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
3013 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3600352804 | 0;
3014 h = g;
3015 g = f;
3016 f = e;
3017 e = d + t | 0;
3018 d = c;
3019 c = b;
3020 b = a;
3021 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3022 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
3023 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 4094571909 | 0;
3024 h = g;
3025 g = f;
3026 f = e;
3027 e = d + t | 0;
3028 d = c;
3029 c = b;
3030 b = a;
3031 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3032 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
3033 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 275423344 | 0;
3034 h = g;
3035 g = f;
3036 f = e;
3037 e = d + t | 0;
3038 d = c;
3039 c = b;
3040 b = a;
3041 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3042 w0 = t = (w1 >>> 7 ^ w1 >>> 18 ^ w1 >>> 3 ^ w1 << 25 ^ w1 << 14) + (w14 >>> 17 ^ w14 >>> 19 ^ w14 >>> 10 ^ w14 << 15 ^ w14 << 13) + w0 + w9 | 0;
3043 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 430227734 | 0;
3044 h = g;
3045 g = f;
3046 f = e;
3047 e = d + t | 0;
3048 d = c;
3049 c = b;
3050 b = a;
3051 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3052 w1 = t = (w2 >>> 7 ^ w2 >>> 18 ^ w2 >>> 3 ^ w2 << 25 ^ w2 << 14) + (w15 >>> 17 ^ w15 >>> 19 ^ w15 >>> 10 ^ w15 << 15 ^ w15 << 13) + w1 + w10 | 0;
3053 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 506948616 | 0;
3054 h = g;
3055 g = f;
3056 f = e;
3057 e = d + t | 0;
3058 d = c;
3059 c = b;
3060 b = a;
3061 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3062 w2 = t = (w3 >>> 7 ^ w3 >>> 18 ^ w3 >>> 3 ^ w3 << 25 ^ w3 << 14) + (w0 >>> 17 ^ w0 >>> 19 ^ w0 >>> 10 ^ w0 << 15 ^ w0 << 13) + w2 + w11 | 0;
3063 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 659060556 | 0;
3064 h = g;
3065 g = f;
3066 f = e;
3067 e = d + t | 0;
3068 d = c;
3069 c = b;
3070 b = a;
3071 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3072 w3 = t = (w4 >>> 7 ^ w4 >>> 18 ^ w4 >>> 3 ^ w4 << 25 ^ w4 << 14) + (w1 >>> 17 ^ w1 >>> 19 ^ w1 >>> 10 ^ w1 << 15 ^ w1 << 13) + w3 + w12 | 0;
3073 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 883997877 | 0;
3074 h = g;
3075 g = f;
3076 f = e;
3077 e = d + t | 0;
3078 d = c;
3079 c = b;
3080 b = a;
3081 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3082 w4 = t = (w5 >>> 7 ^ w5 >>> 18 ^ w5 >>> 3 ^ w5 << 25 ^ w5 << 14) + (w2 >>> 17 ^ w2 >>> 19 ^ w2 >>> 10 ^ w2 << 15 ^ w2 << 13) + w4 + w13 | 0;
3083 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 958139571 | 0;
3084 h = g;
3085 g = f;
3086 f = e;
3087 e = d + t | 0;
3088 d = c;
3089 c = b;
3090 b = a;
3091 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3092 w5 = t = (w6 >>> 7 ^ w6 >>> 18 ^ w6 >>> 3 ^ w6 << 25 ^ w6 << 14) + (w3 >>> 17 ^ w3 >>> 19 ^ w3 >>> 10 ^ w3 << 15 ^ w3 << 13) + w5 + w14 | 0;
3093 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1322822218 | 0;
3094 h = g;
3095 g = f;
3096 f = e;
3097 e = d + t | 0;
3098 d = c;
3099 c = b;
3100 b = a;
3101 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3102 w6 = t = (w7 >>> 7 ^ w7 >>> 18 ^ w7 >>> 3 ^ w7 << 25 ^ w7 << 14) + (w4 >>> 17 ^ w4 >>> 19 ^ w4 >>> 10 ^ w4 << 15 ^ w4 << 13) + w6 + w15 | 0;
3103 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1537002063 | 0;
3104 h = g;
3105 g = f;
3106 f = e;
3107 e = d + t | 0;
3108 d = c;
3109 c = b;
3110 b = a;
3111 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3112 w7 = t = (w8 >>> 7 ^ w8 >>> 18 ^ w8 >>> 3 ^ w8 << 25 ^ w8 << 14) + (w5 >>> 17 ^ w5 >>> 19 ^ w5 >>> 10 ^ w5 << 15 ^ w5 << 13) + w7 + w0 | 0;
3113 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1747873779 | 0;
3114 h = g;
3115 g = f;
3116 f = e;
3117 e = d + t | 0;
3118 d = c;
3119 c = b;
3120 b = a;
3121 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3122 w8 = t = (w9 >>> 7 ^ w9 >>> 18 ^ w9 >>> 3 ^ w9 << 25 ^ w9 << 14) + (w6 >>> 17 ^ w6 >>> 19 ^ w6 >>> 10 ^ w6 << 15 ^ w6 << 13) + w8 + w1 | 0;
3123 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 1955562222 | 0;
3124 h = g;
3125 g = f;
3126 f = e;
3127 e = d + t | 0;
3128 d = c;
3129 c = b;
3130 b = a;
3131 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3132 w9 = t = (w10 >>> 7 ^ w10 >>> 18 ^ w10 >>> 3 ^ w10 << 25 ^ w10 << 14) + (w7 >>> 17 ^ w7 >>> 19 ^ w7 >>> 10 ^ w7 << 15 ^ w7 << 13) + w9 + w2 | 0;
3133 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2024104815 | 0;
3134 h = g;
3135 g = f;
3136 f = e;
3137 e = d + t | 0;
3138 d = c;
3139 c = b;
3140 b = a;
3141 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3142 w10 = t = (w11 >>> 7 ^ w11 >>> 18 ^ w11 >>> 3 ^ w11 << 25 ^ w11 << 14) + (w8 >>> 17 ^ w8 >>> 19 ^ w8 >>> 10 ^ w8 << 15 ^ w8 << 13) + w10 + w3 | 0;
3143 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2227730452 | 0;
3144 h = g;
3145 g = f;
3146 f = e;
3147 e = d + t | 0;
3148 d = c;
3149 c = b;
3150 b = a;
3151 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3152 w11 = t = (w12 >>> 7 ^ w12 >>> 18 ^ w12 >>> 3 ^ w12 << 25 ^ w12 << 14) + (w9 >>> 17 ^ w9 >>> 19 ^ w9 >>> 10 ^ w9 << 15 ^ w9 << 13) + w11 + w4 | 0;
3153 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2361852424 | 0;
3154 h = g;
3155 g = f;
3156 f = e;
3157 e = d + t | 0;
3158 d = c;
3159 c = b;
3160 b = a;
3161 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3162 w12 = t = (w13 >>> 7 ^ w13 >>> 18 ^ w13 >>> 3 ^ w13 << 25 ^ w13 << 14) + (w10 >>> 17 ^ w10 >>> 19 ^ w10 >>> 10 ^ w10 << 15 ^ w10 << 13) + w12 + w5 | 0;
3163 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2428436474 | 0;
3164 h = g;
3165 g = f;
3166 f = e;
3167 e = d + t | 0;
3168 d = c;
3169 c = b;
3170 b = a;
3171 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3172 w13 = t = (w14 >>> 7 ^ w14 >>> 18 ^ w14 >>> 3 ^ w14 << 25 ^ w14 << 14) + (w11 >>> 17 ^ w11 >>> 19 ^ w11 >>> 10 ^ w11 << 15 ^ w11 << 13) + w13 + w6 | 0;
3173 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 2756734187 | 0;
3174 h = g;
3175 g = f;
3176 f = e;
3177 e = d + t | 0;
3178 d = c;
3179 c = b;
3180 b = a;
3181 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3182 w14 = t = (w15 >>> 7 ^ w15 >>> 18 ^ w15 >>> 3 ^ w15 << 25 ^ w15 << 14) + (w12 >>> 17 ^ w12 >>> 19 ^ w12 >>> 10 ^ w12 << 15 ^ w12 << 13) + w14 + w7 | 0;
3183 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3204031479 | 0;
3184 h = g;
3185 g = f;
3186 f = e;
3187 e = d + t | 0;
3188 d = c;
3189 c = b;
3190 b = a;
3191 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3192 w15 = t = (w0 >>> 7 ^ w0 >>> 18 ^ w0 >>> 3 ^ w0 << 25 ^ w0 << 14) + (w13 >>> 17 ^ w13 >>> 19 ^ w13 >>> 10 ^ w13 << 15 ^ w13 << 13) + w15 + w8 | 0;
3193 t = t + h + (e >>> 6 ^ e >>> 11 ^ e >>> 25 ^ e << 26 ^ e << 21 ^ e << 7) + (g ^ e & (f ^ g)) + 3329325298 | 0;
3194 h = g;
3195 g = f;
3196 f = e;
3197 e = d + t | 0;
3198 d = c;
3199 c = b;
3200 b = a;
3201 a = t + (b & c ^ d & (b ^ c)) + (b >>> 2 ^ b >>> 13 ^ b >>> 22 ^ b << 30 ^ b << 19 ^ b << 10) | 0;
3202 H0 = H0 + a | 0;
3203 H1 = H1 + b | 0;
3204 H2 = H2 + c | 0;
3205 H3 = H3 + d | 0;
3206 H4 = H4 + e | 0;
3207 H5 = H5 + f | 0;
3208 H6 = H6 + g | 0;
3209 H7 = H7 + h | 0;
3210 }
3211 function _core_heap(offset) {
3212 offset = offset | 0;
3213 _core(HEAP[offset | 0] << 24 | HEAP[offset | 1] << 16 | HEAP[offset | 2] << 8 | HEAP[offset | 3], HEAP[offset | 4] << 24 | HEAP[offset | 5] << 16 | HEAP[offset | 6] << 8 | HEAP[offset | 7], HEAP[offset | 8] << 24 | HEAP[offset | 9] << 16 | HEAP[offset | 10] << 8 | HEAP[offset | 11], HEAP[offset | 12] << 24 | HEAP[offset | 13] << 16 | HEAP[offset | 14] << 8 | HEAP[offset | 15], HEAP[offset | 16] << 24 | HEAP[offset | 17] << 16 | HEAP[offset | 18] << 8 | HEAP[offset | 19], HEAP[offset | 20] << 24 | HEAP[offset | 21] << 16 | HEAP[offset | 22] << 8 | HEAP[offset | 23], HEAP[offset | 24] << 24 | HEAP[offset | 25] << 16 | HEAP[offset | 26] << 8 | HEAP[offset | 27], HEAP[offset | 28] << 24 | HEAP[offset | 29] << 16 | HEAP[offset | 30] << 8 | HEAP[offset | 31], HEAP[offset | 32] << 24 | HEAP[offset | 33] << 16 | HEAP[offset | 34] << 8 | HEAP[offset | 35], HEAP[offset | 36] << 24 | HEAP[offset | 37] << 16 | HEAP[offset | 38] << 8 | HEAP[offset | 39], HEAP[offset | 40] << 24 | HEAP[offset | 41] << 16 | HEAP[offset | 42] << 8 | HEAP[offset | 43], HEAP[offset | 44] << 24 | HEAP[offset | 45] << 16 | HEAP[offset | 46] << 8 | HEAP[offset | 47], HEAP[offset | 48] << 24 | HEAP[offset | 49] << 16 | HEAP[offset | 50] << 8 | HEAP[offset | 51], HEAP[offset | 52] << 24 | HEAP[offset | 53] << 16 | HEAP[offset | 54] << 8 | HEAP[offset | 55], HEAP[offset | 56] << 24 | HEAP[offset | 57] << 16 | HEAP[offset | 58] << 8 | HEAP[offset | 59], HEAP[offset | 60] << 24 | HEAP[offset | 61] << 16 | HEAP[offset | 62] << 8 | HEAP[offset | 63]);
3214 }
3215 function _state_to_heap(output) {
3216 output = output | 0;
3217 HEAP[output | 0] = H0 >>> 24;
3218 HEAP[output | 1] = H0 >>> 16 & 255;
3219 HEAP[output | 2] = H0 >>> 8 & 255;
3220 HEAP[output | 3] = H0 & 255;
3221 HEAP[output | 4] = H1 >>> 24;
3222 HEAP[output | 5] = H1 >>> 16 & 255;
3223 HEAP[output | 6] = H1 >>> 8 & 255;
3224 HEAP[output | 7] = H1 & 255;
3225 HEAP[output | 8] = H2 >>> 24;
3226 HEAP[output | 9] = H2 >>> 16 & 255;
3227 HEAP[output | 10] = H2 >>> 8 & 255;
3228 HEAP[output | 11] = H2 & 255;
3229 HEAP[output | 12] = H3 >>> 24;
3230 HEAP[output | 13] = H3 >>> 16 & 255;
3231 HEAP[output | 14] = H3 >>> 8 & 255;
3232 HEAP[output | 15] = H3 & 255;
3233 HEAP[output | 16] = H4 >>> 24;
3234 HEAP[output | 17] = H4 >>> 16 & 255;
3235 HEAP[output | 18] = H4 >>> 8 & 255;
3236 HEAP[output | 19] = H4 & 255;
3237 HEAP[output | 20] = H5 >>> 24;
3238 HEAP[output | 21] = H5 >>> 16 & 255;
3239 HEAP[output | 22] = H5 >>> 8 & 255;
3240 HEAP[output | 23] = H5 & 255;
3241 HEAP[output | 24] = H6 >>> 24;
3242 HEAP[output | 25] = H6 >>> 16 & 255;
3243 HEAP[output | 26] = H6 >>> 8 & 255;
3244 HEAP[output | 27] = H6 & 255;
3245 HEAP[output | 28] = H7 >>> 24;
3246 HEAP[output | 29] = H7 >>> 16 & 255;
3247 HEAP[output | 30] = H7 >>> 8 & 255;
3248 HEAP[output | 31] = H7 & 255;
3249 }
3250 function reset() {
3251 H0 = 1779033703;
3252 H1 = 3144134277;
3253 H2 = 1013904242;
3254 H3 = 2773480762;
3255 H4 = 1359893119;
3256 H5 = 2600822924;
3257 H6 = 528734635;
3258 H7 = 1541459225;
3259 TOTAL = 0;
3260 }
3261 function init(h0, h1, h2, h3, h4, h5, h6, h7, total) {
3262 h0 = h0 | 0;
3263 h1 = h1 | 0;
3264 h2 = h2 | 0;
3265 h3 = h3 | 0;
3266 h4 = h4 | 0;
3267 h5 = h5 | 0;
3268 h6 = h6 | 0;
3269 h7 = h7 | 0;
3270 total = total | 0;
3271 H0 = h0;
3272 H1 = h1;
3273 H2 = h2;
3274 H3 = h3;
3275 H4 = h4;
3276 H5 = h5;
3277 H6 = h6;
3278 H7 = h7;
3279 TOTAL = total;
3280 }
3281 function process(offset, length) {
3282 offset = offset | 0;
3283 length = length | 0;
3284 var hashed = 0;
3285 if (offset & 63) return -1;
3286 while ((length | 0) >= 64) {
3287 _core_heap(offset);
3288 offset = offset + 64 | 0;
3289 length = length - 64 | 0;
3290 hashed = hashed + 64 | 0;
3291 }
3292 TOTAL = TOTAL + hashed | 0;
3293 return hashed | 0;
3294 }
3295 function finish(offset, length, output) {
3296 offset = offset | 0;
3297 length = length | 0;
3298 output = output | 0;
3299 var hashed = 0, i = 0;
3300 if (offset & 63) return -1;
3301 if (~output) if (output & 31) return -1;
3302 if ((length | 0) >= 64) {
3303 hashed = process(offset, length) | 0;
3304 if ((hashed | 0) == -1) return -1;
3305 offset = offset + hashed | 0;
3306 length = length - hashed | 0;
3307 }
3308 hashed = hashed + length | 0;
3309 TOTAL = TOTAL + length | 0;
3310 HEAP[offset | length] = 128;
3311 if ((length | 0) >= 56) {
3312 for (i = length + 1 | 0; (i | 0) < 64; i = i + 1 | 0) HEAP[offset | i] = 0;
3313 _core_heap(offset);
3314 length = 0;
3315 HEAP[offset | 0] = 0;
3316 }
3317 for (i = length + 1 | 0; (i | 0) < 59; i = i + 1 | 0) HEAP[offset | i] = 0;
3318 HEAP[offset | 59] = TOTAL >>> 29;
3319 HEAP[offset | 60] = TOTAL >>> 21 & 255;
3320 HEAP[offset | 61] = TOTAL >>> 13 & 255;
3321 HEAP[offset | 62] = TOTAL >>> 5 & 255;
3322 HEAP[offset | 63] = TOTAL << 3 & 255;
3323 _core_heap(offset);
3324 if (~output) _state_to_heap(output);
3325 return hashed | 0;
3326 }
3327 function hmac_reset() {
3328 H0 = I0;
3329 H1 = I1;
3330 H2 = I2;
3331 H3 = I3;
3332 H4 = I4;
3333 H5 = I5;
3334 H6 = I6;
3335 H7 = I7;
3336 TOTAL = 64;
3337 }
3338 function _hmac_opad() {
3339 H0 = O0;
3340 H1 = O1;
3341 H2 = O2;
3342 H3 = O3;
3343 H4 = O4;
3344 H5 = O5;
3345 H6 = O6;
3346 H7 = O7;
3347 TOTAL = 64;
3348 }
3349 function hmac_init(p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p10, p11, p12, p13, p14, p15) {
3350 p0 = p0 | 0;
3351 p1 = p1 | 0;
3352 p2 = p2 | 0;
3353 p3 = p3 | 0;
3354 p4 = p4 | 0;
3355 p5 = p5 | 0;
3356 p6 = p6 | 0;
3357 p7 = p7 | 0;
3358 p8 = p8 | 0;
3359 p9 = p9 | 0;
3360 p10 = p10 | 0;
3361 p11 = p11 | 0;
3362 p12 = p12 | 0;
3363 p13 = p13 | 0;
3364 p14 = p14 | 0;
3365 p15 = p15 | 0;
3366 reset();
3367 _core(p0 ^ 1549556828, p1 ^ 1549556828, p2 ^ 1549556828, p3 ^ 1549556828, p4 ^ 1549556828, p5 ^ 1549556828, p6 ^ 1549556828, p7 ^ 1549556828, p8 ^ 1549556828, p9 ^ 1549556828, p10 ^ 1549556828, p11 ^ 1549556828, p12 ^ 1549556828, p13 ^ 1549556828, p14 ^ 1549556828, p15 ^ 1549556828);
3368 O0 = H0;
3369 O1 = H1;
3370 O2 = H2;
3371 O3 = H3;
3372 O4 = H4;
3373 O5 = H5;
3374 O6 = H6;
3375 O7 = H7;
3376 reset();
3377 _core(p0 ^ 909522486, p1 ^ 909522486, p2 ^ 909522486, p3 ^ 909522486, p4 ^ 909522486, p5 ^ 909522486, p6 ^ 909522486, p7 ^ 909522486, p8 ^ 909522486, p9 ^ 909522486, p10 ^ 909522486, p11 ^ 909522486, p12 ^ 909522486, p13 ^ 909522486, p14 ^ 909522486, p15 ^ 909522486);
3378 I0 = H0;
3379 I1 = H1;
3380 I2 = H2;
3381 I3 = H3;
3382 I4 = H4;
3383 I5 = H5;
3384 I6 = H6;
3385 I7 = H7;
3386 TOTAL = 64;
3387 }
3388 function hmac_finish(offset, length, output) {
3389 offset = offset | 0;
3390 length = length | 0;
3391 output = output | 0;
3392 var t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, hashed = 0;
3393 if (offset & 63) return -1;
3394 if (~output) if (output & 31) return -1;
3395 hashed = finish(offset, length, -1) | 0;
3396 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
3397 _hmac_opad();
3398 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
3399 if (~output) _state_to_heap(output);
3400 return hashed | 0;
3401 }
3402 function pbkdf2_generate_block(offset, length, block, count, output) {
3403 offset = offset | 0;
3404 length = length | 0;
3405 block = block | 0;
3406 count = count | 0;
3407 output = output | 0;
3408 var h0 = 0, h1 = 0, h2 = 0, h3 = 0, h4 = 0, h5 = 0, h6 = 0, h7 = 0, t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0;
3409 if (offset & 63) return -1;
3410 if (~output) if (output & 31) return -1;
3411 HEAP[offset + length | 0] = block >>> 24;
3412 HEAP[offset + length + 1 | 0] = block >>> 16 & 255;
3413 HEAP[offset + length + 2 | 0] = block >>> 8 & 255;
3414 HEAP[offset + length + 3 | 0] = block & 255;
3415 // Closure compiler warning - The result of the 'bitor' operator is not being used
3416 //hmac_finish(offset, length + 4 | 0, -1) | 0;
3417 hmac_finish(offset, length + 4 | 0, -1);
3418 h0 = t0 = H0, h1 = t1 = H1, h2 = t2 = H2, h3 = t3 = H3, h4 = t4 = H4, h5 = t5 = H5,
3419 h6 = t6 = H6, h7 = t7 = H7;
3420 count = count - 1 | 0;
3421 while ((count | 0) > 0) {
3422 hmac_reset();
3423 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
3424 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
3425 _hmac_opad();
3426 _core(t0, t1, t2, t3, t4, t5, t6, t7, 2147483648, 0, 0, 0, 0, 0, 0, 768);
3427 t0 = H0, t1 = H1, t2 = H2, t3 = H3, t4 = H4, t5 = H5, t6 = H6, t7 = H7;
3428 h0 = h0 ^ H0;
3429 h1 = h1 ^ H1;
3430 h2 = h2 ^ H2;
3431 h3 = h3 ^ H3;
3432 h4 = h4 ^ H4;
3433 h5 = h5 ^ H5;
3434 h6 = h6 ^ H6;
3435 h7 = h7 ^ H7;
3436 count = count - 1 | 0;
3437 }
3438 H0 = h0;
3439 H1 = h1;
3440 H2 = h2;
3441 H3 = h3;
3442 H4 = h4;
3443 H5 = h5;
3444 H6 = h6;
3445 H7 = h7;
3446 if (~output) _state_to_heap(output);
3447 return 0;
3448 }
3449 return {
3450 reset: reset,
3451 init: init,
3452 process: process,
3453 finish: finish,
3454 hmac_reset: hmac_reset,
3455 hmac_init: hmac_init,
3456 hmac_finish: hmac_finish,
3457 pbkdf2_generate_block: pbkdf2_generate_block
3458 };
3459 }
3460 var _sha256_block_size = 64, _sha256_hash_size = 32;
3461 function sha256_constructor(options) {
3462 options = options || {};
3463 options.heapSize = options.heapSize || 4096;
3464 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
3465 this.heap = options.heap || new Uint8Array(options.heapSize);
3466 this.asm = options.asm || sha256_asm(global, null, this.heap.buffer);
3467 this.BLOCK_SIZE = _sha256_block_size;
3468 this.HASH_SIZE = _sha256_hash_size;
3469 this.reset();
3470 }
3471 function sha256_reset() {
3472 this.result = null;
3473 this.pos = 0;
3474 this.len = 0;
3475 this.asm.reset();
3476 return this;
3477 }
3478 function sha256_process(data) {
3479 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
3480 var dpos = 0, dlen = 0, clen = 0;
3481 if (is_buffer(data) || is_bytes(data)) {
3482 dpos = data.byteOffset || 0;
3483 dlen = data.byteLength;
3484 } else if (is_string(data)) {
3485 dlen = data.length;
3486 } else {
3487 throw new TypeError("data isn't of expected type");
3488 }
3489 while (dlen > 0) {
3490 clen = this.heap.byteLength - this.pos - this.len;
3491 clen = clen < dlen ? clen : dlen;
3492 if (is_buffer(data) || is_bytes(data)) {
3493 this.heap.set(new Uint8Array(data.buffer || data, dpos, clen), this.pos + this.len);
3494 } else {
3495 for (var i = 0; i < clen; i++) this.heap[this.pos + this.len + i] = data.charCodeAt(dpos + i);
3496 }
3497 this.len += clen;
3498 dpos += clen;
3499 dlen -= clen;
3500 clen = this.asm.process(this.pos, this.len);
3501 if (clen < this.len) {
3502 this.pos += clen;
3503 this.len -= clen;
3504 } else {
3505 this.pos = 0;
3506 this.len = 0;
3507 }
3508 }
3509 return this;
3510 }
3511 function sha256_finish() {
3512 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
3513 this.asm.finish(this.pos, this.len, 0);
3514 this.result = new Uint8Array(_sha256_hash_size);
3515 this.result.set(this.heap.subarray(0, _sha256_hash_size));
3516 this.pos = 0;
3517 this.len = 0;
3518 return this;
3519 }
3520 sha256_constructor.BLOCK_SIZE = _sha256_block_size;
3521 sha256_constructor.HASH_SIZE = _sha256_hash_size;
3522 var sha256_prototype = sha256_constructor.prototype;
3523 sha256_prototype.reset = sha256_reset;
3524 sha256_prototype.process = sha256_process;
3525 sha256_prototype.finish = sha256_finish;
3526 function sha512_asm(stdlib, foreign, buffer) {
3527 // Closure Compiler warning - commented out
3528 //"use asm";
3529 var H0h = 0, H0l = 0, H1h = 0, H1l = 0, H2h = 0, H2l = 0, H3h = 0, H3l = 0, H4h = 0, H4l = 0, H5h = 0, H5l = 0, H6h = 0, H6l = 0, H7h = 0, H7l = 0, TOTAL = 0;
3530 var I0h = 0, I0l = 0, I1h = 0, I1l = 0, I2h = 0, I2l = 0, I3h = 0, I3l = 0, I4h = 0, I4l = 0, I5h = 0, I5l = 0, I6h = 0, I6l = 0, I7h = 0, I7l = 0, O0h = 0, O0l = 0, O1h = 0, O1l = 0, O2h = 0, O2l = 0, O3h = 0, O3l = 0, O4h = 0, O4l = 0, O5h = 0, O5l = 0, O6h = 0, O6l = 0, O7h = 0, O7l = 0;
3531 var HEAP = new stdlib.Uint8Array(buffer);
3532 function _core(w0h, w0l, w1h, w1l, w2h, w2l, w3h, w3l, w4h, w4l, w5h, w5l, w6h, w6l, w7h, w7l, w8h, w8l, w9h, w9l, w10h, w10l, w11h, w11l, w12h, w12l, w13h, w13l, w14h, w14l, w15h, w15l) {
3533 w0h = w0h | 0;
3534 w0l = w0l | 0;
3535 w1h = w1h | 0;
3536 w1l = w1l | 0;
3537 w2h = w2h | 0;
3538 w2l = w2l | 0;
3539 w3h = w3h | 0;
3540 w3l = w3l | 0;
3541 w4h = w4h | 0;
3542 w4l = w4l | 0;
3543 w5h = w5h | 0;
3544 w5l = w5l | 0;
3545 w6h = w6h | 0;
3546 w6l = w6l | 0;
3547 w7h = w7h | 0;
3548 w7l = w7l | 0;
3549 w8h = w8h | 0;
3550 w8l = w8l | 0;
3551 w9h = w9h | 0;
3552 w9l = w9l | 0;
3553 w10h = w10h | 0;
3554 w10l = w10l | 0;
3555 w11h = w11h | 0;
3556 w11l = w11l | 0;
3557 w12h = w12h | 0;
3558 w12l = w12l | 0;
3559 w13h = w13h | 0;
3560 w13l = w13l | 0;
3561 w14h = w14h | 0;
3562 w14l = w14l | 0;
3563 w15h = w15h | 0;
3564 w15l = w15l | 0;
3565 var ah = 0, al = 0, bh = 0, bl = 0, ch = 0, cl = 0, dh = 0, dl = 0, eh = 0, el = 0, fh = 0, fl = 0, gh = 0, gl = 0, hh = 0, hl = 0, th = 0, tl = 0, xl = 0;
3566 ah = H0h;
3567 al = H0l;
3568 bh = H1h;
3569 bl = H1l;
3570 ch = H2h;
3571 cl = H2l;
3572 dh = H3h;
3573 dl = H3l;
3574 eh = H4h;
3575 el = H4l;
3576 fh = H5h;
3577 fl = H5l;
3578 gh = H6h;
3579 gl = H6l;
3580 hh = H7h;
3581 hl = H7l;
3582 tl = 3609767458 + w0l | 0;
3583 th = 1116352408 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
3584 tl = tl + hl | 0;
3585 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3586 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3587 tl = tl + xl | 0;
3588 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3589 xl = gl ^ el & (fl ^ gl) | 0;
3590 tl = tl + xl | 0;
3591 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3592 hl = gl;
3593 hh = gh;
3594 gl = fl;
3595 gh = fh;
3596 fl = el;
3597 fh = eh;
3598 el = dl + tl | 0;
3599 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3600 dl = cl;
3601 dh = ch;
3602 cl = bl;
3603 ch = bh;
3604 bl = al;
3605 bh = ah;
3606 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3607 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3608 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3609 al = al + xl | 0;
3610 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3611 tl = 602891725 + w1l | 0;
3612 th = 1899447441 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
3613 tl = tl + hl | 0;
3614 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3615 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3616 tl = tl + xl | 0;
3617 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3618 xl = gl ^ el & (fl ^ gl) | 0;
3619 tl = tl + xl | 0;
3620 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3621 hl = gl;
3622 hh = gh;
3623 gl = fl;
3624 gh = fh;
3625 fl = el;
3626 fh = eh;
3627 el = dl + tl | 0;
3628 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3629 dl = cl;
3630 dh = ch;
3631 cl = bl;
3632 ch = bh;
3633 bl = al;
3634 bh = ah;
3635 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3636 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3637 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3638 al = al + xl | 0;
3639 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3640 tl = 3964484399 + w2l | 0;
3641 th = 3049323471 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
3642 tl = tl + hl | 0;
3643 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3644 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3645 tl = tl + xl | 0;
3646 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3647 xl = gl ^ el & (fl ^ gl) | 0;
3648 tl = tl + xl | 0;
3649 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3650 hl = gl;
3651 hh = gh;
3652 gl = fl;
3653 gh = fh;
3654 fl = el;
3655 fh = eh;
3656 el = dl + tl | 0;
3657 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3658 dl = cl;
3659 dh = ch;
3660 cl = bl;
3661 ch = bh;
3662 bl = al;
3663 bh = ah;
3664 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3665 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3666 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3667 al = al + xl | 0;
3668 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3669 tl = 2173295548 + w3l | 0;
3670 th = 3921009573 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
3671 tl = tl + hl | 0;
3672 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3673 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3674 tl = tl + xl | 0;
3675 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3676 xl = gl ^ el & (fl ^ gl) | 0;
3677 tl = tl + xl | 0;
3678 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3679 hl = gl;
3680 hh = gh;
3681 gl = fl;
3682 gh = fh;
3683 fl = el;
3684 fh = eh;
3685 el = dl + tl | 0;
3686 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3687 dl = cl;
3688 dh = ch;
3689 cl = bl;
3690 ch = bh;
3691 bl = al;
3692 bh = ah;
3693 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3694 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3695 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3696 al = al + xl | 0;
3697 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3698 tl = 4081628472 + w4l | 0;
3699 th = 961987163 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
3700 tl = tl + hl | 0;
3701 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3702 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3703 tl = tl + xl | 0;
3704 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3705 xl = gl ^ el & (fl ^ gl) | 0;
3706 tl = tl + xl | 0;
3707 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3708 hl = gl;
3709 hh = gh;
3710 gl = fl;
3711 gh = fh;
3712 fl = el;
3713 fh = eh;
3714 el = dl + tl | 0;
3715 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3716 dl = cl;
3717 dh = ch;
3718 cl = bl;
3719 ch = bh;
3720 bl = al;
3721 bh = ah;
3722 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3723 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3724 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3725 al = al + xl | 0;
3726 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3727 tl = 3053834265 + w5l | 0;
3728 th = 1508970993 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
3729 tl = tl + hl | 0;
3730 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3731 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3732 tl = tl + xl | 0;
3733 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3734 xl = gl ^ el & (fl ^ gl) | 0;
3735 tl = tl + xl | 0;
3736 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3737 hl = gl;
3738 hh = gh;
3739 gl = fl;
3740 gh = fh;
3741 fl = el;
3742 fh = eh;
3743 el = dl + tl | 0;
3744 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3745 dl = cl;
3746 dh = ch;
3747 cl = bl;
3748 ch = bh;
3749 bl = al;
3750 bh = ah;
3751 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3752 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3753 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3754 al = al + xl | 0;
3755 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3756 tl = 2937671579 + w6l | 0;
3757 th = 2453635748 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
3758 tl = tl + hl | 0;
3759 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3760 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3761 tl = tl + xl | 0;
3762 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3763 xl = gl ^ el & (fl ^ gl) | 0;
3764 tl = tl + xl | 0;
3765 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3766 hl = gl;
3767 hh = gh;
3768 gl = fl;
3769 gh = fh;
3770 fl = el;
3771 fh = eh;
3772 el = dl + tl | 0;
3773 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3774 dl = cl;
3775 dh = ch;
3776 cl = bl;
3777 ch = bh;
3778 bl = al;
3779 bh = ah;
3780 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3781 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3782 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3783 al = al + xl | 0;
3784 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3785 tl = 3664609560 + w7l | 0;
3786 th = 2870763221 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
3787 tl = tl + hl | 0;
3788 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3789 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3790 tl = tl + xl | 0;
3791 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3792 xl = gl ^ el & (fl ^ gl) | 0;
3793 tl = tl + xl | 0;
3794 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3795 hl = gl;
3796 hh = gh;
3797 gl = fl;
3798 gh = fh;
3799 fl = el;
3800 fh = eh;
3801 el = dl + tl | 0;
3802 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3803 dl = cl;
3804 dh = ch;
3805 cl = bl;
3806 ch = bh;
3807 bl = al;
3808 bh = ah;
3809 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3810 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3811 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3812 al = al + xl | 0;
3813 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3814 tl = 2734883394 + w8l | 0;
3815 th = 3624381080 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
3816 tl = tl + hl | 0;
3817 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3818 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3819 tl = tl + xl | 0;
3820 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3821 xl = gl ^ el & (fl ^ gl) | 0;
3822 tl = tl + xl | 0;
3823 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3824 hl = gl;
3825 hh = gh;
3826 gl = fl;
3827 gh = fh;
3828 fl = el;
3829 fh = eh;
3830 el = dl + tl | 0;
3831 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3832 dl = cl;
3833 dh = ch;
3834 cl = bl;
3835 ch = bh;
3836 bl = al;
3837 bh = ah;
3838 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3839 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3840 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3841 al = al + xl | 0;
3842 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3843 tl = 1164996542 + w9l | 0;
3844 th = 310598401 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
3845 tl = tl + hl | 0;
3846 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3847 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3848 tl = tl + xl | 0;
3849 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3850 xl = gl ^ el & (fl ^ gl) | 0;
3851 tl = tl + xl | 0;
3852 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3853 hl = gl;
3854 hh = gh;
3855 gl = fl;
3856 gh = fh;
3857 fl = el;
3858 fh = eh;
3859 el = dl + tl | 0;
3860 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3861 dl = cl;
3862 dh = ch;
3863 cl = bl;
3864 ch = bh;
3865 bl = al;
3866 bh = ah;
3867 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3868 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3869 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3870 al = al + xl | 0;
3871 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3872 tl = 1323610764 + w10l | 0;
3873 th = 607225278 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
3874 tl = tl + hl | 0;
3875 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3876 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3877 tl = tl + xl | 0;
3878 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3879 xl = gl ^ el & (fl ^ gl) | 0;
3880 tl = tl + xl | 0;
3881 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3882 hl = gl;
3883 hh = gh;
3884 gl = fl;
3885 gh = fh;
3886 fl = el;
3887 fh = eh;
3888 el = dl + tl | 0;
3889 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3890 dl = cl;
3891 dh = ch;
3892 cl = bl;
3893 ch = bh;
3894 bl = al;
3895 bh = ah;
3896 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3897 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3898 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3899 al = al + xl | 0;
3900 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3901 tl = 3590304994 + w11l | 0;
3902 th = 1426881987 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
3903 tl = tl + hl | 0;
3904 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3905 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3906 tl = tl + xl | 0;
3907 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3908 xl = gl ^ el & (fl ^ gl) | 0;
3909 tl = tl + xl | 0;
3910 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3911 hl = gl;
3912 hh = gh;
3913 gl = fl;
3914 gh = fh;
3915 fl = el;
3916 fh = eh;
3917 el = dl + tl | 0;
3918 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3919 dl = cl;
3920 dh = ch;
3921 cl = bl;
3922 ch = bh;
3923 bl = al;
3924 bh = ah;
3925 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3926 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3927 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3928 al = al + xl | 0;
3929 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3930 tl = 4068182383 + w12l | 0;
3931 th = 1925078388 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
3932 tl = tl + hl | 0;
3933 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3934 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3935 tl = tl + xl | 0;
3936 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3937 xl = gl ^ el & (fl ^ gl) | 0;
3938 tl = tl + xl | 0;
3939 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3940 hl = gl;
3941 hh = gh;
3942 gl = fl;
3943 gh = fh;
3944 fl = el;
3945 fh = eh;
3946 el = dl + tl | 0;
3947 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3948 dl = cl;
3949 dh = ch;
3950 cl = bl;
3951 ch = bh;
3952 bl = al;
3953 bh = ah;
3954 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3955 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3956 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3957 al = al + xl | 0;
3958 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3959 tl = 991336113 + w13l | 0;
3960 th = 2162078206 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
3961 tl = tl + hl | 0;
3962 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3963 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3964 tl = tl + xl | 0;
3965 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3966 xl = gl ^ el & (fl ^ gl) | 0;
3967 tl = tl + xl | 0;
3968 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3969 hl = gl;
3970 hh = gh;
3971 gl = fl;
3972 gh = fh;
3973 fl = el;
3974 fh = eh;
3975 el = dl + tl | 0;
3976 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
3977 dl = cl;
3978 dh = ch;
3979 cl = bl;
3980 ch = bh;
3981 bl = al;
3982 bh = ah;
3983 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
3984 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
3985 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
3986 al = al + xl | 0;
3987 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3988 tl = 633803317 + w14l | 0;
3989 th = 2614888103 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
3990 tl = tl + hl | 0;
3991 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
3992 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
3993 tl = tl + xl | 0;
3994 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3995 xl = gl ^ el & (fl ^ gl) | 0;
3996 tl = tl + xl | 0;
3997 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
3998 hl = gl;
3999 hh = gh;
4000 gl = fl;
4001 gh = fh;
4002 fl = el;
4003 fh = eh;
4004 el = dl + tl | 0;
4005 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4006 dl = cl;
4007 dh = ch;
4008 cl = bl;
4009 ch = bh;
4010 bl = al;
4011 bh = ah;
4012 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4013 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4014 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4015 al = al + xl | 0;
4016 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4017 tl = 3479774868 + w15l | 0;
4018 th = 3248222580 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4019 tl = tl + hl | 0;
4020 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4021 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4022 tl = tl + xl | 0;
4023 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4024 xl = gl ^ el & (fl ^ gl) | 0;
4025 tl = tl + xl | 0;
4026 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4027 hl = gl;
4028 hh = gh;
4029 gl = fl;
4030 gh = fh;
4031 fl = el;
4032 fh = eh;
4033 el = dl + tl | 0;
4034 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4035 dl = cl;
4036 dh = ch;
4037 cl = bl;
4038 ch = bh;
4039 bl = al;
4040 bh = ah;
4041 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4042 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4043 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4044 al = al + xl | 0;
4045 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4046 w0l = w0l + w9l | 0;
4047 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4048 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
4049 w0l = w0l + xl | 0;
4050 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4051 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
4052 w0l = w0l + xl | 0;
4053 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4054 tl = 2666613458 + w0l | 0;
4055 th = 3835390401 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4056 tl = tl + hl | 0;
4057 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4058 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4059 tl = tl + xl | 0;
4060 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4061 xl = gl ^ el & (fl ^ gl) | 0;
4062 tl = tl + xl | 0;
4063 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4064 hl = gl;
4065 hh = gh;
4066 gl = fl;
4067 gh = fh;
4068 fl = el;
4069 fh = eh;
4070 el = dl + tl | 0;
4071 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4072 dl = cl;
4073 dh = ch;
4074 cl = bl;
4075 ch = bh;
4076 bl = al;
4077 bh = ah;
4078 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4079 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4080 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4081 al = al + xl | 0;
4082 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4083 w1l = w1l + w10l | 0;
4084 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
4085 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
4086 w1l = w1l + xl | 0;
4087 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4088 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
4089 w1l = w1l + xl | 0;
4090 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4091 tl = 944711139 + w1l | 0;
4092 th = 4022224774 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4093 tl = tl + hl | 0;
4094 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4095 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4096 tl = tl + xl | 0;
4097 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4098 xl = gl ^ el & (fl ^ gl) | 0;
4099 tl = tl + xl | 0;
4100 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4101 hl = gl;
4102 hh = gh;
4103 gl = fl;
4104 gh = fh;
4105 fl = el;
4106 fh = eh;
4107 el = dl + tl | 0;
4108 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4109 dl = cl;
4110 dh = ch;
4111 cl = bl;
4112 ch = bh;
4113 bl = al;
4114 bh = ah;
4115 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4116 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4117 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4118 al = al + xl | 0;
4119 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4120 w2l = w2l + w11l | 0;
4121 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
4122 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
4123 w2l = w2l + xl | 0;
4124 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4125 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
4126 w2l = w2l + xl | 0;
4127 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4128 tl = 2341262773 + w2l | 0;
4129 th = 264347078 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4130 tl = tl + hl | 0;
4131 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4132 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4133 tl = tl + xl | 0;
4134 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4135 xl = gl ^ el & (fl ^ gl) | 0;
4136 tl = tl + xl | 0;
4137 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4138 hl = gl;
4139 hh = gh;
4140 gl = fl;
4141 gh = fh;
4142 fl = el;
4143 fh = eh;
4144 el = dl + tl | 0;
4145 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4146 dl = cl;
4147 dh = ch;
4148 cl = bl;
4149 ch = bh;
4150 bl = al;
4151 bh = ah;
4152 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4153 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4154 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4155 al = al + xl | 0;
4156 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4157 w3l = w3l + w12l | 0;
4158 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
4159 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
4160 w3l = w3l + xl | 0;
4161 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4162 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
4163 w3l = w3l + xl | 0;
4164 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4165 tl = 2007800933 + w3l | 0;
4166 th = 604807628 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
4167 tl = tl + hl | 0;
4168 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4169 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4170 tl = tl + xl | 0;
4171 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4172 xl = gl ^ el & (fl ^ gl) | 0;
4173 tl = tl + xl | 0;
4174 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4175 hl = gl;
4176 hh = gh;
4177 gl = fl;
4178 gh = fh;
4179 fl = el;
4180 fh = eh;
4181 el = dl + tl | 0;
4182 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4183 dl = cl;
4184 dh = ch;
4185 cl = bl;
4186 ch = bh;
4187 bl = al;
4188 bh = ah;
4189 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4190 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4191 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4192 al = al + xl | 0;
4193 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4194 w4l = w4l + w13l | 0;
4195 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
4196 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
4197 w4l = w4l + xl | 0;
4198 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4199 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
4200 w4l = w4l + xl | 0;
4201 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4202 tl = 1495990901 + w4l | 0;
4203 th = 770255983 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
4204 tl = tl + hl | 0;
4205 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4206 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4207 tl = tl + xl | 0;
4208 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4209 xl = gl ^ el & (fl ^ gl) | 0;
4210 tl = tl + xl | 0;
4211 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4212 hl = gl;
4213 hh = gh;
4214 gl = fl;
4215 gh = fh;
4216 fl = el;
4217 fh = eh;
4218 el = dl + tl | 0;
4219 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4220 dl = cl;
4221 dh = ch;
4222 cl = bl;
4223 ch = bh;
4224 bl = al;
4225 bh = ah;
4226 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4227 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4228 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4229 al = al + xl | 0;
4230 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4231 w5l = w5l + w14l | 0;
4232 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
4233 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
4234 w5l = w5l + xl | 0;
4235 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4236 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
4237 w5l = w5l + xl | 0;
4238 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4239 tl = 1856431235 + w5l | 0;
4240 th = 1249150122 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
4241 tl = tl + hl | 0;
4242 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4243 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4244 tl = tl + xl | 0;
4245 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4246 xl = gl ^ el & (fl ^ gl) | 0;
4247 tl = tl + xl | 0;
4248 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4249 hl = gl;
4250 hh = gh;
4251 gl = fl;
4252 gh = fh;
4253 fl = el;
4254 fh = eh;
4255 el = dl + tl | 0;
4256 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4257 dl = cl;
4258 dh = ch;
4259 cl = bl;
4260 ch = bh;
4261 bl = al;
4262 bh = ah;
4263 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4264 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4265 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4266 al = al + xl | 0;
4267 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4268 w6l = w6l + w15l | 0;
4269 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4270 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
4271 w6l = w6l + xl | 0;
4272 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4273 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
4274 w6l = w6l + xl | 0;
4275 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4276 tl = 3175218132 + w6l | 0;
4277 th = 1555081692 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
4278 tl = tl + hl | 0;
4279 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4280 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4281 tl = tl + xl | 0;
4282 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4283 xl = gl ^ el & (fl ^ gl) | 0;
4284 tl = tl + xl | 0;
4285 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4286 hl = gl;
4287 hh = gh;
4288 gl = fl;
4289 gh = fh;
4290 fl = el;
4291 fh = eh;
4292 el = dl + tl | 0;
4293 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4294 dl = cl;
4295 dh = ch;
4296 cl = bl;
4297 ch = bh;
4298 bl = al;
4299 bh = ah;
4300 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4301 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4302 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4303 al = al + xl | 0;
4304 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4305 w7l = w7l + w0l | 0;
4306 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4307 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
4308 w7l = w7l + xl | 0;
4309 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4310 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
4311 w7l = w7l + xl | 0;
4312 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4313 tl = 2198950837 + w7l | 0;
4314 th = 1996064986 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
4315 tl = tl + hl | 0;
4316 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4317 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4318 tl = tl + xl | 0;
4319 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4320 xl = gl ^ el & (fl ^ gl) | 0;
4321 tl = tl + xl | 0;
4322 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4323 hl = gl;
4324 hh = gh;
4325 gl = fl;
4326 gh = fh;
4327 fl = el;
4328 fh = eh;
4329 el = dl + tl | 0;
4330 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4331 dl = cl;
4332 dh = ch;
4333 cl = bl;
4334 ch = bh;
4335 bl = al;
4336 bh = ah;
4337 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4338 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4339 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4340 al = al + xl | 0;
4341 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4342 w8l = w8l + w1l | 0;
4343 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4344 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
4345 w8l = w8l + xl | 0;
4346 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4347 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
4348 w8l = w8l + xl | 0;
4349 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4350 tl = 3999719339 + w8l | 0;
4351 th = 2554220882 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
4352 tl = tl + hl | 0;
4353 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4354 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4355 tl = tl + xl | 0;
4356 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4357 xl = gl ^ el & (fl ^ gl) | 0;
4358 tl = tl + xl | 0;
4359 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4360 hl = gl;
4361 hh = gh;
4362 gl = fl;
4363 gh = fh;
4364 fl = el;
4365 fh = eh;
4366 el = dl + tl | 0;
4367 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4368 dl = cl;
4369 dh = ch;
4370 cl = bl;
4371 ch = bh;
4372 bl = al;
4373 bh = ah;
4374 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4375 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4376 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4377 al = al + xl | 0;
4378 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4379 w9l = w9l + w2l | 0;
4380 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4381 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
4382 w9l = w9l + xl | 0;
4383 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4384 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
4385 w9l = w9l + xl | 0;
4386 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4387 tl = 766784016 + w9l | 0;
4388 th = 2821834349 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4389 tl = tl + hl | 0;
4390 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4391 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4392 tl = tl + xl | 0;
4393 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4394 xl = gl ^ el & (fl ^ gl) | 0;
4395 tl = tl + xl | 0;
4396 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4397 hl = gl;
4398 hh = gh;
4399 gl = fl;
4400 gh = fh;
4401 fl = el;
4402 fh = eh;
4403 el = dl + tl | 0;
4404 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4405 dl = cl;
4406 dh = ch;
4407 cl = bl;
4408 ch = bh;
4409 bl = al;
4410 bh = ah;
4411 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4412 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4413 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4414 al = al + xl | 0;
4415 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4416 w10l = w10l + w3l | 0;
4417 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
4418 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
4419 w10l = w10l + xl | 0;
4420 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4421 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
4422 w10l = w10l + xl | 0;
4423 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4424 tl = 2566594879 + w10l | 0;
4425 th = 2952996808 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
4426 tl = tl + hl | 0;
4427 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4428 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4429 tl = tl + xl | 0;
4430 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4431 xl = gl ^ el & (fl ^ gl) | 0;
4432 tl = tl + xl | 0;
4433 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4434 hl = gl;
4435 hh = gh;
4436 gl = fl;
4437 gh = fh;
4438 fl = el;
4439 fh = eh;
4440 el = dl + tl | 0;
4441 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4442 dl = cl;
4443 dh = ch;
4444 cl = bl;
4445 ch = bh;
4446 bl = al;
4447 bh = ah;
4448 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4449 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4450 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4451 al = al + xl | 0;
4452 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4453 w11l = w11l + w4l | 0;
4454 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
4455 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
4456 w11l = w11l + xl | 0;
4457 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4458 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
4459 w11l = w11l + xl | 0;
4460 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4461 tl = 3203337956 + w11l | 0;
4462 th = 3210313671 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
4463 tl = tl + hl | 0;
4464 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4465 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4466 tl = tl + xl | 0;
4467 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4468 xl = gl ^ el & (fl ^ gl) | 0;
4469 tl = tl + xl | 0;
4470 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4471 hl = gl;
4472 hh = gh;
4473 gl = fl;
4474 gh = fh;
4475 fl = el;
4476 fh = eh;
4477 el = dl + tl | 0;
4478 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4479 dl = cl;
4480 dh = ch;
4481 cl = bl;
4482 ch = bh;
4483 bl = al;
4484 bh = ah;
4485 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4486 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4487 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4488 al = al + xl | 0;
4489 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4490 w12l = w12l + w5l | 0;
4491 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
4492 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
4493 w12l = w12l + xl | 0;
4494 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4495 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
4496 w12l = w12l + xl | 0;
4497 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4498 tl = 1034457026 + w12l | 0;
4499 th = 3336571891 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
4500 tl = tl + hl | 0;
4501 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4502 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4503 tl = tl + xl | 0;
4504 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4505 xl = gl ^ el & (fl ^ gl) | 0;
4506 tl = tl + xl | 0;
4507 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4508 hl = gl;
4509 hh = gh;
4510 gl = fl;
4511 gh = fh;
4512 fl = el;
4513 fh = eh;
4514 el = dl + tl | 0;
4515 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4516 dl = cl;
4517 dh = ch;
4518 cl = bl;
4519 ch = bh;
4520 bl = al;
4521 bh = ah;
4522 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4523 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4524 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4525 al = al + xl | 0;
4526 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4527 w13l = w13l + w6l | 0;
4528 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
4529 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
4530 w13l = w13l + xl | 0;
4531 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4532 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
4533 w13l = w13l + xl | 0;
4534 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4535 tl = 2466948901 + w13l | 0;
4536 th = 3584528711 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
4537 tl = tl + hl | 0;
4538 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4539 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4540 tl = tl + xl | 0;
4541 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4542 xl = gl ^ el & (fl ^ gl) | 0;
4543 tl = tl + xl | 0;
4544 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4545 hl = gl;
4546 hh = gh;
4547 gl = fl;
4548 gh = fh;
4549 fl = el;
4550 fh = eh;
4551 el = dl + tl | 0;
4552 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4553 dl = cl;
4554 dh = ch;
4555 cl = bl;
4556 ch = bh;
4557 bl = al;
4558 bh = ah;
4559 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4560 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4561 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4562 al = al + xl | 0;
4563 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4564 w14l = w14l + w7l | 0;
4565 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
4566 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
4567 w14l = w14l + xl | 0;
4568 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4569 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
4570 w14l = w14l + xl | 0;
4571 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4572 tl = 3758326383 + w14l | 0;
4573 th = 113926993 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
4574 tl = tl + hl | 0;
4575 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4576 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4577 tl = tl + xl | 0;
4578 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4579 xl = gl ^ el & (fl ^ gl) | 0;
4580 tl = tl + xl | 0;
4581 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4582 hl = gl;
4583 hh = gh;
4584 gl = fl;
4585 gh = fh;
4586 fl = el;
4587 fh = eh;
4588 el = dl + tl | 0;
4589 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4590 dl = cl;
4591 dh = ch;
4592 cl = bl;
4593 ch = bh;
4594 bl = al;
4595 bh = ah;
4596 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4597 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4598 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4599 al = al + xl | 0;
4600 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4601 w15l = w15l + w8l | 0;
4602 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
4603 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
4604 w15l = w15l + xl | 0;
4605 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4606 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
4607 w15l = w15l + xl | 0;
4608 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4609 tl = 168717936 + w15l | 0;
4610 th = 338241895 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4611 tl = tl + hl | 0;
4612 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4613 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4614 tl = tl + xl | 0;
4615 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4616 xl = gl ^ el & (fl ^ gl) | 0;
4617 tl = tl + xl | 0;
4618 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4619 hl = gl;
4620 hh = gh;
4621 gl = fl;
4622 gh = fh;
4623 fl = el;
4624 fh = eh;
4625 el = dl + tl | 0;
4626 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4627 dl = cl;
4628 dh = ch;
4629 cl = bl;
4630 ch = bh;
4631 bl = al;
4632 bh = ah;
4633 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4634 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4635 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4636 al = al + xl | 0;
4637 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4638 w0l = w0l + w9l | 0;
4639 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4640 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
4641 w0l = w0l + xl | 0;
4642 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4643 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
4644 w0l = w0l + xl | 0;
4645 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4646 tl = 1188179964 + w0l | 0;
4647 th = 666307205 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4648 tl = tl + hl | 0;
4649 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4650 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4651 tl = tl + xl | 0;
4652 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4653 xl = gl ^ el & (fl ^ gl) | 0;
4654 tl = tl + xl | 0;
4655 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4656 hl = gl;
4657 hh = gh;
4658 gl = fl;
4659 gh = fh;
4660 fl = el;
4661 fh = eh;
4662 el = dl + tl | 0;
4663 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4664 dl = cl;
4665 dh = ch;
4666 cl = bl;
4667 ch = bh;
4668 bl = al;
4669 bh = ah;
4670 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4671 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4672 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4673 al = al + xl | 0;
4674 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4675 w1l = w1l + w10l | 0;
4676 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
4677 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
4678 w1l = w1l + xl | 0;
4679 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4680 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
4681 w1l = w1l + xl | 0;
4682 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4683 tl = 1546045734 + w1l | 0;
4684 th = 773529912 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4685 tl = tl + hl | 0;
4686 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4687 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4688 tl = tl + xl | 0;
4689 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4690 xl = gl ^ el & (fl ^ gl) | 0;
4691 tl = tl + xl | 0;
4692 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4693 hl = gl;
4694 hh = gh;
4695 gl = fl;
4696 gh = fh;
4697 fl = el;
4698 fh = eh;
4699 el = dl + tl | 0;
4700 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4701 dl = cl;
4702 dh = ch;
4703 cl = bl;
4704 ch = bh;
4705 bl = al;
4706 bh = ah;
4707 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4708 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4709 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4710 al = al + xl | 0;
4711 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4712 w2l = w2l + w11l | 0;
4713 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
4714 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
4715 w2l = w2l + xl | 0;
4716 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4717 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
4718 w2l = w2l + xl | 0;
4719 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4720 tl = 1522805485 + w2l | 0;
4721 th = 1294757372 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4722 tl = tl + hl | 0;
4723 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4724 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4725 tl = tl + xl | 0;
4726 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4727 xl = gl ^ el & (fl ^ gl) | 0;
4728 tl = tl + xl | 0;
4729 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4730 hl = gl;
4731 hh = gh;
4732 gl = fl;
4733 gh = fh;
4734 fl = el;
4735 fh = eh;
4736 el = dl + tl | 0;
4737 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4738 dl = cl;
4739 dh = ch;
4740 cl = bl;
4741 ch = bh;
4742 bl = al;
4743 bh = ah;
4744 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4745 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4746 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4747 al = al + xl | 0;
4748 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4749 w3l = w3l + w12l | 0;
4750 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
4751 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
4752 w3l = w3l + xl | 0;
4753 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4754 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
4755 w3l = w3l + xl | 0;
4756 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4757 tl = 2643833823 + w3l | 0;
4758 th = 1396182291 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
4759 tl = tl + hl | 0;
4760 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4761 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4762 tl = tl + xl | 0;
4763 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4764 xl = gl ^ el & (fl ^ gl) | 0;
4765 tl = tl + xl | 0;
4766 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4767 hl = gl;
4768 hh = gh;
4769 gl = fl;
4770 gh = fh;
4771 fl = el;
4772 fh = eh;
4773 el = dl + tl | 0;
4774 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4775 dl = cl;
4776 dh = ch;
4777 cl = bl;
4778 ch = bh;
4779 bl = al;
4780 bh = ah;
4781 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4782 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4783 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4784 al = al + xl | 0;
4785 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4786 w4l = w4l + w13l | 0;
4787 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
4788 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
4789 w4l = w4l + xl | 0;
4790 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4791 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
4792 w4l = w4l + xl | 0;
4793 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4794 tl = 2343527390 + w4l | 0;
4795 th = 1695183700 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
4796 tl = tl + hl | 0;
4797 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4798 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4799 tl = tl + xl | 0;
4800 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4801 xl = gl ^ el & (fl ^ gl) | 0;
4802 tl = tl + xl | 0;
4803 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4804 hl = gl;
4805 hh = gh;
4806 gl = fl;
4807 gh = fh;
4808 fl = el;
4809 fh = eh;
4810 el = dl + tl | 0;
4811 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4812 dl = cl;
4813 dh = ch;
4814 cl = bl;
4815 ch = bh;
4816 bl = al;
4817 bh = ah;
4818 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4819 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4820 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4821 al = al + xl | 0;
4822 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4823 w5l = w5l + w14l | 0;
4824 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
4825 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
4826 w5l = w5l + xl | 0;
4827 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4828 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
4829 w5l = w5l + xl | 0;
4830 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4831 tl = 1014477480 + w5l | 0;
4832 th = 1986661051 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
4833 tl = tl + hl | 0;
4834 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4835 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4836 tl = tl + xl | 0;
4837 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4838 xl = gl ^ el & (fl ^ gl) | 0;
4839 tl = tl + xl | 0;
4840 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4841 hl = gl;
4842 hh = gh;
4843 gl = fl;
4844 gh = fh;
4845 fl = el;
4846 fh = eh;
4847 el = dl + tl | 0;
4848 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4849 dl = cl;
4850 dh = ch;
4851 cl = bl;
4852 ch = bh;
4853 bl = al;
4854 bh = ah;
4855 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4856 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4857 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4858 al = al + xl | 0;
4859 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4860 w6l = w6l + w15l | 0;
4861 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
4862 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
4863 w6l = w6l + xl | 0;
4864 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4865 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
4866 w6l = w6l + xl | 0;
4867 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4868 tl = 1206759142 + w6l | 0;
4869 th = 2177026350 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
4870 tl = tl + hl | 0;
4871 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4872 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4873 tl = tl + xl | 0;
4874 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4875 xl = gl ^ el & (fl ^ gl) | 0;
4876 tl = tl + xl | 0;
4877 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4878 hl = gl;
4879 hh = gh;
4880 gl = fl;
4881 gh = fh;
4882 fl = el;
4883 fh = eh;
4884 el = dl + tl | 0;
4885 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4886 dl = cl;
4887 dh = ch;
4888 cl = bl;
4889 ch = bh;
4890 bl = al;
4891 bh = ah;
4892 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4893 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4894 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4895 al = al + xl | 0;
4896 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4897 w7l = w7l + w0l | 0;
4898 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
4899 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
4900 w7l = w7l + xl | 0;
4901 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4902 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
4903 w7l = w7l + xl | 0;
4904 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4905 tl = 344077627 + w7l | 0;
4906 th = 2456956037 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
4907 tl = tl + hl | 0;
4908 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4909 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4910 tl = tl + xl | 0;
4911 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4912 xl = gl ^ el & (fl ^ gl) | 0;
4913 tl = tl + xl | 0;
4914 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4915 hl = gl;
4916 hh = gh;
4917 gl = fl;
4918 gh = fh;
4919 fl = el;
4920 fh = eh;
4921 el = dl + tl | 0;
4922 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4923 dl = cl;
4924 dh = ch;
4925 cl = bl;
4926 ch = bh;
4927 bl = al;
4928 bh = ah;
4929 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4930 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4931 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4932 al = al + xl | 0;
4933 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4934 w8l = w8l + w1l | 0;
4935 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
4936 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
4937 w8l = w8l + xl | 0;
4938 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4939 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
4940 w8l = w8l + xl | 0;
4941 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4942 tl = 1290863460 + w8l | 0;
4943 th = 2730485921 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
4944 tl = tl + hl | 0;
4945 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4946 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4947 tl = tl + xl | 0;
4948 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4949 xl = gl ^ el & (fl ^ gl) | 0;
4950 tl = tl + xl | 0;
4951 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4952 hl = gl;
4953 hh = gh;
4954 gl = fl;
4955 gh = fh;
4956 fl = el;
4957 fh = eh;
4958 el = dl + tl | 0;
4959 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4960 dl = cl;
4961 dh = ch;
4962 cl = bl;
4963 ch = bh;
4964 bl = al;
4965 bh = ah;
4966 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
4967 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
4968 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
4969 al = al + xl | 0;
4970 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4971 w9l = w9l + w2l | 0;
4972 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
4973 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
4974 w9l = w9l + xl | 0;
4975 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4976 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
4977 w9l = w9l + xl | 0;
4978 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4979 tl = 3158454273 + w9l | 0;
4980 th = 2820302411 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
4981 tl = tl + hl | 0;
4982 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
4983 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
4984 tl = tl + xl | 0;
4985 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4986 xl = gl ^ el & (fl ^ gl) | 0;
4987 tl = tl + xl | 0;
4988 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
4989 hl = gl;
4990 hh = gh;
4991 gl = fl;
4992 gh = fh;
4993 fl = el;
4994 fh = eh;
4995 el = dl + tl | 0;
4996 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
4997 dl = cl;
4998 dh = ch;
4999 cl = bl;
5000 ch = bh;
5001 bl = al;
5002 bh = ah;
5003 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5004 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5005 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5006 al = al + xl | 0;
5007 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5008 w10l = w10l + w3l | 0;
5009 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5010 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
5011 w10l = w10l + xl | 0;
5012 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5013 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
5014 w10l = w10l + xl | 0;
5015 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5016 tl = 3505952657 + w10l | 0;
5017 th = 3259730800 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5018 tl = tl + hl | 0;
5019 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5020 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5021 tl = tl + xl | 0;
5022 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5023 xl = gl ^ el & (fl ^ gl) | 0;
5024 tl = tl + xl | 0;
5025 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5026 hl = gl;
5027 hh = gh;
5028 gl = fl;
5029 gh = fh;
5030 fl = el;
5031 fh = eh;
5032 el = dl + tl | 0;
5033 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5034 dl = cl;
5035 dh = ch;
5036 cl = bl;
5037 ch = bh;
5038 bl = al;
5039 bh = ah;
5040 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5041 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5042 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5043 al = al + xl | 0;
5044 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5045 w11l = w11l + w4l | 0;
5046 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5047 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
5048 w11l = w11l + xl | 0;
5049 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5050 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
5051 w11l = w11l + xl | 0;
5052 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5053 tl = 106217008 + w11l | 0;
5054 th = 3345764771 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5055 tl = tl + hl | 0;
5056 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5057 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5058 tl = tl + xl | 0;
5059 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5060 xl = gl ^ el & (fl ^ gl) | 0;
5061 tl = tl + xl | 0;
5062 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5063 hl = gl;
5064 hh = gh;
5065 gl = fl;
5066 gh = fh;
5067 fl = el;
5068 fh = eh;
5069 el = dl + tl | 0;
5070 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5071 dl = cl;
5072 dh = ch;
5073 cl = bl;
5074 ch = bh;
5075 bl = al;
5076 bh = ah;
5077 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5078 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5079 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5080 al = al + xl | 0;
5081 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5082 w12l = w12l + w5l | 0;
5083 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
5084 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
5085 w12l = w12l + xl | 0;
5086 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5087 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
5088 w12l = w12l + xl | 0;
5089 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5090 tl = 3606008344 + w12l | 0;
5091 th = 3516065817 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5092 tl = tl + hl | 0;
5093 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5094 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5095 tl = tl + xl | 0;
5096 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5097 xl = gl ^ el & (fl ^ gl) | 0;
5098 tl = tl + xl | 0;
5099 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5100 hl = gl;
5101 hh = gh;
5102 gl = fl;
5103 gh = fh;
5104 fl = el;
5105 fh = eh;
5106 el = dl + tl | 0;
5107 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5108 dl = cl;
5109 dh = ch;
5110 cl = bl;
5111 ch = bh;
5112 bl = al;
5113 bh = ah;
5114 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5115 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5116 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5117 al = al + xl | 0;
5118 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5119 w13l = w13l + w6l | 0;
5120 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
5121 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
5122 w13l = w13l + xl | 0;
5123 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5124 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
5125 w13l = w13l + xl | 0;
5126 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5127 tl = 1432725776 + w13l | 0;
5128 th = 3600352804 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5129 tl = tl + hl | 0;
5130 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5131 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5132 tl = tl + xl | 0;
5133 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5134 xl = gl ^ el & (fl ^ gl) | 0;
5135 tl = tl + xl | 0;
5136 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5137 hl = gl;
5138 hh = gh;
5139 gl = fl;
5140 gh = fh;
5141 fl = el;
5142 fh = eh;
5143 el = dl + tl | 0;
5144 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5145 dl = cl;
5146 dh = ch;
5147 cl = bl;
5148 ch = bh;
5149 bl = al;
5150 bh = ah;
5151 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5152 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5153 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5154 al = al + xl | 0;
5155 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5156 w14l = w14l + w7l | 0;
5157 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
5158 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
5159 w14l = w14l + xl | 0;
5160 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5161 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
5162 w14l = w14l + xl | 0;
5163 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5164 tl = 1467031594 + w14l | 0;
5165 th = 4094571909 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
5166 tl = tl + hl | 0;
5167 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5168 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5169 tl = tl + xl | 0;
5170 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5171 xl = gl ^ el & (fl ^ gl) | 0;
5172 tl = tl + xl | 0;
5173 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5174 hl = gl;
5175 hh = gh;
5176 gl = fl;
5177 gh = fh;
5178 fl = el;
5179 fh = eh;
5180 el = dl + tl | 0;
5181 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5182 dl = cl;
5183 dh = ch;
5184 cl = bl;
5185 ch = bh;
5186 bl = al;
5187 bh = ah;
5188 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5189 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5190 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5191 al = al + xl | 0;
5192 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5193 w15l = w15l + w8l | 0;
5194 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
5195 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
5196 w15l = w15l + xl | 0;
5197 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5198 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
5199 w15l = w15l + xl | 0;
5200 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5201 tl = 851169720 + w15l | 0;
5202 th = 275423344 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
5203 tl = tl + hl | 0;
5204 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5205 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5206 tl = tl + xl | 0;
5207 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5208 xl = gl ^ el & (fl ^ gl) | 0;
5209 tl = tl + xl | 0;
5210 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5211 hl = gl;
5212 hh = gh;
5213 gl = fl;
5214 gh = fh;
5215 fl = el;
5216 fh = eh;
5217 el = dl + tl | 0;
5218 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5219 dl = cl;
5220 dh = ch;
5221 cl = bl;
5222 ch = bh;
5223 bl = al;
5224 bh = ah;
5225 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5226 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5227 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5228 al = al + xl | 0;
5229 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5230 w0l = w0l + w9l | 0;
5231 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
5232 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
5233 w0l = w0l + xl | 0;
5234 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5235 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
5236 w0l = w0l + xl | 0;
5237 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5238 tl = 3100823752 + w0l | 0;
5239 th = 430227734 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
5240 tl = tl + hl | 0;
5241 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5242 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5243 tl = tl + xl | 0;
5244 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5245 xl = gl ^ el & (fl ^ gl) | 0;
5246 tl = tl + xl | 0;
5247 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5248 hl = gl;
5249 hh = gh;
5250 gl = fl;
5251 gh = fh;
5252 fl = el;
5253 fh = eh;
5254 el = dl + tl | 0;
5255 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5256 dl = cl;
5257 dh = ch;
5258 cl = bl;
5259 ch = bh;
5260 bl = al;
5261 bh = ah;
5262 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5263 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5264 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5265 al = al + xl | 0;
5266 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5267 w1l = w1l + w10l | 0;
5268 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5269 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
5270 w1l = w1l + xl | 0;
5271 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5272 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
5273 w1l = w1l + xl | 0;
5274 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5275 tl = 1363258195 + w1l | 0;
5276 th = 506948616 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
5277 tl = tl + hl | 0;
5278 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5279 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5280 tl = tl + xl | 0;
5281 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5282 xl = gl ^ el & (fl ^ gl) | 0;
5283 tl = tl + xl | 0;
5284 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5285 hl = gl;
5286 hh = gh;
5287 gl = fl;
5288 gh = fh;
5289 fl = el;
5290 fh = eh;
5291 el = dl + tl | 0;
5292 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5293 dl = cl;
5294 dh = ch;
5295 cl = bl;
5296 ch = bh;
5297 bl = al;
5298 bh = ah;
5299 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5300 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5301 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5302 al = al + xl | 0;
5303 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5304 w2l = w2l + w11l | 0;
5305 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5306 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
5307 w2l = w2l + xl | 0;
5308 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5309 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
5310 w2l = w2l + xl | 0;
5311 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5312 tl = 3750685593 + w2l | 0;
5313 th = 659060556 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
5314 tl = tl + hl | 0;
5315 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5316 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5317 tl = tl + xl | 0;
5318 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5319 xl = gl ^ el & (fl ^ gl) | 0;
5320 tl = tl + xl | 0;
5321 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5322 hl = gl;
5323 hh = gh;
5324 gl = fl;
5325 gh = fh;
5326 fl = el;
5327 fh = eh;
5328 el = dl + tl | 0;
5329 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5330 dl = cl;
5331 dh = ch;
5332 cl = bl;
5333 ch = bh;
5334 bl = al;
5335 bh = ah;
5336 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5337 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5338 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5339 al = al + xl | 0;
5340 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5341 w3l = w3l + w12l | 0;
5342 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5343 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
5344 w3l = w3l + xl | 0;
5345 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5346 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
5347 w3l = w3l + xl | 0;
5348 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5349 tl = 3785050280 + w3l | 0;
5350 th = 883997877 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5351 tl = tl + hl | 0;
5352 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5353 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5354 tl = tl + xl | 0;
5355 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5356 xl = gl ^ el & (fl ^ gl) | 0;
5357 tl = tl + xl | 0;
5358 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5359 hl = gl;
5360 hh = gh;
5361 gl = fl;
5362 gh = fh;
5363 fl = el;
5364 fh = eh;
5365 el = dl + tl | 0;
5366 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5367 dl = cl;
5368 dh = ch;
5369 cl = bl;
5370 ch = bh;
5371 bl = al;
5372 bh = ah;
5373 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5374 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5375 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5376 al = al + xl | 0;
5377 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5378 w4l = w4l + w13l | 0;
5379 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5380 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
5381 w4l = w4l + xl | 0;
5382 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5383 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
5384 w4l = w4l + xl | 0;
5385 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5386 tl = 3318307427 + w4l | 0;
5387 th = 958139571 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5388 tl = tl + hl | 0;
5389 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5390 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5391 tl = tl + xl | 0;
5392 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5393 xl = gl ^ el & (fl ^ gl) | 0;
5394 tl = tl + xl | 0;
5395 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5396 hl = gl;
5397 hh = gh;
5398 gl = fl;
5399 gh = fh;
5400 fl = el;
5401 fh = eh;
5402 el = dl + tl | 0;
5403 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5404 dl = cl;
5405 dh = ch;
5406 cl = bl;
5407 ch = bh;
5408 bl = al;
5409 bh = ah;
5410 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5411 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5412 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5413 al = al + xl | 0;
5414 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5415 w5l = w5l + w14l | 0;
5416 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
