fluencelabs/js-peer-id
1
0
Fork 0
mirror of https://github.com/fluencelabs/js-peer-id synced 2025-06-10 10:11:35 +00:00
Code Issues Projects Releases Wiki Activity
js-peer-id/dist/peer-id.js
nginnever 73b42ff2aa dist file
2016-03-03 14:19:10 -08:00

55163 lines
1.5 MiB
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

var PeerId =
/******/ (function(modules) { // webpackBootstrap
/******/ // The module cache
/******/ var installedModules = {};
/******/ // The require function
/******/ function __webpack_require__(moduleId) {
/******/ // Check if module is in cache
/******/ if(installedModules[moduleId])
/******/ return installedModules[moduleId].exports;
/******/ // Create a new module (and put it into the cache)
/******/ var module = installedModules[moduleId] = {
/******/ exports: {},
/******/ id: moduleId,
/******/ loaded: false
/******/ };
/******/ // Execute the module function
/******/ modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
/******/ // Flag the module as loaded
/******/ module.loaded = true;
/******/ // Return the exports of the module
/******/ return module.exports;
/******/ }
/******/ // expose the modules object (__webpack_modules__)
/******/ __webpack_require__.m = modules;
/******/ // expose the module cache
/******/ __webpack_require__.c = installedModules;
/******/ // __webpack_public_path__
/******/ __webpack_require__.p = "";
/******/ // Load entry module and return exports
/******/ return __webpack_require__(0);
/******/ })
/************************************************************************/
/******/ ([
/* 0 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(global, __dirname, Buffer) {/*
* Id is an object representation of a peer Id. a peer Id is a multihash
*/
const fs = __webpack_require__(5)
const multihashing = __webpack_require__(6)
const base58 = __webpack_require__(154)
const forge = __webpack_require__(156)
const protobuf = __webpack_require__(158)
const path = __webpack_require__(177)
const isNode = !global.window
// protobuf read from file
const messages = isNode ? protobuf(fs.readFileSync(path.resolve(__dirname, 'pb/crypto.proto')))
: protobuf(__webpack_require__(178))
exports = module.exports = Id
exports.Buffer = Buffer
function Id (id, privKey, pubKey) {
const self = this
if (!(self instanceof Id)) {
throw new Error('Id must be called with new')
}
self.privKey = privKey
self.pubKey = pubKey
self.id = id // multihash - sha256 - buffer
// pretty print
self.toPrint = function () {
return {
id: self.toB58String(),
privKey: privKey.toString('hex'),
pubKey: pubKey.toString('hex')
}
}
// encode/decode functions
self.toHexString = function () {
return self.id.toString('hex')
}
self.toBytes = function () {
return self.id
}
self.toB58String = function () {
return base58.encode(self.id)
}
}
// unwrap the private key protobuf
function unmarshal (key) {
return messages.PrivateKey.decode(key)
}
// create a public key protobuf to be base64 string stored in config
function marshal (data, type) {
var epb
if (type === 'Public') {
epb = messages.PublicKey.encode({
Type: 0,
Data: data
})
}
if (type === 'Private') {
epb = messages.PrivateKey.encode({
Type: 0,
Data: data
})
}
return epb
}
// this returns a base64 encoded protobuf of the public key
function formatKey (key, type) {
// create der buffer of public key asn.1 object
const der = forge.asn1.toDer(key)
// create forge buffer of der public key buffer
const fDerBuf = forge.util.createBuffer(der.data, 'binary')
// convert forge buffer to node buffer public key
const nDerBuf = new Buffer(fDerBuf.getBytes(), 'binary')
// protobuf the new DER bytes to the PublicKey Data: field
const marshalKey = marshal(nDerBuf, type)
// encode the protobuf public key to base64 string
const b64 = marshalKey.toString('base64')
return b64
}
// generation
exports.create = function () {
// generate keys
const pair = forge.rsa.generateKeyPair({ bits: 2048, e: 0x10001 })
// return the RSA public/private key to asn1 object
const asnPub = forge.pki.publicKeyToAsn1(pair.publicKey)
const asnPriv = forge.pki.privateKeyToAsn1(pair.privateKey)
// format the keys to protobuf base64 encoded string
const protoPublic64 = formatKey(asnPub, 'Public')
const protoPrivate64 = formatKey(asnPriv, 'Private')
const mhId = multihashing(new Buffer(protoPublic64, 'base64'), 'sha2-256')
return new Id(mhId, protoPrivate64, protoPublic64)
}
exports.createFromHexString = function (str) {
return new Id(new Buffer(str, 'hex'))
}
exports.createFromBytes = function (buf) {
return new Id(buf)
}
exports.createFromB58String = function (str) {
return new Id(new Buffer(base58.decode(str)))
}
exports.createFromPubKey = function (pubKey) {
const buf = new Buffer(pubKey, 'base64')
const mhId = multihashing(buf, 'sha2-256')
return new Id(mhId, null, pubKey)
}
exports.createFromPrivKey = function (privKey) {
// create a buffer from the base64 encoded string
const buf = new Buffer(privKey, 'base64')
// get the private key data from the protobuf
const mpk = unmarshal(buf)
// create a forge buffer
const fbuf = forge.util.createBuffer(mpk.Data.toString('binary'))
// create an asn1 object from the private key bytes saved in the protobuf Data: field
const asnPriv = forge.asn1.fromDer(fbuf)
// get the RSA privatekey data from the asn1 object
const privateKey = forge.pki.privateKeyFromAsn1(asnPriv)
// set the RSA public key to the modulus and exponent of the private key
const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e)
// return the RSA public key to asn1 object
const asnPub = forge.pki.publicKeyToAsn1(publicKey)
// format the public key
const protoPublic64 = formatKey(asnPub, 'Public')
const mhId = multihashing(new Buffer(protoPublic64, 'base64'), 'sha2-256')
return new Id(mhId, privKey, protoPublic64)
}
/* WEBPACK VAR INJECTION */}.call(exports, (function() { return this; }()), "/", __webpack_require__(1).Buffer))
/***/ },
/* 1 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer, global) {/*!
* The buffer module from node.js, for the browser.
*
* @author Feross Aboukhadijeh <feross@feross.org> <http://feross.org>
* @license MIT
*/
/* eslint-disable no-proto */
'use strict'
var base64 = __webpack_require__(2)
var ieee754 = __webpack_require__(3)
var isArray = __webpack_require__(4)
exports.Buffer = Buffer
exports.SlowBuffer = SlowBuffer
exports.INSPECT_MAX_BYTES = 50
Buffer.poolSize = 8192 // not used by this implementation
var rootParent = {}
/**
* If `Buffer.TYPED_ARRAY_SUPPORT`:
* === true Use Uint8Array implementation (fastest)
* === false Use Object implementation (most compatible, even IE6)
*
* Browsers that support typed arrays are IE 10+, Firefox 4+, Chrome 7+, Safari 5.1+,
* Opera 11.6+, iOS 4.2+.
*
* Due to various browser bugs, sometimes the Object implementation will be used even
* when the browser supports typed arrays.
*
* Note:
*
* - Firefox 4-29 lacks support for adding new properties to `Uint8Array` instances,
* See: https://bugzilla.mozilla.org/show_bug.cgi?id=695438.
*
* - Safari 5-7 lacks support for changing the `Object.prototype.constructor` property
* on objects.
*
* - Chrome 9-10 is missing the `TypedArray.prototype.subarray` function.
*
* - IE10 has a broken `TypedArray.prototype.subarray` function which returns arrays of
* incorrect length in some situations.
* We detect these buggy browsers and set `Buffer.TYPED_ARRAY_SUPPORT` to `false` so they
* get the Object implementation, which is slower but behaves correctly.
*/
Buffer.TYPED_ARRAY_SUPPORT = global.TYPED_ARRAY_SUPPORT !== undefined
? global.TYPED_ARRAY_SUPPORT
: typedArraySupport()
function typedArraySupport () {
function Bar () {}
try {
var arr = new Uint8Array(1)
arr.foo = function () { return 42 }
arr.constructor = Bar
return arr.foo() === 42 && // typed array instances can be augmented
arr.constructor === Bar && // constructor can be set
typeof arr.subarray === 'function' && // chrome 9-10 lack `subarray`
arr.subarray(1, 1).byteLength === 0 // ie10 has broken `subarray`
} catch (e) {
return false
}
}
function kMaxLength () {
return Buffer.TYPED_ARRAY_SUPPORT
? 0x7fffffff
: 0x3fffffff
}
/**
* Class: Buffer
* =============
*
* The Buffer constructor returns instances of `Uint8Array` that are augmented
* with function properties for all the node `Buffer` API functions. We use
* `Uint8Array` so that square bracket notation works as expected -- it returns
* a single octet.
*
* By augmenting the instances, we can avoid modifying the `Uint8Array`
* prototype.
*/
function Buffer (arg) {
if (!(this instanceof Buffer)) {
// Avoid going through an ArgumentsAdaptorTrampoline in the common case.
if (arguments.length > 1) return new Buffer(arg, arguments[1])
return new Buffer(arg)
}
if (!Buffer.TYPED_ARRAY_SUPPORT) {
this.length = 0
this.parent = undefined
}
// Common case.
if (typeof arg === 'number') {
return fromNumber(this, arg)
}
// Slightly less common case.
if (typeof arg === 'string') {
return fromString(this, arg, arguments.length > 1 ? arguments[1] : 'utf8')
}
// Unusual.
return fromObject(this, arg)
}
function fromNumber (that, length) {
that = allocate(that, length < 0 ? 0 : checked(length) | 0)
if (!Buffer.TYPED_ARRAY_SUPPORT) {
for (var i = 0; i < length; i++) {
that[i] = 0
}
}
return that
}
function fromString (that, string, encoding) {
if (typeof encoding !== 'string' || encoding === '') encoding = 'utf8'
// Assumption: byteLength() return value is always < kMaxLength.
var length = byteLength(string, encoding) | 0
that = allocate(that, length)
that.write(string, encoding)
return that
}
function fromObject (that, object) {
if (Buffer.isBuffer(object)) return fromBuffer(that, object)
if (isArray(object)) return fromArray(that, object)
if (object == null) {
throw new TypeError('must start with number, buffer, array or string')
}
if (typeof ArrayBuffer !== 'undefined') {
if (object.buffer instanceof ArrayBuffer) {
return fromTypedArray(that, object)
}
if (object instanceof ArrayBuffer) {
return fromArrayBuffer(that, object)
}
}
if (object.length) return fromArrayLike(that, object)
return fromJsonObject(that, object)
}
function fromBuffer (that, buffer) {
var length = checked(buffer.length) | 0
that = allocate(that, length)
buffer.copy(that, 0, 0, length)
return that
}
function fromArray (that, array) {
var length = checked(array.length) | 0
that = allocate(that, length)
for (var i = 0; i < length; i += 1) {
that[i] = array[i] & 255
}
return that
}
// Duplicate of fromArray() to keep fromArray() monomorphic.
function fromTypedArray (that, array) {
var length = checked(array.length) | 0
that = allocate(that, length)
// Truncating the elements is probably not what people expect from typed
// arrays with BYTES_PER_ELEMENT > 1 but it's compatible with the behavior
// of the old Buffer constructor.
for (var i = 0; i < length; i += 1) {
that[i] = array[i] & 255
}
return that
}
function fromArrayBuffer (that, array) {
if (Buffer.TYPED_ARRAY_SUPPORT) {
// Return an augmented `Uint8Array` instance, for best performance
array.byteLength
that = Buffer._augment(new Uint8Array(array))
} else {
// Fallback: Return an object instance of the Buffer class
that = fromTypedArray(that, new Uint8Array(array))
}
return that
}
function fromArrayLike (that, array) {
var length = checked(array.length) | 0
that = allocate(that, length)
for (var i = 0; i < length; i += 1) {
that[i] = array[i] & 255
}
return that
}
// Deserialize { type: 'Buffer', data: [1,2,3,...] } into a Buffer object.
// Returns a zero-length buffer for inputs that don't conform to the spec.
function fromJsonObject (that, object) {
var array
var length = 0
if (object.type === 'Buffer' && isArray(object.data)) {
array = object.data
length = checked(array.length) | 0
}
that = allocate(that, length)
for (var i = 0; i < length; i += 1) {
that[i] = array[i] & 255
}
return that
}
if (Buffer.TYPED_ARRAY_SUPPORT) {
Buffer.prototype.__proto__ = Uint8Array.prototype
Buffer.__proto__ = Uint8Array
} else {
// pre-set for values that may exist in the future
Buffer.prototype.length = undefined
Buffer.prototype.parent = undefined
}
function allocate (that, length) {
if (Buffer.TYPED_ARRAY_SUPPORT) {
// Return an augmented `Uint8Array` instance, for best performance
that = Buffer._augment(new Uint8Array(length))
that.__proto__ = Buffer.prototype
} else {
// Fallback: Return an object instance of the Buffer class
that.length = length
that._isBuffer = true
}
var fromPool = length !== 0 && length <= Buffer.poolSize >>> 1
if (fromPool) that.parent = rootParent
return that
}
function checked (length) {
// Note: cannot use `length < kMaxLength` here because that fails when
// length is NaN (which is otherwise coerced to zero.)
if (length >= kMaxLength()) {
throw new RangeError('Attempt to allocate Buffer larger than maximum ' +
'size: 0x' + kMaxLength().toString(16) + ' bytes')
}
return length | 0
}
function SlowBuffer (subject, encoding) {
if (!(this instanceof SlowBuffer)) return new SlowBuffer(subject, encoding)
var buf = new Buffer(subject, encoding)
delete buf.parent
return buf
}
Buffer.isBuffer = function isBuffer (b) {
return !!(b != null && b._isBuffer)
}
Buffer.compare = function compare (a, b) {
if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) {
throw new TypeError('Arguments must be Buffers')
}
if (a === b) return 0
var x = a.length
var y = b.length
var i = 0
var len = Math.min(x, y)
while (i < len) {
if (a[i] !== b[i]) break
++i
}
if (i !== len) {
x = a[i]
y = b[i]
}
if (x < y) return -1
if (y < x) return 1
return 0
}
Buffer.isEncoding = function isEncoding (encoding) {
switch (String(encoding).toLowerCase()) {
case 'hex':
case 'utf8':
case 'utf-8':
case 'ascii':
case 'binary':
case 'base64':
case 'raw':
case 'ucs2':
case 'ucs-2':
case 'utf16le':
case 'utf-16le':
return true
default:
return false
}
}
Buffer.concat = function concat (list, length) {
if (!isArray(list)) throw new TypeError('list argument must be an Array of Buffers.')
if (list.length === 0) {
return new Buffer(0)
}
var i
if (length === undefined) {
length = 0
for (i = 0; i < list.length; i++) {
length += list[i].length
}
}
var buf = new Buffer(length)
var pos = 0
for (i = 0; i < list.length; i++) {
var item = list[i]
item.copy(buf, pos)
pos += item.length
}
return buf
}
function byteLength (string, encoding) {
if (typeof string !== 'string') string = '' + string
var len = string.length
if (len === 0) return 0
// Use a for loop to avoid recursion
var loweredCase = false
for (;;) {
switch (encoding) {
case 'ascii':
case 'binary':
// Deprecated
case 'raw':
case 'raws':
return len
case 'utf8':
case 'utf-8':
return utf8ToBytes(string).length
case 'ucs2':
case 'ucs-2':
case 'utf16le':
case 'utf-16le':
return len * 2
case 'hex':
return len >>> 1
case 'base64':
return base64ToBytes(string).length
default:
if (loweredCase) return utf8ToBytes(string).length // assume utf8
encoding = ('' + encoding).toLowerCase()
loweredCase = true
}
}
}
Buffer.byteLength = byteLength
function slowToString (encoding, start, end) {
var loweredCase = false
start = start | 0
end = end === undefined || end === Infinity ? this.length : end | 0
if (!encoding) encoding = 'utf8'
if (start < 0) start = 0
if (end > this.length) end = this.length
if (end <= start) return ''
while (true) {
switch (encoding) {
case 'hex':
return hexSlice(this, start, end)
case 'utf8':
case 'utf-8':
return utf8Slice(this, start, end)
case 'ascii':
return asciiSlice(this, start, end)
case 'binary':
return binarySlice(this, start, end)
case 'base64':
return base64Slice(this, start, end)
case 'ucs2':
case 'ucs-2':
case 'utf16le':
case 'utf-16le':
return utf16leSlice(this, start, end)
default:
if (loweredCase) throw new TypeError('Unknown encoding: ' + encoding)
encoding = (encoding + '').toLowerCase()
loweredCase = true
}
}
}
Buffer.prototype.toString = function toString () {
var length = this.length | 0
if (length === 0) return ''
if (arguments.length === 0) return utf8Slice(this, 0, length)
return slowToString.apply(this, arguments)
}
Buffer.prototype.equals = function equals (b) {
if (!Buffer.isBuffer(b)) throw new TypeError('Argument must be a Buffer')
if (this === b) return true
return Buffer.compare(this, b) === 0
}
Buffer.prototype.inspect = function inspect () {
var str = ''
var max = exports.INSPECT_MAX_BYTES
if (this.length > 0) {
str = this.toString('hex', 0, max).match(/.{2}/g).join(' ')
if (this.length > max) str += ' ... '
}
return '<Buffer ' + str + '>'
}
Buffer.prototype.compare = function compare (b) {
if (!Buffer.isBuffer(b)) throw new TypeError('Argument must be a Buffer')
if (this === b) return 0
return Buffer.compare(this, b)
}
Buffer.prototype.indexOf = function indexOf (val, byteOffset) {
if (byteOffset > 0x7fffffff) byteOffset = 0x7fffffff
else if (byteOffset < -0x80000000) byteOffset = -0x80000000
byteOffset >>= 0
if (this.length === 0) return -1
if (byteOffset >= this.length) return -1
// Negative offsets start from the end of the buffer
if (byteOffset < 0) byteOffset = Math.max(this.length + byteOffset, 0)
if (typeof val === 'string') {
if (val.length === 0) return -1 // special case: looking for empty string always fails
return String.prototype.indexOf.call(this, val, byteOffset)
}
if (Buffer.isBuffer(val)) {
return arrayIndexOf(this, val, byteOffset)
}
if (typeof val === 'number') {
if (Buffer.TYPED_ARRAY_SUPPORT && Uint8Array.prototype.indexOf === 'function') {
return Uint8Array.prototype.indexOf.call(this, val, byteOffset)
}
return arrayIndexOf(this, [ val ], byteOffset)
}
function arrayIndexOf (arr, val, byteOffset) {
var foundIndex = -1
for (var i = 0; byteOffset + i < arr.length; i++) {
if (arr[byteOffset + i] === val[foundIndex === -1 ? 0 : i - foundIndex]) {
if (foundIndex === -1) foundIndex = i
if (i - foundIndex + 1 === val.length) return byteOffset + foundIndex
} else {
foundIndex = -1
}
}
return -1
}
throw new TypeError('val must be string, number or Buffer')
}
// `get` is deprecated
Buffer.prototype.get = function get (offset) {
console.log('.get() is deprecated. Access using array indexes instead.')
return this.readUInt8(offset)
}
// `set` is deprecated
Buffer.prototype.set = function set (v, offset) {
console.log('.set() is deprecated. Access using array indexes instead.')
return this.writeUInt8(v, offset)
}
function hexWrite (buf, string, offset, length) {
offset = Number(offset) || 0
var remaining = buf.length - offset
if (!length) {
length = remaining
} else {
length = Number(length)
if (length > remaining) {
length = remaining
}
}
// must be an even number of digits
var strLen = string.length
if (strLen % 2 !== 0) throw new Error('Invalid hex string')
if (length > strLen / 2) {
length = strLen / 2
}
for (var i = 0; i < length; i++) {
var parsed = parseInt(string.substr(i * 2, 2), 16)
if (isNaN(parsed)) throw new Error('Invalid hex string')
buf[offset + i] = parsed
}
return i
}
function utf8Write (buf, string, offset, length) {
return blitBuffer(utf8ToBytes(string, buf.length - offset), buf, offset, length)
}
function asciiWrite (buf, string, offset, length) {
return blitBuffer(asciiToBytes(string), buf, offset, length)
}
function binaryWrite (buf, string, offset, length) {
return asciiWrite(buf, string, offset, length)
}
function base64Write (buf, string, offset, length) {
return blitBuffer(base64ToBytes(string), buf, offset, length)
}
function ucs2Write (buf, string, offset, length) {
return blitBuffer(utf16leToBytes(string, buf.length - offset), buf, offset, length)
}
Buffer.prototype.write = function write (string, offset, length, encoding) {
// Buffer#write(string)
if (offset === undefined) {
encoding = 'utf8'
length = this.length
offset = 0
// Buffer#write(string, encoding)
} else if (length === undefined && typeof offset === 'string') {
encoding = offset
length = this.length
offset = 0
// Buffer#write(string, offset[, length][, encoding])
} else if (isFinite(offset)) {
offset = offset | 0
if (isFinite(length)) {
length = length | 0
if (encoding === undefined) encoding = 'utf8'
} else {
encoding = length
length = undefined
}
// legacy write(string, encoding, offset, length) - remove in v0.13
} else {
var swap = encoding
encoding = offset
offset = length | 0
length = swap
}
var remaining = this.length - offset
if (length === undefined || length > remaining) length = remaining
if ((string.length > 0 && (length < 0 || offset < 0)) || offset > this.length) {
throw new RangeError('attempt to write outside buffer bounds')
}
if (!encoding) encoding = 'utf8'
var loweredCase = false
for (;;) {
switch (encoding) {
case 'hex':
return hexWrite(this, string, offset, length)
case 'utf8':
case 'utf-8':
return utf8Write(this, string, offset, length)
case 'ascii':
return asciiWrite(this, string, offset, length)
case 'binary':
return binaryWrite(this, string, offset, length)
case 'base64':
// Warning: maxLength not taken into account in base64Write
return base64Write(this, string, offset, length)
case 'ucs2':
case 'ucs-2':
case 'utf16le':
case 'utf-16le':
return ucs2Write(this, string, offset, length)
default:
if (loweredCase) throw new TypeError('Unknown encoding: ' + encoding)
encoding = ('' + encoding).toLowerCase()
loweredCase = true
}
}
}
Buffer.prototype.toJSON = function toJSON () {
return {
type: 'Buffer',
data: Array.prototype.slice.call(this._arr || this, 0)
}
}
function base64Slice (buf, start, end) {
if (start === 0 && end === buf.length) {
return base64.fromByteArray(buf)
} else {
return base64.fromByteArray(buf.slice(start, end))
}
}
function utf8Slice (buf, start, end) {
end = Math.min(buf.length, end)
var res = []
var i = start
while (i < end) {
var firstByte = buf[i]
var codePoint = null
var bytesPerSequence = (firstByte > 0xEF) ? 4
: (firstByte > 0xDF) ? 3
: (firstByte > 0xBF) ? 2
: 1
if (i + bytesPerSequence <= end) {
var secondByte, thirdByte, fourthByte, tempCodePoint
switch (bytesPerSequence) {
case 1:
if (firstByte < 0x80) {
codePoint = firstByte
}
break
case 2:
secondByte = buf[i + 1]
if ((secondByte & 0xC0) === 0x80) {
tempCodePoint = (firstByte & 0x1F) << 0x6 | (secondByte & 0x3F)
if (tempCodePoint > 0x7F) {
codePoint = tempCodePoint
}
}
break
case 3:
secondByte = buf[i + 1]
thirdByte = buf[i + 2]
if ((secondByte & 0xC0) === 0x80 && (thirdByte & 0xC0) === 0x80) {
tempCodePoint = (firstByte & 0xF) << 0xC | (secondByte & 0x3F) << 0x6 | (thirdByte & 0x3F)
if (tempCodePoint > 0x7FF && (tempCodePoint < 0xD800 || tempCodePoint > 0xDFFF)) {
codePoint = tempCodePoint
}
}
break
case 4:
secondByte = buf[i + 1]
thirdByte = buf[i + 2]
fourthByte = buf[i + 3]
if ((secondByte & 0xC0) === 0x80 && (thirdByte & 0xC0) === 0x80 && (fourthByte & 0xC0) === 0x80) {
tempCodePoint = (firstByte & 0xF) << 0x12 | (secondByte & 0x3F) << 0xC | (thirdByte & 0x3F) << 0x6 | (fourthByte & 0x3F)
if (tempCodePoint > 0xFFFF && tempCodePoint < 0x110000) {
codePoint = tempCodePoint
}
}
}
}
if (codePoint === null) {
// we did not generate a valid codePoint so insert a
// replacement char (U+FFFD) and advance only 1 byte
codePoint = 0xFFFD
bytesPerSequence = 1
} else if (codePoint > 0xFFFF) {
// encode to utf16 (surrogate pair dance)
codePoint -= 0x10000
res.push(codePoint >>> 10 & 0x3FF | 0xD800)
codePoint = 0xDC00 | codePoint & 0x3FF
}
res.push(codePoint)
i += bytesPerSequence
}
return decodeCodePointsArray(res)
}
// Based on http://stackoverflow.com/a/22747272/680742, the browser with
// the lowest limit is Chrome, with 0x10000 args.
// We go 1 magnitude less, for safety
var MAX_ARGUMENTS_LENGTH = 0x1000
function decodeCodePointsArray (codePoints) {
var len = codePoints.length
if (len <= MAX_ARGUMENTS_LENGTH) {
return String.fromCharCode.apply(String, codePoints) // avoid extra slice()
}
// Decode in chunks to avoid "call stack size exceeded".
var res = ''
var i = 0
while (i < len) {
res += String.fromCharCode.apply(
String,
codePoints.slice(i, i += MAX_ARGUMENTS_LENGTH)
)
}
return res
}
function asciiSlice (buf, start, end) {
var ret = ''
end = Math.min(buf.length, end)
for (var i = start; i < end; i++) {
ret += String.fromCharCode(buf[i] & 0x7F)
}
return ret
}
function binarySlice (buf, start, end) {
var ret = ''
end = Math.min(buf.length, end)
for (var i = start; i < end; i++) {
ret += String.fromCharCode(buf[i])
}
return ret
}
function hexSlice (buf, start, end) {
var len = buf.length
if (!start || start < 0) start = 0
if (!end || end < 0 || end > len) end = len
var out = ''
for (var i = start; i < end; i++) {
out += toHex(buf[i])
}
return out
}
function utf16leSlice (buf, start, end) {
var bytes = buf.slice(start, end)
var res = ''
for (var i = 0; i < bytes.length; i += 2) {
res += String.fromCharCode(bytes[i] + bytes[i + 1] * 256)
}
return res
}
Buffer.prototype.slice = function slice (start, end) {
var len = this.length
start = ~~start
end = end === undefined ? len : ~~end
if (start < 0) {
start += len
if (start < 0) start = 0
} else if (start > len) {
start = len
}
if (end < 0) {
end += len
if (end < 0) end = 0
} else if (end > len) {
end = len
}
if (end < start) end = start
var newBuf
if (Buffer.TYPED_ARRAY_SUPPORT) {
newBuf = Buffer._augment(this.subarray(start, end))
} else {
var sliceLen = end - start
newBuf = new Buffer(sliceLen, undefined)
for (var i = 0; i < sliceLen; i++) {
newBuf[i] = this[i + start]
}
}
if (newBuf.length) newBuf.parent = this.parent || this
return newBuf
}
/*
* Need to make sure that buffer isn't trying to write out of bounds.
*/
function checkOffset (offset, ext, length) {
if ((offset % 1) !== 0 || offset < 0) throw new RangeError('offset is not uint')
if (offset + ext > length) throw new RangeError('Trying to access beyond buffer length')
}
Buffer.prototype.readUIntLE = function readUIntLE (offset, byteLength, noAssert) {
offset = offset | 0
byteLength = byteLength | 0
if (!noAssert) checkOffset(offset, byteLength, this.length)
var val = this[offset]
var mul = 1
var i = 0
while (++i < byteLength && (mul *= 0x100)) {
val += this[offset + i] * mul
}
return val
}
Buffer.prototype.readUIntBE = function readUIntBE (offset, byteLength, noAssert) {
offset = offset | 0
byteLength = byteLength | 0
if (!noAssert) {
checkOffset(offset, byteLength, this.length)
}
var val = this[offset + --byteLength]
var mul = 1
while (byteLength > 0 && (mul *= 0x100)) {
val += this[offset + --byteLength] * mul
}
return val
}
Buffer.prototype.readUInt8 = function readUInt8 (offset, noAssert) {
if (!noAssert) checkOffset(offset, 1, this.length)
return this[offset]
}
Buffer.prototype.readUInt16LE = function readUInt16LE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 2, this.length)
return this[offset] | (this[offset + 1] << 8)
}
Buffer.prototype.readUInt16BE = function readUInt16BE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 2, this.length)
return (this[offset] << 8) | this[offset + 1]
}
Buffer.prototype.readUInt32LE = function readUInt32LE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 4, this.length)
return ((this[offset]) |
(this[offset + 1] << 8) |
(this[offset + 2] << 16)) +
(this[offset + 3] * 0x1000000)
}
Buffer.prototype.readUInt32BE = function readUInt32BE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 4, this.length)
return (this[offset] * 0x1000000) +
((this[offset + 1] << 16) |
(this[offset + 2] << 8) |
this[offset + 3])
}
Buffer.prototype.readIntLE = function readIntLE (offset, byteLength, noAssert) {
offset = offset | 0
byteLength = byteLength | 0
if (!noAssert) checkOffset(offset, byteLength, this.length)
var val = this[offset]
var mul = 1
var i = 0
while (++i < byteLength && (mul *= 0x100)) {
val += this[offset + i] * mul
}
mul *= 0x80
if (val >= mul) val -= Math.pow(2, 8 * byteLength)
return val
}
Buffer.prototype.readIntBE = function readIntBE (offset, byteLength, noAssert) {
offset = offset | 0
byteLength = byteLength | 0
if (!noAssert) checkOffset(offset, byteLength, this.length)
var i = byteLength
var mul = 1
var val = this[offset + --i]
while (i > 0 && (mul *= 0x100)) {
val += this[offset + --i] * mul
}
mul *= 0x80
if (val >= mul) val -= Math.pow(2, 8 * byteLength)
return val
}
Buffer.prototype.readInt8 = function readInt8 (offset, noAssert) {
if (!noAssert) checkOffset(offset, 1, this.length)
if (!(this[offset] & 0x80)) return (this[offset])
return ((0xff - this[offset] + 1) * -1)
}
Buffer.prototype.readInt16LE = function readInt16LE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 2, this.length)
var val = this[offset] | (this[offset + 1] << 8)
return (val & 0x8000) ? val | 0xFFFF0000 : val
}
Buffer.prototype.readInt16BE = function readInt16BE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 2, this.length)
var val = this[offset + 1] | (this[offset] << 8)
return (val & 0x8000) ? val | 0xFFFF0000 : val
}
Buffer.prototype.readInt32LE = function readInt32LE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 4, this.length)
return (this[offset]) |
(this[offset + 1] << 8) |
(this[offset + 2] << 16) |
(this[offset + 3] << 24)
}
Buffer.prototype.readInt32BE = function readInt32BE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 4, this.length)
return (this[offset] << 24) |
(this[offset + 1] << 16) |
(this[offset + 2] << 8) |
(this[offset + 3])
}
Buffer.prototype.readFloatLE = function readFloatLE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 4, this.length)
return ieee754.read(this, offset, true, 23, 4)
}
Buffer.prototype.readFloatBE = function readFloatBE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 4, this.length)
return ieee754.read(this, offset, false, 23, 4)
}
Buffer.prototype.readDoubleLE = function readDoubleLE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 8, this.length)
return ieee754.read(this, offset, true, 52, 8)
}
Buffer.prototype.readDoubleBE = function readDoubleBE (offset, noAssert) {
if (!noAssert) checkOffset(offset, 8, this.length)
return ieee754.read(this, offset, false, 52, 8)
}
function checkInt (buf, value, offset, ext, max, min) {
if (!Buffer.isBuffer(buf)) throw new TypeError('buffer must be a Buffer instance')
if (value > max || value < min) throw new RangeError('value is out of bounds')
if (offset + ext > buf.length) throw new RangeError('index out of range')
}
Buffer.prototype.writeUIntLE = function writeUIntLE (value, offset, byteLength, noAssert) {
value = +value
offset = offset | 0
byteLength = byteLength | 0
if (!noAssert) checkInt(this, value, offset, byteLength, Math.pow(2, 8 * byteLength), 0)
var mul = 1
var i = 0
this[offset] = value & 0xFF
while (++i < byteLength && (mul *= 0x100)) {
this[offset + i] = (value / mul) & 0xFF
}
return offset + byteLength
}
Buffer.prototype.writeUIntBE = function writeUIntBE (value, offset, byteLength, noAssert) {
value = +value
offset = offset | 0
byteLength = byteLength | 0
if (!noAssert) checkInt(this, value, offset, byteLength, Math.pow(2, 8 * byteLength), 0)
var i = byteLength - 1
var mul = 1
this[offset + i] = value & 0xFF
while (--i >= 0 && (mul *= 0x100)) {
this[offset + i] = (value / mul) & 0xFF
}
return offset + byteLength
}
Buffer.prototype.writeUInt8 = function writeUInt8 (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 1, 0xff, 0)
if (!Buffer.TYPED_ARRAY_SUPPORT) value = Math.floor(value)
this[offset] = (value & 0xff)
return offset + 1
}
function objectWriteUInt16 (buf, value, offset, littleEndian) {
if (value < 0) value = 0xffff + value + 1
for (var i = 0, j = Math.min(buf.length - offset, 2); i < j; i++) {
buf[offset + i] = (value & (0xff << (8 * (littleEndian ? i : 1 - i)))) >>>
(littleEndian ? i : 1 - i) * 8
}
}
Buffer.prototype.writeUInt16LE = function writeUInt16LE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 2, 0xffff, 0)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value & 0xff)
this[offset + 1] = (value >>> 8)
} else {
objectWriteUInt16(this, value, offset, true)
}
return offset + 2
}
Buffer.prototype.writeUInt16BE = function writeUInt16BE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 2, 0xffff, 0)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value >>> 8)
this[offset + 1] = (value & 0xff)
} else {
objectWriteUInt16(this, value, offset, false)
}
return offset + 2
}
function objectWriteUInt32 (buf, value, offset, littleEndian) {
if (value < 0) value = 0xffffffff + value + 1
for (var i = 0, j = Math.min(buf.length - offset, 4); i < j; i++) {
buf[offset + i] = (value >>> (littleEndian ? i : 3 - i) * 8) & 0xff
}
}
Buffer.prototype.writeUInt32LE = function writeUInt32LE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 4, 0xffffffff, 0)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset + 3] = (value >>> 24)
this[offset + 2] = (value >>> 16)
this[offset + 1] = (value >>> 8)
this[offset] = (value & 0xff)
} else {
objectWriteUInt32(this, value, offset, true)
}
return offset + 4
}
Buffer.prototype.writeUInt32BE = function writeUInt32BE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 4, 0xffffffff, 0)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value >>> 24)
this[offset + 1] = (value >>> 16)
this[offset + 2] = (value >>> 8)
this[offset + 3] = (value & 0xff)
} else {
objectWriteUInt32(this, value, offset, false)
}
return offset + 4
}
Buffer.prototype.writeIntLE = function writeIntLE (value, offset, byteLength, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) {
var limit = Math.pow(2, 8 * byteLength - 1)
checkInt(this, value, offset, byteLength, limit - 1, -limit)
}
var i = 0
var mul = 1
var sub = value < 0 ? 1 : 0
this[offset] = value & 0xFF
while (++i < byteLength && (mul *= 0x100)) {
this[offset + i] = ((value / mul) >> 0) - sub & 0xFF
}
return offset + byteLength
}
Buffer.prototype.writeIntBE = function writeIntBE (value, offset, byteLength, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) {
var limit = Math.pow(2, 8 * byteLength - 1)
checkInt(this, value, offset, byteLength, limit - 1, -limit)
}
var i = byteLength - 1
var mul = 1
var sub = value < 0 ? 1 : 0
this[offset + i] = value & 0xFF
while (--i >= 0 && (mul *= 0x100)) {
this[offset + i] = ((value / mul) >> 0) - sub & 0xFF
}
return offset + byteLength
}
Buffer.prototype.writeInt8 = function writeInt8 (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 1, 0x7f, -0x80)
if (!Buffer.TYPED_ARRAY_SUPPORT) value = Math.floor(value)
if (value < 0) value = 0xff + value + 1
this[offset] = (value & 0xff)
return offset + 1
}
Buffer.prototype.writeInt16LE = function writeInt16LE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 2, 0x7fff, -0x8000)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value & 0xff)
this[offset + 1] = (value >>> 8)
} else {
objectWriteUInt16(this, value, offset, true)
}
return offset + 2
}
Buffer.prototype.writeInt16BE = function writeInt16BE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 2, 0x7fff, -0x8000)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value >>> 8)
this[offset + 1] = (value & 0xff)
} else {
objectWriteUInt16(this, value, offset, false)
}
return offset + 2
}
Buffer.prototype.writeInt32LE = function writeInt32LE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 4, 0x7fffffff, -0x80000000)
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value & 0xff)
this[offset + 1] = (value >>> 8)
this[offset + 2] = (value >>> 16)
this[offset + 3] = (value >>> 24)
} else {
objectWriteUInt32(this, value, offset, true)
}
return offset + 4
}
Buffer.prototype.writeInt32BE = function writeInt32BE (value, offset, noAssert) {
value = +value
offset = offset | 0
if (!noAssert) checkInt(this, value, offset, 4, 0x7fffffff, -0x80000000)
if (value < 0) value = 0xffffffff + value + 1
if (Buffer.TYPED_ARRAY_SUPPORT) {
this[offset] = (value >>> 24)
this[offset + 1] = (value >>> 16)
this[offset + 2] = (value >>> 8)
this[offset + 3] = (value & 0xff)
} else {
objectWriteUInt32(this, value, offset, false)
}
return offset + 4
}
function checkIEEE754 (buf, value, offset, ext, max, min) {
if (value > max || value < min) throw new RangeError('value is out of bounds')
if (offset + ext > buf.length) throw new RangeError('index out of range')
if (offset < 0) throw new RangeError('index out of range')
}
function writeFloat (buf, value, offset, littleEndian, noAssert) {
if (!noAssert) {
checkIEEE754(buf, value, offset, 4, 3.4028234663852886e+38, -3.4028234663852886e+38)
}
ieee754.write(buf, value, offset, littleEndian, 23, 4)
return offset + 4
}
Buffer.prototype.writeFloatLE = function writeFloatLE (value, offset, noAssert) {
return writeFloat(this, value, offset, true, noAssert)
}
Buffer.prototype.writeFloatBE = function writeFloatBE (value, offset, noAssert) {
return writeFloat(this, value, offset, false, noAssert)
}
function writeDouble (buf, value, offset, littleEndian, noAssert) {
if (!noAssert) {
checkIEEE754(buf, value, offset, 8, 1.7976931348623157E+308, -1.7976931348623157E+308)
}
ieee754.write(buf, value, offset, littleEndian, 52, 8)
return offset + 8
}
Buffer.prototype.writeDoubleLE = function writeDoubleLE (value, offset, noAssert) {
return writeDouble(this, value, offset, true, noAssert)
}
Buffer.prototype.writeDoubleBE = function writeDoubleBE (value, offset, noAssert) {
return writeDouble(this, value, offset, false, noAssert)
}
// copy(targetBuffer, targetStart=0, sourceStart=0, sourceEnd=buffer.length)
Buffer.prototype.copy = function copy (target, targetStart, start, end) {
if (!start) start = 0
if (!end && end !== 0) end = this.length
if (targetStart >= target.length) targetStart = target.length
if (!targetStart) targetStart = 0
if (end > 0 && end < start) end = start
// Copy 0 bytes; we're done
if (end === start) return 0
if (target.length === 0 || this.length === 0) return 0
// Fatal error conditions
if (targetStart < 0) {
throw new RangeError('targetStart out of bounds')
}
if (start < 0 || start >= this.length) throw new RangeError('sourceStart out of bounds')
if (end < 0) throw new RangeError('sourceEnd out of bounds')
// Are we oob?
if (end > this.length) end = this.length
if (target.length - targetStart < end - start) {
end = target.length - targetStart + start
}
var len = end - start
var i
if (this === target && start < targetStart && targetStart < end) {
// descending copy from end
for (i = len - 1; i >= 0; i--) {
target[i + targetStart] = this[i + start]
}
} else if (len < 1000 || !Buffer.TYPED_ARRAY_SUPPORT) {
// ascending copy from start
for (i = 0; i < len; i++) {
target[i + targetStart] = this[i + start]
}
} else {
target._set(this.subarray(start, start + len), targetStart)
}
return len
}
// fill(value, start=0, end=buffer.length)
Buffer.prototype.fill = function fill (value, start, end) {
if (!value) value = 0
if (!start) start = 0
if (!end) end = this.length
if (end < start) throw new RangeError('end < start')
// Fill 0 bytes; we're done
if (end === start) return
if (this.length === 0) return
if (start < 0 || start >= this.length) throw new RangeError('start out of bounds')
if (end < 0 || end > this.length) throw new RangeError('end out of bounds')
var i
if (typeof value === 'number') {
for (i = start; i < end; i++) {
this[i] = value
}
} else {
var bytes = utf8ToBytes(value.toString())
var len = bytes.length
for (i = start; i < end; i++) {
this[i] = bytes[i % len]
}
}
return this
}
/**
* Creates a new `ArrayBuffer` with the *copied* memory of the buffer instance.
* Added in Node 0.12. Only available in browsers that support ArrayBuffer.
*/
Buffer.prototype.toArrayBuffer = function toArrayBuffer () {
if (typeof Uint8Array !== 'undefined') {
if (Buffer.TYPED_ARRAY_SUPPORT) {
return (new Buffer(this)).buffer
} else {
var buf = new Uint8Array(this.length)
for (var i = 0, len = buf.length; i < len; i += 1) {
buf[i] = this[i]
}
return buf.buffer
}
} else {
throw new TypeError('Buffer.toArrayBuffer not supported in this browser')
}
}
// HELPER FUNCTIONS
// ================
var BP = Buffer.prototype
/**
* Augment a Uint8Array *instance* (not the Uint8Array class!) with Buffer methods
*/
Buffer._augment = function _augment (arr) {
arr.constructor = Buffer
arr._isBuffer = true
// save reference to original Uint8Array set method before overwriting
arr._set = arr.set
// deprecated
arr.get = BP.get
arr.set = BP.set
arr.write = BP.write
arr.toString = BP.toString
arr.toLocaleString = BP.toString
arr.toJSON = BP.toJSON
arr.equals = BP.equals
arr.compare = BP.compare
arr.indexOf = BP.indexOf
arr.copy = BP.copy
arr.slice = BP.slice
arr.readUIntLE = BP.readUIntLE
arr.readUIntBE = BP.readUIntBE
arr.readUInt8 = BP.readUInt8
arr.readUInt16LE = BP.readUInt16LE
arr.readUInt16BE = BP.readUInt16BE
arr.readUInt32LE = BP.readUInt32LE
arr.readUInt32BE = BP.readUInt32BE
arr.readIntLE = BP.readIntLE
arr.readIntBE = BP.readIntBE
arr.readInt8 = BP.readInt8
arr.readInt16LE = BP.readInt16LE
arr.readInt16BE = BP.readInt16BE
arr.readInt32LE = BP.readInt32LE
arr.readInt32BE = BP.readInt32BE
arr.readFloatLE = BP.readFloatLE
arr.readFloatBE = BP.readFloatBE
arr.readDoubleLE = BP.readDoubleLE
arr.readDoubleBE = BP.readDoubleBE
arr.writeUInt8 = BP.writeUInt8
arr.writeUIntLE = BP.writeUIntLE
arr.writeUIntBE = BP.writeUIntBE
arr.writeUInt16LE = BP.writeUInt16LE
arr.writeUInt16BE = BP.writeUInt16BE
arr.writeUInt32LE = BP.writeUInt32LE
arr.writeUInt32BE = BP.writeUInt32BE
arr.writeIntLE = BP.writeIntLE
arr.writeIntBE = BP.writeIntBE
arr.writeInt8 = BP.writeInt8
arr.writeInt16LE = BP.writeInt16LE
arr.writeInt16BE = BP.writeInt16BE
arr.writeInt32LE = BP.writeInt32LE
arr.writeInt32BE = BP.writeInt32BE
arr.writeFloatLE = BP.writeFloatLE
arr.writeFloatBE = BP.writeFloatBE
arr.writeDoubleLE = BP.writeDoubleLE
arr.writeDoubleBE = BP.writeDoubleBE
arr.fill = BP.fill
arr.inspect = BP.inspect
arr.toArrayBuffer = BP.toArrayBuffer
return arr
}
var INVALID_BASE64_RE = /[^+\/0-9A-Za-z-_]/g
function base64clean (str) {
// Node strips out invalid characters like \n and \t from the string, base64-js does not
str = stringtrim(str).replace(INVALID_BASE64_RE, '')
// Node converts strings with length < 2 to ''
if (str.length < 2) return ''
// Node allows for non-padded base64 strings (missing trailing ===), base64-js does not
while (str.length % 4 !== 0) {
str = str + '='
}
return str
}
function stringtrim (str) {
if (str.trim) return str.trim()
return str.replace(/^\s+|\s+$/g, '')
}
function toHex (n) {
if (n < 16) return '0' + n.toString(16)
return n.toString(16)
}
function utf8ToBytes (string, units) {
units = units || Infinity
var codePoint
var length = string.length
var leadSurrogate = null
var bytes = []
for (var i = 0; i < length; i++) {
codePoint = string.charCodeAt(i)
// is surrogate component
if (codePoint > 0xD7FF && codePoint < 0xE000) {
// last char was a lead
if (!leadSurrogate) {
// no lead yet
if (codePoint > 0xDBFF) {
// unexpected trail
if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
continue
} else if (i + 1 === length) {
// unpaired lead
if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
continue
}
// valid lead
leadSurrogate = codePoint
continue
}
// 2 leads in a row
if (codePoint < 0xDC00) {
if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
leadSurrogate = codePoint
continue
}
// valid surrogate pair
codePoint = (leadSurrogate - 0xD800 << 10 | codePoint - 0xDC00) + 0x10000
} else if (leadSurrogate) {
// valid bmp char, but last char was a lead
if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)
}
leadSurrogate = null
// encode utf8
if (codePoint < 0x80) {
if ((units -= 1) < 0) break
bytes.push(codePoint)
} else if (codePoint < 0x800) {
if ((units -= 2) < 0) break
bytes.push(
codePoint >> 0x6 | 0xC0,
codePoint & 0x3F | 0x80
)
} else if (codePoint < 0x10000) {
if ((units -= 3) < 0) break
bytes.push(
codePoint >> 0xC | 0xE0,
codePoint >> 0x6 & 0x3F | 0x80,
codePoint & 0x3F | 0x80
)
} else if (codePoint < 0x110000) {
if ((units -= 4) < 0) break
bytes.push(
codePoint >> 0x12 | 0xF0,
codePoint >> 0xC & 0x3F | 0x80,
codePoint >> 0x6 & 0x3F | 0x80,
codePoint & 0x3F | 0x80
)
} else {
throw new Error('Invalid code point')
}
}
return bytes
}
function asciiToBytes (str) {
var byteArray = []
for (var i = 0; i < str.length; i++) {
// Node's code seems to be doing this and not & 0x7F..
byteArray.push(str.charCodeAt(i) & 0xFF)
}
return byteArray
}
function utf16leToBytes (str, units) {
var c, hi, lo
var byteArray = []
for (var i = 0; i < str.length; i++) {
if ((units -= 2) < 0) break
c = str.charCodeAt(i)
hi = c >> 8
lo = c % 256
byteArray.push(lo)
byteArray.push(hi)
}
return byteArray
}
function base64ToBytes (str) {
return base64.toByteArray(base64clean(str))
}
function blitBuffer (src, dst, offset, length) {
for (var i = 0; i < length; i++) {
if ((i + offset >= dst.length) || (i >= src.length)) break
dst[i + offset] = src[i]
}
return i
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer, (function() { return this; }())))
/***/ },
/* 2 */
/***/ function(module, exports, __webpack_require__) {
var lookup = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
;(function (exports) {
'use strict';
var Arr = (typeof Uint8Array !== 'undefined')
? Uint8Array
: Array
var PLUS = '+'.charCodeAt(0)
var SLASH = '/'.charCodeAt(0)
var NUMBER = '0'.charCodeAt(0)
var LOWER = 'a'.charCodeAt(0)
var UPPER = 'A'.charCodeAt(0)
var PLUS_URL_SAFE = '-'.charCodeAt(0)
var SLASH_URL_SAFE = '_'.charCodeAt(0)
function decode (elt) {
var code = elt.charCodeAt(0)
if (code === PLUS ||
code === PLUS_URL_SAFE)
return 62 // '+'
if (code === SLASH ||
code === SLASH_URL_SAFE)
return 63 // '/'
if (code < NUMBER)
return -1 //no match
if (code < NUMBER + 10)
return code - NUMBER + 26 + 26
if (code < UPPER + 26)
return code - UPPER
if (code < LOWER + 26)
return code - LOWER + 26
}
function b64ToByteArray (b64) {
var i, j, l, tmp, placeHolders, arr
if (b64.length % 4 > 0) {
throw new Error('Invalid string. Length must be a multiple of 4')
}
// the number of equal signs (place holders)
// if there are two placeholders, than the two characters before it
// represent one byte
// if there is only one, then the three characters before it represent 2 bytes
// this is just a cheap hack to not do indexOf twice
var len = b64.length
placeHolders = '=' === b64.charAt(len - 2) ? 2 : '=' === b64.charAt(len - 1) ? 1 : 0
// base64 is 4/3 + up to two characters of the original data
arr = new Arr(b64.length * 3 / 4 - placeHolders)
// if there are placeholders, only get up to the last complete 4 chars
l = placeHolders > 0 ? b64.length - 4 : b64.length
var L = 0
function push (v) {
arr[L++] = v
}
for (i = 0, j = 0; i < l; i += 4, j += 3) {
tmp = (decode(b64.charAt(i)) << 18) | (decode(b64.charAt(i + 1)) << 12) | (decode(b64.charAt(i + 2)) << 6) | decode(b64.charAt(i + 3))
push((tmp & 0xFF0000) >> 16)
push((tmp & 0xFF00) >> 8)
push(tmp & 0xFF)
}
if (placeHolders === 2) {
tmp = (decode(b64.charAt(i)) << 2) | (decode(b64.charAt(i + 1)) >> 4)
push(tmp & 0xFF)
} else if (placeHolders === 1) {
tmp = (decode(b64.charAt(i)) << 10) | (decode(b64.charAt(i + 1)) << 4) | (decode(b64.charAt(i + 2)) >> 2)
push((tmp >> 8) & 0xFF)
push(tmp & 0xFF)
}
return arr
}
function uint8ToBase64 (uint8) {
var i,
extraBytes = uint8.length % 3, // if we have 1 byte left, pad 2 bytes
output = "",
temp, length
function encode (num) {
return lookup.charAt(num)
}
function tripletToBase64 (num) {
return encode(num >> 18 & 0x3F) + encode(num >> 12 & 0x3F) + encode(num >> 6 & 0x3F) + encode(num & 0x3F)
}
// go through the array every three bytes, we'll deal with trailing stuff later
for (i = 0, length = uint8.length - extraBytes; i < length; i += 3) {
temp = (uint8[i] << 16) + (uint8[i + 1] << 8) + (uint8[i + 2])
output += tripletToBase64(temp)
}
// pad the end with zeros, but make sure to not forget the extra bytes
switch (extraBytes) {
case 1:
temp = uint8[uint8.length - 1]
output += encode(temp >> 2)
output += encode((temp << 4) & 0x3F)
output += '=='
break
case 2:
temp = (uint8[uint8.length - 2] << 8) + (uint8[uint8.length - 1])
output += encode(temp >> 10)
output += encode((temp >> 4) & 0x3F)
output += encode((temp << 2) & 0x3F)
output += '='
break
}
return output
}
exports.toByteArray = b64ToByteArray
exports.fromByteArray = uint8ToBase64
}( false ? (this.base64js = {}) : exports))
/***/ },
/* 3 */
/***/ function(module, exports) {
exports.read = function (buffer, offset, isLE, mLen, nBytes) {
var e, m
var eLen = nBytes * 8 - mLen - 1
var eMax = (1 << eLen) - 1
var eBias = eMax >> 1
var nBits = -7
var i = isLE ? (nBytes - 1) : 0
var d = isLE ? -1 : 1
var s = buffer[offset + i]
i += d
e = s & ((1 << (-nBits)) - 1)
s >>= (-nBits)
nBits += eLen
for (; nBits > 0; e = e * 256 + buffer[offset + i], i += d, nBits -= 8) {}
m = e & ((1 << (-nBits)) - 1)
e >>= (-nBits)
nBits += mLen
for (; nBits > 0; m = m * 256 + buffer[offset + i], i += d, nBits -= 8) {}
if (e === 0) {
e = 1 - eBias
} else if (e === eMax) {
return m ? NaN : ((s ? -1 : 1) * Infinity)
} else {
m = m + Math.pow(2, mLen)
e = e - eBias
}
return (s ? -1 : 1) * m * Math.pow(2, e - mLen)
}
exports.write = function (buffer, value, offset, isLE, mLen, nBytes) {
var e, m, c
var eLen = nBytes * 8 - mLen - 1
var eMax = (1 << eLen) - 1
var eBias = eMax >> 1
var rt = (mLen === 23 ? Math.pow(2, -24) - Math.pow(2, -77) : 0)
var i = isLE ? 0 : (nBytes - 1)
var d = isLE ? 1 : -1
var s = value < 0 || (value === 0 && 1 / value < 0) ? 1 : 0
value = Math.abs(value)
if (isNaN(value) || value === Infinity) {
m = isNaN(value) ? 1 : 0
e = eMax
} else {
e = Math.floor(Math.log(value) / Math.LN2)
if (value * (c = Math.pow(2, -e)) < 1) {
e--
c *= 2
}
if (e + eBias >= 1) {
value += rt / c
} else {
value += rt * Math.pow(2, 1 - eBias)
}
if (value * c >= 2) {
e++
c /= 2
}
if (e + eBias >= eMax) {
m = 0
e = eMax
} else if (e + eBias >= 1) {
m = (value * c - 1) * Math.pow(2, mLen)
e = e + eBias
} else {
m = value * Math.pow(2, eBias - 1) * Math.pow(2, mLen)
e = 0
}
}
for (; mLen >= 8; buffer[offset + i] = m & 0xff, i += d, m /= 256, mLen -= 8) {}
e = (e << mLen) | m
eLen += mLen
for (; eLen > 0; buffer[offset + i] = e & 0xff, i += d, e /= 256, eLen -= 8) {}
buffer[offset + i - d] |= s * 128
}
/***/ },
/* 4 */
/***/ function(module, exports) {
var toString = {}.toString;
module.exports = Array.isArray || function (arr) {
return toString.call(arr) == '[object Array]';
};
/***/ },
/* 5 */
/***/ function(module, exports) {
module.exports = {};
/***/ },
/* 6 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var multihash = __webpack_require__(7)
var crypto = __webpack_require__(9)
// var sha3 = require('sha3')
// sha3 broken. See: https://github.com/phusion/node-sha3/issues/5
var mh = module.exports = Multihashing
mh.Buffer = Buffer // for browser things
function Multihashing (buf, func, len) {
return multihash.encode(mh.digest(buf, func, len), func, len)
}
// expose multihash itself, to avoid silly double requires.
mh.multihash = multihash
mh.digest = function (buf, func, length) {
var digest = mh.createHash(func).update(buf).digest()
if (length) {
digest = digest.slice(0, length)
}
return digest
}
mh.createHash = function (func, length) {
func = multihash.coerceCode(func)
if (!mh.functions[func]) {
throw new Error('multihash function ' + func + ' not yet supported')
}
return mh.functions[func]()
}
mh.functions = {
0x11: gsha1,
0x12: gsha2_256,
0x13: gsha2_512
// 0x14: gsha3, // broken
// 0x40: blake2b, // not implemented yet
// 0x41: blake2s, // not implemented yet
}
function gsha1 () {
return crypto.createHash('sha1')
}
function gsha2_256 () {
return crypto.createHash('sha256')
}
function gsha2_512 () {
return crypto.createHash('sha512')
}
// function gsha3() {
// return sha3.SHA3Hash()
// }
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 7 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var invert = __webpack_require__(8)
var mh = module.exports = function () {
if (arguments.length === 1) {
return mh.decode.apply(this, arguments)
} else if (arguments.length > 1) {
return mh.encode.apply(this, arguments)
}
throw new Error('multihash must be called with the encode or decode parameters.')
}
// the multihash tables
mh.names = {
'sha1': 0x11,
'sha2-256': 0x12,
'sha2-512': 0x13,
'sha3': 0x14,
'blake2b': 0x40,
'blake2s': 0x41
}
mh.codes = invert(mh.names)
mh.defaultLengths = {
0x11: 20,
0x12: 32,
0x13: 64,
0x14: 64,
0x40: 64,
0x41: 32
}
// encode(hashfn, [length,] digest)
mh.encode = function MultihashEncode (digest, hashfn, length) {
if (!digest || !hashfn) {
throw new Error('multihash encode requires at least two args: hashfn, digest')
}
// ensure it's a hashfunction code.
hashfn = mh.coerceCode(hashfn)
if (!(Buffer.isBuffer(digest))) {
throw new Error('digest should be a Buffer')
}
if (!length) {
length = digest.length
}
if (length && digest.length !== length) {
throw new Error('digest length should be equal to specified length.')
}
if (length > 127) {
throw new Error('multihash does not yet support digest lengths greater than 127 bytes.')
}
return Buffer.concat([new Buffer([hashfn, length]), digest])
}
// decode(mutlihash)
mh.decode = function MultihashDecode (multihash) {
var err = mh.validate(multihash)
if (err) {
throw err
}
var output = {}
output.code = multihash[0]
output.name = mh.codes[output.code]
output.length = multihash[1]
output.digest = multihash.slice(2)
return output
}
mh.validate = function validateMultihash (multihash) {
if (!(Buffer.isBuffer(multihash))) {
return new Error('multihash must be a Buffer')
}
if (multihash.length < 3) {
return new Error('multihash too short. must be > 3 bytes.')
}
if (multihash.length > 129) {
return new Error('multihash too long. must be < 129 bytes.')
}
if (!mh.isAppCode(multihash[0]) && !mh.codes[multihash[0]]) {
return new Error('multihash unknown function code: 0x' + multihash[0].toString(16))
}
if (multihash.slice(2).length !== multihash[1]) {
return new Error('multihash length inconsistent: 0x' + multihash.toString('hex'))
}
return false
}
mh.coerceCode = function coerceCode (hashfn) {
var code = hashfn
if (typeof hashfn === 'string') {
if (!mh.names[hashfn]) {
throw new Error('Unrecognized hash function named: ' + hashfn)
}
code = mh.names[hashfn]
}
if (typeof code !== 'number') {
throw new Error('Hash function code should be a number. Got: ' + code)
}
if (!mh.codes[code] && !mh.isAppCode(code)) {
throw new Error('Unrecognized function code: ' + code)
}
return code
}
mh.isAppCode = function isAppCode (code) {
return code > 0 && code < 0x10
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 8 */
/***/ function(module, exports) {
"use strict"
function invert(hash) {
var result = {}
for(var i in hash) {
if(hash.hasOwnProperty(i)) {
result[hash[i]] = i
}
}
return result
}
module.exports = invert
/***/ },
/* 9 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(global) {var isNode = !global.window
if (isNode) {
module.exports = __webpack_require__(10)
} else {
module.exports = __webpack_require__(11)
}
/* WEBPACK VAR INJECTION */}.call(exports, (function() { return this; }())))
/***/ },
/* 10 */
/***/ function(module, exports) {
/* (ignored) */
/***/ },
/* 11 */
/***/ function(module, exports, __webpack_require__) {
'use strict'
exports.randomBytes = exports.rng = exports.pseudoRandomBytes = exports.prng = __webpack_require__(12)
exports.createHash = exports.Hash = __webpack_require__(14)
exports.createHmac = exports.Hmac = __webpack_require__(44)
var hashes = ['sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'md5', 'rmd160'].concat(Object.keys(__webpack_require__(45)))
exports.getHashes = function () {
return hashes
}
var p = __webpack_require__(46)
exports.pbkdf2 = p.pbkdf2
exports.pbkdf2Sync = p.pbkdf2Sync
var aes = __webpack_require__(47)
;[
'Cipher',
'createCipher',
'Cipheriv',
'createCipheriv',
'Decipher',
'createDecipher',
'Decipheriv',
'createDecipheriv',
'getCiphers',
'listCiphers'
].forEach(function (key) {
exports[key] = aes[key]
})
var dh = __webpack_require__(74)
;[
'DiffieHellmanGroup',
'createDiffieHellmanGroup',
'getDiffieHellman',
'createDiffieHellman',
'DiffieHellman'
].forEach(function (key) {
exports[key] = dh[key]
})
var sign = __webpack_require__(99)
;[
'createSign',
'Sign',
'createVerify',
'Verify'
].forEach(function (key) {
exports[key] = sign[key]
})
exports.createECDH = __webpack_require__(147)
var publicEncrypt = __webpack_require__(148)
;[
'publicEncrypt',
'privateEncrypt',
'publicDecrypt',
'privateDecrypt'
].forEach(function (key) {
exports[key] = publicEncrypt[key]
})
// the least I can do is make error messages for the rest of the node.js/crypto api.
;[
'createCredentials'
].forEach(function (name) {
exports[name] = function () {
throw new Error([
'sorry, ' + name + ' is not implemented yet',
'we accept pull requests',
'https://github.com/crypto-browserify/crypto-browserify'
].join('\n'))
}
})
/***/ },
/* 12 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(global, Buffer, process) {'use strict'
function oldBrowser () {
throw new Error('secure random number generation not supported by this browser\nuse chrome, FireFox or Internet Explorer 11')
}
var crypto = global.crypto || global.msCrypto
if (crypto && crypto.getRandomValues) {
module.exports = randomBytes
} else {
module.exports = oldBrowser
}
function randomBytes (size, cb) {
// phantomjs needs to throw
if (size > 65536) throw new Error('requested too many random bytes')
// in case browserify isn't using the Uint8Array version
var rawBytes = new global.Uint8Array(size)
// This will not work in older browsers.
// See https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues
if (size > 0) { // getRandomValues fails on IE if size == 0
crypto.getRandomValues(rawBytes)
}
// phantomjs doesn't like a buffer being passed here
var bytes = new Buffer(rawBytes.buffer)
if (typeof cb === 'function') {
return process.nextTick(function () {
cb(null, bytes)
})
}
return bytes
}
/* WEBPACK VAR INJECTION */}.call(exports, (function() { return this; }()), __webpack_require__(1).Buffer, __webpack_require__(13)))
/***/ },
/* 13 */
/***/ function(module, exports) {
// shim for using process in browser
var process = module.exports = {};
var queue = [];
var draining = false;
var currentQueue;
var queueIndex = -1;
function cleanUpNextTick() {
draining = false;
if (currentQueue.length) {
queue = currentQueue.concat(queue);
} else {
queueIndex = -1;
}
if (queue.length) {
drainQueue();
}
}
function drainQueue() {
if (draining) {
return;
}
var timeout = setTimeout(cleanUpNextTick);
draining = true;
var len = queue.length;
while(len) {
currentQueue = queue;
queue = [];
while (++queueIndex < len) {
if (currentQueue) {
currentQueue[queueIndex].run();
}
}
queueIndex = -1;
len = queue.length;
}
currentQueue = null;
draining = false;
clearTimeout(timeout);
}
process.nextTick = function (fun) {
var args = new Array(arguments.length - 1);
if (arguments.length > 1) {
for (var i = 1; i < arguments.length; i++) {
args[i - 1] = arguments[i];
}
}
queue.push(new Item(fun, args));
if (queue.length === 1 && !draining) {
setTimeout(drainQueue, 0);
}
};
// v8 likes predictible objects
function Item(fun, array) {
this.fun = fun;
this.array = array;
}
Item.prototype.run = function () {
this.fun.apply(null, this.array);
};
process.title = 'browser';
process.browser = true;
process.env = {};
process.argv = [];
process.version = ''; // empty string to avoid regexp issues
process.versions = {};
function noop() {}
process.on = noop;
process.addListener = noop;
process.once = noop;
process.off = noop;
process.removeListener = noop;
process.removeAllListeners = noop;
process.emit = noop;
process.binding = function (name) {
throw new Error('process.binding is not supported');
};
process.cwd = function () { return '/' };
process.chdir = function (dir) {
throw new Error('process.chdir is not supported');
};
process.umask = function() { return 0; };
/***/ },
/* 14 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {'use strict';
var inherits = __webpack_require__(15)
var md5 = __webpack_require__(16)
var rmd160 = __webpack_require__(18)
var sha = __webpack_require__(19)
var Base = __webpack_require__(27)
function HashNoConstructor(hash) {
Base.call(this, 'digest')
this._hash = hash
this.buffers = []
}
inherits(HashNoConstructor, Base)
HashNoConstructor.prototype._update = function (data) {
this.buffers.push(data)
}
HashNoConstructor.prototype._final = function () {
var buf = Buffer.concat(this.buffers)
var r = this._hash(buf)
this.buffers = null
return r
}
function Hash(hash) {
Base.call(this, 'digest')
this._hash = hash
}
inherits(Hash, Base)
Hash.prototype._update = function (data) {
this._hash.update(data)
}
Hash.prototype._final = function () {
return this._hash.digest()
}
module.exports = function createHash (alg) {
alg = alg.toLowerCase()
if ('md5' === alg) return new HashNoConstructor(md5)
if ('rmd160' === alg || 'ripemd160' === alg) return new HashNoConstructor(rmd160)
return new Hash(sha(alg))
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 15 */
/***/ function(module, exports) {
if (typeof Object.create === 'function') {
// implementation from standard node.js 'util' module
module.exports = function inherits(ctor, superCtor) {
ctor.super_ = superCtor
ctor.prototype = Object.create(superCtor.prototype, {
constructor: {
value: ctor,
enumerable: false,
writable: true,
configurable: true
}
});
};
} else {
// old school shim for old browsers
module.exports = function inherits(ctor, superCtor) {
ctor.super_ = superCtor
var TempCtor = function () {}
TempCtor.prototype = superCtor.prototype
ctor.prototype = new TempCtor()
ctor.prototype.constructor = ctor
}
}
/***/ },
/* 16 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
/*
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for more info.
*/
var helpers = __webpack_require__(17);
/*
* Calculate the MD5 of an array of little-endian words, and a bit length
*/
function core_md5(x, len)
{
/* append padding */
x[len >> 5] |= 0x80 << ((len) % 32);
x[(((len + 64) >>> 9) << 4) + 14] = len;
var a = 1732584193;
var b = -271733879;
var c = -1732584194;
var d = 271733878;
for(var i = 0; i < x.length; i += 16)
{
var olda = a;
var oldb = b;
var oldc = c;
var oldd = d;
a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
a = safe_add(a, olda);
b = safe_add(b, oldb);
c = safe_add(c, oldc);
d = safe_add(d, oldd);
}
return Array(a, b, c, d);
}
/*
* These functions implement the four basic operations the algorithm uses.
*/
function md5_cmn(q, a, b, x, s, t)
{
return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
}
function md5_ff(a, b, c, d, x, s, t)
{
return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
}
function md5_gg(a, b, c, d, x, s, t)
{
return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
}
function md5_hh(a, b, c, d, x, s, t)
{
return md5_cmn(b ^ c ^ d, a, b, x, s, t);
}
function md5_ii(a, b, c, d, x, s, t)
{
return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
}
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y)
{
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
/*
* Bitwise rotate a 32-bit number to the left.
*/
function bit_rol(num, cnt)
{
return (num << cnt) | (num >>> (32 - cnt));
}
module.exports = function md5(buf) {
return helpers.hash(buf, core_md5, 16);
};
/***/ },
/* 17 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {'use strict';
var intSize = 4;
var zeroBuffer = new Buffer(intSize); zeroBuffer.fill(0);
var chrsz = 8;
function toArray(buf, bigEndian) {
if ((buf.length % intSize) !== 0) {
var len = buf.length + (intSize - (buf.length % intSize));
buf = Buffer.concat([buf, zeroBuffer], len);
}
var arr = [];
var fn = bigEndian ? buf.readInt32BE : buf.readInt32LE;
for (var i = 0; i < buf.length; i += intSize) {
arr.push(fn.call(buf, i));
}
return arr;
}
function toBuffer(arr, size, bigEndian) {
var buf = new Buffer(size);
var fn = bigEndian ? buf.writeInt32BE : buf.writeInt32LE;
for (var i = 0; i < arr.length; i++) {
fn.call(buf, arr[i], i * 4, true);
}
return buf;
}
function hash(buf, fn, hashSize, bigEndian) {
if (!Buffer.isBuffer(buf)) buf = new Buffer(buf);
var arr = fn(toArray(buf, bigEndian), buf.length * chrsz);
return toBuffer(arr, hashSize, bigEndian);
}
exports.hash = hash;
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 18 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
/** @preserve
(c) 2012 by Cédric Mesnil. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
// constants table
var zl = [
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
]
var zr = [
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
]
var sl = [
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
]
var sr = [
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
]
var hl = [0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]
var hr = [0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]
function bytesToWords (bytes) {
var words = []
for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
words[b >>> 5] |= bytes[i] << (24 - b % 32)
}
return words
}
function wordsToBytes (words) {
var bytes = []
for (var b = 0; b < words.length * 32; b += 8) {
bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF)
}
return bytes
}
function processBlock (H, M, offset) {
// swap endian
for (var i = 0; i < 16; i++) {
var offset_i = offset + i
var M_offset_i = M[offset_i]
// Swap
M[offset_i] = (
(((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
(((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
)
}
// Working variables
var al, bl, cl, dl, el
var ar, br, cr, dr, er
ar = al = H[0]
br = bl = H[1]
cr = cl = H[2]
dr = dl = H[3]
er = el = H[4]
// computation
var t
for (i = 0; i < 80; i += 1) {
t = (al + M[offset + zl[i]]) | 0
if (i < 16) {
t += f1(bl, cl, dl) + hl[0]
} else if (i < 32) {
t += f2(bl, cl, dl) + hl[1]
} else if (i < 48) {
t += f3(bl, cl, dl) + hl[2]
} else if (i < 64) {
t += f4(bl, cl, dl) + hl[3]
} else {// if (i<80) {
t += f5(bl, cl, dl) + hl[4]
}
t = t | 0
t = rotl(t, sl[i])
t = (t + el) | 0
al = el
el = dl
dl = rotl(cl, 10)
cl = bl
bl = t
t = (ar + M[offset + zr[i]]) | 0
if (i < 16) {
t += f5(br, cr, dr) + hr[0]
} else if (i < 32) {
t += f4(br, cr, dr) + hr[1]
} else if (i < 48) {
t += f3(br, cr, dr) + hr[2]
} else if (i < 64) {
t += f2(br, cr, dr) + hr[3]
} else {// if (i<80) {
t += f1(br, cr, dr) + hr[4]
}
t = t | 0
t = rotl(t, sr[i])
t = (t + er) | 0
ar = er
er = dr
dr = rotl(cr, 10)
cr = br
br = t
}
// intermediate hash value
t = (H[1] + cl + dr) | 0
H[1] = (H[2] + dl + er) | 0
H[2] = (H[3] + el + ar) | 0
H[3] = (H[4] + al + br) | 0
H[4] = (H[0] + bl + cr) | 0
H[0] = t
}
function f1 (x, y, z) {
return ((x) ^ (y) ^ (z))
}
function f2 (x, y, z) {
return (((x) & (y)) | ((~x) & (z)))
}
function f3 (x, y, z) {
return (((x) | (~(y))) ^ (z))
}
function f4 (x, y, z) {
return (((x) & (z)) | ((y) & (~(z))))
}
function f5 (x, y, z) {
return ((x) ^ ((y) | (~(z))))
}
function rotl (x, n) {
return (x << n) | (x >>> (32 - n))
}
function ripemd160 (message) {
var H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]
if (typeof message === 'string') {
message = new Buffer(message, 'utf8')
}
var m = bytesToWords(message)
var nBitsLeft = message.length * 8
var nBitsTotal = message.length * 8
// Add padding
m[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32)
m[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
(((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
(((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
)
for (var i = 0; i < m.length; i += 16) {
processBlock(H, m, i)
}
// swap endian
for (i = 0; i < 5; i++) {
// shortcut
var H_i = H[i]
// Swap
H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
(((H_i << 24) | (H_i >>> 8)) & 0xff00ff00)
}
var digestbytes = wordsToBytes(H)
return new Buffer(digestbytes)
}
module.exports = ripemd160
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 19 */
/***/ function(module, exports, __webpack_require__) {
var exports = module.exports = function SHA (algorithm) {
algorithm = algorithm.toLowerCase()
var Algorithm = exports[algorithm]
if (!Algorithm) throw new Error(algorithm + ' is not supported (we accept pull requests)')
return new Algorithm()
}
exports.sha = __webpack_require__(20)
exports.sha1 = __webpack_require__(22)
exports.sha224 = __webpack_require__(23)
exports.sha256 = __webpack_require__(24)
exports.sha384 = __webpack_require__(25)
exports.sha512 = __webpack_require__(26)
/***/ },
/* 20 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-0, as defined
* in FIPS PUB 180-1
* This source code is derived from sha1.js of the same repository.
* The difference between SHA-0 and SHA-1 is just a bitwise rotate left
* operation was added.
*/
var inherits = __webpack_require__(15)
var Hash = __webpack_require__(21)
var K = [
0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0
]
var W = new Array(80)
function Sha () {
this.init()
this._w = W
Hash.call(this, 64, 56)
}
inherits(Sha, Hash)
Sha.prototype.init = function () {
this._a = 0x67452301
this._b = 0xefcdab89
this._c = 0x98badcfe
this._d = 0x10325476
this._e = 0xc3d2e1f0
return this
}
function rotl5 (num) {
return (num << 5) | (num >>> 27)
}
function rotl30 (num) {
return (num << 30) | (num >>> 2)
}
function ft (s, b, c, d) {
if (s === 0) return (b & c) | ((~b) & d)
if (s === 2) return (b & c) | (b & d) | (c & d)
return b ^ c ^ d
}
Sha.prototype._update = function (M) {
var W = this._w
var a = this._a | 0
var b = this._b | 0
var c = this._c | 0
var d = this._d | 0
var e = this._e | 0
for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
for (; i < 80; ++i) W[i] = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16]
for (var j = 0; j < 80; ++j) {
var s = ~~(j / 20)
var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0
e = d
d = c
c = rotl30(b)
b = a
a = t
}
this._a = (a + this._a) | 0
this._b = (b + this._b) | 0
this._c = (c + this._c) | 0
this._d = (d + this._d) | 0
this._e = (e + this._e) | 0
}
Sha.prototype._hash = function () {
var H = new Buffer(20)
H.writeInt32BE(this._a | 0, 0)
H.writeInt32BE(this._b | 0, 4)
H.writeInt32BE(this._c | 0, 8)
H.writeInt32BE(this._d | 0, 12)
H.writeInt32BE(this._e | 0, 16)
return H
}
module.exports = Sha
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 21 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {// prototype class for hash functions
function Hash (blockSize, finalSize) {
this._block = new Buffer(blockSize)
this._finalSize = finalSize
this._blockSize = blockSize
this._len = 0
this._s = 0
}
Hash.prototype.update = function (data, enc) {
if (typeof data === 'string') {
enc = enc || 'utf8'
data = new Buffer(data, enc)
}
var l = this._len += data.length
var s = this._s || 0
var f = 0
var buffer = this._block
while (s < l) {
var t = Math.min(data.length, f + this._blockSize - (s % this._blockSize))
var ch = (t - f)
for (var i = 0; i < ch; i++) {
buffer[(s % this._blockSize) + i] = data[i + f]
}
s += ch
f += ch
if ((s % this._blockSize) === 0) {
this._update(buffer)
}
}
this._s = s
return this
}
Hash.prototype.digest = function (enc) {
// Suppose the length of the message M, in bits, is l
var l = this._len * 8
// Append the bit 1 to the end of the message
this._block[this._len % this._blockSize] = 0x80
// and then k zero bits, where k is the smallest non-negative solution to the equation (l + 1 + k) === finalSize mod blockSize
this._block.fill(0, this._len % this._blockSize + 1)
if (l % (this._blockSize * 8) >= this._finalSize * 8) {
this._update(this._block)
this._block.fill(0)
}
// to this append the block which is equal to the number l written in binary
// TODO: handle case where l is > Math.pow(2, 29)
this._block.writeInt32BE(l, this._blockSize - 4)
var hash = this._update(this._block) || this._hash()
return enc ? hash.toString(enc) : hash
}
Hash.prototype._update = function () {
throw new Error('_update must be implemented by subclass')
}
module.exports = Hash
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 22 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
* in FIPS PUB 180-1
* Version 2.1a Copyright Paul Johnston 2000 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
*/
var inherits = __webpack_require__(15)
var Hash = __webpack_require__(21)
var K = [
0x5a827999, 0x6ed9eba1, 0x8f1bbcdc | 0, 0xca62c1d6 | 0
]
var W = new Array(80)
function Sha1 () {
this.init()
this._w = W
Hash.call(this, 64, 56)
}
inherits(Sha1, Hash)
Sha1.prototype.init = function () {
this._a = 0x67452301
this._b = 0xefcdab89
this._c = 0x98badcfe
this._d = 0x10325476
this._e = 0xc3d2e1f0
return this
}
function rotl1 (num) {
return (num << 1) | (num >>> 31)
}
function rotl5 (num) {
return (num << 5) | (num >>> 27)
}
function rotl30 (num) {
return (num << 30) | (num >>> 2)
}
function ft (s, b, c, d) {
if (s === 0) return (b & c) | ((~b) & d)
if (s === 2) return (b & c) | (b & d) | (c & d)
return b ^ c ^ d
}
Sha1.prototype._update = function (M) {
var W = this._w
var a = this._a | 0
var b = this._b | 0
var c = this._c | 0
var d = this._d | 0
var e = this._e | 0
for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
for (; i < 80; ++i) W[i] = rotl1(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16])
for (var j = 0; j < 80; ++j) {
var s = ~~(j / 20)
var t = (rotl5(a) + ft(s, b, c, d) + e + W[j] + K[s]) | 0
e = d
d = c
c = rotl30(b)
b = a
a = t
}
this._a = (a + this._a) | 0
this._b = (b + this._b) | 0
this._c = (c + this._c) | 0
this._d = (d + this._d) | 0
this._e = (e + this._e) | 0
}
Sha1.prototype._hash = function () {
var H = new Buffer(20)
H.writeInt32BE(this._a | 0, 0)
H.writeInt32BE(this._b | 0, 4)
H.writeInt32BE(this._c | 0, 8)
H.writeInt32BE(this._d | 0, 12)
H.writeInt32BE(this._e | 0, 16)
return H
}
module.exports = Sha1
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 23 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {/**
* A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
* in FIPS 180-2
* Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
*
*/
var inherits = __webpack_require__(15)
var Sha256 = __webpack_require__(24)
var Hash = __webpack_require__(21)
var W = new Array(64)
function Sha224 () {
this.init()
this._w = W // new Array(64)
Hash.call(this, 64, 56)
}
inherits(Sha224, Sha256)
Sha224.prototype.init = function () {
this._a = 0xc1059ed8
this._b = 0x367cd507
this._c = 0x3070dd17
this._d = 0xf70e5939
this._e = 0xffc00b31
this._f = 0x68581511
this._g = 0x64f98fa7
this._h = 0xbefa4fa4
return this
}
Sha224.prototype._hash = function () {
var H = new Buffer(28)
H.writeInt32BE(this._a, 0)
H.writeInt32BE(this._b, 4)
H.writeInt32BE(this._c, 8)
H.writeInt32BE(this._d, 12)
H.writeInt32BE(this._e, 16)
H.writeInt32BE(this._f, 20)
H.writeInt32BE(this._g, 24)
return H
}
module.exports = Sha224
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 24 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {/**
* A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
* in FIPS 180-2
* Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
*
*/
var inherits = __webpack_require__(15)
var Hash = __webpack_require__(21)
var K = [
0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
]
var W = new Array(64)
function Sha256 () {
this.init()
this._w = W // new Array(64)
Hash.call(this, 64, 56)
}
inherits(Sha256, Hash)
Sha256.prototype.init = function () {
this._a = 0x6a09e667
this._b = 0xbb67ae85
this._c = 0x3c6ef372
this._d = 0xa54ff53a
this._e = 0x510e527f
this._f = 0x9b05688c
this._g = 0x1f83d9ab
this._h = 0x5be0cd19
return this
}
function ch (x, y, z) {
return z ^ (x & (y ^ z))
}
function maj (x, y, z) {
return (x & y) | (z & (x | y))
}
function sigma0 (x) {
return (x >>> 2 | x << 30) ^ (x >>> 13 | x << 19) ^ (x >>> 22 | x << 10)
}
function sigma1 (x) {
return (x >>> 6 | x << 26) ^ (x >>> 11 | x << 21) ^ (x >>> 25 | x << 7)
}
function gamma0 (x) {
return (x >>> 7 | x << 25) ^ (x >>> 18 | x << 14) ^ (x >>> 3)
}
function gamma1 (x) {
return (x >>> 17 | x << 15) ^ (x >>> 19 | x << 13) ^ (x >>> 10)
}
Sha256.prototype._update = function (M) {
var W = this._w
var a = this._a | 0
var b = this._b | 0
var c = this._c | 0
var d = this._d | 0
var e = this._e | 0
var f = this._f | 0
var g = this._g | 0
var h = this._h | 0
for (var i = 0; i < 16; ++i) W[i] = M.readInt32BE(i * 4)
for (; i < 64; ++i) W[i] = (gamma1(W[i - 2]) + W[i - 7] + gamma0(W[i - 15]) + W[i - 16]) | 0
for (var j = 0; j < 64; ++j) {
var T1 = (h + sigma1(e) + ch(e, f, g) + K[j] + W[j]) | 0
var T2 = (sigma0(a) + maj(a, b, c)) | 0
h = g
g = f
f = e
e = (d + T1) | 0
d = c
c = b
b = a
a = (T1 + T2) | 0
}
this._a = (a + this._a) | 0
this._b = (b + this._b) | 0
this._c = (c + this._c) | 0
this._d = (d + this._d) | 0
this._e = (e + this._e) | 0
this._f = (f + this._f) | 0
this._g = (g + this._g) | 0
this._h = (h + this._h) | 0
}
Sha256.prototype._hash = function () {
var H = new Buffer(32)
H.writeInt32BE(this._a, 0)
H.writeInt32BE(this._b, 4)
H.writeInt32BE(this._c, 8)
H.writeInt32BE(this._d, 12)
H.writeInt32BE(this._e, 16)
H.writeInt32BE(this._f, 20)
H.writeInt32BE(this._g, 24)
H.writeInt32BE(this._h, 28)
return H
}
module.exports = Sha256
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 25 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var inherits = __webpack_require__(15)
var SHA512 = __webpack_require__(26)
var Hash = __webpack_require__(21)
var W = new Array(160)
function Sha384 () {
this.init()
this._w = W
Hash.call(this, 128, 112)
}
inherits(Sha384, SHA512)
Sha384.prototype.init = function () {
this._ah = 0xcbbb9d5d
this._bh = 0x629a292a
this._ch = 0x9159015a
this._dh = 0x152fecd8
this._eh = 0x67332667
this._fh = 0x8eb44a87
this._gh = 0xdb0c2e0d
this._hh = 0x47b5481d
this._al = 0xc1059ed8
this._bl = 0x367cd507
this._cl = 0x3070dd17
this._dl = 0xf70e5939
this._el = 0xffc00b31
this._fl = 0x68581511
this._gl = 0x64f98fa7
this._hl = 0xbefa4fa4
return this
}
Sha384.prototype._hash = function () {
var H = new Buffer(48)
function writeInt64BE (h, l, offset) {
H.writeInt32BE(h, offset)
H.writeInt32BE(l, offset + 4)
}
writeInt64BE(this._ah, this._al, 0)
writeInt64BE(this._bh, this._bl, 8)
writeInt64BE(this._ch, this._cl, 16)
writeInt64BE(this._dh, this._dl, 24)
writeInt64BE(this._eh, this._el, 32)
writeInt64BE(this._fh, this._fl, 40)
return H
}
module.exports = Sha384
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 26 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var inherits = __webpack_require__(15)
var Hash = __webpack_require__(21)
var K = [
0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
]
var W = new Array(160)
function Sha512 () {
this.init()
this._w = W
Hash.call(this, 128, 112)
}
inherits(Sha512, Hash)
Sha512.prototype.init = function () {
this._ah = 0x6a09e667
this._bh = 0xbb67ae85
this._ch = 0x3c6ef372
this._dh = 0xa54ff53a
this._eh = 0x510e527f
this._fh = 0x9b05688c
this._gh = 0x1f83d9ab
this._hh = 0x5be0cd19
this._al = 0xf3bcc908
this._bl = 0x84caa73b
this._cl = 0xfe94f82b
this._dl = 0x5f1d36f1
this._el = 0xade682d1
this._fl = 0x2b3e6c1f
this._gl = 0xfb41bd6b
this._hl = 0x137e2179
return this
}
function Ch (x, y, z) {
return z ^ (x & (y ^ z))
}
function maj (x, y, z) {
return (x & y) | (z & (x | y))
}
function sigma0 (x, xl) {
return (x >>> 28 | xl << 4) ^ (xl >>> 2 | x << 30) ^ (xl >>> 7 | x << 25)
}
function sigma1 (x, xl) {
return (x >>> 14 | xl << 18) ^ (x >>> 18 | xl << 14) ^ (xl >>> 9 | x << 23)
}
function Gamma0 (x, xl) {
return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7)
}
function Gamma0l (x, xl) {
return (x >>> 1 | xl << 31) ^ (x >>> 8 | xl << 24) ^ (x >>> 7 | xl << 25)
}
function Gamma1 (x, xl) {
return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6)
}
function Gamma1l (x, xl) {
return (x >>> 19 | xl << 13) ^ (xl >>> 29 | x << 3) ^ (x >>> 6 | xl << 26)
}
function getCarry (a, b) {
return (a >>> 0) < (b >>> 0) ? 1 : 0
}
Sha512.prototype._update = function (M) {
var W = this._w
var ah = this._ah | 0
var bh = this._bh | 0
var ch = this._ch | 0
var dh = this._dh | 0
var eh = this._eh | 0
var fh = this._fh | 0
var gh = this._gh | 0
var hh = this._hh | 0
var al = this._al | 0
var bl = this._bl | 0
var cl = this._cl | 0
var dl = this._dl | 0
var el = this._el | 0
var fl = this._fl | 0
var gl = this._gl | 0
var hl = this._hl | 0
for (var i = 0; i < 32; i += 2) {
W[i] = M.readInt32BE(i * 4)
W[i + 1] = M.readInt32BE(i * 4 + 4)
}
for (; i < 160; i += 2) {
var xh = W[i - 15 * 2]
var xl = W[i - 15 * 2 + 1]
var gamma0 = Gamma0(xh, xl)
var gamma0l = Gamma0l(xl, xh)
xh = W[i - 2 * 2]
xl = W[i - 2 * 2 + 1]
var gamma1 = Gamma1(xh, xl)
var gamma1l = Gamma1l(xl, xh)
// W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
var Wi7h = W[i - 7 * 2]
var Wi7l = W[i - 7 * 2 + 1]
var Wi16h = W[i - 16 * 2]
var Wi16l = W[i - 16 * 2 + 1]
var Wil = (gamma0l + Wi7l) | 0
var Wih = (gamma0 + Wi7h + getCarry(Wil, gamma0l)) | 0
Wil = (Wil + gamma1l) | 0
Wih = (Wih + gamma1 + getCarry(Wil, gamma1l)) | 0
Wil = (Wil + Wi16l) | 0
Wih = (Wih + Wi16h + getCarry(Wil, Wi16l)) | 0
W[i] = Wih
W[i + 1] = Wil
}
for (var j = 0; j < 160; j += 2) {
Wih = W[j]
Wil = W[j + 1]
var majh = maj(ah, bh, ch)
var majl = maj(al, bl, cl)
var sigma0h = sigma0(ah, al)
var sigma0l = sigma0(al, ah)
var sigma1h = sigma1(eh, el)
var sigma1l = sigma1(el, eh)
// t1 = h + sigma1 + ch + K[j] + W[j]
var Kih = K[j]
var Kil = K[j + 1]
var chh = Ch(eh, fh, gh)
var chl = Ch(el, fl, gl)
var t1l = (hl + sigma1l) | 0
var t1h = (hh + sigma1h + getCarry(t1l, hl)) | 0
t1l = (t1l + chl) | 0
t1h = (t1h + chh + getCarry(t1l, chl)) | 0
t1l = (t1l + Kil) | 0
t1h = (t1h + Kih + getCarry(t1l, Kil)) | 0
t1l = (t1l + Wil) | 0
t1h = (t1h + Wih + getCarry(t1l, Wil)) | 0
// t2 = sigma0 + maj
var t2l = (sigma0l + majl) | 0
var t2h = (sigma0h + majh + getCarry(t2l, sigma0l)) | 0
hh = gh
hl = gl
gh = fh
gl = fl
fh = eh
fl = el
el = (dl + t1l) | 0
eh = (dh + t1h + getCarry(el, dl)) | 0
dh = ch
dl = cl
ch = bh
cl = bl
bh = ah
bl = al
al = (t1l + t2l) | 0
ah = (t1h + t2h + getCarry(al, t1l)) | 0
}
this._al = (this._al + al) | 0
this._bl = (this._bl + bl) | 0
this._cl = (this._cl + cl) | 0
this._dl = (this._dl + dl) | 0
this._el = (this._el + el) | 0
this._fl = (this._fl + fl) | 0
this._gl = (this._gl + gl) | 0
this._hl = (this._hl + hl) | 0
this._ah = (this._ah + ah + getCarry(this._al, al)) | 0
this._bh = (this._bh + bh + getCarry(this._bl, bl)) | 0
this._ch = (this._ch + ch + getCarry(this._cl, cl)) | 0
this._dh = (this._dh + dh + getCarry(this._dl, dl)) | 0
this._eh = (this._eh + eh + getCarry(this._el, el)) | 0
this._fh = (this._fh + fh + getCarry(this._fl, fl)) | 0
this._gh = (this._gh + gh + getCarry(this._gl, gl)) | 0
this._hh = (this._hh + hh + getCarry(this._hl, hl)) | 0
}
Sha512.prototype._hash = function () {
var H = new Buffer(64)
function writeInt64BE (h, l, offset) {
H.writeInt32BE(h, offset)
H.writeInt32BE(l, offset + 4)
}
writeInt64BE(this._ah, this._al, 0)
writeInt64BE(this._bh, this._bl, 8)
writeInt64BE(this._ch, this._cl, 16)
writeInt64BE(this._dh, this._dl, 24)
writeInt64BE(this._eh, this._el, 32)
writeInt64BE(this._fh, this._fl, 40)
writeInt64BE(this._gh, this._gl, 48)
writeInt64BE(this._hh, this._hl, 56)
return H
}
module.exports = Sha512
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 27 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var Transform = __webpack_require__(28).Transform
var inherits = __webpack_require__(15)
var StringDecoder = __webpack_require__(37).StringDecoder
module.exports = CipherBase
inherits(CipherBase, Transform)
function CipherBase (hashMode) {
Transform.call(this)
this.hashMode = typeof hashMode === 'string'
if (this.hashMode) {
this[hashMode] = this._finalOrDigest
} else {
this.final = this._finalOrDigest
}
this._decoder = null
this._encoding = null
}
CipherBase.prototype.update = function (data, inputEnc, outputEnc) {
if (typeof data === 'string') {
data = new Buffer(data, inputEnc)
}
var outData = this._update(data)
if (this.hashMode) {
return this
}
if (outputEnc) {
outData = this._toString(outData, outputEnc)
}
return outData
}
CipherBase.prototype.setAutoPadding = function () {}
CipherBase.prototype.getAuthTag = function () {
throw new Error('trying to get auth tag in unsupported state')
}
CipherBase.prototype.setAuthTag = function () {
throw new Error('trying to set auth tag in unsupported state')
}
CipherBase.prototype.setAAD = function () {
throw new Error('trying to set aad in unsupported state')
}
CipherBase.prototype._transform = function (data, _, next) {
var err
try {
if (this.hashMode) {
this._update(data)
} else {
this.push(this._update(data))
}
} catch (e) {
err = e
} finally {
next(err)
}
}
CipherBase.prototype._flush = function (done) {
var err
try {
this.push(this._final())
} catch (e) {
err = e
} finally {
done(err)
}
}
CipherBase.prototype._finalOrDigest = function (outputEnc) {
var outData = this._final() || new Buffer('')
if (outputEnc) {
outData = this._toString(outData, outputEnc, true)
}
return outData
}
CipherBase.prototype._toString = function (value, enc, final) {
if (!this._decoder) {
this._decoder = new StringDecoder(enc)
this._encoding = enc
}
if (this._encoding !== enc) {
throw new Error('can\'t switch encodings')
}
var out = this._decoder.write(value)
if (final) {
out += this._decoder.end()
}
return out
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 28 */
/***/ function(module, exports, __webpack_require__) {
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
module.exports = Stream;
var EE = __webpack_require__(29).EventEmitter;
var inherits = __webpack_require__(15);
inherits(Stream, EE);
Stream.Readable = __webpack_require__(30);
Stream.Writable = __webpack_require__(40);
Stream.Duplex = __webpack_require__(41);
Stream.Transform = __webpack_require__(42);
Stream.PassThrough = __webpack_require__(43);
// Backwards-compat with node 0.4.x
Stream.Stream = Stream;
// old-style streams. Note that the pipe method (the only relevant
// part of this class) is overridden in the Readable class.
function Stream() {
EE.call(this);
}
Stream.prototype.pipe = function(dest, options) {
var source = this;
function ondata(chunk) {
if (dest.writable) {
if (false === dest.write(chunk) && source.pause) {
source.pause();
}
}
}
source.on('data', ondata);
function ondrain() {
if (source.readable && source.resume) {
source.resume();
}
}
dest.on('drain', ondrain);
// If the 'end' option is not supplied, dest.end() will be called when
// source gets the 'end' or 'close' events. Only dest.end() once.
if (!dest._isStdio && (!options || options.end !== false)) {
source.on('end', onend);
source.on('close', onclose);
}
var didOnEnd = false;
function onend() {
if (didOnEnd) return;
didOnEnd = true;
dest.end();
}
function onclose() {
if (didOnEnd) return;
didOnEnd = true;
if (typeof dest.destroy === 'function') dest.destroy();
}
// don't leave dangling pipes when there are errors.
function onerror(er) {
cleanup();
if (EE.listenerCount(this, 'error') === 0) {
throw er; // Unhandled stream error in pipe.
}
}
source.on('error', onerror);
dest.on('error', onerror);
// remove all the event listeners that were added.
function cleanup() {
source.removeListener('data', ondata);
dest.removeListener('drain', ondrain);
source.removeListener('end', onend);
source.removeListener('close', onclose);
source.removeListener('error', onerror);
dest.removeListener('error', onerror);
source.removeListener('end', cleanup);
source.removeListener('close', cleanup);
dest.removeListener('close', cleanup);
}
source.on('end', cleanup);
source.on('close', cleanup);
dest.on('close', cleanup);
dest.emit('pipe', source);
// Allow for unix-like usage: A.pipe(B).pipe(C)
return dest;
};
/***/ },
/* 29 */
/***/ function(module, exports) {
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
function EventEmitter() {
this._events = this._events || {};
this._maxListeners = this._maxListeners || undefined;
}
module.exports = EventEmitter;
// Backwards-compat with node 0.10.x
EventEmitter.EventEmitter = EventEmitter;
EventEmitter.prototype._events = undefined;
EventEmitter.prototype._maxListeners = undefined;
// By default EventEmitters will print a warning if more than 10 listeners are
// added to it. This is a useful default which helps finding memory leaks.
EventEmitter.defaultMaxListeners = 10;
// Obviously not all Emitters should be limited to 10. This function allows
// that to be increased. Set to zero for unlimited.
EventEmitter.prototype.setMaxListeners = function(n) {
if (!isNumber(n) || n < 0 || isNaN(n))
throw TypeError('n must be a positive number');
this._maxListeners = n;
return this;
};
EventEmitter.prototype.emit = function(type) {
var er, handler, len, args, i, listeners;
if (!this._events)
this._events = {};
// If there is no 'error' event listener then throw.
if (type === 'error') {
if (!this._events.error ||
(isObject(this._events.error) && !this._events.error.length)) {
er = arguments[1];
if (er instanceof Error) {
throw er; // Unhandled 'error' event
}
throw TypeError('Uncaught, unspecified "error" event.');
}
}
handler = this._events[type];
if (isUndefined(handler))
return false;
if (isFunction(handler)) {
switch (arguments.length) {
// fast cases
case 1:
handler.call(this);
break;
case 2:
handler.call(this, arguments[1]);
break;
case 3:
handler.call(this, arguments[1], arguments[2]);
break;
// slower
default:
args = Array.prototype.slice.call(arguments, 1);
handler.apply(this, args);
}
} else if (isObject(handler)) {
args = Array.prototype.slice.call(arguments, 1);
listeners = handler.slice();
len = listeners.length;
for (i = 0; i < len; i++)
listeners[i].apply(this, args);
}
return true;
};
EventEmitter.prototype.addListener = function(type, listener) {
var m;
if (!isFunction(listener))
throw TypeError('listener must be a function');
if (!this._events)
this._events = {};
// To avoid recursion in the case that type === "newListener"! Before
// adding it to the listeners, first emit "newListener".
if (this._events.newListener)
this.emit('newListener', type,
isFunction(listener.listener) ?
listener.listener : listener);
if (!this._events[type])
// Optimize the case of one listener. Don't need the extra array object.
this._events[type] = listener;
else if (isObject(this._events[type]))
// If we've already got an array, just append.
this._events[type].push(listener);
else
// Adding the second element, need to change to array.
this._events[type] = [this._events[type], listener];
// Check for listener leak
if (isObject(this._events[type]) && !this._events[type].warned) {
if (!isUndefined(this._maxListeners)) {
m = this._maxListeners;
} else {
m = EventEmitter.defaultMaxListeners;
}
if (m && m > 0 && this._events[type].length > m) {
this._events[type].warned = true;
console.error('(node) warning: possible EventEmitter memory ' +
'leak detected. %d listeners added. ' +
'Use emitter.setMaxListeners() to increase limit.',
this._events[type].length);
if (typeof console.trace === 'function') {
// not supported in IE 10
console.trace();
}
}
}
return this;
};
EventEmitter.prototype.on = EventEmitter.prototype.addListener;
EventEmitter.prototype.once = function(type, listener) {
if (!isFunction(listener))
throw TypeError('listener must be a function');
var fired = false;
function g() {
this.removeListener(type, g);
if (!fired) {
fired = true;
listener.apply(this, arguments);
}
}
g.listener = listener;
this.on(type, g);
return this;
};
// emits a 'removeListener' event iff the listener was removed
EventEmitter.prototype.removeListener = function(type, listener) {
var list, position, length, i;
if (!isFunction(listener))
throw TypeError('listener must be a function');
if (!this._events || !this._events[type])
return this;
list = this._events[type];
length = list.length;
position = -1;
if (list === listener ||
(isFunction(list.listener) && list.listener === listener)) {
delete this._events[type];
if (this._events.removeListener)
this.emit('removeListener', type, listener);
} else if (isObject(list)) {
for (i = length; i-- > 0;) {
if (list[i] === listener ||
(list[i].listener && list[i].listener === listener)) {
position = i;
break;
}
}
if (position < 0)
return this;
if (list.length === 1) {
list.length = 0;
delete this._events[type];
} else {
list.splice(position, 1);
}
if (this._events.removeListener)
this.emit('removeListener', type, listener);
}
return this;
};
EventEmitter.prototype.removeAllListeners = function(type) {
var key, listeners;
if (!this._events)
return this;
// not listening for removeListener, no need to emit
if (!this._events.removeListener) {
if (arguments.length === 0)
this._events = {};
else if (this._events[type])
delete this._events[type];
return this;
}
// emit removeListener for all listeners on all events
if (arguments.length === 0) {
for (key in this._events) {
if (key === 'removeListener') continue;
this.removeAllListeners(key);
}
this.removeAllListeners('removeListener');
this._events = {};
return this;
}
listeners = this._events[type];
if (isFunction(listeners)) {
this.removeListener(type, listeners);
} else if (listeners) {
// LIFO order
while (listeners.length)
this.removeListener(type, listeners[listeners.length - 1]);
}
delete this._events[type];
return this;
};
EventEmitter.prototype.listeners = function(type) {
var ret;
if (!this._events || !this._events[type])
ret = [];
else if (isFunction(this._events[type]))
ret = [this._events[type]];
else
ret = this._events[type].slice();
return ret;
};
EventEmitter.prototype.listenerCount = function(type) {
if (this._events) {
var evlistener = this._events[type];
if (isFunction(evlistener))
return 1;
else if (evlistener)
return evlistener.length;
}
return 0;
};
EventEmitter.listenerCount = function(emitter, type) {
return emitter.listenerCount(type);
};
function isFunction(arg) {
return typeof arg === 'function';
}
function isNumber(arg) {
return typeof arg === 'number';
}
function isObject(arg) {
return typeof arg === 'object' && arg !== null;
}
function isUndefined(arg) {
return arg === void 0;
}
/***/ },
/* 30 */
/***/ function(module, exports, __webpack_require__) {
exports = module.exports = __webpack_require__(31);
exports.Stream = __webpack_require__(28);
exports.Readable = exports;
exports.Writable = __webpack_require__(36);
exports.Duplex = __webpack_require__(35);
exports.Transform = __webpack_require__(38);
exports.PassThrough = __webpack_require__(39);
/***/ },
/* 31 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(process) {// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
module.exports = Readable;
/*<replacement>*/
var isArray = __webpack_require__(32);
/*</replacement>*/
/*<replacement>*/
var Buffer = __webpack_require__(1).Buffer;
/*</replacement>*/
Readable.ReadableState = ReadableState;
var EE = __webpack_require__(29).EventEmitter;
/*<replacement>*/
if (!EE.listenerCount) EE.listenerCount = function(emitter, type) {
return emitter.listeners(type).length;
};
/*</replacement>*/
var Stream = __webpack_require__(28);
/*<replacement>*/
var util = __webpack_require__(33);
util.inherits = __webpack_require__(15);
/*</replacement>*/
var StringDecoder;
/*<replacement>*/
var debug = __webpack_require__(34);
if (debug && debug.debuglog) {
debug = debug.debuglog('stream');
} else {
debug = function () {};
}
/*</replacement>*/
util.inherits(Readable, Stream);
function ReadableState(options, stream) {
var Duplex = __webpack_require__(35);
options = options || {};
// the point at which it stops calling _read() to fill the buffer
// Note: 0 is a valid value, means "don't call _read preemptively ever"
var hwm = options.highWaterMark;
var defaultHwm = options.objectMode ? 16 : 16 * 1024;
this.highWaterMark = (hwm || hwm === 0) ? hwm : defaultHwm;
// cast to ints.
this.highWaterMark = ~~this.highWaterMark;
this.buffer = [];
this.length = 0;
this.pipes = null;
this.pipesCount = 0;
this.flowing = null;
this.ended = false;
this.endEmitted = false;
this.reading = false;
// a flag to be able to tell if the onwrite cb is called immediately,
// or on a later tick. We set this to true at first, because any
// actions that shouldn't happen until "later" should generally also
// not happen before the first write call.
this.sync = true;
// whenever we return null, then we set a flag to say
// that we're awaiting a 'readable' event emission.
this.needReadable = false;
this.emittedReadable = false;
this.readableListening = false;
// object stream flag. Used to make read(n) ignore n and to
// make all the buffer merging and length checks go away
this.objectMode = !!options.objectMode;
if (stream instanceof Duplex)
this.objectMode = this.objectMode || !!options.readableObjectMode;
// Crypto is kind of old and crusty. Historically, its default string
// encoding is 'binary' so we have to make this configurable.
// Everything else in the universe uses 'utf8', though.
this.defaultEncoding = options.defaultEncoding || 'utf8';
// when piping, we only care about 'readable' events that happen
// after read()ing all the bytes and not getting any pushback.
this.ranOut = false;
// the number of writers that are awaiting a drain event in .pipe()s
this.awaitDrain = 0;
// if true, a maybeReadMore has been scheduled
this.readingMore = false;
this.decoder = null;
this.encoding = null;
if (options.encoding) {
if (!StringDecoder)
StringDecoder = __webpack_require__(37).StringDecoder;
this.decoder = new StringDecoder(options.encoding);
this.encoding = options.encoding;
}
}
function Readable(options) {
var Duplex = __webpack_require__(35);
if (!(this instanceof Readable))
return new Readable(options);
this._readableState = new ReadableState(options, this);
// legacy
this.readable = true;
Stream.call(this);
}
// Manually shove something into the read() buffer.
// This returns true if the highWaterMark has not been hit yet,
// similar to how Writable.write() returns true if you should
// write() some more.
Readable.prototype.push = function(chunk, encoding) {
var state = this._readableState;
if (util.isString(chunk) && !state.objectMode) {
encoding = encoding || state.defaultEncoding;
if (encoding !== state.encoding) {
chunk = new Buffer(chunk, encoding);
encoding = '';
}
}
return readableAddChunk(this, state, chunk, encoding, false);
};
// Unshift should *always* be something directly out of read()
Readable.prototype.unshift = function(chunk) {
var state = this._readableState;
return readableAddChunk(this, state, chunk, '', true);
};
function readableAddChunk(stream, state, chunk, encoding, addToFront) {
var er = chunkInvalid(state, chunk);
if (er) {
stream.emit('error', er);
} else if (util.isNullOrUndefined(chunk)) {
state.reading = false;
if (!state.ended)
onEofChunk(stream, state);
} else if (state.objectMode || chunk && chunk.length > 0) {
if (state.ended && !addToFront) {
var e = new Error('stream.push() after EOF');
stream.emit('error', e);
} else if (state.endEmitted && addToFront) {
var e = new Error('stream.unshift() after end event');
stream.emit('error', e);
} else {
if (state.decoder && !addToFront && !encoding)
chunk = state.decoder.write(chunk);
if (!addToFront)
state.reading = false;
// if we want the data now, just emit it.
if (state.flowing && state.length === 0 && !state.sync) {
stream.emit('data', chunk);
stream.read(0);
} else {
// update the buffer info.
state.length += state.objectMode ? 1 : chunk.length;
if (addToFront)
state.buffer.unshift(chunk);
else
state.buffer.push(chunk);
if (state.needReadable)
emitReadable(stream);
}
maybeReadMore(stream, state);
}
} else if (!addToFront) {
state.reading = false;
}
return needMoreData(state);
}
// if it's past the high water mark, we can push in some more.
// Also, if we have no data yet, we can stand some
// more bytes. This is to work around cases where hwm=0,
// such as the repl. Also, if the push() triggered a
// readable event, and the user called read(largeNumber) such that
// needReadable was set, then we ought to push more, so that another
// 'readable' event will be triggered.
function needMoreData(state) {
return !state.ended &&
(state.needReadable ||
state.length < state.highWaterMark ||
state.length === 0);
}
// backwards compatibility.
Readable.prototype.setEncoding = function(enc) {
if (!StringDecoder)
StringDecoder = __webpack_require__(37).StringDecoder;
this._readableState.decoder = new StringDecoder(enc);
this._readableState.encoding = enc;
return this;
};
// Don't raise the hwm > 128MB
var MAX_HWM = 0x800000;
function roundUpToNextPowerOf2(n) {
if (n >= MAX_HWM) {
n = MAX_HWM;
} else {
// Get the next highest power of 2
n--;
for (var p = 1; p < 32; p <<= 1) n |= n >> p;
n++;
}
return n;
}
function howMuchToRead(n, state) {
if (state.length === 0 && state.ended)
return 0;
if (state.objectMode)
return n === 0 ? 0 : 1;
if (isNaN(n) || util.isNull(n)) {
// only flow one buffer at a time
if (state.flowing && state.buffer.length)
return state.buffer[0].length;
else
return state.length;
}
if (n <= 0)
return 0;
// If we're asking for more than the target buffer level,
// then raise the water mark. Bump up to the next highest
// power of 2, to prevent increasing it excessively in tiny
// amounts.
if (n > state.highWaterMark)
state.highWaterMark = roundUpToNextPowerOf2(n);
// don't have that much. return null, unless we've ended.
if (n > state.length) {
if (!state.ended) {
state.needReadable = true;
return 0;
} else
return state.length;
}
return n;
}
// you can override either this method, or the async _read(n) below.
Readable.prototype.read = function(n) {
debug('read', n);
var state = this._readableState;
var nOrig = n;
if (!util.isNumber(n) || n > 0)
state.emittedReadable = false;
// if we're doing read(0) to trigger a readable event, but we
// already have a bunch of data in the buffer, then just trigger
// the 'readable' event and move on.
if (n === 0 &&
state.needReadable &&
(state.length >= state.highWaterMark || state.ended)) {
debug('read: emitReadable', state.length, state.ended);
if (state.length === 0 && state.ended)
endReadable(this);
else
emitReadable(this);
return null;
}
n = howMuchToRead(n, state);
// if we've ended, and we're now clear, then finish it up.
if (n === 0 && state.ended) {
if (state.length === 0)
endReadable(this);
return null;
}
// All the actual chunk generation logic needs to be
// *below* the call to _read. The reason is that in certain
// synthetic stream cases, such as passthrough streams, _read
// may be a completely synchronous operation which may change
// the state of the read buffer, providing enough data when
// before there was *not* enough.
//
// So, the steps are:
// 1. Figure out what the state of things will be after we do
// a read from the buffer.
//
// 2. If that resulting state will trigger a _read, then call _read.
// Note that this may be asynchronous, or synchronous. Yes, it is
// deeply ugly to write APIs this way, but that still doesn't mean
// that the Readable class should behave improperly, as streams are
// designed to be sync/async agnostic.
// Take note if the _read call is sync or async (ie, if the read call
// has returned yet), so that we know whether or not it's safe to emit
// 'readable' etc.
//
// 3. Actually pull the requested chunks out of the buffer and return.
// if we need a readable event, then we need to do some reading.
var doRead = state.needReadable;
debug('need readable', doRead);
// if we currently have less than the highWaterMark, then also read some
if (state.length === 0 || state.length - n < state.highWaterMark) {
doRead = true;
debug('length less than watermark', doRead);
}
// however, if we've ended, then there's no point, and if we're already
// reading, then it's unnecessary.
if (state.ended || state.reading) {
doRead = false;
debug('reading or ended', doRead);
}
if (doRead) {
debug('do read');
state.reading = true;
state.sync = true;
// if the length is currently zero, then we *need* a readable event.
if (state.length === 0)
state.needReadable = true;
// call internal read method
this._read(state.highWaterMark);
state.sync = false;
}
// If _read pushed data synchronously, then `reading` will be false,
// and we need to re-evaluate how much data we can return to the user.
if (doRead && !state.reading)
n = howMuchToRead(nOrig, state);
var ret;
if (n > 0)
ret = fromList(n, state);
else
ret = null;
if (util.isNull(ret)) {
state.needReadable = true;
n = 0;
}
state.length -= n;
// If we have nothing in the buffer, then we want to know
// as soon as we *do* get something into the buffer.
if (state.length === 0 && !state.ended)
state.needReadable = true;
// If we tried to read() past the EOF, then emit end on the next tick.
if (nOrig !== n && state.ended && state.length === 0)
endReadable(this);
if (!util.isNull(ret))
this.emit('data', ret);
return ret;
};
function chunkInvalid(state, chunk) {
var er = null;
if (!util.isBuffer(chunk) &&
!util.isString(chunk) &&
!util.isNullOrUndefined(chunk) &&
!state.objectMode) {
er = new TypeError('Invalid non-string/buffer chunk');
}
return er;
}
function onEofChunk(stream, state) {
if (state.decoder && !state.ended) {
var chunk = state.decoder.end();
if (chunk && chunk.length) {
state.buffer.push(chunk);
state.length += state.objectMode ? 1 : chunk.length;
}
}
state.ended = true;
// emit 'readable' now to make sure it gets picked up.
emitReadable(stream);
}
// Don't emit readable right away in sync mode, because this can trigger
// another read() call => stack overflow. This way, it might trigger
// a nextTick recursion warning, but that's not so bad.
function emitReadable(stream) {
var state = stream._readableState;
state.needReadable = false;
if (!state.emittedReadable) {
debug('emitReadable', state.flowing);
state.emittedReadable = true;
if (state.sync)
process.nextTick(function() {
emitReadable_(stream);
});
else
emitReadable_(stream);
}
}
function emitReadable_(stream) {
debug('emit readable');
stream.emit('readable');
flow(stream);
}
// at this point, the user has presumably seen the 'readable' event,
// and called read() to consume some data. that may have triggered
// in turn another _read(n) call, in which case reading = true if
// it's in progress.
// However, if we're not ended, or reading, and the length < hwm,
// then go ahead and try to read some more preemptively.
function maybeReadMore(stream, state) {
if (!state.readingMore) {
state.readingMore = true;
process.nextTick(function() {
maybeReadMore_(stream, state);
});
}
}
function maybeReadMore_(stream, state) {
var len = state.length;
while (!state.reading && !state.flowing && !state.ended &&
state.length < state.highWaterMark) {
debug('maybeReadMore read 0');
stream.read(0);
if (len === state.length)
// didn't get any data, stop spinning.
break;
else
len = state.length;
}
state.readingMore = false;
}
// abstract method. to be overridden in specific implementation classes.
// call cb(er, data) where data is <= n in length.
// for virtual (non-string, non-buffer) streams, "length" is somewhat
// arbitrary, and perhaps not very meaningful.
Readable.prototype._read = function(n) {
this.emit('error', new Error('not implemented'));
};
Readable.prototype.pipe = function(dest, pipeOpts) {
var src = this;
var state = this._readableState;
switch (state.pipesCount) {
case 0:
state.pipes = dest;
break;
case 1:
state.pipes = [state.pipes, dest];
break;
default:
state.pipes.push(dest);
break;
}
state.pipesCount += 1;
debug('pipe count=%d opts=%j', state.pipesCount, pipeOpts);
var doEnd = (!pipeOpts || pipeOpts.end !== false) &&
dest !== process.stdout &&
dest !== process.stderr;
var endFn = doEnd ? onend : cleanup;
if (state.endEmitted)
process.nextTick(endFn);
else
src.once('end', endFn);
dest.on('unpipe', onunpipe);
function onunpipe(readable) {
debug('onunpipe');
if (readable === src) {
cleanup();
}
}
function onend() {
debug('onend');
dest.end();
}
// when the dest drains, it reduces the awaitDrain counter
// on the source. This would be more elegant with a .once()
// handler in flow(), but adding and removing repeatedly is
// too slow.
var ondrain = pipeOnDrain(src);
dest.on('drain', ondrain);
function cleanup() {
debug('cleanup');
// cleanup event handlers once the pipe is broken
dest.removeListener('close', onclose);
dest.removeListener('finish', onfinish);
dest.removeListener('drain', ondrain);
dest.removeListener('error', onerror);
dest.removeListener('unpipe', onunpipe);
src.removeListener('end', onend);
src.removeListener('end', cleanup);
src.removeListener('data', ondata);
// if the reader is waiting for a drain event from this
// specific writer, then it would cause it to never start
// flowing again.
// So, if this is awaiting a drain, then we just call it now.
// If we don't know, then assume that we are waiting for one.
if (state.awaitDrain &&
(!dest._writableState || dest._writableState.needDrain))
ondrain();
}
src.on('data', ondata);
function ondata(chunk) {
debug('ondata');
var ret = dest.write(chunk);
if (false === ret) {
debug('false write response, pause',
src._readableState.awaitDrain);
src._readableState.awaitDrain++;
src.pause();
}
}
// if the dest has an error, then stop piping into it.
// however, don't suppress the throwing behavior for this.
function onerror(er) {
debug('onerror', er);
unpipe();
dest.removeListener('error', onerror);
if (EE.listenerCount(dest, 'error') === 0)
dest.emit('error', er);
}
// This is a brutally ugly hack to make sure that our error handler
// is attached before any userland ones. NEVER DO THIS.
if (!dest._events || !dest._events.error)
dest.on('error', onerror);
else if (isArray(dest._events.error))
dest._events.error.unshift(onerror);
else
dest._events.error = [onerror, dest._events.error];
// Both close and finish should trigger unpipe, but only once.
function onclose() {
dest.removeListener('finish', onfinish);
unpipe();
}
dest.once('close', onclose);
function onfinish() {
debug('onfinish');
dest.removeListener('close', onclose);
unpipe();
}
dest.once('finish', onfinish);
function unpipe() {
debug('unpipe');
src.unpipe(dest);
}
// tell the dest that it's being piped to
dest.emit('pipe', src);
// start the flow if it hasn't been started already.
if (!state.flowing) {
debug('pipe resume');
src.resume();
}
return dest;
};
function pipeOnDrain(src) {
return function() {
var state = src._readableState;
debug('pipeOnDrain', state.awaitDrain);
if (state.awaitDrain)
state.awaitDrain--;
if (state.awaitDrain === 0 && EE.listenerCount(src, 'data')) {
state.flowing = true;
flow(src);
}
};
}
Readable.prototype.unpipe = function(dest) {
var state = this._readableState;
// if we're not piping anywhere, then do nothing.
if (state.pipesCount === 0)
return this;
// just one destination. most common case.
if (state.pipesCount === 1) {
// passed in one, but it's not the right one.
if (dest && dest !== state.pipes)
return this;
if (!dest)
dest = state.pipes;
// got a match.
state.pipes = null;
state.pipesCount = 0;
state.flowing = false;
if (dest)
dest.emit('unpipe', this);
return this;
}
// slow case. multiple pipe destinations.
if (!dest) {
// remove all.
var dests = state.pipes;
var len = state.pipesCount;
state.pipes = null;
state.pipesCount = 0;
state.flowing = false;
for (var i = 0; i < len; i++)
dests[i].emit('unpipe', this);
return this;
}
// try to find the right one.
var i = indexOf(state.pipes, dest);
if (i === -1)
return this;
state.pipes.splice(i, 1);
state.pipesCount -= 1;
if (state.pipesCount === 1)
state.pipes = state.pipes[0];
dest.emit('unpipe', this);
return this;
};
// set up data events if they are asked for
// Ensure readable listeners eventually get something
Readable.prototype.on = function(ev, fn) {
var res = Stream.prototype.on.call(this, ev, fn);
// If listening to data, and it has not explicitly been paused,
// then call resume to start the flow of data on the next tick.
if (ev === 'data' && false !== this._readableState.flowing) {
this.resume();
}
if (ev === 'readable' && this.readable) {
var state = this._readableState;
if (!state.readableListening) {
state.readableListening = true;
state.emittedReadable = false;
state.needReadable = true;
if (!state.reading) {
var self = this;
process.nextTick(function() {
debug('readable nexttick read 0');
self.read(0);
});
} else if (state.length) {
emitReadable(this, state);
}
}
}
return res;
};
Readable.prototype.addListener = Readable.prototype.on;
// pause() and resume() are remnants of the legacy readable stream API
// If the user uses them, then switch into old mode.
Readable.prototype.resume = function() {
var state = this._readableState;
if (!state.flowing) {
debug('resume');
state.flowing = true;
if (!state.reading) {
debug('resume read 0');
this.read(0);
}
resume(this, state);
}
return this;
};
function resume(stream, state) {
if (!state.resumeScheduled) {
state.resumeScheduled = true;
process.nextTick(function() {
resume_(stream, state);
});
}
}
function resume_(stream, state) {
state.resumeScheduled = false;
stream.emit('resume');
flow(stream);
if (state.flowing && !state.reading)
stream.read(0);
}
Readable.prototype.pause = function() {
debug('call pause flowing=%j', this._readableState.flowing);
if (false !== this._readableState.flowing) {
debug('pause');
this._readableState.flowing = false;
this.emit('pause');
}
return this;
};
function flow(stream) {
var state = stream._readableState;
debug('flow', state.flowing);
if (state.flowing) {
do {
var chunk = stream.read();
} while (null !== chunk && state.flowing);
}
}
// wrap an old-style stream as the async data source.
// This is *not* part of the readable stream interface.
// It is an ugly unfortunate mess of history.
Readable.prototype.wrap = function(stream) {
var state = this._readableState;
var paused = false;
var self = this;
stream.on('end', function() {
debug('wrapped end');
if (state.decoder && !state.ended) {
var chunk = state.decoder.end();
if (chunk && chunk.length)
self.push(chunk);
}
self.push(null);
});
stream.on('data', function(chunk) {
debug('wrapped data');
if (state.decoder)
chunk = state.decoder.write(chunk);
if (!chunk || !state.objectMode && !chunk.length)
return;
var ret = self.push(chunk);
if (!ret) {
paused = true;
stream.pause();
}
});
// proxy all the other methods.
// important when wrapping filters and duplexes.
for (var i in stream) {
if (util.isFunction(stream[i]) && util.isUndefined(this[i])) {
this[i] = function(method) { return function() {
return stream[method].apply(stream, arguments);
}}(i);
}
}
// proxy certain important events.
var events = ['error', 'close', 'destroy', 'pause', 'resume'];
forEach(events, function(ev) {
stream.on(ev, self.emit.bind(self, ev));
});
// when we try to consume some more bytes, simply unpause the
// underlying stream.
self._read = function(n) {
debug('wrapped _read', n);
if (paused) {
paused = false;
stream.resume();
}
};
return self;
};
// exposed for testing purposes only.
Readable._fromList = fromList;
// Pluck off n bytes from an array of buffers.
// Length is the combined lengths of all the buffers in the list.
function fromList(n, state) {
var list = state.buffer;
var length = state.length;
var stringMode = !!state.decoder;
var objectMode = !!state.objectMode;
var ret;
// nothing in the list, definitely empty.
if (list.length === 0)
return null;
if (length === 0)
ret = null;
else if (objectMode)
ret = list.shift();
else if (!n || n >= length) {
// read it all, truncate the array.
if (stringMode)
ret = list.join('');
else
ret = Buffer.concat(list, length);
list.length = 0;
} else {
// read just some of it.
if (n < list[0].length) {
// just take a part of the first list item.
// slice is the same for buffers and strings.
var buf = list[0];
ret = buf.slice(0, n);
list[0] = buf.slice(n);
} else if (n === list[0].length) {
// first list is a perfect match
ret = list.shift();
} else {
// complex case.
// we have enough to cover it, but it spans past the first buffer.
if (stringMode)
ret = '';
else
ret = new Buffer(n);
var c = 0;
for (var i = 0, l = list.length; i < l && c < n; i++) {
var buf = list[0];
var cpy = Math.min(n - c, buf.length);
if (stringMode)
ret += buf.slice(0, cpy);
else
buf.copy(ret, c, 0, cpy);
if (cpy < buf.length)
list[0] = buf.slice(cpy);
else
list.shift();
c += cpy;
}
}
}
return ret;
}
function endReadable(stream) {
var state = stream._readableState;
// If we get here before consuming all the bytes, then that is a
// bug in node. Should never happen.
if (state.length > 0)
throw new Error('endReadable called on non-empty stream');
if (!state.endEmitted) {
state.ended = true;
process.nextTick(function() {
// Check that we didn't get one last unshift.
if (!state.endEmitted && state.length === 0) {
state.endEmitted = true;
stream.readable = false;
stream.emit('end');
}
});
}
}
function forEach (xs, f) {
for (var i = 0, l = xs.length; i < l; i++) {
f(xs[i], i);
}
}
function indexOf (xs, x) {
for (var i = 0, l = xs.length; i < l; i++) {
if (xs[i] === x) return i;
}
return -1;
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(13)))
/***/ },
/* 32 */
/***/ function(module, exports) {
module.exports = Array.isArray || function (arr) {
return Object.prototype.toString.call(arr) == '[object Array]';
};
/***/ },
/* 33 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// NOTE: These type checking functions intentionally don't use `instanceof`
// because it is fragile and can be easily faked with `Object.create()`.
function isArray(arg) {
if (Array.isArray) {
return Array.isArray(arg);
}
return objectToString(arg) === '[object Array]';
}
exports.isArray = isArray;
function isBoolean(arg) {
return typeof arg === 'boolean';
}
exports.isBoolean = isBoolean;
function isNull(arg) {
return arg === null;
}
exports.isNull = isNull;
function isNullOrUndefined(arg) {
return arg == null;
}
exports.isNullOrUndefined = isNullOrUndefined;
function isNumber(arg) {
return typeof arg === 'number';
}
exports.isNumber = isNumber;
function isString(arg) {
return typeof arg === 'string';
}
exports.isString = isString;
function isSymbol(arg) {
return typeof arg === 'symbol';
}
exports.isSymbol = isSymbol;
function isUndefined(arg) {
return arg === void 0;
}
exports.isUndefined = isUndefined;
function isRegExp(re) {
return objectToString(re) === '[object RegExp]';
}
exports.isRegExp = isRegExp;
function isObject(arg) {
return typeof arg === 'object' && arg !== null;
}
exports.isObject = isObject;
function isDate(d) {
return objectToString(d) === '[object Date]';
}
exports.isDate = isDate;
function isError(e) {
return (objectToString(e) === '[object Error]' || e instanceof Error);
}
exports.isError = isError;
function isFunction(arg) {
return typeof arg === 'function';
}
exports.isFunction = isFunction;
function isPrimitive(arg) {
return arg === null ||
typeof arg === 'boolean' ||
typeof arg === 'number' ||
typeof arg === 'string' ||
typeof arg === 'symbol' || // ES6 symbol
typeof arg === 'undefined';
}
exports.isPrimitive = isPrimitive;
exports.isBuffer = Buffer.isBuffer;
function objectToString(o) {
return Object.prototype.toString.call(o);
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 34 */
/***/ function(module, exports) {
/* (ignored) */
/***/ },
/* 35 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(process) {// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// a duplex stream is just a stream that is both readable and writable.
// Since JS doesn't have multiple prototypal inheritance, this class
// prototypally inherits from Readable, and then parasitically from
// Writable.
module.exports = Duplex;
/*<replacement>*/
var objectKeys = Object.keys || function (obj) {
var keys = [];
for (var key in obj) keys.push(key);
return keys;
}
/*</replacement>*/
/*<replacement>*/
var util = __webpack_require__(33);
util.inherits = __webpack_require__(15);
/*</replacement>*/
var Readable = __webpack_require__(31);
var Writable = __webpack_require__(36);
util.inherits(Duplex, Readable);
forEach(objectKeys(Writable.prototype), function(method) {
if (!Duplex.prototype[method])
Duplex.prototype[method] = Writable.prototype[method];
});
function Duplex(options) {
if (!(this instanceof Duplex))
return new Duplex(options);
Readable.call(this, options);
Writable.call(this, options);
if (options && options.readable === false)
this.readable = false;
if (options && options.writable === false)
this.writable = false;
this.allowHalfOpen = true;
if (options && options.allowHalfOpen === false)
this.allowHalfOpen = false;
this.once('end', onend);
}
// the no-half-open enforcer
function onend() {
// if we allow half-open state, or if the writable side ended,
// then we're ok.
if (this.allowHalfOpen || this._writableState.ended)
return;
// no more data can be written.
// But allow more writes to happen in this tick.
process.nextTick(this.end.bind(this));
}
function forEach (xs, f) {
for (var i = 0, l = xs.length; i < l; i++) {
f(xs[i], i);
}
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(13)))
/***/ },
/* 36 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(process) {// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// A bit simpler than readable streams.
// Implement an async ._write(chunk, cb), and it'll handle all
// the drain event emission and buffering.
module.exports = Writable;
/*<replacement>*/
var Buffer = __webpack_require__(1).Buffer;
/*</replacement>*/
Writable.WritableState = WritableState;
/*<replacement>*/
var util = __webpack_require__(33);
util.inherits = __webpack_require__(15);
/*</replacement>*/
var Stream = __webpack_require__(28);
util.inherits(Writable, Stream);
function WriteReq(chunk, encoding, cb) {
this.chunk = chunk;
this.encoding = encoding;
this.callback = cb;
}
function WritableState(options, stream) {
var Duplex = __webpack_require__(35);
options = options || {};
// the point at which write() starts returning false
// Note: 0 is a valid value, means that we always return false if
// the entire buffer is not flushed immediately on write()
var hwm = options.highWaterMark;
var defaultHwm = options.objectMode ? 16 : 16 * 1024;
this.highWaterMark = (hwm || hwm === 0) ? hwm : defaultHwm;
// object stream flag to indicate whether or not this stream
// contains buffers or objects.
this.objectMode = !!options.objectMode;
if (stream instanceof Duplex)
this.objectMode = this.objectMode || !!options.writableObjectMode;
// cast to ints.
this.highWaterMark = ~~this.highWaterMark;
this.needDrain = false;
// at the start of calling end()
this.ending = false;
// when end() has been called, and returned
this.ended = false;
// when 'finish' is emitted
this.finished = false;
// should we decode strings into buffers before passing to _write?
// this is here so that some node-core streams can optimize string
// handling at a lower level.
var noDecode = options.decodeStrings === false;
this.decodeStrings = !noDecode;
// Crypto is kind of old and crusty. Historically, its default string
// encoding is 'binary' so we have to make this configurable.
// Everything else in the universe uses 'utf8', though.
this.defaultEncoding = options.defaultEncoding || 'utf8';
// not an actual buffer we keep track of, but a measurement
// of how much we're waiting to get pushed to some underlying
// socket or file.
this.length = 0;
// a flag to see when we're in the middle of a write.
this.writing = false;
// when true all writes will be buffered until .uncork() call
this.corked = 0;
// a flag to be able to tell if the onwrite cb is called immediately,
// or on a later tick. We set this to true at first, because any
// actions that shouldn't happen until "later" should generally also
// not happen before the first write call.
this.sync = true;
// a flag to know if we're processing previously buffered items, which
// may call the _write() callback in the same tick, so that we don't
// end up in an overlapped onwrite situation.
this.bufferProcessing = false;
// the callback that's passed to _write(chunk,cb)
this.onwrite = function(er) {
onwrite(stream, er);
};
// the callback that the user supplies to write(chunk,encoding,cb)
this.writecb = null;
// the amount that is being written when _write is called.
this.writelen = 0;
this.buffer = [];
// number of pending user-supplied write callbacks
// this must be 0 before 'finish' can be emitted
this.pendingcb = 0;
// emit prefinish if the only thing we're waiting for is _write cbs
// This is relevant for synchronous Transform streams
this.prefinished = false;
// True if the error was already emitted and should not be thrown again
this.errorEmitted = false;
}
function Writable(options) {
var Duplex = __webpack_require__(35);
// Writable ctor is applied to Duplexes, though they're not
// instanceof Writable, they're instanceof Readable.
if (!(this instanceof Writable) && !(this instanceof Duplex))
return new Writable(options);
this._writableState = new WritableState(options, this);
// legacy.
this.writable = true;
Stream.call(this);
}
// Otherwise people can pipe Writable streams, which is just wrong.
Writable.prototype.pipe = function() {
this.emit('error', new Error('Cannot pipe. Not readable.'));
};
function writeAfterEnd(stream, state, cb) {
var er = new Error('write after end');
// TODO: defer error events consistently everywhere, not just the cb
stream.emit('error', er);
process.nextTick(function() {
cb(er);
});
}
// If we get something that is not a buffer, string, null, or undefined,
// and we're not in objectMode, then that's an error.
// Otherwise stream chunks are all considered to be of length=1, and the
// watermarks determine how many objects to keep in the buffer, rather than
// how many bytes or characters.
function validChunk(stream, state, chunk, cb) {
var valid = true;
if (!util.isBuffer(chunk) &&
!util.isString(chunk) &&
!util.isNullOrUndefined(chunk) &&
!state.objectMode) {
var er = new TypeError('Invalid non-string/buffer chunk');
stream.emit('error', er);
process.nextTick(function() {
cb(er);
});
valid = false;
}
return valid;
}
Writable.prototype.write = function(chunk, encoding, cb) {
var state = this._writableState;
var ret = false;
if (util.isFunction(encoding)) {
cb = encoding;
encoding = null;
}
if (util.isBuffer(chunk))
encoding = 'buffer';
else if (!encoding)
encoding = state.defaultEncoding;
if (!util.isFunction(cb))
cb = function() {};
if (state.ended)
writeAfterEnd(this, state, cb);
else if (validChunk(this, state, chunk, cb)) {
state.pendingcb++;
ret = writeOrBuffer(this, state, chunk, encoding, cb);
}
return ret;
};
Writable.prototype.cork = function() {
var state = this._writableState;
state.corked++;
};
Writable.prototype.uncork = function() {
var state = this._writableState;
if (state.corked) {
state.corked--;
if (!state.writing &&
!state.corked &&
!state.finished &&
!state.bufferProcessing &&
state.buffer.length)
clearBuffer(this, state);
}
};
function decodeChunk(state, chunk, encoding) {
if (!state.objectMode &&
state.decodeStrings !== false &&
util.isString(chunk)) {
chunk = new Buffer(chunk, encoding);
}
return chunk;
}
// if we're already writing something, then just put this
// in the queue, and wait our turn. Otherwise, call _write
// If we return false, then we need a drain event, so set that flag.
function writeOrBuffer(stream, state, chunk, encoding, cb) {
chunk = decodeChunk(state, chunk, encoding);
if (util.isBuffer(chunk))
encoding = 'buffer';
var len = state.objectMode ? 1 : chunk.length;
state.length += len;
var ret = state.length < state.highWaterMark;
// we must ensure that previous needDrain will not be reset to false.
if (!ret)
state.needDrain = true;
if (state.writing || state.corked)
state.buffer.push(new WriteReq(chunk, encoding, cb));
else
doWrite(stream, state, false, len, chunk, encoding, cb);
return ret;
}
function doWrite(stream, state, writev, len, chunk, encoding, cb) {
state.writelen = len;
state.writecb = cb;
state.writing = true;
state.sync = true;
if (writev)
stream._writev(chunk, state.onwrite);
else
stream._write(chunk, encoding, state.onwrite);
state.sync = false;
}
function onwriteError(stream, state, sync, er, cb) {
if (sync)
process.nextTick(function() {
state.pendingcb--;
cb(er);
});
else {
state.pendingcb--;
cb(er);
}
stream._writableState.errorEmitted = true;
stream.emit('error', er);
}
function onwriteStateUpdate(state) {
state.writing = false;
state.writecb = null;
state.length -= state.writelen;
state.writelen = 0;
}
function onwrite(stream, er) {
var state = stream._writableState;
var sync = state.sync;
var cb = state.writecb;
onwriteStateUpdate(state);
if (er)
onwriteError(stream, state, sync, er, cb);
else {
// Check if we're actually ready to finish, but don't emit yet
var finished = needFinish(stream, state);
if (!finished &&
!state.corked &&
!state.bufferProcessing &&
state.buffer.length) {
clearBuffer(stream, state);
}
if (sync) {
process.nextTick(function() {
afterWrite(stream, state, finished, cb);
});
} else {
afterWrite(stream, state, finished, cb);
}
}
}
function afterWrite(stream, state, finished, cb) {
if (!finished)
onwriteDrain(stream, state);
state.pendingcb--;
cb();
finishMaybe(stream, state);
}
// Must force callback to be called on nextTick, so that we don't
// emit 'drain' before the write() consumer gets the 'false' return
// value, and has a chance to attach a 'drain' listener.
function onwriteDrain(stream, state) {
if (state.length === 0 && state.needDrain) {
state.needDrain = false;
stream.emit('drain');
}
}
// if there's something in the buffer waiting, then process it
function clearBuffer(stream, state) {
state.bufferProcessing = true;
if (stream._writev && state.buffer.length > 1) {
// Fast case, write everything using _writev()
var cbs = [];
for (var c = 0; c < state.buffer.length; c++)
cbs.push(state.buffer[c].callback);
// count the one we are adding, as well.
// TODO(isaacs) clean this up
state.pendingcb++;
doWrite(stream, state, true, state.length, state.buffer, '', function(err) {
for (var i = 0; i < cbs.length; i++) {
state.pendingcb--;
cbs[i](err);
}
});
// Clear buffer
state.buffer = [];
} else {
// Slow case, write chunks one-by-one
for (var c = 0; c < state.buffer.length; c++) {
var entry = state.buffer[c];
var chunk = entry.chunk;
var encoding = entry.encoding;
var cb = entry.callback;
var len = state.objectMode ? 1 : chunk.length;
doWrite(stream, state, false, len, chunk, encoding, cb);
// if we didn't call the onwrite immediately, then
// it means that we need to wait until it does.
// also, that means that the chunk and cb are currently
// being processed, so move the buffer counter past them.
if (state.writing) {
c++;
break;
}
}
if (c < state.buffer.length)
state.buffer = state.buffer.slice(c);
else
state.buffer.length = 0;
}
state.bufferProcessing = false;
}
Writable.prototype._write = function(chunk, encoding, cb) {
cb(new Error('not implemented'));
};
Writable.prototype._writev = null;
Writable.prototype.end = function(chunk, encoding, cb) {
var state = this._writableState;
if (util.isFunction(chunk)) {
cb = chunk;
chunk = null;
encoding = null;
} else if (util.isFunction(encoding)) {
cb = encoding;
encoding = null;
}
if (!util.isNullOrUndefined(chunk))
this.write(chunk, encoding);
// .end() fully uncorks
if (state.corked) {
state.corked = 1;
this.uncork();
}
// ignore unnecessary end() calls.
if (!state.ending && !state.finished)
endWritable(this, state, cb);
};
function needFinish(stream, state) {
return (state.ending &&
state.length === 0 &&
!state.finished &&
!state.writing);
}
function prefinish(stream, state) {
if (!state.prefinished) {
state.prefinished = true;
stream.emit('prefinish');
}
}
function finishMaybe(stream, state) {
var need = needFinish(stream, state);
if (need) {
if (state.pendingcb === 0) {
prefinish(stream, state);
state.finished = true;
stream.emit('finish');
} else
prefinish(stream, state);
}
return need;
}
function endWritable(stream, state, cb) {
state.ending = true;
finishMaybe(stream, state);
if (cb) {
if (state.finished)
process.nextTick(cb);
else
stream.once('finish', cb);
}
state.ended = true;
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(13)))
/***/ },
/* 37 */
/***/ function(module, exports, __webpack_require__) {
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
var Buffer = __webpack_require__(1).Buffer;
var isBufferEncoding = Buffer.isEncoding
|| function(encoding) {
switch (encoding && encoding.toLowerCase()) {
case 'hex': case 'utf8': case 'utf-8': case 'ascii': case 'binary': case 'base64': case 'ucs2': case 'ucs-2': case 'utf16le': case 'utf-16le': case 'raw': return true;
default: return false;
}
}
function assertEncoding(encoding) {
if (encoding && !isBufferEncoding(encoding)) {
throw new Error('Unknown encoding: ' + encoding);
}
}
// StringDecoder provides an interface for efficiently splitting a series of
// buffers into a series of JS strings without breaking apart multi-byte
// characters. CESU-8 is handled as part of the UTF-8 encoding.
//
// @TODO Handling all encodings inside a single object makes it very difficult
// to reason about this code, so it should be split up in the future.
// @TODO There should be a utf8-strict encoding that rejects invalid UTF-8 code
// points as used by CESU-8.
var StringDecoder = exports.StringDecoder = function(encoding) {
this.encoding = (encoding || 'utf8').toLowerCase().replace(/[-_]/, '');
assertEncoding(encoding);
switch (this.encoding) {
case 'utf8':
// CESU-8 represents each of Surrogate Pair by 3-bytes
this.surrogateSize = 3;
break;
case 'ucs2':
case 'utf16le':
// UTF-16 represents each of Surrogate Pair by 2-bytes
this.surrogateSize = 2;
this.detectIncompleteChar = utf16DetectIncompleteChar;
break;
case 'base64':
// Base-64 stores 3 bytes in 4 chars, and pads the remainder.
this.surrogateSize = 3;
this.detectIncompleteChar = base64DetectIncompleteChar;
break;
default:
this.write = passThroughWrite;
return;
}
// Enough space to store all bytes of a single character. UTF-8 needs 4
// bytes, but CESU-8 may require up to 6 (3 bytes per surrogate).
this.charBuffer = new Buffer(6);
// Number of bytes received for the current incomplete multi-byte character.
this.charReceived = 0;
// Number of bytes expected for the current incomplete multi-byte character.
this.charLength = 0;
};
// write decodes the given buffer and returns it as JS string that is
// guaranteed to not contain any partial multi-byte characters. Any partial
// character found at the end of the buffer is buffered up, and will be
// returned when calling write again with the remaining bytes.
//
// Note: Converting a Buffer containing an orphan surrogate to a String
// currently works, but converting a String to a Buffer (via `new Buffer`, or
// Buffer#write) will replace incomplete surrogates with the unicode
// replacement character. See https://codereview.chromium.org/121173009/ .
StringDecoder.prototype.write = function(buffer) {
var charStr = '';
// if our last write ended with an incomplete multibyte character
while (this.charLength) {
// determine how many remaining bytes this buffer has to offer for this char
var available = (buffer.length >= this.charLength - this.charReceived) ?
this.charLength - this.charReceived :
buffer.length;
// add the new bytes to the char buffer
buffer.copy(this.charBuffer, this.charReceived, 0, available);
this.charReceived += available;
if (this.charReceived < this.charLength) {
// still not enough chars in this buffer? wait for more ...
return '';
}
// remove bytes belonging to the current character from the buffer
buffer = buffer.slice(available, buffer.length);
// get the character that was split
charStr = this.charBuffer.slice(0, this.charLength).toString(this.encoding);
// CESU-8: lead surrogate (D800-DBFF) is also the incomplete character
var charCode = charStr.charCodeAt(charStr.length - 1);
if (charCode >= 0xD800 && charCode <= 0xDBFF) {
this.charLength += this.surrogateSize;
charStr = '';
continue;
}
this.charReceived = this.charLength = 0;
// if there are no more bytes in this buffer, just emit our char
if (buffer.length === 0) {
return charStr;
}
break;
}
// determine and set charLength / charReceived
this.detectIncompleteChar(buffer);
var end = buffer.length;
if (this.charLength) {
// buffer the incomplete character bytes we got
buffer.copy(this.charBuffer, 0, buffer.length - this.charReceived, end);
end -= this.charReceived;
}
charStr += buffer.toString(this.encoding, 0, end);
var end = charStr.length - 1;
var charCode = charStr.charCodeAt(end);
// CESU-8: lead surrogate (D800-DBFF) is also the incomplete character
if (charCode >= 0xD800 && charCode <= 0xDBFF) {
var size = this.surrogateSize;
this.charLength += size;
this.charReceived += size;
this.charBuffer.copy(this.charBuffer, size, 0, size);
buffer.copy(this.charBuffer, 0, 0, size);
return charStr.substring(0, end);
}
// or just emit the charStr
return charStr;
};
// detectIncompleteChar determines if there is an incomplete UTF-8 character at
// the end of the given buffer. If so, it sets this.charLength to the byte
// length that character, and sets this.charReceived to the number of bytes
// that are available for this character.
StringDecoder.prototype.detectIncompleteChar = function(buffer) {
// determine how many bytes we have to check at the end of this buffer
var i = (buffer.length >= 3) ? 3 : buffer.length;
// Figure out if one of the last i bytes of our buffer announces an
// incomplete char.
for (; i > 0; i--) {
var c = buffer[buffer.length - i];
// See http://en.wikipedia.org/wiki/UTF-8#Description
// 110XXXXX
if (i == 1 && c >> 5 == 0x06) {
this.charLength = 2;
break;
}
// 1110XXXX
if (i <= 2 && c >> 4 == 0x0E) {
this.charLength = 3;
break;
}
// 11110XXX
if (i <= 3 && c >> 3 == 0x1E) {
this.charLength = 4;
break;
}
}
this.charReceived = i;
};
StringDecoder.prototype.end = function(buffer) {
var res = '';
if (buffer && buffer.length)
res = this.write(buffer);
if (this.charReceived) {
var cr = this.charReceived;
var buf = this.charBuffer;
var enc = this.encoding;
res += buf.slice(0, cr).toString(enc);
}
return res;
};
function passThroughWrite(buffer) {
return buffer.toString(this.encoding);
}
function utf16DetectIncompleteChar(buffer) {
this.charReceived = buffer.length % 2;
this.charLength = this.charReceived ? 2 : 0;
}
function base64DetectIncompleteChar(buffer) {
this.charReceived = buffer.length % 3;
this.charLength = this.charReceived ? 3 : 0;
}
/***/ },
/* 38 */
/***/ function(module, exports, __webpack_require__) {
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// a transform stream is a readable/writable stream where you do
// something with the data. Sometimes it's called a "filter",
// but that's not a great name for it, since that implies a thing where
// some bits pass through, and others are simply ignored. (That would
// be a valid example of a transform, of course.)
//
// While the output is causally related to the input, it's not a
// necessarily symmetric or synchronous transformation. For example,
// a zlib stream might take multiple plain-text writes(), and then
// emit a single compressed chunk some time in the future.
//
// Here's how this works:
//
// The Transform stream has all the aspects of the readable and writable
// stream classes. When you write(chunk), that calls _write(chunk,cb)
// internally, and returns false if there's a lot of pending writes
// buffered up. When you call read(), that calls _read(n) until
// there's enough pending readable data buffered up.
//
// In a transform stream, the written data is placed in a buffer. When
// _read(n) is called, it transforms the queued up data, calling the
// buffered _write cb's as it consumes chunks. If consuming a single
// written chunk would result in multiple output chunks, then the first
// outputted bit calls the readcb, and subsequent chunks just go into
// the read buffer, and will cause it to emit 'readable' if necessary.
//
// This way, back-pressure is actually determined by the reading side,
// since _read has to be called to start processing a new chunk. However,
// a pathological inflate type of transform can cause excessive buffering
// here. For example, imagine a stream where every byte of input is
// interpreted as an integer from 0-255, and then results in that many
// bytes of output. Writing the 4 bytes {ff,ff,ff,ff} would result in
// 1kb of data being output. In this case, you could write a very small
// amount of input, and end up with a very large amount of output. In
// such a pathological inflating mechanism, there'd be no way to tell
// the system to stop doing the transform. A single 4MB write could
// cause the system to run out of memory.
//
// However, even in such a pathological case, only a single written chunk
// would be consumed, and then the rest would wait (un-transformed) until
// the results of the previous transformed chunk were consumed.
module.exports = Transform;
var Duplex = __webpack_require__(35);
/*<replacement>*/
var util = __webpack_require__(33);
util.inherits = __webpack_require__(15);
/*</replacement>*/
util.inherits(Transform, Duplex);
function TransformState(options, stream) {
this.afterTransform = function(er, data) {
return afterTransform(stream, er, data);
};
this.needTransform = false;
this.transforming = false;
this.writecb = null;
this.writechunk = null;
}
function afterTransform(stream, er, data) {
var ts = stream._transformState;
ts.transforming = false;
var cb = ts.writecb;
if (!cb)
return stream.emit('error', new Error('no writecb in Transform class'));
ts.writechunk = null;
ts.writecb = null;
if (!util.isNullOrUndefined(data))
stream.push(data);
if (cb)
cb(er);
var rs = stream._readableState;
rs.reading = false;
if (rs.needReadable || rs.length < rs.highWaterMark) {
stream._read(rs.highWaterMark);
}
}
function Transform(options) {
if (!(this instanceof Transform))
return new Transform(options);
Duplex.call(this, options);
this._transformState = new TransformState(options, this);
// when the writable side finishes, then flush out anything remaining.
var stream = this;
// start out asking for a readable event once data is transformed.
this._readableState.needReadable = true;
// we have implemented the _read method, and done the other things
// that Readable wants before the first _read call, so unset the
// sync guard flag.
this._readableState.sync = false;
this.once('prefinish', function() {
if (util.isFunction(this._flush))
this._flush(function(er) {
done(stream, er);
});
else
done(stream);
});
}
Transform.prototype.push = function(chunk, encoding) {
this._transformState.needTransform = false;
return Duplex.prototype.push.call(this, chunk, encoding);
};
// This is the part where you do stuff!
// override this function in implementation classes.
// 'chunk' is an input chunk.
//
// Call `push(newChunk)` to pass along transformed output
// to the readable side. You may call 'push' zero or more times.
//
// Call `cb(err)` when you are done with this chunk. If you pass
// an error, then that'll put the hurt on the whole operation. If you
// never call cb(), then you'll never get another chunk.
Transform.prototype._transform = function(chunk, encoding, cb) {
throw new Error('not implemented');
};
Transform.prototype._write = function(chunk, encoding, cb) {
var ts = this._transformState;
ts.writecb = cb;
ts.writechunk = chunk;
ts.writeencoding = encoding;
if (!ts.transforming) {
var rs = this._readableState;
if (ts.needTransform ||
rs.needReadable ||
rs.length < rs.highWaterMark)
this._read(rs.highWaterMark);
}
};
// Doesn't matter what the args are here.
// _transform does all the work.
// That we got here means that the readable side wants more data.
Transform.prototype._read = function(n) {
var ts = this._transformState;
if (!util.isNull(ts.writechunk) && ts.writecb && !ts.transforming) {
ts.transforming = true;
this._transform(ts.writechunk, ts.writeencoding, ts.afterTransform);
} else {
// mark that we need a transform, so that any data that comes in
// will get processed, now that we've asked for it.
ts.needTransform = true;
}
};
function done(stream, er) {
if (er)
return stream.emit('error', er);
// if there's nothing in the write buffer, then that means
// that nothing more will ever be provided
var ws = stream._writableState;
var ts = stream._transformState;
if (ws.length)
throw new Error('calling transform done when ws.length != 0');
if (ts.transforming)
throw new Error('calling transform done when still transforming');
return stream.push(null);
}
/***/ },
/* 39 */
/***/ function(module, exports, __webpack_require__) {
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// a passthrough stream.
// basically just the most minimal sort of Transform stream.