5417 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
5418 w5l = w5l + xl | 0;
5419 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5420 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
5421 w5l = w5l + xl | 0;
5422 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5423 tl = 3812723403 + w5l | 0;
5424 th = 1322822218 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
5425 tl = tl + hl | 0;
5426 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5427 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5428 tl = tl + xl | 0;
5429 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5430 xl = gl ^ el & (fl ^ gl) | 0;
5431 tl = tl + xl | 0;
5432 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5433 hl = gl;
5434 hh = gh;
5435 gl = fl;
5436 gh = fh;
5437 fl = el;
5438 fh = eh;
5439 el = dl + tl | 0;
5440 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5441 dl = cl;
5442 dh = ch;
5443 cl = bl;
5444 ch = bh;
5445 bl = al;
5446 bh = ah;
5447 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5448 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5449 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5450 al = al + xl | 0;
5451 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5452 w6l = w6l + w15l | 0;
5453 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
5454 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
5455 w6l = w6l + xl | 0;
5456 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5457 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
5458 w6l = w6l + xl | 0;
5459 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5460 tl = 2003034995 + w6l | 0;
5461 th = 1537002063 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
5462 tl = tl + hl | 0;
5463 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5464 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5465 tl = tl + xl | 0;
5466 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5467 xl = gl ^ el & (fl ^ gl) | 0;
5468 tl = tl + xl | 0;
5469 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5470 hl = gl;
5471 hh = gh;
5472 gl = fl;
5473 gh = fh;
5474 fl = el;
5475 fh = eh;
5476 el = dl + tl | 0;
5477 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5478 dl = cl;
5479 dh = ch;
5480 cl = bl;
5481 ch = bh;
5482 bl = al;
5483 bh = ah;
5484 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5485 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5486 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5487 al = al + xl | 0;
5488 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5489 w7l = w7l + w0l | 0;
5490 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
5491 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
5492 w7l = w7l + xl | 0;
5493 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5494 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
5495 w7l = w7l + xl | 0;
5496 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5497 tl = 3602036899 + w7l | 0;
5498 th = 1747873779 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
5499 tl = tl + hl | 0;
5500 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5501 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5502 tl = tl + xl | 0;
5503 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5504 xl = gl ^ el & (fl ^ gl) | 0;
5505 tl = tl + xl | 0;
5506 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5507 hl = gl;
5508 hh = gh;
5509 gl = fl;
5510 gh = fh;
5511 fl = el;
5512 fh = eh;
5513 el = dl + tl | 0;
5514 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5515 dl = cl;
5516 dh = ch;
5517 cl = bl;
5518 ch = bh;
5519 bl = al;
5520 bh = ah;
5521 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5522 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5523 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5524 al = al + xl | 0;
5525 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5526 w8l = w8l + w1l | 0;
5527 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
5528 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
5529 w8l = w8l + xl | 0;
5530 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5531 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
5532 w8l = w8l + xl | 0;
5533 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5534 tl = 1575990012 + w8l | 0;
5535 th = 1955562222 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
5536 tl = tl + hl | 0;
5537 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5538 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5539 tl = tl + xl | 0;
5540 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5541 xl = gl ^ el & (fl ^ gl) | 0;
5542 tl = tl + xl | 0;
5543 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5544 hl = gl;
5545 hh = gh;
5546 gl = fl;
5547 gh = fh;
5548 fl = el;
5549 fh = eh;
5550 el = dl + tl | 0;
5551 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5552 dl = cl;
5553 dh = ch;
5554 cl = bl;
5555 ch = bh;
5556 bl = al;
5557 bh = ah;
5558 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5559 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5560 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5561 al = al + xl | 0;
5562 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5563 w9l = w9l + w2l | 0;
5564 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
5565 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
5566 w9l = w9l + xl | 0;
5567 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5568 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
5569 w9l = w9l + xl | 0;
5570 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5571 tl = 1125592928 + w9l | 0;
5572 th = 2024104815 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
5573 tl = tl + hl | 0;
5574 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5575 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5576 tl = tl + xl | 0;
5577 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5578 xl = gl ^ el & (fl ^ gl) | 0;
5579 tl = tl + xl | 0;
5580 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5581 hl = gl;
5582 hh = gh;
5583 gl = fl;
5584 gh = fh;
5585 fl = el;
5586 fh = eh;
5587 el = dl + tl | 0;
5588 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5589 dl = cl;
5590 dh = ch;
5591 cl = bl;
5592 ch = bh;
5593 bl = al;
5594 bh = ah;
5595 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5596 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5597 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5598 al = al + xl | 0;
5599 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5600 w10l = w10l + w3l | 0;
5601 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5602 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
5603 w10l = w10l + xl | 0;
5604 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5605 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
5606 w10l = w10l + xl | 0;
5607 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5608 tl = 2716904306 + w10l | 0;
5609 th = 2227730452 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5610 tl = tl + hl | 0;
5611 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5612 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5613 tl = tl + xl | 0;
5614 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5615 xl = gl ^ el & (fl ^ gl) | 0;
5616 tl = tl + xl | 0;
5617 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5618 hl = gl;
5619 hh = gh;
5620 gl = fl;
5621 gh = fh;
5622 fl = el;
5623 fh = eh;
5624 el = dl + tl | 0;
5625 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5626 dl = cl;
5627 dh = ch;
5628 cl = bl;
5629 ch = bh;
5630 bl = al;
5631 bh = ah;
5632 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5633 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5634 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5635 al = al + xl | 0;
5636 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5637 w11l = w11l + w4l | 0;
5638 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5639 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
5640 w11l = w11l + xl | 0;
5641 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5642 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
5643 w11l = w11l + xl | 0;
5644 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5645 tl = 442776044 + w11l | 0;
5646 th = 2361852424 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5647 tl = tl + hl | 0;
5648 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5649 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5650 tl = tl + xl | 0;
5651 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5652 xl = gl ^ el & (fl ^ gl) | 0;
5653 tl = tl + xl | 0;
5654 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5655 hl = gl;
5656 hh = gh;
5657 gl = fl;
5658 gh = fh;
5659 fl = el;
5660 fh = eh;
5661 el = dl + tl | 0;
5662 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5663 dl = cl;
5664 dh = ch;
5665 cl = bl;
5666 ch = bh;
5667 bl = al;
5668 bh = ah;
5669 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5670 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5671 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5672 al = al + xl | 0;
5673 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5674 w12l = w12l + w5l | 0;
5675 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
5676 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
5677 w12l = w12l + xl | 0;
5678 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5679 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
5680 w12l = w12l + xl | 0;
5681 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5682 tl = 593698344 + w12l | 0;
5683 th = 2428436474 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5684 tl = tl + hl | 0;
5685 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5686 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5687 tl = tl + xl | 0;
5688 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5689 xl = gl ^ el & (fl ^ gl) | 0;
5690 tl = tl + xl | 0;
5691 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5692 hl = gl;
5693 hh = gh;
5694 gl = fl;
5695 gh = fh;
5696 fl = el;
5697 fh = eh;
5698 el = dl + tl | 0;
5699 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5700 dl = cl;
5701 dh = ch;
5702 cl = bl;
5703 ch = bh;
5704 bl = al;
5705 bh = ah;
5706 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5707 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5708 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5709 al = al + xl | 0;
5710 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5711 w13l = w13l + w6l | 0;
5712 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
5713 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
5714 w13l = w13l + xl | 0;
5715 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5716 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
5717 w13l = w13l + xl | 0;
5718 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5719 tl = 3733110249 + w13l | 0;
5720 th = 2756734187 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5721 tl = tl + hl | 0;
5722 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5723 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5724 tl = tl + xl | 0;
5725 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5726 xl = gl ^ el & (fl ^ gl) | 0;
5727 tl = tl + xl | 0;
5728 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5729 hl = gl;
5730 hh = gh;
5731 gl = fl;
5732 gh = fh;
5733 fl = el;
5734 fh = eh;
5735 el = dl + tl | 0;
5736 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5737 dl = cl;
5738 dh = ch;
5739 cl = bl;
5740 ch = bh;
5741 bl = al;
5742 bh = ah;
5743 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5744 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5745 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5746 al = al + xl | 0;
5747 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5748 w14l = w14l + w7l | 0;
5749 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
5750 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
5751 w14l = w14l + xl | 0;
5752 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5753 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
5754 w14l = w14l + xl | 0;
5755 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5756 tl = 2999351573 + w14l | 0;
5757 th = 3204031479 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
5758 tl = tl + hl | 0;
5759 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5760 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5761 tl = tl + xl | 0;
5762 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5763 xl = gl ^ el & (fl ^ gl) | 0;
5764 tl = tl + xl | 0;
5765 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5766 hl = gl;
5767 hh = gh;
5768 gl = fl;
5769 gh = fh;
5770 fl = el;
5771 fh = eh;
5772 el = dl + tl | 0;
5773 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5774 dl = cl;
5775 dh = ch;
5776 cl = bl;
5777 ch = bh;
5778 bl = al;
5779 bh = ah;
5780 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5781 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5782 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5783 al = al + xl | 0;
5784 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5785 w15l = w15l + w8l | 0;
5786 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
5787 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
5788 w15l = w15l + xl | 0;
5789 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5790 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
5791 w15l = w15l + xl | 0;
5792 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5793 tl = 3815920427 + w15l | 0;
5794 th = 3329325298 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
5795 tl = tl + hl | 0;
5796 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5797 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5798 tl = tl + xl | 0;
5799 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5800 xl = gl ^ el & (fl ^ gl) | 0;
5801 tl = tl + xl | 0;
5802 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5803 hl = gl;
5804 hh = gh;
5805 gl = fl;
5806 gh = fh;
5807 fl = el;
5808 fh = eh;
5809 el = dl + tl | 0;
5810 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5811 dl = cl;
5812 dh = ch;
5813 cl = bl;
5814 ch = bh;
5815 bl = al;
5816 bh = ah;
5817 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5818 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5819 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5820 al = al + xl | 0;
5821 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5822 w0l = w0l + w9l | 0;
5823 w0h = w0h + w9h + (w0l >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
5824 xl = (w1l >>> 1 | w1h << 31) ^ (w1l >>> 8 | w1h << 24) ^ (w1l >>> 7 | w1h << 25) | 0;
5825 w0l = w0l + xl | 0;
5826 w0h = w0h + ((w1h >>> 1 | w1l << 31) ^ (w1h >>> 8 | w1l << 24) ^ w1h >>> 7) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5827 xl = (w14l >>> 19 | w14h << 13) ^ (w14l << 3 | w14h >>> 29) ^ (w14l >>> 6 | w14h << 26) | 0;
5828 w0l = w0l + xl | 0;
5829 w0h = w0h + ((w14h >>> 19 | w14l << 13) ^ (w14h << 3 | w14l >>> 29) ^ w14h >>> 6) + (w0l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5830 tl = 3928383900 + w0l | 0;
5831 th = 3391569614 + w0h + (tl >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
5832 tl = tl + hl | 0;
5833 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5834 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5835 tl = tl + xl | 0;
5836 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5837 xl = gl ^ el & (fl ^ gl) | 0;
5838 tl = tl + xl | 0;
5839 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5840 hl = gl;
5841 hh = gh;
5842 gl = fl;
5843 gh = fh;
5844 fl = el;
5845 fh = eh;
5846 el = dl + tl | 0;
5847 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5848 dl = cl;
5849 dh = ch;
5850 cl = bl;
5851 ch = bh;
5852 bl = al;
5853 bh = ah;
5854 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5855 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5856 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5857 al = al + xl | 0;
5858 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5859 w1l = w1l + w10l | 0;
5860 w1h = w1h + w10h + (w1l >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
5861 xl = (w2l >>> 1 | w2h << 31) ^ (w2l >>> 8 | w2h << 24) ^ (w2l >>> 7 | w2h << 25) | 0;
5862 w1l = w1l + xl | 0;
5863 w1h = w1h + ((w2h >>> 1 | w2l << 31) ^ (w2h >>> 8 | w2l << 24) ^ w2h >>> 7) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5864 xl = (w15l >>> 19 | w15h << 13) ^ (w15l << 3 | w15h >>> 29) ^ (w15l >>> 6 | w15h << 26) | 0;
5865 w1l = w1l + xl | 0;
5866 w1h = w1h + ((w15h >>> 19 | w15l << 13) ^ (w15h << 3 | w15l >>> 29) ^ w15h >>> 6) + (w1l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5867 tl = 566280711 + w1l | 0;
5868 th = 3515267271 + w1h + (tl >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
5869 tl = tl + hl | 0;
5870 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5871 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5872 tl = tl + xl | 0;
5873 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5874 xl = gl ^ el & (fl ^ gl) | 0;
5875 tl = tl + xl | 0;
5876 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5877 hl = gl;
5878 hh = gh;
5879 gl = fl;
5880 gh = fh;
5881 fl = el;
5882 fh = eh;
5883 el = dl + tl | 0;
5884 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5885 dl = cl;
5886 dh = ch;
5887 cl = bl;
5888 ch = bh;
5889 bl = al;
5890 bh = ah;
5891 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5892 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5893 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5894 al = al + xl | 0;
5895 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5896 w2l = w2l + w11l | 0;
5897 w2h = w2h + w11h + (w2l >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
5898 xl = (w3l >>> 1 | w3h << 31) ^ (w3l >>> 8 | w3h << 24) ^ (w3l >>> 7 | w3h << 25) | 0;
5899 w2l = w2l + xl | 0;
5900 w2h = w2h + ((w3h >>> 1 | w3l << 31) ^ (w3h >>> 8 | w3l << 24) ^ w3h >>> 7) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5901 xl = (w0l >>> 19 | w0h << 13) ^ (w0l << 3 | w0h >>> 29) ^ (w0l >>> 6 | w0h << 26) | 0;
5902 w2l = w2l + xl | 0;
5903 w2h = w2h + ((w0h >>> 19 | w0l << 13) ^ (w0h << 3 | w0l >>> 29) ^ w0h >>> 6) + (w2l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5904 tl = 3454069534 + w2l | 0;
5905 th = 3940187606 + w2h + (tl >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
5906 tl = tl + hl | 0;
5907 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5908 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5909 tl = tl + xl | 0;
5910 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5911 xl = gl ^ el & (fl ^ gl) | 0;
5912 tl = tl + xl | 0;
5913 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5914 hl = gl;
5915 hh = gh;
5916 gl = fl;
5917 gh = fh;
5918 fl = el;
5919 fh = eh;
5920 el = dl + tl | 0;
5921 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5922 dl = cl;
5923 dh = ch;
5924 cl = bl;
5925 ch = bh;
5926 bl = al;
5927 bh = ah;
5928 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5929 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5930 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5931 al = al + xl | 0;
5932 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5933 w3l = w3l + w12l | 0;
5934 w3h = w3h + w12h + (w3l >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
5935 xl = (w4l >>> 1 | w4h << 31) ^ (w4l >>> 8 | w4h << 24) ^ (w4l >>> 7 | w4h << 25) | 0;
5936 w3l = w3l + xl | 0;
5937 w3h = w3h + ((w4h >>> 1 | w4l << 31) ^ (w4h >>> 8 | w4l << 24) ^ w4h >>> 7) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5938 xl = (w1l >>> 19 | w1h << 13) ^ (w1l << 3 | w1h >>> 29) ^ (w1l >>> 6 | w1h << 26) | 0;
5939 w3l = w3l + xl | 0;
5940 w3h = w3h + ((w1h >>> 19 | w1l << 13) ^ (w1h << 3 | w1l >>> 29) ^ w1h >>> 6) + (w3l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5941 tl = 4000239992 + w3l | 0;
5942 th = 4118630271 + w3h + (tl >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
5943 tl = tl + hl | 0;
5944 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5945 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5946 tl = tl + xl | 0;
5947 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5948 xl = gl ^ el & (fl ^ gl) | 0;
5949 tl = tl + xl | 0;
5950 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5951 hl = gl;
5952 hh = gh;
5953 gl = fl;
5954 gh = fh;
5955 fl = el;
5956 fh = eh;
5957 el = dl + tl | 0;
5958 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5959 dl = cl;
5960 dh = ch;
5961 cl = bl;
5962 ch = bh;
5963 bl = al;
5964 bh = ah;
5965 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
5966 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
5967 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
5968 al = al + xl | 0;
5969 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5970 w4l = w4l + w13l | 0;
5971 w4h = w4h + w13h + (w4l >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
5972 xl = (w5l >>> 1 | w5h << 31) ^ (w5l >>> 8 | w5h << 24) ^ (w5l >>> 7 | w5h << 25) | 0;
5973 w4l = w4l + xl | 0;
5974 w4h = w4h + ((w5h >>> 1 | w5l << 31) ^ (w5h >>> 8 | w5l << 24) ^ w5h >>> 7) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5975 xl = (w2l >>> 19 | w2h << 13) ^ (w2l << 3 | w2h >>> 29) ^ (w2l >>> 6 | w2h << 26) | 0;
5976 w4l = w4l + xl | 0;
5977 w4h = w4h + ((w2h >>> 19 | w2l << 13) ^ (w2h << 3 | w2l >>> 29) ^ w2h >>> 6) + (w4l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5978 tl = 1914138554 + w4l | 0;
5979 th = 116418474 + w4h + (tl >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
5980 tl = tl + hl | 0;
5981 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
5982 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
5983 tl = tl + xl | 0;
5984 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5985 xl = gl ^ el & (fl ^ gl) | 0;
5986 tl = tl + xl | 0;
5987 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
5988 hl = gl;
5989 hh = gh;
5990 gl = fl;
5991 gh = fh;
5992 fl = el;
5993 fh = eh;
5994 el = dl + tl | 0;
5995 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
5996 dl = cl;
5997 dh = ch;
5998 cl = bl;
5999 ch = bh;
6000 bl = al;
6001 bh = ah;
6002 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6003 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6004 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6005 al = al + xl | 0;
6006 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6007 w5l = w5l + w14l | 0;
6008 w5h = w5h + w14h + (w5l >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
6009 xl = (w6l >>> 1 | w6h << 31) ^ (w6l >>> 8 | w6h << 24) ^ (w6l >>> 7 | w6h << 25) | 0;
6010 w5l = w5l + xl | 0;
6011 w5h = w5h + ((w6h >>> 1 | w6l << 31) ^ (w6h >>> 8 | w6l << 24) ^ w6h >>> 7) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6012 xl = (w3l >>> 19 | w3h << 13) ^ (w3l << 3 | w3h >>> 29) ^ (w3l >>> 6 | w3h << 26) | 0;
6013 w5l = w5l + xl | 0;
6014 w5h = w5h + ((w3h >>> 19 | w3l << 13) ^ (w3h << 3 | w3l >>> 29) ^ w3h >>> 6) + (w5l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6015 tl = 2731055270 + w5l | 0;
6016 th = 174292421 + w5h + (tl >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
6017 tl = tl + hl | 0;
6018 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6019 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6020 tl = tl + xl | 0;
6021 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6022 xl = gl ^ el & (fl ^ gl) | 0;
6023 tl = tl + xl | 0;
6024 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6025 hl = gl;
6026 hh = gh;
6027 gl = fl;
6028 gh = fh;
6029 fl = el;
6030 fh = eh;
6031 el = dl + tl | 0;
6032 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6033 dl = cl;
6034 dh = ch;
6035 cl = bl;
6036 ch = bh;
6037 bl = al;
6038 bh = ah;
6039 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6040 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6041 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6042 al = al + xl | 0;
6043 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6044 w6l = w6l + w15l | 0;
6045 w6h = w6h + w15h + (w6l >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
6046 xl = (w7l >>> 1 | w7h << 31) ^ (w7l >>> 8 | w7h << 24) ^ (w7l >>> 7 | w7h << 25) | 0;
6047 w6l = w6l + xl | 0;
6048 w6h = w6h + ((w7h >>> 1 | w7l << 31) ^ (w7h >>> 8 | w7l << 24) ^ w7h >>> 7) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6049 xl = (w4l >>> 19 | w4h << 13) ^ (w4l << 3 | w4h >>> 29) ^ (w4l >>> 6 | w4h << 26) | 0;
6050 w6l = w6l + xl | 0;
6051 w6h = w6h + ((w4h >>> 19 | w4l << 13) ^ (w4h << 3 | w4l >>> 29) ^ w4h >>> 6) + (w6l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6052 tl = 3203993006 + w6l | 0;
6053 th = 289380356 + w6h + (tl >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
6054 tl = tl + hl | 0;
6055 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6056 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6057 tl = tl + xl | 0;
6058 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6059 xl = gl ^ el & (fl ^ gl) | 0;
6060 tl = tl + xl | 0;
6061 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6062 hl = gl;
6063 hh = gh;
6064 gl = fl;
6065 gh = fh;
6066 fl = el;
6067 fh = eh;
6068 el = dl + tl | 0;
6069 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6070 dl = cl;
6071 dh = ch;
6072 cl = bl;
6073 ch = bh;
6074 bl = al;
6075 bh = ah;
6076 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6077 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6078 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6079 al = al + xl | 0;
6080 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6081 w7l = w7l + w0l | 0;
6082 w7h = w7h + w0h + (w7l >>> 0 < w0l >>> 0 ? 1 : 0) | 0;
6083 xl = (w8l >>> 1 | w8h << 31) ^ (w8l >>> 8 | w8h << 24) ^ (w8l >>> 7 | w8h << 25) | 0;
6084 w7l = w7l + xl | 0;
6085 w7h = w7h + ((w8h >>> 1 | w8l << 31) ^ (w8h >>> 8 | w8l << 24) ^ w8h >>> 7) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6086 xl = (w5l >>> 19 | w5h << 13) ^ (w5l << 3 | w5h >>> 29) ^ (w5l >>> 6 | w5h << 26) | 0;
6087 w7l = w7l + xl | 0;
6088 w7h = w7h + ((w5h >>> 19 | w5l << 13) ^ (w5h << 3 | w5l >>> 29) ^ w5h >>> 6) + (w7l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6089 tl = 320620315 + w7l | 0;
6090 th = 460393269 + w7h + (tl >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
6091 tl = tl + hl | 0;
6092 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6093 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6094 tl = tl + xl | 0;
6095 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6096 xl = gl ^ el & (fl ^ gl) | 0;
6097 tl = tl + xl | 0;
6098 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6099 hl = gl;
6100 hh = gh;
6101 gl = fl;
6102 gh = fh;
6103 fl = el;
6104 fh = eh;
6105 el = dl + tl | 0;
6106 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6107 dl = cl;
6108 dh = ch;
6109 cl = bl;
6110 ch = bh;
6111 bl = al;
6112 bh = ah;
6113 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6114 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6115 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6116 al = al + xl | 0;
6117 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6118 w8l = w8l + w1l | 0;
6119 w8h = w8h + w1h + (w8l >>> 0 < w1l >>> 0 ? 1 : 0) | 0;
6120 xl = (w9l >>> 1 | w9h << 31) ^ (w9l >>> 8 | w9h << 24) ^ (w9l >>> 7 | w9h << 25) | 0;
6121 w8l = w8l + xl | 0;
6122 w8h = w8h + ((w9h >>> 1 | w9l << 31) ^ (w9h >>> 8 | w9l << 24) ^ w9h >>> 7) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6123 xl = (w6l >>> 19 | w6h << 13) ^ (w6l << 3 | w6h >>> 29) ^ (w6l >>> 6 | w6h << 26) | 0;
6124 w8l = w8l + xl | 0;
6125 w8h = w8h + ((w6h >>> 19 | w6l << 13) ^ (w6h << 3 | w6l >>> 29) ^ w6h >>> 6) + (w8l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6126 tl = 587496836 + w8l | 0;
6127 th = 685471733 + w8h + (tl >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
6128 tl = tl + hl | 0;
6129 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6130 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6131 tl = tl + xl | 0;
6132 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6133 xl = gl ^ el & (fl ^ gl) | 0;
6134 tl = tl + xl | 0;
6135 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6136 hl = gl;
6137 hh = gh;
6138 gl = fl;
6139 gh = fh;
6140 fl = el;
6141 fh = eh;
6142 el = dl + tl | 0;
6143 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6144 dl = cl;
6145 dh = ch;
6146 cl = bl;
6147 ch = bh;
6148 bl = al;
6149 bh = ah;
6150 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6151 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6152 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6153 al = al + xl | 0;
6154 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6155 w9l = w9l + w2l | 0;
6156 w9h = w9h + w2h + (w9l >>> 0 < w2l >>> 0 ? 1 : 0) | 0;
6157 xl = (w10l >>> 1 | w10h << 31) ^ (w10l >>> 8 | w10h << 24) ^ (w10l >>> 7 | w10h << 25) | 0;
6158 w9l = w9l + xl | 0;
6159 w9h = w9h + ((w10h >>> 1 | w10l << 31) ^ (w10h >>> 8 | w10l << 24) ^ w10h >>> 7) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6160 xl = (w7l >>> 19 | w7h << 13) ^ (w7l << 3 | w7h >>> 29) ^ (w7l >>> 6 | w7h << 26) | 0;
6161 w9l = w9l + xl | 0;
6162 w9h = w9h + ((w7h >>> 19 | w7l << 13) ^ (w7h << 3 | w7l >>> 29) ^ w7h >>> 6) + (w9l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6163 tl = 1086792851 + w9l | 0;
6164 th = 852142971 + w9h + (tl >>> 0 < w9l >>> 0 ? 1 : 0) | 0;
6165 tl = tl + hl | 0;
6166 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6167 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6168 tl = tl + xl | 0;
6169 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6170 xl = gl ^ el & (fl ^ gl) | 0;
6171 tl = tl + xl | 0;
6172 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6173 hl = gl;
6174 hh = gh;
6175 gl = fl;
6176 gh = fh;
6177 fl = el;
6178 fh = eh;
6179 el = dl + tl | 0;
6180 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6181 dl = cl;
6182 dh = ch;
6183 cl = bl;
6184 ch = bh;
6185 bl = al;
6186 bh = ah;
6187 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6188 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6189 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6190 al = al + xl | 0;
6191 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6192 w10l = w10l + w3l | 0;
6193 w10h = w10h + w3h + (w10l >>> 0 < w3l >>> 0 ? 1 : 0) | 0;
6194 xl = (w11l >>> 1 | w11h << 31) ^ (w11l >>> 8 | w11h << 24) ^ (w11l >>> 7 | w11h << 25) | 0;
6195 w10l = w10l + xl | 0;
6196 w10h = w10h + ((w11h >>> 1 | w11l << 31) ^ (w11h >>> 8 | w11l << 24) ^ w11h >>> 7) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6197 xl = (w8l >>> 19 | w8h << 13) ^ (w8l << 3 | w8h >>> 29) ^ (w8l >>> 6 | w8h << 26) | 0;
6198 w10l = w10l + xl | 0;
6199 w10h = w10h + ((w8h >>> 19 | w8l << 13) ^ (w8h << 3 | w8l >>> 29) ^ w8h >>> 6) + (w10l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6200 tl = 365543100 + w10l | 0;
6201 th = 1017036298 + w10h + (tl >>> 0 < w10l >>> 0 ? 1 : 0) | 0;
6202 tl = tl + hl | 0;
6203 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6204 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6205 tl = tl + xl | 0;
6206 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6207 xl = gl ^ el & (fl ^ gl) | 0;
6208 tl = tl + xl | 0;
6209 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6210 hl = gl;
6211 hh = gh;
6212 gl = fl;
6213 gh = fh;
6214 fl = el;
6215 fh = eh;
6216 el = dl + tl | 0;
6217 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6218 dl = cl;
6219 dh = ch;
6220 cl = bl;
6221 ch = bh;
6222 bl = al;
6223 bh = ah;
6224 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6225 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6226 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6227 al = al + xl | 0;
6228 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6229 w11l = w11l + w4l | 0;
6230 w11h = w11h + w4h + (w11l >>> 0 < w4l >>> 0 ? 1 : 0) | 0;
6231 xl = (w12l >>> 1 | w12h << 31) ^ (w12l >>> 8 | w12h << 24) ^ (w12l >>> 7 | w12h << 25) | 0;
6232 w11l = w11l + xl | 0;
6233 w11h = w11h + ((w12h >>> 1 | w12l << 31) ^ (w12h >>> 8 | w12l << 24) ^ w12h >>> 7) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6234 xl = (w9l >>> 19 | w9h << 13) ^ (w9l << 3 | w9h >>> 29) ^ (w9l >>> 6 | w9h << 26) | 0;
6235 w11l = w11l + xl | 0;
6236 w11h = w11h + ((w9h >>> 19 | w9l << 13) ^ (w9h << 3 | w9l >>> 29) ^ w9h >>> 6) + (w11l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6237 tl = 2618297676 + w11l | 0;
6238 th = 1126000580 + w11h + (tl >>> 0 < w11l >>> 0 ? 1 : 0) | 0;
6239 tl = tl + hl | 0;
6240 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6241 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6242 tl = tl + xl | 0;
6243 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6244 xl = gl ^ el & (fl ^ gl) | 0;
6245 tl = tl + xl | 0;
6246 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6247 hl = gl;
6248 hh = gh;
6249 gl = fl;
6250 gh = fh;
6251 fl = el;
6252 fh = eh;
6253 el = dl + tl | 0;
6254 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6255 dl = cl;
6256 dh = ch;
6257 cl = bl;
6258 ch = bh;
6259 bl = al;
6260 bh = ah;
6261 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6262 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6263 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6264 al = al + xl | 0;
6265 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6266 w12l = w12l + w5l | 0;
6267 w12h = w12h + w5h + (w12l >>> 0 < w5l >>> 0 ? 1 : 0) | 0;
6268 xl = (w13l >>> 1 | w13h << 31) ^ (w13l >>> 8 | w13h << 24) ^ (w13l >>> 7 | w13h << 25) | 0;
6269 w12l = w12l + xl | 0;
6270 w12h = w12h + ((w13h >>> 1 | w13l << 31) ^ (w13h >>> 8 | w13l << 24) ^ w13h >>> 7) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6271 xl = (w10l >>> 19 | w10h << 13) ^ (w10l << 3 | w10h >>> 29) ^ (w10l >>> 6 | w10h << 26) | 0;
6272 w12l = w12l + xl | 0;
6273 w12h = w12h + ((w10h >>> 19 | w10l << 13) ^ (w10h << 3 | w10l >>> 29) ^ w10h >>> 6) + (w12l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6274 tl = 3409855158 + w12l | 0;
6275 th = 1288033470 + w12h + (tl >>> 0 < w12l >>> 0 ? 1 : 0) | 0;
6276 tl = tl + hl | 0;
6277 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6278 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6279 tl = tl + xl | 0;
6280 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6281 xl = gl ^ el & (fl ^ gl) | 0;
6282 tl = tl + xl | 0;
6283 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6284 hl = gl;
6285 hh = gh;
6286 gl = fl;
6287 gh = fh;
6288 fl = el;
6289 fh = eh;
6290 el = dl + tl | 0;
6291 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6292 dl = cl;
6293 dh = ch;
6294 cl = bl;
6295 ch = bh;
6296 bl = al;
6297 bh = ah;
6298 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6299 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6300 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6301 al = al + xl | 0;
6302 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6303 w13l = w13l + w6l | 0;
6304 w13h = w13h + w6h + (w13l >>> 0 < w6l >>> 0 ? 1 : 0) | 0;
6305 xl = (w14l >>> 1 | w14h << 31) ^ (w14l >>> 8 | w14h << 24) ^ (w14l >>> 7 | w14h << 25) | 0;
6306 w13l = w13l + xl | 0;
6307 w13h = w13h + ((w14h >>> 1 | w14l << 31) ^ (w14h >>> 8 | w14l << 24) ^ w14h >>> 7) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6308 xl = (w11l >>> 19 | w11h << 13) ^ (w11l << 3 | w11h >>> 29) ^ (w11l >>> 6 | w11h << 26) | 0;
6309 w13l = w13l + xl | 0;
6310 w13h = w13h + ((w11h >>> 19 | w11l << 13) ^ (w11h << 3 | w11l >>> 29) ^ w11h >>> 6) + (w13l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6311 tl = 4234509866 + w13l | 0;
6312 th = 1501505948 + w13h + (tl >>> 0 < w13l >>> 0 ? 1 : 0) | 0;
6313 tl = tl + hl | 0;
6314 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6315 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6316 tl = tl + xl | 0;
6317 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6318 xl = gl ^ el & (fl ^ gl) | 0;
6319 tl = tl + xl | 0;
6320 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6321 hl = gl;
6322 hh = gh;
6323 gl = fl;
6324 gh = fh;
6325 fl = el;
6326 fh = eh;
6327 el = dl + tl | 0;
6328 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6329 dl = cl;
6330 dh = ch;
6331 cl = bl;
6332 ch = bh;
6333 bl = al;
6334 bh = ah;
6335 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6336 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6337 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6338 al = al + xl | 0;
6339 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6340 w14l = w14l + w7l | 0;
6341 w14h = w14h + w7h + (w14l >>> 0 < w7l >>> 0 ? 1 : 0) | 0;
6342 xl = (w15l >>> 1 | w15h << 31) ^ (w15l >>> 8 | w15h << 24) ^ (w15l >>> 7 | w15h << 25) | 0;
6343 w14l = w14l + xl | 0;
6344 w14h = w14h + ((w15h >>> 1 | w15l << 31) ^ (w15h >>> 8 | w15l << 24) ^ w15h >>> 7) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6345 xl = (w12l >>> 19 | w12h << 13) ^ (w12l << 3 | w12h >>> 29) ^ (w12l >>> 6 | w12h << 26) | 0;
6346 w14l = w14l + xl | 0;
6347 w14h = w14h + ((w12h >>> 19 | w12l << 13) ^ (w12h << 3 | w12l >>> 29) ^ w12h >>> 6) + (w14l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6348 tl = 987167468 + w14l | 0;
6349 th = 1607167915 + w14h + (tl >>> 0 < w14l >>> 0 ? 1 : 0) | 0;
6350 tl = tl + hl | 0;
6351 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6352 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6353 tl = tl + xl | 0;
6354 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6355 xl = gl ^ el & (fl ^ gl) | 0;
6356 tl = tl + xl | 0;
6357 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6358 hl = gl;
6359 hh = gh;
6360 gl = fl;
6361 gh = fh;
6362 fl = el;
6363 fh = eh;
6364 el = dl + tl | 0;
6365 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6366 dl = cl;
6367 dh = ch;
6368 cl = bl;
6369 ch = bh;
6370 bl = al;
6371 bh = ah;
6372 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6373 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6374 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6375 al = al + xl | 0;
6376 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6377 w15l = w15l + w8l | 0;
6378 w15h = w15h + w8h + (w15l >>> 0 < w8l >>> 0 ? 1 : 0) | 0;
6379 xl = (w0l >>> 1 | w0h << 31) ^ (w0l >>> 8 | w0h << 24) ^ (w0l >>> 7 | w0h << 25) | 0;
6380 w15l = w15l + xl | 0;
6381 w15h = w15h + ((w0h >>> 1 | w0l << 31) ^ (w0h >>> 8 | w0l << 24) ^ w0h >>> 7) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6382 xl = (w13l >>> 19 | w13h << 13) ^ (w13l << 3 | w13h >>> 29) ^ (w13l >>> 6 | w13h << 26) | 0;
6383 w15l = w15l + xl | 0;
6384 w15h = w15h + ((w13h >>> 19 | w13l << 13) ^ (w13h << 3 | w13l >>> 29) ^ w13h >>> 6) + (w15l >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6385 tl = 1246189591 + w15l | 0;
6386 th = 1816402316 + w15h + (tl >>> 0 < w15l >>> 0 ? 1 : 0) | 0;
6387 tl = tl + hl | 0;
6388 th = th + hh + (tl >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6389 xl = (el >>> 14 | eh << 18) ^ (el >>> 18 | eh << 14) ^ (el << 23 | eh >>> 9) | 0;
6390 tl = tl + xl | 0;
6391 th = th + ((eh >>> 14 | el << 18) ^ (eh >>> 18 | el << 14) ^ (eh << 23 | el >>> 9)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6392 xl = gl ^ el & (fl ^ gl) | 0;
6393 tl = tl + xl | 0;
6394 th = th + (gh ^ eh & (fh ^ gh)) + (tl >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6395 hl = gl;
6396 hh = gh;
6397 gl = fl;
6398 gh = fh;
6399 fl = el;
6400 fh = eh;
6401 el = dl + tl | 0;
6402 eh = dh + th + (el >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6403 dl = cl;
6404 dh = ch;
6405 cl = bl;
6406 ch = bh;
6407 bl = al;
6408 bh = ah;
6409 al = tl + (bl & cl ^ dl & (bl ^ cl)) | 0;
6410 ah = th + (bh & ch ^ dh & (bh ^ ch)) + (al >>> 0 < tl >>> 0 ? 1 : 0) | 0;
6411 xl = (bl >>> 28 | bh << 4) ^ (bl << 30 | bh >>> 2) ^ (bl << 25 | bh >>> 7) | 0;
6412 al = al + xl | 0;
6413 ah = ah + ((bh >>> 28 | bl << 4) ^ (bh << 30 | bl >>> 2) ^ (bh << 25 | bl >>> 7)) + (al >>> 0 < xl >>> 0 ? 1 : 0) | 0;
6414 H0l = H0l + al | 0;
6415 H0h = H0h + ah + (H0l >>> 0 < al >>> 0 ? 1 : 0) | 0;
6416 H1l = H1l + bl | 0;
6417 H1h = H1h + bh + (H1l >>> 0 < bl >>> 0 ? 1 : 0) | 0;
6418 H2l = H2l + cl | 0;
6419 H2h = H2h + ch + (H2l >>> 0 < cl >>> 0 ? 1 : 0) | 0;
6420 H3l = H3l + dl | 0;
6421 H3h = H3h + dh + (H3l >>> 0 < dl >>> 0 ? 1 : 0) | 0;
6422 H4l = H4l + el | 0;
6423 H4h = H4h + eh + (H4l >>> 0 < el >>> 0 ? 1 : 0) | 0;
6424 H5l = H5l + fl | 0;
6425 H5h = H5h + fh + (H5l >>> 0 < fl >>> 0 ? 1 : 0) | 0;
6426 H6l = H6l + gl | 0;
6427 H6h = H6h + gh + (H6l >>> 0 < gl >>> 0 ? 1 : 0) | 0;
6428 H7l = H7l + hl | 0;
6429 H7h = H7h + hh + (H7l >>> 0 < hl >>> 0 ? 1 : 0) | 0;
6430 }
6431 function _core_heap(offset) {
6432 offset = offset | 0;
6433 _core(HEAP[offset | 0] << 24 | HEAP[offset | 1] << 16 | HEAP[offset | 2] << 8 | HEAP[offset | 3], HEAP[offset | 4] << 24 | HEAP[offset | 5] << 16 | HEAP[offset | 6] << 8 | HEAP[offset | 7], HEAP[offset | 8] << 24 | HEAP[offset | 9] << 16 | HEAP[offset | 10] << 8 | HEAP[offset | 11], HEAP[offset | 12] << 24 | HEAP[offset | 13] << 16 | HEAP[offset | 14] << 8 | HEAP[offset | 15], HEAP[offset | 16] << 24 | HEAP[offset | 17] << 16 | HEAP[offset | 18] << 8 | HEAP[offset | 19], HEAP[offset | 20] << 24 | HEAP[offset | 21] << 16 | HEAP[offset | 22] << 8 | HEAP[offset | 23], HEAP[offset | 24] << 24 | HEAP[offset | 25] << 16 | HEAP[offset | 26] << 8 | HEAP[offset | 27], HEAP[offset | 28] << 24 | HEAP[offset | 29] << 16 | HEAP[offset | 30] << 8 | HEAP[offset | 31], HEAP[offset | 32] << 24 | HEAP[offset | 33] << 16 | HEAP[offset | 34] << 8 | HEAP[offset | 35], HEAP[offset | 36] << 24 | HEAP[offset | 37] << 16 | HEAP[offset | 38] << 8 | HEAP[offset | 39], HEAP[offset | 40] << 24 | HEAP[offset | 41] << 16 | HEAP[offset | 42] << 8 | HEAP[offset | 43], HEAP[offset | 44] << 24 | HEAP[offset | 45] << 16 | HEAP[offset | 46] << 8 | HEAP[offset | 47], HEAP[offset | 48] << 24 | HEAP[offset | 49] << 16 | HEAP[offset | 50] << 8 | HEAP[offset | 51], HEAP[offset | 52] << 24 | HEAP[offset | 53] << 16 | HEAP[offset | 54] << 8 | HEAP[offset | 55], HEAP[offset | 56] << 24 | HEAP[offset | 57] << 16 | HEAP[offset | 58] << 8 | HEAP[offset | 59], HEAP[offset | 60] << 24 | HEAP[offset | 61] << 16 | HEAP[offset | 62] << 8 | HEAP[offset | 63], HEAP[offset | 64] << 24 | HEAP[offset | 65] << 16 | HEAP[offset | 66] << 8 | HEAP[offset | 67], HEAP[offset | 68] << 24 | HEAP[offset | 69] << 16 | HEAP[offset | 70] << 8 | HEAP[offset | 71], HEAP[offset | 72] << 24 | HEAP[offset | 73] << 16 | HEAP[offset | 74] << 8 | HEAP[offset | 75], HEAP[offset | 76] << 24 | HEAP[offset | 77] << 16 | HEAP[offset | 78] << 8 | HEAP[offset | 79], HEAP[offset | 80] << 24 | HEAP[offset | 81] << 16 | HEAP[offset | 82] << 8 | HEAP[offset | 83], HEAP[offset | 84] << 24 | HEAP[offset | 85] << 16 | HEAP[offset | 86] << 8 | HEAP[offset | 87], HEAP[offset | 88] << 24 | HEAP[offset | 89] << 16 | HEAP[offset | 90] << 8 | HEAP[offset | 91], HEAP[offset | 92] << 24 | HEAP[offset | 93] << 16 | HEAP[offset | 94] << 8 | HEAP[offset | 95], HEAP[offset | 96] << 24 | HEAP[offset | 97] << 16 | HEAP[offset | 98] << 8 | HEAP[offset | 99], HEAP[offset | 100] << 24 | HEAP[offset | 101] << 16 | HEAP[offset | 102] << 8 | HEAP[offset | 103], HEAP[offset | 104] << 24 | HEAP[offset | 105] << 16 | HEAP[offset | 106] << 8 | HEAP[offset | 107], HEAP[offset | 108] << 24 | HEAP[offset | 109] << 16 | HEAP[offset | 110] << 8 | HEAP[offset | 111], HEAP[offset | 112] << 24 | HEAP[offset | 113] << 16 | HEAP[offset | 114] << 8 | HEAP[offset | 115], HEAP[offset | 116] << 24 | HEAP[offset | 117] << 16 | HEAP[offset | 118] << 8 | HEAP[offset | 119], HEAP[offset | 120] << 24 | HEAP[offset | 121] << 16 | HEAP[offset | 122] << 8 | HEAP[offset | 123], HEAP[offset | 124] << 24 | HEAP[offset | 125] << 16 | HEAP[offset | 126] << 8 | HEAP[offset | 127]);
6434 }
6435 function _state_to_heap(output) {
6436 output = output | 0;
6437 HEAP[output | 0] = H0h >>> 24;
6438 HEAP[output | 1] = H0h >>> 16 & 255;
6439 HEAP[output | 2] = H0h >>> 8 & 255;
6440 HEAP[output | 3] = H0h & 255;
6441 HEAP[output | 4] = H0l >>> 24;
6442 HEAP[output | 5] = H0l >>> 16 & 255;
6443 HEAP[output | 6] = H0l >>> 8 & 255;
6444 HEAP[output | 7] = H0l & 255;
6445 HEAP[output | 8] = H1h >>> 24;
6446 HEAP[output | 9] = H1h >>> 16 & 255;
6447 HEAP[output | 10] = H1h >>> 8 & 255;
6448 HEAP[output | 11] = H1h & 255;
6449 HEAP[output | 12] = H1l >>> 24;
6450 HEAP[output | 13] = H1l >>> 16 & 255;
6451 HEAP[output | 14] = H1l >>> 8 & 255;
6452 HEAP[output | 15] = H1l & 255;
6453 HEAP[output | 16] = H2h >>> 24;
6454 HEAP[output | 17] = H2h >>> 16 & 255;
6455 HEAP[output | 18] = H2h >>> 8 & 255;
6456 HEAP[output | 19] = H2h & 255;
6457 HEAP[output | 20] = H2l >>> 24;
6458 HEAP[output | 21] = H2l >>> 16 & 255;
6459 HEAP[output | 22] = H2l >>> 8 & 255;
6460 HEAP[output | 23] = H2l & 255;
6461 HEAP[output | 24] = H3h >>> 24;
6462 HEAP[output | 25] = H3h >>> 16 & 255;
6463 HEAP[output | 26] = H3h >>> 8 & 255;
6464 HEAP[output | 27] = H3h & 255;
6465 HEAP[output | 28] = H3l >>> 24;
6466 HEAP[output | 29] = H3l >>> 16 & 255;
6467 HEAP[output | 30] = H3l >>> 8 & 255;
6468 HEAP[output | 31] = H3l & 255;
6469 HEAP[output | 32] = H4h >>> 24;
6470 HEAP[output | 33] = H4h >>> 16 & 255;
6471 HEAP[output | 34] = H4h >>> 8 & 255;
6472 HEAP[output | 35] = H4h & 255;
6473 HEAP[output | 36] = H4l >>> 24;
6474 HEAP[output | 37] = H4l >>> 16 & 255;
6475 HEAP[output | 38] = H4l >>> 8 & 255;
6476 HEAP[output | 39] = H4l & 255;
6477 HEAP[output | 40] = H5h >>> 24;
6478 HEAP[output | 41] = H5h >>> 16 & 255;
6479 HEAP[output | 42] = H5h >>> 8 & 255;
6480 HEAP[output | 43] = H5h & 255;
6481 HEAP[output | 44] = H5l >>> 24;
6482 HEAP[output | 45] = H5l >>> 16 & 255;
6483 HEAP[output | 46] = H5l >>> 8 & 255;
6484 HEAP[output | 47] = H5l & 255;
6485 HEAP[output | 48] = H6h >>> 24;
6486 HEAP[output | 49] = H6h >>> 16 & 255;
6487 HEAP[output | 50] = H6h >>> 8 & 255;
6488 HEAP[output | 51] = H6h & 255;
6489 HEAP[output | 52] = H6l >>> 24;
6490 HEAP[output | 53] = H6l >>> 16 & 255;
6491 HEAP[output | 54] = H6l >>> 8 & 255;
6492 HEAP[output | 55] = H6l & 255;
6493 HEAP[output | 56] = H7h >>> 24;
6494 HEAP[output | 57] = H7h >>> 16 & 255;
6495 HEAP[output | 58] = H7h >>> 8 & 255;
6496 HEAP[output | 59] = H7h & 255;
6497 HEAP[output | 60] = H7l >>> 24;
6498 HEAP[output | 61] = H7l >>> 16 & 255;
6499 HEAP[output | 62] = H7l >>> 8 & 255;
6500 HEAP[output | 63] = H7l & 255;
6501 }
6502 function reset() {
6503 H0h = 1779033703;
6504 H0l = 4089235720;
6505 H1h = 3144134277;
6506 H1l = 2227873595;
6507 H2h = 1013904242;
6508 H2l = 4271175723;
6509 H3h = 2773480762;
6510 H3l = 1595750129;
6511 H4h = 1359893119;
6512 H4l = 2917565137;
6513 H5h = 2600822924;
6514 H5l = 725511199;
6515 H6h = 528734635;
6516 H6l = 4215389547;
6517 H7h = 1541459225;
6518 H7l = 327033209;
6519 TOTAL = 0;
6520 }
6521 function init(h0h, h0l, h1h, h1l, h2h, h2l, h3h, h3l, h4h, h4l, h5h, h5l, h6h, h6l, h7h, h7l, total) {
6522 h0h = h0h | 0;
6523 h0l = h0l | 0;
6524 h1h = h1h | 0;
6525 h1l = h1l | 0;
6526 h2h = h2h | 0;
6527 h2l = h2l | 0;
6528 h3h = h3h | 0;
6529 h3l = h3l | 0;
6530 h4h = h4h | 0;
6531 h4l = h4l | 0;
6532 h5h = h5h | 0;
6533 h5l = h5l | 0;
6534 h6h = h6h | 0;
6535 h6l = h6l | 0;
6536 h7h = h7h | 0;
6537 h7l = h7l | 0;
6538 total = total | 0;
6539 H0h = h0h;
6540 H0l = h0l;
6541 H1h = h1h;
6542 H1l = h1l;
6543 H2h = h2h;
6544 H2l = h2l;
6545 H3h = h3h;
6546 H3l = h3l;
6547 H4h = h4h;
6548 H4l = h4l;
6549 H5h = h5h;
6550 H5l = h5l;
6551 H6h = h6h;
6552 H6l = h6l;
6553 H7h = h7h;
6554 H7l = h7l;
6555 TOTAL = total;
6556 }
6557 function process(offset, length) {
6558 offset = offset | 0;
6559 length = length | 0;
6560 var hashed = 0;
6561 if (offset & 127) return -1;
6562 while ((length | 0) >= 128) {
6563 _core_heap(offset);
6564 offset = offset + 128 | 0;
6565 length = length - 128 | 0;
6566 hashed = hashed + 128 | 0;
6567 }
6568 TOTAL = TOTAL + hashed | 0;
6569 return hashed | 0;
6570 }
6571 function finish(offset, length, output) {
6572 offset = offset | 0;
6573 length = length | 0;
6574 output = output | 0;
6575 var hashed = 0, i = 0;
6576 if (offset & 127) return -1;
6577 if (~output) if (output & 63) return -1;
6578 if ((length | 0) >= 128) {
6579 hashed = process(offset, length) | 0;
6580 if ((hashed | 0) == -1) return -1;
6581 offset = offset + hashed | 0;
6582 length = length - hashed | 0;
6583 }
6584 hashed = hashed + length | 0;
6585 TOTAL = TOTAL + length | 0;
6586 HEAP[offset | length] = 128;
6587 if ((length | 0) >= 112) {
6588 for (i = length + 1 | 0; (i | 0) < 128; i = i + 1 | 0) HEAP[offset | i] = 0;
6589 _core_heap(offset);
6590 length = 0;
6591 HEAP[offset | 0] = 0;
6592 }
6593 for (i = length + 1 | 0; (i | 0) < 123; i = i + 1 | 0) HEAP[offset | i] = 0;
6594 HEAP[offset | 123] = TOTAL >>> 29;
6595 HEAP[offset | 124] = TOTAL >>> 21 & 255;
6596 HEAP[offset | 125] = TOTAL >>> 13 & 255;
6597 HEAP[offset | 126] = TOTAL >>> 5 & 255;
6598 HEAP[offset | 127] = TOTAL << 3 & 255;
6599 _core_heap(offset);
6600 if (~output) _state_to_heap(output);
6601 return hashed | 0;
6602 }
6603 function hmac_reset() {
6604 H0h = I0h;
6605 H0l = I0l;
6606 H1h = I1h;
6607 H1l = I1l;
6608 H2h = I2h;
6609 H2l = I2l;
6610 H3h = I3h;
6611 H3l = I3l;
6612 H4h = I4h;
6613 H4l = I4l;
6614 H5h = I5h;
6615 H5l = I5l;
6616 H6h = I6h;
6617 H6l = I6l;
6618 H7h = I7h;
6619 H7l = I7l;
6620 TOTAL = 128;
6621 }
6622 function _hmac_opad() {
6623 H0h = O0h;
6624 H0l = O0l;
6625 H1h = O1h;
6626 H1l = O1l;
6627 H2h = O2h;
6628 H2l = O2l;
6629 H3h = O3h;
6630 H3l = O3l;
6631 H4h = O4h;
6632 H4l = O4l;
6633 H5h = O5h;
6634 H5l = O5l;
6635 H6h = O6h;
6636 H6l = O6l;
6637 H7h = O7h;
6638 H7l = O7l;
6639 TOTAL = 128;
6640 }
6641 function hmac_init(p0h, p0l, p1h, p1l, p2h, p2l, p3h, p3l, p4h, p4l, p5h, p5l, p6h, p6l, p7h, p7l, p8h, p8l, p9h, p9l, p10h, p10l, p11h, p11l, p12h, p12l, p13h, p13l, p14h, p14l, p15h, p15l) {
6642 p0h = p0h | 0;
6643 p0l = p0l | 0;
6644 p1h = p1h | 0;
6645 p1l = p1l | 0;
6646 p2h = p2h | 0;
6647 p2l = p2l | 0;
6648 p3h = p3h | 0;
6649 p3l = p3l | 0;
6650 p4h = p4h | 0;
6651 p4l = p4l | 0;
6652 p5h = p5h | 0;
6653 p5l = p5l | 0;
6654 p6h = p6h | 0;
6655 p6l = p6l | 0;
6656 p7h = p7h | 0;
6657 p7l = p7l | 0;
6658 p8h = p8h | 0;
6659 p8l = p8l | 0;
6660 p9h = p9h | 0;
6661 p9l = p9l | 0;
6662 p10h = p10h | 0;
6663 p10l = p10l | 0;
6664 p11h = p11h | 0;
6665 p11l = p11l | 0;
6666 p12h = p12h | 0;
6667 p12l = p12l | 0;
6668 p13h = p13h | 0;
6669 p13l = p13l | 0;
6670 p14h = p14h | 0;
6671 p14l = p14l | 0;
6672 p15h = p15h | 0;
6673 p15l = p15l | 0;
6674 reset();
6675 _core(p0h ^ 1549556828, p0l ^ 1549556828, p1h ^ 1549556828, p1l ^ 1549556828, p2h ^ 1549556828, p2l ^ 1549556828, p3h ^ 1549556828, p3l ^ 1549556828, p4h ^ 1549556828, p4l ^ 1549556828, p5h ^ 1549556828, p5l ^ 1549556828, p6h ^ 1549556828, p6l ^ 1549556828, p7h ^ 1549556828, p7l ^ 1549556828, p8h ^ 1549556828, p8l ^ 1549556828, p9h ^ 1549556828, p9l ^ 1549556828, p10h ^ 1549556828, p10l ^ 1549556828, p11h ^ 1549556828, p11l ^ 1549556828, p12h ^ 1549556828, p12l ^ 1549556828, p13h ^ 1549556828, p13l ^ 1549556828, p14h ^ 1549556828, p14l ^ 1549556828, p15h ^ 1549556828, p15l ^ 1549556828);
6676 O0h = H0h;
6677 O0l = H0l;
6678 O1h = H1h;
6679 O1l = H1l;
6680 O2h = H2h;
6681 O2l = H2l;
6682 O3h = H3h;
6683 O3l = H3l;
6684 O4h = H4h;
6685 O4l = H4l;
6686 O5h = H5h;
6687 O5l = H5l;
6688 O6h = H6h;
6689 O6l = H6l;
6690 O7h = H7h;
6691 O7l = H7l;
6692 reset();
6693 _core(p0h ^ 909522486, p0l ^ 909522486, p1h ^ 909522486, p1l ^ 909522486, p2h ^ 909522486, p2l ^ 909522486, p3h ^ 909522486, p3l ^ 909522486, p4h ^ 909522486, p4l ^ 909522486, p5h ^ 909522486, p5l ^ 909522486, p6h ^ 909522486, p6l ^ 909522486, p7h ^ 909522486, p7l ^ 909522486, p8h ^ 909522486, p8l ^ 909522486, p9h ^ 909522486, p9l ^ 909522486, p10h ^ 909522486, p10l ^ 909522486, p11h ^ 909522486, p11l ^ 909522486, p12h ^ 909522486, p12l ^ 909522486, p13h ^ 909522486, p13l ^ 909522486, p14h ^ 909522486, p14l ^ 909522486, p15h ^ 909522486, p15l ^ 909522486);
6694 I0h = H0h;
6695 I0l = H0l;
6696 I1h = H1h;
6697 I1l = H1l;
6698 I2h = H2h;
6699 I2l = H2l;
6700 I3h = H3h;
6701 I3l = H3l;
6702 I4h = H4h;
6703 I4l = H4l;
6704 I5h = H5h;
6705 I5l = H5l;
6706 I6h = H6h;
6707 I6l = H6l;
6708 I7h = H7h;
6709 I7l = H7l;
6710 TOTAL = 128;
6711 }
6712 function hmac_finish(offset, length, output) {
6713 offset = offset | 0;
6714 length = length | 0;
6715 output = output | 0;
6716 var t0h = 0, t0l = 0, t1h = 0, t1l = 0, t2h = 0, t2l = 0, t3h = 0, t3l = 0, t4h = 0, t4l = 0, t5h = 0, t5l = 0, t6h = 0, t6l = 0, t7h = 0, t7l = 0, hashed = 0;
6717 if (offset & 127) return -1;
6718 if (~output) if (output & 63) return -1;
6719 hashed = finish(offset, length, -1) | 0;
6720 t0h = H0h;
6721 t0l = H0l;
6722 t1h = H1h;
6723 t1l = H1l;
6724 t2h = H2h;
6725 t2l = H2l;
6726 t3h = H3h;
6727 t3l = H3l;
6728 t4h = H4h;
6729 t4l = H4l;
6730 t5h = H5h;
6731 t5l = H5l;
6732 t6h = H6h;
6733 t6l = H6l;
6734 t7h = H7h;
6735 t7l = H7l;
6736 _hmac_opad();
6737 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
6738 if (~output) _state_to_heap(output);
6739 return hashed | 0;
6740 }
6741 function pbkdf2_generate_block(offset, length, block, count, output) {
6742 offset = offset | 0;
6743 length = length | 0;
6744 block = block | 0;
6745 count = count | 0;
6746 output = output | 0;
6747 var h0h = 0, h0l = 0, h1h = 0, h1l = 0, h2h = 0, h2l = 0, h3h = 0, h3l = 0, h4h = 0, h4l = 0, h5h = 0, h5l = 0, h6h = 0, h6l = 0, h7h = 0, h7l = 0, t0h = 0, t0l = 0, t1h = 0, t1l = 0, t2h = 0, t2l = 0, t3h = 0, t3l = 0, t4h = 0, t4l = 0, t5h = 0, t5l = 0, t6h = 0, t6l = 0, t7h = 0, t7l = 0;
6748 if (offset & 127) return -1;
6749 if (~output) if (output & 63) return -1;
6750 HEAP[offset + length | 0] = block >>> 24;
6751 HEAP[offset + length + 1 | 0] = block >>> 16 & 255;
6752 HEAP[offset + length + 2 | 0] = block >>> 8 & 255;
6753 HEAP[offset + length + 3 | 0] = block & 255;
6754 // Closure compiler warning - The result of the 'bitor' operator is not being used
6755 //hmac_finish(offset, length + 4 | 0, -1) | 0;
6756 hmac_finish(offset, length + 4 | 0, -1);
6757 h0h = t0h = H0h;
6758 h0l = t0l = H0l;
6759 h1h = t1h = H1h;
6760 h1l = t1l = H1l;
6761 h2h = t2h = H2h;
6762 h2l = t2l = H2l;
6763 h3h = t3h = H3h;
6764 h3l = t3l = H3l;
6765 h4h = t4h = H4h;
6766 h4l = t4l = H4l;
6767 h5h = t5h = H5h;
6768 h5l = t5l = H5l;
6769 h6h = t6h = H6h;
6770 h6l = t6l = H6l;
6771 h7h = t7h = H7h;
6772 h7l = t7l = H7l;
6773 count = count - 1 | 0;
6774 while ((count | 0) > 0) {
6775 hmac_reset();
6776 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
6777 t0h = H0h;
6778 t0l = H0l;
6779 t1h = H1h;
6780 t1l = H1l;
6781 t2h = H2h;
6782 t2l = H2l;
6783 t3h = H3h;
6784 t3l = H3l;
6785 t4h = H4h;
6786 t4l = H4l;
6787 t5h = H5h;
6788 t5l = H5l;
6789 t6h = H6h;
6790 t6l = H6l;
6791 t7h = H7h;
6792 t7l = H7l;
6793 _hmac_opad();
6794 _core(t0h, t0l, t1h, t1l, t2h, t2l, t3h, t3l, t4h, t4l, t5h, t5l, t6h, t6l, t7h, t7l, 2147483648, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1536);
6795 t0h = H0h;
6796 t0l = H0l;
6797 t1h = H1h;
6798 t1l = H1l;
6799 t2h = H2h;
6800 t2l = H2l;
6801 t3h = H3h;
6802 t3l = H3l;
6803 t4h = H4h;
6804 t4l = H4l;
6805 t5h = H5h;
6806 t5l = H5l;
6807 t6h = H6h;
6808 t6l = H6l;
6809 t7h = H7h;
6810 t7l = H7l;
6811 h0h = h0h ^ H0h;
6812 h0l = h0l ^ H0l;
6813 h1h = h1h ^ H1h;
6814 h1l = h1l ^ H1l;
6815 h2h = h2h ^ H2h;
6816 h2l = h2l ^ H2l;
6817 h3h = h3h ^ H3h;
6818 h3l = h3l ^ H3l;
6819 h4h = h4h ^ H4h;
6820 h4l = h4l ^ H4l;
6821 h5h = h5h ^ H5h;
6822 h5l = h5l ^ H5l;
6823 h6h = h6h ^ H6h;
6824 h6l = h6l ^ H6l;
6825 h7h = h7h ^ H7h;
6826 h7l = h7l ^ H7l;
6827 count = count - 1 | 0;
6828 }
6829 H0h = h0h;
6830 H0l = h0l;
6831 H1h = h1h;
6832 H1l = h1l;
6833 H2h = h2h;
6834 H2l = h2l;
6835 H3h = h3h;
6836 H3l = h3l;
6837 H4h = h4h;
6838 H4l = h4l;
6839 H5h = h5h;
6840 H5l = h5l;
6841 H6h = h6h;
6842 H6l = h6l;
6843 H7h = h7h;
6844 H7l = h7l;
6845 if (~output) _state_to_heap(output);
6846 return 0;
6847 }
6848 return {
6849 reset: reset,
6850 init: init,
6851 process: process,
6852 finish: finish,
6853 hmac_reset: hmac_reset,
6854 hmac_init: hmac_init,
6855 hmac_finish: hmac_finish,
6856 pbkdf2_generate_block: pbkdf2_generate_block
6857 };
6858 }
6859 var _sha512_block_size = 128, _sha512_hash_size = 64;
6860 function sha512_constructor(options) {
6861 options = options || {};
6862 options.heapSize = options.heapSize || 4096;
6863 if (options.heapSize <= 0 || options.heapSize % 4096) throw new IllegalArgumentError("heapSize must be a positive number and multiple of 4096");
6864 this.heap = options.heap || new Uint8Array(options.heapSize);
6865 this.asm = options.asm || sha512_asm(global, null, this.heap.buffer);
6866 this.BLOCK_SIZE = _sha512_block_size;
6867 this.HASH_SIZE = _sha512_hash_size;
6868 this.reset();
6869 }
6870 function sha512_reset() {
6871 this.result = null;
6872 this.pos = 0;
6873 this.len = 0;
6874 this.asm.reset();
6875 return this;
6876 }
6877 function sha512_process(data) {
6878 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
6879 var dpos = 0, dlen = 0, clen = 0;
6880 if (is_buffer(data) || is_bytes(data)) {
6881 dpos = data.byteOffset || 0;
6882 dlen = data.byteLength;
6883 } else if (is_string(data)) {
6884 dlen = data.length;
6885 } else {
6886 throw new TypeError("data isn't of expected type");
6887 }
6888 while (dlen > 0) {
6889 clen = this.heap.byteLength - this.pos - this.len;
6890 clen = clen < dlen ? clen : dlen;
6891 if (is_buffer(data) || is_bytes(data)) {
6892 this.heap.set(new Uint8Array(data.buffer || data, dpos, clen), this.pos + this.len);
6893 } else {
6894 for (var i = 0; i < clen; i++) this.heap[this.pos + this.len + i] = data.charCodeAt(dpos + i);
6895 }
6896 this.len += clen;
6897 dpos += clen;
6898 dlen -= clen;
6899 clen = this.asm.process(this.pos, this.len);
6900 if (clen < this.len) {
6901 this.pos += clen;
6902 this.len -= clen;
6903 } else {
6904 this.pos = 0;
6905 this.len = 0;
6906 }
6907 }
6908 return this;
6909 }
6910 function sha512_finish() {
6911 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
6912 this.asm.finish(this.pos, this.len, 0);
6913 this.result = new Uint8Array(_sha512_hash_size);
6914 this.result.set(this.heap.subarray(0, _sha512_hash_size));
6915 this.pos = 0;
6916 this.len = 0;
6917 return this;
6918 }
6919 sha512_constructor.BLOCK_SIZE = _sha512_block_size;
6920 sha512_constructor.HASH_SIZE = _sha512_hash_size;
6921 var sha512_prototype = sha512_constructor.prototype;
6922 sha512_prototype.reset = sha512_reset;
6923 sha512_prototype.process = sha512_process;
6924 sha512_prototype.finish = sha512_finish;
6925 function hmac_constructor(options) {
6926 options = options || {};
6927 if (!options.hash) throw new SyntaxError("option 'hash' is required");
6928 if (!options.hash.HASH_SIZE) throw new SyntaxError("option 'hash' supplied doesn't seem to be a valid hash function");
6929 this.hash = options.hash;
6930 this.BLOCK_SIZE = this.hash.BLOCK_SIZE;
6931 this.HMAC_SIZE = this.hash.HASH_SIZE;
6932 this.key = null;
6933 this.verify = null;
6934 this.result = null;
6935 if (options.password !== undefined || options.verify !== undefined) this.reset(options);
6936 return this;
6937 }
6938 function hmac_sha256_constructor(options) {
6939 options = options || {};
6940 if (!(options.hash instanceof sha256_constructor)) options.hash = new sha256_constructor(options);
6941 hmac_constructor.call(this, options);
6942 return this;
6943 }
6944 function hmac_sha512_constructor(options) {
6945 options = options || {};
6946 if (!(options.hash instanceof sha512_constructor)) options.hash = new sha512_constructor(options);
6947 hmac_constructor.call(this, options);
6948 return this;
6949 }
6950 function _hmac_key(hash, password) {
6951 var key;
6952 if (is_buffer(password) || is_bytes(password)) {
6953 key = new Uint8Array(hash.BLOCK_SIZE);
6954 if (password.byteLength > hash.BLOCK_SIZE) {
6955 key.set(new Uint8Array(hash.reset().process(password).finish().result));
6956 } else if (is_buffer(password)) {
6957 key.set(new Uint8Array(password));
6958 } else {
6959 key.set(password);
6960 }
6961 } else if (is_string(password)) {
6962 key = new Uint8Array(hash.BLOCK_SIZE);
6963 if (password.length > hash.BLOCK_SIZE) {
6964 key.set(new Uint8Array(hash.reset().process(password).finish().result));
6965 } else {
6966 for (var i = 0; i < password.length; ++i) key[i] = password.charCodeAt(i);
6967 }
6968 } else {
6969 throw new TypeError("password isn't of expected type");
6970 }
6971 return key;
6972 }
6973 function _hmac_init_verify(verify) {
6974 if (is_buffer(verify) || is_bytes(verify)) {
6975 verify = new Uint8Array(verify);
6976 } else if (is_string(verify)) {
6977 verify = string_to_bytes(verify);
6978 } else {
6979 throw new TypeError("verify tag isn't of expected type");
6980 }
6981 if (verify.length !== this.HMAC_SIZE) throw new IllegalArgumentError("illegal verification tag size");
6982 this.verify = verify;
6983 }
6984 function hmac_reset(options) {
6985 options = options || {};
6986 var password = options.password;
6987 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
6988 this.result = null;
6989 this.hash.reset();
6990 if (password || is_string(password)) this.key = _hmac_key(this.hash, password);
6991 var ipad = new Uint8Array(this.key);
6992 for (var i = 0; i < ipad.length; ++i) ipad[i] ^= 54;
6993 this.hash.process(ipad);
6994 var verify = options.verify;
6995 if (verify !== undefined) {
6996 _hmac_init_verify.call(this, verify);
6997 } else {
6998 this.verify = null;
6999 }
7000 return this;
7001 }
7002 function hmac_sha256_reset(options) {
7003 options = options || {};
7004 var password = options.password;
7005 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
7006 this.result = null;
7007 this.hash.reset();
7008 if (password || is_string(password)) {
7009 this.key = _hmac_key(this.hash, password);
7010 this.hash.reset().asm.hmac_init(this.key[0] << 24 | this.key[1] << 16 | this.key[2] << 8 | this.key[3], this.key[4] << 24 | this.key[5] << 16 | this.key[6] << 8 | this.key[7], this.key[8] << 24 | this.key[9] << 16 | this.key[10] << 8 | this.key[11], this.key[12] << 24 | this.key[13] << 16 | this.key[14] << 8 | this.key[15], this.key[16] << 24 | this.key[17] << 16 | this.key[18] << 8 | this.key[19], this.key[20] << 24 | this.key[21] << 16 | this.key[22] << 8 | this.key[23], this.key[24] << 24 | this.key[25] << 16 | this.key[26] << 8 | this.key[27], this.key[28] << 24 | this.key[29] << 16 | this.key[30] << 8 | this.key[31], this.key[32] << 24 | this.key[33] << 16 | this.key[34] << 8 | this.key[35], this.key[36] << 24 | this.key[37] << 16 | this.key[38] << 8 | this.key[39], this.key[40] << 24 | this.key[41] << 16 | this.key[42] << 8 | this.key[43], this.key[44] << 24 | this.key[45] << 16 | this.key[46] << 8 | this.key[47], this.key[48] << 24 | this.key[49] << 16 | this.key[50] << 8 | this.key[51], this.key[52] << 24 | this.key[53] << 16 | this.key[54] << 8 | this.key[55], this.key[56] << 24 | this.key[57] << 16 | this.key[58] << 8 | this.key[59], this.key[60] << 24 | this.key[61] << 16 | this.key[62] << 8 | this.key[63]);
7011 } else {
7012 this.hash.asm.hmac_reset();
7013 }
7014 var verify = options.verify;
7015 if (verify !== undefined) {
7016 _hmac_init_verify.call(this, verify);
7017 } else {
7018 this.verify = null;
7019 }
7020 return this;
7021 }
7022 function hmac_sha512_reset(options) {
7023 options = options || {};
7024 var password = options.password;
7025 if (this.key === null && !is_string(password) && !password) throw new IllegalStateError("no key is associated with the instance");
7026 this.result = null;
7027 this.hash.reset();
7028 if (password || is_string(password)) {
7029 this.key = _hmac_key(this.hash, password);
7030 this.hash.reset().asm.hmac_init(this.key[0] << 24 | this.key[1] << 16 | this.key[2] << 8 | this.key[3], this.key[4] << 24 | this.key[5] << 16 | this.key[6] << 8 | this.key[7], this.key[8] << 24 | this.key[9] << 16 | this.key[10] << 8 | this.key[11], this.key[12] << 24 | this.key[13] << 16 | this.key[14] << 8 | this.key[15], this.key[16] << 24 | this.key[17] << 16 | this.key[18] << 8 | this.key[19], this.key[20] << 24 | this.key[21] << 16 | this.key[22] << 8 | this.key[23], this.key[24] << 24 | this.key[25] << 16 | this.key[26] << 8 | this.key[27], this.key[28] << 24 | this.key[29] << 16 | this.key[30] << 8 | this.key[31], this.key[32] << 24 | this.key[33] << 16 | this.key[34] << 8 | this.key[35], this.key[36] << 24 | this.key[37] << 16 | this.key[38] << 8 | this.key[39], this.key[40] << 24 | this.key[41] << 16 | this.key[42] << 8 | this.key[43], this.key[44] << 24 | this.key[45] << 16 | this.key[46] << 8 | this.key[47], this.key[48] << 24 | this.key[49] << 16 | this.key[50] << 8 | this.key[51], this.key[52] << 24 | this.key[53] << 16 | this.key[54] << 8 | this.key[55], this.key[56] << 24 | this.key[57] << 16 | this.key[58] << 8 | this.key[59], this.key[60] << 24 | this.key[61] << 16 | this.key[62] << 8 | this.key[63], this.key[64] << 24 | this.key[65] << 16 | this.key[66] << 8 | this.key[67], this.key[68] << 24 | this.key[69] << 16 | this.key[70] << 8 | this.key[71], this.key[72] << 24 | this.key[73] << 16 | this.key[74] << 8 | this.key[75], this.key[76] << 24 | this.key[77] << 16 | this.key[78] << 8 | this.key[79], this.key[80] << 24 | this.key[81] << 16 | this.key[82] << 8 | this.key[83], this.key[84] << 24 | this.key[85] << 16 | this.key[86] << 8 | this.key[87], this.key[88] << 24 | this.key[89] << 16 | this.key[90] << 8 | this.key[91], this.key[92] << 24 | this.key[93] << 16 | this.key[94] << 8 | this.key[95], this.key[96] << 24 | this.key[97] << 16 | this.key[98] << 8 | this.key[99], this.key[100] << 24 | this.key[101] << 16 | this.key[102] << 8 | this.key[103], this.key[104] << 24 | this.key[105] << 16 | this.key[106] << 8 | this.key[107], this.key[108] << 24 | this.key[109] << 16 | this.key[110] << 8 | this.key[111], this.key[112] << 24 | this.key[113] << 16 | this.key[114] << 8 | this.key[115], this.key[116] << 24 | this.key[117] << 16 | this.key[118] << 8 | this.key[119], this.key[120] << 24 | this.key[121] << 16 | this.key[122] << 8 | this.key[123], this.key[124] << 24 | this.key[125] << 16 | this.key[126] << 8 | this.key[127]);
7031 } else {
7032 this.hash.asm.hmac_reset();
7033 }
7034 var verify = options.verify;
7035 if (verify !== undefined) {
7036 _hmac_init_verify.call(this, verify);
7037 } else {
7038 this.verify = null;
7039 }
7040 return this;
7041 }
7042 function hmac_process(data) {
7043 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7044 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7045 this.hash.process(data);
7046 return this;
7047 }
7048 function hmac_finish() {
7049 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7050 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7051 var inner_result = this.hash.finish().result;
7052 var opad = new Uint8Array(this.key);
7053 for (var i = 0; i < opad.length; ++i) opad[i] ^= 92;
7054 var verify = this.verify;
7055 var result = this.hash.reset().process(opad).process(inner_result).finish().result;
7056 if (verify) {
7057 if (verify.length === result.length) {
7058 var diff = 0;
7059 for (var i = 0; i < verify.length; i++) {
7060 diff |= verify[i] ^ result[i];
7061 }
7062 this.result = !diff;
7063 } else {
7064 this.result = false;
7065 }
7066 } else {
7067 this.result = result;
7068 }
7069 return this;
7070 }
7071 function hmac_sha256_finish() {
7072 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7073 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7074 var hash = this.hash, asm = this.hash.asm, heap = this.hash.heap;
7075 asm.hmac_finish(hash.pos, hash.len, 0);
7076 var verify = this.verify;
7077 var result = new Uint8Array(_sha256_hash_size);
7078 result.set(heap.subarray(0, _sha256_hash_size));
7079 if (verify) {
7080 if (verify.length === result.length) {
7081 var diff = 0;
7082 for (var i = 0; i < verify.length; i++) {
7083 diff |= verify[i] ^ result[i];
7084 }
7085 this.result = !diff;
7086 } else {
7087 this.result = false;
7088 }
7089 } else {
7090 this.result = result;
7091 }
7092 return this;
7093 }
7094 function hmac_sha512_finish() {
7095 if (this.key === null) throw new IllegalStateError("no key is associated with the instance");
7096 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7097 var hash = this.hash, asm = this.hash.asm, heap = this.hash.heap;
7098 asm.hmac_finish(hash.pos, hash.len, 0);
7099 var verify = this.verify;
7100 var result = new Uint8Array(_sha512_hash_size);
7101 result.set(heap.subarray(0, _sha512_hash_size));
7102 if (verify) {
7103 if (verify.length === result.length) {
7104 var diff = 0;
7105 for (var i = 0; i < verify.length; i++) {
7106 diff |= verify[i] ^ result[i];
7107 }
7108 this.result = !diff;
7109 } else {
7110 this.result = false;
7111 }
7112 } else {
7113 this.result = result;
7114 }
7115 return this;
7116 }
7117 var hmac_prototype = hmac_constructor.prototype;
7118 hmac_prototype.reset = hmac_reset;
7119 hmac_prototype.process = hmac_process;
7120 hmac_prototype.finish = hmac_finish;
7121 hmac_sha256_constructor.BLOCK_SIZE = sha256_constructor.BLOCK_SIZE;
7122 hmac_sha256_constructor.HMAC_SIZE = sha256_constructor.HASH_SIZE;
7123 var hmac_sha256_prototype = hmac_sha256_constructor.prototype;
7124 hmac_sha256_prototype.reset = hmac_sha256_reset;
7125 hmac_sha256_prototype.process = hmac_process;
7126 hmac_sha256_prototype.finish = hmac_sha256_finish;
7127 hmac_sha512_constructor.BLOCK_SIZE = sha512_constructor.BLOCK_SIZE;
7128 hmac_sha512_constructor.HMAC_SIZE = sha512_constructor.HASH_SIZE;
7129 var hmac_sha512_prototype = hmac_sha512_constructor.prototype;
7130 hmac_sha512_prototype.reset = hmac_sha512_reset;
7131 hmac_sha512_prototype.process = hmac_process;
7132 hmac_sha512_prototype.finish = hmac_sha512_finish;
7133 function pbkdf2_constructor(options) {
7134 options = options || {};
7135 if (!options.hmac) throw new SyntaxError("option 'hmac' is required");
7136 if (!options.hmac.HMAC_SIZE) throw new SyntaxError("option 'hmac' supplied doesn't seem to be a valid HMAC function");
7137 this.hmac = options.hmac;
7138 this.count = options.count || 4096;
7139 this.length = options.length || this.hmac.HMAC_SIZE;
7140 this.result = null;
7141 var password = options.password;
7142 if (password || is_string(password)) this.reset(options);
7143 return this;
7144 }
7145 function pbkdf2_hmac_sha256_constructor(options) {
7146 options = options || {};
7147 if (!(options.hmac instanceof hmac_sha256_constructor)) options.hmac = new hmac_sha256_constructor(options);
7148 pbkdf2_constructor.call(this, options);
7149 return this;
7150 }
7151 function pbkdf2_hmac_sha512_constructor(options) {
7152 options = options || {};
7153 if (!(options.hmac instanceof hmac_sha512_constructor)) options.hmac = new hmac_sha512_constructor(options);
7154 pbkdf2_constructor.call(this, options);
7155 return this;
7156 }
7157 function pbkdf2_reset(options) {
7158 this.result = null;
7159 this.hmac.reset(options);
7160 return this;
7161 }
7162 function pbkdf2_generate(salt, count, length) {
7163 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7164 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
7165 count = count || this.count;
7166 length = length || this.length;
7167 this.result = new Uint8Array(length);
7168 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
7169 for (var i = 1; i <= blocks; ++i) {
7170 var j = (i - 1) * this.hmac.HMAC_SIZE;
7171 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
7172 var tmp = new Uint8Array(this.hmac.reset().process(salt).process(new Uint8Array([ i >>> 24 & 255, i >>> 16 & 255, i >>> 8 & 255, i & 255 ])).finish().result);
7173 this.result.set(tmp.subarray(0, l), j);
7174 for (var k = 1; k < count; ++k) {
7175 tmp = new Uint8Array(this.hmac.reset().process(tmp).finish().result);
7176 for (var r = 0; r < l; ++r) this.result[j + r] ^= tmp[r];
7177 }
7178 }
7179 return this;
7180 }
7181 function pbkdf2_hmac_sha256_generate(salt, count, length) {
7182 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7183 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
7184 count = count || this.count;
7185 length = length || this.length;
7186 this.result = new Uint8Array(length);
7187 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
7188 for (var i = 1; i <= blocks; ++i) {
7189 var j = (i - 1) * this.hmac.HMAC_SIZE;
7190 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
7191 this.hmac.reset().process(salt);
7192 this.hmac.hash.asm.pbkdf2_generate_block(this.hmac.hash.pos, this.hmac.hash.len, i, count, 0);
7193 this.result.set(this.hmac.hash.heap.subarray(0, l), j);
7194 }
7195 return this;
7196 }
7197 function pbkdf2_hmac_sha512_generate(salt, count, length) {
7198 if (this.result !== null) throw new IllegalStateError("state must be reset before processing new data");
7199 if (!salt && !is_string(salt)) throw new IllegalArgumentError("bad 'salt' value");
7200 count = count || this.count;
7201 length = length || this.length;
7202 this.result = new Uint8Array(length);
7203 var blocks = Math.ceil(length / this.hmac.HMAC_SIZE);
7204 for (var i = 1; i <= blocks; ++i) {
7205 var j = (i - 1) * this.hmac.HMAC_SIZE;
7206 var l = (i < blocks ? 0 : length % this.hmac.HMAC_SIZE) || this.hmac.HMAC_SIZE;
7207 this.hmac.reset().process(salt);
7208 this.hmac.hash.asm.pbkdf2_generate_block(this.hmac.hash.pos, this.hmac.hash.len, i, count, 0);
7209 this.result.set(this.hmac.hash.heap.subarray(0, l), j);
7210 }
7211 return this;
7212 }
7213 var pbkdf2_prototype = pbkdf2_constructor.prototype;
7214 pbkdf2_prototype.reset = pbkdf2_reset;
7215 pbkdf2_prototype.generate = pbkdf2_generate;
7216 var pbkdf2_hmac_sha256_prototype = pbkdf2_hmac_sha256_constructor.prototype;
7217 pbkdf2_hmac_sha256_prototype.reset = pbkdf2_reset;
7218 pbkdf2_hmac_sha256_prototype.generate = pbkdf2_hmac_sha256_generate;
7219 var pbkdf2_hmac_sha512_prototype = pbkdf2_hmac_sha512_constructor.prototype;
7220 pbkdf2_hmac_sha512_prototype.reset = pbkdf2_reset;
7221 pbkdf2_hmac_sha512_prototype.generate = pbkdf2_hmac_sha512_generate;
7222 global.IllegalStateError = IllegalStateError;
7223 global.IllegalArgumentError = IllegalArgumentError;
7224 global.SecurityError = SecurityError;
7225 exports.string_to_bytes = string_to_bytes;
7226 exports.hex_to_bytes = hex_to_bytes;
7227 exports.base64_to_bytes = base64_to_bytes;
7228 exports.bytes_to_string = bytes_to_string;
7229 exports.bytes_to_hex = bytes_to_hex;
7230 exports.bytes_to_base64 = bytes_to_base64;
7231 var SHA256_instance = new sha256_constructor({
7232 heapSize: 1048576
7233 });
7234 function sha256_bytes(data) {
7235 if (data === undefined) throw new SyntaxError("data required");
7236 return SHA256_instance.reset().process(data).finish().result;
7237 }
7238 function sha256_hex(data) {
7239 var result = sha256_bytes(data);
7240 return bytes_to_hex(result);
7241 }
7242 function sha256_base64(data) {
7243 var result = sha256_bytes(data);
7244 return bytes_to_base64(result);
7245 }
7246 exports.SHA256 = {
7247 bytes: sha256_bytes,
7248 hex: sha256_hex,
7249 base64: sha256_base64
7250 };
7251 var SHA512_instance = new sha512_constructor({
7252 heapSize: 1048576
7253 });
7254 function sha512_bytes(data) {
7255 if (data === undefined) throw new SyntaxError("data required");
7256 return SHA512_instance.reset().process(data).finish().result;
7257 }
7258 function sha512_hex(data) {
7259 var result = sha512_bytes(data);
7260 return bytes_to_hex(result);
7261 }
7262 function sha512_base64(data) {
7263 var result = sha512_bytes(data);
7264 return bytes_to_base64(result);
7265 }
7266 exports.SHA512 = {
7267 bytes: sha512_bytes,
7268 hex: sha512_hex,
7269 base64: sha512_base64
7270 };
7271 var hmac_sha256_instance = new hmac_sha256_constructor({
7272 hash: SHA256_instance
7273 });
7274 function hmac_sha256_bytes(data, password) {
7275 if (data === undefined) throw new SyntaxError("data required");
7276 if (password === undefined) throw new SyntaxError("password required");
7277 return hmac_sha256_instance.reset({
7278 password: password
7279 }).process(data).finish().result;
7280 }
7281 function hmac_sha256_hex(data, password) {
7282 var result = hmac_sha256_bytes(data, password);
7283 return bytes_to_hex(result);
7284 }
7285 function hmac_sha256_base64(data, password) {
7286 var result = hmac_sha256_bytes(data, password);
7287 return bytes_to_base64(result);
7288 }
7289 exports.HMAC = exports.HMAC_SHA256 = {
7290 bytes: hmac_sha256_bytes,
7291 hex: hmac_sha256_hex,
7292 base64: hmac_sha256_base64
7293 };
7294 var hmac_sha512_instance = new hmac_sha512_constructor({
7295 hash: SHA512_instance
7296 });
7297 function hmac_sha512_bytes(data, password) {
7298 if (data === undefined) throw new SyntaxError("data required");
7299 if (password === undefined) throw new SyntaxError("password required");
7300 return hmac_sha512_instance.reset({
7301 password: password
7302 }).process(data).finish().result;
7303 }
7304 function hmac_sha512_hex(data, password) {
7305 var result = hmac_sha512_bytes(data, password);
7306 return bytes_to_hex(result);
7307 }
7308 function hmac_sha512_base64(data, password) {
7309 var result = hmac_sha512_bytes(data, password);
7310 return bytes_to_base64(result);
7311 }
7312 exports.HMAC_SHA512 = {
7313 bytes: hmac_sha512_bytes,
7314 hex: hmac_sha512_hex,
7315 base64: hmac_sha512_base64
7316 };
7317 var pbkdf2_hmac_sha256_instance = new pbkdf2_hmac_sha256_constructor({
7318 hmac: hmac_sha256_instance
7319 });
7320 function pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen) {
7321 if (password === undefined) throw new SyntaxError("password required");
7322 if (salt === undefined) throw new SyntaxError("salt required");
7323 return pbkdf2_hmac_sha256_instance.reset({
7324 password: password
7325 }).generate(salt, iterations, dklen).result;
7326 }
7327 function pbkdf2_hmac_sha256_hex(password, salt, iterations, dklen) {
7328 var result = pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen);
7329 return bytes_to_hex(result);
7330 }
7331 function pbkdf2_hmac_sha256_base64(password, salt, iterations, dklen) {
7332 var result = pbkdf2_hmac_sha256_bytes(password, salt, iterations, dklen);
7333 return bytes_to_base64(result);
7334 }
7335 exports.PBKDF2 = exports.PBKDF2_HMAC_SHA256 = {
7336 bytes: pbkdf2_hmac_sha256_bytes,
7337 hex: pbkdf2_hmac_sha256_hex,
7338 base64: pbkdf2_hmac_sha256_base64
7339 };
7340 var pbkdf2_hmac_sha512_instance = new pbkdf2_hmac_sha512_constructor({
7341 hmac: hmac_sha512_instance
7342 });
7343 function pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen) {
7344 if (password === undefined) throw new SyntaxError("password required");
7345 if (salt === undefined) throw new SyntaxError("salt required");
7346 return pbkdf2_hmac_sha512_instance.reset({
7347 password: password
7348 }).generate(salt, iterations, dklen).result;
7349 }
7350 function pbkdf2_hmac_sha512_hex(password, salt, iterations, dklen) {
7351 var result = pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen);
7352 return bytes_to_hex(result);
7353 }
7354 function pbkdf2_hmac_sha512_base64(password, salt, iterations, dklen) {
7355 var result = pbkdf2_hmac_sha512_bytes(password, salt, iterations, dklen);
7356 return bytes_to_base64(result);
7357 }
7358 exports.PBKDF2_HMAC_SHA512 = {
7359 bytes: pbkdf2_hmac_sha512_bytes,
7360 hex: pbkdf2_hmac_sha512_hex,
7361 base64: pbkdf2_hmac_sha512_base64
7362 };
7363 var cbc_aes_instance = new cbc_aes_constructor({
7364 heapSize: 1048576
7365 });
7366 function cbc_aes_encrypt_bytes(data, key, padding, iv) {
7367 if (data === undefined) throw new SyntaxError("data required");
7368 if (key === undefined) throw new SyntaxError("key required");
7369 return cbc_aes_instance.reset({
7370 key: key,
7371 padding: padding,
7372 iv: iv
7373 }).encrypt(data).result;
7374 }
7375 function cbc_aes_decrypt_bytes(data, key, padding, iv) {
7376 if (data === undefined) throw new SyntaxError("data required");
7377 if (key === undefined) throw new SyntaxError("key required");
7378 return cbc_aes_instance.reset({
7379 key: key,
7380 padding: padding,
7381 iv: iv
7382 }).decrypt(data).result;
7383 }
7384 exports.AES = exports.AES_CBC = {
7385 encrypt: cbc_aes_encrypt_bytes,
7386 decrypt: cbc_aes_decrypt_bytes
7387 };
7388 var ccm_aes_instance = new ccm_aes_constructor({
7389 heap: cbc_aes_instance.heap,
7390 asm: cbc_aes_instance.asm
7391 });
7392 function ccm_aes_encrypt_bytes(data, key, nonce, adata, tagSize) {
7393 if (data === undefined) throw new SyntaxError("data required");
7394 if (key === undefined) throw new SyntaxError("key required");
7395 if (nonce === undefined) throw new SyntaxError("nonce required");
7396 var dataLength = data.byteLength || data.length || 0;
7397 return ccm_aes_instance.reset({
7398 key: key,
7399 nonce: nonce,
7400 adata: adata,
7401 tagSize: tagSize,
7402 dataLength: dataLength
7403 }).encrypt(data).result;
7404 }
7405 function ccm_aes_decrypt_bytes(data, key, nonce, adata, tagSize) {
7406 if (data === undefined) throw new SyntaxError("data required");
7407 if (key === undefined) throw new SyntaxError("key required");
7408 if (nonce === undefined) throw new SyntaxError("nonce required");
7409 var dataLength = data.byteLength || data.length || 0;
7410 tagSize = tagSize || _aes_block_size;
7411 return ccm_aes_instance.reset({
7412 key: key,
7413 nonce: nonce,
7414 adata: adata,
7415 tagSize: tagSize,
7416 dataLength: dataLength - tagSize
7417 }).decrypt(data).result;
7418 }
7419 exports.AES_CCM = {
7420 encrypt: ccm_aes_encrypt_bytes,
7421 decrypt: ccm_aes_decrypt_bytes
7422 };
7423 var cfb_aes_instance = new cfb_aes_constructor({
7424 heap: cbc_aes_instance.heap,
7425 asm: cbc_aes_instance.asm
7426 });
7427 function cfb_aes_encrypt_bytes(data, key, padding, iv) {
7428 if (data === undefined) throw new SyntaxError("data required");
7429 if (key === undefined) throw new SyntaxError("key required");
7430 return cfb_aes_instance.reset({
7431 key: key,
7432 padding: padding,
7433 iv: iv
7434 }).encrypt(data).result;
7435 }
7436 function cfb_aes_decrypt_bytes(data, key, padding, iv) {
7437 if (data === undefined) throw new SyntaxError("data required");
7438 if (key === undefined) throw new SyntaxError("key required");
7439 return cfb_aes_instance.reset({
7440 key: key,
7441 padding: padding,
7442 iv: iv
7443 }).decrypt(data).result;
7444 }
7445 exports.AES_CFB = {
7446 encrypt: cfb_aes_encrypt_bytes,
7447 decrypt: cfb_aes_decrypt_bytes
7448 };
7449 var cfb_aes_decrypt_instance = new cfb_aes_decrypt_constructor({
7450 heap: cbc_aes_instance.heap,
7451 asm: cbc_aes_instance.asm
7452 });
7453 function cfb_aes_decrypt_init(key, padding, iv) {
7454 if (key === undefined) throw new SyntaxError("key required");
7455 return cfb_aes_decrypt_instance.reset({
7456 key: key,
7457 padding: padding,
7458 iv: iv
7459 });
7460 }
7461 exports.AES_CFB = exports.AES_CFB || {};
7462 exports.AES_CFB.decryptor = {
7463 init: cfb_aes_decrypt_init
7464 };
7465})({}, function() {
7466 return this;
diff --git a/src/js/bitcoinjs-1-0-0.js b/src/js/bitcoinjs-1-0-0.js
new file mode 100644
index 0000000..3f53b2c
--- /dev/null
+++ b/src/js/bitcoinjs-1-0-0.js
@@ -0,0 +1,14463 @@
1(function(e){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=e();else if("function"==typeof define&&define.amd)define([],e);else{var f;"undefined"!=typeof window?f=window:"undefined"!=typeof global?f=global:"undefined"!=typeof self&&(f=self),f.Bitcoin=e()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);throw new Error("Cannot find module '"+o+"'")}var f=n[o]={exports:{}};t[o][0].call(f.exports,function(e){var n=t[o][1][e];return s(n?n:e)},f,f.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(_dereq_,module,exports){
2var assert = _dereq_('assert')
4module.exports = BigInteger
6// JavaScript engine analysis
7var canary = 0xdeadbeefcafe;
8var j_lm = ((canary&0xffffff)==0xefcafe);
10// (public) Constructor
11function BigInteger(a,b,c) {
12 if (!(this instanceof BigInteger)) {
13 return new BigInteger(a, b, c);
14 }
16 if(a != null) {
17 if("number" == typeof a) this.fromNumber(a,b,c);
18 else if(b == null && "string" != typeof a) this.fromString(a,256);
19 else this.fromString(a,b);
20 }
23var proto = BigInteger.prototype;
25// return new, unset BigInteger
26function nbi() { return new BigInteger(null); }
28// Bits per digit
29var dbits;
31// am: Compute w_j += (x*this_i), propagate carries,
32// c is initial carry, returns final carry.