// Every written chunk gets output as-is.
module.exports = PassThrough;
var Transform = __webpack_require__(38);
/*<replacement>*/
var util = __webpack_require__(33);
util.inherits = __webpack_require__(15);
/*</replacement>*/
util.inherits(PassThrough, Transform);
function PassThrough(options) {
if (!(this instanceof PassThrough))
return new PassThrough(options);
Transform.call(this, options);
}
PassThrough.prototype._transform = function(chunk, encoding, cb) {
cb(null, chunk);
};
/***/ },
/* 40 */
/***/ function(module, exports, __webpack_require__) {
module.exports = __webpack_require__(36)
/***/ },
/* 41 */
/***/ function(module, exports, __webpack_require__) {
module.exports = __webpack_require__(35)
/***/ },
/* 42 */
/***/ function(module, exports, __webpack_require__) {
module.exports = __webpack_require__(38)
/***/ },
/* 43 */
/***/ function(module, exports, __webpack_require__) {
module.exports = __webpack_require__(39)
/***/ },
/* 44 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {'use strict';
var createHash = __webpack_require__(14);
var inherits = __webpack_require__(15)
var Transform = __webpack_require__(28).Transform
var ZEROS = new Buffer(128)
ZEROS.fill(0)
function Hmac(alg, key) {
Transform.call(this)
alg = alg.toLowerCase()
if (typeof key === 'string') {
key = new Buffer(key)
}
var blocksize = (alg === 'sha512' || alg === 'sha384') ? 128 : 64
this._alg = alg
this._key = key
if (key.length > blocksize) {
key = createHash(alg).update(key).digest()
} else if (key.length < blocksize) {
key = Buffer.concat([key, ZEROS], blocksize)
}
var ipad = this._ipad = new Buffer(blocksize)
var opad = this._opad = new Buffer(blocksize)
for (var i = 0; i < blocksize; i++) {
ipad[i] = key[i] ^ 0x36
opad[i] = key[i] ^ 0x5C
}
this._hash = createHash(alg).update(ipad)
}
inherits(Hmac, Transform)
Hmac.prototype.update = function (data, enc) {
this._hash.update(data, enc)
return this
}
Hmac.prototype._transform = function (data, _, next) {
this._hash.update(data)
next()
}
Hmac.prototype._flush = function (next) {
this.push(this.digest())
next()
}
Hmac.prototype.digest = function (enc) {
var h = this._hash.digest()
return createHash(this._alg).update(this._opad).update(h).digest(enc)
}
module.exports = function createHmac(alg, key) {
return new Hmac(alg, key)
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 45 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {'use strict'
exports['RSA-SHA224'] = exports.sha224WithRSAEncryption = {
sign: 'rsa',
hash: 'sha224',
id: new Buffer('302d300d06096086480165030402040500041c', 'hex')
}
exports['RSA-SHA256'] = exports.sha256WithRSAEncryption = {
sign: 'rsa',
hash: 'sha256',
id: new Buffer('3031300d060960864801650304020105000420', 'hex')
}
exports['RSA-SHA384'] = exports.sha384WithRSAEncryption = {
sign: 'rsa',
hash: 'sha384',
id: new Buffer('3041300d060960864801650304020205000430', 'hex')
}
exports['RSA-SHA512'] = exports.sha512WithRSAEncryption = {
sign: 'rsa',
hash: 'sha512',
id: new Buffer('3051300d060960864801650304020305000440', 'hex')
}
exports['RSA-SHA1'] = {
sign: 'rsa',
hash: 'sha1',
id: new Buffer('3021300906052b0e03021a05000414', 'hex')
}
exports['ecdsa-with-SHA1'] = {
sign: 'ecdsa',
hash: 'sha1',
id: new Buffer('', 'hex')
}
exports.DSA = exports['DSA-SHA1'] = exports['DSA-SHA'] = {
sign: 'dsa',
hash: 'sha1',
id: new Buffer('', 'hex')
}
exports['DSA-SHA224'] = exports['DSA-WITH-SHA224'] = {
sign: 'dsa',
hash: 'sha224',
id: new Buffer('', 'hex')
}
exports['DSA-SHA256'] = exports['DSA-WITH-SHA256'] = {
sign: 'dsa',
hash: 'sha256',
id: new Buffer('', 'hex')
}
exports['DSA-SHA384'] = exports['DSA-WITH-SHA384'] = {
sign: 'dsa',
hash: 'sha384',
id: new Buffer('', 'hex')
}
exports['DSA-SHA512'] = exports['DSA-WITH-SHA512'] = {
sign: 'dsa',
hash: 'sha512',
id: new Buffer('', 'hex')
}
exports['DSA-RIPEMD160'] = {
sign: 'dsa',
hash: 'rmd160',
id: new Buffer('', 'hex')
}
exports['RSA-RIPEMD160'] = exports.ripemd160WithRSA = {
sign: 'rsa',
hash: 'rmd160',
id: new Buffer('3021300906052b2403020105000414', 'hex')
}
exports['RSA-MD5'] = exports.md5WithRSAEncryption = {
sign: 'rsa',
hash: 'md5',
id: new Buffer('3020300c06082a864886f70d020505000410', 'hex')
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 46 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var createHmac = __webpack_require__(44)
var MAX_ALLOC = Math.pow(2, 30) - 1 // default in iojs
exports.pbkdf2 = pbkdf2
function pbkdf2 (password, salt, iterations, keylen, digest, callback) {
if (typeof digest === 'function') {
callback = digest
digest = undefined
}
if (typeof callback !== 'function') {
throw new Error('No callback provided to pbkdf2')
}
var result = pbkdf2Sync(password, salt, iterations, keylen, digest)
setTimeout(function () {
callback(undefined, result)
})
}
exports.pbkdf2Sync = pbkdf2Sync
function pbkdf2Sync (password, salt, iterations, keylen, digest) {
if (typeof iterations !== 'number') {
throw new TypeError('Iterations not a number')
}
if (iterations < 0) {
throw new TypeError('Bad iterations')
}
if (typeof keylen !== 'number') {
throw new TypeError('Key length not a number')
}
if (keylen < 0 || keylen > MAX_ALLOC) {
throw new TypeError('Bad key length')
}
digest = digest || 'sha1'
if (!Buffer.isBuffer(password)) password = new Buffer(password, 'binary')
if (!Buffer.isBuffer(salt)) salt = new Buffer(salt, 'binary')
var hLen
var l = 1
var DK = new Buffer(keylen)
var block1 = new Buffer(salt.length + 4)
salt.copy(block1, 0, 0, salt.length)
var r
var T
for (var i = 1; i <= l; i++) {
block1.writeUInt32BE(i, salt.length)
var U = createHmac(digest, password).update(block1).digest()
if (!hLen) {
hLen = U.length
T = new Buffer(hLen)
l = Math.ceil(keylen / hLen)
r = keylen - (l - 1) * hLen
}
U.copy(T, 0, 0, hLen)
for (var j = 1; j < iterations; j++) {
U = createHmac(digest, password).update(U).digest()
for (var k = 0; k < hLen; k++) {
T[k] ^= U[k]
}
}
var destPos = (i - 1) * hLen
var len = (i === l ? r : hLen)
T.copy(DK, destPos, 0, len)
}
return DK
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 47 */
/***/ function(module, exports, __webpack_require__) {
var ebtk = __webpack_require__(48)
var aes = __webpack_require__(49)
var DES = __webpack_require__(65)
var desModes = __webpack_require__(73)
var aesModes = __webpack_require__(52)
function createCipher (suite, password) {
var keyLen, ivLen
suite = suite.toLowerCase()
if (aesModes[suite]) {
keyLen = aesModes[suite].key
ivLen = aesModes[suite].iv
} else if (desModes[suite]) {
keyLen = desModes[suite].key * 8
ivLen = desModes[suite].iv
} else {
throw new TypeError('invalid suite type')
}
var keys = ebtk(password, false, keyLen, ivLen)
return createCipheriv(suite, keys.key, keys.iv)
}
function createDecipher (suite, password) {
var keyLen, ivLen
suite = suite.toLowerCase()
if (aesModes[suite]) {
keyLen = aesModes[suite].key
ivLen = aesModes[suite].iv
} else if (desModes[suite]) {
keyLen = desModes[suite].key * 8
ivLen = desModes[suite].iv
} else {
throw new TypeError('invalid suite type')
}
var keys = ebtk(password, false, keyLen, ivLen)
return createDecipheriv(suite, keys.key, keys.iv)
}
function createCipheriv (suite, key, iv) {
suite = suite.toLowerCase()
if (aesModes[suite]) {
return aes.createCipheriv(suite, key, iv)
} else if (desModes[suite]) {
return new DES({
key: key,
iv: iv,
mode: suite
})
} else {
throw new TypeError('invalid suite type')
}
}
function createDecipheriv (suite, key, iv) {
suite = suite.toLowerCase()
if (aesModes[suite]) {
return aes.createDecipheriv(suite, key, iv)
} else if (desModes[suite]) {
return new DES({
key: key,
iv: iv,
mode: suite,
decrypt: true
})
} else {
throw new TypeError('invalid suite type')
}
}
exports.createCipher = exports.Cipher = createCipher
exports.createCipheriv = exports.Cipheriv = createCipheriv
exports.createDecipher = exports.Decipher = createDecipher
exports.createDecipheriv = exports.Decipheriv = createDecipheriv
function getCiphers () {
return Object.keys(desModes).concat(aes.getCiphers())
}
exports.listCiphers = exports.getCiphers = getCiphers
/***/ },
/* 48 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var md5 = __webpack_require__(16)
module.exports = EVP_BytesToKey
function EVP_BytesToKey (password, salt, keyLen, ivLen) {
if (!Buffer.isBuffer(password)) {
password = new Buffer(password, 'binary')
}
if (salt && !Buffer.isBuffer(salt)) {
salt = new Buffer(salt, 'binary')
}
keyLen = keyLen / 8
ivLen = ivLen || 0
var ki = 0
var ii = 0
var key = new Buffer(keyLen)
var iv = new Buffer(ivLen)
var addmd = 0
var md_buf
var i
var bufs = []
while (true) {
if (addmd++ > 0) {
bufs.push(md_buf)
}
bufs.push(password)
if (salt) {
bufs.push(salt)
}
md_buf = md5(Buffer.concat(bufs))
bufs = []
i = 0
if (keyLen > 0) {
while (true) {
if (keyLen === 0) {
break
}
if (i === md_buf.length) {
break
}
key[ki++] = md_buf[i]
keyLen--
i++
}
}
if (ivLen > 0 && i !== md_buf.length) {
while (true) {
if (ivLen === 0) {
break
}
if (i === md_buf.length) {
break
}
iv[ii++] = md_buf[i]
ivLen--
i++
}
}
if (keyLen === 0 && ivLen === 0) {
break
}
}
for (i = 0; i < md_buf.length; i++) {
md_buf[i] = 0
}
return {
key: key,
iv: iv
}
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 49 */
/***/ function(module, exports, __webpack_require__) {
var ciphers = __webpack_require__(50)
exports.createCipher = exports.Cipher = ciphers.createCipher
exports.createCipheriv = exports.Cipheriv = ciphers.createCipheriv
var deciphers = __webpack_require__(64)
exports.createDecipher = exports.Decipher = deciphers.createDecipher
exports.createDecipheriv = exports.Decipheriv = deciphers.createDecipheriv
var modes = __webpack_require__(52)
function getCiphers () {
return Object.keys(modes)
}
exports.listCiphers = exports.getCiphers = getCiphers
/***/ },
/* 50 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var aes = __webpack_require__(51)
var Transform = __webpack_require__(27)
var inherits = __webpack_require__(15)
var modes = __webpack_require__(52)
var ebtk = __webpack_require__(48)
var StreamCipher = __webpack_require__(53)
var AuthCipher = __webpack_require__(54)
inherits(Cipher, Transform)
function Cipher (mode, key, iv) {
if (!(this instanceof Cipher)) {
return new Cipher(mode, key, iv)
}
Transform.call(this)
this._cache = new Splitter()
this._cipher = new aes.AES(key)
this._prev = new Buffer(iv.length)
iv.copy(this._prev)
this._mode = mode
this._autopadding = true
}
Cipher.prototype._update = function (data) {
this._cache.add(data)
var chunk
var thing
var out = []
while ((chunk = this._cache.get())) {
thing = this._mode.encrypt(this, chunk)
out.push(thing)
}
return Buffer.concat(out)
}
Cipher.prototype._final = function () {
var chunk = this._cache.flush()
if (this._autopadding) {
chunk = this._mode.encrypt(this, chunk)
this._cipher.scrub()
return chunk
} else if (chunk.toString('hex') !== '10101010101010101010101010101010') {
this._cipher.scrub()
throw new Error('data not multiple of block length')
}
}
Cipher.prototype.setAutoPadding = function (setTo) {
this._autopadding = !!setTo
return this
}
function Splitter () {
if (!(this instanceof Splitter)) {
return new Splitter()
}
this.cache = new Buffer('')
}
Splitter.prototype.add = function (data) {
this.cache = Buffer.concat([this.cache, data])
}
Splitter.prototype.get = function () {
if (this.cache.length > 15) {
var out = this.cache.slice(0, 16)
this.cache = this.cache.slice(16)
return out
}
return null
}
Splitter.prototype.flush = function () {
var len = 16 - this.cache.length
var padBuff = new Buffer(len)
var i = -1
while (++i < len) {
padBuff.writeUInt8(len, i)
}
var out = Buffer.concat([this.cache, padBuff])
return out
}
var modelist = {
ECB: __webpack_require__(57),
CBC: __webpack_require__(58),
CFB: __webpack_require__(59),
CFB8: __webpack_require__(60),
CFB1: __webpack_require__(61),
OFB: __webpack_require__(62),
CTR: __webpack_require__(63),
GCM: __webpack_require__(63)
}
function createCipheriv (suite, password, iv) {
var config = modes[suite.toLowerCase()]
if (!config) {
throw new TypeError('invalid suite type')
}
if (typeof iv === 'string') {
iv = new Buffer(iv)
}
if (typeof password === 'string') {
password = new Buffer(password)
}
if (password.length !== config.key / 8) {
throw new TypeError('invalid key length ' + password.length)
}
if (iv.length !== config.iv) {
throw new TypeError('invalid iv length ' + iv.length)
}
if (config.type === 'stream') {
return new StreamCipher(modelist[config.mode], password, iv)
} else if (config.type === 'auth') {
return new AuthCipher(modelist[config.mode], password, iv)
}
return new Cipher(modelist[config.mode], password, iv)
}
function createCipher (suite, password) {
var config = modes[suite.toLowerCase()]
if (!config) {
throw new TypeError('invalid suite type')
}
var keys = ebtk(password, false, config.key, config.iv)
return createCipheriv(suite, keys.key, keys.iv)
}
exports.createCipheriv = createCipheriv
exports.createCipher = createCipher
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 51 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {// based on the aes implimentation in triple sec
// https://github.com/keybase/triplesec
// which is in turn based on the one from crypto-js
// https://code.google.com/p/crypto-js/
var uint_max = Math.pow(2, 32)
function fixup_uint32 (x) {
var ret, x_pos
ret = x > uint_max || x < 0 ? (x_pos = Math.abs(x) % uint_max, x < 0 ? uint_max - x_pos : x_pos) : x
return ret
}
function scrub_vec (v) {
for (var i = 0; i < v.length; v++) {
v[i] = 0
}
return false
}
function Global () {
this.SBOX = []
this.INV_SBOX = []
this.SUB_MIX = [[], [], [], []]
this.INV_SUB_MIX = [[], [], [], []]
this.init()
this.RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36]
}
Global.prototype.init = function () {
var d, i, sx, t, x, x2, x4, x8, xi, _i
d = (function () {
var _i, _results
_results = []
for (i = _i = 0; _i < 256; i = ++_i) {
if (i < 128) {
_results.push(i << 1)
} else {
_results.push((i << 1) ^ 0x11b)
}
}
return _results
})()
x = 0
xi = 0
for (i = _i = 0; _i < 256; i = ++_i) {
sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4)
sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63
this.SBOX[x] = sx
this.INV_SBOX[sx] = x
x2 = d[x]
x4 = d[x2]
x8 = d[x4]
t = (d[sx] * 0x101) ^ (sx * 0x1010100)
this.SUB_MIX[0][x] = (t << 24) | (t >>> 8)
this.SUB_MIX[1][x] = (t << 16) | (t >>> 16)
this.SUB_MIX[2][x] = (t << 8) | (t >>> 24)
this.SUB_MIX[3][x] = t
t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100)
this.INV_SUB_MIX[0][sx] = (t << 24) | (t >>> 8)
this.INV_SUB_MIX[1][sx] = (t << 16) | (t >>> 16)
this.INV_SUB_MIX[2][sx] = (t << 8) | (t >>> 24)
this.INV_SUB_MIX[3][sx] = t
if (x === 0) {
x = xi = 1
} else {
x = x2 ^ d[d[d[x8 ^ x2]]]
xi ^= d[d[xi]]
}
}
return true
}
var G = new Global()
AES.blockSize = 4 * 4
AES.prototype.blockSize = AES.blockSize
AES.keySize = 256 / 8
AES.prototype.keySize = AES.keySize
function bufferToArray (buf) {
var len = buf.length / 4
var out = new Array(len)
var i = -1
while (++i < len) {
out[i] = buf.readUInt32BE(i * 4)
}
return out
}
function AES (key) {
this._key = bufferToArray(key)
this._doReset()
}
AES.prototype._doReset = function () {
var invKsRow, keySize, keyWords, ksRow, ksRows, t
keyWords = this._key
keySize = keyWords.length
this._nRounds = keySize + 6
ksRows = (this._nRounds + 1) * 4
this._keySchedule = []
for (ksRow = 0; ksRow < ksRows; ksRow++) {
this._keySchedule[ksRow] = ksRow < keySize ? keyWords[ksRow] : (t = this._keySchedule[ksRow - 1], (ksRow % keySize) === 0 ? (t = (t << 8) | (t >>> 24), t = (G.SBOX[t >>> 24] << 24) | (G.SBOX[(t >>> 16) & 0xff] << 16) | (G.SBOX[(t >>> 8) & 0xff] << 8) | G.SBOX[t & 0xff], t ^= G.RCON[(ksRow / keySize) | 0] << 24) : keySize > 6 && ksRow % keySize === 4 ? t = (G.SBOX[t >>> 24] << 24) | (G.SBOX[(t >>> 16) & 0xff] << 16) | (G.SBOX[(t >>> 8) & 0xff] << 8) | G.SBOX[t & 0xff] : void 0, this._keySchedule[ksRow - keySize] ^ t)
}
this._invKeySchedule = []
for (invKsRow = 0; invKsRow < ksRows; invKsRow++) {
ksRow = ksRows - invKsRow
t = this._keySchedule[ksRow - (invKsRow % 4 ? 0 : 4)]
this._invKeySchedule[invKsRow] = invKsRow < 4 || ksRow <= 4 ? t : G.INV_SUB_MIX[0][G.SBOX[t >>> 24]] ^ G.INV_SUB_MIX[1][G.SBOX[(t >>> 16) & 0xff]] ^ G.INV_SUB_MIX[2][G.SBOX[(t >>> 8) & 0xff]] ^ G.INV_SUB_MIX[3][G.SBOX[t & 0xff]]
}
return true
}
AES.prototype.encryptBlock = function (M) {
M = bufferToArray(new Buffer(M))
var out = this._doCryptBlock(M, this._keySchedule, G.SUB_MIX, G.SBOX)
var buf = new Buffer(16)
buf.writeUInt32BE(out[0], 0)
buf.writeUInt32BE(out[1], 4)
buf.writeUInt32BE(out[2], 8)
buf.writeUInt32BE(out[3], 12)
return buf
}
AES.prototype.decryptBlock = function (M) {
M = bufferToArray(new Buffer(M))
var temp = [M[3], M[1]]
M[1] = temp[0]
M[3] = temp[1]
var out = this._doCryptBlock(M, this._invKeySchedule, G.INV_SUB_MIX, G.INV_SBOX)
var buf = new Buffer(16)
buf.writeUInt32BE(out[0], 0)
buf.writeUInt32BE(out[3], 4)
buf.writeUInt32BE(out[2], 8)
buf.writeUInt32BE(out[1], 12)
return buf
}
AES.prototype.scrub = function () {
scrub_vec(this._keySchedule)
scrub_vec(this._invKeySchedule)
scrub_vec(this._key)
}
AES.prototype._doCryptBlock = function (M, keySchedule, SUB_MIX, SBOX) {
var ksRow, s0, s1, s2, s3, t0, t1, t2, t3
s0 = M[0] ^ keySchedule[0]
s1 = M[1] ^ keySchedule[1]
s2 = M[2] ^ keySchedule[2]
s3 = M[3] ^ keySchedule[3]
ksRow = 4
for (var round = 1; round < this._nRounds; round++) {
t0 = SUB_MIX[0][s0 >>> 24] ^ SUB_MIX[1][(s1 >>> 16) & 0xff] ^ SUB_MIX[2][(s2 >>> 8) & 0xff] ^ SUB_MIX[3][s3 & 0xff] ^ keySchedule[ksRow++]
t1 = SUB_MIX[0][s1 >>> 24] ^ SUB_MIX[1][(s2 >>> 16) & 0xff] ^ SUB_MIX[2][(s3 >>> 8) & 0xff] ^ SUB_MIX[3][s0 & 0xff] ^ keySchedule[ksRow++]
t2 = SUB_MIX[0][s2 >>> 24] ^ SUB_MIX[1][(s3 >>> 16) & 0xff] ^ SUB_MIX[2][(s0 >>> 8) & 0xff] ^ SUB_MIX[3][s1 & 0xff] ^ keySchedule[ksRow++]
t3 = SUB_MIX[0][s3 >>> 24] ^ SUB_MIX[1][(s0 >>> 16) & 0xff] ^ SUB_MIX[2][(s1 >>> 8) & 0xff] ^ SUB_MIX[3][s2 & 0xff] ^ keySchedule[ksRow++]
s0 = t0
s1 = t1
s2 = t2
s3 = t3
}
t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++]
t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++]
t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++]
t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++]
return [
fixup_uint32(t0),
fixup_uint32(t1),
fixup_uint32(t2),
fixup_uint32(t3)
]
}
exports.AES = AES
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 52 */
/***/ function(module, exports) {
exports['aes-128-ecb'] = {
cipher: 'AES',
key: 128,
iv: 0,
mode: 'ECB',
type: 'block'
}
exports['aes-192-ecb'] = {
cipher: 'AES',
key: 192,
iv: 0,
mode: 'ECB',
type: 'block'
}
exports['aes-256-ecb'] = {
cipher: 'AES',
key: 256,
iv: 0,
mode: 'ECB',
type: 'block'
}
exports['aes-128-cbc'] = {
cipher: 'AES',
key: 128,
iv: 16,
mode: 'CBC',
type: 'block'
}
exports['aes-192-cbc'] = {
cipher: 'AES',
key: 192,
iv: 16,
mode: 'CBC',
type: 'block'
}
exports['aes-256-cbc'] = {
cipher: 'AES',
key: 256,
iv: 16,
mode: 'CBC',
type: 'block'
}
exports['aes128'] = exports['aes-128-cbc']
exports['aes192'] = exports['aes-192-cbc']
exports['aes256'] = exports['aes-256-cbc']
exports['aes-128-cfb'] = {
cipher: 'AES',
key: 128,
iv: 16,
mode: 'CFB',
type: 'stream'
}
exports['aes-192-cfb'] = {
cipher: 'AES',
key: 192,
iv: 16,
mode: 'CFB',
type: 'stream'
}
exports['aes-256-cfb'] = {
cipher: 'AES',
key: 256,
iv: 16,
mode: 'CFB',
type: 'stream'
}
exports['aes-128-cfb8'] = {
cipher: 'AES',
key: 128,
iv: 16,
mode: 'CFB8',
type: 'stream'
}
exports['aes-192-cfb8'] = {
cipher: 'AES',
key: 192,
iv: 16,
mode: 'CFB8',
type: 'stream'
}
exports['aes-256-cfb8'] = {
cipher: 'AES',
key: 256,
iv: 16,
mode: 'CFB8',
type: 'stream'
}
exports['aes-128-cfb1'] = {
cipher: 'AES',
key: 128,
iv: 16,
mode: 'CFB1',
type: 'stream'
}
exports['aes-192-cfb1'] = {
cipher: 'AES',
key: 192,
iv: 16,
mode: 'CFB1',
type: 'stream'
}
exports['aes-256-cfb1'] = {
cipher: 'AES',
key: 256,
iv: 16,
mode: 'CFB1',
type: 'stream'
}
exports['aes-128-ofb'] = {
cipher: 'AES',
key: 128,
iv: 16,
mode: 'OFB',
type: 'stream'
}
exports['aes-192-ofb'] = {
cipher: 'AES',
key: 192,
iv: 16,
mode: 'OFB',
type: 'stream'
}
exports['aes-256-ofb'] = {
cipher: 'AES',
key: 256,
iv: 16,
mode: 'OFB',
type: 'stream'
}
exports['aes-128-ctr'] = {
cipher: 'AES',
key: 128,
iv: 16,
mode: 'CTR',
type: 'stream'
}
exports['aes-192-ctr'] = {
cipher: 'AES',
key: 192,
iv: 16,
mode: 'CTR',
type: 'stream'
}
exports['aes-256-ctr'] = {
cipher: 'AES',
key: 256,
iv: 16,
mode: 'CTR',
type: 'stream'
}
exports['aes-128-gcm'] = {
cipher: 'AES',
key: 128,
iv: 12,
mode: 'GCM',
type: 'auth'
}
exports['aes-192-gcm'] = {
cipher: 'AES',
key: 192,
iv: 12,
mode: 'GCM',
type: 'auth'
}
exports['aes-256-gcm'] = {
cipher: 'AES',
key: 256,
iv: 12,
mode: 'GCM',
type: 'auth'
}
/***/ },
/* 53 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var aes = __webpack_require__(51)
var Transform = __webpack_require__(27)
var inherits = __webpack_require__(15)
inherits(StreamCipher, Transform)
module.exports = StreamCipher
function StreamCipher (mode, key, iv, decrypt) {
if (!(this instanceof StreamCipher)) {
return new StreamCipher(mode, key, iv)
}
Transform.call(this)
this._cipher = new aes.AES(key)
this._prev = new Buffer(iv.length)
this._cache = new Buffer('')
this._secCache = new Buffer('')
this._decrypt = decrypt
iv.copy(this._prev)
this._mode = mode
}
StreamCipher.prototype._update = function (chunk) {
return this._mode.encrypt(this, chunk, this._decrypt)
}
StreamCipher.prototype._final = function () {
this._cipher.scrub()
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 54 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var aes = __webpack_require__(51)
var Transform = __webpack_require__(27)
var inherits = __webpack_require__(15)
var GHASH = __webpack_require__(55)
var xor = __webpack_require__(56)
inherits(StreamCipher, Transform)
module.exports = StreamCipher
function StreamCipher (mode, key, iv, decrypt) {
if (!(this instanceof StreamCipher)) {
return new StreamCipher(mode, key, iv)
}
Transform.call(this)
this._finID = Buffer.concat([iv, new Buffer([0, 0, 0, 1])])
iv = Buffer.concat([iv, new Buffer([0, 0, 0, 2])])
this._cipher = new aes.AES(key)
this._prev = new Buffer(iv.length)
this._cache = new Buffer('')
this._secCache = new Buffer('')
this._decrypt = decrypt
this._alen = 0
this._len = 0
iv.copy(this._prev)
this._mode = mode
var h = new Buffer(4)
h.fill(0)
this._ghash = new GHASH(this._cipher.encryptBlock(h))
this._authTag = null
this._called = false
}
StreamCipher.prototype._update = function (chunk) {
if (!this._called && this._alen) {
var rump = 16 - (this._alen % 16)
if (rump < 16) {
rump = new Buffer(rump)
rump.fill(0)
this._ghash.update(rump)
}
}
this._called = true
var out = this._mode.encrypt(this, chunk)
if (this._decrypt) {
this._ghash.update(chunk)
} else {
this._ghash.update(out)
}
this._len += chunk.length
return out
}
StreamCipher.prototype._final = function () {
if (this._decrypt && !this._authTag) {
throw new Error('Unsupported state or unable to authenticate data')
}
var tag = xor(this._ghash.final(this._alen * 8, this._len * 8), this._cipher.encryptBlock(this._finID))
if (this._decrypt) {
if (xorTest(tag, this._authTag)) {
throw new Error('Unsupported state or unable to authenticate data')
}
} else {
this._authTag = tag
}
this._cipher.scrub()
}
StreamCipher.prototype.getAuthTag = function getAuthTag () {
if (!this._decrypt && Buffer.isBuffer(this._authTag)) {
return this._authTag
} else {
throw new Error('Attempting to get auth tag in unsupported state')
}
}
StreamCipher.prototype.setAuthTag = function setAuthTag (tag) {
if (this._decrypt) {
this._authTag = tag
} else {
throw new Error('Attempting to set auth tag in unsupported state')
}
}
StreamCipher.prototype.setAAD = function setAAD (buf) {
if (!this._called) {
this._ghash.update(buf)
this._alen += buf.length
} else {
throw new Error('Attempting to set AAD in unsupported state')
}
}
function xorTest (a, b) {
var out = 0
if (a.length !== b.length) {
out++
}
var len = Math.min(a.length, b.length)
var i = -1
while (++i < len) {
out += (a[i] ^ b[i])
}
return out
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 55 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var zeros = new Buffer(16)
zeros.fill(0)
module.exports = GHASH
function GHASH (key) {
this.h = key
this.state = new Buffer(16)
this.state.fill(0)
this.cache = new Buffer('')
}
// from http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_gcm.js.html
// by Juho Vähä-Herttua
GHASH.prototype.ghash = function (block) {
var i = -1
while (++i < block.length) {
this.state[i] ^= block[i]
}
this._multiply()
}
GHASH.prototype._multiply = function () {
var Vi = toArray(this.h)
var Zi = [0, 0, 0, 0]
var j, xi, lsb_Vi
var i = -1
while (++i < 128) {
xi = (this.state[~~(i / 8)] & (1 << (7 - i % 8))) !== 0
if (xi) {
// Z_i+1 = Z_i ^ V_i
Zi = xor(Zi, Vi)
}
// Store the value of LSB(V_i)
lsb_Vi = (Vi[3] & 1) !== 0
// V_i+1 = V_i >> 1
for (j = 3; j > 0; j--) {
Vi[j] = (Vi[j] >>> 1) | ((Vi[j - 1] & 1) << 31)
}
Vi[0] = Vi[0] >>> 1
// If LSB(V_i) is 1, V_i+1 = (V_i >> 1) ^ R
if (lsb_Vi) {
Vi[0] = Vi[0] ^ (0xe1 << 24)
}
}
this.state = fromArray(Zi)
}
GHASH.prototype.update = function (buf) {
this.cache = Buffer.concat([this.cache, buf])
var chunk
while (this.cache.length >= 16) {
chunk = this.cache.slice(0, 16)
this.cache = this.cache.slice(16)
this.ghash(chunk)
}
}
GHASH.prototype.final = function (abl, bl) {
if (this.cache.length) {
this.ghash(Buffer.concat([this.cache, zeros], 16))
}
this.ghash(fromArray([
0, abl,
0, bl
]))
return this.state
}
function toArray (buf) {
return [
buf.readUInt32BE(0),
buf.readUInt32BE(4),
buf.readUInt32BE(8),
buf.readUInt32BE(12)
]
}
function fromArray (out) {
out = out.map(fixup_uint32)
var buf = new Buffer(16)
buf.writeUInt32BE(out[0], 0)
buf.writeUInt32BE(out[1], 4)
buf.writeUInt32BE(out[2], 8)
buf.writeUInt32BE(out[3], 12)
return buf
}
var uint_max = Math.pow(2, 32)
function fixup_uint32 (x) {
var ret, x_pos
ret = x > uint_max || x < 0 ? (x_pos = Math.abs(x) % uint_max, x < 0 ? uint_max - x_pos : x_pos) : x
return ret
}
function xor (a, b) {
return [
a[0] ^ b[0],
a[1] ^ b[1],
a[2] ^ b[2],
a[3] ^ b[3]
]
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 56 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {module.exports = function xor (a, b) {
var length = Math.min(a.length, b.length)
var buffer = new Buffer(length)
for (var i = 0; i < length; ++i) {
buffer[i] = a[i] ^ b[i]
}
return buffer
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 57 */
/***/ function(module, exports) {
exports.encrypt = function (self, block) {
return self._cipher.encryptBlock(block)
}
exports.decrypt = function (self, block) {
return self._cipher.decryptBlock(block)
}
/***/ },
/* 58 */
/***/ function(module, exports, __webpack_require__) {
var xor = __webpack_require__(56)
exports.encrypt = function (self, block) {
var data = xor(block, self._prev)
self._prev = self._cipher.encryptBlock(data)
return self._prev
}
exports.decrypt = function (self, block) {
var pad = self._prev
self._prev = block
var out = self._cipher.decryptBlock(block)
return xor(out, pad)
}
/***/ },
/* 59 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var xor = __webpack_require__(56)
exports.encrypt = function (self, data, decrypt) {
var out = new Buffer('')
var len
while (data.length) {
if (self._cache.length === 0) {
self._cache = self._cipher.encryptBlock(self._prev)
self._prev = new Buffer('')
}
if (self._cache.length <= data.length) {
len = self._cache.length
out = Buffer.concat([out, encryptStart(self, data.slice(0, len), decrypt)])
data = data.slice(len)
} else {
out = Buffer.concat([out, encryptStart(self, data, decrypt)])
break
}
}
return out
}
function encryptStart (self, data, decrypt) {
var len = data.length
var out = xor(data, self._cache)
self._cache = self._cache.slice(len)
self._prev = Buffer.concat([self._prev, decrypt ? data : out])
return out
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 60 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {function encryptByte (self, byteParam, decrypt) {
var pad = self._cipher.encryptBlock(self._prev)
var out = pad[0] ^ byteParam
self._prev = Buffer.concat([self._prev.slice(1), new Buffer([decrypt ? byteParam : out])])
return out
}
exports.encrypt = function (self, chunk, decrypt) {
var len = chunk.length
var out = new Buffer(len)
var i = -1
while (++i < len) {
out[i] = encryptByte(self, chunk[i], decrypt)
}
return out
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 61 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {function encryptByte (self, byteParam, decrypt) {
var pad
var i = -1
var len = 8
var out = 0
var bit, value
while (++i < len) {
pad = self._cipher.encryptBlock(self._prev)
bit = (byteParam & (1 << (7 - i))) ? 0x80 : 0
value = pad[0] ^ bit
out += ((value & 0x80) >> (i % 8))
self._prev = shiftIn(self._prev, decrypt ? bit : value)
}
return out
}
exports.encrypt = function (self, chunk, decrypt) {
var len = chunk.length
var out = new Buffer(len)
var i = -1
while (++i < len) {
out[i] = encryptByte(self, chunk[i], decrypt)
}
return out
}
function shiftIn (buffer, value) {
var len = buffer.length
var i = -1
var out = new Buffer(buffer.length)
buffer = Buffer.concat([buffer, new Buffer([value])])
while (++i < len) {
out[i] = buffer[i] << 1 | buffer[i + 1] >> (7)
}
return out
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 62 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var xor = __webpack_require__(56)
function getBlock (self) {
self._prev = self._cipher.encryptBlock(self._prev)
return self._prev
}
exports.encrypt = function (self, chunk) {
while (self._cache.length < chunk.length) {
self._cache = Buffer.concat([self._cache, getBlock(self)])
}
var pad = self._cache.slice(0, chunk.length)
self._cache = self._cache.slice(chunk.length)
return xor(chunk, pad)
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 63 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var xor = __webpack_require__(56)
function incr32 (iv) {
var len = iv.length
var item
while (len--) {
item = iv.readUInt8(len)
if (item === 255) {
iv.writeUInt8(0, len)
} else {
item++
iv.writeUInt8(item, len)
break
}
}
}
function getBlock (self) {
var out = self._cipher.encryptBlock(self._prev)
incr32(self._prev)
return out
}
exports.encrypt = function (self, chunk) {
while (self._cache.length < chunk.length) {
self._cache = Buffer.concat([self._cache, getBlock(self)])
}
var pad = self._cache.slice(0, chunk.length)
self._cache = self._cache.slice(chunk.length)
return xor(chunk, pad)
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 64 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var aes = __webpack_require__(51)
var Transform = __webpack_require__(27)
var inherits = __webpack_require__(15)
var modes = __webpack_require__(52)
var StreamCipher = __webpack_require__(53)
var AuthCipher = __webpack_require__(54)
var ebtk = __webpack_require__(48)
inherits(Decipher, Transform)
function Decipher (mode, key, iv) {
if (!(this instanceof Decipher)) {
return new Decipher(mode, key, iv)
}
Transform.call(this)
this._cache = new Splitter()
this._last = void 0
this._cipher = new aes.AES(key)
this._prev = new Buffer(iv.length)
iv.copy(this._prev)
this._mode = mode
this._autopadding = true
}
Decipher.prototype._update = function (data) {
this._cache.add(data)
var chunk
var thing
var out = []
while ((chunk = this._cache.get(this._autopadding))) {
thing = this._mode.decrypt(this, chunk)
out.push(thing)
}
return Buffer.concat(out)
}
Decipher.prototype._final = function () {
var chunk = this._cache.flush()
if (this._autopadding) {
return unpad(this._mode.decrypt(this, chunk))
} else if (chunk) {
throw new Error('data not multiple of block length')
}
}
Decipher.prototype.setAutoPadding = function (setTo) {
this._autopadding = !!setTo
return this
}
function Splitter () {
if (!(this instanceof Splitter)) {
return new Splitter()
}
this.cache = new Buffer('')
}
Splitter.prototype.add = function (data) {
this.cache = Buffer.concat([this.cache, data])
}
Splitter.prototype.get = function (autoPadding) {
var out
if (autoPadding) {
if (this.cache.length > 16) {
out = this.cache.slice(0, 16)
this.cache = this.cache.slice(16)
return out
}
} else {
if (this.cache.length >= 16) {
out = this.cache.slice(0, 16)
this.cache = this.cache.slice(16)
return out
}
}
return null
}
Splitter.prototype.flush = function () {
if (this.cache.length) {
return this.cache
}
}
function unpad (last) {
var padded = last[15]
var i = -1
while (++i < padded) {
if (last[(i + (16 - padded))] !== padded) {
throw new Error('unable to decrypt data')
}
}
if (padded === 16) {
return
}
return last.slice(0, 16 - padded)
}
var modelist = {
ECB: __webpack_require__(57),
CBC: __webpack_require__(58),
CFB: __webpack_require__(59),
CFB8: __webpack_require__(60),
CFB1: __webpack_require__(61),
OFB: __webpack_require__(62),
CTR: __webpack_require__(63),
GCM: __webpack_require__(63)
}
function createDecipheriv (suite, password, iv) {
var config = modes[suite.toLowerCase()]
if (!config) {
throw new TypeError('invalid suite type')
}
if (typeof iv === 'string') {
iv = new Buffer(iv)
}
if (typeof password === 'string') {
password = new Buffer(password)
}
if (password.length !== config.key / 8) {
throw new TypeError('invalid key length ' + password.length)
}
if (iv.length !== config.iv) {
throw new TypeError('invalid iv length ' + iv.length)
}
if (config.type === 'stream') {
return new StreamCipher(modelist[config.mode], password, iv, true)
} else if (config.type === 'auth') {
return new AuthCipher(modelist[config.mode], password, iv, true)
}
return new Decipher(modelist[config.mode], password, iv)
}
function createDecipher (suite, password) {
var config = modes[suite.toLowerCase()]
if (!config) {
throw new TypeError('invalid suite type')
}
var keys = ebtk(password, false, config.key, config.iv)
return createDecipheriv(suite, keys.key, keys.iv)
}
exports.createDecipher = createDecipher
exports.createDecipheriv = createDecipheriv
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 65 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var CipherBase = __webpack_require__(27)
var des = __webpack_require__(66)
var inherits = __webpack_require__(15)
var modes = {
'des-ede3-cbc': des.CBC.instantiate(des.EDE),
'des-ede3': des.EDE,
'des-ede-cbc': des.CBC.instantiate(des.EDE),
'des-ede': des.EDE,
'des-cbc': des.CBC.instantiate(des.DES),
'des-ecb': des.DES
}
modes.des = modes['des-cbc']
modes.des3 = modes['des-ede3-cbc']
module.exports = DES
inherits(DES, CipherBase)
function DES (opts) {
CipherBase.call(this)
var modeName = opts.mode.toLowerCase()
var mode = modes[modeName]
var type
if (opts.decrypt) {
type = 'decrypt'
} else {
type = 'encrypt'
}
var key = opts.key
if (modeName === 'des-ede' || modeName === 'des-ede-cbc') {
key = Buffer.concat([key, key.slice(0, 8)])
}
var iv = opts.iv
this._des = mode.create({
key: key,
iv: iv,
type: type
})
}
DES.prototype._update = function (data) {
return new Buffer(this._des.update(data))
}
DES.prototype._final = function () {
return new Buffer(this._des.final())
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 66 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
exports.utils = __webpack_require__(67);
exports.Cipher = __webpack_require__(68);
exports.DES = __webpack_require__(70);
exports.CBC = __webpack_require__(71);
exports.EDE = __webpack_require__(72);
/***/ },
/* 67 */
/***/ function(module, exports) {
'use strict';
exports.readUInt32BE = function readUInt32BE(bytes, off) {
var res = (bytes[0 + off] << 24) |
(bytes[1 + off] << 16) |
(bytes[2 + off] << 8) |
bytes[3 + off];
return res >>> 0;
};
exports.writeUInt32BE = function writeUInt32BE(bytes, value, off) {
bytes[0 + off] = value >>> 24;
bytes[1 + off] = (value >>> 16) & 0xff;
bytes[2 + off] = (value >>> 8) & 0xff;
bytes[3 + off] = value & 0xff;
};
exports.ip = function ip(inL, inR, out, off) {
var outL = 0;
var outR = 0;
for (var i = 6; i >= 0; i -= 2) {
for (var j = 0; j <= 24; j += 8) {
outL <<= 1;
outL |= (inR >>> (j + i)) & 1;
}
for (var j = 0; j <= 24; j += 8) {
outL <<= 1;
outL |= (inL >>> (j + i)) & 1;
}
}
for (var i = 6; i >= 0; i -= 2) {
for (var j = 1; j <= 25; j += 8) {
outR <<= 1;
outR |= (inR >>> (j + i)) & 1;
}
for (var j = 1; j <= 25; j += 8) {
outR <<= 1;
outR |= (inL >>> (j + i)) & 1;
}
}
out[off + 0] = outL >>> 0;
out[off + 1] = outR >>> 0;
};
exports.rip = function rip(inL, inR, out, off) {
var outL = 0;
var outR = 0;
for (var i = 0; i < 4; i++) {
for (var j = 24; j >= 0; j -= 8) {
outL <<= 1;
outL |= (inR >>> (j + i)) & 1;
outL <<= 1;
outL |= (inL >>> (j + i)) & 1;
}
}
for (var i = 4; i < 8; i++) {
for (var j = 24; j >= 0; j -= 8) {
outR <<= 1;
outR |= (inR >>> (j + i)) & 1;
outR <<= 1;
outR |= (inL >>> (j + i)) & 1;
}
}
out[off + 0] = outL >>> 0;
out[off + 1] = outR >>> 0;
};
exports.pc1 = function pc1(inL, inR, out, off) {
var outL = 0;
var outR = 0;
// 7, 15, 23, 31, 39, 47, 55, 63
// 6, 14, 22, 30, 39, 47, 55, 63
// 5, 13, 21, 29, 39, 47, 55, 63
// 4, 12, 20, 28
for (var i = 7; i >= 5; i--) {
for (var j = 0; j <= 24; j += 8) {
outL <<= 1;
outL |= (inR >> (j + i)) & 1;
}
for (var j = 0; j <= 24; j += 8) {
outL <<= 1;
outL |= (inL >> (j + i)) & 1;
}
}
for (var j = 0; j <= 24; j += 8) {
outL <<= 1;
outL |= (inR >> (j + i)) & 1;
}
// 1, 9, 17, 25, 33, 41, 49, 57
// 2, 10, 18, 26, 34, 42, 50, 58
// 3, 11, 19, 27, 35, 43, 51, 59
// 36, 44, 52, 60
for (var i = 1; i <= 3; i++) {
for (var j = 0; j <= 24; j += 8) {
outR <<= 1;
outR |= (inR >> (j + i)) & 1;
}
for (var j = 0; j <= 24; j += 8) {
outR <<= 1;
outR |= (inL >> (j + i)) & 1;
}
}
for (var j = 0; j <= 24; j += 8) {
outR <<= 1;
outR |= (inL >> (j + i)) & 1;
}
out[off + 0] = outL >>> 0;
out[off + 1] = outR >>> 0;
};
exports.r28shl = function r28shl(num, shift) {
return ((num << shift) & 0xfffffff) | (num >>> (28 - shift));
};
var pc2table = [
// inL => outL
14, 11, 17, 4, 27, 23, 25, 0,
13, 22, 7, 18, 5, 9, 16, 24,
2, 20, 12, 21, 1, 8, 15, 26,
// inR => outR
15, 4, 25, 19, 9, 1, 26, 16,
5, 11, 23, 8, 12, 7, 17, 0,
22, 3, 10, 14, 6, 20, 27, 24
];
exports.pc2 = function pc2(inL, inR, out, off) {
var outL = 0;
var outR = 0;
var len = pc2table.length >>> 1;
for (var i = 0; i < len; i++) {
outL <<= 1;
outL |= (inL >>> pc2table[i]) & 0x1;
}
for (var i = len; i < pc2table.length; i++) {
outR <<= 1;
outR |= (inR >>> pc2table[i]) & 0x1;
}
out[off + 0] = outL >>> 0;
out[off + 1] = outR >>> 0;
};
exports.expand = function expand(r, out, off) {
var outL = 0;
var outR = 0;
outL = ((r & 1) << 5) | (r >>> 27);
for (var i = 23; i >= 15; i -= 4) {
outL <<= 6;
outL |= (r >>> i) & 0x3f;
}
for (var i = 11; i >= 3; i -= 4) {
outR |= (r >>> i) & 0x3f;
outR <<= 6;
}
outR |= ((r & 0x1f) << 1) | (r >>> 31);
out[off + 0] = outL >>> 0;
out[off + 1] = outR >>> 0;
};
var sTable = [
14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1,
3, 10, 10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8,
4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7,
15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13,
15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14,
9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5,
0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2,
5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9,
10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10,
1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1,
13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7,
11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12,
7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3,
1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9,
10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8,
15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14,
2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1,
8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6,
4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13,
15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3,
12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5,
0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8,
9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10,
7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13,
4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10,
3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6,
1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7,
10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12,
13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4,
10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2,
7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13,
0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11
];
exports.substitute = function substitute(inL, inR) {
var out = 0;
for (var i = 0; i < 4; i++) {
var b = (inL >>> (18 - i * 6)) & 0x3f;
var sb = sTable[i * 0x40 + b];
out <<= 4;
out |= sb;
}
for (var i = 0; i < 4; i++) {
var b = (inR >>> (18 - i * 6)) & 0x3f;
var sb = sTable[4 * 0x40 + i * 0x40 + b];
out <<= 4;
out |= sb;
}
return out >>> 0;
};
var permuteTable = [
16, 25, 12, 11, 3, 20, 4, 15, 31, 17, 9, 6, 27, 14, 1, 22,
30, 24, 8, 18, 0, 5, 29, 23, 13, 19, 2, 26, 10, 21, 28, 7
];
exports.permute = function permute(num) {
var out = 0;
for (var i = 0; i < permuteTable.length; i++) {
out <<= 1;
out |= (num >>> permuteTable[i]) & 0x1;
}
return out >>> 0;
};
exports.padSplit = function padSplit(num, size, group) {
var str = num.toString(2);
while (str.length < size)
str = '0' + str;
var out = [];
for (var i = 0; i < size; i += group)
out.push(str.slice(i, i + group));
return out.join(' ');
};
/***/ },
/* 68 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var assert = __webpack_require__(69);
function Cipher(options) {
this.options = options;
this.type = this.options.type;
this.blockSize = 8;
this._init();
this.buffer = new Array(this.blockSize);
this.bufferOff = 0;
}
module.exports = Cipher;
Cipher.prototype._init = function _init() {
// Might be overrided
};
Cipher.prototype.update = function update(data) {
if (data.length === 0)
return [];
if (this.type === 'decrypt')
return this._updateDecrypt(data);
else
return this._updateEncrypt(data);
};
Cipher.prototype._buffer = function _buffer(data, off) {
// Append data to buffer
var min = Math.min(this.buffer.length - this.bufferOff, data.length - off);
for (var i = 0; i < min; i++)
this.buffer[this.bufferOff + i] = data[off + i];
this.bufferOff += min;
// Shift next
return min;
};
Cipher.prototype._flushBuffer = function _flushBuffer(out, off) {
this._update(this.buffer, 0, out, off);
this.bufferOff = 0;
return this.blockSize;
};
Cipher.prototype._updateEncrypt = function _updateEncrypt(data) {
var inputOff = 0;
var outputOff = 0;
var count = ((this.bufferOff + data.length) / this.blockSize) | 0;
var out = new Array(count * this.blockSize);
if (this.bufferOff !== 0) {
inputOff += this._buffer(data, inputOff);
if (this.bufferOff === this.buffer.length)
outputOff += this._flushBuffer(out, outputOff);
}
// Write blocks
var max = data.length - ((data.length - inputOff) % this.blockSize);
for (; inputOff < max; inputOff += this.blockSize) {
this._update(data, inputOff, out, outputOff);
outputOff += this.blockSize;
}
// Queue rest
for (; inputOff < data.length; inputOff++, this.bufferOff++)
this.buffer[this.bufferOff] = data[inputOff];
return out;
};
Cipher.prototype._updateDecrypt = function _updateDecrypt(data) {
var inputOff = 0;
var outputOff = 0;
var count = Math.ceil((this.bufferOff + data.length) / this.blockSize) - 1;
var out = new Array(count * this.blockSize);
// TODO(indutny): optimize it, this is far from optimal
for (; count > 0; count--) {
inputOff += this._buffer(data, inputOff);
outputOff += this._flushBuffer(out, outputOff);
}
// Buffer rest of the input
inputOff += this._buffer(data, inputOff);
return out;
};
Cipher.prototype.final = function final(buffer) {
var first;
if (buffer)
first = this.update(buffer);
var last;
if (this.type === 'encrypt')
last = this._finalEncrypt();
else
last = this._finalDecrypt();
if (first)
return first.concat(last);
else
return last;
};
Cipher.prototype._pad = function _pad(buffer, off) {
if (off === 0)
return false;
while (off < buffer.length)
buffer[off++] = 0;
return true;
};
Cipher.prototype._finalEncrypt = function _finalEncrypt() {
if (!this._pad(this.buffer, this.bufferOff))
return [];
var out = new Array(this.blockSize);
this._update(this.buffer, 0, out, 0);
return out;
};
Cipher.prototype._unpad = function _unpad(buffer) {
return buffer;
};
Cipher.prototype._finalDecrypt = function _finalDecrypt() {
assert.equal(this.bufferOff, this.blockSize, 'Not enough data to decrypt');
var out = new Array(this.blockSize);
this._flushBuffer(out, 0);
return this._unpad(out);
};
/***/ },
/* 69 */
/***/ function(module, exports) {
module.exports = assert;
function assert(val, msg) {
if (!val)
throw new Error(msg || 'Assertion failed');
}
assert.equal = function assertEqual(l, r, msg) {
if (l != r)
throw new Error(msg || ('Assertion failed: ' + l + ' != ' + r));
};
/***/ },
/* 70 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var assert = __webpack_require__(69);
var inherits = __webpack_require__(15);
var des = __webpack_require__(66);
var utils = des.utils;
var Cipher = des.Cipher;
function DESState() {
this.tmp = new Array(2);
this.keys = null;
}
function DES(options) {
Cipher.call(this, options);
var state = new DESState();
this._desState = state;
this.deriveKeys(state, options.key);
}
inherits(DES, Cipher);
module.exports = DES;
DES.create = function create(options) {
return new DES(options);
};
var shiftTable = [
1, 1, 2, 2, 2, 2, 2, 2,
1, 2, 2, 2, 2, 2, 2, 1
];
DES.prototype.deriveKeys = function deriveKeys(state, key) {
state.keys = new Array(16 * 2);
assert.equal(key.length, this.blockSize, 'Invalid key length');
var kL = utils.readUInt32BE(key, 0);
var kR = utils.readUInt32BE(key, 4);
utils.pc1(kL, kR, state.tmp, 0);
kL = state.tmp[0];
kR = state.tmp[1];
for (var i = 0; i < state.keys.length; i += 2) {
var shift = shiftTable[i >>> 1];
kL = utils.r28shl(kL, shift);
kR = utils.r28shl(kR, shift);
utils.pc2(kL, kR, state.keys, i);
}
};
DES.prototype._update = function _update(inp, inOff, out, outOff) {
var state = this._desState;
var l = utils.readUInt32BE(inp, inOff);
var r = utils.readUInt32BE(inp, inOff + 4);
// Initial Permutation
utils.ip(l, r, state.tmp, 0);
l = state.tmp[0];
r = state.tmp[1];
if (this.type === 'encrypt')
this._encrypt(state, l, r, state.tmp, 0);
else
this._decrypt(state, l, r, state.tmp, 0);
l = state.tmp[0];
r = state.tmp[1];
utils.writeUInt32BE(out, l, outOff);
utils.writeUInt32BE(out, r, outOff + 4);
};
DES.prototype._pad = function _pad(buffer, off) {
var value = buffer.length - off;
for (var i = off; i < buffer.length; i++)
buffer[i] = value;
return true;
};
DES.prototype._unpad = function _unpad(buffer) {
var pad = buffer[buffer.length - 1];
for (var i = buffer.length - pad; i < buffer.length; i++)
assert.equal(buffer[i], pad);
return buffer.slice(0, buffer.length - pad);
};
DES.prototype._encrypt = function _encrypt(state, lStart, rStart, out, off) {
var l = lStart;
var r = rStart;
// Apply f() x16 times
for (var i = 0; i < state.keys.length; i += 2) {
var keyL = state.keys[i];
var keyR = state.keys[i + 1];
// f(r, k)
utils.expand(r, state.tmp, 0);
keyL ^= state.tmp[0];
keyR ^= state.tmp[1];
var s = utils.substitute(keyL, keyR);
var f = utils.permute(s);
var t = r;
r = (l ^ f) >>> 0;
l = t;
}
// Reverse Initial Permutation
utils.rip(r, l, out, off);
};
DES.prototype._decrypt = function _decrypt(state, lStart, rStart, out, off) {
var l = rStart;
var r = lStart;
// Apply f() x16 times
for (var i = state.keys.length - 2; i >= 0; i -= 2) {
var keyL = state.keys[i];
var keyR = state.keys[i + 1];
// f(r, k)
utils.expand(l, state.tmp, 0);
keyL ^= state.tmp[0];
keyR ^= state.tmp[1];
var s = utils.substitute(keyL, keyR);
var f = utils.permute(s);
var t = l;
l = (r ^ f) >>> 0;
r = t;
}
// Reverse Initial Permutation
utils.rip(l, r, out, off);
};
/***/ },
/* 71 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var assert = __webpack_require__(69);
var inherits = __webpack_require__(15);
var proto = {};
function CBCState(iv) {
assert.equal(iv.length, 8, 'Invalid IV length');
this.iv = new Array(8);
for (var i = 0; i < this.iv.length; i++)
this.iv[i] = iv[i];
}
function instantiate(Base) {
function CBC(options) {
Base.call(this, options);
this._cbcInit();
}
inherits(CBC, Base);
var keys = Object.keys(proto);
for (var i = 0; i < keys.length; i++) {
var key = keys[i];
CBC.prototype[key] = proto[key];
}
CBC.create = function create(options) {
return new CBC(options);
};
return CBC;
}
exports.instantiate = instantiate;
proto._cbcInit = function _cbcInit() {
var state = new CBCState(this.options.iv);
this._cbcState = state;
};
proto._update = function _update(inp, inOff, out, outOff) {
var state = this._cbcState;
var superProto = this.constructor.super_.prototype;
var iv = state.iv;
if (this.type === 'encrypt') {
for (var i = 0; i < this.blockSize; i++)
iv[i] ^= inp[inOff + i];
superProto._update.call(this, iv, 0, out, outOff);
for (var i = 0; i < this.blockSize; i++)
iv[i] = out[outOff + i];
} else {
superProto._update.call(this, inp, inOff, out, outOff);
for (var i = 0; i < this.blockSize; i++)
out[outOff + i] ^= iv[i];
for (var i = 0; i < this.blockSize; i++)
iv[i] = inp[inOff + i];
}
};
/***/ },
/* 72 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var assert = __webpack_require__(69);
var inherits = __webpack_require__(15);
var des = __webpack_require__(66);
var Cipher = des.Cipher;
var DES = des.DES;
function EDEState(type, key) {
assert.equal(key.length, 24, 'Invalid key length');
var k1 = key.slice(0, 8);
var k2 = key.slice(8, 16);
var k3 = key.slice(16, 24);
if (type === 'encrypt') {
this.ciphers = [
DES.create({ type: 'encrypt', key: k1 }),
DES.create({ type: 'decrypt', key: k2 }),
DES.create({ type: 'encrypt', key: k3 })
];
} else {
this.ciphers = [
DES.create({ type: 'decrypt', key: k3 }),
DES.create({ type: 'encrypt', key: k2 }),
DES.create({ type: 'decrypt', key: k1 })
];
}
}
function EDE(options) {
Cipher.call(this, options);
var state = new EDEState(this.type, this.options.key);
this._edeState = state;
}
inherits(EDE, Cipher);
module.exports = EDE;
EDE.create = function create(options) {
return new EDE(options);
};
EDE.prototype._update = function _update(inp, inOff, out, outOff) {
var state = this._edeState;
state.ciphers[0]._update(inp, inOff, out, outOff);
state.ciphers[1]._update(out, outOff, out, outOff);
state.ciphers[2]._update(out, outOff, out, outOff);
};
EDE.prototype._pad = DES.prototype._pad;
EDE.prototype._unpad = DES.prototype._unpad;
/***/ },
/* 73 */
/***/ function(module, exports) {
exports['des-ecb'] = {
key: 8,
iv: 0
}
exports['des-cbc'] = exports.des = {
key: 8,
iv: 8
}
exports['des-ede3-cbc'] = exports.des3 = {
key: 24,
iv: 8
}
exports['des-ede3'] = {
key: 24,
iv: 0
}
exports['des-ede-cbc'] = {
key: 16,
iv: 8
}
exports['des-ede'] = {
key: 16,
iv: 0
}
/***/ },
/* 74 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var generatePrime = __webpack_require__(75)
var primes = __webpack_require__(97)
var DH = __webpack_require__(98)
function getDiffieHellman (mod) {
var prime = new Buffer(primes[mod].prime, 'hex')
var gen = new Buffer(primes[mod].gen, 'hex')
return new DH(prime, gen)
}
var ENCODINGS = {
'binary': true, 'hex': true, 'base64': true
}
function createDiffieHellman (prime, enc, generator, genc) {
if (Buffer.isBuffer(enc) || ENCODINGS[enc] === undefined) {
return createDiffieHellman(prime, 'binary', enc, generator)
}
enc = enc || 'binary'
genc = genc || 'binary'
generator = generator || new Buffer([2])
if (!Buffer.isBuffer(generator)) {
generator = new Buffer(generator, genc)
}
if (typeof prime === 'number') {
return new DH(generatePrime(prime, generator), generator, true)
}
if (!Buffer.isBuffer(prime)) {
prime = new Buffer(prime, enc)
}
return new DH(prime, generator, true)
}
exports.DiffieHellmanGroup = exports.createDiffieHellmanGroup = exports.getDiffieHellman = getDiffieHellman
exports.createDiffieHellman = exports.DiffieHellman = createDiffieHellman
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 75 */
/***/ function(module, exports, __webpack_require__) {
var randomBytes = __webpack_require__(12);
module.exports = findPrime;
findPrime.simpleSieve = simpleSieve;
findPrime.fermatTest = fermatTest;
var BN = __webpack_require__(76);
var TWENTYFOUR = new BN(24);
var MillerRabin = __webpack_require__(78);
var millerRabin = new MillerRabin();
var ONE = new BN(1);
var TWO = new BN(2);
var FIVE = new BN(5);
var SIXTEEN = new BN(16);
var EIGHT = new BN(8);
var TEN = new BN(10);
var THREE = new BN(3);
var SEVEN = new BN(7);
var ELEVEN = new BN(11);
var FOUR = new BN(4);
var TWELVE = new BN(12);
var primes = null;
function _getPrimes() {
if (primes !== null)
return primes;
var limit = 0x100000;
var res = [];
res[0] = 2;
for (var i = 1, k = 3; k < limit; k += 2) {
var sqrt = Math.ceil(Math.sqrt(k));
for (var j = 0; j < i && res[j] <= sqrt; j++)
if (k % res[j] === 0)
break;
if (i !== j && res[j] <= sqrt)
continue;
res[i++] = k;
}
primes = res;
return res;
}
function simpleSieve(p) {
var primes = _getPrimes();
for (var i = 0; i < primes.length; i++)
if (p.modn(primes[i]) === 0) {
if (p.cmpn(primes[i]) === 0) {
return true;
} else {
return false;
}
}
return true;
}
function fermatTest(p) {
var red = BN.mont(p);
return TWO.toRed(red).redPow(p.subn(1)).fromRed().cmpn(1) === 0;
}
function findPrime(bits, gen) {
if (bits < 16) {
// this is what openssl does
if (gen === 2 || gen === 5) {
return new BN([0x8c, 0x7b]);
} else {
return new BN([0x8c, 0x27]);
}
}
gen = new BN(gen);
var num, n2;
while (true) {
num = new BN(randomBytes(Math.ceil(bits / 8)));
while (num.bitLength() > bits) {
num.ishrn(1);
}
if (num.isEven()) {
num.iadd(ONE);
}
if (!num.testn(1)) {
num.iadd(TWO);
}
if (!gen.cmp(TWO)) {
while (num.mod(TWENTYFOUR).cmp(ELEVEN)) {
num.iadd(FOUR);
}
} else if (!gen.cmp(FIVE)) {
while (num.mod(TEN).cmp(THREE)) {
num.iadd(FOUR);
}
}
n2 = num.shrn(1);
if (simpleSieve(n2) && simpleSieve(num) &&
fermatTest(n2) && fermatTest(num) &&
millerRabin.test(n2) && millerRabin.test(num)) {
return num;
}
}
}
/***/ },
/* 76 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(module) {(function (module, exports) {
'use strict';
// Utils
function assert (val, msg) {
if (!val) throw new Error(msg || 'Assertion failed');
}
// Could use `inherits` module, but don't want to move from single file
// architecture yet.
function inherits (ctor, superCtor) {
ctor.super_ = superCtor;
var TempCtor = function () {};
TempCtor.prototype = superCtor.prototype;
ctor.prototype = new TempCtor();
ctor.prototype.constructor = ctor;
}
// BN
function BN (number, base, endian) {
// May be `new BN(bn)` ?
if (number !== null &&
typeof number === 'object' &&
Array.isArray(number.words)) {
return number;
}
this.negative = 0;
this.words = null;
this.length = 0;
// Reduction context
this.red = null;
if (number !== null) {
if (base === 'le' || base === 'be') {
endian = base;
base = 10;
}
this._init(number || 0, base || 10, endian || 'be');
}
}
if (typeof module === 'object') {
module.exports = BN;
} else {
exports.BN = BN;
}
BN.BN = BN;
BN.wordSize = 26;
var Buffer;
try {
Buffer = __webpack_require__(1).Buffer;
} catch (e) {
}
BN.max = function max (left, right) {
if (left.cmp(right) > 0) return left;
return right;
};
BN.min = function min (left, right) {
if (left.cmp(right) < 0) return left;
return right;
};
BN.prototype._init = function init (number, base, endian) {
if (typeof number === 'number') {
return this._initNumber(number, base, endian);
}
if (typeof number === 'object') {
return this._initArray(number, base, endian);
}
if (base === 'hex') {
base = 16;
}
assert(base === (base | 0) && base >= 2 && base <= 36);
number = number.toString().replace(/\s+/g, '');
var start = 0;
if (number[0] === '-') {
start++;
}
if (base === 16) {
this._parseHex(number, start);
} else {
this._parseBase(number, base, start);
}
if (number[0] === '-') {
this.negative = 1;
}
this.strip();
if (endian !== 'le') return;
this._initArray(this.toArray(), base, endian);
};
BN.prototype._initNumber = function _initNumber (number, base, endian) {
if (number < 0) {
this.negative = 1;
number = -number;
}
if (number < 0x4000000) {
this.words = [ number & 0x3ffffff ];
this.length = 1;
} else if (number < 0x10000000000000) {
this.words = [
number & 0x3ffffff,
(number / 0x4000000) & 0x3ffffff
];
this.length = 2;
} else {
assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)
this.words = [
number & 0x3ffffff,
(number / 0x4000000) & 0x3ffffff,
1
];
this.length = 3;
}
if (endian !== 'le') return;
// Reverse the bytes
this._initArray(this.toArray(), base, endian);
};
BN.prototype._initArray = function _initArray (number, base, endian) {
// Perhaps a Uint8Array
assert(typeof number.length === 'number');
if (number.length <= 0) {
this.words = [ 0 ];
this.length = 1;
return this;
}
this.length = Math.ceil(number.length / 3);
this.words = new Array(this.length);
for (var i = 0; i < this.length; i++) {
this.words[i] = 0;
}
var j, w;
var off = 0;
if (endian === 'be') {
for (i = number.length - 1, j = 0; i >= 0; i -= 3) {
w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);
this.words[j] |= (w << off) & 0x3ffffff;
this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;
off += 24;
if (off >= 26) {
off -= 26;
j++;
}
}
} else if (endian === 'le') {
for (i = 0, j = 0; i < number.length; i += 3) {
w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);
this.words[j] |= (w << off) & 0x3ffffff;
this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;
off += 24;
if (off >= 26) {
off -= 26;
j++;
}
}
}
return this.strip();
};
function parseHex (str, start, end) {
var r = 0;
var len = Math.min(str.length, end);
for (var i = start; i < len; i++) {
var c = str.charCodeAt(i) - 48;
r <<= 4;
// 'a' - 'f'
if (c >= 49 && c <= 54) {
r |= c - 49 + 0xa;
// 'A' - 'F'
} else if (c >= 17 && c <= 22) {
r |= c - 17 + 0xa;
// '0' - '9'
} else {
r |= c & 0xf;
}
}
return r;
}
BN.prototype._parseHex = function _parseHex (number, start) {
// Create possibly bigger array to ensure that it fits the number
this.length = Math.ceil((number.length - start) / 6);
this.words = new Array(this.length);
for (var i = 0; i < this.length; i++) {
this.words[i] = 0;
}
var j, w;
// Scan 24-bit chunks and add them to the number
var off = 0;
for (i = number.length - 6, j = 0; i >= start; i -= 6) {
w = parseHex(number, i, i + 6);
this.words[j] |= (w << off) & 0x3ffffff;
this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;
off += 24;
if (off >= 26) {
off -= 26;
j++;
}
}
if (i + 6 !== start) {
w = parseHex(number, start, i + 6);
this.words[j] |= (w << off) & 0x3ffffff;
this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;
}
this.strip();
};
function parseBase (str, start, end, mul) {
var r = 0;
var len = Math.min(str.length, end);
for (var i = start; i < len; i++) {
var c = str.charCodeAt(i) - 48;
r *= mul;
// 'a'
if (c >= 49) {
r += c - 49 + 0xa;
// 'A'
} else if (c >= 17) {
r += c - 17 + 0xa;
// '0' - '9'
} else {
r += c;
}
}
return r;
}
BN.prototype._parseBase = function _parseBase (number, base, start) {
// Initialize as zero
this.words = [ 0 ];
this.length = 1;
// Find length of limb in base
for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) {
limbLen++;
}
limbLen--;
limbPow = (limbPow / base) | 0;
var total = number.length - start;
var mod = total % limbLen;
var end = Math.min(total, total - mod) + start;
var word = 0;
for (var i = start; i < end; i += limbLen) {
word = parseBase(number, i, i + limbLen, base);
this.imuln(limbPow);
if (this.words[0] + word < 0x4000000) {
this.words[0] += word;
} else {
this._iaddn(word);
}
}
if (mod !== 0) {
var pow = 1;
word = parseBase(number, i, number.length, base);
for (i = 0; i < mod; i++) {
pow *= base;
}
this.imuln(pow);
if (this.words[0] + word < 0x4000000) {
this.words[0] += word;
} else {
this._iaddn(word);
}
}
};
BN.prototype.copy = function copy (dest) {
dest.words = new Array(this.length);
for (var i = 0; i < this.length; i++) {
dest.words[i] = this.words[i];
}
dest.length = this.length;
dest.negative = this.negative;
dest.red = this.red;
};
BN.prototype.clone = function clone () {
var r = new BN(null);
this.copy(r);
return r;
};
BN.prototype._expand = function _expand (size) {
while (this.length < size) {
this.words[this.length++] = 0;
}
return this;
};
// Remove leading `0` from `this`
BN.prototype.strip = function strip () {
while (this.length > 1 && this.words[this.length - 1] === 0) {
this.length--;
}
return this._normSign();
};
BN.prototype._normSign = function _normSign () {
// -0 = 0
if (this.length === 1 && this.words[0] === 0) {
this.negative = 0;
}
return this;
};
BN.prototype.inspect = function inspect () {
return (this.red ? '<BN-R: ' : '<BN: ') + this.toString(16) + '>';
};
/*
var zeros = [];
var groupSizes = [];
var groupBases = [];
var s = '';
var i = -1;
while (++i < BN.wordSize) {
zeros[i] = s;
s += '0';
}
groupSizes[0] = 0;
groupSizes[1] = 0;
groupBases[0] = 0;
groupBases[1] = 0;
var base = 2 - 1;
while (++base < 36 + 1) {
var groupSize = 0;
var groupBase = 1;
while (groupBase < (1 << BN.wordSize) / base) {
groupBase *= base;
groupSize += 1;
}
groupSizes[base] = groupSize;
groupBases[base] = groupBase;
}
*/
var zeros = [
'',
'0',
'00',
'000',
'0000',
'00000',
'000000',
'0000000',
'00000000',
'000000000',
'0000000000',
'00000000000',
'000000000000',
'0000000000000',
'00000000000000',
'000000000000000',
'0000000000000000',
'00000000000000000',
'000000000000000000',
'0000000000000000000',
'00000000000000000000',
'000000000000000000000',
'0000000000000000000000',
'00000000000000000000000',
'000000000000000000000000',
'0000000000000000000000000'
];
var groupSizes = [
0, 0,
25, 16, 12, 11, 10, 9, 8,
8, 7, 7, 7, 7, 6, 6,
6, 6, 6, 6, 6, 5, 5,
5, 5, 5, 5, 5, 5, 5,
5, 5, 5, 5, 5, 5, 5
];
var groupBases = [
0, 0,
33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,
43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,
16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,
6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,
24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176
];
BN.prototype.toString = function toString (base, padding) {
base = base || 10;
padding = padding | 0 || 1;
var out;
if (base === 16 || base === 'hex') {
out = '';
var off = 0;
var carry = 0;
for (var i = 0; i < this.length; i++) {
var w = this.words[i];
var word = (((w << off) | carry) & 0xffffff).toString(16);
carry = (w >>> (24 - off)) & 0xffffff;
if (carry !== 0 || i !== this.length - 1) {
out = zeros[6 - word.length] + word + out;
} else {
out = word + out;
}
off += 2;
if (off >= 26) {
off -= 26;
i--;
}
}
if (carry !== 0) {
out = carry.toString(16) + out;
}
while (out.length % padding !== 0) {
out = '0' + out;
}
if (this.negative !== 0) {
out = '-' + out;
}
return out;
}
if (base === (base | 0) && base >= 2 && base <= 36) {
// var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));
var groupSize = groupSizes[base];
// var groupBase = Math.pow(base, groupSize);
var groupBase = groupBases[base];
out = '';
var c = this.clone();
c.negative = 0;
while (!c.isZero()) {
var r = c.modn(groupBase).toString(base);
c = c.idivn(groupBase);
if (!c.isZero()) {
out = zeros[groupSize - r.length] + r + out;
} else {
out = r + out;
}
}
if (this.isZero()) {
out = '0' + out;
}
while (out.length % padding !== 0) {
out = '0' + out;
}
if (this.negative !== 0) {
out = '-' + out;
}
return out;
}
assert(false, 'Base should be between 2 and 36');
};
BN.prototype.toNumber = function toNumber () {
var length = this.bitLength();
var ret;
if (length <= 26) {
ret = this.words[0];
} else if (length <= 52) {
ret = (this.words[1] * 0x4000000) + this.words[0];
} else if (length === 53) {
// NOTE: at this stage it is known that the top bit is set
ret = 0x10000000000000 + (this.words[1] * 0x4000000) + this.words[0];
} else {
assert(false, 'Number can only safely store up to 53 bits');
}
return (this.negative !== 0) ? -ret : ret;
};
BN.prototype.toJSON = function toJSON () {
return this.toString(16);
};
BN.prototype.toBuffer = function toBuffer (endian, length) {
assert(typeof Buffer !== 'undefined');
return this.toArrayLike(Buffer, endian, length);
};
BN.prototype.toArray = function toArray (endian, length) {
return this.toArrayLike(Array, endian, length);
};
BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) {
var byteLength = this.byteLength();
var reqLength = length || Math.max(1, byteLength);
assert(byteLength <= reqLength, 'byte array longer than desired length');
assert(reqLength > 0, 'Requested array length <= 0');
this.strip();
var littleEndian = endian === 'le';
var res = new ArrayType(reqLength);
var b, i;
var q = this.clone();
if (!littleEndian) {
// Assume big-endian
for (i = 0; i < reqLength - byteLength; i++) {
res[i] = 0;
}
for (i = 0; !q.isZero(); i++) {
b = q.andln(0xff);
q.iushrn(8);
res[reqLength - i - 1] = b;
}
} else {
for (i = 0; !q.isZero(); i++) {
b = q.andln(0xff);
q.iushrn(8);
res[i] = b;
}
for (; i < reqLength; i++) {
res[i] = 0;
}
}
return res;
};
if (Math.clz32) {
BN.prototype._countBits = function _countBits (w) {
return 32 - Math.clz32(w);
};
} else {
BN.prototype._countBits = function _countBits (w) {
var t = w;
var r = 0;
if (t >= 0x1000) {
r += 13;
t >>>= 13;
}
if (t >= 0x40) {
r += 7;
t >>>= 7;
}
if (t >= 0x8) {
r += 4;
t >>>= 4;
}
if (t >= 0x02) {
r += 2;
t >>>= 2;
}
return r + t;
};
}
BN.prototype._zeroBits = function _zeroBits (w) {
// Short-cut
if (w === 0) return 26;
var t = w;
var r = 0;
if ((t & 0x1fff) === 0) {
r += 13;
t >>>= 13;
}
if ((t & 0x7f) === 0) {
r += 7;
t >>>= 7;
}
if ((t & 0xf) === 0) {
r += 4;
t >>>= 4;
}
if ((t & 0x3) === 0) {
r += 2;
t >>>= 2;
}
if ((t & 0x1) === 0) {
r++;
}
return r;
};
// Return number of used bits in a BN
BN.prototype.bitLength = function bitLength () {
var w = this.words[this.length - 1];
var hi = this._countBits(w);
return (this.length - 1) * 26 + hi;
};
function toBitArray (num) {
var w = new Array(num.bitLength());
for (var bit = 0; bit < w.length; bit++) {
var off = (bit / 26) | 0;
var wbit = bit % 26;
w[bit] = (num.words[off] & (1 << wbit)) >>> wbit;
}
return w;
}
// Number of trailing zero bits
BN.prototype.zeroBits = function zeroBits () {
if (this.isZero()) return 0;
var r = 0;
for (var i = 0; i < this.length; i++) {
var b = this._zeroBits(this.words[i]);
r += b;
if (b !== 26) break;
}
return r;
};
BN.prototype.byteLength = function byteLength () {
return Math.ceil(this.bitLength() / 8);
};
BN.prototype.toTwos = function toTwos (width) {
if (this.negative !== 0) {
return this.abs().inotn(width).iaddn(1);
}
return this.clone();
};
BN.prototype.fromTwos = function fromTwos (width) {
if (this.testn(width - 1)) {
return this.notn(width).iaddn(1).ineg();
}
return this.clone();
};
BN.prototype.isNeg = function isNeg () {
return this.negative !== 0;
};
// Return negative clone of `this`
BN.prototype.neg = function neg () {
return this.clone().ineg();
};
BN.prototype.ineg = function ineg () {
if (!this.isZero()) {
this.negative ^= 1;
}
return this;
};
// Or `num` with `this` in-place
BN.prototype.iuor = function iuor (num) {
while (this.length < num.length) {
this.words[this.length++] = 0;
}
for (var i = 0; i < num.length; i++) {
this.words[i] = this.words[i] | num.words[i];
}
return this.strip();
};
BN.prototype.ior = function ior (num) {
assert((this.negative | num.negative) === 0);
return this.iuor(num);
};
// Or `num` with `this`
BN.prototype.or = function or (num) {
if (this.length > num.length) return this.clone().ior(num);
return num.clone().ior(this);
};
BN.prototype.uor = function uor (num) {
if (this.length > num.length) return this.clone().iuor(num);
return num.clone().iuor(this);
};
// And `num` with `this` in-place
BN.prototype.iuand = function iuand (num) {
// b = min-length(num, this)
var b;
if (this.length > num.length) {
b = num;
} else {
b = this;
}
for (var i = 0; i < b.length; i++) {
this.words[i] = this.words[i] & num.words[i];
}
this.length = b.length;
return this.strip();
};
BN.prototype.iand = function iand (num) {
assert((this.negative | num.negative) === 0);
return this.iuand(num);
};
// And `num` with `this`
BN.prototype.and = function and (num) {
if (this.length > num.length) return this.clone().iand(num);
return num.clone().iand(this);
};
BN.prototype.uand = function uand (num) {
if (this.length > num.length) return this.clone().iuand(num);
return num.clone().iuand(this);
};
// Xor `num` with `this` in-place
BN.prototype.iuxor = function iuxor (num) {
// a.length > b.length
var a;
var b;
if (this.length > num.length) {
a = this;
b = num;
} else {
a = num;
b = this;
}
for (var i = 0; i < b.length; i++) {
this.words[i] = a.words[i] ^ b.words[i];
}
if (this !== a) {
for (; i < a.length; i++) {
this.words[i] = a.words[i];
}
}
this.length = a.length;
return this.strip();
};
BN.prototype.ixor = function ixor (num) {
assert((this.negative | num.negative) === 0);
return this.iuxor(num);
};
// Xor `num` with `this`
BN.prototype.xor = function xor (num) {
if (this.length > num.length) return this.clone().ixor(num);
return num.clone().ixor(this);
};
BN.prototype.uxor = function uxor (num) {
if (this.length > num.length) return this.clone().iuxor(num);
return num.clone().iuxor(this);
};
// Not ``this`` with ``width`` bitwidth
BN.prototype.inotn = function inotn (width) {
assert(typeof width === 'number' && width >= 0);
var bytesNeeded = Math.ceil(width / 26) | 0;
var bitsLeft = width % 26;
// Extend the buffer with leading zeroes
this._expand(bytesNeeded);
if (bitsLeft > 0) {
bytesNeeded--;
}
// Handle complete words
for (var i = 0; i < bytesNeeded; i++) {
this.words[i] = ~this.words[i] & 0x3ffffff;
}
// Handle the residue
if (bitsLeft > 0) {
this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft));
}
// And remove leading zeroes
return this.strip();
};
BN.prototype.notn = function notn (width) {
return this.clone().inotn(width);
};
// Set `bit` of `this`
BN.prototype.setn = function setn (bit, val) {
assert(typeof bit === 'number' && bit >= 0);
var off = (bit / 26) | 0;
var wbit = bit % 26;
this._expand(off + 1);
if (val) {
this.words[off] = this.words[off] | (1 << wbit);
} else {
this.words[off] = this.words[off] & ~(1 << wbit);
}
return this.strip();
};
// Add `num` to `this` in-place
BN.prototype.iadd = function iadd (num) {
var r;
// negative + positive
if (this.negative !== 0 && num.negative === 0) {
this.negative = 0;
r = this.isub(num);
this.negative ^= 1;
return this._normSign();
// positive + negative
} else if (this.negative === 0 && num.negative !== 0) {
num.negative = 0;
r = this.isub(num);
num.negative = 1;
return r._normSign();
}
// a.length > b.length
var a, b;
if (this.length > num.length) {
a = this;
b = num;
} else {
a = num;
b = this;
}
var carry = 0;
for (var i = 0; i < b.length; i++) {
r = (a.words[i] | 0) + (b.words[i] | 0) + carry;
this.words[i] = r & 0x3ffffff;
carry = r >>> 26;
}
for (; carry !== 0 && i < a.length; i++) {
r = (a.words[i] | 0) + carry;
this.words[i] = r & 0x3ffffff;
carry = r >>> 26;
}
this.length = a.length;
if (carry !== 0) {
this.words[this.length] = carry;
this.length++;
// Copy the rest of the words
} else if (a !== this) {
for (; i < a.length; i++) {
this.words[i] = a.words[i];
}
}
return this;
};
// Add `num` to `this`
BN.prototype.add = function add (num) {
var res;
if (num.negative !== 0 && this.negative === 0) {
num.negative = 0;
res = this.sub(num);
num.negative ^= 1;
return res;
} else if (num.negative === 0 && this.negative !== 0) {
this.negative = 0;
res = num.sub(this);
this.negative = 1;
return res;
}
if (this.length > num.length) return this.clone().iadd(num);
return num.clone().iadd(this);
};
// Subtract `num` from `this` in-place
BN.prototype.isub = function isub (num) {
// this - (-num) = this + num
if (num.negative !== 0) {
num.negative = 0;
var r = this.iadd(num);
num.negative = 1;
return r._normSign();
// -this - num = -(this + num)
} else if (this.negative !== 0) {
this.negative = 0;
this.iadd(num);
this.negative = 1;
return this._normSign();
}
// At this point both numbers are positive
var cmp = this.cmp(num);
// Optimization - zeroify
if (cmp === 0) {
this.negative = 0;
this.length = 1;
this.words[0] = 0;
return this;
}
// a > b
var a, b;
if (cmp > 0) {
a = this;
b = num;
} else {
a = num;
b = this;
}
var carry = 0;
for (var i = 0; i < b.length; i++) {
r = (a.words[i] | 0) - (b.words[i] | 0) + carry;
carry = r >> 26;
this.words[i] = r & 0x3ffffff;
}
for (; carry !== 0 && i < a.length; i++) {
r = (a.words[i] | 0) + carry;
carry = r >> 26;
this.words[i] = r & 0x3ffffff;
}
// Copy rest of the words
if (carry === 0 && i < a.length && a !== this) {
for (; i < a.length; i++) {
this.words[i] = a.words[i];
}
}
this.length = Math.max(this.length, i);
if (a !== this) {
this.negative = 1;
}
return this.strip();
};
// Subtract `num` from `this`
BN.prototype.sub = function sub (num) {
return this.clone().isub(num);
};
function smallMulTo (self, num, out) {
out.negative = num.negative ^ self.negative;
var len = (self.length + num.length) | 0;
out.length = len;
len = (len - 1) | 0;
// Peel one iteration (compiler can't do it, because of code complexity)
var a = self.words[0] | 0;
var b = num.words[0] | 0;
var r = a * b;
var lo = r & 0x3ffffff;
var carry = (r / 0x4000000) | 0;
out.words[0] = lo;
for (var k = 1; k < len; k++) {
// Sum all words with the same `i + j = k` and accumulate `ncarry`,
// note that ncarry could be >= 0x3ffffff
var ncarry = carry >>> 26;
var rword = carry & 0x3ffffff;
var maxJ = Math.min(k, num.length - 1);
for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {
var i = (k - j) | 0;
a = self.words[i] | 0;
b = num.words[j] | 0;
r = a * b + rword;
ncarry += (r / 0x4000000) | 0;
rword = r & 0x3ffffff;
}
out.words[k] = rword | 0;
carry = ncarry | 0;
}
if (carry !== 0) {
out.words[k] = carry | 0;
} else {
out.length--;
}
return out.strip();
}
// TODO(indutny): it may be reasonable to omit it for users who don't need
// to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit
// multiplication (like elliptic secp256k1).
var comb10MulTo = function comb10MulTo (self, num, out) {
var a = self.words;
var b = num.words;
var o = out.words;
var c = 0;
var lo;
var mid;
var hi;
var a0 = a[0] | 0;
var al0 = a0 & 0x1fff;
var ah0 = a0 >>> 13;
var a1 = a[1] | 0;
var al1 = a1 & 0x1fff;
var ah1 = a1 >>> 13;
var a2 = a[2] | 0;
var al2 = a2 & 0x1fff;
var ah2 = a2 >>> 13;
var a3 = a[3] | 0;
var al3 = a3 & 0x1fff;
var ah3 = a3 >>> 13;
var a4 = a[4] | 0;
var al4 = a4 & 0x1fff;
var ah4 = a4 >>> 13;
var a5 = a[5] | 0;
var al5 = a5 & 0x1fff;
var ah5 = a5 >>> 13;
var a6 = a[6] | 0;
var al6 = a6 & 0x1fff;
var ah6 = a6 >>> 13;
var a7 = a[7] | 0;
var al7 = a7 & 0x1fff;
var ah7 = a7 >>> 13;
var a8 = a[8] | 0;
var al8 = a8 & 0x1fff;
var ah8 = a8 >>> 13;
var a9 = a[9] | 0;
var al9 = a9 & 0x1fff;
var ah9 = a9 >>> 13;
var b0 = b[0] | 0;
var bl0 = b0 & 0x1fff;
var bh0 = b0 >>> 13;
var b1 = b[1] | 0;
var bl1 = b1 & 0x1fff;
var bh1 = b1 >>> 13;
var b2 = b[2] | 0;
var bl2 = b2 & 0x1fff;
var bh2 = b2 >>> 13;
var b3 = b[3] | 0;
var bl3 = b3 & 0x1fff;
var bh3 = b3 >>> 13;
var b4 = b[4] | 0;
var bl4 = b4 & 0x1fff;
var bh4 = b4 >>> 13;
var b5 = b[5] | 0;
var bl5 = b5 & 0x1fff;
var bh5 = b5 >>> 13;
var b6 = b[6] | 0;
var bl6 = b6 & 0x1fff;
var bh6 = b6 >>> 13;
var b7 = b[7] | 0;
var bl7 = b7 & 0x1fff;
var bh7 = b7 >>> 13;
var b8 = b[8] | 0;
var bl8 = b8 & 0x1fff;
var bh8 = b8 >>> 13;
var b9 = b[9] | 0;
var bl9 = b9 & 0x1fff;
var bh9 = b9 >>> 13;
out.negative = self.negative ^ num.negative;
out.length = 19;
/* k = 0 */
lo = Math.imul(al0, bl0);
mid = Math.imul(al0, bh0);
mid += Math.imul(ah0, bl0);
hi = Math.imul(ah0, bh0);
var w0 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w0 >>> 26);
w0 &= 0x3ffffff;
/* k = 1 */
lo = Math.imul(al1, bl0);
mid = Math.imul(al1, bh0);
mid += Math.imul(ah1, bl0);
hi = Math.imul(ah1, bh0);
lo += Math.imul(al0, bl1);
mid += Math.imul(al0, bh1);
mid += Math.imul(ah0, bl1);
hi += Math.imul(ah0, bh1);
var w1 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w1 >>> 26);
w1 &= 0x3ffffff;
/* k = 2 */
lo = Math.imul(al2, bl0);
mid = Math.imul(al2, bh0);
mid += Math.imul(ah2, bl0);
hi = Math.imul(ah2, bh0);
lo += Math.imul(al1, bl1);
mid += Math.imul(al1, bh1);
mid += Math.imul(ah1, bl1);
hi += Math.imul(ah1, bh1);
lo += Math.imul(al0, bl2);
mid += Math.imul(al0, bh2);
mid += Math.imul(ah0, bl2);
hi += Math.imul(ah0, bh2);
var w2 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w2 >>> 26);
w2 &= 0x3ffffff;
/* k = 3 */
lo = Math.imul(al3, bl0);
mid = Math.imul(al3, bh0);
mid += Math.imul(ah3, bl0);
hi = Math.imul(ah3, bh0);
lo += Math.imul(al2, bl1);
mid += Math.imul(al2, bh1);
mid += Math.imul(ah2, bl1);
hi += Math.imul(ah2, bh1);
lo += Math.imul(al1, bl2);
mid += Math.imul(al1, bh2);
mid += Math.imul(ah1, bl2);
hi += Math.imul(ah1, bh2);
lo += Math.imul(al0, bl3);
mid += Math.imul(al0, bh3);
mid += Math.imul(ah0, bl3);
hi += Math.imul(ah0, bh3);
var w3 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w3 >>> 26);
w3 &= 0x3ffffff;
/* k = 4 */
lo = Math.imul(al4, bl0);
mid = Math.imul(al4, bh0);
mid += Math.imul(ah4, bl0);
hi = Math.imul(ah4, bh0);
lo += Math.imul(al3, bl1);
mid += Math.imul(al3, bh1);
mid += Math.imul(ah3, bl1);
hi += Math.imul(ah3, bh1);
lo += Math.imul(al2, bl2);
mid += Math.imul(al2, bh2);
mid += Math.imul(ah2, bl2);
hi += Math.imul(ah2, bh2);
lo += Math.imul(al1, bl3);
mid += Math.imul(al1, bh3);
mid += Math.imul(ah1, bl3);
hi += Math.imul(ah1, bh3);
lo += Math.imul(al0, bl4);
mid += Math.imul(al0, bh4);
mid += Math.imul(ah0, bl4);
hi += Math.imul(ah0, bh4);
var w4 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w4 >>> 26);
w4 &= 0x3ffffff;
/* k = 5 */
lo = Math.imul(al5, bl0);
mid = Math.imul(al5, bh0);
mid += Math.imul(ah5, bl0);
hi = Math.imul(ah5, bh0);
lo += Math.imul(al4, bl1);
mid += Math.imul(al4, bh1);
mid += Math.imul(ah4, bl1);
hi += Math.imul(ah4, bh1);
lo += Math.imul(al3, bl2);
mid += Math.imul(al3, bh2);
mid += Math.imul(ah3, bl2);
hi += Math.imul(ah3, bh2);
lo += Math.imul(al2, bl3);
mid += Math.imul(al2, bh3);
mid += Math.imul(ah2, bl3);
hi += Math.imul(ah2, bh3);
lo += Math.imul(al1, bl4);
mid += Math.imul(al1, bh4);
mid += Math.imul(ah1, bl4);
hi += Math.imul(ah1, bh4);
lo += Math.imul(al0, bl5);
mid += Math.imul(al0, bh5);
mid += Math.imul(ah0, bl5);
hi += Math.imul(ah0, bh5);
var w5 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w5 >>> 26);
w5 &= 0x3ffffff;
/* k = 6 */
lo = Math.imul(al6, bl0);
mid = Math.imul(al6, bh0);
mid += Math.imul(ah6, bl0);
hi = Math.imul(ah6, bh0);
lo += Math.imul(al5, bl1);
mid += Math.imul(al5, bh1);
mid += Math.imul(ah5, bl1);
hi += Math.imul(ah5, bh1);
lo += Math.imul(al4, bl2);
mid += Math.imul(al4, bh2);
mid += Math.imul(ah4, bl2);
hi += Math.imul(ah4, bh2);
lo += Math.imul(al3, bl3);
mid += Math.imul(al3, bh3);
mid += Math.imul(ah3, bl3);
hi += Math.imul(ah3, bh3);
lo += Math.imul(al2, bl4);
mid += Math.imul(al2, bh4);
mid += Math.imul(ah2, bl4);
hi += Math.imul(ah2, bh4);
lo += Math.imul(al1, bl5);
mid += Math.imul(al1, bh5);
mid += Math.imul(ah1, bl5);
hi += Math.imul(ah1, bh5);
lo += Math.imul(al0, bl6);
mid += Math.imul(al0, bh6);
mid += Math.imul(ah0, bl6);
hi += Math.imul(ah0, bh6);
var w6 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w6 >>> 26);
w6 &= 0x3ffffff;
/* k = 7 */
lo = Math.imul(al7, bl0);
mid = Math.imul(al7, bh0);
mid += Math.imul(ah7, bl0);
hi = Math.imul(ah7, bh0);
lo += Math.imul(al6, bl1);
mid += Math.imul(al6, bh1);
mid += Math.imul(ah6, bl1);
hi += Math.imul(ah6, bh1);
lo += Math.imul(al5, bl2);
mid += Math.imul(al5, bh2);
mid += Math.imul(ah5, bl2);
hi += Math.imul(ah5, bh2);
lo += Math.imul(al4, bl3);
mid += Math.imul(al4, bh3);
mid += Math.imul(ah4, bl3);
hi += Math.imul(ah4, bh3);
lo += Math.imul(al3, bl4);
mid += Math.imul(al3, bh4);
mid += Math.imul(ah3, bl4);
hi += Math.imul(ah3, bh4);
lo += Math.imul(al2, bl5);
mid += Math.imul(al2, bh5);
mid += Math.imul(ah2, bl5);
hi += Math.imul(ah2, bh5);
lo += Math.imul(al1, bl6);
mid += Math.imul(al1, bh6);
mid += Math.imul(ah1, bl6);
hi += Math.imul(ah1, bh6);
lo += Math.imul(al0, bl7);
mid += Math.imul(al0, bh7);
mid += Math.imul(ah0, bl7);
hi += Math.imul(ah0, bh7);
var w7 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w7 >>> 26);
w7 &= 0x3ffffff;
/* k = 8 */
lo = Math.imul(al8, bl0);
mid = Math.imul(al8, bh0);
mid += Math.imul(ah8, bl0);
hi = Math.imul(ah8, bh0);
lo += Math.imul(al7, bl1);
mid += Math.imul(al7, bh1);
mid += Math.imul(ah7, bl1);
hi += Math.imul(ah7, bh1);
lo += Math.imul(al6, bl2);
mid += Math.imul(al6, bh2);
mid += Math.imul(ah6, bl2);
hi += Math.imul(ah6, bh2);
lo += Math.imul(al5, bl3);
mid += Math.imul(al5, bh3);
mid += Math.imul(ah5, bl3);
hi += Math.imul(ah5, bh3);
lo += Math.imul(al4, bl4);
mid += Math.imul(al4, bh4);
mid += Math.imul(ah4, bl4);
hi += Math.imul(ah4, bh4);
lo += Math.imul(al3, bl5);
mid += Math.imul(al3, bh5);
mid += Math.imul(ah3, bl5);
hi += Math.imul(ah3, bh5);
lo += Math.imul(al2, bl6);
mid += Math.imul(al2, bh6);
mid += Math.imul(ah2, bl6);
hi += Math.imul(ah2, bh6);
lo += Math.imul(al1, bl7);
mid += Math.imul(al1, bh7);
mid += Math.imul(ah1, bl7);
hi += Math.imul(ah1, bh7);
lo += Math.imul(al0, bl8);
mid += Math.imul(al0, bh8);
mid += Math.imul(ah0, bl8);
hi += Math.imul(ah0, bh8);
var w8 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w8 >>> 26);
w8 &= 0x3ffffff;
/* k = 9 */
lo = Math.imul(al9, bl0);
mid = Math.imul(al9, bh0);
mid += Math.imul(ah9, bl0);
hi = Math.imul(ah9, bh0);
lo += Math.imul(al8, bl1);
mid += Math.imul(al8, bh1);
mid += Math.imul(ah8, bl1);
hi += Math.imul(ah8, bh1);
lo += Math.imul(al7, bl2);
mid += Math.imul(al7, bh2);
mid += Math.imul(ah7, bl2);
hi += Math.imul(ah7, bh2);
lo += Math.imul(al6, bl3);
mid += Math.imul(al6, bh3);
mid += Math.imul(ah6, bl3);
hi += Math.imul(ah6, bh3);
lo += Math.imul(al5, bl4);
mid += Math.imul(al5, bh4);
mid += Math.imul(ah5, bl4);
hi += Math.imul(ah5, bh4);
lo += Math.imul(al4, bl5);
mid += Math.imul(al4, bh5);
mid += Math.imul(ah4, bl5);
hi += Math.imul(ah4, bh5);
lo += Math.imul(al3, bl6);
mid += Math.imul(al3, bh6);
mid += Math.imul(ah3, bl6);
hi += Math.imul(ah3, bh6);
lo += Math.imul(al2, bl7);
mid += Math.imul(al2, bh7);
mid += Math.imul(ah2, bl7);
hi += Math.imul(ah2, bh7);
lo += Math.imul(al1, bl8);
mid += Math.imul(al1, bh8);
mid += Math.imul(ah1, bl8);
hi += Math.imul(ah1, bh8);
lo += Math.imul(al0, bl9);
mid += Math.imul(al0, bh9);
mid += Math.imul(ah0, bl9);
hi += Math.imul(ah0, bh9);
var w9 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w9 >>> 26);
w9 &= 0x3ffffff;
/* k = 10 */
lo = Math.imul(al9, bl1);
mid = Math.imul(al9, bh1);
mid += Math.imul(ah9, bl1);
hi = Math.imul(ah9, bh1);
lo += Math.imul(al8, bl2);
mid += Math.imul(al8, bh2);
mid += Math.imul(ah8, bl2);
hi += Math.imul(ah8, bh2);
lo += Math.imul(al7, bl3);
mid += Math.imul(al7, bh3);
mid += Math.imul(ah7, bl3);
hi += Math.imul(ah7, bh3);
lo += Math.imul(al6, bl4);
mid += Math.imul(al6, bh4);
mid += Math.imul(ah6, bl4);
hi += Math.imul(ah6, bh4);
lo += Math.imul(al5, bl5);
mid += Math.imul(al5, bh5);
mid += Math.imul(ah5, bl5);
hi += Math.imul(ah5, bh5);
lo += Math.imul(al4, bl6);
mid += Math.imul(al4, bh6);
mid += Math.imul(ah4, bl6);
hi += Math.imul(ah4, bh6);
lo += Math.imul(al3, bl7);
mid += Math.imul(al3, bh7);
mid += Math.imul(ah3, bl7);
hi += Math.imul(ah3, bh7);
lo += Math.imul(al2, bl8);
mid += Math.imul(al2, bh8);
mid += Math.imul(ah2, bl8);
hi += Math.imul(ah2, bh8);
lo += Math.imul(al1, bl9);
mid += Math.imul(al1, bh9);
mid += Math.imul(ah1, bl9);
hi += Math.imul(ah1, bh9);
var w10 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w10 >>> 26);
w10 &= 0x3ffffff;
/* k = 11 */
lo = Math.imul(al9, bl2);
mid = Math.imul(al9, bh2);
mid += Math.imul(ah9, bl2);
hi = Math.imul(ah9, bh2);
lo += Math.imul(al8, bl3);
mid += Math.imul(al8, bh3);
mid += Math.imul(ah8, bl3);
hi += Math.imul(ah8, bh3);
lo += Math.imul(al7, bl4);
mid += Math.imul(al7, bh4);
mid += Math.imul(ah7, bl4);
hi += Math.imul(ah7, bh4);
lo += Math.imul(al6, bl5);
mid += Math.imul(al6, bh5);
mid += Math.imul(ah6, bl5);
hi += Math.imul(ah6, bh5);
lo += Math.imul(al5, bl6);
mid += Math.imul(al5, bh6);
mid += Math.imul(ah5, bl6);
hi += Math.imul(ah5, bh6);
lo += Math.imul(al4, bl7);
mid += Math.imul(al4, bh7);
mid += Math.imul(ah4, bl7);
hi += Math.imul(ah4, bh7);
lo += Math.imul(al3, bl8);
mid += Math.imul(al3, bh8);
mid += Math.imul(ah3, bl8);
hi += Math.imul(ah3, bh8);
lo += Math.imul(al2, bl9);
mid += Math.imul(al2, bh9);
mid += Math.imul(ah2, bl9);
hi += Math.imul(ah2, bh9);
var w11 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w11 >>> 26);
w11 &= 0x3ffffff;
/* k = 12 */
lo = Math.imul(al9, bl3);
mid = Math.imul(al9, bh3);
mid += Math.imul(ah9, bl3);
hi = Math.imul(ah9, bh3);
lo += Math.imul(al8, bl4);
mid += Math.imul(al8, bh4);
mid += Math.imul(ah8, bl4);
hi += Math.imul(ah8, bh4);
lo += Math.imul(al7, bl5);
mid += Math.imul(al7, bh5);
mid += Math.imul(ah7, bl5);
hi += Math.imul(ah7, bh5);
lo += Math.imul(al6, bl6);
mid += Math.imul(al6, bh6);
mid += Math.imul(ah6, bl6);
hi += Math.imul(ah6, bh6);
lo += Math.imul(al5, bl7);
mid += Math.imul(al5, bh7);
mid += Math.imul(ah5, bl7);
hi += Math.imul(ah5, bh7);
lo += Math.imul(al4, bl8);
mid += Math.imul(al4, bh8);
mid += Math.imul(ah4, bl8);
hi += Math.imul(ah4, bh8);
lo += Math.imul(al3, bl9);
mid += Math.imul(al3, bh9);
mid += Math.imul(ah3, bl9);
hi += Math.imul(ah3, bh9);
var w12 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w12 >>> 26);
w12 &= 0x3ffffff;
/* k = 13 */
lo = Math.imul(al9, bl4);
mid = Math.imul(al9, bh4);
mid += Math.imul(ah9, bl4);
hi = Math.imul(ah9, bh4);
lo += Math.imul(al8, bl5);
mid += Math.imul(al8, bh5);
mid += Math.imul(ah8, bl5);
hi += Math.imul(ah8, bh5);
lo += Math.imul(al7, bl6);
mid += Math.imul(al7, bh6);
mid += Math.imul(ah7, bl6);
hi += Math.imul(ah7, bh6);
lo += Math.imul(al6, bl7);
mid += Math.imul(al6, bh7);
mid += Math.imul(ah6, bl7);
hi += Math.imul(ah6, bh7);
lo += Math.imul(al5, bl8);
mid += Math.imul(al5, bh8);
mid += Math.imul(ah5, bl8);
hi += Math.imul(ah5, bh8);
lo += Math.imul(al4, bl9);
mid += Math.imul(al4, bh9);
mid += Math.imul(ah4, bl9);
hi += Math.imul(ah4, bh9);
var w13 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w13 >>> 26);
w13 &= 0x3ffffff;
/* k = 14 */
lo = Math.imul(al9, bl5);
mid = Math.imul(al9, bh5);
mid += Math.imul(ah9, bl5);
hi = Math.imul(ah9, bh5);
lo += Math.imul(al8, bl6);
mid += Math.imul(al8, bh6);
mid += Math.imul(ah8, bl6);
hi += Math.imul(ah8, bh6);
lo += Math.imul(al7, bl7);
mid += Math.imul(al7, bh7);
mid += Math.imul(ah7, bl7);
hi += Math.imul(ah7, bh7);
lo += Math.imul(al6, bl8);
mid += Math.imul(al6, bh8);
mid += Math.imul(ah6, bl8);
hi += Math.imul(ah6, bh8);
lo += Math.imul(al5, bl9);
mid += Math.imul(al5, bh9);
mid += Math.imul(ah5, bl9);
hi += Math.imul(ah5, bh9);
var w14 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w14 >>> 26);
w14 &= 0x3ffffff;
/* k = 15 */
lo = Math.imul(al9, bl6);
mid = Math.imul(al9, bh6);
mid += Math.imul(ah9, bl6);
hi = Math.imul(ah9, bh6);
lo += Math.imul(al8, bl7);
mid += Math.imul(al8, bh7);
mid += Math.imul(ah8, bl7);
hi += Math.imul(ah8, bh7);
lo += Math.imul(al7, bl8);
mid += Math.imul(al7, bh8);
mid += Math.imul(ah7, bl8);
hi += Math.imul(ah7, bh8);
lo += Math.imul(al6, bl9);
mid += Math.imul(al6, bh9);
mid += Math.imul(ah6, bl9);
hi += Math.imul(ah6, bh9);
var w15 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w15 >>> 26);
w15 &= 0x3ffffff;
/* k = 16 */
lo = Math.imul(al9, bl7);
mid = Math.imul(al9, bh7);
mid += Math.imul(ah9, bl7);
hi = Math.imul(ah9, bh7);
lo += Math.imul(al8, bl8);
mid += Math.imul(al8, bh8);
mid += Math.imul(ah8, bl8);
hi += Math.imul(ah8, bh8);
lo += Math.imul(al7, bl9);
mid += Math.imul(al7, bh9);
mid += Math.imul(ah7, bl9);
hi += Math.imul(ah7, bh9);
var w16 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w16 >>> 26);
w16 &= 0x3ffffff;
/* k = 17 */
lo = Math.imul(al9, bl8);
mid = Math.imul(al9, bh8);
mid += Math.imul(ah9, bl8);
hi = Math.imul(ah9, bh8);
lo += Math.imul(al8, bl9);
mid += Math.imul(al8, bh9);
mid += Math.imul(ah8, bl9);
hi += Math.imul(ah8, bh9);
var w17 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w17 >>> 26);
w17 &= 0x3ffffff;
/* k = 18 */
lo = Math.imul(al9, bl9);
mid = Math.imul(al9, bh9);
mid += Math.imul(ah9, bl9);
hi = Math.imul(ah9, bh9);
var w18 = c + lo + ((mid & 0x1fff) << 13);
c = hi + (mid >>> 13) + (w18 >>> 26);
w18 &= 0x3ffffff;
o[0] = w0;
o[1] = w1;
o[2] = w2;
o[3] = w3;
o[4] = w4;
o[5] = w5;
o[6] = w6;
o[7] = w7;
o[8] = w8;
o[9] = w9;
o[10] = w10;
o[11] = w11;
o[12] = w12;
o[13] = w13;
o[14] = w14;
o[15] = w15;
o[16] = w16;
o[17] = w17;
o[18] = w18;
if (c !== 0) {
o[19] = c;
out.length++;
}
return out;
};
// Polyfill comb
if (!Math.imul) {
comb10MulTo = smallMulTo;
}
function bigMulTo (self, num, out) {
out.negative = num.negative ^ self.negative;
out.length = self.length + num.length;
var carry = 0;
var hncarry = 0;
for (var k = 0; k < out.length - 1; k++) {
// Sum all words with the same `i + j = k` and accumulate `ncarry`,
// note that ncarry could be >= 0x3ffffff
var ncarry = hncarry;
hncarry = 0;
var rword = carry & 0x3ffffff;
var maxJ = Math.min(k, num.length - 1);
for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) {
var i = k - j;
var a = self.words[i] | 0;
var b = num.words[j] | 0;
var r = a * b;
var lo = r & 0x3ffffff;
ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;
lo = (lo + rword) | 0;
rword = lo & 0x3ffffff;
ncarry = (ncarry + (lo >>> 26)) | 0;
hncarry += ncarry >>> 26;
ncarry &= 0x3ffffff;
}
out.words[k] = rword;
carry = ncarry;
ncarry = hncarry;
}
if (carry !== 0) {
out.words[k] = carry;
} else {
out.length--;
}
return out.strip();
}
function jumboMulTo (self, num, out) {
var fftm = new FFTM();
return fftm.mulp(self, num, out);
}
BN.prototype.mulTo = function mulTo (num, out) {
var res;
var len = this.length + num.length;
if (this.length === 10 && num.length === 10) {
res = comb10MulTo(this, num, out);
} else if (len < 63) {
res = smallMulTo(this, num, out);
} else if (len < 1024) {
res = bigMulTo(this, num, out);
} else {
res = jumboMulTo(this, num, out);
}
return res;
};
// Cooley-Tukey algorithm for FFT
// slightly revisited to rely on looping instead of recursion
function FFTM (x, y) {
this.x = x;
this.y = y;
}
FFTM.prototype.makeRBT = function makeRBT (N) {
var t = new Array(N);
var l = BN.prototype._countBits(N) - 1;
for (var i = 0; i < N; i++) {
t[i] = this.revBin(i, l, N);
}
return t;
};
// Returns binary-reversed representation of `x`
FFTM.prototype.revBin = function revBin (x, l, N) {
if (x === 0 || x === N - 1) return x;
var rb = 0;
for (var i = 0; i < l; i++) {
rb |= (x & 1) << (l - i - 1);
x >>= 1;
}
return rb;
};
// Performs "tweedling" phase, therefore 'emulating'
// behaviour of the recursive algorithm
FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) {
for (var i = 0; i < N; i++) {
rtws[i] = rws[rbt[i]];
itws[i] = iws[rbt[i]];
}
};
FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) {
this.permute(rbt, rws, iws, rtws, itws, N);
for (var s = 1; s < N; s <<= 1) {
var l = s << 1;
var rtwdf = Math.cos(2 * Math.PI / l);
var itwdf = Math.sin(2 * Math.PI / l);
for (var p = 0; p < N; p += l) {
var rtwdf_ = rtwdf;
var itwdf_ = itwdf;
for (var j = 0; j < s; j++) {
var re = rtws[p + j];
var ie = itws[p + j];
var ro = rtws[p + j + s];
var io = itws[p + j + s];
var rx = rtwdf_ * ro - itwdf_ * io;
io = rtwdf_ * io + itwdf_ * ro;
ro = rx;
rtws[p + j] = re + ro;
itws[p + j] = ie + io;
rtws[p + j + s] = re - ro;
itws[p + j + s] = ie - io;
/* jshint maxdepth : false */
if (j !== l) {
rx = rtwdf * rtwdf_ - itwdf * itwdf_;
itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_;
rtwdf_ = rx;
}
}
}
}
};
FFTM.prototype.guessLen13b = function guessLen13b (n, m) {
var N = Math.max(m, n) | 1;
var odd = N & 1;
var i = 0;
for (N = N / 2 | 0; N; N = N >>> 1) {
i++;
}
return 1 << i + 1 + odd;
};
FFTM.prototype.conjugate = function conjugate (rws, iws, N) {
if (N <= 1) return;
for (var i = 0; i < N / 2; i++) {
var t = rws[i];
rws[i] = rws[N - i - 1];
rws[N - i - 1] = t;
t = iws[i];
iws[i] = -iws[N - i - 1];
iws[N - i - 1] = -t;
}
};
FFTM.prototype.normalize13b = function normalize13b (ws, N) {
var carry = 0;
for (var i = 0; i < N / 2; i++) {
var w = Math.round(ws[2 * i + 1] / N) * 0x2000 +
Math.round(ws[2 * i] / N) +
carry;
ws[i] = w & 0x3ffffff;
if (w < 0x4000000) {
carry = 0;
} else {
carry = w / 0x4000000 | 0;
}
}
return ws;
};
FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) {
var carry = 0;
for (var i = 0; i < len; i++) {
carry = carry + (ws[i] | 0);
rws[2 * i] = carry & 0x1fff; carry = carry >>> 13;
rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13;
}
// Pad with zeroes
for (i = 2 * len; i < N; ++i) {
rws[i] = 0;
}
assert(carry === 0);
assert((carry & ~0x1fff) === 0);
};
FFTM.prototype.stub = function stub (N) {
var ph = new Array(N);
for (var i = 0; i < N; i++) {
ph[i] = 0;
}
return ph;
};
FFTM.prototype.mulp = function mulp (x, y, out) {
var N = 2 * this.guessLen13b(x.length, y.length);
var rbt = this.makeRBT(N);
var _ = this.stub(N);
var rws = new Array(N);
var rwst = new Array(N);
var iwst = new Array(N);
var nrws = new Array(N);
var nrwst = new Array(N);
var niwst = new Array(N);
var rmws = out.words;
rmws.length = N;
this.convert13b(x.words, x.length, rws, N);
this.convert13b(y.words, y.length, nrws, N);
this.transform(rws, _, rwst, iwst, N, rbt);
this.transform(nrws, _, nrwst, niwst, N, rbt);
for (var i = 0; i < N; i++) {
var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i];
iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i];
rwst[i] = rx;
}
this.conjugate(rwst, iwst, N);
this.transform(rwst, iwst, rmws, _, N, rbt);
this.conjugate(rmws, _, N);
this.normalize13b(rmws, N);
out.negative = x.negative ^ y.negative;
out.length = x.length + y.length;
return out.strip();
};
// Multiply `this` by `num`
BN.prototype.mul = function mul (num) {
var out = new BN(null);
out.words = new Array(this.length + num.length);
return this.mulTo(num, out);
};
// Multiply employing FFT
BN.prototype.mulf = function mulf (num) {
var out = new BN(null);
out.words = new Array(this.length + num.length);
return jumboMulTo(this, num, out);
};
// In-place Multiplication
BN.prototype.imul = function imul (num) {
return this.clone().mulTo(num, this);
};
BN.prototype.imuln = function imuln (num) {
assert(typeof num === 'number');
assert(num < 0x4000000);
// Carry
var carry = 0;
for (var i = 0; i < this.length; i++) {
var w = (this.words[i] | 0) * num;
var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);
carry >>= 26;
carry += (w / 0x4000000) | 0;
// NOTE: lo is 27bit maximum
carry += lo >>> 26;
this.words[i] = lo & 0x3ffffff;
}
if (carry !== 0) {
this.words[i] = carry;
this.length++;
}
return this;
};
BN.prototype.muln = function muln (num) {
return this.clone().imuln(num);
};
// `this` * `this`
BN.prototype.sqr = function sqr () {
return this.mul(this);
};
// `this` * `this` in-place
BN.prototype.isqr = function isqr () {
return this.imul(this.clone());
};
// Math.pow(`this`, `num`)
BN.prototype.pow = function pow (num) {
var w = toBitArray(num);
if (w.length === 0) return new BN(1);
// Skip leading zeroes
var res = this;
for (var i = 0; i < w.length; i++, res = res.sqr()) {
if (w[i] !== 0) break;
}
if (++i < w.length) {
for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) {
if (w[i] === 0) continue;
res = res.mul(q);
}
}
return res;
};
// Shift-left in-place
BN.prototype.iushln = function iushln (bits) {
assert(typeof bits === 'number' && bits >= 0);
var r = bits % 26;
var s = (bits - r) / 26;
var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);
var i;
if (r !== 0) {
var carry = 0;
for (i = 0; i < this.length; i++) {
var newCarry = this.words[i] & carryMask;
var c = ((this.words[i] | 0) - newCarry) << r;
this.words[i] = c | carry;
carry = newCarry >>> (26 - r);
}
if (carry) {
this.words[i] = carry;
this.length++;
}
}
if (s !== 0) {
for (i = this.length - 1; i >= 0; i--) {
this.words[i + s] = this.words[i];
}
for (i = 0; i < s; i++) {
this.words[i] = 0;
}
this.length += s;
}
return this.strip();
};
BN.prototype.ishln = function ishln (bits) {
// TODO(indutny): implement me
assert(this.negative === 0);
return this.iushln(bits);
};
// Shift-right in-place
// NOTE: `hint` is a lowest bit before trailing zeroes
// NOTE: if `extended` is present - it will be filled with destroyed bits
BN.prototype.iushrn = function iushrn (bits, hint, extended) {
assert(typeof bits === 'number' && bits >= 0);
var h;
if (hint) {
h = (hint - (hint % 26)) / 26;
} else {
h = 0;
}
var r = bits % 26;
var s = Math.min((bits - r) / 26, this.length);
var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);
var maskedWords = extended;
h -= s;
h = Math.max(0, h);
// Extended mode, copy masked part
if (maskedWords) {
for (var i = 0; i < s; i++) {
maskedWords.words[i] = this.words[i];
}
maskedWords.length = s;
}
if (s === 0) {
// No-op, we should not move anything at all
} else if (this.length > s) {
this.length -= s;
for (i = 0; i < this.length; i++) {
this.words[i] = this.words[i + s];
}
} else {
this.words[0] = 0;
this.length = 1;
}
var carry = 0;
for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {
var word = this.words[i] | 0;
this.words[i] = (carry << (26 - r)) | (word >>> r);
carry = word & mask;
}
// Push carried bits as a mask
if (maskedWords && carry !== 0) {
maskedWords.words[maskedWords.length++] = carry;
}
if (this.length === 0) {
this.words[0] = 0;
this.length = 1;
}
return this.strip();
};
BN.prototype.ishrn = function ishrn (bits, hint, extended) {
// TODO(indutny): implement me
assert(this.negative === 0);
return this.iushrn(bits, hint, extended);
};
// Shift-left
BN.prototype.shln = function shln (bits) {
return this.clone().ishln(bits);
};
BN.prototype.ushln = function ushln (bits) {
return this.clone().iushln(bits);
};
// Shift-right
BN.prototype.shrn = function shrn (bits) {
return this.clone().ishrn(bits);
};
BN.prototype.ushrn = function ushrn (bits) {
return this.clone().iushrn(bits);
};
// Test if n bit is set
BN.prototype.testn = function testn (bit) {
assert(typeof bit === 'number' && bit >= 0);
var r = bit % 26;
var s = (bit - r) / 26;
var q = 1 << r;
// Fast case: bit is much higher than all existing words
if (this.length <= s) return false;
// Check bit and return
var w = this.words[s];
return !!(w & q);
};
// Return only lowers bits of number (in-place)
BN.prototype.imaskn = function imaskn (bits) {
assert(typeof bits === 'number' && bits >= 0);
var r = bits % 26;
var s = (bits - r) / 26;
assert(this.negative === 0, 'imaskn works only with positive numbers');
if (r !== 0) {
s++;
}
this.length = Math.min(s, this.length);
if (r !== 0) {
var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);
this.words[this.length - 1] &= mask;
}
return this.strip();
};
// Return only lowers bits of number
BN.prototype.maskn = function maskn (bits) {
return this.clone().imaskn(bits);
};
// Add plain number `num` to `this`
BN.prototype.iaddn = function iaddn (num) {
assert(typeof num === 'number');
assert(num < 0x4000000);
if (num < 0) return this.isubn(-num);
// Possible sign change
if (this.negative !== 0) {
if (this.length === 1 && (this.words[0] | 0) < num) {
this.words[0] = num - (this.words[0] | 0);
this.negative = 0;
return this;
}
this.negative = 0;
this.isubn(num);
this.negative = 1;
return this;
}
// Add without checks
return this._iaddn(num);
};
BN.prototype._iaddn = function _iaddn (num) {
this.words[0] += num;
// Carry
for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {
this.words[i] -= 0x4000000;
if (i === this.length - 1) {
this.words[i + 1] = 1;
} else {
this.words[i + 1]++;
}
}
this.length = Math.max(this.length, i + 1);
return this;
};
// Subtract plain number `num` from `this`
BN.prototype.isubn = function isubn (num) {
assert(typeof num === 'number');
assert(num < 0x4000000);
if (num < 0) return this.iaddn(-num);
if (this.negative !== 0) {
this.negative = 0;
this.iaddn(num);
this.negative = 1;
return this;
}
this.words[0] -= num;
if (this.length === 1 && this.words[0] < 0) {
this.words[0] = -this.words[0];
this.negative = 1;
} else {
// Carry
for (var i = 0; i < this.length && this.words[i] < 0; i++) {
this.words[i] += 0x4000000;
this.words[i + 1] -= 1;
}
}
return this.strip();
};
BN.prototype.addn = function addn (num) {
return this.clone().iaddn(num);
};
BN.prototype.subn = function subn (num) {
return this.clone().isubn(num);
};
BN.prototype.iabs = function iabs () {
this.negative = 0;
return this;
};
BN.prototype.abs = function abs () {
return this.clone().iabs();
};
BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) {
var len = num.length + shift;
var i;
this._expand(len);
var w;
var carry = 0;
for (i = 0; i < num.length; i++) {
w = (this.words[i + shift] | 0) + carry;
var right = (num.words[i] | 0) * mul;
w -= right & 0x3ffffff;
carry = (w >> 26) - ((right / 0x4000000) | 0);
this.words[i + shift] = w & 0x3ffffff;
}
for (; i < this.length - shift; i++) {
w = (this.words[i + shift] | 0) + carry;
carry = w >> 26;
this.words[i + shift] = w & 0x3ffffff;
}
if (carry === 0) return this.strip();
// Subtraction overflow
assert(carry === -1);
carry = 0;
for (i = 0; i < this.length; i++) {
w = -(this.words[i] | 0) + carry;
carry = w >> 26;
this.words[i] = w & 0x3ffffff;
}
this.negative = 1;
return this.strip();
};
BN.prototype._wordDiv = function _wordDiv (num, mode) {
var shift = this.length - num.length;
var a = this.clone();
var b = num;
// Normalize
var bhi = b.words[b.length - 1] | 0;
var bhiBits = this._countBits(bhi);
shift = 26 - bhiBits;
if (shift !== 0) {
b = b.ushln(shift);
a.iushln(shift);
bhi = b.words[b.length - 1] | 0;
}
// Initialize quotient
var m = a.length - b.length;
var q;
if (mode !== 'mod') {
q = new BN(null);
q.length = m + 1;
q.words = new Array(q.length);
for (var i = 0; i < q.length; i++) {
q.words[i] = 0;
}
}
var diff = a.clone()._ishlnsubmul(b, 1, m);
if (diff.negative === 0) {
a = diff;
if (q) {
q.words[m] = 1;
}
}
for (var j = m - 1; j >= 0; j--) {
var qj = (a.words[b.length + j] | 0) * 0x4000000 +
(a.words[b.length + j - 1] | 0);
// NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max
// (0x7ffffff)
qj = Math.min((qj / bhi) | 0, 0x3ffffff);
a._ishlnsubmul(b, qj, j);
while (a.negative !== 0) {
qj--;
a.negative = 0;
a._ishlnsubmul(b, 1, j);
if (!a.isZero()) {
a.negative ^= 1;
}
}
if (q) {
q.words[j] = qj;
}
}
if (q) {
q.strip();
}
a.strip();
// Denormalize
if (mode !== 'div' && shift !== 0) {
a.iushrn(shift);
}
return {
div: q || null,
mod: a
};
};
// NOTE: 1) `mode` can be set to `mod` to request mod only,
// to `div` to request div only, or be absent to
// request both div & mod
// 2) `positive` is true if unsigned mod is requested
BN.prototype.divmod = function divmod (num, mode, positive) {
assert(!num.isZero());
if (this.isZero()) {
return {
div: new BN(0),
mod: new BN(0)
};
}
var div, mod, res;
if (this.negative !== 0 && num.negative === 0) {
res = this.neg().divmod(num, mode);
if (mode !== 'mod') {
div = res.div.neg();
}
if (mode !== 'div') {
mod = res.mod.neg();
if (positive && mod.negative !== 0) {
mod.iadd(num);
}
}
return {
div: div,
mod: mod
};
}
if (this.negative === 0 && num.negative !== 0) {
res = this.divmod(num.neg(), mode);
if (mode !== 'mod') {
div = res.div.neg();
}
return {
div: div,
mod: res.mod
};
}
if ((this.negative & num.negative) !== 0) {
res = this.neg().divmod(num.neg(), mode);
if (mode !== 'div') {
mod = res.mod.neg();
if (positive && mod.negative !== 0) {
mod.isub(num);
}
}
return {
div: res.div,
mod: mod
};
}
// Both numbers are positive at this point
// Strip both numbers to approximate shift value
if (num.length > this.length || this.cmp(num) < 0) {
return {
div: new BN(0),
mod: this
};
}
// Very short reduction
if (num.length === 1) {
if (mode === 'div') {
return {
div: this.divn(num.words[0]),
mod: null
};
}
if (mode === 'mod') {
return {
div: null,
mod: new BN(this.modn(num.words[0]))
};
}
return {
div: this.divn(num.words[0]),
mod: new BN(this.modn(num.words[0]))
};
}
return this._wordDiv(num, mode);
};
// Find `this` / `num`
BN.prototype.div = function div (num) {
return this.divmod(num, 'div', false).div;
};
// Find `this` % `num`
BN.prototype.mod = function mod (num) {
return this.divmod(num, 'mod', false).mod;
};
BN.prototype.umod = function umod (num) {
return this.divmod(num, 'mod', true).mod;
};
// Find Round(`this` / `num`)
BN.prototype.divRound = function divRound (num) {
var dm = this.divmod(num);
// Fast case - exact division
if (dm.mod.isZero()) return dm.div;
var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod;
var half = num.ushrn(1);
var r2 = num.andln(1);
var cmp = mod.cmp(half);
// Round down
if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div;
// Round up
return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1);
};
BN.prototype.modn = function modn (num) {
assert(num <= 0x3ffffff);
var p = (1 << 26) % num;
var acc = 0;
for (var i = this.length - 1; i >= 0; i--) {
acc = (p * acc + (this.words[i] | 0)) % num;
}
return acc;
};
// In-place division by number
BN.prototype.idivn = function idivn (num) {
assert(num <= 0x3ffffff);
var carry = 0;
for (var i = this.length - 1; i >= 0; i--) {
var w = (this.words[i] | 0) + carry * 0x4000000;
this.words[i] = (w / num) | 0;
carry = w % num;
}
return this.strip();
};
BN.prototype.divn = function divn (num) {
return this.clone().idivn(num);
};
BN.prototype.egcd = function egcd (p) {
assert(p.negative === 0);
assert(!p.isZero());
var x = this;
var y = p.clone();
if (x.negative !== 0) {
x = x.umod(p);
} else {
x = x.clone();
}
// A * x + B * y = x
var A = new BN(1);
var B = new BN(0);
// C * x + D * y = y
var C = new BN(0);
var D = new BN(1);
var g = 0;
while (x.isEven() && y.isEven()) {
x.iushrn(1);
y.iushrn(1);
++g;
}
var yp = y.clone();
var xp = x.clone();
while (!x.isZero()) {
for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1);
if (i > 0) {
x.iushrn(i);
while (i-- > 0) {
if (A.isOdd() || B.isOdd()) {
A.iadd(yp);
B.isub(xp);
}
A.iushrn(1);
B.iushrn(1);
}
}
for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);
if (j > 0) {
y.iushrn(j);
while (j-- > 0) {
if (C.isOdd() || D.isOdd()) {
C.iadd(yp);
D.isub(xp);
}
C.iushrn(1);
D.iushrn(1);
}
}
if (x.cmp(y) >= 0) {
x.isub(y);
A.isub(C);
B.isub(D);
} else {
y.isub(x);
C.isub(A);
D.isub(B);
}
}
return {
a: C,
b: D,
gcd: y.iushln(g)
};
};
// This is reduced incarnation of the binary EEA
// above, designated to invert members of the
// _prime_ fields F(p) at a maximal speed
BN.prototype._invmp = function _invmp (p) {
assert(p.negative === 0);
assert(!p.isZero());
var a = this;
var b = p.clone();
if (a.negative !== 0) {
a = a.umod(p);
} else {
a = a.clone();
}
var x1 = new BN(1);
var x2 = new BN(0);
var delta = b.clone();
while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {
for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1);
if (i > 0) {
a.iushrn(i);
while (i-- > 0) {
if (x1.isOdd()) {
x1.iadd(delta);
}
x1.iushrn(1);
}
}
for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1);
if (j > 0) {
b.iushrn(j);
while (j-- > 0) {
if (x2.isOdd()) {
x2.iadd(delta);
}
x2.iushrn(1);
}
}
if (a.cmp(b) >= 0) {
a.isub(b);
x1.isub(x2);
} else {
b.isub(a);
x2.isub(x1);
}
}
var res;
if (a.cmpn(1) === 0) {
res = x1;
} else {
res = x2;
}
if (res.cmpn(0) < 0) {
res.iadd(p);
}
return res;
};
BN.prototype.gcd = function gcd (num) {
if (this.isZero()) return num.abs();
if (num.isZero()) return this.abs();
var a = this.clone();
var b = num.clone();
a.negative = 0;
b.negative = 0;
// Remove common factor of two
for (var shift = 0; a.isEven() && b.isEven(); shift++) {
a.iushrn(1);
b.iushrn(1);
}
do {
while (a.isEven()) {
a.iushrn(1);
}
while (b.isEven()) {
b.iushrn(1);
}
var r = a.cmp(b);
if (r < 0) {
// Swap `a` and `b` to make `a` always bigger than `b`
var t = a;
a = b;
b = t;
} else if (r === 0 || b.cmpn(1) === 0) {
break;
}
a.isub(b);
} while (true);
return b.iushln(shift);
};
// Invert number in the field F(num)
BN.prototype.invm = function invm (num) {
return this.egcd(num).a.umod(num);
};
BN.prototype.isEven = function isEven () {
return (this.words[0] & 1) === 0;
};
BN.prototype.isOdd = function isOdd () {
return (this.words[0] & 1) === 1;
};
// And first word and num
BN.prototype.andln = function andln (num) {
return this.words[0] & num;
};
// Increment at the bit position in-line
BN.prototype.bincn = function bincn (bit) {
assert(typeof bit === 'number');
var r = bit % 26;
var s = (bit - r) / 26;
var q = 1 << r;
// Fast case: bit is much higher than all existing words
if (this.length <= s) {
this._expand(s + 1);
this.words[s] |= q;
return this;
}
// Add bit and propagate, if needed
var carry = q;
for (var i = s; carry !== 0 && i < this.length; i++) {
var w = this.words[i] | 0;
w += carry;
carry = w >>> 26;
w &= 0x3ffffff;
this.words[i] = w;
}
if (carry !== 0) {
this.words[i] = carry;
this.length++;
}
return this;
};
BN.prototype.isZero = function isZero () {
return this.length === 1 && this.words[0] === 0;
};
BN.prototype.cmpn = function cmpn (num) {
var negative = num < 0;
if (this.negative !== 0 && !negative) return -1;
if (this.negative === 0 && negative) return 1;
this.strip();
var res;
if (this.length > 1) {
res = 1;
} else {
if (negative) {
num = -num;
}
assert(num <= 0x3ffffff, 'Number is too big');
var w = this.words[0] | 0;
res = w === num ? 0 : w < num ? -1 : 1;
}
if (this.negative !== 0) return -res | 0;
return res;
};
// Compare two numbers and return:
// 1 - if `this` > `num`
// 0 - if `this` == `num`
// -1 - if `this` < `num`
BN.prototype.cmp = function cmp (num) {
if (this.negative !== 0 && num.negative === 0) return -1;
if (this.negative === 0 && num.negative !== 0) return 1;
var res = this.ucmp(num);
if (this.negative !== 0) return -res | 0;
return res;
};
// Unsigned comparison
BN.prototype.ucmp = function ucmp (num) {
// At this point both numbers have the same sign
if (this.length > num.length) return 1;
if (this.length < num.length) return -1;
var res = 0;
for (var i = this.length - 1; i >= 0; i--) {
var a = this.words[i] | 0;
var b = num.words[i] | 0;
if (a === b) continue;
if (a < b) {
res = -1;
} else if (a > b) {
res = 1;
}
break;
}
return res;
};
BN.prototype.gtn = function gtn (num) {
return this.cmpn(num) === 1;
};
BN.prototype.gt = function gt (num) {
return this.cmp(num) === 1;
};
BN.prototype.gten = function gten (num) {
return this.cmpn(num) >= 0;
};
BN.prototype.gte = function gte (num) {
return this.cmp(num) >= 0;
};
BN.prototype.ltn = function ltn (num) {
return this.cmpn(num) === -1;
};
BN.prototype.lt = function lt (num) {
return this.cmp(num) === -1;
};
BN.prototype.lten = function lten (num) {
return this.cmpn(num) <= 0;
};
BN.prototype.lte = function lte (num) {
return this.cmp(num) <= 0;
};
BN.prototype.eqn = function eqn (num) {
return this.cmpn(num) === 0;
};
BN.prototype.eq = function eq (num) {
return this.cmp(num) === 0;
};
//
// A reduce context, could be using montgomery or something better, depending
// on the `m` itself.
//
BN.red = function red (num) {
return new Red(num);
};
BN.prototype.toRed = function toRed (ctx) {
assert(!this.red, 'Already a number in reduction context');
assert(this.negative === 0, 'red works only with positives');
return ctx.convertTo(this)._forceRed(ctx);
};
BN.prototype.fromRed = function fromRed () {
assert(this.red, 'fromRed works only with numbers in reduction context');
return this.red.convertFrom(this);
};
BN.prototype._forceRed = function _forceRed (ctx) {
this.red = ctx;
return this;
};
BN.prototype.forceRed = function forceRed (ctx) {
assert(!this.red, 'Already a number in reduction context');
return this._forceRed(ctx);
};
BN.prototype.redAdd = function redAdd (num) {
assert(this.red, 'redAdd works only with red numbers');
return this.red.add(this, num);
};
BN.prototype.redIAdd = function redIAdd (num) {
assert(this.red, 'redIAdd works only with red numbers');
return this.red.iadd(this, num);
};
BN.prototype.redSub = function redSub (num) {
assert(this.red, 'redSub works only with red numbers');
return this.red.sub(this, num);
};
BN.prototype.redISub = function redISub (num) {
assert(this.red, 'redISub works only with red numbers');
return this.red.isub(this, num);
};
BN.prototype.redShl = function redShl (num) {
assert(this.red, 'redShl works only with red numbers');
return this.red.ushl(this, num);
};
BN.prototype.redMul = function redMul (num) {
assert(this.red, 'redMul works only with red numbers');
this.red._verify2(this, num);
return this.red.mul(this, num);
};
BN.prototype.redIMul = function redIMul (num) {
assert(this.red, 'redMul works only with red numbers');
this.red._verify2(this, num);
return this.red.imul(this, num);
};
BN.prototype.redSqr = function redSqr () {
assert(this.red, 'redSqr works only with red numbers');
this.red._verify1(this);
return this.red.sqr(this);
};
BN.prototype.redISqr = function redISqr () {
assert(this.red, 'redISqr works only with red numbers');
this.red._verify1(this);
return this.red.isqr(this);
};
// Square root over p
BN.prototype.redSqrt = function redSqrt () {
assert(this.red, 'redSqrt works only with red numbers');
this.red._verify1(this);
return this.red.sqrt(this);
};
BN.prototype.redInvm = function redInvm () {
assert(this.red, 'redInvm works only with red numbers');
this.red._verify1(this);
return this.red.invm(this);
};
// Return negative clone of `this` % `red modulo`
BN.prototype.redNeg = function redNeg () {
assert(this.red, 'redNeg works only with red numbers');
this.red._verify1(this);
return this.red.neg(this);
};
BN.prototype.redPow = function redPow (num) {
assert(this.red && !num.red, 'redPow(normalNum)');
this.red._verify1(this);
return this.red.pow(this, num);
};
// Prime numbers with efficient reduction
var primes = {
k256: null,
p224: null,
p192: null,
p25519: null
};
// Pseudo-Mersenne prime
function MPrime (name, p) {
// P = 2 ^ N - K
this.name = name;
this.p = new BN(p, 16);
this.n = this.p.bitLength();
this.k = new BN(1).iushln(this.n).isub(this.p);
this.tmp = this._tmp();
}
MPrime.prototype._tmp = function _tmp () {
var tmp = new BN(null);
tmp.words = new Array(Math.ceil(this.n / 13));
return tmp;
};
MPrime.prototype.ireduce = function ireduce (num) {
// Assumes that `num` is less than `P^2`
// num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)
var r = num;
var rlen;
do {
this.split(r, this.tmp);
r = this.imulK(r);
r = r.iadd(this.tmp);
rlen = r.bitLength();
} while (rlen > this.n);
var cmp = rlen < this.n ? -1 : r.ucmp(this.p);
if (cmp === 0) {
r.words[0] = 0;
r.length = 1;
} else if (cmp > 0) {
r.isub(this.p);
} else {
r.strip();
}
return r;
};
MPrime.prototype.split = function split (input, out) {
input.iushrn(this.n, 0, out);
};
MPrime.prototype.imulK = function imulK (num) {
return num.imul(this.k);
};
function K256 () {
MPrime.call(
this,
'k256',
'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');
}
inherits(K256, MPrime);
K256.prototype.split = function split (input, output) {
// 256 = 9 * 26 + 22
var mask = 0x3fffff;
var outLen = Math.min(input.length, 9);
for (var i = 0; i < outLen; i++) {
output.words[i] = input.words[i];
}
output.length = outLen;
if (input.length <= 9) {
input.words[0] = 0;
input.length = 1;
return;
}
// Shift by 9 limbs
var prev = input.words[9];
output.words[output.length++] = prev & mask;
for (i = 10; i < input.length; i++) {
var next = input.words[i] | 0;
input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);
prev = next;
}
prev >>>= 22;
input.words[i - 10] = prev;
if (prev === 0 && input.length > 10) {
input.length -= 10;
} else {
input.length -= 9;
}
};
K256.prototype.imulK = function imulK (num) {
// K = 0x1000003d1 = [ 0x40, 0x3d1 ]
num.words[num.length] = 0;
num.words[num.length + 1] = 0;
num.length += 2;
// bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390
var lo = 0;
for (var i = 0; i < num.length; i++) {
var w = num.words[i] | 0;
lo += w * 0x3d1;
num.words[i] = lo & 0x3ffffff;
lo = w * 0x40 + ((lo / 0x4000000) | 0);
}
// Fast length reduction
if (num.words[num.length - 1] === 0) {
num.length--;
if (num.words[num.length - 1] === 0) {
num.length--;
}
}
return num;
};
function P224 () {
MPrime.call(
this,
'p224',
'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');
}
inherits(P224, MPrime);
function P192 () {
MPrime.call(
this,
'p192',
'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');
}
inherits(P192, MPrime);
function P25519 () {
// 2 ^ 255 - 19
MPrime.call(
this,
'25519',
'7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');
}
inherits(P25519, MPrime);
P25519.prototype.imulK = function imulK (num) {
// K = 0x13
var carry = 0;
for (var i = 0; i < num.length; i++) {
var hi = (num.words[i] | 0) * 0x13 + carry;
var lo = hi & 0x3ffffff;
hi >>>= 26;
num.words[i] = lo;
carry = hi;
}
if (carry !== 0) {
num.words[num.length++] = carry;
}
return num;
};
// Exported mostly for testing purposes, use plain name instead
BN._prime = function prime (name) {
// Cached version of prime
if (primes[name]) return primes[name];
var prime;
if (name === 'k256') {
prime = new K256();
} else if (name === 'p224') {
prime = new P224();
} else if (name === 'p192') {
prime = new P192();
} else if (name === 'p25519') {
prime = new P25519();
} else {
throw new Error('Unknown prime ' + name);
}
primes[name] = prime;
return prime;
};
//
// Base reduction engine
//
function Red (m) {
if (typeof m === 'string') {
var prime = BN._prime(m);
this.m = prime.p;
this.prime = prime;
} else {
this.m = m;
this.prime = null;
}
}
Red.prototype._verify1 = function _verify1 (a) {
assert(a.negative === 0, 'red works only with positives');
assert(a.red, 'red works only with red numbers');
};
Red.prototype._verify2 = function _verify2 (a, b) {
assert((a.negative | b.negative) === 0, 'red works only with positives');
assert(a.red && a.red === b.red,
'red works only with red numbers');
};
Red.prototype.imod = function imod (a) {
if (this.prime) return this.prime.ireduce(a)._forceRed(this);
return a.umod(this.m)._forceRed(this);
};
Red.prototype.neg = function neg (a) {
if (a.isZero()) {
return a.clone();
}
return this.m.sub(a)._forceRed(this);
};
Red.prototype.add = function add (a, b) {
this._verify2(a, b);
var res = a.add(b);
if (res.cmp(this.m) >= 0) {
res.isub(this.m);
}
return res._forceRed(this);
};
Red.prototype.iadd = function iadd (a, b) {
this._verify2(a, b);
var res = a.iadd(b);
if (res.cmp(this.m) >= 0) {
res.isub(this.m);
}
return res;
};
Red.prototype.sub = function sub (a, b) {
this._verify2(a, b);
var res = a.sub(b);
if (res.cmpn(0) < 0) {
res.iadd(this.m);
}
return res._forceRed(this);
};
Red.prototype.isub = function isub (a, b) {
this._verify2(a, b);
var res = a.isub(b);
if (res.cmpn(0) < 0) {
res.iadd(this.m);
}
return res;
};
Red.prototype.shl = function shl (a, num) {
this._verify1(a);
return this.imod(a.ushln(num));
};
Red.prototype.imul = function imul (a, b) {
this._verify2(a, b);
return this.imod(a.imul(b));
};
Red.prototype.mul = function mul (a, b) {
this._verify2(a, b);
return this.imod(a.mul(b));
};
Red.prototype.isqr = function isqr (a) {
return this.imul(a, a.clone());
};
Red.prototype.sqr = function sqr (a) {
return this.mul(a, a);
};
Red.prototype.sqrt = function sqrt (a) {
if (a.isZero()) return a.clone();
var mod3 = this.m.andln(3);
assert(mod3 % 2 === 1);
// Fast case
if (mod3 === 3) {
var pow = this.m.add(new BN(1)).iushrn(2);
return this.pow(a, pow);
}
// Tonelli-Shanks algorithm (Totally unoptimized and slow)
//
// Find Q and S, that Q * 2 ^ S = (P - 1)
var q = this.m.subn(1);
var s = 0;
while (!q.isZero() && q.andln(1) === 0) {
s++;
q.iushrn(1);
}
assert(!q.isZero());
var one = new BN(1).toRed(this);
var nOne = one.redNeg();
// Find quadratic non-residue
// NOTE: Max is such because of generalized Riemann hypothesis.
var lpow = this.m.subn(1).iushrn(1);
var z = this.m.bitLength();
z = new BN(2 * z * z).toRed(this);
while (this.pow(z, lpow).cmp(nOne) !== 0) {
z.redIAdd(nOne);
}
var c = this.pow(z, q);
var r = this.pow(a, q.addn(1).iushrn(1));
var t = this.pow(a, q);
var m = s;
while (t.cmp(one) !== 0) {
var tmp = t;
for (var i = 0; tmp.cmp(one) !== 0; i++) {
tmp = tmp.redSqr();
}
assert(i < m);
var b = this.pow(c, new BN(1).iushln(m - i - 1));
r = r.redMul(b);
c = b.redSqr();
t = t.redMul(c);
m = i;
}
return r;
};
Red.prototype.invm = function invm (a) {
var inv = a._invmp(this.m);
if (inv.negative !== 0) {
inv.negative = 0;
return this.imod(inv).redNeg();
} else {
return this.imod(inv);
}
};
Red.prototype.pow = function pow (a, num) {
if (num.isZero()) return new BN(1);
if (num.cmpn(1) === 0) return a.clone();
var windowSize = 4;
var wnd = new Array(1 << windowSize);
wnd[0] = new BN(1).toRed(this);
wnd[1] = a;
for (var i = 2; i < wnd.length; i++) {
wnd[i] = this.mul(wnd[i - 1], a);
}
var res = wnd[0];
var current = 0;
var currentLen = 0;
var start = num.bitLength() % 26;
if (start === 0) {
start = 26;
}
for (i = num.length - 1; i >= 0; i--) {
var word = num.words[i];
for (var j = start - 1; j >= 0; j--) {
var bit = (word >> j) & 1;
if (res !== wnd[0]) {
res = this.sqr(res);
}
if (bit === 0 && current === 0) {
currentLen = 0;
continue;
}
current <<= 1;
current |= bit;
currentLen++;
if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue;
res = this.mul(res, wnd[current]);
currentLen = 0;
current = 0;
}
start = 26;
}
return res;
};
Red.prototype.convertTo = function convertTo (num) {
var r = num.umod(this.m);
return r === num ? r.clone() : r;
};
Red.prototype.convertFrom = function convertFrom (num) {
var res = num.clone();
res.red = null;
return res;
};
//
// Montgomery method engine
//
BN.mont = function mont (num) {
return new Mont(num);
};
function Mont (m) {
Red.call(this, m);
this.shift = this.m.bitLength();
if (this.shift % 26 !== 0) {
this.shift += 26 - (this.shift % 26);
}
this.r = new BN(1).iushln(this.shift);
this.r2 = this.imod(this.r.sqr());
this.rinv = this.r._invmp(this.m);
this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);
this.minv = this.minv.umod(this.r);
this.minv = this.r.sub(this.minv);
}
inherits(Mont, Red);
Mont.prototype.convertTo = function convertTo (num) {
return this.imod(num.ushln(this.shift));
};
Mont.prototype.convertFrom = function convertFrom (num) {
var r = this.imod(num.mul(this.rinv));
r.red = null;
return r;
};
Mont.prototype.imul = function imul (a, b) {
if (a.isZero() || b.isZero()) {
a.words[0] = 0;
a.length = 1;
return a;
}
var t = a.imul(b);
var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);
var u = t.isub(c).iushrn(this.shift);
var res = u;
if (u.cmp(this.m) >= 0) {
res = u.isub(this.m);
} else if (u.cmpn(0) < 0) {
res = u.iadd(this.m);
}
return res._forceRed(this);
};
Mont.prototype.mul = function mul (a, b) {
if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this);
var t = a.mul(b);
var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);
var u = t.isub(c).iushrn(this.shift);
var res = u;
if (u.cmp(this.m) >= 0) {
res = u.isub(this.m);
} else if (u.cmpn(0) < 0) {
res = u.iadd(this.m);
}
return res._forceRed(this);
};
Mont.prototype.invm = function invm (a) {
// (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R
var res = this.imod(a._invmp(this.m).mul(this.r2));
return res._forceRed(this);
};
})(typeof module === 'undefined' || module, this);
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(77)(module)))
/***/ },
/* 77 */
/***/ function(module, exports) {
module.exports = function(module) {
if(!module.webpackPolyfill) {
module.deprecate = function() {};
module.paths = [];
// module.parent = undefined by default
module.children = [];
module.webpackPolyfill = 1;
}
return module;
}
/***/ },
/* 78 */
/***/ function(module, exports, __webpack_require__) {
var bn = __webpack_require__(76);
var brorand = __webpack_require__(79);
function MillerRabin(rand) {
this.rand = rand || new brorand.Rand();
}
module.exports = MillerRabin;
MillerRabin.create = function create(rand) {
return new MillerRabin(rand);
};
MillerRabin.prototype._rand = function _rand(n) {
var len = n.bitLength();
var buf = this.rand.generate(Math.ceil(len / 8));
// Set low bits
buf[0] |= 3;
// Mask high bits
var mask = len & 0x7;
if (mask !== 0)
buf[buf.length - 1] >>= 7 - mask;
return new bn(buf);
}
MillerRabin.prototype.test = function test(n, k, cb) {
var len = n.bitLength();
var red = bn.mont(n);
var rone = new bn(1).toRed(red);
if (!k)
k = Math.max(1, (len / 48) | 0);
// Find d and s, (n - 1) = (2 ^ s) * d;
var n1 = n.subn(1);
var n2 = n1.subn(1);
for (var s = 0; !n1.testn(s); s++) {}
var d = n.shrn(s);
var rn1 = n1.toRed(red);
var prime = true;
for (; k > 0; k--) {
var a = this._rand(n2);
if (cb)
cb(a);
var x = a.toRed(red).redPow(d);
if (x.cmp(rone) === 0 || x.cmp(rn1) === 0)
continue;
for (var i = 1; i < s; i++) {
x = x.redSqr();
if (x.cmp(rone) === 0)
return false;
if (x.cmp(rn1) === 0)
break;
}
if (i === s)
return false;
}
return prime;
};
MillerRabin.prototype.getDivisor = function getDivisor(n, k) {
var len = n.bitLength();
var red = bn.mont(n);
var rone = new bn(1).toRed(red);
if (!k)
k = Math.max(1, (len / 48) | 0);
// Find d and s, (n - 1) = (2 ^ s) * d;
var n1 = n.subn(1);
var n2 = n1.subn(1);
for (var s = 0; !n1.testn(s); s++) {}
var d = n.shrn(s);
var rn1 = n1.toRed(red);
for (; k > 0; k--) {
var a = this._rand(n2);
var g = n.gcd(a);
if (g.cmpn(1) !== 0)
return g;
var x = a.toRed(red).redPow(d);
if (x.cmp(rone) === 0 || x.cmp(rn1) === 0)
continue;
for (var i = 1; i < s; i++) {
x = x.redSqr();
if (x.cmp(rone) === 0)
return x.fromRed().subn(1).gcd(n);
if (x.cmp(rn1) === 0)
break;
}
if (i === s) {
x = x.redSqr();
return x.fromRed().subn(1).gcd(n);
}
}
return false;
};
/***/ },
/* 79 */
/***/ function(module, exports, __webpack_require__) {
var r;
module.exports = function rand(len) {
if (!r)
r = new Rand(null);
return r.generate(len);
};
function Rand(rand) {
this.rand = rand;
}
module.exports.Rand = Rand;
Rand.prototype.generate = function generate(len) {
return this._rand(len);
};
if (typeof window === 'object') {
if (window.crypto && window.crypto.getRandomValues) {
// Modern browsers
Rand.prototype._rand = function _rand(n) {
var arr = new Uint8Array(n);
window.crypto.getRandomValues(arr);
return arr;
};
} else if (window.msCrypto && window.msCrypto.getRandomValues) {
// IE
Rand.prototype._rand = function _rand(n) {
var arr = new Uint8Array(n);
window.msCrypto.getRandomValues(arr);
return arr;
};
} else {
// Old junk
Rand.prototype._rand = function() {
throw new Error('Not implemented yet');
};
}
} else {
// Node.js or Web worker
try {
var crypto = __webpack_require__(80);
Rand.prototype._rand = function _rand(n) {
return crypto.randomBytes(n);
};
} catch (e) {
// Emulate crypto API using randy
Rand.prototype._rand = function _rand(n) {
var res = new Uint8Array(n);
for (var i = 0; i < res.length; i++)
res[i] = this.rand.getByte();
return res;
};
}
}
/***/ },
/* 80 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var rng = __webpack_require__(81)
function error () {
var m = [].slice.call(arguments).join(' ')
throw new Error([
m,
'we accept pull requests',
'http://github.com/dominictarr/crypto-browserify'
].join('\n'))
}
exports.createHash = __webpack_require__(83)
exports.createHmac = __webpack_require__(94)
exports.randomBytes = function(size, callback) {
if (callback && callback.call) {
try {
callback.call(this, undefined, new Buffer(rng(size)))
} catch (err) { callback(err) }
} else {
return new Buffer(rng(size))
}
}
function each(a, f) {
for(var i in a)
f(a[i], i)
}
exports.getHashes = function () {
return ['sha1', 'sha256', 'sha512', 'md5', 'rmd160']
}
var p = __webpack_require__(95)(exports)
exports.pbkdf2 = p.pbkdf2
exports.pbkdf2Sync = p.pbkdf2Sync
// the least I can do is make error messages for the rest of the node.js/crypto api.
each(['createCredentials'
, 'createCipher'
, 'createCipheriv'
, 'createDecipher'
, 'createDecipheriv'
, 'createSign'
, 'createVerify'
, 'createDiffieHellman'
], function (name) {
exports[name] = function () {
error('sorry,', name, 'is not implemented yet')
}
})
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 81 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(global, Buffer) {(function() {
var g = ('undefined' === typeof window ? global : window) || {}
_crypto = (
g.crypto || g.msCrypto || __webpack_require__(82)
)
module.exports = function(size) {
// Modern Browsers
if(_crypto.getRandomValues) {
var bytes = new Buffer(size); //in browserify, this is an extended Uint8Array
/* This will not work in older browsers.
* See https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomValues
*/
_crypto.getRandomValues(bytes);
return bytes;
}
else if (_crypto.randomBytes) {
return _crypto.randomBytes(size)
}
else
throw new Error(
'secure random number generation not supported by this browser\n'+
'use chrome, FireFox or Internet Explorer 11'
)
}
}())
/* WEBPACK VAR INJECTION */}.call(exports, (function() { return this; }()), __webpack_require__(1).Buffer))
/***/ },
/* 82 */
/***/ function(module, exports) {
/* (ignored) */
/***/ },
/* 83 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var createHash = __webpack_require__(84)
var md5 = toConstructor(__webpack_require__(91))
var rmd160 = toConstructor(__webpack_require__(93))
function toConstructor (fn) {
return function () {
var buffers = []
var m= {
update: function (data, enc) {
if(!Buffer.isBuffer(data)) data = new Buffer(data, enc)
buffers.push(data)
return this
},
digest: function (enc) {
var buf = Buffer.concat(buffers)
var r = fn(buf)
buffers = null
return enc ? r.toString(enc) : r
}
}
return m
}
}
module.exports = function (alg) {
if('md5' === alg) return new md5()
if('rmd160' === alg) return new rmd160()
return createHash(alg)
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 84 */
/***/ function(module, exports, __webpack_require__) {
var exports = module.exports = function (alg) {
var Alg = exports[alg]
if(!Alg) throw new Error(alg + ' is not supported (we accept pull requests)')
return new Alg()
}
var Buffer = __webpack_require__(1).Buffer
var Hash = __webpack_require__(85)(Buffer)
exports.sha1 = __webpack_require__(86)(Buffer, Hash)
exports.sha256 = __webpack_require__(89)(Buffer, Hash)
exports.sha512 = __webpack_require__(90)(Buffer, Hash)
/***/ },
/* 85 */
/***/ function(module, exports) {
module.exports = function (Buffer) {
//prototype class for hash functions
function Hash (blockSize, finalSize) {
this._block = new Buffer(blockSize) //new Uint32Array(blockSize/4)
this._finalSize = finalSize
this._blockSize = blockSize
this._len = 0
this._s = 0
}
Hash.prototype.init = function () {
this._s = 0
this._len = 0
}
Hash.prototype.update = function (data, enc) {
if ("string" === typeof data) {
enc = enc || "utf8"
data = new Buffer(data, enc)
}
var l = this._len += data.length
var s = this._s = (this._s || 0)
var f = 0
var buffer = this._block
while (s < l) {
var t = Math.min(data.length, f + this._blockSize - (s % this._blockSize))
var ch = (t - f)
for (var i = 0; i < ch; i++) {
buffer[(s % this._blockSize) + i] = data[i + f]
}
s += ch
f += ch
if ((s % this._blockSize) === 0) {
this._update(buffer)
}
}
this._s = s
return this
}
Hash.prototype.digest = function (enc) {
// Suppose the length of the message M, in bits, is l
var l = this._len * 8
// Append the bit 1 to the end of the message
this._block[this._len % this._blockSize] = 0x80
// and then k zero bits, where k is the smallest non-negative solution to the equation (l + 1 + k) === finalSize mod blockSize
this._block.fill(0, this._len % this._blockSize + 1)
if (l % (this._blockSize * 8) >= this._finalSize * 8) {
this._update(this._block)
this._block.fill(0)
}
// to this append the block which is equal to the number l written in binary
// TODO: handle case where l is > Math.pow(2, 29)
this._block.writeInt32BE(l, this._blockSize - 4)
var hash = this._update(this._block) || this._hash()
return enc ? hash.toString(enc) : hash
}
Hash.prototype._update = function () {
throw new Error('_update must be implemented by subclass')
}
return Hash
}
/***/ },
/* 86 */
/***/ function(module, exports, __webpack_require__) {
/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
* in FIPS PUB 180-1
* Version 2.1a Copyright Paul Johnston 2000 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
*/
var inherits = __webpack_require__(87).inherits
module.exports = function (Buffer, Hash) {
var A = 0|0
var B = 4|0
var C = 8|0
var D = 12|0
var E = 16|0
var W = new (typeof Int32Array === 'undefined' ? Array : Int32Array)(80)
var POOL = []
function Sha1 () {
if(POOL.length)
return POOL.pop().init()
if(!(this instanceof Sha1)) return new Sha1()
this._w = W
Hash.call(this, 16*4, 14*4)
this._h = null
this.init()
}
inherits(Sha1, Hash)
Sha1.prototype.init = function () {
this._a = 0x67452301
this._b = 0xefcdab89
this._c = 0x98badcfe
this._d = 0x10325476
this._e = 0xc3d2e1f0
Hash.prototype.init.call(this)
return this
}
Sha1.prototype._POOL = POOL
Sha1.prototype._update = function (X) {
var a, b, c, d, e, _a, _b, _c, _d, _e
a = _a = this._a
b = _b = this._b
c = _c = this._c
d = _d = this._d
e = _e = this._e
var w = this._w
for(var j = 0; j < 80; j++) {
var W = w[j] = j < 16 ? X.readInt32BE(j*4)
: rol(w[j - 3] ^ w[j - 8] ^ w[j - 14] ^ w[j - 16], 1)
var t = add(
add(rol(a, 5), sha1_ft(j, b, c, d)),
add(add(e, W), sha1_kt(j))
)
e = d
d = c
c = rol(b, 30)
b = a
a = t
}
this._a = add(a, _a)
this._b = add(b, _b)
this._c = add(c, _c)
this._d = add(d, _d)
this._e = add(e, _e)
}
Sha1.prototype._hash = function () {
if(POOL.length < 100) POOL.push(this)
var H = new Buffer(20)
//console.log(this._a|0, this._b|0, this._c|0, this._d|0, this._e|0)
H.writeInt32BE(this._a|0, A)
H.writeInt32BE(this._b|0, B)
H.writeInt32BE(this._c|0, C)
H.writeInt32BE(this._d|0, D)
H.writeInt32BE(this._e|0, E)
return H
}
/*
* Perform the appropriate triplet combination function for the current
* iteration
*/
function sha1_ft(t, b, c, d) {
if(t < 20) return (b & c) | ((~b) & d);
if(t < 40) return b ^ c ^ d;
if(t < 60) return (b & c) | (b & d) | (c & d);
return b ^ c ^ d;
}
/*
* Determine the appropriate additive constant for the current iteration
*/
function sha1_kt(t) {
return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
(t < 60) ? -1894007588 : -899497514;
}
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
* //dominictarr: this is 10 years old, so maybe this can be dropped?)
*
*/
function add(x, y) {
return (x + y ) | 0
//lets see how this goes on testling.
// var lsw = (x & 0xFFFF) + (y & 0xFFFF);
// var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
// return (msw << 16) | (lsw & 0xFFFF);
}
/*
* Bitwise rotate a 32-bit number to the left.
*/
function rol(num, cnt) {
return (num << cnt) | (num >>> (32 - cnt));
}
return Sha1
}
/***/ },
/* 87 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(global, process) {// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
var formatRegExp = /%[sdj%]/g;
exports.format = function(f) {
if (!isString(f)) {
var objects = [];
for (var i = 0; i < arguments.length; i++) {
objects.push(inspect(arguments[i]));
}
return objects.join(' ');
}
var i = 1;
var args = arguments;
var len = args.length;
var str = String(f).replace(formatRegExp, function(x) {
if (x === '%%') return '%';
if (i >= len) return x;
switch (x) {
case '%s': return String(args[i++]);
case '%d': return Number(args[i++]);
case '%j':
try {
return JSON.stringify(args[i++]);
} catch (_) {
return '[Circular]';
}
default:
return x;
}
});
for (var x = args[i]; i < len; x = args[++i]) {
if (isNull(x) || !isObject(x)) {
str += ' ' + x;
} else {
str += ' ' + inspect(x);
}
}
return str;
};
// Mark that a method should not be used.
// Returns a modified function which warns once by default.
// If --no-deprecation is set, then it is a no-op.
exports.deprecate = function(fn, msg) {
// Allow for deprecating things in the process of starting up.
if (isUndefined(global.process)) {
return function() {
return exports.deprecate(fn, msg).apply(this, arguments);
};
}
if (process.noDeprecation === true) {
return fn;
}
var warned = false;
function deprecated() {
if (!warned) {
if (process.throwDeprecation) {
throw new Error(msg);
} else if (process.traceDeprecation) {
console.trace(msg);
} else {
console.error(msg);
}
warned = true;
}
return fn.apply(this, arguments);
}
return deprecated;
};
var debugs = {};
var debugEnviron;
exports.debuglog = function(set) {
if (isUndefined(debugEnviron))
debugEnviron = process.env.NODE_DEBUG || '';
set = set.toUpperCase();
if (!debugs[set]) {
if (new RegExp('\\b' + set + '\\b', 'i').test(debugEnviron)) {
var pid = process.pid;
debugs[set] = function() {
var msg = exports.format.apply(exports, arguments);
console.error('%s %d: %s', set, pid, msg);
};
} else {
debugs[set] = function() {};
}
}
return debugs[set];
};
/**
* Echos the value of a value. Trys to print the value out
* in the best way possible given the different types.
*
* @param {Object} obj The object to print out.
* @param {Object} opts Optional options object that alters the output.
*/
/* legacy: obj, showHidden, depth, colors*/
function inspect(obj, opts) {
// default options
var ctx = {
seen: [],
stylize: stylizeNoColor
};
// legacy...
if (arguments.length >= 3) ctx.depth = arguments[2];
if (arguments.length >= 4) ctx.colors = arguments[3];
if (isBoolean(opts)) {
// legacy...
ctx.showHidden = opts;
} else if (opts) {
// got an "options" object
exports._extend(ctx, opts);
}
// set default options
if (isUndefined(ctx.showHidden)) ctx.showHidden = false;
if (isUndefined(ctx.depth)) ctx.depth = 2;
if (isUndefined(ctx.colors)) ctx.colors = false;
if (isUndefined(ctx.customInspect)) ctx.customInspect = true;
if (ctx.colors) ctx.stylize = stylizeWithColor;
return formatValue(ctx, obj, ctx.depth);
}
exports.inspect = inspect;
// http://en.wikipedia.org/wiki/ANSI_escape_code#graphics
inspect.colors = {
'bold' : [1, 22],
'italic' : [3, 23],
'underline' : [4, 24],
'inverse' : [7, 27],
'white' : [37, 39],
'grey' : [90, 39],
'black' : [30, 39],
'blue' : [34, 39],
'cyan' : [36, 39],
'green' : [32, 39],
'magenta' : [35, 39],
'red' : [31, 39],
'yellow' : [33, 39]
};
// Don't use 'blue' not visible on cmd.exe
inspect.styles = {
'special': 'cyan',
'number': 'yellow',
'boolean': 'yellow',
'undefined': 'grey',
'null': 'bold',
'string': 'green',
'date': 'magenta',
// "name": intentionally not styling
'regexp': 'red'
};
function stylizeWithColor(str, styleType) {
var style = inspect.styles[styleType];
if (style) {
return '\u001b[' + inspect.colors[style][0] + 'm' + str +
'\u001b[' + inspect.colors[style][1] + 'm';
} else {
return str;
}
}
function stylizeNoColor(str, styleType) {
return str;
}
function arrayToHash(array) {
var hash = {};
array.forEach(function(val, idx) {
hash[val] = true;
});
return hash;
}
function formatValue(ctx, value, recurseTimes) {
// Provide a hook for user-specified inspect functions.
// Check that value is an object with an inspect function on it
if (ctx.customInspect &&
value &&
isFunction(value.inspect) &&
// Filter out the util module, it's inspect function is special
value.inspect !== exports.inspect &&
// Also filter out any prototype objects using the circular check.
!(value.constructor && value.constructor.prototype === value)) {
var ret = value.inspect(recurseTimes, ctx);
if (!isString(ret)) {
ret = formatValue(ctx, ret, recurseTimes);
}
return ret;
}
// Primitive types cannot have properties
var primitive = formatPrimitive(ctx, value);
if (primitive) {
return primitive;
}
// Look up the keys of the object.
var keys = Object.keys(value);
var visibleKeys = arrayToHash(keys);
if (ctx.showHidden) {
keys = Object.getOwnPropertyNames(value);
}
// IE doesn't make error fields non-enumerable
// http://msdn.microsoft.com/en-us/library/ie/dww52sbt(v=vs.94).aspx
if (isError(value)
&& (keys.indexOf('message') >= 0 || keys.indexOf('description') >= 0)) {
return formatError(value);
}
// Some type of object without properties can be shortcutted.
if (keys.length === 0) {
if (isFunction(value)) {
var name = value.name ? ': ' + value.name : '';
return ctx.stylize('[Function' + name + ']', 'special');
}
if (isRegExp(value)) {
return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
}
if (isDate(value)) {
return ctx.stylize(Date.prototype.toString.call(value), 'date');
}
if (isError(value)) {
return formatError(value);
}
}
var base = '', array = false, braces = ['{', '}'];
// Make Array say that they are Array
if (isArray(value)) {
array = true;
braces = ['[', ']'];
}
// Make functions say that they are functions
if (isFunction(value)) {
var n = value.name ? ': ' + value.name : '';
base = ' [Function' + n + ']';
}
// Make RegExps say that they are RegExps
if (isRegExp(value)) {
base = ' ' + RegExp.prototype.toString.call(value);
}
// Make dates with properties first say the date
if (isDate(value)) {
base = ' ' + Date.prototype.toUTCString.call(value);
}
// Make error with message first say the error
if (isError(value)) {
base = ' ' + formatError(value);
}
if (keys.length === 0 && (!array || value.length == 0)) {
return braces[0] + base + braces[1];
}
if (recurseTimes < 0) {
if (isRegExp(value)) {
return ctx.stylize(RegExp.prototype.toString.call(value), 'regexp');
} else {
return ctx.stylize('[Object]', 'special');
}
}
ctx.seen.push(value);
var output;
if (array) {
output = formatArray(ctx, value, recurseTimes, visibleKeys, keys);
} else {
output = keys.map(function(key) {
return formatProperty(ctx, value, recurseTimes, visibleKeys, key, array);
});
}
ctx.seen.pop();
return reduceToSingleString(output, base, braces);
}
function formatPrimitive(ctx, value) {
if (isUndefined(value))
return ctx.stylize('undefined', 'undefined');
if (isString(value)) {
var simple = '\'' + JSON.stringify(value).replace(/^"|"$/g, '')
.replace(/'/g, "\\'")
.replace(/\\"/g, '"') + '\'';
return ctx.stylize(simple, 'string');
}
if (isNumber(value))
return ctx.stylize('' + value, 'number');
if (isBoolean(value))
return ctx.stylize('' + value, 'boolean');
// For some reason typeof null is "object", so special case here.
if (isNull(value))
return ctx.stylize('null', 'null');
}
function formatError(value) {
return '[' + Error.prototype.toString.call(value) + ']';
}
function formatArray(ctx, value, recurseTimes, visibleKeys, keys) {
var output = [];
for (var i = 0, l = value.length; i < l; ++i) {
if (hasOwnProperty(value, String(i))) {
output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
String(i), true));
} else {
output.push('');
}
}
keys.forEach(function(key) {
if (!key.match(/^\d+$/)) {
output.push(formatProperty(ctx, value, recurseTimes, visibleKeys,
key, true));
}
});
return output;
}
function formatProperty(ctx, value, recurseTimes, visibleKeys, key, array) {
var name, str, desc;
desc = Object.getOwnPropertyDescriptor(value, key) || { value: value[key] };
if (desc.get) {
if (desc.set) {
str = ctx.stylize('[Getter/Setter]', 'special');
} else {
str = ctx.stylize('[Getter]', 'special');
}
} else {
if (desc.set) {
str = ctx.stylize('[Setter]', 'special');
}
}
if (!hasOwnProperty(visibleKeys, key)) {
name = '[' + key + ']';
}
if (!str) {
if (ctx.seen.indexOf(desc.value) < 0) {
if (isNull(recurseTimes)) {
str = formatValue(ctx, desc.value, null);
} else {
str = formatValue(ctx, desc.value, recurseTimes - 1);
}
if (str.indexOf('\n') > -1) {
if (array) {
str = str.split('\n').map(function(line) {
return ' ' + line;
}).join('\n').substr(2);
} else {
str = '\n' + str.split('\n').map(function(line) {
return ' ' + line;
}).join('\n');
}
}
} else {
str = ctx.stylize('[Circular]', 'special');
}
}
if (isUndefined(name)) {
if (array && key.match(/^\d+$/)) {
return str;
}
name = JSON.stringify('' + key);
if (name.match(/^"([a-zA-Z_][a-zA-Z_0-9]*)"$/)) {
name = name.substr(1, name.length - 2);
name = ctx.stylize(name, 'name');
} else {
name = name.replace(/'/g, "\\'")
.replace(/\\"/g, '"')
.replace(/(^"|"$)/g, "'");
name = ctx.stylize(name, 'string');
}
}
return name + ': ' + str;
}
function reduceToSingleString(output, base, braces) {
var numLinesEst = 0;
var length = output.reduce(function(prev, cur) {
numLinesEst++;
if (cur.indexOf('\n') >= 0) numLinesEst++;
return prev + cur.replace(/\u001b\[\d\d?m/g, '').length + 1;
}, 0);
if (length > 60) {
return braces[0] +
(base === '' ? '' : base + '\n ') +
' ' +
output.join(',\n ') +
' ' +
braces[1];
}
return braces[0] + base + ' ' + output.join(', ') + ' ' + braces[1];
}
// NOTE: These type checking functions intentionally don't use `instanceof`
// because it is fragile and can be easily faked with `Object.create()`.
function isArray(ar) {
return Array.isArray(ar);
}
exports.isArray = isArray;
function isBoolean(arg) {
return typeof arg === 'boolean';
}
exports.isBoolean = isBoolean;
function isNull(arg) {
return arg === null;
}
exports.isNull = isNull;
function isNullOrUndefined(arg) {
return arg == null;
}
exports.isNullOrUndefined = isNullOrUndefined;
function isNumber(arg) {
return typeof arg === 'number';
}
exports.isNumber = isNumber;
function isString(arg) {
return typeof arg === 'string';
}
exports.isString = isString;
function isSymbol(arg) {
return typeof arg === 'symbol';
}
exports.isSymbol = isSymbol;
function isUndefined(arg) {
return arg === void 0;
}
exports.isUndefined = isUndefined;
function isRegExp(re) {
return isObject(re) && objectToString(re) === '[object RegExp]';
}
exports.isRegExp = isRegExp;
function isObject(arg) {
return typeof arg === 'object' && arg !== null;
}
exports.isObject = isObject;
function isDate(d) {
return isObject(d) && objectToString(d) === '[object Date]';
}
exports.isDate = isDate;
function isError(e) {
return isObject(e) &&
(objectToString(e) === '[object Error]' || e instanceof Error);
}
exports.isError = isError;
function isFunction(arg) {
return typeof arg === 'function';
}
exports.isFunction = isFunction;
function isPrimitive(arg) {
return arg === null ||
typeof arg === 'boolean' ||
typeof arg === 'number' ||
typeof arg === 'string' ||
typeof arg === 'symbol' || // ES6 symbol
typeof arg === 'undefined';
}
exports.isPrimitive = isPrimitive;
exports.isBuffer = __webpack_require__(88);
function objectToString(o) {
return Object.prototype.toString.call(o);
}
function pad(n) {
return n < 10 ? '0' + n.toString(10) : n.toString(10);
}
var months = ['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep',
'Oct', 'Nov', 'Dec'];
// 26 Feb 16:19:34
function timestamp() {
var d = new Date();
var time = [pad(d.getHours()),
pad(d.getMinutes()),
pad(d.getSeconds())].join(':');
return [d.getDate(), months[d.getMonth()], time].join(' ');
}
// log is just a thin wrapper to console.log that prepends a timestamp
exports.log = function() {
console.log('%s - %s', timestamp(), exports.format.apply(exports, arguments));
};
/**
* Inherit the prototype methods from one constructor into another.
*
* The Function.prototype.inherits from lang.js rewritten as a standalone
* function (not on Function.prototype). NOTE: If this file is to be loaded
* during bootstrapping this function needs to be rewritten using some native
* functions as prototype setup using normal JavaScript does not work as
* expected during bootstrapping (see mirror.js in r114903).
*
* @param {function} ctor Constructor function which needs to inherit the
* prototype.
* @param {function} superCtor Constructor function to inherit prototype from.
*/
exports.inherits = __webpack_require__(15);
exports._extend = function(origin, add) {
// Don't do anything if add isn't an object
if (!add || !isObject(add)) return origin;
var keys = Object.keys(add);
var i = keys.length;
while (i--) {
origin[keys[i]] = add[keys[i]];
}
return origin;
};
function hasOwnProperty(obj, prop) {
return Object.prototype.hasOwnProperty.call(obj, prop);
}
/* WEBPACK VAR INJECTION */}.call(exports, (function() { return this; }()), __webpack_require__(13)))
/***/ },
/* 88 */
/***/ function(module, exports) {
module.exports = function isBuffer(arg) {
return arg && typeof arg === 'object'
&& typeof arg.copy === 'function'
&& typeof arg.fill === 'function'
&& typeof arg.readUInt8 === 'function';
}
/***/ },
/* 89 */
/***/ function(module, exports, __webpack_require__) {
/**
* A JavaScript implementation of the Secure Hash Algorithm, SHA-256, as defined
* in FIPS 180-2
* Version 2.2-beta Copyright Angel Marin, Paul Johnston 2000 - 2009.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
*
*/
var inherits = __webpack_require__(87).inherits
module.exports = function (Buffer, Hash) {
var K = [
0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2
]
var W = new Array(64)
function Sha256() {
this.init()
this._w = W //new Array(64)
Hash.call(this, 16*4, 14*4)
}
inherits(Sha256, Hash)
Sha256.prototype.init = function () {
this._a = 0x6a09e667|0
this._b = 0xbb67ae85|0
this._c = 0x3c6ef372|0
this._d = 0xa54ff53a|0
this._e = 0x510e527f|0
this._f = 0x9b05688c|0
this._g = 0x1f83d9ab|0
this._h = 0x5be0cd19|0
this._len = this._s = 0
return this
}
function S (X, n) {
return (X >>> n) | (X << (32 - n));
}
function R (X, n) {
return (X >>> n);
}
function Ch (x, y, z) {
return ((x & y) ^ ((~x) & z));
}
function Maj (x, y, z) {
return ((x & y) ^ (x & z) ^ (y & z));
}
function Sigma0256 (x) {
return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
}
function Sigma1256 (x) {
return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
}
function Gamma0256 (x) {
return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
}
function Gamma1256 (x) {
return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
}
Sha256.prototype._update = function(M) {
var W = this._w
var a, b, c, d, e, f, g, h
var T1, T2
a = this._a | 0
b = this._b | 0
c = this._c | 0
d = this._d | 0
e = this._e | 0
f = this._f | 0
g = this._g | 0
h = this._h | 0
for (var j = 0; j < 64; j++) {
var w = W[j] = j < 16
? M.readInt32BE(j * 4)
: Gamma1256(W[j - 2]) + W[j - 7] + Gamma0256(W[j - 15]) + W[j - 16]
T1 = h + Sigma1256(e) + Ch(e, f, g) + K[j] + w
T2 = Sigma0256(a) + Maj(a, b, c);
h = g; g = f; f = e; e = d + T1; d = c; c = b; b = a; a = T1 + T2;
}
this._a = (a + this._a) | 0
this._b = (b + this._b) | 0
this._c = (c + this._c) | 0
this._d = (d + this._d) | 0
this._e = (e + this._e) | 0
this._f = (f + this._f) | 0
this._g = (g + this._g) | 0
this._h = (h + this._h) | 0
};
Sha256.prototype._hash = function () {
var H = new Buffer(32)
H.writeInt32BE(this._a, 0)
H.writeInt32BE(this._b, 4)
H.writeInt32BE(this._c, 8)
H.writeInt32BE(this._d, 12)
H.writeInt32BE(this._e, 16)
H.writeInt32BE(this._f, 20)
H.writeInt32BE(this._g, 24)
H.writeInt32BE(this._h, 28)
return H
}
return Sha256
}
/***/ },
/* 90 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(87).inherits
module.exports = function (Buffer, Hash) {
var K = [
0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
]
var W = new Array(160)
function Sha512() {
this.init()
this._w = W
Hash.call(this, 128, 112)
}
inherits(Sha512, Hash)
Sha512.prototype.init = function () {
this._a = 0x6a09e667|0
this._b = 0xbb67ae85|0
this._c = 0x3c6ef372|0
this._d = 0xa54ff53a|0
this._e = 0x510e527f|0
this._f = 0x9b05688c|0
this._g = 0x1f83d9ab|0
this._h = 0x5be0cd19|0
this._al = 0xf3bcc908|0
this._bl = 0x84caa73b|0
this._cl = 0xfe94f82b|0
this._dl = 0x5f1d36f1|0
this._el = 0xade682d1|0
this._fl = 0x2b3e6c1f|0
this._gl = 0xfb41bd6b|0
this._hl = 0x137e2179|0
this._len = this._s = 0
return this
}
function S (X, Xl, n) {
return (X >>> n) | (Xl << (32 - n))
}
function Ch (x, y, z) {
return ((x & y) ^ ((~x) & z));
}
function Maj (x, y, z) {
return ((x & y) ^ (x & z) ^ (y & z));
}
Sha512.prototype._update = function(M) {
var W = this._w
var a, b, c, d, e, f, g, h
var al, bl, cl, dl, el, fl, gl, hl
a = this._a | 0
b = this._b | 0
c = this._c | 0
d = this._d | 0
e = this._e | 0
f = this._f | 0
g = this._g | 0
h = this._h | 0
al = this._al | 0
bl = this._bl | 0
cl = this._cl | 0
dl = this._dl | 0
el = this._el | 0
fl = this._fl | 0
gl = this._gl | 0
hl = this._hl | 0
for (var i = 0; i < 80; i++) {
var j = i * 2
var Wi, Wil
if (i < 16) {
Wi = W[j] = M.readInt32BE(j * 4)
Wil = W[j + 1] = M.readInt32BE(j * 4 + 4)
} else {
var x = W[j - 15*2]
var xl = W[j - 15*2 + 1]
var gamma0 = S(x, xl, 1) ^ S(x, xl, 8) ^ (x >>> 7)
var gamma0l = S(xl, x, 1) ^ S(xl, x, 8) ^ S(xl, x, 7)
x = W[j - 2*2]
xl = W[j - 2*2 + 1]
var gamma1 = S(x, xl, 19) ^ S(xl, x, 29) ^ (x >>> 6)
var gamma1l = S(xl, x, 19) ^ S(x, xl, 29) ^ S(xl, x, 6)
// W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
var Wi7 = W[j - 7*2]
var Wi7l = W[j - 7*2 + 1]
var Wi16 = W[j - 16*2]
var Wi16l = W[j - 16*2 + 1]
Wil = gamma0l + Wi7l
Wi = gamma0 + Wi7 + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0)
Wil = Wil + gamma1l
Wi = Wi + gamma1 + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0)
Wil = Wil + Wi16l
Wi = Wi + Wi16 + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0)
W[j] = Wi
W[j + 1] = Wil
}
var maj = Maj(a, b, c)
var majl = Maj(al, bl, cl)
var sigma0h = S(a, al, 28) ^ S(al, a, 2) ^ S(al, a, 7)
var sigma0l = S(al, a, 28) ^ S(a, al, 2) ^ S(a, al, 7)
var sigma1h = S(e, el, 14) ^ S(e, el, 18) ^ S(el, e, 9)
var sigma1l = S(el, e, 14) ^ S(el, e, 18) ^ S(e, el, 9)
// t1 = h + sigma1 + ch + K[i] + W[i]
var Ki = K[j]
var Kil = K[j + 1]
var ch = Ch(e, f, g)
var chl = Ch(el, fl, gl)
var t1l = hl + sigma1l
var t1 = h + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0)
t1l = t1l + chl
t1 = t1 + ch + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0)
t1l = t1l + Kil
t1 = t1 + Ki + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0)
t1l = t1l + Wil
t1 = t1 + Wi + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0)
// t2 = sigma0 + maj
var t2l = sigma0l + majl
var t2 = sigma0h + maj + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0)
h = g
hl = gl
g = f
gl = fl
f = e
fl = el
el = (dl + t1l) | 0
e = (d + t1 + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0
d = c
dl = cl
c = b
cl = bl
b = a
bl = al
al = (t1l + t2l) | 0
a = (t1 + t2 + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0
}
this._al = (this._al + al) | 0
this._bl = (this._bl + bl) | 0
this._cl = (this._cl + cl) | 0
this._dl = (this._dl + dl) | 0
this._el = (this._el + el) | 0
this._fl = (this._fl + fl) | 0
this._gl = (this._gl + gl) | 0
this._hl = (this._hl + hl) | 0
this._a = (this._a + a + ((this._al >>> 0) < (al >>> 0) ? 1 : 0)) | 0
this._b = (this._b + b + ((this._bl >>> 0) < (bl >>> 0) ? 1 : 0)) | 0
this._c = (this._c + c + ((this._cl >>> 0) < (cl >>> 0) ? 1 : 0)) | 0
this._d = (this._d + d + ((this._dl >>> 0) < (dl >>> 0) ? 1 : 0)) | 0
this._e = (this._e + e + ((this._el >>> 0) < (el >>> 0) ? 1 : 0)) | 0
this._f = (this._f + f + ((this._fl >>> 0) < (fl >>> 0) ? 1 : 0)) | 0
this._g = (this._g + g + ((this._gl >>> 0) < (gl >>> 0) ? 1 : 0)) | 0
this._h = (this._h + h + ((this._hl >>> 0) < (hl >>> 0) ? 1 : 0)) | 0
}
Sha512.prototype._hash = function () {
var H = new Buffer(64)
function writeInt64BE(h, l, offset) {
H.writeInt32BE(h, offset)
H.writeInt32BE(l, offset + 4)
}
writeInt64BE(this._a, this._al, 0)
writeInt64BE(this._b, this._bl, 8)
writeInt64BE(this._c, this._cl, 16)
writeInt64BE(this._d, this._dl, 24)
writeInt64BE(this._e, this._el, 32)
writeInt64BE(this._f, this._fl, 40)
writeInt64BE(this._g, this._gl, 48)
writeInt64BE(this._h, this._hl, 56)
return H
}
return Sha512
}
/***/ },
/* 91 */
/***/ function(module, exports, __webpack_require__) {
/*
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for more info.
*/
var helpers = __webpack_require__(92);
/*
* Calculate the MD5 of an array of little-endian words, and a bit length
*/
function core_md5(x, len)
{
/* append padding */
x[len >> 5] |= 0x80 << ((len) % 32);
x[(((len + 64) >>> 9) << 4) + 14] = len;
var a = 1732584193;
var b = -271733879;
var c = -1732584194;
var d = 271733878;
for(var i = 0; i < x.length; i += 16)
{
var olda = a;
var oldb = b;
var oldc = c;
var oldd = d;
a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
a = safe_add(a, olda);
b = safe_add(b, oldb);
c = safe_add(c, oldc);
d = safe_add(d, oldd);
}
return Array(a, b, c, d);
}
/*
* These functions implement the four basic operations the algorithm uses.
*/
function md5_cmn(q, a, b, x, s, t)
{
return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
}
function md5_ff(a, b, c, d, x, s, t)
{
return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
}
function md5_gg(a, b, c, d, x, s, t)
{
return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
}
function md5_hh(a, b, c, d, x, s, t)
{
return md5_cmn(b ^ c ^ d, a, b, x, s, t);
}
function md5_ii(a, b, c, d, x, s, t)
{
return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
}
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y)
{
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
/*
* Bitwise rotate a 32-bit number to the left.
*/
function bit_rol(num, cnt)
{
return (num << cnt) | (num >>> (32 - cnt));
}
module.exports = function md5(buf) {
return helpers.hash(buf, core_md5, 16);
};
/***/ },
/* 92 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var intSize = 4;
var zeroBuffer = new Buffer(intSize); zeroBuffer.fill(0);
var chrsz = 8;
function toArray(buf, bigEndian) {
if ((buf.length % intSize) !== 0) {
var len = buf.length + (intSize - (buf.length % intSize));
buf = Buffer.concat([buf, zeroBuffer], len);
}
var arr = [];
var fn = bigEndian ? buf.readInt32BE : buf.readInt32LE;
for (var i = 0; i < buf.length; i += intSize) {
arr.push(fn.call(buf, i));
}
return arr;
}
function toBuffer(arr, size, bigEndian) {
var buf = new Buffer(size);
var fn = bigEndian ? buf.writeInt32BE : buf.writeInt32LE;
for (var i = 0; i < arr.length; i++) {
fn.call(buf, arr[i], i * 4, true);
}
return buf;
}
function hash(buf, fn, hashSize, bigEndian) {
if (!Buffer.isBuffer(buf)) buf = new Buffer(buf);
var arr = fn(toArray(buf, bigEndian), buf.length * chrsz);
return toBuffer(arr, hashSize, bigEndian);
}
module.exports = { hash: hash };
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 93 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {
module.exports = ripemd160
/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
/** @preserve
(c) 2012 by Cédric Mesnil. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
// Constants table
var zl = [
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13];
var zr = [
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11];
var sl = [
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ];
var sr = [
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ];
var hl = [ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E];
var hr = [ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000];
var bytesToWords = function (bytes) {
var words = [];
for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
words[b >>> 5] |= bytes[i] << (24 - b % 32);
}
return words;
};
var wordsToBytes = function (words) {
var bytes = [];
for (var b = 0; b < words.length * 32; b += 8) {
bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
}
return bytes;
};
var processBlock = function (H, M, offset) {
// Swap endian
for (var i = 0; i < 16; i++) {
var offset_i = offset + i;
var M_offset_i = M[offset_i];
// Swap
M[offset_i] = (
(((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
(((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
);
}
// Working variables
var al, bl, cl, dl, el;
var ar, br, cr, dr, er;
ar = al = H[0];
br = bl = H[1];
cr = cl = H[2];
dr = dl = H[3];
er = el = H[4];
// Computation
var t;
for (var i = 0; i < 80; i += 1) {
t = (al + M[offset+zl[i]])|0;
if (i<16){
t += f1(bl,cl,dl) + hl[0];
} else if (i<32) {
t += f2(bl,cl,dl) + hl[1];
} else if (i<48) {
t += f3(bl,cl,dl) + hl[2];
} else if (i<64) {
t += f4(bl,cl,dl) + hl[3];
} else {// if (i<80) {
t += f5(bl,cl,dl) + hl[4];
}
t = t|0;
t = rotl(t,sl[i]);
t = (t+el)|0;
al = el;
el = dl;
dl = rotl(cl, 10);
cl = bl;
bl = t;
t = (ar + M[offset+zr[i]])|0;
if (i<16){
t += f5(br,cr,dr) + hr[0];
} else if (i<32) {
t += f4(br,cr,dr) + hr[1];
} else if (i<48) {
t += f3(br,cr,dr) + hr[2];
} else if (i<64) {
t += f2(br,cr,dr) + hr[3];
} else {// if (i<80) {
t += f1(br,cr,dr) + hr[4];
}
t = t|0;
t = rotl(t,sr[i]) ;
t = (t+er)|0;
ar = er;
er = dr;
dr = rotl(cr, 10);
cr = br;
br = t;
}
// Intermediate hash value
t = (H[1] + cl + dr)|0;
H[1] = (H[2] + dl + er)|0;
H[2] = (H[3] + el + ar)|0;
H[3] = (H[4] + al + br)|0;
H[4] = (H[0] + bl + cr)|0;
H[0] = t;
};
function f1(x, y, z) {
return ((x) ^ (y) ^ (z));
}
function f2(x, y, z) {
return (((x)&(y)) | ((~x)&(z)));
}
function f3(x, y, z) {
return (((x) | (~(y))) ^ (z));
}
function f4(x, y, z) {
return (((x) & (z)) | ((y)&(~(z))));
}
function f5(x, y, z) {
return ((x) ^ ((y) |(~(z))));
}
function rotl(x,n) {
return (x<<n) | (x>>>(32-n));
}
function ripemd160(message) {
var H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0];
if (typeof message == 'string')
message = new Buffer(message, 'utf8');
var m = bytesToWords(message);
var nBitsLeft = message.length * 8;
var nBitsTotal = message.length * 8;
// Add padding
m[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
m[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
(((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
(((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
);
for (var i=0 ; i<m.length; i += 16) {
processBlock(H, m, i);
}
// Swap endian
for (var i = 0; i < 5; i++) {
// Shortcut
var H_i = H[i];
// Swap
H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
(((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
}
var digestbytes = wordsToBytes(H);
return new Buffer(digestbytes);
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 94 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var createHash = __webpack_require__(83)
var zeroBuffer = new Buffer(128)
zeroBuffer.fill(0)
module.exports = Hmac
function Hmac (alg, key) {
if(!(this instanceof Hmac)) return new Hmac(alg, key)
this._opad = opad
this._alg = alg
var blocksize = (alg === 'sha512') ? 128 : 64
key = this._key = !Buffer.isBuffer(key) ? new Buffer(key) : key
if(key.length > blocksize) {
key = createHash(alg).update(key).digest()
} else if(key.length < blocksize) {
key = Buffer.concat([key, zeroBuffer], blocksize)
}
var ipad = this._ipad = new Buffer(blocksize)
var opad = this._opad = new Buffer(blocksize)
for(var i = 0; i < blocksize; i++) {
ipad[i] = key[i] ^ 0x36
opad[i] = key[i] ^ 0x5C
}
this._hash = createHash(alg).update(ipad)
}
Hmac.prototype.update = function (data, enc) {
this._hash.update(data, enc)
return this
}
Hmac.prototype.digest = function (enc) {
var h = this._hash.digest()
return createHash(this._alg).update(this._opad).update(h).digest(enc)
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 95 */
/***/ function(module, exports, __webpack_require__) {
var pbkdf2Export = __webpack_require__(96)
module.exports = function (crypto, exports) {
exports = exports || {}
var exported = pbkdf2Export(crypto)
exports.pbkdf2 = exported.pbkdf2
exports.pbkdf2Sync = exported.pbkdf2Sync
return exports
}
/***/ },
/* 96 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {module.exports = function(crypto) {
function pbkdf2(password, salt, iterations, keylen, digest, callback) {
if ('function' === typeof digest) {
callback = digest
digest = undefined
}
if ('function' !== typeof callback)
throw new Error('No callback provided to pbkdf2')
setTimeout(function() {
var result
try {
result = pbkdf2Sync(password, salt, iterations, keylen, digest)
} catch (e) {
return callback(e)
}
callback(undefined, result)
})
}
function pbkdf2Sync(password, salt, iterations, keylen, digest) {
if ('number' !== typeof iterations)
throw new TypeError('Iterations not a number')
if (iterations < 0)
throw new TypeError('Bad iterations')
if ('number' !== typeof keylen)
throw new TypeError('Key length not a number')
if (keylen < 0)
throw new TypeError('Bad key length')
digest = digest || 'sha1'
if (!Buffer.isBuffer(password)) password = new Buffer(password)
if (!Buffer.isBuffer(salt)) salt = new Buffer(salt)
var hLen, l = 1, r, T
var DK = new Buffer(keylen)
var block1 = new Buffer(salt.length + 4)
salt.copy(block1, 0, 0, salt.length)
for (var i = 1; i <= l; i++) {
block1.writeUInt32BE(i, salt.length)
var U = crypto.createHmac(digest, password).update(block1).digest()
if (!hLen) {
hLen = U.length
T = new Buffer(hLen)
l = Math.ceil(keylen / hLen)
r = keylen - (l - 1) * hLen
if (keylen > (Math.pow(2, 32) - 1) * hLen)
throw new TypeError('keylen exceeds maximum length')
}
U.copy(T, 0, 0, hLen)
for (var j = 1; j < iterations; j++) {
U = crypto.createHmac(digest, password).update(U).digest()
for (var k = 0; k < hLen; k++) {
T[k] ^= U[k]
}
}
var destPos = (i - 1) * hLen
var len = (i == l ? r : hLen)
T.copy(DK, destPos, 0, len)
}
return DK
}
return {
pbkdf2: pbkdf2,
pbkdf2Sync: pbkdf2Sync
}
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 97 */
/***/ function(module, exports) {
module.exports = {
"modp1": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff"
},
"modp2": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff"
},
"modp5": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff"
},
"modp14": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff"
},
"modp15": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a93ad2caffffffffffffffff"
},
"modp16": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c934063199ffffffffffffffff"
},
"modp17": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dcc4024ffffffffffffffff"
},
"modp18": {
"gen": "02",
"prime": "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db5bfce0fd108e4b82d120a92108011a723c12a787e6d788719a10bdba5b2699c327186af4e23c1a946834b6150bda2583e9ca2ad44ce8dbbbc2db04de8ef92e8efc141fbecaa6287c59474e6bc05d99b2964fa090c3a2233ba186515be7ed1f612970cee2d7afb81bdd762170481cd0069127d5b05aa993b4ea988d8fddc186ffb7dc90a6c08f4df435c93402849236c3fab4d27c7026c1d4dcb2602646dec9751e763dba37bdf8ff9406ad9e530ee5db382f413001aeb06a53ed9027d831179727b0865a8918da3edbebcf9b14ed44ce6cbaced4bb1bdb7f1447e6cc254b332051512bd7af426fb8f401378cd2bf5983ca01c64b92ecf032ea15d1721d03f482d7ce6e74fef6d55e702f46980c82b5a84031900b1c9e59e7c97fbec7e8f323a97a7e36cc88be0f1d45b7ff585ac54bd407b22b4154aacc8f6d7ebf48e1d814cc5ed20f8037e0a79715eef29be32806a1d58bb7c5da76f550aa3d8a1fbff0eb19ccb1a313d55cda56c9ec2ef29632387fe8d76e3c0468043e8f663f4860ee12bf2d5b0b7474d6e694f91e6dbe115974a3926f12fee5e438777cb6a932df8cd8bec4d073b931ba3bc832b68d9dd300741fa7bf8afc47ed2576f6936ba424663aab639c5ae4f5683423b4742bf1c978238f16cbe39d652de3fdb8befc848ad922222e04a4037c0713eb57a81a23f0c73473fc646cea306b4bcbc8862f8385ddfa9d4b7fa2c087e879683303ed5bdd3a062b3cf5b3a278a66d2a13f83f44f82ddf310ee074ab6a364597e899a0255dc164f31cc50846851df9ab48195ded7ea1b1d510bd7ee74d73faf36bc31ecfa268359046f4eb879f924009438b481c6cd7889a002ed5ee382bc9190da6fc026e479558e4475677e9aa9e3050e2765694dfc81f56e880b96e7160c980dd98edd3dfffffffffffffffff"
}
};
/***/ },
/* 98 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var BN = __webpack_require__(76);
var MillerRabin = __webpack_require__(78);
var millerRabin = new MillerRabin();
var TWENTYFOUR = new BN(24);
var ELEVEN = new BN(11);
var TEN = new BN(10);
var THREE = new BN(3);
var SEVEN = new BN(7);
var primes = __webpack_require__(75);
var randomBytes = __webpack_require__(12);
module.exports = DH;
function setPublicKey(pub, enc) {
enc = enc || 'utf8';
if (!Buffer.isBuffer(pub)) {
pub = new Buffer(pub, enc);
}
this._pub = new BN(pub);
return this;
}
function setPrivateKey(priv, enc) {
enc = enc || 'utf8';
if (!Buffer.isBuffer(priv)) {
priv = new Buffer(priv, enc);
}
this._priv = new BN(priv);
return this;
}
var primeCache = {};
function checkPrime(prime, generator) {
var gen = generator.toString('hex');
var hex = [gen, prime.toString(16)].join('_');
if (hex in primeCache) {
return primeCache[hex];
}
var error = 0;
if (prime.isEven() ||
!primes.simpleSieve ||
!primes.fermatTest(prime) ||
!millerRabin.test(prime)) {
//not a prime so +1
error += 1;
if (gen === '02' || gen === '05') {
// we'd be able to check the generator
// it would fail so +8
error += 8;
} else {
//we wouldn't be able to test the generator
// so +4
error += 4;
}
primeCache[hex] = error;
return error;
}
if (!millerRabin.test(prime.shrn(1))) {
//not a safe prime
error += 2;
}
var rem;
switch (gen) {
case '02':
if (prime.mod(TWENTYFOUR).cmp(ELEVEN)) {
// unsuidable generator
error += 8;
}
break;
case '05':
rem = prime.mod(TEN);
if (rem.cmp(THREE) && rem.cmp(SEVEN)) {
// prime mod 10 needs to equal 3 or 7
error += 8;
}
break;
default:
error += 4;
}
primeCache[hex] = error;
return error;
}
function DH(prime, generator, malleable) {
this.setGenerator(generator);
this.__prime = new BN(prime);
this._prime = BN.mont(this.__prime);
this._primeLen = prime.length;
this._pub = undefined;
this._priv = undefined;
this._primeCode = undefined;
if (malleable) {
this.setPublicKey = setPublicKey;
this.setPrivateKey = setPrivateKey;
} else {
this._primeCode = 8;
}
}
Object.defineProperty(DH.prototype, 'verifyError', {
enumerable: true,
get: function () {
if (typeof this._primeCode !== 'number') {
this._primeCode = checkPrime(this.__prime, this.__gen);
}
return this._primeCode;
}
});
DH.prototype.generateKeys = function () {
if (!this._priv) {
this._priv = new BN(randomBytes(this._primeLen));
}
this._pub = this._gen.toRed(this._prime).redPow(this._priv).fromRed();
return this.getPublicKey();
};
DH.prototype.computeSecret = function (other) {
other = new BN(other);
other = other.toRed(this._prime);
var secret = other.redPow(this._priv).fromRed();
var out = new Buffer(secret.toArray());
var prime = this.getPrime();
if (out.length < prime.length) {
var front = new Buffer(prime.length - out.length);
front.fill(0);
out = Buffer.concat([front, out]);
}
return out;
};
DH.prototype.getPublicKey = function getPublicKey(enc) {
return formatReturnValue(this._pub, enc);
};
DH.prototype.getPrivateKey = function getPrivateKey(enc) {
return formatReturnValue(this._priv, enc);
};
DH.prototype.getPrime = function (enc) {
return formatReturnValue(this.__prime, enc);
};
DH.prototype.getGenerator = function (enc) {
return formatReturnValue(this._gen, enc);
};
DH.prototype.setGenerator = function (gen, enc) {
enc = enc || 'utf8';
if (!Buffer.isBuffer(gen)) {
gen = new Buffer(gen, enc);
}
this.__gen = gen;
this._gen = new BN(gen);
return this;
};
function formatReturnValue(bn, enc) {
var buf = new Buffer(bn.toArray());
if (!enc) {
return buf;
} else {
return buf.toString(enc);
}
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 99 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var _algos = __webpack_require__(45)
var createHash = __webpack_require__(14)
var inherits = __webpack_require__(15)
var sign = __webpack_require__(100)
var stream = __webpack_require__(28)
var verify = __webpack_require__(146)
var algos = {}
Object.keys(_algos).forEach(function (key) {
algos[key] = algos[key.toLowerCase()] = _algos[key]
})
function Sign (algorithm) {
stream.Writable.call(this)
var data = algos[algorithm]
if (!data) {
throw new Error('Unknown message digest')
}
this._hashType = data.hash
this._hash = createHash(data.hash)
this._tag = data.id
this._signType = data.sign
}
inherits(Sign, stream.Writable)
Sign.prototype._write = function _write (data, _, done) {
this._hash.update(data)
done()
}
Sign.prototype.update = function update (data, enc) {
if (typeof data === 'string') {
data = new Buffer(data, enc)
}
this._hash.update(data)
return this
}
Sign.prototype.sign = function signMethod (key, enc) {
this.end()
var hash = this._hash.digest()
var sig = sign(Buffer.concat([this._tag, hash]), key, this._hashType, this._signType)
return enc ? sig.toString(enc) : sig
}
function Verify (algorithm) {
stream.Writable.call(this)
var data = algos[algorithm]
if (!data) {
throw new Error('Unknown message digest')
}
this._hash = createHash(data.hash)
this._tag = data.id
this._signType = data.sign
}
inherits(Verify, stream.Writable)
Verify.prototype._write = function _write (data, _, done) {
this._hash.update(data)
done()
}
Verify.prototype.update = function update (data, enc) {
if (typeof data === 'string') {
data = new Buffer(data, enc)
}
this._hash.update(data)
return this
}
Verify.prototype.verify = function verifyMethod (key, sig, enc) {
if (typeof sig === 'string') {
sig = new Buffer(sig, enc)
}
this.end()
var hash = this._hash.digest()
return verify(sig, Buffer.concat([this._tag, hash]), key, this._signType)
}
function createSign (algorithm) {
return new Sign(algorithm)
}
function createVerify (algorithm) {
return new Verify(algorithm)
}
module.exports = {
Sign: createSign,
Verify: createVerify,
createSign: createSign,
createVerify: createVerify
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 100 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {// much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
var createHmac = __webpack_require__(44)
var crt = __webpack_require__(101)
var curves = __webpack_require__(102)
var elliptic = __webpack_require__(103)
var parseKeys = __webpack_require__(126)
var BN = __webpack_require__(76)
var EC = elliptic.ec
function sign (hash, key, hashType, signType) {
var priv = parseKeys(key)
if (priv.curve) {
if (signType !== 'ecdsa') throw new Error('wrong private key type')
return ecSign(hash, priv)
} else if (priv.type === 'dsa') {
if (signType !== 'dsa') {
throw new Error('wrong private key type')
}
return dsaSign(hash, priv, hashType)
} else {
if (signType !== 'rsa') throw new Error('wrong private key type')
}
var len = priv.modulus.byteLength()
var pad = [ 0, 1 ]
while (hash.length + pad.length + 1 < len) {
pad.push(0xff)
}
pad.push(0x00)
var i = -1
while (++i < hash.length) {
pad.push(hash[i])
}
var out = crt(pad, priv)
return out
}
function ecSign (hash, priv) {
var curveId = curves[priv.curve.join('.')]
if (!curveId) throw new Error('unknown curve ' + priv.curve.join('.'))
var curve = new EC(curveId)
var key = curve.genKeyPair()
key._importPrivate(priv.privateKey)
var out = key.sign(hash)
return new Buffer(out.toDER())
}
function dsaSign (hash, priv, algo) {
var x = priv.params.priv_key
var p = priv.params.p
var q = priv.params.q
var g = priv.params.g
var r = new BN(0)
var k
var H = bits2int(hash, q).mod(q)
var s = false
var kv = getKey(x, q, hash, algo)
while (s === false) {
k = makeKey(q, kv, algo)
r = makeR(g, k, p, q)
s = k.invm(q).imul(H.add(x.mul(r))).mod(q)
if (!s.cmpn(0)) {
s = false
r = new BN(0)
}
}
return toDER(r, s)
}
function toDER (r, s) {
r = r.toArray()
s = s.toArray()
// Pad values
if (r[0] & 0x80) {
r = [ 0 ].concat(r)
}
// Pad values
if (s[0] & 0x80) {
s = [0].concat(s)
}
var total = r.length + s.length + 4
var res = [ 0x30, total, 0x02, r.length ]
res = res.concat(r, [ 0x02, s.length ], s)
return new Buffer(res)
}
function getKey (x, q, hash, algo) {
x = new Buffer(x.toArray())
if (x.length < q.byteLength()) {
var zeros = new Buffer(q.byteLength() - x.length)
zeros.fill(0)
x = Buffer.concat([zeros, x])
}
var hlen = hash.length
var hbits = bits2octets(hash, q)
var v = new Buffer(hlen)
v.fill(1)
var k = new Buffer(hlen)
k.fill(0)
k = createHmac(algo, k)
.update(v)
.update(new Buffer([0]))
.update(x)
.update(hbits)
.digest()
v = createHmac(algo, k)
.update(v)
.digest()
k = createHmac(algo, k)
.update(v)
.update(new Buffer([1]))
.update(x)
.update(hbits)
.digest()
v = createHmac(algo, k)
.update(v)
.digest()
return {
k: k,
v: v
}
}
function bits2int (obits, q) {
var bits = new BN(obits)
var shift = (obits.length << 3) - q.bitLength()
if (shift > 0) {
bits.ishrn(shift)
}
return bits
}
function bits2octets (bits, q) {
bits = bits2int(bits, q)
bits = bits.mod(q)
var out = new Buffer(bits.toArray())
if (out.length < q.byteLength()) {
var zeros = new Buffer(q.byteLength() - out.length)
zeros.fill(0)
out = Buffer.concat([zeros, out])
}
return out
}
function makeKey (q, kv, algo) {
var t, k
do {
t = new Buffer('')
while (t.length * 8 < q.bitLength()) {
kv.v = createHmac(algo, kv.k)
.update(kv.v)
.digest()
t = Buffer.concat([t, kv.v])
}
k = bits2int(t, q)
kv.k = createHmac(algo, kv.k)
.update(kv.v)
.update(new Buffer([0]))
.digest()
kv.v = createHmac(algo, kv.k)
.update(kv.v)
.digest()
} while (k.cmp(q) !== -1)
return k
}
function makeR (g, k, p, q) {
return g.toRed(BN.mont(p)).redPow(k).fromRed().mod(q)
}
module.exports = sign
module.exports.getKey = getKey
module.exports.makeKey = makeKey
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 101 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var bn = __webpack_require__(76);
var randomBytes = __webpack_require__(12);
module.exports = crt;
function blind(priv) {
var r = getr(priv);
var blinder = r.toRed(bn.mont(priv.modulus))
.redPow(new bn(priv.publicExponent)).fromRed();
return {
blinder: blinder,
unblinder:r.invm(priv.modulus)
};
}
function crt(msg, priv) {
var blinds = blind(priv);
var len = priv.modulus.byteLength();
var mod = bn.mont(priv.modulus);
var blinded = new bn(msg).mul(blinds.blinder).umod(priv.modulus);
var c1 = blinded.toRed(bn.mont(priv.prime1));
var c2 = blinded.toRed(bn.mont(priv.prime2));
var qinv = priv.coefficient;
var p = priv.prime1;
var q = priv.prime2;
var m1 = c1.redPow(priv.exponent1);
var m2 = c2.redPow(priv.exponent2);
m1 = m1.fromRed();
m2 = m2.fromRed();
var h = m1.isub(m2).imul(qinv).umod(p);
h.imul(q);
m2.iadd(h);
return new Buffer(m2.imul(blinds.unblinder).umod(priv.modulus).toArray(false, len));
}
crt.getr = getr;
function getr(priv) {
var len = priv.modulus.byteLength();
var r = new bn(randomBytes(len));
while (r.cmp(priv.modulus) >= 0 || !r.umod(priv.prime1) || !r.umod(priv.prime2)) {
r = new bn(randomBytes(len));
}
return r;
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 102 */
/***/ function(module, exports) {
'use strict'
exports['1.3.132.0.10'] = 'secp256k1'
exports['1.3.132.0.33'] = 'p224'
exports['1.2.840.10045.3.1.1'] = 'p192'
exports['1.2.840.10045.3.1.7'] = 'p256'
exports['1.3.132.0.34'] = 'p384'
exports['1.3.132.0.35'] = 'p521'
/***/ },
/* 103 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var elliptic = exports;
elliptic.version = __webpack_require__(104).version;
elliptic.utils = __webpack_require__(105);
elliptic.rand = __webpack_require__(79);
elliptic.hmacDRBG = __webpack_require__(106);
elliptic.curve = __webpack_require__(113);
elliptic.curves = __webpack_require__(118);
// Protocols
elliptic.ec = __webpack_require__(120);
elliptic.eddsa = __webpack_require__(123);
/***/ },
/* 104 */
/***/ function(module, exports) {
module.exports = {
"_args": [
[
"elliptic@^6.0.0",
"/home/n4th4n/github/js-peer-id/node_modules/browserify-sign"
]
],
"_from": "elliptic@>=6.0.0 <7.0.0",
"_id": "elliptic@6.2.3",
"_inCache": true,
"_installable": true,
"_location": "/elliptic",
"_nodeVersion": "5.4.1",
"_npmUser": {
"email": "fedor@indutny.com",
"name": "indutny"
},
"_npmVersion": "3.3.12",
"_phantomChildren": {},
"_requested": {
"name": "elliptic",
"raw": "elliptic@^6.0.0",
"rawSpec": "^6.0.0",
"scope": null,
"spec": ">=6.0.0 <7.0.0",
"type": "range"
},
"_requiredBy": [
"/browserify-sign",
"/create-ecdh"
],
"_resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.2.3.tgz",
"_shasum": "18e46d7306b0951275a2d42063270a14b74ebe99",
"_shrinkwrap": null,
"_spec": "elliptic@^6.0.0",
"_where": "/home/n4th4n/github/js-peer-id/node_modules/browserify-sign",
"author": {
"email": "fedor@indutny.com",
"name": "Fedor Indutny"
},
"bugs": {
"url": "https://github.com/indutny/elliptic/issues"
},
"dependencies": {
"bn.js": "^4.0.0",
"brorand": "^1.0.1",
"hash.js": "^1.0.0",
"inherits": "^2.0.1"
},
"description": "EC cryptography",
"devDependencies": {
"coveralls": "^2.11.3",
"istanbul": "^0.4.2",
"jscs": "^2.9.0",
"jshint": "^2.6.0",
"mocha": "^2.1.0"
},
"directories": {},
"dist": {
"shasum": "18e46d7306b0951275a2d42063270a14b74ebe99",
"tarball": "http://registry.npmjs.org/elliptic/-/elliptic-6.2.3.tgz"
},
"files": [
"lib"
],
"gitHead": "c32f20b22b420eb6af3c6dda28963deb7facf823",
"homepage": "https://github.com/indutny/elliptic",
"keywords": [
"Cryptography",
"EC",
"Elliptic",
"curve"
],
"license": "MIT",
"main": "lib/elliptic.js",
"maintainers": [
{
"name": "indutny",
"email": "fedor@indutny.com"
}
],
"name": "elliptic",
"optionalDependencies": {},
"readme": "ERROR: No README data found!",
"repository": {
"type": "git",
"url": "git+ssh://git@github.com/indutny/elliptic.git"
},
"scripts": {
"coverage": "npm run unit --coverage",
"coveralls": "npm run coverage && cat ./coverage/lcov.info | coveralls",
"jscs": "jscs benchmarks/*.js lib/*.js lib/**/*.js lib/**/**/*.js test/*.js",
"jshint": "jscs benchmarks/*.js lib/*.js lib/**/*.js lib/**/**/*.js test/*.js",
"lint": "npm run jscs && npm run jshint",
"test": "npm run lint && npm run unit",
"unit": "istanbul test _mocha --reporter=spec test/*-test.js"
},
"version": "6.2.3"
};
/***/ },
/* 105 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var utils = exports;
var BN = __webpack_require__(76);
utils.assert = function assert(val, msg) {
if (!val)
throw new Error(msg || 'Assertion failed');
};
function toArray(msg, enc) {
if (Array.isArray(msg))
return msg.slice();
if (!msg)
return [];
var res = [];
if (typeof msg !== 'string') {
for (var i = 0; i < msg.length; i++)
res[i] = msg[i] | 0;
return res;
}
if (!enc) {
for (var i = 0; i < msg.length; i++) {
var c = msg.charCodeAt(i);
var hi = c >> 8;
var lo = c & 0xff;
if (hi)
res.push(hi, lo);
else
res.push(lo);
}
} else if (enc === 'hex') {
msg = msg.replace(/[^a-z0-9]+/ig, '');
if (msg.length % 2 !== 0)
msg = '0' + msg;
for (var i = 0; i < msg.length; i += 2)
res.push(parseInt(msg[i] + msg[i + 1], 16));
}
return res;
}
utils.toArray = toArray;
function zero2(word) {
if (word.length === 1)
return '0' + word;
else
return word;
}
utils.zero2 = zero2;
function toHex(msg) {
var res = '';
for (var i = 0; i < msg.length; i++)
res += zero2(msg[i].toString(16));
return res;
}
utils.toHex = toHex;
utils.encode = function encode(arr, enc) {
if (enc === 'hex')
return toHex(arr);
else
return arr;
};
// Represent num in a w-NAF form
function getNAF(num, w) {
var naf = [];
var ws = 1 << (w + 1);
var k = num.clone();
while (k.cmpn(1) >= 0) {
var z;
if (k.isOdd()) {
var mod = k.andln(ws - 1);
if (mod > (ws >> 1) - 1)
z = (ws >> 1) - mod;
else
z = mod;
k.isubn(z);
} else {
z = 0;
}
naf.push(z);
// Optimization, shift by word if possible
var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1;
for (var i = 1; i < shift; i++)
naf.push(0);
k.iushrn(shift);
}
return naf;
}
utils.getNAF = getNAF;
// Represent k1, k2 in a Joint Sparse Form
function getJSF(k1, k2) {
var jsf = [
[],
[]
];
k1 = k1.clone();
k2 = k2.clone();
var d1 = 0;
var d2 = 0;
while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) {
// First phase
var m14 = (k1.andln(3) + d1) & 3;
var m24 = (k2.andln(3) + d2) & 3;
if (m14 === 3)
m14 = -1;
if (m24 === 3)
m24 = -1;
var u1;
if ((m14 & 1) === 0) {
u1 = 0;
} else {
var m8 = (k1.andln(7) + d1) & 7;
if ((m8 === 3 || m8 === 5) && m24 === 2)
u1 = -m14;
else
u1 = m14;
}
jsf[0].push(u1);
var u2;
if ((m24 & 1) === 0) {
u2 = 0;
} else {
var m8 = (k2.andln(7) + d2) & 7;
if ((m8 === 3 || m8 === 5) && m14 === 2)
u2 = -m24;
else
u2 = m24;
}
jsf[1].push(u2);
// Second phase
if (2 * d1 === u1 + 1)
d1 = 1 - d1;
if (2 * d2 === u2 + 1)
d2 = 1 - d2;
k1.iushrn(1);
k2.iushrn(1);
}
return jsf;
}
utils.getJSF = getJSF;
function cachedProperty(obj, computer) {
var name = computer.name;
var key = '_' + name;
obj.prototype[name] = function cachedProperty() {
return this[key] !== undefined ? this[key] :
this[key] = computer.call(this);
};
}
utils.cachedProperty = cachedProperty;
function parseBytes(bytes) {
return typeof bytes === 'string' ? utils.toArray(bytes, 'hex') :
bytes;
}
utils.parseBytes = parseBytes;
function intFromLE(bytes) {
return new BN(bytes, 'hex', 'le');
}
utils.intFromLE = intFromLE;
/***/ },
/* 106 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var hash = __webpack_require__(107);
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var assert = utils.assert;
function HmacDRBG(options) {
if (!(this instanceof HmacDRBG))
return new HmacDRBG(options);
this.hash = options.hash;
this.predResist = !!options.predResist;
this.outLen = this.hash.outSize;
this.minEntropy = options.minEntropy || this.hash.hmacStrength;
this.reseed = null;
this.reseedInterval = null;
this.K = null;
this.V = null;
var entropy = utils.toArray(options.entropy, options.entropyEnc);
var nonce = utils.toArray(options.nonce, options.nonceEnc);
var pers = utils.toArray(options.pers, options.persEnc);
assert(entropy.length >= (this.minEntropy / 8),
'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');
this._init(entropy, nonce, pers);
}
module.exports = HmacDRBG;
HmacDRBG.prototype._init = function init(entropy, nonce, pers) {
var seed = entropy.concat(nonce).concat(pers);
this.K = new Array(this.outLen / 8);
this.V = new Array(this.outLen / 8);
for (var i = 0; i < this.V.length; i++) {
this.K[i] = 0x00;
this.V[i] = 0x01;
}
this._update(seed);
this.reseed = 1;
this.reseedInterval = 0x1000000000000; // 2^48
};
HmacDRBG.prototype._hmac = function hmac() {
return new hash.hmac(this.hash, this.K);
};
HmacDRBG.prototype._update = function update(seed) {
var kmac = this._hmac()
.update(this.V)
.update([ 0x00 ]);
if (seed)
kmac = kmac.update(seed);
this.K = kmac.digest();
this.V = this._hmac().update(this.V).digest();
if (!seed)
return;
this.K = this._hmac()
.update(this.V)
.update([ 0x01 ])
.update(seed)
.digest();
this.V = this._hmac().update(this.V).digest();
};
HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) {
// Optional entropy enc
if (typeof entropyEnc !== 'string') {
addEnc = add;
add = entropyEnc;
entropyEnc = null;
}
entropy = utils.toBuffer(entropy, entropyEnc);
add = utils.toBuffer(add, addEnc);
assert(entropy.length >= (this.minEntropy / 8),
'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits');
this._update(entropy.concat(add || []));
this.reseed = 1;
};
HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) {
if (this.reseed > this.reseedInterval)
throw new Error('Reseed is required');
// Optional encoding
if (typeof enc !== 'string') {
addEnc = add;
add = enc;
enc = null;
}
// Optional additional data
if (add) {
add = utils.toArray(add, addEnc);
this._update(add);
}
var temp = [];
while (temp.length < len) {
this.V = this._hmac().update(this.V).digest();
temp = temp.concat(this.V);
}
var res = temp.slice(0, len);
this._update(add);
this.reseed++;
return utils.encode(res, enc);
};
/***/ },
/* 107 */
/***/ function(module, exports, __webpack_require__) {
var hash = exports;
hash.utils = __webpack_require__(108);
hash.common = __webpack_require__(109);
hash.sha = __webpack_require__(110);
hash.ripemd = __webpack_require__(111);
hash.hmac = __webpack_require__(112);
// Proxy hash functions to the main object
hash.sha1 = hash.sha.sha1;
hash.sha256 = hash.sha.sha256;
hash.sha224 = hash.sha.sha224;
hash.sha384 = hash.sha.sha384;
hash.sha512 = hash.sha.sha512;
hash.ripemd160 = hash.ripemd.ripemd160;
/***/ },
/* 108 */
/***/ function(module, exports, __webpack_require__) {
var utils = exports;
var inherits = __webpack_require__(15);
function toArray(msg, enc) {
if (Array.isArray(msg))
return msg.slice();
if (!msg)
return [];
var res = [];
if (typeof msg === 'string') {
if (!enc) {
for (var i = 0; i < msg.length; i++) {
var c = msg.charCodeAt(i);
var hi = c >> 8;
var lo = c & 0xff;
if (hi)
res.push(hi, lo);
else
res.push(lo);
}
} else if (enc === 'hex') {
msg = msg.replace(/[^a-z0-9]+/ig, '');
if (msg.length % 2 !== 0)
msg = '0' + msg;
for (var i = 0; i < msg.length; i += 2)
res.push(parseInt(msg[i] + msg[i + 1], 16));
}
} else {
for (var i = 0; i < msg.length; i++)
res[i] = msg[i] | 0;
}
return res;
}
utils.toArray = toArray;
function toHex(msg) {
var res = '';
for (var i = 0; i < msg.length; i++)
res += zero2(msg[i].toString(16));
return res;
}
utils.toHex = toHex;
function htonl(w) {
var res = (w >>> 24) |
((w >>> 8) & 0xff00) |
((w << 8) & 0xff0000) |
((w & 0xff) << 24);
return res >>> 0;
}
utils.htonl = htonl;
function toHex32(msg, endian) {
var res = '';
for (var i = 0; i < msg.length; i++) {
var w = msg[i];
if (endian === 'little')
w = htonl(w);
res += zero8(w.toString(16));
}
return res;
}
utils.toHex32 = toHex32;
function zero2(word) {
if (word.length === 1)
return '0' + word;
else
return word;
}
utils.zero2 = zero2;
function zero8(word) {
if (word.length === 7)
return '0' + word;
else if (word.length === 6)
return '00' + word;
else if (word.length === 5)
return '000' + word;
else if (word.length === 4)
return '0000' + word;
else if (word.length === 3)
return '00000' + word;
else if (word.length === 2)
return '000000' + word;
else if (word.length === 1)
return '0000000' + word;
else
return word;
}
utils.zero8 = zero8;
function join32(msg, start, end, endian) {
var len = end - start;
assert(len % 4 === 0);
var res = new Array(len / 4);
for (var i = 0, k = start; i < res.length; i++, k += 4) {
var w;
if (endian === 'big')
w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3];
else
w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k];
res[i] = w >>> 0;
}
return res;
}
utils.join32 = join32;
function split32(msg, endian) {
var res = new Array(msg.length * 4);
for (var i = 0, k = 0; i < msg.length; i++, k += 4) {
var m = msg[i];
if (endian === 'big') {
res[k] = m >>> 24;
res[k + 1] = (m >>> 16) & 0xff;
res[k + 2] = (m >>> 8) & 0xff;
res[k + 3] = m & 0xff;
} else {
res[k + 3] = m >>> 24;
res[k + 2] = (m >>> 16) & 0xff;
res[k + 1] = (m >>> 8) & 0xff;
res[k] = m & 0xff;
}
}
return res;
}
utils.split32 = split32;
function rotr32(w, b) {
return (w >>> b) | (w << (32 - b));
}
utils.rotr32 = rotr32;
function rotl32(w, b) {
return (w << b) | (w >>> (32 - b));
}
utils.rotl32 = rotl32;
function sum32(a, b) {
return (a + b) >>> 0;
}
utils.sum32 = sum32;
function sum32_3(a, b, c) {
return (a + b + c) >>> 0;
}
utils.sum32_3 = sum32_3;
function sum32_4(a, b, c, d) {
return (a + b + c + d) >>> 0;
}
utils.sum32_4 = sum32_4;
function sum32_5(a, b, c, d, e) {
return (a + b + c + d + e) >>> 0;
}
utils.sum32_5 = sum32_5;
function assert(cond, msg) {
if (!cond)
throw new Error(msg || 'Assertion failed');
}
utils.assert = assert;
utils.inherits = inherits;
function sum64(buf, pos, ah, al) {
var bh = buf[pos];
var bl = buf[pos + 1];
var lo = (al + bl) >>> 0;
var hi = (lo < al ? 1 : 0) + ah + bh;
buf[pos] = hi >>> 0;
buf[pos + 1] = lo;
}
exports.sum64 = sum64;
function sum64_hi(ah, al, bh, bl) {
var lo = (al + bl) >>> 0;
var hi = (lo < al ? 1 : 0) + ah + bh;
return hi >>> 0;
};
exports.sum64_hi = sum64_hi;
function sum64_lo(ah, al, bh, bl) {
var lo = al + bl;
return lo >>> 0;
};
exports.sum64_lo = sum64_lo;
function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) {
var carry = 0;
var lo = al;
lo = (lo + bl) >>> 0;
carry += lo < al ? 1 : 0;
lo = (lo + cl) >>> 0;
carry += lo < cl ? 1 : 0;
lo = (lo + dl) >>> 0;
carry += lo < dl ? 1 : 0;
var hi = ah + bh + ch + dh + carry;
return hi >>> 0;
};
exports.sum64_4_hi = sum64_4_hi;
function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) {
var lo = al + bl + cl + dl;
return lo >>> 0;
};
exports.sum64_4_lo = sum64_4_lo;
function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {
var carry = 0;
var lo = al;
lo = (lo + bl) >>> 0;
carry += lo < al ? 1 : 0;
lo = (lo + cl) >>> 0;
carry += lo < cl ? 1 : 0;
lo = (lo + dl) >>> 0;
carry += lo < dl ? 1 : 0;
lo = (lo + el) >>> 0;
carry += lo < el ? 1 : 0;
var hi = ah + bh + ch + dh + eh + carry;
return hi >>> 0;
};
exports.sum64_5_hi = sum64_5_hi;
function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) {
var lo = al + bl + cl + dl + el;
return lo >>> 0;
};
exports.sum64_5_lo = sum64_5_lo;
function rotr64_hi(ah, al, num) {
var r = (al << (32 - num)) | (ah >>> num);
return r >>> 0;
};
exports.rotr64_hi = rotr64_hi;
function rotr64_lo(ah, al, num) {
var r = (ah << (32 - num)) | (al >>> num);
return r >>> 0;
};
exports.rotr64_lo = rotr64_lo;
function shr64_hi(ah, al, num) {
return ah >>> num;
};
exports.shr64_hi = shr64_hi;
function shr64_lo(ah, al, num) {
var r = (ah << (32 - num)) | (al >>> num);
return r >>> 0;
};
exports.shr64_lo = shr64_lo;
/***/ },
/* 109 */
/***/ function(module, exports, __webpack_require__) {
var hash = __webpack_require__(107);
var utils = hash.utils;
var assert = utils.assert;
function BlockHash() {
this.pending = null;
this.pendingTotal = 0;
this.blockSize = this.constructor.blockSize;
this.outSize = this.constructor.outSize;
this.hmacStrength = this.constructor.hmacStrength;
this.padLength = this.constructor.padLength / 8;
this.endian = 'big';
this._delta8 = this.blockSize / 8;
this._delta32 = this.blockSize / 32;
}
exports.BlockHash = BlockHash;
BlockHash.prototype.update = function update(msg, enc) {
// Convert message to array, pad it, and join into 32bit blocks
msg = utils.toArray(msg, enc);
if (!this.pending)
this.pending = msg;
else
this.pending = this.pending.concat(msg);
this.pendingTotal += msg.length;
// Enough data, try updating
if (this.pending.length >= this._delta8) {
msg = this.pending;
// Process pending data in blocks
var r = msg.length % this._delta8;
this.pending = msg.slice(msg.length - r, msg.length);
if (this.pending.length === 0)
this.pending = null;
msg = utils.join32(msg, 0, msg.length - r, this.endian);
for (var i = 0; i < msg.length; i += this._delta32)
this._update(msg, i, i + this._delta32);
}
return this;
};
BlockHash.prototype.digest = function digest(enc) {
this.update(this._pad());
assert(this.pending === null);
return this._digest(enc);
};
BlockHash.prototype._pad = function pad() {
var len = this.pendingTotal;
var bytes = this._delta8;
var k = bytes - ((len + this.padLength) % bytes);
var res = new Array(k + this.padLength);
res[0] = 0x80;
for (var i = 1; i < k; i++)
res[i] = 0;
// Append length
len <<= 3;
if (this.endian === 'big') {
for (var t = 8; t < this.padLength; t++)
res[i++] = 0;
res[i++] = 0;
res[i++] = 0;
res[i++] = 0;
res[i++] = 0;
res[i++] = (len >>> 24) & 0xff;
res[i++] = (len >>> 16) & 0xff;
res[i++] = (len >>> 8) & 0xff;
res[i++] = len & 0xff;
} else {
res[i++] = len & 0xff;
res[i++] = (len >>> 8) & 0xff;
res[i++] = (len >>> 16) & 0xff;
res[i++] = (len >>> 24) & 0xff;
res[i++] = 0;
res[i++] = 0;
res[i++] = 0;
res[i++] = 0;
for (var t = 8; t < this.padLength; t++)
res[i++] = 0;
}
return res;
};
/***/ },
/* 110 */
/***/ function(module, exports, __webpack_require__) {
var hash = __webpack_require__(107);
var utils = hash.utils;
var assert = utils.assert;
var rotr32 = utils.rotr32;
var rotl32 = utils.rotl32;
var sum32 = utils.sum32;
var sum32_4 = utils.sum32_4;
var sum32_5 = utils.sum32_5;
var rotr64_hi = utils.rotr64_hi;
var rotr64_lo = utils.rotr64_lo;
var shr64_hi = utils.shr64_hi;
var shr64_lo = utils.shr64_lo;
var sum64 = utils.sum64;
var sum64_hi = utils.sum64_hi;
var sum64_lo = utils.sum64_lo;
var sum64_4_hi = utils.sum64_4_hi;
var sum64_4_lo = utils.sum64_4_lo;
var sum64_5_hi = utils.sum64_5_hi;
var sum64_5_lo = utils.sum64_5_lo;
var BlockHash = hash.common.BlockHash;
var sha256_K = [
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
];
var sha512_K = [
0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd,
0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc,
0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019,
0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118,
0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe,
0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2,
0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1,
0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694,
0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3,
0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65,
0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483,
0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5,
0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210,
0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4,
0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725,
0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70,
0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926,
0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df,
0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8,
0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b,
0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001,
0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30,
0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910,
0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8,
0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53,
0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8,
0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb,
0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3,
0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60,
0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec,
0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9,
0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b,
0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207,
0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178,
0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6,
0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b,
0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493,
0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c,
0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a,
0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817
];
var sha1_K = [
0x5A827999, 0x6ED9EBA1,
0x8F1BBCDC, 0xCA62C1D6
];
function SHA256() {
if (!(this instanceof SHA256))
return new SHA256();
BlockHash.call(this);
this.h = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ];
this.k = sha256_K;
this.W = new Array(64);
}
utils.inherits(SHA256, BlockHash);
exports.sha256 = SHA256;
SHA256.blockSize = 512;
SHA256.outSize = 256;
SHA256.hmacStrength = 192;
SHA256.padLength = 64;
SHA256.prototype._update = function _update(msg, start) {
var W = this.W;
for (var i = 0; i < 16; i++)
W[i] = msg[start + i];
for (; i < W.length; i++)
W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]);
var a = this.h[0];
var b = this.h[1];
var c = this.h[2];
var d = this.h[3];
var e = this.h[4];
var f = this.h[5];
var g = this.h[6];
var h = this.h[7];
assert(this.k.length === W.length);
for (var i = 0; i < W.length; i++) {
var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]);
var T2 = sum32(s0_256(a), maj32(a, b, c));
h = g;
g = f;
f = e;
e = sum32(d, T1);
d = c;
c = b;
b = a;
a = sum32(T1, T2);
}
this.h[0] = sum32(this.h[0], a);
this.h[1] = sum32(this.h[1], b);
this.h[2] = sum32(this.h[2], c);
this.h[3] = sum32(this.h[3], d);
this.h[4] = sum32(this.h[4], e);
this.h[5] = sum32(this.h[5], f);
this.h[6] = sum32(this.h[6], g);
this.h[7] = sum32(this.h[7], h);
};
SHA256.prototype._digest = function digest(enc) {
if (enc === 'hex')
return utils.toHex32(this.h, 'big');
else
return utils.split32(this.h, 'big');
};
function SHA224() {
if (!(this instanceof SHA224))
return new SHA224();
SHA256.call(this);
this.h = [ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ];
}
utils.inherits(SHA224, SHA256);
exports.sha224 = SHA224;
SHA224.blockSize = 512;
SHA224.outSize = 224;
SHA224.hmacStrength = 192;
SHA224.padLength = 64;
SHA224.prototype._digest = function digest(enc) {
// Just truncate output
if (enc === 'hex')
return utils.toHex32(this.h.slice(0, 7), 'big');
else
return utils.split32(this.h.slice(0, 7), 'big');
};
function SHA512() {
if (!(this instanceof SHA512))
return new SHA512();
BlockHash.call(this);
this.h = [ 0x6a09e667, 0xf3bcc908,
0xbb67ae85, 0x84caa73b,
0x3c6ef372, 0xfe94f82b,
0xa54ff53a, 0x5f1d36f1,
0x510e527f, 0xade682d1,
0x9b05688c, 0x2b3e6c1f,
0x1f83d9ab, 0xfb41bd6b,
0x5be0cd19, 0x137e2179 ];
this.k = sha512_K;
this.W = new Array(160);
}
utils.inherits(SHA512, BlockHash);
exports.sha512 = SHA512;
SHA512.blockSize = 1024;
SHA512.outSize = 512;
SHA512.hmacStrength = 192;
SHA512.padLength = 128;
SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) {
var W = this.W;
// 32 x 32bit words
for (var i = 0; i < 32; i++)
W[i] = msg[start + i];
for (; i < W.length; i += 2) {
var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2
var c0_lo = g1_512_lo(W[i - 4], W[i - 3]);
var c1_hi = W[i - 14]; // i - 7
var c1_lo = W[i - 13];
var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15
var c2_lo = g0_512_lo(W[i - 30], W[i - 29]);
var c3_hi = W[i - 32]; // i - 16
var c3_lo = W[i - 31];
W[i] = sum64_4_hi(c0_hi, c0_lo,
c1_hi, c1_lo,
c2_hi, c2_lo,
c3_hi, c3_lo);
W[i + 1] = sum64_4_lo(c0_hi, c0_lo,
c1_hi, c1_lo,
c2_hi, c2_lo,
c3_hi, c3_lo);
}
};
SHA512.prototype._update = function _update(msg, start) {
this._prepareBlock(msg, start);
var W = this.W;
var ah = this.h[0];
var al = this.h[1];
var bh = this.h[2];
var bl = this.h[3];
var ch = this.h[4];
var cl = this.h[5];
var dh = this.h[6];
var dl = this.h[7];
var eh = this.h[8];
var el = this.h[9];
var fh = this.h[10];
var fl = this.h[11];
var gh = this.h[12];
var gl = this.h[13];
var hh = this.h[14];
var hl = this.h[15];
assert(this.k.length === W.length);
for (var i = 0; i < W.length; i += 2) {
var c0_hi = hh;
var c0_lo = hl;
var c1_hi = s1_512_hi(eh, el);
var c1_lo = s1_512_lo(eh, el);
var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl);
var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl);
var c3_hi = this.k[i];
var c3_lo = this.k[i + 1];
var c4_hi = W[i];
var c4_lo = W[i + 1];
var T1_hi = sum64_5_hi(c0_hi, c0_lo,
c1_hi, c1_lo,
c2_hi, c2_lo,
c3_hi, c3_lo,
c4_hi, c4_lo);
var T1_lo = sum64_5_lo(c0_hi, c0_lo,
c1_hi, c1_lo,
c2_hi, c2_lo,
c3_hi, c3_lo,
c4_hi, c4_lo);
var c0_hi = s0_512_hi(ah, al);
var c0_lo = s0_512_lo(ah, al);
var c1_hi = maj64_hi(ah, al, bh, bl, ch, cl);
var c1_lo = maj64_lo(ah, al, bh, bl, ch, cl);
var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo);
var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo);
hh = gh;
hl = gl;
gh = fh;
gl = fl;
fh = eh;
fl = el;
eh = sum64_hi(dh, dl, T1_hi, T1_lo);
el = sum64_lo(dl, dl, T1_hi, T1_lo);
dh = ch;
dl = cl;
ch = bh;
cl = bl;
bh = ah;
bl = al;
ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo);
al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo);
}
sum64(this.h, 0, ah, al);
sum64(this.h, 2, bh, bl);
sum64(this.h, 4, ch, cl);
sum64(this.h, 6, dh, dl);
sum64(this.h, 8, eh, el);
sum64(this.h, 10, fh, fl);
sum64(this.h, 12, gh, gl);
sum64(this.h, 14, hh, hl);
};
SHA512.prototype._digest = function digest(enc) {
if (enc === 'hex')
return utils.toHex32(this.h, 'big');
else
return utils.split32(this.h, 'big');
};
function SHA384() {
if (!(this instanceof SHA384))
return new SHA384();
SHA512.call(this);
this.h = [ 0xcbbb9d5d, 0xc1059ed8,
0x629a292a, 0x367cd507,
0x9159015a, 0x3070dd17,
0x152fecd8, 0xf70e5939,
0x67332667, 0xffc00b31,
0x8eb44a87, 0x68581511,
0xdb0c2e0d, 0x64f98fa7,
0x47b5481d, 0xbefa4fa4 ];
}
utils.inherits(SHA384, SHA512);
exports.sha384 = SHA384;
SHA384.blockSize = 1024;
SHA384.outSize = 384;
SHA384.hmacStrength = 192;
SHA384.padLength = 128;
SHA384.prototype._digest = function digest(enc) {
if (enc === 'hex')
return utils.toHex32(this.h.slice(0, 12), 'big');
else
return utils.split32(this.h.slice(0, 12), 'big');
};
function SHA1() {
if (!(this instanceof SHA1))
return new SHA1();
BlockHash.call(this);
this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe,
0x10325476, 0xc3d2e1f0 ];
this.W = new Array(80);
}
utils.inherits(SHA1, BlockHash);
exports.sha1 = SHA1;
SHA1.blockSize = 512;
SHA1.outSize = 160;
SHA1.hmacStrength = 80;
SHA1.padLength = 64;
SHA1.prototype._update = function _update(msg, start) {
var W = this.W;
for (var i = 0; i < 16; i++)
W[i] = msg[start + i];
for(; i < W.length; i++)
W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1);
var a = this.h[0];
var b = this.h[1];
var c = this.h[2];
var d = this.h[3];
var e = this.h[4];
for (var i = 0; i < W.length; i++) {
var s = ~~(i / 20);
var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]);
e = d;
d = c;
c = rotl32(b, 30);
b = a;
a = t;
}
this.h[0] = sum32(this.h[0], a);
this.h[1] = sum32(this.h[1], b);
this.h[2] = sum32(this.h[2], c);
this.h[3] = sum32(this.h[3], d);
this.h[4] = sum32(this.h[4], e);
};
SHA1.prototype._digest = function digest(enc) {
if (enc === 'hex')
return utils.toHex32(this.h, 'big');
else
return utils.split32(this.h, 'big');
};
function ch32(x, y, z) {
return (x & y) ^ ((~x) & z);
}
function maj32(x, y, z) {
return (x & y) ^ (x & z) ^ (y & z);
}
function p32(x, y, z) {
return x ^ y ^ z;
}
function s0_256(x) {
return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22);
}
function s1_256(x) {
return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25);
}
function g0_256(x) {
return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3);
}
function g1_256(x) {
return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10);
}
function ft_1(s, x, y, z) {
if (s === 0)
return ch32(x, y, z);
if (s === 1 || s === 3)
return p32(x, y, z);
if (s === 2)
return maj32(x, y, z);
}
function ch64_hi(xh, xl, yh, yl, zh, zl) {
var r = (xh & yh) ^ ((~xh) & zh);
if (r < 0)
r += 0x100000000;
return r;
}
function ch64_lo(xh, xl, yh, yl, zh, zl) {
var r = (xl & yl) ^ ((~xl) & zl);
if (r < 0)
r += 0x100000000;
return r;
}
function maj64_hi(xh, xl, yh, yl, zh, zl) {
var r = (xh & yh) ^ (xh & zh) ^ (yh & zh);
if (r < 0)
r += 0x100000000;
return r;
}
function maj64_lo(xh, xl, yh, yl, zh, zl) {
var r = (xl & yl) ^ (xl & zl) ^ (yl & zl);
if (r < 0)
r += 0x100000000;
return r;
}
function s0_512_hi(xh, xl) {
var c0_hi = rotr64_hi(xh, xl, 28);
var c1_hi = rotr64_hi(xl, xh, 2); // 34
var c2_hi = rotr64_hi(xl, xh, 7); // 39
var r = c0_hi ^ c1_hi ^ c2_hi;
if (r < 0)
r += 0x100000000;
return r;
}
function s0_512_lo(xh, xl) {
var c0_lo = rotr64_lo(xh, xl, 28);
var c1_lo = rotr64_lo(xl, xh, 2); // 34
var c2_lo = rotr64_lo(xl, xh, 7); // 39
var r = c0_lo ^ c1_lo ^ c2_lo;
if (r < 0)
r += 0x100000000;
return r;
}
function s1_512_hi(xh, xl) {
var c0_hi = rotr64_hi(xh, xl, 14);
var c1_hi = rotr64_hi(xh, xl, 18);
var c2_hi = rotr64_hi(xl, xh, 9); // 41
var r = c0_hi ^ c1_hi ^ c2_hi;
if (r < 0)
r += 0x100000000;
return r;
}
function s1_512_lo(xh, xl) {
var c0_lo = rotr64_lo(xh, xl, 14);
var c1_lo = rotr64_lo(xh, xl, 18);
var c2_lo = rotr64_lo(xl, xh, 9); // 41
var r = c0_lo ^ c1_lo ^ c2_lo;
if (r < 0)
r += 0x100000000;
return r;
}
function g0_512_hi(xh, xl) {
var c0_hi = rotr64_hi(xh, xl, 1);
var c1_hi = rotr64_hi(xh, xl, 8);
var c2_hi = shr64_hi(xh, xl, 7);
var r = c0_hi ^ c1_hi ^ c2_hi;
if (r < 0)
r += 0x100000000;
return r;
}
function g0_512_lo(xh, xl) {
var c0_lo = rotr64_lo(xh, xl, 1);
var c1_lo = rotr64_lo(xh, xl, 8);
var c2_lo = shr64_lo(xh, xl, 7);
var r = c0_lo ^ c1_lo ^ c2_lo;
if (r < 0)
r += 0x100000000;
return r;
}
function g1_512_hi(xh, xl) {
var c0_hi = rotr64_hi(xh, xl, 19);
var c1_hi = rotr64_hi(xl, xh, 29); // 61
var c2_hi = shr64_hi(xh, xl, 6);
var r = c0_hi ^ c1_hi ^ c2_hi;
if (r < 0)
r += 0x100000000;
return r;
}
function g1_512_lo(xh, xl) {
var c0_lo = rotr64_lo(xh, xl, 19);
var c1_lo = rotr64_lo(xl, xh, 29); // 61
var c2_lo = shr64_lo(xh, xl, 6);
var r = c0_lo ^ c1_lo ^ c2_lo;
if (r < 0)
r += 0x100000000;
return r;
}
/***/ },
/* 111 */
/***/ function(module, exports, __webpack_require__) {
var hash = __webpack_require__(107);
var utils = hash.utils;
var rotl32 = utils.rotl32;
var sum32 = utils.sum32;
var sum32_3 = utils.sum32_3;
var sum32_4 = utils.sum32_4;
var BlockHash = hash.common.BlockHash;
function RIPEMD160() {
if (!(this instanceof RIPEMD160))
return new RIPEMD160();
BlockHash.call(this);
this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ];
this.endian = 'little';
}
utils.inherits(RIPEMD160, BlockHash);
exports.ripemd160 = RIPEMD160;
RIPEMD160.blockSize = 512;
RIPEMD160.outSize = 160;
RIPEMD160.hmacStrength = 192;
RIPEMD160.padLength = 64;
RIPEMD160.prototype._update = function update(msg, start) {
var A = this.h[0];
var B = this.h[1];
var C = this.h[2];
var D = this.h[3];
var E = this.h[4];
var Ah = A;
var Bh = B;
var Ch = C;
var Dh = D;
var Eh = E;
for (var j = 0; j < 80; j++) {
var T = sum32(
rotl32(
sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)),
s[j]),
E);
A = E;
E = D;
D = rotl32(C, 10);
C = B;
B = T;
T = sum32(
rotl32(
sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)),
sh[j]),
Eh);
Ah = Eh;
Eh = Dh;
Dh = rotl32(Ch, 10);
Ch = Bh;
Bh = T;
}
T = sum32_3(this.h[1], C, Dh);
this.h[1] = sum32_3(this.h[2], D, Eh);
this.h[2] = sum32_3(this.h[3], E, Ah);
this.h[3] = sum32_3(this.h[4], A, Bh);
this.h[4] = sum32_3(this.h[0], B, Ch);
this.h[0] = T;
};
RIPEMD160.prototype._digest = function digest(enc) {
if (enc === 'hex')
return utils.toHex32(this.h, 'little');
else
return utils.split32(this.h, 'little');
};
function f(j, x, y, z) {
if (j <= 15)
return x ^ y ^ z;
else if (j <= 31)
return (x & y) | ((~x) & z);
else if (j <= 47)
return (x | (~y)) ^ z;
else if (j <= 63)
return (x & z) | (y & (~z));
else
return x ^ (y | (~z));
}
function K(j) {
if (j <= 15)
return 0x00000000;
else if (j <= 31)
return 0x5a827999;
else if (j <= 47)
return 0x6ed9eba1;
else if (j <= 63)
return 0x8f1bbcdc;
else
return 0xa953fd4e;
}
function Kh(j) {
if (j <= 15)
return 0x50a28be6;
else if (j <= 31)
return 0x5c4dd124;
else if (j <= 47)
return 0x6d703ef3;
else if (j <= 63)
return 0x7a6d76e9;
else
return 0x00000000;
}
var r = [
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
];
var rh = [
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
];
var s = [
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
];
var sh = [
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
];
/***/ },
/* 112 */
/***/ function(module, exports, __webpack_require__) {
var hmac = exports;
var hash = __webpack_require__(107);
var utils = hash.utils;
var assert = utils.assert;
function Hmac(hash, key, enc) {
if (!(this instanceof Hmac))
return new Hmac(hash, key, enc);
this.Hash = hash;
this.blockSize = hash.blockSize / 8;
this.outSize = hash.outSize / 8;
this.inner = null;
this.outer = null;
this._init(utils.toArray(key, enc));
}
module.exports = Hmac;
Hmac.prototype._init = function init(key) {
// Shorten key, if needed
if (key.length > this.blockSize)
key = new this.Hash().update(key).digest();
assert(key.length <= this.blockSize);
// Add padding to key
for (var i = key.length; i < this.blockSize; i++)
key.push(0);
for (var i = 0; i < key.length; i++)
key[i] ^= 0x36;
this.inner = new this.Hash().update(key);
// 0x36 ^ 0x5c = 0x6a
for (var i = 0; i < key.length; i++)
key[i] ^= 0x6a;
this.outer = new this.Hash().update(key);
};
Hmac.prototype.update = function update(msg, enc) {
this.inner.update(msg, enc);
return this;
};
Hmac.prototype.digest = function digest(enc) {
this.outer.update(this.inner.digest());
return this.outer.digest(enc);
};
/***/ },
/* 113 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var curve = exports;
curve.base = __webpack_require__(114);
curve.short = __webpack_require__(115);
curve.mont = __webpack_require__(116);
curve.edwards = __webpack_require__(117);
/***/ },
/* 114 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var BN = __webpack_require__(76);
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var getNAF = utils.getNAF;
var getJSF = utils.getJSF;
var assert = utils.assert;
function BaseCurve(type, conf) {
this.type = type;
this.p = new BN(conf.p, 16);
// Use Montgomery, when there is no fast reduction for the prime
this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p);
// Useful for many curves
this.zero = new BN(0).toRed(this.red);
this.one = new BN(1).toRed(this.red);
this.two = new BN(2).toRed(this.red);
// Curve configuration, optional
this.n = conf.n && new BN(conf.n, 16);
this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed);
// Temporary arrays
this._wnafT1 = new Array(4);
this._wnafT2 = new Array(4);
this._wnafT3 = new Array(4);
this._wnafT4 = new Array(4);
}
module.exports = BaseCurve;
BaseCurve.prototype.point = function point() {
throw new Error('Not implemented');
};
BaseCurve.prototype.validate = function validate() {
throw new Error('Not implemented');
};
BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) {
assert(p.precomputed);
var doubles = p._getDoubles();
var naf = getNAF(k, 1);
var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1);
I /= 3;
// Translate into more windowed form
var repr = [];
for (var j = 0; j < naf.length; j += doubles.step) {
var nafW = 0;
for (var k = j + doubles.step - 1; k >= j; k--)
nafW = (nafW << 1) + naf[k];
repr.push(nafW);
}
var a = this.jpoint(null, null, null);
var b = this.jpoint(null, null, null);
for (var i = I; i > 0; i--) {
for (var j = 0; j < repr.length; j++) {
var nafW = repr[j];
if (nafW === i)
b = b.mixedAdd(doubles.points[j]);
else if (nafW === -i)
b = b.mixedAdd(doubles.points[j].neg());
}
a = a.add(b);
}
return a.toP();
};
BaseCurve.prototype._wnafMul = function _wnafMul(p, k) {
var w = 4;
// Precompute window
var nafPoints = p._getNAFPoints(w);
w = nafPoints.wnd;
var wnd = nafPoints.points;
// Get NAF form
var naf = getNAF(k, w);
// Add `this`*(N+1) for every w-NAF index
var acc = this.jpoint(null, null, null);
for (var i = naf.length - 1; i >= 0; i--) {
// Count zeroes
for (var k = 0; i >= 0 && naf[i] === 0; i--)
k++;
if (i >= 0)
k++;
acc = acc.dblp(k);
if (i < 0)
break;
var z = naf[i];
assert(z !== 0);
if (p.type === 'affine') {
// J +- P
if (z > 0)
acc = acc.mixedAdd(wnd[(z - 1) >> 1]);
else
acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg());
} else {
// J +- J
if (z > 0)
acc = acc.add(wnd[(z - 1) >> 1]);
else
acc = acc.add(wnd[(-z - 1) >> 1].neg());
}
}
return p.type === 'affine' ? acc.toP() : acc;
};
BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW,
points,
coeffs,
len) {
var wndWidth = this._wnafT1;
var wnd = this._wnafT2;
var naf = this._wnafT3;
// Fill all arrays
var max = 0;
for (var i = 0; i < len; i++) {
var p = points[i];
var nafPoints = p._getNAFPoints(defW);
wndWidth[i] = nafPoints.wnd;
wnd[i] = nafPoints.points;
}
// Comb small window NAFs
for (var i = len - 1; i >= 1; i -= 2) {
var a = i - 1;
var b = i;
if (wndWidth[a] !== 1 || wndWidth[b] !== 1) {
naf[a] = getNAF(coeffs[a], wndWidth[a]);
naf[b] = getNAF(coeffs[b], wndWidth[b]);
max = Math.max(naf[a].length, max);
max = Math.max(naf[b].length, max);
continue;
}
var comb = [
points[a], /* 1 */
null, /* 3 */
null, /* 5 */
points[b] /* 7 */
];
// Try to avoid Projective points, if possible
if (points[a].y.cmp(points[b].y) === 0) {
comb[1] = points[a].add(points[b]);
comb[2] = points[a].toJ().mixedAdd(points[b].neg());
} else if (points[a].y.cmp(points[b].y.redNeg()) === 0) {
comb[1] = points[a].toJ().mixedAdd(points[b]);
comb[2] = points[a].add(points[b].neg());
} else {
comb[1] = points[a].toJ().mixedAdd(points[b]);
comb[2] = points[a].toJ().mixedAdd(points[b].neg());
}
var index = [
-3, /* -1 -1 */
-1, /* -1 0 */
-5, /* -1 1 */
-7, /* 0 -1 */
0, /* 0 0 */
7, /* 0 1 */
5, /* 1 -1 */
1, /* 1 0 */
3 /* 1 1 */
];
var jsf = getJSF(coeffs[a], coeffs[b]);
max = Math.max(jsf[0].length, max);
naf[a] = new Array(max);
naf[b] = new Array(max);
for (var j = 0; j < max; j++) {
var ja = jsf[0][j] | 0;
var jb = jsf[1][j] | 0;
naf[a][j] = index[(ja + 1) * 3 + (jb + 1)];
naf[b][j] = 0;
wnd[a] = comb;
}
}
var acc = this.jpoint(null, null, null);
var tmp = this._wnafT4;
for (var i = max; i >= 0; i--) {
var k = 0;
while (i >= 0) {
var zero = true;
for (var j = 0; j < len; j++) {
tmp[j] = naf[j][i] | 0;
if (tmp[j] !== 0)
zero = false;
}
if (!zero)
break;
k++;
i--;
}
if (i >= 0)
k++;
acc = acc.dblp(k);
if (i < 0)
break;
for (var j = 0; j < len; j++) {
var z = tmp[j];
var p;
if (z === 0)
continue;
else if (z > 0)
p = wnd[j][(z - 1) >> 1];
else if (z < 0)
p = wnd[j][(-z - 1) >> 1].neg();
if (p.type === 'affine')
acc = acc.mixedAdd(p);
else
acc = acc.add(p);
}
}
// Zeroify references
for (var i = 0; i < len; i++)
wnd[i] = null;
return acc.toP();
};
function BasePoint(curve, type) {
this.curve = curve;
this.type = type;
this.precomputed = null;
}
BaseCurve.BasePoint = BasePoint;
BasePoint.prototype.eq = function eq(/*other*/) {
throw new Error('Not implemented');
};
BasePoint.prototype.validate = function validate() {
return this.curve.validate(this);
};
BaseCurve.prototype.decodePoint = function decodePoint(bytes, enc) {
bytes = utils.toArray(bytes, enc);
var len = this.p.byteLength();
if (bytes[0] === 0x04 && bytes.length - 1 === 2 * len) {
return this.point(bytes.slice(1, 1 + len),
bytes.slice(1 + len, 1 + 2 * len));
} else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&
bytes.length - 1 === len) {
return this.pointFromX(bytes.slice(1, 1 + len), bytes[0] === 0x03);
}
throw new Error('Unknown point format');
};
BasePoint.prototype.encodeCompressed = function encodeCompressed(enc) {
return this.encode(enc, true);
};
BasePoint.prototype._encode = function _encode(compact) {
var len = this.curve.p.byteLength();
var x = this.getX().toArray('be', len);
if (compact)
return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x);
return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ;
};
BasePoint.prototype.encode = function encode(enc, compact) {
return utils.encode(this._encode(compact), enc);
};
BasePoint.prototype.precompute = function precompute(power) {
if (this.precomputed)
return this;
var precomputed = {
doubles: null,
naf: null,
beta: null
};
precomputed.naf = this._getNAFPoints(8);
precomputed.doubles = this._getDoubles(4, power);
precomputed.beta = this._getBeta();
this.precomputed = precomputed;
return this;
};
BasePoint.prototype._hasDoubles = function _hasDoubles(k) {
if (!this.precomputed)
return false;
var doubles = this.precomputed.doubles;
if (!doubles)
return false;
return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step);
};
BasePoint.prototype._getDoubles = function _getDoubles(step, power) {
if (this.precomputed && this.precomputed.doubles)
return this.precomputed.doubles;
var doubles = [ this ];
var acc = this;
for (var i = 0; i < power; i += step) {
for (var j = 0; j < step; j++)
acc = acc.dbl();
doubles.push(acc);
}
return {
step: step,
points: doubles
};
};
BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) {
if (this.precomputed && this.precomputed.naf)
return this.precomputed.naf;
var res = [ this ];
var max = (1 << wnd) - 1;
var dbl = max === 1 ? null : this.dbl();
for (var i = 1; i < max; i++)
res[i] = res[i - 1].add(dbl);
return {
wnd: wnd,
points: res
};
};
BasePoint.prototype._getBeta = function _getBeta() {
return null;
};
BasePoint.prototype.dblp = function dblp(k) {
var r = this;
for (var i = 0; i < k; i++)
r = r.dbl();
return r;
};
/***/ },
/* 115 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var curve = __webpack_require__(113);
var elliptic = __webpack_require__(103);
var BN = __webpack_require__(76);
var inherits = __webpack_require__(15);
var Base = curve.base;
var assert = elliptic.utils.assert;
function ShortCurve(conf) {
Base.call(this, 'short', conf);
this.a = new BN(conf.a, 16).toRed(this.red);
this.b = new BN(conf.b, 16).toRed(this.red);
this.tinv = this.two.redInvm();
this.zeroA = this.a.fromRed().cmpn(0) === 0;
this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0;
// If the curve is endomorphic, precalculate beta and lambda
this.endo = this._getEndomorphism(conf);
this._endoWnafT1 = new Array(4);
this._endoWnafT2 = new Array(4);
}
inherits(ShortCurve, Base);
module.exports = ShortCurve;
ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) {
// No efficient endomorphism
if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1)
return;
// Compute beta and lambda, that lambda * P = (beta * Px; Py)
var beta;
var lambda;
if (conf.beta) {
beta = new BN(conf.beta, 16).toRed(this.red);
} else {
var betas = this._getEndoRoots(this.p);
// Choose the smallest beta
beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1];
beta = beta.toRed(this.red);
}
if (conf.lambda) {
lambda = new BN(conf.lambda, 16);
} else {
// Choose the lambda that is matching selected beta
var lambdas = this._getEndoRoots(this.n);
if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) {
lambda = lambdas[0];
} else {
lambda = lambdas[1];
assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0);
}
}
// Get basis vectors, used for balanced length-two representation
var basis;
if (conf.basis) {
basis = conf.basis.map(function(vec) {
return {
a: new BN(vec.a, 16),
b: new BN(vec.b, 16)
};
});
} else {
basis = this._getEndoBasis(lambda);
}
return {
beta: beta,
lambda: lambda,
basis: basis
};
};
ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) {
// Find roots of for x^2 + x + 1 in F
// Root = (-1 +- Sqrt(-3)) / 2
//
var red = num === this.p ? this.red : BN.mont(num);
var tinv = new BN(2).toRed(red).redInvm();
var ntinv = tinv.redNeg();
var s = new BN(3).toRed(red).redNeg().redSqrt().redMul(tinv);
var l1 = ntinv.redAdd(s).fromRed();
var l2 = ntinv.redSub(s).fromRed();
return [ l1, l2 ];
};
ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) {
// aprxSqrt >= sqrt(this.n)
var aprxSqrt = this.n.ushrn(Math.floor(this.n.bitLength() / 2));
// 3.74
// Run EGCD, until r(L + 1) < aprxSqrt
var u = lambda;
var v = this.n.clone();
var x1 = new BN(1);
var y1 = new BN(0);
var x2 = new BN(0);
var y2 = new BN(1);
// NOTE: all vectors are roots of: a + b * lambda = 0 (mod n)
var a0;
var b0;
// First vector
var a1;
var b1;
// Second vector
var a2;
var b2;
var prevR;
var i = 0;
var r;
var x;
while (u.cmpn(0) !== 0) {
var q = v.div(u);
r = v.sub(q.mul(u));
x = x2.sub(q.mul(x1));
var y = y2.sub(q.mul(y1));
if (!a1 && r.cmp(aprxSqrt) < 0) {
a0 = prevR.neg();
b0 = x1;
a1 = r.neg();
b1 = x;
} else if (a1 && ++i === 2) {
break;
}
prevR = r;
v = u;
u = r;
x2 = x1;
x1 = x;
y2 = y1;
y1 = y;
}
a2 = r.neg();
b2 = x;
var len1 = a1.sqr().add(b1.sqr());
var len2 = a2.sqr().add(b2.sqr());
if (len2.cmp(len1) >= 0) {
a2 = a0;
b2 = b0;
}
// Normalize signs
if (a1.negative) {
a1 = a1.neg();
b1 = b1.neg();
}
if (a2.negative) {
a2 = a2.neg();
b2 = b2.neg();
}
return [
{ a: a1, b: b1 },
{ a: a2, b: b2 }
];
};
ShortCurve.prototype._endoSplit = function _endoSplit(k) {
var basis = this.endo.basis;
var v1 = basis[0];
var v2 = basis[1];
var c1 = v2.b.mul(k).divRound(this.n);
var c2 = v1.b.neg().mul(k).divRound(this.n);
var p1 = c1.mul(v1.a);
var p2 = c2.mul(v2.a);
var q1 = c1.mul(v1.b);
var q2 = c2.mul(v2.b);
// Calculate answer
var k1 = k.sub(p1).sub(p2);
var k2 = q1.add(q2).neg();
return { k1: k1, k2: k2 };
};
ShortCurve.prototype.pointFromX = function pointFromX(x, odd) {
x = new BN(x, 16);
if (!x.red)
x = x.toRed(this.red);
var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b);
var y = y2.redSqrt();
if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)
throw new Error('invalid point');
// XXX Is there any way to tell if the number is odd without converting it
// to non-red form?
var isOdd = y.fromRed().isOdd();
if (odd && !isOdd || !odd && isOdd)
y = y.redNeg();
return this.point(x, y);
};
ShortCurve.prototype.validate = function validate(point) {
if (point.inf)
return true;
var x = point.x;
var y = point.y;
var ax = this.a.redMul(x);
var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b);
return y.redSqr().redISub(rhs).cmpn(0) === 0;
};
ShortCurve.prototype._endoWnafMulAdd =
function _endoWnafMulAdd(points, coeffs) {
var npoints = this._endoWnafT1;
var ncoeffs = this._endoWnafT2;
for (var i = 0; i < points.length; i++) {
var split = this._endoSplit(coeffs[i]);
var p = points[i];
var beta = p._getBeta();
if (split.k1.negative) {
split.k1.ineg();
p = p.neg(true);
}
if (split.k2.negative) {
split.k2.ineg();
beta = beta.neg(true);
}
npoints[i * 2] = p;
npoints[i * 2 + 1] = beta;
ncoeffs[i * 2] = split.k1;
ncoeffs[i * 2 + 1] = split.k2;
}
var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2);
// Clean-up references to points and coefficients
for (var j = 0; j < i * 2; j++) {
npoints[j] = null;
ncoeffs[j] = null;
}
return res;
};
function Point(curve, x, y, isRed) {
Base.BasePoint.call(this, curve, 'affine');
if (x === null && y === null) {
this.x = null;
this.y = null;
this.inf = true;
} else {
this.x = new BN(x, 16);
this.y = new BN(y, 16);
// Force redgomery representation when loading from JSON
if (isRed) {
this.x.forceRed(this.curve.red);
this.y.forceRed(this.curve.red);
}
if (!this.x.red)
this.x = this.x.toRed(this.curve.red);
if (!this.y.red)
this.y = this.y.toRed(this.curve.red);
this.inf = false;
}
}
inherits(Point, Base.BasePoint);
ShortCurve.prototype.point = function point(x, y, isRed) {
return new Point(this, x, y, isRed);
};
ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) {
return Point.fromJSON(this, obj, red);
};
Point.prototype._getBeta = function _getBeta() {
if (!this.curve.endo)
return;
var pre = this.precomputed;
if (pre && pre.beta)
return pre.beta;
var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y);
if (pre) {
var curve = this.curve;
var endoMul = function(p) {
return curve.point(p.x.redMul(curve.endo.beta), p.y);
};
pre.beta = beta;
beta.precomputed = {
beta: null,
naf: pre.naf && {
wnd: pre.naf.wnd,
points: pre.naf.points.map(endoMul)
},
doubles: pre.doubles && {
step: pre.doubles.step,
points: pre.doubles.points.map(endoMul)
}
};
}
return beta;
};
Point.prototype.toJSON = function toJSON() {
if (!this.precomputed)
return [ this.x, this.y ];
return [ this.x, this.y, this.precomputed && {
doubles: this.precomputed.doubles && {
step: this.precomputed.doubles.step,
points: this.precomputed.doubles.points.slice(1)
},
naf: this.precomputed.naf && {
wnd: this.precomputed.naf.wnd,
points: this.precomputed.naf.points.slice(1)
}
} ];
};
Point.fromJSON = function fromJSON(curve, obj, red) {
if (typeof obj === 'string')
obj = JSON.parse(obj);
var res = curve.point(obj[0], obj[1], red);
if (!obj[2])
return res;
function obj2point(obj) {
return curve.point(obj[0], obj[1], red);
}
var pre = obj[2];
res.precomputed = {
beta: null,
doubles: pre.doubles && {
step: pre.doubles.step,
points: [ res ].concat(pre.doubles.points.map(obj2point))
},
naf: pre.naf && {
wnd: pre.naf.wnd,
points: [ res ].concat(pre.naf.points.map(obj2point))
}
};
return res;
};
Point.prototype.inspect = function inspect() {
if (this.isInfinity())
return '<EC Point Infinity>';
return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
' y: ' + this.y.fromRed().toString(16, 2) + '>';
};
Point.prototype.isInfinity = function isInfinity() {
return this.inf;
};
Point.prototype.add = function add(p) {
// O + P = P
if (this.inf)
return p;
// P + O = P
if (p.inf)
return this;
// P + P = 2P
if (this.eq(p))
return this.dbl();
// P + (-P) = O
if (this.neg().eq(p))
return this.curve.point(null, null);
// P + Q = O
if (this.x.cmp(p.x) === 0)
return this.curve.point(null, null);
var c = this.y.redSub(p.y);
if (c.cmpn(0) !== 0)
c = c.redMul(this.x.redSub(p.x).redInvm());
var nx = c.redSqr().redISub(this.x).redISub(p.x);
var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);
return this.curve.point(nx, ny);
};
Point.prototype.dbl = function dbl() {
if (this.inf)
return this;
// 2P = O
var ys1 = this.y.redAdd(this.y);
if (ys1.cmpn(0) === 0)
return this.curve.point(null, null);
var a = this.curve.a;
var x2 = this.x.redSqr();
var dyinv = ys1.redInvm();
var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv);
var nx = c.redSqr().redISub(this.x.redAdd(this.x));
var ny = c.redMul(this.x.redSub(nx)).redISub(this.y);
return this.curve.point(nx, ny);
};
Point.prototype.getX = function getX() {
return this.x.fromRed();
};
Point.prototype.getY = function getY() {
return this.y.fromRed();
};
Point.prototype.mul = function mul(k) {
k = new BN(k, 16);
if (this._hasDoubles(k))
return this.curve._fixedNafMul(this, k);
else if (this.curve.endo)
return this.curve._endoWnafMulAdd([ this ], [ k ]);
else
return this.curve._wnafMul(this, k);
};
Point.prototype.mulAdd = function mulAdd(k1, p2, k2) {
var points = [ this, p2 ];
var coeffs = [ k1, k2 ];
if (this.curve.endo)
return this.curve._endoWnafMulAdd(points, coeffs);
else
return this.curve._wnafMulAdd(1, points, coeffs, 2);
};
Point.prototype.eq = function eq(p) {
return this === p ||
this.inf === p.inf &&
(this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0);
};
Point.prototype.neg = function neg(_precompute) {
if (this.inf)
return this;
var res = this.curve.point(this.x, this.y.redNeg());
if (_precompute && this.precomputed) {
var pre = this.precomputed;
var negate = function(p) {
return p.neg();
};
res.precomputed = {
naf: pre.naf && {
wnd: pre.naf.wnd,
points: pre.naf.points.map(negate)
},
doubles: pre.doubles && {
step: pre.doubles.step,
points: pre.doubles.points.map(negate)
}
};
}
return res;
};
Point.prototype.toJ = function toJ() {
if (this.inf)
return this.curve.jpoint(null, null, null);
var res = this.curve.jpoint(this.x, this.y, this.curve.one);
return res;
};
function JPoint(curve, x, y, z) {
Base.BasePoint.call(this, curve, 'jacobian');
if (x === null && y === null && z === null) {
this.x = this.curve.one;
this.y = this.curve.one;
this.z = new BN(0);
} else {
this.x = new BN(x, 16);
this.y = new BN(y, 16);
this.z = new BN(z, 16);
}
if (!this.x.red)
this.x = this.x.toRed(this.curve.red);
if (!this.y.red)
this.y = this.y.toRed(this.curve.red);
if (!this.z.red)
this.z = this.z.toRed(this.curve.red);
this.zOne = this.z === this.curve.one;
}
inherits(JPoint, Base.BasePoint);
ShortCurve.prototype.jpoint = function jpoint(x, y, z) {
return new JPoint(this, x, y, z);
};
JPoint.prototype.toP = function toP() {
if (this.isInfinity())
return this.curve.point(null, null);
var zinv = this.z.redInvm();
var zinv2 = zinv.redSqr();
var ax = this.x.redMul(zinv2);
var ay = this.y.redMul(zinv2).redMul(zinv);
return this.curve.point(ax, ay);
};
JPoint.prototype.neg = function neg() {
return this.curve.jpoint(this.x, this.y.redNeg(), this.z);
};
JPoint.prototype.add = function add(p) {
// O + P = P
if (this.isInfinity())
return p;
// P + O = P
if (p.isInfinity())
return this;
// 12M + 4S + 7A
var pz2 = p.z.redSqr();
var z2 = this.z.redSqr();
var u1 = this.x.redMul(pz2);
var u2 = p.x.redMul(z2);
var s1 = this.y.redMul(pz2.redMul(p.z));
var s2 = p.y.redMul(z2.redMul(this.z));
var h = u1.redSub(u2);
var r = s1.redSub(s2);
if (h.cmpn(0) === 0) {
if (r.cmpn(0) !== 0)
return this.curve.jpoint(null, null, null);
else
return this.dbl();
}
var h2 = h.redSqr();
var h3 = h2.redMul(h);
var v = u1.redMul(h2);
var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);
var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));
var nz = this.z.redMul(p.z).redMul(h);
return this.curve.jpoint(nx, ny, nz);
};
JPoint.prototype.mixedAdd = function mixedAdd(p) {
// O + P = P
if (this.isInfinity())
return p.toJ();
// P + O = P
if (p.isInfinity())
return this;
// 8M + 3S + 7A
var z2 = this.z.redSqr();
var u1 = this.x;
var u2 = p.x.redMul(z2);
var s1 = this.y;
var s2 = p.y.redMul(z2).redMul(this.z);
var h = u1.redSub(u2);
var r = s1.redSub(s2);
if (h.cmpn(0) === 0) {
if (r.cmpn(0) !== 0)
return this.curve.jpoint(null, null, null);
else
return this.dbl();
}
var h2 = h.redSqr();
var h3 = h2.redMul(h);
var v = u1.redMul(h2);
var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v);
var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3));
var nz = this.z.redMul(h);
return this.curve.jpoint(nx, ny, nz);
};
JPoint.prototype.dblp = function dblp(pow) {
if (pow === 0)
return this;
if (this.isInfinity())
return this;
if (!pow)
return this.dbl();
if (this.curve.zeroA || this.curve.threeA) {
var r = this;
for (var i = 0; i < pow; i++)
r = r.dbl();
return r;
}
// 1M + 2S + 1A + N * (4S + 5M + 8A)
// N = 1 => 6M + 6S + 9A
var a = this.curve.a;
var tinv = this.curve.tinv;
var jx = this.x;
var jy = this.y;
var jz = this.z;
var jz4 = jz.redSqr().redSqr();
// Reuse results
var jyd = jy.redAdd(jy);
for (var i = 0; i < pow; i++) {
var jx2 = jx.redSqr();
var jyd2 = jyd.redSqr();
var jyd4 = jyd2.redSqr();
var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));
var t1 = jx.redMul(jyd2);
var nx = c.redSqr().redISub(t1.redAdd(t1));
var t2 = t1.redISub(nx);
var dny = c.redMul(t2);
dny = dny.redIAdd(dny).redISub(jyd4);
var nz = jyd.redMul(jz);
if (i + 1 < pow)
jz4 = jz4.redMul(jyd4);
jx = nx;
jz = nz;
jyd = dny;
}
return this.curve.jpoint(jx, jyd.redMul(tinv), jz);
};
JPoint.prototype.dbl = function dbl() {
if (this.isInfinity())
return this;
if (this.curve.zeroA)
return this._zeroDbl();
else if (this.curve.threeA)
return this._threeDbl();
else
return this._dbl();
};
JPoint.prototype._zeroDbl = function _zeroDbl() {
var nx;
var ny;
var nz;
// Z = 1
if (this.zOne) {
// hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html
// #doubling-mdbl-2007-bl
// 1M + 5S + 14A
// XX = X1^2
var xx = this.x.redSqr();
// YY = Y1^2
var yy = this.y.redSqr();
// YYYY = YY^2
var yyyy = yy.redSqr();
// S = 2 * ((X1 + YY)^2 - XX - YYYY)
var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);
s = s.redIAdd(s);
// M = 3 * XX + a; a = 0
var m = xx.redAdd(xx).redIAdd(xx);
// T = M ^ 2 - 2*S
var t = m.redSqr().redISub(s).redISub(s);
// 8 * YYYY
var yyyy8 = yyyy.redIAdd(yyyy);
yyyy8 = yyyy8.redIAdd(yyyy8);
yyyy8 = yyyy8.redIAdd(yyyy8);
// X3 = T
nx = t;
// Y3 = M * (S - T) - 8 * YYYY
ny = m.redMul(s.redISub(t)).redISub(yyyy8);
// Z3 = 2*Y1
nz = this.y.redAdd(this.y);
} else {
// hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html
// #doubling-dbl-2009-l
// 2M + 5S + 13A
// A = X1^2
var a = this.x.redSqr();
// B = Y1^2
var b = this.y.redSqr();
// C = B^2
var c = b.redSqr();
// D = 2 * ((X1 + B)^2 - A - C)
var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c);
d = d.redIAdd(d);
// E = 3 * A
var e = a.redAdd(a).redIAdd(a);
// F = E^2
var f = e.redSqr();
// 8 * C
var c8 = c.redIAdd(c);
c8 = c8.redIAdd(c8);
c8 = c8.redIAdd(c8);
// X3 = F - 2 * D
nx = f.redISub(d).redISub(d);
// Y3 = E * (D - X3) - 8 * C
ny = e.redMul(d.redISub(nx)).redISub(c8);
// Z3 = 2 * Y1 * Z1
nz = this.y.redMul(this.z);
nz = nz.redIAdd(nz);
}
return this.curve.jpoint(nx, ny, nz);
};
JPoint.prototype._threeDbl = function _threeDbl() {
var nx;
var ny;
var nz;
// Z = 1
if (this.zOne) {
// hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html
// #doubling-mdbl-2007-bl
// 1M + 5S + 15A
// XX = X1^2
var xx = this.x.redSqr();
// YY = Y1^2
var yy = this.y.redSqr();
// YYYY = YY^2
var yyyy = yy.redSqr();
// S = 2 * ((X1 + YY)^2 - XX - YYYY)
var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);
s = s.redIAdd(s);
// M = 3 * XX + a
var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a);
// T = M^2 - 2 * S
var t = m.redSqr().redISub(s).redISub(s);
// X3 = T
nx = t;
// Y3 = M * (S - T) - 8 * YYYY
var yyyy8 = yyyy.redIAdd(yyyy);
yyyy8 = yyyy8.redIAdd(yyyy8);
yyyy8 = yyyy8.redIAdd(yyyy8);
ny = m.redMul(s.redISub(t)).redISub(yyyy8);
// Z3 = 2 * Y1
nz = this.y.redAdd(this.y);
} else {
// hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
// 3M + 5S
// delta = Z1^2
var delta = this.z.redSqr();
// gamma = Y1^2
var gamma = this.y.redSqr();
// beta = X1 * gamma
var beta = this.x.redMul(gamma);
// alpha = 3 * (X1 - delta) * (X1 + delta)
var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta));
alpha = alpha.redAdd(alpha).redIAdd(alpha);
// X3 = alpha^2 - 8 * beta
var beta4 = beta.redIAdd(beta);
beta4 = beta4.redIAdd(beta4);
var beta8 = beta4.redAdd(beta4);
nx = alpha.redSqr().redISub(beta8);
// Z3 = (Y1 + Z1)^2 - gamma - delta
nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta);
// Y3 = alpha * (4 * beta - X3) - 8 * gamma^2
var ggamma8 = gamma.redSqr();
ggamma8 = ggamma8.redIAdd(ggamma8);
ggamma8 = ggamma8.redIAdd(ggamma8);
ggamma8 = ggamma8.redIAdd(ggamma8);
ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8);
}
return this.curve.jpoint(nx, ny, nz);
};
JPoint.prototype._dbl = function _dbl() {
var a = this.curve.a;
// 4M + 6S + 10A
var jx = this.x;
var jy = this.y;
var jz = this.z;
var jz4 = jz.redSqr().redSqr();
var jx2 = jx.redSqr();
var jy2 = jy.redSqr();
var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4));
var jxd4 = jx.redAdd(jx);
jxd4 = jxd4.redIAdd(jxd4);
var t1 = jxd4.redMul(jy2);
var nx = c.redSqr().redISub(t1.redAdd(t1));
var t2 = t1.redISub(nx);
var jyd8 = jy2.redSqr();
jyd8 = jyd8.redIAdd(jyd8);
jyd8 = jyd8.redIAdd(jyd8);
jyd8 = jyd8.redIAdd(jyd8);
var ny = c.redMul(t2).redISub(jyd8);
var nz = jy.redAdd(jy).redMul(jz);
return this.curve.jpoint(nx, ny, nz);
};
JPoint.prototype.trpl = function trpl() {
if (!this.curve.zeroA)
return this.dbl().add(this);
// hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl
// 5M + 10S + ...
// XX = X1^2
var xx = this.x.redSqr();
// YY = Y1^2
var yy = this.y.redSqr();
// ZZ = Z1^2
var zz = this.z.redSqr();
// YYYY = YY^2
var yyyy = yy.redSqr();
// M = 3 * XX + a * ZZ2; a = 0
var m = xx.redAdd(xx).redIAdd(xx);
// MM = M^2
var mm = m.redSqr();
// E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM
var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy);
e = e.redIAdd(e);
e = e.redAdd(e).redIAdd(e);
e = e.redISub(mm);
// EE = E^2
var ee = e.redSqr();
// T = 16*YYYY
var t = yyyy.redIAdd(yyyy);
t = t.redIAdd(t);
t = t.redIAdd(t);
t = t.redIAdd(t);
// U = (M + E)^2 - MM - EE - T
var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t);
// X3 = 4 * (X1 * EE - 4 * YY * U)
var yyu4 = yy.redMul(u);
yyu4 = yyu4.redIAdd(yyu4);
yyu4 = yyu4.redIAdd(yyu4);
var nx = this.x.redMul(ee).redISub(yyu4);
nx = nx.redIAdd(nx);
nx = nx.redIAdd(nx);
// Y3 = 8 * Y1 * (U * (T - U) - E * EE)
var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee)));
ny = ny.redIAdd(ny);
ny = ny.redIAdd(ny);
ny = ny.redIAdd(ny);
// Z3 = (Z1 + E)^2 - ZZ - EE
var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee);
return this.curve.jpoint(nx, ny, nz);
};
JPoint.prototype.mul = function mul(k, kbase) {
k = new BN(k, kbase);
return this.curve._wnafMul(this, k);
};
JPoint.prototype.eq = function eq(p) {
if (p.type === 'affine')
return this.eq(p.toJ());
if (this === p)
return true;
// x1 * z2^2 == x2 * z1^2
var z2 = this.z.redSqr();
var pz2 = p.z.redSqr();
if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0)
return false;
// y1 * z2^3 == y2 * z1^3
var z3 = z2.redMul(this.z);
var pz3 = pz2.redMul(p.z);
return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0;
};
JPoint.prototype.inspect = function inspect() {
if (this.isInfinity())
return '<EC JPoint Infinity>';
return '<EC JPoint x: ' + this.x.toString(16, 2) +
' y: ' + this.y.toString(16, 2) +
' z: ' + this.z.toString(16, 2) + '>';
};
JPoint.prototype.isInfinity = function isInfinity() {
// XXX This code assumes that zero is always zero in red
return this.z.cmpn(0) === 0;
};
/***/ },
/* 116 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var curve = __webpack_require__(113);
var BN = __webpack_require__(76);
var inherits = __webpack_require__(15);
var Base = curve.base;
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
function MontCurve(conf) {
Base.call(this, 'mont', conf);
this.a = new BN(conf.a, 16).toRed(this.red);
this.b = new BN(conf.b, 16).toRed(this.red);
this.i4 = new BN(4).toRed(this.red).redInvm();
this.two = new BN(2).toRed(this.red);
this.a24 = this.i4.redMul(this.a.redAdd(this.two));
}
inherits(MontCurve, Base);
module.exports = MontCurve;
MontCurve.prototype.validate = function validate(point) {
var x = point.normalize().x;
var x2 = x.redSqr();
var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x);
var y = rhs.redSqrt();
return y.redSqr().cmp(rhs) === 0;
};
function Point(curve, x, z) {
Base.BasePoint.call(this, curve, 'projective');
if (x === null && z === null) {
this.x = this.curve.one;
this.z = this.curve.zero;
} else {
this.x = new BN(x, 16);
this.z = new BN(z, 16);
if (!this.x.red)
this.x = this.x.toRed(this.curve.red);
if (!this.z.red)
this.z = this.z.toRed(this.curve.red);
}
}
inherits(Point, Base.BasePoint);
MontCurve.prototype.decodePoint = function decodePoint(bytes, enc) {
return this.point(utils.toArray(bytes, enc), 1);
};
MontCurve.prototype.point = function point(x, z) {
return new Point(this, x, z);
};
MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) {
return Point.fromJSON(this, obj);
};
Point.prototype.precompute = function precompute() {
// No-op
};
Point.prototype._encode = function _encode() {
return this.getX().toArray('be', this.curve.p.byteLength());
};
Point.fromJSON = function fromJSON(curve, obj) {
return new Point(curve, obj[0], obj[1] || curve.one);
};
Point.prototype.inspect = function inspect() {
if (this.isInfinity())
return '<EC Point Infinity>';
return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
' z: ' + this.z.fromRed().toString(16, 2) + '>';
};
Point.prototype.isInfinity = function isInfinity() {
// XXX This code assumes that zero is always zero in red
return this.z.cmpn(0) === 0;
};
Point.prototype.dbl = function dbl() {
// http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3
// 2M + 2S + 4A
// A = X1 + Z1
var a = this.x.redAdd(this.z);
// AA = A^2
var aa = a.redSqr();
// B = X1 - Z1
var b = this.x.redSub(this.z);
// BB = B^2
var bb = b.redSqr();
// C = AA - BB
var c = aa.redSub(bb);
// X3 = AA * BB
var nx = aa.redMul(bb);
// Z3 = C * (BB + A24 * C)
var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c)));
return this.curve.point(nx, nz);
};
Point.prototype.add = function add() {
throw new Error('Not supported on Montgomery curve');
};
Point.prototype.diffAdd = function diffAdd(p, diff) {
// http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3
// 4M + 2S + 6A
// A = X2 + Z2
var a = this.x.redAdd(this.z);
// B = X2 - Z2
var b = this.x.redSub(this.z);
// C = X3 + Z3
var c = p.x.redAdd(p.z);
// D = X3 - Z3
var d = p.x.redSub(p.z);
// DA = D * A
var da = d.redMul(a);
// CB = C * B
var cb = c.redMul(b);
// X5 = Z1 * (DA + CB)^2
var nx = diff.z.redMul(da.redAdd(cb).redSqr());
// Z5 = X1 * (DA - CB)^2
var nz = diff.x.redMul(da.redISub(cb).redSqr());
return this.curve.point(nx, nz);
};
Point.prototype.mul = function mul(k) {
var t = k.clone();
var a = this; // (N / 2) * Q + Q
var b = this.curve.point(null, null); // (N / 2) * Q
var c = this; // Q
for (var bits = []; t.cmpn(0) !== 0; t.iushrn(1))
bits.push(t.andln(1));
for (var i = bits.length - 1; i >= 0; i--) {
if (bits[i] === 0) {
// N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q
a = a.diffAdd(b, c);
// N * Q = 2 * ((N / 2) * Q + Q))
b = b.dbl();
} else {
// N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q)
b = a.diffAdd(b, c);
// N * Q + Q = 2 * ((N / 2) * Q + Q)
a = a.dbl();
}
}
return b;
};
Point.prototype.mulAdd = function mulAdd() {
throw new Error('Not supported on Montgomery curve');
};
Point.prototype.eq = function eq(other) {
return this.getX().cmp(other.getX()) === 0;
};
Point.prototype.normalize = function normalize() {
this.x = this.x.redMul(this.z.redInvm());
this.z = this.curve.one;
return this;
};
Point.prototype.getX = function getX() {
// Normalize coordinates
this.normalize();
return this.x.fromRed();
};
/***/ },
/* 117 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var curve = __webpack_require__(113);
var elliptic = __webpack_require__(103);
var BN = __webpack_require__(76);
var inherits = __webpack_require__(15);
var Base = curve.base;
var assert = elliptic.utils.assert;
function EdwardsCurve(conf) {
// NOTE: Important as we are creating point in Base.call()
this.twisted = (conf.a | 0) !== 1;
this.mOneA = this.twisted && (conf.a | 0) === -1;
this.extended = this.mOneA;
Base.call(this, 'edwards', conf);
this.a = new BN(conf.a, 16).umod(this.red.m);
this.a = this.a.toRed(this.red);
this.c = new BN(conf.c, 16).toRed(this.red);
this.c2 = this.c.redSqr();
this.d = new BN(conf.d, 16).toRed(this.red);
this.dd = this.d.redAdd(this.d);
assert(!this.twisted || this.c.fromRed().cmpn(1) === 0);
this.oneC = (conf.c | 0) === 1;
}
inherits(EdwardsCurve, Base);
module.exports = EdwardsCurve;
EdwardsCurve.prototype._mulA = function _mulA(num) {
if (this.mOneA)
return num.redNeg();
else
return this.a.redMul(num);
};
EdwardsCurve.prototype._mulC = function _mulC(num) {
if (this.oneC)
return num;
else
return this.c.redMul(num);
};
// Just for compatibility with Short curve
EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) {
return this.point(x, y, z, t);
};
EdwardsCurve.prototype.pointFromX = function pointFromX(x, odd) {
x = new BN(x, 16);
if (!x.red)
x = x.toRed(this.red);
var x2 = x.redSqr();
var rhs = this.c2.redSub(this.a.redMul(x2));
var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2));
var y2 = rhs.redMul(lhs.redInvm());
var y = y2.redSqrt();
if (y.redSqr().redSub(y2).cmp(this.zero) !== 0)
throw new Error('invalid point');
var isOdd = y.fromRed().isOdd();
if (odd && !isOdd || !odd && isOdd)
y = y.redNeg();
return this.point(x, y);
};
EdwardsCurve.prototype.pointFromY = function pointFromY(y, odd) {
y = new BN(y, 16);
if (!y.red)
y = y.toRed(this.red);
// x^2 = (y^2 - 1) / (d y^2 + 1)
var y2 = y.redSqr();
var lhs = y2.redSub(this.one);
var rhs = y2.redMul(this.d).redAdd(this.one);
var x2 = lhs.redMul(rhs.redInvm());
if (x2.cmp(this.zero) === 0) {
if (odd)
throw new Error('invalid point');
else
return this.point(this.zero, y);
}
var x = x2.redSqrt();
if (x.redSqr().redSub(x2).cmp(this.zero) !== 0)
throw new Error('invalid point');
if (x.isOdd() !== odd)
x = x.redNeg();
return this.point(x, y);
};
EdwardsCurve.prototype.validate = function validate(point) {
if (point.isInfinity())
return true;
// Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2)
point.normalize();
var x2 = point.x.redSqr();
var y2 = point.y.redSqr();
var lhs = x2.redMul(this.a).redAdd(y2);
var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2)));
return lhs.cmp(rhs) === 0;
};
function Point(curve, x, y, z, t) {
Base.BasePoint.call(this, curve, 'projective');
if (x === null && y === null && z === null) {
this.x = this.curve.zero;
this.y = this.curve.one;
this.z = this.curve.one;
this.t = this.curve.zero;
this.zOne = true;
} else {
this.x = new BN(x, 16);
this.y = new BN(y, 16);
this.z = z ? new BN(z, 16) : this.curve.one;
this.t = t && new BN(t, 16);
if (!this.x.red)
this.x = this.x.toRed(this.curve.red);
if (!this.y.red)
this.y = this.y.toRed(this.curve.red);
if (!this.z.red)
this.z = this.z.toRed(this.curve.red);
if (this.t && !this.t.red)
this.t = this.t.toRed(this.curve.red);
this.zOne = this.z === this.curve.one;
// Use extended coordinates
if (this.curve.extended && !this.t) {
this.t = this.x.redMul(this.y);
if (!this.zOne)
this.t = this.t.redMul(this.z.redInvm());
}
}
}
inherits(Point, Base.BasePoint);
EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) {
return Point.fromJSON(this, obj);
};
EdwardsCurve.prototype.point = function point(x, y, z, t) {
return new Point(this, x, y, z, t);
};
Point.fromJSON = function fromJSON(curve, obj) {
return new Point(curve, obj[0], obj[1], obj[2]);
};
Point.prototype.inspect = function inspect() {
if (this.isInfinity())
return '<EC Point Infinity>';
return '<EC Point x: ' + this.x.fromRed().toString(16, 2) +
' y: ' + this.y.fromRed().toString(16, 2) +
' z: ' + this.z.fromRed().toString(16, 2) + '>';
};
Point.prototype.isInfinity = function isInfinity() {
// XXX This code assumes that zero is always zero in red
return this.x.cmpn(0) === 0 &&
this.y.cmp(this.z) === 0;
};
Point.prototype._extDbl = function _extDbl() {
// hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
// #doubling-dbl-2008-hwcd
// 4M + 4S
// A = X1^2
var a = this.x.redSqr();
// B = Y1^2
var b = this.y.redSqr();
// C = 2 * Z1^2
var c = this.z.redSqr();
c = c.redIAdd(c);
// D = a * A
var d = this.curve._mulA(a);
// E = (X1 + Y1)^2 - A - B
var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b);
// G = D + B
var g = d.redAdd(b);
// F = G - C
var f = g.redSub(c);
// H = D - B
var h = d.redSub(b);
// X3 = E * F
var nx = e.redMul(f);
// Y3 = G * H
var ny = g.redMul(h);
// T3 = E * H
var nt = e.redMul(h);
// Z3 = F * G
var nz = f.redMul(g);
return this.curve.point(nx, ny, nz, nt);
};
Point.prototype._projDbl = function _projDbl() {
// hyperelliptic.org/EFD/g1p/auto-twisted-projective.html
// #doubling-dbl-2008-bbjlp
// #doubling-dbl-2007-bl
// and others
// Generally 3M + 4S or 2M + 4S
// B = (X1 + Y1)^2
var b = this.x.redAdd(this.y).redSqr();
// C = X1^2
var c = this.x.redSqr();
// D = Y1^2
var d = this.y.redSqr();
var nx;
var ny;
var nz;
if (this.curve.twisted) {
// E = a * C
var e = this.curve._mulA(c);
// F = E + D
var f = e.redAdd(d);
if (this.zOne) {
// X3 = (B - C - D) * (F - 2)
nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two));
// Y3 = F * (E - D)
ny = f.redMul(e.redSub(d));
// Z3 = F^2 - 2 * F
nz = f.redSqr().redSub(f).redSub(f);
} else {
// H = Z1^2
var h = this.z.redSqr();
// J = F - 2 * H
var j = f.redSub(h).redISub(h);
// X3 = (B-C-D)*J
nx = b.redSub(c).redISub(d).redMul(j);
// Y3 = F * (E - D)
ny = f.redMul(e.redSub(d));
// Z3 = F * J
nz = f.redMul(j);
}
} else {
// E = C + D
var e = c.redAdd(d);
// H = (c * Z1)^2
var h = this.curve._mulC(this.c.redMul(this.z)).redSqr();
// J = E - 2 * H
var j = e.redSub(h).redSub(h);
// X3 = c * (B - E) * J
nx = this.curve._mulC(b.redISub(e)).redMul(j);
// Y3 = c * E * (C - D)
ny = this.curve._mulC(e).redMul(c.redISub(d));
// Z3 = E * J
nz = e.redMul(j);
}
return this.curve.point(nx, ny, nz);
};
Point.prototype.dbl = function dbl() {
if (this.isInfinity())
return this;
// Double in extended coordinates
if (this.curve.extended)
return this._extDbl();
else
return this._projDbl();
};
Point.prototype._extAdd = function _extAdd(p) {
// hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
// #addition-add-2008-hwcd-3
// 8M
// A = (Y1 - X1) * (Y2 - X2)
var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x));
// B = (Y1 + X1) * (Y2 + X2)
var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x));
// C = T1 * k * T2
var c = this.t.redMul(this.curve.dd).redMul(p.t);
// D = Z1 * 2 * Z2
var d = this.z.redMul(p.z.redAdd(p.z));
// E = B - A
var e = b.redSub(a);
// F = D - C
var f = d.redSub(c);
// G = D + C
var g = d.redAdd(c);
// H = B + A
var h = b.redAdd(a);
// X3 = E * F
var nx = e.redMul(f);
// Y3 = G * H
var ny = g.redMul(h);
// T3 = E * H
var nt = e.redMul(h);
// Z3 = F * G
var nz = f.redMul(g);
return this.curve.point(nx, ny, nz, nt);
};
Point.prototype._projAdd = function _projAdd(p) {
// hyperelliptic.org/EFD/g1p/auto-twisted-projective.html
// #addition-add-2008-bbjlp
// #addition-add-2007-bl
// 10M + 1S
// A = Z1 * Z2
var a = this.z.redMul(p.z);
// B = A^2
var b = a.redSqr();
// C = X1 * X2
var c = this.x.redMul(p.x);
// D = Y1 * Y2
var d = this.y.redMul(p.y);
// E = d * C * D
var e = this.curve.d.redMul(c).redMul(d);
// F = B - E
var f = b.redSub(e);
// G = B + E
var g = b.redAdd(e);
// X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D)
var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d);
var nx = a.redMul(f).redMul(tmp);
var ny;
var nz;
if (this.curve.twisted) {
// Y3 = A * G * (D - a * C)
ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c)));
// Z3 = F * G
nz = f.redMul(g);
} else {
// Y3 = A * G * (D - C)
ny = a.redMul(g).redMul(d.redSub(c));
// Z3 = c * F * G
nz = this.curve._mulC(f).redMul(g);
}
return this.curve.point(nx, ny, nz);
};
Point.prototype.add = function add(p) {
if (this.isInfinity())
return p;
if (p.isInfinity())
return this;
if (this.curve.extended)
return this._extAdd(p);
else
return this._projAdd(p);
};
Point.prototype.mul = function mul(k) {
if (this._hasDoubles(k))
return this.curve._fixedNafMul(this, k);
else
return this.curve._wnafMul(this, k);
};
Point.prototype.mulAdd = function mulAdd(k1, p, k2) {
return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2);
};
Point.prototype.normalize = function normalize() {
if (this.zOne)
return this;
// Normalize coordinates
var zi = this.z.redInvm();
this.x = this.x.redMul(zi);
this.y = this.y.redMul(zi);
if (this.t)
this.t = this.t.redMul(zi);
this.z = this.curve.one;
this.zOne = true;
return this;
};
Point.prototype.neg = function neg() {
return this.curve.point(this.x.redNeg(),
this.y,
this.z,
this.t && this.t.redNeg());
};
Point.prototype.getX = function getX() {
this.normalize();
return this.x.fromRed();
};
Point.prototype.getY = function getY() {
this.normalize();
return this.y.fromRed();
};
Point.prototype.eq = function eq(other) {
return this === other ||
this.getX().cmp(other.getX()) === 0 &&
this.getY().cmp(other.getY()) === 0;
};
// Compatibility with BaseCurve
Point.prototype.toP = Point.prototype.normalize;
Point.prototype.mixedAdd = Point.prototype.add;
/***/ },
/* 118 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var curves = exports;
var hash = __webpack_require__(107);
var elliptic = __webpack_require__(103);
var assert = elliptic.utils.assert;
function PresetCurve(options) {
if (options.type === 'short')
this.curve = new elliptic.curve.short(options);
else if (options.type === 'edwards')
this.curve = new elliptic.curve.edwards(options);
else
this.curve = new elliptic.curve.mont(options);
this.g = this.curve.g;
this.n = this.curve.n;
this.hash = options.hash;
assert(this.g.validate(), 'Invalid curve');
assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, G*N != O');
}
curves.PresetCurve = PresetCurve;
function defineCurve(name, options) {
Object.defineProperty(curves, name, {
configurable: true,
enumerable: true,
get: function() {
var curve = new PresetCurve(options);
Object.defineProperty(curves, name, {
configurable: true,
enumerable: true,
value: curve
});
return curve;
}
});
}
defineCurve('p192', {
type: 'short',
prime: 'p192',
p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff',
a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc',
b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1',
n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831',
hash: hash.sha256,
gRed: false,
g: [
'188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012',
'07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811'
]
});
defineCurve('p224', {
type: 'short',
prime: 'p224',
p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001',
a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe',
b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4',
n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d',
hash: hash.sha256,
gRed: false,
g: [
'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21',
'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34'
]
});
defineCurve('p256', {
type: 'short',
prime: null,
p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff',
a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc',
b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b',
n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551',
hash: hash.sha256,
gRed: false,
g: [
'6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296',
'4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5'
]
});
defineCurve('p384', {
type: 'short',
prime: null,
p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'fffffffe ffffffff 00000000 00000000 ffffffff',
a: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'fffffffe ffffffff 00000000 00000000 fffffffc',
b: 'b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f ' +
'5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef',
n: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 ' +
'f4372ddf 581a0db2 48b0a77a ecec196a ccc52973',
hash: hash.sha384,
gRed: false,
g: [
'aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 ' +
'5502f25d bf55296c 3a545e38 72760ab7',
'3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 ' +
'0a60b1ce 1d7e819d 7a431d7c 90ea0e5f'
]
});
defineCurve('p521', {
type: 'short',
prime: null,
p: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'ffffffff ffffffff ffffffff ffffffff ffffffff',
a: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'ffffffff ffffffff ffffffff ffffffff fffffffc',
b: '00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b ' +
'99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd ' +
'3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00',
n: '000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ' +
'ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 ' +
'f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409',
hash: hash.sha512,
gRed: false,
g: [
'000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 ' +
'053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 ' +
'a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66',
'00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 ' +
'579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 ' +
'3fad0761 353c7086 a272c240 88be9476 9fd16650'
]
});
defineCurve('curve25519', {
type: 'mont',
prime: 'p25519',
p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',
a: '76d06',
b: '0',
n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',
hash: hash.sha256,
gRed: false,
g: [
'9'
]
});
defineCurve('ed25519', {
type: 'edwards',
prime: 'p25519',
p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed',
a: '-1',
c: '1',
// -121665 * (121666^(-1)) (mod P)
d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3',
n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed',
hash: hash.sha256,
gRed: false,
g: [
'216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a',
// 4/5
'6666666666666666666666666666666666666666666666666666666666666658'
]
});
var pre;
try {
pre = __webpack_require__(119);
} catch (e) {
pre = undefined;
}
defineCurve('secp256k1', {
type: 'short',
prime: 'k256',
p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f',
a: '0',
b: '7',
n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141',
h: '1',
hash: hash.sha256,
// Precomputed endomorphism
beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee',
lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72',
basis: [
{
a: '3086d221a7d46bcde86c90e49284eb15',
b: '-e4437ed6010e88286f547fa90abfe4c3'
},
{
a: '114ca50f7a8e2f3f657c1108d9d44cfd8',
b: '3086d221a7d46bcde86c90e49284eb15'
}
],
gRed: false,
g: [
'79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
'483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8',
pre
]
});
/***/ },
/* 119 */
/***/ function(module, exports) {
module.exports = {
doubles: {
step: 4,
points: [
[
'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a',
'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821'
],
[
'8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508',
'11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf'
],
[
'175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739',
'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695'
],
[
'363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640',
'4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9'
],
[
'8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c',
'4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36'
],
[
'723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda',
'96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f'
],
[
'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa',
'5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999'
],
[
'100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0',
'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09'
],
[
'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d',
'9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d'
],
[
'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d',
'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088'
],
[
'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1',
'9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d'
],
[
'53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0',
'5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8'
],
[
'8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047',
'10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a'
],
[
'385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862',
'283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453'
],
[
'6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7',
'7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160'
],
[
'3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd',
'56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0'
],
[
'85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83',
'7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6'
],
[
'948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a',
'53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589'
],
[
'6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8',
'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17'
],
[
'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d',
'4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda'
],
[
'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725',
'7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd'
],
[
'213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754',
'4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2'
],
[
'4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c',
'17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6'
],
[
'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6',
'6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f'
],
[
'76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39',
'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01'
],
[
'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891',
'893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3'
],
[
'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b',
'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f'
],
[
'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03',
'2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7'
],
[
'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d',
'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78'
],
[
'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070',
'7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1'
],
[
'90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4',
'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150'
],
[
'8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da',
'662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82'
],
[
'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11',
'1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc'
],
[
'8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e',
'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b'
],
[
'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41',
'2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51'
],
[
'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef',
'67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45'
],
[
'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8',
'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120'
],
[
'324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d',
'648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84'
],
[
'4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96',
'35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d'
],
[
'9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd',
'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d'
],
[
'6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5',
'9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8'
],
[
'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266',
'40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8'
],
[
'7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71',
'34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac'
],
[
'928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac',
'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f'
],
[
'85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751',
'1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962'
],
[
'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e',
'493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907'
],
[
'827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241',
'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec'
],
[
'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3',
'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d'
],
[
'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f',
'4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414'
],
[
'1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19',
'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd'
],
[
'146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be',
'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0'
],
[
'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9',
'6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811'
],
[
'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2',
'8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1'
],
[
'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13',
'7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c'
],
[
'174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c',
'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73'
],
[
'959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba',
'2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd'
],
[
'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151',
'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405'
],
[
'64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073',
'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589'
],
[
'8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458',
'38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e'
],
[
'13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b',
'69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27'
],
[
'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366',
'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1'
],
[
'8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa',
'40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482'
],
[
'8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0',
'620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945'
],
[
'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787',
'7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573'
],
[
'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e',
'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82'
]
]
},
naf: {
wnd: 7,
points: [
[
'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9',
'388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672'
],
[
'2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4',
'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6'
],
[
'5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc',
'6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da'
],
[
'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe',
'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37'
],
[
'774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb',
'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b'
],
[
'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8',
'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81'
],
[
'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e',
'581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58'
],
[
'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34',
'4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77'
],
[
'2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c',
'85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a'
],
[
'352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5',
'321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c'
],
[
'2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f',
'2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67'
],
[
'9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714',
'73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402'
],
[
'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729',
'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55'
],
[
'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db',
'2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482'
],
[
'6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4',
'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82'
],
[
'1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5',
'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396'
],
[
'605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479',
'2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49'
],
[
'62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d',
'80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf'
],
[
'80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f',
'1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a'
],
[
'7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb',
'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7'
],
[
'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9',
'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933'
],
[
'49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963',
'758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a'
],
[
'77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74',
'958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6'
],
[
'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530',
'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37'
],
[
'463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b',
'5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e'
],
[
'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247',
'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6'
],
[
'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1',
'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476'
],
[
'2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120',
'4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40'
],
[
'7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435',
'91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61'
],
[
'754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18',
'673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683'
],
[
'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8',
'59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5'
],
[
'186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb',
'3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b'
],
[
'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f',
'55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417'
],
[
'5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143',
'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868'
],
[
'290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba',
'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a'
],
[
'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45',
'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6'
],
[
'766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a',
'744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996'
],
[
'59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e',
'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e'
],
[
'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8',
'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d'
],
[
'7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c',
'30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2'
],
[
'948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519',
'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e'
],
[
'7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab',
'100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437'
],
[
'3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca',
'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311'
],
[
'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf',
'8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4'
],
[
'1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610',
'68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575'
],
[
'733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4',
'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d'
],
[
'15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c',
'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d'
],
[
'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940',
'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629'
],
[
'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980',
'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06'
],
[
'311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3',
'66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374'
],
[
'34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf',
'9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee'
],
[
'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63',
'4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1'
],
[
'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448',
'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b'
],
[
'32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf',
'5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661'
],
[
'7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5',
'8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6'
],
[
'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6',
'8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e'
],
[
'16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5',
'5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d'
],
[
'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99',
'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc'
],
[
'78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51',
'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4'
],
[
'494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5',
'42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c'
],
[
'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5',
'204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b'
],
[
'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997',
'4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913'
],
[
'841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881',
'73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154'
],
[
'5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5',
'39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865'
],
[
'36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66',
'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc'
],
[
'336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726',
'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224'
],
[
'8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede',
'6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e'
],
[
'1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94',
'60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6'
],
[
'85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31',
'3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511'
],
[
'29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51',
'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b'
],
[
'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252',
'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2'
],
[
'4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5',
'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c'
],
[
'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b',
'6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3'
],
[
'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4',
'322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d'
],
[
'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f',
'6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700'
],
[
'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889',
'2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4'
],
[
'591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246',
'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196'
],
[
'11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984',
'998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4'
],
[
'3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a',
'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257'
],
[
'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030',
'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13'
],
[
'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197',
'6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096'
],
[
'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593',
'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38'
],
[
'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef',
'21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f'
],
[
'347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38',
'60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448'
],
[
'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a',
'49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a'
],
[
'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111',
'5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4'
],
[
'4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502',
'7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437'
],
[
'3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea',
'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7'
],
[
'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26',
'8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d'
],
[
'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986',
'39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a'
],
[
'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e',
'62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54'
],
[
'48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4',
'25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77'
],
[
'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda',
'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517'
],
[
'6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859',
'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10'
],
[
'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f',
'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125'
],
[
'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c',
'6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e'
],
[
'13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942',
'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1'
],
[
'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a',
'1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2'
],
[
'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80',
'5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423'
],
[
'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d',
'438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8'
],
[
'8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1',
'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758'
],
[
'52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63',
'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375'
],
[
'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352',
'6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d'
],
[
'7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193',
'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec'
],
[
'5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00',
'9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0'
],
[
'32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58',
'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c'
],
[
'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7',
'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4'
],
[
'8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8',
'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f'
],
[
'4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e',
'67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649'
],
[
'3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d',
'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826'
],
[
'674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b',
'299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5'
],
[
'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f',
'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87'
],
[
'30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6',
'462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b'
],
[
'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297',
'62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc'
],
[
'93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a',
'7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c'
],
[
'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c',
'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f'
],
[
'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52',
'4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a'
],
[
'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb',
'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46'
],
[
'463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065',
'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f'
],
[
'7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917',
'603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03'
],
[
'74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9',
'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08'
],
[
'30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3',
'553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8'
],
[
'9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57',
'712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373'
],
[
'176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66',
'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3'
],
[
'75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8',
'9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8'
],
[
'809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721',
'9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1'
],
[
'1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180',
'4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9'
]
]
}
};
/***/ },
/* 120 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var BN = __webpack_require__(76);
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var assert = utils.assert;
var KeyPair = __webpack_require__(121);
var Signature = __webpack_require__(122);
function EC(options) {
if (!(this instanceof EC))
return new EC(options);
// Shortcut `elliptic.ec(curve-name)`
if (typeof options === 'string') {
assert(elliptic.curves.hasOwnProperty(options), 'Unknown curve ' + options);
options = elliptic.curves[options];
}
// Shortcut for `elliptic.ec(elliptic.curves.curveName)`
if (options instanceof elliptic.curves.PresetCurve)
options = { curve: options };
this.curve = options.curve.curve;
this.n = this.curve.n;
this.nh = this.n.ushrn(1);
this.g = this.curve.g;
// Point on curve
this.g = options.curve.g;
this.g.precompute(options.curve.n.bitLength() + 1);
// Hash for function for DRBG
this.hash = options.hash || options.curve.hash;
}
module.exports = EC;
EC.prototype.keyPair = function keyPair(options) {
return new KeyPair(this, options);
};
EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) {
return KeyPair.fromPrivate(this, priv, enc);
};
EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) {
return KeyPair.fromPublic(this, pub, enc);
};
EC.prototype.genKeyPair = function genKeyPair(options) {
if (!options)
options = {};
// Instantiate Hmac_DRBG
var drbg = new elliptic.hmacDRBG({
hash: this.hash,
pers: options.pers,
entropy: options.entropy || elliptic.rand(this.hash.hmacStrength),
nonce: this.n.toArray()
});
var bytes = this.n.byteLength();
var ns2 = this.n.sub(new BN(2));
do {
var priv = new BN(drbg.generate(bytes));
if (priv.cmp(ns2) > 0)
continue;
priv.iaddn(1);
return this.keyFromPrivate(priv);
} while (true);
};
EC.prototype._truncateToN = function truncateToN(msg, truncOnly) {
var delta = msg.byteLength() * 8 - this.n.bitLength();
if (delta > 0)
msg = msg.ushrn(delta);
if (!truncOnly && msg.cmp(this.n) >= 0)
return msg.sub(this.n);
else
return msg;
};
EC.prototype.sign = function sign(msg, key, enc, options) {
if (typeof enc === 'object') {
options = enc;
enc = null;
}
if (!options)
options = {};
key = this.keyFromPrivate(key, enc);
msg = this._truncateToN(new BN(msg, 16));
// Zero-extend key to provide enough entropy
var bytes = this.n.byteLength();
var bkey = key.getPrivate().toArray('be', bytes);
// Zero-extend nonce to have the same byte size as N
var nonce = msg.toArray('be', bytes);
// Instantiate Hmac_DRBG
var drbg = new elliptic.hmacDRBG({
hash: this.hash,
entropy: bkey,
nonce: nonce,
pers: options.pers,
persEnc: options.persEnc
});
// Number of bytes to generate
var ns1 = this.n.sub(new BN(1));
for (var iter = 0; true; iter++) {
var k = options.k ?
options.k(iter) :
new BN(drbg.generate(this.n.byteLength()));
k = this._truncateToN(k, true);
if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0)
continue;
var kp = this.g.mul(k);
if (kp.isInfinity())
continue;
var kpX = kp.getX();
var r = kpX.umod(this.n);
if (r.cmpn(0) === 0)
continue;
var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg));
s = s.umod(this.n);
if (s.cmpn(0) === 0)
continue;
var recoveryParam = (kp.getY().isOdd() ? 1 : 0) |
(kpX.cmp(r) !== 0 ? 2 : 0);
// Use complement of `s`, if it is > `n / 2`
if (options.canonical && s.cmp(this.nh) > 0) {
s = this.n.sub(s);
recoveryParam ^= 1;
}
return new Signature({ r: r, s: s, recoveryParam: recoveryParam });
}
};
EC.prototype.verify = function verify(msg, signature, key, enc) {
msg = this._truncateToN(new BN(msg, 16));
key = this.keyFromPublic(key, enc);
signature = new Signature(signature, 'hex');
// Perform primitive values validation
var r = signature.r;
var s = signature.s;
if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0)
return false;
if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0)
return false;
// Validate signature
var sinv = s.invm(this.n);
var u1 = sinv.mul(msg).umod(this.n);
var u2 = sinv.mul(r).umod(this.n);
var p = this.g.mulAdd(u1, key.getPublic(), u2);
if (p.isInfinity())
return false;
return p.getX().umod(this.n).cmp(r) === 0;
};
EC.prototype.recoverPubKey = function(msg, signature, j, enc) {
assert((3 & j) === j, 'The recovery param is more than two bits');
signature = new Signature(signature, enc);
var n = this.n;
var e = new BN(msg);
var r = signature.r;
var s = signature.s;
// A set LSB signifies that the y-coordinate is odd
var isYOdd = j & 1;
var isSecondKey = j >> 1;
if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey)
throw new Error('Unable to find sencond key candinate');
// 1.1. Let x = r + jn.
if (isSecondKey)
r = this.curve.pointFromX(r.add(this.curve.n), isYOdd);
else
r = this.curve.pointFromX(r, isYOdd);
var eNeg = n.sub(e);
// 1.6.1 Compute Q = r^-1 (sR - eG)
// Q = r^-1 (sR + -eG)
var rInv = signature.r.invm(n);
return this.g.mulAdd(eNeg, r, s).mul(rInv);
};
EC.prototype.getKeyRecoveryParam = function(e, signature, Q, enc) {
signature = new Signature(signature, enc);
if (signature.recoveryParam !== null)
return signature.recoveryParam;
for (var i = 0; i < 4; i++) {
var Qprime;
try {
Qprime = this.recoverPubKey(e, signature, i);
} catch (e) {
continue;
}
if (Qprime.eq(Q))
return i;
}
throw new Error('Unable to find valid recovery factor');
};
/***/ },
/* 121 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var BN = __webpack_require__(76);
function KeyPair(ec, options) {
this.ec = ec;
this.priv = null;
this.pub = null;
// KeyPair(ec, { priv: ..., pub: ... })
if (options.priv)
this._importPrivate(options.priv, options.privEnc);
if (options.pub)
this._importPublic(options.pub, options.pubEnc);
}
module.exports = KeyPair;
KeyPair.fromPublic = function fromPublic(ec, pub, enc) {
if (pub instanceof KeyPair)
return pub;
return new KeyPair(ec, {
pub: pub,
pubEnc: enc
});
};
KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) {
if (priv instanceof KeyPair)
return priv;
return new KeyPair(ec, {
priv: priv,
privEnc: enc
});
};
KeyPair.prototype.validate = function validate() {
var pub = this.getPublic();
if (pub.isInfinity())
return { result: false, reason: 'Invalid public key' };
if (!pub.validate())
return { result: false, reason: 'Public key is not a point' };
if (!pub.mul(this.ec.curve.n).isInfinity())
return { result: false, reason: 'Public key * N != O' };
return { result: true, reason: null };
};
KeyPair.prototype.getPublic = function getPublic(compact, enc) {
// compact is optional argument
if (typeof compact === 'string') {
enc = compact;
compact = null;
}
if (!this.pub)
this.pub = this.ec.g.mul(this.priv);
if (!enc)
return this.pub;
return this.pub.encode(enc, compact);
};
KeyPair.prototype.getPrivate = function getPrivate(enc) {
if (enc === 'hex')
return this.priv.toString(16, 2);
else
return this.priv;
};
KeyPair.prototype._importPrivate = function _importPrivate(key, enc) {
this.priv = new BN(key, enc || 16);
// Ensure that the priv won't be bigger than n, otherwise we may fail
// in fixed multiplication method
this.priv = this.priv.umod(this.ec.curve.n);
};
KeyPair.prototype._importPublic = function _importPublic(key, enc) {
if (key.x || key.y) {
this.pub = this.ec.curve.point(key.x, key.y);
return;
}
this.pub = this.ec.curve.decodePoint(key, enc);
};
// ECDH
KeyPair.prototype.derive = function derive(pub) {
return pub.mul(this.priv).getX();
};
// ECDSA
KeyPair.prototype.sign = function sign(msg, enc, options) {
return this.ec.sign(msg, this, enc, options);
};
KeyPair.prototype.verify = function verify(msg, signature) {
return this.ec.verify(msg, signature, this);
};
KeyPair.prototype.inspect = function inspect() {
return '<Key priv: ' + (this.priv && this.priv.toString(16, 2)) +
' pub: ' + (this.pub && this.pub.inspect()) + ' >';
};
/***/ },
/* 122 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var BN = __webpack_require__(76);
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var assert = utils.assert;
function Signature(options, enc) {
if (options instanceof Signature)
return options;
if (this._importDER(options, enc))
return;
assert(options.r && options.s, 'Signature without r or s');
this.r = new BN(options.r, 16);
this.s = new BN(options.s, 16);
if (options.recoveryParam === undefined)
this.recoveryParam = null;
else
this.recoveryParam = options.recoveryParam;
}
module.exports = Signature;
function Position() {
this.place = 0;
}
function getLength(buf, p) {
var initial = buf[p.place++];
if (!(initial & 0x80)) {
return initial;
}
var octetLen = initial & 0xf;
var val = 0;
for (var i = 0, off = p.place; i < octetLen; i++, off++) {
val <<= 8;
val |= buf[off];
}
p.place = off;
return val;
}
function rmPadding(buf) {
var i = 0;
var len = buf.length - 1;
while (!buf[i] && !(buf[i + 1] & 0x80) && i < len) {
i++;
}
if (i === 0) {
return buf;
}
return buf.slice(i);
}
Signature.prototype._importDER = function _importDER(data, enc) {
data = utils.toArray(data, enc);
var p = new Position();
if (data[p.place++] !== 0x30) {
return false;
}
var len = getLength(data, p);
if ((len + p.place) !== data.length) {
return false;
}
if (data[p.place++] !== 0x02) {
return false;
}
var rlen = getLength(data, p);
var r = data.slice(p.place, rlen + p.place);
p.place += rlen;
if (data[p.place++] !== 0x02) {
return false;
}
var slen = getLength(data, p);
if (data.length !== slen + p.place) {
return false;
}
var s = data.slice(p.place, slen + p.place);
if (r[0] === 0 && (r[1] & 0x80)) {
r = r.slice(1);
}
if (s[0] === 0 && (s[1] & 0x80)) {
s = s.slice(1);
}
this.r = new BN(r);
this.s = new BN(s);
this.recoveryParam = null;
return true;
};
function constructLength(arr, len) {
if (len < 0x80) {
arr.push(len);
return;
}
var octets = 1 + (Math.log(len) / Math.LN2 >>> 3);
arr.push(octets | 0x80);
while (--octets) {
arr.push((len >>> (octets << 3)) & 0xff);
}
arr.push(len);
}
Signature.prototype.toDER = function toDER(enc) {
var r = this.r.toArray();
var s = this.s.toArray();
// Pad values
if (r[0] & 0x80)
r = [ 0 ].concat(r);
// Pad values
if (s[0] & 0x80)
s = [ 0 ].concat(s);
r = rmPadding(r);
s = rmPadding(s);
while (!s[0] && !(s[1] & 0x80)) {
s = s.slice(1);
}
var arr = [ 0x02 ];
constructLength(arr, r.length);
arr = arr.concat(r);
arr.push(0x02);
constructLength(arr, s.length);
var backHalf = arr.concat(s);
var res = [ 0x30 ];
constructLength(res, backHalf.length);
res = res.concat(backHalf);
return utils.encode(res, enc);
};
/***/ },
/* 123 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var hash = __webpack_require__(107);
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var assert = utils.assert;
var parseBytes = utils.parseBytes;
var KeyPair = __webpack_require__(124);
var Signature = __webpack_require__(125);
function EDDSA(curve) {
assert(curve === 'ed25519', 'only tested with ed25519 so far');
if (!(this instanceof EDDSA))
return new EDDSA(curve);
var curve = elliptic.curves[curve].curve;
this.curve = curve;
this.g = curve.g;
this.g.precompute(curve.n.bitLength() + 1);
this.pointClass = curve.point().constructor;
this.encodingLength = Math.ceil(curve.n.bitLength() / 8);
this.hash = hash.sha512;
}
module.exports = EDDSA;
/**
* @param {Array|String} message - message bytes
* @param {Array|String|KeyPair} secret - secret bytes or a keypair
* @returns {Signature} - signature
*/
EDDSA.prototype.sign = function sign(message, secret) {
message = parseBytes(message);
var key = this.keyFromSecret(secret);
var r = this.hashInt(key.messagePrefix(), message);
var R = this.g.mul(r);
var Rencoded = this.encodePoint(R);
var s_ = this.hashInt(Rencoded, key.pubBytes(), message)
.mul(key.priv());
var S = r.add(s_).umod(this.curve.n);
return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });
};
/**
* @param {Array} message - message bytes
* @param {Array|String|Signature} sig - sig bytes
* @param {Array|String|Point|KeyPair} pub - public key
* @returns {Boolean} - true if public key matches sig of message
*/
EDDSA.prototype.verify = function verify(message, sig, pub) {
message = parseBytes(message);
sig = this.makeSignature(sig);
var key = this.keyFromPublic(pub);
var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);
var SG = this.g.mul(sig.S());
var RplusAh = sig.R().add(key.pub().mul(h));
return RplusAh.eq(SG);
};
EDDSA.prototype.hashInt = function hashInt() {
var hash = this.hash();
for (var i = 0; i < arguments.length; i++)
hash.update(arguments[i]);
return utils.intFromLE(hash.digest()).umod(this.curve.n);
};
EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {
return KeyPair.fromPublic(this, pub);
};
EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {
return KeyPair.fromSecret(this, secret);
};
EDDSA.prototype.makeSignature = function makeSignature(sig) {
if (sig instanceof Signature)
return sig;
return new Signature(this, sig);
};
/**
* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2
*
* EDDSA defines methods for encoding and decoding points and integers. These are
* helper convenience methods, that pass along to utility functions implied
* parameters.
*
*/
EDDSA.prototype.encodePoint = function encodePoint(point) {
var enc = point.getY().toArray('le', this.encodingLength);
enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;
return enc;
};
EDDSA.prototype.decodePoint = function decodePoint(bytes) {
bytes = utils.parseBytes(bytes);
var lastIx = bytes.length - 1;
var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);
var xIsOdd = (bytes[lastIx] & 0x80) !== 0;
var y = utils.intFromLE(normed);
return this.curve.pointFromY(y, xIsOdd);
};
EDDSA.prototype.encodeInt = function encodeInt(num) {
return num.toArray('le', this.encodingLength);
};
EDDSA.prototype.decodeInt = function decodeInt(bytes) {
return utils.intFromLE(bytes);
};
EDDSA.prototype.isPoint = function isPoint(val) {
return val instanceof this.pointClass;
};
/***/ },
/* 124 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var assert = utils.assert;
var parseBytes = utils.parseBytes;
var cachedProperty = utils.cachedProperty;
/**
* @param {EDDSA} eddsa - instance
* @param {Object} params - public/private key parameters
*
* @param {Array<Byte>} [params.secret] - secret seed bytes
* @param {Point} [params.pub] - public key point (aka `A` in eddsa terms)
* @param {Array<Byte>} [params.pub] - public key point encoded as bytes
*
*/
function KeyPair(eddsa, params) {
this.eddsa = eddsa;
this._secret = parseBytes(params.secret);
if (eddsa.isPoint(params.pub))
this._pub = params.pub;
else
this._pubBytes = parseBytes(params.pub);
}
KeyPair.fromPublic = function fromPublic(eddsa, pub) {
if (pub instanceof KeyPair)
return pub;
return new KeyPair(eddsa, { pub: pub });
};
KeyPair.fromSecret = function fromSecret(eddsa, secret) {
if (secret instanceof KeyPair)
return secret;
return new KeyPair(eddsa, { secret: secret });
};
KeyPair.prototype.secret = function secret() {
return this._secret;
};
cachedProperty(KeyPair, function pubBytes() {
return this.eddsa.encodePoint(this.pub());
});
cachedProperty(KeyPair, function pub() {
if (this._pubBytes)
return this.eddsa.decodePoint(this._pubBytes);
return this.eddsa.g.mul(this.priv());
});
cachedProperty(KeyPair, function privBytes() {
var eddsa = this.eddsa;
var hash = this.hash();
var lastIx = eddsa.encodingLength - 1;
var a = hash.slice(0, eddsa.encodingLength);
a[0] &= 248;
a[lastIx] &= 127;
a[lastIx] |= 64;
return a;
});
cachedProperty(KeyPair, function priv() {
return this.eddsa.decodeInt(this.privBytes());
});
cachedProperty(KeyPair, function hash() {
return this.eddsa.hash().update(this.secret()).digest();
});
cachedProperty(KeyPair, function messagePrefix() {
return this.hash().slice(this.eddsa.encodingLength);
});
KeyPair.prototype.sign = function sign(message) {
assert(this._secret, 'KeyPair can only verify');
return this.eddsa.sign(message, this);
};
KeyPair.prototype.verify = function verify(message, sig) {
return this.eddsa.verify(message, sig, this);
};
KeyPair.prototype.getSecret = function getSecret(enc) {
assert(this._secret, 'KeyPair is public only');
return utils.encode(this.secret(), enc);
};
KeyPair.prototype.getPublic = function getPublic(enc) {
return utils.encode(this.pubBytes(), enc);
};
module.exports = KeyPair;
/***/ },
/* 125 */
/***/ function(module, exports, __webpack_require__) {
'use strict';
var BN = __webpack_require__(76);
var elliptic = __webpack_require__(103);
var utils = elliptic.utils;
var assert = utils.assert;
var cachedProperty = utils.cachedProperty;
var parseBytes = utils.parseBytes;
/**
* @param {EDDSA} eddsa - eddsa instance
* @param {Array<Bytes>|Object} sig -
* @param {Array<Bytes>|Point} [sig.R] - R point as Point or bytes
* @param {Array<Bytes>|bn} [sig.S] - S scalar as bn or bytes
* @param {Array<Bytes>} [sig.Rencoded] - R point encoded
* @param {Array<Bytes>} [sig.Sencoded] - S scalar encoded
*/
function Signature(eddsa, sig) {
this.eddsa = eddsa;
if (typeof sig !== 'object')
sig = parseBytes(sig);
if (Array.isArray(sig)) {
sig = {
R: sig.slice(0, eddsa.encodingLength),
S: sig.slice(eddsa.encodingLength)
};
}
assert(sig.R && sig.S, 'Signature without R or S');
if (eddsa.isPoint(sig.R))
this._R = sig.R;
if (sig.S instanceof BN)
this._S = sig.S;
this._Rencoded = Array.isArray(sig.R) ? sig.R : sig.Rencoded;
this._Sencoded = Array.isArray(sig.S) ? sig.S : sig.Sencoded;
}
cachedProperty(Signature, function S() {
return this.eddsa.decodeInt(this.Sencoded());
});
cachedProperty(Signature, function R() {
return this.eddsa.decodePoint(this.Rencoded());
});
cachedProperty(Signature, function Rencoded() {
return this.eddsa.encodePoint(this.R());
});
cachedProperty(Signature, function Sencoded() {
return this.eddsa.encodeInt(this.S());
});
Signature.prototype.toBytes = function toBytes() {
return this.Rencoded().concat(this.Sencoded());
};
Signature.prototype.toHex = function toHex() {
return utils.encode(this.toBytes(), 'hex').toUpperCase();
};
module.exports = Signature;
/***/ },
/* 126 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var asn1 = __webpack_require__(127)
var aesid = __webpack_require__(144)
var fixProc = __webpack_require__(145)
var ciphers = __webpack_require__(49)
var compat = __webpack_require__(46)
module.exports = parseKeys
function parseKeys (buffer) {
var password
if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
password = buffer.passphrase
buffer = buffer.key
}
if (typeof buffer === 'string') {
buffer = new Buffer(buffer)
}
var stripped = fixProc(buffer, password)
var type = stripped.tag
var data = stripped.data
var subtype, ndata
switch (type) {
case 'PUBLIC KEY':
ndata = asn1.PublicKey.decode(data, 'der')
subtype = ndata.algorithm.algorithm.join('.')
switch (subtype) {
case '1.2.840.113549.1.1.1':
return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der')
case '1.2.840.10045.2.1':
ndata.subjectPrivateKey = ndata.subjectPublicKey
return {
type: 'ec',
data: ndata
}
case '1.2.840.10040.4.1':
ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data, 'der')
return {
type: 'dsa',
data: ndata.algorithm.params
}
default: throw new Error('unknown key id ' + subtype)
}
throw new Error('unknown key type ' + type)
case 'ENCRYPTED PRIVATE KEY':
data = asn1.EncryptedPrivateKey.decode(data, 'der')
data = decrypt(data, password)
// falls through
case 'PRIVATE KEY':
ndata = asn1.PrivateKey.decode(data, 'der')
subtype = ndata.algorithm.algorithm.join('.')
switch (subtype) {
case '1.2.840.113549.1.1.1':
return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der')
case '1.2.840.10045.2.1':
return {
curve: ndata.algorithm.curve,
privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey
}
case '1.2.840.10040.4.1':
ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey, 'der')
return {
type: 'dsa',
params: ndata.algorithm.params
}
default: throw new Error('unknown key id ' + subtype)
}
throw new Error('unknown key type ' + type)
case 'RSA PUBLIC KEY':
return asn1.RSAPublicKey.decode(data, 'der')
case 'RSA PRIVATE KEY':
return asn1.RSAPrivateKey.decode(data, 'der')
case 'DSA PRIVATE KEY':
return {
type: 'dsa',
params: asn1.DSAPrivateKey.decode(data, 'der')
}
case 'EC PRIVATE KEY':
data = asn1.ECPrivateKey.decode(data, 'der')
return {
curve: data.parameters.value,
privateKey: data.privateKey
}
default: throw new Error('unknown key type ' + type)
}
}
parseKeys.signature = asn1.signature
function decrypt (data, password) {
var salt = data.algorithm.decrypt.kde.kdeparams.salt
var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(), 10)
var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')]
var iv = data.algorithm.decrypt.cipher.iv
var cipherText = data.subjectPrivateKey
var keylen = parseInt(algo.split('-')[1], 10) / 8
var key = compat.pbkdf2Sync(password, salt, iters, keylen)
var cipher = ciphers.createDecipheriv(algo, key, iv)
var out = []
out.push(cipher.update(cipherText))
out.push(cipher.final())
return Buffer.concat(out)
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 127 */
/***/ function(module, exports, __webpack_require__) {
// from https://github.com/indutny/self-signed/blob/gh-pages/lib/asn1.js
// Fedor, you are amazing.
var asn1 = __webpack_require__(128)
var RSAPrivateKey = asn1.define('RSAPrivateKey', function () {
this.seq().obj(
this.key('version').int(),
this.key('modulus').int(),
this.key('publicExponent').int(),
this.key('privateExponent').int(),
this.key('prime1').int(),
this.key('prime2').int(),
this.key('exponent1').int(),
this.key('exponent2').int(),
this.key('coefficient').int()
)
})
exports.RSAPrivateKey = RSAPrivateKey
var RSAPublicKey = asn1.define('RSAPublicKey', function () {
this.seq().obj(
this.key('modulus').int(),
this.key('publicExponent').int()
)
})
exports.RSAPublicKey = RSAPublicKey
var PublicKey = asn1.define('SubjectPublicKeyInfo', function () {
this.seq().obj(
this.key('algorithm').use(AlgorithmIdentifier),
this.key('subjectPublicKey').bitstr()
)
})
exports.PublicKey = PublicKey
var AlgorithmIdentifier = asn1.define('AlgorithmIdentifier', function () {
this.seq().obj(
this.key('algorithm').objid(),
this.key('none').null_().optional(),
this.key('curve').objid().optional(),
this.key('params').seq().obj(
this.key('p').int(),
this.key('q').int(),
this.key('g').int()
).optional()
)
})
var PrivateKeyInfo = asn1.define('PrivateKeyInfo', function () {
this.seq().obj(
this.key('version').int(),
this.key('algorithm').use(AlgorithmIdentifier),
this.key('subjectPrivateKey').octstr()
)
})
exports.PrivateKey = PrivateKeyInfo
var EncryptedPrivateKeyInfo = asn1.define('EncryptedPrivateKeyInfo', function () {
this.seq().obj(
this.key('algorithm').seq().obj(
this.key('id').objid(),
this.key('decrypt').seq().obj(
this.key('kde').seq().obj(
this.key('id').objid(),
this.key('kdeparams').seq().obj(
this.key('salt').octstr(),
this.key('iters').int()
)
),
this.key('cipher').seq().obj(
this.key('algo').objid(),
this.key('iv').octstr()
)
)
),
this.key('subjectPrivateKey').octstr()
)
})
exports.EncryptedPrivateKey = EncryptedPrivateKeyInfo
var DSAPrivateKey = asn1.define('DSAPrivateKey', function () {
this.seq().obj(
this.key('version').int(),
this.key('p').int(),
this.key('q').int(),
this.key('g').int(),
this.key('pub_key').int(),
this.key('priv_key').int()
)
})
exports.DSAPrivateKey = DSAPrivateKey
exports.DSAparam = asn1.define('DSAparam', function () {
this.int()
})
var ECPrivateKey = asn1.define('ECPrivateKey', function () {
this.seq().obj(
this.key('version').int(),
this.key('privateKey').octstr(),
this.key('parameters').optional().explicit(0).use(ECParameters),
this.key('publicKey').optional().explicit(1).bitstr()
)
})
exports.ECPrivateKey = ECPrivateKey
var ECParameters = asn1.define('ECParameters', function () {
this.choice({
namedCurve: this.objid()
})
})
exports.signature = asn1.define('signature', function () {
this.seq().obj(
this.key('r').int(),
this.key('s').int()
)
})
/***/ },
/* 128 */
/***/ function(module, exports, __webpack_require__) {
var asn1 = exports;
asn1.bignum = __webpack_require__(76);
asn1.define = __webpack_require__(129).define;
asn1.base = __webpack_require__(132);
asn1.constants = __webpack_require__(136);
asn1.decoders = __webpack_require__(138);
asn1.encoders = __webpack_require__(141);
/***/ },
/* 129 */
/***/ function(module, exports, __webpack_require__) {
var asn1 = __webpack_require__(128);
var inherits = __webpack_require__(15);
var api = exports;
api.define = function define(name, body) {
return new Entity(name, body);
};
function Entity(name, body) {
this.name = name;
this.body = body;
this.decoders = {};
this.encoders = {};
};
Entity.prototype._createNamed = function createNamed(base) {
var named;
try {
named = __webpack_require__(130).runInThisContext(
'(function ' + this.name + '(entity) {\n' +
' this._initNamed(entity);\n' +
'})'
);
} catch (e) {
named = function (entity) {
this._initNamed(entity);
};
}
inherits(named, base);
named.prototype._initNamed = function initnamed(entity) {
base.call(this, entity);
};
return new named(this);
};
Entity.prototype._getDecoder = function _getDecoder(enc) {
// Lazily create decoder
if (!this.decoders.hasOwnProperty(enc))
this.decoders[enc] = this._createNamed(asn1.decoders[enc]);
return this.decoders[enc];
};
Entity.prototype.decode = function decode(data, enc, options) {
return this._getDecoder(enc).decode(data, options);
};
Entity.prototype._getEncoder = function _getEncoder(enc) {
// Lazily create encoder
if (!this.encoders.hasOwnProperty(enc))
this.encoders[enc] = this._createNamed(asn1.encoders[enc]);
return this.encoders[enc];
};
Entity.prototype.encode = function encode(data, enc, /* internal */ reporter) {
return this._getEncoder(enc).encode(data, reporter);
};
/***/ },
/* 130 */
/***/ function(module, exports, __webpack_require__) {
var indexOf = __webpack_require__(131);
var Object_keys = function (obj) {
if (Object.keys) return Object.keys(obj)
else {
var res = [];
for (var key in obj) res.push(key)
return res;
}
};
var forEach = function (xs, fn) {
if (xs.forEach) return xs.forEach(fn)
else for (var i = 0; i < xs.length; i++) {
fn(xs[i], i, xs);
}
};
var defineProp = (function() {
try {
Object.defineProperty({}, '_', {});
return function(obj, name, value) {
Object.defineProperty(obj, name, {
writable: true,
enumerable: false,
configurable: true,
value: value
})
};
} catch(e) {
return function(obj, name, value) {
obj[name] = value;
};
}
}());
var globals = ['Array', 'Boolean', 'Date', 'Error', 'EvalError', 'Function',
'Infinity', 'JSON', 'Math', 'NaN', 'Number', 'Object', 'RangeError',
'ReferenceError', 'RegExp', 'String', 'SyntaxError', 'TypeError', 'URIError',
'decodeURI', 'decodeURIComponent', 'encodeURI', 'encodeURIComponent', 'escape',
'eval', 'isFinite', 'isNaN', 'parseFloat', 'parseInt', 'undefined', 'unescape'];
function Context() {}
Context.prototype = {};
var Script = exports.Script = function NodeScript (code) {
if (!(this instanceof Script)) return new Script(code);
this.code = code;
};
Script.prototype.runInContext = function (context) {
if (!(context instanceof Context)) {
throw new TypeError("needs a 'context' argument.");
}
var iframe = document.createElement('iframe');
if (!iframe.style) iframe.style = {};
iframe.style.display = 'none';
document.body.appendChild(iframe);
var win = iframe.contentWindow;
var wEval = win.eval, wExecScript = win.execScript;
if (!wEval && wExecScript) {
// win.eval() magically appears when this is called in IE:
wExecScript.call(win, 'null');
wEval = win.eval;
}
forEach(Object_keys(context), function (key) {
win[key] = context[key];
});
forEach(globals, function (key) {
if (context[key]) {
win[key] = context[key];
}
});
var winKeys = Object_keys(win);
var res = wEval.call(win, this.code);
forEach(Object_keys(win), function (key) {
// Avoid copying circular objects like `top` and `window` by only
// updating existing context properties or new properties in the `win`
// that was only introduced after the eval.
if (key in context || indexOf(winKeys, key) === -1) {
context[key] = win[key];
}
});
forEach(globals, function (key) {
if (!(key in context)) {
defineProp(context, key, win[key]);
}
});
document.body.removeChild(iframe);
return res;
};
Script.prototype.runInThisContext = function () {
return eval(this.code); // maybe...