33// c < 3*dvalue, x < 2*dvalue, this_i < dvalue
34// We need to select the fastest one that works in this environment.
36// am1: use a single mult and divide to get the high bits,
37// max digit bits should be 26 because
38// max internal value = 2*dvalue^2-2*dvalue (< 2^53)
39function am1(i,x,w,j,c,n) {
40 while(--n >= 0) {
41 var v = x*this[i++]+w[j]+c;
42 c = Math.floor(v/0x4000000);
43 w[j++] = v&0x3ffffff;
44 }
45 return c;
47// am2 avoids a big mult-and-extract completely.
48// Max digit bits should be <= 30 because we do bitwise ops
49// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
50function am2(i,x,w,j,c,n) {
51 var xl = x&0x7fff, xh = x>>15;
52 while(--n >= 0) {
53 var l = this[i]&0x7fff;
54 var h = this[i++]>>15;
55 var m = xh*l+h*xl;
56 l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff);
57 c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
58 w[j++] = l&0x3fffffff;
59 }
60 return c;
62// Alternately, set max digit bits to 28 since some
63// browsers slow down when dealing with 32-bit numbers.
64function am3(i,x,w,j,c,n) {
65 var xl = x&0x3fff, xh = x>>14;
66 while(--n >= 0) {
67 var l = this[i]&0x3fff;
68 var h = this[i++]>>14;
69 var m = xh*l+h*xl;
70 l = xl*l+((m&0x3fff)<<14)+w[j]+c;
71 c = (l>>28)+(m>>14)+xh*h;
72 w[j++] = l&0xfffffff;
73 }
74 return c;
77// wtf?
78BigInteger.prototype.am = am1;
79dbits = 26;
82if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
83 BigInteger.prototype.am = am2;
84 dbits = 30;
86else if(j_lm && (navigator.appName != "Netscape")) {
87 BigInteger.prototype.am = am1;
88 dbits = 26;
90else { // Mozilla/Netscape seems to prefer am3
91 BigInteger.prototype.am = am3;
92 dbits = 28;
96BigInteger.prototype.DB = dbits;
97BigInteger.prototype.DM = ((1<<dbits)-1);
98var DV = BigInteger.prototype.DV = (1<<dbits);
100var BI_FP = 52;
101BigInteger.prototype.FV = Math.pow(2,BI_FP);
102BigInteger.prototype.F1 = BI_FP-dbits;
103BigInteger.prototype.F2 = 2*dbits-BI_FP;
105// Digit conversions
106var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
107var BI_RC = new Array();
108var rr,vv;
109rr = "0".charCodeAt(0);
110for(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
111rr = "a".charCodeAt(0);
112for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
113rr = "A".charCodeAt(0);
114for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
116function int2char(n) { return BI_RM.charAt(n); }
117function intAt(s,i) {
118 var c = BI_RC[s.charCodeAt(i)];
119 return (c==null)?-1:c;
122// (protected) copy this to r
123function bnpCopyTo(r) {
124 for(var i = this.t-1; i >= 0; --i) r[i] = this[i];
125 r.t = this.t;
126 r.s = this.s;
129// (protected) set from integer value x, -DV <= x < DV
130function bnpFromInt(x) {
131 this.t = 1;
132 this.s = (x<0)?-1:0;
133 if(x > 0) this[0] = x;
134 else if(x < -1) this[0] = x+DV;
135 else this.t = 0;
138// return bigint initialized to value
139function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
141// (protected) set from string and radix
142function bnpFromString(s,b) {
143 var self = this;
145 var k;
146 if(b == 16) k = 4;
147 else if(b == 8) k = 3;
148 else if(b == 256) k = 8; // byte array
149 else if(b == 2) k = 1;
150 else if(b == 32) k = 5;
151 else if(b == 4) k = 2;
152 else { self.fromRadix(s,b); return; }
153 self.t = 0;
154 self.s = 0;
155 var i = s.length, mi = false, sh = 0;
156 while(--i >= 0) {
157 var x = (k==8)?s[i]&0xff:intAt(s,i);
158 if(x < 0) {
159 if(s.charAt(i) == "-") mi = true;
160 continue;
161 }
162 mi = false;
163 if(sh == 0)
164 self[self.t++] = x;
165 else if(sh+k > self.DB) {
166 self[self.t-1] |= (x&((1<<(self.DB-sh))-1))<<sh;
167 self[self.t++] = (x>>(self.DB-sh));
168 }
169 else
170 self[self.t-1] |= x<<sh;
171 sh += k;
172 if(sh >= self.DB) sh -= self.DB;
173 }
174 if(k == 8 && (s[0]&0x80) != 0) {
175 self.s = -1;
176 if(sh > 0) self[self.t-1] |= ((1<<(self.DB-sh))-1)<<sh;
177 }
178 self.clamp();
179 if(mi) BigInteger.ZERO.subTo(self,self);
182// (protected) clamp off excess high words
183function bnpClamp() {
184 var c = this.s&this.DM;
185 while(this.t > 0 && this[this.t-1] == c) --this.t;
188// (public) return string representation in given radix
189function bnToString(b) {
190 var self = this;
191 if(self.s < 0) return "-"+self.negate().toString(b);
192 var k;
193 if(b == 16) k = 4;
194 else if(b == 8) k = 3;
195 else if(b == 2) k = 1;
196 else if(b == 32) k = 5;
197 else if(b == 4) k = 2;
198 else return self.toRadix(b);
199 var km = (1<<k)-1, d, m = false, r = "", i = self.t;
200 var p = self.DB-(i*self.DB)%k;
201 if(i-- > 0) {
202 if(p < self.DB && (d = self[i]>>p) > 0) { m = true; r = int2char(d); }
203 while(i >= 0) {
204 if(p < k) {
205 d = (self[i]&((1<<p)-1))<<(k-p);
206 d |= self[--i]>>(p+=self.DB-k);
207 }
208 else {
209 d = (self[i]>>(p-=k))&km;
210 if(p <= 0) { p += self.DB; --i; }
211 }
212 if(d > 0) m = true;
213 if(m) r += int2char(d);
214 }
215 }
216 return m?r:"0";
219// (public) -this
220function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
222// (public) |this|
223function bnAbs() { return (this.s<0)?this.negate():this; }
225// (public) return + if this > a, - if this < a, 0 if equal
226function bnCompareTo(a) {
227 var r = this.s-a.s;
228 if(r != 0) return r;
229 var i = this.t;
230 r = i-a.t;
231 if(r != 0) return (this.s<0)?-r:r;
232 while(--i >= 0) if((r=this[i]-a[i]) != 0) return r;
233 return 0;
236// returns bit length of the integer x
237function nbits(x) {
238 var r = 1, t;
239 if((t=x>>>16) != 0) { x = t; r += 16; }
240 if((t=x>>8) != 0) { x = t; r += 8; }
241 if((t=x>>4) != 0) { x = t; r += 4; }
242 if((t=x>>2) != 0) { x = t; r += 2; }
243 if((t=x>>1) != 0) { x = t; r += 1; }
244 return r;
247// (public) return the number of bits in "this"
248function bnBitLength() {
249 if(this.t <= 0) return 0;
250 return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM));
253// (protected) r = this << n*DB
254function bnpDLShiftTo(n,r) {
255 var i;
256 for(i = this.t-1; i >= 0; --i) r[i+n] = this[i];
257 for(i = n-1; i >= 0; --i) r[i] = 0;
258 r.t = this.t+n;
259 r.s = this.s;
262// (protected) r = this >> n*DB
263function bnpDRShiftTo(n,r) {
264 for(var i = n; i < this.t; ++i) r[i-n] = this[i];
265 r.t = Math.max(this.t-n,0);
266 r.s = this.s;
269// (protected) r = this << n
270function bnpLShiftTo(n,r) {
271 var self = this;
272 var bs = n%self.DB;
273 var cbs = self.DB-bs;
274 var bm = (1<<cbs)-1;
275 var ds = Math.floor(n/self.DB), c = (self.s<<bs)&self.DM, i;
276 for(i = self.t-1; i >= 0; --i) {
277 r[i+ds+1] = (self[i]>>cbs)|c;
278 c = (self[i]&bm)<<bs;
279 }
280 for(i = ds-1; i >= 0; --i) r[i] = 0;
281 r[ds] = c;
282 r.t = self.t+ds+1;
283 r.s = self.s;
284 r.clamp();
287// (protected) r = this >> n
288function bnpRShiftTo(n,r) {
289 var self = this;
290 r.s = self.s;
291 var ds = Math.floor(n/self.DB);
292 if(ds >= self.t) { r.t = 0; return; }
293 var bs = n%self.DB;
294 var cbs = self.DB-bs;
295 var bm = (1<<bs)-1;
296 r[0] = self[ds]>>bs;
297 for(var i = ds+1; i < self.t; ++i) {
298 r[i-ds-1] |= (self[i]&bm)<<cbs;
299 r[i-ds] = self[i]>>bs;
300 }
301 if(bs > 0) r[self.t-ds-1] |= (self.s&bm)<<cbs;
302 r.t = self.t-ds;
303 r.clamp();
306// (protected) r = this - a
307function bnpSubTo(a,r) {
308 var self = this;
309 var i = 0, c = 0, m = Math.min(a.t,self.t);
310 while(i < m) {
311 c += self[i]-a[i];
312 r[i++] = c&self.DM;
313 c >>= self.DB;
314 }
315 if(a.t < self.t) {
316 c -= a.s;
317 while(i < self.t) {
318 c += self[i];
319 r[i++] = c&self.DM;
320 c >>= self.DB;
321 }
322 c += self.s;
323 }
324 else {
325 c += self.s;
326 while(i < a.t) {
327 c -= a[i];
328 r[i++] = c&self.DM;
329 c >>= self.DB;
330 }
331 c -= a.s;
332 }
333 r.s = (c<0)?-1:0;
334 if(c < -1) r[i++] = self.DV+c;
335 else if(c > 0) r[i++] = c;
336 r.t = i;
337 r.clamp();
340// (protected) r = this * a, r != this,a (HAC 14.12)
341// "this" should be the larger one if appropriate.
342function bnpMultiplyTo(a,r) {
343 var x = this.abs(), y = a.abs();
344 var i = x.t;
345 r.t = i+y.t;
346 while(--i >= 0) r[i] = 0;
347 for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t);
348 r.s = 0;
349 r.clamp();
350 if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
353// (protected) r = this^2, r != this (HAC 14.16)
354function bnpSquareTo(r) {
355 var x = this.abs();
356 var i = r.t = 2*x.t;
357 while(--i >= 0) r[i] = 0;
358 for(i = 0; i < x.t-1; ++i) {
359 var c = x.am(i,x[i],r,2*i,0,1);
360 if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {
361 r[i+x.t] -= x.DV;
362 r[i+x.t+1] = 1;
363 }
364 }
365 if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1);
366 r.s = 0;
367 r.clamp();
370// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
371// r != q, this != m. q or r may be null.
372function bnpDivRemTo(m,q,r) {
373 var self = this;
374 var pm = m.abs();
375 if(pm.t <= 0) return;
376 var pt = self.abs();
377 if(pt.t < pm.t) {
378 if(q != null) q.fromInt(0);
379 if(r != null) self.copyTo(r);
380 return;
381 }
382 if(r == null) r = nbi();
383 var y = nbi(), ts = self.s, ms = m.s;
384 var nsh = self.DB-nbits(pm[pm.t-1]); // normalize modulus
385 if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); }
386 else { pm.copyTo(y); pt.copyTo(r); }
387 var ys = y.t;
388 var y0 = y[ys-1];
389 if(y0 == 0) return;
390 var yt = y0*(1<<self.F1)+((ys>1)?y[ys-2]>>self.F2:0);
391 var d1 = self.FV/yt, d2 = (1<<self.F1)/yt, e = 1<<self.F2;
392 var i = r.t, j = i-ys, t = (q==null)?nbi():q;
393 y.dlShiftTo(j,t);
394 if(r.compareTo(t) >= 0) {
395 r[r.t++] = 1;
396 r.subTo(t,r);
397 }
398 BigInteger.ONE.dlShiftTo(ys,t);
399 t.subTo(y,y); // "negative" y so we can replace sub with am later
400 while(y.t < ys) y[y.t++] = 0;
401 while(--j >= 0) {
402 // Estimate quotient digit
403 var qd = (r[--i]==y0)?self.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2);
404 if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out
405 y.dlShiftTo(j,t);
406 r.subTo(t,r);
407 while(r[i] < --qd) r.subTo(t,r);
408 }
409 }
410 if(q != null) {
411 r.drShiftTo(ys,q);
412 if(ts != ms) BigInteger.ZERO.subTo(q,q);
413 }
414 r.t = ys;
415 r.clamp();
416 if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder
417 if(ts < 0) BigInteger.ZERO.subTo(r,r);
420// (public) this mod a
421function bnMod(a) {
422 var r = nbi();
423 this.abs().divRemTo(a,null,r);
424 if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
425 return r;
428// Modular reduction using "classic" algorithm
429function Classic(m) { this.m = m; }
430function cConvert(x) {
431 if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
432 else return x;
434function cRevert(x) { return x; }
435function cReduce(x) { x.divRemTo(this.m,null,x); }
436function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
437function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
439Classic.prototype.convert = cConvert;
440Classic.prototype.revert = cRevert;
441Classic.prototype.reduce = cReduce;
442Classic.prototype.mulTo = cMulTo;
443Classic.prototype.sqrTo = cSqrTo;
445// (protected) return "-1/this % 2^DB"; useful for Mont. reduction
446// justification:
447// xy == 1 (mod m)
448// xy = 1+km
449// xy(2-xy) = (1+km)(1-km)
450// x[y(2-xy)] = 1-k^2m^2
451// x[y(2-xy)] == 1 (mod m^2)
452// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
453// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
454// JS multiply "overflows" differently from C/C++, so care is needed here.
455function bnpInvDigit() {
456 if(this.t < 1) return 0;
457 var x = this[0];
458 if((x&1) == 0) return 0;
459 var y = x&3; // y == 1/x mod 2^2
460 y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4
461 y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8
462 y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16
463 // last step - calculate inverse mod DV directly;
464 // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
465 y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits
466 // we really want the negative inverse, and -DV < y < DV
467 return (y>0)?this.DV-y:-y;
470// Montgomery reduction
471function Montgomery(m) {
472 this.m = m;
473 this.mp = m.invDigit();
474 this.mpl = this.mp&0x7fff;
475 this.mph = this.mp>>15;
476 this.um = (1<<(m.DB-15))-1;
477 this.mt2 = 2*m.t;
480// xR mod m
481function montConvert(x) {
482 var r = nbi();
483 x.abs().dlShiftTo(this.m.t,r);
484 r.divRemTo(this.m,null,r);
485 if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
486 return r;
489// x/R mod m
490function montRevert(x) {
491 var r = nbi();
492 x.copyTo(r);
493 this.reduce(r);
494 return r;
497// x = x/R mod m (HAC 14.32)
498function montReduce(x) {
499 while(x.t <= this.mt2) // pad x so am has enough room later
500 x[x.t++] = 0;
501 for(var i = 0; i < this.m.t; ++i) {
502 // faster way of calculating u0 = x[i]*mp mod DV
503 var j = x[i]&0x7fff;
504 var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM;
505 // use am to combine the multiply-shift-add into one call
506 j = i+this.m.t;
507 x[j] += this.m.am(0,u0,x,i,0,this.m.t);
508 // propagate carry
509 while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; }
510 }
511 x.clamp();
512 x.drShiftTo(this.m.t,x);
513 if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
516// r = "x^2/R mod m"; x != r
517function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
519// r = "xy/R mod m"; x,y != r
520function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
522Montgomery.prototype.convert = montConvert;
523Montgomery.prototype.revert = montRevert;
524Montgomery.prototype.reduce = montReduce;
525Montgomery.prototype.mulTo = montMulTo;
526Montgomery.prototype.sqrTo = montSqrTo;
528// (protected) true iff this is even
529function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; }
531// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
532function bnpExp(e,z) {
533 if(e > 0xffffffff || e < 1) return BigInteger.ONE;
534 var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
535 g.copyTo(r);
536 while(--i >= 0) {
537 z.sqrTo(r,r2);
538 if((e&(1<<i)) > 0) z.mulTo(r2,g,r);
539 else { var t = r; r = r2; r2 = t; }
540 }
541 return z.revert(r);
544// (public) this^e % m, 0 <= e < 2^32
545function bnModPowInt(e,m) {
546 var z;
547 if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
548 return this.exp(e,z);
551// protected
552proto.copyTo = bnpCopyTo;
553proto.fromInt = bnpFromInt;
554proto.fromString = bnpFromString;
555proto.clamp = bnpClamp;
556proto.dlShiftTo = bnpDLShiftTo;
557proto.drShiftTo = bnpDRShiftTo;
558proto.lShiftTo = bnpLShiftTo;
559proto.rShiftTo = bnpRShiftTo;
560proto.subTo = bnpSubTo;
561proto.multiplyTo = bnpMultiplyTo;
562proto.squareTo = bnpSquareTo;
563proto.divRemTo = bnpDivRemTo;
564proto.invDigit = bnpInvDigit;
565proto.isEven = bnpIsEven;
566proto.exp = bnpExp;
568// public
569proto.toString = bnToString;
570proto.negate = bnNegate;
571proto.abs = bnAbs;
572proto.compareTo = bnCompareTo;
573proto.bitLength = bnBitLength;
574proto.mod = bnMod;
575proto.modPowInt = bnModPowInt;
577//// jsbn2
579function nbi() { return new BigInteger(null); }
581// (public)
582function bnClone() { var r = nbi(); this.copyTo(r); return r; }
584// (public) return value as integer
585function bnIntValue() {
586 if(this.s < 0) {
587 if(this.t == 1) return this[0]-this.DV;
588 else if(this.t == 0) return -1;
589 }
590 else if(this.t == 1) return this[0];
591 else if(this.t == 0) return 0;
592 // assumes 16 < DB < 32
593 return ((this[1]&((1<<(32-this.DB))-1))<<this.DB)|this[0];
596// (public) return value as byte
597function bnByteValue() { return (this.t==0)?this.s:(this[0]<<24)>>24; }
599// (public) return value as short (assumes DB>=16)
600function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; }
602// (protected) return x s.t. r^x < DV
603function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }
605// (public) 0 if this == 0, 1 if this > 0
606function bnSigNum() {
607 if(this.s < 0) return -1;
608 else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0;
609 else return 1;
612// (protected) convert to radix string
613function bnpToRadix(b) {
614 if(b == null) b = 10;
615 if(this.signum() == 0 || b < 2 || b > 36) return "0";
616 var cs = this.chunkSize(b);
617 var a = Math.pow(b,cs);
618 var d = nbv(a), y = nbi(), z = nbi(), r = "";
619 this.divRemTo(d,y,z);
620 while(y.signum() > 0) {
621 r = (a+z.intValue()).toString(b).substr(1) + r;
622 y.divRemTo(d,y,z);
623 }
624 return z.intValue().toString(b) + r;
627// (protected) convert from radix string
628function bnpFromRadix(s,b) {
629 var self = this;
630 self.fromInt(0);
631 if(b == null) b = 10;
632 var cs = self.chunkSize(b);
633 var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
634 for(var i = 0; i < s.length; ++i) {
635 var x = intAt(s,i);
636 if(x < 0) {
637 if(s.charAt(i) == "-" && self.signum() == 0) mi = true;
638 continue;
639 }
640 w = b*w+x;
641 if(++j >= cs) {
642 self.dMultiply(d);
643 self.dAddOffset(w,0);
644 j = 0;
645 w = 0;
646 }
647 }
648 if(j > 0) {
649 self.dMultiply(Math.pow(b,j));
650 self.dAddOffset(w,0);
651 }
652 if(mi) BigInteger.ZERO.subTo(self,self);
655// (protected) alternate constructor
656function bnpFromNumber(a,b,c) {
657 var self = this;
658 if("number" == typeof b) {
659 // new BigInteger(int,int,RNG)
660 if(a < 2) self.fromInt(1);
661 else {
662 self.fromNumber(a,c);
663 if(!self.testBit(a-1)) // force MSB set
664 self.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,self);
665 if(self.isEven()) self.dAddOffset(1,0); // force odd
666 while(!self.isProbablePrime(b)) {
667 self.dAddOffset(2,0);
668 if(self.bitLength() > a) self.subTo(BigInteger.ONE.shiftLeft(a-1),self);
669 }
670 }
671 }
672 else {
673 // new BigInteger(int,RNG)
674 var x = new Array(), t = a&7;
675 x.length = (a>>3)+1;
676 b.nextBytes(x);
677 if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
678 self.fromString(x,256);
679 }
682// (public) convert to bigendian byte array
683function bnToByteArray() {
684 var self = this;
685 var i = self.t, r = new Array();
686 r[0] = self.s;
687 var p = self.DB-(i*self.DB)%8, d, k = 0;
688 if(i-- > 0) {
689 if(p < self.DB && (d = self[i]>>p) != (self.s&self.DM)>>p)
690 r[k++] = d|(self.s<<(self.DB-p));
691 while(i >= 0) {
692 if(p < 8) {
693 d = (self[i]&((1<<p)-1))<<(8-p);
694 d |= self[--i]>>(p+=self.DB-8);
695 }
696 else {
697 d = (self[i]>>(p-=8))&0xff;
698 if(p <= 0) { p += self.DB; --i; }
699 }
700 if((d&0x80) != 0) d |= -256;
701 if(k === 0 && (self.s&0x80) != (d&0x80)) ++k;
702 if(k > 0 || d != self.s) r[k++] = d;
703 }
704 }
705 return r;
708function bnEquals(a) { return(this.compareTo(a)==0); }
709function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
710function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
712// (protected) r = this op a (bitwise)
713function bnpBitwiseTo(a,op,r) {
714 var self = this;
715 var i, f, m = Math.min(a.t,self.t);
716 for(i = 0; i < m; ++i) r[i] = op(self[i],a[i]);
717 if(a.t < self.t) {
718 f = a.s&self.DM;
719 for(i = m; i < self.t; ++i) r[i] = op(self[i],f);
720 r.t = self.t;
721 }
722 else {
723 f = self.s&self.DM;
724 for(i = m; i < a.t; ++i) r[i] = op(f,a[i]);
725 r.t = a.t;
726 }
727 r.s = op(self.s,a.s);
728 r.clamp();
731// (public) this & a
732function op_and(x,y) { return x&y; }
733function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
735// (public) this | a
736function op_or(x,y) { return x|y; }
737function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
739// (public) this ^ a
740function op_xor(x,y) { return x^y; }
741function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
743// (public) this & ~a
744function op_andnot(x,y) { return x&~y; }
745function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
747// (public) ~this
748function bnNot() {
749 var r = nbi();
750 for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i];
751 r.t = this.t;
752 r.s = ~this.s;
753 return r;
756// (public) this << n
757function bnShiftLeft(n) {
758 var r = nbi();
759 if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
760 return r;
763// (public) this >> n
764function bnShiftRight(n) {
765 var r = nbi();
766 if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
767 return r;
770// return index of lowest 1-bit in x, x < 2^31
771function lbit(x) {
772 if(x == 0) return -1;
773 var r = 0;
774 if((x&0xffff) == 0) { x >>= 16; r += 16; }
775 if((x&0xff) == 0) { x >>= 8; r += 8; }
776 if((x&0xf) == 0) { x >>= 4; r += 4; }
777 if((x&3) == 0) { x >>= 2; r += 2; }
778 if((x&1) == 0) ++r;
779 return r;
782// (public) returns index of lowest 1-bit (or -1 if none)
783function bnGetLowestSetBit() {
784 for(var i = 0; i < this.t; ++i)
785 if(this[i] != 0) return i*this.DB+lbit(this[i]);
786 if(this.s < 0) return this.t*this.DB;
787 return -1;
790// return number of 1 bits in x
791function cbit(x) {
792 var r = 0;
793 while(x != 0) { x &= x-1; ++r; }
794 return r;
797// (public) return number of set bits
798function bnBitCount() {
799 var r = 0, x = this.s&this.DM;
800 for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x);
801 return r;
804// (public) true iff nth bit is set
805function bnTestBit(n) {
806 var j = Math.floor(n/this.DB);
807 if(j >= this.t) return(this.s!=0);
808 return((this[j]&(1<<(n%this.DB)))!=0);
811// (protected) this op (1<<n)
812function bnpChangeBit(n,op) {
813 var r = BigInteger.ONE.shiftLeft(n);
814 this.bitwiseTo(r,op,r);
815 return r;
818// (public) this | (1<<n)
819function bnSetBit(n) { return this.changeBit(n,op_or); }
821// (public) this & ~(1<<n)
822function bnClearBit(n) { return this.changeBit(n,op_andnot); }
824// (public) this ^ (1<<n)
825function bnFlipBit(n) { return this.changeBit(n,op_xor); }
827// (protected) r = this + a
828function bnpAddTo(a,r) {
829 var self = this;
831 var i = 0, c = 0, m = Math.min(a.t,self.t);
832 while(i < m) {
833 c += self[i]+a[i];
834 r[i++] = c&self.DM;
835 c >>= self.DB;
836 }
837 if(a.t < self.t) {
838 c += a.s;
839 while(i < self.t) {
840 c += self[i];
841 r[i++] = c&self.DM;
842 c >>= self.DB;
843 }
844 c += self.s;
845 }
846 else {
847 c += self.s;
848 while(i < a.t) {
849 c += a[i];
850 r[i++] = c&self.DM;
851 c >>= self.DB;
852 }
853 c += a.s;
854 }
855 r.s = (c<0)?-1:0;
856 if(c > 0) r[i++] = c;
857 else if(c < -1) r[i++] = self.DV+c;
858 r.t = i;
859 r.clamp();
862// (public) this + a
863function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
865// (public) this - a
866function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
868// (public) this * a
869function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
871// (public) this^2
872function bnSquare() { var r = nbi(); this.squareTo(r); return r; }
874// (public) this / a
875function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
877// (public) this % a
878function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
880// (public) [this/a,this%a]
881function bnDivideAndRemainder(a) {
882 var q = nbi(), r = nbi();
883 this.divRemTo(a,q,r);
884 return new Array(q,r);
887// (protected) this *= n, this >= 0, 1 < n < DV
888function bnpDMultiply(n) {
889 this[this.t] = this.am(0,n-1,this,0,0,this.t);
890 ++this.t;
891 this.clamp();
894// (protected) this += n << w words, this >= 0
895function bnpDAddOffset(n,w) {
896 if(n == 0) return;
897 while(this.t <= w) this[this.t++] = 0;
898 this[w] += n;
899 while(this[w] >= this.DV) {
900 this[w] -= this.DV;
901 if(++w >= this.t) this[this.t++] = 0;
902 ++this[w];
903 }
906// A "null" reducer
907function NullExp() {}
908function nNop(x) { return x; }
909function nMulTo(x,y,r) { x.multiplyTo(y,r); }
910function nSqrTo(x,r) { x.squareTo(r); }
912NullExp.prototype.convert = nNop;
913NullExp.prototype.revert = nNop;
914NullExp.prototype.mulTo = nMulTo;
915NullExp.prototype.sqrTo = nSqrTo;
917// (public) this^e
918function bnPow(e) { return this.exp(e,new NullExp()); }
920// (protected) r = lower n words of "this * a", a.t <= n
921// "this" should be the larger one if appropriate.
922function bnpMultiplyLowerTo(a,n,r) {
923 var i = Math.min(this.t+a.t,n);
924 r.s = 0; // assumes a,this >= 0
925 r.t = i;
926 while(i > 0) r[--i] = 0;
927 var j;
928 for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t);
929 for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i);
930 r.clamp();
933// (protected) r = "this * a" without lower n words, n > 0
934// "this" should be the larger one if appropriate.
935function bnpMultiplyUpperTo(a,n,r) {
936 --n;
937 var i = r.t = this.t+a.t-n;
938 r.s = 0; // assumes a,this >= 0
939 while(--i >= 0) r[i] = 0;
940 for(i = Math.max(n-this.t,0); i < a.t; ++i)
941 r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n);
942 r.clamp();
943 r.drShiftTo(1,r);
946// Barrett modular reduction
947function Barrett(m) {
948 // setup Barrett
949 this.r2 = nbi();
950 this.q3 = nbi();
951 BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
952 this.mu = this.r2.divide(m);
953 this.m = m;
956function barrettConvert(x) {
957 if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
958 else if(x.compareTo(this.m) < 0) return x;
959 else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
962function barrettRevert(x) { return x; }
964// x = x mod m (HAC 14.42)
965function barrettReduce(x) {
966 var self = this;
967 x.drShiftTo(self.m.t-1,self.r2);
968 if(x.t > self.m.t+1) { x.t = self.m.t+1; x.clamp(); }
969 self.mu.multiplyUpperTo(self.r2,self.m.t+1,self.q3);
970 self.m.multiplyLowerTo(self.q3,self.m.t+1,self.r2);
971 while(x.compareTo(self.r2) < 0) x.dAddOffset(1,self.m.t+1);
972 x.subTo(self.r2,x);
973 while(x.compareTo(self.m) >= 0) x.subTo(self.m,x);
976// r = x^2 mod m; x != r
977function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
979// r = x*y mod m; x,y != r
980function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
982Barrett.prototype.convert = barrettConvert;
983Barrett.prototype.revert = barrettRevert;
984Barrett.prototype.reduce = barrettReduce;
985Barrett.prototype.mulTo = barrettMulTo;
986Barrett.prototype.sqrTo = barrettSqrTo;
988// (public) this^e % m (HAC 14.85)
989function bnModPow(e,m) {
990 var i = e.bitLength(), k, r = nbv(1), z;
991 if(i <= 0) return r;
992 else if(i < 18) k = 1;
993 else if(i < 48) k = 3;
994 else if(i < 144) k = 4;
995 else if(i < 768) k = 5;
996 else k = 6;
997 if(i < 8)
998 z = new Classic(m);
999 else if(m.isEven())
1000 z = new Barrett(m);
1001 else
1002 z = new Montgomery(m);
1004 // precomputation
1005 var g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;
1006 g[1] = z.convert(this);
1007 if(k > 1) {
1008 var g2 = nbi();
1009 z.sqrTo(g[1],g2);
1010 while(n <= km) {
1011 g[n] = nbi();
1012 z.mulTo(g2,g[n-2],g[n]);
1013 n += 2;
1014 }
1015 }
1017 var j = e.t-1, w, is1 = true, r2 = nbi(), t;
1018 i = nbits(e[j])-1;
1019 while(j >= 0) {
1020 if(i >= k1) w = (e[j]>>(i-k1))&km;
1021 else {
1022 w = (e[j]&((1<<(i+1))-1))<<(k1-i);
1023 if(j > 0) w |= e[j-1]>>(this.DB+i-k1);
1024 }
1026 n = k;
1027 while((w&1) == 0) { w >>= 1; --n; }
1028 if((i -= n) < 0) { i += this.DB; --j; }
1029 if(is1) { // ret == 1, don't bother squaring or multiplying it
1030 g[w].copyTo(r);
1031 is1 = false;
1032 }
1033 else {
1034 while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
1035 if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
1036 z.mulTo(r2,g[w],r);
1037 }
1039 while(j >= 0 && (e[j]&(1<<i)) == 0) {
1040 z.sqrTo(r,r2); t = r; r = r2; r2 = t;
1041 if(--i < 0) { i = this.DB-1; --j; }
1042 }
1043 }
1044 return z.revert(r);
1047// (public) gcd(this,a) (HAC 14.54)
1048function bnGCD(a) {
1049 var x = (this.s<0)?this.negate():this.clone();
1050 var y = (a.s<0)?a.negate():a.clone();
1051 if(x.compareTo(y) < 0) { var t = x; x = y; y = t; }
1052 var i = x.getLowestSetBit(), g = y.getLowestSetBit();
1053 if(g < 0) return x;
1054 if(i < g) g = i;
1055 if(g > 0) {
1056 x.rShiftTo(g,x);
1057 y.rShiftTo(g,y);
1058 }
1059 while(x.signum() > 0) {
1060 if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
1061 if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
1062 if(x.compareTo(y) >= 0) {
1063 x.subTo(y,x);
1064 x.rShiftTo(1,x);
1065 }
1066 else {
1067 y.subTo(x,y);
1068 y.rShiftTo(1,y);
1069 }
1070 }
1071 if(g > 0) y.lShiftTo(g,y);
1072 return y;
1075// (protected) this % n, n < 2^26
1076function bnpModInt(n) {
1077 if(n <= 0) return 0;
1078 var d = this.DV%n, r = (this.s<0)?n-1:0;
1079 if(this.t > 0)
1080 if(d == 0) r = this[0]%n;
1081 else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n;
1082 return r;
1085// (public) 1/this % m (HAC 14.61)
1086function bnModInverse(m) {
1087 var ac = m.isEven();
1088 if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
1089 var u = m.clone(), v = this.clone();
1090 var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
1091 while(u.signum() != 0) {
1092 while(u.isEven()) {
1093 u.rShiftTo(1,u);
1094 if(ac) {
1095 if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
1096 a.rShiftTo(1,a);
1097 }
1098 else if(!b.isEven()) b.subTo(m,b);
1099 b.rShiftTo(1,b);
1100 }
1101 while(v.isEven()) {
1102 v.rShiftTo(1,v);
1103 if(ac) {
1104 if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
1105 c.rShiftTo(1,c);
1106 }
1107 else if(!d.isEven()) d.subTo(m,d);
1108 d.rShiftTo(1,d);
1109 }
1110 if(u.compareTo(v) >= 0) {
1111 u.subTo(v,u);
1112 if(ac) a.subTo(c,a);
1113 b.subTo(d,b);
1114 }
1115 else {
1116 v.subTo(u,v);
1117 if(ac) c.subTo(a,c);
1118 d.subTo(b,d);
1119 }
1120 }
1121 if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
1122 if(d.compareTo(m) >= 0) return d.subtract(m);
1123 if(d.signum() < 0) d.addTo(m,d); else return d;
1124 if(d.signum() < 0) return d.add(m); else return d;
1127// protected
1128proto.chunkSize = bnpChunkSize;
1129proto.toRadix = bnpToRadix;
1130proto.fromRadix = bnpFromRadix;
1131proto.fromNumber = bnpFromNumber;
1132proto.bitwiseTo = bnpBitwiseTo;
1133proto.changeBit = bnpChangeBit;
1134proto.addTo = bnpAddTo;
1135proto.dMultiply = bnpDMultiply;
1136proto.dAddOffset = bnpDAddOffset;
1137proto.multiplyLowerTo = bnpMultiplyLowerTo;
1138proto.multiplyUpperTo = bnpMultiplyUpperTo;
1139proto.modInt = bnpModInt;
1141// public
1142proto.clone = bnClone;
1143proto.intValue = bnIntValue;
1144proto.byteValue = bnByteValue;
1145proto.shortValue = bnShortValue;
1146proto.signum = bnSigNum;
1147proto.toByteArray = bnToByteArray;
1148proto.equals = bnEquals;
1149proto.min = bnMin;
1150proto.max = bnMax;
1151proto.and = bnAnd;
1152proto.or = bnOr;
1153proto.xor = bnXor;
1154proto.andNot = bnAndNot;
1155proto.not = bnNot;
1156proto.shiftLeft = bnShiftLeft;
1157proto.shiftRight = bnShiftRight;
1158proto.getLowestSetBit = bnGetLowestSetBit;
1159proto.bitCount = bnBitCount;
1160proto.testBit = bnTestBit;
1161proto.setBit = bnSetBit;
1162proto.clearBit = bnClearBit;
1163proto.flipBit = bnFlipBit;
1164proto.add = bnAdd;
1165proto.subtract = bnSubtract;
1166proto.multiply = bnMultiply;
1167proto.divide = bnDivide;
1168proto.remainder = bnRemainder;
1169proto.divideAndRemainder = bnDivideAndRemainder;
1170proto.modPow = bnModPow;
1171proto.modInverse = bnModInverse;
1172proto.pow = bnPow;
1173proto.gcd = bnGCD;
1175// JSBN-specific extension
1176proto.square = bnSquare;
1178// BigInteger interfaces not implemented in jsbn:
1180// BigInteger(int signum, byte[] magnitude)
1181// double doubleValue()
1182// float floatValue()
1183// int hashCode()
1184// long longValue()
1185// static BigInteger valueOf(long val)
1187// "constants"
1188BigInteger.ZERO = nbv(0);
1189BigInteger.ONE = nbv(1);
1190BigInteger.valueOf = nbv;
1193(function (Buffer){
1194// FIXME: Kind of a weird way to throw exceptions, consider removing
1195var assert = _dereq_('assert')
1196var BigInteger = _dereq_('./bigi')
1199 * Turns a byte array into a big integer.
1200 *
1201 * This function will interpret a byte array as a big integer in big
1202 * endian notation.
1203 */
1204BigInteger.fromByteArrayUnsigned = function(byteArray) {
1205 // BigInteger expects a DER integer conformant byte array
1206 if (byteArray[0] & 0x80) {
1207 return new BigInteger([0].concat(byteArray))
1208 }
1210 return new BigInteger(byteArray)
1214 * Returns a byte array representation of the big integer.
1215 *
1216 * This returns the absolute of the contained value in big endian
1217 * form. A value of zero results in an empty array.
1218 */
1219BigInteger.prototype.toByteArrayUnsigned = function() {
1220 var byteArray = this.toByteArray()
1221 return byteArray[0] === 0 ? byteArray.slice(1) : byteArray
1224BigInteger.fromDERInteger = function(byteArray) {
1225 return new BigInteger(byteArray)
1229 * Converts BigInteger to a DER integer representation.
1230 *
1231 * The format for this value uses the most significant bit as a sign
1232 * bit. If the most significant bit is already set and the integer is
1233 * positive, a 0x00 is prepended.
1234 *
1235 * Examples:
1236 *
1237 * 0 => 0x00
1238 * 1 => 0x01
1239 * -1 => 0x81
1240 * 127 => 0x7f
1241 * -127 => 0xff
1242 * 128 => 0x0080
1243 * -128 => 0x80
1244 * 255 => 0x00ff
1245 * -255 => 0xff
1246 * 16300 => 0x3fac
1247 * -16300 => 0xbfac
1248 * 62300 => 0x00f35c
1249 * -62300 => 0xf35c
1251BigInteger.prototype.toDERInteger = BigInteger.prototype.toByteArray
1253BigInteger.fromBuffer = function(buffer) {
1254 // BigInteger expects a DER integer conformant byte array
1255 if (buffer[0] & 0x80) {
1256 var byteArray = Array.prototype.slice.call(buffer)
1258 return new BigInteger([0].concat(byteArray))
1259 }
1261 return new BigInteger(buffer)
1264BigInteger.fromHex = function(hex) {
1265 if (hex === '') return BigInteger.ZERO
1267 assert.equal(hex, hex.match(/^[A-Fa-f0-9]+/), 'Invalid hex string')
1268 assert.equal(hex.length % 2, 0, 'Incomplete hex')
1269 return new BigInteger(hex, 16)
1272BigInteger.prototype.toBuffer = function(size) {
1273 var byteArray = this.toByteArrayUnsigned()
1274 var zeros = []
1276 var padding = size - byteArray.length
1277 while (zeros.length < padding) zeros.push(0)
1279 return new Buffer(zeros.concat(byteArray))
1282BigInteger.prototype.toHex = function(size) {
1283 return this.toBuffer(size).toString('hex')
1288var BigInteger = _dereq_('./bigi')
1293module.exports = BigInteger
1295// http://wiki.commonjs.org/wiki/Unit_Testing/1.0
1299// Originally from narwhal.js (http://narwhaljs.org)
1300// Copyright (c) 2009 Thomas Robinson <280north.com>
1302// Permission is hereby granted, free of charge, to any person obtaining a copy
1303// of this software and associated documentation files (the 'Software'), to
1304// deal in the Software without restriction, including without limitation the
1305// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
1306// sell copies of the Software, and to permit persons to whom the Software is
1307// furnished to do so, subject to the following conditions:
1309// The above copyright notice and this permission notice shall be included in
1310// all copies or substantial portions of the Software.
1319// when used in node, this will actually load the util module we depend on
1320// versus loading the builtin util module as happens otherwise
1321// this is a bug in node module loading as far as I am concerned
1322var util = _dereq_('util/');
1324var pSlice = Array.prototype.slice;
1325var hasOwn = Object.prototype.hasOwnProperty;
1327// 1. The assert module provides functions that throw
1328// AssertionError's when particular conditions are not met. The
1329// assert module must conform to the following interface.
1331var assert = module.exports = ok;
1333// 2. The AssertionError is defined in assert.
1334// new assert.AssertionError({ message: message,
1335// actual: actual,
1336// expected: expected })
1338assert.AssertionError = function AssertionError(options) {
1339 this.name = 'AssertionError';
1340 this.actual = options.actual;
1341 this.expected = options.expected;
1342 this.operator = options.operator;
1343 if (options.message) {
1344 this.message = options.message;
1345 this.generatedMessage = false;
1346 } else {
1347 this.message = getMessage(this);
1348 this.generatedMessage = true;
1349 }
1350 var stackStartFunction = options.stackStartFunction || fail;
1352 if (Error.captureStackTrace) {
1353 Error.captureStackTrace(this, stackStartFunction);
1354 }
1355 else {
1356 // non v8 browsers so we can have a stacktrace
1357 var err = new Error();
1358 if (err.stack) {
1359 var out = err.stack;
1361 // try to strip useless frames
1362 var fn_name = stackStartFunction.name;
1363 var idx = out.indexOf('\n' + fn_name);
1364 if (idx >= 0) {
1365 // once we have located the function frame
1366 // we need to strip out everything before it (and its line)
1367 var next_line = out.indexOf('\n', idx + 1);
1368 out = out.substring(next_line + 1);
1369 }
1371 this.stack = out;
1372 }
1373 }
1376// assert.AssertionError instanceof Error
1377util.inherits(assert.AssertionError, Error);
1379function replacer(key, value) {
1380 if (util.isUndefined(value)) {
1381 return '' + value;
1382 }
1383 if (util.isNumber(value) && (isNaN(value) || !isFinite(value))) {
1384 return value.toString();
1385 }
1386 if (util.isFunction(value) || util.isRegExp(value)) {
1387 return value.toString();
1388 }
1389 return value;
1392function truncate(s, n) {
1393 if (util.isString(s)) {
1394 return s.length < n ? s : s.slice(0, n);
1395 } else {
1396 return s;
1397 }
1400function getMessage(self) {
1401 return truncate(JSON.stringify(self.actual, replacer), 128) + ' ' +
1402 self.operator + ' ' +
1403 truncate(JSON.stringify(self.expected, replacer), 128);
1406// At present only the three keys mentioned above are used and
1407// understood by the spec. Implementations or sub modules can pass
1408// other keys to the AssertionError's constructor - they will be
1409// ignored.
1411// 3. All of the following functions must throw an AssertionError
1412// when a corresponding condition is not met, with a message that
1413// may be undefined if not provided. All assertion methods provide
1414// both the actual and expected values to the assertion error for
1415// display purposes.
1417function fail(actual, expected, message, operator, stackStartFunction) {
1418 throw new assert.AssertionError({
1419 message: message,
1420 actual: actual,
1421 expected: expected,
1422 operator: operator,
1423 stackStartFunction: stackStartFunction
1424 });
1427// EXTENSION! allows for well behaved errors defined elsewhere.
1428assert.fail = fail;
1430// 4. Pure assertion tests whether a value is truthy, as determined
1431// by !!guard.
1432// assert.ok(guard, message_opt);
1433// This statement is equivalent to assert.equal(true, !!guard,
1434// message_opt);. To test strictly for the value true, use
1435// assert.strictEqual(true, guard, message_opt);.
1437function ok(value, message) {
1438 if (!value) fail(value, true, message, '==', assert.ok);
1440assert.ok = ok;
1442// 5. The equality assertion tests shallow, coercive equality with
1443// ==.
1444// assert.equal(actual, expected, message_opt);
1446assert.equal = function equal(actual, expected, message) {
1447 if (actual != expected) fail(actual, expected, message, '==', assert.equal);
1450// 6. The non-equality assertion tests for whether two objects are not equal
1451// with != assert.notEqual(actual, expected, message_opt);
1453assert.notEqual = function notEqual(actual, expected, message) {
1454 if (actual == expected) {
1455 fail(actual, expected, message, '!=', assert.notEqual);
1456 }
1459// 7. The equivalence assertion tests a deep equality relation.
1460// assert.deepEqual(actual, expected, message_opt);
1462assert.deepEqual = function deepEqual(actual, expected, message) {
1463 if (!_deepEqual(actual, expected)) {
1464 fail(actual, expected, message, 'deepEqual', assert.deepEqual);
1465 }
1468function _deepEqual(actual, expected) {
1469 // 7.1. All identical values are equivalent, as determined by ===.
1470 if (actual === expected) {
1471 return true;
1473 } else if (util.isBuffer(actual) && util.isBuffer(expected)) {
1474 if (actual.length != expected.length) return false;
1476 for (var i = 0; i < actual.length; i++) {
1477 if (actual[i] !== expected[i]) return false;
1478 }
1480 return true;
1482 // 7.2. If the expected value is a Date object, the actual value is
1483 // equivalent if it is also a Date object that refers to the same time.
1484 } else if (util.isDate(actual) && util.isDate(expected)) {
1485 return actual.getTime() === expected.getTime();
1487 // 7.3 If the expected value is a RegExp object, the actual value is
1488 // equivalent if it is also a RegExp object with the same source and
1489 // properties (`global`, `multiline`, `lastIndex`, `ignoreCase`).
1490 } else if (util.isRegExp(actual) && util.isRegExp(expected)) {
1491 return actual.source === expected.source &&
1492 actual.global === expected.global &&
1493 actual.multiline === expected.multiline &&
1494 actual.lastIndex === expected.lastIndex &&
1495 actual.ignoreCase === expected.ignoreCase;
1497 // 7.4. Other pairs that do not both pass typeof value == 'object',
1498 // equivalence is determined by ==.
1499 } else if (!util.isObject(actual) && !util.isObject(expected)) {
1500 return actual == expected;
1502 // 7.5 For all other Object pairs, including Array objects, equivalence is
1503 // determined by having the same number of owned properties (as verified
1504 // with Object.prototype.hasOwnProperty.call), the same set of keys
1505 // (although not necessarily the same order), equivalent values for every
1506 // corresponding key, and an identical 'prototype' property. Note: this
1507 // accounts for both named and indexed properties on Arrays.
1508 } else {
1509 return objEquiv(actual, expected);
1510 }
1513function isArguments(object) {
1514 return Object.prototype.toString.call(object) == '[object Arguments]';
1517function objEquiv(a, b) {
1518 if (util.isNullOrUndefined(a) || util.isNullOrUndefined(b))
1519 return false;
1520 // an identical 'prototype' property.
1521 if (a.prototype !== b.prototype) return false;
1522 //~~~I've managed to break Object.keys through screwy arguments passing.
1523 // Converting to array solves the problem.
1524 if (isArguments(a)) {
1525 if (!isArguments(b)) {
1526 return false;
1527 }
1528 a = pSlice.call(a);
1529 b = pSlice.call(b);
1530 return _deepEqual(a, b);
1531 }
1532 try {
1533 var ka = objectKeys(a),
1534 kb = objectKeys(b),
1535 key, i;
1536 } catch (e) {//happens when one is a string literal and the other isn't
1537 return false;
1538 }
1539 // having the same number of owned properties (keys incorporates
1540 // hasOwnProperty)
1541 if (ka.length != kb.length)
1542 return false;
1543 //the same set of keys (although not necessarily the same order),
1544 ka.sort();
1545 kb.sort();
1546 //~~~cheap key test
1547 for (i = ka.length - 1; i >= 0; i--) {
1548 if (ka[i] != kb[i])
1549 return false;
1550 }
1551 //equivalent values for every corresponding key, and
1552 //~~~possibly expensive deep test
1553 for (i = ka.length - 1; i >= 0; i--) {
1554 key = ka[i];
1555 if (!_deepEqual(a[key], b[key])) return false;
1556 }
1557 return true;
1560// 8. The non-equivalence assertion tests for any deep inequality.
1561// assert.notDeepEqual(actual, expected, message_opt);
1563assert.notDeepEqual = function notDeepEqual(actual, expected, message) {
1564 if (_deepEqual(actual, expected)) {
1565 fail(actual, expected, message, 'notDeepEqual', assert.notDeepEqual);
1566 }
1569// 9. The strict equality assertion tests strict equality, as determined by ===.
1570// assert.strictEqual(actual, expected, message_opt);
1572assert.strictEqual = function strictEqual(actual, expected, message) {
1573 if (actual !== expected) {
1574 fail(actual, expected, message, '===', assert.strictEqual);
1575 }
1578// 10. The strict non-equality assertion tests for strict inequality, as
1579// determined by !==. assert.notStrictEqual(actual, expected, message_opt);
1581assert.notStrictEqual = function notStrictEqual(actual, expected, message) {
1582 if (actual === expected) {
1583 fail(actual, expected, message, '!==', assert.notStrictEqual);
1584 }
1587function expectedException(actual, expected) {
1588 if (!actual || !expected) {
1589 return false;
1590 }
1592 if (Object.prototype.toString.call(expected) == '[object RegExp]') {
1593 return expected.test(actual);
1594 } else if (actual instanceof expected) {
1595 return true;
1596 } else if (expected.call({}, actual) === true) {
1597 return true;
1598 }
1600 return false;
1603function _throws(shouldThrow, block, expected, message) {
1604 var actual;
1606 if (util.isString(expected)) {
1607 message = expected;
1608 expected = null;
1609 }
1611 try {
1612 block();
1613 } catch (e) {
1614 actual = e;
1615 }
1617 message = (expected && expected.name ? ' (' + expected.name + ').' : '.') +
1618 (message ? ' ' + message : '.');
1620 if (shouldThrow && !actual) {
1621 fail(actual, expected, 'Missing expected exception' + message);
1622 }
1624 if (!shouldThrow && expectedException(actual, expected)) {
1625 fail(actual, expected, 'Got unwanted exception' + message);
1626 }
1628 if ((shouldThrow && actual && expected &&
1629 !expectedException(actual, expected)) || (!shouldThrow && actual)) {
1630 throw actual;
1631 }
1634// 11. Expected to throw an error:
1635// assert.throws(block, Error_opt, message_opt);
1637assert.throws = function(block, /*optional*/error, /*optional*/message) {
1638 _throws.apply(this, [true].concat(pSlice.call(arguments)));
1641// EXTENSION! This is annoying to write outside this module.
1642assert.doesNotThrow = function(block, /*optional*/message) {
1643 _throws.apply(this, [false].concat(pSlice.call(arguments)));
1646assert.ifError = function(err) { if (err) {throw err;}};
1648var objectKeys = Object.keys || function (obj) {
1649 var keys = [];
1650 for (var key in obj) {
1651 if (hasOwn.call(obj, key)) keys.push(key);
1652 }
1653 return keys;
1657module.exports = function isBuffer(arg) {
1658 return arg && typeof arg === 'object'
1659 && typeof arg.copy === 'function'
1660 && typeof arg.fill === 'function'
1661 && typeof arg.readUInt8 === 'function';
1664(function (process,global){
1665// Copyright Joyent, Inc. and other Node contributors.
1667// Permission is hereby granted, free of charge, to any person obtaining a
1668// copy of this software and associated documentation files (the
1669// "Software"), to deal in the Software without restriction, including
1670// without limitation the rights to use, copy, modify, merge, publish,
1671// distribute, sublicense, and/or sell copies of the Software, and to permit
1672// persons to whom the Software is furnished to do so, subject to the
1673// following conditions:
1675// The above copyright notice and this permission notice shall be included
1676// in all copies or substantial portions of the Software.
1686var formatRegExp = /%[sdj%]/g;
1687exports.format = function(f) {
1688 if (!isString(f)) {
1689 var objects = [];
1690 for (var i = 0; i < arguments.length; i++) {
1691 objects.push(inspect(arguments[i]));
1692 }
1693 return objects.join(' ');
1694 }
1696 var i = 1;
1697 var args = arguments;
1698 var len = args.length;
1699 var str = String(f).replace(formatRegExp, function(x) {
1700 if (x === '%%') return '%';
1701 if (i >= len) return x;
1702 switch (x) {
1703 case '%s': return String(args[i++]);
1704 case '%d': return Number(args[i++]);
1705 case '%j':
1706 try {
1707 return JSON.stringify(args[i++]);
1708 } catch (_) {
1709 return '[Circular]';
1710 }
1711 default:
1712 return x;
1713 }
1714 });
1715 for (var x = args[i]; i < len; x = args[++i]) {
1716 if (isNull(x) || !isObject(x)) {
1717 str += ' ' + x;
1718 } else {
1719 str += ' ' + inspect(x);
1720 }
1721 }
1722 return str;
1726// Mark that a method should not be used.
1727// Returns a modified function which warns once by default.
1728// If --no-deprecation is set, then it is a no-op.
1729exports.deprecate = function(fn, msg) {
1730 // Allow for deprecating things in the process of starting up.
1731 if (isUndefined(global.process)) {
1732 return function() {
1733 return exports.deprecate(fn, msg).apply(this, arguments);
1734 };
1735 }
1737 if (process.noDeprecation === true) {
1738 return fn;
1739 }
1741 var warned = false;
1742 function deprecated() {
1743 if (!warned) {
1744 if (process.throwDeprecation) {
1745 throw new Error(msg);
1746 } else if (process.traceDeprecation) {
1747 console.trace(msg);
1748 } else {
1749 console.error(msg);
1750 }
1751 warned = true;
1752 }
1753 return fn.apply(this, arguments);
1754 }
1756 return deprecated;
1760var debugs = {};
1761var debugEnviron;
1762exports.debuglog = function(set) {
1763 if (isUndefined(debugEnviron))
1764 debugEnviron = process.env.NODE_DEBUG || '';
1765 set = set.toUpperCase();
1766 if (!debugs[set]) {
1767 if (new RegExp('\\b' + set + '\\b', 'i').test(debugEnviron)) {
1768 var pid = process.pid;
1769 debugs[set] = function() {
1770 var msg = exports.format.apply(exports, arguments);
1771 console.error('%s %d: %s', set, pid, msg);
1772 };
1773 } else {
1774 debugs[set] = function() {};
1775 }
1776 }
1777 return debugs[set];
1782 * Echos the value of a value. Trys to print the value out
1783 * in the best way possible given the different types.
1784 *
1785 * @param {Object} obj The object to print out.
1786 * @param {Object} opts Optional options object that alters the output.
1787 */
1788/* legacy: obj, showHidden, depth, colors*/
1789function inspect(obj, opts) {
1790 // default options
1791 var ctx = {
1792 seen: [],
1793 stylize: stylizeNoColor
1794 };
1795 // legacy...
1796 if (arguments.length >= 3) ctx.depth = arguments[2];
1797 if (arguments.length >= 4) ctx.colors = arguments[3];
1798 if (isBoolean(opts)) {
1799 // legacy...
1800 ctx.showHidden = opts;
1801 } else if (opts) {
1802 // got an "options" object
1803 exports._extend(ctx, opts);
1804 }
1805 // set default options
1806 if (isUndefined(ctx.showHidden)) ctx.showHidden = false;
1807 if (isUndefined(ctx.depth)) ctx.depth = 2;
1808 if (isUndefined(ctx.colors)) ctx.colors = false;
1809 if (isUndefined(ctx.customInspect)) ctx.customInspect = true;
1810 if (ctx.colors) ctx.stylize = stylizeWithColor;
1811 return formatValue(ctx, obj, ctx.depth);
1813exports.inspect = inspect;
1816// http://en.wikipedia.org/wiki/ANSI_escape_code#graphics
1817inspect.colors = {
1818 'bold' : [1, 22],
1819 'italic' : [3, 23],
1820 'underline' : [4, 24],
1821 'inverse' : [7, 27],
1822 'white' : [37, 39],
1823 'grey' : [90, 39],
1824 'black' : [30, 39],
1825 'blue' : [34, 39],
1826 'cyan' : [36, 39],
1827 'green' : [32, 39],
1828 'magenta' : [35, 39],
1829 'red' : [31, 39],
1830 'yellow' : [33, 39]
1833// Don't use 'blue' not visible on cmd.exe
1834inspect.styles = {
1835 'special': 'cyan',
1836 'number': 'yellow',
1837 'boolean': 'yellow',
1838 'undefined': 'grey',
1839 'null': 'bold',
1840 'string': 'green',
1841 'date': 'magenta',
1842 // "name": intentionally not styling
1843 'regexp': 'red'
1847function stylizeWithColor(str, styleType) {
1848 var style = inspect.styles[styleType];
1850 if (style) {
1851 return '\u001b[' + inspect.colors[style][0] + 'm' + str +
1852 '\u001b[' + inspect.colors[style][1] + 'm';
1853 } else {
1854 return str;
1855 }
1859function stylizeNoColor(str, styleType) {
1860 return str;
1864function arrayToHash(array) {
1865 var hash = {};
1867 array.forEach(function(val, idx) {
1868 hash[val] = true;
1869 });
1871 return hash;
1875function formatValue(ctx, value, recurseTimes) {
1876 // Provide a hook for user-specified inspect functions.
1877 // Check that value is an object with an inspect function on it
1878 if (ctx.customInspect &&
1879 value &&
1880 isFunction(value.inspect) &&
1881 // Filter out the util module, it's inspect function is special
1882 value.inspect !== exports.inspect &&
1883 // Also filter out any prototype objects using the circular check.
1884 !(value.constructor && value.constructor.prototype === value)) {
1885 var ret = value.inspect(recurseTimes, ctx);
1886 if (!isString(ret)) {
1887 ret = formatValue(ctx, ret, recurseTimes);
1888 }
1889 return ret;
1890 }
1892 // Primitive types cannot have properties
1893 var primitive = formatPrimitive(ctx, value);
1894 if (primitive) {
1895 return primitive;
1896 }
1898 // Look up the keys of the object.
1899 var keys = Object.keys(value);
1900 var visibleKeys = arrayToHash(keys);
1902 if (ctx.showHidden) {
1903 keys = Object.getOwnPropertyNames(value);
1904 }
1906 // IE doesn't make error fields non-enumerable
1907 // http://msdn.microsoft.com/en-us/library/ie/dww52sbt(v=vs.94).aspx
1908 if (isError(value)
1909 && (keys.indexOf('message') >= 0 || keys.indexOf('description') >= 0)) {
1910 return formatError(value);
1911 }
1913 // Some type of object without properties can be shortcutted.
1914 if (keys.length === 0) {
1915 if (isFunction(value)) {
1916 var name = value.name ? ': ' + value.name : '';
1917 return ctx.stylize('[Function' + name + ']', 'special');
1918 }
1919 if (isRegExp(value)) {
1920 return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
1921 }
1922 if (isDate(value)) {
1923 return ctx.stylize(Date.prototype.toString.call(value), 'date');
1924 }
1925 if (isError(value)) {
1926 return formatError(value);
1927 }
1928 }
1930 var base = '', array = false, braces = ['{', '}'];
1932 // Make Array say that they are Array
1933 if (isArray(value)) {
1934 array = true;
1935 braces = ['[', ']'];
1936 }
1938 // Make functions say that they are functions
1939 if (isFunction(value)) {
1940 var n = value.name ? ': ' + value.name : '';
1941 base = ' [Function' + n + ']';
1942 }
1944 // Make RegExps say that they are RegExps
1945 if (isRegExp(value)) {
1946 base = ' ' + RegExp.prototype.toString.call(value);
1947 }
1949 // Make dates with properties first say the date
1950 if (isDate(value)) {
1951 base = ' ' + Date.prototype.toUTCString.call(value);
1952 }
1954 // Make error with message first say the error
1955 if (isError(value)) {
1956 base = ' ' + formatError(value);
1957 }
1959 if (keys.length === 0 && (!array || value.length == 0)) {
1960 return braces[0] + base + braces[1];
1961 }
1963 if (recurseTimes < 0) {
1964 if (isRegExp(value)) {
1965 return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
1966 } else {
1967 return ctx.stylize('[Object]', 'special');
1968 }
1969 }
1971 ctx.seen.push(value);
1973 var output;
1974 if (array) {
1975 output = formatArray(ctx, value, recurseTimes, visibleKeys, keys);
1976 } else {
1977 output = keys.map(function(key) {
1978 return formatProperty(ctx, value, recurseTimes, visibleKeys, key, array);
1979 });
1980 }
1982 ctx.seen.pop();
1984 return reduceToSingleString(output, base, braces);
1988function formatPrimitive(ctx, value) {
1989 if (isUndefined(value))
1990 return ctx.stylize('undefined', 'undefined');
1991 if (isString(value)) {
1992 var simple = '\'' + JSON.stringify(value).replace(/^"|"$/g, '')
1993 .replace(/'/g, "\\'")
1994 .replace(/\\"/g, '"') + '\'';
1995 return ctx.stylize(simple, 'string');
1996 }
1997 if (isNumber(value))
1998 return ctx.stylize('' + value, 'number');
1999 if (isBoolean(value))
2000 return ctx.stylize('' + value, 'boolean');
2001 // For some reason typeof null is "object", so special case here.