};
Script.prototype.runInNewContext = function (context) {
var ctx = Script.createContext(context);
var res = this.runInContext(ctx);
forEach(Object_keys(ctx), function (key) {
context[key] = ctx[key];
});
return res;
};
forEach(Object_keys(Script.prototype), function (name) {
exports[name] = Script[name] = function (code) {
var s = Script(code);
return s[name].apply(s, [].slice.call(arguments, 1));
};
});
exports.createScript = function (code) {
return exports.Script(code);
};
exports.createContext = Script.createContext = function (context) {
var copy = new Context();
if(typeof context === 'object') {
forEach(Object_keys(context), function (key) {
copy[key] = context[key];
});
}
return copy;
};
/***/ },
/* 131 */
/***/ function(module, exports) {
var indexOf = [].indexOf;
module.exports = function(arr, obj){
if (indexOf) return arr.indexOf(obj);
for (var i = 0; i < arr.length; ++i) {
if (arr[i] === obj) return i;
}
return -1;
};
/***/ },
/* 132 */
/***/ function(module, exports, __webpack_require__) {
var base = exports;
base.Reporter = __webpack_require__(133).Reporter;
base.DecoderBuffer = __webpack_require__(134).DecoderBuffer;
base.EncoderBuffer = __webpack_require__(134).EncoderBuffer;
base.Node = __webpack_require__(135);
/***/ },
/* 133 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(15);
function Reporter(options) {
this._reporterState = {
obj: null,
path: [],
options: options || {},
errors: []
};
}
exports.Reporter = Reporter;
Reporter.prototype.isError = function isError(obj) {
return obj instanceof ReporterError;
};
Reporter.prototype.save = function save() {
var state = this._reporterState;
return { obj: state.obj, pathLen: state.path.length };
};
Reporter.prototype.restore = function restore(data) {
var state = this._reporterState;
state.obj = data.obj;
state.path = state.path.slice(0, data.pathLen);
};
Reporter.prototype.enterKey = function enterKey(key) {
return this._reporterState.path.push(key);
};
Reporter.prototype.leaveKey = function leaveKey(index, key, value) {
var state = this._reporterState;
state.path = state.path.slice(0, index - 1);
if (state.obj !== null)
state.obj[key] = value;
};
Reporter.prototype.enterObject = function enterObject() {
var state = this._reporterState;
var prev = state.obj;
state.obj = {};
return prev;
};
Reporter.prototype.leaveObject = function leaveObject(prev) {
var state = this._reporterState;
var now = state.obj;
state.obj = prev;
return now;
};
Reporter.prototype.error = function error(msg) {
var err;
var state = this._reporterState;
var inherited = msg instanceof ReporterError;
if (inherited) {
err = msg;
} else {
err = new ReporterError(state.path.map(function(elem) {
return '[' + JSON.stringify(elem) + ']';
}).join(''), msg.message || msg, msg.stack);
}
if (!state.options.partial)
throw err;
if (!inherited)
state.errors.push(err);
return err;
};
Reporter.prototype.wrapResult = function wrapResult(result) {
var state = this._reporterState;
if (!state.options.partial)
return result;
return {
result: this.isError(result) ? null : result,
errors: state.errors
};
};
function ReporterError(path, msg) {
this.path = path;
this.rethrow(msg);
};
inherits(ReporterError, Error);
ReporterError.prototype.rethrow = function rethrow(msg) {
this.message = msg + ' at: ' + (this.path || '(shallow)');
Error.captureStackTrace(this, ReporterError);
return this;
};
/***/ },
/* 134 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(15);
var Reporter = __webpack_require__(132).Reporter;
var Buffer = __webpack_require__(1).Buffer;
function DecoderBuffer(base, options) {
Reporter.call(this, options);
if (!Buffer.isBuffer(base)) {
this.error('Input not Buffer');
return;
}
this.base = base;
this.offset = 0;
this.length = base.length;
}
inherits(DecoderBuffer, Reporter);
exports.DecoderBuffer = DecoderBuffer;
DecoderBuffer.prototype.save = function save() {
return { offset: this.offset, reporter: Reporter.prototype.save.call(this) };
};
DecoderBuffer.prototype.restore = function restore(save) {
// Return skipped data
var res = new DecoderBuffer(this.base);
res.offset = save.offset;
res.length = this.offset;
this.offset = save.offset;
Reporter.prototype.restore.call(this, save.reporter);
return res;
};
DecoderBuffer.prototype.isEmpty = function isEmpty() {
return this.offset === this.length;
};
DecoderBuffer.prototype.readUInt8 = function readUInt8(fail) {
if (this.offset + 1 <= this.length)
return this.base.readUInt8(this.offset++, true);
else
return this.error(fail || 'DecoderBuffer overrun');
}
DecoderBuffer.prototype.skip = function skip(bytes, fail) {
if (!(this.offset + bytes <= this.length))
return this.error(fail || 'DecoderBuffer overrun');
var res = new DecoderBuffer(this.base);
// Share reporter state
res._reporterState = this._reporterState;
res.offset = this.offset;
res.length = this.offset + bytes;
this.offset += bytes;
return res;
}
DecoderBuffer.prototype.raw = function raw(save) {
return this.base.slice(save ? save.offset : this.offset, this.length);
}
function EncoderBuffer(value, reporter) {
if (Array.isArray(value)) {
this.length = 0;
this.value = value.map(function(item) {
if (!(item instanceof EncoderBuffer))
item = new EncoderBuffer(item, reporter);
this.length += item.length;
return item;
}, this);
} else if (typeof value === 'number') {
if (!(0 <= value && value <= 0xff))
return reporter.error('non-byte EncoderBuffer value');
this.value = value;
this.length = 1;
} else if (typeof value === 'string') {
this.value = value;
this.length = Buffer.byteLength(value);
} else if (Buffer.isBuffer(value)) {
this.value = value;
this.length = value.length;
} else {
return reporter.error('Unsupported type: ' + typeof value);
}
}
exports.EncoderBuffer = EncoderBuffer;
EncoderBuffer.prototype.join = function join(out, offset) {
if (!out)
out = new Buffer(this.length);
if (!offset)
offset = 0;
if (this.length === 0)
return out;
if (Array.isArray(this.value)) {
this.value.forEach(function(item) {
item.join(out, offset);
offset += item.length;
});
} else {
if (typeof this.value === 'number')
out[offset] = this.value;
else if (typeof this.value === 'string')
out.write(this.value, offset);
else if (Buffer.isBuffer(this.value))
this.value.copy(out, offset);
offset += this.length;
}
return out;
};
/***/ },
/* 135 */
/***/ function(module, exports, __webpack_require__) {
var Reporter = __webpack_require__(132).Reporter;
var EncoderBuffer = __webpack_require__(132).EncoderBuffer;
var DecoderBuffer = __webpack_require__(132).DecoderBuffer;
var assert = __webpack_require__(69);
// Supported tags
var tags = [
'seq', 'seqof', 'set', 'setof', 'objid', 'bool',
'gentime', 'utctime', 'null_', 'enum', 'int',
'bitstr', 'bmpstr', 'charstr', 'genstr', 'graphstr', 'ia5str', 'iso646str',
'numstr', 'octstr', 'printstr', 't61str', 'unistr', 'utf8str', 'videostr'
];
// Public methods list
var methods = [
'key', 'obj', 'use', 'optional', 'explicit', 'implicit', 'def', 'choice',
'any', 'contains'
].concat(tags);
// Overrided methods list
var overrided = [
'_peekTag', '_decodeTag', '_use',
'_decodeStr', '_decodeObjid', '_decodeTime',
'_decodeNull', '_decodeInt', '_decodeBool', '_decodeList',
'_encodeComposite', '_encodeStr', '_encodeObjid', '_encodeTime',
'_encodeNull', '_encodeInt', '_encodeBool'
];
function Node(enc, parent) {
var state = {};
this._baseState = state;
state.enc = enc;
state.parent = parent || null;
state.children = null;
// State
state.tag = null;
state.args = null;
state.reverseArgs = null;
state.choice = null;
state.optional = false;
state.any = false;
state.obj = false;
state.use = null;
state.useDecoder = null;
state.key = null;
state['default'] = null;
state.explicit = null;
state.implicit = null;
state.contains = null;
// Should create new instance on each method
if (!state.parent) {
state.children = [];
this._wrap();
}
}
module.exports = Node;
var stateProps = [
'enc', 'parent', 'children', 'tag', 'args', 'reverseArgs', 'choice',
'optional', 'any', 'obj', 'use', 'alteredUse', 'key', 'default', 'explicit',
'implicit'
];
Node.prototype.clone = function clone() {
var state = this._baseState;
var cstate = {};
stateProps.forEach(function(prop) {
cstate[prop] = state[prop];
});
var res = new this.constructor(cstate.parent);
res._baseState = cstate;
return res;
};
Node.prototype._wrap = function wrap() {
var state = this._baseState;
methods.forEach(function(method) {
this[method] = function _wrappedMethod() {
var clone = new this.constructor(this);
state.children.push(clone);
return clone[method].apply(clone, arguments);
};
}, this);
};
Node.prototype._init = function init(body) {
var state = this._baseState;
assert(state.parent === null);
body.call(this);
// Filter children
state.children = state.children.filter(function(child) {
return child._baseState.parent === this;
}, this);
assert.equal(state.children.length, 1, 'Root node can have only one child');
};
Node.prototype._useArgs = function useArgs(args) {
var state = this._baseState;
// Filter children and args
var children = args.filter(function(arg) {
return arg instanceof this.constructor;
}, this);
args = args.filter(function(arg) {
return !(arg instanceof this.constructor);
}, this);
if (children.length !== 0) {
assert(state.children === null);
state.children = children;
// Replace parent to maintain backward link
children.forEach(function(child) {
child._baseState.parent = this;
}, this);
}
if (args.length !== 0) {
assert(state.args === null);
state.args = args;
state.reverseArgs = args.map(function(arg) {
if (typeof arg !== 'object' || arg.constructor !== Object)
return arg;
var res = {};
Object.keys(arg).forEach(function(key) {
if (key == (key | 0))
key |= 0;
var value = arg[key];
res[value] = key;
});
return res;
});
}
};
//
// Overrided methods
//
overrided.forEach(function(method) {
Node.prototype[method] = function _overrided() {
var state = this._baseState;
throw new Error(method + ' not implemented for encoding: ' + state.enc);
};
});
//
// Public methods
//
tags.forEach(function(tag) {
Node.prototype[tag] = function _tagMethod() {
var state = this._baseState;
var args = Array.prototype.slice.call(arguments);
assert(state.tag === null);
state.tag = tag;
this._useArgs(args);
return this;
};
});
Node.prototype.use = function use(item) {
var state = this._baseState;
assert(state.use === null);
state.use = item;
return this;
};
Node.prototype.optional = function optional() {
var state = this._baseState;
state.optional = true;
return this;
};
Node.prototype.def = function def(val) {
var state = this._baseState;
assert(state['default'] === null);
state['default'] = val;
state.optional = true;
return this;
};
Node.prototype.explicit = function explicit(num) {
var state = this._baseState;
assert(state.explicit === null && state.implicit === null);
state.explicit = num;
return this;
};
Node.prototype.implicit = function implicit(num) {
var state = this._baseState;
assert(state.explicit === null && state.implicit === null);
state.implicit = num;
return this;
};
Node.prototype.obj = function obj() {
var state = this._baseState;
var args = Array.prototype.slice.call(arguments);
state.obj = true;
if (args.length !== 0)
this._useArgs(args);
return this;
};
Node.prototype.key = function key(newKey) {
var state = this._baseState;
assert(state.key === null);
state.key = newKey;
return this;
};
Node.prototype.any = function any() {
var state = this._baseState;
state.any = true;
return this;
};
Node.prototype.choice = function choice(obj) {
var state = this._baseState;
assert(state.choice === null);
state.choice = obj;
this._useArgs(Object.keys(obj).map(function(key) {
return obj[key];
}));
return this;
};
Node.prototype.contains = function contains(item) {
var state = this._baseState;
assert(state.use === null);
state.contains = item;
return this;
};
//
// Decoding
//
Node.prototype._decode = function decode(input) {
var state = this._baseState;
// Decode root node
if (state.parent === null)
return input.wrapResult(state.children[0]._decode(input));
var result = state['default'];
var present = true;
var prevKey;
if (state.key !== null)
prevKey = input.enterKey(state.key);
// Check if tag is there
if (state.optional) {
var tag = null;
if (state.explicit !== null)
tag = state.explicit;
else if (state.implicit !== null)
tag = state.implicit;
else if (state.tag !== null)
tag = state.tag;
if (tag === null && !state.any) {
// Trial and Error
var save = input.save();
try {
if (state.choice === null)
this._decodeGeneric(state.tag, input);
else
this._decodeChoice(input);
present = true;
} catch (e) {
present = false;
}
input.restore(save);
} else {
present = this._peekTag(input, tag, state.any);
if (input.isError(present))
return present;
}
}
// Push object on stack
var prevObj;
if (state.obj && present)
prevObj = input.enterObject();
if (present) {
// Unwrap explicit values
if (state.explicit !== null) {
var explicit = this._decodeTag(input, state.explicit);
if (input.isError(explicit))
return explicit;
input = explicit;
}
// Unwrap implicit and normal values
if (state.use === null && state.choice === null) {
if (state.any)
var save = input.save();
var body = this._decodeTag(
input,
state.implicit !== null ? state.implicit : state.tag,
state.any
);
if (input.isError(body))
return body;
if (state.any)
result = input.raw(save);
else
input = body;
}
// Select proper method for tag
if (state.any)
result = result;
else if (state.choice === null)
result = this._decodeGeneric(state.tag, input);
else
result = this._decodeChoice(input);
if (input.isError(result))
return result;
// Decode children
if (!state.any && state.choice === null && state.children !== null) {
var fail = state.children.some(function decodeChildren(child) {
// NOTE: We are ignoring errors here, to let parser continue with other
// parts of encoded data
child._decode(input);
});
if (fail)
return err;
}
// Decode contained/encoded by schema, only in bit or octet strings
if (state.contains && (state.tag === 'octstr' || state.tag === 'bitstr')) {
var data = new DecoderBuffer(result);
result = this._getUse(state.contains, input._reporterState.obj)._decode(data);
}
}
// Pop object
if (state.obj && present)
result = input.leaveObject(prevObj);
// Set key
if (state.key !== null && (result !== null || present === true))
input.leaveKey(prevKey, state.key, result);
return result;
};
Node.prototype._decodeGeneric = function decodeGeneric(tag, input) {
var state = this._baseState;
if (tag === 'seq' || tag === 'set')
return null;
if (tag === 'seqof' || tag === 'setof')
return this._decodeList(input, tag, state.args[0]);
else if (/str$/.test(tag))
return this._decodeStr(input, tag);
else if (tag === 'objid' && state.args)
return this._decodeObjid(input, state.args[0], state.args[1]);
else if (tag === 'objid')
return this._decodeObjid(input, null, null);
else if (tag === 'gentime' || tag === 'utctime')
return this._decodeTime(input, tag);
else if (tag === 'null_')
return this._decodeNull(input);
else if (tag === 'bool')
return this._decodeBool(input);
else if (tag === 'int' || tag === 'enum')
return this._decodeInt(input, state.args && state.args[0]);
else if (state.use !== null)
return this._getUse(state.use, input._reporterState.obj)._decode(input);
else
return input.error('unknown tag: ' + tag);
return null;
};
Node.prototype._getUse = function _getUse(entity, obj) {
var state = this._baseState;
// Create altered use decoder if implicit is set
state.useDecoder = this._use(entity, obj);
assert(state.useDecoder._baseState.parent === null);
state.useDecoder = state.useDecoder._baseState.children[0];
if (state.implicit !== state.useDecoder._baseState.implicit) {
state.useDecoder = state.useDecoder.clone();
state.useDecoder._baseState.implicit = state.implicit;
}
return state.useDecoder;
};
Node.prototype._decodeChoice = function decodeChoice(input) {
var state = this._baseState;
var result = null;
var match = false;
Object.keys(state.choice).some(function(key) {
var save = input.save();
var node = state.choice[key];
try {
var value = node._decode(input);
if (input.isError(value))
return false;
result = { type: key, value: value };
match = true;
} catch (e) {
input.restore(save);
return false;
}
return true;
}, this);
if (!match)
return input.error('Choice not matched');
return result;
};
//
// Encoding
//
Node.prototype._createEncoderBuffer = function createEncoderBuffer(data) {
return new EncoderBuffer(data, this.reporter);
};
Node.prototype._encode = function encode(data, reporter, parent) {
var state = this._baseState;
if (state['default'] !== null && state['default'] === data)
return;
var result = this._encodeValue(data, reporter, parent);
if (result === undefined)
return;
if (this._skipDefault(result, reporter, parent))
return;
return result;
};
Node.prototype._encodeValue = function encode(data, reporter, parent) {
var state = this._baseState;
// Decode root node
if (state.parent === null)
return state.children[0]._encode(data, reporter || new Reporter());
var result = null;
var present = true;
// Set reporter to share it with a child class
this.reporter = reporter;
// Check if data is there
if (state.optional && data === undefined) {
if (state['default'] !== null)
data = state['default']
else
return;
}
// For error reporting
var prevKey;
// Encode children first
var content = null;
var primitive = false;
if (state.any) {
// Anything that was given is translated to buffer
result = this._createEncoderBuffer(data);
} else if (state.choice) {
result = this._encodeChoice(data, reporter);
} else if (state.contains) {
content = this._getUse(state.contains, parent)._encode(data, reporter);
primitive = true;
} else if (state.children) {
content = state.children.map(function(child) {
if (child._baseState.tag === 'null_')
return child._encode(null, reporter, data);
if (child._baseState.key === null)
return reporter.error('Child should have a key');
var prevKey = reporter.enterKey(child._baseState.key);
if (typeof data !== 'object')
return reporter.error('Child expected, but input is not object');
var res = child._encode(data[child._baseState.key], reporter, data);
reporter.leaveKey(prevKey);
return res;
}, this).filter(function(child) {
return child;
});
content = this._createEncoderBuffer(content);
} else {
if (state.tag === 'seqof' || state.tag === 'setof') {
// TODO(indutny): this should be thrown on DSL level
if (!(state.args && state.args.length === 1))
return reporter.error('Too many args for : ' + state.tag);
if (!Array.isArray(data))
return reporter.error('seqof/setof, but data is not Array');
var child = this.clone();
child._baseState.implicit = null;
content = this._createEncoderBuffer(data.map(function(item) {
var state = this._baseState;
return this._getUse(state.args[0], data)._encode(item, reporter);
}, child));
} else if (state.use !== null) {
result = this._getUse(state.use, parent)._encode(data, reporter);
} else {
content = this._encodePrimitive(state.tag, data);
primitive = true;
}
}
// Encode data itself
var result;
if (!state.any && state.choice === null) {
var tag = state.implicit !== null ? state.implicit : state.tag;
var cls = state.implicit === null ? 'universal' : 'context';
if (tag === null) {
if (state.use === null)
reporter.error('Tag could be ommited only for .use()');
} else {
if (state.use === null)
result = this._encodeComposite(tag, primitive, cls, content);
}
}
// Wrap in explicit
if (state.explicit !== null)
result = this._encodeComposite(state.explicit, false, 'context', result);
return result;
};
Node.prototype._encodeChoice = function encodeChoice(data, reporter) {
var state = this._baseState;
var node = state.choice[data.type];
if (!node) {
assert(
false,
data.type + ' not found in ' +
JSON.stringify(Object.keys(state.choice)));
}
return node._encode(data.value, reporter);
};
Node.prototype._encodePrimitive = function encodePrimitive(tag, data) {
var state = this._baseState;
if (/str$/.test(tag))
return this._encodeStr(data, tag);
else if (tag === 'objid' && state.args)
return this._encodeObjid(data, state.reverseArgs[0], state.args[1]);
else if (tag === 'objid')
return this._encodeObjid(data, null, null);
else if (tag === 'gentime' || tag === 'utctime')
return this._encodeTime(data, tag);
else if (tag === 'null_')
return this._encodeNull();
else if (tag === 'int' || tag === 'enum')
return this._encodeInt(data, state.args && state.reverseArgs[0]);
else if (tag === 'bool')
return this._encodeBool(data);
else
throw new Error('Unsupported tag: ' + tag);
};
Node.prototype._isNumstr = function isNumstr(str) {
return /^[0-9 ]*$/.test(str);
};
Node.prototype._isPrintstr = function isPrintstr(str) {
return /^[A-Za-z0-9 '\(\)\+,\-\.\/:=\?]*$/.test(str);
};
/***/ },
/* 136 */
/***/ function(module, exports, __webpack_require__) {
var constants = exports;
// Helper
constants._reverse = function reverse(map) {
var res = {};
Object.keys(map).forEach(function(key) {
// Convert key to integer if it is stringified
if ((key | 0) == key)
key = key | 0;
var value = map[key];
res[value] = key;
});
return res;
};
constants.der = __webpack_require__(137);
/***/ },
/* 137 */
/***/ function(module, exports, __webpack_require__) {
var constants = __webpack_require__(136);
exports.tagClass = {
0: 'universal',
1: 'application',
2: 'context',
3: 'private'
};
exports.tagClassByName = constants._reverse(exports.tagClass);
exports.tag = {
0x00: 'end',
0x01: 'bool',
0x02: 'int',
0x03: 'bitstr',
0x04: 'octstr',
0x05: 'null_',
0x06: 'objid',
0x07: 'objDesc',
0x08: 'external',
0x09: 'real',
0x0a: 'enum',
0x0b: 'embed',
0x0c: 'utf8str',
0x0d: 'relativeOid',
0x10: 'seq',
0x11: 'set',
0x12: 'numstr',
0x13: 'printstr',
0x14: 't61str',
0x15: 'videostr',
0x16: 'ia5str',
0x17: 'utctime',
0x18: 'gentime',
0x19: 'graphstr',
0x1a: 'iso646str',
0x1b: 'genstr',
0x1c: 'unistr',
0x1d: 'charstr',
0x1e: 'bmpstr'
};
exports.tagByName = constants._reverse(exports.tag);
/***/ },
/* 138 */
/***/ function(module, exports, __webpack_require__) {
var decoders = exports;
decoders.der = __webpack_require__(139);
decoders.pem = __webpack_require__(140);
/***/ },
/* 139 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(15);
var asn1 = __webpack_require__(128);
var base = asn1.base;
var bignum = asn1.bignum;
// Import DER constants
var der = asn1.constants.der;
function DERDecoder(entity) {
this.enc = 'der';
this.name = entity.name;
this.entity = entity;
// Construct base tree
this.tree = new DERNode();
this.tree._init(entity.body);
};
module.exports = DERDecoder;
DERDecoder.prototype.decode = function decode(data, options) {
if (!(data instanceof base.DecoderBuffer))
data = new base.DecoderBuffer(data, options);
return this.tree._decode(data, options);
};
// Tree methods
function DERNode(parent) {
base.Node.call(this, 'der', parent);
}
inherits(DERNode, base.Node);
DERNode.prototype._peekTag = function peekTag(buffer, tag, any) {
if (buffer.isEmpty())
return false;
var state = buffer.save();
var decodedTag = derDecodeTag(buffer, 'Failed to peek tag: "' + tag + '"');
if (buffer.isError(decodedTag))
return decodedTag;
buffer.restore(state);
return decodedTag.tag === tag || decodedTag.tagStr === tag ||
(decodedTag.tagStr + 'of') === tag || any;
};
DERNode.prototype._decodeTag = function decodeTag(buffer, tag, any) {
var decodedTag = derDecodeTag(buffer,
'Failed to decode tag of "' + tag + '"');
if (buffer.isError(decodedTag))
return decodedTag;
var len = derDecodeLen(buffer,
decodedTag.primitive,
'Failed to get length of "' + tag + '"');
// Failure
if (buffer.isError(len))
return len;
if (!any &&
decodedTag.tag !== tag &&
decodedTag.tagStr !== tag &&
decodedTag.tagStr + 'of' !== tag) {
return buffer.error('Failed to match tag: "' + tag + '"');
}
if (decodedTag.primitive || len !== null)
return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
// Indefinite length... find END tag
var state = buffer.save();
var res = this._skipUntilEnd(
buffer,
'Failed to skip indefinite length body: "' + this.tag + '"');
if (buffer.isError(res))
return res;
len = buffer.offset - state.offset;
buffer.restore(state);
return buffer.skip(len, 'Failed to match body of: "' + tag + '"');
};
DERNode.prototype._skipUntilEnd = function skipUntilEnd(buffer, fail) {
while (true) {
var tag = derDecodeTag(buffer, fail);
if (buffer.isError(tag))
return tag;
var len = derDecodeLen(buffer, tag.primitive, fail);
if (buffer.isError(len))
return len;
var res;
if (tag.primitive || len !== null)
res = buffer.skip(len)
else
res = this._skipUntilEnd(buffer, fail);
// Failure
if (buffer.isError(res))
return res;
if (tag.tagStr === 'end')
break;
}
};
DERNode.prototype._decodeList = function decodeList(buffer, tag, decoder) {
var result = [];
while (!buffer.isEmpty()) {
var possibleEnd = this._peekTag(buffer, 'end');
if (buffer.isError(possibleEnd))
return possibleEnd;
var res = decoder.decode(buffer, 'der');
if (buffer.isError(res) && possibleEnd)
break;
result.push(res);
}
return result;
};
DERNode.prototype._decodeStr = function decodeStr(buffer, tag) {
if (tag === 'bitstr') {
var unused = buffer.readUInt8();
if (buffer.isError(unused))
return unused;
return { unused: unused, data: buffer.raw() };
} else if (tag === 'bmpstr') {
var raw = buffer.raw();
if (raw.length % 2 === 1)
return buffer.error('Decoding of string type: bmpstr length mismatch');
var str = '';
for (var i = 0; i < raw.length / 2; i++) {
str += String.fromCharCode(raw.readUInt16BE(i * 2));
}
return str;
} else if (tag === 'numstr') {
var numstr = buffer.raw().toString('ascii');
if (!this._isNumstr(numstr)) {
return buffer.error('Decoding of string type: ' +
'numstr unsupported characters');
}
return numstr;
} else if (tag === 'octstr') {
return buffer.raw();
} else if (tag === 'printstr') {
var printstr = buffer.raw().toString('ascii');
if (!this._isPrintstr(printstr)) {
return buffer.error('Decoding of string type: ' +
'printstr unsupported characters');
}
return printstr;
} else if (/str$/.test(tag)) {
return buffer.raw().toString();
} else {
return buffer.error('Decoding of string type: ' + tag + ' unsupported');
}
};
DERNode.prototype._decodeObjid = function decodeObjid(buffer, values, relative) {
var result;
var identifiers = [];
var ident = 0;
while (!buffer.isEmpty()) {
var subident = buffer.readUInt8();
ident <<= 7;
ident |= subident & 0x7f;
if ((subident & 0x80) === 0) {
identifiers.push(ident);
ident = 0;
}
}
if (subident & 0x80)
identifiers.push(ident);
var first = (identifiers[0] / 40) | 0;
var second = identifiers[0] % 40;
if (relative)
result = identifiers;
else
result = [first, second].concat(identifiers.slice(1));
if (values) {
var tmp = values[result.join(' ')];
if (tmp === undefined)
tmp = values[result.join('.')];
if (tmp !== undefined)
result = tmp;
}
return result;
};
DERNode.prototype._decodeTime = function decodeTime(buffer, tag) {
var str = buffer.raw().toString();
if (tag === 'gentime') {
var year = str.slice(0, 4) | 0;
var mon = str.slice(4, 6) | 0;
var day = str.slice(6, 8) | 0;
var hour = str.slice(8, 10) | 0;
var min = str.slice(10, 12) | 0;
var sec = str.slice(12, 14) | 0;
} else if (tag === 'utctime') {
var year = str.slice(0, 2) | 0;
var mon = str.slice(2, 4) | 0;
var day = str.slice(4, 6) | 0;
var hour = str.slice(6, 8) | 0;
var min = str.slice(8, 10) | 0;
var sec = str.slice(10, 12) | 0;
if (year < 70)
year = 2000 + year;
else
year = 1900 + year;
} else {
return buffer.error('Decoding ' + tag + ' time is not supported yet');
}
return Date.UTC(year, mon - 1, day, hour, min, sec, 0);
};
DERNode.prototype._decodeNull = function decodeNull(buffer) {
return null;
};
DERNode.prototype._decodeBool = function decodeBool(buffer) {
var res = buffer.readUInt8();
if (buffer.isError(res))
return res;
else
return res !== 0;
};
DERNode.prototype._decodeInt = function decodeInt(buffer, values) {
// Bigint, return as it is (assume big endian)
var raw = buffer.raw();
var res = new bignum(raw);
if (values)
res = values[res.toString(10)] || res;
return res;
};
DERNode.prototype._use = function use(entity, obj) {
if (typeof entity === 'function')
entity = entity(obj);
return entity._getDecoder('der').tree;
};
// Utility methods
function derDecodeTag(buf, fail) {
var tag = buf.readUInt8(fail);
if (buf.isError(tag))
return tag;
var cls = der.tagClass[tag >> 6];
var primitive = (tag & 0x20) === 0;
// Multi-octet tag - load
if ((tag & 0x1f) === 0x1f) {
var oct = tag;
tag = 0;
while ((oct & 0x80) === 0x80) {
oct = buf.readUInt8(fail);
if (buf.isError(oct))
return oct;
tag <<= 7;
tag |= oct & 0x7f;
}
} else {
tag &= 0x1f;
}
var tagStr = der.tag[tag];
return {
cls: cls,
primitive: primitive,
tag: tag,
tagStr: tagStr
};
}
function derDecodeLen(buf, primitive, fail) {
var len = buf.readUInt8(fail);
if (buf.isError(len))
return len;
// Indefinite form
if (!primitive && len === 0x80)
return null;
// Definite form
if ((len & 0x80) === 0) {
// Short form
return len;
}
// Long form
var num = len & 0x7f;
if (num >= 4)
return buf.error('length octect is too long');
len = 0;
for (var i = 0; i < num; i++) {
len <<= 8;
var j = buf.readUInt8(fail);
if (buf.isError(j))
return j;
len |= j;
}
return len;
}
/***/ },
/* 140 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(15);
var Buffer = __webpack_require__(1).Buffer;
var asn1 = __webpack_require__(128);
var DERDecoder = __webpack_require__(139);
function PEMDecoder(entity) {
DERDecoder.call(this, entity);
this.enc = 'pem';
};
inherits(PEMDecoder, DERDecoder);
module.exports = PEMDecoder;
PEMDecoder.prototype.decode = function decode(data, options) {
var lines = data.toString().split(/[\r\n]+/g);
var label = options.label.toUpperCase();
var re = /^-----(BEGIN|END) ([^-]+)-----$/;
var start = -1;
var end = -1;
for (var i = 0; i < lines.length; i++) {
var match = lines[i].match(re);
if (match === null)
continue;
if (match[2] !== label)
continue;
if (start === -1) {
if (match[1] !== 'BEGIN')
break;
start = i;
} else {
if (match[1] !== 'END')
break;
end = i;
break;
}
}
if (start === -1 || end === -1)
throw new Error('PEM section not found for: ' + label);
var base64 = lines.slice(start + 1, end).join('');
// Remove excessive symbols
base64.replace(/[^a-z0-9\+\/=]+/gi, '');
var input = new Buffer(base64, 'base64');
return DERDecoder.prototype.decode.call(this, input, options);
};
/***/ },
/* 141 */
/***/ function(module, exports, __webpack_require__) {
var encoders = exports;
encoders.der = __webpack_require__(142);
encoders.pem = __webpack_require__(143);
/***/ },
/* 142 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(15);
var Buffer = __webpack_require__(1).Buffer;
var asn1 = __webpack_require__(128);
var base = asn1.base;
var bignum = asn1.bignum;
// Import DER constants
var der = asn1.constants.der;
function DEREncoder(entity) {
this.enc = 'der';
this.name = entity.name;
this.entity = entity;
// Construct base tree
this.tree = new DERNode();
this.tree._init(entity.body);
};
module.exports = DEREncoder;
DEREncoder.prototype.encode = function encode(data, reporter) {
return this.tree._encode(data, reporter).join();
};
// Tree methods
function DERNode(parent) {
base.Node.call(this, 'der', parent);
}
inherits(DERNode, base.Node);
DERNode.prototype._encodeComposite = function encodeComposite(tag,
primitive,
cls,
content) {
var encodedTag = encodeTag(tag, primitive, cls, this.reporter);
// Short form
if (content.length < 0x80) {
var header = new Buffer(2);
header[0] = encodedTag;
header[1] = content.length;
return this._createEncoderBuffer([ header, content ]);
}
// Long form
// Count octets required to store length
var lenOctets = 1;
for (var i = content.length; i >= 0x100; i >>= 8)
lenOctets++;
var header = new Buffer(1 + 1 + lenOctets);
header[0] = encodedTag;
header[1] = 0x80 | lenOctets;
for (var i = 1 + lenOctets, j = content.length; j > 0; i--, j >>= 8)
header[i] = j & 0xff;
return this._createEncoderBuffer([ header, content ]);
};
DERNode.prototype._encodeStr = function encodeStr(str, tag) {
if (tag === 'bitstr') {
return this._createEncoderBuffer([ str.unused | 0, str.data ]);
} else if (tag === 'bmpstr') {
var buf = new Buffer(str.length * 2);
for (var i = 0; i < str.length; i++) {
buf.writeUInt16BE(str.charCodeAt(i), i * 2);
}
return this._createEncoderBuffer(buf);
} else if (tag === 'numstr') {
if (!this._isNumstr(str)) {
return this.reporter.error('Encoding of string type: numstr supports ' +
'only digits and space');
}
return this._createEncoderBuffer(str);
} else if (tag === 'printstr') {
if (!this._isPrintstr(str)) {
return this.reporter.error('Encoding of string type: printstr supports ' +
'only latin upper and lower case letters, ' +
'digits, space, apostrophe, left and rigth ' +
'parenthesis, plus sign, comma, hyphen, ' +
'dot, slash, colon, equal sign, ' +
'question mark');
}
return this._createEncoderBuffer(str);
} else if (/str$/.test(tag)) {
return this._createEncoderBuffer(str);
} else {
return this.reporter.error('Encoding of string type: ' + tag +
' unsupported');
}
};
DERNode.prototype._encodeObjid = function encodeObjid(id, values, relative) {
if (typeof id === 'string') {
if (!values)
return this.reporter.error('string objid given, but no values map found');
if (!values.hasOwnProperty(id))
return this.reporter.error('objid not found in values map');
id = values[id].split(/[\s\.]+/g);
for (var i = 0; i < id.length; i++)
id[i] |= 0;
} else if (Array.isArray(id)) {
id = id.slice();
for (var i = 0; i < id.length; i++)
id[i] |= 0;
}
if (!Array.isArray(id)) {
return this.reporter.error('objid() should be either array or string, ' +
'got: ' + JSON.stringify(id));
}
if (!relative) {
if (id[1] >= 40)
return this.reporter.error('Second objid identifier OOB');
id.splice(0, 2, id[0] * 40 + id[1]);
}
// Count number of octets
var size = 0;
for (var i = 0; i < id.length; i++) {
var ident = id[i];
for (size++; ident >= 0x80; ident >>= 7)
size++;
}
var objid = new Buffer(size);
var offset = objid.length - 1;
for (var i = id.length - 1; i >= 0; i--) {
var ident = id[i];
objid[offset--] = ident & 0x7f;
while ((ident >>= 7) > 0)
objid[offset--] = 0x80 | (ident & 0x7f);
}
return this._createEncoderBuffer(objid);
};
function two(num) {
if (num < 10)
return '0' + num;
else
return num;
}
DERNode.prototype._encodeTime = function encodeTime(time, tag) {
var str;
var date = new Date(time);
if (tag === 'gentime') {
str = [
two(date.getFullYear()),
two(date.getUTCMonth() + 1),
two(date.getUTCDate()),
two(date.getUTCHours()),
two(date.getUTCMinutes()),
two(date.getUTCSeconds()),
'Z'
].join('');
} else if (tag === 'utctime') {
str = [
two(date.getFullYear() % 100),
two(date.getUTCMonth() + 1),
two(date.getUTCDate()),
two(date.getUTCHours()),
two(date.getUTCMinutes()),
two(date.getUTCSeconds()),
'Z'
].join('');
} else {
this.reporter.error('Encoding ' + tag + ' time is not supported yet');
}
return this._encodeStr(str, 'octstr');
};
DERNode.prototype._encodeNull = function encodeNull() {
return this._createEncoderBuffer('');
};
DERNode.prototype._encodeInt = function encodeInt(num, values) {
if (typeof num === 'string') {
if (!values)
return this.reporter.error('String int or enum given, but no values map');
if (!values.hasOwnProperty(num)) {
return this.reporter.error('Values map doesn\'t contain: ' +
JSON.stringify(num));
}
num = values[num];
}
// Bignum, assume big endian
if (typeof num !== 'number' && !Buffer.isBuffer(num)) {
var numArray = num.toArray();
if (!num.sign && numArray[0] & 0x80) {
numArray.unshift(0);
}
num = new Buffer(numArray);
}
if (Buffer.isBuffer(num)) {
var size = num.length;
if (num.length === 0)
size++;
var out = new Buffer(size);
num.copy(out);
if (num.length === 0)
out[0] = 0
return this._createEncoderBuffer(out);
}
if (num < 0x80)
return this._createEncoderBuffer(num);
if (num < 0x100)
return this._createEncoderBuffer([0, num]);
var size = 1;
for (var i = num; i >= 0x100; i >>= 8)
size++;
var out = new Array(size);
for (var i = out.length - 1; i >= 0; i--) {
out[i] = num & 0xff;
num >>= 8;
}
if(out[0] & 0x80) {
out.unshift(0);
}
return this._createEncoderBuffer(new Buffer(out));
};
DERNode.prototype._encodeBool = function encodeBool(value) {
return this._createEncoderBuffer(value ? 0xff : 0);
};
DERNode.prototype._use = function use(entity, obj) {
if (typeof entity === 'function')
entity = entity(obj);
return entity._getEncoder('der').tree;
};
DERNode.prototype._skipDefault = function skipDefault(dataBuffer, reporter, parent) {
var state = this._baseState;
var i;
if (state['default'] === null)
return false;
var data = dataBuffer.join();
if (state.defaultBuffer === undefined)
state.defaultBuffer = this._encodeValue(state['default'], reporter, parent).join();
if (data.length !== state.defaultBuffer.length)
return false;
for (i=0; i < data.length; i++)
if (data[i] !== state.defaultBuffer[i])
return false;
return true;
};
// Utility methods
function encodeTag(tag, primitive, cls, reporter) {
var res;
if (tag === 'seqof')
tag = 'seq';
else if (tag === 'setof')
tag = 'set';
if (der.tagByName.hasOwnProperty(tag))
res = der.tagByName[tag];
else if (typeof tag === 'number' && (tag | 0) === tag)
res = tag;
else
return reporter.error('Unknown tag: ' + tag);
if (res >= 0x1f)
return reporter.error('Multi-octet tag encoding unsupported');
if (!primitive)
res |= 0x20;
res |= (der.tagClassByName[cls || 'universal'] << 6);
return res;
}
/***/ },
/* 143 */
/***/ function(module, exports, __webpack_require__) {
var inherits = __webpack_require__(15);
var Buffer = __webpack_require__(1).Buffer;
var asn1 = __webpack_require__(128);
var DEREncoder = __webpack_require__(142);
function PEMEncoder(entity) {
DEREncoder.call(this, entity);
this.enc = 'pem';
};
inherits(PEMEncoder, DEREncoder);
module.exports = PEMEncoder;
PEMEncoder.prototype.encode = function encode(data, options) {
var buf = DEREncoder.prototype.encode.call(this, data);
var p = buf.toString('base64');
var out = [ '-----BEGIN ' + options.label + '-----' ];
for (var i = 0; i < p.length; i += 64)
out.push(p.slice(i, i + 64));
out.push('-----END ' + options.label + '-----');
return out.join('\n');
};
/***/ },
/* 144 */
/***/ function(module, exports) {
module.exports = {
"2.16.840.1.101.3.4.1.1": "aes-128-ecb",
"2.16.840.1.101.3.4.1.2": "aes-128-cbc",
"2.16.840.1.101.3.4.1.3": "aes-128-ofb",
"2.16.840.1.101.3.4.1.4": "aes-128-cfb",
"2.16.840.1.101.3.4.1.21": "aes-192-ecb",
"2.16.840.1.101.3.4.1.22": "aes-192-cbc",
"2.16.840.1.101.3.4.1.23": "aes-192-ofb",
"2.16.840.1.101.3.4.1.24": "aes-192-cfb",
"2.16.840.1.101.3.4.1.41": "aes-256-ecb",
"2.16.840.1.101.3.4.1.42": "aes-256-cbc",
"2.16.840.1.101.3.4.1.43": "aes-256-ofb",
"2.16.840.1.101.3.4.1.44": "aes-256-cfb"
};
/***/ },
/* 145 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {// adapted from https://github.com/apatil/pemstrip
var findProc = /Proc-Type: 4,ENCRYPTED\r?\nDEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)\r?\n\r?\n([0-9A-z\n\r\+\/\=]+)\r?\n/m
var startRegex = /^-----BEGIN (.*) KEY-----\r?\n/m
var fullRegex = /^-----BEGIN (.*) KEY-----\r?\n([0-9A-z\n\r\+\/\=]+)\r?\n-----END \1 KEY-----$/m
var evp = __webpack_require__(48)
var ciphers = __webpack_require__(49)
module.exports = function (okey, password) {
var key = okey.toString()
var match = key.match(findProc)
var decrypted
if (!match) {
var match2 = key.match(fullRegex)
decrypted = new Buffer(match2[2].replace(/\r?\n/g, ''), 'base64')
} else {
var suite = 'aes' + match[1]
var iv = new Buffer(match[2], 'hex')
var cipherText = new Buffer(match[3].replace(/\r?\n/g, ''), 'base64')
var cipherKey = evp(password, iv.slice(0, 8), parseInt(match[1], 10)).key
var out = []
var cipher = ciphers.createDecipheriv(suite, cipherKey, iv)
out.push(cipher.update(cipherText))
out.push(cipher.final())
decrypted = Buffer.concat(out)
}
var tag = key.match(startRegex)[1] + ' KEY'
return {
tag: tag,
data: decrypted
}
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 146 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {// much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
var curves = __webpack_require__(102)
var elliptic = __webpack_require__(103)
var parseKeys = __webpack_require__(126)
var BN = __webpack_require__(76)
var EC = elliptic.ec
function verify (sig, hash, key, signType) {
var pub = parseKeys(key)
if (pub.type === 'ec') {
if (signType !== 'ecdsa') {
throw new Error('wrong public key type')
}
return ecVerify(sig, hash, pub)
} else if (pub.type === 'dsa') {
if (signType !== 'dsa') {
throw new Error('wrong public key type')
}
return dsaVerify(sig, hash, pub)
} else {
if (signType !== 'rsa') {
throw new Error('wrong public key type')
}
}
var len = pub.modulus.byteLength()
var pad = [ 1 ]
var padNum = 0
while (hash.length + pad.length + 2 < len) {
pad.push(0xff)
padNum++
}
pad.push(0x00)
var i = -1
while (++i < hash.length) {
pad.push(hash[i])
}
pad = new Buffer(pad)
var red = BN.mont(pub.modulus)
sig = new BN(sig).toRed(red)
sig = sig.redPow(new BN(pub.publicExponent))
sig = new Buffer(sig.fromRed().toArray())
var out = 0
if (padNum < 8) {
out = 1
}
len = Math.min(sig.length, pad.length)
if (sig.length !== pad.length) {
out = 1
}
i = -1
while (++i < len) {
out |= (sig[i] ^ pad[i])
}
return out === 0
}
function ecVerify (sig, hash, pub) {
var curveId = curves[pub.data.algorithm.curve.join('.')]
if (!curveId) throw new Error('unknown curve ' + pub.data.algorithm.curve.join('.'))
var curve = new EC(curveId)
var pubkey = pub.data.subjectPrivateKey.data
return curve.verify(hash, sig, pubkey)
}
function dsaVerify (sig, hash, pub) {
var p = pub.data.p
var q = pub.data.q
var g = pub.data.g
var y = pub.data.pub_key
var unpacked = parseKeys.signature.decode(sig, 'der')
var s = unpacked.s
var r = unpacked.r
checkValue(s, q)
checkValue(r, q)
var montp = BN.mont(p)
var w = s.invm(q)
var v = g.toRed(montp)
.redPow(new BN(hash).mul(w).mod(q))
.fromRed()
.mul(
y.toRed(montp)
.redPow(r.mul(w).mod(q))
.fromRed()
).mod(p).mod(q)
return !v.cmp(r)
}
function checkValue (b, q) {
if (b.cmpn(0) <= 0) {
throw new Error('invalid sig')
}
if (b.cmp(q) >= q) {
throw new Error('invalid sig')
}
}
module.exports = verify
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 147 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var elliptic = __webpack_require__(103);
var BN = __webpack_require__(76);
module.exports = function createECDH(curve) {
return new ECDH(curve);
};
var aliases = {
secp256k1: {
name: 'secp256k1',
byteLength: 32
},
secp224r1: {
name: 'p224',
byteLength: 28
},
prime256v1: {
name: 'p256',
byteLength: 32
},
prime192v1: {
name: 'p192',
byteLength: 24
},
ed25519: {
name: 'ed25519',
byteLength: 32
},
secp384r1: {
name: 'p384',
byteLength: 48
},
secp521r1: {
name: 'p521',
byteLength: 66
}
};
aliases.p224 = aliases.secp224r1;
aliases.p256 = aliases.secp256r1 = aliases.prime256v1;
aliases.p192 = aliases.secp192r1 = aliases.prime192v1;
aliases.p384 = aliases.secp384r1;
aliases.p521 = aliases.secp521r1;
function ECDH(curve) {
this.curveType = aliases[curve];
if (!this.curveType ) {
this.curveType = {
name: curve
};
}
this.curve = new elliptic.ec(this.curveType.name);
this.keys = void 0;
}
ECDH.prototype.generateKeys = function (enc, format) {
this.keys = this.curve.genKeyPair();
return this.getPublicKey(enc, format);
};
ECDH.prototype.computeSecret = function (other, inenc, enc) {
inenc = inenc || 'utf8';
if (!Buffer.isBuffer(other)) {
other = new Buffer(other, inenc);
}
var otherPub = this.curve.keyFromPublic(other).getPublic();
var out = otherPub.mul(this.keys.getPrivate()).getX();
return formatReturnValue(out, enc, this.curveType.byteLength);
};
ECDH.prototype.getPublicKey = function (enc, format) {
var key = this.keys.getPublic(format === 'compressed', true);
if (format === 'hybrid') {
if (key[key.length - 1] % 2) {
key[0] = 7;
} else {
key [0] = 6;
}
}
return formatReturnValue(key, enc);
};
ECDH.prototype.getPrivateKey = function (enc) {
return formatReturnValue(this.keys.getPrivate(), enc);
};
ECDH.prototype.setPublicKey = function (pub, enc) {
enc = enc || 'utf8';
if (!Buffer.isBuffer(pub)) {
pub = new Buffer(pub, enc);
}
this.keys._importPublic(pub);
return this;
};
ECDH.prototype.setPrivateKey = function (priv, enc) {
enc = enc || 'utf8';
if (!Buffer.isBuffer(priv)) {
priv = new Buffer(priv, enc);
}
var _priv = new BN(priv);
_priv = _priv.toString(16);
this.keys._importPrivate(_priv);
return this;
};
function formatReturnValue(bn, enc, len) {
if (!Array.isArray(bn)) {
bn = bn.toArray();
}
var buf = new Buffer(bn);
if (len && buf.length < len) {
var zeros = new Buffer(len - buf.length);
zeros.fill(0);
buf = Buffer.concat([zeros, buf]);
}
if (!enc) {
return buf;
} else {
return buf.toString(enc);
}
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 148 */
/***/ function(module, exports, __webpack_require__) {
exports.publicEncrypt = __webpack_require__(149);
exports.privateDecrypt = __webpack_require__(153);
exports.privateEncrypt = function privateEncrypt(key, buf) {
return exports.publicEncrypt(key, buf, true);
};
exports.publicDecrypt = function publicDecrypt(key, buf) {
return exports.privateDecrypt(key, buf, true);
};
/***/ },
/* 149 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var parseKeys = __webpack_require__(126);
var randomBytes = __webpack_require__(12);
var createHash = __webpack_require__(14);
var mgf = __webpack_require__(150);
var xor = __webpack_require__(151);
var bn = __webpack_require__(76);
var withPublic = __webpack_require__(152);
var crt = __webpack_require__(101);
var constants = {
RSA_PKCS1_OAEP_PADDING: 4,
RSA_PKCS1_PADDIN: 1,
RSA_NO_PADDING: 3
};
module.exports = function publicEncrypt(public_key, msg, reverse) {
var padding;
if (public_key.padding) {
padding = public_key.padding;
} else if (reverse) {
padding = 1;
} else {
padding = 4;
}
var key = parseKeys(public_key);
var paddedMsg;
if (padding === 4) {
paddedMsg = oaep(key, msg);
} else if (padding === 1) {
paddedMsg = pkcs1(key, msg, reverse);
} else if (padding === 3) {
paddedMsg = new bn(msg);
if (paddedMsg.cmp(key.modulus) >= 0) {
throw new Error('data too long for modulus');
}
} else {
throw new Error('unknown padding');
}
if (reverse) {
return crt(paddedMsg, key);
} else {
return withPublic(paddedMsg, key);
}
};
function oaep(key, msg){
var k = key.modulus.byteLength();
var mLen = msg.length;
var iHash = createHash('sha1').update(new Buffer('')).digest();
var hLen = iHash.length;
var hLen2 = 2 * hLen;
if (mLen > k - hLen2 - 2) {
throw new Error('message too long');
}
var ps = new Buffer(k - mLen - hLen2 - 2);
ps.fill(0);
var dblen = k - hLen - 1;
var seed = randomBytes(hLen);
var maskedDb = xor(Buffer.concat([iHash, ps, new Buffer([1]), msg], dblen), mgf(seed, dblen));
var maskedSeed = xor(seed, mgf(maskedDb, hLen));
return new bn(Buffer.concat([new Buffer([0]), maskedSeed, maskedDb], k));
}
function pkcs1(key, msg, reverse){
var mLen = msg.length;
var k = key.modulus.byteLength();
if (mLen > k - 11) {
throw new Error('message too long');
}
var ps;
if (reverse) {
ps = new Buffer(k - mLen - 3);
ps.fill(0xff);
} else {
ps = nonZero(k - mLen - 3);
}
return new bn(Buffer.concat([new Buffer([0, reverse?1:2]), ps, new Buffer([0]), msg], k));
}
function nonZero(len, crypto) {
var out = new Buffer(len);
var i = 0;
var cache = randomBytes(len*2);
var cur = 0;
var num;
while (i < len) {
if (cur === cache.length) {
cache = randomBytes(len*2);
cur = 0;
}
num = cache[cur++];
if (num) {
out[i++] = num;
}
}
return out;
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 150 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var createHash = __webpack_require__(14);
module.exports = function (seed, len) {
var t = new Buffer('');
var i = 0, c;
while (t.length < len) {
c = i2ops(i++);
t = Buffer.concat([t, createHash('sha1').update(seed).update(c).digest()]);
}
return t.slice(0, len);
};
function i2ops(c) {
var out = new Buffer(4);
out.writeUInt32BE(c,0);
return out;
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 151 */
/***/ function(module, exports) {
module.exports = function xor(a, b) {
var len = a.length;
var i = -1;
while (++i < len) {
a[i] ^= b[i];
}
return a
};
/***/ },
/* 152 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var bn = __webpack_require__(76);
function withPublic(paddedMsg, key) {
return new Buffer(paddedMsg
.toRed(bn.mont(key.modulus))
.redPow(new bn(key.publicExponent))
.fromRed()
.toArray());
}
module.exports = withPublic;
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 153 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var parseKeys = __webpack_require__(126);
var mgf = __webpack_require__(150);
var xor = __webpack_require__(151);
var bn = __webpack_require__(76);
var crt = __webpack_require__(101);
var createHash = __webpack_require__(14);
var withPublic = __webpack_require__(152);
module.exports = function privateDecrypt(private_key, enc, reverse) {
var padding;
if (private_key.padding) {
padding = private_key.padding;
} else if (reverse) {
padding = 1;
} else {
padding = 4;
}
var key = parseKeys(private_key);
var k = key.modulus.byteLength();
if (enc.length > k || new bn(enc).cmp(key.modulus) >= 0) {
throw new Error('decryption error');
}
var msg;
if (reverse) {
msg = withPublic(new bn(enc), key);
} else {
msg = crt(enc, key);
}
var zBuffer = new Buffer(k - msg.length);
zBuffer.fill(0);
msg = Buffer.concat([zBuffer, msg], k);
if (padding === 4) {
return oaep(key, msg);
} else if (padding === 1) {
return pkcs1(key, msg, reverse);
} else if (padding === 3) {
return msg;
} else {
throw new Error('unknown padding');
}
};
function oaep(key, msg){
var n = key.modulus;
var k = key.modulus.byteLength();
var mLen = msg.length;
var iHash = createHash('sha1').update(new Buffer('')).digest();
var hLen = iHash.length;
var hLen2 = 2 * hLen;
if (msg[0] !== 0) {
throw new Error('decryption error');
}
var maskedSeed = msg.slice(1, hLen + 1);
var maskedDb = msg.slice(hLen + 1);
var seed = xor(maskedSeed, mgf(maskedDb, hLen));
var db = xor(maskedDb, mgf(seed, k - hLen - 1));
if (compare(iHash, db.slice(0, hLen))) {
throw new Error('decryption error');
}
var i = hLen;
while (db[i] === 0) {
i++;
}
if (db[i++] !== 1) {
throw new Error('decryption error');
}
return db.slice(i);
}
function pkcs1(key, msg, reverse){
var p1 = msg.slice(0, 2);
var i = 2;
var status = 0;
while (msg[i++] !== 0) {
if (i >= msg.length) {
status++;
break;
}
}
var ps = msg.slice(2, i - 1);
var p2 = msg.slice(i - 1, i);
if ((p1.toString('hex') !== '0002' && !reverse) || (p1.toString('hex') !== '0001' && reverse)){
status++;
}
if (ps.length < 8) {
status++;
}
if (status) {
throw new Error('decryption error');
}
return msg.slice(i);
}
function compare(a, b){
a = new Buffer(a);
b = new Buffer(b);
var dif = 0;
var len = a.length;
if (a.length !== b.length) {
dif++;
len = Math.min(a.length, b.length);
}
var i = -1;
while (++i < len) {
dif += (a[i] ^ b[i]);
}
return dif;
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 154 */
/***/ function(module, exports, __webpack_require__) {
var basex = __webpack_require__(155)
var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
var base58 = basex(ALPHABET)
module.exports = {
encode: base58.encode,
decode: base58.decode
}
/***/ },
/* 155 */
/***/ function(module, exports) {
// base-x encoding
// Forked from https://github.com/cryptocoinjs/bs58
// Originally written by Mike Hearn for BitcoinJ
// Copyright (c) 2011 Google Inc
// Ported to JavaScript by Stefan Thomas
// Merged Buffer refactorings from base58-native by Stephen Pair
// Copyright (c) 2013 BitPay Inc
/**
* @param {string} ALPHABET
* @return {encode: function, decode: function}
*/
module.exports = function base (ALPHABET) {
var ALPHABET_MAP = {}
var BASE = ALPHABET.length
var LEADER = ALPHABET.charAt(0)
// pre-compute lookup table
for (var i = 0; i < ALPHABET.length; i++) {
ALPHABET_MAP[ALPHABET.charAt(i)] = i
}
/**
* @param {(Buffer|number[])} source
* @return {string}
*/
function encode (source) {
if (source.length === 0) return ''
var digits = [0]
for (var i = 0; i < source.length; ++i) {
var carry = (digits[0] << 8) + source[i]
digits[0] = carry % BASE
carry = (carry / BASE) | 0
for (var j = 1; j < digits.length; ++j) {
carry += digits[j] << 8
digits[j] = carry % BASE
carry = (carry / BASE) | 0
}
while (carry > 0) {
digits.push(carry % BASE)
carry = (carry / BASE) | 0
}
}
// deal with leading zeros
for (var k = 0; source[k] === 0 && k < source.length - 1; ++k) {
digits.push(0)
}
// convert digits to a string
for (var ii = 0, jj = digits.length - 1; ii <= jj; ++ii, --jj) {
var tmp = ALPHABET[digits[ii]]
digits[ii] = ALPHABET[digits[jj]]
digits[jj] = tmp
}
return digits.join('')
}
/**
* @param {string} string
* @return {number[]}
*/
function decode (string) {
if (string.length === 0) return []
var bytes = [0]
for (var i = 0; i < string.length; i++) {
var value = ALPHABET_MAP[string[i]]
if (value === undefined) throw new Error('Non-base' + BASE + ' character')
var carry = bytes[0] * BASE + value
bytes[0] = carry & 0xff
carry >>= 8
for (var j = 1; j < bytes.length; ++j) {
carry += bytes[j] * BASE
bytes[j] = carry & 0xff
carry >>= 8
}
while (carry > 0) {
bytes.push(carry & 0xff)
carry >>= 8
}
}
// deal with leading zeros
for (var k = 0; string[k] === LEADER && k < string.length - 1; ++k) {
bytes.push(0)
}
return bytes.reverse()
}
return {
encode: encode,
decode: decode
}
}
/***/ },
/* 156 */
/***/ function(module, exports, __webpack_require__) {
var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_DEFINE_RESULT__;var require;/* WEBPACK VAR INJECTION */(function(process, setImmediate, module, Buffer) {(function(root, factory) {
if(true) {
!(__WEBPACK_AMD_DEFINE_ARRAY__ = [], __WEBPACK_AMD_DEFINE_FACTORY__ = (factory), __WEBPACK_AMD_DEFINE_RESULT__ = (typeof __WEBPACK_AMD_DEFINE_FACTORY__ === 'function' ? (__WEBPACK_AMD_DEFINE_FACTORY__.apply(exports, __WEBPACK_AMD_DEFINE_ARRAY__)) : __WEBPACK_AMD_DEFINE_FACTORY__), __WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__));
} else {
root.forge = factory();
}
})(this, function() {
/**
* @license almond 0.2.9 Copyright (c) 2011-2014, The Dojo Foundation All Rights Reserved.
* Available via the MIT or new BSD license.
* see: http://github.com/jrburke/almond for details
*/
//Going sloppy to avoid 'use strict' string cost, but strict practices should
//be followed.
/*jslint sloppy: true */
/*global setTimeout: false */
var requirejs, require, define;
(function (undef) {
var main, req, makeMap, handlers,
defined = {},
waiting = {},
config = {},
defining = {},
hasOwn = Object.prototype.hasOwnProperty,
aps = [].slice,
jsSuffixRegExp = /\.js$/;
function hasProp(obj, prop) {
return hasOwn.call(obj, prop);
}
/**
* Given a relative module name, like ./something, normalize it to
* a real name that can be mapped to a path.
* @param {String} name the relative name
* @param {String} baseName a real name that the name arg is relative
* to.
* @returns {String} normalized name
*/
function normalize(name, baseName) {
var nameParts, nameSegment, mapValue, foundMap, lastIndex,
foundI, foundStarMap, starI, i, j, part,
baseParts = baseName && baseName.split("/"),
map = config.map,
starMap = (map && map['*']) || {};
//Adjust any relative paths.
if (name && name.charAt(0) === ".") {
//If have a base name, try to normalize against it,
//otherwise, assume it is a top-level require that will
//be relative to baseUrl in the end.
if (baseName) {
//Convert baseName to array, and lop off the last part,
//so that . matches that "directory" and not name of the baseName's
//module. For instance, baseName of "one/two/three", maps to
//"one/two/three.js", but we want the directory, "one/two" for
//this normalization.
baseParts = baseParts.slice(0, baseParts.length - 1);
name = name.split('/');
lastIndex = name.length - 1;
// Node .js allowance:
if (config.nodeIdCompat && jsSuffixRegExp.test(name[lastIndex])) {
name[lastIndex] = name[lastIndex].replace(jsSuffixRegExp, '');
}
name = baseParts.concat(name);
//start trimDots
for (i = 0; i < name.length; i += 1) {
part = name[i];
if (part === ".") {
name.splice(i, 1);
i -= 1;
} else if (part === "..") {
if (i === 1 && (name[2] === '..' || name[0] === '..')) {
//End of the line. Keep at least one non-dot
//path segment at the front so it can be mapped
//correctly to disk. Otherwise, there is likely
//no path mapping for a path starting with '..'.
//This can still fail, but catches the most reasonable
//uses of ..
break;
} else if (i > 0) {
name.splice(i - 1, 2);
i -= 2;
}
}
}
//end trimDots
name = name.join("/");
} else if (name.indexOf('./') === 0) {
// No baseName, so this is ID is resolved relative
// to baseUrl, pull off the leading dot.
name = name.substring(2);
}
}
//Apply map config if available.
if ((baseParts || starMap) && map) {
nameParts = name.split('/');
for (i = nameParts.length; i > 0; i -= 1) {
nameSegment = nameParts.slice(0, i).join("/");
if (baseParts) {
//Find the longest baseName segment match in the config.
//So, do joins on the biggest to smallest lengths of baseParts.
for (j = baseParts.length; j > 0; j -= 1) {
mapValue = map[baseParts.slice(0, j).join('/')];
//baseName segment has config, find if it has one for
//this name.
if (mapValue) {
mapValue = mapValue[nameSegment];
if (mapValue) {
//Match, update name to the new value.
foundMap = mapValue;
foundI = i;
break;
}
}
}
}
if (foundMap) {
break;
}
//Check for a star map match, but just hold on to it,
//if there is a shorter segment match later in a matching
//config, then favor over this star map.
if (!foundStarMap && starMap && starMap[nameSegment]) {
foundStarMap = starMap[nameSegment];
starI = i;
}
}
if (!foundMap && foundStarMap) {
foundMap = foundStarMap;
foundI = starI;
}
if (foundMap) {
nameParts.splice(0, foundI, foundMap);
name = nameParts.join('/');
}
}
return name;
}
function makeRequire(relName, forceSync) {
return function () {
//A version of a require function that passes a moduleName
//value for items that may need to
//look up paths relative to the moduleName
return req.apply(undef, aps.call(arguments, 0).concat([relName, forceSync]));
};
}
function makeNormalize(relName) {
return function (name) {
return normalize(name, relName);
};
}
function makeLoad(depName) {
return function (value) {
defined[depName] = value;
};
}
function callDep(name) {
if (hasProp(waiting, name)) {
var args = waiting[name];
delete waiting[name];
defining[name] = true;
main.apply(undef, args);
}
if (!hasProp(defined, name) && !hasProp(defining, name)) {
throw new Error('No ' + name);
}
return defined[name];
}
//Turns a plugin!resource to [plugin, resource]
//with the plugin being undefined if the name
//did not have a plugin prefix.
function splitPrefix(name) {
var prefix,
index = name ? name.indexOf('!') : -1;
if (index > -1) {
prefix = name.substring(0, index);
name = name.substring(index + 1, name.length);
}
return [prefix, name];
}
/**
* Makes a name map, normalizing the name, and using a plugin
* for normalization if necessary. Grabs a ref to plugin
* too, as an optimization.
*/
makeMap = function (name, relName) {
var plugin,
parts = splitPrefix(name),
prefix = parts[0];
name = parts[1];
if (prefix) {
prefix = normalize(prefix, relName);
plugin = callDep(prefix);
}
//Normalize according
if (prefix) {
if (plugin && plugin.normalize) {
name = plugin.normalize(name, makeNormalize(relName));
} else {
name = normalize(name, relName);
}
} else {
name = normalize(name, relName);
parts = splitPrefix(name);
prefix = parts[0];
name = parts[1];
if (prefix) {
plugin = callDep(prefix);
}
}
//Using ridiculous property names for space reasons
return {
f: prefix ? prefix + '!' + name : name, //fullName
n: name,
pr: prefix,
p: plugin
};
};
function makeConfig(name) {
return function () {
return (config && config.config && config.config[name]) || {};
};
}
handlers = {
require: function (name) {
return makeRequire(name);
},
exports: function (name) {
var e = defined[name];
if (typeof e !== 'undefined') {
return e;
} else {
return (defined[name] = {});
}
},
module: function (name) {
return {
id: name,
uri: '',
exports: defined[name],
config: makeConfig(name)
};
}
};
main = function (name, deps, callback, relName) {
var cjsModule, depName, ret, map, i,
args = [],
callbackType = typeof callback,
usingExports;
//Use name if no relName
relName = relName || name;
//Call the callback to define the module, if necessary.
if (callbackType === 'undefined' || callbackType === 'function') {
//Pull out the defined dependencies and pass the ordered
//values to the callback.
//Default to [require, exports, module] if no deps
deps = !deps.length && callback.length ? ['require', 'exports', 'module'] : deps;
for (i = 0; i < deps.length; i += 1) {
map = makeMap(deps[i], relName);
depName = map.f;
//Fast path CommonJS standard dependencies.
if (depName === "require") {
args[i] = handlers.require(name);
} else if (depName === "exports") {
//CommonJS module spec 1.1
args[i] = handlers.exports(name);
usingExports = true;
} else if (depName === "module") {
//CommonJS module spec 1.1
cjsModule = args[i] = handlers.module(name);
} else if (hasProp(defined, depName) ||
hasProp(waiting, depName) ||
hasProp(defining, depName)) {
args[i] = callDep(depName);
} else if (map.p) {
map.p.load(map.n, makeRequire(relName, true), makeLoad(depName), {});
args[i] = defined[depName];
} else {
throw new Error(name + ' missing ' + depName);
}
}
ret = callback ? callback.apply(defined[name], args) : undefined;
if (name) {
//If setting exports via "module" is in play,
//favor that over return value and exports. After that,
//favor a non-undefined return value over exports use.
if (cjsModule && cjsModule.exports !== undef &&
cjsModule.exports !== defined[name]) {
defined[name] = cjsModule.exports;
} else if (ret !== undef || !usingExports) {
//Use the return value from the function.
defined[name] = ret;
}
}
} else if (name) {
//May just be an object definition for the module. Only
//worry about defining if have a module name.
defined[name] = callback;
}
};
requirejs = require = req = function (deps, callback, relName, forceSync, alt) {
if (typeof deps === "string") {
if (handlers[deps]) {
//callback in this case is really relName
return handlers[deps](callback);
}
//Just return the module wanted. In this scenario, the
//deps arg is the module name, and second arg (if passed)
//is just the relName.
//Normalize module name, if it contains . or ..
return callDep(makeMap(deps, callback).f);
} else if (!deps.splice) {
//deps is a config object, not an array.
config = deps;
if (config.deps) {
req(config.deps, config.callback);
}
if (!callback) {
return;
}
if (callback.splice) {
//callback is an array, which means it is a dependency list.
//Adjust args if there are dependencies
deps = callback;
callback = relName;
relName = null;
} else {
deps = undef;
}
}
//Support require(['a'])
callback = callback || function () {};
//If relName is a function, it is an errback handler,
//so remove it.
if (typeof relName === 'function') {
relName = forceSync;
forceSync = alt;
}
//Simulate async callback;
if (forceSync) {
main(undef, deps, callback, relName);
} else {
//Using a non-zero value because of concern for what old browsers
//do, and latest browsers "upgrade" to 4 if lower value is used:
//http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#dom-windowtimers-settimeout:
//If want a value immediately, use require('id') instead -- something
//that works in almond on the global level, but not guaranteed and
//unlikely to work in other AMD implementations.
setTimeout(function () {
main(undef, deps, callback, relName);
}, 4);
}
return req;
};
/**
* Just drops the config on the floor, but returns req in case
* the config return value is used.
*/
req.config = function (cfg) {
return req(cfg);
};
/**
* Expose module registry for debugging and tooling
*/
requirejs._defined = defined;
define = function (name, deps, callback) {
//This module may not have dependencies
if (!deps.splice) {
//deps is not an array, so probably means
//an object literal or factory function for
//the value. Adjust args.
callback = deps;
deps = [];
}
if (!hasProp(defined, name) && !hasProp(waiting, name)) {
waiting[name] = [name, deps, callback];
}
};
define.amd = {
jQuery: true
};
}());
define("node_modules/almond/almond", function(){});
/**
* Utility functions for web applications.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* Utilities API */
var util = forge.util = forge.util || {};
// define setImmediate and nextTick
(function() {
// use native nextTick
if(typeof process !== 'undefined' && process.nextTick) {
util.nextTick = process.nextTick;
if(typeof setImmediate === 'function') {
util.setImmediate = setImmediate;
} else {
// polyfill setImmediate with nextTick, older versions of node
// (those w/o setImmediate) won't totally starve IO
util.setImmediate = util.nextTick;
}
return;
}
// polyfill nextTick with native setImmediate
if(typeof setImmediate === 'function') {
util.setImmediate = setImmediate;
util.nextTick = function(callback) {
return setImmediate(callback);
};
return;
}
/* Note: A polyfill upgrade pattern is used here to allow combining
polyfills. For example, MutationObserver is fast, but blocks UI updates,
so it needs to allow UI updates periodically, so it falls back on
postMessage or setTimeout. */
// polyfill with setTimeout
util.setImmediate = function(callback) {
setTimeout(callback, 0);
};
// upgrade polyfill to use postMessage
if(typeof window !== 'undefined' &&
typeof window.postMessage === 'function') {
var msg = 'forge.setImmediate';
var callbacks = [];
util.setImmediate = function(callback) {
callbacks.push(callback);
// only send message when one hasn't been sent in
// the current turn of the event loop
if(callbacks.length === 1) {
window.postMessage(msg, '*');
}
};
function handler(event) {
if(event.source === window && event.data === msg) {
event.stopPropagation();
var copy = callbacks.slice();
callbacks.length = 0;
copy.forEach(function(callback) {
callback();
});
}
}
window.addEventListener('message', handler, true);
}
// upgrade polyfill to use MutationObserver
if(typeof MutationObserver !== 'undefined') {
// polyfill with MutationObserver
var now = Date.now();
var attr = true;
var div = document.createElement('div');
var callbacks = [];
new MutationObserver(function() {
var copy = callbacks.slice();
callbacks.length = 0;
copy.forEach(function(callback) {
callback();
});
}).observe(div, {attributes: true});
var oldSetImmediate = util.setImmediate;
util.setImmediate = function(callback) {
if(Date.now() - now > 15) {
now = Date.now();
oldSetImmediate(callback);
} else {
callbacks.push(callback);
// only trigger observer when it hasn't been triggered in
// the current turn of the event loop
if(callbacks.length === 1) {
div.setAttribute('a', attr = !attr);
}
}
};
}
util.nextTick = util.setImmediate;
})();
// define isArray
util.isArray = Array.isArray || function(x) {
return Object.prototype.toString.call(x) === '[object Array]';
};
// define isArrayBuffer
util.isArrayBuffer = function(x) {
return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer;
};
// define isArrayBufferView
util.isArrayBufferView = function(x) {
return x && util.isArrayBuffer(x.buffer) && x.byteLength !== undefined;
};
// TODO: set ByteBuffer to best available backing
util.ByteBuffer = ByteStringBuffer;
/** Buffer w/BinaryString backing */
/**
* Constructor for a binary string backed byte buffer.
*
* @param [b] the bytes to wrap (either encoded as string, one byte per
* character, or as an ArrayBuffer or Typed Array).
*/
function ByteStringBuffer(b) {
// TODO: update to match DataBuffer API
// the data in this buffer
this.data = '';
// the pointer for reading from this buffer
this.read = 0;
if(typeof b === 'string') {
this.data = b;
} else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) {
// convert native buffer to forge buffer
// FIXME: support native buffers internally instead
var arr = new Uint8Array(b);
try {
this.data = String.fromCharCode.apply(null, arr);
} catch(e) {
for(var i = 0; i < arr.length; ++i) {
this.putByte(arr[i]);
}
}
} else if(b instanceof ByteStringBuffer ||
(typeof b === 'object' && typeof b.data === 'string' &&
typeof b.read === 'number')) {
// copy existing buffer
this.data = b.data;
this.read = b.read;
}
// used for v8 optimization
this._constructedStringLength = 0;
}
util.ByteStringBuffer = ByteStringBuffer;
/* Note: This is an optimization for V8-based browsers. When V8 concatenates
a string, the strings are only joined logically using a "cons string" or
"constructed/concatenated string". These containers keep references to one
another and can result in very large memory usage. For example, if a 2MB
string is constructed by concatenating 4 bytes together at a time, the
memory usage will be ~44MB; so ~22x increase. The strings are only joined
together when an operation requiring their joining takes place, such as
substr(). This function is called when adding data to this buffer to ensure
these types of strings are periodically joined to reduce the memory
footprint. */
var _MAX_CONSTRUCTED_STRING_LENGTH = 4096;
util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) {
this._constructedStringLength += x;
if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) {
// this substr() should cause the constructed string to join
this.data.substr(0, 1);
this._constructedStringLength = 0;
}
};
/**
* Gets the number of bytes in this buffer.
*
* @return the number of bytes in this buffer.
*/
util.ByteStringBuffer.prototype.length = function() {
return this.data.length - this.read;
};
/**
* Gets whether or not this buffer is empty.
*
* @return true if this buffer is empty, false if not.
*/
util.ByteStringBuffer.prototype.isEmpty = function() {
return this.length() <= 0;
};
/**
* Puts a byte in this buffer.
*
* @param b the byte to put.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putByte = function(b) {
return this.putBytes(String.fromCharCode(b));
};
/**
* Puts a byte in this buffer N times.
*
* @param b the byte to put.
* @param n the number of bytes of value b to put.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.fillWithByte = function(b, n) {
b = String.fromCharCode(b);
var d = this.data;
while(n > 0) {
if(n & 1) {
d += b;
}
n >>>= 1;
if(n > 0) {
b += b;
}
}
this.data = d;
this._optimizeConstructedString(n);
return this;
};
/**
* Puts bytes in this buffer.
*
* @param bytes the bytes (as a UTF-8 encoded string) to put.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putBytes = function(bytes) {
this.data += bytes;
this._optimizeConstructedString(bytes.length);
return this;
};
/**
* Puts a UTF-16 encoded string into this buffer.
*
* @param str the string to put.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putString = function(str) {
return this.putBytes(util.encodeUtf8(str));
};
/**
* Puts a 16-bit integer in this buffer in big-endian order.
*
* @param i the 16-bit integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt16 = function(i) {
return this.putBytes(
String.fromCharCode(i >> 8 & 0xFF) +
String.fromCharCode(i & 0xFF));
};
/**
* Puts a 24-bit integer in this buffer in big-endian order.
*
* @param i the 24-bit integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt24 = function(i) {
return this.putBytes(
String.fromCharCode(i >> 16 & 0xFF) +
String.fromCharCode(i >> 8 & 0xFF) +
String.fromCharCode(i & 0xFF));
};
/**
* Puts a 32-bit integer in this buffer in big-endian order.
*
* @param i the 32-bit integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt32 = function(i) {
return this.putBytes(
String.fromCharCode(i >> 24 & 0xFF) +
String.fromCharCode(i >> 16 & 0xFF) +
String.fromCharCode(i >> 8 & 0xFF) +
String.fromCharCode(i & 0xFF));
};
/**
* Puts a 16-bit integer in this buffer in little-endian order.
*
* @param i the 16-bit integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt16Le = function(i) {
return this.putBytes(
String.fromCharCode(i & 0xFF) +
String.fromCharCode(i >> 8 & 0xFF));
};
/**
* Puts a 24-bit integer in this buffer in little-endian order.
*
* @param i the 24-bit integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt24Le = function(i) {
return this.putBytes(
String.fromCharCode(i & 0xFF) +
String.fromCharCode(i >> 8 & 0xFF) +
String.fromCharCode(i >> 16 & 0xFF));
};
/**
* Puts a 32-bit integer in this buffer in little-endian order.
*
* @param i the 32-bit integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt32Le = function(i) {
return this.putBytes(
String.fromCharCode(i & 0xFF) +
String.fromCharCode(i >> 8 & 0xFF) +
String.fromCharCode(i >> 16 & 0xFF) +
String.fromCharCode(i >> 24 & 0xFF));
};
/**
* Puts an n-bit integer in this buffer in big-endian order.
*
* @param i the n-bit integer.
* @param n the number of bits in the integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putInt = function(i, n) {
var bytes = '';
do {
n -= 8;
bytes += String.fromCharCode((i >> n) & 0xFF);
} while(n > 0);
return this.putBytes(bytes);
};
/**
* Puts a signed n-bit integer in this buffer in big-endian order. Two's
* complement representation is used.
*
* @param i the n-bit integer.
* @param n the number of bits in the integer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putSignedInt = function(i, n) {
if(i < 0) {
i += 2 << (n - 1);
}
return this.putInt(i, n);
};
/**
* Puts the given buffer into this buffer.
*
* @param buffer the buffer to put into this one.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.putBuffer = function(buffer) {
return this.putBytes(buffer.getBytes());
};
/**
* Gets a byte from this buffer and advances the read pointer by 1.
*
* @return the byte.
*/
util.ByteStringBuffer.prototype.getByte = function() {
return this.data.charCodeAt(this.read++);
};
/**
* Gets a uint16 from this buffer in big-endian order and advances the read
* pointer by 2.
*
* @return the uint16.
*/
util.ByteStringBuffer.prototype.getInt16 = function() {
var rval = (
this.data.charCodeAt(this.read) << 8 ^
this.data.charCodeAt(this.read + 1));
this.read += 2;
return rval;
};
/**
* Gets a uint24 from this buffer in big-endian order and advances the read
* pointer by 3.
*
* @return the uint24.
*/
util.ByteStringBuffer.prototype.getInt24 = function() {
var rval = (
this.data.charCodeAt(this.read) << 16 ^
this.data.charCodeAt(this.read + 1) << 8 ^
this.data.charCodeAt(this.read + 2));
this.read += 3;
return rval;
};
/**
* Gets a uint32 from this buffer in big-endian order and advances the read
* pointer by 4.
*
* @return the word.
*/
util.ByteStringBuffer.prototype.getInt32 = function() {
var rval = (
this.data.charCodeAt(this.read) << 24 ^
this.data.charCodeAt(this.read + 1) << 16 ^
this.data.charCodeAt(this.read + 2) << 8 ^
this.data.charCodeAt(this.read + 3));
this.read += 4;
return rval;
};
/**
* Gets a uint16 from this buffer in little-endian order and advances the read
* pointer by 2.
*
* @return the uint16.
*/
util.ByteStringBuffer.prototype.getInt16Le = function() {
var rval = (
this.data.charCodeAt(this.read) ^
this.data.charCodeAt(this.read + 1) << 8);
this.read += 2;
return rval;
};
/**
* Gets a uint24 from this buffer in little-endian order and advances the read
* pointer by 3.
*
* @return the uint24.
*/
util.ByteStringBuffer.prototype.getInt24Le = function() {
var rval = (
this.data.charCodeAt(this.read) ^
this.data.charCodeAt(this.read + 1) << 8 ^
this.data.charCodeAt(this.read + 2) << 16);
this.read += 3;
return rval;
};
/**
* Gets a uint32 from this buffer in little-endian order and advances the read
* pointer by 4.
*
* @return the word.
*/
util.ByteStringBuffer.prototype.getInt32Le = function() {
var rval = (
this.data.charCodeAt(this.read) ^
this.data.charCodeAt(this.read + 1) << 8 ^
this.data.charCodeAt(this.read + 2) << 16 ^
this.data.charCodeAt(this.read + 3) << 24);
this.read += 4;
return rval;
};
/**
* Gets an n-bit integer from this buffer in big-endian order and advances the
* read pointer by n/8.
*
* @param n the number of bits in the integer.
*
* @return the integer.
*/
util.ByteStringBuffer.prototype.getInt = function(n) {
var rval = 0;
do {
rval = (rval << 8) + this.data.charCodeAt(this.read++);
n -= 8;
} while(n > 0);
return rval;
};
/**
* Gets a signed n-bit integer from this buffer in big-endian order, using
* two's complement, and advances the read pointer by n/8.
*
* @param n the number of bits in the integer.
*
* @return the integer.
*/
util.ByteStringBuffer.prototype.getSignedInt = function(n) {
var x = this.getInt(n);
var max = 2 << (n - 2);
if(x >= max) {
x -= max << 1;
}
return x;
};
/**
* Reads bytes out into a UTF-8 string and clears them from the buffer.
*
* @param count the number of bytes to read, undefined or null for all.
*
* @return a UTF-8 string of bytes.
*/
util.ByteStringBuffer.prototype.getBytes = function(count) {
var rval;
if(count) {
// read count bytes
count = Math.min(this.length(), count);
rval = this.data.slice(this.read, this.read + count);
this.read += count;
} else if(count === 0) {
rval = '';
} else {
// read all bytes, optimize to only copy when needed
rval = (this.read === 0) ? this.data : this.data.slice(this.read);
this.clear();
}
return rval;
};
/**
* Gets a UTF-8 encoded string of the bytes from this buffer without modifying
* the read pointer.
*
* @param count the number of bytes to get, omit to get all.
*
* @return a string full of UTF-8 encoded characters.
*/
util.ByteStringBuffer.prototype.bytes = function(count) {
return (typeof(count) === 'undefined' ?
this.data.slice(this.read) :
this.data.slice(this.read, this.read + count));
};
/**
* Gets a byte at the given index without modifying the read pointer.
*
* @param i the byte index.
*
* @return the byte.
*/
util.ByteStringBuffer.prototype.at = function(i) {
return this.data.charCodeAt(this.read + i);
};
/**
* Puts a byte at the given index without modifying the read pointer.
*
* @param i the byte index.
* @param b the byte to put.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.setAt = function(i, b) {
this.data = this.data.substr(0, this.read + i) +
String.fromCharCode(b) +
this.data.substr(this.read + i + 1);
return this;
};
/**
* Gets the last byte without modifying the read pointer.
*
* @return the last byte.
*/
util.ByteStringBuffer.prototype.last = function() {
return this.data.charCodeAt(this.data.length - 1);
};
/**
* Creates a copy of this buffer.
*
* @return the copy.
*/
util.ByteStringBuffer.prototype.copy = function() {
var c = util.createBuffer(this.data);
c.read = this.read;
return c;
};
/**
* Compacts this buffer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.compact = function() {
if(this.read > 0) {
this.data = this.data.slice(this.read);
this.read = 0;
}
return this;
};
/**
* Clears this buffer.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.clear = function() {
this.data = '';
this.read = 0;
return this;
};
/**
* Shortens this buffer by triming bytes off of the end of this buffer.
*
* @param count the number of bytes to trim off.
*
* @return this buffer.
*/
util.ByteStringBuffer.prototype.truncate = function(count) {
var len = Math.max(0, this.length() - count);
this.data = this.data.substr(this.read, len);
this.read = 0;
return this;
};
/**
* Converts this buffer to a hexadecimal string.
*
* @return a hexadecimal string.
*/
util.ByteStringBuffer.prototype.toHex = function() {
var rval = '';
for(var i = this.read; i < this.data.length; ++i) {
var b = this.data.charCodeAt(i);
if(b < 16) {
rval += '0';
}
rval += b.toString(16);
}
return rval;
};
/**
* Converts this buffer to a UTF-16 string (standard JavaScript string).
*
* @return a UTF-16 string.
*/
util.ByteStringBuffer.prototype.toString = function() {
return util.decodeUtf8(this.bytes());
};
/** End Buffer w/BinaryString backing */
/** Buffer w/UInt8Array backing */
/**
* FIXME: Experimental. Do not use yet.
*
* Constructor for an ArrayBuffer-backed byte buffer.
*
* The buffer may be constructed from a string, an ArrayBuffer, DataView, or a
* TypedArray.
*
* If a string is given, its encoding should be provided as an option,
* otherwise it will default to 'binary'. A 'binary' string is encoded such
* that each character is one byte in length and size.
*
* If an ArrayBuffer, DataView, or TypedArray is given, it will be used
* *directly* without any copying. Note that, if a write to the buffer requires
* more space, the buffer will allocate a new backing ArrayBuffer to
* accommodate. The starting read and write offsets for the buffer may be
* given as options.
*
* @param [b] the initial bytes for this buffer.
* @param options the options to use:
* [readOffset] the starting read offset to use (default: 0).
* [writeOffset] the starting write offset to use (default: the
* length of the first parameter).
* [growSize] the minimum amount, in bytes, to grow the buffer by to
* accommodate writes (default: 1024).
* [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the
* first parameter, if it is a string (default: 'binary').
*/
function DataBuffer(b, options) {
// default options
options = options || {};
// pointers for read from/write to buffer
this.read = options.readOffset || 0;
this.growSize = options.growSize || 1024;
var isArrayBuffer = util.isArrayBuffer(b);
var isArrayBufferView = util.isArrayBufferView(b);
if(isArrayBuffer || isArrayBufferView) {
// use ArrayBuffer directly
if(isArrayBuffer) {
this.data = new DataView(b);
} else {
// TODO: adjust read/write offset based on the type of view
// or specify that this must be done in the options ... that the
// offsets are byte-based
this.data = new DataView(b.buffer, b.byteOffset, b.byteLength);
}
this.write = ('writeOffset' in options ?
options.writeOffset : this.data.byteLength);
return;
}
// initialize to empty array buffer and add any given bytes using putBytes
this.data = new DataView(new ArrayBuffer(0));
this.write = 0;
if(b !== null && b !== undefined) {
this.putBytes(b);
}
if('writeOffset' in options) {
this.write = options.writeOffset;
}
}
util.DataBuffer = DataBuffer;
/**
* Gets the number of bytes in this buffer.
*
* @return the number of bytes in this buffer.
*/
util.DataBuffer.prototype.length = function() {
return this.write - this.read;
};
/**
* Gets whether or not this buffer is empty.
*
* @return true if this buffer is empty, false if not.
*/
util.DataBuffer.prototype.isEmpty = function() {
return this.length() <= 0;
};
/**
* Ensures this buffer has enough empty space to accommodate the given number
* of bytes. An optional parameter may be given that indicates a minimum
* amount to grow the buffer if necessary. If the parameter is not given,
* the buffer will be grown by some previously-specified default amount
* or heuristic.
*
* @param amount the number of bytes to accommodate.
* @param [growSize] the minimum amount, in bytes, to grow the buffer by if
* necessary.
*/
util.DataBuffer.prototype.accommodate = function(amount, growSize) {
if(this.length() >= amount) {
return this;
}
growSize = Math.max(growSize || this.growSize, amount);
// grow buffer
var src = new Uint8Array(
this.data.buffer, this.data.byteOffset, this.data.byteLength);
var dst = new Uint8Array(this.length() + growSize);
dst.set(src);
this.data = new DataView(dst.buffer);
return this;
};
/**
* Puts a byte in this buffer.
*
* @param b the byte to put.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putByte = function(b) {
this.accommodate(1);
this.data.setUint8(this.write++, b);
return this;
};
/**
* Puts a byte in this buffer N times.
*
* @param b the byte to put.
* @param n the number of bytes of value b to put.
*
* @return this buffer.
*/
util.DataBuffer.prototype.fillWithByte = function(b, n) {
this.accommodate(n);
for(var i = 0; i < n; ++i) {
this.data.setUint8(b);
}
return this;
};
/**
* Puts bytes in this buffer. The bytes may be given as a string, an
* ArrayBuffer, a DataView, or a TypedArray.
*
* @param bytes the bytes to put.
* @param [encoding] the encoding for the first parameter ('binary', 'utf8',
* 'utf16', 'hex'), if it is a string (default: 'binary').
*
* @return this buffer.
*/
util.DataBuffer.prototype.putBytes = function(bytes, encoding) {
if(util.isArrayBufferView(bytes)) {
var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength);
var len = src.byteLength - src.byteOffset;
this.accommodate(len);
var dst = new Uint8Array(this.data.buffer, this.write);
dst.set(src);
this.write += len;
return this;
}
if(util.isArrayBuffer(bytes)) {
var src = new Uint8Array(bytes);
this.accommodate(src.byteLength);
var dst = new Uint8Array(this.data.buffer);
dst.set(src, this.write);
this.write += src.byteLength;
return this;
}
// bytes is a util.DataBuffer or equivalent
if(bytes instanceof util.DataBuffer ||
(typeof bytes === 'object' &&
typeof bytes.read === 'number' && typeof bytes.write === 'number' &&
util.isArrayBufferView(bytes.data))) {
var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length());
this.accommodate(src.byteLength);
var dst = new Uint8Array(bytes.data.byteLength, this.write);
dst.set(src);
this.write += src.byteLength;
return this;
}
if(bytes instanceof util.ByteStringBuffer) {
// copy binary string and process as the same as a string parameter below
bytes = bytes.data;
encoding = 'binary';
}
// string conversion
encoding = encoding || 'binary';
if(typeof bytes === 'string') {
var view;
// decode from string
if(encoding === 'hex') {
this.accommodate(Math.ceil(bytes.length / 2));
view = new Uint8Array(this.data.buffer, this.write);
this.write += util.binary.hex.decode(bytes, view, this.write);
return this;
}
if(encoding === 'base64') {
this.accommodate(Math.ceil(bytes.length / 4) * 3);
view = new Uint8Array(this.data.buffer, this.write);
this.write += util.binary.base64.decode(bytes, view, this.write);
return this;
}
// encode text as UTF-8 bytes
if(encoding === 'utf8') {
// encode as UTF-8 then decode string as raw binary
bytes = util.encodeUtf8(bytes);
encoding = 'binary';
}
// decode string as raw binary
if(encoding === 'binary' || encoding === 'raw') {
// one byte per character
this.accommodate(bytes.length);
view = new Uint8Array(this.data.buffer, this.write);
this.write += util.binary.raw.decode(view);
return this;
}
// encode text as UTF-16 bytes
if(encoding === 'utf16') {
// two bytes per character
this.accommodate(bytes.length * 2);
view = new Uint16Array(this.data.buffer, this.write);
this.write += util.text.utf16.encode(view);
return this;
}
throw new Error('Invalid encoding: ' + encoding);
}
throw Error('Invalid parameter: ' + bytes);
};
/**
* Puts the given buffer into this buffer.
*
* @param buffer the buffer to put into this one.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putBuffer = function(buffer) {
this.putBytes(buffer);
buffer.clear();
return this;
};
/**
* Puts a string into this buffer.
*
* @param str the string to put.
* @param [encoding] the encoding for the string (default: 'utf16').
*
* @return this buffer.
*/
util.DataBuffer.prototype.putString = function(str) {
return this.putBytes(str, 'utf16');
};
/**
* Puts a 16-bit integer in this buffer in big-endian order.
*
* @param i the 16-bit integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt16 = function(i) {
this.accommodate(2);
this.data.setInt16(this.write, i);
this.write += 2;
return this;
};
/**
* Puts a 24-bit integer in this buffer in big-endian order.
*
* @param i the 24-bit integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt24 = function(i) {
this.accommodate(3);
this.data.setInt16(this.write, i >> 8 & 0xFFFF);
this.data.setInt8(this.write, i >> 16 & 0xFF);
this.write += 3;
return this;
};
/**
* Puts a 32-bit integer in this buffer in big-endian order.
*
* @param i the 32-bit integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt32 = function(i) {
this.accommodate(4);
this.data.setInt32(this.write, i);
this.write += 4;
return this;
};
/**
* Puts a 16-bit integer in this buffer in little-endian order.
*
* @param i the 16-bit integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt16Le = function(i) {
this.accommodate(2);
this.data.setInt16(this.write, i, true);
this.write += 2;
return this;
};
/**
* Puts a 24-bit integer in this buffer in little-endian order.
*
* @param i the 24-bit integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt24Le = function(i) {
this.accommodate(3);
this.data.setInt8(this.write, i >> 16 & 0xFF);
this.data.setInt16(this.write, i >> 8 & 0xFFFF, true);
this.write += 3;
return this;
};
/**
* Puts a 32-bit integer in this buffer in little-endian order.
*
* @param i the 32-bit integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt32Le = function(i) {
this.accommodate(4);
this.data.setInt32(this.write, i, true);
this.write += 4;
return this;
};
/**
* Puts an n-bit integer in this buffer in big-endian order.
*
* @param i the n-bit integer.
* @param n the number of bits in the integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putInt = function(i, n) {
this.accommodate(n / 8);
do {
n -= 8;
this.data.setInt8(this.write++, (i >> n) & 0xFF);
} while(n > 0);
return this;
};
/**
* Puts a signed n-bit integer in this buffer in big-endian order. Two's
* complement representation is used.
*
* @param i the n-bit integer.
* @param n the number of bits in the integer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.putSignedInt = function(i, n) {
this.accommodate(n / 8);
if(i < 0) {
i += 2 << (n - 1);
}
return this.putInt(i, n);
};
/**
* Gets a byte from this buffer and advances the read pointer by 1.
*
* @return the byte.
*/
util.DataBuffer.prototype.getByte = function() {
return this.data.getInt8(this.read++);
};
/**
* Gets a uint16 from this buffer in big-endian order and advances the read
* pointer by 2.
*
* @return the uint16.
*/
util.DataBuffer.prototype.getInt16 = function() {
var rval = this.data.getInt16(this.read);
this.read += 2;
return rval;
};
/**
* Gets a uint24 from this buffer in big-endian order and advances the read
* pointer by 3.
*
* @return the uint24.
*/
util.DataBuffer.prototype.getInt24 = function() {
var rval = (
this.data.getInt16(this.read) << 8 ^
this.data.getInt8(this.read + 2));
this.read += 3;
return rval;
};
/**
* Gets a uint32 from this buffer in big-endian order and advances the read
* pointer by 4.
*
* @return the word.
*/
util.DataBuffer.prototype.getInt32 = function() {
var rval = this.data.getInt32(this.read);
this.read += 4;
return rval;
};
/**
* Gets a uint16 from this buffer in little-endian order and advances the read
* pointer by 2.
*
* @return the uint16.
*/
util.DataBuffer.prototype.getInt16Le = function() {
var rval = this.data.getInt16(this.read, true);
this.read += 2;
return rval;
};
/**
* Gets a uint24 from this buffer in little-endian order and advances the read
* pointer by 3.
*
* @return the uint24.
*/
util.DataBuffer.prototype.getInt24Le = function() {
var rval = (
this.data.getInt8(this.read) ^
this.data.getInt16(this.read + 1, true) << 8);
this.read += 3;
return rval;
};
/**
* Gets a uint32 from this buffer in little-endian order and advances the read
* pointer by 4.
*
* @return the word.
*/
util.DataBuffer.prototype.getInt32Le = function() {
var rval = this.data.getInt32(this.read, true);
this.read += 4;
return rval;
};
/**
* Gets an n-bit integer from this buffer in big-endian order and advances the
* read pointer by n/8.
*
* @param n the number of bits in the integer.
*
* @return the integer.
*/
util.DataBuffer.prototype.getInt = function(n) {
var rval = 0;
do {
rval = (rval << 8) + this.data.getInt8(this.read++);
n -= 8;
} while(n > 0);
return rval;
};
/**
* Gets a signed n-bit integer from this buffer in big-endian order, using
* two's complement, and advances the read pointer by n/8.
*
* @param n the number of bits in the integer.
*
* @return the integer.
*/
util.DataBuffer.prototype.getSignedInt = function(n) {
var x = this.getInt(n);
var max = 2 << (n - 2);
if(x >= max) {
x -= max << 1;
}
return x;
};
/**
* Reads bytes out into a UTF-8 string and clears them from the buffer.
*
* @param count the number of bytes to read, undefined or null for all.
*
* @return a UTF-8 string of bytes.
*/
util.DataBuffer.prototype.getBytes = function(count) {
// TODO: deprecate this method, it is poorly named and
// this.toString('binary') replaces it
// add a toTypedArray()/toArrayBuffer() function
var rval;
if(count) {
// read count bytes
count = Math.min(this.length(), count);
rval = this.data.slice(this.read, this.read + count);
this.read += count;
} else if(count === 0) {
rval = '';
} else {
// read all bytes, optimize to only copy when needed
rval = (this.read === 0) ? this.data : this.data.slice(this.read);
this.clear();
}
return rval;
};
/**
* Gets a UTF-8 encoded string of the bytes from this buffer without modifying
* the read pointer.
*
* @param count the number of bytes to get, omit to get all.
*
* @return a string full of UTF-8 encoded characters.
*/
util.DataBuffer.prototype.bytes = function(count) {
// TODO: deprecate this method, it is poorly named, add "getString()"
return (typeof(count) === 'undefined' ?
this.data.slice(this.read) :
this.data.slice(this.read, this.read + count));
};
/**
* Gets a byte at the given index without modifying the read pointer.
*
* @param i the byte index.
*
* @return the byte.
*/
util.DataBuffer.prototype.at = function(i) {
return this.data.getUint8(this.read + i);
};
/**
* Puts a byte at the given index without modifying the read pointer.
*
* @param i the byte index.
* @param b the byte to put.
*
* @return this buffer.
*/
util.DataBuffer.prototype.setAt = function(i, b) {
this.data.setUint8(i, b);
return this;
};
/**
* Gets the last byte without modifying the read pointer.
*
* @return the last byte.
*/
util.DataBuffer.prototype.last = function() {
return this.data.getUint8(this.write - 1);
};
/**
* Creates a copy of this buffer.
*
* @return the copy.
*/
util.DataBuffer.prototype.copy = function() {
return new util.DataBuffer(this);
};
/**
* Compacts this buffer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.compact = function() {
if(this.read > 0) {
var src = new Uint8Array(this.data.buffer, this.read);
var dst = new Uint8Array(src.byteLength);
dst.set(src);
this.data = new DataView(dst);
this.write -= this.read;
this.read = 0;
}
return this;
};
/**
* Clears this buffer.
*
* @return this buffer.
*/
util.DataBuffer.prototype.clear = function() {
this.data = new DataView(new ArrayBuffer(0));
this.read = this.write = 0;
return this;
};
/**
* Shortens this buffer by triming bytes off of the end of this buffer.
*
* @param count the number of bytes to trim off.
*
* @return this buffer.
*/
util.DataBuffer.prototype.truncate = function(count) {
this.write = Math.max(0, this.length() - count);
this.read = Math.min(this.read, this.write);
return this;
};
/**
* Converts this buffer to a hexadecimal string.
*
* @return a hexadecimal string.
*/
util.DataBuffer.prototype.toHex = function() {
var rval = '';
for(var i = this.read; i < this.data.byteLength; ++i) {
var b = this.data.getUint8(i);
if(b < 16) {
rval += '0';
}
rval += b.toString(16);
}
return rval;
};
/**
* Converts this buffer to a string, using the given encoding. If no
* encoding is given, 'utf8' (UTF-8) is used.
*
* @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex',
* 'base64' (default: 'utf8').
*
* @return a string representation of the bytes in this buffer.
*/
util.DataBuffer.prototype.toString = function(encoding) {
var view = new Uint8Array(this.data, this.read, this.length());
encoding = encoding || 'utf8';
// encode to string
if(encoding === 'binary' || encoding === 'raw') {
return util.binary.raw.encode(view);
}
if(encoding === 'hex') {
return util.binary.hex.encode(view);
}
if(encoding === 'base64') {
return util.binary.base64.encode(view);
}
// decode to text
if(encoding === 'utf8') {
return util.text.utf8.decode(view);
}
if(encoding === 'utf16') {
return util.text.utf16.decode(view);
}
throw new Error('Invalid encoding: ' + encoding);
};
/** End Buffer w/UInt8Array backing */
/**
* Creates a buffer that stores bytes. A value may be given to put into the
* buffer that is either a string of bytes or a UTF-16 string that will
* be encoded using UTF-8 (to do the latter, specify 'utf8' as the encoding).
*
* @param [input] the bytes to wrap (as a string) or a UTF-16 string to encode
* as UTF-8.
* @param [encoding] (default: 'raw', other: 'utf8').
*/
util.createBuffer = function(input, encoding) {
// TODO: deprecate, use new ByteBuffer() instead
encoding = encoding || 'raw';
if(input !== undefined && encoding === 'utf8') {
input = util.encodeUtf8(input);
}
return new util.ByteBuffer(input);
};
/**
* Fills a string with a particular value. If you want the string to be a byte
* string, pass in String.fromCharCode(theByte).
*
* @param c the character to fill the string with, use String.fromCharCode
* to fill the string with a byte value.
* @param n the number of characters of value c to fill with.
*
* @return the filled string.
*/
util.fillString = function(c, n) {
var s = '';
while(n > 0) {
if(n & 1) {
s += c;
}
n >>>= 1;
if(n > 0) {
c += c;
}
}
return s;
};
/**
* Performs a per byte XOR between two byte strings and returns the result as a
* string of bytes.
*
* @param s1 first string of bytes.
* @param s2 second string of bytes.
* @param n the number of bytes to XOR.
*
* @return the XOR'd result.
*/
util.xorBytes = function(s1, s2, n) {
var s3 = '';
var b = '';
var t = '';
var i = 0;
var c = 0;
for(; n > 0; --n, ++i) {
b = s1.charCodeAt(i) ^ s2.charCodeAt(i);
if(c >= 10) {
s3 += t;
t = '';
c = 0;
}
t += String.fromCharCode(b);
++c;
}
s3 += t;
return s3;
};
/**
* Converts a hex string into a 'binary' encoded string of bytes.
*
* @param hex the hexadecimal string to convert.
*
* @return the binary-encoded string of bytes.
*/
util.hexToBytes = function(hex) {
// TODO: deprecate: "Deprecated. Use util.binary.hex.decode instead."
var rval = '';
var i = 0;
if(hex.length & 1 == 1) {
// odd number of characters, convert first character alone
i = 1;
rval += String.fromCharCode(parseInt(hex[0], 16));
}
// convert 2 characters (1 byte) at a time
for(; i < hex.length; i += 2) {
rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
}
return rval;
};
/**
* Converts a 'binary' encoded string of bytes to hex.
*
* @param bytes the byte string to convert.
*
* @return the string of hexadecimal characters.
*/
util.bytesToHex = function(bytes) {
// TODO: deprecate: "Deprecated. Use util.binary.hex.encode instead."
return util.createBuffer(bytes).toHex();
};
/**
* Converts an 32-bit integer to 4-big-endian byte string.
*
* @param i the integer.
*
* @return the byte string.
*/
util.int32ToBytes = function(i) {
return (
String.fromCharCode(i >> 24 & 0xFF) +
String.fromCharCode(i >> 16 & 0xFF) +
String.fromCharCode(i >> 8 & 0xFF) +
String.fromCharCode(i & 0xFF));
};
// base64 characters, reverse mapping
var _base64 =
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
var _base64Idx = [
/*43 -43 = 0*/
/*'+', 1, 2, 3,'/' */
62, -1, -1, -1, 63,
/*'0','1','2','3','4','5','6','7','8','9' */
52, 53, 54, 55, 56, 57, 58, 59, 60, 61,
/*15, 16, 17,'=', 19, 20, 21 */
-1, -1, -1, 64, -1, -1, -1,
/*65 - 43 = 22*/
/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */
13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,
/*91 - 43 = 48 */
/*48, 49, 50, 51, 52, 53 */
-1, -1, -1, -1, -1, -1,
/*97 - 43 = 54*/
/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */
26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */
39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51
];
/**
* Base64 encodes a 'binary' encoded string of bytes.
*
* @param input the binary encoded string of bytes to base64-encode.
* @param maxline the maximum number of encoded characters per line to use,
* defaults to none.
*
* @return the base64-encoded output.
*/
util.encode64 = function(input, maxline) {
// TODO: deprecate: "Deprecated. Use util.binary.base64.encode instead."
var line = '';
var output = '';
var chr1, chr2, chr3;
var i = 0;
while(i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
// encode 4 character group
line += _base64.charAt(chr1 >> 2);
line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));
if(isNaN(chr2)) {
line += '==';
} else {
line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));
line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);
}
if(maxline && line.length > maxline) {
output += line.substr(0, maxline) + '\r\n';
line = line.substr(maxline);
}
}
output += line;
return output;
};
/**
* Base64 decodes a string into a 'binary' encoded string of bytes.
*
* @param input the base64-encoded input.
*
* @return the binary encoded string.
*/
util.decode64 = function(input) {
// TODO: deprecate: "Deprecated. Use util.binary.base64.decode instead."
// remove all non-base64 characters
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, '');
var output = '';
var enc1, enc2, enc3, enc4;
var i = 0;
while(i < input.length) {
enc1 = _base64Idx[input.charCodeAt(i++) - 43];
enc2 = _base64Idx[input.charCodeAt(i++) - 43];
enc3 = _base64Idx[input.charCodeAt(i++) - 43];
enc4 = _base64Idx[input.charCodeAt(i++) - 43];
output += String.fromCharCode((enc1 << 2) | (enc2 >> 4));
if(enc3 !== 64) {
// decoded at least 2 bytes
output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2));
if(enc4 !== 64) {
// decoded 3 bytes
output += String.fromCharCode(((enc3 & 3) << 6) | enc4);
}
}
}
return output;
};
/**
* UTF-8 encodes the given UTF-16 encoded string (a standard JavaScript
* string). Non-ASCII characters will be encoded as multiple bytes according
* to UTF-8.
*
* @param str the string to encode.
*
* @return the UTF-8 encoded string.
*/
util.encodeUtf8 = function(str) {
return unescape(encodeURIComponent(str));
};
/**
* Decodes a UTF-8 encoded string into a UTF-16 string.
*
* @param str the string to decode.
*
* @return the UTF-16 encoded string (standard JavaScript string).
*/
util.decodeUtf8 = function(str) {
return decodeURIComponent(escape(str));
};
// binary encoding/decoding tools
// FIXME: Experimental. Do not use yet.
util.binary = {
raw: {},
hex: {},
base64: {}
};
/**
* Encodes a Uint8Array as a binary-encoded string. This encoding uses
* a value between 0 and 255 for each character.
*
* @param bytes the Uint8Array to encode.
*
* @return the binary-encoded string.
*/
util.binary.raw.encode = function(bytes) {
return String.fromCharCode.apply(null, bytes);
};
/**
* Decodes a binary-encoded string to a Uint8Array. This encoding uses
* a value between 0 and 255 for each character.
*
* @param str the binary-encoded string to decode.
* @param [output] an optional Uint8Array to write the output to; if it
* is too small, an exception will be thrown.
* @param [offset] the start offset for writing to the output (default: 0).
*
* @return the Uint8Array or the number of bytes written if output was given.
*/
util.binary.raw.decode = function(str, output, offset) {
var out = output;
if(!out) {
out = new Uint8Array(str.length);
}
offset = offset || 0;
var j = offset;
for(var i = 0; i < str.length; ++i) {
out[j++] = str.charCodeAt(i);
}
return output ? (j - offset) : out;
};
/**
* Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or
* ByteBuffer as a string of hexadecimal characters.
*
* @param bytes the bytes to convert.
*
* @return the string of hexadecimal characters.
*/
util.binary.hex.encode = util.bytesToHex;
/**
* Decodes a hex-encoded string to a Uint8Array.
*
* @param hex the hexadecimal string to convert.
* @param [output] an optional Uint8Array to write the output to; if it
* is too small, an exception will be thrown.
* @param [offset] the start offset for writing to the output (default: 0).
*
* @return the Uint8Array or the number of bytes written if output was given.
*/
util.binary.hex.decode = function(hex, output, offset) {
var out = output;
if(!out) {
out = new Uint8Array(Math.ceil(hex.length / 2));
}
offset = offset || 0;
var i = 0, j = offset;
if(hex.length & 1) {
// odd number of characters, convert first character alone
i = 1;
out[j++] = parseInt(hex[0], 16);
}
// convert 2 characters (1 byte) at a time
for(; i < hex.length; i += 2) {
out[j++] = parseInt(hex.substr(i, 2), 16);
}
return output ? (j - offset) : out;
};
/**
* Base64-encodes a Uint8Array.
*
* @param input the Uint8Array to encode.
* @param maxline the maximum number of encoded characters per line to use,
* defaults to none.
*
* @return the base64-encoded output string.
*/
util.binary.base64.encode = function(input, maxline) {
var line = '';
var output = '';
var chr1, chr2, chr3;
var i = 0;
while(i < input.byteLength) {
chr1 = input[i++];
chr2 = input[i++];
chr3 = input[i++];
// encode 4 character group
line += _base64.charAt(chr1 >> 2);
line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));
if(isNaN(chr2)) {
line += '==';
} else {
line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));
line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);
}
if(maxline && line.length > maxline) {
output += line.substr(0, maxline) + '\r\n';
line = line.substr(maxline);
}
}
output += line;
return output;
};
/**
* Decodes a base64-encoded string to a Uint8Array.
*
* @param input the base64-encoded input string.
* @param [output] an optional Uint8Array to write the output to; if it
* is too small, an exception will be thrown.
* @param [offset] the start offset for writing to the output (default: 0).
*
* @return the Uint8Array or the number of bytes written if output was given.
*/
util.binary.base64.decode = function(input, output, offset) {
var out = output;
if(!out) {
out = new Uint8Array(Math.ceil(input.length / 4) * 3);
}
// remove all non-base64 characters
input = input.replace(/[^A-Za-z0-9\+\/\=]/g, '');
offset = offset || 0;
var enc1, enc2, enc3, enc4;
var i = 0, j = offset;
while(i < input.length) {
enc1 = _base64Idx[input.charCodeAt(i++) - 43];
enc2 = _base64Idx[input.charCodeAt(i++) - 43];
enc3 = _base64Idx[input.charCodeAt(i++) - 43];
enc4 = _base64Idx[input.charCodeAt(i++) - 43];
out[j++] = (enc1 << 2) | (enc2 >> 4);
if(enc3 !== 64) {
// decoded at least 2 bytes
out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2);
if(enc4 !== 64) {
// decoded 3 bytes
out[j++] = ((enc3 & 3) << 6) | enc4;
}
}
}
// make sure result is the exact decoded length
return output ?
(j - offset) :
out.subarray(0, j);
};
// text encoding/decoding tools
// FIXME: Experimental. Do not use yet.
util.text = {
utf8: {},
utf16: {}
};
/**
* Encodes the given string as UTF-8 in a Uint8Array.
*
* @param str the string to encode.
* @param [output] an optional Uint8Array to write the output to; if it
* is too small, an exception will be thrown.
* @param [offset] the start offset for writing to the output (default: 0).
*
* @return the Uint8Array or the number of bytes written if output was given.
*/
util.text.utf8.encode = function(str, output, offset) {
str = util.encodeUtf8(str);
var out = output;
if(!out) {
out = new Uint8Array(str.length);
}
offset = offset || 0;
var j = offset;
for(var i = 0; i < str.length; ++i) {
out[j++] = str.charCodeAt(i);
}
return output ? (j - offset) : out;
};
/**
* Decodes the UTF-8 contents from a Uint8Array.
*
* @param bytes the Uint8Array to decode.
*
* @return the resulting string.
*/
util.text.utf8.decode = function(bytes) {
return util.decodeUtf8(String.fromCharCode.apply(null, bytes));
};
/**
* Encodes the given string as UTF-16 in a Uint8Array.
*
* @param str the string to encode.
* @param [output] an optional Uint8Array to write the output to; if it
* is too small, an exception will be thrown.
* @param [offset] the start offset for writing to the output (default: 0).
*
* @return the Uint8Array or the number of bytes written if output was given.
*/
util.text.utf16.encode = function(str, output, offset) {
var out = output;
if(!out) {
out = new Uint8Array(str.length * 2);
}
var view = new Uint16Array(out.buffer);
offset = offset || 0;
var j = offset;
var k = offset;
for(var i = 0; i < str.length; ++i) {
view[k++] = str.charCodeAt(i);
j += 2;
}
return output ? (j - offset) : out;
};
/**
* Decodes the UTF-16 contents from a Uint8Array.
*
* @param bytes the Uint8Array to decode.
*
* @return the resulting string.
*/
util.text.utf16.decode = function(bytes) {
return String.fromCharCode.apply(null, new Uint16Array(bytes.buffer));
};
/**
* Deflates the given data using a flash interface.
*
* @param api the flash interface.
* @param bytes the data.
* @param raw true to return only raw deflate data, false to include zlib
* header and trailer.
*
* @return the deflated data as a string.
*/
util.deflate = function(api, bytes, raw) {
bytes = util.decode64(api.deflate(util.encode64(bytes)).rval);
// strip zlib header and trailer if necessary
if(raw) {
// zlib header is 2 bytes (CMF,FLG) where FLG indicates that
// there is a 4-byte DICT (alder-32) block before the data if
// its 5th bit is set
var start = 2;
var flg = bytes.charCodeAt(1);
if(flg & 0x20) {
start = 6;
}
// zlib trailer is 4 bytes of adler-32
bytes = bytes.substring(start, bytes.length - 4);
}
return bytes;
};
/**
* Inflates the given data using a flash interface.
*
* @param api the flash interface.
* @param bytes the data.
* @param raw true if the incoming data has no zlib header or trailer and is
* raw DEFLATE data.
*
* @return the inflated data as a string, null on error.
*/
util.inflate = function(api, bytes, raw) {
// TODO: add zlib header and trailer if necessary/possible
var rval = api.inflate(util.encode64(bytes)).rval;
return (rval === null) ? null : util.decode64(rval);
};
/**
* Sets a storage object.
*
* @param api the storage interface.
* @param id the storage ID to use.
* @param obj the storage object, null to remove.
*/
var _setStorageObject = function(api, id, obj) {
if(!api) {
throw new Error('WebStorage not available.');
}
var rval;
if(obj === null) {
rval = api.removeItem(id);
} else {
// json-encode and base64-encode object
obj = util.encode64(JSON.stringify(obj));
rval = api.setItem(id, obj);
}
// handle potential flash error
if(typeof(rval) !== 'undefined' && rval.rval !== true) {
var error = new Error(rval.error.message);
error.id = rval.error.id;
error.name = rval.error.name;
throw error;
}
};
/**
* Gets a storage object.
*
* @param api the storage interface.
* @param id the storage ID to use.
*
* @return the storage object entry or null if none exists.
*/
var _getStorageObject = function(api, id) {
if(!api) {
throw new Error('WebStorage not available.');
}
// get the existing entry
var rval = api.getItem(id);
/* Note: We check api.init because we can't do (api == localStorage)
on IE because of "Class doesn't support Automation" exception. Only
the flash api has an init method so this works too, but we need a
better solution in the future. */
// flash returns item wrapped in an object, handle special case
if(api.init) {
if(rval.rval === null) {
if(rval.error) {
var error = new Error(rval.error.message);
error.id = rval.error.id;
error.name = rval.error.name;
throw error;
}
// no error, but also no item
rval = null;
} else {
rval = rval.rval;
}
}
// handle decoding
if(rval !== null) {
// base64-decode and json-decode data
rval = JSON.parse(util.decode64(rval));
}
return rval;
};
/**
* Stores an item in local storage.
*
* @param api the storage interface.
* @param id the storage ID to use.
* @param key the key for the item.
* @param data the data for the item (any javascript object/primitive).
*/
var _setItem = function(api, id, key, data) {
// get storage object
var obj = _getStorageObject(api, id);
if(obj === null) {
// create a new storage object
obj = {};
}
// update key
obj[key] = data;
// set storage object
_setStorageObject(api, id, obj);
};
/**
* Gets an item from local storage.
*
* @param api the storage interface.
* @param id the storage ID to use.
* @param key the key for the item.
*
* @return the item.
*/
var _getItem = function(api, id, key) {
// get storage object
var rval = _getStorageObject(api, id);
if(rval !== null) {
// return data at key
rval = (key in rval) ? rval[key] : null;
}
return rval;
};
/**
* Removes an item from local storage.
*
* @param api the storage interface.
* @param id the storage ID to use.
* @param key the key for the item.
*/
var _removeItem = function(api, id, key) {
// get storage object
var obj = _getStorageObject(api, id);
if(obj !== null && key in obj) {
// remove key
delete obj[key];
// see if entry has no keys remaining
var empty = true;
for(var prop in obj) {
empty = false;
break;
}
if(empty) {
// remove entry entirely if no keys are left
obj = null;
}
// set storage object
_setStorageObject(api, id, obj);
}
};
/**
* Clears the local disk storage identified by the given ID.
*
* @param api the storage interface.
* @param id the storage ID to use.
*/
var _clearItems = function(api, id) {
_setStorageObject(api, id, null);
};
/**
* Calls a storage function.
*
* @param func the function to call.
* @param args the arguments for the function.
* @param location the location argument.
*
* @return the return value from the function.
*/
var _callStorageFunction = function(func, args, location) {
var rval = null;
// default storage types
if(typeof(location) === 'undefined') {
location = ['web', 'flash'];
}
// apply storage types in order of preference
var type;
var done = false;
var exception = null;
for(var idx in location) {
type = location[idx];
try {
if(type === 'flash' || type === 'both') {
if(args[0] === null) {
throw new Error('Flash local storage not available.');
}
rval = func.apply(this, args);
done = (type === 'flash');
}
if(type === 'web' || type === 'both') {
args[0] = localStorage;
rval = func.apply(this, args);
done = true;
}
} catch(ex) {
exception = ex;
}
if(done) {
break;
}
}
if(!done) {
throw exception;
}
return rval;
};
/**
* Stores an item on local disk.
*
* The available types of local storage include 'flash', 'web', and 'both'.
*
* The type 'flash' refers to flash local storage (SharedObject). In order
* to use flash local storage, the 'api' parameter must be valid. The type
* 'web' refers to WebStorage, if supported by the browser. The type 'both'
* refers to storing using both 'flash' and 'web', not just one or the
* other.
*
* The location array should list the storage types to use in order of
* preference:
*
* ['flash']: flash only storage
* ['web']: web only storage
* ['both']: try to store in both
* ['flash','web']: store in flash first, but if not available, 'web'
* ['web','flash']: store in web first, but if not available, 'flash'
*
* The location array defaults to: ['web', 'flash']
*
* @param api the flash interface, null to use only WebStorage.
* @param id the storage ID to use.
* @param key the key for the item.
* @param data the data for the item (any javascript object/primitive).
* @param location an array with the preferred types of storage to use.
*/
util.setItem = function(api, id, key, data, location) {
_callStorageFunction(_setItem, arguments, location);
};
/**
* Gets an item on local disk.
*
* Set setItem() for details on storage types.
*
* @param api the flash interface, null to use only WebStorage.
* @param id the storage ID to use.
* @param key the key for the item.
* @param location an array with the preferred types of storage to use.
*
* @return the item.
*/
util.getItem = function(api, id, key, location) {
return _callStorageFunction(_getItem, arguments, location);
};
/**
* Removes an item on local disk.
*
* Set setItem() for details on storage types.
*
* @param api the flash interface.
* @param id the storage ID to use.
* @param key the key for the item.
* @param location an array with the preferred types of storage to use.
*/
util.removeItem = function(api, id, key, location) {
_callStorageFunction(_removeItem, arguments, location);
};
/**
* Clears the local disk storage identified by the given ID.
*
* Set setItem() for details on storage types.
*
* @param api the flash interface if flash is available.
* @param id the storage ID to use.
* @param location an array with the preferred types of storage to use.
*/
util.clearItems = function(api, id, location) {
_callStorageFunction(_clearItems, arguments, location);
};
/**
* Parses the scheme, host, and port from an http(s) url.
*
* @param str the url string.
*
* @return the parsed url object or null if the url is invalid.
*/
util.parseUrl = function(str) {
// FIXME: this regex looks a bit broken
var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g;
regex.lastIndex = 0;
var m = regex.exec(str);
var url = (m === null) ? null : {
full: str,
scheme: m[1],
host: m[2],
port: m[3],
path: m[4]
};
if(url) {
url.fullHost = url.host;
if(url.port) {
if(url.port !== 80 && url.scheme === 'http') {
url.fullHost += ':' + url.port;
} else if(url.port !== 443 && url.scheme === 'https') {
url.fullHost += ':' + url.port;
}
} else if(url.scheme === 'http') {
url.port = 80;
} else if(url.scheme === 'https') {
url.port = 443;
}
url.full = url.scheme + '://' + url.fullHost;
}
return url;
};
/* Storage for query variables */
var _queryVariables = null;
/**
* Returns the window location query variables. Query is parsed on the first
* call and the same object is returned on subsequent calls. The mapping
* is from keys to an array of values. Parameters without values will have
* an object key set but no value added to the value array. Values are
* unescaped.
*
* ...?k1=v1&k2=v2:
* {
* "k1": ["v1"],
* "k2": ["v2"]
* }
*
* ...?k1=v1&k1=v2:
* {
* "k1": ["v1", "v2"]
* }
*
* ...?k1=v1&k2:
* {
* "k1": ["v1"],
* "k2": []
* }
*
* ...?k1=v1&k1:
* {
* "k1": ["v1"]
* }
*
* ...?k1&k1:
* {
* "k1": []
* }
*
* @param query the query string to parse (optional, default to cached
* results from parsing window location search query).
*
* @return object mapping keys to variables.
*/
util.getQueryVariables = function(query) {
var parse = function(q) {
var rval = {};
var kvpairs = q.split('&');
for(var i = 0; i < kvpairs.length; i++) {
var pos = kvpairs[i].indexOf('=');
var key;
var val;
if(pos > 0) {
key = kvpairs[i].substring(0, pos);
val = kvpairs[i].substring(pos + 1);
} else {
key = kvpairs[i];
val = null;
}
if(!(key in rval)) {
rval[key] = [];
}
// disallow overriding object prototype keys
if(!(key in Object.prototype) && val !== null) {
rval[key].push(unescape(val));
}
}
return rval;
};
var rval;
if(typeof(query) === 'undefined') {
// set cached variables if needed
if(_queryVariables === null) {
if(typeof(window) !== 'undefined' && window.location && window.location.search) {
// parse window search query
_queryVariables = parse(window.location.search.substring(1));
} else {
// no query variables available
_queryVariables = {};
}
}
rval = _queryVariables;
} else {
// parse given query
rval = parse(query);
}
return rval;
};
/**
* Parses a fragment into a path and query. This method will take a URI
* fragment and break it up as if it were the main URI. For example:
* /bar/baz?a=1&b=2
* results in:
* {
* path: ["bar", "baz"],
* query: {"k1": ["v1"], "k2": ["v2"]}
* }
*
* @return object with a path array and query object.
*/
util.parseFragment = function(fragment) {
// default to whole fragment
var fp = fragment;
var fq = '';
// split into path and query if possible at the first '?'
var pos = fragment.indexOf('?');
if(pos > 0) {
fp = fragment.substring(0, pos);
fq = fragment.substring(pos + 1);
}
// split path based on '/' and ignore first element if empty
var path = fp.split('/');
if(path.length > 0 && path[0] === '') {
path.shift();
}
// convert query into object
var query = (fq === '') ? {} : util.getQueryVariables(fq);
return {
pathString: fp,
queryString: fq,
path: path,
query: query
};
};
/**
* Makes a request out of a URI-like request string. This is intended to
* be used where a fragment id (after a URI '#') is parsed as a URI with
* path and query parts. The string should have a path beginning and
* delimited by '/' and optional query parameters following a '?'. The
* query should be a standard URL set of key value pairs delimited by
* '&'. For backwards compatibility the initial '/' on the path is not
* required. The request object has the following API, (fully described
* in the method code):
* {
* path: <the path string part>.
* query: <the query string part>,
* getPath(i): get part or all of the split path array,
* getQuery(k, i): get part or all of a query key array,
* getQueryLast(k, _default): get last element of a query key array.
* }
*
* @return object with request parameters.
*/
util.makeRequest = function(reqString) {
var frag = util.parseFragment(reqString);
var req = {
// full path string
path: frag.pathString,
// full query string
query: frag.queryString,
/**
* Get path or element in path.
*
* @param i optional path index.
*
* @return path or part of path if i provided.
*/
getPath: function(i) {
return (typeof(i) === 'undefined') ? frag.path : frag.path[i];
},
/**
* Get query, values for a key, or value for a key index.
*
* @param k optional query key.
* @param i optional query key index.
*
* @return query, values for a key, or value for a key index.
*/
getQuery: function(k, i) {
var rval;
if(typeof(k) === 'undefined') {
rval = frag.query;
} else {
rval = frag.query[k];
if(rval && typeof(i) !== 'undefined') {
rval = rval[i];
}
}
return rval;
},
getQueryLast: function(k, _default) {
var rval;
var vals = req.getQuery(k);
if(vals) {
rval = vals[vals.length - 1];
} else {
rval = _default;
}
return rval;
}
};
return req;
};
/**
* Makes a URI out of a path, an object with query parameters, and a
* fragment. Uses jQuery.param() internally for query string creation.
* If the path is an array, it will be joined with '/'.
*
* @param path string path or array of strings.
* @param query object with query parameters. (optional)
* @param fragment fragment string. (optional)
*
* @return string object with request parameters.
*/
util.makeLink = function(path, query, fragment) {
// join path parts if needed
path = jQuery.isArray(path) ? path.join('/') : path;
var qstr = jQuery.param(query || {});
fragment = fragment || '';
return path +
((qstr.length > 0) ? ('?' + qstr) : '') +
((fragment.length > 0) ? ('#' + fragment) : '');
};
/**
* Follows a path of keys deep into an object hierarchy and set a value.
* If a key does not exist or it's value is not an object, create an
* object in it's place. This can be destructive to a object tree if
* leaf nodes are given as non-final path keys.
* Used to avoid exceptions from missing parts of the path.
*
* @param object the starting object.
* @param keys an array of string keys.
* @param value the value to set.
*/
util.setPath = function(object, keys, value) {
// need to start at an object
if(typeof(object) === 'object' && object !== null) {
var i = 0;
var len = keys.length;
while(i < len) {
var next = keys[i++];
if(i == len) {
// last
object[next] = value;
} else {
// more
var hasNext = (next in object);
if(!hasNext ||
(hasNext && typeof(object[next]) !== 'object') ||
(hasNext && object[next] === null)) {
object[next] = {};
}
object = object[next];
}
}
}
};
/**
* Follows a path of keys deep into an object hierarchy and return a value.
* If a key does not exist, create an object in it's place.
* Used to avoid exceptions from missing parts of the path.
*
* @param object the starting object.
* @param keys an array of string keys.
* @param _default value to return if path not found.
*
* @return the value at the path if found, else default if given, else
* undefined.
*/
util.getPath = function(object, keys, _default) {
var i = 0;
var len = keys.length;
var hasNext = true;
while(hasNext && i < len &&
typeof(object) === 'object' && object !== null) {
var next = keys[i++];
hasNext = next in object;
if(hasNext) {
object = object[next];
}
}
return (hasNext ? object : _default);
};
/**
* Follow a path of keys deep into an object hierarchy and delete the
* last one. If a key does not exist, do nothing.
* Used to avoid exceptions from missing parts of the path.
*
* @param object the starting object.
* @param keys an array of string keys.
*/
util.deletePath = function(object, keys) {
// need to start at an object
if(typeof(object) === 'object' && object !== null) {
var i = 0;
var len = keys.length;
while(i < len) {
var next = keys[i++];
if(i == len) {
// last
delete object[next];
} else {
// more
if(!(next in object) ||
(typeof(object[next]) !== 'object') ||
(object[next] === null)) {
break;
}
object = object[next];
}
}
}
};
/**
* Check if an object is empty.
*
* Taken from:
* http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937
*
* @param object the object to check.
*/
util.isEmpty = function(obj) {
for(var prop in obj) {
if(obj.hasOwnProperty(prop)) {
return false;
}
}
return true;
};
/**
* Format with simple printf-style interpolation.
*
* %%: literal '%'
* %s,%o: convert next argument into a string.
*
* @param format the string to format.
* @param ... arguments to interpolate into the format string.
*/
util.format = function(format) {
var re = /%./g;
// current match
var match;
// current part
var part;
// current arg index
var argi = 0;
// collected parts to recombine later
var parts = [];
// last index found
var last = 0;
// loop while matches remain
while((match = re.exec(format))) {
part = format.substring(last, re.lastIndex - 2);
// don't add empty strings (ie, parts between %s%s)
if(part.length > 0) {
parts.push(part);
}
last = re.lastIndex;
// switch on % code
var code = match[0][1];
switch(code) {
case 's':
case 'o':
// check if enough arguments were given
if(argi < arguments.length) {
parts.push(arguments[argi++ + 1]);
} else {
parts.push('<?>');
}
break;
// FIXME: do proper formating for numbers, etc
//case 'f':
//case 'd':
case '%':
parts.push('%');
break;
default:
parts.push('<%' + code + '?>');
}
}
// add trailing part of format string
parts.push(format.substring(last));
return parts.join('');
};
/**
* Formats a number.
*
* http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/
*/
util.formatNumber = function(number, decimals, dec_point, thousands_sep) {
// http://kevin.vanzonneveld.net
// + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)
// + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
// + bugfix by: Michael White (http://crestidg.com)
// + bugfix by: Benjamin Lupton
// + bugfix by: Allan Jensen (http://www.winternet.no)
// + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)
// * example 1: number_format(1234.5678, 2, '.', '');
// * returns 1: 1234.57
var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals;
var d = dec_point === undefined ? ',' : dec_point;
var t = thousands_sep === undefined ?
'.' : thousands_sep, s = n < 0 ? '-' : '';
var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + '';
var j = (i.length > 3) ? i.length % 3 : 0;
return s + (j ? i.substr(0, j) + t : '') +
i.substr(j).replace(/(\d{3})(?=\d)/g, '$1' + t) +
(c ? d + Math.abs(n - i).toFixed(c).slice(2) : '');
};
/**
* Formats a byte size.
*
* http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/
*/
util.formatSize = function(size) {
if(size >= 1073741824) {
size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB';
} else if(size >= 1048576) {
size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB';
} else if(size >= 1024) {
size = util.formatNumber(size / 1024, 0) + ' KiB';
} else {
size = util.formatNumber(size, 0) + ' bytes';
}
return size;
};
/**
* Converts an IPv4 or IPv6 string representation into bytes (in network order).
*
* @param ip the IPv4 or IPv6 address to convert.
*
* @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't
* be parsed.
*/
util.bytesFromIP = function(ip) {
if(ip.indexOf('.') !== -1) {
return util.bytesFromIPv4(ip);
}
if(ip.indexOf(':') !== -1) {
return util.bytesFromIPv6(ip);
}
return null;
};
/**
* Converts an IPv4 string representation into bytes (in network order).
*
* @param ip the IPv4 address to convert.
*
* @return the 4-byte address or null if the address can't be parsed.
*/
util.bytesFromIPv4 = function(ip) {
ip = ip.split('.');
if(ip.length !== 4) {
return null;
}
var b = util.createBuffer();
for(var i = 0; i < ip.length; ++i) {
var num = parseInt(ip[i], 10);
if(isNaN(num)) {
return null;
}
b.putByte(num);
}
return b.getBytes();
};
/**
* Converts an IPv6 string representation into bytes (in network order).
*
* @param ip the IPv6 address to convert.
*
* @return the 16-byte address or null if the address can't be parsed.
*/
util.bytesFromIPv6 = function(ip) {
var blanks = 0;
ip = ip.split(':').filter(function(e) {
if(e.length === 0) ++blanks;
return true;
});
var zeros = (8 - ip.length + blanks) * 2;
var b = util.createBuffer();
for(var i = 0; i < 8; ++i) {
if(!ip[i] || ip[i].length === 0) {
b.fillWithByte(0, zeros);
zeros = 0;
continue;
}
var bytes = util.hexToBytes(ip[i]);
if(bytes.length < 2) {
b.putByte(0);
}
b.putBytes(bytes);
}
return b.getBytes();
};
/**
* Converts 4-bytes into an IPv4 string representation or 16-bytes into
* an IPv6 string representation. The bytes must be in network order.
*
* @param bytes the bytes to convert.
*
* @return the IPv4 or IPv6 string representation if 4 or 16 bytes,
* respectively, are given, otherwise null.
*/
util.bytesToIP = function(bytes) {
if(bytes.length === 4) {
return util.bytesToIPv4(bytes);
}
if(bytes.length === 16) {
return util.bytesToIPv6(bytes);
}
return null;
};
/**
* Converts 4-bytes into an IPv4 string representation. The bytes must be
* in network order.
*
* @param bytes the bytes to convert.
*
* @return the IPv4 string representation or null for an invalid # of bytes.
*/
util.bytesToIPv4 = function(bytes) {
if(bytes.length !== 4) {
return null;
}
var ip = [];
for(var i = 0; i < bytes.length; ++i) {
ip.push(bytes.charCodeAt(i));
}
return ip.join('.');
};
/**
* Converts 16-bytes into an IPv16 string representation. The bytes must be
* in network order.
*
* @param bytes the bytes to convert.
*
* @return the IPv16 string representation or null for an invalid # of bytes.
*/
util.bytesToIPv6 = function(bytes) {
if(bytes.length !== 16) {
return null;
}
var ip = [];
var zeroGroups = [];
var zeroMaxGroup = 0;
for(var i = 0; i < bytes.length; i += 2) {
var hex = util.bytesToHex(bytes[i] + bytes[i + 1]);
// canonicalize zero representation
while(hex[0] === '0' && hex !== '0') {
hex = hex.substr(1);
}
if(hex === '0') {
var last = zeroGroups[zeroGroups.length - 1];
var idx = ip.length;
if(!last || idx !== last.end + 1) {
zeroGroups.push({start: idx, end: idx});
} else {
last.end = idx;
if((last.end - last.start) >
(zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) {
zeroMaxGroup = zeroGroups.length - 1;
}
}
}
ip.push(hex);
}
if(zeroGroups.length > 0) {
var group = zeroGroups[zeroMaxGroup];
// only shorten group of length > 0
if(group.end - group.start > 0) {
ip.splice(group.start, group.end - group.start + 1, '');
if(group.start === 0) {
ip.unshift('');
}
if(group.end === 7) {
ip.push('');
}
}
}
return ip.join(':');
};
/**
* Estimates the number of processes that can be run concurrently. If
* creating Web Workers, keep in mind that the main JavaScript process needs
* its own core.
*
* @param options the options to use:
* update true to force an update (not use the cached value).
* @param callback(err, max) called once the operation completes.
*/
util.estimateCores = function(options, callback) {
if(typeof options === 'function') {
callback = options;
options = {};
}
options = options || {};
if('cores' in util && !options.update) {
return callback(null, util.cores);
}
if(typeof navigator !== 'undefined' &&
'hardwareConcurrency' in navigator &&
navigator.hardwareConcurrency > 0) {
util.cores = navigator.hardwareConcurrency;
return callback(null, util.cores);
}
if(typeof Worker === 'undefined') {
// workers not available
util.cores = 1;
return callback(null, util.cores);
}
if(typeof Blob === 'undefined') {
// can't estimate, default to 2
util.cores = 2;
return callback(null, util.cores);
}
// create worker concurrency estimation code as blob
var blobUrl = URL.createObjectURL(new Blob(['(',
function() {
self.addEventListener('message', function(e) {
// run worker for 4 ms
var st = Date.now();
var et = st + 4;
while(Date.now() < et);
self.postMessage({st: st, et: et});
});
}.toString(),
')()'], {type: 'application/javascript'}));
// take 5 samples using 16 workers
sample([], 5, 16);
function sample(max, samples, numWorkers) {
if(samples === 0) {
// get overlap average
var avg = Math.floor(max.reduce(function(avg, x) {
return avg + x;
}, 0) / max.length);
util.cores = Math.max(1, avg);
URL.revokeObjectURL(blobUrl);
return callback(null, util.cores);
}
map(numWorkers, function(err, results) {
max.push(reduce(numWorkers, results));
sample(max, samples - 1, numWorkers);
});
}
function map(numWorkers, callback) {
var workers = [];
var results = [];
for(var i = 0; i < numWorkers; ++i) {
var worker = new Worker(blobUrl);
worker.addEventListener('message', function(e) {
results.push(e.data);
if(results.length === numWorkers) {
for(var i = 0; i < numWorkers; ++i) {
workers[i].terminate();
}
callback(null, results);
}
});
workers.push(worker);
}
for(var i = 0; i < numWorkers; ++i) {
workers[i].postMessage(i);
}
}
function reduce(numWorkers, results) {
// find overlapping time windows
var overlaps = [];
for(var n = 0; n < numWorkers; ++n) {
var r1 = results[n];
var overlap = overlaps[n] = [];
for(var i = 0; i < numWorkers; ++i) {
if(n === i) {
continue;
}
var r2 = results[i];
if((r1.st > r2.st && r1.st < r2.et) ||
(r2.st > r1.st && r2.st < r1.et)) {
overlap.push(i);
}
}
}
// get maximum overlaps ... don't include overlapping worker itself
// as the main JS process was also being scheduled during the work and
// would have to be subtracted from the estimate anyway
return overlaps.reduce(function(max, overlap) {
return Math.max(max, overlap.length);
}, 0);
}
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'util';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/util',['require', 'module'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Cipher base API.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.cipher = forge.cipher || {};
// registered algorithms
forge.cipher.algorithms = forge.cipher.algorithms || {};
/**
* Creates a cipher object that can be used to encrypt data using the given
* algorithm and key. The algorithm may be provided as a string value for a
* previously registered algorithm or it may be given as a cipher algorithm
* API object.
*
* @param algorithm the algorithm to use, either a string or an algorithm API
* object.
* @param key the key to use, as a binary-encoded string of bytes or a
* byte buffer.
*
* @return the cipher.
*/
forge.cipher.createCipher = function(algorithm, key) {
var api = algorithm;
if(typeof api === 'string') {
api = forge.cipher.getAlgorithm(api);
if(api) {
api = api();
}
}
if(!api) {
throw new Error('Unsupported algorithm: ' + algorithm);
}
// assume block cipher
return new forge.cipher.BlockCipher({
algorithm: api,
key: key,
decrypt: false
});
};
/**
* Creates a decipher object that can be used to decrypt data using the given
* algorithm and key. The algorithm may be provided as a string value for a
* previously registered algorithm or it may be given as a cipher algorithm
* API object.
*
* @param algorithm the algorithm to use, either a string or an algorithm API
* object.
* @param key the key to use, as a binary-encoded string of bytes or a
* byte buffer.
*
* @return the cipher.
*/
forge.cipher.createDecipher = function(algorithm, key) {
var api = algorithm;
if(typeof api === 'string') {
api = forge.cipher.getAlgorithm(api);
if(api) {
api = api();
}
}
if(!api) {
throw new Error('Unsupported algorithm: ' + algorithm);
}
// assume block cipher
return new forge.cipher.BlockCipher({
algorithm: api,
key: key,
decrypt: true
});
};
/**
* Registers an algorithm by name. If the name was already registered, the
* algorithm API object will be overwritten.
*
* @param name the name of the algorithm.
* @param algorithm the algorithm API object.
*/
forge.cipher.registerAlgorithm = function(name, algorithm) {
name = name.toUpperCase();
forge.cipher.algorithms[name] = algorithm;
};
/**
* Gets a registered algorithm by name.
*
* @param name the name of the algorithm.
*
* @return the algorithm, if found, null if not.
*/
forge.cipher.getAlgorithm = function(name) {
name = name.toUpperCase();
if(name in forge.cipher.algorithms) {
return forge.cipher.algorithms[name];
}
return null;
};
var BlockCipher = forge.cipher.BlockCipher = function(options) {
this.algorithm = options.algorithm;
this.mode = this.algorithm.mode;
this.blockSize = this.mode.blockSize;
this._finish = false;
this._input = null;
this.output = null;
this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt;
this._decrypt = options.decrypt;
this.algorithm.initialize(options);
};
/**
* Starts or restarts the encryption or decryption process, whichever
* was previously configured.
*
* For non-GCM mode, the IV may be a binary-encoded string of bytes, an array
* of bytes, a byte buffer, or an array of 32-bit integers. If the IV is in
* bytes, then it must be Nb (16) bytes in length. If the IV is given in as
* 32-bit integers, then it must be 4 integers long.
*
* Note: an IV is not required or used in ECB mode.
*
* For GCM-mode, the IV must be given as a binary-encoded string of bytes or
* a byte buffer. The number of bytes should be 12 (96 bits) as recommended
* by NIST SP-800-38D but another length may be given.
*
* @param options the options to use:
* iv the initialization vector to use as a binary-encoded string of
* bytes, null to reuse the last ciphered block from a previous
* update() (this "residue" method is for legacy support only).
* additionalData additional authentication data as a binary-encoded
* string of bytes, for 'GCM' mode, (default: none).
* tagLength desired length of authentication tag, in bits, for
* 'GCM' mode (0-128, default: 128).
* tag the authentication tag to check if decrypting, as a
* binary-encoded string of bytes.
* output the output the buffer to write to, null to create one.
*/
BlockCipher.prototype.start = function(options) {
options = options || {};
var opts = {};
for(var key in options) {
opts[key] = options[key];
}
opts.decrypt = this._decrypt;
this._finish = false;
this._input = forge.util.createBuffer();
this.output = options.output || forge.util.createBuffer();
this.mode.start(opts);
};
/**
* Updates the next block according to the cipher mode.
*
* @param input the buffer to read from.
*/
BlockCipher.prototype.update = function(input) {
if(input) {
// input given, so empty it into the input buffer
this._input.putBuffer(input);
}
// do cipher operation until it needs more input and not finished
while(!this._op.call(this.mode, this._input, this.output, this._finish) &&
!this._finish) {}
// free consumed memory from input buffer
this._input.compact();
};
/**
* Finishes encrypting or decrypting.
*
* @param pad a padding function to use in CBC mode, null for default,
* signature(blockSize, buffer, decrypt).
*
* @return true if successful, false on error.
*/
BlockCipher.prototype.finish = function(pad) {
// backwards-compatibility w/deprecated padding API
// Note: will overwrite padding functions even after another start() call
if(pad && (this.mode.name === 'ECB' || this.mode.name === 'CBC')) {
this.mode.pad = function(input) {
return pad(this.blockSize, input, false);
};
this.mode.unpad = function(output) {
return pad(this.blockSize, output, true);
};
}
// build options for padding and afterFinish functions
var options = {};
options.decrypt = this._decrypt;
// get # of bytes that won't fill a block
options.overflow = this._input.length() % this.blockSize;
if(!this._decrypt && this.mode.pad) {
if(!this.mode.pad(this._input, options)) {
return false;
}
}
// do final update
this._finish = true;
this.update();
if(this._decrypt && this.mode.unpad) {
if(!this.mode.unpad(this.output, options)) {
return false;
}
}
if(this.mode.afterFinish) {
if(!this.mode.afterFinish(this.output, options)) {
return false;
}
}
return true;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'cipher';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/cipher',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Supported cipher modes.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.cipher = forge.cipher || {};
// supported cipher modes
var modes = forge.cipher.modes = forge.cipher.modes || {};
/** Electronic codebook (ECB) (Don't use this; it's not secure) **/
modes.ecb = function(options) {
options = options || {};
this.name = 'ECB';
this.cipher = options.cipher;
this.blockSize = options.blockSize || 16;
this._ints = this.blockSize / 4;
this._inBlock = new Array(this._ints);
this._outBlock = new Array(this._ints);
};
modes.ecb.prototype.start = function(options) {};
modes.ecb.prototype.encrypt = function(input, output, finish) {
// not enough input to encrypt
if(input.length() < this.blockSize && !(finish && input.length() > 0)) {
return true;
}
// get next block
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = input.getInt32();
}
// encrypt block
this.cipher.encrypt(this._inBlock, this._outBlock);
// write output
for(var i = 0; i < this._ints; ++i) {
output.putInt32(this._outBlock[i]);
}
};
modes.ecb.prototype.decrypt = function(input, output, finish) {
// not enough input to decrypt
if(input.length() < this.blockSize && !(finish && input.length() > 0)) {
return true;
}
// get next block
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = input.getInt32();
}
// decrypt block
this.cipher.decrypt(this._inBlock, this._outBlock);
// write output
for(var i = 0; i < this._ints; ++i) {
output.putInt32(this._outBlock[i]);
}
};
modes.ecb.prototype.pad = function(input, options) {
// add PKCS#7 padding to block (each pad byte is the
// value of the number of pad bytes)
var padding = (input.length() === this.blockSize ?
this.blockSize : (this.blockSize - input.length()));
input.fillWithByte(padding, padding);
return true;
};
modes.ecb.prototype.unpad = function(output, options) {
// check for error: input data not a multiple of blockSize
if(options.overflow > 0) {
return false;
}
// ensure padding byte count is valid
var len = output.length();
var count = output.at(len - 1);
if(count > (this.blockSize << 2)) {
return false;
}
// trim off padding bytes
output.truncate(count);
return true;
};
/** Cipher-block Chaining (CBC) **/
modes.cbc = function(options) {
options = options || {};
this.name = 'CBC';
this.cipher = options.cipher;
this.blockSize = options.blockSize || 16;
this._ints = this.blockSize / 4;
this._inBlock = new Array(this._ints);
this._outBlock = new Array(this._ints);
};
modes.cbc.prototype.start = function(options) {
// Note: legacy support for using IV residue (has security flaws)
// if IV is null, reuse block from previous processing
if(options.iv === null) {
// must have a previous block
if(!this._prev) {
throw new Error('Invalid IV parameter.');
}
this._iv = this._prev.slice(0);
} else if(!('iv' in options)) {
throw new Error('Invalid IV parameter.');
} else {
// save IV as "previous" block
this._iv = transformIV(options.iv);
this._prev = this._iv.slice(0);
}
};
modes.cbc.prototype.encrypt = function(input, output, finish) {
// not enough input to encrypt
if(input.length() < this.blockSize && !(finish && input.length() > 0)) {
return true;
}
// get next block
// CBC XOR's IV (or previous block) with plaintext
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = this._prev[i] ^ input.getInt32();
}
// encrypt block
this.cipher.encrypt(this._inBlock, this._outBlock);
// write output, save previous block
for(var i = 0; i < this._ints; ++i) {
output.putInt32(this._outBlock[i]);
}
this._prev = this._outBlock;
};
modes.cbc.prototype.decrypt = function(input, output, finish) {
// not enough input to decrypt
if(input.length() < this.blockSize && !(finish && input.length() > 0)) {
return true;
}
// get next block
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = input.getInt32();
}
// decrypt block
this.cipher.decrypt(this._inBlock, this._outBlock);
// write output, save previous ciphered block
// CBC XOR's IV (or previous block) with ciphertext
for(var i = 0; i < this._ints; ++i) {
output.putInt32(this._prev[i] ^ this._outBlock[i]);
}
this._prev = this._inBlock.slice(0);
};
modes.cbc.prototype.pad = function(input, options) {
// add PKCS#7 padding to block (each pad byte is the
// value of the number of pad bytes)
var padding = (input.length() === this.blockSize ?
this.blockSize : (this.blockSize - input.length()));
input.fillWithByte(padding, padding);
return true;
};
modes.cbc.prototype.unpad = function(output, options) {
// check for error: input data not a multiple of blockSize
if(options.overflow > 0) {
return false;
}
// ensure padding byte count is valid
var len = output.length();
var count = output.at(len - 1);
if(count > (this.blockSize << 2)) {
return false;
}
// trim off padding bytes
output.truncate(count);
return true;
};
/** Cipher feedback (CFB) **/
modes.cfb = function(options) {
options = options || {};
this.name = 'CFB';
this.cipher = options.cipher;
this.blockSize = options.blockSize || 16;
this._ints = this.blockSize / 4;
this._inBlock = null;
this._outBlock = new Array(this._ints);
this._partialBlock = new Array(this._ints);
this._partialOutput = forge.util.createBuffer();
this._partialBytes = 0;
};
modes.cfb.prototype.start = function(options) {
if(!('iv' in options)) {
throw new Error('Invalid IV parameter.');
}
// use IV as first input
this._iv = transformIV(options.iv);
this._inBlock = this._iv.slice(0);
this._partialBytes = 0;
};
modes.cfb.prototype.encrypt = function(input, output, finish) {
// not enough input to encrypt
var inputLength = input.length();
if(inputLength === 0) {
return true;
}
// encrypt block
this.cipher.encrypt(this._inBlock, this._outBlock);
// handle full block
if(this._partialBytes === 0 && inputLength >= this.blockSize) {
// XOR input with output, write input as output
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = input.getInt32() ^ this._outBlock[i];
output.putInt32(this._inBlock[i]);
}
return;
}
// handle partial block
var partialBytes = (this.blockSize - inputLength) % this.blockSize;
if(partialBytes > 0) {
partialBytes = this.blockSize - partialBytes;
}
// XOR input with output, write input as partial output
this._partialOutput.clear();
for(var i = 0; i < this._ints; ++i) {
this._partialBlock[i] = input.getInt32() ^ this._outBlock[i];
this._partialOutput.putInt32(this._partialBlock[i]);
}
if(partialBytes > 0) {
// block still incomplete, restore input buffer
input.read -= this.blockSize;
} else {
// block complete, update input block
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = this._partialBlock[i];
}
}
// skip any previous partial bytes
if(this._partialBytes > 0) {
this._partialOutput.getBytes(this._partialBytes);
}
if(partialBytes > 0 && !finish) {
output.putBytes(this._partialOutput.getBytes(
partialBytes - this._partialBytes));
this._partialBytes = partialBytes;
return true;
}
output.putBytes(this._partialOutput.getBytes(
inputLength - this._partialBytes));
this._partialBytes = 0;
};
modes.cfb.prototype.decrypt = function(input, output, finish) {
// not enough input to decrypt
var inputLength = input.length();
if(inputLength === 0) {
return true;
}
// encrypt block (CFB always uses encryption mode)
this.cipher.encrypt(this._inBlock, this._outBlock);
// handle full block
if(this._partialBytes === 0 && inputLength >= this.blockSize) {
// XOR input with output, write input as output
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = input.getInt32();
output.putInt32(this._inBlock[i] ^ this._outBlock[i]);
}
return;
}
// handle partial block
var partialBytes = (this.blockSize - inputLength) % this.blockSize;
if(partialBytes > 0) {
partialBytes = this.blockSize - partialBytes;
}
// XOR input with output, write input as partial output
this._partialOutput.clear();
for(var i = 0; i < this._ints; ++i) {
this._partialBlock[i] = input.getInt32();
this._partialOutput.putInt32(this._partialBlock[i] ^ this._outBlock[i]);
}
if(partialBytes > 0) {
// block still incomplete, restore input buffer
input.read -= this.blockSize;
} else {
// block complete, update input block
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = this._partialBlock[i];
}
}
// skip any previous partial bytes
if(this._partialBytes > 0) {
this._partialOutput.getBytes(this._partialBytes);
}
if(partialBytes > 0 && !finish) {
output.putBytes(this._partialOutput.getBytes(
partialBytes - this._partialBytes));
this._partialBytes = partialBytes;
return true;
}
output.putBytes(this._partialOutput.getBytes(
inputLength - this._partialBytes));
this._partialBytes = 0;
};
/** Output feedback (OFB) **/
modes.ofb = function(options) {
options = options || {};
this.name = 'OFB';
this.cipher = options.cipher;
this.blockSize = options.blockSize || 16;
this._ints = this.blockSize / 4;
this._inBlock = null;
this._outBlock = new Array(this._ints);
this._partialOutput = forge.util.createBuffer();
this._partialBytes = 0;
};
modes.ofb.prototype.start = function(options) {
if(!('iv' in options)) {
throw new Error('Invalid IV parameter.');
}
// use IV as first input
this._iv = transformIV(options.iv);
this._inBlock = this._iv.slice(0);
this._partialBytes = 0;
};
modes.ofb.prototype.encrypt = function(input, output, finish) {
// not enough input to encrypt
var inputLength = input.length();
if(input.length() === 0) {
return true;
}
// encrypt block (OFB always uses encryption mode)
this.cipher.encrypt(this._inBlock, this._outBlock);
// handle full block
if(this._partialBytes === 0 && inputLength >= this.blockSize) {
// XOR input with output and update next input
for(var i = 0; i < this._ints; ++i) {
output.putInt32(input.getInt32() ^ this._outBlock[i]);
this._inBlock[i] = this._outBlock[i];
}
return;
}
// handle partial block
var partialBytes = (this.blockSize - inputLength) % this.blockSize;
if(partialBytes > 0) {
partialBytes = this.blockSize - partialBytes;
}
// XOR input with output
this._partialOutput.clear();
for(var i = 0; i < this._ints; ++i) {
this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);
}
if(partialBytes > 0) {
// block still incomplete, restore input buffer
input.read -= this.blockSize;
} else {
// block complete, update input block
for(var i = 0; i < this._ints; ++i) {
this._inBlock[i] = this._outBlock[i];
}
}
// skip any previous partial bytes
if(this._partialBytes > 0) {
this._partialOutput.getBytes(this._partialBytes);
}
if(partialBytes > 0 && !finish) {
output.putBytes(this._partialOutput.getBytes(
partialBytes - this._partialBytes));
this._partialBytes = partialBytes;
return true;
}
output.putBytes(this._partialOutput.getBytes(
inputLength - this._partialBytes));
this._partialBytes = 0;
};
modes.ofb.prototype.decrypt = modes.ofb.prototype.encrypt;
/** Counter (CTR) **/
modes.ctr = function(options) {
options = options || {};
this.name = 'CTR';
this.cipher = options.cipher;
this.blockSize = options.blockSize || 16;
this._ints = this.blockSize / 4;
this._inBlock = null;
this._outBlock = new Array(this._ints);
this._partialOutput = forge.util.createBuffer();
this._partialBytes = 0;
};
modes.ctr.prototype.start = function(options) {
if(!('iv' in options)) {
throw new Error('Invalid IV parameter.');
}
// use IV as first input
this._iv = transformIV(options.iv);
this._inBlock = this._iv.slice(0);
this._partialBytes = 0;
};
modes.ctr.prototype.encrypt = function(input, output, finish) {
// not enough input to encrypt
var inputLength = input.length();
if(inputLength === 0) {
return true;
}
// encrypt block (CTR always uses encryption mode)
this.cipher.encrypt(this._inBlock, this._outBlock);
// handle full block
if(this._partialBytes === 0 && inputLength >= this.blockSize) {
// XOR input with output
for(var i = 0; i < this._ints; ++i) {
output.putInt32(input.getInt32() ^ this._outBlock[i]);
}
} else {
// handle partial block
var partialBytes = (this.blockSize - inputLength) % this.blockSize;
if(partialBytes > 0) {
partialBytes = this.blockSize - partialBytes;
}
// XOR input with output
this._partialOutput.clear();
for(var i = 0; i < this._ints; ++i) {
this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);
}
if(partialBytes > 0) {
// block still incomplete, restore input buffer
input.read -= this.blockSize;
}
// skip any previous partial bytes
if(this._partialBytes > 0) {
this._partialOutput.getBytes(this._partialBytes);
}
if(partialBytes > 0 && !finish) {
output.putBytes(this._partialOutput.getBytes(
partialBytes - this._partialBytes));
this._partialBytes = partialBytes;
return true;
}
output.putBytes(this._partialOutput.getBytes(
inputLength - this._partialBytes));
this._partialBytes = 0;
}
// block complete, increment counter (input block)
inc32(this._inBlock);
};
modes.ctr.prototype.decrypt = modes.ctr.prototype.encrypt;
/** Galois/Counter Mode (GCM) **/
modes.gcm = function(options) {
options = options || {};
this.name = 'GCM';
this.cipher = options.cipher;
this.blockSize = options.blockSize || 16;
this._ints = this.blockSize / 4;
this._inBlock = new Array(this._ints);
this._outBlock = new Array(this._ints);
this._partialOutput = forge.util.createBuffer();
this._partialBytes = 0;
// R is actually this value concatenated with 120 more zero bits, but
// we only XOR against R so the other zeros have no effect -- we just
// apply this value to the first integer in a block
this._R = 0xE1000000;
};
modes.gcm.prototype.start = function(options) {
if(!('iv' in options)) {
throw new Error('Invalid IV parameter.');
}
// ensure IV is a byte buffer
var iv = forge.util.createBuffer(options.iv);
// no ciphered data processed yet
this._cipherLength = 0;
// default additional data is none
var additionalData;
if('additionalData' in options) {
additionalData = forge.util.createBuffer(options.additionalData);
} else {
additionalData = forge.util.createBuffer();
}
// default tag length is 128 bits
if('tagLength' in options) {
this._tagLength = options.tagLength;
} else {
this._tagLength = 128;
}
// if tag is given, ensure tag matches tag length
this._tag = null;
if(options.decrypt) {
// save tag to check later
this._tag = forge.util.createBuffer(options.tag).getBytes();
if(this._tag.length !== (this._tagLength / 8)) {
throw new Error('Authentication tag does not match tag length.');
}
}
// create tmp storage for hash calculation
this._hashBlock = new Array(this._ints);
// no tag generated yet
this.tag = null;
// generate hash subkey
// (apply block cipher to "zero" block)
this._hashSubkey = new Array(this._ints);
this.cipher.encrypt([0, 0, 0, 0], this._hashSubkey);
// generate table M
// use 4-bit tables (32 component decomposition of a 16 byte value)
// 8-bit tables take more space and are known to have security
// vulnerabilities (in native implementations)
this.componentBits = 4;
this._m = this.generateHashTable(this._hashSubkey, this.componentBits);
// Note: support IV length different from 96 bits? (only supporting
// 96 bits is recommended by NIST SP-800-38D)
// generate J_0
var ivLength = iv.length();
if(ivLength === 12) {
// 96-bit IV
this._j0 = [iv.getInt32(), iv.getInt32(), iv.getInt32(), 1];
} else {
// IV is NOT 96-bits
this._j0 = [0, 0, 0, 0];
while(iv.length() > 0) {
this._j0 = this.ghash(
this._hashSubkey, this._j0,
[iv.getInt32(), iv.getInt32(), iv.getInt32(), iv.getInt32()]);
}
this._j0 = this.ghash(
this._hashSubkey, this._j0, [0, 0].concat(from64To32(ivLength * 8)));
}
// generate ICB (initial counter block)
this._inBlock = this._j0.slice(0);
inc32(this._inBlock);
this._partialBytes = 0;
// consume authentication data
additionalData = forge.util.createBuffer(additionalData);
// save additional data length as a BE 64-bit number
this._aDataLength = from64To32(additionalData.length() * 8);
// pad additional data to 128 bit (16 byte) block size
var overflow = additionalData.length() % this.blockSize;
if(overflow) {
additionalData.fillWithByte(0, this.blockSize - overflow);
}
this._s = [0, 0, 0, 0];
while(additionalData.length() > 0) {
this._s = this.ghash(this._hashSubkey, this._s, [
additionalData.getInt32(),
additionalData.getInt32(),
additionalData.getInt32(),
additionalData.getInt32()
]);
}
};
modes.gcm.prototype.encrypt = function(input, output, finish) {
// not enough input to encrypt
var inputLength = input.length();
if(inputLength === 0) {
return true;
}
// encrypt block
this.cipher.encrypt(this._inBlock, this._outBlock);
// handle full block
if(this._partialBytes === 0 && inputLength >= this.blockSize) {
// XOR input with output
for(var i = 0; i < this._ints; ++i) {
output.putInt32(this._outBlock[i] ^= input.getInt32());
}
this._cipherLength += this.blockSize;
} else {
// handle partial block
var partialBytes = (this.blockSize - inputLength) % this.blockSize;
if(partialBytes > 0) {
partialBytes = this.blockSize - partialBytes;
}
// XOR input with output
this._partialOutput.clear();
for(var i = 0; i < this._ints; ++i) {
this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);
}
if(partialBytes === 0 || finish) {
// handle overflow prior to hashing
if(finish) {
// get block overflow
var overflow = inputLength % this.blockSize;
this._cipherLength += overflow;
// truncate for hash function
this._partialOutput.truncate(this.blockSize - overflow);
} else {
this._cipherLength += this.blockSize;
}
// get output block for hashing
for(var i = 0; i < this._ints; ++i) {
this._outBlock[i] = this._partialOutput.getInt32();
}
this._partialOutput.read -= this.blockSize;
}
// skip any previous partial bytes
if(this._partialBytes > 0) {
this._partialOutput.getBytes(this._partialBytes);
}
if(partialBytes > 0 && !finish) {
// block still incomplete, restore input buffer, get partial output,
// and return early
input.read -= this.blockSize;
output.putBytes(this._partialOutput.getBytes(
partialBytes - this._partialBytes));
this._partialBytes = partialBytes;
return true;
}
output.putBytes(this._partialOutput.getBytes(
inputLength - this._partialBytes));
this._partialBytes = 0;
}
// update hash block S
this._s = this.ghash(this._hashSubkey, this._s, this._outBlock);
// increment counter (input block)
inc32(this._inBlock);
};
modes.gcm.prototype.decrypt = function(input, output, finish) {
// not enough input to decrypt
var inputLength = input.length();
if(inputLength < this.blockSize && !(finish && inputLength > 0)) {
return true;
}
// encrypt block (GCM always uses encryption mode)
this.cipher.encrypt(this._inBlock, this._outBlock);
// increment counter (input block)
inc32(this._inBlock);
// update hash block S
this._hashBlock[0] = input.getInt32();
this._hashBlock[1] = input.getInt32();
this._hashBlock[2] = input.getInt32();
this._hashBlock[3] = input.getInt32();
this._s = this.ghash(this._hashSubkey, this._s, this._hashBlock);
// XOR hash input with output
for(var i = 0; i < this._ints; ++i) {
output.putInt32(this._outBlock[i] ^ this._hashBlock[i]);
}
// increment cipher data length
if(inputLength < this.blockSize) {
this._cipherLength += inputLength % this.blockSize;
} else {
this._cipherLength += this.blockSize;
}
};
modes.gcm.prototype.afterFinish = function(output, options) {
var rval = true;
// handle overflow
if(options.decrypt && options.overflow) {
output.truncate(this.blockSize - options.overflow);
}
// handle authentication tag
this.tag = forge.util.createBuffer();
// concatenate additional data length with cipher length
var lengths = this._aDataLength.concat(from64To32(this._cipherLength * 8));
// include lengths in hash
this._s = this.ghash(this._hashSubkey, this._s, lengths);
// do GCTR(J_0, S)
var tag = [];
this.cipher.encrypt(this._j0, tag);
for(var i = 0; i < this._ints; ++i) {
this.tag.putInt32(this._s[i] ^ tag[i]);
}
// trim tag to length
this.tag.truncate(this.tag.length() % (this._tagLength / 8));
// check authentication tag
if(options.decrypt && this.tag.bytes() !== this._tag) {
rval = false;
}
return rval;
};
/**
* See NIST SP-800-38D 6.3 (Algorithm 1). This function performs Galois
* field multiplication. The field, GF(2^128), is defined by the polynomial:
*
* x^128 + x^7 + x^2 + x + 1
*
* Which is represented in little-endian binary form as: 11100001 (0xe1). When
* the value of a coefficient is 1, a bit is set. The value R, is the
* concatenation of this value and 120 zero bits, yielding a 128-bit value
* which matches the block size.
*
* This function will multiply two elements (vectors of bytes), X and Y, in
* the field GF(2^128). The result is initialized to zero. For each bit of
* X (out of 128), x_i, if x_i is set, then the result is multiplied (XOR'd)
* by the current value of Y. For each bit, the value of Y will be raised by
* a power of x (multiplied by the polynomial x). This can be achieved by
* shifting Y once to the right. If the current value of Y, prior to being
* multiplied by x, has 0 as its LSB, then it is a 127th degree polynomial.
* Otherwise, we must divide by R after shifting to find the remainder.
*
* @param x the first block to multiply by the second.
* @param y the second block to multiply by the first.
*
* @return the block result of the multiplication.
*/
modes.gcm.prototype.multiply = function(x, y) {
var z_i = [0, 0, 0, 0];
var v_i = y.slice(0);
// calculate Z_128 (block has 128 bits)
for(var i = 0; i < 128; ++i) {
// if x_i is 0, Z_{i+1} = Z_i (unchanged)
// else Z_{i+1} = Z_i ^ V_i
// get x_i by finding 32-bit int position, then left shift 1 by remainder
var x_i = x[(i / 32) | 0] & (1 << (31 - i % 32));
if(x_i) {
z_i[0] ^= v_i[0];
z_i[1] ^= v_i[1];
z_i[2] ^= v_i[2];
z_i[3] ^= v_i[3];
}
// if LSB(V_i) is 1, V_i = V_i >> 1
// else V_i = (V_i >> 1) ^ R
this.pow(v_i, v_i);
}
return z_i;
};
modes.gcm.prototype.pow = function(x, out) {
// if LSB(x) is 1, x = x >>> 1
// else x = (x >>> 1) ^ R
var lsb = x[3] & 1;
// always do x >>> 1:
// starting with the rightmost integer, shift each integer to the right
// one bit, pulling in the bit from the integer to the left as its top
// most bit (do this for the last 3 integers)
for(var i = 3; i > 0; --i) {
out[i] = (x[i] >>> 1) | ((x[i - 1] & 1) << 31);
}
// shift the first integer normally
out[0] = x[0] >>> 1;
// if lsb was not set, then polynomial had a degree of 127 and doesn't
// need to divided; otherwise, XOR with R to find the remainder; we only
// need to XOR the first integer since R technically ends w/120 zero bits
if(lsb) {
out[0] ^= this._R;
}
};
modes.gcm.prototype.tableMultiply = function(x) {
// assumes 4-bit tables are used
var z = [0, 0, 0, 0];
for(var i = 0; i < 32; ++i) {
var idx = (i / 8) | 0;
var x_i = (x[idx] >>> ((7 - (i % 8)) * 4)) & 0xF;
var ah = this._m[i][x_i];
z[0] ^= ah[0];
z[1] ^= ah[1];
z[2] ^= ah[2];
z[3] ^= ah[3];
}
return z;
};
/**
* A continuing version of the GHASH algorithm that operates on a single
* block. The hash block, last hash value (Ym) and the new block to hash
* are given.
*
* @param h the hash block.
* @param y the previous value for Ym, use [0, 0, 0, 0] for a new hash.
* @param x the block to hash.
*
* @return the hashed value (Ym).
*/
modes.gcm.prototype.ghash = function(h, y, x) {
y[0] ^= x[0];
y[1] ^= x[1];
y[2] ^= x[2];
y[3] ^= x[3];
return this.tableMultiply(y);
//return this.multiply(y, h);
};
/**
* Precomputes a table for multiplying against the hash subkey. This
* mechanism provides a substantial speed increase over multiplication
* performed without a table. The table-based multiplication this table is
* for solves X * H by multiplying each component of X by H and then
* composing the results together using XOR.
*
* This function can be used to generate tables with different bit sizes
* for the components, however, this implementation assumes there are
* 32 components of X (which is a 16 byte vector), therefore each component
* takes 4-bits (so the table is constructed with bits=4).
*
* @param h the hash subkey.
* @param bits the bit size for a component.
*/
modes.gcm.prototype.generateHashTable = function(h, bits) {
// TODO: There are further optimizations that would use only the
// first table M_0 (or some variant) along with a remainder table;
// this can be explored in the future
var multiplier = 8 / bits;
var perInt = 4 * multiplier;
var size = 16 * multiplier;
var m = new Array(size);
for(var i = 0; i < size; ++i) {
var tmp = [0, 0, 0, 0];
var idx = (i / perInt) | 0;
var shft = ((perInt - 1 - (i % perInt)) * bits);
tmp[idx] = (1 << (bits - 1)) << shft;
m[i] = this.generateSubHashTable(this.multiply(tmp, h), bits);
}
return m;
};
/**
* Generates a table for multiplying against the hash subkey for one
* particular component (out of all possible component values).
*
* @param mid the pre-multiplied value for the middle key of the table.
* @param bits the bit size for a component.
*/
modes.gcm.prototype.generateSubHashTable = function(mid, bits) {
// compute the table quickly by minimizing the number of
// POW operations -- they only need to be performed for powers of 2,
// all other entries can be composed from those powers using XOR
var size = 1 << bits;
var half = size >>> 1;
var m = new Array(size);
m[half] = mid.slice(0);
var i = half >>> 1;
while(i > 0) {
// raise m0[2 * i] and store in m0[i]
this.pow(m[2 * i], m[i] = []);
i >>= 1;
}
i = 2;
while(i < half) {
for(var j = 1; j < i; ++j) {
var m_i = m[i];
var m_j = m[j];
m[i + j] = [
m_i[0] ^ m_j[0],
m_i[1] ^ m_j[1],
m_i[2] ^ m_j[2],
m_i[3] ^ m_j[3]
];
}
i *= 2;
}
m[0] = [0, 0, 0, 0];
/* Note: We could avoid storing these by doing composition during multiply
calculate top half using composition by speed is preferred. */
for(i = half + 1; i < size; ++i) {
var c = m[i ^ half];
m[i] = [mid[0] ^ c[0], mid[1] ^ c[1], mid[2] ^ c[2], mid[3] ^ c[3]];
}
return m;
};
/** Utility functions */
function transformIV(iv) {
if(typeof iv === 'string') {
// convert iv string into byte buffer
iv = forge.util.createBuffer(iv);
}
if(forge.util.isArray(iv) && iv.length > 4) {
// convert iv byte array into byte buffer
var tmp = iv;
iv = forge.util.createBuffer();
for(var i = 0; i < tmp.length; ++i) {
iv.putByte(tmp[i]);
}
}
if(!forge.util.isArray(iv)) {
// convert iv byte buffer into 32-bit integer array
iv = [iv.getInt32(), iv.getInt32(), iv.getInt32(), iv.getInt32()];
}
return iv;
}
function inc32(block) {
// increment last 32 bits of block only
block[block.length - 1] = (block[block.length - 1] + 1) & 0xFFFFFFFF;
}
function from64To32(num) {
// convert 64-bit number to two BE Int32s
return [(num / 0x100000000) | 0, num & 0xFFFFFFFF];
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'cipherModes';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/cipherModes',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Advanced Encryption Standard (AES) implementation.
*
* This implementation is based on the public domain library 'jscrypto' which
* was written by:
*
* Emily Stark (estark@stanford.edu)
* Mike Hamburg (mhamburg@stanford.edu)
* Dan Boneh (dabo@cs.stanford.edu)
*
* Parts of this code are based on the OpenSSL implementation of AES:
* http://www.openssl.org
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* AES API */
forge.aes = forge.aes || {};
/**
* Deprecated. Instead, use:
*
* var cipher = forge.cipher.createCipher('AES-<mode>', key);
* cipher.start({iv: iv});
*
* Creates an AES cipher object to encrypt data using the given symmetric key.
* The output will be stored in the 'output' member of the returned cipher.
*
* The key and iv may be given as a string of bytes, an array of bytes,
* a byte buffer, or an array of 32-bit words.
*
* @param key the symmetric key to use.
* @param iv the initialization vector to use.
* @param output the buffer to write to, null to create one.
* @param mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
forge.aes.startEncrypting = function(key, iv, output, mode) {
var cipher = _createCipher({
key: key,
output: output,
decrypt: false,
mode: mode
});
cipher.start(iv);
return cipher;
};
/**
* Deprecated. Instead, use:
*
* var cipher = forge.cipher.createCipher('AES-<mode>', key);
*
* Creates an AES cipher object to encrypt data using the given symmetric key.
*
* The key may be given as a string of bytes, an array of bytes, a
* byte buffer, or an array of 32-bit words.
*
* @param key the symmetric key to use.
* @param mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
forge.aes.createEncryptionCipher = function(key, mode) {
return _createCipher({
key: key,
output: null,
decrypt: false,
mode: mode
});
};
/**
* Deprecated. Instead, use:
*
* var decipher = forge.cipher.createDecipher('AES-<mode>', key);
* decipher.start({iv: iv});
*
* Creates an AES cipher object to decrypt data using the given symmetric key.
* The output will be stored in the 'output' member of the returned cipher.
*
* The key and iv may be given as a string of bytes, an array of bytes,
* a byte buffer, or an array of 32-bit words.
*
* @param key the symmetric key to use.
* @param iv the initialization vector to use.
* @param output the buffer to write to, null to create one.
* @param mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
forge.aes.startDecrypting = function(key, iv, output, mode) {
var cipher = _createCipher({
key: key,
output: output,
decrypt: true,
mode: mode
});
cipher.start(iv);
return cipher;
};
/**
* Deprecated. Instead, use:
*
* var decipher = forge.cipher.createDecipher('AES-<mode>', key);
*
* Creates an AES cipher object to decrypt data using the given symmetric key.
*
* The key may be given as a string of bytes, an array of bytes, a
* byte buffer, or an array of 32-bit words.
*
* @param key the symmetric key to use.
* @param mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
forge.aes.createDecryptionCipher = function(key, mode) {
return _createCipher({
key: key,
output: null,
decrypt: true,
mode: mode
});
};
/**
* Creates a new AES cipher algorithm object.
*
* @param name the name of the algorithm.
* @param mode the mode factory function.
*
* @return the AES algorithm object.
*/
forge.aes.Algorithm = function(name, mode) {
if(!init) {
initialize();
}
var self = this;
self.name = name;
self.mode = new mode({
blockSize: 16,
cipher: {
encrypt: function(inBlock, outBlock) {
return _updateBlock(self._w, inBlock, outBlock, false);
},
decrypt: function(inBlock, outBlock) {
return _updateBlock(self._w, inBlock, outBlock, true);
}
}
});
self._init = false;
};
/**
* Initializes this AES algorithm by expanding its key.
*
* @param options the options to use.
* key the key to use with this algorithm.
* decrypt true if the algorithm should be initialized for decryption,
* false for encryption.
*/
forge.aes.Algorithm.prototype.initialize = function(options) {
if(this._init) {
return;
}
var key = options.key;
var tmp;
/* Note: The key may be a string of bytes, an array of bytes, a byte
buffer, or an array of 32-bit integers. If the key is in bytes, then
it must be 16, 24, or 32 bytes in length. If it is in 32-bit
integers, it must be 4, 6, or 8 integers long. */
if(typeof key === 'string' &&
(key.length === 16 || key.length === 24 || key.length === 32)) {
// convert key string into byte buffer
key = forge.util.createBuffer(key);
} else if(forge.util.isArray(key) &&
(key.length === 16 || key.length === 24 || key.length === 32)) {
// convert key integer array into byte buffer
tmp = key;
key = forge.util.createBuffer();
for(var i = 0; i < tmp.length; ++i) {
key.putByte(tmp[i]);
}
}
// convert key byte buffer into 32-bit integer array
if(!forge.util.isArray(key)) {
tmp = key;
key = [];
// key lengths of 16, 24, 32 bytes allowed
var len = tmp.length();
if(len === 16 || len === 24 || len === 32) {
len = len >>> 2;
for(var i = 0; i < len; ++i) {
key.push(tmp.getInt32());
}
}
}
// key must be an array of 32-bit integers by now
if(!forge.util.isArray(key) ||
!(key.length === 4 || key.length === 6 || key.length === 8)) {
throw new Error('Invalid key parameter.');
}
// encryption operation is always used for these modes
var mode = this.mode.name;
var encryptOp = (['CFB', 'OFB', 'CTR', 'GCM'].indexOf(mode) !== -1);
// do key expansion
this._w = _expandKey(key, options.decrypt && !encryptOp);
this._init = true;
};
/**
* Expands a key. Typically only used for testing.
*
* @param key the symmetric key to expand, as an array of 32-bit words.
* @param decrypt true to expand for decryption, false for encryption.
*
* @return the expanded key.
*/
forge.aes._expandKey = function(key, decrypt) {
if(!init) {
initialize();
}
return _expandKey(key, decrypt);
};
/**
* Updates a single block. Typically only used for testing.
*
* @param w the expanded key to use.
* @param input an array of block-size 32-bit words.
* @param output an array of block-size 32-bit words.
* @param decrypt true to decrypt, false to encrypt.
*/
forge.aes._updateBlock = _updateBlock;
/** Register AES algorithms **/
registerAlgorithm('AES-ECB', forge.cipher.modes.ecb);
registerAlgorithm('AES-CBC', forge.cipher.modes.cbc);
registerAlgorithm('AES-CFB', forge.cipher.modes.cfb);
registerAlgorithm('AES-OFB', forge.cipher.modes.ofb);
registerAlgorithm('AES-CTR', forge.cipher.modes.ctr);
registerAlgorithm('AES-GCM', forge.cipher.modes.gcm);
function registerAlgorithm(name, mode) {
var factory = function() {
return new forge.aes.Algorithm(name, mode);
};
forge.cipher.registerAlgorithm(name, factory);
}
/** AES implementation **/
var init = false; // not yet initialized
var Nb = 4; // number of words comprising the state (AES = 4)
var sbox; // non-linear substitution table used in key expansion
var isbox; // inversion of sbox
var rcon; // round constant word array
var mix; // mix-columns table
var imix; // inverse mix-columns table
/**
* Performs initialization, ie: precomputes tables to optimize for speed.
*
* One way to understand how AES works is to imagine that 'addition' and
* 'multiplication' are interfaces that require certain mathematical
* properties to hold true (ie: they are associative) but they might have
* different implementations and produce different kinds of results ...
* provided that their mathematical properties remain true. AES defines
* its own methods of addition and multiplication but keeps some important
* properties the same, ie: associativity and distributivity. The
* explanation below tries to shed some light on how AES defines addition
* and multiplication of bytes and 32-bit words in order to perform its
* encryption and decryption algorithms.
*
* The basics:
*
* The AES algorithm views bytes as binary representations of polynomials
* that have either 1 or 0 as the coefficients. It defines the addition
* or subtraction of two bytes as the XOR operation. It also defines the
* multiplication of two bytes as a finite field referred to as GF(2^8)
* (Note: 'GF' means "Galois Field" which is a field that contains a finite
* number of elements so GF(2^8) has 256 elements).
*
* This means that any two bytes can be represented as binary polynomials;
* when they multiplied together and modularly reduced by an irreducible
* polynomial of the 8th degree, the results are the field GF(2^8). The
* specific irreducible polynomial that AES uses in hexadecimal is 0x11b.
* This multiplication is associative with 0x01 as the identity:
*
* (b * 0x01 = GF(b, 0x01) = b).
*
* The operation GF(b, 0x02) can be performed at the byte level by left
* shifting b once and then XOR'ing it (to perform the modular reduction)
* with 0x11b if b is >= 128. Repeated application of the multiplication
* of 0x02 can be used to implement the multiplication of any two bytes.
*
* For instance, multiplying 0x57 and 0x13, denoted as GF(0x57, 0x13), can
* be performed by factoring 0x13 into 0x01, 0x02, and 0x10. Then these
* factors can each be multiplied by 0x57 and then added together. To do
* the multiplication, values for 0x57 multiplied by each of these 3 factors
* can be precomputed and stored in a table. To add them, the values from
* the table are XOR'd together.
*
* AES also defines addition and multiplication of words, that is 4-byte
* numbers represented as polynomials of 3 degrees where the coefficients
* are the values of the bytes.
*
* The word [a0, a1, a2, a3] is a polynomial a3x^3 + a2x^2 + a1x + a0.
*
* Addition is performed by XOR'ing like powers of x. Multiplication
* is performed in two steps, the first is an algebriac expansion as
* you would do normally (where addition is XOR). But the result is
* a polynomial larger than 3 degrees and thus it cannot fit in a word. So
* next the result is modularly reduced by an AES-specific polynomial of
* degree 4 which will always produce a polynomial of less than 4 degrees
* such that it will fit in a word. In AES, this polynomial is x^4 + 1.
*
* The modular product of two polynomials 'a' and 'b' is thus:
*
* d(x) = d3x^3 + d2x^2 + d1x + d0
* with
* d0 = GF(a0, b0) ^ GF(a3, b1) ^ GF(a2, b2) ^ GF(a1, b3)
* d1 = GF(a1, b0) ^ GF(a0, b1) ^ GF(a3, b2) ^ GF(a2, b3)
* d2 = GF(a2, b0) ^ GF(a1, b1) ^ GF(a0, b2) ^ GF(a3, b3)
* d3 = GF(a3, b0) ^ GF(a2, b1) ^ GF(a1, b2) ^ GF(a0, b3)
*
* As a matrix:
*
* [d0] = [a0 a3 a2 a1][b0]
* [d1] [a1 a0 a3 a2][b1]
* [d2] [a2 a1 a0 a3][b2]
* [d3] [a3 a2 a1 a0][b3]
*
* Special polynomials defined by AES (0x02 == {02}):
* a(x) = {03}x^3 + {01}x^2 + {01}x + {02}
* a^-1(x) = {0b}x^3 + {0d}x^2 + {09}x + {0e}.
*
* These polynomials are used in the MixColumns() and InverseMixColumns()
* operations, respectively, to cause each element in the state to affect
* the output (referred to as diffusing).
*
* RotWord() uses: a0 = a1 = a2 = {00} and a3 = {01}, which is the
* polynomial x3.
*
* The ShiftRows() method modifies the last 3 rows in the state (where
* the state is 4 words with 4 bytes per word) by shifting bytes cyclically.
* The 1st byte in the second row is moved to the end of the row. The 1st
* and 2nd bytes in the third row are moved to the end of the row. The 1st,
* 2nd, and 3rd bytes are moved in the fourth row.
*
* More details on how AES arithmetic works:
*
* In the polynomial representation of binary numbers, XOR performs addition
* and subtraction and multiplication in GF(2^8) denoted as GF(a, b)
* corresponds with the multiplication of polynomials modulo an irreducible
* polynomial of degree 8. In other words, for AES, GF(a, b) will multiply
* polynomial 'a' with polynomial 'b' and then do a modular reduction by
* an AES-specific irreducible polynomial of degree 8.
*
* A polynomial is irreducible if its only divisors are one and itself. For
* the AES algorithm, this irreducible polynomial is:
*
* m(x) = x^8 + x^4 + x^3 + x + 1,
*
* or {01}{1b} in hexadecimal notation, where each coefficient is a bit:
* 100011011 = 283 = 0x11b.
*
* For example, GF(0x57, 0x83) = 0xc1 because
*
* 0x57 = 87 = 01010111 = x^6 + x^4 + x^2 + x + 1
* 0x85 = 131 = 10000101 = x^7 + x + 1
*
* (x^6 + x^4 + x^2 + x + 1) * (x^7 + x + 1)
* = x^13 + x^11 + x^9 + x^8 + x^7 +
* x^7 + x^5 + x^3 + x^2 + x +
* x^6 + x^4 + x^2 + x + 1
* = x^13 + x^11 + x^9 + x^8 + x^6 + x^5 + x^4 + x^3 + 1 = y
* y modulo (x^8 + x^4 + x^3 + x + 1)
* = x^7 + x^6 + 1.
*
* The modular reduction by m(x) guarantees the result will be a binary
* polynomial of less than degree 8, so that it can fit in a byte.
*
* The operation to multiply a binary polynomial b with x (the polynomial
* x in binary representation is 00000010) is:
*
* b_7x^8 + b_6x^7 + b_5x^6 + b_4x^5 + b_3x^4 + b_2x^3 + b_1x^2 + b_0x^1
*
* To get GF(b, x) we must reduce that by m(x). If b_7 is 0 (that is the
* most significant bit is 0 in b) then the result is already reduced. If
* it is 1, then we can reduce it by subtracting m(x) via an XOR.
*
* It follows that multiplication by x (00000010 or 0x02) can be implemented
* by performing a left shift followed by a conditional bitwise XOR with
* 0x1b. This operation on bytes is denoted by xtime(). Multiplication by
* higher powers of x can be implemented by repeated application of xtime().
*
* By adding intermediate results, multiplication by any constant can be
* implemented. For instance:
*
* GF(0x57, 0x13) = 0xfe because:
*
* xtime(b) = (b & 128) ? (b << 1 ^ 0x11b) : (b << 1)
*
* Note: We XOR with 0x11b instead of 0x1b because in javascript our
* datatype for b can be larger than 1 byte, so a left shift will not
* automatically eliminate bits that overflow a byte ... by XOR'ing the
* overflow bit with 1 (the extra one from 0x11b) we zero it out.
*
* GF(0x57, 0x02) = xtime(0x57) = 0xae
* GF(0x57, 0x04) = xtime(0xae) = 0x47
* GF(0x57, 0x08) = xtime(0x47) = 0x8e
* GF(0x57, 0x10) = xtime(0x8e) = 0x07
*
* GF(0x57, 0x13) = GF(0x57, (0x01 ^ 0x02 ^ 0x10))
*
* And by the distributive property (since XOR is addition and GF() is
* multiplication):
*
* = GF(0x57, 0x01) ^ GF(0x57, 0x02) ^ GF(0x57, 0x10)
* = 0x57 ^ 0xae ^ 0x07
* = 0xfe.
*/
function initialize() {
init = true;
/* Populate the Rcon table. These are the values given by
[x^(i-1),{00},{00},{00}] where x^(i-1) are powers of x (and x = 0x02)
in the field of GF(2^8), where i starts at 1.
rcon[0] = [0x00, 0x00, 0x00, 0x00]
rcon[1] = [0x01, 0x00, 0x00, 0x00] 2^(1-1) = 2^0 = 1
rcon[2] = [0x02, 0x00, 0x00, 0x00] 2^(2-1) = 2^1 = 2
...
rcon[9] = [0x1B, 0x00, 0x00, 0x00] 2^(9-1) = 2^8 = 0x1B
rcon[10] = [0x36, 0x00, 0x00, 0x00] 2^(10-1) = 2^9 = 0x36
We only store the first byte because it is the only one used.
*/
rcon = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36];
// compute xtime table which maps i onto GF(i, 0x02)
var xtime = new Array(256);
for(var i = 0; i < 128; ++i) {
xtime[i] = i << 1;
xtime[i + 128] = (i + 128) << 1 ^ 0x11B;
}
// compute all other tables
sbox = new Array(256);
isbox = new Array(256);
mix = new Array(4);
imix = new Array(4);
for(var i = 0; i < 4; ++i) {
mix[i] = new Array(256);
imix[i] = new Array(256);
}
var e = 0, ei = 0, e2, e4, e8, sx, sx2, me, ime;
for(var i = 0; i < 256; ++i) {
/* We need to generate the SubBytes() sbox and isbox tables so that
we can perform byte substitutions. This requires us to traverse
all of the elements in GF, find their multiplicative inverses,
and apply to each the following affine transformation:
bi' = bi ^ b(i + 4) mod 8 ^ b(i + 5) mod 8 ^ b(i + 6) mod 8 ^
b(i + 7) mod 8 ^ ci
for 0 <= i < 8, where bi is the ith bit of the byte, and ci is the
ith bit of a byte c with the value {63} or {01100011}.
It is possible to traverse every possible value in a Galois field
using what is referred to as a 'generator'. There are many
generators (128 out of 256): 3,5,6,9,11,82 to name a few. To fully
traverse GF we iterate 255 times, multiplying by our generator
each time.
On each iteration we can determine the multiplicative inverse for
the current element.
Suppose there is an element in GF 'e'. For a given generator 'g',
e = g^x. The multiplicative inverse of e is g^(255 - x). It turns
out that if use the inverse of a generator as another generator
it will produce all of the corresponding multiplicative inverses
at the same time. For this reason, we choose 5 as our inverse
generator because it only requires 2 multiplies and 1 add and its
inverse, 82, requires relatively few operations as well.
In order to apply the affine transformation, the multiplicative
inverse 'ei' of 'e' can be repeatedly XOR'd (4 times) with a
bit-cycling of 'ei'. To do this 'ei' is first stored in 's' and
'x'. Then 's' is left shifted and the high bit of 's' is made the
low bit. The resulting value is stored in 's'. Then 'x' is XOR'd
with 's' and stored in 'x'. On each subsequent iteration the same
operation is performed. When 4 iterations are complete, 'x' is
XOR'd with 'c' (0x63) and the transformed value is stored in 'x'.
For example:
s = 01000001
x = 01000001
iteration 1: s = 10000010, x ^= s
iteration 2: s = 00000101, x ^= s
iteration 3: s = 00001010, x ^= s
iteration 4: s = 00010100, x ^= s
x ^= 0x63
This can be done with a loop where s = (s << 1) | (s >> 7). However,
it can also be done by using a single 16-bit (in this case 32-bit)
number 'sx'. Since XOR is an associative operation, we can set 'sx'
to 'ei' and then XOR it with 'sx' left-shifted 1,2,3, and 4 times.
The most significant bits will flow into the high 8 bit positions
and be correctly XOR'd with one another. All that remains will be
to cycle the high 8 bits by XOR'ing them all with the lower 8 bits
afterwards.
At the same time we're populating sbox and isbox we can precompute
the multiplication we'll need to do to do MixColumns() later.
*/
// apply affine transformation
sx = ei ^ (ei << 1) ^ (ei << 2) ^ (ei << 3) ^ (ei << 4);
sx = (sx >> 8) ^ (sx & 255) ^ 0x63;
// update tables
sbox[e] = sx;
isbox[sx] = e;
/* Mixing columns is done using matrix multiplication. The columns
that are to be mixed are each a single word in the current state.
The state has Nb columns (4 columns). Therefore each column is a
4 byte word. So to mix the columns in a single column 'c' where
its rows are r0, r1, r2, and r3, we use the following matrix
multiplication:
[2 3 1 1]*[r0,c]=[r'0,c]
[1 2 3 1] [r1,c] [r'1,c]
[1 1 2 3] [r2,c] [r'2,c]
[3 1 1 2] [r3,c] [r'3,c]
r0, r1, r2, and r3 are each 1 byte of one of the words in the
state (a column). To do matrix multiplication for each mixed
column c' we multiply the corresponding row from the left matrix
with the corresponding column from the right matrix. In total, we
get 4 equations:
r0,c' = 2*r0,c + 3*r1,c + 1*r2,c + 1*r3,c
r1,c' = 1*r0,c + 2*r1,c + 3*r2,c + 1*r3,c
r2,c' = 1*r0,c + 1*r1,c + 2*r2,c + 3*r3,c
r3,c' = 3*r0,c + 1*r1,c + 1*r2,c + 2*r3,c
As usual, the multiplication is as previously defined and the
addition is XOR. In order to optimize mixing columns we can store
the multiplication results in tables. If you think of the whole
column as a word (it might help to visualize by mentally rotating
the equations above by counterclockwise 90 degrees) then you can
see that it would be useful to map the multiplications performed on
each byte (r0, r1, r2, r3) onto a word as well. For instance, we
could map 2*r0,1*r0,1*r0,3*r0 onto a word by storing 2*r0 in the
highest 8 bits and 3*r0 in the lowest 8 bits (with the other two
respectively in the middle). This means that a table can be
constructed that uses r0 as an index to the word. We can do the
same with r1, r2, and r3, creating a total of 4 tables.
To construct a full c', we can just look up each byte of c in
their respective tables and XOR the results together.
Also, to build each table we only have to calculate the word
for 2,1,1,3 for every byte ... which we can do on each iteration
of this loop since we will iterate over every byte. After we have
calculated 2,1,1,3 we can get the results for the other tables
by cycling the byte at the end to the beginning. For instance
we can take the result of table 2,1,1,3 and produce table 3,2,1,1
by moving the right most byte to the left most position just like
how you can imagine the 3 moved out of 2,1,1,3 and to the front
to produce 3,2,1,1.
There is another optimization in that the same multiples of
the current element we need in order to advance our generator
to the next iteration can be reused in performing the 2,1,1,3
calculation. We also calculate the inverse mix column tables,
with e,9,d,b being the inverse of 2,1,1,3.
When we're done, and we need to actually mix columns, the first
byte of each state word should be put through mix[0] (2,1,1,3),
the second through mix[1] (3,2,1,1) and so forth. Then they should
be XOR'd together to produce the fully mixed column.
*/
// calculate mix and imix table values
sx2 = xtime[sx];
e2 = xtime[e];
e4 = xtime[e2];
e8 = xtime[e4];
me =
(sx2 << 24) ^ // 2
(sx << 16) ^ // 1
(sx << 8) ^ // 1
(sx ^ sx2); // 3
ime =
(e2 ^ e4 ^ e8) << 24 ^ // E (14)
(e ^ e8) << 16 ^ // 9
(e ^ e4 ^ e8) << 8 ^ // D (13)
(e ^ e2 ^ e8); // B (11)
// produce each of the mix tables by rotating the 2,1,1,3 value
for(var n = 0; n < 4; ++n) {
mix[n][e] = me;
imix[n][sx] = ime;
// cycle the right most byte to the left most position
// ie: 2,1,1,3 becomes 3,2,1,1
me = me << 24 | me >>> 8;
ime = ime << 24 | ime >>> 8;
}
// get next element and inverse
if(e === 0) {
// 1 is the inverse of 1
e = ei = 1;
} else {
// e = 2e + 2*2*2*(10e)) = multiply e by 82 (chosen generator)
// ei = ei + 2*2*ei = multiply ei by 5 (inverse generator)
e = e2 ^ xtime[xtime[xtime[e2 ^ e8]]];
ei ^= xtime[xtime[ei]];
}
}
}
/**
* Generates a key schedule using the AES key expansion algorithm.
*
* The AES algorithm takes the Cipher Key, K, and performs a Key Expansion
* routine to generate a key schedule. The Key Expansion generates a total
* of Nb*(Nr + 1) words: the algorithm requires an initial set of Nb words,
* and each of the Nr rounds requires Nb words of key data. The resulting
* key schedule consists of a linear array of 4-byte words, denoted [wi ],
* with i in the range 0 ≤ i < Nb(Nr + 1).
*
* KeyExpansion(byte key[4*Nk], word w[Nb*(Nr+1)], Nk)
* AES-128 (Nb=4, Nk=4, Nr=10)
* AES-192 (Nb=4, Nk=6, Nr=12)
* AES-256 (Nb=4, Nk=8, Nr=14)
* Note: Nr=Nk+6.
*
* Nb is the number of columns (32-bit words) comprising the State (or
* number of bytes in a block). For AES, Nb=4.
*
* @param key the key to schedule (as an array of 32-bit words).
* @param decrypt true to modify the key schedule to decrypt, false not to.
*
* @return the generated key schedule.
*/
function _expandKey(key, decrypt) {
// copy the key's words to initialize the key schedule
var w = key.slice(0);
/* RotWord() will rotate a word, moving the first byte to the last
byte's position (shifting the other bytes left).
We will be getting the value of Rcon at i / Nk. 'i' will iterate
from Nk to (Nb * Nr+1). Nk = 4 (4 byte key), Nb = 4 (4 words in
a block), Nr = Nk + 6 (10). Therefore 'i' will iterate from
4 to 44 (exclusive). Each time we iterate 4 times, i / Nk will
increase by 1. We use a counter iNk to keep track of this.
*/
// go through the rounds expanding the key
var temp, iNk = 1;
var Nk = w.length;
var Nr1 = Nk + 6 + 1;
var end = Nb * Nr1;
for(var i = Nk; i < end; ++i) {
temp = w[i - 1];
if(i % Nk === 0) {
// temp = SubWord(RotWord(temp)) ^ Rcon[i / Nk]
temp =
sbox[temp >>> 16 & 255] << 24 ^
sbox[temp >>> 8 & 255] << 16 ^
sbox[temp & 255] << 8 ^
sbox[temp >>> 24] ^ (rcon[iNk] << 24);
iNk++;
} else if(Nk > 6 && (i % Nk === 4)) {
// temp = SubWord(temp)
temp =
sbox[temp >>> 24] << 24 ^
sbox[temp >>> 16 & 255] << 16 ^
sbox[temp >>> 8 & 255] << 8 ^
sbox[temp & 255];
}
w[i] = w[i - Nk] ^ temp;
}
/* When we are updating a cipher block we always use the code path for
encryption whether we are decrypting or not (to shorten code and
simplify the generation of look up tables). However, because there
are differences in the decryption algorithm, other than just swapping
in different look up tables, we must transform our key schedule to
account for these changes:
1. The decryption algorithm gets its key rounds in reverse order.
2. The decryption algorithm adds the round key before mixing columns
instead of afterwards.
We don't need to modify our key schedule to handle the first case,
we can just traverse the key schedule in reverse order when decrypting.
The second case requires a little work.
The tables we built for performing rounds will take an input and then
perform SubBytes() and MixColumns() or, for the decrypt version,
InvSubBytes() and InvMixColumns(). But the decrypt algorithm requires
us to AddRoundKey() before InvMixColumns(). This means we'll need to
apply some transformations to the round key to inverse-mix its columns
so they'll be correct for moving AddRoundKey() to after the state has
had its columns inverse-mixed.
To inverse-mix the columns of the state when we're decrypting we use a
lookup table that will apply InvSubBytes() and InvMixColumns() at the
same time. However, the round key's bytes are not inverse-substituted
in the decryption algorithm. To get around this problem, we can first
substitute the bytes in the round key so that when we apply the
transformation via the InvSubBytes()+InvMixColumns() table, it will
undo our substitution leaving us with the original value that we
want -- and then inverse-mix that value.
This change will correctly alter our key schedule so that we can XOR
each round key with our already transformed decryption state. This
allows us to use the same code path as the encryption algorithm.
We make one more change to the decryption key. Since the decryption
algorithm runs in reverse from the encryption algorithm, we reverse
the order of the round keys to avoid having to iterate over the key
schedule backwards when running the encryption algorithm later in
decryption mode. In addition to reversing the order of the round keys,
we also swap each round key's 2nd and 4th rows. See the comments
section where rounds are performed for more details about why this is
done. These changes are done inline with the other substitution
described above.
*/
if(decrypt) {
var tmp;
var m0 = imix[0];
var m1 = imix[1];
var m2 = imix[2];
var m3 = imix[3];
var wnew = w.slice(0);
end = w.length;
for(var i = 0, wi = end - Nb; i < end; i += Nb, wi -= Nb) {
// do not sub the first or last round key (round keys are Nb
// words) as no column mixing is performed before they are added,
// but do change the key order
if(i === 0 || i === (end - Nb)) {
wnew[i] = w[wi];
wnew[i + 1] = w[wi + 3];
wnew[i + 2] = w[wi + 2];
wnew[i + 3] = w[wi + 1];
} else {
// substitute each round key byte because the inverse-mix
// table will inverse-substitute it (effectively cancel the
// substitution because round key bytes aren't sub'd in
// decryption mode) and swap indexes 3 and 1
for(var n = 0; n < Nb; ++n) {
tmp = w[wi + n];
wnew[i + (3&-n)] =
m0[sbox[tmp >>> 24]] ^
m1[sbox[tmp >>> 16 & 255]] ^
m2[sbox[tmp >>> 8 & 255]] ^
m3[sbox[tmp & 255]];
}
}
}
w = wnew;
}
return w;
}
/**
* Updates a single block (16 bytes) using AES. The update will either
* encrypt or decrypt the block.
*
* @param w the key schedule.
* @param input the input block (an array of 32-bit words).
* @param output the updated output block.
* @param decrypt true to decrypt the block, false to encrypt it.
*/
function _updateBlock(w, input, output, decrypt) {
/*
Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])
begin
byte state[4,Nb]
state = in
AddRoundKey(state, w[0, Nb-1])
for round = 1 step 1 to Nr1
SubBytes(state)
ShiftRows(state)
MixColumns(state)
AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
end for
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
out = state
end
InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])
begin
byte state[4,Nb]
state = in
AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
for round = Nr-1 step -1 downto 1
InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
InvMixColumns(state)
end for
InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, w[0, Nb-1])
out = state
end
*/
// Encrypt: AddRoundKey(state, w[0, Nb-1])
// Decrypt: AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
var Nr = w.length / 4 - 1;
var m0, m1, m2, m3, sub;
if(decrypt) {
m0 = imix[0];
m1 = imix[1];
m2 = imix[2];
m3 = imix[3];
sub = isbox;
} else {
m0 = mix[0];
m1 = mix[1];
m2 = mix[2];
m3 = mix[3];
sub = sbox;
}
var a, b, c, d, a2, b2, c2;
a = input[0] ^ w[0];
b = input[decrypt ? 3 : 1] ^ w[1];
c = input[2] ^ w[2];
d = input[decrypt ? 1 : 3] ^ w[3];
var i = 3;
/* In order to share code we follow the encryption algorithm when both
encrypting and decrypting. To account for the changes required in the
decryption algorithm, we use different lookup tables when decrypting
and use a modified key schedule to account for the difference in the
order of transformations applied when performing rounds. We also get
key rounds in reverse order (relative to encryption). */
for(var round = 1; round < Nr; ++round) {
/* As described above, we'll be using table lookups to perform the
column mixing. Each column is stored as a word in the state (the
array 'input' has one column as a word at each index). In order to
mix a column, we perform these transformations on each row in c,
which is 1 byte in each word. The new column for c0 is c'0:
m0 m1 m2 m3
r0,c'0 = 2*r0,c0 + 3*r1,c0 + 1*r2,c0 + 1*r3,c0
r1,c'0 = 1*r0,c0 + 2*r1,c0 + 3*r2,c0 + 1*r3,c0
r2,c'0 = 1*r0,c0 + 1*r1,c0 + 2*r2,c0 + 3*r3,c0
r3,c'0 = 3*r0,c0 + 1*r1,c0 + 1*r2,c0 + 2*r3,c0
So using mix tables where c0 is a word with r0 being its upper
8 bits and r3 being its lower 8 bits:
m0[c0 >> 24] will yield this word: [2*r0,1*r0,1*r0,3*r0]
...
m3[c0 & 255] will yield this word: [1*r3,1*r3,3*r3,2*r3]
Therefore to mix the columns in each word in the state we
do the following (& 255 omitted for brevity):
c'0,r0 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
c'0,r1 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
c'0,r2 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
c'0,r3 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]
However, before mixing, the algorithm requires us to perform
ShiftRows(). The ShiftRows() transformation cyclically shifts the
last 3 rows of the state over different offsets. The first row
(r = 0) is not shifted.
s'_r,c = s_r,(c + shift(r, Nb) mod Nb
for 0 < r < 4 and 0 <= c < Nb and
shift(1, 4) = 1
shift(2, 4) = 2
shift(3, 4) = 3.
This causes the first byte in r = 1 to be moved to the end of
the row, the first 2 bytes in r = 2 to be moved to the end of
the row, the first 3 bytes in r = 3 to be moved to the end of
the row:
r1: [c0 c1 c2 c3] => [c1 c2 c3 c0]
r2: [c0 c1 c2 c3] [c2 c3 c0 c1]
r3: [c0 c1 c2 c3] [c3 c0 c1 c2]
We can make these substitutions inline with our column mixing to
generate an updated set of equations to produce each word in the
state (note the columns have changed positions):
c0 c1 c2 c3 => c0 c1 c2 c3
c0 c1 c2 c3 c1 c2 c3 c0 (cycled 1 byte)
c0 c1 c2 c3 c2 c3 c0 c1 (cycled 2 bytes)
c0 c1 c2 c3 c3 c0 c1 c2 (cycled 3 bytes)
Therefore:
c'0 = 2*r0,c0 + 3*r1,c1 + 1*r2,c2 + 1*r3,c3
c'0 = 1*r0,c0 + 2*r1,c1 + 3*r2,c2 + 1*r3,c3
c'0 = 1*r0,c0 + 1*r1,c1 + 2*r2,c2 + 3*r3,c3
c'0 = 3*r0,c0 + 1*r1,c1 + 1*r2,c2 + 2*r3,c3
c'1 = 2*r0,c1 + 3*r1,c2 + 1*r2,c3 + 1*r3,c0
c'1 = 1*r0,c1 + 2*r1,c2 + 3*r2,c3 + 1*r3,c0
c'1 = 1*r0,c1 + 1*r1,c2 + 2*r2,c3 + 3*r3,c0
c'1 = 3*r0,c1 + 1*r1,c2 + 1*r2,c3 + 2*r3,c0
... and so forth for c'2 and c'3. The important distinction is
that the columns are cycling, with c0 being used with the m0
map when calculating c0, but c1 being used with the m0 map when
calculating c1 ... and so forth.
When performing the inverse we transform the mirror image and
skip the bottom row, instead of the top one, and move upwards:
c3 c2 c1 c0 => c0 c3 c2 c1 (cycled 3 bytes) *same as encryption
c3 c2 c1 c0 c1 c0 c3 c2 (cycled 2 bytes)
c3 c2 c1 c0 c2 c1 c0 c3 (cycled 1 byte) *same as encryption
c3 c2 c1 c0 c3 c2 c1 c0
If you compare the resulting matrices for ShiftRows()+MixColumns()
and for InvShiftRows()+InvMixColumns() the 2nd and 4th columns are
different (in encrypt mode vs. decrypt mode). So in order to use
the same code to handle both encryption and decryption, we will
need to do some mapping.
If in encryption mode we let a=c0, b=c1, c=c2, d=c3, and r<N> be
a row number in the state, then the resulting matrix in encryption
mode for applying the above transformations would be:
r1: a b c d
r2: b c d a
r3: c d a b
r4: d a b c
If we did the same in decryption mode we would get:
r1: a d c b
r2: b a d c
r3: c b a d
r4: d c b a
If instead we swap d and b (set b=c3 and d=c1), then we get:
r1: a b c d
r2: d a b c
r3: c d a b
r4: b c d a
Now the 1st and 3rd rows are the same as the encryption matrix. All
we need to do then to make the mapping exactly the same is to swap
the 2nd and 4th rows when in decryption mode. To do this without
having to do it on each iteration, we swapped the 2nd and 4th rows
in the decryption key schedule. We also have to do the swap above
when we first pull in the input and when we set the final output. */
a2 =
m0[a >>> 24] ^
m1[b >>> 16 & 255] ^
m2[c >>> 8 & 255] ^
m3[d & 255] ^ w[++i];
b2 =
m0[b >>> 24] ^
m1[c >>> 16 & 255] ^
m2[d >>> 8 & 255] ^
m3[a & 255] ^ w[++i];
c2 =
m0[c >>> 24] ^
m1[d >>> 16 & 255] ^
m2[a >>> 8 & 255] ^
m3[b & 255] ^ w[++i];
d =
m0[d >>> 24] ^
m1[a >>> 16 & 255] ^
m2[b >>> 8 & 255] ^
m3[c & 255] ^ w[++i];
a = a2;
b = b2;
c = c2;
}
/*
Encrypt:
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
Decrypt:
InvShiftRows(state)
InvSubBytes(state)
AddRoundKey(state, w[0, Nb-1])
*/
// Note: rows are shifted inline
output[0] =
(sub[a >>> 24] << 24) ^
(sub[b >>> 16 & 255] << 16) ^
(sub[c >>> 8 & 255] << 8) ^
(sub[d & 255]) ^ w[++i];
output[decrypt ? 3 : 1] =
(sub[b >>> 24] << 24) ^
(sub[c >>> 16 & 255] << 16) ^
(sub[d >>> 8 & 255] << 8) ^
(sub[a & 255]) ^ w[++i];
output[2] =
(sub[c >>> 24] << 24) ^
(sub[d >>> 16 & 255] << 16) ^
(sub[a >>> 8 & 255] << 8) ^
(sub[b & 255]) ^ w[++i];
output[decrypt ? 1 : 3] =
(sub[d >>> 24] << 24) ^
(sub[a >>> 16 & 255] << 16) ^
(sub[b >>> 8 & 255] << 8) ^
(sub[c & 255]) ^ w[++i];
}
/**
* Deprecated. Instead, use:
*
* forge.cipher.createCipher('AES-<mode>', key);
* forge.cipher.createDecipher('AES-<mode>', key);
*
* Creates a deprecated AES cipher object. This object's mode will default to
* CBC (cipher-block-chaining).
*
* The key and iv may be given as a string of bytes, an array of bytes, a
* byte buffer, or an array of 32-bit words.
*
* @param options the options to use.
* key the symmetric key to use.
* output the buffer to write to.
* decrypt true for decryption, false for encryption.
* mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
function _createCipher(options) {
options = options || {};
var mode = (options.mode || 'CBC').toUpperCase();
var algorithm = 'AES-' + mode;
var cipher;
if(options.decrypt) {
cipher = forge.cipher.createDecipher(algorithm, options.key);
} else {
cipher = forge.cipher.createCipher(algorithm, options.key);
}
// backwards compatible start API
var start = cipher.start;
cipher.start = function(iv, options) {
// backwards compatibility: support second arg as output buffer
var output = null;
if(options instanceof forge.util.ByteBuffer) {
output = options;
options = {};
}
options = options || {};
options.output = output;
options.iv = iv;
start.call(cipher, options);
};
return cipher;
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'aes';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define(
'js/aes',['require', 'module', './cipher', './cipherModes', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Object IDs for ASN.1.
*
* @author Dave Longley
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.pki = forge.pki || {};
var oids = forge.pki.oids = forge.oids = forge.oids || {};
// algorithm OIDs
oids['1.2.840.113549.1.1.1'] = 'rsaEncryption';
oids['rsaEncryption'] = '1.2.840.113549.1.1.1';
// Note: md2 & md4 not implemented
//oids['1.2.840.113549.1.1.2'] = 'md2WithRSAEncryption';
//oids['md2WithRSAEncryption'] = '1.2.840.113549.1.1.2';
//oids['1.2.840.113549.1.1.3'] = 'md4WithRSAEncryption';
//oids['md4WithRSAEncryption'] = '1.2.840.113549.1.1.3';
oids['1.2.840.113549.1.1.4'] = 'md5WithRSAEncryption';
oids['md5WithRSAEncryption'] = '1.2.840.113549.1.1.4';
oids['1.2.840.113549.1.1.5'] = 'sha1WithRSAEncryption';
oids['sha1WithRSAEncryption'] = '1.2.840.113549.1.1.5';
oids['1.2.840.113549.1.1.7'] = 'RSAES-OAEP';
oids['RSAES-OAEP'] = '1.2.840.113549.1.1.7';
oids['1.2.840.113549.1.1.8'] = 'mgf1';
oids['mgf1'] = '1.2.840.113549.1.1.8';
oids['1.2.840.113549.1.1.9'] = 'pSpecified';
oids['pSpecified'] = '1.2.840.113549.1.1.9';
oids['1.2.840.113549.1.1.10'] = 'RSASSA-PSS';
oids['RSASSA-PSS'] = '1.2.840.113549.1.1.10';
oids['1.2.840.113549.1.1.11'] = 'sha256WithRSAEncryption';
oids['sha256WithRSAEncryption'] = '1.2.840.113549.1.1.11';
oids['1.2.840.113549.1.1.12'] = 'sha384WithRSAEncryption';
oids['sha384WithRSAEncryption'] = '1.2.840.113549.1.1.12';
oids['1.2.840.113549.1.1.13'] = 'sha512WithRSAEncryption';
oids['sha512WithRSAEncryption'] = '1.2.840.113549.1.1.13';
oids['1.3.14.3.2.7'] = 'desCBC';
oids['desCBC'] = '1.3.14.3.2.7';
oids['1.3.14.3.2.26'] = 'sha1';
oids['sha1'] = '1.3.14.3.2.26';
oids['2.16.840.1.101.3.4.2.1'] = 'sha256';
oids['sha256'] = '2.16.840.1.101.3.4.2.1';
oids['2.16.840.1.101.3.4.2.2'] = 'sha384';
oids['sha384'] = '2.16.840.1.101.3.4.2.2';
oids['2.16.840.1.101.3.4.2.3'] = 'sha512';
oids['sha512'] = '2.16.840.1.101.3.4.2.3';
oids['1.2.840.113549.2.5'] = 'md5';
oids['md5'] = '1.2.840.113549.2.5';
// pkcs#7 content types
oids['1.2.840.113549.1.7.1'] = 'data';
oids['data'] = '1.2.840.113549.1.7.1';
oids['1.2.840.113549.1.7.2'] = 'signedData';
oids['signedData'] = '1.2.840.113549.1.7.2';
oids['1.2.840.113549.1.7.3'] = 'envelopedData';
oids['envelopedData'] = '1.2.840.113549.1.7.3';
oids['1.2.840.113549.1.7.4'] = 'signedAndEnvelopedData';
oids['signedAndEnvelopedData'] = '1.2.840.113549.1.7.4';
oids['1.2.840.113549.1.7.5'] = 'digestedData';
oids['digestedData'] = '1.2.840.113549.1.7.5';
oids['1.2.840.113549.1.7.6'] = 'encryptedData';
oids['encryptedData'] = '1.2.840.113549.1.7.6';
// pkcs#9 oids
oids['1.2.840.113549.1.9.1'] = 'emailAddress';
oids['emailAddress'] = '1.2.840.113549.1.9.1';
oids['1.2.840.113549.1.9.2'] = 'unstructuredName';
oids['unstructuredName'] = '1.2.840.113549.1.9.2';
oids['1.2.840.113549.1.9.3'] = 'contentType';
oids['contentType'] = '1.2.840.113549.1.9.3';
oids['1.2.840.113549.1.9.4'] = 'messageDigest';
oids['messageDigest'] = '1.2.840.113549.1.9.4';
oids['1.2.840.113549.1.9.5'] = 'signingTime';
oids['signingTime'] = '1.2.840.113549.1.9.5';
oids['1.2.840.113549.1.9.6'] = 'counterSignature';
oids['counterSignature'] = '1.2.840.113549.1.9.6';
oids['1.2.840.113549.1.9.7'] = 'challengePassword';
oids['challengePassword'] = '1.2.840.113549.1.9.7';
oids['1.2.840.113549.1.9.8'] = 'unstructuredAddress';
oids['unstructuredAddress'] = '1.2.840.113549.1.9.8';
oids['1.2.840.113549.1.9.14'] = 'extensionRequest';
oids['extensionRequest'] = '1.2.840.113549.1.9.14';
oids['1.2.840.113549.1.9.20'] = 'friendlyName';
oids['friendlyName'] = '1.2.840.113549.1.9.20';
oids['1.2.840.113549.1.9.21'] = 'localKeyId';
oids['localKeyId'] = '1.2.840.113549.1.9.21';
oids['1.2.840.113549.1.9.22.1'] = 'x509Certificate';
oids['x509Certificate'] = '1.2.840.113549.1.9.22.1';
// pkcs#12 safe bags
oids['1.2.840.113549.1.12.10.1.1'] = 'keyBag';
oids['keyBag'] = '1.2.840.113549.1.12.10.1.1';
oids['1.2.840.113549.1.12.10.1.2'] = 'pkcs8ShroudedKeyBag';
oids['pkcs8ShroudedKeyBag'] = '1.2.840.113549.1.12.10.1.2';
oids['1.2.840.113549.1.12.10.1.3'] = 'certBag';
oids['certBag'] = '1.2.840.113549.1.12.10.1.3';
oids['1.2.840.113549.1.12.10.1.4'] = 'crlBag';
oids['crlBag'] = '1.2.840.113549.1.12.10.1.4';
oids['1.2.840.113549.1.12.10.1.5'] = 'secretBag';
oids['secretBag'] = '1.2.840.113549.1.12.10.1.5';
oids['1.2.840.113549.1.12.10.1.6'] = 'safeContentsBag';
oids['safeContentsBag'] = '1.2.840.113549.1.12.10.1.6';
// password-based-encryption for pkcs#12
oids['1.2.840.113549.1.5.13'] = 'pkcs5PBES2';
oids['pkcs5PBES2'] = '1.2.840.113549.1.5.13';
oids['1.2.840.113549.1.5.12'] = 'pkcs5PBKDF2';
oids['pkcs5PBKDF2'] = '1.2.840.113549.1.5.12';
oids['1.2.840.113549.1.12.1.1'] = 'pbeWithSHAAnd128BitRC4';
oids['pbeWithSHAAnd128BitRC4'] = '1.2.840.113549.1.12.1.1';
oids['1.2.840.113549.1.12.1.2'] = 'pbeWithSHAAnd40BitRC4';
oids['pbeWithSHAAnd40BitRC4'] = '1.2.840.113549.1.12.1.2';
oids['1.2.840.113549.1.12.1.3'] = 'pbeWithSHAAnd3-KeyTripleDES-CBC';
oids['pbeWithSHAAnd3-KeyTripleDES-CBC'] = '1.2.840.113549.1.12.1.3';
oids['1.2.840.113549.1.12.1.4'] = 'pbeWithSHAAnd2-KeyTripleDES-CBC';
oids['pbeWithSHAAnd2-KeyTripleDES-CBC'] = '1.2.840.113549.1.12.1.4';
oids['1.2.840.113549.1.12.1.5'] = 'pbeWithSHAAnd128BitRC2-CBC';
oids['pbeWithSHAAnd128BitRC2-CBC'] = '1.2.840.113549.1.12.1.5';
oids['1.2.840.113549.1.12.1.6'] = 'pbewithSHAAnd40BitRC2-CBC';
oids['pbewithSHAAnd40BitRC2-CBC'] = '1.2.840.113549.1.12.1.6';
// symmetric key algorithm oids
oids['1.2.840.113549.3.7'] = 'des-EDE3-CBC';
oids['des-EDE3-CBC'] = '1.2.840.113549.3.7';
oids['2.16.840.1.101.3.4.1.2'] = 'aes128-CBC';
oids['aes128-CBC'] = '2.16.840.1.101.3.4.1.2';
oids['2.16.840.1.101.3.4.1.22'] = 'aes192-CBC';
oids['aes192-CBC'] = '2.16.840.1.101.3.4.1.22';
oids['2.16.840.1.101.3.4.1.42'] = 'aes256-CBC';
oids['aes256-CBC'] = '2.16.840.1.101.3.4.1.42';
// certificate issuer/subject OIDs
oids['2.5.4.3'] = 'commonName';
oids['commonName'] = '2.5.4.3';
oids['2.5.4.5'] = 'serialName';
oids['serialName'] = '2.5.4.5';
oids['2.5.4.6'] = 'countryName';
oids['countryName'] = '2.5.4.6';
oids['2.5.4.7'] = 'localityName';
oids['localityName'] = '2.5.4.7';
oids['2.5.4.8'] = 'stateOrProvinceName';
oids['stateOrProvinceName'] = '2.5.4.8';
oids['2.5.4.10'] = 'organizationName';
oids['organizationName'] = '2.5.4.10';
oids['2.5.4.11'] = 'organizationalUnitName';
oids['organizationalUnitName'] = '2.5.4.11';
// X.509 extension OIDs
oids['2.16.840.1.113730.1.1'] = 'nsCertType';
oids['nsCertType'] = '2.16.840.1.113730.1.1';
oids['2.5.29.1'] = 'authorityKeyIdentifier'; // deprecated, use .35
oids['2.5.29.2'] = 'keyAttributes'; // obsolete use .37 or .15
oids['2.5.29.3'] = 'certificatePolicies'; // deprecated, use .32
oids['2.5.29.4'] = 'keyUsageRestriction'; // obsolete use .37 or .15
oids['2.5.29.5'] = 'policyMapping'; // deprecated use .33
oids['2.5.29.6'] = 'subtreesConstraint'; // obsolete use .30
oids['2.5.29.7'] = 'subjectAltName'; // deprecated use .17
oids['2.5.29.8'] = 'issuerAltName'; // deprecated use .18
oids['2.5.29.9'] = 'subjectDirectoryAttributes';
oids['2.5.29.10'] = 'basicConstraints'; // deprecated use .19
oids['2.5.29.11'] = 'nameConstraints'; // deprecated use .30
oids['2.5.29.12'] = 'policyConstraints'; // deprecated use .36
oids['2.5.29.13'] = 'basicConstraints'; // deprecated use .19
oids['2.5.29.14'] = 'subjectKeyIdentifier';
oids['subjectKeyIdentifier'] = '2.5.29.14';
oids['2.5.29.15'] = 'keyUsage';
oids['keyUsage'] = '2.5.29.15';
oids['2.5.29.16'] = 'privateKeyUsagePeriod';
oids['2.5.29.17'] = 'subjectAltName';
oids['subjectAltName'] = '2.5.29.17';
oids['2.5.29.18'] = 'issuerAltName';
oids['issuerAltName'] = '2.5.29.18';
oids['2.5.29.19'] = 'basicConstraints';
oids['basicConstraints'] = '2.5.29.19';
oids['2.5.29.20'] = 'cRLNumber';
oids['2.5.29.21'] = 'cRLReason';
oids['2.5.29.22'] = 'expirationDate';
oids['2.5.29.23'] = 'instructionCode';
oids['2.5.29.24'] = 'invalidityDate';
oids['2.5.29.25'] = 'cRLDistributionPoints'; // deprecated use .31
oids['2.5.29.26'] = 'issuingDistributionPoint'; // deprecated use .28
oids['2.5.29.27'] = 'deltaCRLIndicator';
oids['2.5.29.28'] = 'issuingDistributionPoint';
oids['2.5.29.29'] = 'certificateIssuer';
oids['2.5.29.30'] = 'nameConstraints';
oids['2.5.29.31'] = 'cRLDistributionPoints';
oids['2.5.29.32'] = 'certificatePolicies';
oids['2.5.29.33'] = 'policyMappings';
oids['2.5.29.34'] = 'policyConstraints'; // deprecated use .36
oids['2.5.29.35'] = 'authorityKeyIdentifier';
oids['2.5.29.36'] = 'policyConstraints';
oids['2.5.29.37'] = 'extKeyUsage';
oids['extKeyUsage'] = '2.5.29.37';
oids['2.5.29.46'] = 'freshestCRL';
oids['2.5.29.54'] = 'inhibitAnyPolicy';
// extKeyUsage purposes
oids['1.3.6.1.5.5.7.3.1'] = 'serverAuth';
oids['serverAuth'] = '1.3.6.1.5.5.7.3.1';
oids['1.3.6.1.5.5.7.3.2'] = 'clientAuth';
oids['clientAuth'] = '1.3.6.1.5.5.7.3.2';
oids['1.3.6.1.5.5.7.3.3'] = 'codeSigning';
oids['codeSigning'] = '1.3.6.1.5.5.7.3.3';
oids['1.3.6.1.5.5.7.3.4'] = 'emailProtection';
oids['emailProtection'] = '1.3.6.1.5.5.7.3.4';
oids['1.3.6.1.5.5.7.3.8'] = 'timeStamping';
oids['timeStamping'] = '1.3.6.1.5.5.7.3.8';
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'oids';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/oids',['require', 'module'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of Abstract Syntax Notation Number One.
*
* @author Dave Longley
*
* Copyright (c) 2010-2015 Digital Bazaar, Inc.
*
* An API for storing data using the Abstract Syntax Notation Number One
* format using DER (Distinguished Encoding Rules) encoding. This encoding is
* commonly used to store data for PKI, i.e. X.509 Certificates, and this
* implementation exists for that purpose.
*
* Abstract Syntax Notation Number One (ASN.1) is used to define the abstract
* syntax of information without restricting the way the information is encoded
* for transmission. It provides a standard that allows for open systems
* communication. ASN.1 defines the syntax of information data and a number of
* simple data types as well as a notation for describing them and specifying
* values for them.
*
* The RSA algorithm creates public and private keys that are often stored in
* X.509 or PKCS#X formats -- which use ASN.1 (encoded in DER format). This
* class provides the most basic functionality required to store and load DSA
* keys that are encoded according to ASN.1.
*
* The most common binary encodings for ASN.1 are BER (Basic Encoding Rules)
* and DER (Distinguished Encoding Rules). DER is just a subset of BER that
* has stricter requirements for how data must be encoded.
*
* Each ASN.1 structure has a tag (a byte identifying the ASN.1 structure type)
* and a byte array for the value of this ASN1 structure which may be data or a
* list of ASN.1 structures.
*
* Each ASN.1 structure using BER is (Tag-Length-Value):
*
* | byte 0 | bytes X | bytes Y |
* |--------|---------|----------
* | tag | length | value |
*
* ASN.1 allows for tags to be of "High-tag-number form" which allows a tag to
* be two or more octets, but that is not supported by this class. A tag is
* only 1 byte. Bits 1-5 give the tag number (ie the data type within a
* particular 'class'), 6 indicates whether or not the ASN.1 value is
* constructed from other ASN.1 values, and bits 7 and 8 give the 'class'. If
* bits 7 and 8 are both zero, the class is UNIVERSAL. If only bit 7 is set,
* then the class is APPLICATION. If only bit 8 is set, then the class is
* CONTEXT_SPECIFIC. If both bits 7 and 8 are set, then the class is PRIVATE.
* The tag numbers for the data types for the class UNIVERSAL are listed below:
*
* UNIVERSAL 0 Reserved for use by the encoding rules
* UNIVERSAL 1 Boolean type
* UNIVERSAL 2 Integer type
* UNIVERSAL 3 Bitstring type
* UNIVERSAL 4 Octetstring type
* UNIVERSAL 5 Null type
* UNIVERSAL 6 Object identifier type
* UNIVERSAL 7 Object descriptor type
* UNIVERSAL 8 External type and Instance-of type
* UNIVERSAL 9 Real type
* UNIVERSAL 10 Enumerated type
* UNIVERSAL 11 Embedded-pdv type
* UNIVERSAL 12 UTF8String type
* UNIVERSAL 13 Relative object identifier type
* UNIVERSAL 14-15 Reserved for future editions
* UNIVERSAL 16 Sequence and Sequence-of types
* UNIVERSAL 17 Set and Set-of types
* UNIVERSAL 18-22, 25-30 Character string types
* UNIVERSAL 23-24 Time types
*
* The length of an ASN.1 structure is specified after the tag identifier.
* There is a definite form and an indefinite form. The indefinite form may
* be used if the encoding is constructed and not all immediately available.
* The indefinite form is encoded using a length byte with only the 8th bit
* set. The end of the constructed object is marked using end-of-contents
* octets (two zero bytes).
*
* The definite form looks like this:
*
* The length may take up 1 or more bytes, it depends on the length of the
* value of the ASN.1 structure. DER encoding requires that if the ASN.1
* structure has a value that has a length greater than 127, more than 1 byte
* will be used to store its length, otherwise just one byte will be used.
* This is strict.
*
* In the case that the length of the ASN.1 value is less than 127, 1 octet
* (byte) is used to store the "short form" length. The 8th bit has a value of
* 0 indicating the length is "short form" and not "long form" and bits 7-1
* give the length of the data. (The 8th bit is the left-most, most significant
* bit: also known as big endian or network format).
*
* In the case that the length of the ASN.1 value is greater than 127, 2 to
* 127 octets (bytes) are used to store the "long form" length. The first
* byte's 8th bit is set to 1 to indicate the length is "long form." Bits 7-1
* give the number of additional octets. All following octets are in base 256
* with the most significant digit first (typical big-endian binary unsigned
* integer storage). So, for instance, if the length of a value was 257, the
* first byte would be set to:
*
* 10000010 = 130 = 0x82.
*
* This indicates there are 2 octets (base 256) for the length. The second and
* third bytes (the octets just mentioned) would store the length in base 256:
*
* octet 2: 00000001 = 1 * 256^1 = 256
* octet 3: 00000001 = 1 * 256^0 = 1
* total = 257
*
* The algorithm for converting a js integer value of 257 to base-256 is:
*
* var value = 257;
* var bytes = [];
* bytes[0] = (value >>> 8) & 0xFF; // most significant byte first
* bytes[1] = value & 0xFF; // least significant byte last
*
* On the ASN.1 UNIVERSAL Object Identifier (OID) type:
*
* An OID can be written like: "value1.value2.value3...valueN"
*
* The DER encoding rules:
*
* The first byte has the value 40 * value1 + value2.
* The following bytes, if any, encode the remaining values. Each value is
* encoded in base 128, most significant digit first (big endian), with as
* few digits as possible, and the most significant bit of each byte set
* to 1 except the last in each value's encoding. For example: Given the
* OID "1.2.840.113549", its DER encoding is (remember each byte except the
* last one in each encoding is OR'd with 0x80):
*
* byte 1: 40 * 1 + 2 = 42 = 0x2A.
* bytes 2-3: 128 * 6 + 72 = 840 = 6 72 = 6 72 = 0x0648 = 0x8648
* bytes 4-6: 16384 * 6 + 128 * 119 + 13 = 6 119 13 = 0x06770D = 0x86F70D
*
* The final value is: 0x2A864886F70D.
* The full OID (including ASN.1 tag and length of 6 bytes) is:
* 0x06062A864886F70D
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* ASN.1 API */
var asn1 = forge.asn1 = forge.asn1 || {};
/**
* ASN.1 classes.
*/
asn1.Class = {
UNIVERSAL: 0x00,
APPLICATION: 0x40,
CONTEXT_SPECIFIC: 0x80,
PRIVATE: 0xC0
};
/**
* ASN.1 types. Not all types are supported by this implementation, only
* those necessary to implement a simple PKI are implemented.
*/
asn1.Type = {
NONE: 0,
BOOLEAN: 1,
INTEGER: 2,
BITSTRING: 3,
OCTETSTRING: 4,
NULL: 5,
OID: 6,
ODESC: 7,
EXTERNAL: 8,
REAL: 9,
ENUMERATED: 10,
EMBEDDED: 11,
UTF8: 12,
ROID: 13,
SEQUENCE: 16,
SET: 17,
PRINTABLESTRING: 19,
IA5STRING: 22,
UTCTIME: 23,
GENERALIZEDTIME: 24,
BMPSTRING: 30
};
/**
* Creates a new asn1 object.
*
* @param tagClass the tag class for the object.
* @param type the data type (tag number) for the object.
* @param constructed true if the asn1 object is in constructed form.
* @param value the value for the object, if it is not constructed.
*
* @return the asn1 object.
*/
asn1.create = function(tagClass, type, constructed, value) {
/* An asn1 object has a tagClass, a type, a constructed flag, and a
value. The value's type depends on the constructed flag. If
constructed, it will contain a list of other asn1 objects. If not,
it will contain the ASN.1 value as an array of bytes formatted
according to the ASN.1 data type. */
// remove undefined values
if(forge.util.isArray(value)) {
var tmp = [];
for(var i = 0; i < value.length; ++i) {
if(value[i] !== undefined) {
tmp.push(value[i]);
}
}
value = tmp;
}
return {
tagClass: tagClass,
type: type,
constructed: constructed,
composed: constructed || forge.util.isArray(value),
value: value
};
};
/**
* Gets the length of a BER-encoded ASN.1 value.
*
* In case the length is not specified, undefined is returned.
*
* @param b the BER-encoded ASN.1 byte buffer, starting with the first
* length byte.
*
* @return the length of the BER-encoded ASN.1 value or undefined.
*/
var _getValueLength = asn1.getBerValueLength = function(b) {
// TODO: move this function and related DER/BER functions to a der.js
// file; better abstract ASN.1 away from der/ber.
var b2 = b.getByte();
if(b2 === 0x80) {
return undefined;
}
// see if the length is "short form" or "long form" (bit 8 set)
var length;
var longForm = b2 & 0x80;
if(!longForm) {
// length is just the first byte
length = b2;
} else {
// the number of bytes the length is specified in bits 7 through 1
// and each length byte is in big-endian base-256
length = b.getInt((b2 & 0x7F) << 3);
}
return length;
};
/**
* Parses an asn1 object from a byte buffer in DER format.
*
* @param bytes the byte buffer to parse from.
* @param strict true to be strict when checking value lengths, false to
* allow truncated values (default: true).
*
* @return the parsed asn1 object.
*/
asn1.fromDer = function(bytes, strict) {
if(strict === undefined) {
strict = true;
}
// wrap in buffer if needed
if(typeof bytes === 'string') {
bytes = forge.util.createBuffer(bytes);
}
// minimum length for ASN.1 DER structure is 2
if(bytes.length() < 2) {
var error = new Error('Too few bytes to parse DER.');
error.bytes = bytes.length();
throw error;
}
// get the first byte
var b1 = bytes.getByte();
// get the tag class
var tagClass = (b1 & 0xC0);
// get the type (bits 1-5)
var type = b1 & 0x1F;
// get the value length
var length = _getValueLength(bytes);
// ensure there are enough bytes to get the value
if(bytes.length() < length) {
if(strict) {
var error = new Error('Too few bytes to read ASN.1 value.');
error.detail = bytes.length() + ' < ' + length;
throw error;
}
// Note: be lenient with truncated values
length = bytes.length();
}
// prepare to get value
var value;
// constructed flag is bit 6 (32 = 0x20) of the first byte
var constructed = ((b1 & 0x20) === 0x20);
// determine if the value is composed of other ASN.1 objects (if its
// constructed it will be and if its a BITSTRING it may be)
var composed = constructed;
if(!composed && tagClass === asn1.Class.UNIVERSAL &&
type === asn1.Type.BITSTRING && length > 1) {
/* The first octet gives the number of bits by which the length of the
bit string is less than the next multiple of eight (this is called
the "number of unused bits").
The second and following octets give the value of the bit string
converted to an octet string. */
// if there are no unused bits, maybe the bitstring holds ASN.1 objs
var read = bytes.read;
var unused = bytes.getByte();
if(unused === 0) {
// if the first byte indicates UNIVERSAL or CONTEXT_SPECIFIC,
// and the length is valid, assume we've got an ASN.1 object
b1 = bytes.getByte();
var tc = (b1 & 0xC0);
if(tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC) {
try {
var len = _getValueLength(bytes);
composed = (len === length - (bytes.read - read));
if(composed) {
// adjust read/length to account for unused bits byte
++read;
--length;
}
} catch(ex) {}
}
}
// restore read pointer
bytes.read = read;
}
if(composed) {
// parse child asn1 objects from the value
value = [];
if(length === undefined) {
// asn1 object of indefinite length, read until end tag
for(;;) {
if(bytes.bytes(2) === String.fromCharCode(0, 0)) {
bytes.getBytes(2);
break;
}
value.push(asn1.fromDer(bytes, strict));
}
} else {
// parsing asn1 object of definite length
var start = bytes.length();
while(length > 0) {
value.push(asn1.fromDer(bytes, strict));
length -= start - bytes.length();
start = bytes.length();
}
}
} else {
// asn1 not composed, get raw value
// TODO: do DER to OID conversion and vice-versa in .toDer?
if(length === undefined) {
if(strict) {
throw new Error('Non-constructed ASN.1 object of indefinite length.');
}
// be lenient and use remaining bytes
length = bytes.length();
}
if(type === asn1.Type.BMPSTRING) {
value = '';
for(var i = 0; i < length; i += 2) {
value += String.fromCharCode(bytes.getInt16());
}
} else {
value = bytes.getBytes(length);
}
}
// create and return asn1 object
return asn1.create(tagClass, type, constructed, value);
};
/**
* Converts the given asn1 object to a buffer of bytes in DER format.
*
* @param asn1 the asn1 object to convert to bytes.
*
* @return the buffer of bytes.
*/
asn1.toDer = function(obj) {
var bytes = forge.util.createBuffer();
// build the first byte
var b1 = obj.tagClass | obj.type;
// for storing the ASN.1 value
var value = forge.util.createBuffer();
// if composed, use each child asn1 object's DER bytes as value
if(obj.composed) {
// turn on 6th bit (0x20 = 32) to indicate asn1 is constructed
// from other asn1 objects
if(obj.constructed) {
b1 |= 0x20;
} else {
// type is a bit string, add unused bits of 0x00
value.putByte(0x00);
}
// add all of the child DER bytes together
for(var i = 0; i < obj.value.length; ++i) {
if(obj.value[i] !== undefined) {
value.putBuffer(asn1.toDer(obj.value[i]));
}
}
} else {
// use asn1.value directly
if(obj.type === asn1.Type.BMPSTRING) {
for(var i = 0; i < obj.value.length; ++i) {
value.putInt16(obj.value.charCodeAt(i));
}
} else {
value.putBytes(obj.value);
}
}
// add tag byte
bytes.putByte(b1);
// use "short form" encoding
if(value.length() <= 127) {
// one byte describes the length
// bit 8 = 0 and bits 7-1 = length
bytes.putByte(value.length() & 0x7F);
} else {
// use "long form" encoding
// 2 to 127 bytes describe the length
// first byte: bit 8 = 1 and bits 7-1 = # of additional bytes
// other bytes: length in base 256, big-endian
var len = value.length();
var lenBytes = '';
do {
lenBytes += String.fromCharCode(len & 0xFF);
len = len >>> 8;
} while(len > 0);
// set first byte to # bytes used to store the length and turn on
// bit 8 to indicate long-form length is used
bytes.putByte(lenBytes.length | 0x80);
// concatenate length bytes in reverse since they were generated
// little endian and we need big endian
for(var i = lenBytes.length - 1; i >= 0; --i) {
bytes.putByte(lenBytes.charCodeAt(i));
}
}
// concatenate value bytes
bytes.putBuffer(value);
return bytes;
};
/**
* Converts an OID dot-separated string to a byte buffer. The byte buffer
* contains only the DER-encoded value, not any tag or length bytes.
*
* @param oid the OID dot-separated string.
*
* @return the byte buffer.
*/
asn1.oidToDer = function(oid) {
// split OID into individual values
var values = oid.split('.');
var bytes = forge.util.createBuffer();
// first byte is 40 * value1 + value2
bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10));
// other bytes are each value in base 128 with 8th bit set except for
// the last byte for each value
var last, valueBytes, value, b;
for(var i = 2; i < values.length; ++i) {
// produce value bytes in reverse because we don't know how many
// bytes it will take to store the value
last = true;
valueBytes = [];
value = parseInt(values[i], 10);
do {
b = value & 0x7F;
value = value >>> 7;
// if value is not last, then turn on 8th bit
if(!last) {
b |= 0x80;
}
valueBytes.push(b);
last = false;
} while(value > 0);
// add value bytes in reverse (needs to be in big endian)
for(var n = valueBytes.length - 1; n >= 0; --n) {
bytes.putByte(valueBytes[n]);
}
}
return bytes;
};
/**
* Converts a DER-encoded byte buffer to an OID dot-separated string. The
* byte buffer should contain only the DER-encoded value, not any tag or
* length bytes.
*
* @param bytes the byte buffer.
*
* @return the OID dot-separated string.
*/
asn1.derToOid = function(bytes) {
var oid;
// wrap in buffer if needed
if(typeof bytes === 'string') {
bytes = forge.util.createBuffer(bytes);
}
// first byte is 40 * value1 + value2
var b = bytes.getByte();
oid = Math.floor(b / 40) + '.' + (b % 40);
// other bytes are each value in base 128 with 8th bit set except for
// the last byte for each value
var value = 0;
while(bytes.length() > 0) {
b = bytes.getByte();
value = value << 7;
// not the last byte for the value
if(b & 0x80) {
value += b & 0x7F;
} else {
// last byte
oid += '.' + (value + b);
value = 0;
}
}
return oid;
};
/**
* Converts a UTCTime value to a date.
*
* Note: GeneralizedTime has 4 digits for the year and is used for X.509
* dates passed 2049. Parsing that structure hasn't been implemented yet.
*
* @param utc the UTCTime value to convert.
*
* @return the date.
*/
asn1.utcTimeToDate = function(utc) {
/* The following formats can be used:
YYMMDDhhmmZ
YYMMDDhhmm+hh'mm'
YYMMDDhhmm-hh'mm'
YYMMDDhhmmssZ
YYMMDDhhmmss+hh'mm'
YYMMDDhhmmss-hh'mm'
Where:
YY is the least significant two digits of the year
MM is the month (01 to 12)
DD is the day (01 to 31)
hh is the hour (00 to 23)
mm are the minutes (00 to 59)
ss are the seconds (00 to 59)
Z indicates that local time is GMT, + indicates that local time is
later than GMT, and - indicates that local time is earlier than GMT
hh' is the absolute value of the offset from GMT in hours
mm' is the absolute value of the offset from GMT in minutes */
var date = new Date();
// if YY >= 50 use 19xx, if YY < 50 use 20xx
var year = parseInt(utc.substr(0, 2), 10);
year = (year >= 50) ? 1900 + year : 2000 + year;
var MM = parseInt(utc.substr(2, 2), 10) - 1; // use 0-11 for month
var DD = parseInt(utc.substr(4, 2), 10);
var hh = parseInt(utc.substr(6, 2), 10);
var mm = parseInt(utc.substr(8, 2), 10);
var ss = 0;
// not just YYMMDDhhmmZ
if(utc.length > 11) {
// get character after minutes
var c = utc.charAt(10);
var end = 10;
// see if seconds are present
if(c !== '+' && c !== '-') {
// get seconds
ss = parseInt(utc.substr(10, 2), 10);
end += 2;
}
}
// update date
date.setUTCFullYear(year, MM, DD);
date.setUTCHours(hh, mm, ss, 0);
if(end) {
// get +/- after end of time
c = utc.charAt(end);
if(c === '+' || c === '-') {
// get hours+minutes offset
var hhoffset = parseInt(utc.substr(end + 1, 2), 10);
var mmoffset = parseInt(utc.substr(end + 4, 2), 10);
// calculate offset in milliseconds
var offset = hhoffset * 60 + mmoffset;
offset *= 60000;
// apply offset
if(c === '+') {
date.setTime(+date - offset);
} else {
date.setTime(+date + offset);
}
}
}
return date;
};
/**
* Converts a GeneralizedTime value to a date.
*
* @param gentime the GeneralizedTime value to convert.
*
* @return the date.
*/
asn1.generalizedTimeToDate = function(gentime) {
/* The following formats can be used:
YYYYMMDDHHMMSS
YYYYMMDDHHMMSS.fff
YYYYMMDDHHMMSSZ
YYYYMMDDHHMMSS.fffZ
YYYYMMDDHHMMSS+hh'mm'
YYYYMMDDHHMMSS.fff+hh'mm'
YYYYMMDDHHMMSS-hh'mm'
YYYYMMDDHHMMSS.fff-hh'mm'
Where:
YYYY is the year
MM is the month (01 to 12)
DD is the day (01 to 31)
hh is the hour (00 to 23)
mm are the minutes (00 to 59)
ss are the seconds (00 to 59)
.fff is the second fraction, accurate to three decimal places
Z indicates that local time is GMT, + indicates that local time is
later than GMT, and - indicates that local time is earlier than GMT
hh' is the absolute value of the offset from GMT in hours
mm' is the absolute value of the offset from GMT in minutes */
var date = new Date();
var YYYY = parseInt(gentime.substr(0, 4), 10);
var MM = parseInt(gentime.substr(4, 2), 10) - 1; // use 0-11 for month
var DD = parseInt(gentime.substr(6, 2), 10);
var hh = parseInt(gentime.substr(8, 2), 10);
var mm = parseInt(gentime.substr(10, 2), 10);
var ss = parseInt(gentime.substr(12, 2), 10);
var fff = 0;
var offset = 0;
var isUTC = false;
if(gentime.charAt(gentime.length - 1) === 'Z') {
isUTC = true;
}
var end = gentime.length - 5, c = gentime.charAt(end);
if(c === '+' || c === '-') {
// get hours+minutes offset
var hhoffset = parseInt(gentime.substr(end + 1, 2), 10);
var mmoffset = parseInt(gentime.substr(end + 4, 2), 10);
// calculate offset in milliseconds
offset = hhoffset * 60 + mmoffset;
offset *= 60000;
// apply offset
if(c === '+') {
offset *= -1;
}
isUTC = true;
}
// check for second fraction
if(gentime.charAt(14) === '.') {
fff = parseFloat(gentime.substr(14), 10) * 1000;
}
if(isUTC) {
date.setUTCFullYear(YYYY, MM, DD);
date.setUTCHours(hh, mm, ss, fff);
// apply offset
date.setTime(+date + offset);
} else {
date.setFullYear(YYYY, MM, DD);
date.setHours(hh, mm, ss, fff);
}
return date;
};
/**
* Converts a date to a UTCTime value.
*
* Note: GeneralizedTime has 4 digits for the year and is used for X.509
* dates passed 2049. Converting to a GeneralizedTime hasn't been
* implemented yet.
*
* @param date the date to convert.
*
* @return the UTCTime value.
*/
asn1.dateToUtcTime = function(date) {
// TODO: validate; currently assumes proper format
if(typeof date === 'string') {
return date;
}
var rval = '';
// create format YYMMDDhhmmssZ
var format = [];
format.push(('' + date.getUTCFullYear()).substr(2));
format.push('' + (date.getUTCMonth() + 1));
format.push('' + date.getUTCDate());
format.push('' + date.getUTCHours());
format.push('' + date.getUTCMinutes());
format.push('' + date.getUTCSeconds());
// ensure 2 digits are used for each format entry
for(var i = 0; i < format.length; ++i) {
if(format[i].length < 2) {
rval += '0';
}
rval += format[i];
}
rval += 'Z';
return rval;
};
/**
* Converts a date to a GeneralizedTime value.
*
* @param date the date to convert.
*
* @return the GeneralizedTime value as a string.
*/
asn1.dateToGeneralizedTime = function(date) {
// TODO: validate; currently assumes proper format
if(typeof date === 'string') {
return date;
}
var rval = '';
// create format YYYYMMDDHHMMSSZ
var format = [];
format.push('' + date.getUTCFullYear());
format.push('' + (date.getUTCMonth() + 1));
format.push('' + date.getUTCDate());
format.push('' + date.getUTCHours());
format.push('' + date.getUTCMinutes());
format.push('' + date.getUTCSeconds());
// ensure 2 digits are used for each format entry
for(var i = 0; i < format.length; ++i) {
if(format[i].length < 2) {
rval += '0';
}
rval += format[i];
}
rval += 'Z';
return rval;
};
/**
* Converts a javascript integer to a DER-encoded byte buffer to be used
* as the value for an INTEGER type.
*
* @param x the integer.
*
* @return the byte buffer.
*/
asn1.integerToDer = function(x) {
var rval = forge.util.createBuffer();
if(x >= -0x80 && x < 0x80) {
return rval.putSignedInt(x, 8);
}
if(x >= -0x8000 && x < 0x8000) {
return rval.putSignedInt(x, 16);
}
if(x >= -0x800000 && x < 0x800000) {
return rval.putSignedInt(x, 24);
}
if(x >= -0x80000000 && x < 0x80000000) {
return rval.putSignedInt(x, 32);
}
var error = new Error('Integer too large; max is 32-bits.');
error.integer = x;
throw error;
};
/**
* Converts a DER-encoded byte buffer to a javascript integer. This is
* typically used to decode the value of an INTEGER type.
*
* @param bytes the byte buffer.
*
* @return the integer.
*/
asn1.derToInteger = function(bytes) {
// wrap in buffer if needed
if(typeof bytes === 'string') {
bytes = forge.util.createBuffer(bytes);
}
var n = bytes.length() * 8;
if(n > 32) {
throw new Error('Integer too large; max is 32-bits.');
}
return bytes.getSignedInt(n);
};
/**
* Validates the that given ASN.1 object is at least a super set of the
* given ASN.1 structure. Only tag classes and types are checked. An
* optional map may also be provided to capture ASN.1 values while the
* structure is checked.
*
* To capture an ASN.1 value, set an object in the validator's 'capture'
* parameter to the key to use in the capture map. To capture the full
* ASN.1 object, specify 'captureAsn1'.
*
* Objects in the validator may set a field 'optional' to true to indicate
* that it isn't necessary to pass validation.
*
* @param obj the ASN.1 object to validate.
* @param v the ASN.1 structure validator.
* @param capture an optional map to capture values in.
* @param errors an optional array for storing validation errors.
*
* @return true on success, false on failure.
*/
asn1.validate = function(obj, v, capture, errors) {
var rval = false;
// ensure tag class and type are the same if specified
if((obj.tagClass === v.tagClass || typeof(v.tagClass) === 'undefined') &&
(obj.type === v.type || typeof(v.type) === 'undefined')) {
// ensure constructed flag is the same if specified
if(obj.constructed === v.constructed ||
typeof(v.constructed) === 'undefined') {
rval = true;
// handle sub values
if(v.value && forge.util.isArray(v.value)) {
var j = 0;
for(var i = 0; rval && i < v.value.length; ++i) {
rval = v.value[i].optional || false;
if(obj.value[j]) {
rval = asn1.validate(obj.value[j], v.value[i], capture, errors);
if(rval) {
++j;
} else if(v.value[i].optional) {
rval = true;
}
}
if(!rval && errors) {
errors.push(
'[' + v.name + '] ' +
'Tag class "' + v.tagClass + '", type "' +
v.type + '" expected value length "' +
v.value.length + '", got "' +
obj.value.length + '"');
}
}
}
if(rval && capture) {
if(v.capture) {
capture[v.capture] = obj.value;
}
if(v.captureAsn1) {
capture[v.captureAsn1] = obj;
}
}
} else if(errors) {
errors.push(
'[' + v.name + '] ' +
'Expected constructed "' + v.constructed + '", got "' +
obj.constructed + '"');
}
} else if(errors) {
if(obj.tagClass !== v.tagClass) {
errors.push(
'[' + v.name + '] ' +
'Expected tag class "' + v.tagClass + '", got "' +
obj.tagClass + '"');
}
if(obj.type !== v.type) {
errors.push(
'[' + v.name + '] ' +
'Expected type "' + v.type + '", got "' + obj.type + '"');
}
}
return rval;
};
// regex for testing for non-latin characters
var _nonLatinRegex = /[^\\u0000-\\u00ff]/;
/**
* Pretty prints an ASN.1 object to a string.
*
* @param obj the object to write out.
* @param level the level in the tree.
* @param indentation the indentation to use.
*
* @return the string.
*/
asn1.prettyPrint = function(obj, level, indentation) {
var rval = '';
// set default level and indentation
level = level || 0;
indentation = indentation || 2;
// start new line for deep levels
if(level > 0) {
rval += '\n';
}
// create indent
var indent = '';
for(var i = 0; i < level * indentation; ++i) {
indent += ' ';
}
// print class:type
rval += indent + 'Tag: ';
switch(obj.tagClass) {
case asn1.Class.UNIVERSAL:
rval += 'Universal:';
break;
case asn1.Class.APPLICATION:
rval += 'Application:';
break;
case asn1.Class.CONTEXT_SPECIFIC:
rval += 'Context-Specific:';
break;
case asn1.Class.PRIVATE:
rval += 'Private:';
break;
}
if(obj.tagClass === asn1.Class.UNIVERSAL) {
rval += obj.type;
// known types
switch(obj.type) {
case asn1.Type.NONE:
rval += ' (None)';
break;
case asn1.Type.BOOLEAN:
rval += ' (Boolean)';
break;
case asn1.Type.BITSTRING:
rval += ' (Bit string)';
break;
case asn1.Type.INTEGER:
rval += ' (Integer)';
break;
case asn1.Type.OCTETSTRING:
rval += ' (Octet string)';
break;
case asn1.Type.NULL:
rval += ' (Null)';
break;
case asn1.Type.OID:
rval += ' (Object Identifier)';
break;
case asn1.Type.ODESC:
rval += ' (Object Descriptor)';
break;
case asn1.Type.EXTERNAL:
rval += ' (External or Instance of)';
break;
case asn1.Type.REAL:
rval += ' (Real)';
break;
case asn1.Type.ENUMERATED:
rval += ' (Enumerated)';
break;
case asn1.Type.EMBEDDED:
rval += ' (Embedded PDV)';
break;
case asn1.Type.UTF8:
rval += ' (UTF8)';
break;
case asn1.Type.ROID:
rval += ' (Relative Object Identifier)';
break;
case asn1.Type.SEQUENCE:
rval += ' (Sequence)';
break;
case asn1.Type.SET:
rval += ' (Set)';
break;
case asn1.Type.PRINTABLESTRING:
rval += ' (Printable String)';
break;
case asn1.Type.IA5String:
rval += ' (IA5String (ASCII))';
break;
case asn1.Type.UTCTIME:
rval += ' (UTC time)';
break;
case asn1.Type.GENERALIZEDTIME:
rval += ' (Generalized time)';
break;
case asn1.Type.BMPSTRING:
rval += ' (BMP String)';
break;
}
} else {
rval += obj.type;
}
rval += '\n';
rval += indent + 'Constructed: ' + obj.constructed + '\n';
if(obj.composed) {
var subvalues = 0;
var sub = '';
for(var i = 0; i < obj.value.length; ++i) {
if(obj.value[i] !== undefined) {
subvalues += 1;
sub += asn1.prettyPrint(obj.value[i], level + 1, indentation);
if((i + 1) < obj.value.length) {
sub += ',';
}
}
}
rval += indent + 'Sub values: ' + subvalues + sub;
} else {
rval += indent + 'Value: ';
if(obj.type === asn1.Type.OID) {
var oid = asn1.derToOid(obj.value);
rval += oid;
if(forge.pki && forge.pki.oids) {
if(oid in forge.pki.oids) {
rval += ' (' + forge.pki.oids[oid] + ') ';
}
}
}
if(obj.type === asn1.Type.INTEGER) {
try {
rval += asn1.derToInteger(obj.value);
} catch(ex) {
rval += '0x' + forge.util.bytesToHex(obj.value);
}
} else if(obj.type === asn1.Type.OCTETSTRING) {
if(!_nonLatinRegex.test(obj.value)) {
rval += '(' + obj.value + ') ';
}
rval += '0x' + forge.util.bytesToHex(obj.value);
} else if(obj.type === asn1.Type.UTF8) {
rval += forge.util.decodeUtf8(obj.value);
} else if(obj.type === asn1.Type.PRINTABLESTRING ||
obj.type === asn1.Type.IA5String) {
rval += obj.value;
} else if(_nonLatinRegex.test(obj.value)) {
rval += '0x' + forge.util.bytesToHex(obj.value);
} else if(obj.value.length === 0) {
rval += '[null]';
} else {
rval += obj.value;
}
}
return rval;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'asn1';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/asn1',['require', 'module', './util', './oids'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Message Digest Algorithm 5 with 128-bit digest (MD5) implementation.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var md5 = forge.md5 = forge.md5 || {};
forge.md = forge.md || {};
forge.md.algorithms = forge.md.algorithms || {};
forge.md.md5 = forge.md.algorithms.md5 = md5;
/**
* Creates an MD5 message digest object.
*
* @return a message digest object.
*/
md5.create = function() {
// do initialization as necessary
if(!_initialized) {
_init();
}
// MD5 state contains four 32-bit integers
var _state = null;
// input buffer
var _input = forge.util.createBuffer();
// used for word storage
var _w = new Array(16);
// message digest object
var md = {
algorithm: 'md5',
blockLength: 64,
digestLength: 16,
// 56-bit length of message so far (does not including padding)
messageLength: 0,
// true message length
fullMessageLength: null,
// size of message length in bytes
messageLengthSize: 8
};
/**
* Starts the digest.
*
* @return this digest object.
*/
md.start = function() {
// up to 56-bit message length for convenience
md.messageLength = 0;
// full message length (set md.messageLength64 for backwards-compatibility)
md.fullMessageLength = md.messageLength64 = [];
var int32s = md.messageLengthSize / 4;
for(var i = 0; i < int32s; ++i) {
md.fullMessageLength.push(0);
}
_input = forge.util.createBuffer();
_state = {
h0: 0x67452301,
h1: 0xEFCDAB89,
h2: 0x98BADCFE,
h3: 0x10325476
};
return md;
};
// start digest automatically for first time
md.start();
/**
* Updates the digest with the given message input. The given input can
* treated as raw input (no encoding will be applied) or an encoding of
* 'utf8' maybe given to encode the input using UTF-8.
*
* @param msg the message input to update with.
* @param encoding the encoding to use (default: 'raw', other: 'utf8').
*
* @return this digest object.
*/
md.update = function(msg, encoding) {
if(encoding === 'utf8') {
msg = forge.util.encodeUtf8(msg);
}
// update message length
var len = msg.length;
md.messageLength += len;
len = [(len / 0x100000000) >>> 0, len >>> 0];
for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {
md.fullMessageLength[i] += len[1];
len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);
md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;
len[0] = ((len[1] / 0x100000000) >>> 0);
}
// add bytes to input buffer
_input.putBytes(msg);
// process bytes
_update(_state, _w, _input);
// compact input buffer every 2K or if empty
if(_input.read > 2048 || _input.length() === 0) {
_input.compact();
}
return md;
};
/**
* Produces the digest.
*
* @return a byte buffer containing the digest value.
*/
md.digest = function() {
/* Note: Here we copy the remaining bytes in the input buffer and
add the appropriate MD5 padding. Then we do the final update
on a copy of the state so that if the user wants to get
intermediate digests they can do so. */
/* Determine the number of bytes that must be added to the message
to ensure its length is congruent to 448 mod 512. In other words,
the data to be digested must be a multiple of 512 bits (or 128 bytes).
This data includes the message, some padding, and the length of the
message. Since the length of the message will be encoded as 8 bytes (64
bits), that means that the last segment of the data must have 56 bytes
(448 bits) of message and padding. Therefore, the length of the message
plus the padding must be congruent to 448 mod 512 because
512 - 128 = 448.
In order to fill up the message length it must be filled with
padding that begins with 1 bit followed by all 0 bits. Padding
must *always* be present, so if the message length is already
congruent to 448 mod 512, then 512 padding bits must be added. */
var finalBlock = forge.util.createBuffer();
finalBlock.putBytes(_input.bytes());
// compute remaining size to be digested (include message length size)
var remaining = (
md.fullMessageLength[md.fullMessageLength.length - 1] +
md.messageLengthSize);
// add padding for overflow blockSize - overflow
// _padding starts with 1 byte with first bit is set (byte value 128), then
// there may be up to (blockSize - 1) other pad bytes
var overflow = remaining & (md.blockLength - 1);
finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));
// serialize message length in bits in little-endian order; since length
// is stored in bytes we multiply by 8 and add carry
var bits, carry = 0;
for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {
bits = md.fullMessageLength[i] * 8 + carry;
carry = (bits / 0x100000000) >>> 0;
finalBlock.putInt32Le(bits >>> 0);
}
var s2 = {
h0: _state.h0,
h1: _state.h1,
h2: _state.h2,
h3: _state.h3
};
_update(s2, _w, finalBlock);
var rval = forge.util.createBuffer();
rval.putInt32Le(s2.h0);
rval.putInt32Le(s2.h1);
rval.putInt32Le(s2.h2);
rval.putInt32Le(s2.h3);
return rval;
};
return md;
};
// padding, constant tables for calculating md5
var _padding = null;
var _g = null;
var _r = null;
var _k = null;
var _initialized = false;
/**
* Initializes the constant tables.
*/
function _init() {
// create padding
_padding = String.fromCharCode(128);
_padding += forge.util.fillString(String.fromCharCode(0x00), 64);
// g values
_g = [
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,
5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,
0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9];
// rounds table
_r = [
7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22,
5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20,
4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23,
6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21];
// get the result of abs(sin(i + 1)) as a 32-bit integer
_k = new Array(64);
for(var i = 0; i < 64; ++i) {
_k[i] = Math.floor(Math.abs(Math.sin(i + 1)) * 0x100000000);
}
// now initialized
_initialized = true;
}
/**
* Updates an MD5 state with the given byte buffer.
*
* @param s the MD5 state to update.
* @param w the array to use to store words.
* @param bytes the byte buffer to update with.
*/
function _update(s, w, bytes) {
// consume 512 bit (64 byte) chunks
var t, a, b, c, d, f, r, i;
var len = bytes.length();
while(len >= 64) {
// initialize hash value for this chunk
a = s.h0;
b = s.h1;
c = s.h2;
d = s.h3;
// round 1
for(i = 0; i < 16; ++i) {
w[i] = bytes.getInt32Le();
f = d ^ (b & (c ^ d));
t = (a + f + _k[i] + w[i]);
r = _r[i];
a = d;
d = c;
c = b;
b += (t << r) | (t >>> (32 - r));
}
// round 2
for(; i < 32; ++i) {
f = c ^ (d & (b ^ c));
t = (a + f + _k[i] + w[_g[i]]);
r = _r[i];
a = d;
d = c;
c = b;
b += (t << r) | (t >>> (32 - r));
}
// round 3
for(; i < 48; ++i) {
f = b ^ c ^ d;
t = (a + f + _k[i] + w[_g[i]]);
r = _r[i];
a = d;
d = c;
c = b;
b += (t << r) | (t >>> (32 - r));
}
// round 4
for(; i < 64; ++i) {
f = c ^ (b | ~d);
t = (a + f + _k[i] + w[_g[i]]);
r = _r[i];
a = d;
d = c;
c = b;
b += (t << r) | (t >>> (32 - r));
}
// update hash state
s.h0 = (s.h0 + a) | 0;
s.h1 = (s.h1 + b) | 0;
s.h2 = (s.h2 + c) | 0;
s.h3 = (s.h3 + d) | 0;
len -= 64;
}
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'md5';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/md5',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Secure Hash Algorithm with 160-bit digest (SHA-1) implementation.
*
* @author Dave Longley
*
* Copyright (c) 2010-2015 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var sha1 = forge.sha1 = forge.sha1 || {};
forge.md = forge.md || {};
forge.md.algorithms = forge.md.algorithms || {};
forge.md.sha1 = forge.md.algorithms.sha1 = sha1;
/**
* Creates a SHA-1 message digest object.
*
* @return a message digest object.
*/
sha1.create = function() {
// do initialization as necessary
if(!_initialized) {
_init();
}
// SHA-1 state contains five 32-bit integers
var _state = null;
// input buffer
var _input = forge.util.createBuffer();
// used for word storage
var _w = new Array(80);
// message digest object
var md = {
algorithm: 'sha1',
blockLength: 64,
digestLength: 20,
// 56-bit length of message so far (does not including padding)
messageLength: 0,
// true message length
fullMessageLength: null,
// size of message length in bytes
messageLengthSize: 8
};
/**
* Starts the digest.
*
* @return this digest object.
*/
md.start = function() {
// up to 56-bit message length for convenience
md.messageLength = 0;
// full message length (set md.messageLength64 for backwards-compatibility)
md.fullMessageLength = md.messageLength64 = [];
var int32s = md.messageLengthSize / 4;
for(var i = 0; i < int32s; ++i) {
md.fullMessageLength.push(0);
}
_input = forge.util.createBuffer();
_state = {
h0: 0x67452301,
h1: 0xEFCDAB89,
h2: 0x98BADCFE,
h3: 0x10325476,
h4: 0xC3D2E1F0
};
return md;
};
// start digest automatically for first time
md.start();
/**
* Updates the digest with the given message input. The given input can
* treated as raw input (no encoding will be applied) or an encoding of
* 'utf8' maybe given to encode the input using UTF-8.
*
* @param msg the message input to update with.
* @param encoding the encoding to use (default: 'raw', other: 'utf8').
*
* @return this digest object.
*/
md.update = function(msg, encoding) {
if(encoding === 'utf8') {
msg = forge.util.encodeUtf8(msg);
}
// update message length
var len = msg.length;
md.messageLength += len;
len = [(len / 0x100000000) >>> 0, len >>> 0];
for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {
md.fullMessageLength[i] += len[1];
len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);
md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;
len[0] = ((len[1] / 0x100000000) >>> 0);
}
// add bytes to input buffer
_input.putBytes(msg);
// process bytes
_update(_state, _w, _input);
// compact input buffer every 2K or if empty
if(_input.read > 2048 || _input.length() === 0) {
_input.compact();
}
return md;
};
/**
* Produces the digest.
*
* @return a byte buffer containing the digest value.
*/
md.digest = function() {
/* Note: Here we copy the remaining bytes in the input buffer and
add the appropriate SHA-1 padding. Then we do the final update
on a copy of the state so that if the user wants to get
intermediate digests they can do so. */
/* Determine the number of bytes that must be added to the message
to ensure its length is congruent to 448 mod 512. In other words,
the data to be digested must be a multiple of 512 bits (or 128 bytes).
This data includes the message, some padding, and the length of the
message. Since the length of the message will be encoded as 8 bytes (64
bits), that means that the last segment of the data must have 56 bytes
(448 bits) of message and padding. Therefore, the length of the message
plus the padding must be congruent to 448 mod 512 because
512 - 128 = 448.
In order to fill up the message length it must be filled with
padding that begins with 1 bit followed by all 0 bits. Padding
must *always* be present, so if the message length is already
congruent to 448 mod 512, then 512 padding bits must be added. */
var finalBlock = forge.util.createBuffer();
finalBlock.putBytes(_input.bytes());
// compute remaining size to be digested (include message length size)
var remaining = (
md.fullMessageLength[md.fullMessageLength.length - 1] +
md.messageLengthSize);
// add padding for overflow blockSize - overflow
// _padding starts with 1 byte with first bit is set (byte value 128), then
// there may be up to (blockSize - 1) other pad bytes
var overflow = remaining & (md.blockLength - 1);
finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));
// serialize message length in bits in big-endian order; since length
// is stored in bytes we multiply by 8 and add carry from next int
var messageLength = forge.util.createBuffer();
var next, carry;
var bits = md.fullMessageLength[0] * 8;
for(var i = 0; i < md.fullMessageLength.length; ++i) {
next = md.fullMessageLength[i + 1] * 8;
carry = (next / 0x100000000) >>> 0;
bits += carry;
finalBlock.putInt32(bits >>> 0);
bits = next;
}
var s2 = {
h0: _state.h0,
h1: _state.h1,
h2: _state.h2,
h3: _state.h3,
h4: _state.h4
};
_update(s2, _w, finalBlock);
var rval = forge.util.createBuffer();
rval.putInt32(s2.h0);
rval.putInt32(s2.h1);
rval.putInt32(s2.h2);
rval.putInt32(s2.h3);
rval.putInt32(s2.h4);
return rval;
};
return md;
};
// sha-1 padding bytes not initialized yet
var _padding = null;
var _initialized = false;
/**
* Initializes the constant tables.
*/
function _init() {
// create padding
_padding = String.fromCharCode(128);
_padding += forge.util.fillString(String.fromCharCode(0x00), 64);
// now initialized
_initialized = true;
}
/**
* Updates a SHA-1 state with the given byte buffer.
*
* @param s the SHA-1 state to update.
* @param w the array to use to store words.
* @param bytes the byte buffer to update with.
*/
function _update(s, w, bytes) {
// consume 512 bit (64 byte) chunks
var t, a, b, c, d, e, f, i;
var len = bytes.length();
while(len >= 64) {
// the w array will be populated with sixteen 32-bit big-endian words
// and then extended into 80 32-bit words according to SHA-1 algorithm
// and for 32-79 using Max Locktyukhin's optimization
// initialize hash value for this chunk
a = s.h0;
b = s.h1;
c = s.h2;
d = s.h3;
e = s.h4;
// round 1
for(i = 0; i < 16; ++i) {
t = bytes.getInt32();
w[i] = t;
f = d ^ (b & (c ^ d));
t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;
e = d;
d = c;
c = (b << 30) | (b >>> 2);
b = a;
a = t;
}
for(; i < 20; ++i) {
t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);
t = (t << 1) | (t >>> 31);
w[i] = t;
f = d ^ (b & (c ^ d));
t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;
e = d;
d = c;
c = (b << 30) | (b >>> 2);
b = a;
a = t;
}
// round 2
for(; i < 32; ++i) {
t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);
t = (t << 1) | (t >>> 31);
w[i] = t;
f = b ^ c ^ d;
t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;
e = d;
d = c;
c = (b << 30) | (b >>> 2);
b = a;
a = t;
}
for(; i < 40; ++i) {
t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);
t = (t << 2) | (t >>> 30);
w[i] = t;
f = b ^ c ^ d;
t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;
e = d;
d = c;
c = (b << 30) | (b >>> 2);
b = a;
a = t;
}
// round 3
for(; i < 60; ++i) {
t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);
t = (t << 2) | (t >>> 30);
w[i] = t;
f = (b & c) | (d & (b ^ c));
t = ((a << 5) | (a >>> 27)) + f + e + 0x8F1BBCDC + t;
e = d;
d = c;
c = (b << 30) | (b >>> 2);
b = a;
a = t;
}
// round 4
for(; i < 80; ++i) {
t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);
t = (t << 2) | (t >>> 30);
w[i] = t;
f = b ^ c ^ d;
t = ((a << 5) | (a >>> 27)) + f + e + 0xCA62C1D6 + t;
e = d;
d = c;
c = (b << 30) | (b >>> 2);
b = a;
a = t;
}
// update hash state
s.h0 = (s.h0 + a) | 0;
s.h1 = (s.h1 + b) | 0;
s.h2 = (s.h2 + c) | 0;
s.h3 = (s.h3 + d) | 0;
s.h4 = (s.h4 + e) | 0;
len -= 64;
}
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'sha1';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/sha1',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Secure Hash Algorithm with 256-bit digest (SHA-256) implementation.
*
* See FIPS 180-2 for details.
*
* @author Dave Longley
*
* Copyright (c) 2010-2015 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var sha256 = forge.sha256 = forge.sha256 || {};
forge.md = forge.md || {};
forge.md.algorithms = forge.md.algorithms || {};
forge.md.sha256 = forge.md.algorithms.sha256 = sha256;
/**
* Creates a SHA-256 message digest object.
*
* @return a message digest object.
*/
sha256.create = function() {
// do initialization as necessary
if(!_initialized) {
_init();
}
// SHA-256 state contains eight 32-bit integers
var _state = null;
// input buffer
var _input = forge.util.createBuffer();
// used for word storage
var _w = new Array(64);
// message digest object
var md = {
algorithm: 'sha256',
blockLength: 64,
digestLength: 32,
// 56-bit length of message so far (does not including padding)
messageLength: 0,
// true message length
fullMessageLength: null,
// size of message length in bytes
messageLengthSize: 8
};
/**
* Starts the digest.
*
* @return this digest object.
*/
md.start = function() {
// up to 56-bit message length for convenience
md.messageLength = 0;
// full message length (set md.messageLength64 for backwards-compatibility)
md.fullMessageLength = md.messageLength64 = [];
var int32s = md.messageLengthSize / 4;
for(var i = 0; i < int32s; ++i) {
md.fullMessageLength.push(0);
}
_input = forge.util.createBuffer();
_state = {
h0: 0x6A09E667,
h1: 0xBB67AE85,
h2: 0x3C6EF372,
h3: 0xA54FF53A,
h4: 0x510E527F,
h5: 0x9B05688C,
h6: 0x1F83D9AB,
h7: 0x5BE0CD19
};
return md;
};
// start digest automatically for first time
md.start();
/**
* Updates the digest with the given message input. The given input can
* treated as raw input (no encoding will be applied) or an encoding of
* 'utf8' maybe given to encode the input using UTF-8.
*
* @param msg the message input to update with.
* @param encoding the encoding to use (default: 'raw', other: 'utf8').
*
* @return this digest object.
*/
md.update = function(msg, encoding) {
if(encoding === 'utf8') {
msg = forge.util.encodeUtf8(msg);
}
// update message length
var len = msg.length;
md.messageLength += len;
len = [(len / 0x100000000) >>> 0, len >>> 0];
for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {
md.fullMessageLength[i] += len[1];
len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);
md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;
len[0] = ((len[1] / 0x100000000) >>> 0);
}
// add bytes to input buffer
_input.putBytes(msg);
// process bytes
_update(_state, _w, _input);
// compact input buffer every 2K or if empty
if(_input.read > 2048 || _input.length() === 0) {
_input.compact();
}
return md;
};
/**
* Produces the digest.
*
* @return a byte buffer containing the digest value.
*/
md.digest = function() {
/* Note: Here we copy the remaining bytes in the input buffer and
add the appropriate SHA-256 padding. Then we do the final update
on a copy of the state so that if the user wants to get
intermediate digests they can do so. */
/* Determine the number of bytes that must be added to the message
to ensure its length is congruent to 448 mod 512. In other words,
the data to be digested must be a multiple of 512 bits (or 128 bytes).
This data includes the message, some padding, and the length of the
message. Since the length of the message will be encoded as 8 bytes (64
bits), that means that the last segment of the data must have 56 bytes
(448 bits) of message and padding. Therefore, the length of the message
plus the padding must be congruent to 448 mod 512 because
512 - 128 = 448.
In order to fill up the message length it must be filled with
padding that begins with 1 bit followed by all 0 bits. Padding
must *always* be present, so if the message length is already
congruent to 448 mod 512, then 512 padding bits must be added. */
var finalBlock = forge.util.createBuffer();
finalBlock.putBytes(_input.bytes());
// compute remaining size to be digested (include message length size)
var remaining = (
md.fullMessageLength[md.fullMessageLength.length - 1] +
md.messageLengthSize);
// add padding for overflow blockSize - overflow
// _padding starts with 1 byte with first bit is set (byte value 128), then
// there may be up to (blockSize - 1) other pad bytes
var overflow = remaining & (md.blockLength - 1);
finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));
// serialize message length in bits in big-endian order; since length
// is stored in bytes we multiply by 8 and add carry from next int
var messageLength = forge.util.createBuffer();
var next, carry;
var bits = md.fullMessageLength[0] * 8;
for(var i = 0; i < md.fullMessageLength.length; ++i) {
next = md.fullMessageLength[i + 1] * 8;
carry = (next / 0x100000000) >>> 0;
bits += carry;
finalBlock.putInt32(bits >>> 0);
bits = next;
}
var s2 = {
h0: _state.h0,
h1: _state.h1,
h2: _state.h2,
h3: _state.h3,
h4: _state.h4,
h5: _state.h5,
h6: _state.h6,
h7: _state.h7
};
_update(s2, _w, finalBlock);
var rval = forge.util.createBuffer();
rval.putInt32(s2.h0);
rval.putInt32(s2.h1);
rval.putInt32(s2.h2);
rval.putInt32(s2.h3);
rval.putInt32(s2.h4);
rval.putInt32(s2.h5);
rval.putInt32(s2.h6);
rval.putInt32(s2.h7);
return rval;
};
return md;
};
// sha-256 padding bytes not initialized yet
var _padding = null;
var _initialized = false;
// table of constants
var _k = null;
/**
* Initializes the constant tables.
*/
function _init() {
// create padding
_padding = String.fromCharCode(128);
_padding += forge.util.fillString(String.fromCharCode(0x00), 64);
// create K table for SHA-256
_k = [
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
// now initialized
_initialized = true;
}
/**
* Updates a SHA-256 state with the given byte buffer.
*
* @param s the SHA-256 state to update.
* @param w the array to use to store words.
* @param bytes the byte buffer to update with.
*/
function _update(s, w, bytes) {
// consume 512 bit (64 byte) chunks
var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h;
var len = bytes.length();
while(len >= 64) {
// the w array will be populated with sixteen 32-bit big-endian words
// and then extended into 64 32-bit words according to SHA-256
for(i = 0; i < 16; ++i) {
w[i] = bytes.getInt32();
}
for(; i < 64; ++i) {
// XOR word 2 words ago rot right 17, rot right 19, shft right 10
t1 = w[i - 2];
t1 =
((t1 >>> 17) | (t1 << 15)) ^
((t1 >>> 19) | (t1 << 13)) ^
(t1 >>> 10);
// XOR word 15 words ago rot right 7, rot right 18, shft right 3
t2 = w[i - 15];
t2 =
((t2 >>> 7) | (t2 << 25)) ^
((t2 >>> 18) | (t2 << 14)) ^
(t2 >>> 3);
// sum(t1, word 7 ago, t2, word 16 ago) modulo 2^32
w[i] = (t1 + w[i - 7] + t2 + w[i - 16]) | 0;
}
// initialize hash value for this chunk
a = s.h0;
b = s.h1;
c = s.h2;
d = s.h3;
e = s.h4;
f = s.h5;
g = s.h6;
h = s.h7;
// round function
for(i = 0; i < 64; ++i) {
// Sum1(e)
s1 =
((e >>> 6) | (e << 26)) ^
((e >>> 11) | (e << 21)) ^
((e >>> 25) | (e << 7));
// Ch(e, f, g) (optimized the same way as SHA-1)
ch = g ^ (e & (f ^ g));
// Sum0(a)
s0 =
((a >>> 2) | (a << 30)) ^
((a >>> 13) | (a << 19)) ^
((a >>> 22) | (a << 10));
// Maj(a, b, c) (optimized the same way as SHA-1)
maj = (a & b) | (c & (a ^ b));
// main algorithm
t1 = h + s1 + ch + _k[i] + w[i];
t2 = s0 + maj;
h = g;
g = f;
f = e;
e = (d + t1) | 0;
d = c;
c = b;
b = a;
a = (t1 + t2) | 0;
}
// update hash state
s.h0 = (s.h0 + a) | 0;
s.h1 = (s.h1 + b) | 0;
s.h2 = (s.h2 + c) | 0;
s.h3 = (s.h3 + d) | 0;
s.h4 = (s.h4 + e) | 0;
s.h5 = (s.h5 + f) | 0;
s.h6 = (s.h6 + g) | 0;
s.h7 = (s.h7 + h) | 0;
len -= 64;
}
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'sha256';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/sha256',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Secure Hash Algorithm with a 1024-bit block size implementation.
*
* This includes: SHA-512, SHA-384, SHA-512/224, and SHA-512/256. For
* SHA-256 (block size 512 bits), see sha256.js.
*
* See FIPS 180-4 for details.
*
* @author Dave Longley
*
* Copyright (c) 2014-2015 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var sha512 = forge.sha512 = forge.sha512 || {};
forge.md = forge.md || {};
forge.md.algorithms = forge.md.algorithms || {};
// SHA-512
forge.md.sha512 = forge.md.algorithms.sha512 = sha512;
// SHA-384
var sha384 = forge.sha384 = forge.sha512.sha384 = forge.sha512.sha384 || {};
sha384.create = function() {
return sha512.create('SHA-384');
};
forge.md.sha384 = forge.md.algorithms.sha384 = sha384;
// SHA-512/256
forge.sha512.sha256 = forge.sha512.sha256 || {
create: function() {
return sha512.create('SHA-512/256');
}
};
forge.md['sha512/256'] = forge.md.algorithms['sha512/256'] =
forge.sha512.sha256;
// SHA-512/224
forge.sha512.sha224 = forge.sha512.sha224 || {
create: function() {
return sha512.create('SHA-512/224');
}
};
forge.md['sha512/224'] = forge.md.algorithms['sha512/224'] =
forge.sha512.sha224;
/**
* Creates a SHA-2 message digest object.
*
* @param algorithm the algorithm to use (SHA-512, SHA-384, SHA-512/224,
* SHA-512/256).
*
* @return a message digest object.
*/
sha512.create = function(algorithm) {
// do initialization as necessary
if(!_initialized) {
_init();
}
if(typeof algorithm === 'undefined') {
algorithm = 'SHA-512';
}
if(!(algorithm in _states)) {
throw new Error('Invalid SHA-512 algorithm: ' + algorithm);
}
// SHA-512 state contains eight 64-bit integers (each as two 32-bit ints)
var _state = _states[algorithm];
var _h = null;
// input buffer
var _input = forge.util.createBuffer();
// used for 64-bit word storage
var _w = new Array(80);
for(var wi = 0; wi < 80; ++wi) {
_w[wi] = new Array(2);
}
// message digest object
var md = {
// SHA-512 => sha512
algorithm: algorithm.replace('-', '').toLowerCase(),
blockLength: 128,
digestLength: 64,
// 56-bit length of message so far (does not including padding)
messageLength: 0,
// true message length
fullMessageLength: null,
// size of message length in bytes
messageLengthSize: 16
};
/**
* Starts the digest.
*
* @return this digest object.
*/
md.start = function() {
// up to 56-bit message length for convenience
md.messageLength = 0;
// full message length (set md.messageLength128 for backwards-compatibility)
md.fullMessageLength = md.messageLength128 = [];
var int32s = md.messageLengthSize / 4;
for(var i = 0; i < int32s; ++i) {
md.fullMessageLength.push(0);
}
_input = forge.util.createBuffer();
_h = new Array(_state.length);
for(var i = 0; i < _state.length; ++i) {
_h[i] = _state[i].slice(0);
}
return md;
};
// start digest automatically for first time
md.start();
/**
* Updates the digest with the given message input. The given input can
* treated as raw input (no encoding will be applied) or an encoding of
* 'utf8' maybe given to encode the input using UTF-8.
*
* @param msg the message input to update with.
* @param encoding the encoding to use (default: 'raw', other: 'utf8').
*
* @return this digest object.
*/
md.update = function(msg, encoding) {
if(encoding === 'utf8') {
msg = forge.util.encodeUtf8(msg);
}
// update message length
var len = msg.length;
md.messageLength += len;
len = [(len / 0x100000000) >>> 0, len >>> 0];
for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {
md.fullMessageLength[i] += len[1];
len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);
md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;
len[0] = ((len[1] / 0x100000000) >>> 0);
}
// add bytes to input buffer
_input.putBytes(msg);
// process bytes
_update(_h, _w, _input);
// compact input buffer every 2K or if empty
if(_input.read > 2048 || _input.length() === 0) {
_input.compact();
}
return md;
};
/**
* Produces the digest.
*
* @return a byte buffer containing the digest value.
*/
md.digest = function() {
/* Note: Here we copy the remaining bytes in the input buffer and
add the appropriate SHA-512 padding. Then we do the final update
on a copy of the state so that if the user wants to get
intermediate digests they can do so. */
/* Determine the number of bytes that must be added to the message
to ensure its length is congruent to 896 mod 1024. In other words,
the data to be digested must be a multiple of 1024 bits (or 128 bytes).
This data includes the message, some padding, and the length of the
message. Since the length of the message will be encoded as 16 bytes (128
bits), that means that the last segment of the data must have 112 bytes
(896 bits) of message and padding. Therefore, the length of the message
plus the padding must be congruent to 896 mod 1024 because
1024 - 128 = 896.
In order to fill up the message length it must be filled with
padding that begins with 1 bit followed by all 0 bits. Padding
must *always* be present, so if the message length is already
congruent to 896 mod 1024, then 1024 padding bits must be added. */
var finalBlock = forge.util.createBuffer();
finalBlock.putBytes(_input.bytes());
// compute remaining size to be digested (include message length size)
var remaining = (
md.fullMessageLength[md.fullMessageLength.length - 1] +
md.messageLengthSize);
// add padding for overflow blockSize - overflow
// _padding starts with 1 byte with first bit is set (byte value 128), then
// there may be up to (blockSize - 1) other pad bytes
var overflow = remaining & (md.blockLength - 1);
finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));
// serialize message length in bits in big-endian order; since length
// is stored in bytes we multiply by 8 and add carry from next int
var messageLength = forge.util.createBuffer();
var next, carry;
var bits = md.fullMessageLength[0] * 8;
for(var i = 0; i < md.fullMessageLength.length; ++i) {
next = md.fullMessageLength[i + 1] * 8;
carry = (next / 0x100000000) >>> 0;
bits += carry;
finalBlock.putInt32(bits >>> 0);
bits = next;
}
var h = new Array(_h.length);
for(var i = 0; i < _h.length; ++i) {
h[i] = _h[i].slice(0);
}
_update(h, _w, finalBlock);
var rval = forge.util.createBuffer();
var hlen;
if(algorithm === 'SHA-512') {
hlen = h.length;
} else if(algorithm === 'SHA-384') {
hlen = h.length - 2;
} else {
hlen = h.length - 4;
}
for(var i = 0; i < hlen; ++i) {
rval.putInt32(h[i][0]);
if(i !== hlen - 1 || algorithm !== 'SHA-512/224') {
rval.putInt32(h[i][1]);
}
}
return rval;
};
return md;
};
// sha-512 padding bytes not initialized yet
var _padding = null;
var _initialized = false;
// table of constants
var _k = null;
// initial hash states
var _states = null;
/**
* Initializes the constant tables.
*/
function _init() {
// create padding
_padding = String.fromCharCode(128);
_padding += forge.util.fillString(String.fromCharCode(0x00), 128);
// create K table for SHA-512
_k = [
[0x428a2f98, 0xd728ae22], [0x71374491, 0x23ef65cd],
[0xb5c0fbcf, 0xec4d3b2f], [0xe9b5dba5, 0x8189dbbc],
[0x3956c25b, 0xf348b538], [0x59f111f1, 0xb605d019],
[0x923f82a4, 0xaf194f9b], [0xab1c5ed5, 0xda6d8118],
[0xd807aa98, 0xa3030242], [0x12835b01, 0x45706fbe],
[0x243185be, 0x4ee4b28c], [0x550c7dc3, 0xd5ffb4e2],
[0x72be5d74, 0xf27b896f], [0x80deb1fe, 0x3b1696b1],
[0x9bdc06a7, 0x25c71235], [0xc19bf174, 0xcf692694],
[0xe49b69c1, 0x9ef14ad2], [0xefbe4786, 0x384f25e3],
[0x0fc19dc6, 0x8b8cd5b5], [0x240ca1cc, 0x77ac9c65],
[0x2de92c6f, 0x592b0275], [0x4a7484aa, 0x6ea6e483],
[0x5cb0a9dc, 0xbd41fbd4], [0x76f988da, 0x831153b5],
[0x983e5152, 0xee66dfab], [0xa831c66d, 0x2db43210],
[0xb00327c8, 0x98fb213f], [0xbf597fc7, 0xbeef0ee4],
[0xc6e00bf3, 0x3da88fc2], [0xd5a79147, 0x930aa725],
[0x06ca6351, 0xe003826f], [0x14292967, 0x0a0e6e70],
[0x27b70a85, 0x46d22ffc], [0x2e1b2138, 0x5c26c926],
[0x4d2c6dfc, 0x5ac42aed], [0x53380d13, 0x9d95b3df],
[0x650a7354, 0x8baf63de], [0x766a0abb, 0x3c77b2a8],
[0x81c2c92e, 0x47edaee6], [0x92722c85, 0x1482353b],
[0xa2bfe8a1, 0x4cf10364], [0xa81a664b, 0xbc423001],
[0xc24b8b70, 0xd0f89791], [0xc76c51a3, 0x0654be30],
[0xd192e819, 0xd6ef5218], [0xd6990624, 0x5565a910],
[0xf40e3585, 0x5771202a], [0x106aa070, 0x32bbd1b8],
[0x19a4c116, 0xb8d2d0c8], [0x1e376c08, 0x5141ab53],
[0x2748774c, 0xdf8eeb99], [0x34b0bcb5, 0xe19b48a8],
[0x391c0cb3, 0xc5c95a63], [0x4ed8aa4a, 0xe3418acb],
[0x5b9cca4f, 0x7763e373], [0x682e6ff3, 0xd6b2b8a3],
[0x748f82ee, 0x5defb2fc], [0x78a5636f, 0x43172f60],
[0x84c87814, 0xa1f0ab72], [0x8cc70208, 0x1a6439ec],
[0x90befffa, 0x23631e28], [0xa4506ceb, 0xde82bde9],
[0xbef9a3f7, 0xb2c67915], [0xc67178f2, 0xe372532b],
[0xca273ece, 0xea26619c], [0xd186b8c7, 0x21c0c207],
[0xeada7dd6, 0xcde0eb1e], [0xf57d4f7f, 0xee6ed178],
[0x06f067aa, 0x72176fba], [0x0a637dc5, 0xa2c898a6],
[0x113f9804, 0xbef90dae], [0x1b710b35, 0x131c471b],
[0x28db77f5, 0x23047d84], [0x32caab7b, 0x40c72493],
[0x3c9ebe0a, 0x15c9bebc], [0x431d67c4, 0x9c100d4c],
[0x4cc5d4be, 0xcb3e42b6], [0x597f299c, 0xfc657e2a],
[0x5fcb6fab, 0x3ad6faec], [0x6c44198c, 0x4a475817]
];
// initial hash states
_states = {};
_states['SHA-512'] = [
[0x6a09e667, 0xf3bcc908],
[0xbb67ae85, 0x84caa73b],
[0x3c6ef372, 0xfe94f82b],
[0xa54ff53a, 0x5f1d36f1],
[0x510e527f, 0xade682d1],
[0x9b05688c, 0x2b3e6c1f],
[0x1f83d9ab, 0xfb41bd6b],
[0x5be0cd19, 0x137e2179]
];
_states['SHA-384'] = [
[0xcbbb9d5d, 0xc1059ed8],
[0x629a292a, 0x367cd507],
[0x9159015a, 0x3070dd17],
[0x152fecd8, 0xf70e5939],
[0x67332667, 0xffc00b31],
[0x8eb44a87, 0x68581511],
[0xdb0c2e0d, 0x64f98fa7],
[0x47b5481d, 0xbefa4fa4]
];
_states['SHA-512/256'] = [
[0x22312194, 0xFC2BF72C],
[0x9F555FA3, 0xC84C64C2],
[0x2393B86B, 0x6F53B151],
[0x96387719, 0x5940EABD],
[0x96283EE2, 0xA88EFFE3],
[0xBE5E1E25, 0x53863992],
[0x2B0199FC, 0x2C85B8AA],
[0x0EB72DDC, 0x81C52CA2]
];
_states['SHA-512/224'] = [
[0x8C3D37C8, 0x19544DA2],
[0x73E19966, 0x89DCD4D6],
[0x1DFAB7AE, 0x32FF9C82],
[0x679DD514, 0x582F9FCF],
[0x0F6D2B69, 0x7BD44DA8],
[0x77E36F73, 0x04C48942],
[0x3F9D85A8, 0x6A1D36C8],
[0x1112E6AD, 0x91D692A1]
];
// now initialized
_initialized = true;
}
/**
* Updates a SHA-512 state with the given byte buffer.
*
* @param s the SHA-512 state to update.
* @param w the array to use to store words.
* @param bytes the byte buffer to update with.
*/
function _update(s, w, bytes) {
// consume 512 bit (128 byte) chunks
var t1_hi, t1_lo;
var t2_hi, t2_lo;
var s0_hi, s0_lo;
var s1_hi, s1_lo;
var ch_hi, ch_lo;
var maj_hi, maj_lo;
var a_hi, a_lo;
var b_hi, b_lo;
var c_hi, c_lo;
var d_hi, d_lo;
var e_hi, e_lo;
var f_hi, f_lo;
var g_hi, g_lo;
var h_hi, h_lo;
var i, hi, lo, w2, w7, w15, w16;
var len = bytes.length();
while(len >= 128) {
// the w array will be populated with sixteen 64-bit big-endian words
// and then extended into 64 64-bit words according to SHA-512
for(i = 0; i < 16; ++i) {
w[i][0] = bytes.getInt32() >>> 0;
w[i][1] = bytes.getInt32() >>> 0;
}
for(; i < 80; ++i) {
// for word 2 words ago: ROTR 19(x) ^ ROTR 61(x) ^ SHR 6(x)
w2 = w[i - 2];
hi = w2[0];
lo = w2[1];
// high bits
t1_hi = (
((hi >>> 19) | (lo << 13)) ^ // ROTR 19
((lo >>> 29) | (hi << 3)) ^ // ROTR 61/(swap + ROTR 29)
(hi >>> 6)) >>> 0; // SHR 6
// low bits
t1_lo = (
((hi << 13) | (lo >>> 19)) ^ // ROTR 19
((lo << 3) | (hi >>> 29)) ^ // ROTR 61/(swap + ROTR 29)
((hi << 26) | (lo >>> 6))) >>> 0; // SHR 6
// for word 15 words ago: ROTR 1(x) ^ ROTR 8(x) ^ SHR 7(x)
w15 = w[i - 15];
hi = w15[0];
lo = w15[1];
// high bits
t2_hi = (
((hi >>> 1) | (lo << 31)) ^ // ROTR 1
((hi >>> 8) | (lo << 24)) ^ // ROTR 8
(hi >>> 7)) >>> 0; // SHR 7
// low bits
t2_lo = (
((hi << 31) | (lo >>> 1)) ^ // ROTR 1
((hi << 24) | (lo >>> 8)) ^ // ROTR 8
((hi << 25) | (lo >>> 7))) >>> 0; // SHR 7
// sum(t1, word 7 ago, t2, word 16 ago) modulo 2^64 (carry lo overflow)
w7 = w[i - 7];
w16 = w[i - 16];
lo = (t1_lo + w7[1] + t2_lo + w16[1]);
w[i][0] = (t1_hi + w7[0] + t2_hi + w16[0] +
((lo / 0x100000000) >>> 0)) >>> 0;
w[i][1] = lo >>> 0;
}
// initialize hash value for this chunk
a_hi = s[0][0];
a_lo = s[0][1];
b_hi = s[1][0];
b_lo = s[1][1];
c_hi = s[2][0];
c_lo = s[2][1];
d_hi = s[3][0];
d_lo = s[3][1];
e_hi = s[4][0];
e_lo = s[4][1];
f_hi = s[5][0];
f_lo = s[5][1];
g_hi = s[6][0];
g_lo = s[6][1];
h_hi = s[7][0];
h_lo = s[7][1];
// round function
for(i = 0; i < 80; ++i) {
// Sum1(e) = ROTR 14(e) ^ ROTR 18(e) ^ ROTR 41(e)
s1_hi = (
((e_hi >>> 14) | (e_lo << 18)) ^ // ROTR 14
((e_hi >>> 18) | (e_lo << 14)) ^ // ROTR 18
((e_lo >>> 9) | (e_hi << 23))) >>> 0; // ROTR 41/(swap + ROTR 9)
s1_lo = (
((e_hi << 18) | (e_lo >>> 14)) ^ // ROTR 14
((e_hi << 14) | (e_lo >>> 18)) ^ // ROTR 18
((e_lo << 23) | (e_hi >>> 9))) >>> 0; // ROTR 41/(swap + ROTR 9)
// Ch(e, f, g) (optimized the same way as SHA-1)
ch_hi = (g_hi ^ (e_hi & (f_hi ^ g_hi))) >>> 0;
ch_lo = (g_lo ^ (e_lo & (f_lo ^ g_lo))) >>> 0;
// Sum0(a) = ROTR 28(a) ^ ROTR 34(a) ^ ROTR 39(a)
s0_hi = (
((a_hi >>> 28) | (a_lo << 4)) ^ // ROTR 28
((a_lo >>> 2) | (a_hi << 30)) ^ // ROTR 34/(swap + ROTR 2)
((a_lo >>> 7) | (a_hi << 25))) >>> 0; // ROTR 39/(swap + ROTR 7)
s0_lo = (
((a_hi << 4) | (a_lo >>> 28)) ^ // ROTR 28
((a_lo << 30) | (a_hi >>> 2)) ^ // ROTR 34/(swap + ROTR 2)
((a_lo << 25) | (a_hi >>> 7))) >>> 0; // ROTR 39/(swap + ROTR 7)
// Maj(a, b, c) (optimized the same way as SHA-1)
maj_hi = ((a_hi & b_hi) | (c_hi & (a_hi ^ b_hi))) >>> 0;
maj_lo = ((a_lo & b_lo) | (c_lo & (a_lo ^ b_lo))) >>> 0;
// main algorithm
// t1 = (h + s1 + ch + _k[i] + _w[i]) modulo 2^64 (carry lo overflow)
lo = (h_lo + s1_lo + ch_lo + _k[i][1] + w[i][1]);
t1_hi = (h_hi + s1_hi + ch_hi + _k[i][0] + w[i][0] +
((lo / 0x100000000) >>> 0)) >>> 0;
t1_lo = lo >>> 0;
// t2 = s0 + maj modulo 2^64 (carry lo overflow)
lo = s0_lo + maj_lo;
t2_hi = (s0_hi + maj_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
t2_lo = lo >>> 0;
h_hi = g_hi;
h_lo = g_lo;
g_hi = f_hi;
g_lo = f_lo;
f_hi = e_hi;
f_lo = e_lo;
// e = (d + t1) modulo 2^64 (carry lo overflow)
lo = d_lo + t1_lo;
e_hi = (d_hi + t1_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
e_lo = lo >>> 0;
d_hi = c_hi;
d_lo = c_lo;
c_hi = b_hi;
c_lo = b_lo;
b_hi = a_hi;
b_lo = a_lo;
// a = (t1 + t2) modulo 2^64 (carry lo overflow)
lo = t1_lo + t2_lo;
a_hi = (t1_hi + t2_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
a_lo = lo >>> 0;
}
// update hash state (additional modulo 2^64)
lo = s[0][1] + a_lo;
s[0][0] = (s[0][0] + a_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[0][1] = lo >>> 0;
lo = s[1][1] + b_lo;
s[1][0] = (s[1][0] + b_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[1][1] = lo >>> 0;
lo = s[2][1] + c_lo;
s[2][0] = (s[2][0] + c_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[2][1] = lo >>> 0;
lo = s[3][1] + d_lo;
s[3][0] = (s[3][0] + d_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[3][1] = lo >>> 0;
lo = s[4][1] + e_lo;
s[4][0] = (s[4][0] + e_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[4][1] = lo >>> 0;
lo = s[5][1] + f_lo;
s[5][0] = (s[5][0] + f_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[5][1] = lo >>> 0;
lo = s[6][1] + g_lo;
s[6][0] = (s[6][0] + g_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[6][1] = lo >>> 0;
lo = s[7][1] + h_lo;
s[7][0] = (s[7][0] + h_hi + ((lo / 0x100000000) >>> 0)) >>> 0;
s[7][1] = lo >>> 0;
len -= 128;
}
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'sha512';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/sha512',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Node.js module for Forge message digests.
*
* @author Dave Longley
*
* Copyright 2011-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.md = forge.md || {};
forge.md.algorithms = {
md5: forge.md5,
sha1: forge.sha1,
sha256: forge.sha256
};
forge.md.md5 = forge.md5;
forge.md.sha1 = forge.sha1;
forge.md.sha256 = forge.sha256;
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'md';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define(
'js/md',['require', 'module', './md5', './sha1', './sha256', './sha512'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Hash-based Message Authentication Code implementation. Requires a message
* digest object that can be obtained, for example, from forge.md.sha1 or
* forge.md.md5.
*
* @author Dave Longley
*
* Copyright (c) 2010-2012 Digital Bazaar, Inc. All rights reserved.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* HMAC API */
var hmac = forge.hmac = forge.hmac || {};
/**
* Creates an HMAC object that uses the given message digest object.
*
* @return an HMAC object.
*/
hmac.create = function() {
// the hmac key to use
var _key = null;
// the message digest to use
var _md = null;
// the inner padding
var _ipadding = null;
// the outer padding
var _opadding = null;
// hmac context
var ctx = {};
/**
* Starts or restarts the HMAC with the given key and message digest.
*
* @param md the message digest to use, null to reuse the previous one,
* a string to use builtin 'sha1', 'md5', 'sha256'.
* @param key the key to use as a string, array of bytes, byte buffer,
* or null to reuse the previous key.
*/
ctx.start = function(md, key) {
if(md !== null) {
if(typeof md === 'string') {
// create builtin message digest
md = md.toLowerCase();
if(md in forge.md.algorithms) {
_md = forge.md.algorithms[md].create();
} else {
throw new Error('Unknown hash algorithm "' + md + '"');
}
} else {
// store message digest
_md = md;
}
}
if(key === null) {
// reuse previous key
key = _key;
} else {
if(typeof key === 'string') {
// convert string into byte buffer
key = forge.util.createBuffer(key);
} else if(forge.util.isArray(key)) {
// convert byte array into byte buffer
var tmp = key;
key = forge.util.createBuffer();
for(var i = 0; i < tmp.length; ++i) {
key.putByte(tmp[i]);
}
}
// if key is longer than blocksize, hash it
var keylen = key.length();
if(keylen > _md.blockLength) {
_md.start();
_md.update(key.bytes());
key = _md.digest();
}
// mix key into inner and outer padding
// ipadding = [0x36 * blocksize] ^ key
// opadding = [0x5C * blocksize] ^ key
_ipadding = forge.util.createBuffer();
_opadding = forge.util.createBuffer();
keylen = key.length();
for(var i = 0; i < keylen; ++i) {
var tmp = key.at(i);
_ipadding.putByte(0x36 ^ tmp);
_opadding.putByte(0x5C ^ tmp);
}
// if key is shorter than blocksize, add additional padding
if(keylen < _md.blockLength) {
var tmp = _md.blockLength - keylen;
for(var i = 0; i < tmp; ++i) {
_ipadding.putByte(0x36);
_opadding.putByte(0x5C);
}
}
_key = key;
_ipadding = _ipadding.bytes();
_opadding = _opadding.bytes();
}
// digest is done like so: hash(opadding | hash(ipadding | message))
// prepare to do inner hash
// hash(ipadding | message)
_md.start();
_md.update(_ipadding);
};
/**
* Updates the HMAC with the given message bytes.
*
* @param bytes the bytes to update with.
*/
ctx.update = function(bytes) {
_md.update(bytes);
};
/**
* Produces the Message Authentication Code (MAC).
*
* @return a byte buffer containing the digest value.
*/
ctx.getMac = function() {
// digest is done like so: hash(opadding | hash(ipadding | message))
// here we do the outer hashing
var inner = _md.digest().bytes();
_md.start();
_md.update(_opadding);
_md.update(inner);
return _md.digest();
};
// alias for getMac
ctx.digest = ctx.getMac;
return ctx;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'hmac';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/hmac',['require', 'module', './md', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of basic PEM (Privacy Enhanced Mail) algorithms.
*
* See: RFC 1421.
*
* @author Dave Longley
*
* Copyright (c) 2013-2014 Digital Bazaar, Inc.
*
* A Forge PEM object has the following fields:
*
* type: identifies the type of message (eg: "RSA PRIVATE KEY").
*
* procType: identifies the type of processing performed on the message,
* it has two subfields: version and type, eg: 4,ENCRYPTED.
*
* contentDomain: identifies the type of content in the message, typically
* only uses the value: "RFC822".
*
* dekInfo: identifies the message encryption algorithm and mode and includes
* any parameters for the algorithm, it has two subfields: algorithm and
* parameters, eg: DES-CBC,F8143EDE5960C597.
*
* headers: contains all other PEM encapsulated headers -- where order is
* significant (for pairing data like recipient ID + key info).
*
* body: the binary-encoded body.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for pem API
var pem = forge.pem = forge.pem || {};
/**
* Encodes (serializes) the given PEM object.
*
* @param msg the PEM message object to encode.
* @param options the options to use:
* maxline the maximum characters per line for the body, (default: 64).
*
* @return the PEM-formatted string.
*/
pem.encode = function(msg, options) {
options = options || {};
var rval = '-----BEGIN ' + msg.type + '-----\r\n';
// encode special headers
var header;
if(msg.procType) {
header = {
name: 'Proc-Type',
values: [String(msg.procType.version), msg.procType.type]
};
rval += foldHeader(header);
}
if(msg.contentDomain) {
header = {name: 'Content-Domain', values: [msg.contentDomain]};
rval += foldHeader(header);
}
if(msg.dekInfo) {
header = {name: 'DEK-Info', values: [msg.dekInfo.algorithm]};
if(msg.dekInfo.parameters) {
header.values.push(msg.dekInfo.parameters);
}
rval += foldHeader(header);
}
if(msg.headers) {
// encode all other headers
for(var i = 0; i < msg.headers.length; ++i) {
rval += foldHeader(msg.headers[i]);
}
}
// terminate header
if(msg.procType) {
rval += '\r\n';
}
// add body
rval += forge.util.encode64(msg.body, options.maxline || 64) + '\r\n';
rval += '-----END ' + msg.type + '-----\r\n';
return rval;
};
/**
* Decodes (deserializes) all PEM messages found in the given string.
*
* @param str the PEM-formatted string to decode.
*
* @return the PEM message objects in an array.
*/
pem.decode = function(str) {
var rval = [];
// split string into PEM messages (be lenient w/EOF on BEGIN line)
var rMessage = /\s*-----BEGIN ([A-Z0-9- ]+)-----\r?\n?([\x21-\x7e\s]+?(?:\r?\n\r?\n))?([:A-Za-z0-9+\/=\s]+?)-----END \1-----/g;
var rHeader = /([\x21-\x7e]+):\s*([\x21-\x7e\s^:]+)/;
var rCRLF = /\r?\n/;
var match;
while(true) {
match = rMessage.exec(str);
if(!match) {
break;
}
var msg = {
type: match[1],
procType: null,
contentDomain: null,
dekInfo: null,
headers: [],
body: forge.util.decode64(match[3])
};
rval.push(msg);
// no headers
if(!match[2]) {
continue;
}
// parse headers
var lines = match[2].split(rCRLF);
var li = 0;
while(match && li < lines.length) {
// get line, trim any rhs whitespace
var line = lines[li].replace(/\s+$/, '');
// RFC2822 unfold any following folded lines
for(var nl = li + 1; nl < lines.length; ++nl) {
var next = lines[nl];
if(!/\s/.test(next[0])) {
break;
}
line += next;
li = nl;
}
// parse header
match = line.match(rHeader);
if(match) {
var header = {name: match[1], values: []};
var values = match[2].split(',');
for(var vi = 0; vi < values.length; ++vi) {
header.values.push(ltrim(values[vi]));
}
// Proc-Type must be the first header
if(!msg.procType) {
if(header.name !== 'Proc-Type') {
throw new Error('Invalid PEM formatted message. The first ' +
'encapsulated header must be "Proc-Type".');
} else if(header.values.length !== 2) {
throw new Error('Invalid PEM formatted message. The "Proc-Type" ' +
'header must have two subfields.');
}
msg.procType = {version: values[0], type: values[1]};
} else if(!msg.contentDomain && header.name === 'Content-Domain') {
// special-case Content-Domain
msg.contentDomain = values[0] || '';
} else if(!msg.dekInfo && header.name === 'DEK-Info') {
// special-case DEK-Info
if(header.values.length === 0) {
throw new Error('Invalid PEM formatted message. The "DEK-Info" ' +
'header must have at least one subfield.');
}
msg.dekInfo = {algorithm: values[0], parameters: values[1] || null};
} else {
msg.headers.push(header);
}
}
++li;
}
if(msg.procType === 'ENCRYPTED' && !msg.dekInfo) {
throw new Error('Invalid PEM formatted message. The "DEK-Info" ' +
'header must be present if "Proc-Type" is "ENCRYPTED".');
}
}
if(rval.length === 0) {
throw new Error('Invalid PEM formatted message.');
}
return rval;
};
function foldHeader(header) {
var rval = header.name + ': ';
// ensure values with CRLF are folded
var values = [];
var insertSpace = function(match, $1) {
return ' ' + $1;
};
for(var i = 0; i < header.values.length; ++i) {
values.push(header.values[i].replace(/^(\S+\r\n)/, insertSpace));
}
rval += values.join(',') + '\r\n';
// do folding
var length = 0;
var candidate = -1;
for(var i = 0; i < rval.length; ++i, ++length) {
if(length > 65 && candidate !== -1) {
var insert = rval[candidate];
if(insert === ',') {
++candidate;
rval = rval.substr(0, candidate) + '\r\n ' + rval.substr(candidate);
} else {
rval = rval.substr(0, candidate) +
'\r\n' + insert + rval.substr(candidate + 1);
}
length = (i - candidate - 1);
candidate = -1;
++i;
} else if(rval[i] === ' ' || rval[i] === '\t' || rval[i] === ',') {
candidate = i;
}
}
return rval;
}
function ltrim(str) {
return str.replace(/^\s+/, '');
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pem';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pem',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* DES (Data Encryption Standard) implementation.
*
* This implementation supports DES as well as 3DES-EDE in ECB and CBC mode.
* It is based on the BSD-licensed implementation by Paul Tero:
*
* Paul Tero, July 2001
* http://www.tero.co.uk/des/
*
* Optimised for performance with large blocks by Michael Hayworth, November 2001
* http://www.netdealing.com
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @author Stefan Siegl
* @author Dave Longley
*
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
* Copyright (c) 2012-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* DES API */
forge.des = forge.des || {};
/**
* Deprecated. Instead, use:
*
* var cipher = forge.cipher.createCipher('DES-<mode>', key);
* cipher.start({iv: iv});
*
* Creates an DES cipher object to encrypt data using the given symmetric key.
* The output will be stored in the 'output' member of the returned cipher.
*
* The key and iv may be given as binary-encoded strings of bytes or
* byte buffers.
*
* @param key the symmetric key to use (64 or 192 bits).
* @param iv the initialization vector to use.
* @param output the buffer to write to, null to create one.
* @param mode the cipher mode to use (default: 'CBC' if IV is
* given, 'ECB' if null).
*
* @return the cipher.
*/
forge.des.startEncrypting = function(key, iv, output, mode) {
var cipher = _createCipher({
key: key,
output: output,
decrypt: false,
mode: mode || (iv === null ? 'ECB' : 'CBC')
});
cipher.start(iv);
return cipher;
};
/**
* Deprecated. Instead, use:
*
* var cipher = forge.cipher.createCipher('DES-<mode>', key);
*
* Creates an DES cipher object to encrypt data using the given symmetric key.
*
* The key may be given as a binary-encoded string of bytes or a byte buffer.
*
* @param key the symmetric key to use (64 or 192 bits).
* @param mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
forge.des.createEncryptionCipher = function(key, mode) {
return _createCipher({
key: key,
output: null,
decrypt: false,
mode: mode
});
};
/**
* Deprecated. Instead, use:
*
* var decipher = forge.cipher.createDecipher('DES-<mode>', key);
* decipher.start({iv: iv});
*
* Creates an DES cipher object to decrypt data using the given symmetric key.
* The output will be stored in the 'output' member of the returned cipher.
*
* The key and iv may be given as binary-encoded strings of bytes or
* byte buffers.
*
* @param key the symmetric key to use (64 or 192 bits).
* @param iv the initialization vector to use.
* @param output the buffer to write to, null to create one.
* @param mode the cipher mode to use (default: 'CBC' if IV is
* given, 'ECB' if null).
*
* @return the cipher.
*/
forge.des.startDecrypting = function(key, iv, output, mode) {
var cipher = _createCipher({
key: key,
output: output,
decrypt: true,
mode: mode || (iv === null ? 'ECB' : 'CBC')
});
cipher.start(iv);
return cipher;
};
/**
* Deprecated. Instead, use:
*
* var decipher = forge.cipher.createDecipher('DES-<mode>', key);
*
* Creates an DES cipher object to decrypt data using the given symmetric key.
*
* The key may be given as a binary-encoded string of bytes or a byte buffer.
*
* @param key the symmetric key to use (64 or 192 bits).
* @param mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
forge.des.createDecryptionCipher = function(key, mode) {
return _createCipher({
key: key,
output: null,
decrypt: true,
mode: mode
});
};
/**
* Creates a new DES cipher algorithm object.
*
* @param name the name of the algorithm.
* @param mode the mode factory function.
*
* @return the DES algorithm object.
*/
forge.des.Algorithm = function(name, mode) {
var self = this;
self.name = name;
self.mode = new mode({
blockSize: 8,
cipher: {
encrypt: function(inBlock, outBlock) {
return _updateBlock(self._keys, inBlock, outBlock, false);
},
decrypt: function(inBlock, outBlock) {
return _updateBlock(self._keys, inBlock, outBlock, true);
}
}
});
self._init = false;
};
/**
* Initializes this DES algorithm by expanding its key.
*
* @param options the options to use.
* key the key to use with this algorithm.
* decrypt true if the algorithm should be initialized for decryption,
* false for encryption.
*/
forge.des.Algorithm.prototype.initialize = function(options) {
if(this._init) {
return;
}
var key = forge.util.createBuffer(options.key);
if(this.name.indexOf('3DES') === 0) {
if(key.length() !== 24) {
throw new Error('Invalid Triple-DES key size: ' + key.length() * 8);
}
}
// do key expansion to 16 or 48 subkeys (single or triple DES)
this._keys = _createKeys(key);
this._init = true;
};
/** Register DES algorithms **/
registerAlgorithm('DES-ECB', forge.cipher.modes.ecb);
registerAlgorithm('DES-CBC', forge.cipher.modes.cbc);
registerAlgorithm('DES-CFB', forge.cipher.modes.cfb);
registerAlgorithm('DES-OFB', forge.cipher.modes.ofb);
registerAlgorithm('DES-CTR', forge.cipher.modes.ctr);
registerAlgorithm('3DES-ECB', forge.cipher.modes.ecb);
registerAlgorithm('3DES-CBC', forge.cipher.modes.cbc);
registerAlgorithm('3DES-CFB', forge.cipher.modes.cfb);
registerAlgorithm('3DES-OFB', forge.cipher.modes.ofb);
registerAlgorithm('3DES-CTR', forge.cipher.modes.ctr);
function registerAlgorithm(name, mode) {
var factory = function() {
return new forge.des.Algorithm(name, mode);
};
forge.cipher.registerAlgorithm(name, factory);
}
/** DES implementation **/
var spfunction1 = [0x1010400,0,0x10000,0x1010404,0x1010004,0x10404,0x4,0x10000,0x400,0x1010400,0x1010404,0x400,0x1000404,0x1010004,0x1000000,0x4,0x404,0x1000400,0x1000400,0x10400,0x10400,0x1010000,0x1010000,0x1000404,0x10004,0x1000004,0x1000004,0x10004,0,0x404,0x10404,0x1000000,0x10000,0x1010404,0x4,0x1010000,0x1010400,0x1000000,0x1000000,0x400,0x1010004,0x10000,0x10400,0x1000004,0x400,0x4,0x1000404,0x10404,0x1010404,0x10004,0x1010000,0x1000404,0x1000004,0x404,0x10404,0x1010400,0x404,0x1000400,0x1000400,0,0x10004,0x10400,0,0x1010004];
var spfunction2 = [-0x7fef7fe0,-0x7fff8000,0x8000,0x108020,0x100000,0x20,-0x7fefffe0,-0x7fff7fe0,-0x7fffffe0,-0x7fef7fe0,-0x7fef8000,-0x80000000,-0x7fff8000,0x100000,0x20,-0x7fefffe0,0x108000,0x100020,-0x7fff7fe0,0,-0x80000000,0x8000,0x108020,-0x7ff00000,0x100020,-0x7fffffe0,0,0x108000,0x8020,-0x7fef8000,-0x7ff00000,0x8020,0,0x108020,-0x7fefffe0,0x100000,-0x7fff7fe0,-0x7ff00000,-0x7fef8000,0x8000,-0x7ff00000,-0x7fff8000,0x20,-0x7fef7fe0,0x108020,0x20,0x8000,-0x80000000,0x8020,-0x7fef8000,0x100000,-0x7fffffe0,0x100020,-0x7fff7fe0,-0x7fffffe0,0x100020,0x108000,0,-0x7fff8000,0x8020,-0x80000000,-0x7fefffe0,-0x7fef7fe0,0x108000];
var spfunction3 = [0x208,0x8020200,0,0x8020008,0x8000200,0,0x20208,0x8000200,0x20008,0x8000008,0x8000008,0x20000,0x8020208,0x20008,0x8020000,0x208,0x8000000,0x8,0x8020200,0x200,0x20200,0x8020000,0x8020008,0x20208,0x8000208,0x20200,0x20000,0x8000208,0x8,0x8020208,0x200,0x8000000,0x8020200,0x8000000,0x20008,0x208,0x20000,0x8020200,0x8000200,0,0x200,0x20008,0x8020208,0x8000200,0x8000008,0x200,0,0x8020008,0x8000208,0x20000,0x8000000,0x8020208,0x8,0x20208,0x20200,0x8000008,0x8020000,0x8000208,0x208,0x8020000,0x20208,0x8,0x8020008,0x20200];
var spfunction4 = [0x802001,0x2081,0x2081,0x80,0x802080,0x800081,0x800001,0x2001,0,0x802000,0x802000,0x802081,0x81,0,0x800080,0x800001,0x1,0x2000,0x800000,0x802001,0x80,0x800000,0x2001,0x2080,0x800081,0x1,0x2080,0x800080,0x2000,0x802080,0x802081,0x81,0x800080,0x800001,0x802000,0x802081,0x81,0,0,0x802000,0x2080,0x800080,0x800081,0x1,0x802001,0x2081,0x2081,0x80,0x802081,0x81,0x1,0x2000,0x800001,0x2001,0x802080,0x800081,0x2001,0x2080,0x800000,0x802001,0x80,0x800000,0x2000,0x802080];
var spfunction5 = [0x100,0x2080100,0x2080000,0x42000100,0x80000,0x100,0x40000000,0x2080000,0x40080100,0x80000,0x2000100,0x40080100,0x42000100,0x42080000,0x80100,0x40000000,0x2000000,0x40080000,0x40080000,0,0x40000100,0x42080100,0x42080100,0x2000100,0x42080000,0x40000100,0,0x42000000,0x2080100,0x2000000,0x42000000,0x80100,0x80000,0x42000100,0x100,0x2000000,0x40000000,0x2080000,0x42000100,0x40080100,0x2000100,0x40000000,0x42080000,0x2080100,0x40080100,0x100,0x2000000,0x42080000,0x42080100,0x80100,0x42000000,0x42080100,0x2080000,0,0x40080000,0x42000000,0x80100,0x2000100,0x40000100,0x80000,0,0x40080000,0x2080100,0x40000100];
var spfunction6 = [0x20000010,0x20400000,0x4000,0x20404010,0x20400000,0x10,0x20404010,0x400000,0x20004000,0x404010,0x400000,0x20000010,0x400010,0x20004000,0x20000000,0x4010,0,0x400010,0x20004010,0x4000,0x404000,0x20004010,0x10,0x20400010,0x20400010,0,0x404010,0x20404000,0x4010,0x404000,0x20404000,0x20000000,0x20004000,0x10,0x20400010,0x404000,0x20404010,0x400000,0x4010,0x20000010,0x400000,0x20004000,0x20000000,0x4010,0x20000010,0x20404010,0x404000,0x20400000,0x404010,0x20404000,0,0x20400010,0x10,0x4000,0x20400000,0x404010,0x4000,0x400010,0x20004010,0,0x20404000,0x20000000,0x400010,0x20004010];
var spfunction7 = [0x200000,0x4200002,0x4000802,0,0x800,0x4000802,0x200802,0x4200800,0x4200802,0x200000,0,0x4000002,0x2,0x4000000,0x4200002,0x802,0x4000800,0x200802,0x200002,0x4000800,0x4000002,0x4200000,0x4200800,0x200002,0x4200000,0x800,0x802,0x4200802,0x200800,0x2,0x4000000,0x200800,0x4000000,0x200800,0x200000,0x4000802,0x4000802,0x4200002,0x4200002,0x2,0x200002,0x4000000,0x4000800,0x200000,0x4200800,0x802,0x200802,0x4200800,0x802,0x4000002,0x4200802,0x4200000,0x200800,0,0x2,0x4200802,0,0x200802,0x4200000,0x800,0x4000002,0x4000800,0x800,0x200002];
var spfunction8 = [0x10001040,0x1000,0x40000,0x10041040,0x10000000,0x10001040,0x40,0x10000000,0x40040,0x10040000,0x10041040,0x41000,0x10041000,0x41040,0x1000,0x40,0x10040000,0x10000040,0x10001000,0x1040,0x41000,0x40040,0x10040040,0x10041000,0x1040,0,0,0x10040040,0x10000040,0x10001000,0x41040,0x40000,0x41040,0x40000,0x10041000,0x1000,0x40,0x10040040,0x1000,0x41040,0x10001000,0x40,0x10000040,0x10040000,0x10040040,0x10000000,0x40000,0x10001040,0,0x10041040,0x40040,0x10000040,0x10040000,0x10001000,0x10001040,0,0x10041040,0x41000,0x41000,0x1040,0x1040,0x40040,0x10000000,0x10041000];
/**
* Create necessary sub keys.
*
* @param key the 64-bit or 192-bit key.
*
* @return the expanded keys.
*/
function _createKeys(key) {
var pc2bytes0 = [0,0x4,0x20000000,0x20000004,0x10000,0x10004,0x20010000,0x20010004,0x200,0x204,0x20000200,0x20000204,0x10200,0x10204,0x20010200,0x20010204],
pc2bytes1 = [0,0x1,0x100000,0x100001,0x4000000,0x4000001,0x4100000,0x4100001,0x100,0x101,0x100100,0x100101,0x4000100,0x4000101,0x4100100,0x4100101],
pc2bytes2 = [0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808,0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808],
pc2bytes3 = [0,0x200000,0x8000000,0x8200000,0x2000,0x202000,0x8002000,0x8202000,0x20000,0x220000,0x8020000,0x8220000,0x22000,0x222000,0x8022000,0x8222000],
pc2bytes4 = [0,0x40000,0x10,0x40010,0,0x40000,0x10,0x40010,0x1000,0x41000,0x1010,0x41010,0x1000,0x41000,0x1010,0x41010],
pc2bytes5 = [0,0x400,0x20,0x420,0,0x400,0x20,0x420,0x2000000,0x2000400,0x2000020,0x2000420,0x2000000,0x2000400,0x2000020,0x2000420],
pc2bytes6 = [0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002,0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002],
pc2bytes7 = [0,0x10000,0x800,0x10800,0x20000000,0x20010000,0x20000800,0x20010800,0x20000,0x30000,0x20800,0x30800,0x20020000,0x20030000,0x20020800,0x20030800],
pc2bytes8 = [0,0x40000,0,0x40000,0x2,0x40002,0x2,0x40002,0x2000000,0x2040000,0x2000000,0x2040000,0x2000002,0x2040002,0x2000002,0x2040002],
pc2bytes9 = [0,0x10000000,0x8,0x10000008,0,0x10000000,0x8,0x10000008,0x400,0x10000400,0x408,0x10000408,0x400,0x10000400,0x408,0x10000408],
pc2bytes10 = [0,0x20,0,0x20,0x100000,0x100020,0x100000,0x100020,0x2000,0x2020,0x2000,0x2020,0x102000,0x102020,0x102000,0x102020],
pc2bytes11 = [0,0x1000000,0x200,0x1000200,0x200000,0x1200000,0x200200,0x1200200,0x4000000,0x5000000,0x4000200,0x5000200,0x4200000,0x5200000,0x4200200,0x5200200],
pc2bytes12 = [0,0x1000,0x8000000,0x8001000,0x80000,0x81000,0x8080000,0x8081000,0x10,0x1010,0x8000010,0x8001010,0x80010,0x81010,0x8080010,0x8081010],
pc2bytes13 = [0,0x4,0x100,0x104,0,0x4,0x100,0x104,0x1,0x5,0x101,0x105,0x1,0x5,0x101,0x105];
// how many iterations (1 for des, 3 for triple des)
// changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys
var iterations = key.length() > 8 ? 3 : 1;
// stores the return keys
var keys = [];
// now define the left shifts which need to be done
var shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];
var n = 0, tmp;
for(var j = 0; j < iterations; j ++) {
var left = key.getInt32();
var right = key.getInt32();
tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
right ^= tmp;
left ^= (tmp << 4);
tmp = ((right >>> -16) ^ left) & 0x0000ffff;
left ^= tmp;
right ^= (tmp << -16);
tmp = ((left >>> 2) ^ right) & 0x33333333;
right ^= tmp;
left ^= (tmp << 2);
tmp = ((right >>> -16) ^ left) & 0x0000ffff;
left ^= tmp;
right ^= (tmp << -16);
tmp = ((left >>> 1) ^ right) & 0x55555555;
right ^= tmp;
left ^= (tmp << 1);
tmp = ((right >>> 8) ^ left) & 0x00ff00ff;
left ^= tmp;
right ^= (tmp << 8);
tmp = ((left >>> 1) ^ right) & 0x55555555;
right ^= tmp;
left ^= (tmp << 1);
// right needs to be shifted and OR'd with last four bits of left
tmp = (left << 8) | ((right >>> 20) & 0x000000f0);
// left needs to be put upside down
left = ((right << 24) | ((right << 8) & 0xff0000) |
((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0));
right = tmp;
// now go through and perform these shifts on the left and right keys
for(var i = 0; i < shifts.length; ++i) {
//shift the keys either one or two bits to the left
if(shifts[i]) {
left = (left << 2) | (left >>> 26);
right = (right << 2) | (right >>> 26);
} else {
left = (left << 1) | (left >>> 27);
right = (right << 1) | (right >>> 27);
}
left &= -0xf;
right &= -0xf;
// now apply PC-2, in such a way that E is easier when encrypting or
// decrypting this conversion will look like PC-2 except only the last 6
// bits of each byte are used rather than 48 consecutive bits and the
// order of lines will be according to how the S selection functions will
// be applied: S2, S4, S6, S8, S1, S3, S5, S7
var lefttmp = (
pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] |
pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(left >>> 16) & 0xf] |
pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] |
pc2bytes6[(left >>> 4) & 0xf]);
var righttmp = (
pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] |
pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] |
pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |
pc2bytes13[(right >>> 4) & 0xf]);
tmp = ((righttmp >>> 16) ^ lefttmp) & 0x0000ffff;
keys[n++] = lefttmp ^ tmp;
keys[n++] = righttmp ^ (tmp << 16);
}
}
return keys;
}
/**
* Updates a single block (1 byte) using DES. The update will either
* encrypt or decrypt the block.
*
* @param keys the expanded keys.
* @param input the input block (an array of 32-bit words).
* @param output the updated output block.
* @param decrypt true to decrypt the block, false to encrypt it.
*/
function _updateBlock(keys, input, output, decrypt) {
// set up loops for single or triple DES
var iterations = keys.length === 32 ? 3 : 9;
var looping;
if(iterations === 3) {
looping = decrypt ? [30, -2, -2] : [0, 32, 2];
} else {
looping = (decrypt ?
[94, 62, -2, 32, 64, 2, 30, -2, -2] :
[0, 32, 2, 62, 30, -2, 64, 96, 2]);
}
var tmp;
var left = input[0];
var right = input[1];
// first each 64 bit chunk of the message must be permuted according to IP
tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
right ^= tmp;
left ^= (tmp << 4);
tmp = ((left >>> 16) ^ right) & 0x0000ffff;
right ^= tmp;
left ^= (tmp << 16);
tmp = ((right >>> 2) ^ left) & 0x33333333;
left ^= tmp;
right ^= (tmp << 2);
tmp = ((right >>> 8) ^ left) & 0x00ff00ff;
left ^= tmp;
right ^= (tmp << 8);
tmp = ((left >>> 1) ^ right) & 0x55555555;
right ^= tmp;
left ^= (tmp << 1);
// rotate left 1 bit
left = ((left << 1) | (left >>> 31));
right = ((right << 1) | (right >>> 31));
for(var j = 0; j < iterations; j += 3) {
var endloop = looping[j + 1];
var loopinc = looping[j + 2];
// now go through and perform the encryption or decryption
for(var i = looping[j]; i != endloop; i += loopinc) {
var right1 = right ^ keys[i];
var right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];
// passing these bytes through the S selection functions
tmp = left;
left = right;
right = tmp ^ (
spfunction2[(right1 >>> 24) & 0x3f] |
spfunction4[(right1 >>> 16) & 0x3f] |
spfunction6[(right1 >>> 8) & 0x3f] |
spfunction8[right1 & 0x3f] |
spfunction1[(right2 >>> 24) & 0x3f] |
spfunction3[(right2 >>> 16) & 0x3f] |
spfunction5[(right2 >>> 8) & 0x3f] |
spfunction7[right2 & 0x3f]);
}
// unreverse left and right
tmp = left;
left = right;
right = tmp;
}
// rotate right 1 bit
left = ((left >>> 1) | (left << 31));
right = ((right >>> 1) | (right << 31));
// now perform IP-1, which is IP in the opposite direction
tmp = ((left >>> 1) ^ right) & 0x55555555;
right ^= tmp;
left ^= (tmp << 1);
tmp = ((right >>> 8) ^ left) & 0x00ff00ff;
left ^= tmp;
right ^= (tmp << 8);
tmp = ((right >>> 2) ^ left) & 0x33333333;
left ^= tmp;
right ^= (tmp << 2);
tmp = ((left >>> 16) ^ right) & 0x0000ffff;
right ^= tmp;
left ^= (tmp << 16);
tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;
right ^= tmp;
left ^= (tmp << 4);
output[0] = left;
output[1] = right;
}
/**
* Deprecated. Instead, use:
*
* forge.cipher.createCipher('DES-<mode>', key);
* forge.cipher.createDecipher('DES-<mode>', key);
*
* Creates a deprecated DES cipher object. This object's mode will default to
* CBC (cipher-block-chaining).
*
* The key may be given as a binary-encoded string of bytes or a byte buffer.
*
* @param options the options to use.
* key the symmetric key to use (64 or 192 bits).
* output the buffer to write to.
* decrypt true for decryption, false for encryption.
* mode the cipher mode to use (default: 'CBC').
*
* @return the cipher.
*/
function _createCipher(options) {
options = options || {};
var mode = (options.mode || 'CBC').toUpperCase();
var algorithm = 'DES-' + mode;
var cipher;
if(options.decrypt) {
cipher = forge.cipher.createDecipher(algorithm, options.key);
} else {
cipher = forge.cipher.createCipher(algorithm, options.key);
}
// backwards compatible start API
var start = cipher.start;
cipher.start = function(iv, options) {
// backwards compatibility: support second arg as output buffer
var output = null;
if(options instanceof forge.util.ByteBuffer) {
output = options;
options = {};
}
options = options || {};
options.output = output;
options.iv = iv;
start.call(cipher, options);
};
return cipher;
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'des';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define(
'js/des',['require', 'module', './cipher', './cipherModes', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Password-Based Key-Derivation Function #2 implementation.
*
* See RFC 2898 for details.
*
* @author Dave Longley
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var pkcs5 = forge.pkcs5 = forge.pkcs5 || {};
var _nodejs = (
typeof process !== 'undefined' && process.versions && process.versions.node);
var crypto;
if(_nodejs && !forge.disableNativeCode) {
crypto = require('crypto');
}
/**
* Derives a key from a password.
*
* @param p the password as a binary-encoded string of bytes.
* @param s the salt as a binary-encoded string of bytes.
* @param c the iteration count, a positive integer.
* @param dkLen the intended length, in bytes, of the derived key,
* (max: 2^32 - 1) * hash length of the PRF.
* @param [md] the message digest (or algorithm identifier as a string) to use
* in the PRF, defaults to SHA-1.
* @param [callback(err, key)] presence triggers asynchronous version, called
* once the operation completes.
*
* @return the derived key, as a binary-encoded string of bytes, for the
* synchronous version (if no callback is specified).
*/
forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md, callback) {
if(typeof md === 'function') {
callback = md;
md = null;
}
// use native implementation if possible and not disabled, note that
// some node versions only support SHA-1, others allow digest to be changed
if(_nodejs && !forge.disableNativeCode && crypto.pbkdf2 &&
(md === null || typeof md !== 'object') &&
(crypto.pbkdf2Sync.length > 4 || (!md || md === 'sha1'))) {
if(typeof md !== 'string') {
// default prf to SHA-1
md = 'sha1';
}
s = new Buffer(s, 'binary');
if(!callback) {
if(crypto.pbkdf2Sync.length === 4) {
return crypto.pbkdf2Sync(p, s, c, dkLen).toString('binary');
}
return crypto.pbkdf2Sync(p, s, c, dkLen, md).toString('binary');
}
if(crypto.pbkdf2Sync.length === 4) {
return crypto.pbkdf2(p, s, c, dkLen, function(err, key) {
if(err) {
return callback(err);
}
callback(null, key.toString('binary'));
});
}
return crypto.pbkdf2(p, s, c, dkLen, md, function(err, key) {
if(err) {
return callback(err);
}
callback(null, key.toString('binary'));
});
}
if(typeof md === 'undefined' || md === null) {
// default prf to SHA-1
md = forge.md.sha1.create();
}
if(typeof md === 'string') {
if(!(md in forge.md.algorithms)) {
throw new Error('Unknown hash algorithm: ' + md);
}
md = forge.md[md].create();
}
var hLen = md.digestLength;
/* 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
stop. */
if(dkLen > (0xFFFFFFFF * hLen)) {
var err = new Error('Derived key is too long.');
if(callback) {
return callback(err);
}
throw err;
}
/* 2. Let len be the number of hLen-octet blocks in the derived key,
rounding up, and let r be the number of octets in the last
block:
len = CEIL(dkLen / hLen),
r = dkLen - (len - 1) * hLen. */
var len = Math.ceil(dkLen / hLen);
var r = dkLen - (len - 1) * hLen;
/* 3. For each block of the derived key apply the function F defined
below to the password P, the salt S, the iteration count c, and
the block index to compute the block:
T_1 = F(P, S, c, 1),
T_2 = F(P, S, c, 2),
...
T_len = F(P, S, c, len),
where the function F is defined as the exclusive-or sum of the
first c iterates of the underlying pseudorandom function PRF
applied to the password P and the concatenation of the salt S
and the block index i:
F(P, S, c, i) = u_1 XOR u_2 XOR ... XOR u_c
where
u_1 = PRF(P, S || INT(i)),
u_2 = PRF(P, u_1),
...
u_c = PRF(P, u_{c-1}).
Here, INT(i) is a four-octet encoding of the integer i, most
significant octet first. */
var prf = forge.hmac.create();
prf.start(md, p);
var dk = '';
var xor, u_c, u_c1;
// sync version
if(!callback) {
for(var i = 1; i <= len; ++i) {
// PRF(P, S || INT(i)) (first iteration)
prf.start(null, null);
prf.update(s);
prf.update(forge.util.int32ToBytes(i));
xor = u_c1 = prf.digest().getBytes();
// PRF(P, u_{c-1}) (other iterations)
for(var j = 2; j <= c; ++j) {
prf.start(null, null);
prf.update(u_c1);
u_c = prf.digest().getBytes();
// F(p, s, c, i)
xor = forge.util.xorBytes(xor, u_c, hLen);
u_c1 = u_c;
}
/* 4. Concatenate the blocks and extract the first dkLen octets to
produce a derived key DK:
DK = T_1 || T_2 || ... || T_len<0..r-1> */
dk += (i < len) ? xor : xor.substr(0, r);
}
/* 5. Output the derived key DK. */
return dk;
}
// async version
var i = 1, j;
function outer() {
if(i > len) {
// done
return callback(null, dk);
}
// PRF(P, S || INT(i)) (first iteration)
prf.start(null, null);
prf.update(s);
prf.update(forge.util.int32ToBytes(i));
xor = u_c1 = prf.digest().getBytes();
// PRF(P, u_{c-1}) (other iterations)
j = 2;
inner();
}
function inner() {
if(j <= c) {
prf.start(null, null);
prf.update(u_c1);
u_c = prf.digest().getBytes();
// F(p, s, c, i)
xor = forge.util.xorBytes(xor, u_c, hLen);
u_c1 = u_c;
++j;
return forge.util.setImmediate(inner);
}
/* 4. Concatenate the blocks and extract the first dkLen octets to
produce a derived key DK:
DK = T_1 || T_2 || ... || T_len<0..r-1> */
dk += (i < len) ? xor : xor.substr(0, r);
++i;
outer();
}
outer();
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pbkdf2';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pbkdf2',['require', 'module', './hmac', './md', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* A javascript implementation of a cryptographically-secure
* Pseudo Random Number Generator (PRNG). The Fortuna algorithm is followed
* here though the use of SHA-256 is not enforced; when generating an
* a PRNG context, the hashing algorithm and block cipher used for
* the generator are specified via a plugin.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var _nodejs = (
typeof process !== 'undefined' && process.versions && process.versions.node);
var _crypto = null;
if(!forge.disableNativeCode && _nodejs && !process.versions['node-webkit']) {
_crypto = require('crypto');
}
/* PRNG API */
var prng = forge.prng = forge.prng || {};
/**
* Creates a new PRNG context.
*
* A PRNG plugin must be passed in that will provide:
*
* 1. A function that initializes the key and seed of a PRNG context. It
* will be given a 16 byte key and a 16 byte seed. Any key expansion
* or transformation of the seed from a byte string into an array of
* integers (or similar) should be performed.
* 2. The cryptographic function used by the generator. It takes a key and
* a seed.
* 3. A seed increment function. It takes the seed and returns seed + 1.
* 4. An api to create a message digest.
*
* For an example, see random.js.
*
* @param plugin the PRNG plugin to use.
*/
prng.create = function(plugin) {
var ctx = {
plugin: plugin,
key: null,
seed: null,
time: null,
// number of reseeds so far
reseeds: 0,
// amount of data generated so far
generated: 0
};
// create 32 entropy pools (each is a message digest)
var md = plugin.md;
var pools = new Array(32);
for(var i = 0; i < 32; ++i) {
pools[i] = md.create();
}
ctx.pools = pools;
// entropy pools are written to cyclically, starting at index 0
ctx.pool = 0;
/**
* Generates random bytes. The bytes may be generated synchronously or
* asynchronously. Web workers must use the asynchronous interface or
* else the behavior is undefined.
*
* @param count the number of random bytes to generate.
* @param [callback(err, bytes)] called once the operation completes.
*
* @return count random bytes as a string.
*/
ctx.generate = function(count, callback) {
// do synchronously
if(!callback) {
return ctx.generateSync(count);
}
// simple generator using counter-based CBC
var cipher = ctx.plugin.cipher;
var increment = ctx.plugin.increment;
var formatKey = ctx.plugin.formatKey;
var formatSeed = ctx.plugin.formatSeed;
var b = forge.util.createBuffer();
// reset key for every request
ctx.key = null;
generate();
function generate(err) {
if(err) {
return callback(err);
}
// sufficient bytes generated
if(b.length() >= count) {
return callback(null, b.getBytes(count));
}
// if amount of data generated is greater than 1 MiB, trigger reseed
if(ctx.generated > 0xfffff) {
ctx.key = null;
}
if(ctx.key === null) {
// prevent stack overflow
return forge.util.nextTick(function() {
_reseed(generate);
});
}
// generate the random bytes
var bytes = cipher(ctx.key, ctx.seed);
ctx.generated += bytes.length;
b.putBytes(bytes);
// generate bytes for a new key and seed
ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));
ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));
forge.util.setImmediate(generate);
}
};
/**
* Generates random bytes synchronously.
*
* @param count the number of random bytes to generate.
*
* @return count random bytes as a string.
*/
ctx.generateSync = function(count) {
// simple generator using counter-based CBC
var cipher = ctx.plugin.cipher;
var increment = ctx.plugin.increment;
var formatKey = ctx.plugin.formatKey;
var formatSeed = ctx.plugin.formatSeed;
// reset key for every request
ctx.key = null;
var b = forge.util.createBuffer();
while(b.length() < count) {
// if amount of data generated is greater than 1 MiB, trigger reseed
if(ctx.generated > 0xfffff) {
ctx.key = null;
}
if(ctx.key === null) {
_reseedSync();
}
// generate the random bytes
var bytes = cipher(ctx.key, ctx.seed);
ctx.generated += bytes.length;
b.putBytes(bytes);
// generate bytes for a new key and seed
ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));
ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));
}
return b.getBytes(count);
};
/**
* Private function that asynchronously reseeds a generator.
*
* @param callback(err) called once the operation completes.
*/
function _reseed(callback) {
if(ctx.pools[0].messageLength >= 32) {
_seed();
return callback();
}
// not enough seed data...
var needed = (32 - ctx.pools[0].messageLength) << 5;
ctx.seedFile(needed, function(err, bytes) {
if(err) {
return callback(err);
}
ctx.collect(bytes);
_seed();
callback();
});
}
/**
* Private function that synchronously reseeds a generator.
*/
function _reseedSync() {
if(ctx.pools[0].messageLength >= 32) {
return _seed();
}
// not enough seed data...
var needed = (32 - ctx.pools[0].messageLength) << 5;
ctx.collect(ctx.seedFileSync(needed));
_seed();
}
/**
* Private function that seeds a generator once enough bytes are available.
*/
function _seed() {
// create a plugin-based message digest
var md = ctx.plugin.md.create();
// digest pool 0's entropy and restart it
md.update(ctx.pools[0].digest().getBytes());
ctx.pools[0].start();
// digest the entropy of other pools whose index k meet the
// condition '2^k mod n == 0' where n is the number of reseeds
var k = 1;
for(var i = 1; i < 32; ++i) {
// prevent signed numbers from being used
k = (k === 31) ? 0x80000000 : (k << 2);
if(k % ctx.reseeds === 0) {
md.update(ctx.pools[i].digest().getBytes());
ctx.pools[i].start();
}
}
// get digest for key bytes and iterate again for seed bytes
var keyBytes = md.digest().getBytes();
md.start();
md.update(keyBytes);
var seedBytes = md.digest().getBytes();
// update
ctx.key = ctx.plugin.formatKey(keyBytes);
ctx.seed = ctx.plugin.formatSeed(seedBytes);
ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1;
ctx.generated = 0;
}
/**
* The built-in default seedFile. This seedFile is used when entropy
* is needed immediately.
*
* @param needed the number of bytes that are needed.
*
* @return the random bytes.
*/
function defaultSeedFile(needed) {
// use window.crypto.getRandomValues strong source of entropy if available
var getRandomValues = null;
if(typeof window !== 'undefined') {
var _crypto = window.crypto || window.msCrypto;
if(_crypto && _crypto.getRandomValues) {
getRandomValues = function(arr) {
return _crypto.getRandomValues(arr);
};
}
}
var b = forge.util.createBuffer();
if(getRandomValues) {
while(b.length() < needed) {
// max byte length is 65536 before QuotaExceededError is thrown
// http://www.w3.org/TR/WebCryptoAPI/#RandomSource-method-getRandomValues
var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4);
var entropy = new Uint32Array(Math.floor(count));
try {
getRandomValues(entropy);
for(var i = 0; i < entropy.length; ++i) {
b.putInt32(entropy[i]);
}
} catch(e) {
/* only ignore QuotaExceededError */
if(!(typeof QuotaExceededError !== 'undefined' &&
e instanceof QuotaExceededError)) {
throw e;
}
}
}
}
// be sad and add some weak random data
if(b.length() < needed) {
/* Draws from Park-Miller "minimal standard" 31 bit PRNG,
implemented with David G. Carta's optimization: with 32 bit math
and without division (Public Domain). */
var hi, lo, next;
var seed = Math.floor(Math.random() * 0x010000);
while(b.length() < needed) {
lo = 16807 * (seed & 0xFFFF);
hi = 16807 * (seed >> 16);
lo += (hi & 0x7FFF) << 16;
lo += hi >> 15;
lo = (lo & 0x7FFFFFFF) + (lo >> 31);
seed = lo & 0xFFFFFFFF;
// consume lower 3 bytes of seed
for(var i = 0; i < 3; ++i) {
// throw in more pseudo random
next = seed >>> (i << 3);
next ^= Math.floor(Math.random() * 0x0100);
b.putByte(String.fromCharCode(next & 0xFF));
}
}
}
return b.getBytes(needed);
}
// initialize seed file APIs
if(_crypto) {
// use nodejs async API
ctx.seedFile = function(needed, callback) {
_crypto.randomBytes(needed, function(err, bytes) {
if(err) {
return callback(err);
}
callback(null, bytes.toString());
});
};
// use nodejs sync API
ctx.seedFileSync = function(needed) {
return _crypto.randomBytes(needed).toString();
};
} else {
ctx.seedFile = function(needed, callback) {
try {
callback(null, defaultSeedFile(needed));
} catch(e) {
callback(e);
}
};
ctx.seedFileSync = defaultSeedFile;
}
/**
* Adds entropy to a prng ctx's accumulator.
*
* @param bytes the bytes of entropy as a string.
*/
ctx.collect = function(bytes) {
// iterate over pools distributing entropy cyclically
var count = bytes.length;
for(var i = 0; i < count; ++i) {
ctx.pools[ctx.pool].update(bytes.substr(i, 1));
ctx.pool = (ctx.pool === 31) ? 0 : ctx.pool + 1;
}
};
/**
* Collects an integer of n bits.
*
* @param i the integer entropy.
* @param n the number of bits in the integer.
*/
ctx.collectInt = function(i, n) {
var bytes = '';
for(var x = 0; x < n; x += 8) {
bytes += String.fromCharCode((i >> x) & 0xFF);
}
ctx.collect(bytes);
};
/**
* Registers a Web Worker to receive immediate entropy from the main thread.
* This method is required until Web Workers can access the native crypto
* API. This method should be called twice for each created worker, once in
* the main thread, and once in the worker itself.
*
* @param worker the worker to register.
*/
ctx.registerWorker = function(worker) {
// worker receives random bytes
if(worker === self) {
ctx.seedFile = function(needed, callback) {
function listener(e) {
var data = e.data;
if(data.forge && data.forge.prng) {
self.removeEventListener('message', listener);
callback(data.forge.prng.err, data.forge.prng.bytes);
}
}
self.addEventListener('message', listener);
self.postMessage({forge: {prng: {needed: needed}}});
};
} else {
// main thread sends random bytes upon request
var listener = function(e) {
var data = e.data;
if(data.forge && data.forge.prng) {
ctx.seedFile(data.forge.prng.needed, function(err, bytes) {
worker.postMessage({forge: {prng: {err: err, bytes: bytes}}});
});
}
};
// TODO: do we need to remove the event listener when the worker dies?
worker.addEventListener('message', listener);
}
};
return ctx;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'prng';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/prng',['require', 'module', './md', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* An API for getting cryptographically-secure random bytes. The bytes are
* generated using the Fortuna algorithm devised by Bruce Schneier and
* Niels Ferguson.