2002 if (isNull(value))
2003 return ctx.stylize('null', 'null');
2007function formatError(value) {
2008 return '[' + Error.prototype.toString.call(value) + ']';
2012function formatArray(ctx, value, recurseTimes, visibleKeys, keys) {
2013 var output = [];
2014 for (var i = 0, l = value.length; i < l; ++i) {
2015 if (hasOwnProperty(value, String(i))) {
2016 output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
2017 String(i), true));
2018 } else {
2019 output.push('');
2020 }
2021 }
2022 keys.forEach(function(key) {
2023 if (!key.match(/^\d+$/)) {
2024 output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
2025 key, true));
2026 }
2027 });
2028 return output;
2032function formatProperty(ctx, value, recurseTimes, visibleKeys, key, array) {
2033 var name, str, desc;
2034 desc = Object.getOwnPropertyDescriptor(value, key) || { value: value[key] };
2035 if (desc.get) {
2036 if (desc.set) {
2037 str = ctx.stylize('[Getter/Setter]', 'special');
2038 } else {
2039 str = ctx.stylize('[Getter]', 'special');
2040 }
2041 } else {
2042 if (desc.set) {
2043 str = ctx.stylize('[Setter]', 'special');
2044 }
2045 }
2046 if (!hasOwnProperty(visibleKeys, key)) {
2047 name = '[' + key + ']';
2048 }
2049 if (!str) {
2050 if (ctx.seen.indexOf(desc.value) < 0) {
2051 if (isNull(recurseTimes)) {
2052 str = formatValue(ctx, desc.value, null);
2053 } else {
2054 str = formatValue(ctx, desc.value, recurseTimes - 1);
2055 }
2056 if (str.indexOf('\n') > -1) {
2057 if (array) {
2058 str = str.split('\n').map(function(line) {
2059 return ' ' + line;
2060 }).join('\n').substr(2);
2061 } else {
2062 str = '\n' + str.split('\n').map(function(line) {
2063 return ' ' + line;
2064 }).join('\n');
2065 }
2066 }
2067 } else {
2068 str = ctx.stylize('[Circular]', 'special');
2069 }
2070 }
2071 if (isUndefined(name)) {
2072 if (array && key.match(/^\d+$/)) {
2073 return str;
2074 }
2075 name = JSON.stringify('' + key);
2076 if (name.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)) {
2077 name = name.substr(1, name.length - 2);
2078 name = ctx.stylize(name, 'name');
2079 } else {
2080 name = name.replace(/'/g, "\\'")
2081 .replace(/\\"/g, '"')
2082 .replace(/(^"|"$)/g, "'");
2083 name = ctx.stylize(name, 'string');
2084 }
2085 }
2087 return name + ': ' + str;
2091function reduceToSingleString(output, base, braces) {
2092 var numLinesEst = 0;
2093 var length = output.reduce(function(prev, cur) {
2094 numLinesEst++;
2095 if (cur.indexOf('\n') >= 0) numLinesEst++;
2096 return prev + cur.replace(/\u001b\[\d\d?m/g, '').length + 1;
2097 }, 0);
2099 if (length > 60) {
2100 return braces[0] +
2101 (base === '' ? '' : base + '\n ') +
2102 ' ' +
2103 output.join(',\n ') +
2104 ' ' +
2105 braces[1];
2106 }
2108 return braces[0] + base + ' ' + output.join(', ') + ' ' + braces[1];
2112// NOTE: These type checking functions intentionally don't use `instanceof`
2113// because it is fragile and can be easily faked with `Object.create()`.
2114function isArray(ar) {
2115 return Array.isArray(ar);
2117exports.isArray = isArray;
2119function isBoolean(arg) {
2120 return typeof arg === 'boolean';
2122exports.isBoolean = isBoolean;
2124function isNull(arg) {
2125 return arg === null;
2127exports.isNull = isNull;
2129function isNullOrUndefined(arg) {
2130 return arg == null;
2132exports.isNullOrUndefined = isNullOrUndefined;
2134function isNumber(arg) {
2135 return typeof arg === 'number';
2137exports.isNumber = isNumber;
2139function isString(arg) {
2140 return typeof arg === 'string';
2142exports.isString = isString;
2144function isSymbol(arg) {
2145 return typeof arg === 'symbol';
2147exports.isSymbol = isSymbol;
2149function isUndefined(arg) {
2150 return arg === void 0;
2152exports.isUndefined = isUndefined;
2154function isRegExp(re) {
2155 return isObject(re) && objectToString(re) === '[object RegExp]';
2157exports.isRegExp = isRegExp;
2159function isObject(arg) {
2160 return typeof arg === 'object' && arg !== null;
2162exports.isObject = isObject;
2164function isDate(d) {
2165 return isObject(d) && objectToString(d) === '[object Date]';
2167exports.isDate = isDate;
2169function isError(e) {
2170 return isObject(e) &&
2171 (objectToString(e) === '[object Error]' || e instanceof Error);
2173exports.isError = isError;
2175function isFunction(arg) {
2176 return typeof arg === 'function';
2178exports.isFunction = isFunction;
2180function isPrimitive(arg) {
2181 return arg === null ||
2182 typeof arg === 'boolean' ||
2183 typeof arg === 'number' ||
2184 typeof arg === 'string' ||
2185 typeof arg === 'symbol' || // ES6 symbol
2186 typeof arg === 'undefined';
2188exports.isPrimitive = isPrimitive;
2190exports.isBuffer = _dereq_('./support/isBuffer');
2192function objectToString(o) {
2193 return Object.prototype.toString.call(o);
2197function pad(n) {
2198 return n < 10 ? '0' + n.toString(10) : n.toString(10);
2202var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep',
2203 'Oct', 'Nov', 'Dec'];
2205// 26 Feb 16:19:34
2206function timestamp() {
2207 var d = new Date();
2208 var time = [pad(d.getHours()),
2209 pad(d.getMinutes()),
2210 pad(d.getSeconds())].join(':');
2211 return [d.getDate(), months[d.getMonth()], time].join(' ');
2215// log is just a thin wrapper to console.log that prepends a timestamp
2216exports.log = function() {
2217 console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments));
2222 * Inherit the prototype methods from one constructor into another.
2223 *
2224 * The Function.prototype.inherits from lang.js rewritten as a standalone
2225 * function (not on Function.prototype). NOTE: If this file is to be loaded
2226 * during bootstrapping this function needs to be rewritten using some native
2227 * functions as prototype setup using normal JavaScript does not work as
2228 * expected during bootstrapping (see mirror.js in r114903).
2229 *
2230 * @param {function} ctor Constructor function which needs to inherit the
2231 * prototype.
2232 * @param {function} superCtor Constructor function to inherit prototype from.
2233 */
2234exports.inherits = _dereq_('inherits');
2236exports._extend = function(origin, add) {
2237 // Don't do anything if add isn't an object
2238 if (!add || !isObject(add)) return origin;
2240 var keys = Object.keys(add);
2241 var i = keys.length;
2242 while (i--) {
2243 origin[keys[i]] = add[keys[i]];
2244 }
2245 return origin;
2248function hasOwnProperty(obj, prop) {
2249 return Object.prototype.hasOwnProperty.call(obj, prop);
2252}).call(this,_dereq_("FWaASH"),typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {})
2257 * The buffer module from node.js, for the browser.
2258 *
2259 * at author Feross Aboukhadijeh <feross@feross.org> <http://feross.org>
2260 * at license MIT
2261 */
2263var base64 = _dereq_('base64-js')
2264var ieee754 = _dereq_('ieee754')
2266exports.Buffer = Buffer
2267exports.SlowBuffer = Buffer
2268exports.INSPECT_MAX_BYTES = 50
2269Buffer.poolSize = 8192
2272 * If `Buffer._useTypedArrays`:
2273 * === true Use Uint8Array implementation (fastest)
2274 * === false Use Object implementation (compatible down to IE6)
2275 */
2276Buffer._useTypedArrays = (function () {
2277 // Detect if browser supports Typed Arrays. Supported browsers are IE 10+, Firefox 4+,
2278 // Chrome 7+, Safari 5.1+, Opera 11.6+, iOS 4.2+. If the browser does not support adding
2279 // properties to `Uint8Array` instances, then that's the same as no `Uint8Array` support
2280 // because we need to be able to add all the node Buffer API methods. This is an issue
2281 // in Firefox 4-29. Now fixed: https://bugzilla.mozilla.org/show_bug.cgi?id=695438
2282 try {
2283 var buf = new ArrayBuffer(0)
2284 var arr = new Uint8Array(buf)
2285 arr.foo = function () { return 42 }
2286 return 42 === arr.foo() &&
2287 typeof arr.subarray === 'function' // Chrome 9-10 lack `subarray`
2288 } catch (e) {
2289 return false
2290 }
2294 * Class: Buffer
2295 * =============
2296 *
2297 * The Buffer constructor returns instances of `Uint8Array` that are augmented
2298 * with function properties for all the node `Buffer` API functions. We use
2299 * `Uint8Array` so that square bracket notation works as expected -- it returns
2300 * a single octet.
2301 *
2302 * By augmenting the instances, we can avoid modifying the `Uint8Array`
2303 * prototype.
2304 */
2305function Buffer (subject, encoding, noZero) {
2306 if (!(this instanceof Buffer))
2307 return new Buffer(subject, encoding, noZero)
2309 var type = typeof subject
2311 if (encoding === 'base64' && type === 'string') {
2312 subject = base64clean(subject)
2313 }
2315 // Find the length
2316 var length
2317 if (type === 'number')
2318 length = coerce(subject)
2319 else if (type === 'string')
2320 length = Buffer.byteLength(subject, encoding)
2321 else if (type === 'object')
2322 length = coerce(subject.length) // assume that object is array-like
2323 else
2324 throw new Error('First argument needs to be a number, array or string.')
2326 var buf
2327 if (Buffer._useTypedArrays) {
2328 // Preferred: Return an augmented `Uint8Array` instance for best performance
2329 buf = Buffer._augment(new Uint8Array(length))
2330 } else {
2331 // Fallback: Return THIS instance of Buffer (created by `new`)
2332 buf = this
2333 buf.length = length
2334 buf._isBuffer = true
2335 }
2337 var i
2338 if (Buffer._useTypedArrays && typeof subject.byteLength === 'number') {
2339 // Speed optimization -- use set if we're copying from a typed array
2340 buf._set(subject)
2341 } else if (isArrayish(subject)) {
2342 // Treat array-ish objects as a byte array
2343 if (Buffer.isBuffer(subject)) {
2344 for (i = 0; i < length; i++)
2345 buf[i] = subject.readUInt8(i)
2346 } else {
2347 for (i = 0; i < length; i++)
2348 buf[i] = ((subject[i] % 256) + 256) % 256
2349 }
2350 } else if (type === 'string') {
2351 buf.write(subject, 0, encoding)
2352 } else if (type === 'number' && !Buffer._useTypedArrays && !noZero) {
2353 for (i = 0; i < length; i++) {
2354 buf[i] = 0
2355 }
2356 }
2358 return buf
2362// ==============
2364Buffer.isEncoding = function (encoding) {
2365 switch (String(encoding).toLowerCase()) {
2366 case 'hex':
2367 case 'utf8':
2368 case 'utf-8':
2369 case 'ascii':
2370 case 'binary':
2371 case 'base64':
2372 case 'raw':
2373 case 'ucs2':
2374 case 'ucs-2':
2375 case 'utf16le':
2376 case 'utf-16le':
2377 return true
2378 default:
2379 return false
2380 }
2383Buffer.isBuffer = function (b) {
2384 return !!(b !== null && b !== undefined && b._isBuffer)
2387Buffer.byteLength = function (str, encoding) {
2388 var ret
2389 str = str.toString()
2390 switch (encoding || 'utf8') {
2391 case 'hex':
2392 ret = str.length / 2
2393 break
2394 case 'utf8':
2395 case 'utf-8':
2396 ret = utf8ToBytes(str).length
2397 break
2398 case 'ascii':
2399 case 'binary':
2400 case 'raw':
2401 ret = str.length
2402 break
2403 case 'base64':
2404 ret = base64ToBytes(str).length
2405 break
2406 case 'ucs2':
2407 case 'ucs-2':
2408 case 'utf16le':
2409 case 'utf-16le':
2410 ret = str.length * 2
2411 break
2412 default:
2413 throw new Error('Unknown encoding')
2414 }
2415 return ret
2418Buffer.concat = function (list, totalLength) {
2419 assert(isArray(list), 'Usage: Buffer.concat(list[, length])')
2421 if (list.length === 0) {
2422 return new Buffer(0)
2423 } else if (list.length === 1) {
2424 return list[0]
2425 }
2427 var i
2428 if (totalLength === undefined) {
2429 totalLength = 0
2430 for (i = 0; i < list.length; i++) {
2431 totalLength += list[i].length
2432 }
2433 }
2435 var buf = new Buffer(totalLength)
2436 var pos = 0
2437 for (i = 0; i < list.length; i++) {
2438 var item = list[i]
2439 item.copy(buf, pos)
2440 pos += item.length
2441 }
2442 return buf
2445Buffer.compare = function (a, b) {
2446 assert(Buffer.isBuffer(a) && Buffer.isBuffer(b), 'Arguments must be Buffers')
2447 var x = a.length
2448 var y = b.length
2449 for (var i = 0, len = Math.min(x, y); i < len && a[i] === b[i]; i++) {}
2450 if (i !== len) {
2451 x = a[i]
2452 y = b[i]
2453 }
2454 if (x < y) {
2455 return -1
2456 }
2457 if (y < x) {
2458 return 1
2459 }
2460 return 0
2464// =======================
2466function hexWrite (buf, string, offset, length) {
2467 offset = Number(offset) || 0
2468 var remaining = buf.length - offset
2469 if (!length) {
2470 length = remaining
2471 } else {
2472 length = Number(length)
2473 if (length > remaining) {
2474 length = remaining
2475 }
2476 }
2478 // must be an even number of digits
2479 var strLen = string.length
2480 assert(strLen % 2 === 0, 'Invalid hex string')
2482 if (length > strLen / 2) {
2483 length = strLen / 2
2484 }
2485 for (var i = 0; i < length; i++) {
2486 var byte = parseInt(string.substr(i * 2, 2), 16)
2487 assert(!isNaN(byte), 'Invalid hex string')
2488 buf[offset + i] = byte
2489 }
2490 return i
2493function utf8Write (buf, string, offset, length) {
2494 var charsWritten = blitBuffer(utf8ToBytes(string), buf, offset, length)
2495 return charsWritten
2498function asciiWrite (buf, string, offset, length) {
2499 var charsWritten = blitBuffer(asciiToBytes(string), buf, offset, length)
2500 return charsWritten
2503function binaryWrite (buf, string, offset, length) {
2504 return asciiWrite(buf, string, offset, length)
2507function base64Write (buf, string, offset, length) {
2508 var charsWritten = blitBuffer(base64ToBytes(string), buf, offset, length)
2509 return charsWritten
2512function utf16leWrite (buf, string, offset, length) {
2513 var charsWritten = blitBuffer(utf16leToBytes(string), buf, offset, length)
2514 return charsWritten
2517Buffer.prototype.write = function (string, offset, length, encoding) {
2518 // Support both (string, offset, length, encoding)
2519 // and the legacy (string, encoding, offset, length)
2520 if (isFinite(offset)) {
2521 if (!isFinite(length)) {
2522 encoding = length
2523 length = undefined
2524 }
2525 } else { // legacy
2526 var swap = encoding
2527 encoding = offset
2528 offset = length
2529 length = swap
2530 }
2532 offset = Number(offset) || 0
2533 var remaining = this.length - offset
2534 if (!length) {
2535 length = remaining
2536 } else {
2537 length = Number(length)
2538 if (length > remaining) {
2539 length = remaining
2540 }
2541 }
2542 encoding = String(encoding || 'utf8').toLowerCase()
2544 var ret
2545 switch (encoding) {
2546 case 'hex':
2547 ret = hexWrite(this, string, offset, length)
2548 break
2549 case 'utf8':
2550 case 'utf-8':
2551 ret = utf8Write(this, string, offset, length)
2552 break
2553 case 'ascii':
2554 ret = asciiWrite(this, string, offset, length)
2555 break
2556 case 'binary':
2557 ret = binaryWrite(this, string, offset, length)
2558 break
2559 case 'base64':
2560 ret = base64Write(this, string, offset, length)
2561 break
2562 case 'ucs2':
2563 case 'ucs-2':
2564 case 'utf16le':
2565 case 'utf-16le':
2566 ret = utf16leWrite(this, string, offset, length)
2567 break
2568 default:
2569 throw new Error('Unknown encoding')
2570 }
2571 return ret
2574Buffer.prototype.toString = function (encoding, start, end) {
2575 var self = this
2577 encoding = String(encoding || 'utf8').toLowerCase()
2578 start = Number(start) || 0
2579 end = (end === undefined) ? self.length : Number(end)
2581 // Fastpath empty strings
2582 if (end === start)
2583 return ''
2585 var ret
2586 switch (encoding) {
2587 case 'hex':
2588 ret = hexSlice(self, start, end)
2589 break
2590 case 'utf8':
2591 case 'utf-8':
2592 ret = utf8Slice(self, start, end)
2593 break
2594 case 'ascii':
2595 ret = asciiSlice(self, start, end)
2596 break
2597 case 'binary':
2598 ret = binarySlice(self, start, end)
2599 break
2600 case 'base64':
2601 ret = base64Slice(self, start, end)
2602 break
2603 case 'ucs2':
2604 case 'ucs-2':
2605 case 'utf16le':
2606 case 'utf-16le':
2607 ret = utf16leSlice(self, start, end)
2608 break
2609 default:
2610 throw new Error('Unknown encoding')
2611 }
2612 return ret
2615Buffer.prototype.toJSON = function () {
2616 return {
2617 type: 'Buffer',
2618 data: Array.prototype.slice.call(this._arr || this, 0)
2619 }
2622Buffer.prototype.equals = function (b) {
2623 assert(Buffer.isBuffer(b), 'Argument must be a Buffer')
2624 return Buffer.compare(this, b) === 0
2627Buffer.prototype.compare = function (b) {
2628 assert(Buffer.isBuffer(b), 'Argument must be a Buffer')
2629 return Buffer.compare(this, b)
2632// copy(targetBuffer, targetStart=0, sourceStart=0, sourceEnd=buffer.length)
2633Buffer.prototype.copy = function (target, target_start, start, end) {
2634 var source = this
2636 if (!start) start = 0
2637 if (!end && end !== 0) end = this.length
2638 if (!target_start) target_start = 0
2640 // Copy 0 bytes; we're done
2641 if (end === start) return
2642 if (target.length === 0 || source.length === 0) return
2644 // Fatal error conditions
2645 assert(end >= start, 'sourceEnd < sourceStart')
2646 assert(target_start >= 0 && target_start < target.length,
2647 'targetStart out of bounds')
2648 assert(start >= 0 && start < source.length, 'sourceStart out of bounds')
2649 assert(end >= 0 && end <= source.length, 'sourceEnd out of bounds')
2651 // Are we oob?
2652 if (end > this.length)
2653 end = this.length
2654 if (target.length - target_start < end - start)
2655 end = target.length - target_start + start
2657 var len = end - start
2659 if (len < 100 || !Buffer._useTypedArrays) {
2660 for (var i = 0; i < len; i++) {
2661 target[i + target_start] = this[i + start]
2662 }
2663 } else {
2664 target._set(this.subarray(start, start + len), target_start)
2665 }
2668function base64Slice (buf, start, end) {
2669 if (start === 0 && end === buf.length) {
2670 return base64.fromByteArray(buf)
2671 } else {
2672 return base64.fromByteArray(buf.slice(start, end))
2673 }
2676function utf8Slice (buf, start, end) {
2677 var res = ''
2678 var tmp = ''
2679 end = Math.min(buf.length, end)
2681 for (var i = start; i < end; i++) {
2682 if (buf[i] <= 0x7F) {
2683 res += decodeUtf8Char(tmp) + String.fromCharCode(buf[i])
2684 tmp = ''
2685 } else {
2686 tmp += '%' + buf[i].toString(16)
2687 }
2688 }
2690 return res + decodeUtf8Char(tmp)
2693function asciiSlice (buf, start, end) {
2694 var ret = ''
2695 end = Math.min(buf.length, end)
2697 for (var i = start; i < end; i++) {
2698 ret += String.fromCharCode(buf[i])
2699 }
2700 return ret
2703function binarySlice (buf, start, end) {
2704 return asciiSlice(buf, start, end)
2707function hexSlice (buf, start, end) {
2708 var len = buf.length
2710 if (!start || start < 0) start = 0
2711 if (!end || end < 0 || end > len) end = len
2713 var out = ''
2714 for (var i = start; i < end; i++) {
2715 out += toHex(buf[i])
2716 }
2717 return out
2720function utf16leSlice (buf, start, end) {
2721 var bytes = buf.slice(start, end)
2722 var res = ''
2723 for (var i = 0; i < bytes.length; i += 2) {
2724 res += String.fromCharCode(bytes[i] + bytes[i + 1] * 256)
2725 }
2726 return res
2729Buffer.prototype.slice = function (start, end) {
2730 var len = this.length
2731 start = clamp(start, len, 0)
2732 end = clamp(end, len, len)
2734 if (Buffer._useTypedArrays) {
2735 return Buffer._augment(this.subarray(start, end))
2736 } else {
2737 var sliceLen = end - start
2738 var newBuf = new Buffer(sliceLen, undefined, true)
2739 for (var i = 0; i < sliceLen; i++) {
2740 newBuf[i] = this[i + start]
2741 }
2742 return newBuf
2743 }
2746// `get` will be removed in Node 0.13+
2747Buffer.prototype.get = function (offset) {
2748 console.log('.get() is deprecated. Access using array indexes instead.')
2749 return this.readUInt8(offset)
2752// `set` will be removed in Node 0.13+
2753Buffer.prototype.set = function (v, offset) {
2754 console.log('.set() is deprecated. Access using array indexes instead.')
2755 return this.writeUInt8(v, offset)
2758Buffer.prototype.readUInt8 = function (offset, noAssert) {
2759 if (!noAssert) {
2760 assert(offset !== undefined && offset !== null, 'missing offset')
2761 assert(offset < this.length, 'Trying to read beyond buffer length')
2762 }
2764 if (offset >= this.length)
2765 return
2767 return this[offset]
2770function readUInt16 (buf, offset, littleEndian, noAssert) {
2771 if (!noAssert) {
2772 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2773 assert(offset !== undefined && offset !== null, 'missing offset')
2774 assert(offset + 1 < buf.length, 'Trying to read beyond buffer length')
2775 }
2777 var len = buf.length
2778 if (offset >= len)
2779 return
2781 var val
2782 if (littleEndian) {
2783 val = buf[offset]
2784 if (offset + 1 < len)
2785 val |= buf[offset + 1] << 8
2786 } else {
2787 val = buf[offset] << 8
2788 if (offset + 1 < len)
2789 val |= buf[offset + 1]
2790 }
2791 return val
2794Buffer.prototype.readUInt16LE = function (offset, noAssert) {
2795 return readUInt16(this, offset, true, noAssert)
2798Buffer.prototype.readUInt16BE = function (offset, noAssert) {
2799 return readUInt16(this, offset, false, noAssert)
2802function readUInt32 (buf, offset, littleEndian, noAssert) {
2803 if (!noAssert) {
2804 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2805 assert(offset !== undefined && offset !== null, 'missing offset')
2806 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
2807 }
2809 var len = buf.length
2810 if (offset >= len)
2811 return
2813 var val
2814 if (littleEndian) {
2815 if (offset + 2 < len)
2816 val = buf[offset + 2] << 16
2817 if (offset + 1 < len)
2818 val |= buf[offset + 1] << 8
2819 val |= buf[offset]
2820 if (offset + 3 < len)
2821 val = val + (buf[offset + 3] << 24 >>> 0)
2822 } else {
2823 if (offset + 1 < len)
2824 val = buf[offset + 1] << 16
2825 if (offset + 2 < len)
2826 val |= buf[offset + 2] << 8
2827 if (offset + 3 < len)
2828 val |= buf[offset + 3]
2829 val = val + (buf[offset] << 24 >>> 0)
2830 }
2831 return val
2834Buffer.prototype.readUInt32LE = function (offset, noAssert) {
2835 return readUInt32(this, offset, true, noAssert)
2838Buffer.prototype.readUInt32BE = function (offset, noAssert) {
2839 return readUInt32(this, offset, false, noAssert)
2842Buffer.prototype.readInt8 = function (offset, noAssert) {
2843 if (!noAssert) {
2844 assert(offset !== undefined && offset !== null,
2845 'missing offset')
2846 assert(offset < this.length, 'Trying to read beyond buffer length')
2847 }
2849 if (offset >= this.length)
2850 return
2852 var neg = this[offset] & 0x80
2853 if (neg)
2854 return (0xff - this[offset] + 1) * -1
2855 else
2856 return this[offset]
2859function readInt16 (buf, offset, littleEndian, noAssert) {
2860 if (!noAssert) {
2861 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2862 assert(offset !== undefined && offset !== null, 'missing offset')
2863 assert(offset + 1 < buf.length, 'Trying to read beyond buffer length')
2864 }
2866 var len = buf.length
2867 if (offset >= len)
2868 return
2870 var val = readUInt16(buf, offset, littleEndian, true)
2871 var neg = val & 0x8000
2872 if (neg)
2873 return (0xffff - val + 1) * -1
2874 else
2875 return val
2878Buffer.prototype.readInt16LE = function (offset, noAssert) {
2879 return readInt16(this, offset, true, noAssert)
2882Buffer.prototype.readInt16BE = function (offset, noAssert) {
2883 return readInt16(this, offset, false, noAssert)
2886function readInt32 (buf, offset, littleEndian, noAssert) {
2887 if (!noAssert) {
2888 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2889 assert(offset !== undefined && offset !== null, 'missing offset')
2890 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
2891 }
2893 var len = buf.length
2894 if (offset >= len)
2895 return
2897 var val = readUInt32(buf, offset, littleEndian, true)
2898 var neg = val & 0x80000000
2899 if (neg)
2900 return (0xffffffff - val + 1) * -1
2901 else
2902 return val
2905Buffer.prototype.readInt32LE = function (offset, noAssert) {
2906 return readInt32(this, offset, true, noAssert)
2909Buffer.prototype.readInt32BE = function (offset, noAssert) {
2910 return readInt32(this, offset, false, noAssert)
2913function readFloat (buf, offset, littleEndian, noAssert) {
2914 if (!noAssert) {
2915 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2916 assert(offset + 3 < buf.length, 'Trying to read beyond buffer length')
2917 }
2919 return ieee754.read(buf, offset, littleEndian, 23, 4)
2922Buffer.prototype.readFloatLE = function (offset, noAssert) {
2923 return readFloat(this, offset, true, noAssert)
2926Buffer.prototype.readFloatBE = function (offset, noAssert) {
2927 return readFloat(this, offset, false, noAssert)
2930function readDouble (buf, offset, littleEndian, noAssert) {
2931 if (!noAssert) {
2932 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2933 assert(offset + 7 < buf.length, 'Trying to read beyond buffer length')
2934 }
2936 return ieee754.read(buf, offset, littleEndian, 52, 8)
2939Buffer.prototype.readDoubleLE = function (offset, noAssert) {
2940 return readDouble(this, offset, true, noAssert)
2943Buffer.prototype.readDoubleBE = function (offset, noAssert) {
2944 return readDouble(this, offset, false, noAssert)
2947Buffer.prototype.writeUInt8 = function (value, offset, noAssert) {
2948 if (!noAssert) {
2949 assert(value !== undefined && value !== null, 'missing value')
2950 assert(offset !== undefined && offset !== null, 'missing offset')
2951 assert(offset < this.length, 'trying to write beyond buffer length')
2952 verifuint(value, 0xff)
2953 }
2955 if (offset >= this.length) return
2957 this[offset] = value
2958 return offset + 1
2961function writeUInt16 (buf, value, offset, littleEndian, noAssert) {
2962 if (!noAssert) {
2963 assert(value !== undefined && value !== null, 'missing value')
2964 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2965 assert(offset !== undefined && offset !== null, 'missing offset')
2966 assert(offset + 1 < buf.length, 'trying to write beyond buffer length')
2967 verifuint(value, 0xffff)
2968 }
2970 var len = buf.length
2971 if (offset >= len)
2972 return
2974 for (var i = 0, j = Math.min(len - offset, 2); i < j; i++) {
2975 buf[offset + i] =
2976 (value & (0xff << (8 * (littleEndian ? i : 1 - i)))) >>>
2977 (littleEndian ? i : 1 - i) * 8
2978 }
2979 return offset + 2
2982Buffer.prototype.writeUInt16LE = function (value, offset, noAssert) {
2983 return writeUInt16(this, value, offset, true, noAssert)
2986Buffer.prototype.writeUInt16BE = function (value, offset, noAssert) {
2987 return writeUInt16(this, value, offset, false, noAssert)
2990function writeUInt32 (buf, value, offset, littleEndian, noAssert) {
2991 if (!noAssert) {
2992 assert(value !== undefined && value !== null, 'missing value')
2993 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
2994 assert(offset !== undefined && offset !== null, 'missing offset')
2995 assert(offset + 3 < buf.length, 'trying to write beyond buffer length')
2996 verifuint(value, 0xffffffff)
2997 }
2999 var len = buf.length
3000 if (offset >= len)
3001 return
3003 for (var i = 0, j = Math.min(len - offset, 4); i < j; i++) {
3004 buf[offset + i] =
3005 (value >>> (littleEndian ? i : 3 - i) * 8) & 0xff
3006 }
3007 return offset + 4
3010Buffer.prototype.writeUInt32LE = function (value, offset, noAssert) {
3011 return writeUInt32(this, value, offset, true, noAssert)
3014Buffer.prototype.writeUInt32BE = function (value, offset, noAssert) {
3015 return writeUInt32(this, value, offset, false, noAssert)
3018Buffer.prototype.writeInt8 = function (value, offset, noAssert) {
3019 if (!noAssert) {
3020 assert(value !== undefined && value !== null, 'missing value')
3021 assert(offset !== undefined && offset !== null, 'missing offset')
3022 assert(offset < this.length, 'Trying to write beyond buffer length')
3023 verifsint(value, 0x7f, -0x80)
3024 }
3026 if (offset >= this.length)
3027 return
3029 if (value >= 0)
3030 this.writeUInt8(value, offset, noAssert)
3031 else
3032 this.writeUInt8(0xff + value + 1, offset, noAssert)
3033 return offset + 1
3036function writeInt16 (buf, value, offset, littleEndian, noAssert) {
3037 if (!noAssert) {
3038 assert(value !== undefined && value !== null, 'missing value')
3039 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3040 assert(offset !== undefined && offset !== null, 'missing offset')
3041 assert(offset + 1 < buf.length, 'Trying to write beyond buffer length')
3042 verifsint(value, 0x7fff, -0x8000)
3043 }
3045 var len = buf.length
3046 if (offset >= len)
3047 return
3049 if (value >= 0)
3050 writeUInt16(buf, value, offset, littleEndian, noAssert)
3051 else
3052 writeUInt16(buf, 0xffff + value + 1, offset, littleEndian, noAssert)
3053 return offset + 2
3056Buffer.prototype.writeInt16LE = function (value, offset, noAssert) {
3057 return writeInt16(this, value, offset, true, noAssert)
3060Buffer.prototype.writeInt16BE = function (value, offset, noAssert) {
3061 return writeInt16(this, value, offset, false, noAssert)
3064function writeInt32 (buf, value, offset, littleEndian, noAssert) {
3065 if (!noAssert) {
3066 assert(value !== undefined && value !== null, 'missing value')
3067 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3068 assert(offset !== undefined && offset !== null, 'missing offset')
3069 assert(offset + 3 < buf.length, 'Trying to write beyond buffer length')
3070 verifsint(value, 0x7fffffff, -0x80000000)
3071 }
3073 var len = buf.length
3074 if (offset >= len)
3075 return
3077 if (value >= 0)
3078 writeUInt32(buf, value, offset, littleEndian, noAssert)
3079 else
3080 writeUInt32(buf, 0xffffffff + value + 1, offset, littleEndian, noAssert)
3081 return offset + 4
3084Buffer.prototype.writeInt32LE = function (value, offset, noAssert) {
3085 return writeInt32(this, value, offset, true, noAssert)
3088Buffer.prototype.writeInt32BE = function (value, offset, noAssert) {
3089 return writeInt32(this, value, offset, false, noAssert)
3092function writeFloat (buf, value, offset, littleEndian, noAssert) {
3093 if (!noAssert) {
3094 assert(value !== undefined && value !== null, 'missing value')
3095 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3096 assert(offset !== undefined && offset !== null, 'missing offset')
3097 assert(offset + 3 < buf.length, 'Trying to write beyond buffer length')
3098 verifIEEE754(value, 3.4028234663852886e+38, -3.4028234663852886e+38)
3099 }
3101 var len = buf.length
3102 if (offset >= len)
3103 return
3105 ieee754.write(buf, value, offset, littleEndian, 23, 4)
3106 return offset + 4
3109Buffer.prototype.writeFloatLE = function (value, offset, noAssert) {
3110 return writeFloat(this, value, offset, true, noAssert)
3113Buffer.prototype.writeFloatBE = function (value, offset, noAssert) {
3114 return writeFloat(this, value, offset, false, noAssert)
3117function writeDouble (buf, value, offset, littleEndian, noAssert) {
3118 if (!noAssert) {
3119 assert(value !== undefined && value !== null, 'missing value')
3120 assert(typeof littleEndian === 'boolean', 'missing or invalid endian')
3121 assert(offset !== undefined && offset !== null, 'missing offset')
3122 assert(offset + 7 < buf.length,
3123 'Trying to write beyond buffer length')
3124 verifIEEE754(value, 1.7976931348623157E+308, -1.7976931348623157E+308)
3125 }
3127 var len = buf.length
3128 if (offset >= len)
3129 return
3131 ieee754.write(buf, value, offset, littleEndian, 52, 8)
3132 return offset + 8
3135Buffer.prototype.writeDoubleLE = function (value, offset, noAssert) {
3136 return writeDouble(this, value, offset, true, noAssert)
3139Buffer.prototype.writeDoubleBE = function (value, offset, noAssert) {
3140 return writeDouble(this, value, offset, false, noAssert)
3143// fill(value, start=0, end=buffer.length)
3144Buffer.prototype.fill = function (value, start, end) {
3145 if (!value) value = 0
3146 if (!start) start = 0
3147 if (!end) end = this.length
3149 assert(end >= start, 'end < start')
3151 // Fill 0 bytes; we're done
3152 if (end === start) return
3153 if (this.length === 0) return
3155 assert(start >= 0 && start < this.length, 'start out of bounds')
3156 assert(end >= 0 && end <= this.length, 'end out of bounds')
3158 var i
3159 if (typeof value === 'number') {
3160 for (i = start; i < end; i++) {
3161 this[i] = value
3162 }
3163 } else {
3164 var bytes = utf8ToBytes(value.toString())
3165 var len = bytes.length
3166 for (i = start; i < end; i++) {
3167 this[i] = bytes[i % len]
3168 }
3169 }
3171 return this
3174Buffer.prototype.inspect = function () {
3175 var out = []
3176 var len = this.length
3177 for (var i = 0; i < len; i++) {
3178 out[i] = toHex(this[i])
3179 if (i === exports.INSPECT_MAX_BYTES) {
3180 out[i + 1] = '...'
3181 break
3182 }
3183 }
3184 return '<Buffer ' + out.join(' ') + '>'
3188 * Creates a new `ArrayBuffer` with the *copied* memory of the buffer instance.
3189 * Added in Node 0.12. Only available in browsers that support ArrayBuffer.
3190 */
3191Buffer.prototype.toArrayBuffer = function () {
3192 if (typeof Uint8Array !== 'undefined') {
3193 if (Buffer._useTypedArrays) {
3194 return (new Buffer(this)).buffer
3195 } else {
3196 var buf = new Uint8Array(this.length)
3197 for (var i = 0, len = buf.length; i < len; i += 1) {
3198 buf[i] = this[i]
3199 }
3200 return buf.buffer
3201 }
3202 } else {
3203 throw new Error('Buffer.toArrayBuffer not supported in this browser')
3204 }
3208// ================
3210var BP = Buffer.prototype
3213 * Augment a Uint8Array *instance* (not the Uint8Array class!) with Buffer methods
3214 */
3215Buffer._augment = function (arr) {
3216 arr._isBuffer = true
3218 // save reference to original Uint8Array get/set methods before overwriting
3219 arr._get = arr.get
3220 arr._set = arr.set
3222 // deprecated, will be removed in node 0.13+
3223 arr.get = BP.get
3224 arr.set = BP.set
3226 arr.write = BP.write
3227 arr.toString = BP.toString
3228 arr.toLocaleString = BP.toString
3229 arr.toJSON = BP.toJSON
3230 arr.equals = BP.equals
3231 arr.compare = BP.compare
3232 arr.copy = BP.copy
3233 arr.slice = BP.slice
3234 arr.readUInt8 = BP.readUInt8
3235 arr.readUInt16LE = BP.readUInt16LE
3236 arr.readUInt16BE = BP.readUInt16BE
3237 arr.readUInt32LE = BP.readUInt32LE
3238 arr.readUInt32BE = BP.readUInt32BE
3239 arr.readInt8 = BP.readInt8
3240 arr.readInt16LE = BP.readInt16LE
3241 arr.readInt16BE = BP.readInt16BE
3242 arr.readInt32LE = BP.readInt32LE
3243 arr.readInt32BE = BP.readInt32BE
3244 arr.readFloatLE = BP.readFloatLE
3245 arr.readFloatBE = BP.readFloatBE
3246 arr.readDoubleLE = BP.readDoubleLE
3247 arr.readDoubleBE = BP.readDoubleBE
3248 arr.writeUInt8 = BP.writeUInt8
3249 arr.writeUInt16LE = BP.writeUInt16LE
3250 arr.writeUInt16BE = BP.writeUInt16BE
3251 arr.writeUInt32LE = BP.writeUInt32LE
3252 arr.writeUInt32BE = BP.writeUInt32BE
3253 arr.writeInt8 = BP.writeInt8
3254 arr.writeInt16LE = BP.writeInt16LE
3255 arr.writeInt16BE = BP.writeInt16BE
3256 arr.writeInt32LE = BP.writeInt32LE
3257 arr.writeInt32BE = BP.writeInt32BE
3258 arr.writeFloatLE = BP.writeFloatLE
3259 arr.writeFloatBE = BP.writeFloatBE
3260 arr.writeDoubleLE = BP.writeDoubleLE
3261 arr.writeDoubleBE = BP.writeDoubleBE
3262 arr.fill = BP.fill
3263 arr.inspect = BP.inspect
3264 arr.toArrayBuffer = BP.toArrayBuffer
3266 return arr
3269var INVALID_BASE64_RE = /[^+\/0-9A-z]/g
3271function base64clean (str) {
3272 // Node strips out invalid characters like \n and \t from the string, base64-js does not
3273 str = stringtrim(str).replace(INVALID_BASE64_RE, '')
3274 // Node allows for non-padded base64 strings (missing trailing ===), base64-js does not
3275 while (str.length % 4 !== 0) {
3276 str = str + '='
3277 }
3278 return str
3281function stringtrim (str) {
3282 if (str.trim) return str.trim()
3283 return str.replace(/^\s+|\s+$/g, '')
3286// slice(start, end)
3287function clamp (index, len, defaultValue) {
3288 if (typeof index !== 'number') return defaultValue
3289 index = ~~index; // Coerce to integer.
3290 if (index >= len) return len
3291 if (index >= 0) return index
3292 index += len
3293 if (index >= 0) return index
3294 return 0
3297function coerce (length) {
3298 // Coerce length to a number (possibly NaN), round up
3299 // in case it's fractional (e.g. 123.456) then do a
3300 // double negate to coerce a NaN to 0. Easy, right?
3301 length = ~~Math.ceil(+length)
3302 return length < 0 ? 0 : length
3305function isArray (subject) {
3306 return (Array.isArray || function (subject) {
3307 return Object.prototype.toString.call(subject) === '[object Array]'
3308 })(subject)
3311function isArrayish (subject) {
3312 return isArray(subject) || Buffer.isBuffer(subject) ||
3313 subject && typeof subject === 'object' &&
3314 typeof subject.length === 'number'
3317function toHex (n) {
3318 if (n < 16) return '0' + n.toString(16)
3319 return n.toString(16)
3322function utf8ToBytes (str) {
3323 var byteArray = []
3324 for (var i = 0; i < str.length; i++) {
3325 var b = str.charCodeAt(i)
3326 if (b <= 0x7F) {
3327 byteArray.push(b)
3328 } else {
3329 var start = i
3330 if (b >= 0xD800 && b <= 0xDFFF) i++
3331 var h = encodeURIComponent(str.slice(start, i+1)).substr(1).split('%')
3332 for (var j = 0; j < h.length; j++) {
3333 byteArray.push(parseInt(h[j], 16))
3334 }
3335 }
3336 }
3337 return byteArray
3340function asciiToBytes (str) {
3341 var byteArray = []
3342 for (var i = 0; i < str.length; i++) {
3343 // Node's code seems to be doing this and not & 0x7F..
3344 byteArray.push(str.charCodeAt(i) & 0xFF)
3345 }
3346 return byteArray
3349function utf16leToBytes (str) {
3350 var c, hi, lo
3351 var byteArray = []
3352 for (var i = 0; i < str.length; i++) {
3353 c = str.charCodeAt(i)
3354 hi = c >> 8
3355 lo = c % 256
3356 byteArray.push(lo)
3357 byteArray.push(hi)
3358 }
3360 return byteArray
3363function base64ToBytes (str) {
3364 return base64.toByteArray(str)
3367function blitBuffer (src, dst, offset, length) {
3368 for (var i = 0; i < length; i++) {
3369 if ((i + offset >= dst.length) || (i >= src.length))
3370 break
3371 dst[i + offset] = src[i]
3372 }
3373 return i
3376function decodeUtf8Char (str) {
3377 try {
3378 return decodeURIComponent(str)
3379 } catch (err) {
3380 return String.fromCharCode(0xFFFD) // UTF 8 invalid char
3381 }
3385 * We have to make sure that the value is a valid integer. This means that it
3386 * is non-negative. It has no fractional component and that it does not
3387 * exceed the maximum allowed value.
3388 */
3389function verifuint (value, max) {
3390 assert(typeof value === 'number', 'cannot write a non-number as a number')
3391 assert(value >= 0, 'specified a negative value for writing an unsigned value')
3392 assert(value <= max, 'value is larger than maximum value for type')
3393 assert(Math.floor(value) === value, 'value has a fractional component')
3396function verifsint (value, max, min) {
3397 assert(typeof value === 'number', 'cannot write a non-number as a number')
3398 assert(value <= max, 'value larger than maximum allowed value')
3399 assert(value >= min, 'value smaller than minimum allowed value')
3400 assert(Math.floor(value) === value, 'value has a fractional component')
3403function verifIEEE754 (value, max, min) {
3404 assert(typeof value === 'number', 'cannot write a non-number as a number')
3405 assert(value <= max, 'value larger than maximum allowed value')
3406 assert(value >= min, 'value smaller than minimum allowed value')
3409function assert (test, message) {
3410 if (!test) throw new Error(message || 'Failed assertion')
3414var lookup = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
3416;(function (exports) {
3417 'use strict';
3419 var Arr = (typeof Uint8Array !== 'undefined')
3420 ? Uint8Array
3421 : Array
3423 var PLUS = '+'.charCodeAt(0)
3424 var SLASH = '/'.charCodeAt(0)
3425 var NUMBER = '0'.charCodeAt(0)
3426 var LOWER = 'a'.charCodeAt(0)
3427 var UPPER = 'A'.charCodeAt(0)
3429 function decode (elt) {
3430 var code = elt.charCodeAt(0)
3431 if (code === PLUS)
3432 return 62 // '+'
3433 if (code === SLASH)
3434 return 63 // '/'
3435 if (code < NUMBER)
3436 return -1 //no match
3437 if (code < NUMBER + 10)
3438 return code - NUMBER + 26 + 26
3439 if (code < UPPER + 26)
3440 return code - UPPER
3441 if (code < LOWER + 26)
3442 return code - LOWER + 26
3443 }
3445 function b64ToByteArray (b64) {
3446 var i, j, l, tmp, placeHolders, arr
3448 if (b64.length % 4 > 0) {
3449 throw new Error('Invalid string. Length must be a multiple of 4')
3450 }
3452 // the number of equal signs (place holders)
3453 // if there are two placeholders, than the two characters before it
3454 // represent one byte
3455 // if there is only one, then the three characters before it represent 2 bytes
3456 // this is just a cheap hack to not do indexOf twice
3457 var len = b64.length
3458 placeHolders = '=' === b64.charAt(len - 2) ? 2 : '=' === b64.charAt(len - 1) ? 1 : 0
3460 // base64 is 4/3 + up to two characters of the original data
3461 arr = new Arr(b64.length * 3 / 4 - placeHolders)
3463 // if there are placeholders, only get up to the last complete 4 chars
3464 l = placeHolders > 0 ? b64.length - 4 : b64.length
3466 var L = 0
3468 function push (v) {
3469 arr[L++] = v
3470 }
3472 for (i = 0, j = 0; i < l; i += 4, j += 3) {
3473 tmp = (decode(b64.charAt(i)) << 18) | (decode(b64.charAt(i + 1)) << 12) | (decode(b64.charAt(i + 2)) << 6) | decode(b64.charAt(i + 3))
3474 push((tmp & 0xFF0000) >> 16)
3475 push((tmp & 0xFF00) >> 8)
3476 push(tmp & 0xFF)
3477 }
3479 if (placeHolders === 2) {
3480 tmp = (decode(b64.charAt(i)) << 2) | (decode(b64.charAt(i + 1)) >> 4)
3481 push(tmp & 0xFF)
3482 } else if (placeHolders === 1) {
3483 tmp = (decode(b64.charAt(i)) << 10) | (decode(b64.charAt(i + 1)) << 4) | (decode(b64.charAt(i + 2)) >> 2)
3484 push((tmp >> 8) & 0xFF)
3485 push(tmp & 0xFF)
3486 }
3488 return arr
3489 }
3491 function uint8ToBase64 (uint8) {
3492 var i,
3493 extraBytes = uint8.length % 3, // if we have 1 byte left, pad 2 bytes
3494 output = "",
3495 temp, length
3497 function encode (num) {
3498 return lookup.charAt(num)
3499 }
3501 function tripletToBase64 (num) {
3502 return encode(num >> 18 & 0x3F) + encode(num >> 12 & 0x3F) + encode(num >> 6 & 0x3F) + encode(num & 0x3F)
3503 }
3505 // go through the array every three bytes, we'll deal with trailing stuff later
3506 for (i = 0, length = uint8.length - extraBytes; i < length; i += 3) {
3507 temp = (uint8[i] << 16) + (uint8[i + 1] << 8) + (uint8[i + 2])
3508 output += tripletToBase64(temp)
3509 }
3511 // pad the end with zeros, but make sure to not forget the extra bytes
3512 switch (extraBytes) {
3513 case 1:
3514 temp = uint8[uint8.length - 1]
3515 output += encode(temp >> 2)
3516 output += encode((temp << 4) & 0x3F)
3517 output += '=='
3518 break
3519 case 2:
3520 temp = (uint8[uint8.length - 2] << 8) + (uint8[uint8.length - 1])
3521 output += encode(temp >> 10)
3522 output += encode((temp >> 4) & 0x3F)
3523 output += encode((temp << 2) & 0x3F)
3524 output += '='
3525 break
3526 }
3528 return output
3529 }
3531 exports.toByteArray = b64ToByteArray
3532 exports.fromByteArray = uint8ToBase64
3533}(typeof exports === 'undefined' ? (this.base64js = {}) : exports))
3536exports.read = function(buffer, offset, isLE, mLen, nBytes) {
3537 var e, m,
3538 eLen = nBytes * 8 - mLen - 1,
3539 eMax = (1 << eLen) - 1,
3540 eBias = eMax >> 1,
3541 nBits = -7,
3542 i = isLE ? (nBytes - 1) : 0,
3543 d = isLE ? -1 : 1,
3544 s = buffer[offset + i];
3546 i += d;
3548 e = s & ((1 << (-nBits)) - 1);
3549 s >>= (-nBits);
3550 nBits += eLen;
3551 for (; nBits > 0; e = e * 256 + buffer[offset + i], i += d, nBits -= 8){};
3553 m = e & ((1 << (-nBits)) - 1);
3554 e >>= (-nBits);
3555 nBits += mLen;
3556 for (; nBits > 0; m = m * 256 + buffer[offset + i], i += d, nBits -= 8){};
3558 if (e === 0) {
3559 e = 1 - eBias;
3560 } else if (e === eMax) {
3561 return m ? NaN : ((s ? -1 : 1) * Infinity);
3562 } else {
3563 m = m + Math.pow(2, mLen);
3564 e = e - eBias;
3565 }
3566 return (s ? -1 : 1) * m * Math.pow(2, e - mLen);
3569exports.write = function(buffer, value, offset, isLE, mLen, nBytes) {
3570 var e, m, c,
3571 eLen = nBytes * 8 - mLen - 1,
3572 eMax = (1 << eLen) - 1,
3573 eBias = eMax >> 1,
3574 rt = (mLen === 23 ? Math.pow(2, -24) - Math.pow(2, -77) : 0),
3575 i = isLE ? 0 : (nBytes - 1),
3576 d = isLE ? 1 : -1,
3577 s = value < 0 || (value === 0 && 1 / value < 0) ? 1 : 0;
3579 value = Math.abs(value);
3581 if (isNaN(value) || value === Infinity) {
3582 m = isNaN(value) ? 1 : 0;
3583 e = eMax;
3584 } else {
3585 e = Math.floor(Math.log(value) / Math.LN2);
3586 if (value * (c = Math.pow(2, -e)) < 1) {
3587 e--;
3588 c *= 2;
3589 }
3590 if (e + eBias >= 1) {
3591 value += rt / c;
3592 } else {
3593 value += rt * Math.pow(2, 1 - eBias);
3594 }
3595 if (value * c >= 2) {
3596 e++;
3597 c /= 2;
3598 }
3600 if (e + eBias >= eMax) {
3601 m = 0;
3602 e = eMax;
3603 } else if (e + eBias >= 1) {
3604 m = (value * c - 1) * Math.pow(2, mLen);
3605 e = e + eBias;
3606 } else {
3607 m = value * Math.pow(2, eBias - 1) * Math.pow(2, mLen);
3608 e = 0;
3609 }
3610 }
3612 for (; mLen >= 8; buffer[offset + i] = m & 0xff, i += d, m /= 256, mLen -= 8){};
3614 e = (e << mLen) | m;
3615 eLen += mLen;
3616 for (; eLen > 0; buffer[offset + i] = e & 0xff, i += d, e /= 256, eLen -= 8){};
3618 buffer[offset + i - d] |= s * 128;
3622if (typeof Object.create === 'function') {
3623 // implementation from standard node.js 'util' module
3624 module.exports = function inherits(ctor, superCtor) {
3625 ctor.super_ = superCtor
3626 ctor.prototype = Object.create(superCtor.prototype, {
3627 constructor: {
3628 value: ctor,
3629 enumerable: false,
3630 writable: true,
3631 configurable: true
3632 }
3633 });
3634 };
3635} else {
3636 // old school shim for old browsers
3637 module.exports = function inherits(ctor, superCtor) {
3638 ctor.super_ = superCtor
3639 var TempCtor = function () {}
3640 TempCtor.prototype = superCtor.prototype
3641 ctor.prototype = new TempCtor()
3642 ctor.prototype.constructor = ctor
3643 }
3647// shim for using process in browser
3649var process = module.exports = {};
3651process.nextTick = (function () {
3652 var canSetImmediate = typeof window !== 'undefined'
3653 && window.setImmediate;
3654 var canPost = typeof window !== 'undefined'
3655 && window.postMessage && window.addEventListener
3656 ;
3658 if (canSetImmediate) {
3659 return function (f) { return window.setImmediate(f) };
3660 }
3662 if (canPost) {
3663 var queue = [];
3664 window.addEventListener('message', function (ev) {
3665 var source = ev.source;
3666 if ((source === window || source === null) && ev.data === 'process-tick') {
3667 ev.stopPropagation();
3668 if (queue.length > 0) {
3669 var fn = queue.shift();
3670 fn();
3671 }
3672 }
3673 }, true);
3675 return function nextTick(fn) {
3676 queue.push(fn);
3677 window.postMessage('process-tick', '*');
3678 };
3679 }
3681 return function nextTick(fn) {
3682 setTimeout(fn, 0);
3683 };
3686process.title = 'browser';
3687process.browser = true;
3688process.env = {};
3689process.argv = [];
3691function noop() {}
3693process.on = noop;
3694process.addListener = noop;
3695process.once = noop;
3696process.off = noop;
3697process.removeListener = noop;
3698process.removeAllListeners = noop;
3699process.emit = noop;
3701process.binding = function (name) {
3702 throw new Error('process.binding is not supported');
3705// TODO(shtylman)
3706process.cwd = function () { return '/' };
3707process.chdir = function (dir) {
3708 throw new Error('process.chdir is not supported');
3716(function (Buffer){
3717// Base58 encoding/decoding
3718// Originally written by Mike Hearn for BitcoinJ
3719// Copyright (c) 2011 Google Inc
3720// Ported to JavaScript by Stefan Thomas
3721// Merged Buffer refactorings from base58-native by Stephen Pair
3722// Copyright (c) 2013 BitPay Inc
3724var assert = _dereq_('assert')
3725var BigInteger = _dereq_('bigi')
3727var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
3728var ALPHABET_BUF = new Buffer(ALPHABET, 'ascii')
3729var ALPHABET_MAP = {}
3730for(var i = 0; i < ALPHABET.length; i++) {
3731 ALPHABET_MAP[ALPHABET.charAt(i)] = BigInteger.valueOf(i)
3733var BASE = new BigInteger('58')
3735function encode(buffer) {
3736 var bi = BigInteger.fromBuffer(buffer)
3737 var result = new Buffer(buffer.length << 1)
3739 var i = result.length - 1
3740 while (bi.signum() > 0) {
3741 var remainder = bi.mod(BASE)
3742 bi = bi.divide(BASE)
3744 result[i] = ALPHABET_BUF[remainder.intValue()]
3745 i--
3746 }
3748 // deal with leading zeros
3749 var j = 0
3750 while (buffer[j] === 0) {
3751 result[i] = ALPHABET_BUF[0]
3752 j++
3753 i--
3754 }
3756 return result.slice(i + 1, result.length).toString('ascii')
3759function decode(string) {
3760 if (string.length === 0) return new Buffer(0)
3762 var num = BigInteger.ZERO
3764 for (var i = 0; i < string.length; i++) {
3765 num = num.multiply(BASE)
3767 var figure = ALPHABET_MAP[string.charAt(i)]
3768 assert.notEqual(figure, undefined, 'Non-base58 character')
3770 num = num.add(figure)
3771 }
3773 // deal with leading zeros
3774 var j = 0
3775 while ((j < string.length) && (string[j] === ALPHABET[0])) {
3776 j++
3777 }
3779 var buffer = num.toBuffer()
3780 var leadingZeros = new Buffer(j)
3781 leadingZeros.fill(0)
3783 return Buffer.concat([leadingZeros, buffer])
3786module.exports = {
3787 encode: encode,
3788 decode: decode
3793(function (Buffer){
3794var createHash = _dereq_('sha.js')
3796var md5 = toConstructor(_dereq_('./md5'))
3797var rmd160 = toConstructor(_dereq_('ripemd160'))
3799function toConstructor (fn) {
3800 return function () {
3801 var buffers = []
3802 var m= {
3803 update: function (data, enc) {
3804 if(!Buffer.isBuffer(data)) data = new Buffer(data, enc)
3805 buffers.push(data)
3806 return this
3807 },
3808 digest: function (enc) {
3809 var buf = Buffer.concat(buffers)
3810 var r = fn(buf)
3811 buffers = null
3812 return enc ? r.toString(enc) : r
3813 }
3814 }
3815 return m
3816 }
3819module.exports = function (alg) {
3820 if('md5' === alg) return new md5()
3821 if('rmd160' === alg) return new rmd160()
3822 return createHash(alg)
3827(function (Buffer){
3828var createHash = _dereq_('./create-hash')
3830var blocksize = 64
3831var zeroBuffer = new Buffer(blocksize); zeroBuffer.fill(0)
3833module.exports = Hmac
3835function Hmac (alg, key) {
3836 if(!(this instanceof Hmac)) return new Hmac(alg, key)
3837 this._opad = opad
3838 this._alg = alg
3840 key = this._key = !Buffer.isBuffer(key) ? new Buffer(key) : key
3842 if(key.length > blocksize) {
3843 key = createHash(alg).update(key).digest()
3844 } else if(key.length < blocksize) {
3845 key = Buffer.concat([key, zeroBuffer], blocksize)
3846 }
3848 var ipad = this._ipad = new Buffer(blocksize)
3849 var opad = this._opad = new Buffer(blocksize)
3851 for(var i = 0; i < blocksize; i++) {
3852 ipad[i] = key[i] ^ 0x36
3853 opad[i] = key[i] ^ 0x5C
3854 }
3856 this._hash = createHash(alg).update(ipad)
3859Hmac.prototype.update = function (data, enc) {
3860 this._hash.update(data, enc)
3861 return this
3864Hmac.prototype.digest = function (enc) {
3865 var h = this._hash.digest()
3866 return createHash(this._alg).update(this._opad).update(h).digest(enc)
3872(function (Buffer){
3873var intSize = 4;
3874var zeroBuffer = new Buffer(intSize); zeroBuffer.fill(0);
3875var chrsz = 8;
3877function toArray(buf, bigEndian) {
3878 if ((buf.length % intSize) !== 0) {
3879 var len = buf.length + (intSize - (buf.length % intSize));
3880 buf = Buffer.concat([buf, zeroBuffer], len);
3881 }
3883 var arr = [];
3884 var fn = bigEndian ? buf.readInt32BE : buf.readInt32LE;
3885 for (var i = 0; i < buf.length; i += intSize) {
3886 arr.push(fn.call(buf, i));
3887 }
3888 return arr;
3891function toBuffer(arr, size, bigEndian) {
3892 var buf = new Buffer(size);
3893 var fn = bigEndian ? buf.writeInt32BE : buf.writeInt32LE;
3894 for (var i = 0; i < arr.length; i++) {
3895 fn.call(buf, arr[i], i * 4, true);
3896 }
3897 return buf;
3900function hash(buf, fn, hashSize, bigEndian) {
3901 if (!Buffer.isBuffer(buf)) buf = new Buffer(buf);
3902 var arr = fn(toArray(buf, bigEndian), buf.length * chrsz);
3903 return toBuffer(arr, hashSize, bigEndian);
3906module.exports = { hash: hash };
3910(function (Buffer){
3911var rng = _dereq_('./rng')
3913function error () {
3914 var m = [].slice.call(arguments).join(' ')
3915 throw new Error([
3916 m,
3917 'we accept pull requests',
3918 'http://github.com/dominictarr/crypto-browserify'
3919 ].join('\n'))
3922exports.createHash = _dereq_('./create-hash')
3924exports.createHmac = _dereq_('./create-hmac')
3926exports.randomBytes = function(size, callback) {
3927 if (callback && callback.call) {
3928 try {
3929 callback.call(this, undefined, new Buffer(rng(size)))
3930 } catch (err) { callback(err) }
3931 } else {
3932 return new Buffer(rng(size))
3933 }
3936function each(a, f) {
3937 for(var i in a)
3938 f(a[i], i)
3941exports.getHashes = function () {
3942 return ['sha1', 'sha256', 'md5', 'rmd160']
3946var p = _dereq_('./pbkdf2')(exports.createHmac)
3947exports.pbkdf2 = p.pbkdf2
3948exports.pbkdf2Sync = p.pbkdf2Sync
3951// the least I can do is make error messages for the rest of the node.js/crypto api.
3953, 'createCipher'
3954, 'createCipheriv'
3955, 'createDecipher'
3956, 'createDecipheriv'
3957, 'createSign'
3958, 'createVerify'
3959, 'createDiffieHellman'
3960], function (name) {
3961 exports[name] = function () {
3962 error('sorry,', name, 'is not implemented yet')
3963 }
3969 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
3970 * Digest Algorithm, as defined in RFC 1321.
3971 * Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
3972 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
3973 * Distributed under the BSD License
3974 * See http://pajhome.org.uk/crypt/md5 for more info.
3975 */
3977var helpers = _dereq_('./helpers');
3980 * Calculate the MD5 of an array of little-endian words, and a bit length
3981 */
3982function core_md5(x, len)
3984 /* append padding */
3985 x[len >> 5] |= 0x80 << ((len) % 32);
3986 x[(((len + 64) >>> 9) << 4) + 14] = len;
3988 var a = 1732584193;
3989 var b = -271733879;
3990 var c = -1732584194;
3991 var d = 271733878;
3993 for(var i = 0; i < x.length; i += 16)
3994 {
3995 var olda = a;
3996 var oldb = b;
3997 var oldc = c;
3998 var oldd = d;
4000 a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
4001 d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
4002 c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
4003 b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
4004 a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
4005 d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
4006 c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
4007 b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
4008 a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
4009 d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
4010 c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
4011 b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
4012 a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
4013 d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
4014 c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
4015 b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
4017 a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
4018 d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
4019 c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
4020 b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
4021 a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
4022 d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
4023 c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
4024 b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
4025 a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
4026 d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
4027 c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
4028 b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
4029 a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
4030 d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
4031 c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
4032 b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
4034 a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
4035 d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
4036 c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
4037 b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
4038 a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
4039 d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
4040 c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
4041 b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
4042 a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
4043 d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
4044 c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
4045 b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
4046 a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
4047 d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
4048 c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
4049 b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
4051 a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
4052 d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
4053 c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
4054 b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
4055 a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
4056 d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
4057 c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
4058 b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
4059 a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
4060 d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
4061 c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
4062 b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
4063 a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
4064 d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
4065 c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
4066 b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
4068 a = safe_add(a, olda);
4069 b = safe_add(b, oldb);
4070 c = safe_add(c, oldc);
4071 d = safe_add(d, oldd);
4072 }
4073 return Array(a, b, c, d);
4078 * These functions implement the four basic operations the algorithm uses.
4079 */
4080function md5_cmn(q, a, b, x, s, t)
4082 return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
4084function md5_ff(a, b, c, d, x, s, t)
4086 return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
4088function md5_gg(a, b, c, d, x, s, t)
4090 return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
4092function md5_hh(a, b, c, d, x, s, t)
4094 return md5_cmn(b ^ c ^ d, a, b, x, s, t);
4096function md5_ii(a, b, c, d, x, s, t)
4098 return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
4102 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
4103 * to work around bugs in some JS interpreters.
4104 */
4105function safe_add(x, y)
4107 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4108 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4109 return (msw << 16) | (lsw & 0xFFFF);
4113 * Bitwise rotate a 32-bit number to the left.
4114 */
4115function bit_rol(num, cnt)
4117 return (num << cnt) | (num >>> (32 - cnt));
4120module.exports = function md5(buf) {
4121 return helpers.hash(buf, core_md5, 16);
4125(function (Buffer){
4127module.exports = ripemd160
4132CryptoJS v3.1.2
4134(c) 2009-2013 by Jeff Mott. All rights reserved.
4137/** @preserve
4138(c) 2012 by Cédric Mesnil. All rights reserved.
4140Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
4142 - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
4143 - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
4148// Constants table
4149var zl = [
4150 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
4151 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
4152 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
4153 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4154 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13];
4155var zr = [
4156 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
4157 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
4158 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
4159 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
4160 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11];
4161var sl = [
4162 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
4163 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
4164 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
4165 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
4166 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ];
4167var sr = [
4168 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
4169 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
4170 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
4171 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
4172 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ];
4174var hl = [ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E];
4175var hr = [ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000];
4177var bytesToWords = function (bytes) {
4178 var words = [];
4179 for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
4180 words[b >>> 5] |= bytes[i] << (24 - b % 32);
4181 }
4182 return words;
4185var wordsToBytes = function (words) {
4186 var bytes = [];
4187 for (var b = 0; b < words.length * 32; b += 8) {
4188 bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
4189 }
4190 return bytes;
4193var processBlock = function (H, M, offset) {
4195 // Swap endian
4196 for (var i = 0; i < 16; i++) {
4197 var offset_i = offset + i;
4198 var M_offset_i = M[offset_i];
4200 // Swap
4201 M[offset_i] = (
4202 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
4203 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
4204 );
4205 }
4207 // Working variables
4208 var al, bl, cl, dl, el;
4209 var ar, br, cr, dr, er;
4211 ar = al = H[0];
4212 br = bl = H[1];
4213 cr = cl = H[2];
4214 dr = dl = H[3];
4215 er = el = H[4];
4216 // Computation
4217 var t;
4218 for (var i = 0; i < 80; i += 1) {
4219 t = (al + M[offset+zl[i]])|0;
4220 if (i<16){
4221 t += f1(bl,cl,dl) + hl[0];
4222 } else if (i<32) {
4223 t += f2(bl,cl,dl) + hl[1];
4224 } else if (i<48) {
4225 t += f3(bl,cl,dl) + hl[2];
4226 } else if (i<64) {
4227 t += f4(bl,cl,dl) + hl[3];
4228 } else {// if (i<80) {
4229 t += f5(bl,cl,dl) + hl[4];
4230 }
4231 t = t|0;
4232 t = rotl(t,sl[i]);
4233 t = (t+el)|0;
4234 al = el;
4235 el = dl;
4236 dl = rotl(cl, 10);
4237 cl = bl;
4238 bl = t;
4240 t = (ar + M[offset+zr[i]])|0;
4241 if (i<16){
4242 t += f5(br,cr,dr) + hr[0];
4243 } else if (i<32) {
4244 t += f4(br,cr,dr) + hr[1];
4245 } else if (i<48) {
4246 t += f3(br,cr,dr) + hr[2];
4247 } else if (i<64) {
4248 t += f2(br,cr,dr) + hr[3];
4249 } else {// if (i<80) {
4250 t += f1(br,cr,dr) + hr[4];
4251 }
4252 t = t|0;
4253 t = rotl(t,sr[i]) ;
4254 t = (t+er)|0;
4255 ar = er;
4256 er = dr;
4257 dr = rotl(cr, 10);
4258 cr = br;
4259 br = t;
4260 }
4261 // Intermediate hash value
4262 t = (H[1] + cl + dr)|0;
4263 H[1] = (H[2] + dl + er)|0;
4264 H[2] = (H[3] + el + ar)|0;
4265 H[3] = (H[4] + al + br)|0;
4266 H[4] = (H[0] + bl + cr)|0;
4267 H[0] = t;
4270function f1(x, y, z) {
4271 return ((x) ^ (y) ^ (z));
4274function f2(x, y, z) {
4275 return (((x)&(y)) | ((~x)&(z)));
4278function f3(x, y, z) {
4279 return (((x) | (~(y))) ^ (z));
4282function f4(x, y, z) {
4283 return (((x) & (z)) | ((y)&(~(z))));
4286function f5(x, y, z) {
4287 return ((x) ^ ((y) |(~(z))));
4290function rotl(x,n) {
4291 return (x<<n) | (x>>>(32-n));
4294function ripemd160(message) {
4295 var H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0];
4297 if (typeof message == 'string')
4298 message = new Buffer(message, 'utf8');
4300 var m = bytesToWords(message);
4302 var nBitsLeft = message.length * 8;
4303 var nBitsTotal = message.length * 8;
4305 // Add padding
4306 m[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
4307 m[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
4308 (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
4309 (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
4310 );
4312 for (var i=0 ; i<m.length; i += 16) {
4313 processBlock(H, m, i);
4314 }
4316 // Swap endian
4317 for (var i = 0; i < 5; i++) {
4318 // Shortcut
4319 var H_i = H[i];
4321 // Swap
4322 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
4323 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
4324 }
4326 var digestbytes = wordsToBytes(H);
4327 return new Buffer(digestbytes);
4334var u = _dereq_('./util')
4335var write = u.write
4336var fill = u.zeroFill
4338module.exports = function (Buffer) {
4340 //prototype class for hash functions
4341 function Hash (blockSize, finalSize) {
4342 this._block = new Buffer(blockSize) //new Uint32Array(blockSize/4)
4343 this._finalSize = finalSize
4344 this._blockSize = blockSize
4345 this._len = 0
4346 this._s = 0
4347 }
4349 Hash.prototype.init = function () {
4350 this._s = 0
4351 this._len = 0
4352 }
4354 function lengthOf(data, enc) {
4355 if(enc == null) return data.byteLength || data.length
4356 if(enc == 'ascii' || enc == 'binary') return data.length
4357 if(enc == 'hex') return data.length/2
4358 if(enc == 'base64') return data.length/3
4359 }
4361 Hash.prototype.update = function (data, enc) {
4362 var bl = this._blockSize
4364 //I'd rather do this with a streaming encoder, like the opposite of
4365 //http://nodejs.org/api/string_decoder.html
4366 var length
4367 if(!enc && 'string' === typeof data)
4368 enc = 'utf8'
4370 if(enc) {
4371 if(enc === 'utf-8')
4372 enc = 'utf8'
4374 if(enc === 'base64' || enc === 'utf8')
4375 data = new Buffer(data, enc), enc = null
4377 length = lengthOf(data, enc)
4378 } else
4379 length = data.byteLength || data.length
4381 var l = this._len += length
4382 var s = this._s = (this._s || 0)
4383 var f = 0
4384 var buffer = this._block
4385 while(s < l) {
4386 var t = Math.min(length, f + bl)
4387 write(buffer, data, enc, s%bl, f, t)
4388 var ch = (t - f);
4389 s += ch; f += ch
4391 if(!(s%bl))
4392 this._update(buffer)
4393 }
4394 this._s = s
4396 return this
4398 }
4400 Hash.prototype.digest = function (enc) {
4401 var bl = this._blockSize
4402 var fl = this._finalSize
4403 var len = this._len*8
4405 var x = this._block
4407 var bits = len % (bl*8)
4409 //add end marker, so that appending 0's creats a different hash.
4410 x[this._len % bl] = 0x80
4411 fill(this._block, this._len % bl + 1)
4413 if(bits >= fl*8) {
4414 this._update(this._block)
4415 u.zeroFill(this._block, 0)
4416 }
4418 //TODO: handle case where the bit length is > Math.pow(2, 29)
4419 x.writeInt32BE(len, fl + 4) //big endian
4421 var hash = this._update(this._block) || this._hash()
4422 if(enc == null) return hash
4423 return hash.toString(enc)
4424 }
4426 Hash.prototype._update = function () {
4427 throw new Error('_update must be implemented by subclass')
4428 }
4430 return Hash
4434var exports = module.exports = function (alg) {
4435 var Alg = exports[alg]
4436 if(!Alg) throw new Error(alg + ' is not supported (we accept pull requests)')
4437 return new Alg()
4440var Buffer = _dereq_('buffer').Buffer
4441var Hash = _dereq_('./hash')(Buffer)
4443exports.sha =
4444exports.sha1 = _dereq_('./sha1')(Buffer, Hash)
4445exports.sha256 = _dereq_('./sha256')(Buffer, Hash)
4449 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
4450 * in FIPS PUB 180-1
4451 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
4452 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4453 * Distributed under the BSD License
4454 * See http://pajhome.org.uk/crypt/md5 for details.
4455 */
4456module.exports = function (Buffer, Hash) {
4458 var inherits = _dereq_('util').inherits
4460 inherits(Sha1, Hash)
4462 var A = 0|0
4463 var B = 4|0
4464 var C = 8|0
4465 var D = 12|0
4466 var E = 16|0
4468 var BE = false
4469 var LE = true
4471 var W = new Int32Array(80)
4473 var POOL = []
4475 function Sha1 () {
4476 if(POOL.length)
4477 return POOL.pop().init()
4479 if(!(this instanceof Sha1)) return new Sha1()
4480 this._w = W
4481 Hash.call(this, 16*4, 14*4)
4483 this._h = null
4484 this.init()
4485 }
4487 Sha1.prototype.init = function () {
4488 this._a = 0x67452301
4489 this._b = 0xefcdab89
4490 this._c = 0x98badcfe
4491 this._d = 0x10325476
4492 this._e = 0xc3d2e1f0
4494 Hash.prototype.init.call(this)
4495 return this
4496 }
4498 Sha1.prototype._POOL = POOL
4500 // assume that array is a Uint32Array with length=16,
4501 // and that if it is the last block, it already has the length and the 1 bit appended.
4504 var isDV = new Buffer(1) instanceof DataView
4505 function readInt32BE (X, i) {
4506 return isDV
4507 ? X.getInt32(i, false)
4508 : X.readInt32BE(i)
4509 }
4511 Sha1.prototype._update = function (array) {
4513 var X = this._block
4514 var h = this._h
4515 var a, b, c, d, e, _a, _b, _c, _d, _e
4517 a = _a = this._a
4518 b = _b = this._b
4519 c = _c = this._c
4520 d = _d = this._d
4521 e = _e = this._e
4523 var w = this._w
4525 for(var j = 0; j < 80; j++) {
4526 var W = w[j]
4527 = j < 16
4528 //? X.getInt32(j*4, false)
4529 //? readInt32BE(X, j*4) //*/ X.readInt32BE(j*4) //*/
4530 ? X.readInt32BE(j*4)
4531 : rol(w[j - 3] ^ w[j - 8] ^ w[j - 14] ^ w[j - 16], 1)
4533 var t =
4534 add(
4535 add(rol(a, 5), sha1_ft(j, b, c, d)),
4536 add(add(e, W), sha1_kt(j))
4537 );
4539 e = d
4540 d = c
4541 c = rol(b, 30)
4542 b = a
4543 a = t
4544 }
4546 this._a = add(a, _a)
4547 this._b = add(b, _b)
4548 this._c = add(c, _c)
4549 this._d = add(d, _d)
4550 this._e = add(e, _e)
4551 }
4553 Sha1.prototype._hash = function () {
4554 if(POOL.length < 100) POOL.push(this)
4555 var H = new Buffer(20)
4556 //console.log(this._a|0, this._b|0, this._c|0, this._d|0, this._e|0)
4557 H.writeInt32BE(this._a|0, A)
4558 H.writeInt32BE(this._b|0, B)
4559 H.writeInt32BE(this._c|0, C)
4560 H.writeInt32BE(this._d|0, D)
4561 H.writeInt32BE(this._e|0, E)
4562 return H
4563 }
4565 /*
4566 * Perform the appropriate triplet combination function for the current
4567 * iteration
4568 */
4569 function sha1_ft(t, b, c, d) {
4570 if(t < 20) return (b & c) | ((~b) & d);
4571 if(t < 40) return b ^ c ^ d;
4572 if(t < 60) return (b & c) | (b & d) | (c & d);
4573 return b ^ c ^ d;
4574 }
4576 /*
4577 * Determine the appropriate additive constant for the current iteration
4578 */
4579 function sha1_kt(t) {
4580 return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
4581 (t < 60) ? -1894007588 : -899497514;
4582 }
4584 /*
4585 * Add integers, wrapping at 2^32. This uses 16-bit operations internally
4586 * to work around bugs in some JS interpreters.
4587 * //dominictarr: this is 10 years old, so maybe this can be dropped?)
4588 *
4589 */
4590 function add(x, y) {
4591 return (x + y ) | 0
4592 //lets see how this goes on testling.
4593 // var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4594 // var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4595 // return (msw << 16) | (lsw & 0xFFFF);
4596 }
4598 /*
4599 * Bitwise rotate a 32-bit number to the left.