*
* Getting strong random bytes is not yet easy to do in javascript. The only
* truish random entropy that can be collected is from the mouse, keyboard, or
* from timing with respect to page loads, etc. This generator makes a poor
* attempt at providing random bytes when those sources haven't yet provided
* enough entropy to initially seed or to reseed the PRNG.
*
* @author Dave Longley
*
* Copyright (c) 2009-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// forge.random already defined
if(forge.random && forge.random.getBytes) {
return;
}
(function(jQuery) {
// the default prng plugin, uses AES-128
var prng_aes = {};
var _prng_aes_output = new Array(4);
var _prng_aes_buffer = forge.util.createBuffer();
prng_aes.formatKey = function(key) {
// convert the key into 32-bit integers
var tmp = forge.util.createBuffer(key);
key = new Array(4);
key[0] = tmp.getInt32();
key[1] = tmp.getInt32();
key[2] = tmp.getInt32();
key[3] = tmp.getInt32();
// return the expanded key
return forge.aes._expandKey(key, false);
};
prng_aes.formatSeed = function(seed) {
// convert seed into 32-bit integers
var tmp = forge.util.createBuffer(seed);
seed = new Array(4);
seed[0] = tmp.getInt32();
seed[1] = tmp.getInt32();
seed[2] = tmp.getInt32();
seed[3] = tmp.getInt32();
return seed;
};
prng_aes.cipher = function(key, seed) {
forge.aes._updateBlock(key, seed, _prng_aes_output, false);
_prng_aes_buffer.putInt32(_prng_aes_output[0]);
_prng_aes_buffer.putInt32(_prng_aes_output[1]);
_prng_aes_buffer.putInt32(_prng_aes_output[2]);
_prng_aes_buffer.putInt32(_prng_aes_output[3]);
return _prng_aes_buffer.getBytes();
};
prng_aes.increment = function(seed) {
// FIXME: do we care about carry or signed issues?
++seed[3];
return seed;
};
prng_aes.md = forge.md.sha256;
/**
* Creates a new PRNG.
*/
function spawnPrng() {
var ctx = forge.prng.create(prng_aes);
/**
* Gets random bytes. If a native secure crypto API is unavailable, this
* method tries to make the bytes more unpredictable by drawing from data that
* can be collected from the user of the browser, eg: mouse movement.
*
* If a callback is given, this method will be called asynchronously.
*
* @param count the number of random bytes to get.
* @param [callback(err, bytes)] called once the operation completes.
*
* @return the random bytes in a string.
*/
ctx.getBytes = function(count, callback) {
return ctx.generate(count, callback);
};
/**
* Gets random bytes asynchronously. If a native secure crypto API is
* unavailable, this method tries to make the bytes more unpredictable by
* drawing from data that can be collected from the user of the browser,
* eg: mouse movement.
*
* @param count the number of random bytes to get.
*
* @return the random bytes in a string.
*/
ctx.getBytesSync = function(count) {
return ctx.generate(count);
};
return ctx;
}
// create default prng context
var _ctx = spawnPrng();
// add other sources of entropy only if window.crypto.getRandomValues is not
// available -- otherwise this source will be automatically used by the prng
var _nodejs = (
typeof process !== 'undefined' && process.versions && process.versions.node);
var getRandomValues = null;
if(typeof window !== 'undefined') {
var _crypto = window.crypto || window.msCrypto;
if(_crypto && _crypto.getRandomValues) {
getRandomValues = function(arr) {
return _crypto.getRandomValues(arr);
};
}
}
if(forge.disableNativeCode || (!_nodejs && !getRandomValues)) {
// if this is a web worker, do not use weak entropy, instead register to
// receive strong entropy asynchronously from the main thread
if(typeof window === 'undefined' || window.document === undefined) {
// FIXME:
}
// get load time entropy
_ctx.collectInt(+new Date(), 32);
// add some entropy from navigator object
if(typeof(navigator) !== 'undefined') {
var _navBytes = '';
for(var key in navigator) {
try {
if(typeof(navigator[key]) == 'string') {
_navBytes += navigator[key];
}
} catch(e) {
/* Some navigator keys might not be accessible, e.g. the geolocation
attribute throws an exception if touched in Mozilla chrome://
context.
Silently ignore this and just don't use this as a source of
entropy. */
}
}
_ctx.collect(_navBytes);
_navBytes = null;
}
// add mouse and keyboard collectors if jquery is available
if(jQuery) {
// set up mouse entropy capture
jQuery().mousemove(function(e) {
// add mouse coords
_ctx.collectInt(e.clientX, 16);
_ctx.collectInt(e.clientY, 16);
});
// set up keyboard entropy capture
jQuery().keypress(function(e) {
_ctx.collectInt(e.charCode, 8);
});
}
}
/* Random API */
if(!forge.random) {
forge.random = _ctx;
} else {
// extend forge.random with _ctx
for(var key in _ctx) {
forge.random[key] = _ctx[key];
}
}
// expose spawn PRNG
forge.random.createInstance = spawnPrng;
})(typeof(jQuery) !== 'undefined' ? jQuery : null);
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'random';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/random',['require', 'module', './aes', './md', './prng', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* RC2 implementation.
*
* @author Stefan Siegl
*
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
*
* Information on the RC2 cipher is available from RFC #2268,
* http://www.ietf.org/rfc/rfc2268.txt
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var piTable = [
0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,
0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,
0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,
0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,
0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,
0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,
0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,
0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,
0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad
];
var s = [1, 2, 3, 5];
/**
* Rotate a word left by given number of bits.
*
* Bits that are shifted out on the left are put back in on the right
* hand side.
*
* @param word The word to shift left.
* @param bits The number of bits to shift by.
* @return The rotated word.
*/
var rol = function(word, bits) {
return ((word << bits) & 0xffff) | ((word & 0xffff) >> (16 - bits));
};
/**
* Rotate a word right by given number of bits.
*
* Bits that are shifted out on the right are put back in on the left
* hand side.
*
* @param word The word to shift right.
* @param bits The number of bits to shift by.
* @return The rotated word.
*/
var ror = function(word, bits) {
return ((word & 0xffff) >> bits) | ((word << (16 - bits)) & 0xffff);
};
/* RC2 API */
forge.rc2 = forge.rc2 || {};
/**
* Perform RC2 key expansion as per RFC #2268, section 2.
*
* @param key variable-length user key (between 1 and 128 bytes)
* @param effKeyBits number of effective key bits (default: 128)
* @return the expanded RC2 key (ByteBuffer of 128 bytes)
*/
forge.rc2.expandKey = function(key, effKeyBits) {
if(typeof key === 'string') {
key = forge.util.createBuffer(key);
}
effKeyBits = effKeyBits || 128;
/* introduce variables that match the names used in RFC #2268 */
var L = key;
var T = key.length();
var T1 = effKeyBits;
var T8 = Math.ceil(T1 / 8);
var TM = 0xff >> (T1 & 0x07);
var i;
for(i = T; i < 128; i ++) {
L.putByte(piTable[(L.at(i - 1) + L.at(i - T)) & 0xff]);
}
L.setAt(128 - T8, piTable[L.at(128 - T8) & TM]);
for(i = 127 - T8; i >= 0; i --) {
L.setAt(i, piTable[L.at(i + 1) ^ L.at(i + T8)]);
}
return L;
};
/**
* Creates a RC2 cipher object.
*
* @param key the symmetric key to use (as base for key generation).
* @param bits the number of effective key bits.
* @param encrypt false for decryption, true for encryption.
*
* @return the cipher.
*/
var createCipher = function(key, bits, encrypt) {
var _finish = false, _input = null, _output = null, _iv = null;
var mixRound, mashRound;
var i, j, K = [];
/* Expand key and fill into K[] Array */
key = forge.rc2.expandKey(key, bits);
for(i = 0; i < 64; i ++) {
K.push(key.getInt16Le());
}
if(encrypt) {
/**
* Perform one mixing round "in place".
*
* @param R Array of four words to perform mixing on.
*/
mixRound = function(R) {
for(i = 0; i < 4; i++) {
R[i] += K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) +
((~R[(i + 3) % 4]) & R[(i + 1) % 4]);
R[i] = rol(R[i], s[i]);
j ++;
}
};
/**
* Perform one mashing round "in place".
*
* @param R Array of four words to perform mashing on.
*/
mashRound = function(R) {
for(i = 0; i < 4; i ++) {
R[i] += K[R[(i + 3) % 4] & 63];
}
};
} else {
/**
* Perform one r-mixing round "in place".
*
* @param R Array of four words to perform mixing on.
*/
mixRound = function(R) {
for(i = 3; i >= 0; i--) {
R[i] = ror(R[i], s[i]);
R[i] -= K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) +
((~R[(i + 3) % 4]) & R[(i + 1) % 4]);
j --;
}
};
/**
* Perform one r-mashing round "in place".
*
* @param R Array of four words to perform mashing on.
*/
mashRound = function(R) {
for(i = 3; i >= 0; i--) {
R[i] -= K[R[(i + 3) % 4] & 63];
}
};
}
/**
* Run the specified cipher execution plan.
*
* This function takes four words from the input buffer, applies the IV on
* it (if requested) and runs the provided execution plan.
*
* The plan must be put together in form of a array of arrays. Where the
* outer one is simply a list of steps to perform and the inner one needs
* to have two elements: the first one telling how many rounds to perform,
* the second one telling what to do (i.e. the function to call).
*
* @param {Array} plan The plan to execute.
*/
var runPlan = function(plan) {
var R = [];
/* Get data from input buffer and fill the four words into R */
for(i = 0; i < 4; i ++) {
var val = _input.getInt16Le();
if(_iv !== null) {
if(encrypt) {
/* We're encrypting, apply the IV first. */
val ^= _iv.getInt16Le();
} else {
/* We're decryption, keep cipher text for next block. */
_iv.putInt16Le(val);
}
}
R.push(val & 0xffff);
}
/* Reset global "j" variable as per spec. */
j = encrypt ? 0 : 63;
/* Run execution plan. */
for(var ptr = 0; ptr < plan.length; ptr ++) {
for(var ctr = 0; ctr < plan[ptr][0]; ctr ++) {
plan[ptr][1](R);
}
}
/* Write back result to output buffer. */
for(i = 0; i < 4; i ++) {
if(_iv !== null) {
if(encrypt) {
/* We're encrypting in CBC-mode, feed back encrypted bytes into
IV buffer to carry it forward to next block. */
_iv.putInt16Le(R[i]);
} else {
R[i] ^= _iv.getInt16Le();
}
}
_output.putInt16Le(R[i]);
}
};
/* Create cipher object */
var cipher = null;
cipher = {
/**
* Starts or restarts the encryption or decryption process, whichever
* was previously configured.
*
* To use the cipher in CBC mode, iv may be given either as a string
* of bytes, or as a byte buffer. For ECB mode, give null as iv.
*
* @param iv the initialization vector to use, null for ECB mode.
* @param output the output the buffer to write to, null to create one.
*/
start: function(iv, output) {
if(iv) {
/* CBC mode */
if(typeof iv === 'string') {
iv = forge.util.createBuffer(iv);
}
}
_finish = false;
_input = forge.util.createBuffer();
_output = output || new forge.util.createBuffer();
_iv = iv;
cipher.output = _output;
},
/**
* Updates the next block.
*
* @param input the buffer to read from.
*/
update: function(input) {
if(!_finish) {
// not finishing, so fill the input buffer with more input
_input.putBuffer(input);
}
while(_input.length() >= 8) {
runPlan([
[ 5, mixRound ],
[ 1, mashRound ],
[ 6, mixRound ],
[ 1, mashRound ],
[ 5, mixRound ]
]);
}
},
/**
* Finishes encrypting or decrypting.
*
* @param pad a padding function to use, null for PKCS#7 padding,
* signature(blockSize, buffer, decrypt).
*
* @return true if successful, false on error.
*/
finish: function(pad) {
var rval = true;
if(encrypt) {
if(pad) {
rval = pad(8, _input, !encrypt);
} else {
// add PKCS#7 padding to block (each pad byte is the
// value of the number of pad bytes)
var padding = (_input.length() === 8) ? 8 : (8 - _input.length());
_input.fillWithByte(padding, padding);
}
}
if(rval) {
// do final update
_finish = true;
cipher.update();
}
if(!encrypt) {
// check for error: input data not a multiple of block size
rval = (_input.length() === 0);
if(rval) {
if(pad) {
rval = pad(8, _output, !encrypt);
} else {
// ensure padding byte count is valid
var len = _output.length();
var count = _output.at(len - 1);
if(count > len) {
rval = false;
} else {
// trim off padding bytes
_output.truncate(count);
}
}
}
}
return rval;
}
};
return cipher;
};
/**
* Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the
* given symmetric key. The output will be stored in the 'output' member
* of the returned cipher.
*
* The key and iv may be given as a string of bytes or a byte buffer.
* The cipher is initialized to use 128 effective key bits.
*
* @param key the symmetric key to use.
* @param iv the initialization vector to use.
* @param output the buffer to write to, null to create one.
*
* @return the cipher.
*/
forge.rc2.startEncrypting = function(key, iv, output) {
var cipher = forge.rc2.createEncryptionCipher(key, 128);
cipher.start(iv, output);
return cipher;
};
/**
* Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the
* given symmetric key.
*
* The key may be given as a string of bytes or a byte buffer.
*
* To start encrypting call start() on the cipher with an iv and optional
* output buffer.
*
* @param key the symmetric key to use.
*
* @return the cipher.
*/
forge.rc2.createEncryptionCipher = function(key, bits) {
return createCipher(key, bits, true);
};
/**
* Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the
* given symmetric key. The output will be stored in the 'output' member
* of the returned cipher.
*
* The key and iv may be given as a string of bytes or a byte buffer.
* The cipher is initialized to use 128 effective key bits.
*
* @param key the symmetric key to use.
* @param iv the initialization vector to use.
* @param output the buffer to write to, null to create one.
*
* @return the cipher.
*/
forge.rc2.startDecrypting = function(key, iv, output) {
var cipher = forge.rc2.createDecryptionCipher(key, 128);
cipher.start(iv, output);
return cipher;
};
/**
* Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the
* given symmetric key.
*
* The key may be given as a string of bytes or a byte buffer.
*
* To start decrypting call start() on the cipher with an iv and optional
* output buffer.
*
* @param key the symmetric key to use.
*
* @return the cipher.
*/
forge.rc2.createDecryptionCipher = function(key, bits) {
return createCipher(key, bits, false);
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'rc2';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/rc2',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
// Copyright (c) 2005 Tom Wu
// All Rights Reserved.
// See "LICENSE" for details.
// Basic JavaScript BN library - subset useful for RSA encryption.
/*
Licensing (LICENSE)
-------------------
This software is covered under the following copyright:
*/
/*
* Copyright (c) 2003-2005 Tom Wu
* All Rights Reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
*
* IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* In addition, the following condition applies:
*
* All redistributions must retain an intact copy of this copyright notice
* and disclaimer.
*/
/*
Address all questions regarding this license to:
Tom Wu
tjw@cs.Stanford.EDU
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// Bits per digit
var dbits;
// JavaScript engine analysis
var canary = 0xdeadbeefcafe;
var j_lm = ((canary&0xffffff)==0xefcafe);
// (public) Constructor
function BigInteger(a,b,c) {
this.data = [];
if(a != null)
if("number" == typeof a) this.fromNumber(a,b,c);
else if(b == null && "string" != typeof a) this.fromString(a,256);
else this.fromString(a,b);
}
// return new, unset BigInteger
function nbi() { return new BigInteger(null); }
// am: Compute w_j += (x*this_i), propagate carries,
// c is initial carry, returns final carry.
// c < 3*dvalue, x < 2*dvalue, this_i < dvalue
// We need to select the fastest one that works in this environment.
// am1: use a single mult and divide to get the high bits,
// max digit bits should be 26 because
// max internal value = 2*dvalue^2-2*dvalue (< 2^53)
function am1(i,x,w,j,c,n) {
while(--n >= 0) {
var v = x*this.data[i++]+w.data[j]+c;
c = Math.floor(v/0x4000000);
w.data[j++] = v&0x3ffffff;
}
return c;
}
// am2 avoids a big mult-and-extract completely.
// Max digit bits should be <= 30 because we do bitwise ops
// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
function am2(i,x,w,j,c,n) {
var xl = x&0x7fff, xh = x>>15;
while(--n >= 0) {
var l = this.data[i]&0x7fff;
var h = this.data[i++]>>15;
var m = xh*l+h*xl;
l = xl*l+((m&0x7fff)<<15)+w.data[j]+(c&0x3fffffff);
c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
w.data[j++] = l&0x3fffffff;
}
return c;
}
// Alternately, set max digit bits to 28 since some
// browsers slow down when dealing with 32-bit numbers.
function am3(i,x,w,j,c,n) {
var xl = x&0x3fff, xh = x>>14;
while(--n >= 0) {
var l = this.data[i]&0x3fff;
var h = this.data[i++]>>14;
var m = xh*l+h*xl;
l = xl*l+((m&0x3fff)<<14)+w.data[j]+c;
c = (l>>28)+(m>>14)+xh*h;
w.data[j++] = l&0xfffffff;
}
return c;
}
// node.js (no browser)
if(typeof(navigator) === 'undefined')
{
BigInteger.prototype.am = am3;
dbits = 28;
} else if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
BigInteger.prototype.am = am2;
dbits = 30;
} else if(j_lm && (navigator.appName != "Netscape")) {
BigInteger.prototype.am = am1;
dbits = 26;
} else { // Mozilla/Netscape seems to prefer am3
BigInteger.prototype.am = am3;
dbits = 28;
}
BigInteger.prototype.DB = dbits;
BigInteger.prototype.DM = ((1<<dbits)-1);
BigInteger.prototype.DV = (1<<dbits);
var BI_FP = 52;
BigInteger.prototype.FV = Math.pow(2,BI_FP);
BigInteger.prototype.F1 = BI_FP-dbits;
BigInteger.prototype.F2 = 2*dbits-BI_FP;
// Digit conversions
var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
var BI_RC = new Array();
var rr,vv;
rr = "0".charCodeAt(0);
for(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
rr = "a".charCodeAt(0);
for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
rr = "A".charCodeAt(0);
for(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
function int2char(n) { return BI_RM.charAt(n); }
function intAt(s,i) {
var c = BI_RC[s.charCodeAt(i)];
return (c==null)?-1:c;
}
// (protected) copy this to r
function bnpCopyTo(r) {
for(var i = this.t-1; i >= 0; --i) r.data[i] = this.data[i];
r.t = this.t;
r.s = this.s;
}
// (protected) set from integer value x, -DV <= x < DV
function bnpFromInt(x) {
this.t = 1;
this.s = (x<0)?-1:0;
if(x > 0) this.data[0] = x;
else if(x < -1) this.data[0] = x+this.DV;
else this.t = 0;
}
// return bigint initialized to value
function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
// (protected) set from string and radix
function bnpFromString(s,b) {
var k;
if(b == 16) k = 4;
else if(b == 8) k = 3;
else if(b == 256) k = 8; // byte array
else if(b == 2) k = 1;
else if(b == 32) k = 5;
else if(b == 4) k = 2;
else { this.fromRadix(s,b); return; }
this.t = 0;
this.s = 0;
var i = s.length, mi = false, sh = 0;
while(--i >= 0) {
var x = (k==8)?s[i]&0xff:intAt(s,i);
if(x < 0) {
if(s.charAt(i) == "-") mi = true;
continue;
}
mi = false;
if(sh == 0)
this.data[this.t++] = x;
else if(sh+k > this.DB) {
this.data[this.t-1] |= (x&((1<<(this.DB-sh))-1))<<sh;
this.data[this.t++] = (x>>(this.DB-sh));
} else
this.data[this.t-1] |= x<<sh;
sh += k;
if(sh >= this.DB) sh -= this.DB;
}
if(k == 8 && (s[0]&0x80) != 0) {
this.s = -1;
if(sh > 0) this.data[this.t-1] |= ((1<<(this.DB-sh))-1)<<sh;
}
this.clamp();
if(mi) BigInteger.ZERO.subTo(this,this);
}
// (protected) clamp off excess high words
function bnpClamp() {
var c = this.s&this.DM;
while(this.t > 0 && this.data[this.t-1] == c) --this.t;
}
// (public) return string representation in given radix
function bnToString(b) {
if(this.s < 0) return "-"+this.negate().toString(b);
var k;
if(b == 16) k = 4;
else if(b == 8) k = 3;
else if(b == 2) k = 1;
else if(b == 32) k = 5;
else if(b == 4) k = 2;
else return this.toRadix(b);
var km = (1<<k)-1, d, m = false, r = "", i = this.t;
var p = this.DB-(i*this.DB)%k;
if(i-- > 0) {
if(p < this.DB && (d = this.data[i]>>p) > 0) { m = true; r = int2char(d); }
while(i >= 0) {
if(p < k) {
d = (this.data[i]&((1<<p)-1))<<(k-p);
d |= this.data[--i]>>(p+=this.DB-k);
} else {
d = (this.data[i]>>(p-=k))&km;
if(p <= 0) { p += this.DB; --i; }
}
if(d > 0) m = true;
if(m) r += int2char(d);
}
}
return m?r:"0";
}
// (public) -this
function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
// (public) |this|
function bnAbs() { return (this.s<0)?this.negate():this; }
// (public) return + if this > a, - if this < a, 0 if equal
function bnCompareTo(a) {
var r = this.s-a.s;
if(r != 0) return r;
var i = this.t;
r = i-a.t;
if(r != 0) return (this.s<0)?-r:r;
while(--i >= 0) if((r=this.data[i]-a.data[i]) != 0) return r;
return 0;
}
// returns bit length of the integer x
function nbits(x) {
var r = 1, t;
if((t=x>>>16) != 0) { x = t; r += 16; }
if((t=x>>8) != 0) { x = t; r += 8; }
if((t=x>>4) != 0) { x = t; r += 4; }
if((t=x>>2) != 0) { x = t; r += 2; }
if((t=x>>1) != 0) { x = t; r += 1; }
return r;
}
// (public) return the number of bits in "this"
function bnBitLength() {
if(this.t <= 0) return 0;
return this.DB*(this.t-1)+nbits(this.data[this.t-1]^(this.s&this.DM));
}
// (protected) r = this << n*DB
function bnpDLShiftTo(n,r) {
var i;
for(i = this.t-1; i >= 0; --i) r.data[i+n] = this.data[i];
for(i = n-1; i >= 0; --i) r.data[i] = 0;
r.t = this.t+n;
r.s = this.s;
}
// (protected) r = this >> n*DB
function bnpDRShiftTo(n,r) {
for(var i = n; i < this.t; ++i) r.data[i-n] = this.data[i];
r.t = Math.max(this.t-n,0);
r.s = this.s;
}
// (protected) r = this << n
function bnpLShiftTo(n,r) {
var bs = n%this.DB;
var cbs = this.DB-bs;
var bm = (1<<cbs)-1;
var ds = Math.floor(n/this.DB), c = (this.s<<bs)&this.DM, i;
for(i = this.t-1; i >= 0; --i) {
r.data[i+ds+1] = (this.data[i]>>cbs)|c;
c = (this.data[i]&bm)<<bs;
}
for(i = ds-1; i >= 0; --i) r.data[i] = 0;
r.data[ds] = c;
r.t = this.t+ds+1;
r.s = this.s;
r.clamp();
}
// (protected) r = this >> n
function bnpRShiftTo(n,r) {
r.s = this.s;
var ds = Math.floor(n/this.DB);
if(ds >= this.t) { r.t = 0; return; }
var bs = n%this.DB;
var cbs = this.DB-bs;
var bm = (1<<bs)-1;
r.data[0] = this.data[ds]>>bs;
for(var i = ds+1; i < this.t; ++i) {
r.data[i-ds-1] |= (this.data[i]&bm)<<cbs;
r.data[i-ds] = this.data[i]>>bs;
}
if(bs > 0) r.data[this.t-ds-1] |= (this.s&bm)<<cbs;
r.t = this.t-ds;
r.clamp();
}
// (protected) r = this - a
function bnpSubTo(a,r) {
var i = 0, c = 0, m = Math.min(a.t,this.t);
while(i < m) {
c += this.data[i]-a.data[i];
r.data[i++] = c&this.DM;
c >>= this.DB;
}
if(a.t < this.t) {
c -= a.s;
while(i < this.t) {
c += this.data[i];
r.data[i++] = c&this.DM;
c >>= this.DB;
}
c += this.s;
} else {
c += this.s;
while(i < a.t) {
c -= a.data[i];
r.data[i++] = c&this.DM;
c >>= this.DB;
}
c -= a.s;
}
r.s = (c<0)?-1:0;
if(c < -1) r.data[i++] = this.DV+c;
else if(c > 0) r.data[i++] = c;
r.t = i;
r.clamp();
}
// (protected) r = this * a, r != this,a (HAC 14.12)
// "this" should be the larger one if appropriate.
function bnpMultiplyTo(a,r) {
var x = this.abs(), y = a.abs();
var i = x.t;
r.t = i+y.t;
while(--i >= 0) r.data[i] = 0;
for(i = 0; i < y.t; ++i) r.data[i+x.t] = x.am(0,y.data[i],r,i,0,x.t);
r.s = 0;
r.clamp();
if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
}
// (protected) r = this^2, r != this (HAC 14.16)
function bnpSquareTo(r) {
var x = this.abs();
var i = r.t = 2*x.t;
while(--i >= 0) r.data[i] = 0;
for(i = 0; i < x.t-1; ++i) {
var c = x.am(i,x.data[i],r,2*i,0,1);
if((r.data[i+x.t]+=x.am(i+1,2*x.data[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {
r.data[i+x.t] -= x.DV;
r.data[i+x.t+1] = 1;
}
}
if(r.t > 0) r.data[r.t-1] += x.am(i,x.data[i],r,2*i,0,1);
r.s = 0;
r.clamp();
}
// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
// r != q, this != m. q or r may be null.
function bnpDivRemTo(m,q,r) {
var pm = m.abs();
if(pm.t <= 0) return;
var pt = this.abs();
if(pt.t < pm.t) {
if(q != null) q.fromInt(0);
if(r != null) this.copyTo(r);
return;
}
if(r == null) r = nbi();
var y = nbi(), ts = this.s, ms = m.s;
var nsh = this.DB-nbits(pm.data[pm.t-1]); // normalize modulus
if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } else { pm.copyTo(y); pt.copyTo(r); }
var ys = y.t;
var y0 = y.data[ys-1];
if(y0 == 0) return;
var yt = y0*(1<<this.F1)+((ys>1)?y.data[ys-2]>>this.F2:0);
var d1 = this.FV/yt, d2 = (1<<this.F1)/yt, e = 1<<this.F2;
var i = r.t, j = i-ys, t = (q==null)?nbi():q;
y.dlShiftTo(j,t);
if(r.compareTo(t) >= 0) {
r.data[r.t++] = 1;
r.subTo(t,r);
}
BigInteger.ONE.dlShiftTo(ys,t);
t.subTo(y,y); // "negative" y so we can replace sub with am later
while(y.t < ys) y.data[y.t++] = 0;
while(--j >= 0) {
// Estimate quotient digit
var qd = (r.data[--i]==y0)?this.DM:Math.floor(r.data[i]*d1+(r.data[i-1]+e)*d2);
if((r.data[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out
y.dlShiftTo(j,t);
r.subTo(t,r);
while(r.data[i] < --qd) r.subTo(t,r);
}
}
if(q != null) {
r.drShiftTo(ys,q);
if(ts != ms) BigInteger.ZERO.subTo(q,q);
}
r.t = ys;
r.clamp();
if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder
if(ts < 0) BigInteger.ZERO.subTo(r,r);
}
// (public) this mod a
function bnMod(a) {
var r = nbi();
this.abs().divRemTo(a,null,r);
if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
return r;
}
// Modular reduction using "classic" algorithm
function Classic(m) { this.m = m; }
function cConvert(x) {
if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
else return x;
}
function cRevert(x) { return x; }
function cReduce(x) { x.divRemTo(this.m,null,x); }
function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
Classic.prototype.convert = cConvert;
Classic.prototype.revert = cRevert;
Classic.prototype.reduce = cReduce;
Classic.prototype.mulTo = cMulTo;
Classic.prototype.sqrTo = cSqrTo;
// (protected) return "-1/this % 2^DB"; useful for Mont. reduction
// justification:
// xy == 1 (mod m)
// xy = 1+km
// xy(2-xy) = (1+km)(1-km)
// x[y(2-xy)] = 1-k^2m^2
// x[y(2-xy)] == 1 (mod m^2)
// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
// JS multiply "overflows" differently from C/C++, so care is needed here.
function bnpInvDigit() {
if(this.t < 1) return 0;
var x = this.data[0];
if((x&1) == 0) return 0;
var y = x&3; // y == 1/x mod 2^2
y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4
y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8
y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16
// last step - calculate inverse mod DV directly;
// assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits
// we really want the negative inverse, and -DV < y < DV
return (y>0)?this.DV-y:-y;
}
// Montgomery reduction
function Montgomery(m) {
this.m = m;
this.mp = m.invDigit();
this.mpl = this.mp&0x7fff;
this.mph = this.mp>>15;
this.um = (1<<(m.DB-15))-1;
this.mt2 = 2*m.t;
}
// xR mod m
function montConvert(x) {
var r = nbi();
x.abs().dlShiftTo(this.m.t,r);
r.divRemTo(this.m,null,r);
if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
return r;
}
// x/R mod m
function montRevert(x) {
var r = nbi();
x.copyTo(r);
this.reduce(r);
return r;
}
// x = x/R mod m (HAC 14.32)
function montReduce(x) {
while(x.t <= this.mt2) // pad x so am has enough room later
x.data[x.t++] = 0;
for(var i = 0; i < this.m.t; ++i) {
// faster way of calculating u0 = x.data[i]*mp mod DV
var j = x.data[i]&0x7fff;
var u0 = (j*this.mpl+(((j*this.mph+(x.data[i]>>15)*this.mpl)&this.um)<<15))&x.DM;
// use am to combine the multiply-shift-add into one call
j = i+this.m.t;
x.data[j] += this.m.am(0,u0,x,i,0,this.m.t);
// propagate carry
while(x.data[j] >= x.DV) { x.data[j] -= x.DV; x.data[++j]++; }
}
x.clamp();
x.drShiftTo(this.m.t,x);
if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
}
// r = "x^2/R mod m"; x != r
function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
// r = "xy/R mod m"; x,y != r
function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
Montgomery.prototype.convert = montConvert;
Montgomery.prototype.revert = montRevert;
Montgomery.prototype.reduce = montReduce;
Montgomery.prototype.mulTo = montMulTo;
Montgomery.prototype.sqrTo = montSqrTo;
// (protected) true iff this is even
function bnpIsEven() { return ((this.t>0)?(this.data[0]&1):this.s) == 0; }
// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
function bnpExp(e,z) {
if(e > 0xffffffff || e < 1) return BigInteger.ONE;
var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
g.copyTo(r);
while(--i >= 0) {
z.sqrTo(r,r2);
if((e&(1<<i)) > 0) z.mulTo(r2,g,r);
else { var t = r; r = r2; r2 = t; }
}
return z.revert(r);
}
// (public) this^e % m, 0 <= e < 2^32
function bnModPowInt(e,m) {
var z;
if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
return this.exp(e,z);
}
// protected
BigInteger.prototype.copyTo = bnpCopyTo;
BigInteger.prototype.fromInt = bnpFromInt;
BigInteger.prototype.fromString = bnpFromString;
BigInteger.prototype.clamp = bnpClamp;
BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
BigInteger.prototype.drShiftTo = bnpDRShiftTo;
BigInteger.prototype.lShiftTo = bnpLShiftTo;
BigInteger.prototype.rShiftTo = bnpRShiftTo;
BigInteger.prototype.subTo = bnpSubTo;
BigInteger.prototype.multiplyTo = bnpMultiplyTo;
BigInteger.prototype.squareTo = bnpSquareTo;
BigInteger.prototype.divRemTo = bnpDivRemTo;
BigInteger.prototype.invDigit = bnpInvDigit;
BigInteger.prototype.isEven = bnpIsEven;
BigInteger.prototype.exp = bnpExp;
// public
BigInteger.prototype.toString = bnToString;
BigInteger.prototype.negate = bnNegate;
BigInteger.prototype.abs = bnAbs;
BigInteger.prototype.compareTo = bnCompareTo;
BigInteger.prototype.bitLength = bnBitLength;
BigInteger.prototype.mod = bnMod;
BigInteger.prototype.modPowInt = bnModPowInt;
// "constants"
BigInteger.ZERO = nbv(0);
BigInteger.ONE = nbv(1);
// jsbn2 lib
//Copyright (c) 2005-2009 Tom Wu
//All Rights Reserved.
//See "LICENSE" for details (See jsbn.js for LICENSE).
//Extended JavaScript BN functions, required for RSA private ops.
//Version 1.1: new BigInteger("0", 10) returns "proper" zero
//(public)
function bnClone() { var r = nbi(); this.copyTo(r); return r; }
//(public) return value as integer
function bnIntValue() {
if(this.s < 0) {
if(this.t == 1) return this.data[0]-this.DV;
else if(this.t == 0) return -1;
} else if(this.t == 1) return this.data[0];
else if(this.t == 0) return 0;
// assumes 16 < DB < 32
return ((this.data[1]&((1<<(32-this.DB))-1))<<this.DB)|this.data[0];
}
//(public) return value as byte
function bnByteValue() { return (this.t==0)?this.s:(this.data[0]<<24)>>24; }
//(public) return value as short (assumes DB>=16)
function bnShortValue() { return (this.t==0)?this.s:(this.data[0]<<16)>>16; }
//(protected) return x s.t. r^x < DV
function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }
//(public) 0 if this == 0, 1 if this > 0
function bnSigNum() {
if(this.s < 0) return -1;
else if(this.t <= 0 || (this.t == 1 && this.data[0] <= 0)) return 0;
else return 1;
}
//(protected) convert to radix string
function bnpToRadix(b) {
if(b == null) b = 10;
if(this.signum() == 0 || b < 2 || b > 36) return "0";
var cs = this.chunkSize(b);
var a = Math.pow(b,cs);
var d = nbv(a), y = nbi(), z = nbi(), r = "";
this.divRemTo(d,y,z);
while(y.signum() > 0) {
r = (a+z.intValue()).toString(b).substr(1) + r;
y.divRemTo(d,y,z);
}
return z.intValue().toString(b) + r;
}
//(protected) convert from radix string
function bnpFromRadix(s,b) {
this.fromInt(0);
if(b == null) b = 10;
var cs = this.chunkSize(b);
var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
for(var i = 0; i < s.length; ++i) {
var x = intAt(s,i);
if(x < 0) {
if(s.charAt(i) == "-" && this.signum() == 0) mi = true;
continue;
}
w = b*w+x;
if(++j >= cs) {
this.dMultiply(d);
this.dAddOffset(w,0);
j = 0;
w = 0;
}
}
if(j > 0) {
this.dMultiply(Math.pow(b,j));
this.dAddOffset(w,0);
}
if(mi) BigInteger.ZERO.subTo(this,this);
}
//(protected) alternate constructor
function bnpFromNumber(a,b,c) {
if("number" == typeof b) {
// new BigInteger(int,int,RNG)
if(a < 2) this.fromInt(1);
else {
this.fromNumber(a,c);
if(!this.testBit(a-1)) // force MSB set
this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);
if(this.isEven()) this.dAddOffset(1,0); // force odd
while(!this.isProbablePrime(b)) {
this.dAddOffset(2,0);
if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);
}
}
} else {
// new BigInteger(int,RNG)
var x = new Array(), t = a&7;
x.length = (a>>3)+1;
b.nextBytes(x);
if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;
this.fromString(x,256);
}
}
//(public) convert to bigendian byte array
function bnToByteArray() {
var i = this.t, r = new Array();
r[0] = this.s;
var p = this.DB-(i*this.DB)%8, d, k = 0;
if(i-- > 0) {
if(p < this.DB && (d = this.data[i]>>p) != (this.s&this.DM)>>p)
r[k++] = d|(this.s<<(this.DB-p));
while(i >= 0) {
if(p < 8) {
d = (this.data[i]&((1<<p)-1))<<(8-p);
d |= this.data[--i]>>(p+=this.DB-8);
} else {
d = (this.data[i]>>(p-=8))&0xff;
if(p <= 0) { p += this.DB; --i; }
}
if((d&0x80) != 0) d |= -256;
if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;
if(k > 0 || d != this.s) r[k++] = d;
}
}
return r;
}
function bnEquals(a) { return(this.compareTo(a)==0); }
function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
//(protected) r = this op a (bitwise)
function bnpBitwiseTo(a,op,r) {
var i, f, m = Math.min(a.t,this.t);
for(i = 0; i < m; ++i) r.data[i] = op(this.data[i],a.data[i]);
if(a.t < this.t) {
f = a.s&this.DM;
for(i = m; i < this.t; ++i) r.data[i] = op(this.data[i],f);
r.t = this.t;
} else {
f = this.s&this.DM;
for(i = m; i < a.t; ++i) r.data[i] = op(f,a.data[i]);
r.t = a.t;
}
r.s = op(this.s,a.s);
r.clamp();
}
//(public) this & a
function op_and(x,y) { return x&y; }
function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
//(public) this | a
function op_or(x,y) { return x|y; }
function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
//(public) this ^ a
function op_xor(x,y) { return x^y; }
function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
//(public) this & ~a
function op_andnot(x,y) { return x&~y; }
function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
//(public) ~this
function bnNot() {
var r = nbi();
for(var i = 0; i < this.t; ++i) r.data[i] = this.DM&~this.data[i];
r.t = this.t;
r.s = ~this.s;
return r;
}
//(public) this << n
function bnShiftLeft(n) {
var r = nbi();
if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
return r;
}
//(public) this >> n
function bnShiftRight(n) {
var r = nbi();
if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
return r;
}
//return index of lowest 1-bit in x, x < 2^31
function lbit(x) {
if(x == 0) return -1;
var r = 0;
if((x&0xffff) == 0) { x >>= 16; r += 16; }
if((x&0xff) == 0) { x >>= 8; r += 8; }
if((x&0xf) == 0) { x >>= 4; r += 4; }
if((x&3) == 0) { x >>= 2; r += 2; }
if((x&1) == 0) ++r;
return r;
}
//(public) returns index of lowest 1-bit (or -1 if none)
function bnGetLowestSetBit() {
for(var i = 0; i < this.t; ++i)
if(this.data[i] != 0) return i*this.DB+lbit(this.data[i]);
if(this.s < 0) return this.t*this.DB;
return -1;
}
//return number of 1 bits in x
function cbit(x) {
var r = 0;
while(x != 0) { x &= x-1; ++r; }
return r;
}
//(public) return number of set bits
function bnBitCount() {
var r = 0, x = this.s&this.DM;
for(var i = 0; i < this.t; ++i) r += cbit(this.data[i]^x);
return r;
}
//(public) true iff nth bit is set
function bnTestBit(n) {
var j = Math.floor(n/this.DB);
if(j >= this.t) return(this.s!=0);
return((this.data[j]&(1<<(n%this.DB)))!=0);
}
//(protected) this op (1<<n)
function bnpChangeBit(n,op) {
var r = BigInteger.ONE.shiftLeft(n);
this.bitwiseTo(r,op,r);
return r;
}
//(public) this | (1<<n)
function bnSetBit(n) { return this.changeBit(n,op_or); }
//(public) this & ~(1<<n)
function bnClearBit(n) { return this.changeBit(n,op_andnot); }
//(public) this ^ (1<<n)
function bnFlipBit(n) { return this.changeBit(n,op_xor); }
//(protected) r = this + a
function bnpAddTo(a,r) {
var i = 0, c = 0, m = Math.min(a.t,this.t);
while(i < m) {
c += this.data[i]+a.data[i];
r.data[i++] = c&this.DM;
c >>= this.DB;
}
if(a.t < this.t) {
c += a.s;
while(i < this.t) {
c += this.data[i];
r.data[i++] = c&this.DM;
c >>= this.DB;
}
c += this.s;
} else {
c += this.s;
while(i < a.t) {
c += a.data[i];
r.data[i++] = c&this.DM;
c >>= this.DB;
}
c += a.s;
}
r.s = (c<0)?-1:0;
if(c > 0) r.data[i++] = c;
else if(c < -1) r.data[i++] = this.DV+c;
r.t = i;
r.clamp();
}
//(public) this + a
function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
//(public) this - a
function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
//(public) this * a
function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
//(public) this / a
function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
//(public) this % a
function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
//(public) [this/a,this%a]
function bnDivideAndRemainder(a) {
var q = nbi(), r = nbi();
this.divRemTo(a,q,r);
return new Array(q,r);
}
//(protected) this *= n, this >= 0, 1 < n < DV
function bnpDMultiply(n) {
this.data[this.t] = this.am(0,n-1,this,0,0,this.t);
++this.t;
this.clamp();
}
//(protected) this += n << w words, this >= 0
function bnpDAddOffset(n,w) {
if(n == 0) return;
while(this.t <= w) this.data[this.t++] = 0;
this.data[w] += n;
while(this.data[w] >= this.DV) {
this.data[w] -= this.DV;
if(++w >= this.t) this.data[this.t++] = 0;
++this.data[w];
}
}
//A "null" reducer
function NullExp() {}
function nNop(x) { return x; }
function nMulTo(x,y,r) { x.multiplyTo(y,r); }
function nSqrTo(x,r) { x.squareTo(r); }
NullExp.prototype.convert = nNop;
NullExp.prototype.revert = nNop;
NullExp.prototype.mulTo = nMulTo;
NullExp.prototype.sqrTo = nSqrTo;
//(public) this^e
function bnPow(e) { return this.exp(e,new NullExp()); }
//(protected) r = lower n words of "this * a", a.t <= n
//"this" should be the larger one if appropriate.
function bnpMultiplyLowerTo(a,n,r) {
var i = Math.min(this.t+a.t,n);
r.s = 0; // assumes a,this >= 0
r.t = i;
while(i > 0) r.data[--i] = 0;
var j;
for(j = r.t-this.t; i < j; ++i) r.data[i+this.t] = this.am(0,a.data[i],r,i,0,this.t);
for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a.data[i],r,i,0,n-i);
r.clamp();
}
//(protected) r = "this * a" without lower n words, n > 0
//"this" should be the larger one if appropriate.
function bnpMultiplyUpperTo(a,n,r) {
--n;
var i = r.t = this.t+a.t-n;
r.s = 0; // assumes a,this >= 0
while(--i >= 0) r.data[i] = 0;
for(i = Math.max(n-this.t,0); i < a.t; ++i)
r.data[this.t+i-n] = this.am(n-i,a.data[i],r,0,0,this.t+i-n);
r.clamp();
r.drShiftTo(1,r);
}
//Barrett modular reduction
function Barrett(m) {
// setup Barrett
this.r2 = nbi();
this.q3 = nbi();
BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
this.mu = this.r2.divide(m);
this.m = m;
}
function barrettConvert(x) {
if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
else if(x.compareTo(this.m) < 0) return x;
else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
}
function barrettRevert(x) { return x; }
//x = x mod m (HAC 14.42)
function barrettReduce(x) {
x.drShiftTo(this.m.t-1,this.r2);
if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }
this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);
this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);
while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);
x.subTo(this.r2,x);
while(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
}
//r = x^2 mod m; x != r
function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
//r = x*y mod m; x,y != r
function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
Barrett.prototype.convert = barrettConvert;
Barrett.prototype.revert = barrettRevert;
Barrett.prototype.reduce = barrettReduce;
Barrett.prototype.mulTo = barrettMulTo;
Barrett.prototype.sqrTo = barrettSqrTo;
//(public) this^e % m (HAC 14.85)
function bnModPow(e,m) {
var i = e.bitLength(), k, r = nbv(1), z;
if(i <= 0) return r;
else if(i < 18) k = 1;
else if(i < 48) k = 3;
else if(i < 144) k = 4;
else if(i < 768) k = 5;
else k = 6;
if(i < 8)
z = new Classic(m);
else if(m.isEven())
z = new Barrett(m);
else
z = new Montgomery(m);
// precomputation
var g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;
g[1] = z.convert(this);
if(k > 1) {
var g2 = nbi();
z.sqrTo(g[1],g2);
while(n <= km) {
g[n] = nbi();
z.mulTo(g2,g[n-2],g[n]);
n += 2;
}
}
var j = e.t-1, w, is1 = true, r2 = nbi(), t;
i = nbits(e.data[j])-1;
while(j >= 0) {
if(i >= k1) w = (e.data[j]>>(i-k1))&km;
else {
w = (e.data[j]&((1<<(i+1))-1))<<(k1-i);
if(j > 0) w |= e.data[j-1]>>(this.DB+i-k1);
}
n = k;
while((w&1) == 0) { w >>= 1; --n; }
if((i -= n) < 0) { i += this.DB; --j; }
if(is1) { // ret == 1, don't bother squaring or multiplying it
g[w].copyTo(r);
is1 = false;
} else {
while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
z.mulTo(r2,g[w],r);
}
while(j >= 0 && (e.data[j]&(1<<i)) == 0) {
z.sqrTo(r,r2); t = r; r = r2; r2 = t;
if(--i < 0) { i = this.DB-1; --j; }
}
}
return z.revert(r);
}
//(public) gcd(this,a) (HAC 14.54)
function bnGCD(a) {
var x = (this.s<0)?this.negate():this.clone();
var y = (a.s<0)?a.negate():a.clone();
if(x.compareTo(y) < 0) { var t = x; x = y; y = t; }
var i = x.getLowestSetBit(), g = y.getLowestSetBit();
if(g < 0) return x;
if(i < g) g = i;
if(g > 0) {
x.rShiftTo(g,x);
y.rShiftTo(g,y);
}
while(x.signum() > 0) {
if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
if(x.compareTo(y) >= 0) {
x.subTo(y,x);
x.rShiftTo(1,x);
} else {
y.subTo(x,y);
y.rShiftTo(1,y);
}
}
if(g > 0) y.lShiftTo(g,y);
return y;
}
//(protected) this % n, n < 2^26
function bnpModInt(n) {
if(n <= 0) return 0;
var d = this.DV%n, r = (this.s<0)?n-1:0;
if(this.t > 0)
if(d == 0) r = this.data[0]%n;
else for(var i = this.t-1; i >= 0; --i) r = (d*r+this.data[i])%n;
return r;
}
//(public) 1/this % m (HAC 14.61)
function bnModInverse(m) {
var ac = m.isEven();
if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
var u = m.clone(), v = this.clone();
var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
while(u.signum() != 0) {
while(u.isEven()) {
u.rShiftTo(1,u);
if(ac) {
if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
a.rShiftTo(1,a);
} else if(!b.isEven()) b.subTo(m,b);
b.rShiftTo(1,b);
}
while(v.isEven()) {
v.rShiftTo(1,v);
if(ac) {
if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
c.rShiftTo(1,c);
} else if(!d.isEven()) d.subTo(m,d);
d.rShiftTo(1,d);
}
if(u.compareTo(v) >= 0) {
u.subTo(v,u);
if(ac) a.subTo(c,a);
b.subTo(d,b);
} else {
v.subTo(u,v);
if(ac) c.subTo(a,c);
d.subTo(b,d);
}
}
if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
if(d.compareTo(m) >= 0) return d.subtract(m);
if(d.signum() < 0) d.addTo(m,d); else return d;
if(d.signum() < 0) return d.add(m); else return d;
}
var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509];
var lplim = (1<<26)/lowprimes[lowprimes.length-1];
//(public) test primality with certainty >= 1-.5^t
function bnIsProbablePrime(t) {
var i, x = this.abs();
if(x.t == 1 && x.data[0] <= lowprimes[lowprimes.length-1]) {
for(i = 0; i < lowprimes.length; ++i)
if(x.data[0] == lowprimes[i]) return true;
return false;
}
if(x.isEven()) return false;
i = 1;
while(i < lowprimes.length) {
var m = lowprimes[i], j = i+1;
while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];
m = x.modInt(m);
while(i < j) if(m%lowprimes[i++] == 0) return false;
}
return x.millerRabin(t);
}
//(protected) true if probably prime (HAC 4.24, Miller-Rabin)
function bnpMillerRabin(t) {
var n1 = this.subtract(BigInteger.ONE);
var k = n1.getLowestSetBit();
if(k <= 0) return false;
var r = n1.shiftRight(k);
var prng = bnGetPrng();
var a;
for(var i = 0; i < t; ++i) {
// select witness 'a' at random from between 1 and n1
do {
a = new BigInteger(this.bitLength(), prng);
}
while(a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0);
var y = a.modPow(r,this);
if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
var j = 1;
while(j++ < k && y.compareTo(n1) != 0) {
y = y.modPowInt(2,this);
if(y.compareTo(BigInteger.ONE) == 0) return false;
}
if(y.compareTo(n1) != 0) return false;
}
}
return true;
}
// get pseudo random number generator
function bnGetPrng() {
// create prng with api that matches BigInteger secure random
return {
// x is an array to fill with bytes
nextBytes: function(x) {
for(var i = 0; i < x.length; ++i) {
x[i] = Math.floor(Math.random() * 0x0100);
}
}
};
}
//protected
BigInteger.prototype.chunkSize = bnpChunkSize;
BigInteger.prototype.toRadix = bnpToRadix;
BigInteger.prototype.fromRadix = bnpFromRadix;
BigInteger.prototype.fromNumber = bnpFromNumber;
BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
BigInteger.prototype.changeBit = bnpChangeBit;
BigInteger.prototype.addTo = bnpAddTo;
BigInteger.prototype.dMultiply = bnpDMultiply;
BigInteger.prototype.dAddOffset = bnpDAddOffset;
BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
BigInteger.prototype.modInt = bnpModInt;
BigInteger.prototype.millerRabin = bnpMillerRabin;
//public
BigInteger.prototype.clone = bnClone;
BigInteger.prototype.intValue = bnIntValue;
BigInteger.prototype.byteValue = bnByteValue;
BigInteger.prototype.shortValue = bnShortValue;
BigInteger.prototype.signum = bnSigNum;
BigInteger.prototype.toByteArray = bnToByteArray;
BigInteger.prototype.equals = bnEquals;
BigInteger.prototype.min = bnMin;
BigInteger.prototype.max = bnMax;
BigInteger.prototype.and = bnAnd;
BigInteger.prototype.or = bnOr;
BigInteger.prototype.xor = bnXor;
BigInteger.prototype.andNot = bnAndNot;
BigInteger.prototype.not = bnNot;
BigInteger.prototype.shiftLeft = bnShiftLeft;
BigInteger.prototype.shiftRight = bnShiftRight;
BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
BigInteger.prototype.bitCount = bnBitCount;
BigInteger.prototype.testBit = bnTestBit;
BigInteger.prototype.setBit = bnSetBit;
BigInteger.prototype.clearBit = bnClearBit;
BigInteger.prototype.flipBit = bnFlipBit;
BigInteger.prototype.add = bnAdd;
BigInteger.prototype.subtract = bnSubtract;
BigInteger.prototype.multiply = bnMultiply;
BigInteger.prototype.divide = bnDivide;
BigInteger.prototype.remainder = bnRemainder;
BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
BigInteger.prototype.modPow = bnModPow;
BigInteger.prototype.modInverse = bnModInverse;
BigInteger.prototype.pow = bnPow;
BigInteger.prototype.gcd = bnGCD;
BigInteger.prototype.isProbablePrime = bnIsProbablePrime;
//BigInteger interfaces not implemented in jsbn:
//BigInteger(int signum, byte[] magnitude)
//double doubleValue()
//float floatValue()
//int hashCode()
//long longValue()
//static BigInteger valueOf(long val)
forge.jsbn = forge.jsbn || {};
forge.jsbn.BigInteger = BigInteger;
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'jsbn';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/jsbn',['require', 'module'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Partial implementation of PKCS#1 v2.2: RSA-OEAP
*
* Modified but based on the following MIT and BSD licensed code:
*
* https://github.com/kjur/jsjws/blob/master/rsa.js:
*
* The 'jsjws'(JSON Web Signature JavaScript Library) License
*
* Copyright (c) 2012 Kenji Urushima
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* http://webrsa.cvs.sourceforge.net/viewvc/webrsa/Client/RSAES-OAEP.js?content-type=text%2Fplain:
*
* RSAES-OAEP.js
* $Id: RSAES-OAEP.js,v 1.1.1.1 2003/03/19 15:37:20 ellispritchard Exp $
* JavaScript Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002)
* Copyright (C) Ellis Pritchard, Guardian Unlimited 2003.
* Contact: ellis@nukinetics.com
* Distributed under the BSD License.
*
* Official documentation: http://www.rsa.com/rsalabs/node.asp?id=2125
*
* @author Evan Jones (http://evanjones.ca/)
* @author Dave Longley
*
* Copyright (c) 2013-2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for PKCS#1 API
var pkcs1 = forge.pkcs1 = forge.pkcs1 || {};
/**
* Encode the given RSAES-OAEP message (M) using key, with optional label (L)
* and seed.
*
* This method does not perform RSA encryption, it only encodes the message
* using RSAES-OAEP.
*
* @param key the RSA key to use.
* @param message the message to encode.
* @param options the options to use:
* label an optional label to use.
* seed the seed to use.
* md the message digest object to use, undefined for SHA-1.
* mgf1 optional mgf1 parameters:
* md the message digest object to use for MGF1.
*
* @return the encoded message bytes.
*/
pkcs1.encode_rsa_oaep = function(key, message, options) {
// parse arguments
var label;
var seed;
var md;
var mgf1Md;
// legacy args (label, seed, md)
if(typeof options === 'string') {
label = options;
seed = arguments[3] || undefined;
md = arguments[4] || undefined;
} else if(options) {
label = options.label || undefined;
seed = options.seed || undefined;
md = options.md || undefined;
if(options.mgf1 && options.mgf1.md) {
mgf1Md = options.mgf1.md;
}
}
// default OAEP to SHA-1 message digest
if(!md) {
md = forge.md.sha1.create();
} else {
md.start();
}
// default MGF-1 to same as OAEP
if(!mgf1Md) {
mgf1Md = md;
}
// compute length in bytes and check output
var keyLength = Math.ceil(key.n.bitLength() / 8);
var maxLength = keyLength - 2 * md.digestLength - 2;
if(message.length > maxLength) {
var error = new Error('RSAES-OAEP input message length is too long.');
error.length = message.length;
error.maxLength = maxLength;
throw error;
}
if(!label) {
label = '';
}
md.update(label, 'raw');
var lHash = md.digest();
var PS = '';
var PS_length = maxLength - message.length;
for (var i = 0; i < PS_length; i++) {
PS += '\x00';
}
var DB = lHash.getBytes() + PS + '\x01' + message;
if(!seed) {
seed = forge.random.getBytes(md.digestLength);
} else if(seed.length !== md.digestLength) {
var error = new Error('Invalid RSAES-OAEP seed. The seed length must ' +
'match the digest length.')
error.seedLength = seed.length;
error.digestLength = md.digestLength;
throw error;
}
var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);
var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length);
var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);
var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length);
// return encoded message
return '\x00' + maskedSeed + maskedDB;
};
/**
* Decode the given RSAES-OAEP encoded message (EM) using key, with optional
* label (L).
*
* This method does not perform RSA decryption, it only decodes the message
* using RSAES-OAEP.
*
* @param key the RSA key to use.
* @param em the encoded message to decode.
* @param options the options to use:
* label an optional label to use.
* md the message digest object to use for OAEP, undefined for SHA-1.
* mgf1 optional mgf1 parameters:
* md the message digest object to use for MGF1.
*
* @return the decoded message bytes.
*/
pkcs1.decode_rsa_oaep = function(key, em, options) {
// parse args
var label;
var md;
var mgf1Md;
// legacy args
if(typeof options === 'string') {
label = options;
md = arguments[3] || undefined;
} else if(options) {
label = options.label || undefined;
md = options.md || undefined;
if(options.mgf1 && options.mgf1.md) {
mgf1Md = options.mgf1.md;
}
}
// compute length in bytes
var keyLength = Math.ceil(key.n.bitLength() / 8);
if(em.length !== keyLength) {
var error = new Error('RSAES-OAEP encoded message length is invalid.');
error.length = em.length;
error.expectedLength = keyLength;
throw error;
}
// default OAEP to SHA-1 message digest
if(md === undefined) {
md = forge.md.sha1.create();
} else {
md.start();
}
// default MGF-1 to same as OAEP
if(!mgf1Md) {
mgf1Md = md;
}
if(keyLength < 2 * md.digestLength + 2) {
throw new Error('RSAES-OAEP key is too short for the hash function.');
}
if(!label) {
label = '';
}
md.update(label, 'raw');
var lHash = md.digest().getBytes();
// split the message into its parts
var y = em.charAt(0);
var maskedSeed = em.substring(1, md.digestLength + 1);
var maskedDB = em.substring(1 + md.digestLength);
var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);
var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length);
var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);
var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length);
var lHashPrime = db.substring(0, md.digestLength);
// constant time check that all values match what is expected
var error = (y !== '\x00');
// constant time check lHash vs lHashPrime
for(var i = 0; i < md.digestLength; ++i) {
error |= (lHash.charAt(i) !== lHashPrime.charAt(i));
}
// "constant time" find the 0x1 byte separating the padding (zeros) from the
// message
// TODO: It must be possible to do this in a better/smarter way?
var in_ps = 1;
var index = md.digestLength;
for(var j = md.digestLength; j < db.length; j++) {
var code = db.charCodeAt(j);
var is_0 = (code & 0x1) ^ 0x1;
// non-zero if not 0 or 1 in the ps section
var error_mask = in_ps ? 0xfffe : 0x0000;
error |= (code & error_mask);
// latch in_ps to zero after we find 0x1
in_ps = in_ps & is_0;
index += in_ps;
}
if(error || db.charCodeAt(index) !== 0x1) {
throw new Error('Invalid RSAES-OAEP padding.');
}
return db.substring(index + 1);
};
function rsa_mgf1(seed, maskLength, hash) {
// default to SHA-1 message digest
if(!hash) {
hash = forge.md.sha1.create();
}
var t = '';
var count = Math.ceil(maskLength / hash.digestLength);
for(var i = 0; i < count; ++i) {
var c = String.fromCharCode(
(i >> 24) & 0xFF, (i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF);
hash.start();
hash.update(seed + c);
t += hash.digest().getBytes();
}
return t.substring(0, maskLength);
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pkcs1';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pkcs1',['require', 'module', './util', './random', './sha1'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Prime number generation API.
*
* @author Dave Longley
*
* Copyright (c) 2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// forge.prime already defined
if(forge.prime) {
return;
}
/* PRIME API */
var prime = forge.prime = forge.prime || {};
var BigInteger = forge.jsbn.BigInteger;
// primes are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29
var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
var THIRTY = new BigInteger(null);
THIRTY.fromInt(30);
var op_or = function(x, y) {return x|y;};
/**
* Generates a random probable prime with the given number of bits.
*
* Alternative algorithms can be specified by name as a string or as an
* object with custom options like so:
*
* {
* name: 'PRIMEINC',
* options: {
* maxBlockTime: <the maximum amount of time to block the main
* thread before allowing I/O other JS to run>,
* millerRabinTests: <the number of miller-rabin tests to run>,
* workerScript: <the worker script URL>,
* workers: <the number of web workers (if supported) to use,
* -1 to use estimated cores minus one>.
* workLoad: the size of the work load, ie: number of possible prime
* numbers for each web worker to check per work assignment,
* (default: 100).
* }
* }
*
* @param bits the number of bits for the prime number.
* @param options the options to use.
* [algorithm] the algorithm to use (default: 'PRIMEINC').
* [prng] a custom crypto-secure pseudo-random number generator to use,
* that must define "getBytesSync".
*
* @return callback(err, num) called once the operation completes.
*/
prime.generateProbablePrime = function(bits, options, callback) {
if(typeof options === 'function') {
callback = options;
options = {};
}
options = options || {};
// default to PRIMEINC algorithm
var algorithm = options.algorithm || 'PRIMEINC';
if(typeof algorithm === 'string') {
algorithm = {name: algorithm};
}
algorithm.options = algorithm.options || {};
// create prng with api that matches BigInteger secure random
var prng = options.prng || forge.random;
var rng = {
// x is an array to fill with bytes
nextBytes: function(x) {
var b = prng.getBytesSync(x.length);
for(var i = 0; i < x.length; ++i) {
x[i] = b.charCodeAt(i);
}
}
};
if(algorithm.name === 'PRIMEINC') {
return primeincFindPrime(bits, rng, algorithm.options, callback);
}
throw new Error('Invalid prime generation algorithm: ' + algorithm.name);
};
function primeincFindPrime(bits, rng, options, callback) {
if('workers' in options) {
return primeincFindPrimeWithWorkers(bits, rng, options, callback);
}
return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);
}
function primeincFindPrimeWithoutWorkers(bits, rng, options, callback) {
// initialize random number
var num = generateRandom(bits, rng);
/* Note: All primes are of the form 30k+i for i < 30 and gcd(30, i)=1. The
number we are given is always aligned at 30k + 1. Each time the number is
determined not to be prime we add to get to the next 'i', eg: if the number
was at 30k + 1 we add 6. */
var deltaIdx = 0;
// get required number of MR tests
var mrTests = getMillerRabinTests(num.bitLength());
if('millerRabinTests' in options) {
mrTests = options.millerRabinTests;
}
// find prime nearest to 'num' for maxBlockTime ms
// 10 ms gives 5ms of leeway for other calculations before dropping
// below 60fps (1000/60 == 16.67), but in reality, the number will
// likely be higher due to an 'atomic' big int modPow
var maxBlockTime = 10;
if('maxBlockTime' in options) {
maxBlockTime = options.maxBlockTime;
}
var start = +new Date();
do {
// overflow, regenerate random number
if(num.bitLength() > bits) {
num = generateRandom(bits, rng);
}
// do primality test
if(num.isProbablePrime(mrTests)) {
return callback(null, num);
}
// get next potential prime
num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);
} while(maxBlockTime < 0 || (+new Date() - start < maxBlockTime));
// keep trying (setImmediate would be better here)
forge.util.setImmediate(function() {
primeincFindPrimeWithoutWorkers(bits, rng, options, callback);
});
}
function primeincFindPrimeWithWorkers(bits, rng, options, callback) {
// web workers unavailable
if(typeof Worker === 'undefined') {
return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);
}
// initialize random number
var num = generateRandom(bits, rng);
// use web workers to generate keys
var numWorkers = options.workers;
var workLoad = options.workLoad || 100;
var range = workLoad * 30 / 8;
var workerScript = options.workerScript || 'forge/prime.worker.js';
if(numWorkers === -1) {
return forge.util.estimateCores(function(err, cores) {
if(err) {
// default to 2
cores = 2;
}
numWorkers = cores - 1;
generate();
});
}
generate();
function generate() {
// require at least 1 worker
numWorkers = Math.max(1, numWorkers);
// TODO: consider optimizing by starting workers outside getPrime() ...
// note that in order to clean up they will have to be made internally
// asynchronous which may actually be slower
// start workers immediately
var workers = [];
for(var i = 0; i < numWorkers; ++i) {
// FIXME: fix path or use blob URLs
workers[i] = new Worker(workerScript);
}
var running = numWorkers;
// listen for requests from workers and assign ranges to find prime
for(var i = 0; i < numWorkers; ++i) {
workers[i].addEventListener('message', workerMessage);
}
/* Note: The distribution of random numbers is unknown. Therefore, each
web worker is continuously allocated a range of numbers to check for a
random number until one is found.
Every 30 numbers will be checked just 8 times, because prime numbers
have the form:
30k+i, for i < 30 and gcd(30, i)=1 (there are 8 values of i for this)
Therefore, if we want a web worker to run N checks before asking for
a new range of numbers, each range must contain N*30/8 numbers.
For 100 checks (workLoad), this is a range of 375. */
var found = false;
function workerMessage(e) {
// ignore message, prime already found
if(found) {
return;
}
--running;
var data = e.data;
if(data.found) {
// terminate all workers
for(var i = 0; i < workers.length; ++i) {
workers[i].terminate();
}
found = true;
return callback(null, new BigInteger(data.prime, 16));
}
// overflow, regenerate random number
if(num.bitLength() > bits) {
num = generateRandom(bits, rng);
}
// assign new range to check
var hex = num.toString(16);
// start prime search
e.target.postMessage({
hex: hex,
workLoad: workLoad
});
num.dAddOffset(range, 0);
}
}
}
/**
* Generates a random number using the given number of bits and RNG.
*
* @param bits the number of bits for the number.
* @param rng the random number generator to use.
*
* @return the random number.
*/
function generateRandom(bits, rng) {
var num = new BigInteger(bits, rng);
// force MSB set
var bits1 = bits - 1;
if(!num.testBit(bits1)) {
num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num);
}
// align number on 30k+1 boundary
num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0);
return num;
}
/**
* Returns the required number of Miller-Rabin tests to generate a
* prime with an error probability of (1/2)^80.
*
* See Handbook of Applied Cryptography Chapter 4, Table 4.4.
*
* @param bits the bit size.
*
* @return the required number of iterations.
*/
function getMillerRabinTests(bits) {
if(bits <= 100) return 27;
if(bits <= 150) return 18;
if(bits <= 200) return 15;
if(bits <= 250) return 12;
if(bits <= 300) return 9;
if(bits <= 350) return 8;
if(bits <= 400) return 7;
if(bits <= 500) return 6;
if(bits <= 600) return 5;
if(bits <= 800) return 4;
if(bits <= 1250) return 3;
return 2;
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'prime';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/prime',['require', 'module', './util', './jsbn', './random'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of basic RSA algorithms.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*
* The only algorithm currently supported for PKI is RSA.
*
* An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo
* ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier
* and a subjectPublicKey of type bit string.
*
* The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
* for the algorithm, if any. In the case of RSA, there aren't any.
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* AlgorithmIdentifer ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* For an RSA public key, the subjectPublicKey is:
*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey,
* attributes [0] IMPLICIT Attributes OPTIONAL
* }
*
* Version ::= INTEGER
* PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
* PrivateKey ::= OCTET STRING
* Attributes ::= SET OF Attribute
*
* An RSA private key as the following structure:
*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER -- (inverse of q) mod p
* }
*
* Version ::= INTEGER
*
* The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1
*/
(function() {
function initModule(forge) {
/* ########## Begin module implementation ########## */
if(typeof BigInteger === 'undefined') {
var BigInteger = forge.jsbn.BigInteger;
}
// shortcut for asn.1 API
var asn1 = forge.asn1;
/*
* RSA encryption and decryption, see RFC 2313.
*/
forge.pki = forge.pki || {};
forge.pki.rsa = forge.rsa = forge.rsa || {};
var pki = forge.pki;
// for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29
var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
// validator for a PrivateKeyInfo structure
var privateKeyValidator = {
// PrivateKeyInfo
name: 'PrivateKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// Version (INTEGER)
name: 'PrivateKeyInfo.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyVersion'
}, {
// privateKeyAlgorithm
name: 'PrivateKeyInfo.privateKeyAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'privateKeyOid'
}]
}, {
// PrivateKey
name: 'PrivateKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'privateKey'
}]
};
// validator for an RSA private key
var rsaPrivateKeyValidator = {
// RSAPrivateKey
name: 'RSAPrivateKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// Version (INTEGER)
name: 'RSAPrivateKey.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyVersion'
}, {
// modulus (n)
name: 'RSAPrivateKey.modulus',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyModulus'
}, {
// publicExponent (e)
name: 'RSAPrivateKey.publicExponent',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPublicExponent'
}, {
// privateExponent (d)
name: 'RSAPrivateKey.privateExponent',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPrivateExponent'
}, {
// prime1 (p)
name: 'RSAPrivateKey.prime1',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPrime1'
}, {
// prime2 (q)
name: 'RSAPrivateKey.prime2',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPrime2'
}, {
// exponent1 (d mod (p-1))
name: 'RSAPrivateKey.exponent1',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyExponent1'
}, {
// exponent2 (d mod (q-1))
name: 'RSAPrivateKey.exponent2',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyExponent2'
}, {
// coefficient ((inverse of q) mod p)
name: 'RSAPrivateKey.coefficient',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyCoefficient'
}]
};
// validator for an RSA public key
var rsaPublicKeyValidator = {
// RSAPublicKey
name: 'RSAPublicKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// modulus (n)
name: 'RSAPublicKey.modulus',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'publicKeyModulus'
}, {
// publicExponent (e)
name: 'RSAPublicKey.exponent',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'publicKeyExponent'
}]
};
// validator for an SubjectPublicKeyInfo structure
// Note: Currently only works with an RSA public key
var publicKeyValidator = forge.pki.rsa.publicKeyValidator = {
name: 'SubjectPublicKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'subjectPublicKeyInfo',
value: [{
name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'publicKeyOid'
}]
}, {
// subjectPublicKey
name: 'SubjectPublicKeyInfo.subjectPublicKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.BITSTRING,
constructed: false,
value: [{
// RSAPublicKey
name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
optional: true,
captureAsn1: 'rsaPublicKey'
}]
}]
};
/**
* Wrap digest in DigestInfo object.
*
* This function implements EMSA-PKCS1-v1_5-ENCODE as per RFC 3447.
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier,
* digest Digest
* }
*
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
* Digest ::= OCTET STRING
*
* @param md the message digest object with the hash to sign.
*
* @return the encoded message (ready for RSA encrytion)
*/
var emsaPkcs1v15encode = function(md) {
// get the oid for the algorithm
var oid;
if(md.algorithm in pki.oids) {
oid = pki.oids[md.algorithm];
} else {
var error = new Error('Unknown message digest algorithm.');
error.algorithm = md.algorithm;
throw error;
}
var oidBytes = asn1.oidToDer(oid).getBytes();
// create the digest info
var digestInfo = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
var digestAlgorithm = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
digestAlgorithm.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OID, false, oidBytes));
digestAlgorithm.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.NULL, false, ''));
var digest = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,
false, md.digest().getBytes());
digestInfo.value.push(digestAlgorithm);
digestInfo.value.push(digest);
// encode digest info
return asn1.toDer(digestInfo).getBytes();
};
/**
* Performs x^c mod n (RSA encryption or decryption operation).
*
* @param x the number to raise and mod.
* @param key the key to use.
* @param pub true if the key is public, false if private.
*
* @return the result of x^c mod n.
*/
var _modPow = function(x, key, pub) {
if(pub) {
return x.modPow(key.e, key.n);
}
if(!key.p || !key.q) {
// allow calculation without CRT params (slow)
return x.modPow(key.d, key.n);
}
// pre-compute dP, dQ, and qInv if necessary
if(!key.dP) {
key.dP = key.d.mod(key.p.subtract(BigInteger.ONE));
}
if(!key.dQ) {
key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE));
}
if(!key.qInv) {
key.qInv = key.q.modInverse(key.p);
}
/* Chinese remainder theorem (CRT) states:
Suppose n1, n2, ..., nk are positive integers which are pairwise
coprime (n1 and n2 have no common factors other than 1). For any
integers x1, x2, ..., xk there exists an integer x solving the
system of simultaneous congruences (where ~= means modularly
congruent so a ~= b mod n means a mod n = b mod n):
x ~= x1 mod n1
x ~= x2 mod n2
...
x ~= xk mod nk
This system of congruences has a single simultaneous solution x
between 0 and n - 1. Furthermore, each xk solution and x itself
is congruent modulo the product n = n1*n2*...*nk.
So x1 mod n = x2 mod n = xk mod n = x mod n.
The single simultaneous solution x can be solved with the following
equation:
x = sum(xi*ri*si) mod n where ri = n/ni and si = ri^-1 mod ni.
Where x is less than n, xi = x mod ni.
For RSA we are only concerned with k = 2. The modulus n = pq, where
p and q are coprime. The RSA decryption algorithm is:
y = x^d mod n
Given the above:
x1 = x^d mod p
r1 = n/p = q
s1 = q^-1 mod p
x2 = x^d mod q
r2 = n/q = p
s2 = p^-1 mod q
So y = (x1r1s1 + x2r2s2) mod n
= ((x^d mod p)q(q^-1 mod p) + (x^d mod q)p(p^-1 mod q)) mod n
According to Fermat's Little Theorem, if the modulus P is prime,
for any integer A not evenly divisible by P, A^(P-1) ~= 1 mod P.
Since A is not divisible by P it follows that if:
N ~= M mod (P - 1), then A^N mod P = A^M mod P. Therefore:
A^N mod P = A^(M mod (P - 1)) mod P. (The latter takes less effort
to calculate). In order to calculate x^d mod p more quickly the
exponent d mod (p - 1) is stored in the RSA private key (the same
is done for x^d mod q). These values are referred to as dP and dQ
respectively. Therefore we now have:
y = ((x^dP mod p)q(q^-1 mod p) + (x^dQ mod q)p(p^-1 mod q)) mod n
Since we'll be reducing x^dP by modulo p (same for q) we can also
reduce x by p (and q respectively) before hand. Therefore, let
xp = ((x mod p)^dP mod p), and
xq = ((x mod q)^dQ mod q), yielding:
y = (xp*q*(q^-1 mod p) + xq*p*(p^-1 mod q)) mod n
This can be further reduced to a simple algorithm that only
requires 1 inverse (the q inverse is used) to be used and stored.
The algorithm is called Garner's algorithm. If qInv is the
inverse of q, we simply calculate:
y = (qInv*(xp - xq) mod p) * q + xq
However, there are two further complications. First, we need to
ensure that xp > xq to prevent signed BigIntegers from being used
so we add p until this is true (since we will be mod'ing with
p anyway). Then, there is a known timing attack on algorithms
using the CRT. To mitigate this risk, "cryptographic blinding"
should be used. This requires simply generating a random number r
between 0 and n-1 and its inverse and multiplying x by r^e before
calculating y and then multiplying y by r^-1 afterwards. Note that
r must be coprime with n (gcd(r, n) === 1) in order to have an
inverse.
*/
// cryptographic blinding
var r;
do {
r = new BigInteger(
forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)),
16);
} while(r.compareTo(key.n) >= 0 || !r.gcd(key.n).equals(BigInteger.ONE));
x = x.multiply(r.modPow(key.e, key.n)).mod(key.n);
// calculate xp and xq
var xp = x.mod(key.p).modPow(key.dP, key.p);
var xq = x.mod(key.q).modPow(key.dQ, key.q);
// xp must be larger than xq to avoid signed bit usage
while(xp.compareTo(xq) < 0) {
xp = xp.add(key.p);
}
// do last step
var y = xp.subtract(xq)
.multiply(key.qInv).mod(key.p)
.multiply(key.q).add(xq);
// remove effect of random for cryptographic blinding
y = y.multiply(r.modInverse(key.n)).mod(key.n);
return y;
};
/**
* NOTE: THIS METHOD IS DEPRECATED, use 'sign' on a private key object or
* 'encrypt' on a public key object instead.
*
* Performs RSA encryption.
*
* The parameter bt controls whether to put padding bytes before the
* message passed in. Set bt to either true or false to disable padding
* completely (in order to handle e.g. EMSA-PSS encoding seperately before),
* signaling whether the encryption operation is a public key operation
* (i.e. encrypting data) or not, i.e. private key operation (data signing).
*
* For PKCS#1 v1.5 padding pass in the block type to use, i.e. either 0x01
* (for signing) or 0x02 (for encryption). The key operation mode (private
* or public) is derived from this flag in that case).
*
* @param m the message to encrypt as a byte string.
* @param key the RSA key to use.
* @param bt for PKCS#1 v1.5 padding, the block type to use
* (0x01 for private key, 0x02 for public),
* to disable padding: true = public key, false = private key.
*
* @return the encrypted bytes as a string.
*/
pki.rsa.encrypt = function(m, key, bt) {
var pub = bt;
var eb;
// get the length of the modulus in bytes
var k = Math.ceil(key.n.bitLength() / 8);
if(bt !== false && bt !== true) {
// legacy, default to PKCS#1 v1.5 padding
pub = (bt === 0x02);
eb = _encodePkcs1_v1_5(m, key, bt);
} else {
eb = forge.util.createBuffer();
eb.putBytes(m);
}
// load encryption block as big integer 'x'
// FIXME: hex conversion inefficient, get BigInteger w/byte strings
var x = new BigInteger(eb.toHex(), 16);
// do RSA encryption
var y = _modPow(x, key, pub);
// convert y into the encrypted data byte string, if y is shorter in
// bytes than k, then prepend zero bytes to fill up ed
// FIXME: hex conversion inefficient, get BigInteger w/byte strings
var yhex = y.toString(16);
var ed = forge.util.createBuffer();
var zeros = k - Math.ceil(yhex.length / 2);
while(zeros > 0) {
ed.putByte(0x00);
--zeros;
}
ed.putBytes(forge.util.hexToBytes(yhex));
return ed.getBytes();
};
/**
* NOTE: THIS METHOD IS DEPRECATED, use 'decrypt' on a private key object or
* 'verify' on a public key object instead.
*
* Performs RSA decryption.
*
* The parameter ml controls whether to apply PKCS#1 v1.5 padding
* or not. Set ml = false to disable padding removal completely
* (in order to handle e.g. EMSA-PSS later on) and simply pass back
* the RSA encryption block.
*
* @param ed the encrypted data to decrypt in as a byte string.
* @param key the RSA key to use.
* @param pub true for a public key operation, false for private.
* @param ml the message length, if known, false to disable padding.
*
* @return the decrypted message as a byte string.
*/
pki.rsa.decrypt = function(ed, key, pub, ml) {
// get the length of the modulus in bytes
var k = Math.ceil(key.n.bitLength() / 8);
// error if the length of the encrypted data ED is not k
if(ed.length !== k) {
var error = new Error('Encrypted message length is invalid.');
error.length = ed.length;
error.expected = k;
throw error;
}
// convert encrypted data into a big integer
// FIXME: hex conversion inefficient, get BigInteger w/byte strings
var y = new BigInteger(forge.util.createBuffer(ed).toHex(), 16);
// y must be less than the modulus or it wasn't the result of
// a previous mod operation (encryption) using that modulus
if(y.compareTo(key.n) >= 0) {
throw new Error('Encrypted message is invalid.');
}
// do RSA decryption
var x = _modPow(y, key, pub);
// create the encryption block, if x is shorter in bytes than k, then
// prepend zero bytes to fill up eb
// FIXME: hex conversion inefficient, get BigInteger w/byte strings
var xhex = x.toString(16);
var eb = forge.util.createBuffer();
var zeros = k - Math.ceil(xhex.length / 2);
while(zeros > 0) {
eb.putByte(0x00);
--zeros;
}
eb.putBytes(forge.util.hexToBytes(xhex));
if(ml !== false) {
// legacy, default to PKCS#1 v1.5 padding
return _decodePkcs1_v1_5(eb.getBytes(), key, pub);
}
// return message
return eb.getBytes();
};
/**
* Creates an RSA key-pair generation state object. It is used to allow
* key-generation to be performed in steps. It also allows for a UI to
* display progress updates.
*
* @param bits the size for the private key in bits, defaults to 2048.
* @param e the public exponent to use, defaults to 65537 (0x10001).
* @param [options] the options to use.
* prng a custom crypto-secure pseudo-random number generator to use,
* that must define "getBytesSync".
* algorithm the algorithm to use (default: 'PRIMEINC').
*
* @return the state object to use to generate the key-pair.
*/
pki.rsa.createKeyPairGenerationState = function(bits, e, options) {
// TODO: migrate step-based prime generation code to forge.prime
// set default bits
if(typeof(bits) === 'string') {
bits = parseInt(bits, 10);
}
bits = bits || 2048;
// create prng with api that matches BigInteger secure random
options = options || {};
var prng = options.prng || forge.random;
var rng = {
// x is an array to fill with bytes
nextBytes: function(x) {
var b = prng.getBytesSync(x.length);
for(var i = 0; i < x.length; ++i) {
x[i] = b.charCodeAt(i);
}
}
};
var algorithm = options.algorithm || 'PRIMEINC';
// create PRIMEINC algorithm state
var rval;
if(algorithm === 'PRIMEINC') {
rval = {
algorithm: algorithm,
state: 0,
bits: bits,
rng: rng,
eInt: e || 65537,
e: new BigInteger(null),
p: null,
q: null,
qBits: bits >> 1,
pBits: bits - (bits >> 1),
pqState: 0,
num: null,
keys: null
};
rval.e.fromInt(rval.eInt);
} else {
throw new Error('Invalid key generation algorithm: ' + algorithm);
}
return rval;
};
/**
* Attempts to runs the key-generation algorithm for at most n seconds
* (approximately) using the given state. When key-generation has completed,
* the keys will be stored in state.keys.
*
* To use this function to update a UI while generating a key or to prevent
* causing browser lockups/warnings, set "n" to a value other than 0. A
* simple pattern for generating a key and showing a progress indicator is:
*
* var state = pki.rsa.createKeyPairGenerationState(2048);
* var step = function() {
* // step key-generation, run algorithm for 100 ms, repeat
* if(!forge.pki.rsa.stepKeyPairGenerationState(state, 100)) {
* setTimeout(step, 1);
* } else {
* // key-generation complete
* // TODO: turn off progress indicator here
* // TODO: use the generated key-pair in "state.keys"
* }
* };
* // TODO: turn on progress indicator here
* setTimeout(step, 0);
*
* @param state the state to use.
* @param n the maximum number of milliseconds to run the algorithm for, 0
* to run the algorithm to completion.
*
* @return true if the key-generation completed, false if not.
*/
pki.rsa.stepKeyPairGenerationState = function(state, n) {
// set default algorithm if not set
if(!('algorithm' in state)) {
state.algorithm = 'PRIMEINC';
}
// TODO: migrate step-based prime generation code to forge.prime
// TODO: abstract as PRIMEINC algorithm
// do key generation (based on Tom Wu's rsa.js, see jsbn.js license)
// with some minor optimizations and designed to run in steps
// local state vars
var THIRTY = new BigInteger(null);
THIRTY.fromInt(30);
var deltaIdx = 0;
var op_or = function(x,y) { return x|y; };
// keep stepping until time limit is reached or done
var t1 = +new Date();
var t2;
var total = 0;
while(state.keys === null && (n <= 0 || total < n)) {
// generate p or q
if(state.state === 0) {
/* Note: All primes are of the form:
30k+i, for i < 30 and gcd(30, i)=1, where there are 8 values for i
When we generate a random number, we always align it at 30k + 1. Each
time the number is determined not to be prime we add to get to the
next 'i', eg: if the number was at 30k + 1 we add 6. */
var bits = (state.p === null) ? state.pBits : state.qBits;
var bits1 = bits - 1;
// get a random number
if(state.pqState === 0) {
state.num = new BigInteger(bits, state.rng);
// force MSB set
if(!state.num.testBit(bits1)) {
state.num.bitwiseTo(
BigInteger.ONE.shiftLeft(bits1), op_or, state.num);
}
// align number on 30k+1 boundary
state.num.dAddOffset(31 - state.num.mod(THIRTY).byteValue(), 0);
deltaIdx = 0;
++state.pqState;
} else if(state.pqState === 1) {
// try to make the number a prime
if(state.num.bitLength() > bits) {
// overflow, try again
state.pqState = 0;
// do primality test
} else if(state.num.isProbablePrime(
_getMillerRabinTests(state.num.bitLength()))) {
++state.pqState;
} else {
// get next potential prime
state.num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);
}
} else if(state.pqState === 2) {
// ensure number is coprime with e
state.pqState =
(state.num.subtract(BigInteger.ONE).gcd(state.e)
.compareTo(BigInteger.ONE) === 0) ? 3 : 0;
} else if(state.pqState === 3) {
// store p or q
state.pqState = 0;
if(state.p === null) {
state.p = state.num;
} else {
state.q = state.num;
}
// advance state if both p and q are ready
if(state.p !== null && state.q !== null) {
++state.state;
}
state.num = null;
}
} else if(state.state === 1) {
// ensure p is larger than q (swap them if not)
if(state.p.compareTo(state.q) < 0) {
state.num = state.p;
state.p = state.q;
state.q = state.num;
}
++state.state;
} else if(state.state === 2) {
// compute phi: (p - 1)(q - 1) (Euler's totient function)
state.p1 = state.p.subtract(BigInteger.ONE);
state.q1 = state.q.subtract(BigInteger.ONE);
state.phi = state.p1.multiply(state.q1);
++state.state;
} else if(state.state === 3) {
// ensure e and phi are coprime
if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) === 0) {
// phi and e are coprime, advance
++state.state;
} else {
// phi and e aren't coprime, so generate a new p and q
state.p = null;
state.q = null;
state.state = 0;
}
} else if(state.state === 4) {
// create n, ensure n is has the right number of bits
state.n = state.p.multiply(state.q);
// ensure n is right number of bits
if(state.n.bitLength() === state.bits) {
// success, advance
++state.state;
} else {
// failed, get new q
state.q = null;
state.state = 0;
}
} else if(state.state === 5) {
// set keys
var d = state.e.modInverse(state.phi);
state.keys = {
privateKey: pki.rsa.setPrivateKey(
state.n, state.e, d, state.p, state.q,
d.mod(state.p1), d.mod(state.q1),
state.q.modInverse(state.p)),
publicKey: pki.rsa.setPublicKey(state.n, state.e)
};
}
// update timing
t2 = +new Date();
total += t2 - t1;
t1 = t2;
}
return state.keys !== null;
};
/**
* Generates an RSA public-private key pair in a single call.
*
* To generate a key-pair in steps (to allow for progress updates and to
* prevent blocking or warnings in slow browsers) then use the key-pair
* generation state functions.
*
* To generate a key-pair asynchronously (either through web-workers, if
* available, or by breaking up the work on the main thread), pass a
* callback function.
*
* @param [bits] the size for the private key in bits, defaults to 2048.
* @param [e] the public exponent to use, defaults to 65537.
* @param [options] options for key-pair generation, if given then 'bits'
* and 'e' must *not* be given:
* bits the size for the private key in bits, (default: 2048).
* e the public exponent to use, (default: 65537 (0x10001)).
* workerScript the worker script URL.
* workers the number of web workers (if supported) to use,
* (default: 2).
* workLoad the size of the work load, ie: number of possible prime
* numbers for each web worker to check per work assignment,
* (default: 100).
* e the public exponent to use, defaults to 65537.
* prng a custom crypto-secure pseudo-random number generator to use,
* that must define "getBytesSync".
* algorithm the algorithm to use (default: 'PRIMEINC').
* @param [callback(err, keypair)] called once the operation completes.
*
* @return an object with privateKey and publicKey properties.
*/
pki.rsa.generateKeyPair = function(bits, e, options, callback) {
// (bits), (options), (callback)
if(arguments.length === 1) {
if(typeof bits === 'object') {
options = bits;
bits = undefined;
} else if(typeof bits === 'function') {
callback = bits;
bits = undefined;
}
} else if(arguments.length === 2) {
// (bits, e), (bits, options), (bits, callback), (options, callback)
if(typeof bits === 'number') {
if(typeof e === 'function') {
callback = e;
e = undefined;
} else if(typeof e !== 'number') {
options = e;
e = undefined;
}
} else {
options = bits;
callback = e;
bits = undefined;
e = undefined;
}
} else if(arguments.length === 3) {
// (bits, e, options), (bits, e, callback), (bits, options, callback)
if(typeof e === 'number') {
if(typeof options === 'function') {
callback = options;
options = undefined;
}
} else {
callback = options;
options = e;
e = undefined;
}
}
options = options || {};
if(bits === undefined) {
bits = options.bits || 2048;
}
if(e === undefined) {
e = options.e || 0x10001;
}
var state = pki.rsa.createKeyPairGenerationState(bits, e, options);
if(!callback) {
pki.rsa.stepKeyPairGenerationState(state, 0);
return state.keys;
}
_generateKeyPair(state, options, callback);
};
/**
* Sets an RSA public key from BigIntegers modulus and exponent.
*
* @param n the modulus.
* @param e the exponent.
*
* @return the public key.
*/
pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
var key = {
n: n,
e: e
};
/**
* Encrypts the given data with this public key. Newer applications
* should use the 'RSA-OAEP' decryption scheme, 'RSAES-PKCS1-V1_5' is for
* legacy applications.
*
* @param data the byte string to encrypt.
* @param scheme the encryption scheme to use:
* 'RSAES-PKCS1-V1_5' (default),
* 'RSA-OAEP',
* 'RAW', 'NONE', or null to perform raw RSA encryption,
* an object with an 'encode' property set to a function
* with the signature 'function(data, key)' that returns
* a binary-encoded string representing the encoded data.
* @param schemeOptions any scheme-specific options.
*
* @return the encrypted byte string.
*/
key.encrypt = function(data, scheme, schemeOptions) {
if(typeof scheme === 'string') {
scheme = scheme.toUpperCase();
} else if(scheme === undefined) {
scheme = 'RSAES-PKCS1-V1_5';
}
if(scheme === 'RSAES-PKCS1-V1_5') {
scheme = {
encode: function(m, key, pub) {
return _encodePkcs1_v1_5(m, key, 0x02).getBytes();
}
};
} else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {
scheme = {
encode: function(m, key) {
return forge.pkcs1.encode_rsa_oaep(key, m, schemeOptions);
}
};
} else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {
scheme = { encode: function(e) { return e; } };
} else if(typeof scheme === 'string') {
throw new Error('Unsupported encryption scheme: "' + scheme + '".');
}
// do scheme-based encoding then rsa encryption
var e = scheme.encode(data, key, true);
return pki.rsa.encrypt(e, key, true);
};
/**
* Verifies the given signature against the given digest.
*
* PKCS#1 supports multiple (currently two) signature schemes:
* RSASSA-PKCS1-V1_5 and RSASSA-PSS.
*
* By default this implementation uses the "old scheme", i.e.
* RSASSA-PKCS1-V1_5, in which case once RSA-decrypted, the
* signature is an OCTET STRING that holds a DigestInfo.
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier,
* digest Digest
* }
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
* Digest ::= OCTET STRING
*
* To perform PSS signature verification, provide an instance
* of Forge PSS object as the scheme parameter.
*
* @param digest the message digest hash to compare against the signature,
* as a binary-encoded string.
* @param signature the signature to verify, as a binary-encoded string.
* @param scheme signature verification scheme to use:
* 'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,
* a Forge PSS object for RSASSA-PSS,
* 'NONE' or null for none, DigestInfo will not be expected, but
* PKCS#1 v1.5 padding will still be used.
*
* @return true if the signature was verified, false if not.
*/
key.verify = function(digest, signature, scheme) {
if(typeof scheme === 'string') {
scheme = scheme.toUpperCase();
} else if(scheme === undefined) {
scheme = 'RSASSA-PKCS1-V1_5';
}
if(scheme === 'RSASSA-PKCS1-V1_5') {
scheme = {
verify: function(digest, d) {
// remove padding
d = _decodePkcs1_v1_5(d, key, true);
// d is ASN.1 BER-encoded DigestInfo
var obj = asn1.fromDer(d);
// compare the given digest to the decrypted one
return digest === obj.value[1].value;
}
};
} else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
scheme = {
verify: function(digest, d) {
// remove padding
d = _decodePkcs1_v1_5(d, key, true);
return digest === d;
}
};
}
// do rsa decryption w/o any decoding, then verify -- which does decoding
var d = pki.rsa.decrypt(signature, key, true, false);
return scheme.verify(digest, d, key.n.bitLength());
};
return key;
};
/**
* Sets an RSA private key from BigIntegers modulus, exponent, primes,
* prime exponents, and modular multiplicative inverse.
*
* @param n the modulus.
* @param e the public exponent.
* @param d the private exponent ((inverse of e) mod n).
* @param p the first prime.
* @param q the second prime.
* @param dP exponent1 (d mod (p-1)).
* @param dQ exponent2 (d mod (q-1)).
* @param qInv ((inverse of q) mod p)
*
* @return the private key.
*/
pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(
n, e, d, p, q, dP, dQ, qInv) {
var key = {
n: n,
e: e,
d: d,
p: p,
q: q,
dP: dP,
dQ: dQ,
qInv: qInv
};
/**
* Decrypts the given data with this private key. The decryption scheme
* must match the one used to encrypt the data.
*
* @param data the byte string to decrypt.
* @param scheme the decryption scheme to use:
* 'RSAES-PKCS1-V1_5' (default),
* 'RSA-OAEP',
* 'RAW', 'NONE', or null to perform raw RSA decryption.
* @param schemeOptions any scheme-specific options.
*
* @return the decrypted byte string.
*/
key.decrypt = function(data, scheme, schemeOptions) {
if(typeof scheme === 'string') {
scheme = scheme.toUpperCase();
} else if(scheme === undefined) {
scheme = 'RSAES-PKCS1-V1_5';
}
// do rsa decryption w/o any decoding
var d = pki.rsa.decrypt(data, key, false, false);
if(scheme === 'RSAES-PKCS1-V1_5') {
scheme = { decode: _decodePkcs1_v1_5 };
} else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {
scheme = {
decode: function(d, key) {
return forge.pkcs1.decode_rsa_oaep(key, d, schemeOptions);
}
};
} else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {
scheme = { decode: function(d) { return d; } };
} else {
throw new Error('Unsupported encryption scheme: "' + scheme + '".');
}
// decode according to scheme
return scheme.decode(d, key, false);
};
/**
* Signs the given digest, producing a signature.
*
* PKCS#1 supports multiple (currently two) signature schemes:
* RSASSA-PKCS1-V1_5 and RSASSA-PSS.
*
* By default this implementation uses the "old scheme", i.e.
* RSASSA-PKCS1-V1_5. In order to generate a PSS signature, provide
* an instance of Forge PSS object as the scheme parameter.
*
* @param md the message digest object with the hash to sign.
* @param scheme the signature scheme to use:
* 'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,
* a Forge PSS object for RSASSA-PSS,
* 'NONE' or null for none, DigestInfo will not be used but
* PKCS#1 v1.5 padding will still be used.
*
* @return the signature as a byte string.
*/
key.sign = function(md, scheme) {
/* Note: The internal implementation of RSA operations is being
transitioned away from a PKCS#1 v1.5 hard-coded scheme. Some legacy
code like the use of an encoding block identifier 'bt' will eventually
be removed. */
// private key operation
var bt = false;
if(typeof scheme === 'string') {
scheme = scheme.toUpperCase();
}
if(scheme === undefined || scheme === 'RSASSA-PKCS1-V1_5') {
scheme = { encode: emsaPkcs1v15encode };
bt = 0x01;
} else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {
scheme = { encode: function() { return md; } };
bt = 0x01;
}
// encode and then encrypt
var d = scheme.encode(md, key.n.bitLength());
return pki.rsa.encrypt(d, key, bt);
};
return key;
};
/**
* Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.
*
* @param rsaKey the ASN.1 RSAPrivateKey.
*
* @return the ASN.1 PrivateKeyInfo.
*/
pki.wrapRsaPrivateKey = function(rsaKey) {
// PrivateKeyInfo
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version (0)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(0).getBytes()),
// privateKeyAlgorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// PrivateKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(rsaKey).getBytes())
]);
};
/**
* Converts a private key from an ASN.1 object.
*
* @param obj the ASN.1 representation of a PrivateKeyInfo containing an
* RSAPrivateKey or an RSAPrivateKey.
*
* @return the private key.
*/
pki.privateKeyFromAsn1 = function(obj) {
// get PrivateKeyInfo
var capture = {};
var errors = [];
if(asn1.validate(obj, privateKeyValidator, capture, errors)) {
obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey));
}
// get RSAPrivateKey
capture = {};
errors = [];
if(!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) {
var error = new Error('Cannot read private key. ' +
'ASN.1 object does not contain an RSAPrivateKey.');
error.errors = errors;
throw error;
}
// Note: Version is currently ignored.
// capture.privateKeyVersion
// FIXME: inefficient, get a BigInteger that uses byte strings
var n, e, d, p, q, dP, dQ, qInv;
n = forge.util.createBuffer(capture.privateKeyModulus).toHex();
e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex();
d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex();
p = forge.util.createBuffer(capture.privateKeyPrime1).toHex();
q = forge.util.createBuffer(capture.privateKeyPrime2).toHex();
dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex();
dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex();
qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex();
// set private key
return pki.setRsaPrivateKey(
new BigInteger(n, 16),
new BigInteger(e, 16),
new BigInteger(d, 16),
new BigInteger(p, 16),
new BigInteger(q, 16),
new BigInteger(dP, 16),
new BigInteger(dQ, 16),
new BigInteger(qInv, 16));
};
/**
* Converts a private key to an ASN.1 RSAPrivateKey.
*
* @param key the private key.
*
* @return the ASN.1 representation of an RSAPrivateKey.
*/
pki.privateKeyToAsn1 = pki.privateKeyToRSAPrivateKey = function(key) {
// RSAPrivateKey
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version (0 = only 2 primes, 1 multiple primes)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(0).getBytes()),
// modulus (n)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.n)),
// publicExponent (e)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.e)),
// privateExponent (d)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.d)),
// privateKeyPrime1 (p)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.p)),
// privateKeyPrime2 (q)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.q)),
// privateKeyExponent1 (dP)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.dP)),
// privateKeyExponent2 (dQ)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.dQ)),
// coefficient (qInv)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.qInv))
]);
};
/**
* Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey.
*
* @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey.
*
* @return the public key.
*/
pki.publicKeyFromAsn1 = function(obj) {
// get SubjectPublicKeyInfo
var capture = {};
var errors = [];
if(asn1.validate(obj, publicKeyValidator, capture, errors)) {
// get oid
var oid = asn1.derToOid(capture.publicKeyOid);
if(oid !== pki.oids.rsaEncryption) {
var error = new Error('Cannot read public key. Unknown OID.');
error.oid = oid;
throw error;
}
obj = capture.rsaPublicKey;
}
// get RSA params
errors = [];
if(!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) {
var error = new Error('Cannot read public key. ' +
'ASN.1 object does not contain an RSAPublicKey.');
error.errors = errors;
throw error;
}
// FIXME: inefficient, get a BigInteger that uses byte strings
var n = forge.util.createBuffer(capture.publicKeyModulus).toHex();
var e = forge.util.createBuffer(capture.publicKeyExponent).toHex();
// set public key
return pki.setRsaPublicKey(
new BigInteger(n, 16),
new BigInteger(e, 16));
};
/**
* Converts a public key to an ASN.1 SubjectPublicKeyInfo.
*
* @param key the public key.
*
* @return the asn1 representation of a SubjectPublicKeyInfo.
*/
pki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function(key) {
// SubjectPublicKeyInfo
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// AlgorithmIdentifier
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
// parameters (null)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// subjectPublicKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [
pki.publicKeyToRSAPublicKey(key)
])
]);
};
/**
* Converts a public key to an ASN.1 RSAPublicKey.
*
* @param key the public key.
*
* @return the asn1 representation of a RSAPublicKey.
*/
pki.publicKeyToRSAPublicKey = function(key) {
// RSAPublicKey
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// modulus (n)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.n)),
// publicExponent (e)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.e))
]);
};
/**
* Encodes a message using PKCS#1 v1.5 padding.
*
* @param m the message to encode.
* @param key the RSA key to use.
* @param bt the block type to use, i.e. either 0x01 (for signing) or 0x02
* (for encryption).
*
* @return the padded byte buffer.
*/
function _encodePkcs1_v1_5(m, key, bt) {
var eb = forge.util.createBuffer();
// get the length of the modulus in bytes
var k = Math.ceil(key.n.bitLength() / 8);
/* use PKCS#1 v1.5 padding */
if(m.length > (k - 11)) {
var error = new Error('Message is too long for PKCS#1 v1.5 padding.');
error.length = m.length;
error.max = k - 11;
throw error;
}
/* A block type BT, a padding string PS, and the data D shall be
formatted into an octet string EB, the encryption block:
EB = 00 || BT || PS || 00 || D
The block type BT shall be a single octet indicating the structure of
the encryption block. For this version of the document it shall have
value 00, 01, or 02. For a private-key operation, the block type
shall be 00 or 01. For a public-key operation, it shall be 02.
The padding string PS shall consist of k-3-||D|| octets. For block
type 00, the octets shall have value 00; for block type 01, they
shall have value FF; and for block type 02, they shall be
pseudorandomly generated and nonzero. This makes the length of the
encryption block EB equal to k. */
// build the encryption block
eb.putByte(0x00);
eb.putByte(bt);
// create the padding
var padNum = k - 3 - m.length;
var padByte;
// private key op
if(bt === 0x00 || bt === 0x01) {
padByte = (bt === 0x00) ? 0x00 : 0xFF;
for(var i = 0; i < padNum; ++i) {
eb.putByte(padByte);
}
} else {
// public key op
// pad with random non-zero values
while(padNum > 0) {
var numZeros = 0;
var padBytes = forge.random.getBytes(padNum);
for(var i = 0; i < padNum; ++i) {
padByte = padBytes.charCodeAt(i);
if(padByte === 0) {
++numZeros;
} else {
eb.putByte(padByte);
}
}
padNum = numZeros;
}
}
// zero followed by message
eb.putByte(0x00);
eb.putBytes(m);
return eb;
}
/**
* Decodes a message using PKCS#1 v1.5 padding.
*
* @param em the message to decode.
* @param key the RSA key to use.
* @param pub true if the key is a public key, false if it is private.
* @param ml the message length, if specified.
*
* @return the decoded bytes.
*/
function _decodePkcs1_v1_5(em, key, pub, ml) {
// get the length of the modulus in bytes
var k = Math.ceil(key.n.bitLength() / 8);
/* It is an error if any of the following conditions occurs:
1. The encryption block EB cannot be parsed unambiguously.
2. The padding string PS consists of fewer than eight octets
or is inconsisent with the block type BT.
3. The decryption process is a public-key operation and the block
type BT is not 00 or 01, or the decryption process is a
private-key operation and the block type is not 02.
*/
// parse the encryption block
var eb = forge.util.createBuffer(em);
var first = eb.getByte();
var bt = eb.getByte();
if(first !== 0x00 ||
(pub && bt !== 0x00 && bt !== 0x01) ||
(!pub && bt != 0x02) ||
(pub && bt === 0x00 && typeof(ml) === 'undefined')) {
throw new Error('Encryption block is invalid.');
}
var padNum = 0;
if(bt === 0x00) {
// check all padding bytes for 0x00
padNum = k - 3 - ml;
for(var i = 0; i < padNum; ++i) {
if(eb.getByte() !== 0x00) {
throw new Error('Encryption block is invalid.');
}
}
} else if(bt === 0x01) {
// find the first byte that isn't 0xFF, should be after all padding
padNum = 0;
while(eb.length() > 1) {
if(eb.getByte() !== 0xFF) {
--eb.read;
break;
}
++padNum;
}
} else if(bt === 0x02) {
// look for 0x00 byte
padNum = 0;
while(eb.length() > 1) {
if(eb.getByte() === 0x00) {
--eb.read;
break;
}
++padNum;
}
}
// zero must be 0x00 and padNum must be (k - 3 - message length)
var zero = eb.getByte();
if(zero !== 0x00 || padNum !== (k - 3 - eb.length())) {
throw new Error('Encryption block is invalid.');
}
return eb.getBytes();
}
/**
* Runs the key-generation algorithm asynchronously, either in the background
* via Web Workers, or using the main thread and setImmediate.
*
* @param state the key-pair generation state.
* @param [options] options for key-pair generation:
* workerScript the worker script URL.
* workers the number of web workers (if supported) to use,
* (default: 2, -1 to use estimated cores minus one).
* workLoad the size of the work load, ie: number of possible prime
* numbers for each web worker to check per work assignment,
* (default: 100).
* @param callback(err, keypair) called once the operation completes.
*/
function _generateKeyPair(state, options, callback) {
if(typeof options === 'function') {
callback = options;
options = {};
}
options = options || {};
var opts = {
algorithm: {
name: options.algorithm || 'PRIMEINC',
options: {
workers: options.workers || 2,
workLoad: options.workLoad || 100,
workerScript: options.workerScript
}
}
};
if('prng' in options) {
opts.prng = options.prng;
}
generate();
function generate() {
// find p and then q (done in series to simplify)
getPrime(state.pBits, function(err, num) {
if(err) {
return callback(err);
}
state.p = num;
if(state.q !== null) {
return finish(err, state.q);
}
getPrime(state.qBits, finish);
});
}
function getPrime(bits, callback) {
forge.prime.generateProbablePrime(bits, opts, callback);
}
function finish(err, num) {
if(err) {
return callback(err);
}
// set q
state.q = num;
// ensure p is larger than q (swap them if not)
if(state.p.compareTo(state.q) < 0) {
var tmp = state.p;
state.p = state.q;
state.q = tmp;
}
// ensure p is coprime with e
if(state.p.subtract(BigInteger.ONE).gcd(state.e)
.compareTo(BigInteger.ONE) !== 0) {
state.p = null;
generate();
return;
}
// ensure q is coprime with e
if(state.q.subtract(BigInteger.ONE).gcd(state.e)
.compareTo(BigInteger.ONE) !== 0) {
state.q = null;
getPrime(state.qBits, finish);
return;
}
// compute phi: (p - 1)(q - 1) (Euler's totient function)
state.p1 = state.p.subtract(BigInteger.ONE);
state.q1 = state.q.subtract(BigInteger.ONE);
state.phi = state.p1.multiply(state.q1);
// ensure e and phi are coprime
if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) !== 0) {
// phi and e aren't coprime, so generate a new p and q
state.p = state.q = null;
generate();
return;
}
// create n, ensure n is has the right number of bits
state.n = state.p.multiply(state.q);
if(state.n.bitLength() !== state.bits) {
// failed, get new q
state.q = null;
getPrime(state.qBits, finish);
return;
}
// set keys
var d = state.e.modInverse(state.phi);
state.keys = {
privateKey: pki.rsa.setPrivateKey(
state.n, state.e, d, state.p, state.q,
d.mod(state.p1), d.mod(state.q1),
state.q.modInverse(state.p)),
publicKey: pki.rsa.setPublicKey(state.n, state.e)
};
callback(null, state.keys);
}
}
/**
* Converts a positive BigInteger into 2's-complement big-endian bytes.
*
* @param b the big integer to convert.
*
* @return the bytes.
*/
function _bnToBytes(b) {
// prepend 0x00 if first byte >= 0x80
var hex = b.toString(16);
if(hex[0] >= '8') {
hex = '00' + hex;
}
return forge.util.hexToBytes(hex);
}
/**
* Returns the required number of Miller-Rabin tests to generate a
* prime with an error probability of (1/2)^80.
*
* See Handbook of Applied Cryptography Chapter 4, Table 4.4.
*
* @param bits the bit size.
*
* @return the required number of iterations.
*/
function _getMillerRabinTests(bits) {
if(bits <= 100) return 27;
if(bits <= 150) return 18;
if(bits <= 200) return 15;
if(bits <= 250) return 12;
if(bits <= 300) return 9;
if(bits <= 350) return 8;
if(bits <= 400) return 7;
if(bits <= 500) return 6;
if(bits <= 600) return 5;
if(bits <= 800) return 4;
if(bits <= 1250) return 3;
return 2;
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'rsa';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/rsa',[
'require',
'module',
'./asn1',
'./jsbn',
'./oids',
'./pkcs1',
'./prime',
'./random',
'./util'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Password-based encryption functions.
*
* @author Dave Longley
* @author Stefan Siegl <stesie@brokenpipe.de>
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
*
* An EncryptedPrivateKeyInfo:
*
* EncryptedPrivateKeyInfo ::= SEQUENCE {
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
* encryptedData EncryptedData }
*
* EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
*
* EncryptedData ::= OCTET STRING
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
if(typeof BigInteger === 'undefined') {
var BigInteger = forge.jsbn.BigInteger;
}
// shortcut for asn.1 API
var asn1 = forge.asn1;
/* Password-based encryption implementation. */
var pki = forge.pki = forge.pki || {};
pki.pbe = forge.pbe = forge.pbe || {};
var oids = pki.oids;
// validator for an EncryptedPrivateKeyInfo structure
// Note: Currently only works w/algorithm params
var encryptedPrivateKeyValidator = {
name: 'EncryptedPrivateKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'encryptionOid'
}, {
name: 'AlgorithmIdentifier.parameters',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'encryptionParams'
}]
}, {
// encryptedData
name: 'EncryptedPrivateKeyInfo.encryptedData',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'encryptedData'
}]
};
// validator for a PBES2Algorithms structure
// Note: Currently only works w/PBKDF2 + AES encryption schemes
var PBES2AlgorithmsValidator = {
name: 'PBES2Algorithms',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.keyDerivationFunc',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.keyDerivationFunc.oid',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'kdfOid'
}, {
name: 'PBES2Algorithms.params',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.params.salt',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'kdfSalt'
}, {
name: 'PBES2Algorithms.params.iterationCount',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
onstructed: true,
capture: 'kdfIterationCount'
}]
}]
}, {
name: 'PBES2Algorithms.encryptionScheme',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.encryptionScheme.oid',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'encOid'
}, {
name: 'PBES2Algorithms.encryptionScheme.iv',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'encIv'
}]
}]
};
var pkcs12PbeParamsValidator = {
name: 'pkcs-12PbeParams',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'pkcs-12PbeParams.salt',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'salt'
}, {
name: 'pkcs-12PbeParams.iterations',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'iterations'
}]
};
/**
* Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo.
*
* PBES2Algorithms ALGORITHM-IDENTIFIER ::=
* { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
*
* id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
* }
*
* PBES2-KDFs ALGORITHM-IDENTIFIER ::=
* { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
*
* PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
*
* PBKDF2-params ::= SEQUENCE {
* salt CHOICE {
* specified OCTET STRING,
* otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
* },
* iterationCount INTEGER (1..MAX),
* keyLength INTEGER (1..MAX) OPTIONAL,
* prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
* }
*
* @param obj the ASN.1 PrivateKeyInfo object.
* @param password the password to encrypt with.
* @param options:
* algorithm the encryption algorithm to use
* ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.
* count the iteration count to use.
* saltSize the salt size to use.
*
* @return the ASN.1 EncryptedPrivateKeyInfo.
*/
pki.encryptPrivateKeyInfo = function(obj, password, options) {
// set default options
options = options || {};
options.saltSize = options.saltSize || 8;
options.count = options.count || 2048;
options.algorithm = options.algorithm || 'aes128';
// generate PBE params
var salt = forge.random.getBytesSync(options.saltSize);
var count = options.count;
var countBytes = asn1.integerToDer(count);
var dkLen;
var encryptionAlgorithm;
var encryptedData;
if(options.algorithm.indexOf('aes') === 0 || options.algorithm === 'des') {
// Do PBES2
var ivLen, encOid, cipherFn;
switch(options.algorithm) {
case 'aes128':
dkLen = 16;
ivLen = 16;
encOid = oids['aes128-CBC'];
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'aes192':
dkLen = 24;
ivLen = 16;
encOid = oids['aes192-CBC'];
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'aes256':
dkLen = 32;
ivLen = 16;
encOid = oids['aes256-CBC'];
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'des':
dkLen = 8;
ivLen = 8;
encOid = oids['desCBC'];
cipherFn = forge.des.createEncryptionCipher;
break;
default:
var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');
error.algorithm = options.algorithm;
throw error;
}
// encrypt private key using pbe SHA-1 and AES/DES
var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
var iv = forge.random.getBytesSync(ivLen);
var cipher = cipherFn(dk);
cipher.start(iv);
cipher.update(asn1.toDer(obj));
cipher.finish();
encryptedData = cipher.output.getBytes();
encryptionAlgorithm = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oids['pkcs5PBES2']).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// keyDerivationFunc
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()),
// PBKDF2-params
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// salt
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
// iteration count
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
countBytes.getBytes())
])
]),
// encryptionScheme
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(encOid).getBytes()),
// iv
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv)
])
])
]);
} else if(options.algorithm === '3des') {
// Do PKCS12 PBE
dkLen = 24;
var saltBytes = new forge.util.ByteBuffer(salt);
var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen);
var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen);
var cipher = forge.des.createEncryptionCipher(dk);
cipher.start(iv);
cipher.update(asn1.toDer(obj));
cipher.finish();
encryptedData = cipher.output.getBytes();
encryptionAlgorithm = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()),
// pkcs-12PbeParams
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// salt
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
// iteration count
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
countBytes.getBytes())
])
]);
} else {
var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');
error.algorithm = options.algorithm;
throw error;
}
// EncryptedPrivateKeyInfo
var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// encryptionAlgorithm
encryptionAlgorithm,
// encryptedData
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData)
]);
return rval;
};
/**
* Decrypts a ASN.1 PrivateKeyInfo object.
*
* @param obj the ASN.1 EncryptedPrivateKeyInfo object.
* @param password the password to decrypt with.
*
* @return the ASN.1 PrivateKeyInfo on success, null on failure.
*/
pki.decryptPrivateKeyInfo = function(obj, password) {
var rval = null;
// get PBE params
var capture = {};
var errors = [];
if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) {
var error = new Error('Cannot read encrypted private key. ' +
'ASN.1 object is not a supported EncryptedPrivateKeyInfo.');
error.errors = errors;
throw error;
}
// get cipher
var oid = asn1.derToOid(capture.encryptionOid);
var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password);
// get encrypted data
var encrypted = forge.util.createBuffer(capture.encryptedData);
cipher.update(encrypted);
if(cipher.finish()) {
rval = asn1.fromDer(cipher.output);
}
return rval;
};
/**
* Converts a EncryptedPrivateKeyInfo to PEM format.
*
* @param epki the EncryptedPrivateKeyInfo.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted encrypted private key.
*/
pki.encryptedPrivateKeyToPem = function(epki, maxline) {
// convert to DER, then PEM-encode
var msg = {
type: 'ENCRYPTED PRIVATE KEY',
body: asn1.toDer(epki).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption
* is not performed.
*
* @param pem the EncryptedPrivateKeyInfo in PEM-format.
*
* @return the ASN.1 EncryptedPrivateKeyInfo.
*/
pki.encryptedPrivateKeyFromPem = function(pem) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'ENCRYPTED PRIVATE KEY') {
var error = new Error('Could not convert encrypted private key from PEM; ' +
'PEM header type is "ENCRYPTED PRIVATE KEY".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert encrypted private key from PEM; ' +
'PEM is encrypted.');
}
// convert DER to ASN.1 object
return asn1.fromDer(msg.body);
};
/**
* Encrypts an RSA private key. By default, the key will be wrapped in
* a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo.
* This is the standard, preferred way to encrypt a private key.
*
* To produce a non-standard PEM-encrypted private key that uses encapsulated
* headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL
* private key encryption), set the 'legacy' option to true. Note: Using this
* option will cause the iteration count to be forced to 1.
*
* Note: The 'des' algorithm is supported, but it is not considered to be
* secure because it only uses a single 56-bit key. If possible, it is highly
* recommended that a different algorithm be used.
*
* @param rsaKey the RSA key to encrypt.
* @param password the password to use.
* @param options:
* algorithm: the encryption algorithm to use
* ('aes128', 'aes192', 'aes256', '3des', 'des').
* count: the iteration count to use.
* saltSize: the salt size to use.
* legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated
* headers (DEK-Info) private key.
*
* @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo.
*/
pki.encryptRsaPrivateKey = function(rsaKey, password, options) {
// standard PKCS#8
options = options || {};
if(!options.legacy) {
// encrypt PrivateKeyInfo
var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey));
rval = pki.encryptPrivateKeyInfo(rval, password, options);
return pki.encryptedPrivateKeyToPem(rval);
}
// legacy non-PKCS#8
var algorithm;
var iv;
var dkLen;
var cipherFn;
switch(options.algorithm) {
case 'aes128':
algorithm = 'AES-128-CBC';
dkLen = 16;
iv = forge.random.getBytesSync(16);
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'aes192':
algorithm = 'AES-192-CBC';
dkLen = 24;
iv = forge.random.getBytesSync(16);
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'aes256':
algorithm = 'AES-256-CBC';
dkLen = 32;
iv = forge.random.getBytesSync(16);
cipherFn = forge.aes.createEncryptionCipher;
break;
case '3des':
algorithm = 'DES-EDE3-CBC';
dkLen = 24;
iv = forge.random.getBytesSync(8);
cipherFn = forge.des.createEncryptionCipher;
break;
case 'des':
algorithm = 'DES-CBC';
dkLen = 8;
iv = forge.random.getBytesSync(8);
cipherFn = forge.des.createEncryptionCipher;
break;
default:
var error = new Error('Could not encrypt RSA private key; unsupported ' +
'encryption algorithm "' + options.algorithm + '".');
error.algorithm = options.algorithm;
throw error;
}
// encrypt private key using OpenSSL legacy key derivation
var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);
var cipher = cipherFn(dk);
cipher.start(iv);
cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey)));
cipher.finish();
var msg = {
type: 'RSA PRIVATE KEY',
procType: {
version: '4',
type: 'ENCRYPTED'
},
dekInfo: {
algorithm: algorithm,
parameters: forge.util.bytesToHex(iv).toUpperCase()
},
body: cipher.output.getBytes()
};
return forge.pem.encode(msg);
};
/**
* Decrypts an RSA private key.
*
* @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt.
* @param password the password to use.
*
* @return the RSA key on success, null on failure.
*/
pki.decryptRsaPrivateKey = function(pem, password) {
var rval = null;
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'ENCRYPTED PRIVATE KEY' &&
msg.type !== 'PRIVATE KEY' &&
msg.type !== 'RSA PRIVATE KEY') {
var error = new Error('Could not convert private key from PEM; PEM header type ' +
'is not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".');
error.headerType = error;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
var dkLen;
var cipherFn;
switch(msg.dekInfo.algorithm) {
case 'DES-CBC':
dkLen = 8;
cipherFn = forge.des.createDecryptionCipher;
break;
case 'DES-EDE3-CBC':
dkLen = 24;
cipherFn = forge.des.createDecryptionCipher;
break;
case 'AES-128-CBC':
dkLen = 16;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'AES-192-CBC':
dkLen = 24;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'AES-256-CBC':
dkLen = 32;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'RC2-40-CBC':
dkLen = 5;
cipherFn = function(key) {
return forge.rc2.createDecryptionCipher(key, 40);
};
break;
case 'RC2-64-CBC':
dkLen = 8;
cipherFn = function(key) {
return forge.rc2.createDecryptionCipher(key, 64);
};
break;
case 'RC2-128-CBC':
dkLen = 16;
cipherFn = function(key) {
return forge.rc2.createDecryptionCipher(key, 128);
};
break;
default:
var error = new Error('Could not decrypt private key; unsupported ' +
'encryption algorithm "' + msg.dekInfo.algorithm + '".');
error.algorithm = msg.dekInfo.algorithm;
throw error;
}
// use OpenSSL legacy key derivation
var iv = forge.util.hexToBytes(msg.dekInfo.parameters);
var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);
var cipher = cipherFn(dk);
cipher.start(iv);
cipher.update(forge.util.createBuffer(msg.body));
if(cipher.finish()) {
rval = cipher.output.getBytes();
} else {
return rval;
}
} else {
rval = msg.body;
}
if(msg.type === 'ENCRYPTED PRIVATE KEY') {
rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password);
} else {
// decryption already performed above
rval = asn1.fromDer(rval);
}
if(rval !== null) {
rval = pki.privateKeyFromAsn1(rval);
}
return rval;
};
/**
* Derives a PKCS#12 key.
*
* @param password the password to derive the key material from, null or
* undefined for none.
* @param salt the salt, as a ByteBuffer, to use.
* @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
* @param iter the iteration count.
* @param n the number of bytes to derive from the password.
* @param md the message digest to use, defaults to SHA-1.
*
* @return a ByteBuffer with the bytes derived from the password.
*/
pki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) {
var j, l;
if(typeof md === 'undefined' || md === null) {
md = forge.md.sha1.create();
}
var u = md.digestLength;
var v = md.blockLength;
var result = new forge.util.ByteBuffer();
/* Convert password to Unicode byte buffer + trailing 0-byte. */
var passBuf = new forge.util.ByteBuffer();
if(password !== null && password !== undefined) {
for(l = 0; l < password.length; l++) {
passBuf.putInt16(password.charCodeAt(l));
}
passBuf.putInt16(0);
}
/* Length of salt and password in BYTES. */
var p = passBuf.length();
var s = salt.length();
/* 1. Construct a string, D (the "diversifier"), by concatenating
v copies of ID. */
var D = new forge.util.ByteBuffer();
D.fillWithByte(id, v);
/* 2. Concatenate copies of the salt together to create a string S of length
v * ceil(s / v) bytes (the final copy of the salt may be trunacted
to create S).
Note that if the salt is the empty string, then so is S. */
var Slen = v * Math.ceil(s / v);
var S = new forge.util.ByteBuffer();
for(l = 0; l < Slen; l ++) {
S.putByte(salt.at(l % s));
}
/* 3. Concatenate copies of the password together to create a string P of
length v * ceil(p / v) bytes (the final copy of the password may be
truncated to create P).
Note that if the password is the empty string, then so is P. */
var Plen = v * Math.ceil(p / v);
var P = new forge.util.ByteBuffer();
for(l = 0; l < Plen; l ++) {
P.putByte(passBuf.at(l % p));
}
/* 4. Set I=S||P to be the concatenation of S and P. */
var I = S;
I.putBuffer(P);
/* 5. Set c=ceil(n / u). */
var c = Math.ceil(n / u);
/* 6. For i=1, 2, ..., c, do the following: */
for(var i = 1; i <= c; i ++) {
/* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */
var buf = new forge.util.ByteBuffer();
buf.putBytes(D.bytes());
buf.putBytes(I.bytes());
for(var round = 0; round < iter; round ++) {
md.start();
md.update(buf.getBytes());
buf = md.digest();
}
/* b) Concatenate copies of Ai to create a string B of length v bytes (the
final copy of Ai may be truncated to create B). */
var B = new forge.util.ByteBuffer();
for(l = 0; l < v; l ++) {
B.putByte(buf.at(l % u));
}
/* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,
where k=ceil(s / v) + ceil(p / v), modify I by setting
Ij=(Ij+B+1) mod 2v for each j. */
var k = Math.ceil(s / v) + Math.ceil(p / v);
var Inew = new forge.util.ByteBuffer();
for(j = 0; j < k; j ++) {
var chunk = new forge.util.ByteBuffer(I.getBytes(v));
var x = 0x1ff;
for(l = B.length() - 1; l >= 0; l --) {
x = x >> 8;
x += B.at(l) + chunk.at(l);
chunk.setAt(l, x & 0xff);
}
Inew.putBuffer(chunk);
}
I = Inew;
/* Add Ai to A. */
result.putBuffer(buf);
}
result.truncate(result.length() - n);
return result;
};
/**
* Get new Forge cipher object instance.
*
* @param oid the OID (in string notation).
* @param params the ASN.1 params object.
* @param password the password to decrypt with.
*
* @return new cipher object instance.
*/
pki.pbe.getCipher = function(oid, params, password) {
switch(oid) {
case pki.oids['pkcs5PBES2']:
return pki.pbe.getCipherForPBES2(oid, params, password);
case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
return pki.pbe.getCipherForPKCS12PBE(oid, params, password);
default:
var error = new Error('Cannot read encrypted PBE data block. Unsupported OID.');
error.oid = oid;
error.supportedOids = [
'pkcs5PBES2',
'pbeWithSHAAnd3-KeyTripleDES-CBC',
'pbewithSHAAnd40BitRC2-CBC'
];
throw error;
}
};
/**
* Get new Forge cipher object instance according to PBES2 params block.
*
* The returned cipher instance is already started using the IV
* from PBES2 parameter block.
*
* @param oid the PKCS#5 PBKDF2 OID (in string notation).
* @param params the ASN.1 PBES2-params object.
* @param password the password to decrypt with.
*
* @return new cipher object instance.
*/
pki.pbe.getCipherForPBES2 = function(oid, params, password) {
// get PBE params
var capture = {};
var errors = [];
if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) {
var error = new Error('Cannot read password-based-encryption algorithm ' +
'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');
error.errors = errors;
throw error;
}
// check oids
oid = asn1.derToOid(capture.kdfOid);
if(oid !== pki.oids['pkcs5PBKDF2']) {
var error = new Error('Cannot read encrypted private key. ' +
'Unsupported key derivation function OID.');
error.oid = oid;
error.supportedOids = ['pkcs5PBKDF2'];
throw error;
}
oid = asn1.derToOid(capture.encOid);
if(oid !== pki.oids['aes128-CBC'] &&
oid !== pki.oids['aes192-CBC'] &&
oid !== pki.oids['aes256-CBC'] &&
oid !== pki.oids['des-EDE3-CBC'] &&
oid !== pki.oids['desCBC']) {
var error = new Error('Cannot read encrypted private key. ' +
'Unsupported encryption scheme OID.');
error.oid = oid;
error.supportedOids = [
'aes128-CBC', 'aes192-CBC', 'aes256-CBC', 'des-EDE3-CBC', 'desCBC'];
throw error;
}
// set PBE params
var salt = capture.kdfSalt;
var count = forge.util.createBuffer(capture.kdfIterationCount);
count = count.getInt(count.length() << 3);
var dkLen;
var cipherFn;
switch(pki.oids[oid]) {
case 'aes128-CBC':
dkLen = 16;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'aes192-CBC':
dkLen = 24;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'aes256-CBC':
dkLen = 32;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'des-EDE3-CBC':
dkLen = 24;
cipherFn = forge.des.createDecryptionCipher;
break;
case 'desCBC':
dkLen = 8;
cipherFn = forge.des.createDecryptionCipher;
break;
}
// decrypt private key using pbe SHA-1 and AES/DES
var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
var iv = capture.encIv;
var cipher = cipherFn(dk);
cipher.start(iv);
return cipher;
};
/**
* Get new Forge cipher object instance for PKCS#12 PBE.
*
* The returned cipher instance is already started using the key & IV
* derived from the provided password and PKCS#12 PBE salt.
*
* @param oid The PKCS#12 PBE OID (in string notation).
* @param params The ASN.1 PKCS#12 PBE-params object.
* @param password The password to decrypt with.
*
* @return the new cipher object instance.
*/
pki.pbe.getCipherForPKCS12PBE = function(oid, params, password) {
// get PBE params
var capture = {};
var errors = [];
if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) {
var error = new Error('Cannot read password-based-encryption algorithm ' +
'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');
error.errors = errors;
throw error;
}
var salt = forge.util.createBuffer(capture.salt);
var count = forge.util.createBuffer(capture.iterations);
count = count.getInt(count.length() << 3);
var dkLen, dIvLen, cipherFn;
switch(oid) {
case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
dkLen = 24;
dIvLen = 8;
cipherFn = forge.des.startDecrypting;
break;
case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
dkLen = 5;
dIvLen = 8;
cipherFn = function(key, iv) {
var cipher = forge.rc2.createDecryptionCipher(key, 40);
cipher.start(iv, null);
return cipher;
};
break;
default:
var error = new Error('Cannot read PKCS #12 PBE data block. Unsupported OID.');
error.oid = oid;
throw error;
}
var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen);
var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen);
return cipherFn(key, iv);
};
/**
* OpenSSL's legacy key derivation function.
*
* See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
*
* @param password the password to derive the key from.
* @param salt the salt to use, null for none.
* @param dkLen the number of bytes needed for the derived key.
* @param [options] the options to use:
* [md] an optional message digest object to use.
*/
pki.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) {
if(typeof md === 'undefined' || md === null) {
md = forge.md.md5.create();
}
if(salt === null) {
salt = '';
}
var digests = [hash(md, password + salt)];
for(var length = 16, i = 1; length < dkLen; ++i, length += 16) {
digests.push(hash(md, digests[i - 1] + password + salt));
}
return digests.join('').substr(0, dkLen);
};
function hash(md, bytes) {
return md.start().update(bytes).digest().getBytes();
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pbe';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pbe',[
'require',
'module',
'./aes',
'./asn1',
'./des',
'./md',
'./oids',
'./pem',
'./pbkdf2',
'./random',
'./rc2',
'./rsa',
'./util'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of ASN.1 validators for PKCS#7 v1.5.
*
* @author Dave Longley
* @author Stefan Siegl
*
* Copyright (c) 2012-2015 Digital Bazaar, Inc.
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
*
* The ASN.1 representation of PKCS#7 is as follows
* (see RFC #2315 for details, http://www.ietf.org/rfc/rfc2315.txt):
*
* A PKCS#7 message consists of a ContentInfo on root level, which may
* contain any number of further ContentInfo nested into it.
*
* ContentInfo ::= SEQUENCE {
* contentType ContentType,
* content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
* }
*
* ContentType ::= OBJECT IDENTIFIER
*
* EnvelopedData ::= SEQUENCE {
* version Version,
* recipientInfos RecipientInfos,
* encryptedContentInfo EncryptedContentInfo
* }
*
* EncryptedData ::= SEQUENCE {
* version Version,
* encryptedContentInfo EncryptedContentInfo
* }
*
* id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
*
* SignedData ::= SEQUENCE {
* version INTEGER,
* digestAlgorithms DigestAlgorithmIdentifiers,
* contentInfo ContentInfo,
* certificates [0] IMPLICIT Certificates OPTIONAL,
* crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
* signerInfos SignerInfos
* }
*
* SignerInfos ::= SET OF SignerInfo
*
* SignerInfo ::= SEQUENCE {
* version Version,
* issuerAndSerialNumber IssuerAndSerialNumber,
* digestAlgorithm DigestAlgorithmIdentifier,
* authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
* digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
* encryptedDigest EncryptedDigest,
* unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
* }
*
* EncryptedDigest ::= OCTET STRING
*
* Attributes ::= SET OF Attribute
*
* Attribute ::= SEQUENCE {
* attrType OBJECT IDENTIFIER,
* attrValues SET OF AttributeValue
* }
*
* AttributeValue ::= ANY
*
* Version ::= INTEGER
*
* RecipientInfos ::= SET OF RecipientInfo
*
* EncryptedContentInfo ::= SEQUENCE {
* contentType ContentType,
* contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
* encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
* }
*
* ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
*
* The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
* for the algorithm, if any. In the case of AES and DES3, there is only one,
* the IV.
*
* AlgorithmIdentifer ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* EncryptedContent ::= OCTET STRING
*
* RecipientInfo ::= SEQUENCE {
* version Version,
* issuerAndSerialNumber IssuerAndSerialNumber,
* keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
* encryptedKey EncryptedKey
* }
*
* IssuerAndSerialNumber ::= SEQUENCE {
* issuer Name,
* serialNumber CertificateSerialNumber
* }
*
* CertificateSerialNumber ::= INTEGER
*
* KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
*
* EncryptedKey ::= OCTET STRING
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for ASN.1 API
var asn1 = forge.asn1;
// shortcut for PKCS#7 API
var p7v = forge.pkcs7asn1 = forge.pkcs7asn1 || {};
forge.pkcs7 = forge.pkcs7 || {};
forge.pkcs7.asn1 = p7v;
var contentInfoValidator = {
name: 'ContentInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'ContentInfo.ContentType',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'contentType'
}, {
name: 'ContentInfo.content',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
constructed: true,
optional: true,
captureAsn1: 'content'
}]
};
p7v.contentInfoValidator = contentInfoValidator;
var encryptedContentInfoValidator = {
name: 'EncryptedContentInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'EncryptedContentInfo.contentType',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'contentType'
}, {
name: 'EncryptedContentInfo.contentEncryptionAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'EncryptedContentInfo.contentEncryptionAlgorithm.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'encAlgorithm'
}, {
name: 'EncryptedContentInfo.contentEncryptionAlgorithm.parameter',
tagClass: asn1.Class.UNIVERSAL,
captureAsn1: 'encParameter'
}]
}, {
name: 'EncryptedContentInfo.encryptedContent',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
/* The PKCS#7 structure output by OpenSSL somewhat differs from what
* other implementations do generate.
*
* OpenSSL generates a structure like this:
* SEQUENCE {
* ...
* [0]
* 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38
* C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45
* ...
* }
*
* Whereas other implementations (and this PKCS#7 module) generate:
* SEQUENCE {
* ...
* [0] {
* OCTET STRING
* 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38
* C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45
* ...
* }
* }
*
* In order to support both, we just capture the context specific
* field here. The OCTET STRING bit is removed below.
*/
capture: 'encryptedContent',
captureAsn1: 'encryptedContentAsn1'
}]
};
p7v.envelopedDataValidator = {
name: 'EnvelopedData',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'EnvelopedData.Version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'version'
}, {
name: 'EnvelopedData.RecipientInfos',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
constructed: true,
captureAsn1: 'recipientInfos'
}].concat(encryptedContentInfoValidator)
};
p7v.encryptedDataValidator = {
name: 'EncryptedData',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'EncryptedData.Version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'version'
}].concat(encryptedContentInfoValidator)
};
var signerValidator = {
name: 'SignerInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'SignerInfo.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false
}, {
name: 'SignerInfo.issuerAndSerialNumber',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'SignerInfo.issuerAndSerialNumber.issuer',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'issuer'
}, {
name: 'SignerInfo.issuerAndSerialNumber.serialNumber',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'serial'
}]
}, {
name: 'SignerInfo.digestAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'SignerInfo.digestAlgorithm.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'digestAlgorithm'
}, {
name: 'SignerInfo.digestAlgorithm.parameter',
tagClass: asn1.Class.UNIVERSAL,
constructed: false,
captureAsn1: 'digestParameter',
optional: true
}]
}, {
name: 'SignerInfo.authenticatedAttributes',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
constructed: true,
optional: true,
capture: 'authenticatedAttributes'
}, {
name: 'SignerInfo.digestEncryptionAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
capture: 'signatureAlgorithm'
}, {
name: 'SignerInfo.encryptedDigest',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'signature'
}, {
name: 'SignerInfo.unauthenticatedAttributes',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 1,
constructed: true,
optional: true,
capture: 'unauthenticatedAttributes'
}]
};
p7v.signedDataValidator = {
name: 'SignedData',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'SignedData.Version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'version'
}, {
name: 'SignedData.DigestAlgorithms',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
constructed: true,
captureAsn1: 'digestAlgorithms'
},
contentInfoValidator,
{
name: 'SignedData.Certificates',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
optional: true,
captureAsn1: 'certificates'
}, {
name: 'SignedData.CertificateRevocationLists',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 1,
optional: true,
captureAsn1: 'crls'
}, {
name: 'SignedData.SignerInfos',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
capture: 'signerInfos',
optional: true,
value: [signerValidator]
}]
};
p7v.recipientInfoValidator = {
name: 'RecipientInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'RecipientInfo.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'version'
}, {
name: 'RecipientInfo.issuerAndSerial',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'RecipientInfo.issuerAndSerial.issuer',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'issuer'
}, {
name: 'RecipientInfo.issuerAndSerial.serialNumber',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'serial'
}]
}, {
name: 'RecipientInfo.keyEncryptionAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'RecipientInfo.keyEncryptionAlgorithm.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'encAlgorithm'
}, {
name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',
tagClass: asn1.Class.UNIVERSAL,
constructed: false,
captureAsn1: 'encParameter'
}]
}, {
name: 'RecipientInfo.encryptedKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'encKey'
}]
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pkcs7asn1';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pkcs7asn1',['require', 'module', './asn1', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of mask generation function MGF1.
*
* @author Stefan Siegl
* @author Dave Longley
*
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
* Copyright (c) 2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.mgf = forge.mgf || {};
var mgf1 = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {};
/**
* Creates a MGF1 mask generation function object.
*
* @param md the message digest API to use (eg: forge.md.sha1.create()).
*
* @return a mask generation function object.
*/
mgf1.create = function(md) {
var mgf = {
/**
* Generate mask of specified length.
*
* @param {String} seed The seed for mask generation.
* @param maskLen Number of bytes to generate.
* @return {String} The generated mask.
*/
generate: function(seed, maskLen) {
/* 2. Let T be the empty octet string. */
var t = new forge.util.ByteBuffer();
/* 3. For counter from 0 to ceil(maskLen / hLen), do the following: */
var len = Math.ceil(maskLen / md.digestLength);
for(var i = 0; i < len; i++) {
/* a. Convert counter to an octet string C of length 4 octets */
var c = new forge.util.ByteBuffer();
c.putInt32(i);
/* b. Concatenate the hash of the seed mgfSeed and C to the octet
* string T: */
md.start();
md.update(seed + c.getBytes());
t.putBuffer(md.digest());
}
/* Output the leading maskLen octets of T as the octet string mask. */
t.truncate(t.length() - maskLen);
return t.getBytes();
}
};
return mgf;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'mgf1';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/mgf1',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Node.js module for Forge mask generation functions.
*
* @author Stefan Siegl
*
* Copyright 2012 Stefan Siegl <stesie@brokenpipe.de>
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.mgf = forge.mgf || {};
forge.mgf.mgf1 = forge.mgf1;
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'mgf';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/mgf',['require', 'module', './mgf1'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of PKCS#1 PSS signature padding.
*
* @author Stefan Siegl
*
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for PSS API
var pss = forge.pss = forge.pss || {};
/**
* Creates a PSS signature scheme object.
*
* There are several ways to provide a salt for encoding:
*
* 1. Specify the saltLength only and the built-in PRNG will generate it.
* 2. Specify the saltLength and a custom PRNG with 'getBytesSync' defined that
* will be used.
* 3. Specify the salt itself as a forge.util.ByteBuffer.
*
* @param options the options to use:
* md the message digest object to use, a forge md instance.
* mgf the mask generation function to use, a forge mgf instance.
* [saltLength] the length of the salt in octets.
* [prng] the pseudo-random number generator to use to produce a salt.
* [salt] the salt to use when encoding.
*
* @return a signature scheme object.
*/
pss.create = function(options) {
// backwards compatibility w/legacy args: hash, mgf, sLen
if(arguments.length === 3) {
options = {
md: arguments[0],
mgf: arguments[1],
saltLength: arguments[2]
};
}
var hash = options.md;
var mgf = options.mgf;
var hLen = hash.digestLength;
var salt_ = options.salt || null;
if(typeof salt_ === 'string') {
// assume binary-encoded string
salt_ = forge.util.createBuffer(salt_);
}
var sLen;
if('saltLength' in options) {
sLen = options.saltLength;
} else if(salt_ !== null) {
sLen = salt_.length();
} else {
throw new Error('Salt length not specified or specific salt not given.');
}
if(salt_ !== null && salt_.length() !== sLen) {
throw new Error('Given salt length does not match length of given salt.');
}
var prng = options.prng || forge.random;
var pssobj = {};
/**
* Encodes a PSS signature.
*
* This function implements EMSA-PSS-ENCODE as per RFC 3447, section 9.1.1.
*
* @param md the message digest object with the hash to sign.
* @param modsBits the length of the RSA modulus in bits.
*
* @return the encoded message as a binary-encoded string of length
* ceil((modBits - 1) / 8).
*/
pssobj.encode = function(md, modBits) {
var i;
var emBits = modBits - 1;
var emLen = Math.ceil(emBits / 8);
/* 2. Let mHash = Hash(M), an octet string of length hLen. */
var mHash = md.digest().getBytes();
/* 3. If emLen < hLen + sLen + 2, output "encoding error" and stop. */
if(emLen < hLen + sLen + 2) {
throw new Error('Message is too long to encrypt.');
}
/* 4. Generate a random octet string salt of length sLen; if sLen = 0,
* then salt is the empty string. */
var salt;
if(salt_ === null) {
salt = prng.getBytesSync(sLen);
} else {
salt = salt_.bytes();
}
/* 5. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt; */
var m_ = new forge.util.ByteBuffer();
m_.fillWithByte(0, 8);
m_.putBytes(mHash);
m_.putBytes(salt);
/* 6. Let H = Hash(M'), an octet string of length hLen. */
hash.start();
hash.update(m_.getBytes());
var h = hash.digest().getBytes();
/* 7. Generate an octet string PS consisting of emLen - sLen - hLen - 2
* zero octets. The length of PS may be 0. */
var ps = new forge.util.ByteBuffer();
ps.fillWithByte(0, emLen - sLen - hLen - 2);
/* 8. Let DB = PS || 0x01 || salt; DB is an octet string of length
* emLen - hLen - 1. */
ps.putByte(0x01);
ps.putBytes(salt);
var db = ps.getBytes();
/* 9. Let dbMask = MGF(H, emLen - hLen - 1). */
var maskLen = emLen - hLen - 1;
var dbMask = mgf.generate(h, maskLen);
/* 10. Let maskedDB = DB \xor dbMask. */
var maskedDB = '';
for(i = 0; i < maskLen; i ++) {
maskedDB += String.fromCharCode(db.charCodeAt(i) ^ dbMask.charCodeAt(i));
}
/* 11. Set the leftmost 8emLen - emBits bits of the leftmost octet in
* maskedDB to zero. */
var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF;
maskedDB = String.fromCharCode(maskedDB.charCodeAt(0) & ~mask) +
maskedDB.substr(1);
/* 12. Let EM = maskedDB || H || 0xbc.
* 13. Output EM. */
return maskedDB + h + String.fromCharCode(0xbc);
};
/**
* Verifies a PSS signature.
*
* This function implements EMSA-PSS-VERIFY as per RFC 3447, section 9.1.2.
*
* @param mHash the message digest hash, as a binary-encoded string, to
* compare against the signature.
* @param em the encoded message, as a binary-encoded string
* (RSA decryption result).
* @param modsBits the length of the RSA modulus in bits.
*
* @return true if the signature was verified, false if not.
*/
pssobj.verify = function(mHash, em, modBits) {
var i;
var emBits = modBits - 1;
var emLen = Math.ceil(emBits / 8);
/* c. Convert the message representative m to an encoded message EM
* of length emLen = ceil((modBits - 1) / 8) octets, where modBits
* is the length in bits of the RSA modulus n */
em = em.substr(-emLen);
/* 3. If emLen < hLen + sLen + 2, output "inconsistent" and stop. */
if(emLen < hLen + sLen + 2) {
throw new Error('Inconsistent parameters to PSS signature verification.');
}
/* 4. If the rightmost octet of EM does not have hexadecimal value
* 0xbc, output "inconsistent" and stop. */
if(em.charCodeAt(emLen - 1) !== 0xbc) {
throw new Error('Encoded message does not end in 0xBC.');
}
/* 5. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and
* let H be the next hLen octets. */
var maskLen = emLen - hLen - 1;
var maskedDB = em.substr(0, maskLen);
var h = em.substr(maskLen, hLen);
/* 6. If the leftmost 8emLen - emBits bits of the leftmost octet in
* maskedDB are not all equal to zero, output "inconsistent" and stop. */
var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF;
if((maskedDB.charCodeAt(0) & mask) !== 0) {
throw new Error('Bits beyond keysize not zero as expected.');
}
/* 7. Let dbMask = MGF(H, emLen - hLen - 1). */
var dbMask = mgf.generate(h, maskLen);
/* 8. Let DB = maskedDB \xor dbMask. */
var db = '';
for(i = 0; i < maskLen; i ++) {
db += String.fromCharCode(maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i));
}
/* 9. Set the leftmost 8emLen - emBits bits of the leftmost octet
* in DB to zero. */
db = String.fromCharCode(db.charCodeAt(0) & ~mask) + db.substr(1);
/* 10. If the emLen - hLen - sLen - 2 leftmost octets of DB are not zero
* or if the octet at position emLen - hLen - sLen - 1 (the leftmost
* position is "position 1") does not have hexadecimal value 0x01,
* output "inconsistent" and stop. */
var checkLen = emLen - hLen - sLen - 2;
for(i = 0; i < checkLen; i ++) {
if(db.charCodeAt(i) !== 0x00) {
throw new Error('Leftmost octets not zero as expected');
}
}
if(db.charCodeAt(checkLen) !== 0x01) {
throw new Error('Inconsistent PSS signature, 0x01 marker not found');
}
/* 11. Let salt be the last sLen octets of DB. */
var salt = db.substr(-sLen);
/* 12. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt */
var m_ = new forge.util.ByteBuffer();
m_.fillWithByte(0, 8);
m_.putBytes(mHash);
m_.putBytes(salt);
/* 13. Let H' = Hash(M'), an octet string of length hLen. */
hash.start();
hash.update(m_.getBytes());
var h_ = hash.digest().getBytes();
/* 14. If H = H', output "consistent." Otherwise, output "inconsistent." */
return h === h_;
};
return pssobj;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pss';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pss',['require', 'module', './random', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of X.509 and related components (such as
* Certification Signing Requests) of a Public Key Infrastructure.
*
* @author Dave Longley
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
*
* The ASN.1 representation of an X.509v3 certificate is as follows
* (see RFC 2459):
*
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
* }
*
* TBSCertificate ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* serialNumber CertificateSerialNumber,
* signature AlgorithmIdentifier,
* issuer Name,
* validity Validity,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* extensions [3] EXPLICIT Extensions OPTIONAL
* -- If present, version shall be v3
* }
*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*
* CertificateSerialNumber ::= INTEGER
*
* Name ::= CHOICE {
* // only one possible choice for now
* RDNSequence
* }
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue
* }
* AttributeType ::= OBJECT IDENTIFIER
* AttributeValue ::= ANY DEFINED BY AttributeType
*
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time
* }
*
* Time ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime
* }
*
* UniqueIdentifier ::= BIT STRING
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*
* Extension ::= SEQUENCE {
* extnID OBJECT IDENTIFIER,
* critical BOOLEAN DEFAULT FALSE,
* extnValue OCTET STRING
* }
*
* The only key algorithm currently supported for PKI is RSA.
*
* RSASSA-PSS signatures are described in RFC 3447 and RFC 4055.
*
* PKCS#10 v1.7 describes certificate signing requests:
*
* CertificationRequestInfo:
*
* CertificationRequestInfo ::= SEQUENCE {
* version INTEGER { v1(0) } (v1,...),
* subject Name,
* subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
* attributes [0] Attributes{{ CRIAttributes }}
* }
*
* Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
*
* CRIAttributes ATTRIBUTE ::= {
* ... -- add any locally defined attributes here -- }
*
* Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
* type ATTRIBUTE.&id({IOSet}),
* values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
* }
*
* CertificationRequest ::= SEQUENCE {
* certificationRequestInfo CertificationRequestInfo,
* signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
* signature BIT STRING
* }
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for asn.1 API
var asn1 = forge.asn1;
/* Public Key Infrastructure (PKI) implementation. */
var pki = forge.pki = forge.pki || {};
var oids = pki.oids;
// short name OID mappings
var _shortNames = {};
_shortNames['CN'] = oids['commonName'];
_shortNames['commonName'] = 'CN';
_shortNames['C'] = oids['countryName'];
_shortNames['countryName'] = 'C';
_shortNames['L'] = oids['localityName'];
_shortNames['localityName'] = 'L';
_shortNames['ST'] = oids['stateOrProvinceName'];
_shortNames['stateOrProvinceName'] = 'ST';
_shortNames['O'] = oids['organizationName'];
_shortNames['organizationName'] = 'O';
_shortNames['OU'] = oids['organizationalUnitName'];
_shortNames['organizationalUnitName'] = 'OU';
_shortNames['E'] = oids['emailAddress'];
_shortNames['emailAddress'] = 'E';
// validator for an SubjectPublicKeyInfo structure
// Note: Currently only works with an RSA public key
var publicKeyValidator = forge.pki.rsa.publicKeyValidator;
// validator for an X.509v3 certificate
var x509CertificateValidator = {
name: 'Certificate',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'Certificate.TBSCertificate',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'tbsCertificate',
value: [{
name: 'Certificate.TBSCertificate.version',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
constructed: true,
optional: true,
value: [{
name: 'Certificate.TBSCertificate.version.integer',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'certVersion'
}]
}, {
name: 'Certificate.TBSCertificate.serialNumber',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'certSerialNumber'
}, {
name: 'Certificate.TBSCertificate.signature',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'Certificate.TBSCertificate.signature.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'certinfoSignatureOid'
}, {
name: 'Certificate.TBSCertificate.signature.parameters',
tagClass: asn1.Class.UNIVERSAL,
optional: true,
captureAsn1: 'certinfoSignatureParams'
}]
}, {
name: 'Certificate.TBSCertificate.issuer',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'certIssuer'
}, {
name: 'Certificate.TBSCertificate.validity',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
// Note: UTC and generalized times may both appear so the capture
// names are based on their detected order, the names used below
// are only for the common case, which validity time really means
// "notBefore" and which means "notAfter" will be determined by order
value: [{
// notBefore (Time) (UTC time case)
name: 'Certificate.TBSCertificate.validity.notBefore (utc)',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.UTCTIME,
constructed: false,
optional: true,
capture: 'certValidity1UTCTime'
}, {
// notBefore (Time) (generalized time case)
name: 'Certificate.TBSCertificate.validity.notBefore (generalized)',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.GENERALIZEDTIME,
constructed: false,
optional: true,
capture: 'certValidity2GeneralizedTime'
}, {
// notAfter (Time) (only UTC time is supported)
name: 'Certificate.TBSCertificate.validity.notAfter (utc)',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.UTCTIME,
constructed: false,
optional: true,
capture: 'certValidity3UTCTime'
}, {
// notAfter (Time) (only UTC time is supported)
name: 'Certificate.TBSCertificate.validity.notAfter (generalized)',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.GENERALIZEDTIME,
constructed: false,
optional: true,
capture: 'certValidity4GeneralizedTime'
}]
}, {
// Name (subject) (RDNSequence)
name: 'Certificate.TBSCertificate.subject',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'certSubject'
},
// SubjectPublicKeyInfo
publicKeyValidator,
{
// issuerUniqueID (optional)
name: 'Certificate.TBSCertificate.issuerUniqueID',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 1,
constructed: true,
optional: true,
value: [{
name: 'Certificate.TBSCertificate.issuerUniqueID.id',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.BITSTRING,
constructed: false,
capture: 'certIssuerUniqueId'
}]
}, {
// subjectUniqueID (optional)
name: 'Certificate.TBSCertificate.subjectUniqueID',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 2,
constructed: true,
optional: true,
value: [{
name: 'Certificate.TBSCertificate.subjectUniqueID.id',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.BITSTRING,
constructed: false,
capture: 'certSubjectUniqueId'
}]
}, {
// Extensions (optional)
name: 'Certificate.TBSCertificate.extensions',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 3,
constructed: true,
captureAsn1: 'certExtensions',
optional: true
}]
}, {
// AlgorithmIdentifier (signature algorithm)
name: 'Certificate.signatureAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// algorithm
name: 'Certificate.signatureAlgorithm.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'certSignatureOid'
}, {
name: 'Certificate.TBSCertificate.signature.parameters',
tagClass: asn1.Class.UNIVERSAL,
optional: true,
captureAsn1: 'certSignatureParams'
}]
}, {
// SignatureValue
name: 'Certificate.signatureValue',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.BITSTRING,
constructed: false,
capture: 'certSignature'
}]
};
var rsassaPssParameterValidator = {
name: 'rsapss',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'rsapss.hashAlgorithm',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
constructed: true,
value: [{
name: 'rsapss.hashAlgorithm.AlgorithmIdentifier',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Class.SEQUENCE,
constructed: true,
optional: true,
value: [{
name: 'rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'hashOid'
/* parameter block omitted, for SHA1 NULL anyhow. */
}]
}]
}, {
name: 'rsapss.maskGenAlgorithm',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 1,
constructed: true,
value: [{
name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Class.SEQUENCE,
constructed: true,
optional: true,
value: [{
name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'maskGenOid'
}, {
name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'maskGenHashOid'
/* parameter block omitted, for SHA1 NULL anyhow. */
}]
}]
}]
}, {
name: 'rsapss.saltLength',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 2,
optional: true,
value: [{
name: 'rsapss.saltLength.saltLength',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Class.INTEGER,
constructed: false,
capture: 'saltLength'
}]
}, {
name: 'rsapss.trailerField',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 3,
optional: true,
value: [{
name: 'rsapss.trailer.trailer',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Class.INTEGER,
constructed: false,
capture: 'trailer'
}]
}]
};
// validator for a CertificationRequestInfo structure
var certificationRequestInfoValidator = {
name: 'CertificationRequestInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'certificationRequestInfo',
value: [{
name: 'CertificationRequestInfo.integer',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'certificationRequestInfoVersion'
}, {
// Name (subject) (RDNSequence)
name: 'CertificationRequestInfo.subject',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'certificationRequestInfoSubject'
},
// SubjectPublicKeyInfo
publicKeyValidator,
{
name: 'CertificationRequestInfo.attributes',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
type: 0,
constructed: true,
optional: true,
capture: 'certificationRequestInfoAttributes',
value: [{
name: 'CertificationRequestInfo.attributes',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'CertificationRequestInfo.attributes.type',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false
}, {
name: 'CertificationRequestInfo.attributes.value',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
constructed: true
}]
}]
}]
};
// validator for a CertificationRequest structure
var certificationRequestValidator = {
name: 'CertificationRequest',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'csr',
value: [
certificationRequestInfoValidator, {
// AlgorithmIdentifier (signature algorithm)
name: 'CertificationRequest.signatureAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// algorithm
name: 'CertificationRequest.signatureAlgorithm.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'csrSignatureOid'
}, {
name: 'CertificationRequest.signatureAlgorithm.parameters',
tagClass: asn1.Class.UNIVERSAL,
optional: true,
captureAsn1: 'csrSignatureParams'
}]
}, {
// signature
name: 'CertificationRequest.signature',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.BITSTRING,
constructed: false,
capture: 'csrSignature'
}]
};
/**
* Converts an RDNSequence of ASN.1 DER-encoded RelativeDistinguishedName
* sets into an array with objects that have type and value properties.
*
* @param rdn the RDNSequence to convert.
* @param md a message digest to append type and value to if provided.
*/
pki.RDNAttributesAsArray = function(rdn, md) {
var rval = [];
// each value in 'rdn' in is a SET of RelativeDistinguishedName
var set, attr, obj;
for(var si = 0; si < rdn.value.length; ++si) {
// get the RelativeDistinguishedName set
set = rdn.value[si];
// each value in the SET is an AttributeTypeAndValue sequence
// containing first a type (an OID) and second a value (defined by
// the OID)
for(var i = 0; i < set.value.length; ++i) {
obj = {};
attr = set.value[i];
obj.type = asn1.derToOid(attr.value[0].value);
obj.value = attr.value[1].value;
obj.valueTagClass = attr.value[1].type;
// if the OID is known, get its name and short name
if(obj.type in oids) {
obj.name = oids[obj.type];
if(obj.name in _shortNames) {
obj.shortName = _shortNames[obj.name];
}
}
if(md) {
md.update(obj.type);
md.update(obj.value);
}
rval.push(obj);
}
}
return rval;
};
/**
* Converts ASN.1 CRIAttributes into an array with objects that have type and
* value properties.
*
* @param attributes the CRIAttributes to convert.
*/
pki.CRIAttributesAsArray = function(attributes) {
var rval = [];
// each value in 'attributes' in is a SEQUENCE with an OID and a SET
for(var si = 0; si < attributes.length; ++si) {
// get the attribute sequence
var seq = attributes[si];
// each value in the SEQUENCE containing first a type (an OID) and
// second a set of values (defined by the OID)
var type = asn1.derToOid(seq.value[0].value);
var values = seq.value[1].value;
for(var vi = 0; vi < values.length; ++vi) {
var obj = {};
obj.type = type;
obj.value = values[vi].value;
obj.valueTagClass = values[vi].type;
// if the OID is known, get its name and short name
if(obj.type in oids) {
obj.name = oids[obj.type];
if(obj.name in _shortNames) {
obj.shortName = _shortNames[obj.name];
}
}
// parse extensions
if(obj.type === oids.extensionRequest) {
obj.extensions = [];
for(var ei = 0; ei < obj.value.length; ++ei) {
obj.extensions.push(pki.certificateExtensionFromAsn1(obj.value[ei]));
}
}
rval.push(obj);
}
}
return rval;
};
/**
* Gets an issuer or subject attribute from its name, type, or short name.
*
* @param obj the issuer or subject object.
* @param options a short name string or an object with:
* shortName the short name for the attribute.
* name the name for the attribute.
* type the type for the attribute.
*
* @return the attribute.
*/
function _getAttribute(obj, options) {
if(typeof options === 'string') {
options = {shortName: options};
}
var rval = null;
var attr;
for(var i = 0; rval === null && i < obj.attributes.length; ++i) {
attr = obj.attributes[i];
if(options.type && options.type === attr.type) {
rval = attr;
} else if(options.name && options.name === attr.name) {
rval = attr;
} else if(options.shortName && options.shortName === attr.shortName) {
rval = attr;
}
}
return rval;
}
/**
* Converts signature parameters from ASN.1 structure.
*
* Currently only RSASSA-PSS supported. The PKCS#1 v1.5 signature scheme had
* no parameters.
*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm DEFAULT
* sha1Identifier,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT
* mgf1SHA1Identifier,
* saltLength [2] INTEGER DEFAULT 20,
* trailerField [3] INTEGER DEFAULT 1
* }
*
* HashAlgorithm ::= AlgorithmIdentifier
*
* MaskGenAlgorithm ::= AlgorithmIdentifier
*
* AlgorithmIdentifer ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* @param oid The OID specifying the signature algorithm
* @param obj The ASN.1 structure holding the parameters
* @param fillDefaults Whether to use return default values where omitted
* @return signature parameter object
*/
var _readSignatureParameters = function(oid, obj, fillDefaults) {
var params = {};
if(oid !== oids['RSASSA-PSS']) {
return params;
}
if(fillDefaults) {
params = {
hash: {
algorithmOid: oids['sha1']
},
mgf: {
algorithmOid: oids['mgf1'],
hash: {
algorithmOid: oids['sha1']
}
},
saltLength: 20
};
}
var capture = {};
var errors = [];
if(!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) {
var error = new Error('Cannot read RSASSA-PSS parameter block.');
error.errors = errors;
throw error;
}
if(capture.hashOid !== undefined) {
params.hash = params.hash || {};
params.hash.algorithmOid = asn1.derToOid(capture.hashOid);
}
if(capture.maskGenOid !== undefined) {
params.mgf = params.mgf || {};
params.mgf.algorithmOid = asn1.derToOid(capture.maskGenOid);
params.mgf.hash = params.mgf.hash || {};
params.mgf.hash.algorithmOid = asn1.derToOid(capture.maskGenHashOid);
}
if(capture.saltLength !== undefined) {
params.saltLength = capture.saltLength.charCodeAt(0);
}
return params;
};
/**
* Converts an X.509 certificate from PEM format.
*
* Note: If the certificate is to be verified then compute hash should
* be set to true. This will scan the TBSCertificate part of the ASN.1
* object while it is converted so it doesn't need to be converted back
* to ASN.1-DER-encoding later.
*
* @param pem the PEM-formatted certificate.
* @param computeHash true to compute the hash for verification.
* @param strict true to be strict when checking ASN.1 value lengths, false to
* allow truncated values (default: true).
*
* @return the certificate.
*/
pki.certificateFromPem = function(pem, computeHash, strict) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'CERTIFICATE' &&
msg.type !== 'X509 CERTIFICATE' &&
msg.type !== 'TRUSTED CERTIFICATE') {
var error = new Error('Could not convert certificate from PEM; PEM header type ' +
'is not "CERTIFICATE", "X509 CERTIFICATE", or "TRUSTED CERTIFICATE".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert certificate from PEM; PEM is encrypted.');
}
// convert DER to ASN.1 object
var obj = asn1.fromDer(msg.body, strict);
return pki.certificateFromAsn1(obj, computeHash);
};
/**
* Converts an X.509 certificate to PEM format.
*
* @param cert the certificate.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted certificate.
*/
pki.certificateToPem = function(cert, maxline) {
// convert to ASN.1, then DER, then PEM-encode
var msg = {
type: 'CERTIFICATE',
body: asn1.toDer(pki.certificateToAsn1(cert)).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Converts an RSA public key from PEM format.
*
* @param pem the PEM-formatted public key.
*
* @return the public key.
*/
pki.publicKeyFromPem = function(pem) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'PUBLIC KEY' && msg.type !== 'RSA PUBLIC KEY') {
var error = new Error('Could not convert public key from PEM; PEM header ' +
'type is not "PUBLIC KEY" or "RSA PUBLIC KEY".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert public key from PEM; PEM is encrypted.');
}
// convert DER to ASN.1 object
var obj = asn1.fromDer(msg.body);
return pki.publicKeyFromAsn1(obj);
};
/**
* Converts an RSA public key to PEM format (using a SubjectPublicKeyInfo).
*
* @param key the public key.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted public key.
*/
pki.publicKeyToPem = function(key, maxline) {
// convert to ASN.1, then DER, then PEM-encode
var msg = {
type: 'PUBLIC KEY',
body: asn1.toDer(pki.publicKeyToAsn1(key)).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Converts an RSA public key to PEM format (using an RSAPublicKey).
*
* @param key the public key.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted public key.
*/
pki.publicKeyToRSAPublicKeyPem = function(key, maxline) {
// convert to ASN.1, then DER, then PEM-encode
var msg = {
type: 'RSA PUBLIC KEY',
body: asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Gets a fingerprint for the given public key.
*
* @param options the options to use.
* [md] the message digest object to use (defaults to forge.md.sha1).
* [type] the type of fingerprint, such as 'RSAPublicKey',
* 'SubjectPublicKeyInfo' (defaults to 'RSAPublicKey').
* [encoding] an alternative output encoding, such as 'hex'
* (defaults to none, outputs a byte buffer).
* [delimiter] the delimiter to use between bytes for 'hex' encoded
* output, eg: ':' (defaults to none).
*
* @return the fingerprint as a byte buffer or other encoding based on options.
*/
pki.getPublicKeyFingerprint = function(key, options) {
options = options || {};
var md = options.md || forge.md.sha1.create();
var type = options.type || 'RSAPublicKey';
var bytes;
switch(type) {
case 'RSAPublicKey':
bytes = asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes();
break;
case 'SubjectPublicKeyInfo':
bytes = asn1.toDer(pki.publicKeyToAsn1(key)).getBytes();
break;
default:
throw new Error('Unknown fingerprint type "' + options.type + '".');
}
// hash public key bytes
md.start();
md.update(bytes);
var digest = md.digest();
if(options.encoding === 'hex') {
var hex = digest.toHex();
if(options.delimiter) {
return hex.match(/.{2}/g).join(options.delimiter);
}
return hex;
} else if(options.encoding === 'binary') {
return digest.getBytes();
} else if(options.encoding) {
throw new Error('Unknown encoding "' + options.encoding + '".');
}
return digest;
};
/**
* Converts a PKCS#10 certification request (CSR) from PEM format.
*
* Note: If the certification request is to be verified then compute hash
* should be set to true. This will scan the CertificationRequestInfo part of
* the ASN.1 object while it is converted so it doesn't need to be converted
* back to ASN.1-DER-encoding later.
*
* @param pem the PEM-formatted certificate.
* @param computeHash true to compute the hash for verification.
* @param strict true to be strict when checking ASN.1 value lengths, false to
* allow truncated values (default: true).
*
* @return the certification request (CSR).
*/
pki.certificationRequestFromPem = function(pem, computeHash, strict) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'CERTIFICATE REQUEST') {
var error = new Error('Could not convert certification request from PEM; ' +
'PEM header type is not "CERTIFICATE REQUEST".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert certification request from PEM; ' +
'PEM is encrypted.');
}
// convert DER to ASN.1 object
var obj = asn1.fromDer(msg.body, strict);
return pki.certificationRequestFromAsn1(obj, computeHash);
};
/**
* Converts a PKCS#10 certification request (CSR) to PEM format.
*
* @param csr the certification request.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted certification request.
*/
pki.certificationRequestToPem = function(csr, maxline) {
// convert to ASN.1, then DER, then PEM-encode
var msg = {
type: 'CERTIFICATE REQUEST',
body: asn1.toDer(pki.certificationRequestToAsn1(csr)).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Creates an empty X.509v3 RSA certificate.
*
* @return the certificate.
*/
pki.createCertificate = function() {
var cert = {};
cert.version = 0x02;
cert.serialNumber = '00';
cert.signatureOid = null;
cert.signature = null;
cert.siginfo = {};
cert.siginfo.algorithmOid = null;
cert.validity = {};
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.issuer = {};
cert.issuer.getField = function(sn) {
return _getAttribute(cert.issuer, sn);
};
cert.issuer.addField = function(attr) {
_fillMissingFields([attr]);
cert.issuer.attributes.push(attr);
};
cert.issuer.attributes = [];
cert.issuer.hash = null;
cert.subject = {};
cert.subject.getField = function(sn) {
return _getAttribute(cert.subject, sn);
};
cert.subject.addField = function(attr) {
_fillMissingFields([attr]);
cert.subject.attributes.push(attr);
};
cert.subject.attributes = [];
cert.subject.hash = null;
cert.extensions = [];
cert.publicKey = null;
cert.md = null;
/**
* Sets the subject of this certificate.
*
* @param attrs the array of subject attributes to use.
* @param uniqueId an optional a unique ID to use.
*/
cert.setSubject = function(attrs, uniqueId) {
// set new attributes, clear hash
_fillMissingFields(attrs);
cert.subject.attributes = attrs;
delete cert.subject.uniqueId;
if(uniqueId) {
cert.subject.uniqueId = uniqueId;
}
cert.subject.hash = null;
};
/**
* Sets the issuer of this certificate.
*
* @param attrs the array of issuer attributes to use.
* @param uniqueId an optional a unique ID to use.
*/
cert.setIssuer = function(attrs, uniqueId) {
// set new attributes, clear hash
_fillMissingFields(attrs);
cert.issuer.attributes = attrs;
delete cert.issuer.uniqueId;
if(uniqueId) {
cert.issuer.uniqueId = uniqueId;
}
cert.issuer.hash = null;
};
/**
* Sets the extensions of this certificate.
*
* @param exts the array of extensions to use.
*/
cert.setExtensions = function(exts) {
for(var i = 0; i < exts.length; ++i) {
_fillMissingExtensionFields(exts[i], {cert: cert});
}
// set new extensions
cert.extensions = exts;
};
/**
* Gets an extension by its name or id.
*
* @param options the name to use or an object with:
* name the name to use.
* id the id to use.
*
* @return the extension or null if not found.
*/
cert.getExtension = function(options) {
if(typeof options === 'string') {
options = {name: options};
}
var rval = null;
var ext;
for(var i = 0; rval === null && i < cert.extensions.length; ++i) {
ext = cert.extensions[i];
if(options.id && ext.id === options.id) {
rval = ext;
} else if(options.name && ext.name === options.name) {
rval = ext;
}
}
return rval;
};
/**
* Signs this certificate using the given private key.
*
* @param key the private key to sign with.
* @param md the message digest object to use (defaults to forge.md.sha1).
*/
cert.sign = function(key, md) {
// TODO: get signature OID from private key
cert.md = md || forge.md.sha1.create();
var algorithmOid = oids[cert.md.algorithm + 'WithRSAEncryption'];
if(!algorithmOid) {
var error = new Error('Could not compute certificate digest. ' +
'Unknown message digest algorithm OID.');
error.algorithm = cert.md.algorithm;
throw error;
}
cert.signatureOid = cert.siginfo.algorithmOid = algorithmOid;
// get TBSCertificate, convert to DER
cert.tbsCertificate = pki.getTBSCertificate(cert);
var bytes = asn1.toDer(cert.tbsCertificate);
// digest and sign
cert.md.update(bytes.getBytes());
cert.signature = key.sign(cert.md);
};
/**
* Attempts verify the signature on the passed certificate using this
* certificate's public key.
*
* @param child the certificate to verify.
*
* @return true if verified, false if not.
*/
cert.verify = function(child) {
var rval = false;
if(!cert.issued(child)) {
var issuer = child.issuer;
var subject = cert.subject;
var error = new Error('The parent certificate did not issue the given child ' +
'certificate; the child certificate\'s issuer does not match the ' +
'parent\'s subject.');
error.expectedIssuer = issuer.attributes;
error.actualIssuer = subject.attributes;
throw error;
}
var md = child.md;
if(md === null) {
// check signature OID for supported signature types
if(child.signatureOid in oids) {
var oid = oids[child.signatureOid];
switch(oid) {
case 'sha1WithRSAEncryption':
md = forge.md.sha1.create();
break;
case 'md5WithRSAEncryption':
md = forge.md.md5.create();
break;
case 'sha256WithRSAEncryption':
md = forge.md.sha256.create();
break;
case 'sha512WithRSAEncryption':
md = forge.md.sha512.create();
break;
case 'RSASSA-PSS':
md = forge.md.sha256.create();
break;
}
}
if(md === null) {
var error = new Error('Could not compute certificate digest. ' +
'Unknown signature OID.');
error.signatureOid = child.signatureOid;
throw error;
}
// produce DER formatted TBSCertificate and digest it
var tbsCertificate = child.tbsCertificate || pki.getTBSCertificate(child);
var bytes = asn1.toDer(tbsCertificate);
md.update(bytes.getBytes());
}
if(md !== null) {
var scheme;
switch(child.signatureOid) {
case oids.sha1WithRSAEncryption:
scheme = undefined; /* use PKCS#1 v1.5 padding scheme */
break;
case oids['RSASSA-PSS']:
var hash, mgf;
/* initialize mgf */
hash = oids[child.signatureParameters.mgf.hash.algorithmOid];
if(hash === undefined || forge.md[hash] === undefined) {
var error = new Error('Unsupported MGF hash function.');
error.oid = child.signatureParameters.mgf.hash.algorithmOid;
error.name = hash;
throw error;
}
mgf = oids[child.signatureParameters.mgf.algorithmOid];
if(mgf === undefined || forge.mgf[mgf] === undefined) {
var error = new Error('Unsupported MGF function.');
error.oid = child.signatureParameters.mgf.algorithmOid;
error.name = mgf;
throw error;
}
mgf = forge.mgf[mgf].create(forge.md[hash].create());
/* initialize hash function */
hash = oids[child.signatureParameters.hash.algorithmOid];
if(hash === undefined || forge.md[hash] === undefined) {
throw {
message: 'Unsupported RSASSA-PSS hash function.',
oid: child.signatureParameters.hash.algorithmOid,
name: hash
};
}
scheme = forge.pss.create(forge.md[hash].create(), mgf,
child.signatureParameters.saltLength);
break;
}
// verify signature on cert using public key
rval = cert.publicKey.verify(
md.digest().getBytes(), child.signature, scheme);
}
return rval;
};
/**
* Returns true if this certificate's issuer matches the passed
* certificate's subject. Note that no signature check is performed.
*
* @param parent the certificate to check.
*
* @return true if this certificate's issuer matches the passed certificate's
* subject.
*/
cert.isIssuer = function(parent) {
var rval = false;
var i = cert.issuer;
var s = parent.subject;
// compare hashes if present
if(i.hash && s.hash) {
rval = (i.hash === s.hash);
} else if(i.attributes.length === s.attributes.length) {
// all attributes are the same so issuer matches subject
rval = true;
var iattr, sattr;
for(var n = 0; rval && n < i.attributes.length; ++n) {
iattr = i.attributes[n];
sattr = s.attributes[n];
if(iattr.type !== sattr.type || iattr.value !== sattr.value) {
// attribute mismatch
rval = false;
}
}
}
return rval;
};
/**
* Returns true if this certificate's subject matches the issuer of the
* given certificate). Note that not signature check is performed.
*
* @param child the certificate to check.
*
* @return true if this certificate's subject matches the passed
* certificate's issuer.
*/
cert.issued = function(child) {
return child.isIssuer(cert);
};
/**
* Generates the subjectKeyIdentifier for this certificate as byte buffer.
*
* @return the subjectKeyIdentifier for this certificate as byte buffer.
*/
cert.generateSubjectKeyIdentifier = function() {
/* See: 4.2.1.2 section of the the RFC3280, keyIdentifier is either:
(1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
value of the BIT STRING subjectPublicKey (excluding the tag,
length, and number of unused bits).
(2) The keyIdentifier is composed of a four bit type field with
the value 0100 followed by the least significant 60 bits of the
SHA-1 hash of the value of the BIT STRING subjectPublicKey
(excluding the tag, length, and number of unused bit string bits).
*/
// skipping the tag, length, and number of unused bits is the same
// as just using the RSAPublicKey (for RSA keys, which are the
// only ones supported)
return pki.getPublicKeyFingerprint(cert.publicKey, {type: 'RSAPublicKey'});
};
/**
* Verifies the subjectKeyIdentifier extension value for this certificate
* against its public key. If no extension is found, false will be
* returned.
*
* @return true if verified, false if not.
*/
cert.verifySubjectKeyIdentifier = function() {
var oid = oids['subjectKeyIdentifier'];
for(var i = 0; i < cert.extensions.length; ++i) {
var ext = cert.extensions[i];
if(ext.id === oid) {
var ski = cert.generateSubjectKeyIdentifier().getBytes();
return (forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski);
}
}
return false;
};
return cert;
};
/**
* Converts an X.509v3 RSA certificate from an ASN.1 object.
*
* Note: If the certificate is to be verified then compute hash should
* be set to true. There is currently no implementation for converting
* a certificate back to ASN.1 so the TBSCertificate part of the ASN.1
* object needs to be scanned before the cert object is created.
*
* @param obj the asn1 representation of an X.509v3 RSA certificate.
* @param computeHash true to compute the hash for verification.
*
* @return the certificate.
*/
pki.certificateFromAsn1 = function(obj, computeHash) {
// validate certificate and capture data
var capture = {};
var errors = [];
if(!asn1.validate(obj, x509CertificateValidator, capture, errors)) {
var error = new Error('Cannot read X.509 certificate. ' +
'ASN.1 object is not an X509v3 Certificate.');
error.errors = errors;
throw error;
}
// ensure signature is not interpreted as an embedded ASN.1 object
if(typeof capture.certSignature !== 'string') {
var certSignature = '\x00';
for(var i = 0; i < capture.certSignature.length; ++i) {
certSignature += asn1.toDer(capture.certSignature[i]).getBytes();
}
capture.certSignature = certSignature;
}
// get oid
var oid = asn1.derToOid(capture.publicKeyOid);
if(oid !== pki.oids['rsaEncryption']) {
throw new Error('Cannot read public key. OID is not RSA.');
}
// create certificate
var cert = pki.createCertificate();
cert.version = capture.certVersion ?
capture.certVersion.charCodeAt(0) : 0;
var serial = forge.util.createBuffer(capture.certSerialNumber);
cert.serialNumber = serial.toHex();
cert.signatureOid = forge.asn1.derToOid(capture.certSignatureOid);
cert.signatureParameters = _readSignatureParameters(
cert.signatureOid, capture.certSignatureParams, true);
cert.siginfo.algorithmOid = forge.asn1.derToOid(capture.certinfoSignatureOid);
cert.siginfo.parameters = _readSignatureParameters(cert.siginfo.algorithmOid,
capture.certinfoSignatureParams, false);
// skip "unused bits" in signature value BITSTRING
var signature = forge.util.createBuffer(capture.certSignature);
++signature.read;
cert.signature = signature.getBytes();
var validity = [];
if(capture.certValidity1UTCTime !== undefined) {
validity.push(asn1.utcTimeToDate(capture.certValidity1UTCTime));
}
if(capture.certValidity2GeneralizedTime !== undefined) {
validity.push(asn1.generalizedTimeToDate(
capture.certValidity2GeneralizedTime));
}
if(capture.certValidity3UTCTime !== undefined) {
validity.push(asn1.utcTimeToDate(capture.certValidity3UTCTime));
}
if(capture.certValidity4GeneralizedTime !== undefined) {
validity.push(asn1.generalizedTimeToDate(
capture.certValidity4GeneralizedTime));
}
if(validity.length > 2) {
throw new Error('Cannot read notBefore/notAfter validity times; more ' +
'than two times were provided in the certificate.');
}
if(validity.length < 2) {
throw new Error('Cannot read notBefore/notAfter validity times; they ' +
'were not provided as either UTCTime or GeneralizedTime.');
}
cert.validity.notBefore = validity[0];
cert.validity.notAfter = validity[1];
// keep TBSCertificate to preserve signature when exporting
cert.tbsCertificate = capture.tbsCertificate;
if(computeHash) {
// check signature OID for supported signature types
cert.md = null;
if(cert.signatureOid in oids) {
var oid = oids[cert.signatureOid];
switch(oid) {
case 'sha1WithRSAEncryption':
cert.md = forge.md.sha1.create();
break;
case 'md5WithRSAEncryption':
cert.md = forge.md.md5.create();
break;
case 'sha256WithRSAEncryption':
cert.md = forge.md.sha256.create();
break;
case 'sha512WithRSAEncryption':
cert.md = forge.md.sha512.create();
break;
case 'RSASSA-PSS':
cert.md = forge.md.sha256.create();
break;
}
}
if(cert.md === null) {
var error = new Error('Could not compute certificate digest. ' +
'Unknown signature OID.');
error.signatureOid = cert.signatureOid;
throw error;
}
// produce DER formatted TBSCertificate and digest it
var bytes = asn1.toDer(cert.tbsCertificate);
cert.md.update(bytes.getBytes());
}
// handle issuer, build issuer message digest
var imd = forge.md.sha1.create();
cert.issuer.getField = function(sn) {
return _getAttribute(cert.issuer, sn);
};
cert.issuer.addField = function(attr) {
_fillMissingFields([attr]);
cert.issuer.attributes.push(attr);
};
cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer, imd);
if(capture.certIssuerUniqueId) {
cert.issuer.uniqueId = capture.certIssuerUniqueId;
}
cert.issuer.hash = imd.digest().toHex();
// handle subject, build subject message digest
var smd = forge.md.sha1.create();
cert.subject.getField = function(sn) {
return _getAttribute(cert.subject, sn);
};
cert.subject.addField = function(attr) {
_fillMissingFields([attr]);
cert.subject.attributes.push(attr);
};
cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject, smd);
if(capture.certSubjectUniqueId) {
cert.subject.uniqueId = capture.certSubjectUniqueId;
}
cert.subject.hash = smd.digest().toHex();
// handle extensions
if(capture.certExtensions) {
cert.extensions = pki.certificateExtensionsFromAsn1(capture.certExtensions);
} else {
cert.extensions = [];
}
// convert RSA public key from ASN.1
cert.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);
return cert;
};
/**
* Converts an ASN.1 extensions object (with extension sequences as its
* values) into an array of extension objects with types and values.
*
* Supported extensions:
*
* id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
* KeyUsage ::= BIT STRING {
* digitalSignature (0),
* nonRepudiation (1),
* keyEncipherment (2),
* dataEncipherment (3),
* keyAgreement (4),
* keyCertSign (5),
* cRLSign (6),
* encipherOnly (7),
* decipherOnly (8)
* }
*
* id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL
* }
*
* subjectAltName EXTENSION ::= {
* SYNTAX GeneralNames
* IDENTIFIED BY id-ce-subjectAltName
* }
*
* GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
*
* GeneralName ::= CHOICE {
* otherName [0] INSTANCE OF OTHER-NAME,
* rfc822Name [1] IA5String,
* dNSName [2] IA5String,
* x400Address [3] ORAddress,
* directoryName [4] Name,
* ediPartyName [5] EDIPartyName,
* uniformResourceIdentifier [6] IA5String,
* IPAddress [7] OCTET STRING,
* registeredID [8] OBJECT IDENTIFIER
* }
*
* OTHER-NAME ::= TYPE-IDENTIFIER
*
* EDIPartyName ::= SEQUENCE {
* nameAssigner [0] DirectoryString {ub-name} OPTIONAL,
* partyName [1] DirectoryString {ub-name}
* }
*
* @param exts the extensions ASN.1 with extension sequences to parse.
*
* @return the array.
*/
pki.certificateExtensionsFromAsn1 = function(exts) {
var rval = [];
for(var i = 0; i < exts.value.length; ++i) {
// get extension sequence
var extseq = exts.value[i];
for(var ei = 0; ei < extseq.value.length; ++ei) {
rval.push(pki.certificateExtensionFromAsn1(extseq.value[ei]));
}
}
return rval;
};
/**
* Parses a single certificate extension from ASN.1.
*
* @param ext the extension in ASN.1 format.
*
* @return the parsed extension as an object.
*/
pki.certificateExtensionFromAsn1 = function(ext) {
// an extension has:
// [0] extnID OBJECT IDENTIFIER
// [1] critical BOOLEAN DEFAULT FALSE
// [2] extnValue OCTET STRING
var e = {};
e.id = asn1.derToOid(ext.value[0].value);
e.critical = false;
if(ext.value[1].type === asn1.Type.BOOLEAN) {
e.critical = (ext.value[1].value.charCodeAt(0) !== 0x00);
e.value = ext.value[2].value;
} else {
e.value = ext.value[1].value;
}
// if the oid is known, get its name
if(e.id in oids) {
e.name = oids[e.id];
// handle key usage
if(e.name === 'keyUsage') {
// get value as BIT STRING
var ev = asn1.fromDer(e.value);
var b2 = 0x00;
var b3 = 0x00;
if(ev.value.length > 1) {
// skip first byte, just indicates unused bits which
// will be padded with 0s anyway
// get bytes with flag bits
b2 = ev.value.charCodeAt(1);
b3 = ev.value.length > 2 ? ev.value.charCodeAt(2) : 0;
}
// set flags
e.digitalSignature = (b2 & 0x80) === 0x80;
e.nonRepudiation = (b2 & 0x40) === 0x40;
e.keyEncipherment = (b2 & 0x20) === 0x20;
e.dataEncipherment = (b2 & 0x10) === 0x10;
e.keyAgreement = (b2 & 0x08) === 0x08;
e.keyCertSign = (b2 & 0x04) === 0x04;
e.cRLSign = (b2 & 0x02) === 0x02;
e.encipherOnly = (b2 & 0x01) === 0x01;
e.decipherOnly = (b3 & 0x80) === 0x80;
} else if(e.name === 'basicConstraints') {
// handle basic constraints
// get value as SEQUENCE
var ev = asn1.fromDer(e.value);
// get cA BOOLEAN flag (defaults to false)
if(ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) {
e.cA = (ev.value[0].value.charCodeAt(0) !== 0x00);
} else {
e.cA = false;
}
// get path length constraint
var value = null;
if(ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) {
value = ev.value[0].value;
} else if(ev.value.length > 1) {
value = ev.value[1].value;
}
if(value !== null) {
e.pathLenConstraint = asn1.derToInteger(value);
}
} else if(e.name === 'extKeyUsage') {
// handle extKeyUsage
// value is a SEQUENCE of OIDs
var ev = asn1.fromDer(e.value);
for(var vi = 0; vi < ev.value.length; ++vi) {
var oid = asn1.derToOid(ev.value[vi].value);
if(oid in oids) {
e[oids[oid]] = true;
} else {
e[oid] = true;
}
}
} else if(e.name === 'nsCertType') {
// handle nsCertType
// get value as BIT STRING
var ev = asn1.fromDer(e.value);
var b2 = 0x00;
if(ev.value.length > 1) {
// skip first byte, just indicates unused bits which
// will be padded with 0s anyway
// get bytes with flag bits
b2 = ev.value.charCodeAt(1);
}
// set flags
e.client = (b2 & 0x80) === 0x80;
e.server = (b2 & 0x40) === 0x40;
e.email = (b2 & 0x20) === 0x20;
e.objsign = (b2 & 0x10) === 0x10;
e.reserved = (b2 & 0x08) === 0x08;
e.sslCA = (b2 & 0x04) === 0x04;
e.emailCA = (b2 & 0x02) === 0x02;
e.objCA = (b2 & 0x01) === 0x01;
} else if(
e.name === 'subjectAltName' ||
e.name === 'issuerAltName') {
// handle subjectAltName/issuerAltName
e.altNames = [];
// ev is a SYNTAX SEQUENCE
var gn;
var ev = asn1.fromDer(e.value);
for(var n = 0; n < ev.value.length; ++n) {
// get GeneralName
gn = ev.value[n];
var altName = {
type: gn.type,
value: gn.value
};
e.altNames.push(altName);
// Note: Support for types 1,2,6,7,8
switch(gn.type) {
// rfc822Name
case 1:
// dNSName
case 2:
// uniformResourceIdentifier (URI)
case 6:
break;
// IPAddress
case 7:
// convert to IPv4/IPv6 string representation
altName.ip = forge.util.bytesToIP(gn.value);
break;
// registeredID
case 8:
altName.oid = asn1.derToOid(gn.value);
break;
default:
// unsupported
}
}
} else if(e.name === 'subjectKeyIdentifier') {
// value is an OCTETSTRING w/the hash of the key-type specific
// public key structure (eg: RSAPublicKey)
var ev = asn1.fromDer(e.value);
e.subjectKeyIdentifier = forge.util.bytesToHex(ev.value);
}
}
return e;
};
/**
* Converts a PKCS#10 certification request (CSR) from an ASN.1 object.
*
* Note: If the certification request is to be verified then compute hash
* should be set to true. There is currently no implementation for converting
* a certificate back to ASN.1 so the CertificationRequestInfo part of the
* ASN.1 object needs to be scanned before the csr object is created.
*
* @param obj the asn1 representation of a PKCS#10 certification request (CSR).
* @param computeHash true to compute the hash for verification.
*
* @return the certification request (CSR).
*/
pki.certificationRequestFromAsn1 = function(obj, computeHash) {
// validate certification request and capture data
var capture = {};
var errors = [];
if(!asn1.validate(obj, certificationRequestValidator, capture, errors)) {
var error = new Error('Cannot read PKCS#10 certificate request. ' +
'ASN.1 object is not a PKCS#10 CertificationRequest.');
error.errors = errors;
throw error;
}
// ensure signature is not interpreted as an embedded ASN.1 object
if(typeof capture.csrSignature !== 'string') {
var csrSignature = '\x00';
for(var i = 0; i < capture.csrSignature.length; ++i) {
csrSignature += asn1.toDer(capture.csrSignature[i]).getBytes();
}
capture.csrSignature = csrSignature;
}
// get oid
var oid = asn1.derToOid(capture.publicKeyOid);
if(oid !== pki.oids.rsaEncryption) {
throw new Error('Cannot read public key. OID is not RSA.');
}
// create certification request
var csr = pki.createCertificationRequest();
csr.version = capture.csrVersion ? capture.csrVersion.charCodeAt(0) : 0;
csr.signatureOid = forge.asn1.derToOid(capture.csrSignatureOid);
csr.signatureParameters = _readSignatureParameters(
csr.signatureOid, capture.csrSignatureParams, true);
csr.siginfo.algorithmOid = forge.asn1.derToOid(capture.csrSignatureOid);
csr.siginfo.parameters = _readSignatureParameters(
csr.siginfo.algorithmOid, capture.csrSignatureParams, false);
// skip "unused bits" in signature value BITSTRING
var signature = forge.util.createBuffer(capture.csrSignature);
++signature.read;
csr.signature = signature.getBytes();
// keep CertificationRequestInfo to preserve signature when exporting
csr.certificationRequestInfo = capture.certificationRequestInfo;
if(computeHash) {
// check signature OID for supported signature types
csr.md = null;
if(csr.signatureOid in oids) {
var oid = oids[csr.signatureOid];
switch(oid) {
case 'sha1WithRSAEncryption':
csr.md = forge.md.sha1.create();
break;
case 'md5WithRSAEncryption':
csr.md = forge.md.md5.create();
break;
case 'sha256WithRSAEncryption':
csr.md = forge.md.sha256.create();
break;
case 'sha512WithRSAEncryption':
csr.md = forge.md.sha512.create();
break;
case 'RSASSA-PSS':
csr.md = forge.md.sha256.create();
break;
}
}
if(csr.md === null) {
var error = new Error('Could not compute certification request digest. ' +
'Unknown signature OID.');
error.signatureOid = csr.signatureOid;
throw error;
}
// produce DER formatted CertificationRequestInfo and digest it
var bytes = asn1.toDer(csr.certificationRequestInfo);
csr.md.update(bytes.getBytes());
}
// handle subject, build subject message digest
var smd = forge.md.sha1.create();
csr.subject.getField = function(sn) {
return _getAttribute(csr.subject, sn);
};
csr.subject.addField = function(attr) {
_fillMissingFields([attr]);
csr.subject.attributes.push(attr);
};
csr.subject.attributes = pki.RDNAttributesAsArray(
capture.certificationRequestInfoSubject, smd);
csr.subject.hash = smd.digest().toHex();
// convert RSA public key from ASN.1
csr.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);
// convert attributes from ASN.1
csr.getAttribute = function(sn) {
return _getAttribute(csr, sn);
};
csr.addAttribute = function(attr) {
_fillMissingFields([attr]);
csr.attributes.push(attr);
};
csr.attributes = pki.CRIAttributesAsArray(
capture.certificationRequestInfoAttributes || []);
return csr;
};
/**
* Creates an empty certification request (a CSR or certificate signing
* request). Once created, its public key and attributes can be set and then
* it can be signed.
*
* @return the empty certification request.
*/
pki.createCertificationRequest = function() {
var csr = {};
csr.version = 0x00;
csr.signatureOid = null;
csr.signature = null;
csr.siginfo = {};
csr.siginfo.algorithmOid = null;
csr.subject = {};
csr.subject.getField = function(sn) {
return _getAttribute(csr.subject, sn);
};
csr.subject.addField = function(attr) {
_fillMissingFields([attr]);
csr.subject.attributes.push(attr);
};
csr.subject.attributes = [];
csr.subject.hash = null;
csr.publicKey = null;
csr.attributes = [];
csr.getAttribute = function(sn) {
return _getAttribute(csr, sn);
};
csr.addAttribute = function(attr) {
_fillMissingFields([attr]);
csr.attributes.push(attr);
};
csr.md = null;
/**
* Sets the subject of this certification request.
*
* @param attrs the array of subject attributes to use.
*/
csr.setSubject = function(attrs) {
// set new attributes
_fillMissingFields(attrs);
csr.subject.attributes = attrs;
csr.subject.hash = null;
};
/**
* Sets the attributes of this certification request.
*
* @param attrs the array of attributes to use.
*/
csr.setAttributes = function(attrs) {
// set new attributes
_fillMissingFields(attrs);
csr.attributes = attrs;
};
/**
* Signs this certification request using the given private key.
*
* @param key the private key to sign with.
* @param md the message digest object to use (defaults to forge.md.sha1).
*/
csr.sign = function(key, md) {
// TODO: get signature OID from private key
csr.md = md || forge.md.sha1.create();
var algorithmOid = oids[csr.md.algorithm + 'WithRSAEncryption'];
if(!algorithmOid) {
var error = new Error('Could not compute certification request digest. ' +
'Unknown message digest algorithm OID.');
error.algorithm = csr.md.algorithm;
throw error;
}
csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid;
// get CertificationRequestInfo, convert to DER
csr.certificationRequestInfo = pki.getCertificationRequestInfo(csr);
var bytes = asn1.toDer(csr.certificationRequestInfo);
// digest and sign
csr.md.update(bytes.getBytes());
csr.signature = key.sign(csr.md);
};
/**
* Attempts verify the signature on the passed certification request using
* its public key.
*
* A CSR that has been exported to a file in PEM format can be verified using
* OpenSSL using this command:
*
* openssl req -in <the-csr-pem-file> -verify -noout -text
*
* @return true if verified, false if not.
*/
csr.verify = function() {
var rval = false;
var md = csr.md;
if(md === null) {
// check signature OID for supported signature types
if(csr.signatureOid in oids) {
// TODO: create DRY `OID to md` function
var oid = oids[csr.signatureOid];
switch(oid) {
case 'sha1WithRSAEncryption':
md = forge.md.sha1.create();
break;
case 'md5WithRSAEncryption':
md = forge.md.md5.create();
break;
case 'sha256WithRSAEncryption':
md = forge.md.sha256.create();
break;
case 'sha512WithRSAEncryption':
md = forge.md.sha512.create();
break;
case 'RSASSA-PSS':
md = forge.md.sha256.create();
break;
}
}
if(md === null) {
var error = new Error('Could not compute certification request digest. ' +
'Unknown signature OID.');
error.signatureOid = csr.signatureOid;
throw error;
}
// produce DER formatted CertificationRequestInfo and digest it
var cri = csr.certificationRequestInfo ||
pki.getCertificationRequestInfo(csr);
var bytes = asn1.toDer(cri);
md.update(bytes.getBytes());
}
if(md !== null) {
var scheme;
switch(csr.signatureOid) {
case oids.sha1WithRSAEncryption:
/* use PKCS#1 v1.5 padding scheme */
break;
case oids['RSASSA-PSS']:
var hash, mgf;
/* initialize mgf */
hash = oids[csr.signatureParameters.mgf.hash.algorithmOid];
if(hash === undefined || forge.md[hash] === undefined) {
var error = new Error('Unsupported MGF hash function.');
error.oid = csr.signatureParameters.mgf.hash.algorithmOid;
error.name = hash;
throw error;
}
mgf = oids[csr.signatureParameters.mgf.algorithmOid];
if(mgf === undefined || forge.mgf[mgf] === undefined) {
var error = new Error('Unsupported MGF function.');
error.oid = csr.signatureParameters.mgf.algorithmOid;
error.name = mgf;
throw error;
}
mgf = forge.mgf[mgf].create(forge.md[hash].create());
/* initialize hash function */
hash = oids[csr.signatureParameters.hash.algorithmOid];
if(hash === undefined || forge.md[hash] === undefined) {
var error = new Error('Unsupported RSASSA-PSS hash function.');
error.oid = csr.signatureParameters.hash.algorithmOid;
error.name = hash;
throw error;
}
scheme = forge.pss.create(forge.md[hash].create(), mgf,
csr.signatureParameters.saltLength);
break;
}
// verify signature on csr using its public key
rval = csr.publicKey.verify(
md.digest().getBytes(), csr.signature, scheme);
}
return rval;
};
return csr;
};
/**
* Converts an X.509 subject or issuer to an ASN.1 RDNSequence.
*
* @param obj the subject or issuer (distinguished name).
*
* @return the ASN.1 RDNSequence.
*/
function _dnToAsn1(obj) {
// create an empty RDNSequence
var rval = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
// iterate over attributes
var attr, set;
var attrs = obj.attributes;
for(var i = 0; i < attrs.length; ++i) {
attr = attrs[i];
var value = attr.value;
// reuse tag class for attribute value if available
var valueTagClass = asn1.Type.PRINTABLESTRING;
if('valueTagClass' in attr) {
valueTagClass = attr.valueTagClass;
if(valueTagClass === asn1.Type.UTF8) {
value = forge.util.encodeUtf8(value);
}
// FIXME: handle more encodings
}
// create a RelativeDistinguishedName set
// each value in the set is an AttributeTypeAndValue first
// containing the type (an OID) and second the value
set = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// AttributeType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(attr.type).getBytes()),
// AttributeValue
asn1.create(asn1.Class.UNIVERSAL, valueTagClass, false, value)
])
]);
rval.value.push(set);
}
return rval;
}
/**
* Gets all printable attributes (typically of an issuer or subject) in a
* simplified JSON format for display.
*
* @param attrs the attributes.
*
* @return the JSON for display.
*/
function _getAttributesAsJson(attrs) {
var rval = {};
for(var i = 0; i < attrs.length; ++i) {
var attr = attrs[i];
if(attr.shortName && (
attr.valueTagClass === asn1.Type.UTF8 ||
attr.valueTagClass === asn1.Type.PRINTABLESTRING ||
attr.valueTagClass === asn1.Type.IA5STRING)) {
var value = attr.value;
if(attr.valueTagClass === asn1.Type.UTF8) {
value = forge.util.encodeUtf8(attr.value);
}
if(!(attr.shortName in rval)) {
rval[attr.shortName] = value;
} else if(forge.util.isArray(rval[attr.shortName])) {
rval[attr.shortName].push(value);
} else {
rval[attr.shortName] = [rval[attr.shortName], value];
}
}
}
return rval;
}
/**
* Fills in missing fields in attributes.
*
* @param attrs the attributes to fill missing fields in.
*/
function _fillMissingFields(attrs) {
var attr;
for(var i = 0; i < attrs.length; ++i) {
attr = attrs[i];
// populate missing name
if(typeof attr.name === 'undefined') {
if(attr.type && attr.type in pki.oids) {
attr.name = pki.oids[attr.type];
} else if(attr.shortName && attr.shortName in _shortNames) {
attr.name = pki.oids[_shortNames[attr.shortName]];
}
}
// populate missing type (OID)
if(typeof attr.type === 'undefined') {
if(attr.name && attr.name in pki.oids) {
attr.type = pki.oids[attr.name];
} else {
var error = new Error('Attribute type not specified.');
error.attribute = attr;
throw error;
}
}
// populate missing shortname
if(typeof attr.shortName === 'undefined') {
if(attr.name && attr.name in _shortNames) {
attr.shortName = _shortNames[attr.name];
}
}
// convert extensions to value
if(attr.type === oids.extensionRequest) {
attr.valueConstructed = true;
attr.valueTagClass = asn1.Type.SEQUENCE;
if(!attr.value && attr.extensions) {
attr.value = [];
for(var ei = 0; ei < attr.extensions.length; ++ei) {
attr.value.push(pki.certificateExtensionToAsn1(
_fillMissingExtensionFields(attr.extensions[ei])));
}
}
}
if(typeof attr.value === 'undefined') {
var error = new Error('Attribute value not specified.');
error.attribute = attr;
throw error;
}
}
}
/**
* Fills in missing fields in certificate extensions.
*
* @param e the extension.
* @param [options] the options to use.
* [cert] the certificate the extensions are for.
*
* @return the extension.
*/
function _fillMissingExtensionFields(e, options) {
options = options || {};
// populate missing name
if(typeof e.name === 'undefined') {
if(e.id && e.id in pki.oids) {
e.name = pki.oids[e.id];
}
}
// populate missing id
if(typeof e.id === 'undefined') {
if(e.name && e.name in pki.oids) {
e.id = pki.oids[e.name];
} else {
var error = new Error('Extension ID not specified.');
error.extension = e;
throw error;
}
}
if(typeof e.value !== 'undefined') {
return e;
}
// handle missing value:
// value is a BIT STRING
if(e.name === 'keyUsage') {
// build flags
var unused = 0;
var b2 = 0x00;
var b3 = 0x00;
if(e.digitalSignature) {
b2 |= 0x80;
unused = 7;
}
if(e.nonRepudiation) {
b2 |= 0x40;
unused = 6;
}
if(e.keyEncipherment) {
b2 |= 0x20;
unused = 5;
}
if(e.dataEncipherment) {
b2 |= 0x10;
unused = 4;
}
if(e.keyAgreement) {
b2 |= 0x08;
unused = 3;
}
if(e.keyCertSign) {
b2 |= 0x04;
unused = 2;
}
if(e.cRLSign) {
b2 |= 0x02;
unused = 1;
}
if(e.encipherOnly) {
b2 |= 0x01;
unused = 0;
}
if(e.decipherOnly) {
b3 |= 0x80;
unused = 7;
}
// create bit string
var value = String.fromCharCode(unused);
if(b3 !== 0) {
value += String.fromCharCode(b2) + String.fromCharCode(b3);
} else if(b2 !== 0) {
value += String.fromCharCode(b2);
}
e.value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);
} else if(e.name === 'basicConstraints') {
// basicConstraints is a SEQUENCE
e.value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
// cA BOOLEAN flag defaults to false
if(e.cA) {
e.value.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false,
String.fromCharCode(0xFF)));
}
if('pathLenConstraint' in e) {
e.value.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(e.pathLenConstraint).getBytes()));
}
} else if(e.name === 'extKeyUsage') {
// extKeyUsage is a SEQUENCE of OIDs
e.value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
var seq = e.value.value;
for(var key in e) {
if(e[key] !== true) {
continue;
}
// key is name in OID map
if(key in oids) {
seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID,
false, asn1.oidToDer(oids[key]).getBytes()));
} else if(key.indexOf('.') !== -1) {
// assume key is an OID
seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID,
false, asn1.oidToDer(key).getBytes()));
}
}
} else if(e.name === 'nsCertType') {
// nsCertType is a BIT STRING
// build flags
var unused = 0;
var b2 = 0x00;
if(e.client) {
b2 |= 0x80;
unused = 7;
}
if(e.server) {
b2 |= 0x40;
unused = 6;
}
if(e.email) {
b2 |= 0x20;
unused = 5;
}
if(e.objsign) {
b2 |= 0x10;
unused = 4;
}
if(e.reserved) {
b2 |= 0x08;
unused = 3;
}
if(e.sslCA) {
b2 |= 0x04;
unused = 2;
}
if(e.emailCA) {
b2 |= 0x02;
unused = 1;
}
if(e.objCA) {
b2 |= 0x01;
unused = 0;
}
// create bit string
var value = String.fromCharCode(unused);
if(b2 !== 0) {
value += String.fromCharCode(b2);
}
e.value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);
} else if(e.name === 'subjectAltName' || e.name === 'issuerAltName') {
// SYNTAX SEQUENCE
e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
var altName;
for(var n = 0; n < e.altNames.length; ++n) {
altName = e.altNames[n];
var value = altName.value;
// handle IP
if(altName.type === 7 && altName.ip) {
value = forge.util.bytesFromIP(altName.ip);
if(value === null) {
var error = new Error(
'Extension "ip" value is not a valid IPv4 or IPv6 address.');
error.extension = e;
throw error;
}
} else if(altName.type === 8) {
// handle OID
if(altName.oid) {
value = asn1.oidToDer(asn1.oidToDer(altName.oid));
} else {
// deprecated ... convert value to OID
value = asn1.oidToDer(value);
}
}
e.value.value.push(asn1.create(
asn1.Class.CONTEXT_SPECIFIC, altName.type, false,
value));
}
} else if(e.name === 'subjectKeyIdentifier' && options.cert) {
var ski = options.cert.generateSubjectKeyIdentifier();
e.subjectKeyIdentifier = ski.toHex();
// OCTETSTRING w/digest
e.value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ski.getBytes());
}
// ensure value has been defined by now
if(typeof e.value === 'undefined') {
var error = new Error('Extension value not specified.');
error.extension = e;
throw error;
}
return e;
}
/**
* Convert signature parameters object to ASN.1
*
* @param {String} oid Signature algorithm OID
* @param params The signature parametrs object
* @return ASN.1 object representing signature parameters
*/
function _signatureParametersToAsn1(oid, params) {
switch(oid) {
case oids['RSASSA-PSS']:
var parts = [];
if(params.hash.algorithmOid !== undefined) {
parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(params.hash.algorithmOid).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
])
]));
}
if(params.mgf.algorithmOid !== undefined) {
parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(params.mgf.algorithmOid).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(params.mgf.hash.algorithmOid).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
])
])
]));
}
if(params.saltLength !== undefined) {
parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(params.saltLength).getBytes())
]));
}
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts);
default:
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '');
}
}
/**
* Converts a certification request's attributes to an ASN.1 set of
* CRIAttributes.
*
* @param csr certification request.
*
* @return the ASN.1 set of CRIAttributes.
*/
function _CRIAttributesToAsn1(csr) {
// create an empty context-specific container
var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []);
// no attributes, return empty container
if(csr.attributes.length === 0) {
return rval;
}
// each attribute has a sequence with a type and a set of values
var attrs = csr.attributes;
for(var i = 0; i < attrs.length; ++i) {
var attr = attrs[i];
var value = attr.value;
// reuse tag class for attribute value if available
var valueTagClass = asn1.Type.UTF8;
if('valueTagClass' in attr) {
valueTagClass = attr.valueTagClass;
}
if(valueTagClass === asn1.Type.UTF8) {
value = forge.util.encodeUtf8(value);
}
var valueConstructed = false;
if('valueConstructed' in attr) {
valueConstructed = attr.valueConstructed;
}
// FIXME: handle more encodings
// create a RelativeDistinguishedName set
// each value in the set is an AttributeTypeAndValue first
// containing the type (an OID) and second the value
var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// AttributeType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(attr.type).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
// AttributeValue
asn1.create(
asn1.Class.UNIVERSAL, valueTagClass, valueConstructed, value)
])
]);
rval.value.push(seq);
}
return rval;
}
/**
* Gets the ASN.1 TBSCertificate part of an X.509v3 certificate.
*
* @param cert the certificate.
*
* @return the asn1 TBSCertificate.
*/
pki.getTBSCertificate = function(cert) {
// TBSCertificate
var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// integer
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(cert.version).getBytes())
]),
// serialNumber
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
forge.util.hexToBytes(cert.serialNumber)),
// signature
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(cert.siginfo.algorithmOid).getBytes()),
// parameters
_signatureParametersToAsn1(
cert.siginfo.algorithmOid, cert.siginfo.parameters)
]),
// issuer
_dnToAsn1(cert.issuer),
// validity
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// notBefore
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,
asn1.dateToUtcTime(cert.validity.notBefore)),
// notAfter
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,
asn1.dateToUtcTime(cert.validity.notAfter))
]),
// subject
_dnToAsn1(cert.subject),
// SubjectPublicKeyInfo
pki.publicKeyToAsn1(cert.publicKey)
]);
if(cert.issuer.uniqueId) {
// issuerUniqueID (optional)
tbs.value.push(
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
String.fromCharCode(0x00) +
cert.issuer.uniqueId
)
])
);
}
if(cert.subject.uniqueId) {
// subjectUniqueID (optional)
tbs.value.push(
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
String.fromCharCode(0x00) +
cert.subject.uniqueId
)
])
);
}
if(cert.extensions.length > 0) {
// extensions (optional)
tbs.value.push(pki.certificateExtensionsToAsn1(cert.extensions));
}
return tbs;
};
/**
* Gets the ASN.1 CertificationRequestInfo part of a
* PKCS#10 CertificationRequest.
*
* @param csr the certification request.
*
* @return the asn1 CertificationRequestInfo.
*/
pki.getCertificationRequestInfo = function(csr) {
// CertificationRequestInfo
var cri = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(csr.version).getBytes()),
// subject
_dnToAsn1(csr.subject),
// SubjectPublicKeyInfo
pki.publicKeyToAsn1(csr.publicKey),
// attributes
_CRIAttributesToAsn1(csr)
]);
return cri;
};
/**
* Converts a DistinguishedName (subject or issuer) to an ASN.1 object.
*
* @param dn the DistinguishedName.
*
* @return the asn1 representation of a DistinguishedName.
*/
pki.distinguishedNameToAsn1 = function(dn) {
return _dnToAsn1(dn);
};
/**
* Converts an X.509v3 RSA certificate to an ASN.1 object.
*
* @param cert the certificate.
*
* @return the asn1 representation of an X.509v3 RSA certificate.
*/
pki.certificateToAsn1 = function(cert) {
// prefer cached TBSCertificate over generating one
var tbsCertificate = cert.tbsCertificate || pki.getTBSCertificate(cert);
// Certificate
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// TBSCertificate
tbsCertificate,
// AlgorithmIdentifier (signature algorithm)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(cert.signatureOid).getBytes()),
// parameters
_signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters)
]),
// SignatureValue
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
String.fromCharCode(0x00) + cert.signature)
]);
};
/**
* Converts X.509v3 certificate extensions to ASN.1.
*
* @param exts the extensions to convert.
*
* @return the extensions in ASN.1 format.
*/
pki.certificateExtensionsToAsn1 = function(exts) {
// create top-level extension container
var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []);
// create extension sequence (stores a sequence for each extension)
var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
rval.value.push(seq);
for(var i = 0; i < exts.length; ++i) {
seq.value.push(pki.certificateExtensionToAsn1(exts[i]));
}
return rval;
};
/**
* Converts a single certificate extension to ASN.1.
*
* @param ext the extension to convert.
*
* @return the extension in ASN.1 format.
*/
pki.certificateExtensionToAsn1 = function(ext) {
// create a sequence for each extension
var extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);
// extnID (OID)
extseq.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(ext.id).getBytes()));
// critical defaults to false
if(ext.critical) {
// critical BOOLEAN DEFAULT FALSE
extseq.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false,
String.fromCharCode(0xFF)));
}
var value = ext.value;
if(typeof ext.value !== 'string') {
// value is asn.1
value = asn1.toDer(value).getBytes();
}
// extnValue (OCTET STRING)
extseq.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, value));
return extseq;
};
/**
* Converts a PKCS#10 certification request to an ASN.1 object.
*
* @param csr the certification request.
*
* @return the asn1 representation of a certification request.
*/
pki.certificationRequestToAsn1 = function(csr) {
// prefer cached CertificationRequestInfo over generating one
var cri = csr.certificationRequestInfo ||
pki.getCertificationRequestInfo(csr);
// Certificate
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// CertificationRequestInfo
cri,
// AlgorithmIdentifier (signature algorithm)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(csr.signatureOid).getBytes()),
// parameters
_signatureParametersToAsn1(csr.signatureOid, csr.signatureParameters)
]),
// signature
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,
String.fromCharCode(0x00) + csr.signature)
]);
};
/**
* Creates a CA store.
*
* @param certs an optional array of certificate objects or PEM-formatted
* certificate strings to add to the CA store.
*
* @return the CA store.
*/
pki.createCaStore = function(certs) {
// create CA store
var caStore = {
// stored certificates
certs: {}
};
/**
* Gets the certificate that issued the passed certificate or its
* 'parent'.
*
* @param cert the certificate to get the parent for.
*
* @return the parent certificate or null if none was found.
*/
caStore.getIssuer = function(cert) {
var rval = getBySubject(cert.issuer);
// see if there are multiple matches
/*if(forge.util.isArray(rval)) {
// TODO: resolve multiple matches by checking
// authorityKey/subjectKey/issuerUniqueID/other identifiers, etc.
// FIXME: or alternatively do authority key mapping
// if possible (X.509v1 certs can't work?)
throw new Error('Resolving multiple issuer matches not implemented yet.');
}*/
return rval;
};
/**
* Adds a trusted certificate to the store.
*
* @param cert the certificate to add as a trusted certificate (either a
* pki.certificate object or a PEM-formatted certificate).
*/
caStore.addCertificate = function(cert) {
// convert from pem if necessary
if(typeof cert === 'string') {
cert = forge.pki.certificateFromPem(cert);
}
// produce subject hash if it doesn't exist
if(!cert.subject.hash) {
var md = forge.md.sha1.create();
cert.subject.attributes = pki.RDNAttributesAsArray(
_dnToAsn1(cert.subject), md);
cert.subject.hash = md.digest().toHex();
}
if(cert.subject.hash in caStore.certs) {
// subject hash already exists, append to array
var tmp = caStore.certs[cert.subject.hash];
if(!forge.util.isArray(tmp)) {
tmp = [tmp];
}
tmp.push(cert);
} else {
caStore.certs[cert.subject.hash] = cert;
}
};
/**
* Checks to see if the given certificate is in the store.
*
* @param cert the certificate to check.
*
* @return true if the certificate is in the store, false if not.
*/
caStore.hasCertificate = function(cert) {
var match = getBySubject(cert.subject);
if(!match) {
return false;
}
if(!forge.util.isArray(match)) {
match = [match];
}
// compare DER-encoding of certificates
var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes();
for(var i = 0; i < match.length; ++i) {
var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes();
if(der1 === der2) {
return true;
}
}
return false;
};
function getBySubject(subject) {
// produce subject hash if it doesn't exist
if(!subject.hash) {
var md = forge.md.sha1.create();
subject.attributes = pki.RDNAttributesAsArray(_dnToAsn1(subject), md);
subject.hash = md.digest().toHex();
}
return caStore.certs[subject.hash] || null;
}
// auto-add passed in certs
if(certs) {
// parse PEM-formatted certificates as necessary
for(var i = 0; i < certs.length; ++i) {
var cert = certs[i];
caStore.addCertificate(cert);
}
}
return caStore;
};
/**
* Certificate verification errors, based on TLS.
*/
pki.certificateError = {
bad_certificate: 'forge.pki.BadCertificate',
unsupported_certificate: 'forge.pki.UnsupportedCertificate',
certificate_revoked: 'forge.pki.CertificateRevoked',
certificate_expired: 'forge.pki.CertificateExpired',
certificate_unknown: 'forge.pki.CertificateUnknown',
unknown_ca: 'forge.pki.UnknownCertificateAuthority'
};
/**
* Verifies a certificate chain against the given Certificate Authority store
* with an optional custom verify callback.
*
* @param caStore a certificate store to verify against.
* @param chain the certificate chain to verify, with the root or highest
* authority at the end (an array of certificates).
* @param verify called for every certificate in the chain.
*
* The verify callback has the following signature:
*
* verified - Set to true if certificate was verified, otherwise the
* pki.certificateError for why the certificate failed.
* depth - The current index in the chain, where 0 is the end point's cert.
* certs - The certificate chain, *NOTE* an empty chain indicates an anonymous
* end point.
*
* The function returns true on success and on failure either the appropriate
* pki.certificateError or an object with 'error' set to the appropriate
* pki.certificateError and 'message' set to a custom error message.
*
* @return true if successful, error thrown if not.
*/
pki.verifyCertificateChain = function(caStore, chain, verify) {
/* From: RFC3280 - Internet X.509 Public Key Infrastructure Certificate
Section 6: Certification Path Validation
See inline parentheticals related to this particular implementation.
The primary goal of path validation is to verify the binding between
a subject distinguished name or a subject alternative name and subject
public key, as represented in the end entity certificate, based on the
public key of the trust anchor. This requires obtaining a sequence of
certificates that support that binding. That sequence should be provided
in the passed 'chain'. The trust anchor should be in the given CA
store. The 'end entity' certificate is the certificate provided by the
end point (typically a server) and is the first in the chain.
To meet this goal, the path validation process verifies, among other
things, that a prospective certification path (a sequence of n
certificates or a 'chain') satisfies the following conditions:
(a) for all x in {1, ..., n-1}, the subject of certificate x is
the issuer of certificate x+1;
(b) certificate 1 is issued by the trust anchor;
(c) certificate n is the certificate to be validated; and
(d) for all x in {1, ..., n}, the certificate was valid at the
time in question.
Note that here 'n' is index 0 in the chain and 1 is the last certificate
in the chain and it must be signed by a certificate in the connection's
CA store.
The path validation process also determines the set of certificate
policies that are valid for this path, based on the certificate policies
extension, policy mapping extension, policy constraints extension, and
inhibit any-policy extension.
Note: Policy mapping extension not supported (Not Required).
Note: If the certificate has an unsupported critical extension, then it
must be rejected.
Note: A certificate is self-issued if the DNs that appear in the subject
and issuer fields are identical and are not empty.
The path validation algorithm assumes the following seven inputs are
provided to the path processing logic. What this specific implementation
will use is provided parenthetically:
(a) a prospective certification path of length n (the 'chain')
(b) the current date/time: ('now').
(c) user-initial-policy-set: A set of certificate policy identifiers
naming the policies that are acceptable to the certificate user.
The user-initial-policy-set contains the special value any-policy
if the user is not concerned about certificate policy
(Not implemented. Any policy is accepted).
(d) trust anchor information, describing a CA that serves as a trust
anchor for the certification path. The trust anchor information
includes:
(1) the trusted issuer name,
(2) the trusted public key algorithm,
(3) the trusted public key, and
(4) optionally, the trusted public key parameters associated
with the public key.
(Trust anchors are provided via certificates in the CA store).
The trust anchor information may be provided to the path processing
procedure in the form of a self-signed certificate. The trusted anchor
information is trusted because it was delivered to the path processing
procedure by some trustworthy out-of-band procedure. If the trusted
public key algorithm requires parameters, then the parameters are
provided along with the trusted public key (No parameters used in this
implementation).
(e) initial-policy-mapping-inhibit, which indicates if policy mapping is
allowed in the certification path.
(Not implemented, no policy checking)
(f) initial-explicit-policy, which indicates if the path must be valid
for at least one of the certificate policies in the user-initial-
policy-set.
(Not implemented, no policy checking)
(g) initial-any-policy-inhibit, which indicates whether the
anyPolicy OID should be processed if it is included in a
certificate.
(Not implemented, so any policy is valid provided that it is
not marked as critical) */
/* Basic Path Processing:
For each certificate in the 'chain', the following is checked:
1. The certificate validity period includes the current time.
2. The certificate was signed by its parent (where the parent is either
the next in the chain or from the CA store). Allow processing to
continue to the next step if no parent is found but the certificate is
in the CA store.
3. TODO: The certificate has not been revoked.
4. The certificate issuer name matches the parent's subject name.
5. TODO: If the certificate is self-issued and not the final certificate
in the chain, skip this step, otherwise verify that the subject name
is within one of the permitted subtrees of X.500 distinguished names
and that each of the alternative names in the subjectAltName extension
(critical or non-critical) is within one of the permitted subtrees for
that name type.
6. TODO: If the certificate is self-issued and not the final certificate
in the chain, skip this step, otherwise verify that the subject name
is not within one of the excluded subtrees for X.500 distinguished
names and none of the subjectAltName extension names are excluded for
that name type.
7. The other steps in the algorithm for basic path processing involve
handling the policy extension which is not presently supported in this
implementation. Instead, if a critical policy extension is found, the
certificate is rejected as not supported.
8. If the certificate is not the first or if its the only certificate in
the chain (having no parent from the CA store or is self-signed) and it
has a critical key usage extension, verify that the keyCertSign bit is
set. If the key usage extension exists, verify that the basic
constraints extension exists. If the basic constraints extension exists,
verify that the cA flag is set. If pathLenConstraint is set, ensure that
the number of certificates that precede in the chain (come earlier
in the chain as implemented below), excluding the very first in the
chain (typically the end-entity one), isn't greater than the
pathLenConstraint. This constraint limits the number of intermediate
CAs that may appear below a CA before only end-entity certificates
may be issued. */
// copy cert chain references to another array to protect against changes
// in verify callback
chain = chain.slice(0);
var certs = chain.slice(0);
// get current date
var now = new Date();
// verify each cert in the chain using its parent, where the parent
// is either the next in the chain or from the CA store
var first = true;
var error = null;
var depth = 0;
do {
var cert = chain.shift();
var parent = null;
var selfSigned = false;
// 1. check valid time
if(now < cert.validity.notBefore || now > cert.validity.notAfter) {
error = {
message: 'Certificate is not valid yet or has expired.',
error: pki.certificateError.certificate_expired,
notBefore: cert.validity.notBefore,
notAfter: cert.validity.notAfter,
now: now
};
}
// 2. verify with parent from chain or CA store
if(error === null) {
parent = chain[0] || caStore.getIssuer(cert);
if(parent === null) {
// check for self-signed cert
if(cert.isIssuer(cert)) {
selfSigned = true;
parent = cert;
}
}
if(parent) {
// FIXME: current CA store implementation might have multiple
// certificates where the issuer can't be determined from the
// certificate (happens rarely with, eg: old certificates) so normalize
// by always putting parents into an array
// TODO: there's may be an extreme degenerate case currently uncovered
// where an old intermediate certificate seems to have a matching parent
// but none of the parents actually verify ... but the intermediate
// is in the CA and it should pass this check; needs investigation
var parents = parent;
if(!forge.util.isArray(parents)) {
parents = [parents];
}
// try to verify with each possible parent (typically only one)
var verified = false;
while(!verified && parents.length > 0) {
parent = parents.shift();
try {
verified = parent.verify(cert);
} catch(ex) {
// failure to verify, don't care why, try next one
}
}
if(!verified) {
error = {
message: 'Certificate signature is invalid.',
error: pki.certificateError.bad_certificate
};
}
}
if(error === null && (!parent || selfSigned) &&
!caStore.hasCertificate(cert)) {
// no parent issuer and certificate itself is not trusted
error = {
message: 'Certificate is not trusted.',
error: pki.certificateError.unknown_ca
};
}
}
// TODO: 3. check revoked
// 4. check for matching issuer/subject
if(error === null && parent && !cert.isIssuer(parent)) {
// parent is not issuer
error = {
message: 'Certificate issuer is invalid.',
error: pki.certificateError.bad_certificate
};
}
// 5. TODO: check names with permitted names tree
// 6. TODO: check names against excluded names tree
// 7. check for unsupported critical extensions
if(error === null) {
// supported extensions
var se = {
keyUsage: true,
basicConstraints: true
};
for(var i = 0; error === null && i < cert.extensions.length; ++i) {
var ext = cert.extensions[i];
if(ext.critical && !(ext.name in se)) {
error = {
message:
'Certificate has an unsupported critical extension.',
error: pki.certificateError.unsupported_certificate
};
}
}
}
// 8. check for CA if cert is not first or is the only certificate
// remaining in chain with no parent or is self-signed
if(error === null &&
(!first || (chain.length === 0 && (!parent || selfSigned)))) {
// first check keyUsage extension and then basic constraints
var bcExt = cert.getExtension('basicConstraints');
var keyUsageExt = cert.getExtension('keyUsage');
if(keyUsageExt !== null) {
// keyCertSign must be true and there must be a basic
// constraints extension
if(!keyUsageExt.keyCertSign || bcExt === null) {
// bad certificate
error = {
message:
'Certificate keyUsage or basicConstraints conflict ' +
'or indicate that the certificate is not a CA. ' +
'If the certificate is the only one in the chain or ' +
'isn\'t the first then the certificate must be a ' +
'valid CA.',
error: pki.certificateError.bad_certificate
};
}
}
// basic constraints cA flag must be set
if(error === null && bcExt !== null && !bcExt.cA) {
// bad certificate
error = {
message:
'Certificate basicConstraints indicates the certificate ' +
'is not a CA.',
error: pki.certificateError.bad_certificate
};
}
// if error is not null and keyUsage is available, then we know it
// has keyCertSign and there is a basic constraints extension too,
// which means we can check pathLenConstraint (if it exists)
if(error === null && keyUsageExt !== null &&
'pathLenConstraint' in bcExt) {
// pathLen is the maximum # of intermediate CA certs that can be
// found between the current certificate and the end-entity (depth 0)
// certificate; this number does not include the end-entity (depth 0,
// last in the chain) even if it happens to be a CA certificate itself
var pathLen = depth - 1;
if(pathLen > bcExt.pathLenConstraint) {
// pathLenConstraint violated, bad certificate
error = {
message:
'Certificate basicConstraints pathLenConstraint violated.',
error: pki.certificateError.bad_certificate
};
}
}
}
// call application callback
var vfd = (error === null) ? true : error.error;
var ret = verify ? verify(vfd, depth, certs) : vfd;
if(ret === true) {
// clear any set error
error = null;
} else {
// if passed basic tests, set default message and alert
if(vfd === true) {
error = {
message: 'The application rejected the certificate.',
error: pki.certificateError.bad_certificate
};
}
// check for custom error info
if(ret || ret === 0) {
// set custom message and error
if(typeof ret === 'object' && !forge.util.isArray(ret)) {
if(ret.message) {
error.message = ret.message;
}
if(ret.error) {
error.error = ret.error;
}
} else if(typeof ret === 'string') {
// set custom error
error.error = ret;
}
}
// throw error
throw error;
}
// no longer first cert in chain
first = false;
++depth;
} while(chain.length > 0);
return true;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'x509';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge.pki;
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/x509',[
'require',
'module',
'./aes',
'./asn1',
'./des',
'./md',
'./mgf',
'./oids',
'./pem',
'./pss',
'./rsa',
'./util'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of PKCS#12.
*
* @author Dave Longley
* @author Stefan Siegl <stesie@brokenpipe.de>
*
* Copyright (c) 2010-2014 Digital Bazaar, Inc.
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
*
* The ASN.1 representation of PKCS#12 is as follows
* (see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12-tc1.pdf for details)
*
* PFX ::= SEQUENCE {
* version INTEGER {v3(3)}(v3,...),
* authSafe ContentInfo,
* macData MacData OPTIONAL
* }
*
* MacData ::= SEQUENCE {
* mac DigestInfo,
* macSalt OCTET STRING,
* iterations INTEGER DEFAULT 1
* }
* Note: The iterations default is for historical reasons and its use is
* deprecated. A higher value, like 1024, is recommended.
*
* DigestInfo is defined in PKCS#7 as follows:
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier,
* digest Digest
* }
*
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier
*
* The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
* for the algorithm, if any. In the case of SHA1 there is none.
*
* AlgorithmIdentifer ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* Digest ::= OCTET STRING
*
*
* ContentInfo ::= SEQUENCE {
* contentType ContentType,
* content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
* }
*
* ContentType ::= OBJECT IDENTIFIER
*
* AuthenticatedSafe ::= SEQUENCE OF ContentInfo
* -- Data if unencrypted
* -- EncryptedData if password-encrypted
* -- EnvelopedData if public key-encrypted
*
*
* SafeContents ::= SEQUENCE OF SafeBag
*
* SafeBag ::= SEQUENCE {
* bagId BAG-TYPE.&id ({PKCS12BagSet})
* bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),
* bagAttributes SET OF PKCS12Attribute OPTIONAL
* }
*
* PKCS12Attribute ::= SEQUENCE {
* attrId ATTRIBUTE.&id ({PKCS12AttrSet}),
* attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})
* } -- This type is compatible with the X.500 type Attribute
*
* PKCS12AttrSet ATTRIBUTE ::= {
* friendlyName | -- from PKCS #9
* localKeyId, -- from PKCS #9
* ... -- Other attributes are allowed
* }
*
* CertBag ::= SEQUENCE {
* certId BAG-TYPE.&id ({CertTypes}),
* certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
* }
*
* x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}}
* -- DER-encoded X.509 certificate stored in OCTET STRING
*
* sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}}
* -- Base64-encoded SDSI certificate stored in IA5String
*
* CertTypes BAG-TYPE ::= {
* x509Certificate |
* sdsiCertificate,
* ... -- For future extensions
* }
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for asn.1 & PKI API
var asn1 = forge.asn1;
var pki = forge.pki;
// shortcut for PKCS#12 API
var p12 = forge.pkcs12 = forge.pkcs12 || {};
var contentInfoValidator = {
name: 'ContentInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE, // a ContentInfo
constructed: true,
value: [{
name: 'ContentInfo.contentType',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'contentType'
}, {
name: 'ContentInfo.content',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
constructed: true,
captureAsn1: 'content'
}]
};
var pfxValidator = {
name: 'PFX',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PFX.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'version'
},
contentInfoValidator, {
name: 'PFX.macData',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
optional: true,
captureAsn1: 'mac',
value: [{
name: 'PFX.macData.mac',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE, // DigestInfo
constructed: true,
value: [{
name: 'PFX.macData.mac.digestAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE, // DigestAlgorithmIdentifier
constructed: true,
value: [{
name: 'PFX.macData.mac.digestAlgorithm.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'macAlgorithm'
}, {
name: 'PFX.macData.mac.digestAlgorithm.parameters',
tagClass: asn1.Class.UNIVERSAL,
captureAsn1: 'macAlgorithmParameters'
}]
}, {
name: 'PFX.macData.mac.digest',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'macDigest'
}]
}, {
name: 'PFX.macData.macSalt',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'macSalt'
}, {
name: 'PFX.macData.iterations',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
optional: true,
capture: 'macIterations'
}]
}]
};
var safeBagValidator = {
name: 'SafeBag',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'SafeBag.bagId',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'bagId'
}, {
name: 'SafeBag.bagValue',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
constructed: true,
captureAsn1: 'bagValue'
}, {
name: 'SafeBag.bagAttributes',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
constructed: true,
optional: true,
capture: 'bagAttributes'
}]
};
var attributeValidator = {
name: 'Attribute',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'Attribute.attrId',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'oid'
}, {
name: 'Attribute.attrValues',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
constructed: true,
capture: 'values'
}]
};
var certBagValidator = {
name: 'CertBag',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'CertBag.certId',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'certId'
}, {
name: 'CertBag.certValue',
tagClass: asn1.Class.CONTEXT_SPECIFIC,
constructed: true,
/* So far we only support X.509 certificates (which are wrapped in
an OCTET STRING, hence hard code that here). */
value: [{
name: 'CertBag.certValue[0]',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Class.OCTETSTRING,
constructed: false,
capture: 'cert'
}]
}]
};
/**
* Search SafeContents structure for bags with matching attributes.
*
* The search can optionally be narrowed by a certain bag type.
*
* @param safeContents the SafeContents structure to search in.
* @param attrName the name of the attribute to compare against.
* @param attrValue the attribute value to search for.
* @param [bagType] bag type to narrow search by.
*
* @return an array of matching bags.
*/
function _getBagsByAttribute(safeContents, attrName, attrValue, bagType) {
var result = [];
for(var i = 0; i < safeContents.length; i ++) {
for(var j = 0; j < safeContents[i].safeBags.length; j ++) {
var bag = safeContents[i].safeBags[j];
if(bagType !== undefined && bag.type !== bagType) {
continue;
}
// only filter by bag type, no attribute specified
if(attrName === null) {
result.push(bag);
continue;
}
if(bag.attributes[attrName] !== undefined &&
bag.attributes[attrName].indexOf(attrValue) >= 0) {
result.push(bag);
}
}
}
return result;
}
/**
* Converts a PKCS#12 PFX in ASN.1 notation into a PFX object.
*
* @param obj The PKCS#12 PFX in ASN.1 notation.
* @param strict true to use strict DER decoding, false not to (default: true).
* @param {String} password Password to decrypt with (optional).
*
* @return PKCS#12 PFX object.
*/
p12.pkcs12FromAsn1 = function(obj, strict, password) {
// handle args
if(typeof strict === 'string') {
password = strict;
strict = true;
} else if(strict === undefined) {
strict = true;
}
// validate PFX and capture data
var capture = {};
var errors = [];
if(!asn1.validate(obj, pfxValidator, capture, errors)) {
var error = new Error('Cannot read PKCS#12 PFX. ' +
'ASN.1 object is not an PKCS#12 PFX.');
error.errors = error;
throw error;
}
var pfx = {
version: capture.version.charCodeAt(0),
safeContents: [],
/**
* Gets bags with matching attributes.
*
* @param filter the attributes to filter by:
* [localKeyId] the localKeyId to search for.
* [localKeyIdHex] the localKeyId in hex to search for.
* [friendlyName] the friendly name to search for.
* [bagType] bag type to narrow each attribute search by.
*
* @return a map of attribute type to an array of matching bags or, if no
* attribute was given but a bag type, the map key will be the
* bag type.
*/
getBags: function(filter) {
var rval = {};
var localKeyId;
if('localKeyId' in filter) {
localKeyId = filter.localKeyId;
} else if('localKeyIdHex' in filter) {
localKeyId = forge.util.hexToBytes(filter.localKeyIdHex);
}
// filter on bagType only
if(localKeyId === undefined && !('friendlyName' in filter) &&
'bagType' in filter) {
rval[filter.bagType] = _getBagsByAttribute(
pfx.safeContents, null, null, filter.bagType);
}
if(localKeyId !== undefined) {
rval.localKeyId = _getBagsByAttribute(
pfx.safeContents, 'localKeyId',
localKeyId, filter.bagType);
}
if('friendlyName' in filter) {
rval.friendlyName = _getBagsByAttribute(
pfx.safeContents, 'friendlyName',
filter.friendlyName, filter.bagType);
}
return rval;
},
/**
* DEPRECATED: use getBags() instead.
*
* Get bags with matching friendlyName attribute.
*
* @param friendlyName the friendly name to search for.
* @param [bagType] bag type to narrow search by.
*
* @return an array of bags with matching friendlyName attribute.
*/
getBagsByFriendlyName: function(friendlyName, bagType) {
return _getBagsByAttribute(
pfx.safeContents, 'friendlyName', friendlyName, bagType);
},
/**
* DEPRECATED: use getBags() instead.
*
* Get bags with matching localKeyId attribute.
*
* @param localKeyId the localKeyId to search for.
* @param [bagType] bag type to narrow search by.
*
* @return an array of bags with matching localKeyId attribute.
*/
getBagsByLocalKeyId: function(localKeyId, bagType) {
return _getBagsByAttribute(
pfx.safeContents, 'localKeyId', localKeyId, bagType);
}
};
if(capture.version.charCodeAt(0) !== 3) {
var error = new Error('PKCS#12 PFX of version other than 3 not supported.');
error.version = capture.version.charCodeAt(0);
throw error;
}
if(asn1.derToOid(capture.contentType) !== pki.oids.data) {
var error = new Error('Only PKCS#12 PFX in password integrity mode supported.');
error.oid = asn1.derToOid(capture.contentType);
throw error;
}
var data = capture.content.value[0];
if(data.tagClass !== asn1.Class.UNIVERSAL ||
data.type !== asn1.Type.OCTETSTRING) {
throw new Error('PKCS#12 authSafe content data is not an OCTET STRING.');
}
data = _decodePkcs7Data(data);
// check for MAC
if(capture.mac) {
var md = null;
var macKeyBytes = 0;
var macAlgorithm = asn1.derToOid(capture.macAlgorithm);
switch(macAlgorithm) {
case pki.oids.sha1:
md = forge.md.sha1.create();
macKeyBytes = 20;
break;
case pki.oids.sha256:
md = forge.md.sha256.create();
macKeyBytes = 32;
break;
case pki.oids.sha384:
md = forge.md.sha384.create();
macKeyBytes = 48;
break;
case pki.oids.sha512:
md = forge.md.sha512.create();
macKeyBytes = 64;
break;
case pki.oids.md5:
md = forge.md.md5.create();
macKeyBytes = 16;
break;
}
if(md === null) {
throw new Error('PKCS#12 uses unsupported MAC algorithm: ' + macAlgorithm);
}
// verify MAC (iterations default to 1)
var macSalt = new forge.util.ByteBuffer(capture.macSalt);
var macIterations = (('macIterations' in capture) ?
parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1);
var macKey = p12.generateKey(
password, macSalt, 3, macIterations, macKeyBytes, md);
var mac = forge.hmac.create();
mac.start(md, macKey);
mac.update(data.value);
var macValue = mac.getMac();
if(macValue.getBytes() !== capture.macDigest) {
throw new Error('PKCS#12 MAC could not be verified. Invalid password?');
}
}
_decodeAuthenticatedSafe(pfx, data.value, strict, password);
return pfx;
};
/**
* Decodes PKCS#7 Data. PKCS#7 (RFC 2315) defines "Data" as an OCTET STRING,
* but it is sometimes an OCTET STRING that is composed/constructed of chunks,
* each its own OCTET STRING. This is BER-encoding vs. DER-encoding. This
* function transforms this corner-case into the usual simple,
* non-composed/constructed OCTET STRING.
*
* This function may be moved to ASN.1 at some point to better deal with
* more BER-encoding issues, should they arise.
*
* @param data the ASN.1 Data object to transform.
*/
function _decodePkcs7Data(data) {
// handle special case of "chunked" data content: an octet string composed
// of other octet strings
if(data.composed || data.constructed) {
var value = forge.util.createBuffer();
for(var i = 0; i < data.value.length; ++i) {
value.putBytes(data.value[i].value);
}
data.composed = data.constructed = false;
data.value = value.getBytes();
}
return data;
}
/**
* Decode PKCS#12 AuthenticatedSafe (BER encoded) into PFX object.
*
* The AuthenticatedSafe is a BER-encoded SEQUENCE OF ContentInfo.
*
* @param pfx The PKCS#12 PFX object to fill.
* @param {String} authSafe BER-encoded AuthenticatedSafe.
* @param strict true to use strict DER decoding, false not to.
* @param {String} password Password to decrypt with (optional).
*/
function _decodeAuthenticatedSafe(pfx, authSafe, strict, password) {
authSafe = asn1.fromDer(authSafe, strict); /* actually it's BER encoded */
if(authSafe.tagClass !== asn1.Class.UNIVERSAL ||
authSafe.type !== asn1.Type.SEQUENCE ||
authSafe.constructed !== true) {
throw new Error('PKCS#12 AuthenticatedSafe expected to be a ' +
'SEQUENCE OF ContentInfo');
}
for(var i = 0; i < authSafe.value.length; i ++) {
var contentInfo = authSafe.value[i];
// validate contentInfo and capture data
var capture = {};
var errors = [];
if(!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) {
var error = new Error('Cannot read ContentInfo.');
error.errors = errors;
throw error;
}
var obj = {
encrypted: false
};
var safeContents = null;
var data = capture.content.value[0];
switch(asn1.derToOid(capture.contentType)) {
case pki.oids.data:
if(data.tagClass !== asn1.Class.UNIVERSAL ||
data.type !== asn1.Type.OCTETSTRING) {
throw new Error('PKCS#12 SafeContents Data is not an OCTET STRING.');
}
safeContents = _decodePkcs7Data(data).value;
break;
case pki.oids.encryptedData:
safeContents = _decryptSafeContents(data, password);
obj.encrypted = true;
break;
default:
var error = new Error('Unsupported PKCS#12 contentType.');
error.contentType = asn1.derToOid(capture.contentType);
throw error;
}
obj.safeBags = _decodeSafeContents(safeContents, strict, password);
pfx.safeContents.push(obj);
}
}
/**
* Decrypt PKCS#7 EncryptedData structure.
*
* @param data ASN.1 encoded EncryptedContentInfo object.
* @param password The user-provided password.
*
* @return The decrypted SafeContents (ASN.1 object).
*/
function _decryptSafeContents(data, password) {
var capture = {};
var errors = [];
if(!asn1.validate(
data, forge.pkcs7.asn1.encryptedDataValidator, capture, errors)) {
var error = new Error('Cannot read EncryptedContentInfo.');
error.errors = errors;
throw error;
}
var oid = asn1.derToOid(capture.contentType);
if(oid !== pki.oids.data) {
var error = new Error(
'PKCS#12 EncryptedContentInfo ContentType is not Data.');
error.oid = oid;
throw error;
}
// get cipher
oid = asn1.derToOid(capture.encAlgorithm);
var cipher = pki.pbe.getCipher(oid, capture.encParameter, password);
// get encrypted data
var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1);
var encrypted = forge.util.createBuffer(encryptedContentAsn1.value);
cipher.update(encrypted);
if(!cipher.finish()) {
throw new Error('Failed to decrypt PKCS#12 SafeContents.');
}
return cipher.output.getBytes();
}
/**
* Decode PKCS#12 SafeContents (BER-encoded) into array of Bag objects.
*
* The safeContents is a BER-encoded SEQUENCE OF SafeBag.
*
* @param {String} safeContents BER-encoded safeContents.
* @param strict true to use strict DER decoding, false not to.
* @param {String} password Password to decrypt with (optional).
*
* @return {Array} Array of Bag objects.
*/
function _decodeSafeContents(safeContents, strict, password) {
// if strict and no safe contents, return empty safes
if(!strict && safeContents.length === 0) {
return [];
}
// actually it's BER-encoded
safeContents = asn1.fromDer(safeContents, strict);
if(safeContents.tagClass !== asn1.Class.UNIVERSAL ||
safeContents.type !== asn1.Type.SEQUENCE ||
safeContents.constructed !== true) {
throw new Error(
'PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag.');
}
var res = [];
for(var i = 0; i < safeContents.value.length; i++) {
var safeBag = safeContents.value[i];
// validate SafeBag and capture data
var capture = {};
var errors = [];
if(!asn1.validate(safeBag, safeBagValidator, capture, errors)) {
var error = new Error('Cannot read SafeBag.');
error.errors = errors;
throw error;
}
/* Create bag object and push to result array. */
var bag = {
type: asn1.derToOid(capture.bagId),
attributes: _decodeBagAttributes(capture.bagAttributes)
};
res.push(bag);
var validator, decoder;
var bagAsn1 = capture.bagValue.value[0];
switch(bag.type) {
case pki.oids.pkcs8ShroudedKeyBag:
/* bagAsn1 has a EncryptedPrivateKeyInfo, which we need to decrypt.
Afterwards we can handle it like a keyBag,
which is a PrivateKeyInfo. */
bagAsn1 = pki.decryptPrivateKeyInfo(bagAsn1, password);
if(bagAsn1 === null) {
throw new Error(
'Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?');
}
/* fall through */
case pki.oids.keyBag:
/* A PKCS#12 keyBag is a simple PrivateKeyInfo as understood by our
PKI module, hence we don't have to do validation/capturing here,
just pass what we already got. */
try {
bag.key = pki.privateKeyFromAsn1(bagAsn1);
} catch(e) {
// ignore unknown key type, pass asn1 value
bag.key = null;
bag.asn1 = bagAsn1;
}
continue; /* Nothing more to do. */
case pki.oids.certBag:
/* A PKCS#12 certBag can wrap both X.509 and sdsi certificates.
Therefore put the SafeBag content through another validator to
capture the fields. Afterwards check & store the results. */
validator = certBagValidator;
decoder = function() {
if(asn1.derToOid(capture.certId) !== pki.oids.x509Certificate) {
var error = new Error(
'Unsupported certificate type, only X.509 supported.');
error.oid = asn1.derToOid(capture.certId);
throw error;
}
// true=produce cert hash
var certAsn1 = asn1.fromDer(capture.cert, strict);
try {
bag.cert = pki.certificateFromAsn1(certAsn1, true);
} catch(e) {
// ignore unknown cert type, pass asn1 value
bag.cert = null;
bag.asn1 = certAsn1;
}
};
break;
default:
var error = new Error('Unsupported PKCS#12 SafeBag type.');
error.oid = bag.type;
throw error;
}
/* Validate SafeBag value (i.e. CertBag, etc.) and capture data if needed. */
if(validator !== undefined &&
!asn1.validate(bagAsn1, validator, capture, errors)) {
var error = new Error('Cannot read PKCS#12 ' + validator.name);
error.errors = errors;
throw error;
}
/* Call decoder function from above to store the results. */
decoder();
}
return res;
}
/**
* Decode PKCS#12 SET OF PKCS12Attribute into JavaScript object.
*
* @param attributes SET OF PKCS12Attribute (ASN.1 object).
*
* @return the decoded attributes.
*/
function _decodeBagAttributes(attributes) {
var decodedAttrs = {};
if(attributes !== undefined) {
for(var i = 0; i < attributes.length; ++i) {
var capture = {};
var errors = [];
if(!asn1.validate(attributes[i], attributeValidator, capture, errors)) {
var error = new Error('Cannot read PKCS#12 BagAttribute.');
error.errors = errors;
throw error;
}
var oid = asn1.derToOid(capture.oid);
if(pki.oids[oid] === undefined) {
// unsupported attribute type, ignore.
continue;
}
decodedAttrs[pki.oids[oid]] = [];
for(var j = 0; j < capture.values.length; ++j) {
decodedAttrs[pki.oids[oid]].push(capture.values[j].value);
}
}
}
return decodedAttrs;
}
/**
* Wraps a private key and certificate in a PKCS#12 PFX wrapper. If a
* password is provided then the private key will be encrypted.
*
* An entire certificate chain may also be included. To do this, pass
* an array for the "cert" parameter where the first certificate is
* the one that is paired with the private key and each subsequent one
* verifies the previous one. The certificates may be in PEM format or
* have been already parsed by Forge.
*
* @todo implement password-based-encryption for the whole package
*
* @param key the private key.
* @param cert the certificate (may be an array of certificates in order
* to specify a certificate chain).
* @param password the password to use, null for none.
* @param options:
* algorithm the encryption algorithm to use
* ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.
* count the iteration count to use.
* saltSize the salt size to use.
* useMac true to include a MAC, false not to, defaults to true.
* localKeyId the local key ID to use, in hex.
* friendlyName the friendly name to use.
* generateLocalKeyId true to generate a random local key ID,
* false not to, defaults to true.
*
* @return the PKCS#12 PFX ASN.1 object.
*/
p12.toPkcs12Asn1 = function(key, cert, password, options) {
// set default options
options = options || {};
options.saltSize = options.saltSize || 8;
options.count = options.count || 2048;
options.algorithm = options.algorithm || options.encAlgorithm || 'aes128';
if(!('useMac' in options)) {
options.useMac = true;
}
if(!('localKeyId' in options)) {
options.localKeyId = null;
}
if(!('generateLocalKeyId' in options)) {
options.generateLocalKeyId = true;
}
var localKeyId = options.localKeyId;
var bagAttrs;
if(localKeyId !== null) {
localKeyId = forge.util.hexToBytes(localKeyId);
} else if(options.generateLocalKeyId) {
// use SHA-1 of paired cert, if available
if(cert) {
var pairedCert = forge.util.isArray(cert) ? cert[0] : cert;
if(typeof pairedCert === 'string') {
pairedCert = pki.certificateFromPem(pairedCert);
}
var sha1 = forge.md.sha1.create();
sha1.update(asn1.toDer(pki.certificateToAsn1(pairedCert)).getBytes());
localKeyId = sha1.digest().getBytes();
} else {
// FIXME: consider using SHA-1 of public key (which can be generated
// from private key components), see: cert.generateSubjectKeyIdentifier
// generate random bytes
localKeyId = forge.random.getBytes(20);
}
}
var attrs = [];
if(localKeyId !== null) {
attrs.push(
// localKeyID
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// attrId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.localKeyId).getBytes()),
// attrValues
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
localKeyId)
])
]));
}
if('friendlyName' in options) {
attrs.push(
// friendlyName
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// attrId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.friendlyName).getBytes()),
// attrValues
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false,
options.friendlyName)
])
]));
}
if(attrs.length > 0) {
bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs);
}
// collect contents for AuthenticatedSafe
var contents = [];
// create safe bag(s) for certificate chain
var chain = [];
if(cert !== null) {
if(forge.util.isArray(cert)) {
chain = cert;
} else {
chain = [cert];
}
}
var certSafeBags = [];
for(var i = 0; i < chain.length; ++i) {
// convert cert from PEM as necessary
cert = chain[i];
if(typeof cert === 'string') {
cert = pki.certificateFromPem(cert);
}
// SafeBag
var certBagAttrs = (i === 0) ? bagAttrs : undefined;
var certAsn1 = pki.certificateToAsn1(cert);
var certSafeBag =
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// bagId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.certBag).getBytes()),
// bagValue
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// CertBag
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// certId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.x509Certificate).getBytes()),
// certValue (x509Certificate)
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(certAsn1).getBytes())
])])]),
// bagAttributes (OPTIONAL)
certBagAttrs
]);
certSafeBags.push(certSafeBag);
}
if(certSafeBags.length > 0) {
// SafeContents
var certSafeContents = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, certSafeBags);
// ContentInfo
var certCI =
// PKCS#7 ContentInfo
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// contentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
// OID for the content type is 'data'
asn1.oidToDer(pki.oids.data).getBytes()),
// content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(certSafeContents).getBytes())
])
]);
contents.push(certCI);
}
// create safe contents for private key
var keyBag = null;
if(key !== null) {
// SafeBag
var pkAsn1 = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(key));
if(password === null) {
// no encryption
keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// bagId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.keyBag).getBytes()),
// bagValue
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// PrivateKeyInfo
pkAsn1
]),
// bagAttributes (OPTIONAL)
bagAttrs
]);
} else {
// encrypted PrivateKeyInfo
keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// bagId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()),
// bagValue
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// EncryptedPrivateKeyInfo
pki.encryptPrivateKeyInfo(pkAsn1, password, options)
]),
// bagAttributes (OPTIONAL)
bagAttrs
]);
}
// SafeContents
var keySafeContents =
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]);
// ContentInfo
var keyCI =
// PKCS#7 ContentInfo
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// contentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
// OID for the content type is 'data'
asn1.oidToDer(pki.oids.data).getBytes()),
// content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(keySafeContents).getBytes())
])
]);
contents.push(keyCI);
}
// create AuthenticatedSafe by stringing together the contents
var safe = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents);
var macData;
if(options.useMac) {
// MacData
var sha1 = forge.md.sha1.create();
var macSalt = new forge.util.ByteBuffer(
forge.random.getBytes(options.saltSize));
var count = options.count;
// 160-bit key
var key = p12.generateKey(password, macSalt, 3, count, 20);
var mac = forge.hmac.create();
mac.start(sha1, key);
mac.update(asn1.toDer(safe).getBytes());
var macValue = mac.getMac();
macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// mac DigestInfo
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// digestAlgorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm = SHA-1
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.sha1).getBytes()),
// parameters = Null
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// digest
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,
false, macValue.getBytes())
]),
// macSalt OCTET STRING
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, macSalt.getBytes()),
// iterations INTEGER (XXX: Only support count < 65536)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(count).getBytes()
)
]);
}
// PFX
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version (3)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(3).getBytes()),
// PKCS#7 ContentInfo
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// contentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
// OID for the content type is 'data'
asn1.oidToDer(pki.oids.data).getBytes()),
// content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(safe).getBytes())
])
]),
macData
]);
};
/**
* Derives a PKCS#12 key.
*
* @param password the password to derive the key material from, null or
* undefined for none.
* @param salt the salt, as a ByteBuffer, to use.
* @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
* @param iter the iteration count.
* @param n the number of bytes to derive from the password.
* @param md the message digest to use, defaults to SHA-1.
*
* @return a ByteBuffer with the bytes derived from the password.
*/
p12.generateKey = forge.pbe.generatePkcs12Key;
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pkcs12';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pkcs12',[
'require',
'module',
'./asn1',
'./hmac',
'./oids',
'./pkcs7asn1',
'./pbe',
'./random',
'./rsa',
'./sha1',
'./util',
'./x509'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of a basic Public Key Infrastructure, including
* support for RSA public and private keys.
*
* @author Dave Longley
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for asn.1 API
var asn1 = forge.asn1;
/* Public Key Infrastructure (PKI) implementation. */
var pki = forge.pki = forge.pki || {};
/**
* NOTE: THIS METHOD IS DEPRECATED. Use pem.decode() instead.
*
* Converts PEM-formatted data to DER.
*
* @param pem the PEM-formatted data.
*
* @return the DER-formatted data.
*/
pki.pemToDer = function(pem) {
var msg = forge.pem.decode(pem)[0];
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert PEM to DER; PEM is encrypted.');
}
return forge.util.createBuffer(msg.body);
};
/**
* Converts an RSA private key from PEM format.
*
* @param pem the PEM-formatted private key.
*
* @return the private key.
*/
pki.privateKeyFromPem = function(pem) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'PRIVATE KEY' && msg.type !== 'RSA PRIVATE KEY') {
var error = new Error('Could not convert private key from PEM; PEM ' +
'header type is not "PRIVATE KEY" or "RSA PRIVATE KEY".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert private key from PEM; PEM is encrypted.');
}
// convert DER to ASN.1 object
var obj = asn1.fromDer(msg.body);
return pki.privateKeyFromAsn1(obj);
};
/**
* Converts an RSA private key to PEM format.
*
* @param key the private key.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted private key.
*/
pki.privateKeyToPem = function(key, maxline) {
// convert to ASN.1, then DER, then PEM-encode
var msg = {
type: 'RSA PRIVATE KEY',
body: asn1.toDer(pki.privateKeyToAsn1(key)).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Converts a PrivateKeyInfo to PEM format.
*
* @param pki the PrivateKeyInfo.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted private key.
*/
pki.privateKeyInfoToPem = function(pki, maxline) {
// convert to DER, then PEM-encode
var msg = {
type: 'PRIVATE KEY',
body: asn1.toDer(pki).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pki';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pki',[
'require',
'module',
'./asn1',
'./oids',
'./pbe',
'./pem',
'./pbkdf2',
'./pkcs12',
'./pss',
'./rsa',
'./util',
'./x509'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* A Javascript implementation of Transport Layer Security (TLS).
*
* @author Dave Longley
*
* Copyright (c) 2009-2014 Digital Bazaar, Inc.
*
* The TLS Handshake Protocol involves the following steps:
*
* - Exchange hello messages to agree on algorithms, exchange random values,
* and check for session resumption.
*
* - Exchange the necessary cryptographic parameters to allow the client and
* server to agree on a premaster secret.
*
* - Exchange certificates and cryptographic information to allow the client
* and server to authenticate themselves.
*
* - Generate a master secret from the premaster secret and exchanged random
* values.
*
* - Provide security parameters to the record layer.
*
* - Allow the client and server to verify that their peer has calculated the
* same security parameters and that the handshake occurred without tampering
* by an attacker.
*
* Up to 4 different messages may be sent during a key exchange. The server
* certificate, the server key exchange, the client certificate, and the
* client key exchange.
*
* A typical handshake (from the client's perspective).
*
* 1. Client sends ClientHello.
* 2. Client receives ServerHello.
* 3. Client receives optional Certificate.
* 4. Client receives optional ServerKeyExchange.
* 5. Client receives ServerHelloDone.
* 6. Client sends optional Certificate.
* 7. Client sends ClientKeyExchange.
* 8. Client sends optional CertificateVerify.
* 9. Client sends ChangeCipherSpec.
* 10. Client sends Finished.
* 11. Client receives ChangeCipherSpec.
* 12. Client receives Finished.
* 13. Client sends/receives application data.
*
* To reuse an existing session:
*
* 1. Client sends ClientHello with session ID for reuse.
* 2. Client receives ServerHello with same session ID if reusing.
* 3. Client receives ChangeCipherSpec message if reusing.
* 4. Client receives Finished.
* 5. Client sends ChangeCipherSpec.
* 6. Client sends Finished.
*
* Note: Client ignores HelloRequest if in the middle of a handshake.
*
* Record Layer:
*
* The record layer fragments information blocks into TLSPlaintext records
* carrying data in chunks of 2^14 bytes or less. Client message boundaries are
* not preserved in the record layer (i.e., multiple client messages of the
* same ContentType MAY be coalesced into a single TLSPlaintext record, or a
* single message MAY be fragmented across several records).
*
* struct {
* uint8 major;
* uint8 minor;
* } ProtocolVersion;
*
* struct {
* ContentType type;
* ProtocolVersion version;
* uint16 length;
* opaque fragment[TLSPlaintext.length];
* } TLSPlaintext;
*
* type:
* The higher-level protocol used to process the enclosed fragment.
*
* version:
* The version of the protocol being employed. TLS Version 1.2 uses version
* {3, 3}. TLS Version 1.0 uses version {3, 1}. Note that a client that
* supports multiple versions of TLS may not know what version will be
* employed before it receives the ServerHello.
*
* length:
* The length (in bytes) of the following TLSPlaintext.fragment. The length
* MUST NOT exceed 2^14 = 16384 bytes.
*
* fragment:
* The application data. This data is transparent and treated as an
* independent block to be dealt with by the higher-level protocol specified
* by the type field.
*
* Implementations MUST NOT send zero-length fragments of Handshake, Alert, or
* ChangeCipherSpec content types. Zero-length fragments of Application data
* MAY be sent as they are potentially useful as a traffic analysis
* countermeasure.
*
* Note: Data of different TLS record layer content types MAY be interleaved.
* Application data is generally of lower precedence for transmission than
* other content types. However, records MUST be delivered to the network in
* the same order as they are protected by the record layer. Recipients MUST
* receive and process interleaved application layer traffic during handshakes
* subsequent to the first one on a connection.
*
* struct {
* ContentType type; // same as TLSPlaintext.type
* ProtocolVersion version;// same as TLSPlaintext.version
* uint16 length;
* opaque fragment[TLSCompressed.length];
* } TLSCompressed;
*
* length:
* The length (in bytes) of the following TLSCompressed.fragment.
* The length MUST NOT exceed 2^14 + 1024.
*
* fragment:
* The compressed form of TLSPlaintext.fragment.
*
* Note: A CompressionMethod.null operation is an identity operation; no fields
* are altered. In this implementation, since no compression is supported,
* uncompressed records are always the same as compressed records.
*
* Encryption Information:
*
* The encryption and MAC functions translate a TLSCompressed structure into a
* TLSCiphertext. The decryption functions reverse the process. The MAC of the
* record also includes a sequence number so that missing, extra, or repeated
* messages are detectable.
*
* struct {
* ContentType type;
* ProtocolVersion version;
* uint16 length;
* select (SecurityParameters.cipher_type) {
* case stream: GenericStreamCipher;
* case block: GenericBlockCipher;
* case aead: GenericAEADCipher;
* } fragment;
* } TLSCiphertext;
*
* type:
* The type field is identical to TLSCompressed.type.
*
* version:
* The version field is identical to TLSCompressed.version.
*
* length:
* The length (in bytes) of the following TLSCiphertext.fragment.
* The length MUST NOT exceed 2^14 + 2048.
*
* fragment:
* The encrypted form of TLSCompressed.fragment, with the MAC.
*
* Note: Only CBC Block Ciphers are supported by this implementation.
*
* The TLSCompressed.fragment structures are converted to/from block
* TLSCiphertext.fragment structures.
*
* struct {
* opaque IV[SecurityParameters.record_iv_length];
* block-ciphered struct {
* opaque content[TLSCompressed.length];
* opaque MAC[SecurityParameters.mac_length];
* uint8 padding[GenericBlockCipher.padding_length];
* uint8 padding_length;
* };
* } GenericBlockCipher;
*
* The MAC is generated as described in Section 6.2.3.1.
*
* IV:
* The Initialization Vector (IV) SHOULD be chosen at random, and MUST be
* unpredictable. Note that in versions of TLS prior to 1.1, there was no
* IV field, and the last ciphertext block of the previous record (the "CBC
* residue") was used as the IV. This was changed to prevent the attacks
* described in [CBCATT]. For block ciphers, the IV length is of length
* SecurityParameters.record_iv_length, which is equal to the
* SecurityParameters.block_size.
*
* padding:
* Padding that is added to force the length of the plaintext to be an
* integral multiple of the block cipher's block length. The padding MAY be
* any length up to 255 bytes, as long as it results in the
* TLSCiphertext.length being an integral multiple of the block length.
* Lengths longer than necessary might be desirable to frustrate attacks on
* a protocol that are based on analysis of the lengths of exchanged
* messages. Each uint8 in the padding data vector MUST be filled with the
* padding length value. The receiver MUST check this padding and MUST use
* the bad_record_mac alert to indicate padding errors.
*
* padding_length:
* The padding length MUST be such that the total size of the
* GenericBlockCipher structure is a multiple of the cipher's block length.
* Legal values range from zero to 255, inclusive. This length specifies the
* length of the padding field exclusive of the padding_length field itself.
*
* The encrypted data length (TLSCiphertext.length) is one more than the sum of
* SecurityParameters.block_length, TLSCompressed.length,
* SecurityParameters.mac_length, and padding_length.
*
* Example: If the block length is 8 bytes, the content length
* (TLSCompressed.length) is 61 bytes, and the MAC length is 20 bytes, then the
* length before padding is 82 bytes (this does not include the IV. Thus, the
* padding length modulo 8 must be equal to 6 in order to make the total length
* an even multiple of 8 bytes (the block length). The padding length can be
* 6, 14, 22, and so on, through 254. If the padding length were the minimum
* necessary, 6, the padding would be 6 bytes, each containing the value 6.
* Thus, the last 8 octets of the GenericBlockCipher before block encryption
* would be xx 06 06 06 06 06 06 06, where xx is the last octet of the MAC.
*
* Note: With block ciphers in CBC mode (Cipher Block Chaining), it is critical
* that the entire plaintext of the record be known before any ciphertext is
* transmitted. Otherwise, it is possible for the attacker to mount the attack
* described in [CBCATT].
*
* Implementation note: Canvel et al. [CBCTIME] have demonstrated a timing
* attack on CBC padding based on the time required to compute the MAC. In
* order to defend against this attack, implementations MUST ensure that
* record processing time is essentially the same whether or not the padding
* is correct. In general, the best way to do this is to compute the MAC even
* if the padding is incorrect, and only then reject the packet. For instance,
* if the pad appears to be incorrect, the implementation might assume a
* zero-length pad and then compute the MAC. This leaves a small timing
* channel, since MAC performance depends, to some extent, on the size of the
* data fragment, but it is not believed to be large enough to be exploitable,
* due to the large block size of existing MACs and the small size of the
* timing signal.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/**
* Generates pseudo random bytes by mixing the result of two hash functions,
* MD5 and SHA-1.
*
* prf_TLS1(secret, label, seed) =
* P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed);
*
* Each P_hash function functions as follows:
*
* P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
* HMAC_hash(secret, A(2) + seed) +
* HMAC_hash(secret, A(3) + seed) + ...
* A() is defined as:
* A(0) = seed
* A(i) = HMAC_hash(secret, A(i-1))
*
* The '+' operator denotes concatenation.
*
* As many iterations A(N) as are needed are performed to generate enough
* pseudo random byte output. If an iteration creates more data than is
* necessary, then it is truncated.
*
* Therefore:
* A(1) = HMAC_hash(secret, A(0))
* = HMAC_hash(secret, seed)
* A(2) = HMAC_hash(secret, A(1))
* = HMAC_hash(secret, HMAC_hash(secret, seed))
*
* Therefore:
* P_hash(secret, seed) =
* HMAC_hash(secret, HMAC_hash(secret, A(0)) + seed) +
* HMAC_hash(secret, HMAC_hash(secret, A(1)) + seed) +
* ...
*
* Therefore:
* P_hash(secret, seed) =
* HMAC_hash(secret, HMAC_hash(secret, seed) + seed) +
* HMAC_hash(secret, HMAC_hash(secret, HMAC_hash(secret, seed)) + seed) +
* ...
*
* @param secret the secret to use.
* @param label the label to use.
* @param seed the seed value to use.
* @param length the number of bytes to generate.
*
* @return the pseudo random bytes in a byte buffer.
*/
var prf_TLS1 = function(secret, label, seed, length) {
var rval = forge.util.createBuffer();
/* For TLS 1.0, the secret is split in half, into two secrets of equal
length. If the secret has an odd length then the last byte of the first
half will be the same as the first byte of the second. The length of the
two secrets is half of the secret rounded up. */
var idx = (secret.length >> 1);
var slen = idx + (secret.length & 1);
var s1 = secret.substr(0, slen);
var s2 = secret.substr(idx, slen);
var ai = forge.util.createBuffer();
var hmac = forge.hmac.create();
seed = label + seed;
// determine the number of iterations that must be performed to generate
// enough output bytes, md5 creates 16 byte hashes, sha1 creates 20
var md5itr = Math.ceil(length / 16);
var sha1itr = Math.ceil(length / 20);
// do md5 iterations
hmac.start('MD5', s1);
var md5bytes = forge.util.createBuffer();
ai.putBytes(seed);
for(var i = 0; i < md5itr; ++i) {
// HMAC_hash(secret, A(i-1))
hmac.start(null, null);
hmac.update(ai.getBytes());
ai.putBuffer(hmac.digest());
// HMAC_hash(secret, A(i) + seed)
hmac.start(null, null);
hmac.update(ai.bytes() + seed);
md5bytes.putBuffer(hmac.digest());
}
// do sha1 iterations
hmac.start('SHA1', s2);
var sha1bytes = forge.util.createBuffer();
ai.clear();
ai.putBytes(seed);
for(var i = 0; i < sha1itr; ++i) {
// HMAC_hash(secret, A(i-1))
hmac.start(null, null);
hmac.update(ai.getBytes());
ai.putBuffer(hmac.digest());
// HMAC_hash(secret, A(i) + seed)
hmac.start(null, null);
hmac.update(ai.bytes() + seed);
sha1bytes.putBuffer(hmac.digest());
}
// XOR the md5 bytes with the sha1 bytes
rval.putBytes(forge.util.xorBytes(
md5bytes.getBytes(), sha1bytes.getBytes(), length));
return rval;
};
/**
* Generates pseudo random bytes using a SHA256 algorithm. For TLS 1.2.
*
* @param secret the secret to use.
* @param label the label to use.
* @param seed the seed value to use.
* @param length the number of bytes to generate.
*
* @return the pseudo random bytes in a byte buffer.
*/
var prf_sha256 = function(secret, label, seed, length) {
// FIXME: implement me for TLS 1.2
};
/**
* Gets a MAC for a record using the SHA-1 hash algorithm.
*
* @param key the mac key.
* @param state the sequence number (array of two 32-bit integers).
* @param record the record.
*
* @return the sha-1 hash (20 bytes) for the given record.
*/
var hmac_sha1 = function(key, seqNum, record) {
/* MAC is computed like so:
HMAC_hash(
key, seqNum +
TLSCompressed.type +
TLSCompressed.version +
TLSCompressed.length +
TLSCompressed.fragment)
*/
var hmac = forge.hmac.create();
hmac.start('SHA1', key);
var b = forge.util.createBuffer();
b.putInt32(seqNum[0]);
b.putInt32(seqNum[1]);
b.putByte(record.type);
b.putByte(record.version.major);
b.putByte(record.version.minor);
b.putInt16(record.length);
b.putBytes(record.fragment.bytes());
hmac.update(b.getBytes());
return hmac.digest().getBytes();
};
/**
* Compresses the TLSPlaintext record into a TLSCompressed record using the
* deflate algorithm.
*
* @param c the TLS connection.
* @param record the TLSPlaintext record to compress.
* @param s the ConnectionState to use.
*
* @return true on success, false on failure.
*/
var deflate = function(c, record, s) {
var rval = false;
try {
var bytes = c.deflate(record.fragment.getBytes());
record.fragment = forge.util.createBuffer(bytes);
record.length = bytes.length;
rval = true;
} catch(ex) {
// deflate error, fail out
}
return rval;
};
/**
* Decompresses the TLSCompressed record into a TLSPlaintext record using the
* deflate algorithm.
*
* @param c the TLS connection.
* @param record the TLSCompressed record to decompress.
* @param s the ConnectionState to use.
*
* @return true on success, false on failure.
*/
var inflate = function(c, record, s) {
var rval = false;
try {
var bytes = c.inflate(record.fragment.getBytes());
record.fragment = forge.util.createBuffer(bytes);
record.length = bytes.length;
rval = true;
} catch(ex) {
// inflate error, fail out
}
return rval;
};
/**
* Reads a TLS variable-length vector from a byte buffer.
*
* Variable-length vectors are defined by specifying a subrange of legal
* lengths, inclusively, using the notation <floor..ceiling>. When these are
* encoded, the actual length precedes the vector's contents in the byte
* stream. The length will be in the form of a number consuming as many bytes
* as required to hold the vector's specified maximum (ceiling) length. A
* variable-length vector with an actual length field of zero is referred to
* as an empty vector.
*
* @param b the byte buffer.
* @param lenBytes the number of bytes required to store the length.
*
* @return the resulting byte buffer.
*/
var readVector = function(b, lenBytes) {
var len = 0;
switch(lenBytes) {
case 1:
len = b.getByte();
break;
case 2:
len = b.getInt16();
break;
case 3:
len = b.getInt24();
break;
case 4:
len = b.getInt32();
break;
}
// read vector bytes into a new buffer
return forge.util.createBuffer(b.getBytes(len));
};
/**
* Writes a TLS variable-length vector to a byte buffer.
*
* @param b the byte buffer.
* @param lenBytes the number of bytes required to store the length.
* @param v the byte buffer vector.
*/
var writeVector = function(b, lenBytes, v) {
// encode length at the start of the vector, where the number of bytes for
// the length is the maximum number of bytes it would take to encode the
// vector's ceiling
b.putInt(v.length(), lenBytes << 3);
b.putBuffer(v);
};
/**
* The tls implementation.
*/
var tls = {};
/**
* Version: TLS 1.2 = 3.3, TLS 1.1 = 3.2, TLS 1.0 = 3.1. Both TLS 1.1 and
* TLS 1.2 were still too new (ie: openSSL didn't implement them) at the time
* of this implementation so TLS 1.0 was implemented instead.
*/
tls.Versions = {
TLS_1_0: {major: 3, minor: 1},
TLS_1_1: {major: 3, minor: 2},
TLS_1_2: {major: 3, minor: 3}
};
tls.SupportedVersions = [
tls.Versions.TLS_1_1,
tls.Versions.TLS_1_0
];
tls.Version = tls.SupportedVersions[0];
/**
* Maximum fragment size. True maximum is 16384, but we fragment before that
* to allow for unusual small increases during compression.
*/
tls.MaxFragment = 16384 - 1024;
/**
* Whether this entity is considered the "client" or "server".
* enum { server, client } ConnectionEnd;
*/
tls.ConnectionEnd = {
server: 0,
client: 1
};
/**
* Pseudo-random function algorithm used to generate keys from the master
* secret.
* enum { tls_prf_sha256 } PRFAlgorithm;
*/
tls.PRFAlgorithm = {
tls_prf_sha256: 0
};
/**
* Bulk encryption algorithms.
* enum { null, rc4, des3, aes } BulkCipherAlgorithm;
*/
tls.BulkCipherAlgorithm = {
none: null,
rc4: 0,
des3: 1,
aes: 2
};
/**
* Cipher types.
* enum { stream, block, aead } CipherType;
*/
tls.CipherType = {
stream: 0,
block: 1,
aead: 2
};
/**
* MAC (Message Authentication Code) algorithms.
* enum { null, hmac_md5, hmac_sha1, hmac_sha256,
* hmac_sha384, hmac_sha512} MACAlgorithm;
*/
tls.MACAlgorithm = {
none: null,
hmac_md5: 0,
hmac_sha1: 1,
hmac_sha256: 2,
hmac_sha384: 3,
hmac_sha512: 4
};
/**
* Compression algorithms.
* enum { null(0), deflate(1), (255) } CompressionMethod;
*/
tls.CompressionMethod = {
none: 0,
deflate: 1
};
/**
* TLS record content types.
* enum {
* change_cipher_spec(20), alert(21), handshake(22),
* application_data(23), (255)
* } ContentType;
*/
tls.ContentType = {
change_cipher_spec: 20,
alert: 21,
handshake: 22,
application_data: 23,
heartbeat: 24
};
/**
* TLS handshake types.
* enum {
* hello_request(0), client_hello(1), server_hello(2),
* certificate(11), server_key_exchange (12),
* certificate_request(13), server_hello_done(14),
* certificate_verify(15), client_key_exchange(16),
* finished(20), (255)
* } HandshakeType;
*/
tls.HandshakeType = {
hello_request: 0,
client_hello: 1,
server_hello: 2,
certificate: 11,
server_key_exchange: 12,
certificate_request: 13,
server_hello_done: 14,
certificate_verify: 15,
client_key_exchange: 16,
finished: 20
};
/**
* TLS Alert Protocol.
*
* enum { warning(1), fatal(2), (255) } AlertLevel;
*
* enum {
* close_notify(0),
* unexpected_message(10),
* bad_record_mac(20),
* decryption_failed(21),
* record_overflow(22),
* decompression_failure(30),
* handshake_failure(40),
* bad_certificate(42),
* unsupported_certificate(43),
* certificate_revoked(44),
* certificate_expired(45),
* certificate_unknown(46),
* illegal_parameter(47),
* unknown_ca(48),
* access_denied(49),
* decode_error(50),
* decrypt_error(51),
* export_restriction(60),
* protocol_version(70),
* insufficient_security(71),
* internal_error(80),
* user_canceled(90),
* no_renegotiation(100),
* (255)
* } AlertDescription;
*
* struct {
* AlertLevel level;
* AlertDescription description;
* } Alert;
*/
tls.Alert = {};
tls.Alert.Level = {
warning: 1,
fatal: 2
};
tls.Alert.Description = {
close_notify: 0,
unexpected_message: 10,
bad_record_mac: 20,
decryption_failed: 21,
record_overflow: 22,
decompression_failure: 30,
handshake_failure: 40,
bad_certificate: 42,
unsupported_certificate: 43,
certificate_revoked: 44,
certificate_expired: 45,
certificate_unknown: 46,
illegal_parameter: 47,
unknown_ca: 48,
access_denied: 49,
decode_error: 50,
decrypt_error: 51,
export_restriction: 60,
protocol_version: 70,
insufficient_security: 71,
internal_error: 80,
user_canceled: 90,
no_renegotiation: 100
};
/**
* TLS Heartbeat Message types.
* enum {
* heartbeat_request(1),
* heartbeat_response(2),
* (255)
* } HeartbeatMessageType;
*/
tls.HeartbeatMessageType = {
heartbeat_request: 1,
heartbeat_response: 2
};
/**
* Supported cipher suites.
*/
tls.CipherSuites = {};
/**
* Gets a supported cipher suite from its 2 byte ID.
*
* @param twoBytes two bytes in a string.
*
* @return the matching supported cipher suite or null.
*/
tls.getCipherSuite = function(twoBytes) {
var rval = null;
for(var key in tls.CipherSuites) {
var cs = tls.CipherSuites[key];
if(cs.id[0] === twoBytes.charCodeAt(0) &&
cs.id[1] === twoBytes.charCodeAt(1)) {
rval = cs;
break;
}
}
return rval;
};
/**
* Called when an unexpected record is encountered.
*
* @param c the connection.
* @param record the record.
*/
tls.handleUnexpected = function(c, record) {
// if connection is client and closed, ignore unexpected messages
var ignore = (!c.open && c.entity === tls.ConnectionEnd.client);
if(!ignore) {
c.error(c, {
message: 'Unexpected message. Received TLS record out of order.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.unexpected_message
}
});
}
};
/**
* Called when a client receives a HelloRequest record.
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleHelloRequest = function(c, record, length) {
// ignore renegotiation requests from the server during a handshake, but
// if handshaking, send a warning alert that renegotation is denied
if(!c.handshaking && c.handshakes > 0) {
// send alert warning
tls.queue(c, tls.createAlert(c, {
level: tls.Alert.Level.warning,
description: tls.Alert.Description.no_renegotiation
}));
tls.flush(c);
}
// continue
c.process();
};
/**
* Parses a hello message from a ClientHello or ServerHello record.
*
* @param record the record to parse.
*
* @return the parsed message.
*/
tls.parseHelloMessage = function(c, record, length) {
var msg = null;
var client = (c.entity === tls.ConnectionEnd.client);
// minimum of 38 bytes in message
if(length < 38) {
c.error(c, {
message: client ?
'Invalid ServerHello message. Message too short.' :
'Invalid ClientHello message. Message too short.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.illegal_parameter
}
});
} else {
// use 'remaining' to calculate # of remaining bytes in the message
var b = record.fragment;
var remaining = b.length();
msg = {
version: {
major: b.getByte(),
minor: b.getByte()
},
random: forge.util.createBuffer(b.getBytes(32)),
session_id: readVector(b, 1),
extensions: []
};
if(client) {
msg.cipher_suite = b.getBytes(2);
msg.compression_method = b.getByte();
} else {
msg.cipher_suites = readVector(b, 2);
msg.compression_methods = readVector(b, 1);
}
// read extensions if there are any bytes left in the message
remaining = length - (remaining - b.length());
if(remaining > 0) {
// parse extensions
var exts = readVector(b, 2);
while(exts.length() > 0) {
msg.extensions.push({
type: [exts.getByte(), exts.getByte()],
data: readVector(exts, 2)
});
}
// TODO: make extension support modular
if(!client) {
for(var i = 0; i < msg.extensions.length; ++i) {
var ext = msg.extensions[i];
// support SNI extension
if(ext.type[0] === 0x00 && ext.type[1] === 0x00) {
// get server name list
var snl = readVector(ext.data, 2);
while(snl.length() > 0) {
// read server name type
var snType = snl.getByte();
// only HostName type (0x00) is known, break out if
// another type is detected
if(snType !== 0x00) {
break;
}
// add host name to server name list
c.session.extensions.server_name.serverNameList.push(
readVector(snl, 2).getBytes());
}
}
}
}
}
// version already set, do not allow version change
if(c.session.version) {
if(msg.version.major !== c.session.version.major ||
msg.version.minor !== c.session.version.minor) {
return c.error(c, {
message: 'TLS version change is disallowed during renegotiation.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.protocol_version
}
});
}
}
// get the chosen (ServerHello) cipher suite
if(client) {
// FIXME: should be checking configured acceptable cipher suites
c.session.cipherSuite = tls.getCipherSuite(msg.cipher_suite);
} else {
// get a supported preferred (ClientHello) cipher suite
// choose the first supported cipher suite
var tmp = forge.util.createBuffer(msg.cipher_suites.bytes());
while(tmp.length() > 0) {
// FIXME: should be checking configured acceptable suites
// cipher suites take up 2 bytes
c.session.cipherSuite = tls.getCipherSuite(tmp.getBytes(2));
if(c.session.cipherSuite !== null) {
break;
}
}
}
// cipher suite not supported
if(c.session.cipherSuite === null) {
return c.error(c, {
message: 'No cipher suites in common.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.handshake_failure
},
cipherSuite: forge.util.bytesToHex(msg.cipher_suite)
});
}
// TODO: handle compression methods
if(client) {
c.session.compressionMethod = msg.compression_method;
} else {
// no compression
c.session.compressionMethod = tls.CompressionMethod.none;
}
}
return msg;
};
/**
* Creates security parameters for the given connection based on the given
* hello message.
*
* @param c the TLS connection.
* @param msg the hello message.
*/
tls.createSecurityParameters = function(c, msg) {
/* Note: security params are from TLS 1.2, some values like prf_algorithm
are ignored for TLS 1.0/1.1 and the builtin as specified in the spec is
used. */
// TODO: handle other options from server when more supported
// get client and server randoms
var client = (c.entity === tls.ConnectionEnd.client);
var msgRandom = msg.random.bytes();
var cRandom = client ? c.session.sp.client_random : msgRandom;
var sRandom = client ? msgRandom : tls.createRandom().getBytes();
// create new security parameters
c.session.sp = {
entity: c.entity,
prf_algorithm: tls.PRFAlgorithm.tls_prf_sha256,
bulk_cipher_algorithm: null,
cipher_type: null,
enc_key_length: null,
block_length: null,
fixed_iv_length: null,
record_iv_length: null,
mac_algorithm: null,
mac_length: null,
mac_key_length: null,
compression_algorithm: c.session.compressionMethod,
pre_master_secret: null,
master_secret: null,
client_random: cRandom,
server_random: sRandom
};
};
/**
* Called when a client receives a ServerHello record.
*
* When a ServerHello message will be sent:
* The server will send this message in response to a client hello message
* when it was able to find an acceptable set of algorithms. If it cannot
* find such a match, it will respond with a handshake failure alert.
*
* uint24 length;
* struct {
* ProtocolVersion server_version;
* Random random;
* SessionID session_id;
* CipherSuite cipher_suite;
* CompressionMethod compression_method;
* select(extensions_present) {
* case false:
* struct {};
* case true:
* Extension extensions<0..2^16-1>;
* };
* } ServerHello;
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleServerHello = function(c, record, length) {
var msg = tls.parseHelloMessage(c, record, length);
if(c.fail) {
return;
}
// ensure server version is compatible
if(msg.version.minor <= c.version.minor) {
c.version.minor = msg.version.minor;
} else {
return c.error(c, {
message: 'Incompatible TLS version.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.protocol_version
}
});
}
// indicate session version has been set
c.session.version = c.version;
// get the session ID from the message
var sessionId = msg.session_id.bytes();
// if the session ID is not blank and matches the cached one, resume
// the session
if(sessionId.length > 0 && sessionId === c.session.id) {
// resuming session, expect a ChangeCipherSpec next
c.expect = SCC;
c.session.resuming = true;
// get new server random
c.session.sp.server_random = msg.random.bytes();
} else {
// not resuming, expect a server Certificate message next
c.expect = SCE;
c.session.resuming = false;
// create new security parameters
tls.createSecurityParameters(c, msg);
}
// set new session ID
c.session.id = sessionId;
// continue
c.process();
};
/**
* Called when a server receives a ClientHello record.
*
* When a ClientHello message will be sent:
* When a client first connects to a server it is required to send the
* client hello as its first message. The client can also send a client
* hello in response to a hello request or on its own initiative in order
* to renegotiate the security parameters in an existing connection.
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleClientHello = function(c, record, length) {
var msg = tls.parseHelloMessage(c, record, length);
if(c.fail) {
return;
}
// get the session ID from the message
var sessionId = msg.session_id.bytes();
// see if the given session ID is in the cache
var session = null;
if(c.sessionCache) {
session = c.sessionCache.getSession(sessionId);
if(session === null) {
// session ID not found
sessionId = '';
} else if(session.version.major !== msg.version.major ||
session.version.minor > msg.version.minor) {
// if session version is incompatible with client version, do not resume
session = null;
sessionId = '';
}
}
// no session found to resume, generate a new session ID
if(sessionId.length === 0) {
sessionId = forge.random.getBytes(32);
}
// update session
c.session.id = sessionId;
c.session.clientHelloVersion = msg.version;
c.session.sp = {};
if(session) {
// use version and security parameters from resumed session
c.version = c.session.version = session.version;
c.session.sp = session.sp;
} else {
// use highest compatible minor version
var version;
for(var i = 1; i < tls.SupportedVersions.length; ++i) {
version = tls.SupportedVersions[i];
if(version.minor <= msg.version.minor) {
break;
}
}
c.version = {major: version.major, minor: version.minor};
c.session.version = c.version;
}
// if a session is set, resume it
if(session !== null) {
// resuming session, expect a ChangeCipherSpec next
c.expect = CCC;
c.session.resuming = true;
// get new client random
c.session.sp.client_random = msg.random.bytes();
} else {
// not resuming, expect a Certificate or ClientKeyExchange
c.expect = (c.verifyClient !== false) ? CCE : CKE;
c.session.resuming = false;
// create new security parameters
tls.createSecurityParameters(c, msg);
}
// connection now open
c.open = true;
// queue server hello
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createServerHello(c)
}));
if(c.session.resuming) {
// queue change cipher spec message
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.change_cipher_spec,
data: tls.createChangeCipherSpec()
}));
// create pending state
c.state.pending = tls.createConnectionState(c);
// change current write state to pending write state
c.state.current.write = c.state.pending.write;
// queue finished
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createFinished(c)
}));
} else {
// queue server certificate
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createCertificate(c)
}));
if(!c.fail) {
// queue server key exchange
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createServerKeyExchange(c)
}));
// request client certificate if set
if(c.verifyClient !== false) {
// queue certificate request
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createCertificateRequest(c)
}));
}
// queue server hello done
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createServerHelloDone(c)
}));
}
}
// send records
tls.flush(c);
// continue
c.process();
};
/**
* Called when a client receives a Certificate record.
*
* When this message will be sent:
* The server must send a certificate whenever the agreed-upon key exchange
* method is not an anonymous one. This message will always immediately
* follow the server hello message.
*
* Meaning of this message:
* The certificate type must be appropriate for the selected cipher suite's
* key exchange algorithm, and is generally an X.509v3 certificate. It must
* contain a key which matches the key exchange method, as follows. Unless
* otherwise specified, the signing algorithm for the certificate must be
* the same as the algorithm for the certificate key. Unless otherwise
* specified, the public key may be of any length.
*
* opaque ASN.1Cert<1..2^24-1>;
* struct {
* ASN.1Cert certificate_list<1..2^24-1>;
* } Certificate;
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleCertificate = function(c, record, length) {
// minimum of 3 bytes in message
if(length < 3) {
return c.error(c, {
message: 'Invalid Certificate message. Message too short.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.illegal_parameter
}
});
}
var b = record.fragment;
var msg = {
certificate_list: readVector(b, 3)
};
/* The sender's certificate will be first in the list (chain), each
subsequent one that follows will certify the previous one, but root
certificates (self-signed) that specify the certificate authority may
be omitted under the assumption that clients must already possess it. */
var cert, asn1;
var certs = [];
try {
while(msg.certificate_list.length() > 0) {
// each entry in msg.certificate_list is a vector with 3 len bytes
cert = readVector(msg.certificate_list, 3);
asn1 = forge.asn1.fromDer(cert);
cert = forge.pki.certificateFromAsn1(asn1, true);
certs.push(cert);
}
} catch(ex) {
return c.error(c, {
message: 'Could not parse certificate list.',
cause: ex,
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.bad_certificate
}
});
}
// ensure at least 1 certificate was provided if in client-mode
// or if verifyClient was set to true to require a certificate
// (as opposed to 'optional')
var client = (c.entity === tls.ConnectionEnd.client);
if((client || c.verifyClient === true) && certs.length === 0) {
// error, no certificate
c.error(c, {
message: client ?
'No server certificate provided.' :
'No client certificate provided.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.illegal_parameter
}
});
} else if(certs.length === 0) {
// no certs to verify
// expect a ServerKeyExchange or ClientKeyExchange message next
c.expect = client ? SKE : CKE;
} else {
// save certificate in session
if(client) {
c.session.serverCertificate = certs[0];
} else {
c.session.clientCertificate = certs[0];
}
if(tls.verifyCertificateChain(c, certs)) {
// expect a ServerKeyExchange or ClientKeyExchange message next
c.expect = client ? SKE : CKE;
}
}
// continue
c.process();
};
/**
* Called when a client receives a ServerKeyExchange record.
*
* When this message will be sent:
* This message will be sent immediately after the server certificate
* message (or the server hello message, if this is an anonymous
* negotiation).
*
* The server key exchange message is sent by the server only when the
* server certificate message (if sent) does not contain enough data to
* allow the client to exchange a premaster secret.
*
* Meaning of this message:
* This message conveys cryptographic information to allow the client to
* communicate the premaster secret: either an RSA public key to encrypt
* the premaster secret with, or a Diffie-Hellman public key with which the
* client can complete a key exchange (with the result being the premaster
* secret.)
*
* enum {
* dhe_dss, dhe_rsa, dh_anon, rsa, dh_dss, dh_rsa
* } KeyExchangeAlgorithm;
*
* struct {
* opaque dh_p<1..2^16-1>;
* opaque dh_g<1..2^16-1>;
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*
* struct {
* select(KeyExchangeAlgorithm) {
* case dh_anon:
* ServerDHParams params;
* case dhe_dss:
* case dhe_rsa:
* ServerDHParams params;
* digitally-signed struct {
* opaque client_random[32];
* opaque server_random[32];
* ServerDHParams params;
* } signed_params;
* case rsa:
* case dh_dss:
* case dh_rsa:
* struct {};
* };
* } ServerKeyExchange;
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleServerKeyExchange = function(c, record, length) {
// this implementation only supports RSA, no Diffie-Hellman support
// so any length > 0 is invalid
if(length > 0) {
return c.error(c, {
message: 'Invalid key parameters. Only RSA is supported.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.unsupported_certificate
}
});
}
// expect an optional CertificateRequest message next
c.expect = SCR;
// continue
c.process();
};
/**
* Called when a client receives a ClientKeyExchange record.
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleClientKeyExchange = function(c, record, length) {
// this implementation only supports RSA, no Diffie-Hellman support
// so any length < 48 is invalid
if(length < 48) {
return c.error(c, {
message: 'Invalid key parameters. Only RSA is supported.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.unsupported_certificate
}
});
}
var b = record.fragment;
var msg = {
enc_pre_master_secret: readVector(b, 2).getBytes()
};
// do rsa decryption
var privateKey = null;
if(c.getPrivateKey) {
try {
privateKey = c.getPrivateKey(c, c.session.serverCertificate);
privateKey = forge.pki.privateKeyFromPem(privateKey);
} catch(ex) {
c.error(c, {
message: 'Could not get private key.',
cause: ex,
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.internal_error
}
});
}
}
if(privateKey === null) {
return c.error(c, {
message: 'No private key set.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.internal_error
}
});
}
try {
// decrypt 48-byte pre-master secret
var sp = c.session.sp;
sp.pre_master_secret = privateKey.decrypt(msg.enc_pre_master_secret);
// ensure client hello version matches first 2 bytes
var version = c.session.clientHelloVersion;
if(version.major !== sp.pre_master_secret.charCodeAt(0) ||
version.minor !== sp.pre_master_secret.charCodeAt(1)) {
// error, do not send alert (see BLEI attack below)
throw new Error('TLS version rollback attack detected.');
}
} catch(ex) {
/* Note: Daniel Bleichenbacher [BLEI] can be used to attack a
TLS server which is using PKCS#1 encoded RSA, so instead of
failing here, we generate 48 random bytes and use that as
the pre-master secret. */
sp.pre_master_secret = forge.random.getBytes(48);
}
// expect a CertificateVerify message if a Certificate was received that
// does not have fixed Diffie-Hellman params, otherwise expect
// ChangeCipherSpec
c.expect = CCC;
if(c.session.clientCertificate !== null) {
// only RSA support, so expect CertificateVerify
// TODO: support Diffie-Hellman
c.expect = CCV;
}
// continue
c.process();
};
/**
* Called when a client receives a CertificateRequest record.
*
* When this message will be sent:
* A non-anonymous server can optionally request a certificate from the
* client, if appropriate for the selected cipher suite. This message, if
* sent, will immediately follow the Server Key Exchange message (if it is
* sent; otherwise, the Server Certificate message).
*
* enum {
* rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
* rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
* fortezza_dms_RESERVED(20), (255)
* } ClientCertificateType;
*
* opaque DistinguishedName<1..2^16-1>;
*
* struct {
* ClientCertificateType certificate_types<1..2^8-1>;
* SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>;
* DistinguishedName certificate_authorities<0..2^16-1>;
* } CertificateRequest;
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleCertificateRequest = function(c, record, length) {
// minimum of 3 bytes in message
if(length < 3) {
return c.error(c, {
message: 'Invalid CertificateRequest. Message too short.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.illegal_parameter
}
});
}
// TODO: TLS 1.2+ has different format including
// SignatureAndHashAlgorithm after cert types
var b = record.fragment;
var msg = {
certificate_types: readVector(b, 1),
certificate_authorities: readVector(b, 2)
};
// save certificate request in session
c.session.certificateRequest = msg;
// expect a ServerHelloDone message next
c.expect = SHD;
// continue
c.process();
};
/**
* Called when a server receives a CertificateVerify record.
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleCertificateVerify = function(c, record, length) {
if(length < 2) {
return c.error(c, {
message: 'Invalid CertificateVerify. Message too short.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.illegal_parameter
}
});
}
// rewind to get full bytes for message so it can be manually
// digested below (special case for CertificateVerify messages because
// they must be digested *after* handling as opposed to all others)
var b = record.fragment;
b.read -= 4;
var msgBytes = b.bytes();
b.read += 4;
var msg = {
signature: readVector(b, 2).getBytes()
};
// TODO: add support for DSA
// generate data to verify
var verify = forge.util.createBuffer();
verify.putBuffer(c.session.md5.digest());
verify.putBuffer(c.session.sha1.digest());
verify = verify.getBytes();
try {
var cert = c.session.clientCertificate;
/*b = forge.pki.rsa.decrypt(
msg.signature, cert.publicKey, true, verify.length);
if(b !== verify) {*/
if(!cert.publicKey.verify(verify, msg.signature, 'NONE')) {
throw new Error('CertificateVerify signature does not match.');
}
// digest message now that it has been handled
c.session.md5.update(msgBytes);
c.session.sha1.update(msgBytes);
} catch(ex) {
return c.error(c, {
message: 'Bad signature in CertificateVerify.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.handshake_failure
}
});
}
// expect ChangeCipherSpec
c.expect = CCC;
// continue
c.process();
};
/**
* Called when a client receives a ServerHelloDone record.
*
* When this message will be sent:
* The server hello done message is sent by the server to indicate the end
* of the server hello and associated messages. After sending this message
* the server will wait for a client response.
*
* Meaning of this message:
* This message means that the server is done sending messages to support
* the key exchange, and the client can proceed with its phase of the key
* exchange.
*
* Upon receipt of the server hello done message the client should verify
* that the server provided a valid certificate if required and check that
* the server hello parameters are acceptable.
*
* struct {} ServerHelloDone;
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleServerHelloDone = function(c, record, length) {
// len must be 0 bytes
if(length > 0) {
return c.error(c, {
message: 'Invalid ServerHelloDone message. Invalid length.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.record_overflow
}
});
}
if(c.serverCertificate === null) {
// no server certificate was provided
var error = {
message: 'No server certificate provided. Not enough security.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.insufficient_security
}
};
// call application callback
var depth = 0;
var ret = c.verify(c, error.alert.description, depth, []);
if(ret !== true) {
// check for custom alert info
if(ret || ret === 0) {
// set custom message and alert description
if(typeof ret === 'object' && !forge.util.isArray(ret)) {
if(ret.message) {
error.message = ret.message;
}
if(ret.alert) {
error.alert.description = ret.alert;
}
} else if(typeof ret === 'number') {
// set custom alert description
error.alert.description = ret;
}
}
// send error
return c.error(c, error);
}
}
// create client certificate message if requested
if(c.session.certificateRequest !== null) {
record = tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createCertificate(c)
});
tls.queue(c, record);
}
// create client key exchange message
record = tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createClientKeyExchange(c)
});
tls.queue(c, record);
// expect no messages until the following callback has been called
c.expect = SER;
// create callback to handle client signature (for client-certs)
var callback = function(c, signature) {
if(c.session.certificateRequest !== null &&
c.session.clientCertificate !== null) {
// create certificate verify message
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createCertificateVerify(c, signature)
}));
}
// create change cipher spec message
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.change_cipher_spec,
data: tls.createChangeCipherSpec()
}));
// create pending state
c.state.pending = tls.createConnectionState(c);
// change current write state to pending write state
c.state.current.write = c.state.pending.write;
// create finished message
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createFinished(c)
}));
// expect a server ChangeCipherSpec message next
c.expect = SCC;
// send records
tls.flush(c);
// continue
c.process();
};
// if there is no certificate request or no client certificate, do
// callback immediately
if(c.session.certificateRequest === null ||
c.session.clientCertificate === null) {
return callback(c, null);
}
// otherwise get the client signature
tls.getClientSignature(c, callback);
};
/**
* Called when a ChangeCipherSpec record is received.
*
* @param c the connection.
* @param record the record.
*/
tls.handleChangeCipherSpec = function(c, record) {
if(record.fragment.getByte() !== 0x01) {
return c.error(c, {
message: 'Invalid ChangeCipherSpec message received.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.illegal_parameter
}
});
}
// create pending state if:
// 1. Resuming session in client mode OR
// 2. NOT resuming session in server mode
var client = (c.entity === tls.ConnectionEnd.client);
if((c.session.resuming && client) || (!c.session.resuming && !client)) {
c.state.pending = tls.createConnectionState(c);
}
// change current read state to pending read state
c.state.current.read = c.state.pending.read;
// clear pending state if:
// 1. NOT resuming session in client mode OR
// 2. resuming a session in server mode
if((!c.session.resuming && client) || (c.session.resuming && !client)) {
c.state.pending = null;
}
// expect a Finished record next
c.expect = client ? SFI : CFI;
// continue
c.process();
};
/**
* Called when a Finished record is received.
*
* When this message will be sent:
* A finished message is always sent immediately after a change
* cipher spec message to verify that the key exchange and
* authentication processes were successful. It is essential that a
* change cipher spec message be received between the other
* handshake messages and the Finished message.
*
* Meaning of this message:
* The finished message is the first protected with the just-
* negotiated algorithms, keys, and secrets. Recipients of finished
* messages must verify that the contents are correct. Once a side
* has sent its Finished message and received and validated the
* Finished message from its peer, it may begin to send and receive
* application data over the connection.
*
* struct {
* opaque verify_data[verify_data_length];
* } Finished;
*
* verify_data
* PRF(master_secret, finished_label, Hash(handshake_messages))
* [0..verify_data_length-1];
*
* finished_label
* For Finished messages sent by the client, the string
* "client finished". For Finished messages sent by the server, the
* string "server finished".
*
* verify_data_length depends on the cipher suite. If it is not specified
* by the cipher suite, then it is 12. Versions of TLS < 1.2 always used
* 12 bytes.
*
* @param c the connection.
* @param record the record.
* @param length the length of the handshake message.
*/
tls.handleFinished = function(c, record, length) {
// rewind to get full bytes for message so it can be manually
// digested below (special case for Finished messages because they
// must be digested *after* handling as opposed to all others)
var b = record.fragment;
b.read -= 4;
var msgBytes = b.bytes();
b.read += 4;
// message contains only verify_data
var vd = record.fragment.getBytes();
// ensure verify data is correct
b = forge.util.createBuffer();
b.putBuffer(c.session.md5.digest());
b.putBuffer(c.session.sha1.digest());
// set label based on entity type
var client = (c.entity === tls.ConnectionEnd.client);
var label = client ? 'server finished' : 'client finished';
// TODO: determine prf function and verify length for TLS 1.2
var sp = c.session.sp;
var vdl = 12;
var prf = prf_TLS1;
b = prf(sp.master_secret, label, b.getBytes(), vdl);
if(b.getBytes() !== vd) {
return c.error(c, {
message: 'Invalid verify_data in Finished message.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.decrypt_error
}
});
}
// digest finished message now that it has been handled
c.session.md5.update(msgBytes);
c.session.sha1.update(msgBytes);
// resuming session as client or NOT resuming session as server
if((c.session.resuming && client) || (!c.session.resuming && !client)) {
// create change cipher spec message
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.change_cipher_spec,
data: tls.createChangeCipherSpec()
}));
// change current write state to pending write state, clear pending
c.state.current.write = c.state.pending.write;
c.state.pending = null;
// create finished message
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createFinished(c)
}));
}
// expect application data next
c.expect = client ? SAD : CAD;
// handshake complete
c.handshaking = false;
++c.handshakes;
// save access to peer certificate
c.peerCertificate = client ?
c.session.serverCertificate : c.session.clientCertificate;
// send records
tls.flush(c);
// now connected
c.isConnected = true;
c.connected(c);
// continue
c.process();
};
/**
* Called when an Alert record is received.
*
* @param c the connection.
* @param record the record.
*/
tls.handleAlert = function(c, record) {
// read alert
var b = record.fragment;
var alert = {
level: b.getByte(),
description: b.getByte()
};
// TODO: consider using a table?
// get appropriate message
var msg;
switch(alert.description) {
case tls.Alert.Description.close_notify:
msg = 'Connection closed.';
break;
case tls.Alert.Description.unexpected_message:
msg = 'Unexpected message.';
break;
case tls.Alert.Description.bad_record_mac:
msg = 'Bad record MAC.';
break;
case tls.Alert.Description.decryption_failed:
msg = 'Decryption failed.';
break;
case tls.Alert.Description.record_overflow:
msg = 'Record overflow.';
break;
case tls.Alert.Description.decompression_failure:
msg = 'Decompression failed.';
break;
case tls.Alert.Description.handshake_failure:
msg = 'Handshake failure.';
break;
case tls.Alert.Description.bad_certificate:
msg = 'Bad certificate.';
break;
case tls.Alert.Description.unsupported_certificate:
msg = 'Unsupported certificate.';
break;
case tls.Alert.Description.certificate_revoked:
msg = 'Certificate revoked.';
break;
case tls.Alert.Description.certificate_expired:
msg = 'Certificate expired.';
break;
case tls.Alert.Description.certificate_unknown:
msg = 'Certificate unknown.';
break;
case tls.Alert.Description.illegal_parameter:
msg = 'Illegal parameter.';
break;
case tls.Alert.Description.unknown_ca:
msg = 'Unknown certificate authority.';
break;
case tls.Alert.Description.access_denied:
msg = 'Access denied.';
break;
case tls.Alert.Description.decode_error:
msg = 'Decode error.';
break;
case tls.Alert.Description.decrypt_error:
msg = 'Decrypt error.';
break;
case tls.Alert.Description.export_restriction:
msg = 'Export restriction.';
break;
case tls.Alert.Description.protocol_version:
msg = 'Unsupported protocol version.';
break;
case tls.Alert.Description.insufficient_security:
msg = 'Insufficient security.';
break;
case tls.Alert.Description.internal_error:
msg = 'Internal error.';
break;
case tls.Alert.Description.user_canceled:
msg = 'User canceled.';
break;
case tls.Alert.Description.no_renegotiation:
msg = 'Renegotiation not supported.';
break;
default:
msg = 'Unknown error.';
break;
}
// close connection on close_notify, not an error
if(alert.description === tls.Alert.Description.close_notify) {
return c.close();
}
// call error handler
c.error(c, {
message: msg,
send: false,
// origin is the opposite end
origin: (c.entity === tls.ConnectionEnd.client) ? 'server' : 'client',
alert: alert
});
// continue
c.process();
};
/**
* Called when a Handshake record is received.
*
* @param c the connection.
* @param record the record.
*/
tls.handleHandshake = function(c, record) {
// get the handshake type and message length
var b = record.fragment;
var type = b.getByte();
var length = b.getInt24();
// see if the record fragment doesn't yet contain the full message
if(length > b.length()) {
// cache the record, clear its fragment, and reset the buffer read
// pointer before the type and length were read
c.fragmented = record;
record.fragment = forge.util.createBuffer();
b.read -= 4;
// continue
return c.process();
}
// full message now available, clear cache, reset read pointer to
// before type and length
c.fragmented = null;
b.read -= 4;
// save the handshake bytes for digestion after handler is found
// (include type and length of handshake msg)
var bytes = b.bytes(length + 4);
// restore read pointer
b.read += 4;
// handle expected message
if(type in hsTable[c.entity][c.expect]) {
// initialize server session
if(c.entity === tls.ConnectionEnd.server && !c.open && !c.fail) {
c.handshaking = true;
c.session = {
version: null,
extensions: {
server_name: {
serverNameList: []
}
},
cipherSuite: null,
compressionMethod: null,
serverCertificate: null,
clientCertificate: null,
md5: forge.md.md5.create(),
sha1: forge.md.sha1.create()
};
}
/* Update handshake messages digest. Finished and CertificateVerify
messages are not digested here. They can't be digested as part of
the verify_data that they contain. These messages are manually
digested in their handlers. HelloRequest messages are simply never
included in the handshake message digest according to spec. */
if(type !== tls.HandshakeType.hello_request &&
type !== tls.HandshakeType.certificate_verify &&
type !== tls.HandshakeType.finished) {
c.session.md5.update(bytes);
c.session.sha1.update(bytes);
}
// handle specific handshake type record
hsTable[c.entity][c.expect][type](c, record, length);
} else {
// unexpected record
tls.handleUnexpected(c, record);
}
};
/**
* Called when an ApplicationData record is received.
*
* @param c the connection.
* @param record the record.
*/
tls.handleApplicationData = function(c, record) {
// buffer data, notify that its ready
c.data.putBuffer(record.fragment);
c.dataReady(c);
// continue
c.process();
};
/**
* Called when a Heartbeat record is received.
*
* @param c the connection.
* @param record the record.
*/
tls.handleHeartbeat = function(c, record) {
// get the heartbeat type and payload
var b = record.fragment;
var type = b.getByte();
var length = b.getInt16();
var payload = b.getBytes(length);
if(type === tls.HeartbeatMessageType.heartbeat_request) {
// discard request during handshake or if length is too large
if(c.handshaking || length > payload.length) {
// continue
return c.process();
}
// retransmit payload
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.heartbeat,
data: tls.createHeartbeat(
tls.HeartbeatMessageType.heartbeat_response, payload)
}));
tls.flush(c);
} else if(type === tls.HeartbeatMessageType.heartbeat_response) {
// check payload against expected payload, discard heartbeat if no match
if(payload !== c.expectedHeartbeatPayload) {
// continue
return c.process();
}
// notify that a valid heartbeat was received
if(c.heartbeatReceived) {
c.heartbeatReceived(c, forge.util.createBuffer(payload));
}
}
// continue
c.process();
};
/**
* The transistional state tables for receiving TLS records. It maps the
* current TLS engine state and a received record to a function to handle the
* record and update the state.
*
* For instance, if the current state is SHE, then the TLS engine is expecting
* a ServerHello record. Once a record is received, the handler function is
* looked up using the state SHE and the record's content type.
*
* The resulting function will either be an error handler or a record handler.
* The function will take whatever action is appropriate and update the state
* for the next record.
*
* The states are all based on possible server record types. Note that the
* client will never specifically expect to receive a HelloRequest or an alert
* from the server so there is no state that reflects this. These messages may
* occur at any time.
*
* There are two tables for mapping states because there is a second tier of
* types for handshake messages. Once a record with a content type of handshake
* is received, the handshake record handler will look up the handshake type in
* the secondary map to get its appropriate handler.
*
* Valid message orders are as follows:
*
* =======================FULL HANDSHAKE======================
* Client Server
*
* ClientHello -------->
* ServerHello
* Certificate*
* ServerKeyExchange*
* CertificateRequest*
* <-------- ServerHelloDone
* Certificate*
* ClientKeyExchange
* CertificateVerify*
* [ChangeCipherSpec]
* Finished -------->
* [ChangeCipherSpec]
* <-------- Finished
* Application Data <-------> Application Data
*
* =====================SESSION RESUMPTION=====================
* Client Server
*
* ClientHello -------->
* ServerHello
* [ChangeCipherSpec]
* <-------- Finished
* [ChangeCipherSpec]
* Finished -------->
* Application Data <-------> Application Data
*/
// client expect states (indicate which records are expected to be received)
var SHE = 0; // rcv server hello
var SCE = 1; // rcv server certificate
var SKE = 2; // rcv server key exchange
var SCR = 3; // rcv certificate request
var SHD = 4; // rcv server hello done
var SCC = 5; // rcv change cipher spec
var SFI = 6; // rcv finished
var SAD = 7; // rcv application data
var SER = 8; // not expecting any messages at this point
// server expect states
var CHE = 0; // rcv client hello
var CCE = 1; // rcv client certificate
var CKE = 2; // rcv client key exchange
var CCV = 3; // rcv certificate verify
var CCC = 4; // rcv change cipher spec
var CFI = 5; // rcv finished
var CAD = 6; // rcv application data
var CER = 7; // not expecting any messages at this point
// map client current expect state and content type to function
var __ = tls.handleUnexpected;
var R0 = tls.handleChangeCipherSpec;
var R1 = tls.handleAlert;
var R2 = tls.handleHandshake;
var R3 = tls.handleApplicationData;
var R4 = tls.handleHeartbeat;
var ctTable = [];
ctTable[tls.ConnectionEnd.client] = [
// CC,AL,HS,AD,HB
/*SHE*/[__,R1,R2,__,R4],
/*SCE*/[__,R1,R2,__,R4],
/*SKE*/[__,R1,R2,__,R4],
/*SCR*/[__,R1,R2,__,R4],
/*SHD*/[__,R1,R2,__,R4],
/*SCC*/[R0,R1,__,__,R4],
/*SFI*/[__,R1,R2,__,R4],
/*SAD*/[__,R1,R2,R3,R4],
/*SER*/[__,R1,R2,__,R4]
];
// map server current expect state and content type to function
ctTable[tls.ConnectionEnd.server] = [
// CC,AL,HS,AD
/*CHE*/[__,R1,R2,__,R4],
/*CCE*/[__,R1,R2,__,R4],
/*CKE*/[__,R1,R2,__,R4],
/*CCV*/[__,R1,R2,__,R4],
/*CCC*/[R0,R1,__,__,R4],
/*CFI*/[__,R1,R2,__,R4],
/*CAD*/[__,R1,R2,R3,R4],
/*CER*/[__,R1,R2,__,R4]
];
// map client current expect state and handshake type to function
var H0 = tls.handleHelloRequest;
var H1 = tls.handleServerHello;
var H2 = tls.handleCertificate;
var H3 = tls.handleServerKeyExchange;
var H4 = tls.handleCertificateRequest;
var H5 = tls.handleServerHelloDone;
var H6 = tls.handleFinished;
var hsTable = [];
hsTable[tls.ConnectionEnd.client] = [
// HR,01,SH,03,04,05,06,07,08,09,10,SC,SK,CR,HD,15,CK,17,18,19,FI
/*SHE*/[__,__,H1,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],
/*SCE*/[H0,__,__,__,__,__,__,__,__,__,__,H2,H3,H4,H5,__,__,__,__,__,__],
/*SKE*/[H0,__,__,__,__,__,__,__,__,__,__,__,H3,H4,H5,__,__,__,__,__,__],
/*SCR*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,H4,H5,__,__,__,__,__,__],
/*SHD*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,H5,__,__,__,__,__,__],
/*SCC*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],
/*SFI*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H6],
/*SAD*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],
/*SER*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__]
];
// map server current expect state and handshake type to function
// Note: CAD[CH] does not map to FB because renegotation is prohibited
var H7 = tls.handleClientHello;
var H8 = tls.handleClientKeyExchange;
var H9 = tls.handleCertificateVerify;
hsTable[tls.ConnectionEnd.server] = [
// 01,CH,02,03,04,05,06,07,08,09,10,CC,12,13,14,CV,CK,17,18,19,FI
/*CHE*/[__,H7,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],
/*CCE*/[__,__,__,__,__,__,__,__,__,__,__,H2,__,__,__,__,__,__,__,__,__],
/*CKE*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H8,__,__,__,__],
/*CCV*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H9,__,__,__,__,__],
/*CCC*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],
/*CFI*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H6],
/*CAD*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],
/*CER*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__]
];
/**
* Generates the master_secret and keys using the given security parameters.
*
* The security parameters for a TLS connection state are defined as such:
*
* struct {
* ConnectionEnd entity;
* PRFAlgorithm prf_algorithm;
* BulkCipherAlgorithm bulk_cipher_algorithm;
* CipherType cipher_type;
* uint8 enc_key_length;
* uint8 block_length;
* uint8 fixed_iv_length;
* uint8 record_iv_length;
* MACAlgorithm mac_algorithm;
* uint8 mac_length;
* uint8 mac_key_length;
* CompressionMethod compression_algorithm;
* opaque master_secret[48];
* opaque client_random[32];
* opaque server_random[32];
* } SecurityParameters;
*
* Note that this definition is from TLS 1.2. In TLS 1.0 some of these
* parameters are ignored because, for instance, the PRFAlgorithm is a
* builtin-fixed algorithm combining iterations of MD5 and SHA-1 in TLS 1.0.
*
* The Record Protocol requires an algorithm to generate keys required by the
* current connection state.
*
* The master secret is expanded into a sequence of secure bytes, which is then
* split to a client write MAC key, a server write MAC key, a client write
* encryption key, and a server write encryption key. In TLS 1.0 a client write
* IV and server write IV are also generated. Each of these is generated from
* the byte sequence in that order. Unused values are empty. In TLS 1.2, some
* AEAD ciphers may additionally require a client write IV and a server write
* IV (see Section 6.2.3.3).
*
* When keys, MAC keys, and IVs are generated, the master secret is used as an
* entropy source.
*
* To generate the key material, compute:
*
* master_secret = PRF(pre_master_secret, "master secret",
* ClientHello.random + ServerHello.random)
*
* key_block = PRF(SecurityParameters.master_secret,
* "key expansion",
* SecurityParameters.server_random +
* SecurityParameters.client_random);
*
* until enough output has been generated. Then, the key_block is
* partitioned as follows:
*
* client_write_MAC_key[SecurityParameters.mac_key_length]
* server_write_MAC_key[SecurityParameters.mac_key_length]
* client_write_key[SecurityParameters.enc_key_length]
* server_write_key[SecurityParameters.enc_key_length]
* client_write_IV[SecurityParameters.fixed_iv_length]
* server_write_IV[SecurityParameters.fixed_iv_length]
*
* In TLS 1.2, the client_write_IV and server_write_IV are only generated for
* implicit nonce techniques as described in Section 3.2.1 of [AEAD]. This
* implementation uses TLS 1.0 so IVs are generated.
*
* Implementation note: The currently defined cipher suite which requires the
* most material is AES_256_CBC_SHA256. It requires 2 x 32 byte keys and 2 x 32
* byte MAC keys, for a total 128 bytes of key material. In TLS 1.0 it also
* requires 2 x 16 byte IVs, so it actually takes 160 bytes of key material.
*
* @param c the connection.
* @param sp the security parameters to use.
*
* @return the security keys.
*/
tls.generateKeys = function(c, sp) {
// TLS_RSA_WITH_AES_128_CBC_SHA (required to be compliant with TLS 1.2) &
// TLS_RSA_WITH_AES_256_CBC_SHA are the only cipher suites implemented
// at present
// TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is required to be compliant with
// TLS 1.0 but we don't care right now because AES is better and we have
// an implementation for it
// TODO: TLS 1.2 implementation
/*
// determine the PRF
var prf;
switch(sp.prf_algorithm) {
case tls.PRFAlgorithm.tls_prf_sha256:
prf = prf_sha256;
break;
default:
// should never happen
throw new Error('Invalid PRF');
}
*/
// TLS 1.0/1.1 implementation
var prf = prf_TLS1;
// concatenate server and client random
var random = sp.client_random + sp.server_random;
// only create master secret if session is new
if(!c.session.resuming) {
// create master secret, clean up pre-master secret
sp.master_secret = prf(
sp.pre_master_secret, 'master secret', random, 48).bytes();
sp.pre_master_secret = null;
}
// generate the amount of key material needed
random = sp.server_random + sp.client_random;
var length = 2 * sp.mac_key_length + 2 * sp.enc_key_length;
// include IV for TLS/1.0
var tls10 = (c.version.major === tls.Versions.TLS_1_0.major &&
c.version.minor === tls.Versions.TLS_1_0.minor);
if(tls10) {
length += 2 * sp.fixed_iv_length;
}
var km = prf(sp.master_secret, 'key expansion', random, length);
// split the key material into the MAC and encryption keys
var rval = {
client_write_MAC_key: km.getBytes(sp.mac_key_length),
server_write_MAC_key: km.getBytes(sp.mac_key_length),
client_write_key: km.getBytes(sp.enc_key_length),
server_write_key: km.getBytes(sp.enc_key_length)
};
// include TLS 1.0 IVs
if(tls10) {
rval.client_write_IV = km.getBytes(sp.fixed_iv_length);
rval.server_write_IV = km.getBytes(sp.fixed_iv_length);
}
return rval;
};
/**
* Creates a new initialized TLS connection state. A connection state has
* a read mode and a write mode.
*
* compression state:
* The current state of the compression algorithm.
*
* cipher state:
* The current state of the encryption algorithm. This will consist of the
* scheduled key for that connection. For stream ciphers, this will also
* contain whatever state information is necessary to allow the stream to
* continue to encrypt or decrypt data.
*
* MAC key:
* The MAC key for the connection.
*
* sequence number:
* Each connection state contains a sequence number, which is maintained
* separately for read and write states. The sequence number MUST be set to
* zero whenever a connection state is made the active state. Sequence
* numbers are of type uint64 and may not exceed 2^64-1. Sequence numbers do
* not wrap. If a TLS implementation would need to wrap a sequence number,
* it must renegotiate instead. A sequence number is incremented after each
* record: specifically, the first record transmitted under a particular
* connection state MUST use sequence number 0.
*
* @param c the connection.
*
* @return the new initialized TLS connection state.
*/
tls.createConnectionState = function(c) {
var client = (c.entity === tls.ConnectionEnd.client);
var createMode = function() {
var mode = {
// two 32-bit numbers, first is most significant
sequenceNumber: [0, 0],
macKey: null,
macLength: 0,
macFunction: null,
cipherState: null,
cipherFunction: function(record) {return true;},
compressionState: null,
compressFunction: function(record) {return true;},
updateSequenceNumber: function() {
if(mode.sequenceNumber[1] === 0xFFFFFFFF) {
mode.sequenceNumber[1] = 0;
++mode.sequenceNumber[0];
} else {
++mode.sequenceNumber[1];
}
}
};
return mode;
};
var state = {
read: createMode(),
write: createMode()
};
// update function in read mode will decrypt then decompress a record
state.read.update = function(c, record) {
if(!state.read.cipherFunction(record, state.read)) {
c.error(c, {
message: 'Could not decrypt record or bad MAC.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
// doesn't matter if decryption failed or MAC was
// invalid, return the same error so as not to reveal
// which one occurred
description: tls.Alert.Description.bad_record_mac
}
});
} else if(!state.read.compressFunction(c, record, state.read)) {
c.error(c, {
message: 'Could not decompress record.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.decompression_failure
}
});
}
return !c.fail;
};
// update function in write mode will compress then encrypt a record
state.write.update = function(c, record) {
if(!state.write.compressFunction(c, record, state.write)) {
// error, but do not send alert since it would require
// compression as well
c.error(c, {
message: 'Could not compress record.',
send: false,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.internal_error
}
});
} else if(!state.write.cipherFunction(record, state.write)) {
// error, but do not send alert since it would require
// encryption as well
c.error(c, {
message: 'Could not encrypt record.',
send: false,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.internal_error
}
});
}
return !c.fail;
};
// handle security parameters
if(c.session) {
var sp = c.session.sp;
c.session.cipherSuite.initSecurityParameters(sp);
// generate keys
sp.keys = tls.generateKeys(c, sp);
state.read.macKey = client ?
sp.keys.server_write_MAC_key : sp.keys.client_write_MAC_key;
state.write.macKey = client ?
sp.keys.client_write_MAC_key : sp.keys.server_write_MAC_key;
// cipher suite setup
c.session.cipherSuite.initConnectionState(state, c, sp);
// compression setup
switch(sp.compression_algorithm) {
case tls.CompressionMethod.none:
break;
case tls.CompressionMethod.deflate:
state.read.compressFunction = inflate;
state.write.compressFunction = deflate;
break;
default:
throw new Error('Unsupported compression algorithm.');
}
}
return state;
};
/**
* Creates a Random structure.
*
* struct {
* uint32 gmt_unix_time;
* opaque random_bytes[28];
* } Random;
*
* gmt_unix_time:
* The current time and date in standard UNIX 32-bit format (seconds since
* the midnight starting Jan 1, 1970, UTC, ignoring leap seconds) according
* to the sender's internal clock. Clocks are not required to be set
* correctly by the basic TLS protocol; higher-level or application
* protocols may define additional requirements. Note that, for historical
* reasons, the data element is named using GMT, the predecessor of the
* current worldwide time base, UTC.
* random_bytes:
* 28 bytes generated by a secure random number generator.
*
* @return the Random structure as a byte array.
*/
tls.createRandom = function() {
// get UTC milliseconds
var d = new Date();
var utc = +d + d.getTimezoneOffset() * 60000;
var rval = forge.util.createBuffer();
rval.putInt32(utc);
rval.putBytes(forge.random.getBytes(28));
return rval;
};
/**
* Creates a TLS record with the given type and data.
*
* @param c the connection.
* @param options:
* type: the record type.
* data: the plain text data in a byte buffer.
*
* @return the created record.
*/
tls.createRecord = function(c, options) {
if(!options.data) {
return null;
}
var record = {
type: options.type,
version: {
major: c.version.major,
minor: c.version.minor
},
length: options.data.length(),
fragment: options.data
};
return record;
};
/**
* Creates a TLS alert record.
*
* @param c the connection.
* @param alert:
* level: the TLS alert level.
* description: the TLS alert description.
*
* @return the created alert record.
*/
tls.createAlert = function(c, alert) {
var b = forge.util.createBuffer();
b.putByte(alert.level);
b.putByte(alert.description);
return tls.createRecord(c, {
type: tls.ContentType.alert,
data: b
});
};
/* The structure of a TLS handshake message.
*
* struct {
* HandshakeType msg_type; // handshake type
* uint24 length; // bytes in message
* select(HandshakeType) {
* case hello_request: HelloRequest;
* case client_hello: ClientHello;
* case server_hello: ServerHello;
* case certificate: Certificate;
* case server_key_exchange: ServerKeyExchange;
* case certificate_request: CertificateRequest;
* case server_hello_done: ServerHelloDone;
* case certificate_verify: CertificateVerify;
* case client_key_exchange: ClientKeyExchange;
* case finished: Finished;
* } body;
* } Handshake;
*/
/**
* Creates a ClientHello message.
*
* opaque SessionID<0..32>;
* enum { null(0), deflate(1), (255) } CompressionMethod;
* uint8 CipherSuite[2];
*
* struct {
* ProtocolVersion client_version;
* Random random;
* SessionID session_id;
* CipherSuite cipher_suites<2..2^16-2>;
* CompressionMethod compression_methods<1..2^8-1>;
* select(extensions_present) {
* case false:
* struct {};
* case true:
* Extension extensions<0..2^16-1>;
* };
* } ClientHello;
*
* The extension format for extended client hellos and server hellos is:
*
* struct {
* ExtensionType extension_type;
* opaque extension_data<0..2^16-1>;
* } Extension;
*
* Here:
*
* - "extension_type" identifies the particular extension type.
* - "extension_data" contains information specific to the particular
* extension type.
*
* The extension types defined in this document are:
*
* enum {
* server_name(0), max_fragment_length(1),
* client_certificate_url(2), trusted_ca_keys(3),
* truncated_hmac(4), status_request(5), (65535)
* } ExtensionType;
*
* @param c the connection.
*
* @return the ClientHello byte buffer.
*/
tls.createClientHello = function(c) {
// save hello version
c.session.clientHelloVersion = {
major: c.version.major,
minor: c.version.minor
};
// create supported cipher suites
var cipherSuites = forge.util.createBuffer();
for(var i = 0; i < c.cipherSuites.length; ++i) {
var cs = c.cipherSuites[i];
cipherSuites.putByte(cs.id[0]);
cipherSuites.putByte(cs.id[1]);
}
var cSuites = cipherSuites.length();
// create supported compression methods, null always supported, but
// also support deflate if connection has inflate and deflate methods
var compressionMethods = forge.util.createBuffer();
compressionMethods.putByte(tls.CompressionMethod.none);
// FIXME: deflate support disabled until issues with raw deflate data
// without zlib headers are resolved
/*
if(c.inflate !== null && c.deflate !== null) {
compressionMethods.putByte(tls.CompressionMethod.deflate);
}
*/
var cMethods = compressionMethods.length();
// create TLS SNI (server name indication) extension if virtual host
// has been specified, see RFC 3546
var extensions = forge.util.createBuffer();
if(c.virtualHost) {
// create extension struct
var ext = forge.util.createBuffer();
ext.putByte(0x00); // type server_name (ExtensionType is 2 bytes)
ext.putByte(0x00);
/* In order to provide the server name, clients MAY include an
* extension of type "server_name" in the (extended) client hello.
* The "extension_data" field of this extension SHALL contain
* "ServerNameList" where:
*
* struct {
* NameType name_type;
* select(name_type) {
* case host_name: HostName;
* } name;
* } ServerName;
*
* enum {
* host_name(0), (255)
* } NameType;
*
* opaque HostName<1..2^16-1>;
*
* struct {
* ServerName server_name_list<1..2^16-1>
* } ServerNameList;
*/
var serverName = forge.util.createBuffer();
serverName.putByte(0x00); // type host_name
writeVector(serverName, 2, forge.util.createBuffer(c.virtualHost));
// ServerNameList is in extension_data
var snList = forge.util.createBuffer();
writeVector(snList, 2, serverName);
writeVector(ext, 2, snList);
extensions.putBuffer(ext);
}
var extLength = extensions.length();
if(extLength > 0) {
// add extension vector length
extLength += 2;
}
// determine length of the handshake message
// cipher suites and compression methods size will need to be
// updated if more get added to the list
var sessionId = c.session.id;
var length =
sessionId.length + 1 + // session ID vector
2 + // version (major + minor)
4 + 28 + // random time and random bytes
2 + cSuites + // cipher suites vector
1 + cMethods + // compression methods vector
extLength; // extensions vector
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.client_hello);
rval.putInt24(length); // handshake length
rval.putByte(c.version.major); // major version
rval.putByte(c.version.minor); // minor version
rval.putBytes(c.session.sp.client_random); // random time + bytes
writeVector(rval, 1, forge.util.createBuffer(sessionId));
writeVector(rval, 2, cipherSuites);
writeVector(rval, 1, compressionMethods);
if(extLength > 0) {
writeVector(rval, 2, extensions);
}
return rval;
};
/**
* Creates a ServerHello message.
*
* @param c the connection.
*
* @return the ServerHello byte buffer.
*/
tls.createServerHello = function(c) {
// determine length of the handshake message
var sessionId = c.session.id;
var length =
sessionId.length + 1 + // session ID vector
2 + // version (major + minor)
4 + 28 + // random time and random bytes
2 + // chosen cipher suite
1; // chosen compression method
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.server_hello);
rval.putInt24(length); // handshake length
rval.putByte(c.version.major); // major version
rval.putByte(c.version.minor); // minor version
rval.putBytes(c.session.sp.server_random); // random time + bytes
writeVector(rval, 1, forge.util.createBuffer(sessionId));
rval.putByte(c.session.cipherSuite.id[0]);
rval.putByte(c.session.cipherSuite.id[1]);
rval.putByte(c.session.compressionMethod);
return rval;
};
/**
* Creates a Certificate message.
*
* When this message will be sent:
* This is the first message the client can send after receiving a server
* hello done message and the first message the server can send after
* sending a ServerHello. This client message is only sent if the server
* requests a certificate. If no suitable certificate is available, the
* client should send a certificate message containing no certificates. If
* client authentication is required by the server for the handshake to
* continue, it may respond with a fatal handshake failure alert.
*
* opaque ASN.1Cert<1..2^24-1>;
*
* struct {
* ASN.1Cert certificate_list<0..2^24-1>;
* } Certificate;
*
* @param c the connection.
*
* @return the Certificate byte buffer.
*/
tls.createCertificate = function(c) {
// TODO: check certificate request to ensure types are supported
// get a certificate (a certificate as a PEM string)
var client = (c.entity === tls.ConnectionEnd.client);
var cert = null;
if(c.getCertificate) {
var hint;
if(client) {
hint = c.session.certificateRequest;
} else {
hint = c.session.extensions.server_name.serverNameList;
}
cert = c.getCertificate(c, hint);
}
// buffer to hold certificate list
var certList = forge.util.createBuffer();
if(cert !== null) {
try {
// normalize cert to a chain of certificates
if(!forge.util.isArray(cert)) {
cert = [cert];
}
var asn1 = null;
for(var i = 0; i < cert.length; ++i) {
var msg = forge.pem.decode(cert[i])[0];
if(msg.type !== 'CERTIFICATE' &&
msg.type !== 'X509 CERTIFICATE' &&
msg.type !== 'TRUSTED CERTIFICATE') {
var error = new Error('Could not convert certificate from PEM; PEM ' +
'header type is not "CERTIFICATE", "X509 CERTIFICATE", or ' +
'"TRUSTED CERTIFICATE".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert certificate from PEM; PEM is encrypted.');
}
var der = forge.util.createBuffer(msg.body);
if(asn1 === null) {
asn1 = forge.asn1.fromDer(der.bytes(), false);
}
// certificate entry is itself a vector with 3 length bytes
var certBuffer = forge.util.createBuffer();
writeVector(certBuffer, 3, der);
// add cert vector to cert list vector
certList.putBuffer(certBuffer);
}
// save certificate
cert = forge.pki.certificateFromAsn1(asn1);
if(client) {
c.session.clientCertificate = cert;
} else {
c.session.serverCertificate = cert;
}
} catch(ex) {
return c.error(c, {
message: 'Could not send certificate list.',
cause: ex,
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.bad_certificate
}
});
}
}
// determine length of the handshake message
var length = 3 + certList.length(); // cert list vector
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.certificate);
rval.putInt24(length);
writeVector(rval, 3, certList);
return rval;
};
/**
* Creates a ClientKeyExchange message.
*
* When this message will be sent:
* This message is always sent by the client. It will immediately follow the
* client certificate message, if it is sent. Otherwise it will be the first
* message sent by the client after it receives the server hello done
* message.
*
* Meaning of this message:
* With this message, the premaster secret is set, either though direct
* transmission of the RSA-encrypted secret, or by the transmission of
* Diffie-Hellman parameters which will allow each side to agree upon the
* same premaster secret. When the key exchange method is DH_RSA or DH_DSS,
* client certification has been requested, and the client was able to
* respond with a certificate which contained a Diffie-Hellman public key
* whose parameters (group and generator) matched those specified by the
* server in its certificate, this message will not contain any data.
*
* Meaning of this message:
* If RSA is being used for key agreement and authentication, the client
* generates a 48-byte premaster secret, encrypts it using the public key
* from the server's certificate or the temporary RSA key provided in a
* server key exchange message, and sends the result in an encrypted
* premaster secret message. This structure is a variant of the client
* key exchange message, not a message in itself.
*
* struct {
* select(KeyExchangeAlgorithm) {
* case rsa: EncryptedPreMasterSecret;
* case diffie_hellman: ClientDiffieHellmanPublic;
* } exchange_keys;
* } ClientKeyExchange;
*
* struct {
* ProtocolVersion client_version;
* opaque random[46];
* } PreMasterSecret;
*
* struct {
* public-key-encrypted PreMasterSecret pre_master_secret;
* } EncryptedPreMasterSecret;
*
* A public-key-encrypted element is encoded as a vector <0..2^16-1>.
*
* @param c the connection.
*
* @return the ClientKeyExchange byte buffer.
*/
tls.createClientKeyExchange = function(c) {
// create buffer to encrypt
var b = forge.util.createBuffer();
// add highest client-supported protocol to help server avoid version
// rollback attacks
b.putByte(c.session.clientHelloVersion.major);
b.putByte(c.session.clientHelloVersion.minor);
// generate and add 46 random bytes
b.putBytes(forge.random.getBytes(46));
// save pre-master secret
var sp = c.session.sp;
sp.pre_master_secret = b.getBytes();
// RSA-encrypt the pre-master secret
var key = c.session.serverCertificate.publicKey;
b = key.encrypt(sp.pre_master_secret);
/* Note: The encrypted pre-master secret will be stored in a
public-key-encrypted opaque vector that has the length prefixed using
2 bytes, so include those 2 bytes in the handshake message length. This
is done as a minor optimization instead of calling writeVector(). */
// determine length of the handshake message
var length = b.length + 2;
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.client_key_exchange);
rval.putInt24(length);
// add vector length bytes
rval.putInt16(b.length);
rval.putBytes(b);
return rval;
};
/**
* Creates a ServerKeyExchange message.
*
* @param c the connection.
*
* @return the ServerKeyExchange byte buffer.
*/
tls.createServerKeyExchange = function(c) {
// this implementation only supports RSA, no Diffie-Hellman support,
// so this record is empty
// determine length of the handshake message
var length = 0;
// build record fragment
var rval = forge.util.createBuffer();
if(length > 0) {
rval.putByte(tls.HandshakeType.server_key_exchange);
rval.putInt24(length);
}
return rval;
};
/**
* Gets the signed data used to verify a client-side certificate. See
* tls.createCertificateVerify() for details.
*
* @param c the connection.
* @param callback the callback to call once the signed data is ready.
*/
tls.getClientSignature = function(c, callback) {
// generate data to RSA encrypt
var b = forge.util.createBuffer();
b.putBuffer(c.session.md5.digest());
b.putBuffer(c.session.sha1.digest());
b = b.getBytes();
// create default signing function as necessary
c.getSignature = c.getSignature || function(c, b, callback) {
// do rsa encryption, call callback
var privateKey = null;
if(c.getPrivateKey) {
try {
privateKey = c.getPrivateKey(c, c.session.clientCertificate);
privateKey = forge.pki.privateKeyFromPem(privateKey);
} catch(ex) {
c.error(c, {
message: 'Could not get private key.',
cause: ex,
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.internal_error
}
});
}
}
if(privateKey === null) {
c.error(c, {
message: 'No private key set.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.internal_error
}
});
} else {
b = privateKey.sign(b, null);
}
callback(c, b);
};
// get client signature
c.getSignature(c, b, callback);
};
/**
* Creates a CertificateVerify message.
*
* Meaning of this message:
* This structure conveys the client's Diffie-Hellman public value
* (Yc) if it was not already included in the client's certificate.
* The encoding used for Yc is determined by the enumerated
* PublicValueEncoding. This structure is a variant of the client
* key exchange message, not a message in itself.
*
* When this message will be sent:
* This message is used to provide explicit verification of a client
* certificate. This message is only sent following a client
* certificate that has signing capability (i.e. all certificates
* except those containing fixed Diffie-Hellman parameters). When
* sent, it will immediately follow the client key exchange message.
*
* struct {
* Signature signature;
* } CertificateVerify;
*
* CertificateVerify.signature.md5_hash
* MD5(handshake_messages);
*
* Certificate.signature.sha_hash
* SHA(handshake_messages);
*
* Here handshake_messages refers to all handshake messages sent or
* received starting at client hello up to but not including this
* message, including the type and length fields of the handshake
* messages.
*
* select(SignatureAlgorithm) {
* case anonymous: struct { };
* case rsa:
* digitally-signed struct {
* opaque md5_hash[16];
* opaque sha_hash[20];
* };
* case dsa:
* digitally-signed struct {
* opaque sha_hash[20];
* };
* } Signature;
*
* In digital signing, one-way hash functions are used as input for a
* signing algorithm. A digitally-signed element is encoded as an opaque
* vector <0..2^16-1>, where the length is specified by the signing
* algorithm and key.
*
* In RSA signing, a 36-byte structure of two hashes (one SHA and one
* MD5) is signed (encrypted with the private key). It is encoded with
* PKCS #1 block type 0 or type 1 as described in [PKCS1].
*
* In DSS, the 20 bytes of the SHA hash are run directly through the
* Digital Signing Algorithm with no additional hashing.