4600 */
4601 function rol(num, cnt) {
4602 return (num << cnt) | (num >>> (32 - cnt));
4603 }
4605 return Sha1
4611 * A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
4612 * in FIPS 180-2
4613 * Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
4614 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
4615 *
4616 */
4618var inherits = _dereq_('util').inherits
4619var BE = false
4620var LE = true
4621var u = _dereq_('./util')
4623module.exports = function (Buffer, Hash) {
4625 var K = [
4626 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
4627 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
4628 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
4629 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
4630 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
4631 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
4632 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
4633 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
4634 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
4635 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
4636 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
4637 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
4638 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
4639 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
4640 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
4641 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
4642 ]
4644 inherits(Sha256, Hash)
4645 var W = new Array(64)
4646 var POOL = []
4647 function Sha256() {
4648 // Closure compiler warning - this code lacks side effects - thus commented out
4649 // if(POOL.length) {
4650 // return POOL.shift().init()
4651 // }
4652 //this._data = new Buffer(32)
4654 this.init()
4656 this._w = W //new Array(64)
4658 Hash.call(this, 16*4, 14*4)
4659 };
4661 Sha256.prototype.init = function () {
4663 this._a = 0x6a09e667|0
4664 this._b = 0xbb67ae85|0
4665 this._c = 0x3c6ef372|0
4666 this._d = 0xa54ff53a|0
4667 this._e = 0x510e527f|0
4668 this._f = 0x9b05688c|0
4669 this._g = 0x1f83d9ab|0
4670 this._h = 0x5be0cd19|0
4672 this._len = this._s = 0
4674 return this
4675 }
4677 var safe_add = function(x, y) {
4678 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
4679 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
4680 return (msw << 16) | (lsw & 0xFFFF);
4681 }
4683 function S (X, n) {
4684 return (X >>> n) | (X << (32 - n));
4685 }
4687 function R (X, n) {
4688 return (X >>> n);
4689 }
4691 function Ch (x, y, z) {
4692 return ((x & y) ^ ((~x) & z));
4693 }
4695 function Maj (x, y, z) {
4696 return ((x & y) ^ (x & z) ^ (y & z));
4697 }
4699 function Sigma0256 (x) {
4700 return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
4701 }
4703 function Sigma1256 (x) {
4704 return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
4705 }
4707 function Gamma0256 (x) {
4708 return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
4709 }
4711 function Gamma1256 (x) {
4712 return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
4713 }
4715 Sha256.prototype._update = function(m) {
4716 var M = this._block
4717 var W = this._w
4718 var a, b, c, d, e, f, g, h
4719 var T1, T2
4721 a = this._a | 0
4722 b = this._b | 0
4723 c = this._c | 0
4724 d = this._d | 0
4725 e = this._e | 0
4726 f = this._f | 0
4727 g = this._g | 0
4728 h = this._h | 0
4730 for (var j = 0; j < 64; j++) {
4731 var w = W[j] = j < 16
4732 ? M.readInt32BE(j * 4)
4733 : Gamma1256(W[j - 2]) + W[j - 7] + Gamma0256(W[j - 15]) + W[j - 16]
4735 T1 = h + Sigma1256(e) + Ch(e, f, g) + K[j] + w
4737 T2 = Sigma0256(a) + Maj(a, b, c);
4738 h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a = T1 + T2;
4739 }
4741 this._a = (a + this._a) | 0
4742 this._b = (b + this._b) | 0
4743 this._c = (c + this._c) | 0
4744 this._d = (d + this._d) | 0
4745 this._e = (e + this._e) | 0
4746 this._f = (f + this._f) | 0
4747 this._g = (g + this._g) | 0
4748 this._h = (h + this._h) | 0
4750 };
4752 Sha256.prototype._hash = function () {
4753 if(POOL.length < 10)
4754 POOL.push(this)
4756 var H = new Buffer(32)
4758 H.writeInt32BE(this._a, 0)
4759 H.writeInt32BE(this._b, 4)
4760 H.writeInt32BE(this._c, 8)
4761 H.writeInt32BE(this._d, 12)
4762 H.writeInt32BE(this._e, 16)
4763 H.writeInt32BE(this._f, 20)
4764 H.writeInt32BE(this._g, 24)
4765 H.writeInt32BE(this._h, 28)
4767 return H
4768 }
4770 return Sha256
4775exports.write = write
4776exports.zeroFill = zeroFill
4778exports.toString = toString
4780function write (buffer, string, enc, start, from, to, LE) {
4781 var l = (to - from)
4782 if(enc === 'ascii' || enc === 'binary') {
4783 for( var i = 0; i < l; i++) {
4784 buffer[start + i] = string.charCodeAt(i + from)
4785 }
4786 }
4787 else if(enc == null) {
4788 for( var i = 0; i < l; i++) {
4789 buffer[start + i] = string[i + from]
4790 }
4791 }
4792 else if(enc === 'hex') {
4793 for(var i = 0; i < l; i++) {
4794 var j = from + i
4795 buffer[start + i] = parseInt(string[j*2] + string[(j*2)+1], 16)
4796 }
4797 }
4798 else if(enc === 'base64') {
4799 throw new Error('base64 encoding not yet supported')
4800 }
4801 else
4802 throw new Error(enc +' encoding not yet supported')
4805//always fill to the end!
4806function zeroFill(buf, from) {
4807 for(var i = from; i < buf.length; i++)
4808 buf[i] = 0
4813(function (Buffer){
4814// JavaScript PBKDF2 Implementation
4815// Based on http://git.io/qsv2zw
4816// Licensed under LGPL v3
4817// Copyright (c) 2013 jduncanator
4819var blocksize = 64
4820var zeroBuffer = new Buffer(blocksize); zeroBuffer.fill(0)
4822module.exports = function (createHmac, exports) {
4823 exports = exports || {}
4825 exports.pbkdf2 = function(password, salt, iterations, keylen, cb) {
4826 if('function' !== typeof cb)
4827 throw new Error('No callback provided to pbkdf2');
4828 setTimeout(function () {
4829 cb(null, exports.pbkdf2Sync(password, salt, iterations, keylen))
4830 })
4831 }
4833 exports.pbkdf2Sync = function(key, salt, iterations, keylen) {
4834 if('number' !== typeof iterations)
4835 throw new TypeError('Iterations not a number')
4836 if(iterations < 0)
4837 throw new TypeError('Bad iterations')
4838 if('number' !== typeof keylen)
4839 throw new TypeError('Key length not a number')
4840 if(keylen < 0)
4841 throw new TypeError('Bad key length')
4843 //stretch key to the correct length that hmac wants it,
4844 //otherwise this will happen every time hmac is called
4845 //twice per iteration.
4846 var key = !Buffer.isBuffer(key) ? new Buffer(key) : key
4848 if(key.length > blocksize) {
4849 key = createHash(alg).update(key).digest()
4850 } else if(key.length < blocksize) {
4851 key = Buffer.concat([key, zeroBuffer], blocksize)
4852 }
4854 var HMAC;
4855 var cplen, p = 0, i = 1, itmp = new Buffer(4), digtmp;
4856 var out = new Buffer(keylen);
4857 out.fill(0);
4858 while(keylen) {
4859 if(keylen > 20)
4860 cplen = 20;
4861 else
4862 cplen = keylen;
4864 /* We are unlikely to ever use more than 256 blocks (5120 bits!)
4865 * but just in case...
4866 */
4867 itmp[0] = (i >> 24) & 0xff;
4868 itmp[1] = (i >> 16) & 0xff;
4869 itmp[2] = (i >> 8) & 0xff;
4870 itmp[3] = i & 0xff;
4872 HMAC = createHmac('sha1', key);
4873 HMAC.update(salt)
4874 HMAC.update(itmp);
4875 digtmp = HMAC.digest();
4876 digtmp.copy(out, p, 0, cplen);
4878 for(var j = 1; j < iterations; j++) {
4879 HMAC = createHmac('sha1', key);
4880 HMAC.update(digtmp);
4881 digtmp = HMAC.digest();
4882 for(var k = 0; k < cplen; k++) {
4883 out[k] ^= digtmp[k];
4884 }
4885 }
4886 keylen -= cplen;
4887 i++;
4888 p += cplen;
4889 }
4891 return out;
4892 }
4894 return exports
4899(function (Buffer){
4900// Original code adapted from Robert Kieffer.
4901// details at https://github.com/broofa/node-uuid
4904(function() {
4905 var _global = this;
4907 var mathRNG, whatwgRNG;
4909 // NOTE: Math.random() does not guarantee "cryptographic quality"
4910 mathRNG = function(size) {
4911 var bytes = new Buffer(size);
4912 var r;
4914 for (var i = 0, r; i < size; i++) {
4915 if ((i & 0x03) == 0) r = Math.random() * 0x100000000;
4916 bytes[i] = r >>> ((i & 0x03) << 3) & 0xff;
4917 }
4919 return bytes;
4920 }
4922 if (_global.crypto && crypto.getRandomValues) {
4923 whatwgRNG = function(size) {
4924 var bytes = new Buffer(size); //in browserify, this is an extended Uint8Array
4925 crypto.getRandomValues(bytes);
4926 return bytes;
4927 }
4928 }
4930 module.exports = whatwgRNG || mathRNG;
4936;(function (root, factory, undef) {
4937 if (typeof exports === "object") {
4938 // CommonJS
4939 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
4940 }
4941 else if (typeof define === "function" && define.amd) {
4942 // AMD
4943 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
4944 }
4945 else {
4946 // Global (browser)
4947 factory(root.CryptoJS);
4948 }
4949}(this, function (CryptoJS) {
4951 (function () {
4952 // Shortcuts
4953 var C = CryptoJS;
4954 var C_lib = C.lib;
4955 var BlockCipher = C_lib.BlockCipher;
4956 var C_algo = C.algo;
4958 // Lookup tables
4959 var SBOX = [];
4960 var INV_SBOX = [];
4961 var SUB_MIX_0 = [];
4962 var SUB_MIX_1 = [];
4963 var SUB_MIX_2 = [];
4964 var SUB_MIX_3 = [];
4965 var INV_SUB_MIX_0 = [];
4966 var INV_SUB_MIX_1 = [];
4967 var INV_SUB_MIX_2 = [];
4968 var INV_SUB_MIX_3 = [];
4970 // Compute lookup tables
4971 (function () {
4972 // Compute double table
4973 var d = [];
4974 for (var i = 0; i < 256; i++) {
4975 if (i < 128) {
4976 d[i] = i << 1;
4977 } else {
4978 d[i] = (i << 1) ^ 0x11b;
4979 }
4980 }
4982 // Walk GF(2^8)
4983 var x = 0;
4984 var xi = 0;
4985 for (var i = 0; i < 256; i++) {
4986 // Compute sbox
4987 var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
4988 sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
4989 SBOX[x] = sx;
4990 INV_SBOX[sx] = x;
4992 // Compute multiplication
4993 var x2 = d[x];
4994 var x4 = d[x2];
4995 var x8 = d[x4];
4997 // Compute sub bytes, mix columns tables
4998 var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
4999 SUB_MIX_0[x] = (t << 24) | (t >>> 8);
5000 SUB_MIX_1[x] = (t << 16) | (t >>> 16);
5001 SUB_MIX_2[x] = (t << 8) | (t >>> 24);
5002 SUB_MIX_3[x] = t;
5004 // Compute inv sub bytes, inv mix columns tables
5005 var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
5006 INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
5007 INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
5008 INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
5009 INV_SUB_MIX_3[sx] = t;
5011 // Compute next counter
5012 if (!x) {
5013 x = xi = 1;
5014 } else {
5015 x = x2 ^ d[d[d[x8 ^ x2]]];
5016 xi ^= d[d[xi]];
5017 }
5018 }
5019 }());
5021 // Precomputed Rcon lookup
5022 var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
5024 /**
5025 * AES block cipher algorithm.
5026 */
5027 var AES = C_algo.AES = BlockCipher.extend({
5028 _doReset: function () {
5029 // Shortcuts
5030 var key = this._key;
5031 var keyWords = key.words;
5032 var keySize = key.sigBytes / 4;
5034 // Compute number of rounds
5035 var nRounds = this._nRounds = keySize + 6
5037 // Compute number of key schedule rows
5038 var ksRows = (nRounds + 1) * 4;
5040 // Compute key schedule
5041 var keySchedule = this._keySchedule = [];
5042 for (var ksRow = 0; ksRow < ksRows; ksRow++) {
5043 if (ksRow < keySize) {
5044 keySchedule[ksRow] = keyWords[ksRow];
5045 } else {
5046 var t = keySchedule[ksRow - 1];
5048 if (!(ksRow % keySize)) {
5049 // Rot word
5050 t = (t << 8) | (t >>> 24);
5052 // Sub word
5053 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
5055 // Mix Rcon
5056 t ^= RCON[(ksRow / keySize) | 0] << 24;
5057 } else if (keySize > 6 && ksRow % keySize == 4) {
5058 // Sub word
5059 t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
5060 }
5062 keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
5063 }
5064 }
5066 // Compute inv key schedule
5067 var invKeySchedule = this._invKeySchedule = [];
5068 for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
5069 var ksRow = ksRows - invKsRow;
5071 if (invKsRow % 4) {
5072 var t = keySchedule[ksRow];
5073 } else {
5074 var t = keySchedule[ksRow - 4];
5075 }
5077 if (invKsRow < 4 || ksRow <= 4) {
5078 invKeySchedule[invKsRow] = t;
5079 } else {
5080 invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
5081 INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
5082 }
5083 }
5084 },
5086 encryptBlock: function (M, offset) {
5087 this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
5088 },
5090 decryptBlock: function (M, offset) {
5091 // Swap 2nd and 4th rows
5092 var t = M[offset + 1];
5093 M[offset + 1] = M[offset + 3];
5094 M[offset + 3] = t;
5096 this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
5098 // Inv swap 2nd and 4th rows
5099 var t = M[offset + 1];
5100 M[offset + 1] = M[offset + 3];
5101 M[offset + 3] = t;
5102 },
5104 _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
5105 // Shortcut
5106 var nRounds = this._nRounds;
5108 // Get input, add round key
5109 var s0 = M[offset] ^ keySchedule[0];
5110 var s1 = M[offset + 1] ^ keySchedule[1];
5111 var s2 = M[offset + 2] ^ keySchedule[2];
5112 var s3 = M[offset + 3] ^ keySchedule[3];
5114 // Key schedule row counter
5115 var ksRow = 4;
5117 // Rounds
5118 for (var round = 1; round < nRounds; round++) {
5119 // Shift rows, sub bytes, mix columns, add round key
5120 var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
5121 var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
5122 var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
5123 var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
5125 // Update state
5126 s0 = t0;
5127 s1 = t1;
5128 s2 = t2;
5129 s3 = t3;
5130 }
5132 // Shift rows, sub bytes, add round key
5133 var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
5134 var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
5135 var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
5136 var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
5138 // Set output
5139 M[offset] = t0;
5140 M[offset + 1] = t1;
5141 M[offset + 2] = t2;
5142 M[offset + 3] = t3;
5143 },
5145 keySize: 256/32
5146 });
5148 /**
5149 * Shortcut functions to the cipher's object interface.
5150 *
5151 * @example
5152 *
5153 * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
5154 * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
5155 */
5156 C.AES = BlockCipher._createHelper(AES);
5157 }());
5160 return CryptoJS.AES;
5164;(function (root, factory) {
5165 if (typeof exports === "object") {
5166 // CommonJS
5167 module.exports = exports = factory(_dereq_("./core"));
5168 }
5169 else if (typeof define === "function" && define.amd) {
5170 // AMD
5171 define(["./core"], factory);
5172 }
5173 else {
5174 // Global (browser)
5175 factory(root.CryptoJS);
5176 }
5177}(this, function (CryptoJS) {
5179 /**
5180 * Cipher core components.
5181 */
5182 CryptoJS.lib.Cipher || (function (undefined) {
5183 // Shortcuts
5184 var C = CryptoJS;
5185 var C_lib = C.lib;
5186 var Base = C_lib.Base;
5187 var WordArray = C_lib.WordArray;
5188 var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
5189 var C_enc = C.enc;
5190 var Utf8 = C_enc.Utf8;
5191 var Base64 = C_enc.Base64;
5192 var C_algo = C.algo;
5193 var EvpKDF = C_algo.EvpKDF;
5195 /**
5196 * Abstract base cipher template.
5197 *
5198 * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
5199 * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
5200 * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
5201 * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
5202 */
5203 var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
5204 /**
5205 * Configuration options.
5206 *
5207 * @property {WordArray} iv The IV to use for this operation.
5208 */
5209 cfg: Base.extend(),
5211 /**
5212 * Creates this cipher in encryption mode.
5213 *
5214 * @param {WordArray} key The key.
5215 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5216 *
5217 * @return {Cipher} A cipher instance.
5218 *
5219 * @static
5220 *
5221 * @example
5222 *
5223 * var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
5224 */
5225 createEncryptor: function (key, cfg) {
5226 return this.create(this._ENC_XFORM_MODE, key, cfg);
5227 },
5229 /**
5230 * Creates this cipher in decryption mode.
5231 *
5232 * @param {WordArray} key The key.
5233 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5234 *
5235 * @return {Cipher} A cipher instance.
5236 *
5237 * @static
5238 *
5239 * @example
5240 *
5241 * var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
5242 */
5243 createDecryptor: function (key, cfg) {
5244 return this.create(this._DEC_XFORM_MODE, key, cfg);
5245 },
5247 /**
5248 * Initializes a newly created cipher.
5249 *
5250 * @param {number} xformMode Either the encryption or decryption transormation mode constant.
5251 * @param {WordArray} key The key.
5252 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5253 *
5254 * @example
5255 *
5256 * var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
5257 */
5258 init: function (xformMode, key, cfg) {
5259 // Apply config defaults
5260 this.cfg = this.cfg.extend(cfg);
5262 // Store transform mode and key
5263 this._xformMode = xformMode;
5264 this._key = key;
5266 // Set initial values
5267 this.reset();
5268 },
5270 /**
5271 * Resets this cipher to its initial state.
5272 *
5273 * @example
5274 *
5275 * cipher.reset();
5276 */
5277 reset: function () {
5278 // Reset data buffer
5279 BufferedBlockAlgorithm.reset.call(this);
5281 // Perform concrete-cipher logic
5282 this._doReset();
5283 },
5285 /**
5286 * Adds data to be encrypted or decrypted.
5287 *
5288 * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
5289 *
5290 * @return {WordArray} The data after processing.
5291 *
5292 * @example
5293 *
5294 * var encrypted = cipher.process('data');
5295 * var encrypted = cipher.process(wordArray);
5296 */
5297 process: function (dataUpdate) {
5298 // Append
5299 this._append(dataUpdate);
5301 // Process available blocks
5302 return this._process();
5303 },
5305 /**
5306 * Finalizes the encryption or decryption process.
5307 * Note that the finalize operation is effectively a destructive, read-once operation.
5308 *
5309 * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
5310 *
5311 * @return {WordArray} The data after final processing.
5312 *
5313 * @example
5314 *
5315 * var encrypted = cipher.finalize();
5316 * var encrypted = cipher.finalize('data');
5317 * var encrypted = cipher.finalize(wordArray);
5318 */
5319 finalize: function (dataUpdate) {
5320 // Final data update
5321 if (dataUpdate) {
5322 this._append(dataUpdate);
5323 }
5325 // Perform concrete-cipher logic
5326 var finalProcessedData = this._doFinalize();
5328 return finalProcessedData;
5329 },
5331 keySize: 128/32,
5333 ivSize: 128/32,
5335 _ENC_XFORM_MODE: 1,
5337 _DEC_XFORM_MODE: 2,
5339 /**
5340 * Creates shortcut functions to a cipher's object interface.
5341 *
5342 * @param {Cipher} cipher The cipher to create a helper for.
5343 *
5344 * @return {Object} An object with encrypt and decrypt shortcut functions.
5345 *
5346 * @static
5347 *
5348 * @example
5349 *
5350 * var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
5351 */
5352 _createHelper: (function () {
5353 function selectCipherStrategy(key) {
5354 if (typeof key == 'string') {
5355 return PasswordBasedCipher;
5356 } else {
5357 return SerializableCipher;
5358 }
5359 }
5361 return function (cipher) {
5362 return {
5363 encrypt: function (message, key, cfg) {
5364 return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
5365 },
5367 decrypt: function (ciphertext, key, cfg) {
5368 return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
5369 }
5370 };
5371 };
5372 }())
5373 });
5375 /**
5376 * Abstract base stream cipher template.
5377 *
5378 * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
5379 */
5380 var StreamCipher = C_lib.StreamCipher = Cipher.extend({
5381 _doFinalize: function () {
5382 // Process partial blocks
5383 var finalProcessedBlocks = this._process(!!'flush');
5385 return finalProcessedBlocks;
5386 },
5388 blockSize: 1
5389 });
5391 /**
5392 * Mode namespace.
5393 */
5394 var C_mode = C.mode = {};
5396 /**
5397 * Abstract base block cipher mode template.
5398 */
5399 var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
5400 /**
5401 * Creates this mode for encryption.
5402 *
5403 * @param {Cipher} cipher A block cipher instance.
5404 * @param {Array} iv The IV words.
5405 *
5406 * @static
5407 *
5408 * @example
5409 *
5410 * var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
5411 */
5412 createEncryptor: function (cipher, iv) {
5413 return this.Encryptor.create(cipher, iv);
5414 },
5416 /**
5417 * Creates this mode for decryption.
5418 *
5419 * @param {Cipher} cipher A block cipher instance.
5420 * @param {Array} iv The IV words.
5421 *
5422 * @static
5423 *
5424 * @example
5425 *
5426 * var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
5427 */
5428 createDecryptor: function (cipher, iv) {
5429 return this.Decryptor.create(cipher, iv);
5430 },
5432 /**
5433 * Initializes a newly created mode.
5434 *
5435 * @param {Cipher} cipher A block cipher instance.
5436 * @param {Array} iv The IV words.
5437 *
5438 * @example
5439 *
5440 * var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
5441 */
5442 init: function (cipher, iv) {
5443 this._cipher = cipher;
5444 this._iv = iv;
5445 }
5446 });
5448 /**
5449 * Cipher Block Chaining mode.
5450 */
5451 var CBC = C_mode.CBC = (function () {
5452 /**
5453 * Abstract base CBC mode.
5454 */
5455 var CBC = BlockCipherMode.extend();
5457 /**
5458 * CBC encryptor.
5459 */
5460 CBC.Encryptor = CBC.extend({
5461 /**
5462 * Processes the data block at offset.
5463 *
5464 * @param {Array} words The data words to operate on.
5465 * @param {number} offset The offset where the block starts.
5466 *
5467 * @example
5468 *
5469 * mode.processBlock(data.words, offset);
5470 */
5471 processBlock: function (words, offset) {
5472 // Shortcuts
5473 var cipher = this._cipher;
5474 var blockSize = cipher.blockSize;
5476 // XOR and encrypt
5477 xorBlock.call(this, words, offset, blockSize);
5478 cipher.encryptBlock(words, offset);
5480 // Remember this block to use with next block
5481 this._prevBlock = words.slice(offset, offset + blockSize);
5482 }
5483 });
5485 /**
5486 * CBC decryptor.
5487 */
5488 CBC.Decryptor = CBC.extend({
5489 /**
5490 * Processes the data block at offset.
5491 *
5492 * @param {Array} words The data words to operate on.
5493 * @param {number} offset The offset where the block starts.
5494 *
5495 * @example
5496 *
5497 * mode.processBlock(data.words, offset);
5498 */
5499 processBlock: function (words, offset) {
5500 // Shortcuts
5501 var cipher = this._cipher;
5502 var blockSize = cipher.blockSize;
5504 // Remember this block to use with next block
5505 var thisBlock = words.slice(offset, offset + blockSize);
5507 // Decrypt and XOR
5508 cipher.decryptBlock(words, offset);
5509 xorBlock.call(this, words, offset, blockSize);
5511 // This block becomes the previous block
5512 this._prevBlock = thisBlock;
5513 }
5514 });
5516 function xorBlock(words, offset, blockSize) {
5517 // Shortcut
5518 var iv = this._iv;
5520 // Choose mixing block
5521 if (iv) {
5522 var block = iv;
5524 // Remove IV for subsequent blocks
5525 this._iv = undefined;
5526 } else {
5527 var block = this._prevBlock;
5528 }
5530 // XOR blocks
5531 for (var i = 0; i < blockSize; i++) {
5532 words[offset + i] ^= block[i];
5533 }
5534 }
5536 return CBC;
5537 }());
5539 /**
5540 * Padding namespace.
5541 */
5542 var C_pad = C.pad = {};
5544 /**
5545 * PKCS #5/7 padding strategy.
5546 */
5547 var Pkcs7 = C_pad.Pkcs7 = {
5548 /**
5549 * Pads data using the algorithm defined in PKCS #5/7.
5550 *
5551 * @param {WordArray} data The data to pad.
5552 * @param {number} blockSize The multiple that the data should be padded to.
5553 *
5554 * @static
5555 *
5556 * @example
5557 *
5558 * CryptoJS.pad.Pkcs7.pad(wordArray, 4);
5559 */
5560 pad: function (data, blockSize) {
5561 // Shortcut
5562 var blockSizeBytes = blockSize * 4;
5564 // Count padding bytes
5565 var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
5567 // Create padding word
5568 var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
5570 // Create padding
5571 var paddingWords = [];
5572 for (var i = 0; i < nPaddingBytes; i += 4) {
5573 paddingWords.push(paddingWord);
5574 }
5575 var padding = WordArray.create(paddingWords, nPaddingBytes);
5577 // Add padding
5578 data.concat(padding);
5579 },
5581 /**
5582 * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
5583 *
5584 * @param {WordArray} data The data to unpad.
5585 *
5586 * @static
5587 *
5588 * @example
5589 *
5590 * CryptoJS.pad.Pkcs7.unpad(wordArray);
5591 */
5592 unpad: function (data) {
5593 // Get number of padding bytes from last byte
5594 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
5596 // Remove padding
5597 data.sigBytes -= nPaddingBytes;
5598 }
5599 };
5601 /**
5602 * Abstract base block cipher template.
5603 *
5604 * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
5605 */
5606 var BlockCipher = C_lib.BlockCipher = Cipher.extend({
5607 /**
5608 * Configuration options.
5609 *
5610 * @property {Mode} mode The block mode to use. Default: CBC
5611 * @property {Padding} padding The padding strategy to use. Default: Pkcs7
5612 */
5613 cfg: Cipher.cfg.extend({
5614 mode: CBC,
5615 padding: Pkcs7
5616 }),
5618 reset: function () {
5619 // Reset cipher
5620 Cipher.reset.call(this);
5622 // Shortcuts
5623 var cfg = this.cfg;
5624 var iv = cfg.iv;
5625 var mode = cfg.mode;
5627 // Reset block mode
5628 if (this._xformMode == this._ENC_XFORM_MODE) {
5629 var modeCreator = mode.createEncryptor;
5630 } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
5631 var modeCreator = mode.createDecryptor;
5633 // Keep at least one block in the buffer for unpadding
5634 this._minBufferSize = 1;
5635 }
5636 this._mode = modeCreator.call(mode, this, iv && iv.words);
5637 },
5639 _doProcessBlock: function (words, offset) {
5640 this._mode.processBlock(words, offset);
5641 },
5643 _doFinalize: function () {
5644 // Shortcut
5645 var padding = this.cfg.padding;
5647 // Finalize
5648 if (this._xformMode == this._ENC_XFORM_MODE) {
5649 // Pad data
5650 padding.pad(this._data, this.blockSize);
5652 // Process final blocks
5653 var finalProcessedBlocks = this._process(!!'flush');
5654 } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
5655 // Process final blocks
5656 var finalProcessedBlocks = this._process(!!'flush');
5658 // Unpad data
5659 padding.unpad(finalProcessedBlocks);
5660 }
5662 return finalProcessedBlocks;
5663 },
5665 blockSize: 128/32
5666 });
5668 /**
5669 * A collection of cipher parameters.
5670 *
5671 * @property {WordArray} ciphertext The raw ciphertext.
5672 * @property {WordArray} key The key to this ciphertext.
5673 * @property {WordArray} iv The IV used in the ciphering operation.
5674 * @property {WordArray} salt The salt used with a key derivation function.
5675 * @property {Cipher} algorithm The cipher algorithm.
5676 * @property {Mode} mode The block mode used in the ciphering operation.
5677 * @property {Padding} padding The padding scheme used in the ciphering operation.
5678 * @property {number} blockSize The block size of the cipher.
5679 * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
5680 */
5681 var CipherParams = C_lib.CipherParams = Base.extend({
5682 /**
5683 * Initializes a newly created cipher params object.
5684 *
5685 * @param {Object} cipherParams An object with any of the possible cipher parameters.
5686 *
5687 * @example
5688 *
5689 * var cipherParams = CryptoJS.lib.CipherParams.create({
5690 * ciphertext: ciphertextWordArray,
5691 * key: keyWordArray,
5692 * iv: ivWordArray,
5693 * salt: saltWordArray,
5694 * algorithm: CryptoJS.algo.AES,
5695 * mode: CryptoJS.mode.CBC,
5696 * padding: CryptoJS.pad.PKCS7,
5697 * blockSize: 4,
5698 * formatter: CryptoJS.format.OpenSSL
5699 * });
5700 */
5701 init: function (cipherParams) {
5702 this.mixIn(cipherParams);
5703 },
5705 /**
5706 * Converts this cipher params object to a string.
5707 *
5708 * @param {Format} formatter (Optional) The formatting strategy to use.
5709 *
5710 * @return {string} The stringified cipher params.
5711 *
5712 * @throws Error If neither the formatter nor the default formatter is set.
5713 *
5714 * @example
5715 *
5716 * var string = cipherParams + '';
5717 * var string = cipherParams.toString();
5718 * var string = cipherParams.toString(CryptoJS.format.OpenSSL);
5719 */
5720 toString: function (formatter) {
5721 return (formatter || this.formatter).stringify(this);
5722 }
5723 });
5725 /**
5726 * Format namespace.
5727 */
5728 var C_format = C.format = {};
5730 /**
5731 * OpenSSL formatting strategy.
5732 */
5733 var OpenSSLFormatter = C_format.OpenSSL = {
5734 /**
5735 * Converts a cipher params object to an OpenSSL-compatible string.
5736 *
5737 * @param {CipherParams} cipherParams The cipher params object.
5738 *
5739 * @return {string} The OpenSSL-compatible string.
5740 *
5741 * @static
5742 *
5743 * @example
5744 *
5745 * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
5746 */
5747 stringify: function (cipherParams) {
5748 // Shortcuts
5749 var ciphertext = cipherParams.ciphertext;
5750 var salt = cipherParams.salt;
5752 // Format
5753 if (salt) {
5754 var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
5755 } else {
5756 var wordArray = ciphertext;
5757 }
5759 return wordArray.toString(Base64);
5760 },
5762 /**
5763 * Converts an OpenSSL-compatible string to a cipher params object.
5764 *
5765 * @param {string} openSSLStr The OpenSSL-compatible string.
5766 *
5767 * @return {CipherParams} The cipher params object.
5768 *
5769 * @static
5770 *
5771 * @example
5772 *
5773 * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
5774 */
5775 parse: function (openSSLStr) {
5776 // Parse base64
5777 var ciphertext = Base64.parse(openSSLStr);
5779 // Shortcut
5780 var ciphertextWords = ciphertext.words;
5782 // Test for salt
5783 if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
5784 // Extract salt
5785 var salt = WordArray.create(ciphertextWords.slice(2, 4));
5787 // Remove salt from ciphertext
5788 ciphertextWords.splice(0, 4);
5789 ciphertext.sigBytes -= 16;
5790 }
5792 return CipherParams.create({ ciphertext: ciphertext, salt: salt });
5793 }
5794 };
5796 /**
5797 * A cipher wrapper that returns ciphertext as a serializable cipher params object.
5798 */
5799 var SerializableCipher = C_lib.SerializableCipher = Base.extend({
5800 /**
5801 * Configuration options.
5802 *
5803 * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
5804 */
5805 cfg: Base.extend({
5806 format: OpenSSLFormatter
5807 }),
5809 /**
5810 * Encrypts a message.
5811 *
5812 * @param {Cipher} cipher The cipher algorithm to use.
5813 * @param {WordArray|string} message The message to encrypt.
5814 * @param {WordArray} key The key.
5815 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5816 *
5817 * @return {CipherParams} A cipher params object.
5818 *
5819 * @static
5820 *
5821 * @example
5822 *
5823 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
5824 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
5825 * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
5826 */
5827 encrypt: function (cipher, message, key, cfg) {
5828 // Apply config defaults
5829 cfg = this.cfg.extend(cfg);
5831 // Encrypt
5832 var encryptor = cipher.createEncryptor(key, cfg);
5833 var ciphertext = encryptor.finalize(message);
5835 // Shortcut
5836 var cipherCfg = encryptor.cfg;
5838 // Create and return serializable cipher params
5839 return CipherParams.create({
5840 ciphertext: ciphertext,
5841 key: key,
5842 iv: cipherCfg.iv,
5843 algorithm: cipher,
5844 mode: cipherCfg.mode,
5845 padding: cipherCfg.padding,
5846 blockSize: cipher.blockSize,
5847 formatter: cfg.format
5848 });
5849 },
5851 /**
5852 * Decrypts serialized ciphertext.
5853 *
5854 * @param {Cipher} cipher The cipher algorithm to use.
5855 * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
5856 * @param {WordArray} key The key.
5857 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5858 *
5859 * @return {WordArray} The plaintext.
5860 *
5861 * @static
5862 *
5863 * @example
5864 *
5865 * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
5866 * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
5867 */
5868 decrypt: function (cipher, ciphertext, key, cfg) {
5869 // Apply config defaults
5870 cfg = this.cfg.extend(cfg);
5872 // Convert string to CipherParams
5873 ciphertext = this._parse(ciphertext, cfg.format);
5875 // Decrypt
5876 var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
5878 return plaintext;
5879 },
5881 /**
5882 * Converts serialized ciphertext to CipherParams,
5883 * else assumed CipherParams already and returns ciphertext unchanged.
5884 *
5885 * @param {CipherParams|string} ciphertext The ciphertext.
5886 * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
5887 *
5888 * @return {CipherParams} The unserialized ciphertext.
5889 *
5890 * @static
5891 *
5892 * @example
5893 *
5894 * var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
5895 */
5896 _parse: function (ciphertext, format) {
5897 if (typeof ciphertext == 'string') {
5898 return format.parse(ciphertext, this);
5899 } else {
5900 return ciphertext;
5901 }
5902 }
5903 });
5905 /**
5906 * Key derivation function namespace.
5907 */
5908 var C_kdf = C.kdf = {};
5910 /**
5911 * OpenSSL key derivation function.
5912 */
5913 var OpenSSLKdf = C_kdf.OpenSSL = {
5914 /**
5915 * Derives a key and IV from a password.
5916 *
5917 * @param {string} password The password to derive from.
5918 * @param {number} keySize The size in words of the key to generate.
5919 * @param {number} ivSize The size in words of the IV to generate.
5920 * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
5921 *
5922 * @return {CipherParams} A cipher params object with the key, IV, and salt.
5923 *
5924 * @static
5925 *
5926 * @example
5927 *
5928 * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
5929 * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
5930 */
5931 execute: function (password, keySize, ivSize, salt) {
5932 // Generate random salt
5933 if (!salt) {
5934 salt = WordArray.random(64/8);
5935 }
5937 // Derive key and IV
5938 var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
5940 // Separate key and IV
5941 var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
5942 key.sigBytes = keySize * 4;
5944 // Return params
5945 return CipherParams.create({ key: key, iv: iv, salt: salt });
5946 }
5947 };
5949 /**
5950 * A serializable cipher wrapper that derives the key from a password,
5951 * and returns ciphertext as a serializable cipher params object.
5952 */
5953 var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
5954 /**
5955 * Configuration options.
5956 *
5957 * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
5958 */
5959 cfg: SerializableCipher.cfg.extend({
5960 kdf: OpenSSLKdf
5961 }),
5963 /**
5964 * Encrypts a message using a password.
5965 *
5966 * @param {Cipher} cipher The cipher algorithm to use.
5967 * @param {WordArray|string} message The message to encrypt.
5968 * @param {string} password The password.
5969 * @param {Object} cfg (Optional) The configuration options to use for this operation.
5970 *
5971 * @return {CipherParams} A cipher params object.
5972 *
5973 * @static
5974 *
5975 * @example
5976 *
5977 * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
5978 * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
5979 */
5980 encrypt: function (cipher, message, password, cfg) {
5981 // Apply config defaults
5982 cfg = this.cfg.extend(cfg);
5984 // Derive key and other params
5985 var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
5987 // Add IV to config
5988 cfg.iv = derivedParams.iv;
5990 // Encrypt
5991 var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
5993 // Mix in derived params
5994 ciphertext.mixIn(derivedParams);
5996 return ciphertext;
5997 },
5999 /**
6000 * Decrypts serialized ciphertext using a password.
6001 *
6002 * @param {Cipher} cipher The cipher algorithm to use.
6003 * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
6004 * @param {string} password The password.
6005 * @param {Object} cfg (Optional) The configuration options to use for this operation.
6006 *
6007 * @return {WordArray} The plaintext.
6008 *
6009 * @static
6010 *
6011 * @example
6012 *
6013 * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
6014 * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
6015 */
6016 decrypt: function (cipher, ciphertext, password, cfg) {
6017 // Apply config defaults
6018 cfg = this.cfg.extend(cfg);
6020 // Convert string to CipherParams
6021 ciphertext = this._parse(ciphertext, cfg.format);
6023 // Derive key and other params
6024 var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
6026 // Add IV to config
6027 cfg.iv = derivedParams.iv;
6029 // Decrypt
6030 var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
6032 return plaintext;
6033 }
6034 });
6035 }());
6040;(function (root, factory) {
6041 if (typeof exports === "object") {
6042 // CommonJS
6043 module.exports = exports = factory();
6044 }
6045 else if (typeof define === "function" && define.amd) {
6046 // AMD
6047 define([], factory);
6048 }
6049 else {
6050 // Global (browser)
6051 root.CryptoJS = factory();
6052 }
6053}(this, function () {
6055 /**
6056 * CryptoJS core components.
6057 */
6058 var CryptoJS = CryptoJS || (function (Math, undefined) {
6059 /**
6060 * CryptoJS namespace.
6061 */
6062 var C = {};
6064 /**
6065 * Library namespace.
6066 */
6067 var C_lib = C.lib = {};
6069 /**
6070 * Base object for prototypal inheritance.
6071 */
6072 var Base = C_lib.Base = (function () {
6073 function F() {}
6075 return {
6076 /**
6077 * Creates a new object that inherits from this object.
6078 *
6079 * @param {Object} overrides Properties to copy into the new object.
6080 *
6081 * @return {Object} The new object.
6082 *
6083 * @static
6084 *
6085 * @example
6086 *
6087 * var MyType = CryptoJS.lib.Base.extend({
6088 * field: 'value',
6089 *
6090 * method: function () {
6091 * }
6092 * });
6093 */
6094 extend: function (overrides) {
6095 // Spawn
6096 F.prototype = this;
6097 var subtype = new F();
6099 // Augment
6100 if (overrides) {
6101 subtype.mixIn(overrides);
6102 }
6104 // Create default initializer
6105 if (!subtype.hasOwnProperty('init')) {
6106 subtype.init = function () {
6107 subtype.$super.init.apply(this, arguments);
6108 };
6109 }
6111 // Initializer's prototype is the subtype object
6112 subtype.init.prototype = subtype;
6114 // Reference supertype
6115 subtype.$super = this;
6117 return subtype;
6118 },
6120 /**
6121 * Extends this object and runs the init method.
6122 * Arguments to create() will be passed to init().
6123 *
6124 * @return {Object} The new object.
6125 *
6126 * @static
6127 *
6128 * @example
6129 *
6130 * var instance = MyType.create();
6131 */
6132 create: function () {
6133 var instance = this.extend();
6134 instance.init.apply(instance, arguments);
6136 return instance;
6137 },
6139 /**
6140 * Initializes a newly created object.
6141 * Override this method to add some logic when your objects are created.
6142 *
6143 * @example
6144 *
6145 * var MyType = CryptoJS.lib.Base.extend({
6146 * init: function () {
6147 * // ...
6148 * }
6149 * });
6150 */
6151 init: function () {
6152 },
6154 /**
6155 * Copies properties into this object.
6156 *
6157 * @param {Object} properties The properties to mix in.
6158 *
6159 * @example
6160 *
6161 * MyType.mixIn({
6162 * field: 'value'
6163 * });
6164 */
6165 mixIn: function (properties) {
6166 for (var propertyName in properties) {
6167 if (properties.hasOwnProperty(propertyName)) {
6168 this[propertyName] = properties[propertyName];
6169 }
6170 }
6172 // IE won't copy toString using the loop above
6173 if (properties.hasOwnProperty('toString')) {
6174 this.toString = properties.toString;
6175 }
6176 },
6178 /**
6179 * Creates a copy of this object.
6180 *
6181 * @return {Object} The clone.
6182 *
6183 * @example
6184 *
6185 * var clone = instance.clone();
6186 */
6187 clone: function () {
6188 return this.init.prototype.extend(this);
6189 }
6190 };
6191 }());
6193 /**
6194 * An array of 32-bit words.
6195 *
6196 * @property {Array} words The array of 32-bit words.
6197 * @property {number} sigBytes The number of significant bytes in this word array.
6198 */
6199 var WordArray = C_lib.WordArray = Base.extend({
6200 /**
6201 * Initializes a newly created word array.
6202 *
6203 * @param {Array} words (Optional) An array of 32-bit words.
6204 * @param {number} sigBytes (Optional) The number of significant bytes in the words.
6205 *
6206 * @example
6207 *
6208 * var wordArray = CryptoJS.lib.WordArray.create();
6209 * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
6210 * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
6211 */
6212 init: function (words, sigBytes) {
6213 words = this.words = words || [];
6215 if (sigBytes != undefined) {
6216 this.sigBytes = sigBytes;
6217 } else {
6218 this.sigBytes = words.length * 4;
6219 }
6220 },
6222 /**
6223 * Converts this word array to a string.
6224 *
6225 * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
6226 *
6227 * @return {string} The stringified word array.
6228 *
6229 * @example
6230 *
6231 * var string = wordArray + '';
6232 * var string = wordArray.toString();
6233 * var string = wordArray.toString(CryptoJS.enc.Utf8);
6234 */
6235 toString: function (encoder) {
6236 return (encoder || Hex).stringify(this);
6237 },
6239 /**
6240 * Concatenates a word array to this word array.
6241 *
6242 * @param {WordArray} wordArray The word array to append.
6243 *
6244 * @return {WordArray} This word array.
6245 *
6246 * @example
6247 *
6248 * wordArray1.concat(wordArray2);
6249 */
6250 concat: function (wordArray) {
6251 // Shortcuts
6252 var thisWords = this.words;
6253 var thatWords = wordArray.words;
6254 var thisSigBytes = this.sigBytes;
6255 var thatSigBytes = wordArray.sigBytes;
6257 // Clamp excess bits
6258 this.clamp();
6260 // Concat
6261 if (thisSigBytes % 4) {
6262 // Copy one byte at a time
6263 for (var i = 0; i < thatSigBytes; i++) {
6264 var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6265 thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
6266 }
6267 } else if (thatWords.length > 0xffff) {
6268 // Copy one word at a time
6269 for (var i = 0; i < thatSigBytes; i += 4) {
6270 thisWords[(thisSigBytes + i) >>> 2] = thatWords[i >>> 2];
6271 }
6272 } else {
6273 // Copy all words at once
6274 thisWords.push.apply(thisWords, thatWords);
6275 }
6276 this.sigBytes += thatSigBytes;
6278 // Chainable
6279 return this;
6280 },
6282 /**
6283 * Removes insignificant bits.
6284 *
6285 * @example
6286 *
6287 * wordArray.clamp();
6288 */
6289 clamp: function () {
6290 // Shortcuts
6291 var words = this.words;
6292 var sigBytes = this.sigBytes;
6294 // Clamp
6295 words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
6296 words.length = Math.ceil(sigBytes / 4);
6297 },
6299 /**
6300 * Creates a copy of this word array.
6301 *
6302 * @return {WordArray} The clone.
6303 *
6304 * @example
6305 *
6306 * var clone = wordArray.clone();
6307 */
6308 clone: function () {
6309 var clone = Base.clone.call(this);
6310 clone.words = this.words.slice(0);
6312 return clone;
6313 },
6315 /**
6316 * Creates a word array filled with random bytes.
6317 *
6318 * @param {number} nBytes The number of random bytes to generate.
6319 *
6320 * @return {WordArray} The random word array.
6321 *
6322 * @static
6323 *
6324 * @example
6325 *
6326 * var wordArray = CryptoJS.lib.WordArray.random(16);
6327 */
6328 random: function (nBytes) {
6329 var words = [];
6330 for (var i = 0; i < nBytes; i += 4) {
6331 words.push((Math.random() * 0x100000000) | 0);
6332 }
6334 return new WordArray.init(words, nBytes);
6335 }
6336 });
6338 /**
6339 * Encoder namespace.
6340 */
6341 var C_enc = C.enc = {};
6343 /**
6344 * Hex encoding strategy.
6345 */
6346 var Hex = C_enc.Hex = {
6347 /**
6348 * Converts a word array to a hex string.
6349 *
6350 * @param {WordArray} wordArray The word array.
6351 *
6352 * @return {string} The hex string.
6353 *
6354 * @static
6355 *
6356 * @example
6357 *
6358 * var hexString = CryptoJS.enc.Hex.stringify(wordArray);
6359 */
6360 stringify: function (wordArray) {
6361 // Shortcuts
6362 var words = wordArray.words;
6363 var sigBytes = wordArray.sigBytes;
6365 // Convert
6366 var hexChars = [];
6367 for (var i = 0; i < sigBytes; i++) {
6368 var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6369 hexChars.push((bite >>> 4).toString(16));
6370 hexChars.push((bite & 0x0f).toString(16));
6371 }
6373 return hexChars.join('');
6374 },
6376 /**
6377 * Converts a hex string to a word array.
6378 *
6379 * @param {string} hexStr The hex string.
6380 *
6381 * @return {WordArray} The word array.
6382 *
6383 * @static
6384 *
6385 * @example
6386 *
6387 * var wordArray = CryptoJS.enc.Hex.parse(hexString);
6388 */
6389 parse: function (hexStr) {
6390 // Shortcut
6391 var hexStrLength = hexStr.length;
6393 // Convert
6394 var words = [];
6395 for (var i = 0; i < hexStrLength; i += 2) {
6396 words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
6397 }
6399 return new WordArray.init(words, hexStrLength / 2);
6400 }
6401 };
6403 /**
6404 * Latin1 encoding strategy.
6405 */
6406 var Latin1 = C_enc.Latin1 = {
6407 /**
6408 * Converts a word array to a Latin1 string.
6409 *
6410 * @param {WordArray} wordArray The word array.
6411 *
6412 * @return {string} The Latin1 string.
6413 *
6414 * @static
6415 *
6416 * @example
6417 *
6418 * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
6419 */
6420 stringify: function (wordArray) {
6421 // Shortcuts
6422 var words = wordArray.words;
6423 var sigBytes = wordArray.sigBytes;
6425 // Convert
6426 var latin1Chars = [];
6427 for (var i = 0; i < sigBytes; i++) {
6428 var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6429 latin1Chars.push(String.fromCharCode(bite));
6430 }
6432 return latin1Chars.join('');
6433 },
6435 /**
6436 * Converts a Latin1 string to a word array.
6437 *
6438 * @param {string} latin1Str The Latin1 string.
6439 *
6440 * @return {WordArray} The word array.
6441 *
6442 * @static
6443 *
6444 * @example
6445 *
6446 * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
6447 */
6448 parse: function (latin1Str) {
6449 // Shortcut
6450 var latin1StrLength = latin1Str.length;
6452 // Convert
6453 var words = [];
6454 for (var i = 0; i < latin1StrLength; i++) {
6455 words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
6456 }
6458 return new WordArray.init(words, latin1StrLength);
6459 }
6460 };
6462 /**
6463 * UTF-8 encoding strategy.
6464 */
6465 var Utf8 = C_enc.Utf8 = {
6466 /**
6467 * Converts a word array to a UTF-8 string.
6468 *
6469 * @param {WordArray} wordArray The word array.
6470 *
6471 * @return {string} The UTF-8 string.
6472 *
6473 * @static
6474 *
6475 * @example
6476 *
6477 * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
6478 */
6479 stringify: function (wordArray) {
6480 try {
6481 return decodeURIComponent(escape(Latin1.stringify(wordArray)));
6482 } catch (e) {
6483 throw new Error('Malformed UTF-8 data');
6484 }
6485 },
6487 /**
6488 * Converts a UTF-8 string to a word array.
6489 *
6490 * @param {string} utf8Str The UTF-8 string.
6491 *
6492 * @return {WordArray} The word array.
6493 *
6494 * @static
6495 *
6496 * @example
6497 *
6498 * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
6499 */
6500 parse: function (utf8Str) {
6501 return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
6502 }
6503 };
6505 /**
6506 * Abstract buffered block algorithm template.
6507 *
6508 * The property blockSize must be implemented in a concrete subtype.
6509 *
6510 * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
6511 */
6512 var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
6513 /**
6514 * Resets this block algorithm's data buffer to its initial state.
6515 *
6516 * @example
6517 *
6518 * bufferedBlockAlgorithm.reset();
6519 */
6520 reset: function () {
6521 // Initial values
6522 this._data = new WordArray.init();
6523 this._nDataBytes = 0;
6524 },
6526 /**
6527 * Adds new data to this block algorithm's buffer.
6528 *
6529 * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
6530 *
6531 * @example
6532 *
6533 * bufferedBlockAlgorithm._append('data');
6534 * bufferedBlockAlgorithm._append(wordArray);
6535 */
6536 _append: function (data) {
6537 // Convert string to WordArray, else assume WordArray already
6538 if (typeof data == 'string') {
6539 data = Utf8.parse(data);
6540 }
6542 // Append
6543 this._data.concat(data);
6544 this._nDataBytes += data.sigBytes;
6545 },
6547 /**
6548 * Processes available data blocks.
6549 *
6550 * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
6551 *
6552 * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
6553 *
6554 * @return {WordArray} The processed data.
6555 *
6556 * @example
6557 *
6558 * var processedData = bufferedBlockAlgorithm._process();
6559 * var processedData = bufferedBlockAlgorithm._process(!!'flush');
6560 */
6561 _process: function (doFlush) {
6562 // Shortcuts
6563 var data = this._data;
6564 var dataWords = data.words;
6565 var dataSigBytes = data.sigBytes;
6566 var blockSize = this.blockSize;
6567 var blockSizeBytes = blockSize * 4;
6569 // Count blocks ready
6570 var nBlocksReady = dataSigBytes / blockSizeBytes;
6571 if (doFlush) {
6572 // Round up to include partial blocks
6573 nBlocksReady = Math.ceil(nBlocksReady);
6574 } else {
6575 // Round down to include only full blocks,
6576 // less the number of blocks that must remain in the buffer
6577 nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
6578 }
6580 // Count words ready
6581 var nWordsReady = nBlocksReady * blockSize;
6583 // Count bytes ready
6584 var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
6586 // Process blocks
6587 if (nWordsReady) {
6588 for (var offset = 0; offset < nWordsReady; offset += blockSize) {
6589 // Perform concrete-algorithm logic
6590 this._doProcessBlock(dataWords, offset);
6591 }
6593 // Remove processed words
6594 var processedWords = dataWords.splice(0, nWordsReady);
6595 data.sigBytes -= nBytesReady;
6596 }
6598 // Return processed words
6599 return new WordArray.init(processedWords, nBytesReady);
6600 },
6602 /**
6603 * Creates a copy of this object.
6604 *
6605 * @return {Object} The clone.
6606 *
6607 * @example
6608 *
6609 * var clone = bufferedBlockAlgorithm.clone();
6610 */
6611 clone: function () {
6612 var clone = Base.clone.call(this);
6613 clone._data = this._data.clone();
6615 return clone;
6616 },
6618 _minBufferSize: 0
6619 });
6621 /**
6622 * Abstract hasher template.
6623 *
6624 * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
6625 */
6626 var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
6627 /**
6628 * Configuration options.
6629 */
6630 cfg: Base.extend(),
6632 /**
6633 * Initializes a newly created hasher.
6634 *
6635 * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
6636 *
6637 * @example
6638 *
6639 * var hasher = CryptoJS.algo.SHA256.create();
6640 */
6641 init: function (cfg) {
6642 // Apply config defaults
6643 this.cfg = this.cfg.extend(cfg);
6645 // Set initial values
6646 this.reset();
6647 },
6649 /**
6650 * Resets this hasher to its initial state.
6651 *
6652 * @example
6653 *
6654 * hasher.reset();
6655 */
6656 reset: function () {
6657 // Reset data buffer
6658 BufferedBlockAlgorithm.reset.call(this);
6660 // Perform concrete-hasher logic
6661 this._doReset();
6662 },
6664 /**
6665 * Updates this hasher with a message.
6666 *
6667 * @param {WordArray|string} messageUpdate The message to append.
6668 *
6669 * @return {Hasher} This hasher.
6670 *
6671 * @example
6672 *
6673 * hasher.update('message');
6674 * hasher.update(wordArray);
6675 */
6676 update: function (messageUpdate) {
6677 // Append
6678 this._append(messageUpdate);
6680 // Update the hash
6681 this._process();
6683 // Chainable
6684 return this;
6685 },
6687 /**
6688 * Finalizes the hash computation.
6689 * Note that the finalize operation is effectively a destructive, read-once operation.
6690 *
6691 * @param {WordArray|string} messageUpdate (Optional) A final message update.
6692 *
6693 * @return {WordArray} The hash.
6694 *
6695 * @example
6696 *
6697 * var hash = hasher.finalize();
6698 * var hash = hasher.finalize('message');
6699 * var hash = hasher.finalize(wordArray);
6700 */
6701 finalize: function (messageUpdate) {
6702 // Final message update
6703 if (messageUpdate) {
6704 this._append(messageUpdate);
6705 }
6707 // Perform concrete-hasher logic
6708 var hash = this._doFinalize();
6710 return hash;
6711 },
6713 blockSize: 512/32,
6715 /**
6716 * Creates a shortcut function to a hasher's object interface.
6717 *
6718 * @param {Hasher} hasher The hasher to create a helper for.
6719 *
6720 * @return {Function} The shortcut function.
6721 *
6722 * @static
6723 *
6724 * @example
6725 *
6726 * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
6727 */
6728 _createHelper: function (hasher) {
6729 return function (message, cfg) {
6730 return new hasher.init(cfg).finalize(message);
6731 };
6732 },
6734 /**
6735 * Creates a shortcut function to the HMAC's object interface.
6736 *
6737 * @param {Hasher} hasher The hasher to use in this HMAC helper.
6738 *
6739 * @return {Function} The shortcut function.
6740 *
6741 * @static
6742 *
6743 * @example
6744 *
6745 * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
6746 */
6747 _createHmacHelper: function (hasher) {
6748 return function (message, key) {
6749 return new C_algo.HMAC.init(hasher, key).finalize(message);
6750 };
6751 }
6752 });
6754 /**
6755 * Algorithm namespace.
6756 */
6757 var C_algo = C.algo = {};
6759 return C;
6760 }(Math));
6763 return CryptoJS;
6767;(function (root, factory) {
6768 if (typeof exports === "object") {
6769 // CommonJS
6770 module.exports = exports = factory(_dereq_("./core"));
6771 }
6772 else if (typeof define === "function" && define.amd) {
6773 // AMD
6774 define(["./core"], factory);
6775 }
6776 else {
6777 // Global (browser)
6778 factory(root.CryptoJS);
6779 }
6780}(this, function (CryptoJS) {
6782 (function () {
6783 // Shortcuts
6784 var C = CryptoJS;
6785 var C_lib = C.lib;
6786 var WordArray = C_lib.WordArray;
6787 var C_enc = C.enc;
6789 /**
6790 * Base64 encoding strategy.
6791 */
6792 var Base64 = C_enc.Base64 = {
6793 /**
6794 * Converts a word array to a Base64 string.
6795 *
6796 * @param {WordArray} wordArray The word array.
6797 *
6798 * @return {string} The Base64 string.
6799 *
6800 * @static
6801 *
6802 * @example
6803 *
6804 * var base64String = CryptoJS.enc.Base64.stringify(wordArray);
6805 */
6806 stringify: function (wordArray) {
6807 // Shortcuts
6808 var words = wordArray.words;
6809 var sigBytes = wordArray.sigBytes;
6810 var map = this._map;
6812 // Clamp excess bits
6813 wordArray.clamp();
6815 // Convert
6816 var base64Chars = [];
6817 for (var i = 0; i < sigBytes; i += 3) {
6818 var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
6819 var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
6820 var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
6822 var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
6824 for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
6825 base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
6826 }
6827 }
6829 // Add padding
6830 var paddingChar = map.charAt(64);
6831 if (paddingChar) {
6832 while (base64Chars.length % 4) {
6833 base64Chars.push(paddingChar);
6834 }
6835 }
6837 return base64Chars.join('');
6838 },
6840 /**
6841 * Converts a Base64 string to a word array.
6842 *
6843 * @param {string} base64Str The Base64 string.
6844 *
6845 * @return {WordArray} The word array.
6846 *
6847 * @static
6848 *
6849 * @example
6850 *
6851 * var wordArray = CryptoJS.enc.Base64.parse(base64String);
6852 */
6853 parse: function (base64Str) {
6854 // Shortcuts
6855 var base64StrLength = base64Str.length;
6856 var map = this._map;
6858 // Ignore padding
6859 var paddingChar = map.charAt(64);
6860 if (paddingChar) {
6861 var paddingIndex = base64Str.indexOf(paddingChar);
6862 if (paddingIndex != -1) {
6863 base64StrLength = paddingIndex;
6864 }
6865 }
6867 // Convert
6868 var words = [];
6869 var nBytes = 0;
6870 for (var i = 0; i < base64StrLength; i++) {
6871 if (i % 4) {
6872 var bits1 = map.indexOf(base64Str.charAt(i - 1)) << ((i % 4) * 2);
6873 var bits2 = map.indexOf(base64Str.charAt(i)) >>> (6 - (i % 4) * 2);
6874 words[nBytes >>> 2] |= (bits1 | bits2) << (24 - (nBytes % 4) * 8);
6875 nBytes++;
6876 }
6877 }
6879 return WordArray.create(words, nBytes);
6880 },
6882 _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
6883 };
6884 }());
6887 return CryptoJS.enc.Base64;
6891;(function (root, factory) {
6892 if (typeof exports === "object") {
6893 // CommonJS
6894 module.exports = exports = factory(_dereq_("./core"));
6895 }
6896 else if (typeof define === "function" && define.amd) {
6897 // AMD
6898 define(["./core"], factory);
6899 }
6900 else {
6901 // Global (browser)
6902 factory(root.CryptoJS);
6903 }
6904}(this, function (CryptoJS) {
6906 (function () {
6907 // Shortcuts
6908 var C = CryptoJS;
6909 var C_lib = C.lib;
6910 var WordArray = C_lib.WordArray;
6911 var C_enc = C.enc;
6913 /**
6914 * UTF-16 BE encoding strategy.
6915 */
6916 var Utf16BE = C_enc.Utf16 = C_enc.Utf16BE = {
6917 /**
6918 * Converts a word array to a UTF-16 BE string.
6919 *
6920 * @param {WordArray} wordArray The word array.
6921 *
6922 * @return {string} The UTF-16 BE string.
6923 *
6924 * @static
6925 *
6926 * @example
6927 *
6928 * var utf16String = CryptoJS.enc.Utf16.stringify(wordArray);
6929 */
6930 stringify: function (wordArray) {
6931 // Shortcuts
6932 var words = wordArray.words;
6933 var sigBytes = wordArray.sigBytes;
6935 // Convert
6936 var utf16Chars = [];
6937 for (var i = 0; i < sigBytes; i += 2) {
6938 var codePoint = (words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff;
6939 utf16Chars.push(String.fromCharCode(codePoint));
6940 }
6942 return utf16Chars.join('');
6943 },
6945 /**
6946 * Converts a UTF-16 BE string to a word array.
6947 *
6948 * @param {string} utf16Str The UTF-16 BE string.
6949 *
6950 * @return {WordArray} The word array.
6951 *
6952 * @static
6953 *
6954 * @example
6955 *
6956 * var wordArray = CryptoJS.enc.Utf16.parse(utf16String);
6957 */
6958 parse: function (utf16Str) {
6959 // Shortcut
6960 var utf16StrLength = utf16Str.length;
6962 // Convert
6963 var words = [];
6964 for (var i = 0; i < utf16StrLength; i++) {
6965 words[i >>> 1] |= utf16Str.charCodeAt(i) << (16 - (i % 2) * 16);
6966 }
6968 return WordArray.create(words, utf16StrLength * 2);
6969 }
6970 };
6972 /**
6973 * UTF-16 LE encoding strategy.
6974 */
6975 C_enc.Utf16LE = {
6976 /**
6977 * Converts a word array to a UTF-16 LE string.
6978 *
6979 * @param {WordArray} wordArray The word array.
6980 *
6981 * @return {string} The UTF-16 LE string.
6982 *
6983 * @static
6984 *
6985 * @example
6986 *
6987 * var utf16Str = CryptoJS.enc.Utf16LE.stringify(wordArray);
6988 */
6989 stringify: function (wordArray) {
6990 // Shortcuts
6991 var words = wordArray.words;
6992 var sigBytes = wordArray.sigBytes;
6994 // Convert
6995 var utf16Chars = [];
6996 for (var i = 0; i < sigBytes; i += 2) {
6997 var codePoint = swapEndian((words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff);
6998 utf16Chars.push(String.fromCharCode(codePoint));
6999 }
7001 return utf16Chars.join('');
7002 },
7004 /**
7005 * Converts a UTF-16 LE string to a word array.
7006 *
7007 * @param {string} utf16Str The UTF-16 LE string.
7008 *
7009 * @return {WordArray} The word array.
7010 *
7011 * @static
7012 *
7013 * @example
7014 *
7015 * var wordArray = CryptoJS.enc.Utf16LE.parse(utf16Str);
7016 */
7017 parse: function (utf16Str) {
7018 // Shortcut
7019 var utf16StrLength = utf16Str.length;
7021 // Convert
7022 var words = [];
7023 for (var i = 0; i < utf16StrLength; i++) {
7024 words[i >>> 1] |= swapEndian(utf16Str.charCodeAt(i) << (16 - (i % 2) * 16));
7025 }
7027 return WordArray.create(words, utf16StrLength * 2);
7028 }
7029 };
7031 function swapEndian(word) {
7032 return ((word << 8) & 0xff00ff00) | ((word >>> 8) & 0x00ff00ff);
7033 }
7034 }());
7037 return CryptoJS.enc.Utf16;
7041;(function (root, factory, undef) {
7042 if (typeof exports === "object") {
7043 // CommonJS
7044 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha1"), _dereq_("./hmac"));
7045 }
7046 else if (typeof define === "function" && define.amd) {
7047 // AMD
7048 define(["./core", "./sha1", "./hmac"], factory);
7049 }
7050 else {
7051 // Global (browser)
7052 factory(root.CryptoJS);
7053 }
7054}(this, function (CryptoJS) {
7056 (function () {
7057 // Shortcuts
7058 var C = CryptoJS;
7059 var C_lib = C.lib;
7060 var Base = C_lib.Base;
7061 var WordArray = C_lib.WordArray;
7062 var C_algo = C.algo;
7063 var MD5 = C_algo.MD5;
7065 /**
7066 * This key derivation function is meant to conform with EVP_BytesToKey.
7067 * www.openssl.org/docs/crypto/EVP_BytesToKey.html
7068 */
7069 var EvpKDF = C_algo.EvpKDF = Base.extend({
7070 /**
7071 * Configuration options.
7072 *
7073 * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
7074 * @property {Hasher} hasher The hash algorithm to use. Default: MD5
7075 * @property {number} iterations The number of iterations to perform. Default: 1
7076 */
7077 cfg: Base.extend({
7078 keySize: 128/32,
7079 hasher: MD5,
7080 iterations: 1
7081 }),
7083 /**
7084 * Initializes a newly created key derivation function.
7085 *
7086 * @param {Object} cfg (Optional) The configuration options to use for the derivation.
7087 *
7088 * @example
7089 *
7090 * var kdf = CryptoJS.algo.EvpKDF.create();
7091 * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8 });
7092 * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8, iterations: 1000 });
7093 */
7094 init: function (cfg) {
7095 this.cfg = this.cfg.extend(cfg);
7096 },
7098 /**
7099 * Derives a key from a password.
7100 *
7101 * @param {WordArray|string} password The password.
7102 * @param {WordArray|string} salt A salt.
7103 *
7104 * @return {WordArray} The derived key.
7105 *
7106 * @example
7107 *
7108 * var key = kdf.compute(password, salt);
7109 */
7110 compute: function (password, salt) {
7111 // Shortcut
7112 var cfg = this.cfg;
7114 // Init hasher
7115 var hasher = cfg.hasher.create();
7117 // Initial values
7118 var derivedKey = WordArray.create();
7120 // Shortcuts
7121 var derivedKeyWords = derivedKey.words;
7122 var keySize = cfg.keySize;
7123 var iterations = cfg.iterations;
7125 // Generate key
7126 while (derivedKeyWords.length < keySize) {
7127 if (block) {
7128 hasher.update(block);
7129 }
7130 var block = hasher.update(password).finalize(salt);
7131 hasher.reset();
7133 // Iterations
7134 for (var i = 1; i < iterations; i++) {
7135 block = hasher.finalize(block);
7136 hasher.reset();
7137 }
7139 derivedKey.concat(block);
7140 }
7141 derivedKey.sigBytes = keySize * 4;
7143 return derivedKey;
7144 }
7145 });
7147 /**
7148 * Derives a key from a password.
7149 *
7150 * @param {WordArray|string} password The password.
7151 * @param {WordArray|string} salt A salt.
7152 * @param {Object} cfg (Optional) The configuration options to use for this computation.
7153 *
7154 * @return {WordArray} The derived key.
7155 *
7156 * @static
7157 *
7158 * @example
7159 *
7160 * var key = CryptoJS.EvpKDF(password, salt);
7161 * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8 });
7162 * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8, iterations: 1000 });
7163 */
7164 C.EvpKDF = function (password, salt, cfg) {
7165 return EvpKDF.create(cfg).compute(password, salt);
7166 };
7167 }());
7170 return CryptoJS.EvpKDF;
7174;(function (root, factory, undef) {
7175 if (typeof exports === "object") {
7176 // CommonJS
7177 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7178 }
7179 else if (typeof define === "function" && define.amd) {
7180 // AMD
7181 define(["./core", "./cipher-core"], factory);
7182 }
7183 else {
7184 // Global (browser)
7185 factory(root.CryptoJS);
7186 }
7187}(this, function (CryptoJS) {
7189 (function (undefined) {
7190 // Shortcuts
7191 var C = CryptoJS;
7192 var C_lib = C.lib;
7193 var CipherParams = C_lib.CipherParams;
7194 var C_enc = C.enc;
7195 var Hex = C_enc.Hex;
7196 var C_format = C.format;
7198 var HexFormatter = C_format.Hex = {
7199 /**
7200 * Converts the ciphertext of a cipher params object to a hexadecimally encoded string.
7201 *
7202 * @param {CipherParams} cipherParams The cipher params object.
7203 *
7204 * @return {string} The hexadecimally encoded string.
7205 *
7206 * @static
7207 *
7208 * @example
7209 *
7210 * var hexString = CryptoJS.format.Hex.stringify(cipherParams);
7211 */
7212 stringify: function (cipherParams) {
7213 return cipherParams.ciphertext.toString(Hex);
7214 },
7216 /**
7217 * Converts a hexadecimally encoded ciphertext string to a cipher params object.
7218 *
7219 * @param {string} input The hexadecimally encoded string.
7220 *
7221 * @return {CipherParams} The cipher params object.
7222 *
7223 * @static
7224 *
7225 * @example
7226 *
7227 * var cipherParams = CryptoJS.format.Hex.parse(hexString);
7228 */
7229 parse: function (input) {
7230 var ciphertext = Hex.parse(input);
7231 return CipherParams.create({ ciphertext: ciphertext });
7232 }
7233 };
7234 }());
7237 return CryptoJS.format.Hex;
7241;(function (root, factory) {
7242 if (typeof exports === "object") {
7243 // CommonJS
7244 module.exports = exports = factory(_dereq_("./core"));
7245 }
7246 else if (typeof define === "function" && define.amd) {
7247 // AMD
7248 define(["./core"], factory);
7249 }
7250 else {
7251 // Global (browser)
7252 factory(root.CryptoJS);
7253 }
7254}(this, function (CryptoJS) {
7256 (function () {
7257 // Shortcuts
7258 var C = CryptoJS;
7259 var C_lib = C.lib;
7260 var Base = C_lib.Base;
7261 var C_enc = C.enc;
7262 var Utf8 = C_enc.Utf8;
7263 var C_algo = C.algo;
7265 /**
7266 * HMAC algorithm.
7267 */
7268 var HMAC = C_algo.HMAC = Base.extend({
7269 /**
7270 * Initializes a newly created HMAC.
7271 *
7272 * @param {Hasher} hasher The hash algorithm to use.
7273 * @param {WordArray|string} key The secret key.
7274 *
7275 * @example
7276 *
7277 * var hmacHasher = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
7278 */
7279 init: function (hasher, key) {
7280 // Init hasher
7281 hasher = this._hasher = new hasher.init();
7283 // Convert string to WordArray, else assume WordArray already
7284 if (typeof key == 'string') {
7285 key = Utf8.parse(key);
7286 }
7288 // Shortcuts
7289 var hasherBlockSize = hasher.blockSize;
7290 var hasherBlockSizeBytes = hasherBlockSize * 4;
7292 // Allow arbitrary length keys
7293 if (key.sigBytes > hasherBlockSizeBytes) {
7294 key = hasher.finalize(key);
7295 }
7297 // Clamp excess bits
7298 key.clamp();
7300 // Clone key for inner and outer pads
7301 var oKey = this._oKey = key.clone();
7302 var iKey = this._iKey = key.clone();
7304 // Shortcuts
7305 var oKeyWords = oKey.words;
7306 var iKeyWords = iKey.words;
7308 // XOR keys with pad constants
7309 for (var i = 0; i < hasherBlockSize; i++) {
7310 oKeyWords[i] ^= 0x5c5c5c5c;
7311 iKeyWords[i] ^= 0x36363636;
7312 }
7313 oKey.sigBytes = iKey.sigBytes = hasherBlockSizeBytes;
7315 // Set initial values
7316 this.reset();
7317 },
7319 /**
7320 * Resets this HMAC to its initial state.
7321 *
7322 * @example
7323 *
7324 * hmacHasher.reset();
7325 */
7326 reset: function () {
7327 // Shortcut
7328 var hasher = this._hasher;
7330 // Reset
7331 hasher.reset();
7332 hasher.update(this._iKey);
7333 },
7335 /**
7336 * Updates this HMAC with a message.
7337 *
7338 * @param {WordArray|string} messageUpdate The message to append.
7339 *
7340 * @return {HMAC} This HMAC instance.
7341 *
7342 * @example
7343 *
7344 * hmacHasher.update('message');
7345 * hmacHasher.update(wordArray);
7346 */
7347 update: function (messageUpdate) {
7348 this._hasher.update(messageUpdate);
7350 // Chainable
7351 return this;
7352 },
7354 /**
7355 * Finalizes the HMAC computation.
7356 * Note that the finalize operation is effectively a destructive, read-once operation.
7357 *
7358 * @param {WordArray|string} messageUpdate (Optional) A final message update.
7359 *
7360 * @return {WordArray} The HMAC.
7361 *
7362 * @example
7363 *
7364 * var hmac = hmacHasher.finalize();
7365 * var hmac = hmacHasher.finalize('message');
7366 * var hmac = hmacHasher.finalize(wordArray);
7367 */
7368 finalize: function (messageUpdate) {
7369 // Shortcut
7370 var hasher = this._hasher;
7372 // Compute HMAC
7373 var innerHash = hasher.finalize(messageUpdate);
7374 hasher.reset();
7375 var hmac = hasher.finalize(this._oKey.clone().concat(innerHash));
7377 return hmac;
7378 }
7379 });
7380 }());
7385;(function (root, factory, undef) {
7386 if (typeof exports === "object") {
7387 // CommonJS
7388 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"), _dereq_("./lib-typedarrays"), _dereq_("./enc-utf16"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./sha1"), _dereq_("./sha256"), _dereq_("./sha224"), _dereq_("./sha512"), _dereq_("./sha384"), _dereq_("./sha3"), _dereq_("./ripemd160"), _dereq_("./hmac"), _dereq_("./pbkdf2"), _dereq_("./evpkdf"), _dereq_("./cipher-core"), _dereq_("./mode-cfb"), _dereq_("./mode-ctr"), _dereq_("./mode-ctr-gladman"), _dereq_("./mode-ofb"), _dereq_("./mode-ecb"), _dereq_("./pad-ansix923"), _dereq_("./pad-iso10126"), _dereq_("./pad-iso97971"), _dereq_("./pad-zeropadding"), _dereq_("./pad-nopadding"), _dereq_("./format-hex"), _dereq_("./aes"), _dereq_("./tripledes"), _dereq_("./rc4"), _dereq_("./rabbit"), _dereq_("./rabbit-legacy"));
7389 }
7390 else if (typeof define === "function" && define.amd) {
7391 // AMD
7392 define(["./core", "./x64-core", "./lib-typedarrays", "./enc-utf16", "./enc-base64", "./md5", "./sha1", "./sha256", "./sha224", "./sha512", "./sha384", "./sha3", "./ripemd160", "./hmac", "./pbkdf2", "./evpkdf", "./cipher-core", "./mode-cfb", "./mode-ctr", "./mode-ctr-gladman", "./mode-ofb", "./mode-ecb", "./pad-ansix923", "./pad-iso10126", "./pad-iso97971", "./pad-zeropadding", "./pad-nopadding", "./format-hex", "./aes", "./tripledes", "./rc4", "./rabbit", "./rabbit-legacy"], factory);
7393 }
7394 else {
7395 // Global (browser)
7396 factory(root.CryptoJS);
7397 }
7398}(this, function (CryptoJS) {
7400 return CryptoJS;
7404;(function (root, factory) {
7405 if (typeof exports === "object") {
7406 // CommonJS
7407 module.exports = exports = factory(_dereq_("./core"));
7408 }
7409 else if (typeof define === "function" && define.amd) {
7410 // AMD
7411 define(["./core"], factory);
7412 }
7413 else {
7414 // Global (browser)
7415 factory(root.CryptoJS);
7416 }
7417}(this, function (CryptoJS) {
7419 (function () {
7420 // Check if typed arrays are supported
7421 if (typeof ArrayBuffer != 'function') {
7422 return;
7423 }
7425 // Shortcuts
7426 var C = CryptoJS;
7427 var C_lib = C.lib;
7428 var WordArray = C_lib.WordArray;
7430 // Reference original init
7431 var superInit = WordArray.init;
7433 // Augment WordArray.init to handle typed arrays
7434 var subInit = WordArray.init = function (typedArray) {
7435 // Convert buffers to uint8
7436 if (typedArray instanceof ArrayBuffer) {
7437 typedArray = new Uint8Array(typedArray);
7438 }
7440 // Convert other array views to uint8
7441 if (
7442 typedArray instanceof Int8Array ||
7443 typedArray instanceof Uint8ClampedArray ||
7444 typedArray instanceof Int16Array ||
7445 typedArray instanceof Uint16Array ||
7446 typedArray instanceof Int32Array ||
7447 typedArray instanceof Uint32Array ||
7448 typedArray instanceof Float32Array ||
7449 typedArray instanceof Float64Array
7450 ) {
7451 typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
7452 }
7454 // Handle Uint8Array
7455 if (typedArray instanceof Uint8Array) {
7456 // Shortcut
7457 var typedArrayByteLength = typedArray.byteLength;
7459 // Extract bytes
7460 var words = [];
7461 for (var i = 0; i < typedArrayByteLength; i++) {
7462 words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8);
7463 }
7465 // Initialize this word array
7466 superInit.call(this, words, typedArrayByteLength);
7467 } else {
7468 // Else call normal init
7469 superInit.apply(this, arguments);
7470 }
7471 };
7473 subInit.prototype = WordArray;
7474 }());
7477 return CryptoJS.lib.WordArray;
7481;(function (root, factory) {
7482 if (typeof exports === "object") {
7483 // CommonJS
7484 module.exports = exports = factory(_dereq_("./core"));
7485 }
7486 else if (typeof define === "function" && define.amd) {
7487 // AMD
7488 define(["./core"], factory);
7489 }
7490 else {
7491 // Global (browser)
7492 factory(root.CryptoJS);
7493 }
7494}(this, function (CryptoJS) {
7496 (function (Math) {
7497 // Shortcuts
7498 var C = CryptoJS;
7499 var C_lib = C.lib;
7500 var WordArray = C_lib.WordArray;
7501 var Hasher = C_lib.Hasher;
7502 var C_algo = C.algo;
7504 // Constants table
7505 var T = [];
7507 // Compute constants
7508 (function () {
7509 for (var i = 0; i < 64; i++) {
7510 T[i] = (Math.abs(Math.sin(i + 1)) * 0x100000000) | 0;
7511 }
7512 }());
7514 /**
7515 * MD5 hash algorithm.
7516 */
7517 var MD5 = C_algo.MD5 = Hasher.extend({
7518 _doReset: function () {
7519 this._hash = new WordArray.init([
7520 0x67452301, 0xefcdab89,
7521 0x98badcfe, 0x10325476
7522 ]);
7523 },
7525 _doProcessBlock: function (M, offset) {
7526 // Swap endian
7527 for (var i = 0; i < 16; i++) {
7528 // Shortcuts
7529 var offset_i = offset + i;
7530 var M_offset_i = M[offset_i];
7532 M[offset_i] = (
7533 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
7534 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
7535 );
7536 }
7538 // Shortcuts
7539 var H = this._hash.words;
7541 var M_offset_0 = M[offset + 0];
7542 var M_offset_1 = M[offset + 1];
7543 var M_offset_2 = M[offset + 2];
7544 var M_offset_3 = M[offset + 3];
7545 var M_offset_4 = M[offset + 4];
7546 var M_offset_5 = M[offset + 5];
7547 var M_offset_6 = M[offset + 6];
7548 var M_offset_7 = M[offset + 7];
7549 var M_offset_8 = M[offset + 8];
7550 var M_offset_9 = M[offset + 9];
7551 var M_offset_10 = M[offset + 10];
7552 var M_offset_11 = M[offset + 11];
7553 var M_offset_12 = M[offset + 12];
7554 var M_offset_13 = M[offset + 13];
7555 var M_offset_14 = M[offset + 14];
7556 var M_offset_15 = M[offset + 15];
7558 // Working varialbes
7559 var a = H[0];
7560 var b = H[1];
7561 var c = H[2];
7562 var d = H[3];
7564 // Computation
7565 a = FF(a, b, c, d, M_offset_0, 7, T[0]);
7566 d = FF(d, a, b, c, M_offset_1, 12, T[1]);
7567 c = FF(c, d, a, b, M_offset_2, 17, T[2]);
7568 b = FF(b, c, d, a, M_offset_3, 22, T[3]);
7569 a = FF(a, b, c, d, M_offset_4, 7, T[4]);
7570 d = FF(d, a, b, c, M_offset_5, 12, T[5]);
7571 c = FF(c, d, a, b, M_offset_6, 17, T[6]);
7572 b = FF(b, c, d, a, M_offset_7, 22, T[7]);
7573 a = FF(a, b, c, d, M_offset_8, 7, T[8]);
7574 d = FF(d, a, b, c, M_offset_9, 12, T[9]);
7575 c = FF(c, d, a, b, M_offset_10, 17, T[10]);
7576 b = FF(b, c, d, a, M_offset_11, 22, T[11]);
7577 a = FF(a, b, c, d, M_offset_12, 7, T[12]);
7578 d = FF(d, a, b, c, M_offset_13, 12, T[13]);
7579 c = FF(c, d, a, b, M_offset_14, 17, T[14]);
7580 b = FF(b, c, d, a, M_offset_15, 22, T[15]);
7582 a = GG(a, b, c, d, M_offset_1, 5, T[16]);
7583 d = GG(d, a, b, c, M_offset_6, 9, T[17]);
7584 c = GG(c, d, a, b, M_offset_11, 14, T[18]);
7585 b = GG(b, c, d, a, M_offset_0, 20, T[19]);
7586 a = GG(a, b, c, d, M_offset_5, 5, T[20]);
7587 d = GG(d, a, b, c, M_offset_10, 9, T[21]);
7588 c = GG(c, d, a, b, M_offset_15, 14, T[22]);
7589 b = GG(b, c, d, a, M_offset_4, 20, T[23]);
7590 a = GG(a, b, c, d, M_offset_9, 5, T[24]);
7591 d = GG(d, a, b, c, M_offset_14, 9, T[25]);
7592 c = GG(c, d, a, b, M_offset_3, 14, T[26]);
7593 b = GG(b, c, d, a, M_offset_8, 20, T[27]);
7594 a = GG(a, b, c, d, M_offset_13, 5, T[28]);
7595 d = GG(d, a, b, c, M_offset_2, 9, T[29]);
7596 c = GG(c, d, a, b, M_offset_7, 14, T[30]);
7597 b = GG(b, c, d, a, M_offset_12, 20, T[31]);
7599 a = HH(a, b, c, d, M_offset_5, 4, T[32]);
7600 d = HH(d, a, b, c, M_offset_8, 11, T[33]);
7601 c = HH(c, d, a, b, M_offset_11, 16, T[34]);
7602 b = HH(b, c, d, a, M_offset_14, 23, T[35]);
7603 a = HH(a, b, c, d, M_offset_1, 4, T[36]);
7604 d = HH(d, a, b, c, M_offset_4, 11, T[37]);
7605 c = HH(c, d, a, b, M_offset_7, 16, T[38]);
7606 b = HH(b, c, d, a, M_offset_10, 23, T[39]);
7607 a = HH(a, b, c, d, M_offset_13, 4, T[40]);
7608 d = HH(d, a, b, c, M_offset_0, 11, T[41]);
7609 c = HH(c, d, a, b, M_offset_3, 16, T[42]);
7610 b = HH(b, c, d, a, M_offset_6, 23, T[43]);
7611 a = HH(a, b, c, d, M_offset_9, 4, T[44]);
7612 d = HH(d, a, b, c, M_offset_12, 11, T[45]);
7613 c = HH(c, d, a, b, M_offset_15, 16, T[46]);
7614 b = HH(b, c, d, a, M_offset_2, 23, T[47]);
7616 a = II(a, b, c, d, M_offset_0, 6, T[48]);
7617 d = II(d, a, b, c, M_offset_7, 10, T[49]);
7618 c = II(c, d, a, b, M_offset_14, 15, T[50]);
7619 b = II(b, c, d, a, M_offset_5, 21, T[51]);
7620 a = II(a, b, c, d, M_offset_12, 6, T[52]);
7621 d = II(d, a, b, c, M_offset_3, 10, T[53]);
7622 c = II(c, d, a, b, M_offset_10, 15, T[54]);
7623 b = II(b, c, d, a, M_offset_1, 21, T[55]);
7624 a = II(a, b, c, d, M_offset_8, 6, T[56]);
7625 d = II(d, a, b, c, M_offset_15, 10, T[57]);
7626 c = II(c, d, a, b, M_offset_6, 15, T[58]);
7627 b = II(b, c, d, a, M_offset_13, 21, T[59]);
7628 a = II(a, b, c, d, M_offset_4, 6, T[60]);
7629 d = II(d, a, b, c, M_offset_11, 10, T[61]);
7630 c = II(c, d, a, b, M_offset_2, 15, T[62]);
7631 b = II(b, c, d, a, M_offset_9, 21, T[63]);
7633 // Intermediate hash value
7634 H[0] = (H[0] + a) | 0;
7635 H[1] = (H[1] + b) | 0;
7636 H[2] = (H[2] + c) | 0;
7637 H[3] = (H[3] + d) | 0;
7638 },
7640 _doFinalize: function () {
7641 // Shortcuts
7642 var data = this._data;
7643 var dataWords = data.words;
7645 var nBitsTotal = this._nDataBytes * 8;
7646 var nBitsLeft = data.sigBytes * 8;
7648 // Add padding
7649 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
7651 var nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
7652 var nBitsTotalL = nBitsTotal;
7653 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = (
7654 (((nBitsTotalH << 8) | (nBitsTotalH >>> 24)) & 0x00ff00ff) |
7655 (((nBitsTotalH << 24) | (nBitsTotalH >>> 8)) & 0xff00ff00)
7656 );
7657 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
7658 (((nBitsTotalL << 8) | (nBitsTotalL >>> 24)) & 0x00ff00ff) |
7659 (((nBitsTotalL << 24) | (nBitsTotalL >>> 8)) & 0xff00ff00)
7660 );
7662 data.sigBytes = (dataWords.length + 1) * 4;
7664 // Hash final blocks
7665 this._process();
7667 // Shortcuts
7668 var hash = this._hash;
7669 var H = hash.words;
7671 // Swap endian
7672 for (var i = 0; i < 4; i++) {
7673 // Shortcut
7674 var H_i = H[i];
7676 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
7677 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
7678 }
7680 // Return final computed hash
7681 return hash;
7682 },
7684 clone: function () {
7685 var clone = Hasher.clone.call(this);
7686 clone._hash = this._hash.clone();
7688 return clone;
7689 }
7690 });
7692 function FF(a, b, c, d, x, s, t) {
7693 var n = a + ((b & c) | (~b & d)) + x + t;
7694 return ((n << s) | (n >>> (32 - s))) + b;
7695 }
7697 function GG(a, b, c, d, x, s, t) {
7698 var n = a + ((b & d) | (c & ~d)) + x + t;
7699 return ((n << s) | (n >>> (32 - s))) + b;
7700 }
7702 function HH(a, b, c, d, x, s, t) {
7703 var n = a + (b ^ c ^ d) + x + t;
7704 return ((n << s) | (n >>> (32 - s))) + b;
7705 }
7707 function II(a, b, c, d, x, s, t) {
7708 var n = a + (c ^ (b | ~d)) + x + t;
7709 return ((n << s) | (n >>> (32 - s))) + b;
7710 }
7712 /**
7713 * Shortcut function to the hasher's object interface.
7714 *
7715 * @param {WordArray|string} message The message to hash.
7716 *
7717 * @return {WordArray} The hash.
7718 *
7719 * @static
7720 *
7721 * @example
7722 *
7723 * var hash = CryptoJS.MD5('message');
7724 * var hash = CryptoJS.MD5(wordArray);
7725 */
7726 C.MD5 = Hasher._createHelper(MD5);
7728 /**
7729 * Shortcut function to the HMAC's object interface.
7730 *
7731 * @param {WordArray|string} message The message to hash.
7732 * @param {WordArray|string} key The secret key.
7733 *
7734 * @return {WordArray} The HMAC.
7735 *
7736 * @static
7737 *
7738 * @example
7739 *
7740 * var hmac = CryptoJS.HmacMD5(message, key);
7741 */
7742 C.HmacMD5 = Hasher._createHmacHelper(MD5);
7743 }(Math));
7746 return CryptoJS.MD5;
7750;(function (root, factory, undef) {
7751 if (typeof exports === "object") {
7752 // CommonJS
7753 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7754 }
7755 else if (typeof define === "function" && define.amd) {
7756 // AMD
7757 define(["./core", "./cipher-core"], factory);
7758 }
7759 else {
7760 // Global (browser)
7761 factory(root.CryptoJS);
7762 }
7763}(this, function (CryptoJS) {
7765 /**
7766 * Cipher Feedback block mode.
7767 */
7768 CryptoJS.mode.CFB = (function () {
7769 var CFB = CryptoJS.lib.BlockCipherMode.extend();
7771 CFB.Encryptor = CFB.extend({
7772 processBlock: function (words, offset) {
7773 // Shortcuts
7774 var cipher = this._cipher;
7775 var blockSize = cipher.blockSize;
7777 generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
7779 // Remember this block to use with next block
7780 this._prevBlock = words.slice(offset, offset + blockSize);
7781 }
7782 });
7784 CFB.Decryptor = CFB.extend({
7785 processBlock: function (words, offset) {
7786 // Shortcuts
7787 var cipher = this._cipher;
7788 var blockSize = cipher.blockSize;
7790 // Remember this block to use with next block
7791 var thisBlock = words.slice(offset, offset + blockSize);
7793 generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
7795 // This block becomes the previous block
7796 this._prevBlock = thisBlock;
7797 }
7798 });
7800 function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) {
7801 // Shortcut
7802 var iv = this._iv;
7804 // Generate keystream
7805 if (iv) {
7806 var keystream = iv.slice(0);
7808 // Remove IV for subsequent blocks
7809 this._iv = undefined;
7810 } else {
7811 var keystream = this._prevBlock;
7812 }
7813 cipher.encryptBlock(keystream, 0);
7815 // Encrypt
7816 for (var i = 0; i < blockSize; i++) {
7817 words[offset + i] ^= keystream[i];
7818 }
7819 }
7821 return CFB;
7822 }());
7825 return CryptoJS.mode.CFB;
7829;(function (root, factory, undef) {
7830 if (typeof exports === "object") {
7831 // CommonJS
7832 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7833 }
7834 else if (typeof define === "function" && define.amd) {
7835 // AMD
7836 define(["./core", "./cipher-core"], factory);
7837 }
7838 else {
7839 // Global (browser)
7840 factory(root.CryptoJS);
7841 }
7842}(this, function (CryptoJS) {
7844 /** @preserve
7845 * Counter block mode compatible with Dr Brian Gladman fileenc.c
7846 * derived from CryptoJS.mode.CTR
7847 * Jan Hruby jhruby.web@gmail.com
7848 */
7849 CryptoJS.mode.CTRGladman = (function () {
7850 var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
7852 function incWord(word)
7853 {
7854 if (((word >> 24) & 0xff) === 0xff) { //overflow
7855 var b1 = (word >> 16)&0xff;
7856 var b2 = (word >> 8)&0xff;
7857 var b3 = word & 0xff;
7859 if (b1 === 0xff) // overflow b1
7860 {
7861 b1 = 0;
7862 if (b2 === 0xff)
7863 {
7864 b2 = 0;
7865 if (b3 === 0xff)
7866 {
7867 b3 = 0;
7868 }
7869 else
7870 {
7871 ++b3;
7872 }
7873 }
7874 else
7875 {
7876 ++b2;
7877 }
7878 }
7879 else
7880 {
7881 ++b1;
7882 }
7884 word = 0;
7885 word += (b1 << 16);
7886 word += (b2 << 8);
7887 word += b3;
7888 }
7889 else
7890 {
7891 word += (0x01 << 24);
7892 }
7893 return word;
7894 }
7896 function incCounter(counter)
7897 {
7898 if ((counter[0] = incWord(counter[0])) === 0)
7899 {
7900 // encr_data in fileenc.c from Dr Brian Gladman's counts only with DWORD j < 8
7901 counter[1] = incWord(counter[1]);
7902 }
7903 return counter;
7904 }
7906 var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
7907 processBlock: function (words, offset) {
7908 // Shortcuts
7909 var cipher = this._cipher
7910 var blockSize = cipher.blockSize;
7911 var iv = this._iv;
7912 var counter = this._counter;
7914 // Generate keystream
7915 if (iv) {
7916 counter = this._counter = iv.slice(0);
7918 // Remove IV for subsequent blocks
7919 this._iv = undefined;
7920 }
7922 incCounter(counter);
7924 var keystream = counter.slice(0);
7925 cipher.encryptBlock(keystream, 0);
7927 // Encrypt
7928 for (var i = 0; i < blockSize; i++) {
7929 words[offset + i] ^= keystream[i];
7930 }
7931 }
7932 });
7934 CTRGladman.Decryptor = Encryptor;
7936 return CTRGladman;
7937 }());
7942 return CryptoJS.mode.CTRGladman;
7946;(function (root, factory, undef) {
7947 if (typeof exports === "object") {
7948 // CommonJS
7949 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
7950 }
7951 else if (typeof define === "function" && define.amd) {
7952 // AMD
7953 define(["./core", "./cipher-core"], factory);
7954 }
7955 else {
7956 // Global (browser)
7957 factory(root.CryptoJS);
7958 }
7959}(this, function (CryptoJS) {
7961 /**
7962 * Counter block mode.
7963 */
7964 CryptoJS.mode.CTR = (function () {
7965 var CTR = CryptoJS.lib.BlockCipherMode.extend();
7967 var Encryptor = CTR.Encryptor = CTR.extend({
7968 processBlock: function (words, offset) {
7969 // Shortcuts
7970 var cipher = this._cipher
7971 var blockSize = cipher.blockSize;
7972 var iv = this._iv;
7973 var counter = this._counter;
7975 // Generate keystream
7976 if (iv) {
7977 counter = this._counter = iv.slice(0);
7979 // Remove IV for subsequent blocks
7980 this._iv = undefined;
7981 }
7982 var keystream = counter.slice(0);
7983 cipher.encryptBlock(keystream, 0);
7985 // Increment counter
7986 counter[blockSize - 1] = (counter[blockSize - 1] + 1) | 0
7988 // Encrypt
7989 for (var i = 0; i < blockSize; i++) {
7990 words[offset + i] ^= keystream[i];
7991 }
7992 }
7993 });
7995 CTR.Decryptor = Encryptor;
7997 return CTR;
7998 }());
8001 return CryptoJS.mode.CTR;
8005;(function (root, factory, undef) {
8006 if (typeof exports === "object") {
8007 // CommonJS
8008 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8009 }
8010 else if (typeof define === "function" && define.amd) {
8011 // AMD
8012 define(["./core", "./cipher-core"], factory);
8013 }
8014 else {
8015 // Global (browser)
8016 factory(root.CryptoJS);
8017 }
8018}(this, function (CryptoJS) {
8020 /**
8021 * Electronic Codebook block mode.
8022 */
8023 CryptoJS.mode.ECB = (function () {
8024 var ECB = CryptoJS.lib.BlockCipherMode.extend();
8026 ECB.Encryptor = ECB.extend({
8027 processBlock: function (words, offset) {
8028 this._cipher.encryptBlock(words, offset);
8029 }
8030 });
8032 ECB.Decryptor = ECB.extend({
8033 processBlock: function (words, offset) {
8034 this._cipher.decryptBlock(words, offset);
8035 }
8036 });
8038 return ECB;
8039 }());
8042 return CryptoJS.mode.ECB;
8046;(function (root, factory, undef) {
8047 if (typeof exports === "object") {
8048 // CommonJS
8049 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8050 }
8051 else if (typeof define === "function" && define.amd) {
8052 // AMD
8053 define(["./core", "./cipher-core"], factory);
8054 }
8055 else {
8056 // Global (browser)
8057 factory(root.CryptoJS);
8058 }
8059}(this, function (CryptoJS) {
8061 /**
8062 * Output Feedback block mode.
8063 */
8064 CryptoJS.mode.OFB = (function () {
8065 var OFB = CryptoJS.lib.BlockCipherMode.extend();
8067 var Encryptor = OFB.Encryptor = OFB.extend({
8068 processBlock: function (words, offset) {
8069 // Shortcuts
8070 var cipher = this._cipher
8071 var blockSize = cipher.blockSize;
8072 var iv = this._iv;
8073 var keystream = this._keystream;
8075 // Generate keystream
8076 if (iv) {
8077 keystream = this._keystream = iv.slice(0);
8079 // Remove IV for subsequent blocks
8080 this._iv = undefined;
8081 }
8082 cipher.encryptBlock(keystream, 0);
8084 // Encrypt
8085 for (var i = 0; i < blockSize; i++) {
8086 words[offset + i] ^= keystream[i];
8087 }
8088 }
8089 });
8091 OFB.Decryptor = Encryptor;
8093 return OFB;
8094 }());
8097 return CryptoJS.mode.OFB;
8101;(function (root, factory, undef) {
8102 if (typeof exports === "object") {
8103 // CommonJS
8104 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8105 }
8106 else if (typeof define === "function" && define.amd) {
8107 // AMD
8108 define(["./core", "./cipher-core"], factory);
8109 }
8110 else {
8111 // Global (browser)
8112 factory(root.CryptoJS);
8113 }
8114}(this, function (CryptoJS) {
8116 /**
8117 * ANSI X.923 padding strategy.
8118 */
8119 CryptoJS.pad.AnsiX923 = {
8120 pad: function (data, blockSize) {
8121 // Shortcuts
8122 var dataSigBytes = data.sigBytes;
8123 var blockSizeBytes = blockSize * 4;
8125 // Count padding bytes
8126 var nPaddingBytes = blockSizeBytes - dataSigBytes % blockSizeBytes;
8128 // Compute last byte position
8129 var lastBytePos = dataSigBytes + nPaddingBytes - 1;
8131 // Pad
8132 data.clamp();
8133 data.words[lastBytePos >>> 2] |= nPaddingBytes << (24 - (lastBytePos % 4) * 8);
8134 data.sigBytes += nPaddingBytes;
8135 },
8137 unpad: function (data) {
8138 // Get number of padding bytes from last byte
8139 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
8141 // Remove padding
8142 data.sigBytes -= nPaddingBytes;
8143 }
8144 };
8147 return CryptoJS.pad.Ansix923;
8151;(function (root, factory, undef) {
8152 if (typeof exports === "object") {
8153 // CommonJS
8154 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8155 }
8156 else if (typeof define === "function" && define.amd) {
8157 // AMD
8158 define(["./core", "./cipher-core"], factory);
8159 }
8160 else {
8161 // Global (browser)
8162 factory(root.CryptoJS);
8163 }
8164}(this, function (CryptoJS) {
8166 /**
8167 * ISO 10126 padding strategy.
8168 */
8169 CryptoJS.pad.Iso10126 = {
8170 pad: function (data, blockSize) {
8171 // Shortcut
8172 var blockSizeBytes = blockSize * 4;
8174 // Count padding bytes
8175 var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
8177 // Pad
8178 data.concat(CryptoJS.lib.WordArray.random(nPaddingBytes - 1)).
8179 concat(CryptoJS.lib.WordArray.create([nPaddingBytes << 24], 1));
8180 },
8182 unpad: function (data) {
8183 // Get number of padding bytes from last byte
8184 var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
8186 // Remove padding
8187 data.sigBytes -= nPaddingBytes;
8188 }
8189 };
8192 return CryptoJS.pad.Iso10126;
8196;(function (root, factory, undef) {
8197 if (typeof exports === "object") {
8198 // CommonJS
8199 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8200 }
8201 else if (typeof define === "function" && define.amd) {
8202 // AMD
8203 define(["./core", "./cipher-core"], factory);
8204 }
8205 else {
8206 // Global (browser)
8207 factory(root.CryptoJS);
8208 }
8209}(this, function (CryptoJS) {
8211 /**
8212 * ISO/IEC 9797-1 Padding Method 2.
8213 */
8214 CryptoJS.pad.Iso97971 = {
8215 pad: function (data, blockSize) {
8216 // Add 0x80 byte
8217 data.concat(CryptoJS.lib.WordArray.create([0x80000000], 1));
8219 // Zero pad the rest
8220 CryptoJS.pad.ZeroPadding.pad(data, blockSize);
8221 },
8223 unpad: function (data) {
8224 // Remove zero padding
8225 CryptoJS.pad.ZeroPadding.unpad(data);
8227 // Remove one more byte -- the 0x80 byte
8228 data.sigBytes--;
8229 }
8230 };
8233 return CryptoJS.pad.Iso97971;
8237;(function (root, factory, undef) {
8238 if (typeof exports === "object") {
8239 // CommonJS
8240 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8241 }
8242 else if (typeof define === "function" && define.amd) {
8243 // AMD
8244 define(["./core", "./cipher-core"], factory);
8245 }
8246 else {
8247 // Global (browser)
8248 factory(root.CryptoJS);
8249 }
8250}(this, function (CryptoJS) {
8252 /**
8253 * A noop padding strategy.
8254 */
8255 CryptoJS.pad.NoPadding = {
8256 pad: function () {
8257 },
8259 unpad: function () {
8260 }
8261 };
8264 return CryptoJS.pad.NoPadding;
8268;(function (root, factory, undef) {
8269 if (typeof exports === "object") {
8270 // CommonJS
8271 module.exports = exports = factory(_dereq_("./core"), _dereq_("./cipher-core"));
8272 }
8273 else if (typeof define === "function" && define.amd) {
8274 // AMD
8275 define(["./core", "./cipher-core"], factory);
8276 }
8277 else {
8278 // Global (browser)
8279 factory(root.CryptoJS);
8280 }
8281}(this, function (CryptoJS) {
8283 /**
8284 * Zero padding strategy.
8285 */
8286 CryptoJS.pad.ZeroPadding = {
8287 pad: function (data, blockSize) {
8288 // Shortcut
8289 var blockSizeBytes = blockSize * 4;
8291 // Pad
8292 data.clamp();
8293 data.sigBytes += blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);
8294 },
8296 unpad: function (data) {
8297 // Shortcut
8298 var dataWords = data.words;
8300 // Unpad
8301 var i = data.sigBytes - 1;
8302 while (!((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) {
8303 i--;
8304 }
8305 data.sigBytes = i + 1;
8306 }
8307 };
8310 return CryptoJS.pad.ZeroPadding;
8314;(function (root, factory, undef) {
8315 if (typeof exports === "object") {
8316 // CommonJS
8317 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha1"), _dereq_("./hmac"));
8318 }
8319 else if (typeof define === "function" && define.amd) {
8320 // AMD
8321 define(["./core", "./sha1", "./hmac"], factory);
8322 }
8323 else {
8324 // Global (browser)
8325 factory(root.CryptoJS);
8326 }
8327}(this, function (CryptoJS) {
8329 (function () {
8330 // Shortcuts
8331 var C = CryptoJS;
8332 var C_lib = C.lib;
8333 var Base = C_lib.Base;
8334 var WordArray = C_lib.WordArray;
8335 var C_algo = C.algo;
8336 var SHA1 = C_algo.SHA1;
8337 var HMAC = C_algo.HMAC;
8339 /**
8340 * Password-Based Key Derivation Function 2 algorithm.
8341 */
8342 var PBKDF2 = C_algo.PBKDF2 = Base.extend({
8343 /**
8344 * Configuration options.
8345 *
8346 * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
8347 * @property {Hasher} hasher The hasher to use. Default: SHA1
8348 * @property {number} iterations The number of iterations to perform. Default: 1
8349 */
8350 cfg: Base.extend({
8351 keySize: 128/32,
8352 hasher: SHA1,
8353 iterations: 1
8354 }),
8356 /**
8357 * Initializes a newly created key derivation function.
8358 *
8359 * @param {Object} cfg (Optional) The configuration options to use for the derivation.
8360 *
8361 * @example
8362 *
8363 * var kdf = CryptoJS.algo.PBKDF2.create();
8364 * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
8365 * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
8366 */
8367 init: function (cfg) {
8368 this.cfg = this.cfg.extend(cfg);
8369 },
8371 /**
8372 * Computes the Password-Based Key Derivation Function 2.
8373 *
8374 * @param {WordArray|string} password The password.
8375 * @param {WordArray|string} salt A salt.
8376 *
8377 * @return {WordArray} The derived key.
8378 *
8379 * @example
8380 *
8381 * var key = kdf.compute(password, salt);
8382 */
8383 compute: function (password, salt) {
8384 // Shortcut
8385 var cfg = this.cfg;
8387 // Init HMAC
8388 var hmac = HMAC.create(cfg.hasher, password);
8390 // Initial values
8391 var derivedKey = WordArray.create();
8392 var blockIndex = WordArray.create([0x00000001]);
8394 // Shortcuts
8395 var derivedKeyWords = derivedKey.words;
8396 var blockIndexWords = blockIndex.words;
8397 var keySize = cfg.keySize;
8398 var iterations = cfg.iterations;
8400 // Generate key
8401 while (derivedKeyWords.length < keySize) {
8402 var block = hmac.update(salt).finalize(blockIndex);
8403 hmac.reset();
8405 // Shortcuts
8406 var blockWords = block.words;
8407 var blockWordsLength = blockWords.length;
8409 // Iterations
8410 var intermediate = block;
8411 for (var i = 1; i < iterations; i++) {
8412 intermediate = hmac.finalize(intermediate);
8413 hmac.reset();
8415 // Shortcut
8416 var intermediateWords = intermediate.words;
8418 // XOR intermediate with block
8419 for (var j = 0; j < blockWordsLength; j++) {
8420 blockWords[j] ^= intermediateWords[j];
8421 }
8422 }
8424 derivedKey.concat(block);
8425 blockIndexWords[0]++;
8426 }
8427 derivedKey.sigBytes = keySize * 4;
8429 return derivedKey;
8430 }
8431 });
8433 /**
8434 * Computes the Password-Based Key Derivation Function 2.
8435 *
8436 * @param {WordArray|string} password The password.
8437 * @param {WordArray|string} salt A salt.
8438 * @param {Object} cfg (Optional) The configuration options to use for this computation.
8439 *
8440 * @return {WordArray} The derived key.
8441 *
8442 * @static
8443 *
8444 * @example
8445 *
8446 * var key = CryptoJS.PBKDF2(password, salt);
8447 * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
8448 * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
8449 */
8450 C.PBKDF2 = function (password, salt, cfg) {
8451 return PBKDF2.create(cfg).compute(password, salt);
8452 };
8453 }());
8456 return CryptoJS.PBKDF2;
8460;(function (root, factory, undef) {
8461 if (typeof exports === "object") {
8462 // CommonJS
8463 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8464 }
8465 else if (typeof define === "function" && define.amd) {
8466 // AMD
8467 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8468 }
8469 else {
8470 // Global (browser)
8471 factory(root.CryptoJS);
8472 }
8473}(this, function (CryptoJS) {
8475 (function () {
8476 // Shortcuts
8477 var C = CryptoJS;
8478 var C_lib = C.lib;
8479 var StreamCipher = C_lib.StreamCipher;
8480 var C_algo = C.algo;
8482 // Reusable objects
8483 var S = [];
8484 var C_ = [];
8485 var G = [];
8487 /**
8488 * Rabbit stream cipher algorithm.
8489 *
8490 * This is a legacy version that neglected to convert the key to little-endian.
8491 * This error doesn't affect the cipher's security,
8492 * but it does affect its compatibility with other implementations.
8493 */
8494 var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
8495 _doReset: function () {
8496 // Shortcuts
8497 var K = this._key.words;
8498 var iv = this.cfg.iv;
8500 // Generate initial state values
8501 var X = this._X = [
8502 K[0], (K[3] << 16) | (K[2] >>> 16),
8503 K[1], (K[0] << 16) | (K[3] >>> 16),
8504 K[2], (K[1] << 16) | (K[0] >>> 16),
8505 K[3], (K[2] << 16) | (K[1] >>> 16)
8506 ];
8508 // Generate initial counter values
8509 var C = this._C = [
8510 (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
8511 (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
8512 (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
8513 (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
8514 ];
8516 // Carry bit
8517 this._b = 0;
8519 // Iterate the system four times
8520 for (var i = 0; i < 4; i++) {
8521 nextState.call(this);
8522 }
8524 // Modify the counters
8525 for (var i = 0; i < 8; i++) {
8526 C[i] ^= X[(i + 4) & 7];
8527 }
8529 // IV setup
8530 if (iv) {
8531 // Shortcuts
8532 var IV = iv.words;
8533 var IV_0 = IV[0];
8534 var IV_1 = IV[1];
8536 // Generate four subvectors
8537 var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
8538 var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
8539 var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
8540 var i3 = (i2 << 16) | (i0 & 0x0000ffff);
8542 // Modify counter values
8543 C[0] ^= i0;
8544 C[1] ^= i1;
8545 C[2] ^= i2;
8546 C[3] ^= i3;
8547 C[4] ^= i0;
8548 C[5] ^= i1;
8549 C[6] ^= i2;
8550 C[7] ^= i3;
8552 // Iterate the system four times
8553 for (var i = 0; i < 4; i++) {
8554 nextState.call(this);
8555 }
8556 }
8557 },
8559 _doProcessBlock: function (M, offset) {
8560 // Shortcut
8561 var X = this._X;
8563 // Iterate the system
8564 nextState.call(this);
8566 // Generate four keystream words
8567 S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
8568 S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
8569 S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
8570 S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
8572 for (var i = 0; i < 4; i++) {
8573 // Swap endian
8574 S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
8575 (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
8577 // Encrypt
8578 M[offset + i] ^= S[i];
8579 }
8580 },
8582 blockSize: 128/32,
8584 ivSize: 64/32
8585 });
8587 function nextState() {
8588 // Shortcuts
8589 var X = this._X;
8590 var C = this._C;
8592 // Save old counter values
8593 for (var i = 0; i < 8; i++) {
8594 C_[i] = C[i];
8595 }
8597 // Calculate new counter values
8598 C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
8599 C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
8600 C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
8601 C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
8602 C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
8603 C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
8604 C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
8605 C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
8606 this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
8608 // Calculate the g-values
8609 for (var i = 0; i < 8; i++) {
8610 var gx = X[i] + C[i];
8612 // Construct high and low argument for squaring
8613 var ga = gx & 0xffff;
8614 var gb = gx >>> 16;
8616 // Calculate high and low result of squaring
8617 var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
8618 var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
8620 // High XOR low
8621 G[i] = gh ^ gl;
8622 }
8624 // Calculate new state values
8625 X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
8626 X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
8627 X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
8628 X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
8629 X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
8630 X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
8631 X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
8632 X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
8633 }
8635 /**
8636 * Shortcut functions to the cipher's object interface.
8637 *
8638 * @example
8639 *
8640 * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
8641 * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
8642 */
8643 C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
8644 }());
8647 return CryptoJS.RabbitLegacy;
8651;(function (root, factory, undef) {
8652 if (typeof exports === "object") {
8653 // CommonJS
8654 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8655 }
8656 else if (typeof define === "function" && define.amd) {
8657 // AMD
8658 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8659 }
8660 else {
8661 // Global (browser)
8662 factory(root.CryptoJS);
8663 }
8664}(this, function (CryptoJS) {
8666 (function () {
8667 // Shortcuts
8668 var C = CryptoJS;
8669 var C_lib = C.lib;
8670 var StreamCipher = C_lib.StreamCipher;
8671 var C_algo = C.algo;
8673 // Reusable objects
8674 var S = [];
8675 var C_ = [];
8676 var G = [];
8678 /**
8679 * Rabbit stream cipher algorithm
8680 */
8681 var Rabbit = C_algo.Rabbit = StreamCipher.extend({
8682 _doReset: function () {
8683 // Shortcuts
8684 var K = this._key.words;
8685 var iv = this.cfg.iv;
8687 // Swap endian
8688 for (var i = 0; i < 4; i++) {
8689 K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
8690 (((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
8691 }
8693 // Generate initial state values
8694 var X = this._X = [
8695 K[0], (K[3] << 16) | (K[2] >>> 16),
8696 K[1], (K[0] << 16) | (K[3] >>> 16),
8697 K[2], (K[1] << 16) | (K[0] >>> 16),
8698 K[3], (K[2] << 16) | (K[1] >>> 16)
8699 ];
8701 // Generate initial counter values
8702 var C = this._C = [
8703 (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
8704 (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
8705 (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
8706 (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
8707 ];
8709 // Carry bit
8710 this._b = 0;
8712 // Iterate the system four times
8713 for (var i = 0; i < 4; i++) {
8714 nextState.call(this);
8715 }
8717 // Modify the counters
8718 for (var i = 0; i < 8; i++) {
8719 C[i] ^= X[(i + 4) & 7];
8720 }
8722 // IV setup
8723 if (iv) {
8724 // Shortcuts
8725 var IV = iv.words;
8726 var IV_0 = IV[0];
8727 var IV_1 = IV[1];
8729 // Generate four subvectors
8730 var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
8731 var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
8732 var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
8733 var i3 = (i2 << 16) | (i0 & 0x0000ffff);
8735 // Modify counter values
8736 C[0] ^= i0;
8737 C[1] ^= i1;
8738 C[2] ^= i2;
8739 C[3] ^= i3;
8740 C[4] ^= i0;
8741 C[5] ^= i1;
8742 C[6] ^= i2;
8743 C[7] ^= i3;
8745 // Iterate the system four times
8746 for (var i = 0; i < 4; i++) {
8747 nextState.call(this);
8748 }
8749 }
8750 },
8752 _doProcessBlock: function (M, offset) {
8753 // Shortcut
8754 var X = this._X;
8756 // Iterate the system
8757 nextState.call(this);
8759 // Generate four keystream words
8760 S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
8761 S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
8762 S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
8763 S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
8765 for (var i = 0; i < 4; i++) {
8766 // Swap endian
8767 S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
8768 (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
8770 // Encrypt
8771 M[offset + i] ^= S[i];
8772 }
8773 },
8775 blockSize: 128/32,
8777 ivSize: 64/32
8778 });
8780 function nextState() {
8781 // Shortcuts
8782 var X = this._X;
8783 var C = this._C;
8785 // Save old counter values
8786 for (var i = 0; i < 8; i++) {
8787 C_[i] = C[i];
8788 }
8790 // Calculate new counter values
8791 C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
8792 C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
8793 C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
8794 C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
8795 C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
8796 C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
8797 C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
8798 C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
8799 this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
8801 // Calculate the g-values
8802 for (var i = 0; i < 8; i++) {
8803 var gx = X[i] + C[i];
8805 // Construct high and low argument for squaring
8806 var ga = gx & 0xffff;
8807 var gb = gx >>> 16;
8809 // Calculate high and low result of squaring
8810 var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
8811 var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
8813 // High XOR low
8814 G[i] = gh ^ gl;
8815 }
8817 // Calculate new state values
8818 X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
8819 X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
8820 X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
8821 X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
8822 X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
8823 X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
8824 X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
8825 X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
8826 }
8828 /**
8829 * Shortcut functions to the cipher's object interface.
8830 *
8831 * @example
8832 *
8833 * var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
8834 * var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
8835 */
8836 C.Rabbit = StreamCipher._createHelper(Rabbit);
8837 }());
8840 return CryptoJS.Rabbit;
8844;(function (root, factory, undef) {
8845 if (typeof exports === "object") {
8846 // CommonJS
8847 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
8848 }
8849 else if (typeof define === "function" && define.amd) {
8850 // AMD
8851 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
8852 }
8853 else {
8854 // Global (browser)
8855 factory(root.CryptoJS);
8856 }
8857}(this, function (CryptoJS) {
8859 (function () {
8860 // Shortcuts
8861 var C = CryptoJS;
8862 var C_lib = C.lib;
8863 var StreamCipher = C_lib.StreamCipher;
8864 var C_algo = C.algo;
8866 /**
8867 * RC4 stream cipher algorithm.
8868 */
8869 var RC4 = C_algo.RC4 = StreamCipher.extend({
8870 _doReset: function () {
8871 // Shortcuts
8872 var key = this._key;
8873 var keyWords = key.words;
8874 var keySigBytes = key.sigBytes;
8876 // Init sbox
8877 var S = this._S = [];
8878 for (var i = 0; i < 256; i++) {
8879 S[i] = i;
8880 }
8882 // Key setup
8883 for (var i = 0, j = 0; i < 256; i++) {
8884 var keyByteIndex = i % keySigBytes;
8885 var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
8887 j = (j + S[i] + keyByte) % 256;
8889 // Swap
8890 var t = S[i];
8891 S[i] = S[j];
8892 S[j] = t;
8893 }
8895 // Counters
8896 this._i = this._j = 0;
8897 },
8899 _doProcessBlock: function (M, offset) {
8900 M[offset] ^= generateKeystreamWord.call(this);
8901 },
8903 keySize: 256/32,
8905 ivSize: 0
8906 });
8908 function generateKeystreamWord() {
8909 // Shortcuts
8910 var S = this._S;
8911 var i = this._i;
8912 var j = this._j;
8914 // Generate keystream word
8915 var keystreamWord = 0;
8916 for (var n = 0; n < 4; n++) {
8917 i = (i + 1) % 256;
8918 j = (j + S[i]) % 256;
8920 // Swap
8921 var t = S[i];
8922 S[i] = S[j];
8923 S[j] = t;
8925 keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
8926 }
8928 // Update counters
8929 this._i = i;
8930 this._j = j;
8932 return keystreamWord;
8933 }
8935 /**
8936 * Shortcut functions to the cipher's object interface.
8937 *
8938 * @example
8939 *
8940 * var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
8941 * var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
8942 */
8943 C.RC4 = StreamCipher._createHelper(RC4);
8945 /**
8946 * Modified RC4 stream cipher algorithm.
8947 */
8948 var RC4Drop = C_algo.RC4Drop = RC4.extend({
8949 /**
8950 * Configuration options.
8951 *
8952 * @property {number} drop The number of keystream words to drop. Default 192
8953 */
8954 cfg: RC4.cfg.extend({
8955 drop: 192
8956 }),
8958 _doReset: function () {
8959 RC4._doReset.call(this);
8961 // Drop
8962 for (var i = this.cfg.drop; i > 0; i--) {
8963 generateKeystreamWord.call(this);
8964 }
8965 }
8966 });
8968 /**
8969 * Shortcut functions to the cipher's object interface.
8970 *
8971 * @example
8972 *
8973 * var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
8974 * var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
8975 */
8976 C.RC4Drop = StreamCipher._createHelper(RC4Drop);
8977 }());
8980 return CryptoJS.RC4;
8984;(function (root, factory) {
8985 if (typeof exports === "object") {
8986 // CommonJS
8987 module.exports = exports = factory(_dereq_("./core"));
8988 }
8989 else if (typeof define === "function" && define.amd) {
8990 // AMD
8991 define(["./core"], factory);
8992 }
8993 else {
8994 // Global (browser)
8995 factory(root.CryptoJS);
8996 }
8997}(this, function (CryptoJS) {
8999 /** @preserve
9000 (c) 2012 by Cédric Mesnil. All rights reserved.
9002 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
9004 - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
9005 - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
9008 */
9010 (function (Math) {
9011 // Shortcuts
9012 var C = CryptoJS;
9013 var C_lib = C.lib;
9014 var WordArray = C_lib.WordArray;
9015 var Hasher = C_lib.Hasher;
9016 var C_algo = C.algo;
9018 // Constants table
9019 var _zl = WordArray.create([
9020 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
9021 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
9022 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
9023 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
9024 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13]);
9025 var _zr = WordArray.create([
9026 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
9027 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
9028 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
9029 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
9030 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11]);
9031 var _sl = WordArray.create([
9032 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
9033 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
9034 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
9035 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9036 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ]);
9037 var _sr = WordArray.create([
9038 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9039 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9040 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
9041 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
9042 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ]);
9044 var _hl = WordArray.create([ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]);
9045 var _hr = WordArray.create([ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]);
9047 /**
9048 * RIPEMD160 hash algorithm.
9049 */
9050 var RIPEMD160 = C_algo.RIPEMD160 = Hasher.extend({
9051 _doReset: function () {
9052 this._hash = WordArray.create([0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]);
9053 },
9055 _doProcessBlock: function (M, offset) {
9057 // Swap endian
9058 for (var i = 0; i < 16; i++) {
9059 // Shortcuts
9060 var offset_i = offset + i;
9061 var M_offset_i = M[offset_i];
9063 // Swap
9064 M[offset_i] = (
9065 (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
9066 (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
9067 );
9068 }
9069 // Shortcut
9070 var H = this._hash.words;
9071 var hl = _hl.words;
9072 var hr = _hr.words;
9073 var zl = _zl.words;
9074 var zr = _zr.words;
9075 var sl = _sl.words;
9076 var sr = _sr.words;
9078 // Working variables
9079 var al, bl, cl, dl, el;
9080 var ar, br, cr, dr, er;
9082 ar = al = H[0];
9083 br = bl = H[1];
9084 cr = cl = H[2];
9085 dr = dl = H[3];
9086 er = el = H[4];
9087 // Computation
9088 var t;
9089 for (var i = 0; i < 80; i += 1) {
9090 t = (al + M[offset+zl[i]])|0;
9091 if (i<16){
9092 t += f1(bl,cl,dl) + hl[0];
9093 } else if (i<32) {
9094 t += f2(bl,cl,dl) + hl[1];
9095 } else if (i<48) {
9096 t += f3(bl,cl,dl) + hl[2];
9097 } else if (i<64) {
9098 t += f4(bl,cl,dl) + hl[3];
9099 } else {// if (i<80) {
9100 t += f5(bl,cl,dl) + hl[4];
9101 }
9102 t = t|0;
9103 t = rotl(t,sl[i]);
9104 t = (t+el)|0;
9105 al = el;
9106 el = dl;
9107 dl = rotl(cl, 10);
9108 cl = bl;
9109 bl = t;
9111 t = (ar + M[offset+zr[i]])|0;
9112 if (i<16){
9113 t += f5(br,cr,dr) + hr[0];
9114 } else if (i<32) {
9115 t += f4(br,cr,dr) + hr[1];
9116 } else if (i<48) {
9117 t += f3(br,cr,dr) + hr[2];
9118 } else if (i<64) {
9119 t += f2(br,cr,dr) + hr[3];
9120 } else {// if (i<80) {
9121 t += f1(br,cr,dr) + hr[4];
9122 }
9123 t = t|0;
9124 t = rotl(t,sr[i]) ;
9125 t = (t+er)|0;
9126 ar = er;
9127 er = dr;
9128 dr = rotl(cr, 10);
9129 cr = br;
9130 br = t;
9131 }
9132 // Intermediate hash value
9133 t = (H[1] + cl + dr)|0;
9134 H[1] = (H[2] + dl + er)|0;
9135 H[2] = (H[3] + el + ar)|0;
9136 H[3] = (H[4] + al + br)|0;
9137 H[4] = (H[0] + bl + cr)|0;
9138 H[0] = t;
9139 },
9141 _doFinalize: function () {
9142 // Shortcuts
9143 var data = this._data;
9144 var dataWords = data.words;
9146 var nBitsTotal = this._nDataBytes * 8;
9147 var nBitsLeft = data.sigBytes * 8;
9149 // Add padding
9150 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9151 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
9152 (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
9153 (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
9154 );
9155 data.sigBytes = (dataWords.length + 1) * 4;
9157 // Hash final blocks
9158 this._process();
9160 // Shortcuts
9161 var hash = this._hash;
9162 var H = hash.words;
9164 // Swap endian
9165 for (var i = 0; i < 5; i++) {
9166 // Shortcut
9167 var H_i = H[i];
9169 // Swap
9170 H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
9171 (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
9172 }
9174 // Return final computed hash
9175 return hash;
9176 },
9178 clone: function () {
9179 var clone = Hasher.clone.call(this);
9180 clone._hash = this._hash.clone();
9182 return clone;
9183 }
9184 });
9187 function f1(x, y, z) {
9188 return ((x) ^ (y) ^ (z));
9190 }
9192 function f2(x, y, z) {
9193 return (((x)&(y)) | ((~x)&(z)));
9194 }
9196 function f3(x, y, z) {
9197 return (((x) | (~(y))) ^ (z));
9198 }
9200 function f4(x, y, z) {
9201 return (((x) & (z)) | ((y)&(~(z))));
9202 }
9204 function f5(x, y, z) {
9205 return ((x) ^ ((y) |(~(z))));
9207 }
9209 function rotl(x,n) {
9210 return (x<<n) | (x>>>(32-n));
9211 }
9214 /**
9215 * Shortcut function to the hasher's object interface.
9216 *
9217 * @param {WordArray|string} message The message to hash.
9218 *
9219 * @return {WordArray} The hash.
9220 *
9221 * @static
9222 *
9223 * @example
9224 *
9225 * var hash = CryptoJS.RIPEMD160('message');
9226 * var hash = CryptoJS.RIPEMD160(wordArray);
9227 */
9228 C.RIPEMD160 = Hasher._createHelper(RIPEMD160);
9230 /**
9231 * Shortcut function to the HMAC's object interface.
9232 *
9233 * @param {WordArray|string} message The message to hash.
9234 * @param {WordArray|string} key The secret key.
9235 *
9236 * @return {WordArray} The HMAC.
9237 *
9238 * @static
9239 *
9240 * @example
9241 *
9242 * var hmac = CryptoJS.HmacRIPEMD160(message, key);
9243 */
9244 C.HmacRIPEMD160 = Hasher._createHmacHelper(RIPEMD160);
9245 }(Math));
9248 return CryptoJS.RIPEMD160;
9252;(function (root, factory) {
9253 if (typeof exports === "object") {
9254 // CommonJS
9255 module.exports = exports = factory(_dereq_("./core"));
9256 }
9257 else if (typeof define === "function" && define.amd) {
9258 // AMD
9259 define(["./core"], factory);
9260 }
9261 else {
9262 // Global (browser)
9263 factory(root.CryptoJS);
9264 }
9265}(this, function (CryptoJS) {
9267 (function () {
9268 // Shortcuts
9269 var C = CryptoJS;
9270 var C_lib = C.lib;
9271 var WordArray = C_lib.WordArray;
9272 var Hasher = C_lib.Hasher;
9273 var C_algo = C.algo;
9275 // Reusable object
9276 var W = [];
9278 /**
9279 * SHA-1 hash algorithm.
9280 */
9281 var SHA1 = C_algo.SHA1 = Hasher.extend({
9282 _doReset: function () {
9283 this._hash = new WordArray.init([
9284 0x67452301, 0xefcdab89,
9285 0x98badcfe, 0x10325476,
9286 0xc3d2e1f0
9287 ]);
9288 },
9290 _doProcessBlock: function (M, offset) {
9291 // Shortcut
9292 var H = this._hash.words;
9294 // Working variables
9295 var a = H[0];
9296 var b = H[1];
9297 var c = H[2];
9298 var d = H[3];
9299 var e = H[4];
9301 // Computation
9302 for (var i = 0; i < 80; i++) {
9303 if (i < 16) {
9304 W[i] = M[offset + i] | 0;
9305 } else {
9306 var n = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
9307 W[i] = (n << 1) | (n >>> 31);
9308 }
9310 var t = ((a << 5) | (a >>> 27)) + e + W[i];
9311 if (i < 20) {
9312 t += ((b & c) | (~b & d)) + 0x5a827999;
9313 } else if (i < 40) {
9314 t += (b ^ c ^ d) + 0x6ed9eba1;
9315 } else if (i < 60) {
9316 t += ((b & c) | (b & d) | (c & d)) - 0x70e44324;
9317 } else /* if (i < 80) */ {
9318 t += (b ^ c ^ d) - 0x359d3e2a;
9319 }
9321 e = d;
9322 d = c;
9323 c = (b << 30) | (b >>> 2);
9324 b = a;
9325 a = t;
9326 }
9328 // Intermediate hash value
9329 H[0] = (H[0] + a) | 0;
9330 H[1] = (H[1] + b) | 0;
9331 H[2] = (H[2] + c) | 0;
9332 H[3] = (H[3] + d) | 0;
9333 H[4] = (H[4] + e) | 0;
9334 },
9336 _doFinalize: function () {
9337 // Shortcuts
9338 var data = this._data;
9339 var dataWords = data.words;
9341 var nBitsTotal = this._nDataBytes * 8;
9342 var nBitsLeft = data.sigBytes * 8;
9344 // Add padding
9345 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9346 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
9347 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
9348 data.sigBytes = dataWords.length * 4;
9350 // Hash final blocks
9351 this._process();
9353 // Return final computed hash
9354 return this._hash;
9355 },
9357 clone: function () {
9358 var clone = Hasher.clone.call(this);
9359 clone._hash = this._hash.clone();
9361 return clone;
9362 }
9363 });
9365 /**
9366 * Shortcut function to the hasher's object interface.
9367 *
9368 * @param {WordArray|string} message The message to hash.
9369 *
9370 * @return {WordArray} The hash.
9371 *
9372 * @static
9373 *
9374 * @example
9375 *
9376 * var hash = CryptoJS.SHA1('message');
9377 * var hash = CryptoJS.SHA1(wordArray);
9378 */
9379 C.SHA1 = Hasher._createHelper(SHA1);
9381 /**
9382 * Shortcut function to the HMAC's object interface.
9383 *
9384 * @param {WordArray|string} message The message to hash.
9385 * @param {WordArray|string} key The secret key.
9386 *
9387 * @return {WordArray} The HMAC.
9388 *
9389 * @static
9390 *
9391 * @example
9392 *
9393 * var hmac = CryptoJS.HmacSHA1(message, key);
9394 */
9395 C.HmacSHA1 = Hasher._createHmacHelper(SHA1);
9396 }());
9399 return CryptoJS.SHA1;
9403;(function (root, factory, undef) {
9404 if (typeof exports === "object") {
9405 // CommonJS
9406 module.exports = exports = factory(_dereq_("./core"), _dereq_("./sha256"));
9407 }
9408 else if (typeof define === "function" && define.amd) {
9409 // AMD
9410 define(["./core", "./sha256"], factory);
9411 }
9412 else {
9413 // Global (browser)
9414 factory(root.CryptoJS);
9415 }
9416}(this, function (CryptoJS) {
9418 (function () {
9419 // Shortcuts
9420 var C = CryptoJS;
9421 var C_lib = C.lib;
9422 var WordArray = C_lib.WordArray;
9423 var C_algo = C.algo;
9424 var SHA256 = C_algo.SHA256;
9426 /**
9427 * SHA-224 hash algorithm.
9428 */
9429 var SHA224 = C_algo.SHA224 = SHA256.extend({
9430 _doReset: function () {
9431 this._hash = new WordArray.init([
9432 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
9433 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
9434 ]);
9435 },
9437 _doFinalize: function () {
9438 var hash = SHA256._doFinalize.call(this);
9440 hash.sigBytes -= 4;
9442 return hash;
9443 }
9444 });
9446 /**
9447 * Shortcut function to the hasher's object interface.
9448 *
9449 * @param {WordArray|string} message The message to hash.
9450 *
9451 * @return {WordArray} The hash.
9452 *
9453 * @static
9454 *
9455 * @example
9456 *
9457 * var hash = CryptoJS.SHA224('message');
9458 * var hash = CryptoJS.SHA224(wordArray);
9459 */
9460 C.SHA224 = SHA256._createHelper(SHA224);
9462 /**
9463 * Shortcut function to the HMAC's object interface.
9464 *
9465 * @param {WordArray|string} message The message to hash.
9466 * @param {WordArray|string} key The secret key.
9467 *
9468 * @return {WordArray} The HMAC.
9469 *
9470 * @static
9471 *
9472 * @example
9473 *
9474 * var hmac = CryptoJS.HmacSHA224(message, key);
9475 */
9476 C.HmacSHA224 = SHA256._createHmacHelper(SHA224);
9477 }());
9480 return CryptoJS.SHA224;
9484;(function (root, factory) {
9485 if (typeof exports === "object") {
9486 // CommonJS
9487 module.exports = exports = factory(_dereq_("./core"));
9488 }
9489 else if (typeof define === "function" && define.amd) {
9490 // AMD
9491 define(["./core"], factory);
9492 }
9493 else {
9494 // Global (browser)
9495 factory(root.CryptoJS);
9496 }
9497}(this, function (CryptoJS) {
9499 (function (Math) {
9500 // Shortcuts
9501 var C = CryptoJS;
9502 var C_lib = C.lib;
9503 var WordArray = C_lib.WordArray;
9504 var Hasher = C_lib.Hasher;
9505 var C_algo = C.algo;
9507 // Initialization and round constants tables
9508 var H = [];
9509 var K = [];
9511 // Compute constants
9512 (function () {
9513 function isPrime(n) {
9514 var sqrtN = Math.sqrt(n);
9515 for (var factor = 2; factor <= sqrtN; factor++) {
9516 if (!(n % factor)) {
9517 return false;
9518 }
9519 }
9521 return true;
9522 }
9524 function getFractionalBits(n) {
9525 return ((n - (n | 0)) * 0x100000000) | 0;
9526 }
9528 var n = 2;
9529 var nPrime = 0;
9530 while (nPrime < 64) {
9531 if (isPrime(n)) {
9532 if (nPrime < 8) {
9533 H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));
9534 }
9535 K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));
9537 nPrime++;
9538 }
9540 n++;
9541 }
9542 }());
9544 // Reusable object
9545 var W = [];
9547 /**
9548 * SHA-256 hash algorithm.
9549 */
9550 var SHA256 = C_algo.SHA256 = Hasher.extend({
9551 _doReset: function () {
9552 this._hash = new WordArray.init(H.slice(0));
9553 },
9555 _doProcessBlock: function (M, offset) {
9556 // Shortcut
9557 var H = this._hash.words;
9559 // Working variables
9560 var a = H[0];
9561 var b = H[1];
9562 var c = H[2];
9563 var d = H[3];
9564 var e = H[4];
9565 var f = H[5];
9566 var g = H[6];
9567 var h = H[7];
9569 // Computation
9570 for (var i = 0; i < 64; i++) {
9571 if (i < 16) {
9572 W[i] = M[offset + i] | 0;
9573 } else {
9574 var gamma0x = W[i - 15];
9575 var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^
9576 ((gamma0x << 14) | (gamma0x >>> 18)) ^
9577 (gamma0x >>> 3);
9579 var gamma1x = W[i - 2];
9580 var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^
9581 ((gamma1x << 13) | (gamma1x >>> 19)) ^
9582 (gamma1x >>> 10);
9584 W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];
9585 }
9587 var ch = (e & f) ^ (~e & g);
9588 var maj = (a & b) ^ (a & c) ^ (b & c);
9590 var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));
9591 var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));
9593 var t1 = h + sigma1 + ch + K[i] + W[i];
9594 var t2 = sigma0 + maj;
9596 h = g;
9597 g = f;
9598 f = e;
9599 e = (d + t1) | 0;
9600 d = c;
9601 c = b;
9602 b = a;
9603 a = (t1 + t2) | 0;
9604 }
9606 // Intermediate hash value
9607 H[0] = (H[0] + a) | 0;
9608 H[1] = (H[1] + b) | 0;
9609 H[2] = (H[2] + c) | 0;
9610 H[3] = (H[3] + d) | 0;
9611 H[4] = (H[4] + e) | 0;
9612 H[5] = (H[5] + f) | 0;
9613 H[6] = (H[6] + g) | 0;
9614 H[7] = (H[7] + h) | 0;
9615 },
9617 _doFinalize: function () {
9618 // Shortcuts
9619 var data = this._data;
9620 var dataWords = data.words;
9622 var nBitsTotal = this._nDataBytes * 8;
9623 var nBitsLeft = data.sigBytes * 8;
9625 // Add padding
9626 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
9627 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
9628 dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
9629 data.sigBytes = dataWords.length * 4;
9631 // Hash final blocks
9632 this._process();
9634 // Return final computed hash
9635 return this._hash;
9636 },
9638 clone: function () {
9639 var clone = Hasher.clone.call(this);
9640 clone._hash = this._hash.clone();
9642 return clone;
9643 }
9644 });
9646 /**
9647 * Shortcut function to the hasher's object interface.
9648 *
9649 * @param {WordArray|string} message The message to hash.
9650 *
9651 * @return {WordArray} The hash.
9652 *
9653 * @static
9654 *
9655 * @example
9656 *
9657 * var hash = CryptoJS.SHA256('message');
9658 * var hash = CryptoJS.SHA256(wordArray);
9659 */
9660 C.SHA256 = Hasher._createHelper(SHA256);
9662 /**
9663 * Shortcut function to the HMAC's object interface.
9664 *
9665 * @param {WordArray|string} message The message to hash.
9666 * @param {WordArray|string} key The secret key.
9667 *
9668 * @return {WordArray} The HMAC.
9669 *
9670 * @static
9671 *
9672 * @example
9673 *
9674 * var hmac = CryptoJS.HmacSHA256(message, key);
9675 */
9676 C.HmacSHA256 = Hasher._createHmacHelper(SHA256);
9677 }(Math));
9680 return CryptoJS.SHA256;
9684;(function (root, factory, undef) {
9685 if (typeof exports === "object") {
9686 // CommonJS
9687 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"));
9688 }
9689 else if (typeof define === "function" && define.amd) {
9690 // AMD
9691 define(["./core", "./x64-core"], factory);
9692 }
9693 else {
9694 // Global (browser)
9695 factory(root.CryptoJS);
9696 }
9697}(this, function (CryptoJS) {
9699 (function (Math) {
9700 // Shortcuts
9701 var C = CryptoJS;
9702 var C_lib = C.lib;
9703 var WordArray = C_lib.WordArray;
9704 var Hasher = C_lib.Hasher;
9705 var C_x64 = C.x64;
9706 var X64Word = C_x64.Word;
9707 var C_algo = C.algo;
9709 // Constants tables
9710 var RHO_OFFSETS = [];
9711 var PI_INDEXES = [];
9712 var ROUND_CONSTANTS = [];
9714 // Compute Constants
9715 (function () {
9716 // Compute rho offset constants
9717 var x = 1, y = 0;
9718 for (var t = 0; t < 24; t++) {
9719 RHO_OFFSETS[x + 5 * y] = ((t + 1) * (t + 2) / 2) % 64;
9721 var newX = y % 5;
9722 var newY = (2 * x + 3 * y) % 5;
9723 x = newX;
9724 y = newY;
9725 }
9727 // Compute pi index constants
9728 for (var x = 0; x < 5; x++) {
9729 for (var y = 0; y < 5; y++) {
9730 PI_INDEXES[x + 5 * y] = y + ((2 * x + 3 * y) % 5) * 5;
9731 }
9732 }
9734 // Compute round constants
9735 var LFSR = 0x01;
9736 for (var i = 0; i < 24; i++) {
9737 var roundConstantMsw = 0;
9738 var roundConstantLsw = 0;
9740 for (var j = 0; j < 7; j++) {
9741 if (LFSR & 0x01) {
9742 var bitPosition = (1 << j) - 1;
9743 if (bitPosition < 32) {
9744 roundConstantLsw ^= 1 << bitPosition;
9745 } else /* if (bitPosition >= 32) */ {
9746 roundConstantMsw ^= 1 << (bitPosition - 32);
9747 }
9748 }
9750 // Compute next LFSR
9751 if (LFSR & 0x80) {
9752 // Primitive polynomial over GF(2): x^8 + x^6 + x^5 + x^4 + 1
9753 LFSR = (LFSR << 1) ^ 0x71;
9754 } else {
9755 LFSR <<= 1;
9756 }
9757 }
9759 ROUND_CONSTANTS[i] = X64Word.create(roundConstantMsw, roundConstantLsw);
9760 }
9761 }());
9763 // Reusable objects for temporary values
9764 var T = [];
9765 (function () {
9766 for (var i = 0; i < 25; i++) {
9767 T[i] = X64Word.create();
9768 }
9769 }());
9771 /**
9772 * SHA-3 hash algorithm.
9773 */
9774 var SHA3 = C_algo.SHA3 = Hasher.extend({
9775 /**
9776 * Configuration options.
9777 *
9778 * @property {number} outputLength
9779 * The desired number of bits in the output hash.
9780 * Only values permitted are: 224, 256, 384, 512.
9781 * Default: 512
9782 */
9783 cfg: Hasher.cfg.extend({
9784 outputLength: 512
9785 }),
9787 _doReset: function () {
9788 var state = this._state = []
9789 for (var i = 0; i < 25; i++) {
9790 state[i] = new X64Word.init();
9791 }
9793 this.blockSize = (1600 - 2 * this.cfg.outputLength) / 32;
9794 },
9796 _doProcessBlock: function (M, offset) {
9797 // Shortcuts
9798 var state = this._state;
9799 var nBlockSizeLanes = this.blockSize / 2;
9801 // Absorb
9802 for (var i = 0; i < nBlockSizeLanes; i++) {
9803 // Shortcuts
9804 var M2i = M[offset + 2 * i];
9805 var M2i1 = M[offset + 2 * i + 1];
9807 // Swap endian
9808 M2i = (
9809 (((M2i << 8) | (M2i >>> 24)) & 0x00ff00ff) |
9810 (((M2i << 24) | (M2i >>> 8)) & 0xff00ff00)
9811 );
9812 M2i1 = (
9813 (((M2i1 << 8) | (M2i1 >>> 24)) & 0x00ff00ff) |
9814 (((M2i1 << 24) | (M2i1 >>> 8)) & 0xff00ff00)
9815 );
9817 // Absorb message into state
9818 var lane = state[i];
9819 lane.high ^= M2i1;
9820 lane.low ^= M2i;
9821 }
9823 // Rounds
9824 for (var round = 0; round < 24; round++) {
9825 // Theta
9826 for (var x = 0; x < 5; x++) {
9827 // Mix column lanes
9828 var tMsw = 0, tLsw = 0;
9829 for (var y = 0; y < 5; y++) {
9830 var lane = state[x + 5 * y];
9831 tMsw ^= lane.high;
9832 tLsw ^= lane.low;
9833 }
9835 // Temporary values
9836 var Tx = T[x];
9837 Tx.high = tMsw;
9838 Tx.low = tLsw;
9839 }
9840 for (var x = 0; x < 5; x++) {
9841 // Shortcuts
9842 var Tx4 = T[(x + 4) % 5];
9843 var Tx1 = T[(x + 1) % 5];
9844 var Tx1Msw = Tx1.high;
9845 var Tx1Lsw = Tx1.low;
9847 // Mix surrounding columns
9848 var tMsw = Tx4.high ^ ((Tx1Msw << 1) | (Tx1Lsw >>> 31));
9849 var tLsw = Tx4.low ^ ((Tx1Lsw << 1) | (Tx1Msw >>> 31));
9850 for (var y = 0; y < 5; y++) {
9851 var lane = state[x + 5 * y];
9852 lane.high ^= tMsw;
9853 lane.low ^= tLsw;
9854 }
9855 }
9857 // Rho Pi
9858 for (var laneIndex = 1; laneIndex < 25; laneIndex++) {
9859 // Shortcuts
9860 var lane = state[laneIndex];
9861 var laneMsw = lane.high;
9862 var laneLsw = lane.low;
9863 var rhoOffset = RHO_OFFSETS[laneIndex];
9865 // Rotate lanes
9866 if (rhoOffset < 32) {
9867 var tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset));
9868 var tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset));
9869 } else /* if (rhoOffset >= 32) */ {
9870 var tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset));
9871 var tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset));
9872 }
9874 // Transpose lanes
9875 var TPiLane = T[PI_INDEXES[laneIndex]];
9876 TPiLane.high = tMsw;
9877 TPiLane.low = tLsw;
9878 }
9880 // Rho pi at x = y = 0
9881 var T0 = T[0];
9882 var state0 = state[0];
9883 T0.high = state0.high;
9884 T0.low = state0.low;
9886 // Chi
9887 for (var x = 0; x < 5; x++) {
9888 for (var y = 0; y < 5; y++) {
9889 // Shortcuts
9890 var laneIndex = x + 5 * y;
9891 var lane = state[laneIndex];
9892 var TLane = T[laneIndex];
9893 var Tx1Lane = T[((x + 1) % 5) + 5 * y];
9894 var Tx2Lane = T[((x + 2) % 5) + 5 * y];
9896 // Mix rows
9897 lane.high = TLane.high ^ (~Tx1Lane.high & Tx2Lane.high);
9898 lane.low = TLane.low ^ (~Tx1Lane.low & Tx2Lane.low);
9899 }
9900 }
9902 // Iota
9903 var lane = state[0];
9904 var roundConstant = ROUND_CONSTANTS[round];
9905 lane.high ^= roundConstant.high;
9906 lane.low ^= roundConstant.low;;
9907 }
9908 },
9910 _doFinalize: function () {
9911 // Shortcuts
9912 var data = this._data;
9913 var dataWords = data.words;
9914 var nBitsTotal = this._nDataBytes * 8;
9915 var nBitsLeft = data.sigBytes * 8;
9916 var blockSizeBits = this.blockSize * 32;
9918 // Add padding
9919 dataWords[nBitsLeft >>> 5] |= 0x1 << (24 - nBitsLeft % 32);
9920 dataWords[((Math.ceil((nBitsLeft + 1) / blockSizeBits) * blockSizeBits) >>> 5) - 1] |= 0x80;
9921 data.sigBytes = dataWords.length * 4;
9923 // Hash final blocks
9924 this._process();
9926 // Shortcuts
9927 var state = this._state;
9928 var outputLengthBytes = this.cfg.outputLength / 8;
9929 var outputLengthLanes = outputLengthBytes / 8;
9931 // Squeeze
9932 var hashWords = [];
9933 for (var i = 0; i < outputLengthLanes; i++) {
9934 // Shortcuts
9935 var lane = state[i];
9936 var laneMsw = lane.high;
9937 var laneLsw = lane.low;
9939 // Swap endian
9940 laneMsw = (
9941 (((laneMsw << 8) | (laneMsw >>> 24)) & 0x00ff00ff) |
9942 (((laneMsw << 24) | (laneMsw >>> 8)) & 0xff00ff00)
9943 );
9944 laneLsw = (
9945 (((laneLsw << 8) | (laneLsw >>> 24)) & 0x00ff00ff) |
9946 (((laneLsw << 24) | (laneLsw >>> 8)) & 0xff00ff00)
9947 );
9949 // Squeeze state to retrieve hash
9950 hashWords.push(laneLsw);
9951 hashWords.push(laneMsw);
9952 }
9954 // Return final computed hash
9955 return new WordArray.init(hashWords, outputLengthBytes);
9956 },
9958 clone: function () {
9959 var clone = Hasher.clone.call(this);
9961 var state = clone._state = this._state.slice(0);
9962 for (var i = 0; i < 25; i++) {
9963 state[i] = state[i].clone();
9964 }
9966 return clone;
9967 }
9968 });
9970 /**
9971 * Shortcut function to the hasher's object interface.
9972 *
9973 * @param {WordArray|string} message The message to hash.
9974 *
9975 * @return {WordArray} The hash.
9976 *
9977 * @static
9978 *
9979 * @example
9980 *
9981 * var hash = CryptoJS.SHA3('message');
9982 * var hash = CryptoJS.SHA3(wordArray);
9983 */
9984 C.SHA3 = Hasher._createHelper(SHA3);
9986 /**
9987 * Shortcut function to the HMAC's object interface.
9988 *
9989 * @param {WordArray|string} message The message to hash.
9990 * @param {WordArray|string} key The secret key.
9991 *
9992 * @return {WordArray} The HMAC.
9993 *
9994 * @static
9995 *
9996 * @example
9997 *
9998 * var hmac = CryptoJS.HmacSHA3(message, key);
9999 */
10000 C.HmacSHA3 = Hasher._createHmacHelper(SHA3);
10001 }(Math));
10004 return CryptoJS.SHA3;
10008;(function (root, factory, undef) {
10009 if (typeof exports === "object") {
10010 // CommonJS
10011 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"), _dereq_("./sha512"));
10012 }
10013 else if (typeof define === "function" && define.amd) {
10014 // AMD
10015 define(["./core", "./x64-core", "./sha512"], factory);
10016 }
10017 else {
10018 // Global (browser)
10019 factory(root.CryptoJS);
10020 }
10021}(this, function (CryptoJS) {
10023 (function () {
10024 // Shortcuts
10025 var C = CryptoJS;
10026 var C_x64 = C.x64;
10027 var X64Word = C_x64.Word;
10028 var X64WordArray = C_x64.WordArray;
10029 var C_algo = C.algo;
10030 var SHA512 = C_algo.SHA512;
10032 /**
10033 * SHA-384 hash algorithm.
10034 */
10035 var SHA384 = C_algo.SHA384 = SHA512.extend({
10036 _doReset: function () {
10037 this._hash = new X64WordArray.init([
10038 new X64Word.init(0xcbbb9d5d, 0xc1059ed8), new X64Word.init(0x629a292a, 0x367cd507),
10039 new X64Word.init(0x9159015a, 0x3070dd17), new X64Word.init(0x152fecd8, 0xf70e5939),
10040 new X64Word.init(0x67332667, 0xffc00b31), new X64Word.init(0x8eb44a87, 0x68581511),
10041 new X64Word.init(0xdb0c2e0d, 0x64f98fa7), new X64Word.init(0x47b5481d, 0xbefa4fa4)
10042 ]);
10043 },
10045 _doFinalize: function () {
10046 var hash = SHA512._doFinalize.call(this);
10048 hash.sigBytes -= 16;
10050 return hash;
10051 }
10052 });
10054 /**
10055 * Shortcut function to the hasher's object interface.
10056 *
10057 * @param {WordArray|string} message The message to hash.
10058 *
10059 * @return {WordArray} The hash.
10060 *
10061 * @static
10062 *
10063 * @example
10064 *
10065 * var hash = CryptoJS.SHA384('message');
10066 * var hash = CryptoJS.SHA384(wordArray);
10067 */
10068 C.SHA384 = SHA512._createHelper(SHA384);
10070 /**
10071 * Shortcut function to the HMAC's object interface.
10072 *
10073 * @param {WordArray|string} message The message to hash.
10074 * @param {WordArray|string} key The secret key.
10075 *
10076 * @return {WordArray} The HMAC.
10077 *
10078 * @static
10079 *
10080 * @example
10081 *
10082 * var hmac = CryptoJS.HmacSHA384(message, key);
10083 */
10084 C.HmacSHA384 = SHA512._createHmacHelper(SHA384);
10085 }());
10088 return CryptoJS.SHA384;
10092;(function (root, factory, undef) {
10093 if (typeof exports === "object") {
10094 // CommonJS
10095 module.exports = exports = factory(_dereq_("./core"), _dereq_("./x64-core"));
10096 }
10097 else if (typeof define === "function" && define.amd) {
10098 // AMD
10099 define(["./core", "./x64-core"], factory);
10100 }
10101 else {
10102 // Global (browser)
10103 factory(root.CryptoJS);
10104 }
10105}(this, function (CryptoJS) {
10107 (function () {
10108 // Shortcuts
10109 var C = CryptoJS;
10110 var C_lib = C.lib;
10111 var Hasher = C_lib.Hasher;
10112 var C_x64 = C.x64;
10113 var X64Word = C_x64.Word;
10114 var X64WordArray = C_x64.WordArray;
10115 var C_algo = C.algo;
10117 function X64Word_create() {
10118 return X64Word.create.apply(X64Word, arguments);
10119 }
10121 // Constants
10122 var K = [
10123 X64Word_create(0x428a2f98, 0xd728ae22), X64Word_create(0x71374491, 0x23ef65cd),
10124 X64Word_create(0xb5c0fbcf, 0xec4d3b2f), X64Word_create(0xe9b5dba5, 0x8189dbbc),
10125 X64Word_create(0x3956c25b, 0xf348b538), X64Word_create(0x59f111f1, 0xb605d019),
10126 X64Word_create(0x923f82a4, 0xaf194f9b), X64Word_create(0xab1c5ed5, 0xda6d8118),
10127 X64Word_create(0xd807aa98, 0xa3030242), X64Word_create(0x12835b01, 0x45706fbe),
10128 X64Word_create(0x243185be, 0x4ee4b28c), X64Word_create(0x550c7dc3, 0xd5ffb4e2),
10129 X64Word_create(0x72be5d74, 0xf27b896f), X64Word_create(0x80deb1fe, 0x3b1696b1),
10130 X64Word_create(0x9bdc06a7, 0x25c71235), X64Word_create(0xc19bf174, 0xcf692694),
10131 X64Word_create(0xe49b69c1, 0x9ef14ad2), X64Word_create(0xefbe4786, 0x384f25e3),
10132 X64Word_create(0x0fc19dc6, 0x8b8cd5b5), X64Word_create(0x240ca1cc, 0x77ac9c65),
10133 X64Word_create(0x2de92c6f, 0x592b0275), X64Word_create(0x4a7484aa, 0x6ea6e483),
10134 X64Word_create(0x5cb0a9dc, 0xbd41fbd4), X64Word_create(0x76f988da, 0x831153b5),
10135 X64Word_create(0x983e5152, 0xee66dfab), X64Word_create(0xa831c66d, 0x2db43210),
10136 X64Word_create(0xb00327c8, 0x98fb213f), X64Word_create(0xbf597fc7, 0xbeef0ee4),
10137 X64Word_create(0xc6e00bf3, 0x3da88fc2), X64Word_create(0xd5a79147, 0x930aa725),
10138 X64Word_create(0x06ca6351, 0xe003826f), X64Word_create(0x14292967, 0x0a0e6e70),
10139 X64Word_create(0x27b70a85, 0x46d22ffc), X64Word_create(0x2e1b2138, 0x5c26c926),
10140 X64Word_create(0x4d2c6dfc, 0x5ac42aed), X64Word_create(0x53380d13, 0x9d95b3df),
10141 X64Word_create(0x650a7354, 0x8baf63de), X64Word_create(0x766a0abb, 0x3c77b2a8),
10142 X64Word_create(0x81c2c92e, 0x47edaee6), X64Word_create(0x92722c85, 0x1482353b),
10143 X64Word_create(0xa2bfe8a1, 0x4cf10364), X64Word_create(0xa81a664b, 0xbc423001),
10144 X64Word_create(0xc24b8b70, 0xd0f89791), X64Word_create(0xc76c51a3, 0x0654be30),
10145 X64Word_create(0xd192e819, 0xd6ef5218), X64Word_create(0xd6990624, 0x5565a910),
10146 X64Word_create(0xf40e3585, 0x5771202a), X64Word_create(0x106aa070, 0x32bbd1b8),
10147 X64Word_create(0x19a4c116, 0xb8d2d0c8), X64Word_create(0x1e376c08, 0x5141ab53),
10148 X64Word_create(0x2748774c, 0xdf8eeb99), X64Word_create(0x34b0bcb5, 0xe19b48a8),
10149 X64Word_create(0x391c0cb3, 0xc5c95a63), X64Word_create(0x4ed8aa4a, 0xe3418acb),
10150 X64Word_create(0x5b9cca4f, 0x7763e373), X64Word_create(0x682e6ff3, 0xd6b2b8a3),
10151 X64Word_create(0x748f82ee, 0x5defb2fc), X64Word_create(0x78a5636f, 0x43172f60),
10152 X64Word_create(0x84c87814, 0xa1f0ab72), X64Word_create(0x8cc70208, 0x1a6439ec),
10153 X64Word_create(0x90befffa, 0x23631e28), X64Word_create(0xa4506ceb, 0xde82bde9),
10154 X64Word_create(0xbef9a3f7, 0xb2c67915), X64Word_create(0xc67178f2, 0xe372532b),
10155 X64Word_create(0xca273ece, 0xea26619c), X64Word_create(0xd186b8c7, 0x21c0c207),
10156 X64Word_create(0xeada7dd6, 0xcde0eb1e), X64Word_create(0xf57d4f7f, 0xee6ed178),
10157 X64Word_create(0x06f067aa, 0x72176fba), X64Word_create(0x0a637dc5, 0xa2c898a6),
10158 X64Word_create(0x113f9804, 0xbef90dae), X64Word_create(0x1b710b35, 0x131c471b),
10159 X64Word_create(0x28db77f5, 0x23047d84), X64Word_create(0x32caab7b, 0x40c72493),
10160 X64Word_create(0x3c9ebe0a, 0x15c9bebc), X64Word_create(0x431d67c4, 0x9c100d4c),
10161 X64Word_create(0x4cc5d4be, 0xcb3e42b6), X64Word_create(0x597f299c, 0xfc657e2a),
10162 X64Word_create(0x5fcb6fab, 0x3ad6faec), X64Word_create(0x6c44198c, 0x4a475817)
10163 ];
10165 // Reusable objects
10166 var W = [];
10167 (function () {
10168 for (var i = 0; i < 80; i++) {
10169 W[i] = X64Word_create();
10170 }
10171 }());
10173 /**
10174 * SHA-512 hash algorithm.
10175 */
10176 var SHA512 = C_algo.SHA512 = Hasher.extend({
10177 _doReset: function () {
10178 this._hash = new X64WordArray.init([
10179 new X64Word.init(0x6a09e667, 0xf3bcc908), new X64Word.init(0xbb67ae85, 0x84caa73b),
10180 new X64Word.init(0x3c6ef372, 0xfe94f82b), new X64Word.init(0xa54ff53a, 0x5f1d36f1),
10181 new X64Word.init(0x510e527f, 0xade682d1), new X64Word.init(0x9b05688c, 0x2b3e6c1f),
10182 new X64Word.init(0x1f83d9ab, 0xfb41bd6b), new X64Word.init(0x5be0cd19, 0x137e2179)
10183 ]);
10184 },
10186 _doProcessBlock: function (M, offset) {
10187 // Shortcuts
10188 var H = this._hash.words;
10190 var H0 = H[0];
10191 var H1 = H[1];
10192 var H2 = H[2];
10193 var H3 = H[3];
10194 var H4 = H[4];
10195 var H5 = H[5];
10196 var H6 = H[6];
10197 var H7 = H[7];
10199 var H0h = H0.high;
10200 var H0l = H0.low;
10201 var H1h = H1.high;
10202 var H1l = H1.low;
10203 var H2h = H2.high;
10204 var H2l = H2.low;
10205 var H3h = H3.high;
10206 var H3l = H3.low;
10207 var H4h = H4.high;
10208 var H4l = H4.low;
10209 var H5h = H5.high;
10210 var H5l = H5.low;
10211 var H6h = H6.high;
10212 var H6l = H6.low;
10213 var H7h = H7.high;
10214 var H7l = H7.low;
10216 // Working variables
10217 var ah = H0h;
10218 var al = H0l;
10219 var bh = H1h;
10220 var bl = H1l;
10221 var ch = H2h;
10222 var cl = H2l;
10223 var dh = H3h;
10224 var dl = H3l;
10225 var eh = H4h;
10226 var el = H4l;
10227 var fh = H5h;
10228 var fl = H5l;
10229 var gh = H6h;
10230 var gl = H6l;
10231 var hh = H7h;
10232 var hl = H7l;
10234 // Rounds
10235 for (var i = 0; i < 80; i++) {
10236 // Shortcut
10237 var Wi = W[i];
10239 // Extend message
10240 if (i < 16) {
10241 var Wih = Wi.high = M[offset + i * 2] | 0;
10242 var Wil = Wi.low = M[offset + i * 2 + 1] | 0;
10243 } else {
10244 // Gamma0
10245 var gamma0x = W[i - 15];
10246 var gamma0xh = gamma0x.high;
10247 var gamma0xl = gamma0x.low;
10248 var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
10249 var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
10251 // Gamma1
10252 var gamma1x = W[i - 2];
10253 var gamma1xh = gamma1x.high;
10254 var gamma1xl = gamma1x.low;
10255 var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
10256 var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
10258 // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
10259 var Wi7 = W[i - 7];
10260 var Wi7h = Wi7.high;
10261 var Wi7l = Wi7.low;
10263 var Wi16 = W[i - 16];
10264 var Wi16h = Wi16.high;
10265 var Wi16l = Wi16.low;
10267 var Wil = gamma0l + Wi7l;
10268 var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
10269 var Wil = Wil + gamma1l;
10270 var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
10271 var Wil = Wil + Wi16l;
10272 var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
10274 Wi.high = Wih;
10275 Wi.low = Wil;
10276 }
10278 var chh = (eh & fh) ^ (~eh & gh);
10279 var chl = (el & fl) ^ (~el & gl);
10280 var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
10281 var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
10283 var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
10284 var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
10285 var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
10286 var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
10288 // t1 = h + sigma1 + ch + K[i] + W[i]
10289 var Ki = K[i];
10290 var Kih = Ki.high;
10291 var Kil = Ki.low;
10293 var t1l = hl + sigma1l;
10294 var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
10295 var t1l = t1l + chl;
10296 var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
10297 var t1l = t1l + Kil;
10298 var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
10299 var t1l = t1l + Wil;
10300 var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
10302 // t2 = sigma0 + maj
10303 var t2l = sigma0l + majl;
10304 var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
10306 // Update working variables
10307 hh = gh;
10308 hl = gl;
10309 gh = fh;
10310 gl = fl;
10311 fh = eh;
10312 fl = el;
10313 el = (dl + t1l) | 0;
10314 eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
10315 dh = ch;
10316 dl = cl;
10317 ch = bh;
10318 cl = bl;
10319 bh = ah;
10320 bl = al;
10321 al = (t1l + t2l) | 0;
10322 ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
10323 }
10325 // Intermediate hash value
10326 H0l = H0.low = (H0l + al);
10327 H0.high = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
10328 H1l = H1.low = (H1l + bl);
10329 H1.high = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
10330 H2l = H2.low = (H2l + cl);
10331 H2.high = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
10332 H3l = H3.low = (H3l + dl);
10333 H3.high = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
10334 H4l = H4.low = (H4l + el);
10335 H4.high = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
10336 H5l = H5.low = (H5l + fl);
10337 H5.high = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
10338 H6l = H6.low = (H6l + gl);
10339 H6.high = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
10340 H7l = H7.low = (H7l + hl);
10341 H7.high = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
10342 },
10344 _doFinalize: function () {
10345 // Shortcuts
10346 var data = this._data;
10347 var dataWords = data.words;
10349 var nBitsTotal = this._nDataBytes * 8;
10350 var nBitsLeft = data.sigBytes * 8;
10352 // Add padding
10353 dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
10354 dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 30] = Math.floor(nBitsTotal / 0x100000000);
10355 dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 31] = nBitsTotal;
10356 data.sigBytes = dataWords.length * 4;
10358 // Hash final blocks
10359 this._process();
10361 // Convert hash to 32-bit word array before returning
10362 var hash = this._hash.toX32();
10364 // Return final computed hash
10365 return hash;
10366 },
10368 clone: function () {
10369 var clone = Hasher.clone.call(this);
10370 clone._hash = this._hash.clone();
10372 return clone;
10373 },
10375 blockSize: 1024/32
10376 });
10378 /**
10379 * Shortcut function to the hasher's object interface.
10380 *
10381 * @param {WordArray|string} message The message to hash.
10382 *
10383 * @return {WordArray} The hash.
10384 *
10385 * @static
10386 *
10387 * @example
10388 *
10389 * var hash = CryptoJS.SHA512('message');
10390 * var hash = CryptoJS.SHA512(wordArray);
10391 */
10392 C.SHA512 = Hasher._createHelper(SHA512);
10394 /**
10395 * Shortcut function to the HMAC's object interface.
10396 *
10397 * @param {WordArray|string} message The message to hash.
10398 * @param {WordArray|string} key The secret key.
10399 *
10400 * @return {WordArray} The HMAC.
10401 *
10402 * @static
10403 *
10404 * @example
10405 *
10406 * var hmac = CryptoJS.HmacSHA512(message, key);
10407 */
10408 C.HmacSHA512 = Hasher._createHmacHelper(SHA512);
10409 }());
10412 return CryptoJS.SHA512;
10416;(function (root, factory, undef) {
10417 if (typeof exports === "object") {
10418 // CommonJS
10419 module.exports = exports = factory(_dereq_("./core"), _dereq_("./enc-base64"), _dereq_("./md5"), _dereq_("./evpkdf"), _dereq_("./cipher-core"));
10420 }
10421 else if (typeof define === "function" && define.amd) {
10422 // AMD
10423 define(["./core", "./enc-base64", "./md5", "./evpkdf", "./cipher-core"], factory);
10424 }
10425 else {
10426 // Global (browser)
10427 factory(root.CryptoJS);
10428 }
10429}(this, function (CryptoJS) {
10431 (function () {
10432 // Shortcuts
10433 var C = CryptoJS;
10434 var C_lib = C.lib;
10435 var WordArray = C_lib.WordArray;
10436 var BlockCipher = C_lib.BlockCipher;
10437 var C_algo = C.algo;
10439 // Permuted Choice 1 constants
10440 var PC1 = [
10441 57, 49, 41, 33, 25, 17, 9, 1,
10442 58, 50, 42, 34, 26, 18, 10, 2,
10443 59, 51, 43, 35, 27, 19, 11, 3,
10444 60, 52, 44, 36, 63, 55, 47, 39,
10445 31, 23, 15, 7, 62, 54, 46, 38,
10446 30, 22, 14, 6, 61, 53, 45, 37,
10447 29, 21, 13, 5, 28, 20, 12, 4
10448 ];
10450 // Permuted Choice 2 constants
10451 var PC2 = [
10452 14, 17, 11, 24, 1, 5,
10453 3, 28, 15, 6, 21, 10,
10454 23, 19, 12, 4, 26, 8,
10455 16, 7, 27, 20, 13, 2,
10456 41, 52, 31, 37, 47, 55,
10457 30, 40, 51, 45, 33, 48,
10458 44, 49, 39, 56, 34, 53,
10459 46, 42, 50, 36, 29, 32
10460 ];
10462 // Cumulative bit shift constants
10463 var BIT_SHIFTS = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
10465 // SBOXes and round permutation constants
10466 var SBOX_P = [
10467 {
10468 0x0: 0x808200,
10469 0x10000000: 0x8000,
10470 0x20000000: 0x808002,
10471 0x30000000: 0x2,
10472 0x40000000: 0x200,
10473 0x50000000: 0x808202,
10474 0x60000000: 0x800202,
10475 0x70000000: 0x800000,
10476 0x80000000: 0x202,
10477 0x90000000: 0x800200,
10478 0xa0000000: 0x8200,
10479 0xb0000000: 0x808000,
10480 0xc0000000: 0x8002,
10481 0xd0000000: 0x800002,
10482 0xe0000000: 0x0,
10483 0xf0000000: 0x8202,
10484 0x8000000: 0x0,
10485 0x18000000: 0x808202,
10486 0x28000000: 0x8202,
10487 0x38000000: 0x8000,
10488 0x48000000: 0x808200,
10489 0x58000000: 0x200,
10490 0x68000000: 0x808002,
10491 0x78000000: 0x2,
10492 0x88000000: 0x800200,
10493 0x98000000: 0x8200,
10494 0xa8000000: 0x808000,
10495 0xb8000000: 0x800202,
10496 0xc8000000: 0x800002,
10497 0xd8000000: 0x8002,
10498 0xe8000000: 0x202,
10499 0xf8000000: 0x800000,
10500 0x1: 0x8000,
10501 0x10000001: 0x2,
10502 0x20000001: 0x808200,
10503 0x30000001: 0x800000,
10504 0x40000001: 0x808002,
10505 0x50000001: 0x8200,
10506 0x60000001: 0x200,
10507 0x70000001: 0x800202,
10508 0x80000001: 0x808202,
10509 0x90000001: 0x808000,
10510 0xa0000001: 0x800002,
10511 0xb0000001: 0x8202,
10512 0xc0000001: 0x202,
10513 0xd0000001: 0x800200,
10514 0xe0000001: 0x8002,
10515 0xf0000001: 0x0,
10516 0x8000001: 0x808202,
10517 0x18000001: 0x808000,
10518 0x28000001: 0x800000,
10519 0x38000001: 0x200,
10520 0x48000001: 0x8000,
10521 0x58000001: 0x800002,
10522 0x68000001: 0x2,
10523 0x78000001: 0x8202,
10524 0x88000001: 0x8002,
10525 0x98000001: 0x800202,
10526 0xa8000001: 0x202,
10527 0xb8000001: 0x808200,
10528 0xc8000001: 0x800200,
10529 0xd8000001: 0x0,
10530 0xe8000001: 0x8200,
10531 0xf8000001: 0x808002
10532 },
10533 {
10534 0x0: 0x40084010,
10535 0x1000000: 0x4000,
10536 0x2000000: 0x80000,
10537 0x3000000: 0x40080010,
10538 0x4000000: 0x40000010,
10539 0x5000000: 0x40084000,
10540 0x6000000: 0x40004000,
10541 0x7000000: 0x10,
10542 0x8000000: 0x84000,
10543 0x9000000: 0x40004010,
10544 0xa000000: 0x40000000,
10545 0xb000000: 0x84010,
10546 0xc000000: 0x80010,
10547 0xd000000: 0x0,
10548 0xe000000: 0x4010,
10549 0xf000000: 0x40080000,
10550 0x800000: 0x40004000,
10551 0x1800000: 0x84010,
10552 0x2800000: 0x10,
10553 0x3800000: 0x40004010,
10554 0x4800000: 0x40084010,
10555 0x5800000: 0x40000000,
10556 0x6800000: 0x80000,
10557 0x7800000: 0x40080010,
10558 0x8800000: 0x80010,
10559 0x9800000: 0x0,
10560 0xa800000: 0x4000,
10561 0xb800000: 0x40080000,
10562 0xc800000: 0x40000010,
10563 0xd800000: 0x84000,
10564 0xe800000: 0x40084000,
10565 0xf800000: 0x4010,
10566 0x10000000: 0x0,
10567 0x11000000: 0x40080010,
10568 0x12000000: 0x40004010,
10569 0x13000000: 0x40084000,
10570 0x14000000: 0x40080000,
10571 0x15000000: 0x10,
10572 0x16000000: 0x84010,
10573 0x17000000: 0x4000,
10574 0x18000000: 0x4010,
10575 0x19000000: 0x80000,
10576 0x1a000000: 0x80010,
10577 0x1b000000: 0x40000010,
10578 0x1c000000: 0x84000,
10579 0x1d000000: 0x40004000,
10580 0x1e000000: 0x40000000,
10581 0x1f000000: 0x40084010,
10582 0x10800000: 0x84010,
10583 0x11800000: 0x80000,
10584 0x12800000: 0x40080000,
10585 0x13800000: 0x4000,
10586 0x14800000: 0x40004000,
10587 0x15800000: 0x40084010,
10588 0x16800000: 0x10,
10589 0x17800000: 0x40000000,
10590 0x18800000: 0x40084000,
10591 0x19800000: 0x40000010,
10592 0x1a800000: 0x40004010,
10593 0x1b800000: 0x80010,
10594 0x1c800000: 0x0,
10595 0x1d800000: 0x4010,
10596 0x1e800000: 0x40080010,
10597 0x1f800000: 0x84000
10598 },
10599 {
10600 0x0: 0x104,
10601 0x100000: 0x0,
10602 0x200000: 0x4000100,
10603 0x300000: 0x10104,
10604 0x400000: 0x10004,
10605 0x500000: 0x4000004,
10606 0x600000: 0x4010104,
10607 0x700000: 0x4010000,
10608 0x800000: 0x4000000,
10609 0x900000: 0x4010100,
10610 0xa00000: 0x10100,
10611 0xb00000: 0x4010004,
10612 0xc00000: 0x4000104,
10613 0xd00000: 0x10000,
10614 0xe00000: 0x4,
10615 0xf00000: 0x100,
10616 0x80000: 0x4010100,
10617 0x180000: 0x4010004,
10618 0x280000: 0x0,
10619 0x380000: 0x4000100,
10620 0x480000: 0x4000004,
10621 0x580000: 0x10000,
10622 0x680000: 0x10004,
10623 0x780000: 0x104,
10624 0x880000: 0x4,
10625 0x980000: 0x100,
10626 0xa80000: 0x4010000,
10627 0xb80000: 0x10104,
10628 0xc80000: 0x10100,
10629 0xd80000: 0x4000104,
10630 0xe80000: 0x4010104,
10631 0xf80000: 0x4000000,
10632 0x1000000: 0x4010100,
10633 0x1100000: 0x10004,
10634 0x1200000: 0x10000,
10635 0x1300000: 0x4000100,
10636 0x1400000: 0x100,
10637 0x1500000: 0x4010104,
10638 0x1600000: 0x4000004,
10639 0x1700000: 0x0,
10640 0x1800000: 0x4000104,
10641 0x1900000: 0x4000000,
10642 0x1a00000: 0x4,
10643 0x1b00000: 0x10100,
10644 0x1c00000: 0x4010000,
10645 0x1d00000: 0x104,
10646 0x1e00000: 0x10104,
10647 0x1f00000: 0x4010004,
10648 0x1080000: 0x4000000,
10649 0x1180000: 0x104,
10650 0x1280000: 0x4010100,
10651 0x1380000: 0x0,
10652 0x1480000: 0x10004,
10653 0x1580000: 0x4000100,
10654 0x1680000: 0x100,
10655 0x1780000: 0x4010004,
10656 0x1880000: 0x10000,
10657 0x1980000: 0x4010104,
10658 0x1a80000: 0x10104,
10659 0x1b80000: 0x4000004,
10660 0x1c80000: 0x4000104,
10661 0x1d80000: 0x4010000,
10662 0x1e80000: 0x4,
10663 0x1f80000: 0x10100
10664 },
10665 {
10666 0x0: 0x80401000,
10667 0x10000: 0x80001040,
10668 0x20000: 0x401040,
10669 0x30000: 0x80400000,
10670 0x40000: 0x0,
10671 0x50000: 0x401000,
10672 0x60000: 0x80000040,
10673 0x70000: 0x400040,
10674 0x80000: 0x80000000,
10675 0x90000: 0x400000,
10676 0xa0000: 0x40,
10677 0xb0000: 0x80001000,
10678 0xc0000: 0x80400040,
10679 0xd0000: 0x1040,
10680 0xe0000: 0x1000,
10681 0xf0000: 0x80401040,
10682 0x8000: 0x80001040,
10683 0x18000: 0x40,
10684 0x28000: 0x80400040,
10685 0x38000: 0x80001000,
10686 0x48000: 0x401000,
10687 0x58000: 0x80401040,
10688 0x68000: 0x0,
10689 0x78000: 0x80400000,
10690 0x88000: 0x1000,
10691 0x98000: 0x80401000,
10692 0xa8000: 0x400000,
10693 0xb8000: 0x1040,
10694 0xc8000: 0x80000000,
10695 0xd8000: 0x400040,
10696 0xe8000: 0x401040,
10697 0xf8000: 0x80000040,
10698 0x100000: 0x400040,
10699 0x110000: 0x401000,
10700 0x120000: 0x80000040,
10701 0x130000: 0x0,
10702 0x140000: 0x1040,
10703 0x150000: 0x80400040,
10704 0x160000: 0x80401000,
10705 0x170000: 0x80001040,
10706 0x180000: 0x80401040,
10707 0x190000: 0x80000000,
10708 0x1a0000: 0x80400000,
10709 0x1b0000: 0x401040,
10710 0x1c0000: 0x80001000,
10711 0x1d0000: 0x400000,
10712 0x1e0000: 0x40,
10713 0x1f0000: 0x1000,
10714 0x108000: 0x80400000,
10715 0x118000: 0x80401040,
10716 0x128000: 0x0,
10717 0x138000: 0x401000,
10718 0x148000: 0x400040,
10719 0x158000: 0x80000000,
10720 0x168000: 0x80001040,
10721 0x178000: 0x40,
10722 0x188000: 0x80000040,
10723 0x198000: 0x1000,
10724 0x1a8000: 0x80001000,
10725 0x1b8000: 0x80400040,
10726 0x1c8000: 0x1040,
10727 0x1d8000: 0x80401000,
10728 0x1e8000: 0x400000,
10729 0x1f8000: 0x401040
10730 },
10731 {
10732 0x0: 0x80,
10733 0x1000: 0x1040000,
10734 0x2000: 0x40000,
10735 0x3000: 0x20000000,
10736 0x4000: 0x20040080,
10737 0x5000: 0x1000080,
10738 0x6000: 0x21000080,
10739 0x7000: 0x40080,
10740 0x8000: 0x1000000,
10741 0x9000: 0x20040000,
10742 0xa000: 0x20000080,
10743 0xb000: 0x21040080,
10744 0xc000: 0x21040000,
10745 0xd000: 0x0,
10746 0xe000: 0x1040080,
10747 0xf000: 0x21000000,
10748 0x800: 0x1040080,
10749 0x1800: 0x21000080,
10750 0x2800: 0x80,
10751 0x3800: 0x1040000,
10752 0x4800: 0x40000,
10753 0x5800: 0x20040080,
10754 0x6800: 0x21040000,
10755 0x7800: 0x20000000,
10756 0x8800: 0x20040000,
10757 0x9800: 0x0,
10758 0xa800: 0x21040080,
10759 0xb800: 0x1000080,
10760 0xc800: 0x20000080,
10761 0xd800: 0x21000000,
10762 0xe800: 0x1000000,
10763 0xf800: 0x40080,
10764 0x10000: 0x40000,
10765 0x11000: 0x80,
10766 0x12000: 0x20000000,
10767 0x13000: 0x21000080,
10768 0x14000: 0x1000080,
10769 0x15000: 0x21040000,
10770 0x16000: 0x20040080,
10771 0x17000: 0x1000000,
10772 0x18000: 0x21040080,
10773 0x19000: 0x21000000,
10774 0x1a000: 0x1040000,
10775 0x1b000: 0x20040000,
10776 0x1c000: 0x40080,
10777 0x1d000: 0x20000080,
10778 0x1e000: 0x0,
10779 0x1f000: 0x1040080,
10780 0x10800: 0x21000080,
10781 0x11800: 0x1000000,
10782 0x12800: 0x1040000,
10783 0x13800: 0x20040080,
10784 0x14800: 0x20000000,
10785 0x15800: 0x1040080,
10786 0x16800: 0x80,
10787 0x17800: 0x21040000,
10788 0x18800: 0x40080,
10789 0x19800: 0x21040080,
10790 0x1a800: 0x0,
10791 0x1b800: 0x21000000,
10792 0x1c800: 0x1000080,
10793 0x1d800: 0x40000,
10794 0x1e800: 0x20040000,
10795 0x1f800: 0x20000080
10796 },
10797 {
10798 0x0: 0x10000008,
10799 0x100: 0x2000,
10800 0x200: 0x10200000,
10801 0x300: 0x10202008,
10802 0x400: 0x10002000,
10803 0x500: 0x200000,
10804 0x600: 0x200008,
10805 0x700: 0x10000000,
10806 0x800: 0x0,
10807 0x900: 0x10002008,
10808 0xa00: 0x202000,
10809 0xb00: 0x8,
10810 0xc00: 0x10200008,
10811 0xd00: 0x202008,
10812 0xe00: 0x2008,
10813 0xf00: 0x10202000,
10814 0x80: 0x10200000,
10815 0x180: 0x10202008,
10816 0x280: 0x8,
10817 0x380: 0x200000,
10818 0x480: 0x202008,
10819 0x580: 0x10000008,
10820 0x680: 0x10002000,
10821 0x780: 0x2008,
10822 0x880: 0x200008,
10823 0x980: 0x2000,
10824 0xa80: 0x10002008,
10825 0xb80: 0x10200008,
10826 0xc80: 0x0,
10827 0xd80: 0x10202000,
10828 0xe80: 0x202000,
10829 0xf80: 0x10000000,
10830 0x1000: 0x10002000,
10831 0x1100: 0x10200008,
10832 0x1200: 0x10202008,
10833 0x1300: 0x2008,
10834 0x1400: 0x200000,
10835 0x1500: 0x10000000,
10836 0x1600: 0x10000008,
10837 0x1700: 0x202000,
10838 0x1800: 0x202008,
10839 0x1900: 0x0,
10840 0x1a00: 0x8,
10841 0x1b00: 0x10200000,
10842 0x1c00: 0x2000,
10843 0x1d00: 0x10002008,
10844 0x1e00: 0x10202000,
10845 0x1f00: 0x200008,
10846 0x1080: 0x8,
10847 0x1180: 0x202000,
10848 0x1280: 0x200000,
10849 0x1380: 0x10000008,
10850 0x1480: 0x10002000,
10851 0x1580: 0x2008,
10852 0x1680: 0x10202008,
10853 0x1780: 0x10200000,
10854 0x1880: 0x10202000,
10855 0x1980: 0x10200008,
10856 0x1a80: 0x2000,
10857 0x1b80: 0x202008,
10858 0x1c80: 0x200008,
10859 0x1d80: 0x0,
10860 0x1e80: 0x10000000,
10861 0x1f80: 0x10002008
10862 },
10863 {
10864 0x0: 0x100000,
10865 0x10: 0x2000401,
10866 0x20: 0x400,
10867 0x30: 0x100401,
10868 0x40: 0x2100401,
10869 0x50: 0x0,
10870 0x60: 0x1,
10871 0x70: 0x2100001,
10872 0x80: 0x2000400,
10873 0x90: 0x100001,
10874 0xa0: 0x2000001,
10875 0xb0: 0x2100400,
10876 0xc0: 0x2100000,
10877 0xd0: 0x401,
10878 0xe0: 0x100400,
10879 0xf0: 0x2000000,
10880 0x8: 0x2100001,
10881 0x18: 0x0,
10882 0x28: 0x2000401,
10883 0x38: 0x2100400,
10884 0x48: 0x100000,
10885 0x58: 0x2000001,
10886 0x68: 0x2000000,
10887 0x78: 0x401,
10888 0x88: 0x100401,
10889 0x98: 0x2000400,
10890 0xa8: 0x2100000,
10891 0xb8: 0x100001,
10892 0xc8: 0x400,
10893 0xd8: 0x2100401,
10894 0xe8: 0x1,
10895 0xf8: 0x100400,
10896 0x100: 0x2000000,
10897 0x110: 0x100000,
10898 0x120: 0x2000401,
10899 0x130: 0x2100001,
10900 0x140: 0x100001,
10901 0x150: 0x2000400,
10902 0x160: 0x2100400,
10903 0x170: 0x100401,
10904 0x180: 0x401,
10905 0x190: 0x2100401,
10906 0x1a0: 0x100400,
10907 0x1b0: 0x1,
10908 0x1c0: 0x0,
10909 0x1d0: 0x2100000,
10910 0x1e0: 0x2000001,
10911 0x1f0: 0x400,
10912 0x108: 0x100400,
10913 0x118: 0x2000401,
10914 0x128: 0x2100001,
10915 0x138: 0x1,
10916 0x148: 0x2000000,
10917 0x158: 0x100000,
10918 0x168: 0x401,
10919 0x178: 0x2100400,
10920 0x188: 0x2000001,
10921 0x198: 0x2100000,
10922 0x1a8: 0x0,
10923 0x1b8: 0x2100401,
10924 0x1c8: 0x100401,
10925 0x1d8: 0x400,
10926 0x1e8: 0x2000400,
10927 0x1f8: 0x100001
10928 },
10929 {
10930 0x0: 0x8000820,
10931 0x1: 0x20000,
10932 0x2: 0x8000000,
10933 0x3: 0x20,
10934 0x4: 0x20020,
10935 0x5: 0x8020820,
10936 0x6: 0x8020800,
10937 0x7: 0x800,
10938 0x8: 0x8020000,
10939 0x9: 0x8000800,
10940 0xa: 0x20800,
10941 0xb: 0x8020020,
10942 0xc: 0x820,
10943 0xd: 0x0,
10944 0xe: 0x8000020,
10945 0xf: 0x20820,
10946 0x80000000: 0x800,
10947 0x80000001: 0x8020820,
10948 0x80000002: 0x8000820,
10949 0x80000003: 0x8000000,
10950 0x80000004: 0x8020000,
10951 0x80000005: 0x20800,
10952 0x80000006: 0x20820,
10953 0x80000007: 0x20,
10954 0x80000008: 0x8000020,
10955 0x80000009: 0x820,
10956 0x8000000a: 0x20020,
10957 0x8000000b: 0x8020800,
10958 0x8000000c: 0x0,
10959 0x8000000d: 0x8020020,
10960 0x8000000e: 0x8000800,
10961 0x8000000f: 0x20000,
10962 0x10: 0x20820,
10963 0x11: 0x8020800,
10964 0x12: 0x20,
10965 0x13: 0x800,
10966 0x14: 0x8000800,
10967 0x15: 0x8000020,
10968 0x16: 0x8020020,
10969 0x17: 0x20000,
10970 0x18: 0x0,
10971 0x19: 0x20020,
10972 0x1a: 0x8020000,
10973 0x1b: 0x8000820,
10974 0x1c: 0x8020820,
10975 0x1d: 0x20800,
10976 0x1e: 0x820,
10977 0x1f: 0x8000000,
10978 0x80000010: 0x20000,
10979 0x80000011: 0x800,
10980 0x80000012: 0x8020020,
10981 0x80000013: 0x20820,
10982 0x80000014: 0x20,
10983 0x80000015: 0x8020000,
10984 0x80000016: 0x8000000,
10985 0x80000017: 0x8000820,
10986 0x80000018: 0x8020820,
10987 0x80000019: 0x8000020,
10988 0x8000001a: 0x8000800,
10989 0x8000001b: 0x0,
10990 0x8000001c: 0x20800,
10991 0x8000001d: 0x820,
10992 0x8000001e: 0x20020,
10993 0x8000001f: 0x8020800
10994 }
10995 ];
10997 // Masks that select the SBOX input
10998 var SBOX_MASK = [
10999 0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
11000 0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
11001 ];
11003 /**
11004 * DES block cipher algorithm.
11005 */
11006 var DES = C_algo.DES = BlockCipher.extend({
11007 _doReset: function () {
11008 // Shortcuts
11009 var key = this._key;
11010 var keyWords = key.words;
11012 // Select 56 bits according to PC1
11013 var keyBits = [];
11014 for (var i = 0; i < 56; i++) {
11015 var keyBitPos = PC1[i] - 1;
11016 keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
11017 }
11019 // Assemble 16 subkeys
11020 var subKeys = this._subKeys = [];
11021 for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
11022 // Create subkey
11023 var subKey = subKeys[nSubKey] = [];
11025 // Shortcut
11026 var bitShift = BIT_SHIFTS[nSubKey];
11028 // Select 48 bits according to PC2
11029 for (var i = 0; i < 24; i++) {
11030 // Select from the left 28 key bits
11031 subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
11033 // Select from the right 28 key bits
11034 subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
11035 }
11037 // Since each subkey is applied to an expanded 32-bit input,
11038 // the subkey can be broken into 8 values scaled to 32-bits,
11039 // which allows the key to be used without expansion
11040 subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
11041 for (var i = 1; i < 7; i++) {
11042 subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
11043 }
11044 subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
11045 }
11047 // Compute inverse subkeys
11048 var invSubKeys = this._invSubKeys = [];
11049 for (var i = 0; i < 16; i++) {
11050 invSubKeys[i] = subKeys[15 - i];
11051 }
11052 },
11054 encryptBlock: function (M, offset) {
11055 this._doCryptBlock(M, offset, this._subKeys);
11056 },
11058 decryptBlock: function (M, offset) {
11059 this._doCryptBlock(M, offset, this._invSubKeys);
11060 },
11062 _doCryptBlock: function (M, offset, subKeys) {
11063 // Get input
11064 this._lBlock = M[offset];
11065 this._rBlock = M[offset + 1];
11067 // Initial permutation
11068 exchangeLR.call(this, 4, 0x0f0f0f0f);
11069 exchangeLR.call(this, 16, 0x0000ffff);
11070 exchangeRL.call(this, 2, 0x33333333);
11071 exchangeRL.call(this, 8, 0x00ff00ff);
11072 exchangeLR.call(this, 1, 0x55555555);
11074 // Rounds
11075 for (var round = 0; round < 16; round++) {
11076 // Shortcuts
11077 var subKey = subKeys[round];
11078 var lBlock = this._lBlock;
11079 var rBlock = this._rBlock;
11081 // Feistel function
11082 var f = 0;
11083 for (var i = 0; i < 8; i++) {
11084 f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
11085 }
11086 this._lBlock = rBlock;
11087 this._rBlock = lBlock ^ f;
11088 }
11090 // Undo swap from last round
11091 var t = this._lBlock;
11092 this._lBlock = this._rBlock;
11093 this._rBlock = t;
11095 // Final permutation
11096 exchangeLR.call(this, 1, 0x55555555);
11097 exchangeRL.call(this, 8, 0x00ff00ff);
11098 exchangeRL.call(this, 2, 0x33333333);
11099 exchangeLR.call(this, 16, 0x0000ffff);
11100 exchangeLR.call(this, 4, 0x0f0f0f0f);
11102 // Set output
11103 M[offset] = this._lBlock;
11104 M[offset + 1] = this._rBlock;
11105 },
11107 keySize: 64/32,
11109 ivSize: 64/32,
11111 blockSize: 64/32
11112 });
11114 // Swap bits across the left and right words
11115 function exchangeLR(offset, mask) {
11116 var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
11117 this._rBlock ^= t;
11118 this._lBlock ^= t << offset;
11119 }
11121 function exchangeRL(offset, mask) {
11122 var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
11123 this._lBlock ^= t;
11124 this._rBlock ^= t << offset;
11125 }
11127 /**
11128 * Shortcut functions to the cipher's object interface.
11129 *
11130 * @example
11131 *
11132 * var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
11133 * var plaintext = CryptoJS.DES.decrypt(ciphertext, key, cfg);
11134 */
11135 C.DES = BlockCipher._createHelper(DES);
11137 /**
11138 * Triple-DES block cipher algorithm.
11139 */
11140 var TripleDES = C_algo.TripleDES = BlockCipher.extend({
11141 _doReset: function () {
11142 // Shortcuts
11143 var key = this._key;
11144 var keyWords = key.words;
11146 // Create DES instances
11147 this._des1 = DES.createEncryptor(WordArray.create(keyWords.slice(0, 2)));
11148 this._des2 = DES.createEncryptor(WordArray.create(keyWords.slice(2, 4)));
11149 this._des3 = DES.createEncryptor(WordArray.create(keyWords.slice(4, 6)));
11150 },
11152 encryptBlock: function (M, offset) {
11153 this._des1.encryptBlock(M, offset);
11154 this._des2.decryptBlock(M, offset);
11155 this._des3.encryptBlock(M, offset);
11156 },
11158 decryptBlock: function (M, offset) {
11159 this._des3.decryptBlock(M, offset);
11160 this._des2.encryptBlock(M, offset);
11161 this._des1.decryptBlock(M, offset);
11162 },
11164 keySize: 192/32,
11166 ivSize: 64/32,
11168 blockSize: 64/32
11169 });
11171 /**
11172 * Shortcut functions to the cipher's object interface.
11173 *
11174 * @example
11175 *
11176 * var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
11177 * var plaintext = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
11178 */
11179 C.TripleDES = BlockCipher._createHelper(TripleDES);
11180 }());
11183 return CryptoJS.TripleDES;
11187;(function (root, factory) {
11188 if (typeof exports === "object") {
11189 // CommonJS
11190 module.exports = exports = factory(_dereq_("./core"));
11191 }
11192 else if (typeof define === "function" && define.amd) {
11193 // AMD
11194 define(["./core"], factory);
11195 }
11196 else {
11197 // Global (browser)
11198 factory(root.CryptoJS);
11199 }
11200}(this, function (CryptoJS) {
11202 (function (undefined) {
11203 // Shortcuts
11204 var C = CryptoJS;
11205 var C_lib = C.lib;
11206 var Base = C_lib.Base;
11207 var X32WordArray = C_lib.WordArray;
11209 /**
11210 * x64 namespace.
11211 */
11212 var C_x64 = C.x64 = {};
11214 /**
11215 * A 64-bit word.
11216 */
11217 var X64Word = C_x64.Word = Base.extend({
11218 /**
11219 * Initializes a newly created 64-bit word.
11220 *
11221 * @param {number} high The high 32 bits.
11222 * @param {number} low The low 32 bits.
11223 *
11224 * @example
11225 *
11226 * var x64Word = CryptoJS.x64.Word.create(0x00010203, 0x04050607);
11227 */
11228 init: function (high, low) {
11229 this.high = high;
11230 this.low = low;
11231 }
11233 /**
11234 * Bitwise NOTs this word.
11235 *
11236 * @return {X64Word} A new x64-Word object after negating.
11237 *
11238 * @example
11239 *
11240 * var negated = x64Word.not();
11241 */
11242 // not: function () {
11243 // var high = ~this.high;
11244 // var low = ~this.low;
11246 // return X64Word.create(high, low);
11247 // },
11249 /**
11250 * Bitwise ANDs this word with the passed word.
11251 *
11252 * @param {X64Word} word The x64-Word to AND with this word.
11253 *
11254 * @return {X64Word} A new x64-Word object after ANDing.
11255 *
11256 * @example
11257 *
11258 * var anded = x64Word.and(anotherX64Word);
11259 */
11260 // and: function (word) {
11261 // var high = this.high & word.high;
11262 // var low = this.low & word.low;
11264 // return X64Word.create(high, low);
11265 // },
11267 /**
11268 * Bitwise ORs this word with the passed word.
11269 *
11270 * @param {X64Word} word The x64-Word to OR with this word.
11271 *
11272 * @return {X64Word} A new x64-Word object after ORing.
11273 *
11274 * @example
11275 *
11276 * var ored = x64Word.or(anotherX64Word);
11277 */
11278 // or: function (word) {
11279 // var high = this.high | word.high;
11280 // var low = this.low | word.low;
11282 // return X64Word.create(high, low);
11283 // },
11285 /**
11286 * Bitwise XORs this word with the passed word.
11287 *
11288 * @param {X64Word} word The x64-Word to XOR with this word.
11289 *
11290 * @return {X64Word} A new x64-Word object after XORing.
11291 *
11292 * @example
11293 *
11294 * var xored = x64Word.xor(anotherX64Word);
11295 */
11296 // xor: function (word) {
11297 // var high = this.high ^ word.high;
11298 // var low = this.low ^ word.low;
11300 // return X64Word.create(high, low);
11301 // },
11303 /**
11304 * Shifts this word n bits to the left.
11305 *
11306 * @param {number} n The number of bits to shift.
11307 *
11308 * @return {X64Word} A new x64-Word object after shifting.
11309 *
11310 * @example
11311 *
11312 * var shifted = x64Word.shiftL(25);
11313 */
11314 // shiftL: function (n) {
11315 // if (n < 32) {
11316 // var high = (this.high << n) | (this.low >>> (32 - n));
11317 // var low = this.low << n;
11318 // } else {
11319 // var high = this.low << (n - 32);
11320 // var low = 0;
11321 // }
11323 // return X64Word.create(high, low);
11324 // },
11326 /**
11327 * Shifts this word n bits to the right.
11328 *
11329 * @param {number} n The number of bits to shift.
11330 *
11331 * @return {X64Word} A new x64-Word object after shifting.
11332 *
11333 * @example
11334 *
11335 * var shifted = x64Word.shiftR(7);
11336 */
11337 // shiftR: function (n) {
11338 // if (n < 32) {
11339 // var low = (this.low >>> n) | (this.high << (32 - n));
11340 // var high = this.high >>> n;
11341 // } else {
11342 // var low = this.high >>> (n - 32);
11343 // var high = 0;
11344 // }
11346 // return X64Word.create(high, low);
11347 // },
11349 /**
11350 * Rotates this word n bits to the left.
11351 *
11352 * @param {number} n The number of bits to rotate.
11353 *
11354 * @return {X64Word} A new x64-Word object after rotating.
11355 *
11356 * @example
11357 *
11358 * var rotated = x64Word.rotL(25);
11359 */
11360 // rotL: function (n) {
11361 // return this.shiftL(n).or(this.shiftR(64 - n));
11362 // },
11364 /**
11365 * Rotates this word n bits to the right.
11366 *
11367 * @param {number} n The number of bits to rotate.
11368 *
11369 * @return {X64Word} A new x64-Word object after rotating.
11370 *
11371 * @example
11372 *
11373 * var rotated = x64Word.rotR(7);
11374 */
11375 // rotR: function (n) {
11376 // return this.shiftR(n).or(this.shiftL(64 - n));
11377 // },
11379 /**
11380 * Adds this word with the passed word.
11381 *
11382 * @param {X64Word} word The x64-Word to add with this word.
11383 *
11384 * @return {X64Word} A new x64-Word object after adding.
11385 *
11386 * @example
11387 *
11388 * var added = x64Word.add(anotherX64Word);
11389 */
11390 // add: function (word) {
11391 // var low = (this.low + word.low) | 0;
11392 // var carry = (low >>> 0) < (this.low >>> 0) ? 1 : 0;
11393 // var high = (this.high + word.high + carry) | 0;
11395 // return X64Word.create(high, low);
11396 // }
11397 });
11399 /**
11400 * An array of 64-bit words.
11401 *
11402 * @property {Array} words The array of CryptoJS.x64.Word objects.
11403 * @property {number} sigBytes The number of significant bytes in this word array.
11404 */
11405 var X64WordArray = C_x64.WordArray = Base.extend({
11406 /**
11407 * Initializes a newly created word array.
11408 *
11409 * @param {Array} words (Optional) An array of CryptoJS.x64.Word objects.
11410 * @param {number} sigBytes (Optional) The number of significant bytes in the words.
11411 *
11412 * @example
11413 *
11414 * var wordArray = CryptoJS.x64.WordArray.create();
11415 *
11416 * var wordArray = CryptoJS.x64.WordArray.create([
11417 * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
11418 * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
11419 * ]);
11420 *
11421 * var wordArray = CryptoJS.x64.WordArray.create([
11422 * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
11423 * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
11424 * ], 10);
11425 */
11426 init: function (words, sigBytes) {
11427 words = this.words = words || [];
11429 if (sigBytes != undefined) {
11430 this.sigBytes = sigBytes;
11431 } else {
11432 this.sigBytes = words.length * 8;
11433 }
11434 },
11436 /**
11437 * Converts this 64-bit word array to a 32-bit word array.
11438 *
11439 * @return {CryptoJS.lib.WordArray} This word array's data as a 32-bit word array.
11440 *
11441 * @example
11442 *
11443 * var x32WordArray = x64WordArray.toX32();
11444 */
11445 toX32: function () {
11446 // Shortcuts
11447 var x64Words = this.words;
11448 var x64WordsLength = x64Words.length;
11450 // Convert
11451 var x32Words = [];
11452 for (var i = 0; i < x64WordsLength; i++) {
11453 var x64Word = x64Words[i];
11454 x32Words.push(x64Word.high);
11455 x32Words.push(x64Word.low);
11456 }
11458 return X32WordArray.create(x32Words, this.sigBytes);
11459 },
11461 /**
11462 * Creates a copy of this word array.
11463 *
11464 * @return {X64WordArray} The clone.
11465 *
11466 * @example
11467 *
11468 * var clone = x64WordArray.clone();
11469 */
11470 clone: function () {
11471 var clone = Base.clone.call(this);
11473 // Clone "words" array
11474 var words = clone.words = this.words.slice(0);
11476 // Clone each X64Word object
11477 var wordsLength = words.length;
11478 for (var i = 0; i < wordsLength; i++) {
11479 words[i] = words[i].clone();
11480 }
11482 return clone;
11483 }
11484 });
11485 }());
11488 return CryptoJS;
11492var assert = _dereq_('assert')
11493var BigInteger = _dereq_('bigi')
11495var Point = _dereq_('./point')
11497function Curve(p, a, b, Gx, Gy, n, h) {
11498 this.p = p
11499 this.a = a
11500 this.b = b
11501 this.G = Point.fromAffine(this, Gx, Gy)
11502 this.n = n
11503 this.h = h
11505 this.infinity = new Point(this, null, null, BigInteger.ZERO)
11507 // result caching
11508 this.pOverFour = p.add(BigInteger.ONE).shiftRight(2)
11511Curve.prototype.pointFromX = function(isOdd, x) {
11512 var alpha = x.pow(3).add(this.a.multiply(x)).add(this.b).mod(this.p)
11513 var beta = alpha.modPow(this.pOverFour, this.p)
11515 var y = beta
11516 if (beta.isEven() ^ !isOdd) {
11517 y = this.p.subtract(y) // -y % p
11518 }
11520 return Point.fromAffine(this, x, y)
11523Curve.prototype.isInfinity = function(Q) {
11524 if (Q === this.infinity) return true
11526 return Q.z.signum() === 0 && Q.y.signum() !== 0
11529Curve.prototype.isOnCurve = function(Q) {
11530 if (this.isInfinity(Q)) return true
11532 var x = Q.affineX
11533 var y = Q.affineY
11534 var a = this.a
11535 var b = this.b
11536 var p = this.p
11538 // Check that xQ and yQ are integers in the interval [0, p - 1]
11539 if (x.signum() < 0 || x.compareTo(p) >= 0) return false
11540 if (y.signum() < 0 || y.compareTo(p) >= 0) return false
11542 // and check that y^2 = x^3 + ax + b (mod p)
11543 var lhs = y.square().mod(p)
11544 var rhs = x.pow(3).add(a.multiply(x)).add(b).mod(p)
11545 return lhs.equals(rhs)
11549 * Validate an elliptic curve point.
11550 *
11551 * See SEC 1, section Elliptic Curve Public Key Validation Primitive
11552 */
11553Curve.prototype.validate = function(Q) {
11554 // Check Q != O
11555 assert(!this.isInfinity(Q), 'Point is at infinity')
11556 assert(this.isOnCurve(Q), 'Point is not on the curve')
11558 // Check nQ = O (where Q is a scalar multiple of G)
11559 var nQ = Q.multiply(this.n)
11560 assert(this.isInfinity(nQ), 'Point is not a scalar multiple of G')
11562 return true
11565module.exports = Curve
11569 "secp128r1": {
11570 "p": "fffffffdffffffffffffffffffffffff",
11571 "a": "fffffffdfffffffffffffffffffffffc",
11572 "b": "e87579c11079f43dd824993c2cee5ed3",
11573 "n": "fffffffe0000000075a30d1b9038a115",
11574 "h": "01",
11575 "Gx": "161ff7528b899b2d0c28607ca52c5b86",
11576 "Gy": "cf5ac8395bafeb13c02da292dded7a83"
11577 },
11578 "secp160k1": {
11579 "p": "fffffffffffffffffffffffffffffffeffffac73",
11580 "a": "00",
11581 "b": "07",
11582 "n": "0100000000000000000001b8fa16dfab9aca16b6b3",
11583 "h": "01",
11584 "Gx": "3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
11585 "Gy": "938cf935318fdced6bc28286531733c3f03c4fee"
11586 },
11587 "secp160r1": {
11588 "p": "ffffffffffffffffffffffffffffffff7fffffff",
11589 "a": "ffffffffffffffffffffffffffffffff7ffffffc",
11590 "b": "1c97befc54bd7a8b65acf89f81d4d4adc565fa45",
11591 "n": "0100000000000000000001f4c8f927aed3ca752257",
11592 "h": "01",
11593 "Gx": "4a96b5688ef573284664698968c38bb913cbfc82",
11594 "Gy": "23a628553168947d59dcc912042351377ac5fb32"
11595 },
11596 "secp192k1": {
11597 "p": "fffffffffffffffffffffffffffffffffffffffeffffee37",
11598 "a": "00",
11599 "b": "03",
11600 "n": "fffffffffffffffffffffffe26f2fc170f69466a74defd8d",
11601 "h": "01",
11602 "Gx": "db4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
11603 "Gy": "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d"
11604 },
11605 "secp192r1": {
11606 "p": "fffffffffffffffffffffffffffffffeffffffffffffffff",
11607 "a": "fffffffffffffffffffffffffffffffefffffffffffffffc",
11608 "b": "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
11609 "n": "ffffffffffffffffffffffff99def836146bc9b1b4d22831",
11610 "h": "01",
11611 "Gx": "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
11612 "Gy": "07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
11613 },
11614 "secp224r1": {
11615 "p": "ffffffffffffffffffffffffffffffff000000000000000000000001",
11616 "a": "fffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
11617 "b": "b4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
11618 "n": "ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d",
11619 "h": "01",
11620 "Gx": "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
11621 "Gy": "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34"
11622 },
11623 "secp256k1": {
11624 "p": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
11625 "a": "00",
11626 "b": "07",
11627 "n": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
11628 "h": "01",
11629 "Gx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
11630 "Gy": "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"
11631 },
11632 "secp256r1": {
11633 "p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
11634 "a": "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
11635 "b": "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
11636 "n": "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
11637 "h": "01",
11638 "Gx": "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
11639 "Gy": "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
11640 }
11644var Point = _dereq_('./point')
11645var Curve = _dereq_('./curve')
11647var getCurveByName = _dereq_('./names')
11649module.exports = {
11650 Curve: Curve,
11651 Point: Point,
11652 getCurveByName: getCurveByName
11656var BigInteger = _dereq_('bigi')
11658var curves = _dereq_('./curves')
11659var Curve = _dereq_('./curve')
11661function getCurveByName(name) {
11662 var curve = curves[name]
11663 if (!curve) return null
11665 var p = new BigInteger(curve.p, 16)
11666 var a = new BigInteger(curve.a, 16)
11667 var b = new BigInteger(curve.b, 16)
11668 var n = new BigInteger(curve.n, 16)
11669 var h = new BigInteger(curve.h, 16)
11670 var Gx = new BigInteger(curve.Gx, 16)
11671 var Gy = new BigInteger(curve.Gy, 16)
11673 return new Curve(p, a, b, Gx, Gy, n, h)
11676module.exports = getCurveByName
11679(function (Buffer){
11680var assert = _dereq_('assert')
11681var BigInteger = _dereq_('bigi')
11683var THREE = BigInteger.valueOf(3)
11685function Point(curve, x, y, z) {
11686 assert.notStrictEqual(z, undefined, 'Missing Z coordinate')
11688 this.curve = curve
11689 this.x = x
11690 this.y = y
11691 this.z = z
11692 this._zInv = null
11694 this.compressed = true
11697Object.defineProperty(Point.prototype, 'zInv', {
11698 get: function() {
11699 if (this._zInv === null) {
11700 this._zInv = this.z.modInverse(this.curve.p)
11701 }
11703 return this._zInv
11704 }
11707Object.defineProperty(Point.prototype, 'affineX', {
11708 get: function() {
11709 return this.x.multiply(this.zInv).mod(this.curve.p)
11710 }
11713Object.defineProperty(Point.prototype, 'affineY', {
11714 get: function() {
11715 return this.y.multiply(this.zInv).mod(this.curve.p)
11716 }
11719Point.fromAffine = function(curve, x, y) {
11720 return new Point(curve, x, y, BigInteger.ONE)
11723Point.prototype.equals = function(other) {
11724 if (other === this) return true
11725 if (this.curve.isInfinity(this)) return this.curve.isInfinity(other)
11726 if (this.curve.isInfinity(other)) return this.curve.isInfinity(this)
11728 // u = Y2 * Z1 - Y1 * Z2
11729 var u = other.y.multiply(this.z).subtract(this.y.multiply(other.z)).mod(this.curve.p)
11731 if (u.signum() !== 0) return false
11733 // v = X2 * Z1 - X1 * Z2
11734 var v = other.x.multiply(this.z).subtract(this.x.multiply(other.z)).mod(this.curve.p)
11736 return v.signum() === 0
11739Point.prototype.negate = function() {
11740 var y = this.curve.p.subtract(this.y)
11742 return new Point(this.curve, this.x, y, this.z)
11745Point.prototype.add = function(b) {
11746 if (this.curve.isInfinity(this)) return b
11747 if (this.curve.isInfinity(b)) return this
11749 var x1 = this.x
11750 var y1 = this.y
11751 var x2 = b.x
11752 var y2 = b.y
11754 // u = Y2 * Z1 - Y1 * Z2
11755 var u = y2.multiply(this.z).subtract(y1.multiply(b.z)).mod(this.curve.p)
11756 // v = X2 * Z1 - X1 * Z2
11757 var v = x2.multiply(this.z).subtract(x1.multiply(b.z)).mod(this.curve.p)
11759 if (v.signum() === 0) {
11760 if (u.signum() === 0) {
11761 return this.twice() // this == b, so double
11762 }
11764 return this.curve.infinity // this = -b, so infinity
11765 }
11767 var v2 = v.square()
11768 var v3 = v2.multiply(v)
11769 var x1v2 = x1.multiply(v2)
11770 var zu2 = u.square().multiply(this.z)
11772 // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)
11773 var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.p)
11774 // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3
11775 var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.p)
11776 // z3 = v^3 * z1 * z2
11777 var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.p)
11779 return new Point(this.curve, x3, y3, z3)
11782Point.prototype.twice = function() {
11783 if (this.curve.isInfinity(this)) return this
11784 if (this.y.signum() === 0) return this.curve.infinity
11786 var x1 = this.x
11787 var y1 = this.y
11789 var y1z1 = y1.multiply(this.z)
11790 var y1sqz1 = y1z1.multiply(y1).mod(this.curve.p)
11791 var a = this.curve.a
11793 // w = 3 * x1^2 + a * z1^2
11794 var w = x1.square().multiply(THREE)
11796 if (a.signum() !== 0) {
11797 w = w.add(this.z.square().multiply(a))
11798 }
11800 w = w.mod(this.curve.p)
11801 // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)
11802 var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.p)
11803 // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3
11804 var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.pow(3)).mod(this.curve.p)
11805 // z3 = 8 * (y1 * z1)^3
11806 var z3 = y1z1.pow(3).shiftLeft(3).mod(this.curve.p)
11808 return new Point(this.curve, x3, y3, z3)
11811// Simple NAF (Non-Adjacent Form) multiplication algorithm
11812// TODO: modularize the multiplication algorithm
11813Point.prototype.multiply = function(k) {
11814 if (this.curve.isInfinity(this)) return this
11815 if (k.signum() === 0) return this.curve.infinity
11817 var e = k
11818 var h = e.multiply(THREE)
11820 var neg = this.negate()
11821 var R = this
11823 for (var i = h.bitLength() - 2; i > 0; --i) {
11824 R = R.twice()
11826 var hBit = h.testBit(i)
11827 var eBit = e.testBit(i)
11829 if (hBit != eBit) {
11830 R = R.add(hBit ? this : neg)
11831 }
11832 }
11834 return R
11837// Compute this*j + x*k (simultaneous multiplication)
11838Point.prototype.multiplyTwo = function(j, x, k) {
11839 var i
11841 if (j.bitLength() > k.bitLength())
11842 i = j.bitLength() - 1
11843 else
11844 i = k.bitLength() - 1
11846 var R = this.curve.infinity
11847 var both = this.add(x)
11849 while (i >= 0) {
11850 R = R.twice()
11852 var jBit = j.testBit(i)
11853 var kBit = k.testBit(i)
11855 if (jBit) {
11856 if (kBit) {
11857 R = R.add(both)
11859 } else {
11860 R = R.add(this)
11861 }
11863 } else {
11864 if (kBit) {
11865 R = R.add(x)
11866 }
11867 }
11868 --i
11869 }
11871 return R
11874Point.prototype.getEncoded = function(compressed) {
11875 if (compressed == undefined) compressed = this.compressed
11876 if (this.curve.isInfinity(this)) return new Buffer('00', 'hex') // Infinity point encoded is simply '00'
11878 var x = this.affineX
11879 var y = this.affineY
11881 var buffer
11883 // Determine size of q in bytes
11884 var byteLength = Math.floor((this.curve.p.bitLength() + 7) / 8)
11886 // 0x02/0x03 | X
11887 if (compressed) {
11888 buffer = new Buffer(1 + byteLength)
11889 buffer.writeUInt8(y.isEven() ? 0x02 : 0x03, 0)
11891 // 0x04 | X | Y
11892 } else {
11893 buffer = new Buffer(1 + byteLength + byteLength)
11894 buffer.writeUInt8(0x04, 0)
11896 y.toBuffer(byteLength).copy(buffer, 1 + byteLength)
11897 }
11899 x.toBuffer(byteLength).copy(buffer, 1)
11901 return buffer
11904Point.decodeFrom = function(curve, buffer) {
11905 var type = buffer.readUInt8(0)
11906 var compressed = (type !== 4)
11908 var x = BigInteger.fromBuffer(buffer.slice(1, 33))
11909 var byteLength = Math.floor((curve.p.bitLength() + 7) / 8)
11911 var Q
11912 if (compressed) {
11913 assert.equal(buffer.length, byteLength + 1, 'Invalid sequence length')
11914 assert(type === 0x02 || type === 0x03, 'Invalid sequence tag')
11916 var isOdd = (type === 0x03)
11917 Q = curve.pointFromX(isOdd, x)
11919 } else {
11920 assert.equal(buffer.length, 1 + byteLength + byteLength, 'Invalid sequence length')
11922 var y = BigInteger.fromBuffer(buffer.slice(1 + byteLength))
11923 Q = Point.fromAffine(curve, x, y)
11924 }
11926 Q.compressed = compressed
11927 return Q
11930Point.prototype.toString = function () {
11931 if (this.curve.isInfinity(this)) return '(INFINITY)'
11933 return '(' + this.affineX.toString() + ',' + this.affineY.toString() + ')'
11936module.exports = Point
11940(function (process,Buffer){
11941// Closure compiler error - result of 'not' operator not being used
11944'use strict'
11946//*** UMD BEGIN
11947if (typeof define !== 'undefined' && define.amd) { //require.js / AMD
11948 define([], function() {
11949 return secureRandom
11950 })
11951} else if (typeof module !== 'undefined' && module.exports) { //CommonJS
11952 module.exports = secureRandom
11953} else { //script / browser
11954 globals.secureRandom = secureRandom
11956//*** UMD END
11958//options.type is the only valid option
11959function secureRandom(count, options) {
11960 options = options || {type: 'Array'}
11961 //we check for process.pid to prevent browserify from tricking us
11962 if (typeof process != 'undefined' && typeof process.pid == 'number') {
11963 return nodeRandom(count, options)
11964 } else {
11965 var crypto = window.crypto || window.msCrypto
11966 if (!crypto) throw new Error("Your browser does not support window.crypto.")
11967 return browserRandom(count, options)
11968 }
11971function nodeRandom(count, options) {
11972 var crypto = _dereq_('crypto')
11973 var buf = crypto.randomBytes(count)
11975 switch (options.type) {
11976 case 'Array':
11977 return [].slice.call(buf)
11978 case 'Buffer':
11979 return buf
11980 case 'Uint8Array':
11981 var arr = new Uint8Array(count)
11982 for (var i = 0; i < count; ++i) { arr[i] = buf.readUInt8(i) }
11983 return arr
11984 default:
11985 throw new Error(options.type + " is unsupported.")
11986 }
11989function browserRandom(count, options) {
11990 var nativeArr = new Uint8Array(count)
11991 var crypto = window.crypto || window.msCrypto
11992 crypto.getRandomValues(nativeArr)
11994 switch (options.type) {
11995 case 'Array':
11996 return [].slice.call(nativeArr)
11997 case 'Buffer':
11998 try { var b = new Buffer(1) } catch(e) { throw new Error('Buffer not supported in this environment. Use Node.js or Browserify for browser support.')}
11999 return new Buffer(nativeArr)
12000 case 'Uint8Array':
12001 return nativeArr
12002 default:
12003 throw new Error(options.type + " is unsupported.")
12004 }
12007secureRandom.randomArray = function(byteCount) {
12008 return secureRandom(byteCount, {type: 'Array'})
12011secureRandom.randomUint8Array = function(byteCount) {
12012 return secureRandom(byteCount, {type: 'Uint8Array'})
12015secureRandom.randomBuffer = function(byteCount) {
12016 return secureRandom(byteCount, {type: 'Buffer'})
12024(function (Buffer){
12025var assert = _dereq_('assert')
12026var base58check = _dereq_('./base58check')
12027var networks = _dereq_('./networks')
12028var scripts = _dereq_('./scripts')
12030function findScriptTypeByVersion(version) {
12031 for (var networkName in networks) {
12032 var network = networks[networkName]
12034 if (version === network.pubKeyHash) return 'pubkeyhash'
12035 if (version === network.scriptHash) return 'scripthash'
12036 }
12039function Address(hash, version) {
12040 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
12041 assert.strictEqual(hash.length, 20, 'Invalid hash length')
12042 assert.strictEqual(version & 0xff, version, 'Invalid version byte')
12044 this.hash = hash
12045 this.version = version
12048// Import functions
12049Address.fromBase58Check = function(string) {
12050 var payload = base58check.decode(string)
12051 var version = payload.readUInt8(0)
12052 var hash = payload.slice(1)
12054 return new Address(hash, version)
12057Address.fromOutputScript = function(script, network) {
12058 network = network || networks.bitcoin
12060 var type = scripts.classifyOutput(script)
12062 if (type === 'pubkeyhash') return new Address(script.chunks[2], network.pubKeyHash)
12063 if (type === 'scripthash') return new Address(script.chunks[1], network.scriptHash)
12065 assert(false, type + ' has no matching Address')
12068// Export functions
12069Address.prototype.toBase58Check = function () {
12070 var payload = new Buffer(21)
12071 payload.writeUInt8(this.version, 0)
12072 this.hash.copy(payload, 1)
12074 return base58check.encode(payload)
12077Address.prototype.toOutputScript = function() {
12078 var scriptType = findScriptTypeByVersion(this.version)
12080 if (scriptType === 'pubkeyhash') return scripts.pubKeyHashOutput(this.hash)
12081 if (scriptType === 'scripthash') return scripts.scriptHashOutput(this.hash)
12083 assert(false, this.toString() + ' has no matching Script')
12086Address.prototype.toString = Address.prototype.toBase58Check
12088module.exports = Address
12092(function (Buffer){
12093// https://en.bitcoin.it/wiki/Base58Check_encoding
12094var assert = _dereq_('assert')
12095var base58 = _dereq_('bs58')
12096var crypto = _dereq_('./crypto')
12098// Encode a buffer as a base58-check-encoded string
12099function encode(payload) {
12100 var checksum = crypto.hash256(payload).slice(0, 4)
12102 return base58.encode(Buffer.concat([
12103 payload,
12104 checksum
12105 ]))
12108// Decode a base58-check-encoded string to a buffer
12109function decode(string) {
12110 var buffer = base58.decode(string)
12112 var payload = buffer.slice(0, -4)
12113 var checksum = buffer.slice(-4)
12114 var newChecksum = crypto.hash256(payload).slice(0, 4)
12116 assert.deepEqual(newChecksum, checksum, 'Invalid checksum')
12118 return payload
12121module.exports = {
12122 encode: encode,
12123 decode: decode
12128var assert = _dereq_('assert')
12129var opcodes = _dereq_('./opcodes')
12131// https://github.com/feross/buffer/blob/master/index.js#L1127
12132function verifuint(value, max) {
12133 assert(typeof value === 'number', 'cannot write a non-number as a number')
12134 assert(value >= 0, 'specified a negative value for writing an unsigned value')
12135 assert(value <= max, 'value is larger than maximum value for type')
12136 assert(Math.floor(value) === value, 'value has a fractional component')
12139function pushDataSize(i) {
12140 return i < opcodes.OP_PUSHDATA1 ? 1
12141 : i < 0xff ? 2
12142 : i < 0xffff ? 3
12143 : 5
12146function readPushDataInt(buffer, offset) {
12147 var opcode = buffer.readUInt8(offset)
12148 var number, size
12150 // ~6 bit
12151 if (opcode < opcodes.OP_PUSHDATA1) {
12152 number = opcode
12153 size = 1
12155 // 8 bit
12156 } else if (opcode === opcodes.OP_PUSHDATA1) {
12157 number = buffer.readUInt8(offset + 1)
12158 size = 2
12160 // 16 bit
12161 } else if (opcode === opcodes.OP_PUSHDATA2) {
12162 number = buffer.readUInt16LE(offset + 1)
12163 size = 3
12165 // 32 bit
12166 } else {
12167 assert.equal(opcode, opcodes.OP_PUSHDATA4, 'Unexpected opcode')
12169 number = buffer.readUInt32LE(offset + 1)
12170 size = 5
12172 }
12174 return {
12175 opcode: opcode,
12176 number: number,
12177 size: size
12178 }
12181function readUInt64LE(buffer, offset) {
12182 var a = buffer.readUInt32LE(offset)
12183 var b = buffer.readUInt32LE(offset + 4)
12184 b *= 0x100000000
12186 verifuint(b + a, 0x001fffffffffffff)
12188 return b + a
12191function readVarInt(buffer, offset) {
12192 var t = buffer.readUInt8(offset)
12193 var number, size
12195 // 8 bit
12196 if (t < 253) {
12197 number = t
12198 size = 1
12200 // 16 bit
12201 } else if (t < 254) {
12202 number = buffer.readUInt16LE(offset + 1)
12203 size = 3
12205 // 32 bit
12206 } else if (t < 255) {
12207 number = buffer.readUInt32LE(offset + 1)
12208 size = 5
12210 // 64 bit
12211 } else {
12212 number = readUInt64LE(buffer, offset + 1)
12213 size = 9
12214 }
12216 return {
12217 number: number,
12218 size: size
12219 }
12222function writePushDataInt(buffer, number, offset) {
12223 var size = pushDataSize(number)
12225 // ~6 bit
12226 if (size === 1) {
12227 buffer.writeUInt8(number, offset)
12229 // 8 bit
12230 } else if (size === 2) {
12231 buffer.writeUInt8(opcodes.OP_PUSHDATA1, offset)
12232 buffer.writeUInt8(number, offset + 1)
12234 // 16 bit
12235 } else if (size === 3) {
12236 buffer.writeUInt8(opcodes.OP_PUSHDATA2, offset)
12237 buffer.writeUInt16LE(number, offset + 1)
12239 // 32 bit
12240 } else {
12241 buffer.writeUInt8(opcodes.OP_PUSHDATA4, offset)
12242 buffer.writeUInt32LE(number, offset + 1)
12244 }
12246 return size
12249function writeUInt64LE(buffer, value, offset) {
12250 verifuint(value, 0x001fffffffffffff)
12252 buffer.writeInt32LE(value & -1, offset)
12253 buffer.writeUInt32LE(Math.floor(value / 0x100000000), offset + 4)
12256function varIntSize(i) {
12257 return i < 253 ? 1
12258 : i < 0x10000 ? 3
12259 : i < 0x100000000 ? 5
12260 : 9
12263function writeVarInt(buffer, number, offset) {
12264 var size = varIntSize(number)
12266 // 8 bit
12267 if (size === 1) {
12268 buffer.writeUInt8(number, offset)
12270 // 16 bit
12271 } else if (size === 3) {
12272 buffer.writeUInt8(253, offset)
12273 buffer.writeUInt16LE(number, offset + 1)
12275 // 32 bit
12276 } else if (size === 5) {
12277 buffer.writeUInt8(254, offset)
12278 buffer.writeUInt32LE(number, offset + 1)
12280 // 64 bit
12281 } else {
12282 buffer.writeUInt8(255, offset)
12283 writeUInt64LE(buffer, number, offset + 1)
12284 }
12286 return size
12289module.exports = {
12290 pushDataSize: pushDataSize,
12291 readPushDataInt: readPushDataInt,
12292 readUInt64LE: readUInt64LE,
12293 readVarInt: readVarInt,
12294 varIntSize: varIntSize,
12295 writePushDataInt: writePushDataInt,
12296 writeUInt64LE: writeUInt64LE,
12297 writeVarInt: writeVarInt
12301(function (Buffer){
12302var assert = _dereq_('assert')
12303var Crypto = _dereq_('crypto-js')
12304var WordArray = Crypto.lib.WordArray
12306function bufferToWordArray(buffer) {
12307 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got', buffer)
12309 var words = []
12310 for (var i = 0, b = 0; i < buffer.length; i++, b += 8) {
12311 words[b >>> 5] |= buffer[i] << (24 - b % 32)
12312 }
12314 return new WordArray.init(words, buffer.length)
12317function wordArrayToBuffer(wordArray) {
12318 assert(Array.isArray(wordArray.words), 'Expected WordArray, got' + wordArray)
12320 var words = wordArray.words
12321 var buffer = new Buffer(words.length * 4)
12323 words.forEach(function(value, i) {
12324 buffer.writeInt32BE(value & -1, i * 4)
12325 })
12327 return buffer
12330module.exports = {
12331 bufferToWordArray: bufferToWordArray,
12332 wordArrayToBuffer: wordArrayToBuffer
12337(function (Buffer){
12338// Crypto, crypto, where art thou crypto
12339var assert = _dereq_('assert')
12340var CryptoJS = _dereq_('crypto-js')
12341var crypto = _dereq_('crypto')
12342var convert = _dereq_('./convert')
12344function hash160(buffer) {
12345 return ripemd160(sha256(buffer))
12348function hash256(buffer) {
12349 return sha256(sha256(buffer))
12352function ripemd160(buffer) {
12353 return crypto.createHash('rmd160').update(buffer).digest()
12356function sha1(buffer) {
12357 return crypto.createHash('sha1').update(buffer).digest()
12360function sha256(buffer) {
12361 return crypto.createHash('sha256').update(buffer).digest()
12364// FIXME: Name not consistent with others
12365function HmacSHA256(buffer, secret) {
12366 return crypto.createHmac('sha256', secret).update(buffer).digest()
12369function HmacSHA512(data, secret) {
12370 assert(Buffer.isBuffer(data), 'Expected Buffer for data, got ' + data)
12371 assert(Buffer.isBuffer(secret), 'Expected Buffer for secret, got ' + secret)
12373 var dataWords = convert.bufferToWordArray(data)
12374 var secretWords = convert.bufferToWordArray(secret)
12376 var hash = CryptoJS.HmacSHA512(dataWords, secretWords)
12378 return convert.wordArrayToBuffer(hash)
12381module.exports = {
12382 ripemd160: ripemd160,
12383 sha1: sha1,
12384 sha256: sha256,
12385 hash160: hash160,
12386 hash256: hash256,
12387 HmacSHA256: HmacSHA256,
12388 HmacSHA512: HmacSHA512
12393(function (Buffer){
12394var assert = _dereq_('assert')
12395var crypto = _dereq_('./crypto')
12397var BigInteger = _dereq_('bigi')
12398var ECSignature = _dereq_('./ecsignature')
12399var Point = _dereq_('ecurve').Point
12401// https://tools.ietf.org/html/rfc6979#section-3.2
12402function deterministicGenerateK(curve, hash, d) {
12403 assert(Buffer.isBuffer(hash), 'Hash must be a Buffer, not ' + hash)
12404 assert.equal(hash.length, 32, 'Hash must be 256 bit')
12405 assert(d instanceof BigInteger, 'Private key must be a BigInteger')
12407 var x = d.toBuffer(32)
12408 var k = new Buffer(32)
12409 var v = new Buffer(32)
12411 // Step B
12412 v.fill(1)
12414 // Step C
12415 k.fill(0)
12417 // Step D
12418 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0]), x, hash]), k)
12420 // Step E
12421 v = crypto.HmacSHA256(v, k)
12423 // Step F
12424 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([1]), x, hash]), k)
12426 // Step G
12427 v = crypto.HmacSHA256(v, k)
12429 // Step H1/H2a, ignored as tlen === qlen (256 bit)
12430 // Step H2b
12431 v = crypto.HmacSHA256(v, k)
12433 var T = BigInteger.fromBuffer(v)
12435 // Step H3, repeat until T is within the interval [1, n - 1]
12436 while ((T.signum() <= 0) || (T.compareTo(curve.n) >= 0)) {
12437 k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0])]), k)
12438 v = crypto.HmacSHA256(v, k)
12440 T = BigInteger.fromBuffer(v)
12441 }
12443 return T
12446function sign(curve, hash, d) {
12447 var k = deterministicGenerateK(curve, hash, d)
12449 var n = curve.n
12450 var G = curve.G
12451 var Q = G.multiply(k)
12452 var e = BigInteger.fromBuffer(hash)
12454 var r = Q.affineX.mod(n)
12455 assert.notEqual(r.signum(), 0, 'Invalid R value')
12457 var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n)
12458 assert.notEqual(s.signum(), 0, 'Invalid S value')
12460 var N_OVER_TWO = n.shiftRight(1)
12462 // enforce low S values, see bip62: 'low s values in signatures'
12463 if (s.compareTo(N_OVER_TWO) > 0) {
12464 s = n.subtract(s)
12465 }
12467 return new ECSignature(r, s)
12470function verify(curve, hash, signature, Q) {
12471 var e = BigInteger.fromBuffer(hash)
12473 return verifyRaw(curve, e, signature, Q)
12476function verifyRaw(curve, e, signature, Q) {
12477 var n = curve.n
12478 var G = curve.G
12480 var r = signature.r
12481 var s = signature.s
12483 if (r.signum() === 0 || r.compareTo(n) >= 0) return false
12484 if (s.signum() === 0 || s.compareTo(n) >= 0) return false
12486 var c = s.modInverse(n)
12488 var u1 = e.multiply(c).mod(n)
12489 var u2 = r.multiply(c).mod(n)
12491 var point = G.multiplyTwo(u1, Q, u2)
12492 var v = point.affineX.mod(n)
12494 return v.equals(r)
12498 * Recover a public key from a signature.
12499 *
12500 * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
12501 * Key Recovery Operation".
12502 *
12503 * http://www.secg.org/download/aid-780/sec1-v2.pdf
12504 */
12505function recoverPubKey(curve, e, signature, i) {
12506 assert.strictEqual(i & 3, i, 'Recovery param is more than two bits')
12508 var r = signature.r
12509 var s = signature.s
12511 // A set LSB signifies that the y-coordinate is odd
12512 var isYOdd = i & 1
12514 // The more significant bit specifies whether we should use the
12515 // first or second candidate key.
12516 var isSecondKey = i >> 1
12518 var n = curve.n
12519 var G = curve.G
12521 // 1.1 Let x = r + jn
12522 var x = isSecondKey ? r.add(n) : r
12523 var R = curve.pointFromX(isYOdd, x)
12525 // 1.4 Check that nR is at infinity
12526 var nR = R.multiply(n)
12527 assert(curve.isInfinity(nR), 'nR is not a valid curve point')
12529 // Compute -e from e
12530 var eNeg = e.negate().mod(n)
12532 // 1.6.1 Compute Q = r^-1 (sR - eG)
12533 // Q = r^-1 (sR + -eG)
12534 var rInv = r.modInverse(n)
12536 var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
12537 curve.validate(Q)
12539 return Q
12543 * Calculate pubkey extraction parameter.
12544 *
12545 * When extracting a pubkey from a signature, we have to
12546 * distinguish four different cases. Rather than putting this
12547 * burden on the verifier, Bitcoin includes a 2-bit value with the
12548 * signature.
12549 *
12550 * This function simply tries all four cases and returns the value
12551 * that resulted in a successful pubkey recovery.
12552 */
12553function calcPubKeyRecoveryParam(curve, e, signature, Q) {
12554 for (var i = 0; i < 4; i++) {
12555 var Qprime = recoverPubKey(curve, e, signature, i)
12557 // 1.6.2 Verify Q
12558 if (Qprime.equals(Q)) {
12559 return i
12560 }
12561 }
12563 throw new Error('Unable to find valid recovery factor')
12566module.exports = {
12567 calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
12568 deterministicGenerateK: deterministicGenerateK,
12569 recoverPubKey: recoverPubKey,
12570 sign: sign,
12571 verify: verify,
12572 verifyRaw: verifyRaw
12577(function (Buffer){
12578var assert = _dereq_('assert')
12579var base58check = _dereq_('./base58check')
12580var ecdsa = _dereq_('./ecdsa')
12581var networks = _dereq_('./networks')
12582var secureRandom = _dereq_('secure-random')
12584var BigInteger = _dereq_('bigi')
12585var ECPubKey = _dereq_('./ecpubkey')
12587var ecurve = _dereq_('ecurve')
12588var curve = ecurve.getCurveByName('secp256k1')
12590function ECKey(d, compressed) {
12591 assert(d.signum() > 0, 'Private key must be greater than 0')
12592 assert(d.compareTo(curve.n) < 0, 'Private key must be less than the curve order')
12594 var Q = curve.G.multiply(d)
12596 this.d = d
12597 this.pub = new ECPubKey(Q, compressed)
12600// Static constructors
12601ECKey.fromWIF = function(string) {
12602 var payload = base58check.decode(string)
12603 var compressed = false
12605 // Ignore the version byte
12606 payload = payload.slice(1)
12608 if (payload.length === 33) {
12609 assert.strictEqual(payload[32], 0x01, 'Invalid compression flag')
12611 // Truncate the compression flag
12612 payload = payload.slice(0, -1)
12613 compressed = true
12614 }
12616 assert.equal(payload.length, 32, 'Invalid WIF payload length')
12618 var d = BigInteger.fromBuffer(payload)
12619 return new ECKey(d, compressed)
12622ECKey.makeRandom = function(compressed, rng) {
12623 rng = rng || secureRandom.randomBuffer
12625 var buffer = rng(32)
12626 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got ' + buffer)
12628 var d = BigInteger.fromBuffer(buffer)
12629 d = d.mod(curve.n)
12631 return new ECKey(d, compressed)
12634// Export functions
12635ECKey.prototype.toWIF = function(network) {
12636 network = network || networks.bitcoin
12638 var bufferLen = this.pub.compressed ? 34 : 33
12639 var buffer = new Buffer(bufferLen)
12641 buffer.writeUInt8(network.wif, 0)
12642 this.d.toBuffer(32).copy(buffer, 1)
12644 if (this.pub.compressed) {
12645 buffer.writeUInt8(0x01, 33)
12646 }
12648 return base58check.encode(buffer)
12651// Operations
12652ECKey.prototype.sign = function(hash) {
12653 return ecdsa.sign(curve, hash, this.d)
12656module.exports = ECKey
12660(function (Buffer){
12661var assert = _dereq_('assert')
12662var crypto = _dereq_('./crypto')
12663var ecdsa = _dereq_('./ecdsa')
12664var networks = _dereq_('./networks')
12666var Address = _dereq_('./address')
12668var ecurve = _dereq_('ecurve')
12669var curve = ecurve.getCurveByName('secp256k1')
12671function ECPubKey(Q, compressed) {
12672 assert(Q instanceof ecurve.Point, 'Expected Point, got ' + Q)
12674 if (compressed == undefined) compressed = true
12675 assert.strictEqual(typeof compressed, 'boolean', 'Expected boolean, got ' + compressed)
12677 this.compressed = compressed
12678 this.Q = Q
12681// Static constructors
12682ECPubKey.fromBuffer = function(buffer) {
12683 var Q = ecurve.Point.decodeFrom(curve, buffer)
12684 return new ECPubKey(Q, Q.compressed)
12687ECPubKey.fromHex = function(hex) {
12688 return ECPubKey.fromBuffer(new Buffer(hex, 'hex'))
12691// Operations
12692ECPubKey.prototype.getAddress = function(network) {
12693 network = network || networks.bitcoin
12695 return new Address(crypto.hash160(this.toBuffer()), network.pubKeyHash)
12698ECPubKey.prototype.verify = function(hash, signature) {
12699 return ecdsa.verify(curve, hash, signature, this.Q)
12702// Export functions
12703ECPubKey.prototype.toBuffer = function() {
12704 return this.Q.getEncoded(this.compressed)
12707ECPubKey.prototype.toHex = function() {
12708 return this.toBuffer().toString('hex')
12711module.exports = ECPubKey
12715(function (Buffer){
12716var assert = _dereq_('assert')
12717var BigInteger = _dereq_('bigi')
12719function ECSignature(r, s) {
12720 assert(r instanceof BigInteger, 'Expected BigInteger, got ' + r)
12721 assert(s instanceof BigInteger, 'Expected BigInteger, got ' + s)
12722 this.r = r
12723 this.s = s
12726// Import operations
12727ECSignature.parseCompact = function(buffer) {
12728 assert.equal(buffer.length, 65, 'Invalid signature length')
12729 var i = buffer.readUInt8(0) - 27
12731 // At most 3 bits
12732 assert.equal(i, i & 7, 'Invalid signature parameter')
12733 var compressed = !!(i & 4)
12735 // Recovery param only
12736 i = i & 3
12738 var r = BigInteger.fromBuffer(buffer.slice(1, 33))
12739 var s = BigInteger.fromBuffer(buffer.slice(33))
12741 return {
12742 compressed: compressed,
12743 i: i,
12744 signature: new ECSignature(r, s)
12745 }
12748ECSignature.fromDER = function(buffer) {
12749 assert.equal(buffer.readUInt8(0), 0x30, 'Not a DER sequence')
12750 assert.equal(buffer.readUInt8(1), buffer.length - 2, 'Invalid sequence length')
12751 assert.equal(buffer.readUInt8(2), 0x02, 'Expected a DER integer')
12753 var rLen = buffer.readUInt8(3)
12754 assert(rLen > 0, 'R length is zero')
12756 var offset = 4 + rLen
12757 assert.equal(buffer.readUInt8(offset), 0x02, 'Expected a DER integer (2)')
12759 var sLen = buffer.readUInt8(offset + 1)
12760 assert(sLen > 0, 'S length is zero')
12762 var rB = buffer.slice(4, offset)
12763 var sB = buffer.slice(offset + 2)
12764 offset += 2 + sLen
12766 if (rLen > 1 && rB.readUInt8(0) === 0x00) {
12767 assert(rB.readUInt8(1) & 0x80, 'R value excessively padded')
12768 }
12770 if (sLen > 1 && sB.readUInt8(0) === 0x00) {
12771 assert(sB.readUInt8(1) & 0x80, 'S value excessively padded')
12772 }
12774 assert.equal(offset, buffer.length, 'Invalid DER encoding')
12775 var r = BigInteger.fromDERInteger(rB)
12776 var s = BigInteger.fromDERInteger(sB)
12778 assert(r.signum() >= 0, 'R value is negative')
12779 assert(s.signum() >= 0, 'S value is negative')
12781 return new ECSignature(r, s)
12784// FIXME: 0x00, 0x04, 0x80 are SIGHASH_* boundary constants, importing Transaction causes a circular dependency
12785ECSignature.parseScriptSignature = function(buffer) {
12786 var hashType = buffer.readUInt8(buffer.length - 1)
12787 var hashTypeMod = hashType & ~0x80
12789 assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType')
12791 return {
12792 signature: ECSignature.fromDER(buffer.slice(0, -1)),
12793 hashType: hashType
12794 }
12797// Export operations
12798ECSignature.prototype.toCompact = function(i, compressed) {
12799 if (compressed) i += 4
12800 i += 27
12802 var buffer = new Buffer(65)
12803 buffer.writeUInt8(i, 0)
12805 this.r.toBuffer(32).copy(buffer, 1)
12806 this.s.toBuffer(32).copy(buffer, 33)
12808 return buffer
12811ECSignature.prototype.toDER = function() {
12812 var rBa = this.r.toDERInteger()
12813 var sBa = this.s.toDERInteger()
12815 var sequence = []
12816 sequence.push(0x02) // INTEGER
12817 sequence.push(rBa.length)
12818 sequence = sequence.concat(rBa)
12820 sequence.push(0x02) // INTEGER
12821 sequence.push(sBa.length)
12822 sequence = sequence.concat(sBa)
12824 sequence.unshift(sequence.length)
12825 sequence.unshift(0x30) // SEQUENCE
12827 return new Buffer(sequence)
12830ECSignature.prototype.toScriptSignature = function(hashType) {
12831 var hashTypeBuffer = new Buffer(1)
12832 hashTypeBuffer.writeUInt8(hashType, 0)
12834 return Buffer.concat([this.toDER(), hashTypeBuffer])
12837module.exports = ECSignature
12841(function (Buffer){
12842var assert = _dereq_('assert')
12843var base58check = _dereq_('./base58check')
12844var crypto = _dereq_('./crypto')
12845var networks = _dereq_('./networks')
12847var BigInteger = _dereq_('bigi')
12848var ECKey = _dereq_('./eckey')
12849var ECPubKey = _dereq_('./ecpubkey')
12851var ecurve = _dereq_('ecurve')
12852var curve = ecurve.getCurveByName('secp256k1')
12854function findBIP32ParamsByVersion(version) {
12855 for (var name in networks) {
12856 var network = networks[name]
12858 for (var type in network.bip32) {
12859 if (version != network.bip32[type]) continue
12861 return {
12862 isPrivate: (type === 'private'),
12863 network: network
12864 }
12865 }
12866 }
12868 assert(false, 'Could not find version ' + version.toString(16))
12871function HDNode(K, chainCode, network) {
12872 network = network || networks.bitcoin
12874 assert(Buffer.isBuffer(chainCode), 'Expected Buffer, got ' + chainCode)
12875 assert(network.bip32, 'Unknown BIP32 constants for network')
12877 this.chainCode = chainCode
12878 this.depth = 0
12879 this.index = 0
12880 this.network = network
12882 if (K instanceof BigInteger) {
12883 this.privKey = new ECKey(K, true)
12884 this.pubKey = this.privKey.pub
12885 } else {
12886 this.pubKey = new ECPubKey(K, true)
12887 }
12890HDNode.MASTER_SECRET = new Buffer('Bitcoin seed')
12891HDNode.HIGHEST_BIT = 0x80000000
12892HDNode.LENGTH = 78
12894HDNode.fromSeedBuffer = function(seed, network) {
12895 var I = crypto.HmacSHA512(seed, HDNode.MASTER_SECRET)
12896 var IL = I.slice(0, 32)
12897 var IR = I.slice(32)
12899 // In case IL is 0 or >= n, the master key is invalid
12900 // This is handled by `new ECKey` in the HDNode constructor
12901 var pIL = BigInteger.fromBuffer(IL)
12903 return new HDNode(pIL, IR, network)
12906HDNode.fromSeedHex = function(hex, network) {
12907 return HDNode.fromSeedBuffer(new Buffer(hex, 'hex'), network)
12910HDNode.fromBase58 = function(string) {
12911 return HDNode.fromBuffer(base58check.decode(string))
12914HDNode.fromBuffer = function(buffer) {
12915 assert.strictEqual(buffer.length, HDNode.LENGTH, 'Invalid buffer length')
12917 // 4 byte: version bytes
12918 var version = buffer.readUInt32BE(0)
12919 var params = findBIP32ParamsByVersion(version)
12921 // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ...
12922 var depth = buffer.readUInt8(4)
12924 // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
12925 var parentFingerprint = buffer.readUInt32BE(5)
12926 if (depth === 0) {
12927 assert.strictEqual(parentFingerprint, 0x00000000, 'Invalid parent fingerprint')
12928 }
12930 // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
12931 // This is encoded in MSB order. (0x00000000 if master key)
12932 var index = buffer.readUInt32BE(9)
12933 assert(depth > 0 || index === 0, 'Invalid index')
12935 // 32 bytes: the chain code
12936 var chainCode = buffer.slice(13, 45)
12937 var hd
12939 // 33 bytes: private key data (0x00 + k)
12940 if (params.isPrivate) {
12941 assert.strictEqual(buffer.readUInt8(45), 0x00, 'Invalid private key')
12942 var data = buffer.slice(46, 78)
12943 var d = BigInteger.fromBuffer(data)
12944 hd = new HDNode(d, chainCode, params.network)
12946 // 33 bytes: public key data (0x02 + X or 0x03 + X)
12947 } else {
12948 var data = buffer.slice(45, 78)
12949 var Q = ecurve.Point.decodeFrom(curve, data)
12950 assert.equal(Q.compressed, true, 'Invalid public key')
12952 // Verify that the X coordinate in the public point corresponds to a point on the curve.
12953 // If not, the extended public key is invalid.
12954 curve.validate(Q)
12956 hd = new HDNode(Q, chainCode, params.network)
12957 }
12959 hd.depth = depth
12960 hd.index = index
12961 hd.parentFingerprint = parentFingerprint
12963 return hd
12966HDNode.fromHex = function(hex) {
12967 return HDNode.fromBuffer(new Buffer(hex, 'hex'))
12970HDNode.prototype.getIdentifier = function() {
12971 return crypto.hash160(this.pubKey.toBuffer())
12974HDNode.prototype.getFingerprint = function() {
12975 return this.getIdentifier().slice(0, 4)
12978HDNode.prototype.getAddress = function() {
12979 return this.pubKey.getAddress(this.network)
12982HDNode.prototype.toBase58 = function(isPrivate) {
12983 return base58check.encode(this.toBuffer(isPrivate))
12986HDNode.prototype.toBuffer = function(isPrivate) {
12987 if (isPrivate == undefined) isPrivate = !!this.privKey
12989 // Version
12990 var version = isPrivate ? this.network.bip32.private : this.network.bip32.public
12991 var buffer = new Buffer(HDNode.LENGTH)
12993 // 4 bytes: version bytes
12994 buffer.writeUInt32BE(version, 0)
12996 // Depth
12997 // 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, ....
12998 buffer.writeUInt8(this.depth, 4)
13000 // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
13001 var fingerprint = (this.depth === 0) ? 0x00000000 : this.parentFingerprint
13002 buffer.writeUInt32BE(fingerprint, 5)
13004 // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
13005 // This is encoded in Big endian. (0x00000000 if master key)
13006 buffer.writeUInt32BE(this.index, 9)
13008 // 32 bytes: the chain code
13009 this.chainCode.copy(buffer, 13)
13011 // 33 bytes: the public key or private key data
13012 if (isPrivate) {
13013 assert(this.privKey, 'Missing private key')
13015 // 0x00 + k for private keys
13016 buffer.writeUInt8(0, 45)
13017 this.privKey.d.toBuffer(32).copy(buffer, 46)
13018 } else {
13020 // X9.62 encoding for public keys
13021 this.pubKey.toBuffer().copy(buffer, 45)
13022 }
13024 return buffer
13027HDNode.prototype.toHex = function(isPrivate) {
13028 return this.toBuffer(isPrivate).toString('hex')
13031// https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#child-key-derivation-ckd-functions
13032HDNode.prototype.derive = function(index) {
13033 var isHardened = index >= HDNode.HIGHEST_BIT
13034 var indexBuffer = new Buffer(4)
13035 indexBuffer.writeUInt32BE(index, 0)
13037 var data
13039 // Hardened child
13040 if (isHardened) {
13041 assert(this.privKey, 'Could not derive hardened child key')
13043 // data = 0x00 || ser256(kpar) || ser32(index)
13044 data = Buffer.concat([
13045 this.privKey.d.toBuffer(33),
13046 indexBuffer
13047 ])
13049 // Normal child
13050 } else {
13051 // data = serP(point(kpar)) || ser32(index)
13052 // = serP(Kpar) || ser32(index)
13053 data = Buffer.concat([
13054 this.pubKey.toBuffer(),
13055 indexBuffer
13056 ])
13057 }
13059 var I = crypto.HmacSHA512(data, this.chainCode)
13060 var IL = I.slice(0, 32)
13061 var IR = I.slice(32)
13063 var pIL = BigInteger.fromBuffer(IL)
13065 // In case parse256(IL) >= n, proceed with the next value for i
13066 if (pIL.compareTo(curve.n) >= 0) {
13067 return this.derive(index + 1)
13068 }
13070 // Private parent key -> private child key
13071 var hd
13072 if (this.privKey) {
13073 // ki = parse256(IL) + kpar (mod n)
13074 var ki = pIL.add(this.privKey.d).mod(curve.n)
13076 // In case ki == 0, proceed with the next value for i
13077 if (ki.signum() === 0) {
13078 return this.derive(index + 1)
13079 }
13081 hd = new HDNode(ki, IR, this.network)
13083 // Public parent key -> public child key
13084 } else {
13085 // Ki = point(parse256(IL)) + Kpar
13086 // = G*IL + Kpar
13087 var Ki = curve.G.multiply(pIL).add(this.pubKey.Q)
13089 // In case Ki is the point at infinity, proceed with the next value for i
13090 if (curve.isInfinity(Ki)) {
13091 return this.derive(index + 1)
13092 }
13094 hd = new HDNode(Ki, IR, this.network)
13095 }
13097 hd.depth = this.depth + 1
13098 hd.index = index
13099 hd.parentFingerprint = this.getFingerprint().readUInt32BE(0)
13101 return hd
13104HDNode.prototype.deriveHardened = function(index) {
13105 // Only derives hardened private keys by default
13106 return this.derive(index + HDNode.HIGHEST_BIT)
13109HDNode.prototype.toString = HDNode.prototype.toBase58
13111module.exports = HDNode
13115module.exports = {
13116 Address: _dereq_('./address'),
13117 base58check: _dereq_('./base58check'),
13118 bufferutils: _dereq_('./bufferutils'),
13119 convert: _dereq_('./convert'),
13120 crypto: _dereq_('./crypto'),
13121 ecdsa: _dereq_('./ecdsa'),
13122 ECKey: _dereq_('./eckey'),
13123 ECPubKey: _dereq_('./ecpubkey'),
13124 ECSignature: _dereq_('./ecsignature'),
13125 Message: _dereq_('./message'),
13126 opcodes: _dereq_('./opcodes'),
13127 HDNode: _dereq_('./hdnode'),
13128 Script: _dereq_('./script'),
13129 scripts: _dereq_('./scripts'),
13130 Transaction: _dereq_('./transaction'),
13131 networks: _dereq_('./networks'),
13132 Wallet: _dereq_('./wallet')
13136(function (Buffer){
13137/// Implements Bitcoin's feature for signing arbitrary messages.
13138var Address = _dereq_('./address')
13139var BigInteger = _dereq_('bigi')
13140var bufferutils = _dereq_('./bufferutils')
13141var crypto = _dereq_('./crypto')
13142var ecdsa = _dereq_('./ecdsa')
13143var networks = _dereq_('./networks')
13145var Address = _dereq_('./address')
13146var ECPubKey = _dereq_('./ecpubkey')
13147var ECSignature = _dereq_('./ecsignature')
13149var ecurve = _dereq_('ecurve')
13150var ecparams = ecurve.getCurveByName('secp256k1')
13152function magicHash(message, network) {
13153 var magicPrefix = new Buffer(network.magicPrefix)
13154 var messageBuffer = new Buffer(message)
13155 var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length))
13156 bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0)
13158 var buffer = Buffer.concat([magicPrefix, lengthBuffer, messageBuffer])
13159 return crypto.hash256(buffer)
13162function sign(privKey, message, network) {
13163 network = network || networks.bitcoin
13165 var hash = magicHash(message, network)
13166 var signature = privKey.sign(hash)
13167 var e = BigInteger.fromBuffer(hash)
13168 var i = ecdsa.calcPubKeyRecoveryParam(ecparams, e, signature, privKey.pub.Q)
13170 return signature.toCompact(i, privKey.pub.compressed)
13173// TODO: network could be implied from address
13174function verify(address, signatureBuffer, message, network) {
13175 if (address instanceof Address) {
13176 address = address.toString()
13177 }
13178 network = network || networks.bitcoin
13180 var hash = magicHash(message, network)
13181 var parsed = ECSignature.parseCompact(signatureBuffer)
13182 var e = BigInteger.fromBuffer(hash)
13183 var Q = ecdsa.recoverPubKey(ecparams, e, parsed.signature, parsed.i)
13185 var pubKey = new ECPubKey(Q, parsed.compressed)
13186 return pubKey.getAddress(network).toString() === address
13189module.exports = {
13190 magicHash: magicHash,
13191 sign: sign,
13192 verify: verify
13197// https://en.bitcoin.it/wiki/List_of_address_prefixes
13198// Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
13200var networks = {
13201 bitcoin: {
13202 magicPrefix: '\x18Bitcoin Signed Message:\n',
13203 bip32: {
13204 public: 0x0488b21e,
13205 private: 0x0488ade4
13206 },
13207 pubKeyHash: 0x00,
13208 scriptHash: 0x05,
13209 wif: 0x80,
13210 dustThreshold: 546, // https://github.com/bitcoin/bitcoin/blob/v0.9.2/src/core.h#L151-L162
13211 feePerKb: 10000, // https://github.com/bitcoin/bitcoin/blob/v0.9.2/src/main.cpp#L53
13212 estimateFee: estimateFee('bitcoin')
13213 },
13214 dogecoin: {
13215 magicPrefix: '\x19Dogecoin Signed Message:\n',
13216 bip32: {
13217 public: 0x02facafd,
13218 private: 0x02fac398
13219 },
13220 pubKeyHash: 0x1e,
13221 scriptHash: 0x16,
13222 wif: 0x9e,
13223 dustThreshold: 0, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/core.h#L155-L160
13224 dustSoftThreshold: 100000000, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/main.h#L62
13225 feePerKb: 100000000, // https://github.com/dogecoin/dogecoin/blob/v1.7.1/src/main.cpp#L58
13226 estimateFee: estimateFee('dogecoin')
13227 },
13228 litecoin: {
13229 magicPrefix: '\x19Litecoin Signed Message:\n',
13230 bip32: {
13231 public: 0x019da462,
13232 private: 0x019d9cfe
13233 },
13234 pubKeyHash: 0x30,
13235 scriptHash: 0x05,
13236 wif: 0xb0,
13237 dustThreshold: 0, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.cpp#L360-L365
13238 dustSoftThreshold: 100000, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.h#L53
13239 feePerKb: 100000, // https://github.com/litecoin-project/litecoin/blob/v0.8.7.2/src/main.cpp#L56
13240 estimateFee: estimateFee('litecoin')
13241 },
13242 testnet: {
13243 magicPrefix: '\x18Bitcoin Signed Message:\n',
13244 bip32: {
13245 public: 0x043587cf,
13246 private: 0x04358394
13247 },
13248 pubKeyHash: 0x6f,
13249 scriptHash: 0xc4,
13250 wif: 0xef,
13251 dustThreshold: 546,
13252 feePerKb: 10000,
13253 estimateFee: estimateFee('testnet')
13254 }
13257function estimateFee(type) {
13258 return function(tx) {
13259 var network = networks[type]
13260 var baseFee = network.feePerKb
13261 var byteSize = tx.toBuffer().length
13263 var fee = baseFee * Math.ceil(byteSize / 1000)
13264 if (network.dustSoftThreshold == undefined) return fee
13266 tx.outs.forEach(function(e){
13267 if (e.value < network.dustSoftThreshold) {
13268 fee += baseFee
13269 }
13270 })
13272 return fee
13273 }
13276module.exports = networks
13279module.exports = {
13280 // push value
13281 OP_FALSE : 0,
13282 OP_0 : 0,
13283 OP_PUSHDATA1 : 76,
13284 OP_PUSHDATA2 : 77,
13285 OP_PUSHDATA4 : 78,
13286 OP_1NEGATE : 79,
13287 OP_RESERVED : 80,
13288 OP_1 : 81,
13289 OP_TRUE : 81,
13290 OP_2 : 82,
13291 OP_3 : 83,
13292 OP_4 : 84,
13293 OP_5 : 85,
13294 OP_6 : 86,
13295 OP_7 : 87,
13296 OP_8 : 88,
13297 OP_9 : 89,
13298 OP_10 : 90,
13299 OP_11 : 91,
13300 OP_12 : 92,
13301 OP_13 : 93,
13302 OP_14 : 94,
13303 OP_15 : 95,
13304 OP_16 : 96,
13306 // control
13307 OP_NOP : 97,
13308 OP_VER : 98,
13309 OP_IF : 99,
13310 OP_NOTIF : 100,
13311 OP_VERIF : 101,
13312 OP_VERNOTIF : 102,
13313 OP_ELSE : 103,
13314 OP_ENDIF : 104,
13315 OP_VERIFY : 105,
13316 OP_RETURN : 106,
13318 // stack ops
13319 OP_TOALTSTACK : 107,
13320 OP_FROMALTSTACK : 108,
13321 OP_2DROP : 109,
13322 OP_2DUP : 110,
13323 OP_3DUP : 111,
13324 OP_2OVER : 112,
13325 OP_2ROT : 113,
13326 OP_2SWAP : 114,
13327 OP_IFDUP : 115,
13328 OP_DEPTH : 116,
13329 OP_DROP : 117,
13330 OP_DUP : 118,
13331 OP_NIP : 119,
13332 OP_OVER : 120,
13333 OP_PICK : 121,
13334 OP_ROLL : 122,
13335 OP_ROT : 123,
13336 OP_SWAP : 124,
13337 OP_TUCK : 125,
13339 // splice ops
13340 OP_CAT : 126,
13341 OP_SUBSTR : 127,
13342 OP_LEFT : 128,
13343 OP_RIGHT : 129,
13344 OP_SIZE : 130,
13346 // bit logic
13347 OP_INVERT : 131,
13348 OP_AND : 132,
13349 OP_OR : 133,
13350 OP_XOR : 134,
13351 OP_EQUAL : 135,
13352 OP_EQUALVERIFY : 136,
13353 OP_RESERVED1 : 137,
13354 OP_RESERVED2 : 138,
13356 // numeric
13357 OP_1ADD : 139,
13358 OP_1SUB : 140,
13359 OP_2MUL : 141,
13360 OP_2DIV : 142,
13361 OP_NEGATE : 143,
13362 OP_ABS : 144,
13363 OP_NOT : 145,
13364 OP_0NOTEQUAL : 146,
13366 OP_ADD : 147,
13367 OP_SUB : 148,
13368 OP_MUL : 149,
13369 OP_DIV : 150,
13370 OP_MOD : 151,
13371 OP_LSHIFT : 152,
13372 OP_RSHIFT : 153,
13374 OP_BOOLAND : 154,
13375 OP_BOOLOR : 155,
13376 OP_NUMEQUAL : 156,
13378 OP_NUMNOTEQUAL : 158,
13379 OP_LESSTHAN : 159,
13380 OP_GREATERTHAN : 160,
13383 OP_MIN : 163,
13384 OP_MAX : 164,
13386 OP_WITHIN : 165,
13388 // crypto
13389 OP_RIPEMD160 : 166,
13390 OP_SHA1 : 167,
13391 OP_SHA256 : 168,
13392 OP_HASH160 : 169,
13393 OP_HASH256 : 170,
13395 OP_CHECKSIG : 172,
13400 // expansion
13401 OP_NOP1 : 176,
13402 OP_NOP2 : 177,
13403 OP_NOP3 : 178,
13404 OP_NOP4 : 179,
13405 OP_NOP5 : 180,
13406 OP_NOP6 : 181,
13407 OP_NOP7 : 182,
13408 OP_NOP8 : 183,
13409 OP_NOP9 : 184,
13410 OP_NOP10 : 185,
13412 // template matching params
13413 OP_PUBKEYHASH : 253,
13414 OP_PUBKEY : 254,
13419(function (Buffer){
13420var assert = _dereq_('assert')
13421var bufferutils = _dereq_('./bufferutils')
13422var crypto = _dereq_('./crypto')
13423var opcodes = _dereq_('./opcodes')
13425function Script(buffer, chunks) {
13426 assert(Buffer.isBuffer(buffer), 'Expected Buffer, got ' + buffer)
13427 assert(Array.isArray(chunks), 'Expected Array, got ' + chunks)
13429 this.buffer = buffer
13430 this.chunks = chunks
13433// Import operations
13434Script.fromASM = function(asm) {
13435 var strChunks = asm.split(' ')
13437 var chunks = strChunks.map(function(strChunk) {
13438 if (strChunk in opcodes) {
13439 return opcodes[strChunk]
13441 } else {
13442 return new Buffer(strChunk, 'hex')
13443 }
13444 })
13446 return Script.fromChunks(chunks)
13449Script.fromBuffer = function(buffer) {
13450 var chunks = []
13452 var i = 0
13454 while (i < buffer.length) {
13455 var opcode = buffer.readUInt8(i)
13457 if ((opcode > opcodes.OP_0) && (opcode <= opcodes.OP_PUSHDATA4)) {
13458 var d = bufferutils.readPushDataInt(buffer, i)
13459 i += d.size
13461 var data = buffer.slice(i, i + d.number)
13462 i += d.number
13464 chunks.push(data)
13466 } else {
13467 chunks.push(opcode)
13469 i += 1
13470 }
13471 }
13473 return new Script(buffer, chunks)
13476Script.fromChunks = function(chunks) {
13477 assert(Array.isArray(chunks), 'Expected Array, got ' + chunks)
13479 var bufferSize = chunks.reduce(function(accum, chunk) {
13480 if (Buffer.isBuffer(chunk)) {
13481 return accum + bufferutils.pushDataSize(chunk.length) + chunk.length
13482 }
13484 return accum + 1
13485 }, 0.0)
13487 var buffer = new Buffer(bufferSize)
13488 var offset = 0
13490 chunks.forEach(function(chunk) {
13491 if (Buffer.isBuffer(chunk)) {
13492 offset += bufferutils.writePushDataInt(buffer, chunk.length, offset)
13494 chunk.copy(buffer, offset)
13495 offset += chunk.length
13497 } else {
13498 buffer.writeUInt8(chunk, offset)
13499 offset += 1
13500 }
13501 })
13503 assert.equal(offset, buffer.length, 'Could not decode chunks')
13504 return new Script(buffer, chunks)
13507Script.fromHex = function(hex) {
13508 return Script.fromBuffer(new Buffer(hex, 'hex'))
13511// Constants
13512Script.EMPTY = Script.fromChunks([])
13514// Operations
13515Script.prototype.getHash = function() {
13516 return crypto.hash160(this.buffer)
13519// FIXME: doesn't work for data chunks, maybe time to use buffertools.compare...
13520Script.prototype.without = function(needle) {
13521 return Script.fromChunks(this.chunks.filter(function(op) {
13522 return op !== needle
13523 }))
13526// Export operations
13527var reverseOps = []
13528for (var op in opcodes) {
13529 var code = opcodes[op]
13530 reverseOps[code] = op
13533Script.prototype.toASM = function() {
13534 return this.chunks.map(function(chunk) {
13535 if (Buffer.isBuffer(chunk)) {
13536 return chunk.toString('hex')
13538 } else {
13539 return reverseOps[chunk]
13540 }
13541 }).join(' ')
13544Script.prototype.toBuffer = function() {
13545 return this.buffer
13548Script.prototype.toHex = function() {
13549 return this.toBuffer().toString('hex')
13552module.exports = Script
13556(function (Buffer){
13557var assert = _dereq_('assert')
13558var opcodes = _dereq_('./opcodes')
13560// FIXME: use ECPubKey, currently the circular dependency breaks everything.
13562// Solutions:
13563// * Remove ECPubKey.getAddress
13564// - Minimal change, but likely unpopular
13565// * Move all script related functionality out of Address
13566// - Means a lot of changes to Transaction/Wallet
13567// * Ignore it (existing solution)
13568// * Some form of hackery with commonjs
13570var ecurve = _dereq_('ecurve')
13571var curve = ecurve.getCurveByName('secp256k1')
13573var ECSignature = _dereq_('./ecsignature')
13574var Script = _dereq_('./script')
13576function classifyOutput(script) {
13577 assert(script instanceof Script, 'Expected Script, got ', script)
13579 if (isPubKeyHashOutput.call(script)) {
13580 return 'pubkeyhash'
13581 } else if (isScriptHashOutput.call(script)) {
13582 return 'scripthash'
13583 } else if (isMultisigOutput.call(script)) {
13584 return 'multisig'
13585 } else if (isPubKeyOutput.call(script)) {
13586 return 'pubkey'
13587 } else if (isNulldataOutput.call(script)) {
13588 return 'nulldata'
13589 } else {
13590 return 'nonstandard'
13591 }
13594function classifyInput(script) {
13595 assert(script instanceof Script, 'Expected Script, got ', script)
13597 if (isPubKeyHashInput.call(script)) {
13598 return 'pubkeyhash'
13599 } else if (isScriptHashInput.call(script)) {
13600 return 'scripthash'
13601 } else if (isMultisigInput.call(script)) {
13602 return 'multisig'
13603 } else if (isPubKeyInput.call(script)) {
13604 return 'pubkey'
13605 } else {
13606 return 'nonstandard'
13607 }
13610function isCanonicalPubKey(buffer) {
13611 if (!Buffer.isBuffer(buffer)) return false
13613 try {
13614 // FIXME: boo
13615 ecurve.Point.decodeFrom(curve, buffer)
13616 } catch (e) {
13617 if (!(e.message.match(/Invalid sequence (length|tag)/))) throw e
13619 return false
13620 }
13622 return true
13625function isCanonicalSignature(buffer) {
13626 if (!Buffer.isBuffer(buffer)) return false
13628 try {
13629 ECSignature.parseScriptSignature(buffer)
13630 } catch(e) {
13631 if (!(e.message.match(/Not a DER sequence|Invalid sequence length|Expected a DER integer|R length is zero|S length is zero|R value excessively padded|S value excessively padded|R value is negative|S value is negative|Invalid hashType/))) throw e
13633 return false
13634 }
13636 return true
13639function isPubKeyHashInput() {
13640 return this.chunks.length === 2 &&
13641 isCanonicalSignature(this.chunks[0]) &&
13642 isCanonicalPubKey(this.chunks[1])
13645function isPubKeyHashOutput() {
13646 return this.chunks.length === 5 &&
13647 this.chunks[0] === opcodes.OP_DUP &&
13648 this.chunks[1] === opcodes.OP_HASH160 &&
13649 Buffer.isBuffer(this.chunks[2]) &&
13650 this.chunks[2].length === 20 &&
13651 this.chunks[3] === opcodes.OP_EQUALVERIFY &&
13652 this.chunks[4] === opcodes.OP_CHECKSIG
13655function isPubKeyInput() {
13656 return this.chunks.length === 1 &&
13657 isCanonicalSignature(this.chunks[0])
13660function isPubKeyOutput() {
13661 return this.chunks.length === 2 &&
13662 isCanonicalPubKey(this.chunks[0]) &&
13663 this.chunks[1] === opcodes.OP_CHECKSIG
13666function isScriptHashInput() {
13667 if (this.chunks.length < 2) return false
13668 var lastChunk = this.chunks[this.chunks.length - 1]
13670 if (!Buffer.isBuffer(lastChunk)) return false
13672 var scriptSig = Script.fromChunks(this.chunks.slice(0, -1))
13673 var scriptPubKey = Script.fromBuffer(lastChunk)
13675 return classifyInput(scriptSig) === classifyOutput(scriptPubKey)
13678function isScriptHashOutput() {
13679 return this.chunks.length === 3 &&
13680 this.chunks[0] === opcodes.OP_HASH160 &&
13681 Buffer.isBuffer(this.chunks[1]) &&
13682 this.chunks[1].length === 20 &&
13683 this.chunks[2] === opcodes.OP_EQUAL
13686function isMultisigInput() {
13687 return this.chunks[0] === opcodes.OP_0 &&
13688 this.chunks.slice(1).every(isCanonicalSignature)
13691function isMultisigOutput() {
13692 if (this.chunks < 4) return false
13693 if (this.chunks[this.chunks.length - 1] !== opcodes.OP_CHECKMULTISIG) return false
13695 var mOp = this.chunks[0]
13696 if (mOp === opcodes.OP_0) return false
13697 if (mOp < opcodes.OP_1) return false
13698 if (mOp > opcodes.OP_16) return false
13700 var nOp = this.chunks[this.chunks.length - 2]
13701 if (nOp === opcodes.OP_0) return false
13702 if (nOp < opcodes.OP_1) return false
13703 if (nOp > opcodes.OP_16) return false
13705 var m = mOp - (opcodes.OP_1 - 1)
13706 var n = nOp - (opcodes.OP_1 - 1)
13707 if (n < m) return false
13709 var pubKeys = this.chunks.slice(1, -2)
13710 if (n < pubKeys.length) return false
13712 return pubKeys.every(isCanonicalPubKey)
13715function isNulldataOutput() {
13716 return this.chunks[0] === opcodes.OP_RETURN
13719// Standard Script Templates
13720// {pubKey} OP_CHECKSIG
13721function pubKeyOutput(pubKey) {
13722 return Script.fromChunks([
13723 pubKey.toBuffer(),
13724 opcodes.OP_CHECKSIG
13725 ])
13729function pubKeyHashOutput(hash) {
13730 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
13732 return Script.fromChunks([
13733 opcodes.OP_DUP,
13734 opcodes.OP_HASH160,
13735 hash,
13736 opcodes.OP_EQUALVERIFY,
13737 opcodes.OP_CHECKSIG
13738 ])
13741// OP_HASH160 {scriptHash} OP_EQUAL
13742function scriptHashOutput(hash) {
13743 assert(Buffer.isBuffer(hash), 'Expected Buffer, got ' + hash)
13745 return Script.fromChunks([
13746 opcodes.OP_HASH160,
13747 hash,
13748 opcodes.OP_EQUAL
13749 ])
13752// m [pubKeys ...] n OP_CHECKMULTISIG
13753function multisigOutput(m, pubKeys) {
13754 assert(Array.isArray(pubKeys), 'Expected Array, got ' + pubKeys)
13755 assert(pubKeys.length >= m, 'Not enough pubKeys provided')
13757 var pubKeyBuffers = pubKeys.map(function(pubKey) {
13758 return pubKey.toBuffer()
13759 })
13760 var n = pubKeys.length
13762 return Script.fromChunks([].concat(
13763 (opcodes.OP_1 - 1) + m,
13764 pubKeyBuffers,
13765 (opcodes.OP_1 - 1) + n,
13766 opcodes.OP_CHECKMULTISIG
13767 ))
13770// {signature}
13771function pubKeyInput(signature) {
13772 assert(Buffer.isBuffer(signature), 'Expected Buffer, got ' + signature)
13774 return Script.fromChunks([signature])
13777// {signature} {pubKey}
13778function pubKeyHashInput(signature, pubKey) {
13779 assert(Buffer.isBuffer(signature), 'Expected Buffer, got ' + signature)
13781 return Script.fromChunks([signature, pubKey.toBuffer()])
13784// <scriptSig> {serialized scriptPubKey script}
13785function scriptHashInput(scriptSig, scriptPubKey) {
13786 return Script.fromChunks([].concat(
13787 scriptSig.chunks,
13788 scriptPubKey.toBuffer()
13789 ))
13792// OP_0 [signatures ...]
13793function multisigInput(signatures, scriptPubKey) {
13794 if (scriptPubKey) {
13795 assert(isMultisigOutput.call(scriptPubKey))
13797 var m = scriptPubKey.chunks[0]
13798 var k = m - (opcodes.OP_1 - 1)
13799 assert(k <= signatures.length, 'Not enough signatures provided')
13800 }
13802 return Script.fromChunks([].concat(opcodes.OP_0, signatures))
13805module.exports = {
13806 classifyInput: classifyInput,
13807 classifyOutput: classifyOutput,
13808 multisigInput: multisigInput,
13809 multisigOutput: multisigOutput,
13810 pubKeyHashInput: pubKeyHashInput,
13811 pubKeyHashOutput: pubKeyHashOutput,
13812 pubKeyInput: pubKeyInput,
13813 pubKeyOutput: pubKeyOutput,
13814 scriptHashInput: scriptHashInput,
13815 scriptHashOutput: scriptHashOutput
13820(function (Buffer){
13821var assert = _dereq_('assert')
13822var bufferutils = _dereq_('./bufferutils')
13823var crypto = _dereq_('./crypto')
13824var opcodes = _dereq_('./opcodes')
13825var scripts = _dereq_('./scripts')
13827var Address = _dereq_('./address')
13828var ECKey = _dereq_('./eckey')
13829var ECSignature = _dereq_('./ecsignature')
13830var Script = _dereq_('./script')
13832Transaction.DEFAULT_SEQUENCE = 0xffffffff
13833Transaction.SIGHASH_ALL = 0x01
13834Transaction.SIGHASH_NONE = 0x02
13835Transaction.SIGHASH_SINGLE = 0x03
13836Transaction.SIGHASH_ANYONECANPAY = 0x80
13838function Transaction() {
13839 this.version = 1
13840 this.locktime = 0
13841 this.ins = []
13842 this.outs = []
13846 * Create a new txin.
13847 *
13848 * Can be called with any of:
13849 *
13850 * - A transaction and an index
13851 * - A transaction hash and an index
13852 *
13853 * Note that this method does not sign the created input.
13854 */
13855Transaction.prototype.addInput = function(tx, index, sequence) {
13856 if (sequence == undefined) sequence = Transaction.DEFAULT_SEQUENCE
13858 var hash
13860 if (typeof tx === 'string') {
13861 hash = new Buffer(tx, 'hex')
13863 // TxId hex is big-endian, we need little-endian
13864 Array.prototype.reverse.call(hash)
13866 } else if (tx instanceof Transaction) {
13867 hash = tx.getHash()
13869 } else {
13870 hash = tx
13871 }
13873 assert(Buffer.isBuffer(hash), 'Expected Transaction, txId or txHash, got ' + tx)
13874 assert.equal(hash.length, 32, 'Expected hash length of 32, got ' + hash.length)
13875 assert.equal(typeof index, 'number', 'Expected number index, got ' + index)
13877 return (this.ins.push({
13878 hash: hash,
13879 index: index,
13880 script: Script.EMPTY,
13881 sequence: sequence
13882 }) - 1)
13886 * Create a new txout.
13887 *
13888 * Can be called with:
13889 *
13890 * - A base58 address string and a value
13891 * - An Address object and a value
13892 * - A scriptPubKey Script and a value
13893 */
13894Transaction.prototype.addOutput = function(scriptPubKey, value) {
13895 // Attempt to get a valid address if it's a base58 address string
13896 if (typeof scriptPubKey === 'string') {
13897 scriptPubKey = Address.fromBase58Check(scriptPubKey)
13898 }
13900 // Attempt to get a valid script if it's an Address object
13901 if (scriptPubKey instanceof Address) {
13902 var address = scriptPubKey
13904 scriptPubKey = address.toOutputScript()
13905 }
13907 return (this.outs.push({
13908 script: scriptPubKey,
13909 value: value,
13910 }) - 1)
13913Transaction.prototype.toBuffer = function () {
13914 var txInSize = this.ins.reduce(function(a, x) {
13915 return a + (40 + bufferutils.varIntSize(x.script.buffer.length) + x.script.buffer.length)
13916 }, 0)
13918 var txOutSize = this.outs.reduce(function(a, x) {
13919 return a + (8 + bufferutils.varIntSize(x.script.buffer.length) + x.script.buffer.length)
13920 }, 0)
13922 var buffer = new Buffer(
13923 8 +
13924 bufferutils.varIntSize(this.ins.length) +
13925 bufferutils.varIntSize(this.outs.length) +
13926 txInSize +
13927 txOutSize
13928 )
13930 var offset = 0
13931 function writeSlice(slice) {
13932 slice.copy(buffer, offset)
13933 offset += slice.length
13934 }
13935 function writeUInt32(i) {
13936 buffer.writeUInt32LE(i, offset)
13937 offset += 4
13938 }
13939 function writeUInt64(i) {
13940 bufferutils.writeUInt64LE(buffer, i, offset)
13941 offset += 8
13942 }
13943 function writeVarInt(i) {
13944 var n = bufferutils.writeVarInt(buffer, i, offset)
13945 offset += n
13946 }
13948 writeUInt32(this.version)
13949 writeVarInt(this.ins.length)
13951 this.ins.forEach(function(txin) {
13952 writeSlice(txin.hash)
13953 writeUInt32(txin.index)
13954 writeVarInt(txin.script.buffer.length)
13955 writeSlice(txin.script.buffer)
13956 writeUInt32(txin.sequence)
13957 })
13959 writeVarInt(this.outs.length)
13960 this.outs.forEach(function(txout) {
13961 writeUInt64(txout.value)
13962 writeVarInt(txout.script.buffer.length)
13963 writeSlice(txout.script.buffer)
13964 })
13966 writeUInt32(this.locktime)
13968 return buffer
13971Transaction.prototype.toHex = function() {
13972 return this.toBuffer().toString('hex')
13976 * Hash transaction for signing a specific input.
13977 *
13978 * Bitcoin uses a different hash for each signed transaction input. This
13979 * method copies the transaction, makes the necessary changes based on the
13980 * hashType, serializes and finally hashes the result. This hash can then be
13981 * used to sign the transaction input in question.
13982 */
13983Transaction.prototype.hashForSignature = function(prevOutScript, inIndex, hashType) {
13984 assert(inIndex >= 0, 'Invalid vin index')
13985 assert(inIndex < this.ins.length, 'Invalid vin index')
13986 assert(prevOutScript instanceof Script, 'Invalid Script object')
13988 var txTmp = this.clone()
13989 var hashScript = prevOutScript.without(opcodes.OP_CODESEPARATOR)
13991 // Blank out other inputs' signatures
13992 txTmp.ins.forEach(function(txin) {
13993 txin.script = Script.EMPTY
13994 })
13995 txTmp.ins[inIndex].script = hashScript
13997 var hashTypeModifier = hashType & 0x1f
13998 if (hashTypeModifier === Transaction.SIGHASH_NONE) {
13999 assert(false, 'SIGHASH_NONE not yet supported')
14001 } else if (hashTypeModifier === Transaction.SIGHASH_SINGLE) {
14002 assert(false, 'SIGHASH_SINGLE not yet supported')
14004 }
14006 if (hashType & Transaction.SIGHASH_ANYONECANPAY) {
14007 assert(false, 'SIGHASH_ANYONECANPAY not yet supported')
14008 }
14010 var hashTypeBuffer = new Buffer(4)
14011 hashTypeBuffer.writeInt32LE(hashType, 0)
14013 var buffer = Buffer.concat([txTmp.toBuffer(), hashTypeBuffer])
14014 return crypto.hash256(buffer)
14017Transaction.prototype.getHash = function () {
14018 return crypto.hash256(this.toBuffer())
14021Transaction.prototype.getId = function () {
14022 var buffer = this.getHash()
14024 // Big-endian is used for TxHash
14025 Array.prototype.reverse.call(buffer)
14027 return buffer.toString('hex')
14030Transaction.prototype.clone = function () {
14031 var newTx = new Transaction()
14032 newTx.version = this.version
14033 newTx.locktime = this.locktime
14035 newTx.ins = this.ins.map(function(txin) {
14036 return {
14037 hash: txin.hash,
14038 index: txin.index,
14039 script: txin.script,
14040 sequence: txin.sequence
14041 }
14042 })
14044 newTx.outs = this.outs.map(function(txout) {
14045 return {
14046 script: txout.script,
14047 value: txout.value
14048 }
14049 })
14051 return newTx
14054Transaction.fromBuffer = function(buffer) {
14055 var offset = 0
14056 function readSlice(n) {
14057 offset += n
14058 return buffer.slice(offset - n, offset)
14059 }
14060 function readUInt32() {
14061 var i = buffer.readUInt32LE(offset)
14062 offset += 4
14063 return i
14064 }
14065 function readUInt64() {
14066 var i = bufferutils.readUInt64LE(buffer, offset)
14067 offset += 8
14068 return i
14069 }
14070 function readVarInt() {
14071 var vi = bufferutils.readVarInt(buffer, offset)
14072 offset += vi.size
14073 return vi.number
14074 }
14076 var tx = new Transaction()
14077 tx.version = readUInt32()
14079 var vinLen = readVarInt()
14080 for (var i = 0; i < vinLen; ++i) {
14081 var hash = readSlice(32)
14082 var vout = readUInt32()
14083 var scriptLen = readVarInt()
14084 var script = readSlice(scriptLen)
14085 var sequence = readUInt32()
14087 tx.ins.push({
14088 hash: hash,
14089 index: vout,
14090 script: Script.fromBuffer(script),
14091 sequence: sequence
14092 })
14093 }
14095 var voutLen = readVarInt()
14096 for (i = 0; i < voutLen; ++i) {
14097 var value = readUInt64()
14098 var scriptLen = readVarInt()
14099 var script = readSlice(scriptLen)
14101 tx.outs.push({
14102 value: value,
14103 script: Script.fromBuffer(script)
14104 })
14105 }
14107 tx.locktime = readUInt32()
14108 assert.equal(offset, buffer.length, 'Transaction has unexpected data')
14110 return tx
14113Transaction.fromHex = function(hex) {
14114 return Transaction.fromBuffer(new Buffer(hex, 'hex'))
14118 * Signs a pubKeyHash output at some index with the given key
14119 */
14120Transaction.prototype.sign = function(index, privKey, hashType) {
14121 var prevOutScript = privKey.pub.getAddress().toOutputScript()
14122 var signature = this.signInput(index, prevOutScript, privKey, hashType)
14124 // FIXME: Assumed prior TX was pay-to-pubkey-hash
14125 var scriptSig = scripts.pubKeyHashInput(signature, privKey.pub)
14126 this.setInputScript(index, scriptSig)
14129Transaction.prototype.signInput = function(index, prevOutScript, privKey, hashType) {
14130 hashType = hashType || Transaction.SIGHASH_ALL
14132 var hash = this.hashForSignature(prevOutScript, index, hashType)
14133 var signature = privKey.sign(hash)
14135 return signature.toScriptSignature(hashType)
14138Transaction.prototype.setInputScript = function(index, script) {
14139 this.ins[index].script = script
14142// FIXME: could be validateInput(index, prevTxOut, pub)
14143Transaction.prototype.validateInput = function(index, prevOutScript, pubKey, buffer) {
14144 var parsed = ECSignature.parseScriptSignature(buffer)
14145 var hash = this.hashForSignature(prevOutScript, index, parsed.hashType)
14147 return pubKey.verify(hash, parsed.signature)
14150module.exports = Transaction
14154(function (Buffer){
14155var assert = _dereq_('assert')
14156var networks = _dereq_('./networks')
14157var rng = _dereq_('secure-random')
14159var Address = _dereq_('./address')
14160var HDNode = _dereq_('./hdnode')
14161var Transaction = _dereq_('./transaction')
14163function Wallet(seed, network) {
14164 network = network || networks.bitcoin
14166 // Stored in a closure to make accidental serialization less likely
14167 var masterkey = null
14168 var me = this
14169 var accountZero = null
14170 var internalAccount = null
14171 var externalAccount = null
14173 // Addresses
14174 this.addresses = []
14175 this.changeAddresses = []
14177 // Transaction output data
14178 this.outputs = {}
14180 // Make a new master key
14181 this.newMasterKey = function(seed) {
14182 seed = seed || new Buffer(rng(32))
14183 masterkey = HDNode.fromSeedBuffer(seed, network)
14185 // HD first-level child derivation method should be hardened
14186 // See https://bitcointalk.org/index.php?topic=405179.msg4415254#msg4415254
14187 accountZero = masterkey.deriveHardened(0)
14188 externalAccount = accountZero.derive(0)
14189 internalAccount = accountZero.derive(1)
14191 me.addresses = []
14192 me.changeAddresses = []
14194 me.outputs = {}
14195 }
14197 this.newMasterKey(seed)
14199 this.generateAddress = function() {
14200 var key = externalAccount.derive(this.addresses.length)
14201 this.addresses.push(key.getAddress().toString())
14202 return this.addresses[this.addresses.length - 1]
14203 }
14205 this.generateChangeAddress = function() {
14206 var key = internalAccount.derive(this.changeAddresses.length)
14207 this.changeAddresses.push(key.getAddress().toString())
14208 return this.changeAddresses[this.changeAddresses.length - 1]
14209 }
14211 this.getBalance = function() {
14212 return this.getUnspentOutputs().reduce(function(memo, output){
14213 return memo + output.value
14214 }, 0)
14215 }
14217 this.getUnspentOutputs = function() {
14218 var utxo = []
14220 for(var key in this.outputs){
14221 var output = this.outputs[key]
14222 if(!output.to) utxo.push(outputToUnspentOutput(output))
14223 }
14225 return utxo
14226 }
14228 this.setUnspentOutputs = function(utxo) {
14229 var outputs = {}
14231 utxo.forEach(function(uo){
14232 validateUnspentOutput(uo)
14233 var o = unspentOutputToOutput(uo)
14234 outputs[o.from] = o
14235 })
14237 this.outputs = outputs
14238 }
14240 function outputToUnspentOutput(output){
14241 var hashAndIndex = output.from.split(":")
14243 return {
14244 hash: hashAndIndex[0],
14245 outputIndex: parseInt(hashAndIndex[1]),
14246 address: output.address,
14247 value: output.value,
14248 pending: output.pending
14249 }
14250 }
14252 function unspentOutputToOutput(o) {
14253 var hash = o.hash
14254 var key = hash + ":" + o.outputIndex
14255 return {
14256 from: key,
14257 address: o.address,
14258 value: o.value,
14259 pending: o.pending
14260 }
14261 }
14263 function validateUnspentOutput(uo) {
14264 var missingField
14266 if (isNullOrUndefined(uo.hash)) {
14267 missingField = "hash"
14268 }
14270 var requiredKeys = ['outputIndex', 'address', 'value']
14271 requiredKeys.forEach(function (key) {
14272 if (isNullOrUndefined(uo[key])){
14273 missingField = key
14274 }
14275 })
14277 if (missingField) {
14278 var message = [
14279 'Invalid unspent output: key', missingField, 'is missing.',
14280 'A valid unspent output must contain'
14281 ]
14282 message.push(requiredKeys.join(', '))
14283 message.push("and hash")
14284 throw new Error(message.join(' '))
14285 }
14286 }
14288 function isNullOrUndefined(value) {
14289 return value == undefined
14290 }
14292 this.processPendingTx = function(tx){
14293 processTx(tx, true)
14294 }
14296 this.processConfirmedTx = function(tx){
14297 processTx(tx, false)
14298 }
14300 function processTx(tx, isPending) {
14301 var txid = tx.getId()
14303 tx.outs.forEach(function(txOut, i) {
14304 var address
14306 try {
14307 address = Address.fromOutputScript(txOut.script, network).toString()
14308 } catch(e) {
14309 if (!(e.message.match(/has no matching Address/))) throw e
14310 }
14312 if (isMyAddress(address)) {
14313 var output = txid + ':' + i
14315 me.outputs[output] = {
14316 from: output,
14317 value: txOut.value,
14318 address: address,
14319 pending: isPending
14320 }
14321 }
14322 })
14324 tx.ins.forEach(function(txIn, i) {
14325 // copy and convert to big-endian hex
14326 var txinId = new Buffer(txIn.hash)
14327 Array.prototype.reverse.call(txinId)
14328 txinId = txinId.toString('hex')
14330 var output = txinId + ':' + txIn.index
14332 if (!(output in me.outputs)) return
14334 if (isPending) {
14335 me.outputs[output].to = txid + ':' + i
14336 me.outputs[output].pending = true
14337 } else {
14338 delete me.outputs[output]
14339 }
14340 })
14341 }
14343 this.createTx = function(to, value, fixedFee, changeAddress) {
14344 assert(value > network.dustThreshold, value + ' must be above dust threshold (' + network.dustThreshold + ' Satoshis)')
14346 var utxos = getCandidateOutputs(value)
14347 var accum = 0
14348 var subTotal = value
14349 var addresses = []
14351 var tx = new Transaction()
14352 tx.addOutput(to, value)
14354 for (var i = 0; i < utxos.length; ++i) {
14355 var utxo = utxos[i]
14356 addresses.push(utxo.address)
14358 var outpoint = utxo.from.split(':')
14359 tx.addInput(outpoint[0], parseInt(outpoint[1]))
14361 var fee = fixedFee == undefined ? estimateFeePadChangeOutput(tx) : fixedFee
14363 accum += utxo.value
14364 subTotal = value + fee
14365 if (accum >= subTotal) {
14366 var change = accum - subTotal
14368 if (change > network.dustThreshold) {
14369 tx.addOutput(changeAddress || getChangeAddress(), change)
14370 }
14372 break
14373 }
14374 }
14376 assert(accum >= subTotal, 'Not enough funds (incl. fee): ' + accum + ' < ' + subTotal)
14378 this.signWith(tx, addresses)
14379 return tx
14380 }
14382 function getCandidateOutputs() {
14383 var unspent = []
14385 for (var key in me.outputs) {
14386 var output = me.outputs[key]
14387 if (!output.pending) unspent.push(output)
14388 }
14390 var sortByValueDesc = unspent.sort(function(o1, o2){
14391 return o2.value - o1.value
14392 })
14394 return sortByValueDesc
14395 }
14397 function estimateFeePadChangeOutput(tx) {
14398 var tmpTx = tx.clone()
14399 tmpTx.addOutput(getChangeAddress(), network.dustSoftThreshold || 0)
14401 return network.estimateFee(tmpTx)
14402 }
14404 function getChangeAddress() {
14405 if(me.changeAddresses.length === 0) me.generateChangeAddress();
14406 return me.changeAddresses[me.changeAddresses.length - 1]
14407 }
14409 this.signWith = function(tx, addresses) {
14410 assert.equal(tx.ins.length, addresses.length, 'Number of addresses must match number of transaction inputs')
14412 addresses.forEach(function(address, i) {
14413 var key = me.getPrivateKeyForAddress(address)
14415 tx.sign(i, key)
14416 })
14418 return tx
14419 }
14421 this.getMasterKey = function() { return masterkey }
14422 this.getAccountZero = function() { return accountZero }
14423 this.getInternalAccount = function() { return internalAccount }
14424 this.getExternalAccount = function() { return externalAccount }
14426 this.getPrivateKey = function(index) {
14427 return externalAccount.derive(index).privKey
14428 }
14430 this.getInternalPrivateKey = function(index) {
14431 return internalAccount.derive(index).privKey
14432 }
14434 this.getPrivateKeyForAddress = function(address) {
14435 var index
14436 if((index = this.addresses.indexOf(address)) > -1) {
14437 return this.getPrivateKey(index)
14438 } else if((index = this.changeAddresses.indexOf(address)) > -1) {
14439 return this.getInternalPrivateKey(index)
14440 } else {
14441 throw new Error('Unknown address. Make sure the address is from the keychain and has been generated.')
14442 }
14443 }
14445 function isReceiveAddress(address){
14446 return me.addresses.indexOf(address) > -1
14447 }
14449 function isChangeAddress(address){
14450 return me.changeAddresses.indexOf(address) > -1
14451 }
14453 function isMyAddress(address) {
14454 return isReceiveAddress(address) || isChangeAddress(address)
14455 }
14458module.exports = Wallet
diff --git a/src/js/index.js b/src/js/index.js
new file mode 100644
index 0000000..161f91f
--- /dev/null
+++ b/src/js/index.js
@@ -0,0 +1,337 @@
1(function() {
3 var mnemonic = new Mnemonic("english");
4 var bip32RootKey = null;
5 var bip32ExtendedKey = null;
6 var network = Bitcoin.networks.bitcoin;
7 var addressRowTemplate = $("#address-row-template");
9 var phraseChangeTimeoutEvent = null;
11 var DOM = {};
12 DOM.phrase = $(".phrase");
13 DOM.generate = $(".generate");
14 DOM.rootKey = $(".root-key");
15 DOM.extendedPrivKey = $(".extended-priv-key");
16 DOM.extendedPubKey = $(".extended-pub-key");
17 DOM.bip32path = $("#bip32-path");
18 DOM.bip44path = $("#bip44-path");
19 DOM.bip44purpose = $("#bip44 .purpose");
20 DOM.bip44coin = $("#bip44 .coin");
21 DOM.bip44account = $("#bip44 .account");
22 DOM.bip44change = $("#bip44 .change");
23 DOM.strength = $(".strength");
24 DOM.addresses = $(".addresses");
25 DOM.rowsToAdd = $(".rows-to-add");
26 DOM.more = $(".more");
27 DOM.feedback = $(".feedback");
28 DOM.tab = $(".derivation-type a");
29 DOM.indexToggle = $(".index-toggle");
30 DOM.addressToggle = $(".address-toggle");
31 DOM.privateKeyToggle = $(".private-key-toggle");
33 var derivationPath = DOM.bip44path.val();
35 function init() {
36 // Events
37 DOM.phrase.on("keyup", delayedPhraseChanged);
38 DOM.generate.on("click", generateClicked);
39 DOM.more.on("click", showMore);
40 DOM.bip32path.on("keyup", bip32Changed);
41 DOM.bip44purpose.on("keyup", bip44Changed);
42 DOM.bip44coin.on("keyup", bip44Changed);
43 DOM.bip44account.on("keyup", bip44Changed);
44 DOM.bip44change.on("keyup", bip44Changed);
45 DOM.tab.on("click", tabClicked);
46 DOM.indexToggle.on("click", toggleIndexes);
47 DOM.addressToggle.on("click", toggleAddresses);
48 DOM.privateKeyToggle.on("click", togglePrivateKeys);
49 disableForms();
50 hidePending();
51 hideValidationError();
52 }
54 // Event handlers
56 function delayedPhraseChanged() {
57 hideValidationError();
58 showPending();
59 if (phraseChangeTimeoutEvent != null) {
60 clearTimeout(phraseChangeTimeoutEvent);
61 }
62 phraseChangeTimeoutEvent = setTimeout(phraseChanged, 400);
63 }
65 function phraseChanged() {
66 showPending();
67 hideValidationError();
68 // Get the mnemonic phrase
69 var phrase = DOM.phrase.val();
70 var errorText = findPhraseErrors(phrase);
71 if (errorText) {
72 showValidationError(errorText);
73 return;
74 }
75 // Get the derivation path
76 var errorText = findDerivationPathErrors();
77 if (errorText) {
78 showValidationError(errorText);
79 return;
80 }
81 // Calculate and display
82 calcBip32Seed(phrase, derivationPath);
83 displayBip32Info();
84 hidePending();
85 }
87 function generateClicked() {
88 clearDisplay();
89 showPending();
90 setTimeout(function() {
91 var phrase = generateRandomPhrase();
92 if (!phrase) {
93 return;
94 }
95 phraseChanged();
96 }, 50);
97 }
99 function tabClicked(e) {
100 var activePath = $(e.target.getAttribute("href") + " .path");
101 derivationPath = activePath.val();
102 derivationChanged();
103 }
105 function derivationChanged() {
106 delayedPhraseChanged();
107 }
109 function bip32Changed() {
110 derivationPath = DOM.bip32path.val();
111 derivationChanged();
112 }
114 function bip44Changed() {
115 setBip44DerivationPath();
116 derivationPath = DOM.bip44path.val();
117 derivationChanged();
118 }
120 function toggleIndexes() {
121 $("td.index span").toggleClass("invisible");
122 }
124 function toggleAddresses() {
125 $("td.address span").toggleClass("invisible");
126 }
128 function togglePrivateKeys() {
129 $("td.privkey span").toggleClass("invisible");
130 }
132 // Private methods
134 function generateRandomPhrase() {
135 if (!hasStrongRandom()) {
136 var errorText = "This browser does not support strong randomness";
137 showValidationError(errorText);
138 return;
139 }
140 var numWords = parseInt(DOM.strength.val());
141 // Check strength is an integer
142 if (isNaN(numWords)) {
143 DOM.strength.val("12");
144 numWords = 12;
145 }
146 // Check strength is a multiple of 32, if not round it down
147 if (numWords % 3 != 0) {
148 numWords = Math.floor(numWords / 3) * 3;
149 DOM.strength.val(numWords);
150 }
151 // Check strength is at least 32
152 if (numWords == 0) {
153 numWords = 3;
154 DOM.strength.val(numWords);
155 }
156 var strength = numWords / 3 * 32;
157 var words = mnemonic.generate(strength);
158 DOM.phrase.val(words);
159 return words;
160 }
162 function calcBip32Seed(phrase, path) {
163 var seed = mnemonic.toSeed(phrase);
164 var seedHash = Bitcoin.crypto.sha256(seed).toString("hex");
165 bip32RootKey = Bitcoin.HDNode.fromSeedHex(seedHash, network);
166 bip32ExtendedKey = bip32RootKey;
167 // Derive the key from the path
168 var pathBits = path.split("/");
169 for (var i=0; i<pathBits.length; i++) {
170 var bit = pathBits[i];
171 var index = parseInt(bit);
172 if (isNaN(index)) {
173 continue;
174 }
175 var hardened = bit[bit.length-1] == "'";
176 if (hardened) {
177 bip32ExtendedKey = bip32ExtendedKey.deriveHardened(index);
178 }
179 else {
180 bip32ExtendedKey = bip32ExtendedKey.derive(index);
181 }
182 }
183 }
185 function showValidationError(errorText) {
186 DOM.feedback
187 .text(errorText)
188 .show();
189 }
191 function hideValidationError() {
192 DOM.feedback
193 .text("")
194 .hide();
195 }
197 function findPhraseErrors(phrase) {
198 // TODO make this right
199 // Preprocess the words
200 var parts = phrase.split(" ");
201 var proper = [];
202 for (var i=0; i<parts.length; i++) {
203 var part = parts[i];
204 if (part.length > 0) {
205 // TODO check that lowercasing is always valid to do
206 proper.push(part.toLowerCase());
207 }
208 }
209 // TODO some levenstein on the words
210 var properPhrase = proper.join(' ');
211 // Check the words are valid
212 var isValid = mnemonic.check(properPhrase);
213 if (!isValid) {
214 return "Invalid mnemonic";
215 }
216 return false;
217 }
219 function findDerivationPathErrors(path) {
220 // TODO
221 return false;
222 }
224 function displayBip32Info() {
225 // Display the key
226 var rootKey = bip32RootKey.toBase58();
227 DOM.rootKey.val(rootKey);
228 var extendedPrivKey = bip32ExtendedKey.toBase58();
229 DOM.extendedPrivKey.val(extendedPrivKey);
230 var extendedPubKey = bip32ExtendedKey.toBase58(false);
231 DOM.extendedPubKey.val(extendedPubKey);
232 // Display the addresses and privkeys
233 clearAddressesList();
234 displayAddresses(0, 20);
235 }
237 function displayAddresses(start, total) {
238 for (var i=0; i<total; i++) {
239 var index = i+ start;
240 var key = bip32ExtendedKey.derive(index);
241 var address = key.getAddress().toString();
242 var privkey = key.privKey.toWIF();
243 addAddressToList(index, address, privkey);
244 }
245 }
247 function showMore() {
248 var start = DOM.addresses.children().length;
249 var rowsToAdd = parseInt(DOM.rowsToAdd.val());
250 if (isNaN(rowsToAdd)) {
251 rowsToAdd = 20;
252 DOM.rowsToAdd.val("20");
253 }
254 if (rowsToAdd > 200) {
255 var msg = "Generating " + rowsToAdd + " rows could take a while. ";
256 msg += "Do you want to continue?";
257 if (!confirm(msg)) {
258 return;
259 }
260 }
261 showPending();
262 setTimeout(function() {
263 displayAddresses(start, rowsToAdd);
264 hidePending();
265 }, 50);
266 }
268 function clearDisplay() {
269 clearAddressesList();
270 clearKey();
271 hideValidationError();
272 }
274 function clearAddressesList() {
275 DOM.addresses.empty();
276 }
278 function clearKey() {
279 DOM.rootKey.val("");
280 DOM.extendedPrivKey.val("");
281 DOM.extendedPubKey.val("");
282 }
284 function addAddressToList(index, address, privkey) {
285 var row = $(addressRowTemplate.html());
286 row.find(".index span").text(index);
287 row.find(".address span").text(address);
288 row.find(".privkey span").text(privkey);
289 DOM.addresses.append(row);
290 }
292 function hasStrongRandom() {
293 return 'crypto' in window && window['crypto'] !== null;
294 }
296 function disableForms() {
297 $("form").on("submit", function(e) {
298 e.preventDefault();
299 });
300 }
302 function setBip44DerivationPath() {
303 var purpose = parseIntNoNaN(DOM.bip44purpose.val(), 44);
304 var coin = parseIntNoNaN(DOM.bip44coin.val(), 0);
305 var account = parseIntNoNaN(DOM.bip44account.val(), 0);
306 var change = parseIntNoNaN(DOM.bip44change.val(), 0);
307 var path = "m/";
308 path += purpose + "'/";
309 path += coin + "'/";
310 path += account + "'/";
311 path += change;
312 DOM.bip44path.val(path);
313 }
315 function parseIntNoNaN(val, defaultVal) {
316 var v = parseInt(val);
317 if (isNaN(v)) {
318 return defaultVal;
319 }
320 return v;
321 }
323 function showPending() {
324 DOM.feedback
325 .text("Calculating...")
326 .show();
327 }
329 function hidePending() {
330 DOM.feedback
331 .text("")
332 .hide();
333 }
335 init();
diff --git a/src/js/jsbip39.js b/src/js/jsbip39.js
new file mode 100644
index 0000000..d0ac3ae
--- /dev/null
+++ b/src/js/jsbip39.js
@@ -0,0 +1,386 @@
2 * Copyright (c) 2013 Pavol Rusnak
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy of
5 * this software and associated documentation files (the "Software"), to deal in
6 * the Software without restriction, including without limitation the rights to
7 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
8 * of the Software, and to permit persons to whom the Software is furnished to do
9 * so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in all
12 * copies or substantial portions of the Software.
13 *
20 */
23 * Javascript port from python by Ian Coleman
24 *
25 * Includes code from asmCrypto
26 * https://github.com/tresorit/asmcrypto.js
27 */
29var Mnemonic = function(language) {
31 var PBKDF2_ROUNDS = 2048;
32 var RADIX = 2048;
34 var self = this;
35 var wordlist = [];
37 function init() {
38 wordlist = WORDLISTS[language];
39 if (wordlist.length != RADIX) {
40 err = 'Wordlist should contain ' + RADIX + ' words, but it contains ' + wordlist.length + ' words.';
41 throw err;
42 }
43 }
45 self.generate = function(strength) {
46 strength = strength || 128;
47 var r = strength % 32;
48 if (r > 0) {
49 throw 'Strength should be divisible by 32, but it is not (' + r + ').';
50 }
51 var hasStrongCrypto = 'crypto' in window && window['crypto'] !== null;
52 if (!hasStrongCrypto) {
53 throw 'Mnemonic should be generated with strong randomness, but crypto.getRandomValues is unavailable';
54 }
55 var buffer = new Uint8Array(strength / 8);
56 var data = crypto.getRandomValues(buffer);
57 return self.toMnemonic(data);
58 }
60 self.toMnemonic = function(data) {
61 if (data.length % 4 > 0) {
62 throw 'Data length in bits should be divisible by 32, but it is not (' + data.length + ' bytes = ' + data.length*8 + ' bits).'
63 }
65 //h = hashlib.sha256(data).hexdigest()
66 var uintArray = new Uint8Array(data);
67 var h = asmCrypto.SHA256.bytes(uintArray);
69 // b is a binary string, eg '00111010101100...'
70 //b = bin(int(binascii.hexlify(data), 16))[2:].zfill(len(data) * 8) + \
71 // bin(int(h, 16))[2:].zfill(256)[:len(data) * 8 / 32]
72 //
73 // a = bin(int(binascii.hexlify(data), 16))[2:].zfill(len(data) * 8)
74 // c = bin(int(h, 16))[2:].zfill(256)
75 // d = c[:len(data) * 8 / 32]
76 var a = byteArrayToBinaryString(data);
77 var c = byteArrayToBinaryString(h);
78 var d = c.substring(0, data.length * 8 / 32);
79 // b = line1 + line2
80 var b = a + d;
82 var result = [];
83 var blen = b.length / 11;
84 for (var i=0; i<blen; i++) {
85 var idx = parseInt(b.substring(i * 11, (i + 1) * 11), 2);
86 result.push(wordlist[idx]);
87 }
88 return result.join(' ');
89 }
91 self.check = function(mnemonic) {
92 var mnemonic = mnemonic.split(' ')
93 if (mnemonic.length % 3 > 0) {
94 return false
95 }
96 // idx = map(lambda x: bin(self.wordlist.index(x))[2:].zfill(11), mnemonic)
97 var idx = [];
98 for (var i=0; i<mnemonic.length; i++) {
99 var word = mnemonic[i];
100 var wordIndex = wordlist.indexOf(word);
101 if (wordIndex == -1) {
102 return false;
103 }
104 var binaryIndex = zfill(wordIndex.toString(2), 11);
105 idx.push(binaryIndex);
106 }
107 var b = idx.join('');
108 var l = b.length;
109 //d = b[:l / 33 * 32]
110 //h = b[-l / 33:]
111 var d = b.substring(0, l / 33 * 32);
112 var h = b.substring(l - l / 33, l);
113 //nd = binascii.unhexlify(hex(int(d, 2))[2:].rstrip('L').zfill(l / 33 * 8))
114 //nh = bin(int(hashlib.sha256(nd).hexdigest(), 16))[2:].zfill(256)[:l / 33]
115 var nd = binaryStringToByteArray(d);
116 var ndHash = asmCrypto.SHA256.bytes(nd);
117 var ndBstr = zfill(byteArrayToBinaryString(ndHash), 256);
118 var nh = ndBstr.substring(0,l/33);
119 return h == nh;
120 }
122 self.toSeed = function(mnemonic, passphrase) {
123 passphrase = passphrase || '';
124 mnemonic = normalizeString(mnemonic)
125 passphrase = normalizeString(passphrase)
126 passphrase = "mnemonic" + passphrase;
127 //return PBKDF2(mnemonic, 'mnemonic' + passphrase, iterations=PBKDF2_ROUNDS, macmodule=hmac, digestmodule=hashlib.sha512).read(64)
128 return asmCrypto.PBKDF2_HMAC_SHA512.hex(mnemonic, passphrase, PBKDF2_ROUNDS, 512/8);
129 }
131 function normalizeString(str) {
132 if (typeof str.normalize == "function") {
133 return str.normalize("NFKD");
134 }
135 else {
136 // TODO find a library to do this
137 // Not supported on firefox mobile
138 console.warn("NFKD Normalization is unavailable");
139 return str;
140 }
141 }
143 function byteArrayToBinaryString(data) {
144 var bin = "";
145 for (var i=0; i<data.length; i++) {
146 bin += zfill(data[i].toString(2), 8);
147 }
148 return bin;
149 }
151 function binaryStringToByteArray(str) {
152 var arrayLen = str.length / 8;
153 var array = new Uint8Array(arrayLen);
154 for (var i=0; i<arrayLen; i++) {
155 var valueStr = str.substring(0,8);
156 var value = parseInt(valueStr, 2);
157 array[i] = value;
158 str = str.slice(8);
159 }
160 return array;
161 }
163 // Pad a numeric string on the left with zero digits until the given width
164 // is reached.
165 // Note this differs to the python implementation because it does not
166 // handle numbers starting with a sign.
167 function zfill(source, length) {
168 source = source.toString();
169 while (source.length < length) {
170 source = '0' + source;
171 }
172 return source;
173 }
175 init();
180"english": [