*
* @param c the connection.
* @param signature the signature to include in the message.
*
* @return the CertificateVerify byte buffer.
*/
tls.createCertificateVerify = function(c, signature) {
/* Note: The signature will be stored in a "digitally-signed" opaque
vector that has the length prefixed using 2 bytes, so include those
2 bytes in the handshake message length. This is done as a minor
optimization instead of calling writeVector(). */
// determine length of the handshake message
var length = signature.length + 2;
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.certificate_verify);
rval.putInt24(length);
// add vector length bytes
rval.putInt16(signature.length);
rval.putBytes(signature);
return rval;
};
/**
* Creates a CertificateRequest message.
*
* @param c the connection.
*
* @return the CertificateRequest byte buffer.
*/
tls.createCertificateRequest = function(c) {
// TODO: support other certificate types
var certTypes = forge.util.createBuffer();
// common RSA certificate type
certTypes.putByte(0x01);
// TODO: verify that this data format is correct
// add distinguished names from CA store
var cAs = forge.util.createBuffer();
for(var key in c.caStore.certs) {
var cert = c.caStore.certs[key];
var dn = forge.pki.distinguishedNameToAsn1(cert.subject);
cAs.putBuffer(forge.asn1.toDer(dn));
}
// TODO: TLS 1.2+ has a different format
// determine length of the handshake message
var length =
1 + certTypes.length() +
2 + cAs.length();
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.certificate_request);
rval.putInt24(length);
writeVector(rval, 1, certTypes);
writeVector(rval, 2, cAs);
return rval;
};
/**
* Creates a ServerHelloDone message.
*
* @param c the connection.
*
* @return the ServerHelloDone byte buffer.
*/
tls.createServerHelloDone = function(c) {
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.server_hello_done);
rval.putInt24(0);
return rval;
};
/**
* Creates a ChangeCipherSpec message.
*
* The change cipher spec protocol exists to signal transitions in
* ciphering strategies. The protocol consists of a single message,
* which is encrypted and compressed under the current (not the pending)
* connection state. The message consists of a single byte of value 1.
*
* struct {
* enum { change_cipher_spec(1), (255) } type;
* } ChangeCipherSpec;
*
* @return the ChangeCipherSpec byte buffer.
*/
tls.createChangeCipherSpec = function() {
var rval = forge.util.createBuffer();
rval.putByte(0x01);
return rval;
};
/**
* Creates a Finished message.
*
* struct {
* opaque verify_data[12];
* } Finished;
*
* verify_data
* PRF(master_secret, finished_label, MD5(handshake_messages) +
* SHA-1(handshake_messages)) [0..11];
*
* finished_label
* For Finished messages sent by the client, the string "client
* finished". For Finished messages sent by the server, the
* string "server finished".
*
* handshake_messages
* All of the data from all handshake messages up to but not
* including this message. This is only data visible at the
* handshake layer and does not include record layer headers.
* This is the concatenation of all the Handshake structures as
* defined in 7.4 exchanged thus far.
*
* @param c the connection.
*
* @return the Finished byte buffer.
*/
tls.createFinished = function(c) {
// generate verify_data
var b = forge.util.createBuffer();
b.putBuffer(c.session.md5.digest());
b.putBuffer(c.session.sha1.digest());
// TODO: determine prf function and verify length for TLS 1.2
var client = (c.entity === tls.ConnectionEnd.client);
var sp = c.session.sp;
var vdl = 12;
var prf = prf_TLS1;
var label = client ? 'client finished' : 'server finished';
b = prf(sp.master_secret, label, b.getBytes(), vdl);
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(tls.HandshakeType.finished);
rval.putInt24(b.length());
rval.putBuffer(b);
return rval;
};
/**
* Creates a HeartbeatMessage (See RFC 6520).
*
* struct {
* HeartbeatMessageType type;
* uint16 payload_length;
* opaque payload[HeartbeatMessage.payload_length];
* opaque padding[padding_length];
* } HeartbeatMessage;
*
* The total length of a HeartbeatMessage MUST NOT exceed 2^14 or
* max_fragment_length when negotiated as defined in [RFC6066].
*
* type: The message type, either heartbeat_request or heartbeat_response.
*
* payload_length: The length of the payload.
*
* payload: The payload consists of arbitrary content.
*
* padding: The padding is random content that MUST be ignored by the
* receiver. The length of a HeartbeatMessage is TLSPlaintext.length
* for TLS and DTLSPlaintext.length for DTLS. Furthermore, the
* length of the type field is 1 byte, and the length of the
* payload_length is 2. Therefore, the padding_length is
* TLSPlaintext.length - payload_length - 3 for TLS and
* DTLSPlaintext.length - payload_length - 3 for DTLS. The
* padding_length MUST be at least 16.
*
* The sender of a HeartbeatMessage MUST use a random padding of at
* least 16 bytes. The padding of a received HeartbeatMessage message
* MUST be ignored.
*
* If the payload_length of a received HeartbeatMessage is too large,
* the received HeartbeatMessage MUST be discarded silently.
*
* @param c the connection.
* @param type the tls.HeartbeatMessageType.
* @param payload the heartbeat data to send as the payload.
* @param [payloadLength] the payload length to use, defaults to the
* actual payload length.
*
* @return the HeartbeatRequest byte buffer.
*/
tls.createHeartbeat = function(type, payload, payloadLength) {
if(typeof payloadLength === 'undefined') {
payloadLength = payload.length;
}
// build record fragment
var rval = forge.util.createBuffer();
rval.putByte(type); // heartbeat message type
rval.putInt16(payloadLength); // payload length
rval.putBytes(payload); // payload
// padding
var plaintextLength = rval.length();
var paddingLength = Math.max(16, plaintextLength - payloadLength - 3);
rval.putBytes(forge.random.getBytes(paddingLength));
return rval;
};
/**
* Fragments, compresses, encrypts, and queues a record for delivery.
*
* @param c the connection.
* @param record the record to queue.
*/
tls.queue = function(c, record) {
// error during record creation
if(!record) {
return;
}
// if the record is a handshake record, update handshake hashes
if(record.type === tls.ContentType.handshake) {
var bytes = record.fragment.bytes();
c.session.md5.update(bytes);
c.session.sha1.update(bytes);
bytes = null;
}
// handle record fragmentation
var records;
if(record.fragment.length() <= tls.MaxFragment) {
records = [record];
} else {
// fragment data as long as it is too long
records = [];
var data = record.fragment.bytes();
while(data.length > tls.MaxFragment) {
records.push(tls.createRecord(c, {
type: record.type,
data: forge.util.createBuffer(data.slice(0, tls.MaxFragment))
}));
data = data.slice(tls.MaxFragment);
}
// add last record
if(data.length > 0) {
records.push(tls.createRecord(c, {
type: record.type,
data: forge.util.createBuffer(data)
}));
}
}
// compress and encrypt all fragmented records
for(var i = 0; i < records.length && !c.fail; ++i) {
// update the record using current write state
var rec = records[i];
var s = c.state.current.write;
if(s.update(c, rec)) {
// store record
c.records.push(rec);
}
}
};
/**
* Flushes all queued records to the output buffer and calls the
* tlsDataReady() handler on the given connection.
*
* @param c the connection.
*
* @return true on success, false on failure.
*/
tls.flush = function(c) {
for(var i = 0; i < c.records.length; ++i) {
var record = c.records[i];
// add record header and fragment
c.tlsData.putByte(record.type);
c.tlsData.putByte(record.version.major);
c.tlsData.putByte(record.version.minor);
c.tlsData.putInt16(record.fragment.length());
c.tlsData.putBuffer(c.records[i].fragment);
}
c.records = [];
return c.tlsDataReady(c);
};
/**
* Maps a pki.certificateError to a tls.Alert.Description.
*
* @param error the error to map.
*
* @return the alert description.
*/
var _certErrorToAlertDesc = function(error) {
switch(error) {
case true:
return true;
case forge.pki.certificateError.bad_certificate:
return tls.Alert.Description.bad_certificate;
case forge.pki.certificateError.unsupported_certificate:
return tls.Alert.Description.unsupported_certificate;
case forge.pki.certificateError.certificate_revoked:
return tls.Alert.Description.certificate_revoked;
case forge.pki.certificateError.certificate_expired:
return tls.Alert.Description.certificate_expired;
case forge.pki.certificateError.certificate_unknown:
return tls.Alert.Description.certificate_unknown;
case forge.pki.certificateError.unknown_ca:
return tls.Alert.Description.unknown_ca;
default:
return tls.Alert.Description.bad_certificate;
}
};
/**
* Maps a tls.Alert.Description to a pki.certificateError.
*
* @param desc the alert description.
*
* @return the certificate error.
*/
var _alertDescToCertError = function(desc) {
switch(desc) {
case true:
return true;
case tls.Alert.Description.bad_certificate:
return forge.pki.certificateError.bad_certificate;
case tls.Alert.Description.unsupported_certificate:
return forge.pki.certificateError.unsupported_certificate;
case tls.Alert.Description.certificate_revoked:
return forge.pki.certificateError.certificate_revoked;
case tls.Alert.Description.certificate_expired:
return forge.pki.certificateError.certificate_expired;
case tls.Alert.Description.certificate_unknown:
return forge.pki.certificateError.certificate_unknown;
case tls.Alert.Description.unknown_ca:
return forge.pki.certificateError.unknown_ca;
default:
return forge.pki.certificateError.bad_certificate;
}
};
/**
* Verifies a certificate chain against the given connection's
* Certificate Authority store.
*
* @param c the TLS connection.
* @param chain the certificate chain to verify, with the root or highest
* authority at the end.
*
* @return true if successful, false if not.
*/
tls.verifyCertificateChain = function(c, chain) {
try {
// verify chain
forge.pki.verifyCertificateChain(c.caStore, chain,
function verify(vfd, depth, chain) {
// convert pki.certificateError to tls alert description
var desc = _certErrorToAlertDesc(vfd);
// call application callback
var ret = c.verify(c, vfd, depth, chain);
if(ret !== true) {
if(typeof ret === 'object' && !forge.util.isArray(ret)) {
// throw custom error
var error = new Error('The application rejected the certificate.');
error.send = true;
error.alert = {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.bad_certificate
};
if(ret.message) {
error.message = ret.message;
}
if(ret.alert) {
error.alert.description = ret.alert;
}
throw error;
}
// convert tls alert description to pki.certificateError
if(ret !== vfd) {
ret = _alertDescToCertError(ret);
}
}
return ret;
});
} catch(ex) {
// build tls error if not already customized
var err = ex;
if(typeof err !== 'object' || forge.util.isArray(err)) {
err = {
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: _certErrorToAlertDesc(ex)
}
};
}
if(!('send' in err)) {
err.send = true;
}
if(!('alert' in err)) {
err.alert = {
level: tls.Alert.Level.fatal,
description: _certErrorToAlertDesc(err.error)
};
}
// send error
c.error(c, err);
}
return !c.fail;
};
/**
* Creates a new TLS session cache.
*
* @param cache optional map of session ID to cached session.
* @param capacity the maximum size for the cache (default: 100).
*
* @return the new TLS session cache.
*/
tls.createSessionCache = function(cache, capacity) {
var rval = null;
// assume input is already a session cache object
if(cache && cache.getSession && cache.setSession && cache.order) {
rval = cache;
} else {
// create cache
rval = {};
rval.cache = cache || {};
rval.capacity = Math.max(capacity || 100, 1);
rval.order = [];
// store order for sessions, delete session overflow
for(var key in cache) {
if(rval.order.length <= capacity) {
rval.order.push(key);
} else {
delete cache[key];
}
}
// get a session from a session ID (or get any session)
rval.getSession = function(sessionId) {
var session = null;
var key = null;
// if session ID provided, use it
if(sessionId) {
key = forge.util.bytesToHex(sessionId);
} else if(rval.order.length > 0) {
// get first session from cache
key = rval.order[0];
}
if(key !== null && key in rval.cache) {
// get cached session and remove from cache
session = rval.cache[key];
delete rval.cache[key];
for(var i in rval.order) {
if(rval.order[i] === key) {
rval.order.splice(i, 1);
break;
}
}
}
return session;
};
// set a session in the cache
rval.setSession = function(sessionId, session) {
// remove session from cache if at capacity
if(rval.order.length === rval.capacity) {
var key = rval.order.shift();
delete rval.cache[key];
}
// add session to cache
var key = forge.util.bytesToHex(sessionId);
rval.order.push(key);
rval.cache[key] = session;
};
}
return rval;
};
/**
* Creates a new TLS connection.
*
* See public createConnection() docs for more details.
*
* @param options the options for this connection.
*
* @return the new TLS connection.
*/
tls.createConnection = function(options) {
var caStore = null;
if(options.caStore) {
// if CA store is an array, convert it to a CA store object
if(forge.util.isArray(options.caStore)) {
caStore = forge.pki.createCaStore(options.caStore);
} else {
caStore = options.caStore;
}
} else {
// create empty CA store
caStore = forge.pki.createCaStore();
}
// setup default cipher suites
var cipherSuites = options.cipherSuites || null;
if(cipherSuites === null) {
cipherSuites = [];
for(var key in tls.CipherSuites) {
cipherSuites.push(tls.CipherSuites[key]);
}
}
// set default entity
var entity = (options.server || false) ?
tls.ConnectionEnd.server : tls.ConnectionEnd.client;
// create session cache if requested
var sessionCache = options.sessionCache ?
tls.createSessionCache(options.sessionCache) : null;
// create TLS connection
var c = {
version: {major: tls.Version.major, minor: tls.Version.minor},
entity: entity,
sessionId: options.sessionId,
caStore: caStore,
sessionCache: sessionCache,
cipherSuites: cipherSuites,
connected: options.connected,
virtualHost: options.virtualHost || null,
verifyClient: options.verifyClient || false,
verify: options.verify || function(cn, vfd, dpth, cts) {return vfd;},
getCertificate: options.getCertificate || null,
getPrivateKey: options.getPrivateKey || null,
getSignature: options.getSignature || null,
input: forge.util.createBuffer(),
tlsData: forge.util.createBuffer(),
data: forge.util.createBuffer(),
tlsDataReady: options.tlsDataReady,
dataReady: options.dataReady,
heartbeatReceived: options.heartbeatReceived,
closed: options.closed,
error: function(c, ex) {
// set origin if not set
ex.origin = ex.origin ||
((c.entity === tls.ConnectionEnd.client) ? 'client' : 'server');
// send TLS alert
if(ex.send) {
tls.queue(c, tls.createAlert(c, ex.alert));
tls.flush(c);
}
// error is fatal by default
var fatal = (ex.fatal !== false);
if(fatal) {
// set fail flag
c.fail = true;
}
// call error handler first
options.error(c, ex);
if(fatal) {
// fatal error, close connection, do not clear fail
c.close(false);
}
},
deflate: options.deflate || null,
inflate: options.inflate || null
};
/**
* Resets a closed TLS connection for reuse. Called in c.close().
*
* @param clearFail true to clear the fail flag (default: true).
*/
c.reset = function(clearFail) {
c.version = {major: tls.Version.major, minor: tls.Version.minor};
c.record = null;
c.session = null;
c.peerCertificate = null;
c.state = {
pending: null,
current: null
};
c.expect = (c.entity === tls.ConnectionEnd.client) ? SHE : CHE;
c.fragmented = null;
c.records = [];
c.open = false;
c.handshakes = 0;
c.handshaking = false;
c.isConnected = false;
c.fail = !(clearFail || typeof(clearFail) === 'undefined');
c.input.clear();
c.tlsData.clear();
c.data.clear();
c.state.current = tls.createConnectionState(c);
};
// do initial reset of connection
c.reset();
/**
* Updates the current TLS engine state based on the given record.
*
* @param c the TLS connection.
* @param record the TLS record to act on.
*/
var _update = function(c, record) {
// get record handler (align type in table by subtracting lowest)
var aligned = record.type - tls.ContentType.change_cipher_spec;
var handlers = ctTable[c.entity][c.expect];
if(aligned in handlers) {
handlers[aligned](c, record);
} else {
// unexpected record
tls.handleUnexpected(c, record);
}
};
/**
* Reads the record header and initializes the next record on the given
* connection.
*
* @param c the TLS connection with the next record.
*
* @return 0 if the input data could be processed, otherwise the
* number of bytes required for data to be processed.
*/
var _readRecordHeader = function(c) {
var rval = 0;
// get input buffer and its length
var b = c.input;
var len = b.length();
// need at least 5 bytes to initialize a record
if(len < 5) {
rval = 5 - len;
} else {
// enough bytes for header
// initialize record
c.record = {
type: b.getByte(),
version: {
major: b.getByte(),
minor: b.getByte()
},
length: b.getInt16(),
fragment: forge.util.createBuffer(),
ready: false
};
// check record version
var compatibleVersion = (c.record.version.major === c.version.major);
if(compatibleVersion && c.session && c.session.version) {
// session version already set, require same minor version
compatibleVersion = (c.record.version.minor === c.version.minor);
}
if(!compatibleVersion) {
c.error(c, {
message: 'Incompatible TLS version.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description: tls.Alert.Description.protocol_version
}
});
}
}
return rval;
};
/**
* Reads the next record's contents and appends its message to any
* previously fragmented message.
*
* @param c the TLS connection with the next record.
*
* @return 0 if the input data could be processed, otherwise the
* number of bytes required for data to be processed.
*/
var _readRecord = function(c) {
var rval = 0;
// ensure there is enough input data to get the entire record
var b = c.input;
var len = b.length();
if(len < c.record.length) {
// not enough data yet, return how much is required
rval = c.record.length - len;
} else {
// there is enough data to parse the pending record
// fill record fragment and compact input buffer
c.record.fragment.putBytes(b.getBytes(c.record.length));
b.compact();
// update record using current read state
var s = c.state.current.read;
if(s.update(c, c.record)) {
// see if there is a previously fragmented message that the
// new record's message fragment should be appended to
if(c.fragmented !== null) {
// if the record type matches a previously fragmented
// record, append the record fragment to it
if(c.fragmented.type === c.record.type) {
// concatenate record fragments
c.fragmented.fragment.putBuffer(c.record.fragment);
c.record = c.fragmented;
} else {
// error, invalid fragmented record
c.error(c, {
message: 'Invalid fragmented record.',
send: true,
alert: {
level: tls.Alert.Level.fatal,
description:
tls.Alert.Description.unexpected_message
}
});
}
}
// record is now ready
c.record.ready = true;
}
}
return rval;
};
/**
* Performs a handshake using the TLS Handshake Protocol, as a client.
*
* This method should only be called if the connection is in client mode.
*
* @param sessionId the session ID to use, null to start a new one.
*/
c.handshake = function(sessionId) {
// error to call this in non-client mode
if(c.entity !== tls.ConnectionEnd.client) {
// not fatal error
c.error(c, {
message: 'Cannot initiate handshake as a server.',
fatal: false
});
} else if(c.handshaking) {
// handshake is already in progress, fail but not fatal error
c.error(c, {
message: 'Handshake already in progress.',
fatal: false
});
} else {
// clear fail flag on reuse
if(c.fail && !c.open && c.handshakes === 0) {
c.fail = false;
}
// now handshaking
c.handshaking = true;
// default to blank (new session)
sessionId = sessionId || '';
// if a session ID was specified, try to find it in the cache
var session = null;
if(sessionId.length > 0) {
if(c.sessionCache) {
session = c.sessionCache.getSession(sessionId);
}
// matching session not found in cache, clear session ID
if(session === null) {
sessionId = '';
}
}
// no session given, grab a session from the cache, if available
if(sessionId.length === 0 && c.sessionCache) {
session = c.sessionCache.getSession();
if(session !== null) {
sessionId = session.id;
}
}
// set up session
c.session = {
id: sessionId,
version: null,
cipherSuite: null,
compressionMethod: null,
serverCertificate: null,
certificateRequest: null,
clientCertificate: null,
sp: {},
md5: forge.md.md5.create(),
sha1: forge.md.sha1.create()
};
// use existing session information
if(session) {
// only update version on connection, session version not yet set
c.version = session.version;
c.session.sp = session.sp;
}
// generate new client random
c.session.sp.client_random = tls.createRandom().getBytes();
// connection now open
c.open = true;
// send hello
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.handshake,
data: tls.createClientHello(c)
}));
tls.flush(c);
}
};
/**
* Called when TLS protocol data has been received from somewhere and should
* be processed by the TLS engine.
*
* @param data the TLS protocol data, as a string, to process.
*
* @return 0 if the data could be processed, otherwise the number of bytes
* required for data to be processed.
*/
c.process = function(data) {
var rval = 0;
// buffer input data
if(data) {
c.input.putBytes(data);
}
// process next record if no failure, process will be called after
// each record is handled (since handling can be asynchronous)
if(!c.fail) {
// reset record if ready and now empty
if(c.record !== null &&
c.record.ready && c.record.fragment.isEmpty()) {
c.record = null;
}
// if there is no pending record, try to read record header
if(c.record === null) {
rval = _readRecordHeader(c);
}
// read the next record (if record not yet ready)
if(!c.fail && c.record !== null && !c.record.ready) {
rval = _readRecord(c);
}
// record ready to be handled, update engine state
if(!c.fail && c.record !== null && c.record.ready) {
_update(c, c.record);
}
}
return rval;
};
/**
* Requests that application data be packaged into a TLS record. The
* tlsDataReady handler will be called when the TLS record(s) have been
* prepared.
*
* @param data the application data, as a raw 'binary' encoded string, to
* be sent; to send utf-16/utf-8 string data, use the return value
* of util.encodeUtf8(str).
*
* @return true on success, false on failure.
*/
c.prepare = function(data) {
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.application_data,
data: forge.util.createBuffer(data)
}));
return tls.flush(c);
};
/**
* Requests that a heartbeat request be packaged into a TLS record for
* transmission. The tlsDataReady handler will be called when TLS record(s)
* have been prepared.
*
* When a heartbeat response has been received, the heartbeatReceived
* handler will be called with the matching payload. This handler can
* be used to clear a retransmission timer, etc.
*
* @param payload the heartbeat data to send as the payload in the message.
* @param [payloadLength] the payload length to use, defaults to the
* actual payload length.
*
* @return true on success, false on failure.
*/
c.prepareHeartbeatRequest = function(payload, payloadLength) {
if(payload instanceof forge.util.ByteBuffer) {
payload = payload.bytes();
}
if(typeof payloadLength === 'undefined') {
payloadLength = payload.length;
}
c.expectedHeartbeatPayload = payload;
tls.queue(c, tls.createRecord(c, {
type: tls.ContentType.heartbeat,
data: tls.createHeartbeat(
tls.HeartbeatMessageType.heartbeat_request, payload, payloadLength)
}));
return tls.flush(c);
};
/**
* Closes the connection (sends a close_notify alert).
*
* @param clearFail true to clear the fail flag (default: true).
*/
c.close = function(clearFail) {
// save session if connection didn't fail
if(!c.fail && c.sessionCache && c.session) {
// only need to preserve session ID, version, and security params
var session = {
id: c.session.id,
version: c.session.version,
sp: c.session.sp
};
session.sp.keys = null;
c.sessionCache.setSession(session.id, session);
}
if(c.open) {
// connection no longer open, clear input
c.open = false;
c.input.clear();
// if connected or handshaking, send an alert
if(c.isConnected || c.handshaking) {
c.isConnected = c.handshaking = false;
// send close_notify alert
tls.queue(c, tls.createAlert(c, {
level: tls.Alert.Level.warning,
description: tls.Alert.Description.close_notify
}));
tls.flush(c);
}
// call handler
c.closed(c);
}
// reset TLS connection, do not clear fail flag
c.reset(clearFail);
};
return c;
};
/* TLS API */
forge.tls = forge.tls || {};
// expose non-functions
for(var key in tls) {
if(typeof tls[key] !== 'function') {
forge.tls[key] = tls[key];
}
}
// expose prf_tls1 for testing
forge.tls.prf_tls1 = prf_TLS1;
// expose sha1 hmac method
forge.tls.hmac_sha1 = hmac_sha1;
// expose session cache creation
forge.tls.createSessionCache = tls.createSessionCache;
/**
* Creates a new TLS connection. This does not make any assumptions about the
* transport layer that TLS is working on top of, ie: it does not assume there
* is a TCP/IP connection or establish one. A TLS connection is totally
* abstracted away from the layer is runs on top of, it merely establishes a
* secure channel between a client" and a "server".
*
* A TLS connection contains 4 connection states: pending read and write, and
* current read and write.
*
* At initialization, the current read and write states will be null. Only once
* the security parameters have been set and the keys have been generated can
* the pending states be converted into current states. Current states will be
* updated for each record processed.
*
* A custom certificate verify callback may be provided to check information
* like the common name on the server's certificate. It will be called for
* every certificate in the chain. It has the following signature:
*
* variable func(c, certs, index, preVerify)
* Where:
* c The TLS connection
* verified Set to true if certificate was verified, otherwise the alert
* tls.Alert.Description for why the certificate failed.
* depth The current index in the chain, where 0 is the server's cert.
* certs The certificate chain, *NOTE* if the server was anonymous then
* the chain will be empty.
*
* The function returns true on success and on failure either the appropriate
* tls.Alert.Description or an object with 'alert' set to the appropriate
* tls.Alert.Description and 'message' set to a custom error message. If true
* is not returned then the connection will abort using, in order of
* availability, first the returned alert description, second the preVerify
* alert description, and lastly the default 'bad_certificate'.
*
* There are three callbacks that can be used to make use of client-side
* certificates where each takes the TLS connection as the first parameter:
*
* getCertificate(conn, hint)
* The second parameter is a hint as to which certificate should be
* returned. If the connection entity is a client, then the hint will be
* the CertificateRequest message from the server that is part of the
* TLS protocol. If the connection entity is a server, then it will be
* the servername list provided via an SNI extension the ClientHello, if
* one was provided (empty array if not). The hint can be examined to
* determine which certificate to use (advanced). Most implementations
* will just return a certificate. The return value must be a
* PEM-formatted certificate or an array of PEM-formatted certificates
* that constitute a certificate chain, with the first in the array/chain
* being the client's certificate.
* getPrivateKey(conn, certificate)
* The second parameter is an forge.pki X.509 certificate object that
* is associated with the requested private key. The return value must
* be a PEM-formatted private key.
* getSignature(conn, bytes, callback)
* This callback can be used instead of getPrivateKey if the private key
* is not directly accessible in javascript or should not be. For
* instance, a secure external web service could provide the signature
* in exchange for appropriate credentials. The second parameter is a
* string of bytes to be signed that are part of the TLS protocol. These
* bytes are used to verify that the private key for the previously
* provided client-side certificate is accessible to the client. The
* callback is a function that takes 2 parameters, the TLS connection
* and the RSA encrypted (signed) bytes as a string. This callback must
* be called once the signature is ready.
*
* @param options the options for this connection:
* server: true if the connection is server-side, false for client.
* sessionId: a session ID to reuse, null for a new connection.
* caStore: an array of certificates to trust.
* sessionCache: a session cache to use.
* cipherSuites: an optional array of cipher suites to use,
* see tls.CipherSuites.
* connected: function(conn) called when the first handshake completes.
* virtualHost: the virtual server name to use in a TLS SNI extension.
* verifyClient: true to require a client certificate in server mode,
* 'optional' to request one, false not to (default: false).
* verify: a handler used to custom verify certificates in the chain.
* getCertificate: an optional callback used to get a certificate or
* a chain of certificates (as an array).
* getPrivateKey: an optional callback used to get a private key.
* getSignature: an optional callback used to get a signature.
* tlsDataReady: function(conn) called when TLS protocol data has been
* prepared and is ready to be used (typically sent over a socket
* connection to its destination), read from conn.tlsData buffer.
* dataReady: function(conn) called when application data has
* been parsed from a TLS record and should be consumed by the
* application, read from conn.data buffer.
* closed: function(conn) called when the connection has been closed.
* error: function(conn, error) called when there was an error.
* deflate: function(inBytes) if provided, will deflate TLS records using
* the deflate algorithm if the server supports it.
* inflate: function(inBytes) if provided, will inflate TLS records using
* the deflate algorithm if the server supports it.
*
* @return the new TLS connection.
*/
forge.tls.createConnection = tls.createConnection;
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'tls';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/tls',[
'require',
'module',
'./asn1',
'./hmac',
'./md',
'./pem',
'./pki',
'./random',
'./util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* A Javascript implementation of AES Cipher Suites for TLS.
*
* @author Dave Longley
*
* Copyright (c) 2009-2015 Digital Bazaar, Inc.
*
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var tls = forge.tls;
/**
* Supported cipher suites.
*/
tls.CipherSuites['TLS_RSA_WITH_AES_128_CBC_SHA'] = {
id: [0x00,0x2f],
name: 'TLS_RSA_WITH_AES_128_CBC_SHA',
initSecurityParameters: function(sp) {
sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes;
sp.cipher_type = tls.CipherType.block;
sp.enc_key_length = 16;
sp.block_length = 16;
sp.fixed_iv_length = 16;
sp.record_iv_length = 16;
sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1;
sp.mac_length = 20;
sp.mac_key_length = 20;
},
initConnectionState: initConnectionState
};
tls.CipherSuites['TLS_RSA_WITH_AES_256_CBC_SHA'] = {
id: [0x00,0x35],
name: 'TLS_RSA_WITH_AES_256_CBC_SHA',
initSecurityParameters: function(sp) {
sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes;
sp.cipher_type = tls.CipherType.block;
sp.enc_key_length = 32;
sp.block_length = 16;
sp.fixed_iv_length = 16;
sp.record_iv_length = 16;
sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1;
sp.mac_length = 20;
sp.mac_key_length = 20;
},
initConnectionState: initConnectionState
};
function initConnectionState(state, c, sp) {
var client = (c.entity === forge.tls.ConnectionEnd.client);
// cipher setup
state.read.cipherState = {
init: false,
cipher: forge.cipher.createDecipher('AES-CBC', client ?
sp.keys.server_write_key : sp.keys.client_write_key),
iv: client ? sp.keys.server_write_IV : sp.keys.client_write_IV
};
state.write.cipherState = {
init: false,
cipher: forge.cipher.createCipher('AES-CBC', client ?
sp.keys.client_write_key : sp.keys.server_write_key),
iv: client ? sp.keys.client_write_IV : sp.keys.server_write_IV
};
state.read.cipherFunction = decrypt_aes_cbc_sha1;
state.write.cipherFunction = encrypt_aes_cbc_sha1;
// MAC setup
state.read.macLength = state.write.macLength = sp.mac_length;
state.read.macFunction = state.write.macFunction = tls.hmac_sha1;
}
/**
* Encrypts the TLSCompressed record into a TLSCipherText record using AES
* in CBC mode.
*
* @param record the TLSCompressed record to encrypt.
* @param s the ConnectionState to use.
*
* @return true on success, false on failure.
*/
function encrypt_aes_cbc_sha1(record, s) {
var rval = false;
// append MAC to fragment, update sequence number
var mac = s.macFunction(s.macKey, s.sequenceNumber, record);
record.fragment.putBytes(mac);
s.updateSequenceNumber();
// TLS 1.1+ use an explicit IV every time to protect against CBC attacks
var iv;
if(record.version.minor === tls.Versions.TLS_1_0.minor) {
// use the pre-generated IV when initializing for TLS 1.0, otherwise use
// the residue from the previous encryption
iv = s.cipherState.init ? null : s.cipherState.iv;
} else {
iv = forge.random.getBytesSync(16);
}
s.cipherState.init = true;
// start cipher
var cipher = s.cipherState.cipher;
cipher.start({iv: iv});
// TLS 1.1+ write IV into output
if(record.version.minor >= tls.Versions.TLS_1_1.minor) {
cipher.output.putBytes(iv);
}
// do encryption (default padding is appropriate)
cipher.update(record.fragment);
if(cipher.finish(encrypt_aes_cbc_sha1_padding)) {
// set record fragment to encrypted output
record.fragment = cipher.output;
record.length = record.fragment.length();
rval = true;
}
return rval;
}
/**
* Handles padding for aes_cbc_sha1 in encrypt mode.
*
* @param blockSize the block size.
* @param input the input buffer.
* @param decrypt true in decrypt mode, false in encrypt mode.
*
* @return true on success, false on failure.
*/
function encrypt_aes_cbc_sha1_padding(blockSize, input, decrypt) {
/* The encrypted data length (TLSCiphertext.length) is one more than the sum
of SecurityParameters.block_length, TLSCompressed.length,
SecurityParameters.mac_length, and padding_length.
The padding may be any length up to 255 bytes long, as long as it results in
the TLSCiphertext.length being an integral multiple of the block length.
Lengths longer than necessary might be desirable to frustrate attacks on a
protocol based on analysis of the lengths of exchanged messages. Each uint8
in the padding data vector must be filled with the padding length value.
The padding length should be such that the total size of the
GenericBlockCipher structure is a multiple of the cipher's block length.
Legal values range from zero to 255, inclusive. This length specifies the
length of the padding field exclusive of the padding_length field itself.
This is slightly different from PKCS#7 because the padding value is 1
less than the actual number of padding bytes if you include the
padding_length uint8 itself as a padding byte. */
if(!decrypt) {
// get the number of padding bytes required to reach the blockSize and
// subtract 1 for the padding value (to make room for the padding_length
// uint8)
var padding = blockSize - (input.length() % blockSize);
input.fillWithByte(padding - 1, padding);
}
return true;
}
/**
* Handles padding for aes_cbc_sha1 in decrypt mode.
*
* @param blockSize the block size.
* @param output the output buffer.
* @param decrypt true in decrypt mode, false in encrypt mode.
*
* @return true on success, false on failure.
*/
function decrypt_aes_cbc_sha1_padding(blockSize, output, decrypt) {
var rval = true;
if(decrypt) {
/* The last byte in the output specifies the number of padding bytes not
including itself. Each of the padding bytes has the same value as that
last byte (known as the padding_length). Here we check all padding
bytes to ensure they have the value of padding_length even if one of
them is bad in order to ward-off timing attacks. */
var len = output.length();
var paddingLength = output.last();
for(var i = len - 1 - paddingLength; i < len - 1; ++i) {
rval = rval && (output.at(i) == paddingLength);
}
if(rval) {
// trim off padding bytes and last padding length byte
output.truncate(paddingLength + 1);
}
}
return rval;
}
/**
* Decrypts a TLSCipherText record into a TLSCompressed record using
* AES in CBC mode.
*
* @param record the TLSCipherText record to decrypt.
* @param s the ConnectionState to use.
*
* @return true on success, false on failure.
*/
var count = 0;
function decrypt_aes_cbc_sha1(record, s) {
var rval = false;
++count;
var iv;
if(record.version.minor === tls.Versions.TLS_1_0.minor) {
// use pre-generated IV when initializing for TLS 1.0, otherwise use the
// residue from the previous decryption
iv = s.cipherState.init ? null : s.cipherState.iv;
} else {
// TLS 1.1+ use an explicit IV every time to protect against CBC attacks
// that is appended to the record fragment
iv = record.fragment.getBytes(16);
}
s.cipherState.init = true;
// start cipher
var cipher = s.cipherState.cipher;
cipher.start({iv: iv});
// do decryption
cipher.update(record.fragment);
rval = cipher.finish(decrypt_aes_cbc_sha1_padding);
// even if decryption fails, keep going to minimize timing attacks
// decrypted data:
// first (len - 20) bytes = application data
// last 20 bytes = MAC
var macLen = s.macLength;
// create a random MAC to check against should the mac length check fail
// Note: do this regardless of the failure to keep timing consistent
var mac = forge.random.getBytesSync(macLen);
// get fragment and mac
var len = cipher.output.length();
if(len >= macLen) {
record.fragment = cipher.output.getBytes(len - macLen);
mac = cipher.output.getBytes(macLen);
} else {
// bad data, but get bytes anyway to try to keep timing consistent
record.fragment = cipher.output.getBytes();
}
record.fragment = forge.util.createBuffer(record.fragment);
record.length = record.fragment.length();
// see if data integrity checks out, update sequence number
var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record);
s.updateSequenceNumber();
rval = compareMacs(s.macKey, mac, mac2) && rval;
return rval;
}
/**
* Safely compare two MACs. This function will compare two MACs in a way
* that protects against timing attacks.
*
* TODO: Expose elsewhere as a utility API.
*
* See: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
*
* @param key the MAC key to use.
* @param mac1 as a binary-encoded string of bytes.
* @param mac2 as a binary-encoded string of bytes.
*
* @return true if the MACs are the same, false if not.
*/
function compareMacs(key, mac1, mac2) {
var hmac = forge.hmac.create();
hmac.start('SHA1', key);
hmac.update(mac1);
mac1 = hmac.digest().getBytes();
hmac.start(null, null);
hmac.update(mac2);
mac2 = hmac.digest().getBytes();
return mac1 === mac2;
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'aesCipherSuites';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/aesCipherSuites',['require', 'module', './aes', './tls'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Debugging support for web applications.
*
* @author David I. Lehn <dlehn@digitalbazaar.com>
*
* Copyright 2008-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* DEBUG API */
forge.debug = forge.debug || {};
// Private storage for debugging.
// Useful to expose data that is otherwise unviewable behind closures.
// NOTE: remember that this can hold references to data and cause leaks!
// format is "forge._debug.<modulename>.<dataname> = data"
// Example:
// (function() {
// var cat = 'forge.test.Test'; // debugging category
// var sState = {...}; // local state
// forge.debug.set(cat, 'sState', sState);
// })();
forge.debug.storage = {};
/**
* Gets debug data. Omit name for all cat data Omit name and cat for
* all data.
*
* @param cat name of debugging category.
* @param name name of data to get (optional).
* @return object with requested debug data or undefined.
*/
forge.debug.get = function(cat, name) {
var rval;
if(typeof(cat) === 'undefined') {
rval = forge.debug.storage;
} else if(cat in forge.debug.storage) {
if(typeof(name) === 'undefined') {
rval = forge.debug.storage[cat];
} else {
rval = forge.debug.storage[cat][name];
}
}
return rval;
};
/**
* Sets debug data.
*
* @param cat name of debugging category.
* @param name name of data to set.
* @param data data to set.
*/
forge.debug.set = function(cat, name, data) {
if(!(cat in forge.debug.storage)) {
forge.debug.storage[cat] = {};
}
forge.debug.storage[cat][name] = data;
};
/**
* Clears debug data. Omit name for all cat data. Omit name and cat for
* all data.
*
* @param cat name of debugging category.
* @param name name of data to clear or omit to clear entire category.
*/
forge.debug.clear = function(cat, name) {
if(typeof(cat) === 'undefined') {
forge.debug.storage = {};
} else if(cat in forge.debug.storage) {
if(typeof(name) === 'undefined') {
delete forge.debug.storage[cat];
} else {
delete forge.debug.storage[cat][name];
}
}
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'debug';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/debug',['require', 'module'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of RSA-KEM.
*
* @author Lautaro Cozzani Rodriguez
* @author Dave Longley
*
* Copyright (c) 2014 Lautaro Cozzani <lautaro.cozzani@scytl.com>
* Copyright (c) 2014 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
forge.kem = forge.kem || {};
var BigInteger = forge.jsbn.BigInteger;
/**
* The API for the RSA Key Encapsulation Mechanism (RSA-KEM) from ISO 18033-2.
*/
forge.kem.rsa = {};
/**
* Creates an RSA KEM API object for generating a secret asymmetric key.
*
* The symmetric key may be generated via a call to 'encrypt', which will
* produce a ciphertext to be transmitted to the recipient and a key to be
* kept secret. The ciphertext is a parameter to be passed to 'decrypt' which
* will produce the same secret key for the recipient to use to decrypt a
* message that was encrypted with the secret key.
*
* @param kdf the KDF API to use (eg: new forge.kem.kdf1()).
* @param options the options to use.
* [prng] a custom crypto-secure pseudo-random number generator to use,
* that must define "getBytesSync".
*/
forge.kem.rsa.create = function(kdf, options) {
options = options || {};
var prng = options.prng || forge.random;
var kem = {};
/**
* Generates a secret key and its encapsulation.
*
* @param publicKey the RSA public key to encrypt with.
* @param keyLength the length, in bytes, of the secret key to generate.
*
* @return an object with:
* encapsulation: the ciphertext for generating the secret key, as a
* binary-encoded string of bytes.
* key: the secret key to use for encrypting a message.
*/
kem.encrypt = function(publicKey, keyLength) {
// generate a random r where 1 > r > n
var byteLength = Math.ceil(publicKey.n.bitLength() / 8);
var r;
do {
r = new BigInteger(
forge.util.bytesToHex(prng.getBytesSync(byteLength)),
16).mod(publicKey.n);
} while(r.equals(BigInteger.ZERO));
// prepend r with zeros
r = forge.util.hexToBytes(r.toString(16));
var zeros = byteLength - r.length;
if(zeros > 0) {
r = forge.util.fillString(String.fromCharCode(0), zeros) + r;
}
// encrypt the random
var encapsulation = publicKey.encrypt(r, 'NONE');
// generate the secret key
var key = kdf.generate(r, keyLength);
return {encapsulation: encapsulation, key: key};
};
/**
* Decrypts an encapsulated secret key.
*
* @param privateKey the RSA private key to decrypt with.
* @param encapsulation the ciphertext for generating the secret key, as
* a binary-encoded string of bytes.
* @param keyLength the length, in bytes, of the secret key to generate.
*
* @return the secret key as a binary-encoded string of bytes.
*/
kem.decrypt = function(privateKey, encapsulation, keyLength) {
// decrypt the encapsulation and generate the secret key
var r = privateKey.decrypt(encapsulation, 'NONE');
return kdf.generate(r, keyLength);
};
return kem;
};
// TODO: add forge.kem.kdf.create('KDF1', {md: ..., ...}) API?
/**
* Creates a key derivation API object that implements KDF1 per ISO 18033-2.
*
* @param md the hash API to use.
* @param [digestLength] an optional digest length that must be positive and
* less than or equal to md.digestLength.
*
* @return a KDF1 API object.
*/
forge.kem.kdf1 = function(md, digestLength) {
_createKDF(this, md, 0, digestLength || md.digestLength);
};
/**
* Creates a key derivation API object that implements KDF2 per ISO 18033-2.
*
* @param md the hash API to use.
* @param [digestLength] an optional digest length that must be positive and
* less than or equal to md.digestLength.
*
* @return a KDF2 API object.
*/
forge.kem.kdf2 = function(md, digestLength) {
_createKDF(this, md, 1, digestLength || md.digestLength);
};
/**
* Creates a KDF1 or KDF2 API object.
*
* @param md the hash API to use.
* @param counterStart the starting index for the counter.
* @param digestLength the digest length to use.
*
* @return the KDF API object.
*/
function _createKDF(kdf, md, counterStart, digestLength) {
/**
* Generate a key of the specified length.
*
* @param x the binary-encoded byte string to generate a key from.
* @param length the number of bytes to generate (the size of the key).
*
* @return the key as a binary-encoded string.
*/
kdf.generate = function(x, length) {
var key = new forge.util.ByteBuffer();
// run counter from counterStart to ceil(length / Hash.len)
var k = Math.ceil(length / digestLength) + counterStart;
var c = new forge.util.ByteBuffer();
for(var i = counterStart; i < k; ++i) {
// I2OSP(i, 4): convert counter to an octet string of 4 octets
c.putInt32(i);
// digest 'x' and the counter and add the result to the key
md.start();
md.update(x + c.getBytes());
var hash = md.digest();
key.putBytes(hash.getBytes(digestLength));
}
// truncate to the correct key length
key.truncate(key.length() - length);
return key.getBytes();
};
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'kem';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/kem',['require', 'module', './util','./random','./jsbn'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Cross-browser support for logging in a web application.
*
* @author David I. Lehn <dlehn@digitalbazaar.com>
*
* Copyright (c) 2008-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
/* LOG API */
forge.log = forge.log || {};
/**
* Application logging system.
*
* Each logger level available as it's own function of the form:
* forge.log.level(category, args...)
* The category is an arbitrary string, and the args are the same as
* Firebug's console.log API. By default the call will be output as:
* 'LEVEL [category] <args[0]>, args[1], ...'
* This enables proper % formatting via the first argument.
* Each category is enabled by default but can be enabled or disabled with
* the setCategoryEnabled() function.
*/
// list of known levels
forge.log.levels = [
'none', 'error', 'warning', 'info', 'debug', 'verbose', 'max'];
// info on the levels indexed by name:
// index: level index
// name: uppercased display name
var sLevelInfo = {};
// list of loggers
var sLoggers = [];
/**
* Standard console logger. If no console support is enabled this will
* remain null. Check before using.
*/
var sConsoleLogger = null;
// logger flags
/**
* Lock the level at the current value. Used in cases where user config may
* set the level such that only critical messages are seen but more verbose
* messages are needed for debugging or other purposes.
*/
forge.log.LEVEL_LOCKED = (1 << 1);
/**
* Always call log function. By default, the logging system will check the
* message level against logger.level before calling the log function. This
* flag allows the function to do its own check.
*/
forge.log.NO_LEVEL_CHECK = (1 << 2);
/**
* Perform message interpolation with the passed arguments. "%" style
* fields in log messages will be replaced by arguments as needed. Some
* loggers, such as Firebug, may do this automatically. The original log
* message will be available as 'message' and the interpolated version will
* be available as 'fullMessage'.
*/
forge.log.INTERPOLATE = (1 << 3);
// setup each log level
for(var i = 0; i < forge.log.levels.length; ++i) {
var level = forge.log.levels[i];
sLevelInfo[level] = {
index: i,
name: level.toUpperCase()
};
}
/**
* Message logger. Will dispatch a message to registered loggers as needed.
*
* @param message message object
*/
forge.log.logMessage = function(message) {
var messageLevelIndex = sLevelInfo[message.level].index;
for(var i = 0; i < sLoggers.length; ++i) {
var logger = sLoggers[i];
if(logger.flags & forge.log.NO_LEVEL_CHECK) {
logger.f(message);
} else {
// get logger level
var loggerLevelIndex = sLevelInfo[logger.level].index;
// check level
if(messageLevelIndex <= loggerLevelIndex) {
// message critical enough, call logger
logger.f(logger, message);
}
}
}
};
/**
* Sets the 'standard' key on a message object to:
* "LEVEL [category] " + message
*
* @param message a message log object
*/
forge.log.prepareStandard = function(message) {
if(!('standard' in message)) {
message.standard =
sLevelInfo[message.level].name +
//' ' + +message.timestamp +
' [' + message.category + '] ' +
message.message;
}
};
/**
* Sets the 'full' key on a message object to the original message
* interpolated via % formatting with the message arguments.
*
* @param message a message log object.
*/
forge.log.prepareFull = function(message) {
if(!('full' in message)) {
// copy args and insert message at the front
var args = [message.message];
args = args.concat([] || message['arguments']);
// format the message
message.full = forge.util.format.apply(this, args);
}
};
/**
* Applies both preparseStandard() and prepareFull() to a message object and
* store result in 'standardFull'.
*
* @param message a message log object.
*/
forge.log.prepareStandardFull = function(message) {
if(!('standardFull' in message)) {
// FIXME implement 'standardFull' logging
forge.log.prepareStandard(message);
message.standardFull = message.standard;
}
};
// create log level functions
if(true) {
// levels for which we want functions
var levels = ['error', 'warning', 'info', 'debug', 'verbose'];
for(var i = 0; i < levels.length; ++i) {
// wrap in a function to ensure proper level var is passed
(function(level) {
// create function for this level
forge.log[level] = function(category, message/*, args...*/) {
// convert arguments to real array, remove category and message
var args = Array.prototype.slice.call(arguments).slice(2);
// create message object
// Note: interpolation and standard formatting is done lazily
var msg = {
timestamp: new Date(),
level: level,
category: category,
message: message,
'arguments': args
/*standard*/
/*full*/
/*fullMessage*/
};
// process this message
forge.log.logMessage(msg);
};
})(levels[i]);
}
}
/**
* Creates a new logger with specified custom logging function.
*
* The logging function has a signature of:
* function(logger, message)
* logger: current logger
* message: object:
* level: level id
* category: category
* message: string message
* arguments: Array of extra arguments
* fullMessage: interpolated message and arguments if INTERPOLATE flag set
*
* @param logFunction a logging function which takes a log message object
* as a parameter.
*
* @return a logger object.
*/
forge.log.makeLogger = function(logFunction) {
var logger = {
flags: 0,
f: logFunction
};
forge.log.setLevel(logger, 'none');
return logger;
};
/**
* Sets the current log level on a logger.
*
* @param logger the target logger.
* @param level the new maximum log level as a string.
*
* @return true if set, false if not.
*/
forge.log.setLevel = function(logger, level) {
var rval = false;
if(logger && !(logger.flags & forge.log.LEVEL_LOCKED)) {
for(var i = 0; i < forge.log.levels.length; ++i) {
var aValidLevel = forge.log.levels[i];
if(level == aValidLevel) {
// set level
logger.level = level;
rval = true;
break;
}
}
}
return rval;
};
/**
* Locks the log level at its current value.
*
* @param logger the target logger.
* @param lock boolean lock value, default to true.
*/
forge.log.lock = function(logger, lock) {
if(typeof lock === 'undefined' || lock) {
logger.flags |= forge.log.LEVEL_LOCKED;
} else {
logger.flags &= ~forge.log.LEVEL_LOCKED;
}
};
/**
* Adds a logger.
*
* @param logger the logger object.
*/
forge.log.addLogger = function(logger) {
sLoggers.push(logger);
};
// setup the console logger if possible, else create fake console.log
if(typeof(console) !== 'undefined' && 'log' in console) {
var logger;
if(console.error && console.warn && console.info && console.debug) {
// looks like Firebug-style logging is available
// level handlers map
var levelHandlers = {
error: console.error,
warning: console.warn,
info: console.info,
debug: console.debug,
verbose: console.debug
};
var f = function(logger, message) {
forge.log.prepareStandard(message);
var handler = levelHandlers[message.level];
// prepend standard message and concat args
var args = [message.standard];
args = args.concat(message['arguments'].slice());
// apply to low-level console function
handler.apply(console, args);
};
logger = forge.log.makeLogger(f);
} else {
// only appear to have basic console.log
var f = function(logger, message) {
forge.log.prepareStandardFull(message);
console.log(message.standardFull);
};
logger = forge.log.makeLogger(f);
}
forge.log.setLevel(logger, 'debug');
forge.log.addLogger(logger);
sConsoleLogger = logger;
} else {
// define fake console.log to avoid potential script errors on
// browsers that do not have console logging
console = {
log: function() {}
};
}
/*
* Check for logging control query vars.
*
* console.level=<level-name>
* Set's the console log level by name. Useful to override defaults and
* allow more verbose logging before a user config is loaded.
*
* console.lock=<true|false>
* Lock the console log level at whatever level it is set at. This is run
* after console.level is processed. Useful to force a level of verbosity
* that could otherwise be limited by a user config.
*/
if(sConsoleLogger !== null) {
var query = forge.util.getQueryVariables();
if('console.level' in query) {
// set with last value
forge.log.setLevel(
sConsoleLogger, query['console.level'].slice(-1)[0]);
}
if('console.lock' in query) {
// set with last value
var lock = query['console.lock'].slice(-1)[0];
if(lock == 'true') {
forge.log.lock(sConsoleLogger);
}
}
}
// provide public access to console logger
forge.log.consoleLogger = sConsoleLogger;
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'log';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/log',['require', 'module', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Javascript implementation of PKCS#7 v1.5.
*
* @author Stefan Siegl
* @author Dave Longley
*
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
* Copyright (c) 2012-2015 Digital Bazaar, Inc.
*
* Currently this implementation only supports ContentType of EnvelopedData,
* EncryptedData, or SignedData at the root level. The top level elements may
* contain only a ContentInfo of ContentType Data, i.e. plain data. Further
* nesting is not (yet) supported.
*
* The Forge validators for PKCS #7's ASN.1 structures are available from
* a separate file pkcs7asn1.js, since those are referenced from other
* PKCS standards like PKCS #12.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// shortcut for ASN.1 API
var asn1 = forge.asn1;
// shortcut for PKCS#7 API
var p7 = forge.pkcs7 = forge.pkcs7 || {};
/**
* Converts a PKCS#7 message from PEM format.
*
* @param pem the PEM-formatted PKCS#7 message.
*
* @return the PKCS#7 message.
*/
p7.messageFromPem = function(pem) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'PKCS7') {
var error = new Error('Could not convert PKCS#7 message from PEM; PEM ' +
'header type is not "PKCS#7".');
error.headerType = msg.type;
throw error;
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not convert PKCS#7 message from PEM; PEM is encrypted.');
}
// convert DER to ASN.1 object
var obj = asn1.fromDer(msg.body);
return p7.messageFromAsn1(obj);
};
/**
* Converts a PKCS#7 message to PEM format.
*
* @param msg The PKCS#7 message object
* @param maxline The maximum characters per line, defaults to 64.
*
* @return The PEM-formatted PKCS#7 message.
*/
p7.messageToPem = function(msg, maxline) {
// convert to ASN.1, then DER, then PEM-encode
var pemObj = {
type: 'PKCS7',
body: asn1.toDer(msg.toAsn1()).getBytes()
};
return forge.pem.encode(pemObj, {maxline: maxline});
};
/**
* Converts a PKCS#7 message from an ASN.1 object.
*
* @param obj the ASN.1 representation of a ContentInfo.
*
* @return the PKCS#7 message.
*/
p7.messageFromAsn1 = function(obj) {
// validate root level ContentInfo and capture data
var capture = {};
var errors = [];
if(!asn1.validate(obj, p7.asn1.contentInfoValidator, capture, errors))
{
var error = new Error('Cannot read PKCS#7 message. ' +
'ASN.1 object is not an PKCS#7 ContentInfo.');
error.errors = errors;
throw error;
}
var contentType = asn1.derToOid(capture.contentType);
var msg;
switch(contentType) {
case forge.pki.oids.envelopedData:
msg = p7.createEnvelopedData();
break;
case forge.pki.oids.encryptedData:
msg = p7.createEncryptedData();
break;
case forge.pki.oids.signedData:
msg = p7.createSignedData();
break;
default:
throw new Error('Cannot read PKCS#7 message. ContentType with OID ' +
contentType + ' is not (yet) supported.');
}
msg.fromAsn1(capture.content.value[0]);
return msg;
};
p7.createSignedData = function() {
var msg = null;
msg = {
type: forge.pki.oids.signedData,
version: 1,
certificates: [],
crls: [],
// TODO: add json-formatted signer stuff here?
signers: [],
// populated during sign()
digestAlgorithmIdentifiers: [],
contentInfo: null,
signerInfos: [],
fromAsn1: function(obj) {
// validate SignedData content block and capture data.
_fromAsn1(msg, obj, p7.asn1.signedDataValidator);
msg.certificates = [];
msg.crls = [];
msg.digestAlgorithmIdentifiers = [];
msg.contentInfo = null;
msg.signerInfos = [];
var certs = msg.rawCapture.certificates.value;
for(var i = 0; i < certs.length; ++i) {
msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));
}
// TODO: parse crls
},
toAsn1: function() {
// degenerate case with no content
if(!msg.contentInfo) {
msg.sign();
}
var certs = [];
for(var i = 0; i < msg.certificates.length; ++i) {
certs.push(forge.pki.certificateToAsn1(msg.certificates[i]));
}
var crls = [];
// TODO: implement CRLs
// [0] SignedData
var signedData = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Version
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(msg.version).getBytes()),
// DigestAlgorithmIdentifiers
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SET, true,
msg.digestAlgorithmIdentifiers),
// ContentInfo
msg.contentInfo
])
]);
if(certs.length > 0) {
// [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL
signedData.value[0].value.push(
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, certs));
}
if(crls.length > 0) {
// [1] IMPLICIT CertificateRevocationLists OPTIONAL
signedData.value[0].value.push(
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, crls));
}
// SignerInfos
signedData.value[0].value.push(
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,
msg.signerInfos));
// ContentInfo
return asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// ContentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(msg.type).getBytes()),
// [0] SignedData
signedData
]);
},
/**
* Add (another) entity to list of signers.
*
* Note: If authenticatedAttributes are provided, then, per RFC 2315,
* they must include at least two attributes: content type and
* message digest. The message digest attribute value will be
* auto-calculated during signing and will be ignored if provided.
*
* Here's an example of providing these two attributes:
*
* forge.pkcs7.createSignedData();
* p7.addSigner({
* issuer: cert.issuer.attributes,
* serialNumber: cert.serialNumber,
* key: privateKey,
* digestAlgorithm: forge.pki.oids.sha1,
* authenticatedAttributes: [{
* type: forge.pki.oids.contentType,
* value: forge.pki.oids.data
* }, {
* type: forge.pki.oids.messageDigest
* }]
* });
*
* TODO: Support [subjectKeyIdentifier] as signer's ID.
*
* @param signer the signer information:
* key the signer's private key.
* [certificate] a certificate containing the public key
* associated with the signer's private key; use this option as
* an alternative to specifying signer.issuer and
* signer.serialNumber.
* [issuer] the issuer attributes (eg: cert.issuer.attributes).
* [serialNumber] the signer's certificate's serial number in
* hexadecimal (eg: cert.serialNumber).
* [digestAlgorithm] the message digest OID, as a string, to use
* (eg: forge.pki.oids.sha1).
* [authenticatedAttributes] an optional array of attributes
* to also sign along with the content.
*/
addSigner: function(signer) {
var issuer = signer.issuer;
var serialNumber = signer.serialNumber;
if(signer.certificate) {
var cert = signer.certificate;
if(typeof cert === 'string') {
cert = forge.pki.certificateFromPem(cert);
}
issuer = cert.issuer.attributes;
serialNumber = cert.serialNumber;
}
var key = signer.key;
if(!key) {
throw new Error(
'Could not add PKCS#7 signer; no private key specified.');
}
if(typeof key === 'string') {
key = forge.pki.privateKeyFromPem(key);
}
// ensure OID known for digest algorithm
var digestAlgorithm = signer.digestAlgorithm || forge.pki.oids.sha1;
switch(digestAlgorithm) {
case forge.pki.oids.sha1:
case forge.pki.oids.sha256:
case forge.pki.oids.sha384:
case forge.pki.oids.sha512:
case forge.pki.oids.md5:
break;
default:
throw new Error(
'Could not add PKCS#7 signer; unknown message digest algorithm: ' +
digestAlgorithm);
}
// if authenticatedAttributes is present, then the attributes
// must contain at least PKCS #9 content-type and message-digest
var authenticatedAttributes = signer.authenticatedAttributes || [];
if(authenticatedAttributes.length > 0) {
var contentType = false;
var messageDigest = false;
for(var i = 0; i < authenticatedAttributes.length; ++i) {
var attr = authenticatedAttributes[i];
if(!contentType && attr.type === forge.pki.oids.contentType) {
contentType = true;
if(messageDigest) {
break;
}
continue;
}
if(!messageDigest && attr.type === forge.pki.oids.messageDigest) {
messageDigest = true;
if(contentType) {
break;
}
continue;
}
}
if(!contentType || !messageDigest) {
throw new Error('Invalid signer.authenticatedAttributes. If ' +
'signer.authenticatedAttributes is specified, then it must ' +
'contain at least two attributes, PKCS #9 content-type and ' +
'PKCS #9 message-digest.');
}
}
msg.signers.push({
key: key,
version: 1,
issuer: issuer,
serialNumber: serialNumber,
digestAlgorithm: digestAlgorithm,
signatureAlgorithm: forge.pki.oids.rsaEncryption,
signature: null,
authenticatedAttributes: authenticatedAttributes,
unauthenticatedAttributes: []
});
},
/**
* Signs the content.
*/
sign: function() {
// auto-generate content info
if(typeof msg.content !== 'object' || msg.contentInfo === null) {
// use Data ContentInfo
msg.contentInfo = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// ContentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(forge.pki.oids.data).getBytes())
]);
// add actual content, if present
if('content' in msg) {
var content;
if(msg.content instanceof forge.util.ByteBuffer) {
content = msg.content.bytes();
} else if(typeof msg.content === 'string') {
content = forge.util.encodeUtf8(msg.content);
}
msg.contentInfo.value.push(
// [0] EXPLICIT content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
content)
]));
}
}
// no signers, return early (degenerate case for certificate container)
if(msg.signers.length === 0) {
return;
}
// generate digest algorithm identifiers
var mds = addDigestAlgorithmIds();
// generate signerInfos
addSignerInfos(mds);
},
verify: function() {
throw new Error('PKCS#7 signature verification not yet implemented.');
},
/**
* Add a certificate.
*
* @param cert the certificate to add.
*/
addCertificate: function(cert) {
// convert from PEM
if(typeof cert === 'string') {
cert = forge.pki.certificateFromPem(cert);
}
msg.certificates.push(cert);
},
/**
* Add a certificate revokation list.
*
* @param crl the certificate revokation list to add.
*/
addCertificateRevokationList: function(crl) {
throw new Error('PKCS#7 CRL support not yet implemented.');
}
};
return msg;
function addDigestAlgorithmIds() {
var mds = {};
for(var i = 0; i < msg.signers.length; ++i) {
var signer = msg.signers[i];
var oid = signer.digestAlgorithm;
if(!(oid in mds)) {
// content digest
mds[oid] = forge.md[forge.pki.oids[oid]].create();
}
if(signer.authenticatedAttributes.length === 0) {
// no custom attributes to digest; use content message digest
signer.md = mds[oid];
} else {
// custom attributes to be digested; use own message digest
// TODO: optimize to just copy message digest state if that
// feature is ever supported with message digests
signer.md = forge.md[forge.pki.oids[oid]].create();
}
}
// add unique digest algorithm identifiers
msg.digestAlgorithmIdentifiers = [];
for(var oid in mds) {
msg.digestAlgorithmIdentifiers.push(
// AlgorithmIdentifier
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oid).getBytes()),
// parameters (null)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]));
}
return mds;
}
function addSignerInfos(mds) {
// Note: ContentInfo is a SEQUENCE with 2 values, second value is
// the content field and is optional for a ContentInfo but required here
// since signers are present
if(msg.contentInfo.value.length < 2) {
throw new Error(
'Could not sign PKCS#7 message; there is no content to sign.');
}
// get ContentInfo content type
var contentType = asn1.derToOid(msg.contentInfo.value[0].value);
// get ContentInfo content
var content = msg.contentInfo.value[1];
// skip [0] EXPLICIT content wrapper
content = content.value[0];
// serialize content
var bytes = asn1.toDer(content);
// skip identifier and length per RFC 2315 9.3
// skip identifier (1 byte)
bytes.getByte();
// read and discard length bytes
asn1.getBerValueLength(bytes);
bytes = bytes.getBytes();
// digest content DER value bytes
for(var oid in mds) {
mds[oid].start().update(bytes);
}
// sign content
var signingTime = new Date();
for(var i = 0; i < msg.signers.length; ++i) {
var signer = msg.signers[i];
if(signer.authenticatedAttributes.length === 0) {
// if ContentInfo content type is not "Data", then
// authenticatedAttributes must be present per RFC 2315
if(contentType !== forge.pki.oids.data) {
throw new Error(
'Invalid signer; authenticatedAttributes must be present ' +
'when the ContentInfo content type is not PKCS#7 Data.');
}
} else {
// process authenticated attributes
// [0] IMPLICIT
signer.authenticatedAttributesAsn1 = asn1.create(
asn1.Class.CONTEXT_SPECIFIC, 0, true, []);
// per RFC 2315, attributes are to be digested using a SET container
// not the above [0] IMPLICIT container
var attrsAsn1 = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SET, true, []);
for(var ai = 0; ai < signer.authenticatedAttributes.length; ++ai) {
var attr = signer.authenticatedAttributes[ai];
if(attr.type === forge.pki.oids.messageDigest) {
// use content message digest as value
attr.value = mds[signer.digestAlgorithm].digest();
} else if(attr.type === forge.pki.oids.signingTime) {
// auto-populate signing time if not already set
if(!attr.value) {
attr.value = signingTime;
}
}
// convert to ASN.1 and push onto Attributes SET (for signing) and
// onto authenticatedAttributesAsn1 to complete SignedData ASN.1
// TODO: optimize away duplication
attrsAsn1.value.push(_attributeToAsn1(attr));
signer.authenticatedAttributesAsn1.value.push(_attributeToAsn1(attr));
}
// DER-serialize and digest SET OF attributes only
bytes = asn1.toDer(attrsAsn1).getBytes();
signer.md.start().update(bytes);
}
// sign digest
signer.signature = signer.key.sign(signer.md, 'RSASSA-PKCS1-V1_5');
}
// add signer info
msg.signerInfos = _signersToAsn1(msg.signers);
}
};
/**
* Creates an empty PKCS#7 message of type EncryptedData.
*
* @return the message.
*/
p7.createEncryptedData = function() {
var msg = null;
msg = {
type: forge.pki.oids.encryptedData,
version: 0,
encryptedContent: {
algorithm: forge.pki.oids['aes256-CBC']
},
/**
* Reads an EncryptedData content block (in ASN.1 format)
*
* @param obj The ASN.1 representation of the EncryptedData content block
*/
fromAsn1: function(obj) {
// Validate EncryptedData content block and capture data.
_fromAsn1(msg, obj, p7.asn1.encryptedDataValidator);
},
/**
* Decrypt encrypted content
*
* @param key The (symmetric) key as a byte buffer
*/
decrypt: function(key) {
if(key !== undefined) {
msg.encryptedContent.key = key;
}
_decryptContent(msg);
}
};
return msg;
};
/**
* Creates an empty PKCS#7 message of type EnvelopedData.
*
* @return the message.
*/
p7.createEnvelopedData = function() {
var msg = null;
msg = {
type: forge.pki.oids.envelopedData,
version: 0,
recipients: [],
encryptedContent: {
algorithm: forge.pki.oids['aes256-CBC']
},
/**
* Reads an EnvelopedData content block (in ASN.1 format)
*
* @param obj the ASN.1 representation of the EnvelopedData content block.
*/
fromAsn1: function(obj) {
// validate EnvelopedData content block and capture data
var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator);
msg.recipients = _recipientsFromAsn1(capture.recipientInfos.value);
},
toAsn1: function() {
// ContentInfo
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// ContentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(msg.type).getBytes()),
// [0] EnvelopedData
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Version
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(msg.version).getBytes()),
// RecipientInfos
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,
_recipientsToAsn1(msg.recipients)),
// EncryptedContentInfo
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true,
_encryptedContentToAsn1(msg.encryptedContent))
])
])
]);
},
/**
* Find recipient by X.509 certificate's issuer.
*
* @param cert the certificate with the issuer to look for.
*
* @return the recipient object.
*/
findRecipient: function(cert) {
var sAttr = cert.issuer.attributes;
for(var i = 0; i < msg.recipients.length; ++i) {
var r = msg.recipients[i];
var rAttr = r.issuer;
if(r.serialNumber !== cert.serialNumber) {
continue;
}
if(rAttr.length !== sAttr.length) {
continue;
}
var match = true;
for(var j = 0; j < sAttr.length; ++j) {
if(rAttr[j].type !== sAttr[j].type ||
rAttr[j].value !== sAttr[j].value) {
match = false;
break;
}
}
if(match) {
return r;
}
}
return null;
},
/**
* Decrypt enveloped content
*
* @param recipient The recipient object related to the private key
* @param privKey The (RSA) private key object
*/
decrypt: function(recipient, privKey) {
if(msg.encryptedContent.key === undefined && recipient !== undefined &&
privKey !== undefined) {
switch(recipient.encryptedContent.algorithm) {
case forge.pki.oids.rsaEncryption:
case forge.pki.oids.desCBC:
var key = privKey.decrypt(recipient.encryptedContent.content);
msg.encryptedContent.key = forge.util.createBuffer(key);
break;
default:
throw new Error('Unsupported asymmetric cipher, ' +
'OID ' + recipient.encryptedContent.algorithm);
}
}
_decryptContent(msg);
},
/**
* Add (another) entity to list of recipients.
*
* @param cert The certificate of the entity to add.
*/
addRecipient: function(cert) {
msg.recipients.push({
version: 0,
issuer: cert.issuer.attributes,
serialNumber: cert.serialNumber,
encryptedContent: {
// We simply assume rsaEncryption here, since forge.pki only
// supports RSA so far. If the PKI module supports other
// ciphers one day, we need to modify this one as well.
algorithm: forge.pki.oids.rsaEncryption,
key: cert.publicKey
}
});
},
/**
* Encrypt enveloped content.
*
* This function supports two optional arguments, cipher and key, which
* can be used to influence symmetric encryption. Unless cipher is
* provided, the cipher specified in encryptedContent.algorithm is used
* (defaults to AES-256-CBC). If no key is provided, encryptedContent.key
* is (re-)used. If that one's not set, a random key will be generated
* automatically.
*
* @param [key] The key to be used for symmetric encryption.
* @param [cipher] The OID of the symmetric cipher to use.
*/
encrypt: function(key, cipher) {
// Part 1: Symmetric encryption
if(msg.encryptedContent.content === undefined) {
cipher = cipher || msg.encryptedContent.algorithm;
key = key || msg.encryptedContent.key;
var keyLen, ivLen, ciphFn;
switch(cipher) {
case forge.pki.oids['aes128-CBC']:
keyLen = 16;
ivLen = 16;
ciphFn = forge.aes.createEncryptionCipher;
break;
case forge.pki.oids['aes192-CBC']:
keyLen = 24;
ivLen = 16;
ciphFn = forge.aes.createEncryptionCipher;
break;
case forge.pki.oids['aes256-CBC']:
keyLen = 32;
ivLen = 16;
ciphFn = forge.aes.createEncryptionCipher;
break;
case forge.pki.oids['des-EDE3-CBC']:
keyLen = 24;
ivLen = 8;
ciphFn = forge.des.createEncryptionCipher;
break;
default:
throw new Error('Unsupported symmetric cipher, OID ' + cipher);
}
if(key === undefined) {
key = forge.util.createBuffer(forge.random.getBytes(keyLen));
} else if(key.length() != keyLen) {
throw new Error('Symmetric key has wrong length; ' +
'got ' + key.length() + ' bytes, expected ' + keyLen + '.');
}
// Keep a copy of the key & IV in the object, so the caller can
// use it for whatever reason.
msg.encryptedContent.algorithm = cipher;
msg.encryptedContent.key = key;
msg.encryptedContent.parameter = forge.util.createBuffer(
forge.random.getBytes(ivLen));
var ciph = ciphFn(key);
ciph.start(msg.encryptedContent.parameter.copy());
ciph.update(msg.content);
// The finish function does PKCS#7 padding by default, therefore
// no action required by us.
if(!ciph.finish()) {
throw new Error('Symmetric encryption failed.');
}
msg.encryptedContent.content = ciph.output;
}
// Part 2: asymmetric encryption for each recipient
for(var i = 0; i < msg.recipients.length; ++i) {
var recipient = msg.recipients[i];
// Nothing to do, encryption already done.
if(recipient.encryptedContent.content !== undefined) {
continue;
}
switch(recipient.encryptedContent.algorithm) {
case forge.pki.oids.rsaEncryption:
recipient.encryptedContent.content =
recipient.encryptedContent.key.encrypt(
msg.encryptedContent.key.data);
break;
default:
throw new Error('Unsupported asymmetric cipher, OID ' +
recipient.encryptedContent.algorithm);
}
}
}
};
return msg;
};
/**
* Converts a single recipient from an ASN.1 object.
*
* @param obj the ASN.1 RecipientInfo.
*
* @return the recipient object.
*/
function _recipientFromAsn1(obj) {
// validate EnvelopedData content block and capture data
var capture = {};
var errors = [];
if(!asn1.validate(obj, p7.asn1.recipientInfoValidator, capture, errors)) {
var error = new Error('Cannot read PKCS#7 RecipientInfo. ' +
'ASN.1 object is not an PKCS#7 RecipientInfo.');
error.errors = errors;
throw error;
}
return {
version: capture.version.charCodeAt(0),
issuer: forge.pki.RDNAttributesAsArray(capture.issuer),
serialNumber: forge.util.createBuffer(capture.serial).toHex(),
encryptedContent: {
algorithm: asn1.derToOid(capture.encAlgorithm),
parameter: capture.encParameter.value,
content: capture.encKey
}
};
}
/**
* Converts a single recipient object to an ASN.1 object.
*
* @param obj the recipient object.
*
* @return the ASN.1 RecipientInfo.
*/
function _recipientToAsn1(obj) {
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Version
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(obj.version).getBytes()),
// IssuerAndSerialNumber
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Name
forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}),
// Serial
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
forge.util.hexToBytes(obj.serialNumber))
]),
// KeyEncryptionAlgorithmIdentifier
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(obj.encryptedContent.algorithm).getBytes()),
// Parameter, force NULL, only RSA supported for now.
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// EncryptedKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
obj.encryptedContent.content)
]);
}
/**
* Map a set of RecipientInfo ASN.1 objects to recipient objects.
*
* @param infos an array of ASN.1 representations RecipientInfo (i.e. SET OF).
*
* @return an array of recipient objects.
*/
function _recipientsFromAsn1(infos) {
var ret = [];
for(var i = 0; i < infos.length; ++i) {
ret.push(_recipientFromAsn1(infos[i]));
}
return ret;
}
/**
* Map an array of recipient objects to ASN.1 RecipientInfo objects.
*
* @param recipients an array of recipientInfo objects.
*
* @return an array of ASN.1 RecipientInfos.
*/
function _recipientsToAsn1(recipients) {
var ret = [];
for(var i = 0; i < recipients.length; ++i) {
ret.push(_recipientToAsn1(recipients[i]));
}
return ret;
}
/**
* Converts a single signer from an ASN.1 object.
*
* @param obj the ASN.1 representation of a SignerInfo.
*
* @return the signer object.
*/
function _signerFromAsn1(obj) {
// validate EnvelopedData content block and capture data
var capture = {};
var errors = [];
if(!asn1.validate(obj, p7.asn1.signerInfoValidator, capture, errors)) {
var error = new Error('Cannot read PKCS#7 SignerInfo. ' +
'ASN.1 object is not an PKCS#7 SignerInfo.');
error.errors = errors;
throw error;
}
var rval = {
version: capture.version.charCodeAt(0),
issuer: forge.pki.RDNAttributesAsArray(capture.issuer),
serialNumber: forge.util.createBuffer(capture.serial).toHex(),
digestAlgorithm: asn1.derToOid(capture.digestAlgorithm),
signatureAlgorithm: asn1.derToOid(capture.signatureAlgorithm),
signature: capture.signature,
authenticatedAttributes: [],
unauthenticatedAttributes: []
};
// TODO: convert attributes
var authenticatedAttributes = capture.authenticatedAttributes || [];
var unauthenticatedAttributes = capture.unauthenticatedAttributes || [];
return rval;
}
/**
* Converts a single signerInfo object to an ASN.1 object.
*
* @param obj the signerInfo object.
*
* @return the ASN.1 representation of a SignerInfo.
*/
function _signerToAsn1(obj) {
// SignerInfo
var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
asn1.integerToDer(obj.version).getBytes()),
// issuerAndSerialNumber
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// name
forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}),
// serial
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
forge.util.hexToBytes(obj.serialNumber))
]),
// digestAlgorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(obj.digestAlgorithm).getBytes()),
// parameters (null)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
])
]);
// authenticatedAttributes (OPTIONAL)
if(obj.authenticatedAttributesAsn1) {
// add ASN.1 previously generated during signing
rval.value.push(obj.authenticatedAttributesAsn1);
}
// digestEncryptionAlgorithm
rval.value.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(obj.signatureAlgorithm).getBytes()),
// parameters (null)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]));
// encryptedDigest
rval.value.push(asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, obj.signature));
// unauthenticatedAttributes (OPTIONAL)
if(obj.unauthenticatedAttributes.length > 0) {
// [1] IMPLICIT
var attrsAsn1 = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, []);
for(var i = 0; i < obj.unauthenticatedAttributes.length; ++i) {
var attr = obj.unauthenticatedAttributes[i];
attrsAsn1.values.push(_attributeToAsn1(attr));
}
rval.value.push(attrsAsn1);
}
return rval;
}
/**
* Map a set of SignerInfo ASN.1 objects to an array of signer objects.
*
* @param signerInfoAsn1s an array of ASN.1 SignerInfos (i.e. SET OF).
*
* @return an array of signers objects.
*/
function _signersFromAsn1(signerInfoAsn1s) {
var ret = [];
for(var i = 0; i < signerInfoAsn1s.length; ++i) {
ret.push(_signerFromAsn1(signerInfoAsn1s[i]));
}
return ret;
}
/**
* Map an array of signer objects to ASN.1 objects.
*
* @param signers an array of signer objects.
*
* @return an array of ASN.1 SignerInfos.
*/
function _signersToAsn1(signers) {
var ret = [];
for(var i = 0; i < signers.length; ++i) {
ret.push(_signerToAsn1(signers[i]));
}
return ret;
}
/**
* Convert an attribute object to an ASN.1 Attribute.
*
* @param attr the attribute object.
*
* @return the ASN.1 Attribute.
*/
function _attributeToAsn1(attr) {
var value;
// TODO: generalize to support more attributes
if(attr.type === forge.pki.oids.contentType) {
value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(attr.value).getBytes());
} else if(attr.type === forge.pki.oids.messageDigest) {
value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
attr.value.bytes());
} else if(attr.type === forge.pki.oids.signingTime) {
/* Note per RFC 2985: Dates between 1 January 1950 and 31 December 2049
(inclusive) MUST be encoded as UTCTime. Any dates with year values
before 1950 or after 2049 MUST be encoded as GeneralizedTime. [Further,]
UTCTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST
include seconds (i.e., times are YYMMDDHHMMSSZ), even where the
number of seconds is zero. Midnight (GMT) must be represented as
"YYMMDD000000Z". */
// TODO: make these module-level constants
var jan_1_1950 = new Date('Jan 1, 1950 00:00:00Z');
var jan_1_2050 = new Date('Jan 1, 2050 00:00:00Z');
var date = attr.value;
if(typeof date === 'string') {
// try to parse date
var timestamp = Date.parse(date);
if(!isNaN(timestamp)) {
date = new Date(timestamp);
} else if(date.length === 13) {
// YYMMDDHHMMSSZ (13 chars for UTCTime)
date = asn1.utcTimeToDate(date);
} else {
// assume generalized time
date = asn1.generalizedTimeToDate(date);
}
}
if(date >= jan_1_1950 && date < jan_1_2050) {
value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,
asn1.dateToUtcTime(date));
} else {
value = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false,
asn1.dateToGeneralizedTime(date));
}
}
// TODO: expose as common API call
// create a RelativeDistinguishedName set
// each value in the set is an AttributeTypeAndValue first
// containing the type (an OID) and second the value
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// AttributeType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(attr.type).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
// AttributeValue
value
])
]);
}
/**
* Map messages encrypted content to ASN.1 objects.
*
* @param ec The encryptedContent object of the message.
*
* @return ASN.1 representation of the encryptedContent object (SEQUENCE).
*/
function _encryptedContentToAsn1(ec) {
return [
// ContentType, always Data for the moment
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(forge.pki.oids.data).getBytes()),
// ContentEncryptionAlgorithmIdentifier
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(ec.algorithm).getBytes()),
// Parameters (IV)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
ec.parameter.getBytes())
]),
// [0] EncryptedContent
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
ec.content.getBytes())
])
];
}
/**
* Reads the "common part" of an PKCS#7 content block (in ASN.1 format)
*
* This function reads the "common part" of the PKCS#7 content blocks
* EncryptedData and EnvelopedData, i.e. version number and symmetrically
* encrypted content block.
*
* The result of the ASN.1 validate and capture process is returned
* to allow the caller to extract further data, e.g. the list of recipients
* in case of a EnvelopedData object.
*
* @param msg the PKCS#7 object to read the data to.
* @param obj the ASN.1 representation of the content block.
* @param validator the ASN.1 structure validator object to use.
*
* @return the value map captured by validator object.
*/
function _fromAsn1(msg, obj, validator) {
var capture = {};
var errors = [];
if(!asn1.validate(obj, validator, capture, errors)) {
var error = new Error('Cannot read PKCS#7 message. ' +
'ASN.1 object is not a supported PKCS#7 message.');
error.errors = error;
throw error;
}
// Check contentType, so far we only support (raw) Data.
var contentType = asn1.derToOid(capture.contentType);
if(contentType !== forge.pki.oids.data) {
throw new Error('Unsupported PKCS#7 message. ' +
'Only wrapped ContentType Data supported.');
}
if(capture.encryptedContent) {
var content = '';
if(forge.util.isArray(capture.encryptedContent)) {
for(var i = 0; i < capture.encryptedContent.length; ++i) {
if(capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) {
throw new Error('Malformed PKCS#7 message, expecting encrypted ' +
'content constructed of only OCTET STRING objects.');
}
content += capture.encryptedContent[i].value;
}
} else {
content = capture.encryptedContent;
}
msg.encryptedContent = {
algorithm: asn1.derToOid(capture.encAlgorithm),
parameter: forge.util.createBuffer(capture.encParameter.value),
content: forge.util.createBuffer(content)
};
}
if(capture.content) {
var content = '';
if(forge.util.isArray(capture.content)) {
for(var i = 0; i < capture.content.length; ++i) {
if(capture.content[i].type !== asn1.Type.OCTETSTRING) {
throw new Error('Malformed PKCS#7 message, expecting ' +
'content constructed of only OCTET STRING objects.');
}
content += capture.content[i].value;
}
} else {
content = capture.content;
}
msg.content = forge.util.createBuffer(content);
}
msg.version = capture.version.charCodeAt(0);
msg.rawCapture = capture;
return capture;
}
/**
* Decrypt the symmetrically encrypted content block of the PKCS#7 message.
*
* Decryption is skipped in case the PKCS#7 message object already has a
* (decrypted) content attribute. The algorithm, key and cipher parameters
* (probably the iv) are taken from the encryptedContent attribute of the
* message object.
*
* @param The PKCS#7 message object.
*/
function _decryptContent(msg) {
if(msg.encryptedContent.key === undefined) {
throw new Error('Symmetric key not available.');
}
if(msg.content === undefined) {
var ciph;
switch(msg.encryptedContent.algorithm) {
case forge.pki.oids['aes128-CBC']:
case forge.pki.oids['aes192-CBC']:
case forge.pki.oids['aes256-CBC']:
ciph = forge.aes.createDecryptionCipher(msg.encryptedContent.key);
break;
case forge.pki.oids['desCBC']:
case forge.pki.oids['des-EDE3-CBC']:
ciph = forge.des.createDecryptionCipher(msg.encryptedContent.key);
break;
default:
throw new Error('Unsupported symmetric cipher, OID ' +
msg.encryptedContent.algorithm);
}
ciph.start(msg.encryptedContent.parameter);
ciph.update(msg.encryptedContent.content);
if(!ciph.finish()) {
throw new Error('Symmetric decryption failed.');
}
msg.content = ciph.output;
}
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pkcs7';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/pkcs7',[
'require',
'module',
'./aes',
'./asn1',
'./des',
'./oids',
'./pem',
'./pkcs7asn1',
'./random',
'./util',
'./x509'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Functions to output keys in SSH-friendly formats.
*
* This is part of the Forge project which may be used under the terms of
* either the BSD License or the GNU General Public License (GPL) Version 2.
*
* See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE
*
* @author https://github.com/shellac
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var ssh = forge.ssh = forge.ssh || {};
/**
* Encodes (and optionally encrypts) a private RSA key as a Putty PPK file.
*
* @param privateKey the key.
* @param passphrase a passphrase to protect the key (falsy for no encryption).
* @param comment a comment to include in the key file.
*
* @return the PPK file as a string.
*/
ssh.privateKeyToPutty = function(privateKey, passphrase, comment) {
comment = comment || '';
passphrase = passphrase || '';
var algorithm = 'ssh-rsa';
var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc';
var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n';
ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n';
ppk += 'Comment: ' + comment + '\r\n';
// public key into buffer for ppk
var pubbuffer = forge.util.createBuffer();
_addStringToBuffer(pubbuffer, algorithm);
_addBigIntegerToBuffer(pubbuffer, privateKey.e);
_addBigIntegerToBuffer(pubbuffer, privateKey.n);
// write public key
var pub = forge.util.encode64(pubbuffer.bytes(), 64);
var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n
ppk += 'Public-Lines: ' + length + '\r\n';
ppk += pub;
// private key into a buffer
var privbuffer = forge.util.createBuffer();
_addBigIntegerToBuffer(privbuffer, privateKey.d);
_addBigIntegerToBuffer(privbuffer, privateKey.p);
_addBigIntegerToBuffer(privbuffer, privateKey.q);
_addBigIntegerToBuffer(privbuffer, privateKey.qInv);
// optionally encrypt the private key
var priv;
if(!passphrase) {
// use the unencrypted buffer
priv = forge.util.encode64(privbuffer.bytes(), 64);
} else {
// encrypt RSA key using passphrase
var encLen = privbuffer.length() + 16 - 1;
encLen -= encLen % 16;
// pad private key with sha1-d data -- needs to be a multiple of 16
var padding = _sha1(privbuffer.bytes());
padding.truncate(padding.length() - encLen + privbuffer.length());
privbuffer.putBuffer(padding);
var aeskey = forge.util.createBuffer();
aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase));
aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase));
// encrypt some bytes using CBC mode
// key is 40 bytes, so truncate *by* 8 bytes
var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC');
cipher.start(forge.util.createBuffer().fillWithByte(0, 16));
cipher.update(privbuffer.copy());
cipher.finish();
var encrypted = cipher.output;
// Note: this appears to differ from Putty -- is forge wrong, or putty?
// due to padding we finish as an exact multiple of 16
encrypted.truncate(16); // all padding
priv = forge.util.encode64(encrypted.bytes(), 64);
}
// output private key
length = Math.floor(priv.length / 66) + 1; // 64 + \r\n
ppk += '\r\nPrivate-Lines: ' + length + '\r\n';
ppk += priv;
// MAC
var mackey = _sha1('putty-private-key-file-mac-key', passphrase);
var macbuffer = forge.util.createBuffer();
_addStringToBuffer(macbuffer, algorithm);
_addStringToBuffer(macbuffer, encryptionAlgorithm);
_addStringToBuffer(macbuffer, comment);
macbuffer.putInt32(pubbuffer.length());
macbuffer.putBuffer(pubbuffer);
macbuffer.putInt32(privbuffer.length());
macbuffer.putBuffer(privbuffer);
var hmac = forge.hmac.create();
hmac.start('sha1', mackey);
hmac.update(macbuffer.bytes());
ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n';
return ppk;
};
/**
* Encodes a public RSA key as an OpenSSH file.
*
* @param key the key.
* @param comment a comment.
*
* @return the public key in OpenSSH format.
*/
ssh.publicKeyToOpenSSH = function(key, comment) {
var type = 'ssh-rsa';
comment = comment || '';
var buffer = forge.util.createBuffer();
_addStringToBuffer(buffer, type);
_addBigIntegerToBuffer(buffer, key.e);
_addBigIntegerToBuffer(buffer, key.n);
return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment;
};
/**
* Encodes a private RSA key as an OpenSSH file.
*
* @param key the key.
* @param passphrase a passphrase to protect the key (falsy for no encryption).
*
* @return the public key in OpenSSH format.
*/
ssh.privateKeyToOpenSSH = function(privateKey, passphrase) {
if(!passphrase) {
return forge.pki.privateKeyToPem(privateKey);
}
// OpenSSH private key is just a legacy format, it seems
return forge.pki.encryptRsaPrivateKey(privateKey, passphrase,
{legacy: true, algorithm: 'aes128'});
};
/**
* Gets the SSH fingerprint for the given public key.
*
* @param options the options to use.
* [md] the message digest object to use (defaults to forge.md.md5).
* [encoding] an alternative output encoding, such as 'hex'
* (defaults to none, outputs a byte buffer).
* [delimiter] the delimiter to use between bytes for 'hex' encoded
* output, eg: ':' (defaults to none).
*
* @return the fingerprint as a byte buffer or other encoding based on options.
*/
ssh.getPublicKeyFingerprint = function(key, options) {
options = options || {};
var md = options.md || forge.md.md5.create();
var type = 'ssh-rsa';
var buffer = forge.util.createBuffer();
_addStringToBuffer(buffer, type);
_addBigIntegerToBuffer(buffer, key.e);
_addBigIntegerToBuffer(buffer, key.n);
// hash public key bytes
md.start();
md.update(buffer.getBytes());
var digest = md.digest();
if(options.encoding === 'hex') {
var hex = digest.toHex();
if(options.delimiter) {
return hex.match(/.{2}/g).join(options.delimiter);
}
return hex;
} else if(options.encoding === 'binary') {
return digest.getBytes();
} else if(options.encoding) {
throw new Error('Unknown encoding "' + options.encoding + '".');
}
return digest;
};
/**
* Adds len(val) then val to a buffer.
*
* @param buffer the buffer to add to.
* @param val a big integer.
*/
function _addBigIntegerToBuffer(buffer, val) {
var hexVal = val.toString(16);
// ensure 2s complement +ve
if(hexVal[0] >= '8') {
hexVal = '00' + hexVal;
}
var bytes = forge.util.hexToBytes(hexVal);
buffer.putInt32(bytes.length);
buffer.putBytes(bytes);
}
/**
* Adds len(val) then val to a buffer.
*
* @param buffer the buffer to add to.
* @param val a string.
*/
function _addStringToBuffer(buffer, val) {
buffer.putInt32(val.length);
buffer.putString(val);
}
/**
* Hashes the arguments into one value using SHA-1.
*
* @return the sha1 hash of the provided arguments.
*/
function _sha1() {
var sha = forge.md.sha1.create();
var num = arguments.length;
for (var i = 0; i < num; ++i) {
sha.update(arguments[i]);
}
return sha.digest();
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'ssh';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/ssh',[
'require',
'module',
'./aes',
'./hmac',
'./md5',
'./sha1',
'./util'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Support for concurrent task management and synchronization in web
* applications.
*
* @author Dave Longley
* @author David I. Lehn <dlehn@digitalbazaar.com>
*
* Copyright (c) 2009-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
// logging category
var cat = 'forge.task';
// verbose level
// 0: off, 1: a little, 2: a whole lot
// Verbose debug logging is surrounded by a level check to avoid the
// performance issues with even calling the logging code regardless if it
// is actually logged. For performance reasons this should not be set to 2
// for production use.
// ex: if(sVL >= 2) forge.log.verbose(....)
var sVL = 0;
// track tasks for debugging
var sTasks = {};
var sNextTaskId = 0;
// debug access
forge.debug.set(cat, 'tasks', sTasks);
// a map of task type to task queue
var sTaskQueues = {};
// debug access
forge.debug.set(cat, 'queues', sTaskQueues);
// name for unnamed tasks
var sNoTaskName = '?';
// maximum number of doNext() recursions before a context swap occurs
// FIXME: might need to tweak this based on the browser
var sMaxRecursions = 30;
// time slice for doing tasks before a context swap occurs
// FIXME: might need to tweak this based on the browser
var sTimeSlice = 20;
/**
* Task states.
*
* READY: ready to start processing
* RUNNING: task or a subtask is running
* BLOCKED: task is waiting to acquire N permits to continue
* SLEEPING: task is sleeping for a period of time
* DONE: task is done
* ERROR: task has an error
*/
var READY = 'ready';
var RUNNING = 'running';
var BLOCKED = 'blocked';
var SLEEPING = 'sleeping';
var DONE = 'done';
var ERROR = 'error';
/**
* Task actions. Used to control state transitions.
*
* STOP: stop processing
* START: start processing tasks
* BLOCK: block task from continuing until 1 or more permits are released
* UNBLOCK: release one or more permits
* SLEEP: sleep for a period of time
* WAKEUP: wakeup early from SLEEPING state
* CANCEL: cancel further tasks
* FAIL: a failure occured
*/
var STOP = 'stop';
var START = 'start';
var BLOCK = 'block';
var UNBLOCK = 'unblock';
var SLEEP = 'sleep';
var WAKEUP = 'wakeup';
var CANCEL = 'cancel';
var FAIL = 'fail';
/**
* State transition table.
*
* nextState = sStateTable[currentState][action]
*/
var sStateTable = {};
sStateTable[READY] = {};
sStateTable[READY][STOP] = READY;
sStateTable[READY][START] = RUNNING;
sStateTable[READY][CANCEL] = DONE;
sStateTable[READY][FAIL] = ERROR;
sStateTable[RUNNING] = {};
sStateTable[RUNNING][STOP] = READY;
sStateTable[RUNNING][START] = RUNNING;
sStateTable[RUNNING][BLOCK] = BLOCKED;
sStateTable[RUNNING][UNBLOCK] = RUNNING;
sStateTable[RUNNING][SLEEP] = SLEEPING;
sStateTable[RUNNING][WAKEUP] = RUNNING;
sStateTable[RUNNING][CANCEL] = DONE;
sStateTable[RUNNING][FAIL] = ERROR;
sStateTable[BLOCKED] = {};
sStateTable[BLOCKED][STOP] = BLOCKED;
sStateTable[BLOCKED][START] = BLOCKED;
sStateTable[BLOCKED][BLOCK] = BLOCKED;
sStateTable[BLOCKED][UNBLOCK] = BLOCKED;
sStateTable[BLOCKED][SLEEP] = BLOCKED;
sStateTable[BLOCKED][WAKEUP] = BLOCKED;
sStateTable[BLOCKED][CANCEL] = DONE;
sStateTable[BLOCKED][FAIL] = ERROR;
sStateTable[SLEEPING] = {};
sStateTable[SLEEPING][STOP] = SLEEPING;
sStateTable[SLEEPING][START] = SLEEPING;
sStateTable[SLEEPING][BLOCK] = SLEEPING;
sStateTable[SLEEPING][UNBLOCK] = SLEEPING;
sStateTable[SLEEPING][SLEEP] = SLEEPING;
sStateTable[SLEEPING][WAKEUP] = SLEEPING;
sStateTable[SLEEPING][CANCEL] = DONE;
sStateTable[SLEEPING][FAIL] = ERROR;
sStateTable[DONE] = {};
sStateTable[DONE][STOP] = DONE;
sStateTable[DONE][START] = DONE;
sStateTable[DONE][BLOCK] = DONE;
sStateTable[DONE][UNBLOCK] = DONE;
sStateTable[DONE][SLEEP] = DONE;
sStateTable[DONE][WAKEUP] = DONE;
sStateTable[DONE][CANCEL] = DONE;
sStateTable[DONE][FAIL] = ERROR;
sStateTable[ERROR] = {};
sStateTable[ERROR][STOP] = ERROR;
sStateTable[ERROR][START] = ERROR;
sStateTable[ERROR][BLOCK] = ERROR;
sStateTable[ERROR][UNBLOCK] = ERROR;
sStateTable[ERROR][SLEEP] = ERROR;
sStateTable[ERROR][WAKEUP] = ERROR;
sStateTable[ERROR][CANCEL] = ERROR;
sStateTable[ERROR][FAIL] = ERROR;
/**
* Creates a new task.
*
* @param options options for this task
* run: the run function for the task (required)
* name: the run function for the task (optional)
* parent: parent of this task (optional)
*
* @return the empty task.
*/
var Task = function(options) {
// task id
this.id = -1;
// task name
this.name = options.name || sNoTaskName;
// task has no parent
this.parent = options.parent || null;
// save run function
this.run = options.run;
// create a queue of subtasks to run
this.subtasks = [];
// error flag
this.error = false;
// state of the task
this.state = READY;
// number of times the task has been blocked (also the number
// of permits needed to be released to continue running)
this.blocks = 0;
// timeout id when sleeping
this.timeoutId = null;
// no swap time yet
this.swapTime = null;
// no user data
this.userData = null;
// initialize task
// FIXME: deal with overflow
this.id = sNextTaskId++;
sTasks[this.id] = this;
if(sVL >= 1) {
forge.log.verbose(cat, '[%s][%s] init', this.id, this.name, this);
}
};
/**
* Logs debug information on this task and the system state.
*/
Task.prototype.debug = function(msg) {
msg = msg || '';
forge.log.debug(cat, msg,
'[%s][%s] task:', this.id, this.name, this,
'subtasks:', this.subtasks.length,
'queue:', sTaskQueues);
};
/**
* Adds a subtask to run after task.doNext() or task.fail() is called.
*
* @param name human readable name for this task (optional).
* @param subrun a function to run that takes the current task as
* its first parameter.
*
* @return the current task (useful for chaining next() calls).
*/
Task.prototype.next = function(name, subrun) {
// juggle parameters if it looks like no name is given
if(typeof(name) === 'function') {
subrun = name;
// inherit parent's name
name = this.name;
}
// create subtask, set parent to this task, propagate callbacks
var subtask = new Task({
run: subrun,
name: name,
parent: this
});
// start subtasks running
subtask.state = RUNNING;
subtask.type = this.type;
subtask.successCallback = this.successCallback || null;
subtask.failureCallback = this.failureCallback || null;
// queue a new subtask
this.subtasks.push(subtask);
return this;
};
/**
* Adds subtasks to run in parallel after task.doNext() or task.fail()
* is called.
*
* @param name human readable name for this task (optional).
* @param subrun functions to run that take the current task as
* their first parameter.
*
* @return the current task (useful for chaining next() calls).
*/
Task.prototype.parallel = function(name, subrun) {
// juggle parameters if it looks like no name is given
if(forge.util.isArray(name)) {
subrun = name;
// inherit parent's name
name = this.name;
}
// Wrap parallel tasks in a regular task so they are started at the
// proper time.
return this.next(name, function(task) {
// block waiting for subtasks
var ptask = task;
ptask.block(subrun.length);
// we pass the iterator from the loop below as a parameter
// to a function because it is otherwise included in the
// closure and changes as the loop changes -- causing i
// to always be set to its highest value
var startParallelTask = function(pname, pi) {
forge.task.start({
type: pname,
run: function(task) {
subrun[pi](task);
},
success: function(task) {
ptask.unblock();
},
failure: function(task) {
ptask.unblock();
}
});
};
for(var i = 0; i < subrun.length; i++) {
// Type must be unique so task starts in parallel:
// name + private string + task id + sub-task index
// start tasks in parallel and unblock when the finish
var pname = name + '__parallel-' + task.id + '-' + i;
var pi = i;
startParallelTask(pname, pi);
}
});
};
/**
* Stops a running task.
*/
Task.prototype.stop = function() {
this.state = sStateTable[this.state][STOP];
};
/**
* Starts running a task.
*/
Task.prototype.start = function() {
this.error = false;
this.state = sStateTable[this.state][START];
// try to restart
if(this.state === RUNNING) {
this.start = new Date();
this.run(this);
runNext(this, 0);
}
};
/**
* Blocks a task until it one or more permits have been released. The
* task will not resume until the requested number of permits have
* been released with call(s) to unblock().
*
* @param n number of permits to wait for(default: 1).
*/
Task.prototype.block = function(n) {
n = typeof(n) === 'undefined' ? 1 : n;
this.blocks += n;
if(this.blocks > 0) {
this.state = sStateTable[this.state][BLOCK];
}
};
/**
* Releases a permit to unblock a task. If a task was blocked by
* requesting N permits via block(), then it will only continue
* running once enough permits have been released via unblock() calls.
*
* If multiple processes need to synchronize with a single task then
* use a condition variable (see forge.task.createCondition). It is
* an error to unblock a task more times than it has been blocked.
*
* @param n number of permits to release (default: 1).
*
* @return the current block count (task is unblocked when count is 0)
*/
Task.prototype.unblock = function(n) {
n = typeof(n) === 'undefined' ? 1 : n;
this.blocks -= n;
if(this.blocks === 0 && this.state !== DONE) {
this.state = RUNNING;
runNext(this, 0);
}
return this.blocks;
};
/**
* Sleep for a period of time before resuming tasks.
*
* @param n number of milliseconds to sleep (default: 0).
*/
Task.prototype.sleep = function(n) {
n = typeof(n) === 'undefined' ? 0 : n;
this.state = sStateTable[this.state][SLEEP];
var self = this;
this.timeoutId = setTimeout(function() {
self.timeoutId = null;
self.state = RUNNING;
runNext(self, 0);
}, n);
};
/**
* Waits on a condition variable until notified. The next task will
* not be scheduled until notification. A condition variable can be
* created with forge.task.createCondition().
*
* Once cond.notify() is called, the task will continue.
*
* @param cond the condition variable to wait on.
*/
Task.prototype.wait = function(cond) {
cond.wait(this);
};
/**
* If sleeping, wakeup and continue running tasks.
*/
Task.prototype.wakeup = function() {
if(this.state === SLEEPING) {
cancelTimeout(this.timeoutId);
this.timeoutId = null;
this.state = RUNNING;
runNext(this, 0);
}
};
/**
* Cancel all remaining subtasks of this task.
*/
Task.prototype.cancel = function() {
this.state = sStateTable[this.state][CANCEL];
// remove permits needed
this.permitsNeeded = 0;
// cancel timeouts
if(this.timeoutId !== null) {
cancelTimeout(this.timeoutId);
this.timeoutId = null;
}
// remove subtasks
this.subtasks = [];
};
/**
* Finishes this task with failure and sets error flag. The entire
* task will be aborted unless the next task that should execute
* is passed as a parameter. This allows levels of subtasks to be
* skipped. For instance, to abort only this tasks's subtasks, then
* call fail(task.parent). To abort this task's subtasks and its
* parent's subtasks, call fail(task.parent.parent). To abort
* all tasks and simply call the task callback, call fail() or
* fail(null).
*
* The task callback (success or failure) will always, eventually, be
* called.
*
* @param next the task to continue at, or null to abort entirely.
*/
Task.prototype.fail = function(next) {
// set error flag
this.error = true;
// finish task
finish(this, true);
if(next) {
// propagate task info
next.error = this.error;
next.swapTime = this.swapTime;
next.userData = this.userData;
// do next task as specified
runNext(next, 0);
} else {
if(this.parent !== null) {
// finish root task (ensures it is removed from task queue)
var parent = this.parent;
while(parent.parent !== null) {
// propagate task info
parent.error = this.error;
parent.swapTime = this.swapTime;
parent.userData = this.userData;
parent = parent.parent;
}
finish(parent, true);
}
// call failure callback if one exists
if(this.failureCallback) {
this.failureCallback(this);
}
}
};
/**
* Asynchronously start a task.
*
* @param task the task to start.
*/
var start = function(task) {
task.error = false;
task.state = sStateTable[task.state][START];
setTimeout(function() {
if(task.state === RUNNING) {
task.swapTime = +new Date();
task.run(task);
runNext(task, 0);
}
}, 0);
};
/**
* Run the next subtask or finish this task.
*
* @param task the task to process.
* @param recurse the recursion count.
*/
var runNext = function(task, recurse) {
// get time since last context swap (ms), if enough time has passed set
// swap to true to indicate that doNext was performed asynchronously
// also, if recurse is too high do asynchronously
var swap =
(recurse > sMaxRecursions) ||
(+new Date() - task.swapTime) > sTimeSlice;
var doNext = function(recurse) {
recurse++;
if(task.state === RUNNING) {
if(swap) {
// update swap time
task.swapTime = +new Date();
}
if(task.subtasks.length > 0) {
// run next subtask
var subtask = task.subtasks.shift();
subtask.error = task.error;
subtask.swapTime = task.swapTime;
subtask.userData = task.userData;
subtask.run(subtask);
if(!subtask.error) {
runNext(subtask, recurse);
}
} else {
finish(task);
if(!task.error) {
// chain back up and run parent
if(task.parent !== null) {
// propagate task info
task.parent.error = task.error;
task.parent.swapTime = task.swapTime;
task.parent.userData = task.userData;
// no subtasks left, call run next subtask on parent
runNext(task.parent, recurse);
}
}
}
}
};
if(swap) {
// we're swapping, so run asynchronously
setTimeout(doNext, 0);
} else {
// not swapping, so run synchronously
doNext(recurse);
}
};
/**
* Finishes a task and looks for the next task in the queue to start.
*
* @param task the task to finish.
* @param suppressCallbacks true to suppress callbacks.
*/
var finish = function(task, suppressCallbacks) {
// subtask is now done
task.state = DONE;
delete sTasks[task.id];
if(sVL >= 1) {
forge.log.verbose(cat, '[%s][%s] finish',
task.id, task.name, task);
}
// only do queue processing for root tasks
if(task.parent === null) {
// report error if queue is missing
if(!(task.type in sTaskQueues)) {
forge.log.error(cat,
'[%s][%s] task queue missing [%s]',
task.id, task.name, task.type);
} else if(sTaskQueues[task.type].length === 0) {
// report error if queue is empty
forge.log.error(cat,
'[%s][%s] task queue empty [%s]',
task.id, task.name, task.type);
} else if(sTaskQueues[task.type][0] !== task) {
// report error if this task isn't the first in the queue
forge.log.error(cat,
'[%s][%s] task not first in queue [%s]',
task.id, task.name, task.type);
} else {
// remove ourselves from the queue
sTaskQueues[task.type].shift();
// clean up queue if it is empty
if(sTaskQueues[task.type].length === 0) {
if(sVL >= 1) {
forge.log.verbose(cat, '[%s][%s] delete queue [%s]',
task.id, task.name, task.type);
}
/* Note: Only a task can delete a queue of its own type. This
is used as a way to synchronize tasks. If a queue for a certain
task type exists, then a task of that type is running.
*/
delete sTaskQueues[task.type];
} else {
// dequeue the next task and start it
if(sVL >= 1) {
forge.log.verbose(cat,
'[%s][%s] queue start next [%s] remain:%s',
task.id, task.name, task.type,
sTaskQueues[task.type].length);
}
sTaskQueues[task.type][0].start();
}
}
if(!suppressCallbacks) {
// call final callback if one exists
if(task.error && task.failureCallback) {
task.failureCallback(task);
} else if(!task.error && task.successCallback) {
task.successCallback(task);
}
}
}
};
/* Tasks API */
forge.task = forge.task || {};
/**
* Starts a new task that will run the passed function asynchronously.
*
* In order to finish the task, either task.doNext() or task.fail()
* *must* be called.
*
* The task must have a type (a string identifier) that can be used to
* synchronize it with other tasks of the same type. That type can also
* be used to cancel tasks that haven't started yet.
*
* To start a task, the following object must be provided as a parameter
* (each function takes a task object as its first parameter):
*
* {
* type: the type of task.
* run: the function to run to execute the task.
* success: a callback to call when the task succeeds (optional).
* failure: a callback to call when the task fails (optional).
* }
*
* @param options the object as described above.
*/
forge.task.start = function(options) {
// create a new task
var task = new Task({
run: options.run,
name: options.name || sNoTaskName
});
task.type = options.type;
task.successCallback = options.success || null;
task.failureCallback = options.failure || null;
// append the task onto the appropriate queue
if(!(task.type in sTaskQueues)) {
if(sVL >= 1) {
forge.log.verbose(cat, '[%s][%s] create queue [%s]',
task.id, task.name, task.type);
}
// create the queue with the new task
sTaskQueues[task.type] = [task];
start(task);
} else {
// push the task onto the queue, it will be run after a task
// with the same type completes
sTaskQueues[options.type].push(task);
}
};
/**
* Cancels all tasks of the given type that haven't started yet.
*
* @param type the type of task to cancel.
*/
forge.task.cancel = function(type) {
// find the task queue
if(type in sTaskQueues) {
// empty all but the current task from the queue
sTaskQueues[type] = [sTaskQueues[type][0]];
}
};
/**
* Creates a condition variable to synchronize tasks. To make a task wait
* on the condition variable, call task.wait(condition). To notify all
* tasks that are waiting, call condition.notify().
*
* @return the condition variable.
*/
forge.task.createCondition = function() {
var cond = {
// all tasks that are blocked
tasks: {}
};
/**
* Causes the given task to block until notify is called. If the task
* is already waiting on this condition then this is a no-op.
*
* @param task the task to cause to wait.
*/
cond.wait = function(task) {
// only block once
if(!(task.id in cond.tasks)) {
task.block();
cond.tasks[task.id] = task;
}
};
/**
* Notifies all waiting tasks to wake up.
*/
cond.notify = function() {
// since unblock() will run the next task from here, make sure to
// clear the condition's blocked task list before unblocking
var tmp = cond.tasks;
cond.tasks = {};
for(var id in tmp) {
tmp[id].unblock();
}
};
return cond;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'task';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/task',['require', 'module', './debug', './log', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
/**
* Node.js module for Forge.
*
* @author Dave Longley
*
* Copyright 2011-2014 Digital Bazaar, Inc.
*/
(function() {
var name = 'forge';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
} else {
// <script>
if(typeof forge === 'undefined') {
// set to true to disable native code if even it's available
forge = {disableNativeCode: false};
}
return;
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
});
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge;
};
// set to true to disable native code if even it's available
module.exports.disableNativeCode = false;
module.exports(module.exports);
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define('js/forge',[
'require',
'module',
'./aes',
'./aesCipherSuites',
'./asn1',
'./cipher',
'./cipherModes',
'./debug',
'./des',
'./hmac',
'./kem',
'./log',
'./md',
'./mgf1',
'./pbkdf2',
'./pem',
'./pkcs7',
'./pkcs1',
'./pkcs12',
'./pki',
'./prime',
'./prng',
'./pss',
'./random',
'./rc2',
'./ssh',
'./task',
'./tls',
'./util'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();
return require('js/forge');
});
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(13), __webpack_require__(157).setImmediate, __webpack_require__(77)(module), __webpack_require__(1).Buffer))
/***/ },
/* 157 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(setImmediate, clearImmediate) {var nextTick = __webpack_require__(13).nextTick;
var apply = Function.prototype.apply;
var slice = Array.prototype.slice;
var immediateIds = {};
var nextImmediateId = 0;
// DOM APIs, for completeness
exports.setTimeout = function() {
return new Timeout(apply.call(setTimeout, window, arguments), clearTimeout);
};
exports.setInterval = function() {
return new Timeout(apply.call(setInterval, window, arguments), clearInterval);
};
exports.clearTimeout =
exports.clearInterval = function(timeout) { timeout.close(); };
function Timeout(id, clearFn) {
this._id = id;
this._clearFn = clearFn;
}
Timeout.prototype.unref = Timeout.prototype.ref = function() {};
Timeout.prototype.close = function() {
this._clearFn.call(window, this._id);
};
// Does not start the time, just sets up the members needed.
exports.enroll = function(item, msecs) {
clearTimeout(item._idleTimeoutId);
item._idleTimeout = msecs;
};
exports.unenroll = function(item) {
clearTimeout(item._idleTimeoutId);
item._idleTimeout = -1;
};
exports._unrefActive = exports.active = function(item) {
clearTimeout(item._idleTimeoutId);
var msecs = item._idleTimeout;
if (msecs >= 0) {
item._idleTimeoutId = setTimeout(function onTimeout() {
if (item._onTimeout)
item._onTimeout();
}, msecs);
}
};
// That's not how node.js implements it but the exposed api is the same.
exports.setImmediate = typeof setImmediate === "function" ? setImmediate : function(fn) {
var id = nextImmediateId++;
var args = arguments.length < 2 ? false : slice.call(arguments, 1);
immediateIds[id] = true;
nextTick(function onNextTick() {
if (immediateIds[id]) {
// fn.call() is faster so we optimize for the common use-case
// @see http://jsperf.com/call-apply-segu
if (args) {
fn.apply(null, args);
} else {
fn.call(null);
}
// Prevent ids from leaking
exports.clearImmediate(id);
}
});
return id;
};
exports.clearImmediate = typeof clearImmediate === "function" ? clearImmediate : function(id) {
delete immediateIds[id];
};
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(157).setImmediate, __webpack_require__(157).clearImmediate))
/***/ },
/* 158 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var schema = __webpack_require__(159)
var compile = __webpack_require__(163)
module.exports = function (proto, opts) {
if (!opts) opts = {}
if (!proto) throw new Error('Pass in a .proto string or a protobuf-schema parsed object')
var sch = (typeof proto === 'object' && !Buffer.isBuffer(proto)) ? proto : schema.parse(proto)
// to not make toString,toJSON enumarable we make a fire-and-forget prototype
var Messages = function () {
var self = this
compile(sch, opts.encodings || {}).forEach(function (m) {
self[m.name] = m.values || m
})
}
Messages.prototype.toString = function () {
return schema.stringify(sch)
}
Messages.prototype.toJSON = function () {
return sch
}
return new Messages()
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 159 */
/***/ function(module, exports, __webpack_require__) {
var parse = __webpack_require__(160)
var stringify = __webpack_require__(162)
module.exports = parse
module.exports.parse = parse
module.exports.stringify = stringify
/***/ },
/* 160 */
/***/ function(module, exports, __webpack_require__) {
var tokenize = __webpack_require__(161)
var MAX_RANGE = 0x1FFFFFFF
var onfieldoptions = function (tokens) {
var opts = {}
while (tokens.length) {
switch (tokens[0]) {
case '[':
case ',':
tokens.shift()
var name = tokens.shift()
if (name === '(') { // handling [(A) = B]
name = tokens.shift()
tokens.shift() // remove the end of bracket
}
if (tokens[0] !== '=') throw new Error('Unexpected token in field options: ' + tokens[0])
tokens.shift()
if (tokens[0] === ']') throw new Error('Unexpected ] in field option')
opts[name] = tokens.shift()
break
case ']':
tokens.shift()
return opts
default:
throw new Error('Unexpected token in field options: ' + tokens[0])
}
}
throw new Error('No closing tag for field options')
}
var onfield = function (tokens) {
var field = {
name: null,
type: null,
tag: 0,
map: null,
oneof: null,
required: false,
repeated: false,
options: {}
}
while (tokens.length) {
switch (tokens[0]) {
case '=':
tokens.shift()
field.tag = Number(tokens.shift())
break
case 'map':
field.type = 'map'
field.map = {from: null, to: null}
tokens.shift()
if (tokens[0] !== '<') throw new Error('Unexpected token in map type: ' + tokens[0])
tokens.shift()
field.map.from = tokens.shift()
if (tokens[0] !== ',') throw new Error('Unexpected token in map type: ' + tokens[0])
tokens.shift()
field.map.to = tokens.shift()
if (tokens[0] !== '>') throw new Error('Unexpected token in map type: ' + tokens[0])
tokens.shift()
field.name = tokens.shift()
break
case 'repeated':
case 'required':
case 'optional':
var t = tokens.shift()
field.required = t === 'required'
field.repeated = t === 'repeated'
field.type = tokens.shift()
field.name = tokens.shift()
break
case '[':
field.options = onfieldoptions(tokens)
break
case ';':
tokens.shift()
return field
default:
throw new Error('Unexpected token in message field: ' + tokens[0])
}
}
throw new Error('No ; found for message field')
}
var onmessagebody = function (tokens) {
var body = {
enums: [],
messages: [],
fields: [],
extensions: null
}
while (tokens.length) {
switch (tokens[0]) {
case 'map':
case 'repeated':
case 'optional':
case 'required':
body.fields.push(onfield(tokens))
break
case 'enum':
body.enums.push(onenum(tokens))
break
case 'message':
body.messages.push(onmessage(tokens))
break
case 'extensions':
body.extensions = onextensions(tokens)
break
case 'oneof':
tokens.shift()
var name = tokens.shift()
if (tokens[0] !== '{') throw new Error('Unexpected token in oneof: ' + tokens[0])
tokens.shift()
while (tokens[0] !== '}') {
tokens.unshift('optional')
var field = onfield(tokens)
field.oneof = name
body.fields.push(field)
}
tokens.shift()
break
case ';':
tokens.shift()
break
default:
// proto3 does not require the use of optional/required, assumed as optional
// "singular: a well-formed message can have zero or one of this field (but not more than one)."
// https://developers.google.com/protocol-buffers/docs/proto3#specifying-field-rules
tokens.unshift('optional')
body.fields.push(onfield(tokens))
}
}
return body
}
var onextend = function (tokens) {
var out = {
name: tokens[1],
message: onmessage(tokens)
}
return out
}
var onextensions = function (tokens) {
tokens.shift()
var from = Number(tokens.shift())
if (isNaN(from)) throw new Error('Invalid from in extensions definition')
if (tokens.shift() !== 'to') throw new Error("Expected keyword 'to' in extensions definition")
var to = tokens.shift()
if (to === 'max') to = MAX_RANGE
to = Number(to)
if (isNaN(to)) throw new Error('Invalid to in extensions definition')
if (tokens.shift() !== ';') throw new Error('Missing ; in extensions definition')
return {from: from, to: to}
}
var onmessage = function (tokens) {
tokens.shift()
var lvl = 1
var body = []
var msg = {
name: tokens.shift(),
enums: [],
messages: [],
fields: []
}
if (tokens[0] !== '{') throw new Error('Expected { but found ' + tokens[0])
tokens.shift()
while (tokens.length) {
if (tokens[0] === '{') lvl++
else if (tokens[0] === '}') lvl--
if (!lvl) {
tokens.shift()
body = onmessagebody(body)
msg.enums = body.enums
msg.messages = body.messages
msg.fields = body.fields
msg.extensions = body.extensions
return msg
}
body.push(tokens.shift())
}
if (lvl) throw new Error('No closing tag for message')
}
var onpackagename = function (tokens) {
tokens.shift()
var name = tokens.shift()
if (tokens[0] !== ';') throw new Error('Expected ; but found ' + tokens[0])
tokens.shift()
return name
}
var onsyntaxversion = function (tokens) {
tokens.shift()
if (tokens[0] !== '=') throw new Error('Expected = but found ' + tokens[0])
tokens.shift()
var version = tokens.shift()
switch (version) {
case '"proto2"':
version = 2
break
case '"proto3"':
version = 3
break
default:
throw new Error('Expected protobuf syntax version but found ' + version)
}
if (tokens[0] !== ';') throw new Error('Expected ; but found ' + tokens[0])
tokens.shift()
return version
}
var onenumvalue = function (tokens) {
if (tokens.length < 4) throw new Error('Invalid enum value: ' + tokens.slice(0, 3).join(' '))
if (tokens[1] !== '=') throw new Error('Expected = but found ' + tokens[1])
if (tokens[3] !== ';') throw new Error('Expected ; but found ' + tokens[1])
var name = tokens.shift()
tokens.shift()
var value = Number(tokens.shift())
tokens.shift()
return {
name: name,
value: value
}
}
var onenum = function (tokens) {
tokens.shift()
var e = {
name: tokens.shift(),
values: {}
}
if (tokens[0] !== '{') throw new Error('Expected { but found ' + tokens[0])
tokens.shift()
while (tokens.length) {
if (tokens[0] === '}') {
tokens.shift()
// there goes optional semicolon after the enclosing "}"
if (tokens[0] === ';') tokens.shift()
return e
}
if (tokens[0] === 'option') {
// just skip "option allow_alias = true;"
while (tokens.shift() !== ';') {
// do nothing
}
}
var val = onenumvalue(tokens)
e.values[val.name] = val.value
}
throw new Error('No closing tag for enum')
}
var onoption = function (tokens) {
var name = null
var value = null
var parse = function (value) {
if (value === 'true') return true
if (value === 'false') return false
return value.replace(/^"+|"+$/gm, '')
}
while (tokens.length) {
if (tokens[0] === ';') {
tokens.shift()
return {name: name, value: value}
}
switch (tokens[0]) {
case 'option':
tokens.shift()
var hasBracket = tokens[0] === '('
if (hasBracket) tokens.shift()
name = tokens.shift()
if (hasBracket) {
if (tokens[0] !== ')') throw new Error('Expected ) but found ' + tokens[0])
tokens.shift()
}
break
case '=':
tokens.shift()
if (name === null) throw new Error('Expected key for option with value: ' + tokens[0])
value = parse(tokens.shift())
if (name === 'optimize_for' && !/^(SPEED|CODE_SIZE|LITE_RUNTIME)$/.test(value)) {
throw new Error('Unexpected value for option optimize_for: ' + value)
} else if (value === '{') {
// option foo = {bar: baz}
value = onoptionMap(tokens)
}
break
default:
throw new Error('Unexpected token in option: ' + tokens[0])
}
}
}
var onoptionMap = function (tokens) {
var parse = function (value) {
if (value === 'true') return true
if (value === 'false') return false
return value.replace(/^"+|"+$/gm, '')
}
var map = {}
while (tokens.length) {
if (tokens[0] === '}') {
tokens.shift()
return map
}
var hasBracket = tokens[0] === '('
if (hasBracket) tokens.shift()
var key = tokens.shift()
if (hasBracket) {
if (tokens[0] !== ')') throw new Error('Expected ) but found ' + tokens[0])
tokens.shift()
}
var value = null
switch (tokens[0]) {
case ':':
if (map[key] !== undefined) throw new Error('Duplicate option map key ' + key)
tokens.shift()
value = parse(tokens.shift())
if (value === '{') {
// option foo = {bar: baz}
value = onoptionMap(tokens)
}
map[key] = value
break
case '{':
tokens.shift()
value = onoptionMap(tokens)
if (map[key] === undefined) map[key] = []
if (!Array.isArray(map[key])) throw new Error('Duplicate option map key ' + key)
map[key].push(value)
break
default:
throw new Error('Unexpected token in option map: ' + tokens[0])
}
}
throw new Error('No closing tag for option map')
}
var onimport = function (tokens) {
tokens.shift()
var file = tokens.shift().replace(/^"+|"+$/gm, '')
if (tokens[0] !== ';') throw new Error('Unexpected token: ' + tokens[0] + '. Expected ";"')
tokens.shift()
return file
}
var onservice = function (tokens) {
tokens.shift()
var service = {
name: tokens.shift(),
methods: [],
options: {}
}
if (tokens[0] !== '{') throw new Error('Expected { but found ' + tokens[0])
tokens.shift()
while (tokens.length) {
if (tokens[0] === '}') {
tokens.shift()
// there goes optional semicolon after the enclosing "}"
if (tokens[0] === ';') tokens.shift()
return service
}
switch (tokens[0]) {
case 'option':
var opt = onoption(tokens)
if (service.options[opt.name] !== undefined) throw new Error('Duplicate option ' + opt.name)
service.options[opt.name] = opt.value
break
case 'rpc':
service.methods.push(onrpc(tokens))
break
default:
throw new Error('Unexpected token in service: ' + tokens[0])
}
}
throw new Error('No closing tag for service')
}
var onrpc = function (tokens) {
tokens.shift()
var rpc = {
name: tokens.shift(),
input_type: null,
output_type: null,
client_streaming: false,
server_streaming: false,
options: {}
}
if (tokens[0] !== '(') throw new Error('Expected ( but found ' + tokens[0])
tokens.shift()
if (tokens[0] === 'stream') {
tokens.shift()
rpc.client_streaming = true
}
rpc.input_type = tokens.shift()
if (tokens[0] !== ')') throw new Error('Expected ) but found ' + tokens[0])
tokens.shift()
if (tokens[0] !== 'returns') throw new Error('Expected returns but found ' + tokens[0])
tokens.shift()
if (tokens[0] !== '(') throw new Error('Expected ( but found ' + tokens[0])
tokens.shift()
if (tokens[0] === 'stream') {
tokens.shift()
rpc.server_streaming = true
}
rpc.output_type = tokens.shift()
if (tokens[0] !== ')') throw new Error('Expected ) but found ' + tokens[0])
tokens.shift()
if (tokens[0] === ';') {
tokens.shift()
return rpc
}
if (tokens[0] !== '{') throw new Error('Expected { but found ' + tokens[0])
tokens.shift()
while (tokens.length) {
if (tokens[0] === '}') {
tokens.shift()
// there goes optional semicolon after the enclosing "}"
if (tokens[0] === ';') tokens.shift()
return rpc
}
if (tokens[0] === 'option') {
var opt = onoption(tokens)
if (rpc.options[opt.name] !== undefined) throw new Error('Duplicate option ' + opt.name)
rpc.options[opt.name] = opt.value
} else {
throw new Error('Unexpected token in rpc options: ' + tokens[0])
}
}
throw new Error('No closing tag for rpc')
}
var parse = function (buf) {
var tokens = tokenize(buf.toString())
// check for isolated strings in tokens by looking for opening quote
for (var i = 0; i < tokens.length; i++) {
if (/^(\"|\')([^\'\"]*)$/.test(tokens[i])) {
var j
if (tokens[i].length === 1) {
j = i + 1
} else {
j = i
}
// look ahead for the closing quote and collapse all
// in-between tokens into a single token
for (j; j < tokens.length; j++) {
if (/^([^\'\"]*)(\"|\')$/.test(tokens[j])) {
tokens = tokens.slice(0, i).concat(tokens.slice(i, j + 1).join('')).concat(tokens.slice(j + 1))
break
}
}
}
}
var schema = {
syntax: 3,
package: null,
imports: [],
enums: [],
messages: [],
options: {},
extends: []
}
var firstline = true
while (tokens.length) {
switch (tokens[0]) {
case 'package':
schema.package = onpackagename(tokens)
break
case 'syntax':
if (!firstline) throw new Error('Protobuf syntax version should be first thing in file')
schema.syntax = onsyntaxversion(tokens)
break
case 'message':
schema.messages.push(onmessage(tokens))
break
case 'enum':
schema.enums.push(onenum(tokens))
break
case 'option':
var opt = onoption(tokens)
if (schema.options[opt.name]) throw new Error('Duplicate option ' + opt.name)
schema.options[opt.name] = opt.value
break
case 'import':
schema.imports.push(onimport(tokens))
break
case 'extend':
schema.extends.push(onextend(tokens))
break
case 'service':
if (!schema.services) schema.services = []
schema.services.push(onservice(tokens))
break
default:
throw new Error('Unexpected token: ' + tokens[0])
}
firstline = false
}
// now iterate over messages and propagate extends
schema.extends.forEach(function (ext) {
schema.messages.forEach(function (msg) {
if (msg.name === ext.name) {
ext.message.fields.forEach(function (field) {
if (!msg.extensions || field.tag < msg.extensions.from || field.tag > msg.extensions.to) {
throw new Error(msg.name + ' does not declare ' + field.tag + ' as an extension number')
}
msg.fields.push(field)
})
}
})
})
return schema
}
module.exports = parse
/***/ },
/* 161 */
/***/ function(module, exports) {
module.exports = function (sch) {
var noComments = function (line) {
var i = line.indexOf('//')
return i > -1 ? line.slice(0, i) : line
}
var noMultilineComments = function () {
var inside = false
return function (token) {
if (token === '/*') {
inside = true
return false
}
if (token === '*/') {
inside = false
return false
}
return !inside
}
}
var trim = function (line) {
return line.trim()
}
return sch
.replace(/([;,{}\(\)=\:\[\]<>]|\/\*|\*\/)/g, ' $1 ')
.split(/\n/)
.map(trim)
.filter(Boolean)
.map(noComments)
.map(trim)
.filter(Boolean)
.join('\n')
.split(/\s+|\n+/gm)
.filter(noMultilineComments())
}
/***/ },
/* 162 */
/***/ function(module, exports) {
var onfield = function (f, result) {
var prefix = f.repeated ? 'repeated' : f.required ? 'required' : 'optional'
if (f.type === 'map') prefix = 'map<' + f.map.from + ',' + f.map.to + '>'
if (f.oneof) prefix = ''
var opts = Object.keys(f.options || {}).map(function (key) {
return key + ' = ' + f.options[key]
}).join(',')
if (opts) opts = ' [' + opts + ']'
result.push((prefix ? prefix + ' ' : '') + (f.map === 'map' ? '' : f.type + ' ') + f.name + ' = ' + f.tag + opts + ';')
return result
}
var onmessage = function (m, result) {
result.push('message ' + m.name + ' {')
if (!m.enums) m.enums = []
m.enums.forEach(function (e) {
result.push(onenum(e, []))
})
if (!m.messages) m.messages = []
m.messages.forEach(function (m) {
result.push(onmessage(m, []))
})
var oneofs = {}
if (!m.fields) m.fields = []
m.fields.forEach(function (f) {
if (f.oneof) {
if (!oneofs[f.oneof]) oneofs[f.oneof] = []
oneofs[f.oneof].push(onfield(f, []))
} else {
result.push(onfield(f, []))
}
})
Object.keys(oneofs).forEach(function (n) {
oneofs[n].unshift('oneof ' + n + ' {')
oneofs[n].push('}')
result.push(oneofs[n])
})
result.push('}', '')
return result
}
var onenum = function (e, result) {
result.push('enum ' + e.name + ' {')
var vals = Object.keys(e.values).map(function (key) {
return key + ' = ' + e.values[key] + ';'
})
result.push(vals)
result.push('}', '')
return result
}
var onoption = function (o, result) {
var keys = Object.keys(o)
keys.forEach(function (option) {
var v = o[option]
if (~option.indexOf('.')) option = '(' + option + ')'
var type = typeof v
if (type === 'object') {
v = onoptionMap(v, [])
if (v.length) result.push('option ' + option + ' = {', v, '};')
} else {
if (type === 'string' && option !== 'optimize_for') v = '"' + v + '"'
result.push('option ' + option + ' = ' + v + ';')
}
})
if (keys.length > 0) {
result.push('')
}
return result
}
var onoptionMap = function (o, result) {
var keys = Object.keys(o)
keys.forEach(function (k) {
var v = o[k]
var type = typeof v
if (type === 'object') {
if (Array.isArray(v)) {
v.forEach(function (v) {
v = onoptionMap(v, [])
if (v.length) result.push(k + ' {', v, '}')
})
} else {
v = onoptionMap(v, [])
if (v.length) result.push(k + ' {', v, '}')
}
} else {
if (type === 'string') v = '"' + v + '"'
result.push(k + ': ' + v)
}
})
return result
}
var onservices = function (s, result) {
result.push('service ' + s.name + ' {')
if (!s.options) s.options = {}
onoption(s.options, result)
if (!s.methods) s.methods = []
s.methods.forEach(function (m) {
result.push(onrpc(m, []))
})
result.push('}', '')
return result
}
var onrpc = function (rpc, result) {
var def = 'rpc ' + rpc.name + '('
if (rpc.client_streaming) def += 'stream '
def += rpc.input_type + ') returns ('
if (rpc.server_streaming) def += 'stream '
def += rpc.output_type + ')'
if (!rpc.options) rpc.options = {}
var options = onoption(rpc.options, [])
if (options.length > 1) {
result.push(def + ' {', options.slice(0, -1), '}')
} else {
result.push(def + ';')
}
return result
}
var indent = function (lvl) {
return function (line) {
if (Array.isArray(line)) return line.map(indent(lvl + ' ')).join('\n')
return lvl + line
}
}
module.exports = function (schema) {
var result = []
result.push('syntax = "proto' + schema.syntax + '";', '')
if (schema.package) result.push('package ' + schema.package + ';', '')
if (!schema.options) schema.options = {}
onoption(schema.options, result)
if (!schema.enums) schema.enums = []
schema.enums.forEach(function (e) {
onenum(e, result)
})
if (!schema.messages) schema.messages = []
schema.messages.forEach(function (m) {
onmessage(m, result)
})
if (schema.services) {
schema.services.forEach(function (s) {
onservices(s, result)
})
}
return result.map(indent('')).join('\n')
}
/***/ },
/* 163 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {/* eslint-disable no-spaced-func */
/* eslint-disable no-unexpected-multiline */
var encodings = __webpack_require__(164)
var varint = __webpack_require__(165)
var genobj = __webpack_require__(174)
var genfun = __webpack_require__(176)
var skip = function (type, buffer, offset) {
switch (type) {
case 0:
varint.decode(buffer, offset)
return offset + varint.decode.bytes
case 1:
return offset + 8
case 2:
var len = varint.decode(buffer, offset)
return offset + varint.decode.bytes + len
case 3:
case 4:
throw new Error('Groups are not supported')
case 5:
return offset + 4
}
throw new Error('Unknown wire type: ' + type)
}
var defined = function (val) {
return val !== null && val !== undefined && (typeof val !== 'number' || !isNaN(val))
}
var isString = function (def) {
try {
return !!def && typeof JSON.parse(def) === 'string'
} catch (err) {
return false
}
}
var defaultValue = function (f, def) {
if (f.map) return '{}'
if (f.repeated) return '[]'
switch (f.type) {
case 'string':
return isString(def) ? def : '""'
case 'bool':
if (def === 'true') return 'true'
return 'false'
case 'float':
case 'double':
case 'sfixed32':
case 'fixed32':
case 'varint':
case 'enum':
case 'uint64':
case 'uint32':
case 'int64':
case 'int32':
case 'sint64':
case 'sint32':
return '' + Number(def || 0)
default:
return 'null'
}
}
module.exports = function (schema, extraEncodings) {
var messages = {}
var enums = {}
var cache = {}
var visit = function (schema, prefix) {
if (schema.enums) {
schema.enums.forEach(function (e) {
e.id = prefix + (prefix ? '.' : '') + e.name
enums[e.id] = e
visit(e, e.id)
})
}
if (schema.messages) {
schema.messages.forEach(function (m) {
m.id = prefix + (prefix ? '.' : '') + m.name
messages[m.id] = m
m.fields.forEach(function (f) {
if (!f.map) return
var name = 'Map_' + f.map.from + '_' + f.map.to
var map = {
name: name,
enums: [],
messages: [],
fields: [{
name: 'key',
type: f.map.from,
tag: 1,
repeated: false,
required: true
}, {
name: 'value',
type: f.map.to,
tag: 2,
repeated: false,
required: false
}],
extensions: null,
id: prefix + (prefix ? '.' : '') + name
}
if (!messages[map.id]) {
messages[map.id] = map
schema.messages.push(map)
}
f.type = name
f.repeated = true
})
visit(m, m.id)
})
}
}
visit(schema, '')
var compileEnum = function (e) {
var conditions = Object.keys(e.values)
.map(function (k) {
return 'val !== ' + parseInt(e.values[k], 10)
})
.join(' && ')
if (!conditions) conditions = 'true'
var encode = genfun()
('function encode (val, buf, offset) {')
('if (%s) throw new Error("Invalid enum value: "+val)', conditions)
('varint.encode(val, buf, offset)')
('encode.bytes = varint.encode.bytes')
('return buf')
('}')
.toFunction({
varint: varint
})
var decode = genfun()
('function decode (buf, offset) {')
('var val = varint.decode(buf, offset)')
('if (%s) throw new Error("Invalid enum value: "+val)', conditions)
('decode.bytes = varint.decode.bytes')
('return val')
('}')
.toFunction({
varint: varint
})
return encodings.make(0, encode, decode, varint.encodingLength)
}
var compileMessage = function (m, exports) {
m.messages.forEach(function (nested) {
exports[nested.name] = resolve(nested.name, m.id)
})
m.enums.forEach(function (val) {
exports[val.name] = val.values
})
exports.type = 2
exports.message = true
exports.name = m.name
var oneofs = {}
m.fields.forEach(function (f) {
if (!f.oneof) return
if (!oneofs[f.oneof]) oneofs[f.oneof] = []
oneofs[f.oneof].push(f.name)
})
var enc = m.fields.map(function (f) {
return resolve(f.type, m.id)
})
var forEach = function (fn) {
for (var i = 0; i < enc.length; i++) fn(enc[i], m.fields[i], genobj('obj', m.fields[i].name), i)
}
// compile encodingLength
var encodingLength = genfun()
('function encodingLength (obj) {')
('var length = 0')
Object.keys(oneofs).forEach(function (name) {
var msg = JSON.stringify('only one of the properties defined in oneof ' + name + ' can be set')
var cnt = oneofs[name]
.map(function (prop) {
return '+defined(' + genobj('obj', prop) + ')'
})
.join(' + ')
encodingLength('if ((%s) > 1) throw new Error(%s)', cnt, msg)
})
forEach(function (e, f, val, i) {
var packed = f.repeated && f.options && f.options.packed && f.options.packed !== 'false'
var hl = varint.encodingLength(f.tag << 3 | e.type)
if (f.required) encodingLength('if (!defined(%s)) throw new Error(%s)', val, JSON.stringify(f.name + ' is required'))
else encodingLength('if (defined(%s)) {', val)
if (f.map) {
encodingLength()
('var tmp = Object.keys(%s)', val)
('for (var i = 0; i < tmp.length; i++) {')
('tmp[i] = {key: tmp[i], value: %s[tmp[i]]}', val)
('}')
val = 'tmp'
}
if (packed) {
encodingLength()
('var packedLen = 0')
('for (var i = 0; i < %s.length; i++) {', val)
('if (!defined(%s)) continue', val + '[i]')
('var len = enc[%d].encodingLength(%s)', i, val + '[i]')
('packedLen += len')
if (e.message) encodingLength('packedLen += varint.encodingLength(len)')
encodingLength('}')
('if (packedLen) {')
('length += %d + packedLen + varint.encodingLength(packedLen)', hl)
('}')
} else {
if (f.repeated) {
encodingLength('for (var i = 0; i < %s.length; i++) {', val)
val += '[i]'
encodingLength('if (!defined(%s)) continue', val)
}
encodingLength('var len = enc[%d].encodingLength(%s)', i, val)
if (e.message) encodingLength('length += varint.encodingLength(len)')
encodingLength('length += %d + len', hl)
if (f.repeated) encodingLength('}')
}
if (!f.required) encodingLength('}')
})
encodingLength()
('return length')
('}')
encodingLength = encodingLength.toFunction({
defined: defined,
varint: varint,
enc: enc
})
// compile encode
var encode = genfun()
('function encode (obj, buf, offset) {')
('if (!offset) offset = 0')
('if (!buf) buf = new Buffer(encodingLength(obj))')
('var oldOffset = offset')
Object.keys(oneofs).forEach(function (name) {
var msg = JSON.stringify('only one of the properties defined in oneof ' + name + ' can be set')
var cnt = oneofs[name]
.map(function (prop) {
return '+defined(' + genobj('obj', prop) + ')'
})
.join(' + ')
encode('if ((%s) > 1) throw new Error(%s)', cnt, msg)
})
forEach(function (e, f, val, i) {
if (f.required) encode('if (!defined(%s)) throw new Error(%s)', val, JSON.stringify(f.name + ' is required'))
else encode('if (defined(%s)) {', val)
var packed = f.repeated && f.options && f.options.packed && f.options.packed !== 'false'
var p = varint.encode(f.tag << 3 | 2)
var h = varint.encode(f.tag << 3 | e.type)
var j
if (f.map) {
encode()
('var tmp = Object.keys(%s)', val)
('for (var i = 0; i < tmp.length; i++) {')
('tmp[i] = {key: tmp[i], value: %s[tmp[i]]}', val)
('}')
val = 'tmp'
}
if (packed) {
encode()
('var packedLen = 0')
('for (var i = 0; i < %s.length; i++) {', val)
('if (!defined(%s)) continue', val + '[i]')
('packedLen += enc[%d].encodingLength(%s)', i, val + '[i]')
('}')
encode('if (packedLen) {')
for (j = 0; j < h.length; j++) encode('buf[offset++] = %d', p[j])
encode('varint.encode(packedLen, buf, offset)')
encode('offset += varint.encode.bytes')
encode('}')
}
if (f.repeated) {
encode('for (var i = 0; i < %s.length; i++) {', val)
val += '[i]'
encode('if (!defined(%s)) continue', val)
}
if (!packed) for (j = 0; j < h.length; j++) encode('buf[offset++] = %d', h[j])
if (e.message) {
encode('varint.encode(enc[%d].encodingLength(%s), buf, offset)', i, val)
encode('offset += varint.encode.bytes')
}
encode('enc[%d].encode(%s, buf, offset)', i, val)
encode('offset += enc[%d].encode.bytes', i)
if (f.repeated) encode('}')
if (!f.required) encode('}')
})
encode()
('encode.bytes = offset - oldOffset')
('return buf')
('}')
encode = encode.toFunction({
encodingLength: encodingLength,
defined: defined,
varint: varint,
enc: enc,
Buffer: Buffer
})
// compile decode
var invalid = m.fields
.map(function (f, i) {
return f.required && '!found' + i
})
.filter(function (f) {
return f
})
.join(' || ')
var decode = genfun()
var objectKeys = []
forEach(function (e, f) {
var def = f.options && f.options.default
var resolved = resolve(f.type, m.id, false)
var vals = resolved && resolved.values
if (vals) { // is enum
if (f.repeated) {
objectKeys.push(genobj.property(f.name) + ': []')
} else {
def = (def && def in vals) ? vals[def] : vals[Object.keys(vals)[0]]
objectKeys.push(genobj.property(f.name) + ': ' + parseInt(def || 0, 10))
}
return
}
if (!f.oneof) {
objectKeys.push(genobj.property(f.name) + ': ' + defaultValue(f, def))
}
})
decode()
('function decode (buf, offset, end) {')
('if (!offset) offset = 0')
('if (!end) end = buf.length')
('if (!(end <= buf.length && offset <= buf.length)) throw new Error("Decoded message is not valid")')
('var oldOffset = offset')
('var obj = {')
objectKeys.forEach(function (prop, i) {
decode(prop + (i === objectKeys.length - 1 ? '' : ','))
})
decode('}')
forEach(function (e, f, val, i) {
if (f.required) decode('var found%d = false', i)
})
decode('while (true) {')
('if (end <= offset) {')
(invalid && 'if (%s) throw new Error("Decoded message is not valid")', invalid)
('decode.bytes = offset - oldOffset')
('return obj')
('}')
('var prefix = varint.decode(buf, offset)')
('offset += varint.decode.bytes')
('var tag = prefix >> 3')
('switch (tag) {')
forEach(function (e, f, val, i) {
var packed = f.repeated && f.options && f.options.packed && f.options.packed !== 'false'
decode('case %d:', f.tag)
if (f.oneof) {
m.fields.forEach(function (otherField) {
if (otherField.oneof === f.oneof && f.name !== otherField.name) {
decode('delete %s', genobj('obj', otherField.name))
}
})
}
if (packed) {
decode()
('var packedEnd = varint.decode(buf, offset)')
('offset += varint.decode.bytes')
('packedEnd += offset')
('while (offset < packedEnd) {')
}
if (e.message) {
decode('var len = varint.decode(buf, offset)')
decode('offset += varint.decode.bytes')
if (f.map) {
decode('var tmp = enc[%d].decode(buf, offset, offset + len)', i)
decode('%s[tmp.key] = tmp.value', val)
} else if (f.repeated) {
decode('%s.push(enc[%d].decode(buf, offset, offset + len))', val, i)
} else {
decode('%s = enc[%d].decode(buf, offset, offset + len)', val, i)
}
} else {
if (f.repeated) {
decode('%s.push(enc[%d].decode(buf, offset))', val, i)
} else {
decode('%s = enc[%d].decode(buf, offset)', val, i)
}
}
decode('offset += enc[%d].decode.bytes', i)
if (packed) decode('}')
if (f.required) decode('found%d = true', i)
decode('break')
})
decode()
('default:')
('offset = skip(prefix & 7, buf, offset)')
('}')
('}')
('}')
decode = decode.toFunction({
varint: varint,
skip: skip,
enc: enc
})
// end of compilation - return all the things
encode.bytes = decode.bytes = 0
exports.buffer = true
exports.encode = encode
exports.decode = decode
exports.encodingLength = encodingLength
return exports
}
var resolve = function (name, from, compile) {
if (extraEncodings && extraEncodings[name]) return extraEncodings[name]
if (encodings[name]) return encodings[name]
var m = (from ? from + '.' + name : name).split('.')
.map(function (part, i, list) {
return list.slice(0, i).concat(name).join('.')
})
.reverse()
.reduce(function (result, id) {
return result || messages[id] || enums[id]
}, null)
if (compile === false) return m
if (!m) throw new Error('Could not resolve ' + name)
if (m.values) return compileEnum(m)
return cache[m.id] || compileMessage(m, cache[m.id] = {})
}
return (schema.enums || []).concat((schema.messages || []).map(function (message) {
return resolve(message.id)
}))
}
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 164 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {var varint = __webpack_require__(165)
var svarint = __webpack_require__(169)
var encoder = function (type, encode, decode, encodingLength) {
encode.bytes = decode.bytes = 0
return {
type: type,
encode: encode,
decode: decode,
encodingLength: encodingLength
}
}
exports.make = encoder
exports.bytes = (function (tag) {
var bufferLength = function (val) {
return Buffer.isBuffer(val) ? val.length : Buffer.byteLength(val)
}
var encodingLength = function (val) {
var len = bufferLength(val)
return varint.encodingLength(len) + len
}
var encode = function (val, buffer, offset) {
var oldOffset = offset
var len = bufferLength(val)
varint.encode(len, buffer, offset)
offset += varint.encode.bytes
if (Buffer.isBuffer(val)) val.copy(buffer, offset)
else buffer.write(val, offset, len)
offset += len
encode.bytes = offset - oldOffset
return buffer
}
var decode = function (buffer, offset) {
var oldOffset = offset
var len = varint.decode(buffer, offset)
offset += varint.decode.bytes
var val = buffer.slice(offset, offset + len)
offset += val.length
decode.bytes = offset - oldOffset
return val
}
return encoder(2, encode, decode, encodingLength)
})()
exports.string = (function () {
var encodingLength = function (val) {
var len = Buffer.byteLength(val)
return varint.encodingLength(len) + len
}
var encode = function (val, buffer, offset) {
var oldOffset = offset
var len = Buffer.byteLength(val)
varint.encode(len, buffer, offset, 'utf-8')
offset += varint.encode.bytes
buffer.write(val, offset, len)
offset += len
encode.bytes = offset - oldOffset
return buffer
}
var decode = function (buffer, offset) {
var oldOffset = offset
var len = varint.decode(buffer, offset)
offset += varint.decode.bytes
var val = buffer.toString('utf-8', offset, offset + len)
offset += len
decode.bytes = offset - oldOffset
return val
}
return encoder(2, encode, decode, encodingLength)
})()
exports.bool = (function () {
var encodingLength = function (val) {
return 1
}
var encode = function (val, buffer, offset) {
buffer[offset] = val ? 1 : 0
encode.bytes = 1
return buffer
}
var decode = function (buffer, offset) {
var bool = buffer[offset] > 0
decode.bytes = 1
return bool
}
return encoder(0, encode, decode, encodingLength)
})()
exports.int32 = (function () {
var decode = function (buffer, offset) {
var val = varint.decode(buffer, offset)
decode.bytes = varint.decode.bytes
return val > 2147483647 ? val - 4294967296 : val
}
var encode = function (val, buffer, offset) {
varint.encode(val < 0 ? val + 4294967296 : val, buffer, offset)
encode.bytes = varint.encode.bytes
return buffer
}
var encodingLength = function (val) {
return varint.encodingLength(val < 0 ? val + 4294967296 : val)
}
return encoder(0, varint.encode, decode, encodingLength)
})()
exports.int64 = (function () {
var decode = function (buffer, offset) {
var val = varint.decode(buffer, offset)
if (val >= Math.pow(2, 63)) {
var limit = 9
while (buffer[offset + limit - 1] === 0xff) limit--
limit = limit || 9
var subset = new Buffer(limit)
buffer.copy(subset, 0, offset, offset + limit)
subset[limit - 1] = subset[limit - 1] & 0x7f
val = -1 * varint.decode(subset, 0)
decode.bytes = 10
} else {
decode.bytes = varint.decode.bytes
}
return val
}
var encode = function (val, buffer, offset) {
if (val < 0) {
var last = offset + 9
varint.encode(val * -1, buffer, offset)
offset += varint.encode.bytes - 1
buffer[offset] = buffer[offset] | 0x80
while (offset < last - 1) {
offset++
buffer[offset] = 0xff
}
buffer[last] = 0x01
encode.bytes = 10
} else {
varint.encode(val, buffer, offset)
encode.bytes = varint.encode.bytes
}
return buffer
}
var encodingLength = function (val) {
return val < 0 ? 10 : varint.encodingLength(val)
}
return encoder(0, encode, decode, encodingLength)
})()
exports.sint32 =
exports.sint64 = (function () {
return encoder(0, svarint.encode, svarint.decode, svarint.encodingLength)
})()
exports.uint32 =
exports.uint64 =
exports.enum =
exports.varint = (function () {
return encoder(0, varint.encode, varint.decode, varint.encodingLength)
})()
// we cannot represent these in javascript so we just use buffers
exports.fixed64 =
exports.sfixed64 = (function () {
var encodingLength = function (val) {
return 8
}
var encode = function (val, buffer, offset) {
val.copy(buffer, offset)
encode.bytes = 8
return buffer
}
var decode = function (buffer, offset) {
var val = buffer.slice(offset, offset + 8)
decode.bytes = 8
return val
}
return encoder(1, encode, decode, encodingLength)
})()
exports.double = (function () {
var encodingLength = function (val) {
return 8
}
var encode = function (val, buffer, offset) {
buffer.writeDoubleLE(val, offset)
encode.bytes = 8
return buffer
}
var decode = function (buffer, offset) {
var val = buffer.readDoubleLE(offset)
decode.bytes = 8
return val
}
return encoder(1, encode, decode, encodingLength)
})()
exports.fixed32 = (function () {
var encodingLength = function (val) {
return 4
}
var encode = function (val, buffer, offset) {
buffer.writeUInt32LE(val, offset)
encode.bytes = 4
return buffer
}
var decode = function (buffer, offset) {
var val = buffer.readUInt32LE(offset)
decode.bytes = 4
return val
}
return encoder(5, encode, decode, encodingLength)
})()
exports.sfixed32 = (function () {
var encodingLength = function (val) {
return 4
}
var encode = function (val, buffer, offset) {
buffer.writeInt32LE(val, offset)
encode.bytes = 4
return buffer
}
var decode = function (buffer, offset) {
var val = buffer.readInt32LE(offset)
decode.bytes = 4
return val
}
return encoder(5, encode, decode, encodingLength)
})()
exports.float = (function () {
var encodingLength = function (val) {
return 4
}
var encode = function (val, buffer, offset) {
buffer.writeFloatLE(val, offset)
encode.bytes = 4
return buffer
}
var decode = function (buffer, offset) {
var val = buffer.readFloatLE(offset)
decode.bytes = 4
return val
}
return encoder(5, encode, decode, encodingLength)
})()
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ },
/* 165 */
/***/ function(module, exports, __webpack_require__) {
module.exports = {
encode: __webpack_require__(166)
, decode: __webpack_require__(167)
, encodingLength: __webpack_require__(168)
}
/***/ },
/* 166 */
/***/ function(module, exports) {
module.exports = encode
var MSB = 0x80
, REST = 0x7F
, MSBALL = ~REST
, INT = Math.pow(2, 31)
function encode(num, out, offset) {
out = out || []
offset = offset || 0
var oldOffset = offset
while(num >= INT) {
out[offset++] = (num & 0xFF) | MSB
num /= 128
}
while(num & MSBALL) {
out[offset++] = (num & 0xFF) | MSB
num >>>= 7
}
out[offset] = num | 0
encode.bytes = offset - oldOffset + 1
return out
}
/***/ },
/* 167 */
/***/ function(module, exports) {
module.exports = read
var MSB = 0x80
, REST = 0x7F
function read(buf, offset) {
var res = 0
, offset = offset || 0
, shift = 0
, counter = offset
, b
, l = buf.length
do {
if(counter >= l) {
read.bytesRead = 0
return undefined
}
b = buf[counter++]
res += shift < 28
? (b & REST) << shift
: (b & REST) * Math.pow(2, shift)
shift += 7
} while (b >= MSB)
read.bytes = counter - offset
return res
}
/***/ },
/* 168 */
/***/ function(module, exports) {
var N1 = Math.pow(2, 7)
var N2 = Math.pow(2, 14)
var N3 = Math.pow(2, 21)
var N4 = Math.pow(2, 28)
var N5 = Math.pow(2, 35)
var N6 = Math.pow(2, 42)
var N7 = Math.pow(2, 49)
var N8 = Math.pow(2, 56)
var N9 = Math.pow(2, 63)
module.exports = function (value) {
return (
value < N1 ? 1
: value < N2 ? 2
: value < N3 ? 3
: value < N4 ? 4
: value < N5 ? 5
: value < N6 ? 6
: value < N7 ? 7
: value < N8 ? 8
: value < N9 ? 9
: 10
)
}
/***/ },
/* 169 */
/***/ function(module, exports, __webpack_require__) {
var varint = __webpack_require__(170)
exports.encode = function encode (v, b, o) {
v = v >= 0 ? v*2 : v*-2 - 1
var r = varint.encode(v, b, o)
encode.bytes = varint.encode.bytes
return r
}
exports.decode = function decode (b, o) {
var v = varint.decode(b, o)
decode.bytes = varint.decode.bytes
return v & 1 ? (v+1) / -2 : v / 2
}
exports.encodingLength = function (v) {
return varint.encodingLength(v >= 0 ? v*2 : v*-2 - 1)
}
/***/ },
/* 170 */
/***/ function(module, exports, __webpack_require__) {
module.exports = {
encode: __webpack_require__(171)
, decode: __webpack_require__(172)
, encodingLength: __webpack_require__(173)
}
/***/ },
/* 171 */
/***/ function(module, exports) {
module.exports = encode
var MSB = 0x80
, REST = 0x7F
, MSBALL = ~REST
, INT = Math.pow(2, 31)
function encode(num, out, offset) {
out = out || []
offset = offset || 0
var oldOffset = offset
while(num >= INT) {
out[offset++] = (num & 0xFF) | MSB
num /= 128
}
while(num & MSBALL) {
out[offset++] = (num & 0xFF) | MSB
num >>>= 7
}
out[offset] = num | 0
encode.bytes = offset - oldOffset + 1
return out
}
/***/ },
/* 172 */
/***/ function(module, exports) {
module.exports = read
var MSB = 0x80
, REST = 0x7F
function read(buf, offset) {
var res = 0
, offset = offset || 0
, shift = 0
, counter = offset
, b
, l = buf.length
do {
if(counter >= l) {
read.bytesRead = 0
return undefined
}
b = buf[counter++]
res += shift < 28
? (b & REST) << shift
: (b & REST) * Math.pow(2, shift)
shift += 7
} while (b >= MSB)
read.bytes = counter - offset
return res
}
/***/ },
/* 173 */
/***/ function(module, exports) {
var N1 = Math.pow(2, 7)
var N2 = Math.pow(2, 14)
var N3 = Math.pow(2, 21)
var N4 = Math.pow(2, 28)
var N5 = Math.pow(2, 35)
var N6 = Math.pow(2, 42)
var N7 = Math.pow(2, 49)
module.exports = function (value) {
return (
value < N1 ? 1
: value < N2 ? 2
: value < N3 ? 3
: value < N4 ? 4
: value < N5 ? 5
: value < N6 ? 6
: value < N7 ? 7
: 8
)
}
/***/ },
/* 174 */
/***/ function(module, exports, __webpack_require__) {
var isProperty = __webpack_require__(175)
var gen = function(obj, prop) {
return isProperty(prop) ? obj+'.'+prop : obj+'['+JSON.stringify(prop)+']'
}
gen.valid = isProperty
gen.property = function (prop) {
return isProperty(prop) ? prop : JSON.stringify(prop)
}
module.exports = gen
/***/ },
/* 175 */
/***/ function(module, exports) {
"use strict"
function isProperty(str) {
return /^[$A-Z\_a-z\xaa\xb5\xba\xc0-\xd6\xd8-\xf6\xf8-\u02c1\u02c6-\u02d1\u02e0-\u02e4\u02ec\u02ee\u0370-\u0374\u0376\u0377\u037a-\u037d\u0386\u0388-\u038a\u038c\u038e-\u03a1\u03a3-\u03f5\u03f7-\u0481\u048a-\u0527\u0531-\u0556\u0559\u0561-\u0587\u05d0-\u05ea\u05f0-\u05f2\u0620-\u064a\u066e\u066f\u0671-\u06d3\u06d5\u06e5\u06e6\u06ee\u06ef\u06fa-\u06fc\u06ff\u0710\u0712-\u072f\u074d-\u07a5\u07b1\u07ca-\u07ea\u07f4\u07f5\u07fa\u0800-\u0815\u081a\u0824\u0828\u0840-\u0858\u08a0\u08a2-\u08ac\u0904-\u0939\u093d\u0950\u0958-\u0961\u0971-\u0977\u0979-\u097f\u0985-\u098c\u098f\u0990\u0993-\u09a8\u09aa-\u09b0\u09b2\u09b6-\u09b9\u09bd\u09ce\u09dc\u09dd\u09df-\u09e1\u09f0\u09f1\u0a05-\u0a0a\u0a0f\u0a10\u0a13-\u0a28\u0a2a-\u0a30\u0a32\u0a33\u0a35\u0a36\u0a38\u0a39\u0a59-\u0a5c\u0a5e\u0a72-\u0a74\u0a85-\u0a8d\u0a8f-\u0a91\u0a93-\u0aa8\u0aaa-\u0ab0\u0ab2\u0ab3\u0ab5-\u0ab9\u0abd\u0ad0\u0ae0\u0ae1\u0b05-\u0b0c\u0b0f\u0b10\u0b13-\u0b28\u0b2a-\u0b30\u0b32\u0b33\u0b35-\u0b39\u0b3d\u0b5c\u0b5d\u0b5f-\u0b61\u0b71\u0b83\u0b85-\u0b8a\u0b8e-\u0b90\u0b92-\u0b95\u0b99\u0b9a\u0b9c\u0b9e\u0b9f\u0ba3\u0ba4\u0ba8-\u0baa\u0bae-\u0bb9\u0bd0\u0c05-\u0c0c\u0c0e-\u0c10\u0c12-\u0c28\u0c2a-\u0c33\u0c35-\u0c39\u0c3d\u0c58\u0c59\u0c60\u0c61\u0c85-\u0c8c\u0c8e-\u0c90\u0c92-\u0ca8\u0caa-\u0cb3\u0cb5-\u0cb9\u0cbd\u0cde\u0ce0\u0ce1\u0cf1\u0cf2\u0d05-\u0d0c\u0d0e-\u0d10\u0d12-\u0d3a\u0d3d\u0d4e\u0d60\u0d61\u0d7a-\u0d7f\u0d85-\u0d96\u0d9a-\u0db1\u0db3-\u0dbb\u0dbd\u0dc0-\u0dc6\u0e01-\u0e30\u0e32\u0e33\u0e40-\u0e46\u0e81\u0e82\u0e84\u0e87\u0e88\u0e8a\u0e8d\u0e94-\u0e97\u0e99-\u0e9f\u0ea1-\u0ea3\u0ea5\u0ea7\u0eaa\u0eab\u0ead-\u0eb0\u0eb2\u0eb3\u0ebd\u0ec0-\u0ec4\u0ec6\u0edc-\u0edf\u0f00\u0f40-\u0f47\u0f49-\u0f6c\u0f88-\u0f8c\u1000-\u102a\u103f\u1050-\u1055\u105a-\u105d\u1061\u1065\u1066\u106e-\u1070\u1075-\u1081\u108e\u10a0-\u10c5\u10c7\u10cd\u10d0-\u10fa\u10fc-\u1248\u124a-\u124d\u1250-\u1256\u1258\u125a-\u125d\u1260-\u1288\u128a-\u128d\u1290-\u12b0\u12b2-\u12b5\u12b8-\u12be\u12c0\u12c2-\u12c5\u12c8-\u12d6\u12d8-\u1310\u1312-\u1315\u1318-\u135a\u1380-\u138f\u13a0-\u13f4\u1401-\u166c\u166f-\u167f\u1681-\u169a\u16a0-\u16ea\u16ee-\u16f0\u1700-\u170c\u170e-\u1711\u1720-\u1731\u1740-\u1751\u1760-\u176c\u176e-\u1770\u1780-\u17b3\u17d7\u17dc\u1820-\u1877\u1880-\u18a8\u18aa\u18b0-\u18f5\u1900-\u191c\u1950-\u196d\u1970-\u1974\u1980-\u19ab\u19c1-\u19c7\u1a00-\u1a16\u1a20-\u1a54\u1aa7\u1b05-\u1b33\u1b45-\u1b4b\u1b83-\u1ba0\u1bae\u1baf\u1bba-\u1be5\u1c00-\u1c23\u1c4d-\u1c4f\u1c5a-\u1c7d\u1ce9-\u1cec\u1cee-\u1cf1\u1cf5\u1cf6\u1d00-\u1dbf\u1e00-\u1f15\u1f18-\u1f1d\u1f20-\u1f45\u1f48-\u1f4d\u1f50-\u1f57\u1f59\u1f5b\u1f5d\u1f5f-\u1f7d\u1f80-\u1fb4\u1fb6-\u1fbc\u1fbe\u1fc2-\u1fc4\u1fc6-\u1fcc\u1fd0-\u1fd3\u1fd6-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ff4\u1ff6-\u1ffc\u2071\u207f\u2090-\u209c\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2139\u213c-\u213f\u2145-\u2149\u214e\u2160-\u2188\u2c00-\u2c2e\u2c30-\u2c5e\u2c60-\u2ce4\u2ceb-\u2cee\u2cf2\u2cf3\u2d00-\u2d25\u2d27\u2d2d\u2d30-\u2d67\u2d6f\u2d80-\u2d96\u2da0-\u2da6\u2da8-\u2dae\u2db0-\u2db6\u2db8-\u2dbe\u2dc0-\u2dc6\u2dc8-\u2dce\u2dd0-\u2dd6\u2dd8-\u2dde\u2e2f\u3005-\u3007\u3021-\u3029\u3031-\u3035\u3038-\u303c\u3041-\u3096\u309d-\u309f\u30a1-\u30fa\u30fc-\u30ff\u3105-\u312d\u3131-\u318e\u31a0-\u31ba\u31f0-\u31ff\u3400-\u4db5\u4e00-\u9fcc\ua000-\ua48c\ua4d0-\ua4fd\ua500-\ua60c\ua610-\ua61f\ua62a\ua62b\ua640-\ua66e\ua67f-\ua697\ua6a0-\ua6ef\ua717-\ua71f\ua722-\ua788\ua78b-\ua78e\ua790-\ua793\ua7a0-\ua7aa\ua7f8-\ua801\ua803-\ua805\ua807-\ua80a\ua80c-\ua822\ua840-\ua873\ua882-\ua8b3\ua8f2-\ua8f7\ua8fb\ua90a-\ua925\ua930-\ua946\ua960-\ua97c\ua984-\ua9b2\ua9cf\uaa00-\uaa28\uaa40-\uaa42\uaa44-\uaa4b\uaa60-\uaa76\uaa7a\uaa80-\uaaaf\uaab1\uaab5\uaab6\uaab9-\uaabd\uaac0\uaac2\uaadb-\uaadd\uaae0-\uaaea\uaaf2-\uaaf4\uab01-\uab06\uab09-\uab0e\uab11-\uab16\uab20-\uab26\uab28-\uab2e\uabc0-\uabe2\uac00-\ud7a3\ud7b0-\ud7c6\ud7cb-\ud7fb\uf900-\ufa6d\ufa70-\ufad9\ufb00-\ufb06\ufb13-\ufb17\ufb1d\ufb1f-\ufb28\ufb2a-\ufb36\ufb38-\ufb3c\ufb3e\ufb40\ufb41\ufb43\ufb44\ufb46-\ufbb1\ufbd3-\ufd3d\ufd50-\ufd8f\ufd92-\ufdc7\ufdf0-\ufdfb\ufe70-\ufe74\ufe76-\ufefc\uff21-\uff3a\uff41-\uff5a\uff66-\uffbe\uffc2-\uffc7\uffca-\uffcf\uffd2-\uffd7\uffda-\uffdc][$A-Z\_a-z\xaa\xb5\xba\xc0-\xd6\xd8-\xf6\xf8-\u02c1\u02c6-\u02d1\u02e0-\u02e4\u02ec\u02ee\u0370-\u0374\u0376\u0377\u037a-\u037d\u0386\u0388-\u038a\u038c\u038e-\u03a1\u03a3-\u03f5\u03f7-\u0481\u048a-\u0527\u0531-\u0556\u0559\u0561-\u0587\u05d0-\u05ea\u05f0-\u05f2\u0620-\u064a\u066e\u066f\u0671-\u06d3\u06d5\u06e5\u06e6\u06ee\u06ef\u06fa-\u06fc\u06ff\u0710\u0712-\u072f\u074d-\u07a5\u07b1\u07ca-\u07ea\u07f4\u07f5\u07fa\u0800-\u0815\u081a\u0824\u0828\u0840-\u0858\u08a0\u08a2-\u08ac\u0904-\u0939\u093d\u0950\u0958-\u0961\u0971-\u0977\u0979-\u097f\u0985-\u098c\u098f\u0990\u0993-\u09a8\u09aa-\u09b0\u09b2\u09b6-\u09b9\u09bd\u09ce\u09dc\u09dd\u09df-\u09e1\u09f0\u09f1\u0a05-\u0a0a\u0a0f\u0a10\u0a13-\u0a28\u0a2a-\u0a30\u0a32\u0a33\u0a35\u0a36\u0a38\u0a39\u0a59-\u0a5c\u0a5e\u0a72-\u0a74\u0a85-\u0a8d\u0a8f-\u0a91\u0a93-\u0aa8\u0aaa-\u0ab0\u0ab2\u0ab3\u0ab5-\u0ab9\u0abd\u0ad0\u0ae0\u0ae1\u0b05-\u0b0c\u0b0f\u0b10\u0b13-\u0b28\u0b2a-\u0b30\u0b32\u0b33\u0b35-\u0b39\u0b3d\u0b5c\u0b5d\u0b5f-\u0b61\u0b71\u0b83\u0b85-\u0b8a\u0b8e-\u0b90\u0b92-\u0b95\u0b99\u0b9a\u0b9c\u0b9e\u0b9f\u0ba3\u0ba4\u0ba8-\u0baa\u0bae-\u0bb9\u0bd0\u0c05-\u0c0c\u0c0e-\u0c10\u0c12-\u0c28\u0c2a-\u0c33\u0c35-\u0c39\u0c3d\u0c58\u0c59\u0c60\u0c61\u0c85-\u0c8c\u0c8e-\u0c90\u0c92-\u0ca8\u0caa-\u0cb3\u0cb5-\u0cb9\u0cbd\u0cde\u0ce0\u0ce1\u0cf1\u0cf2\u0d05-\u0d0c\u0d0e-\u0d10\u0d12-\u0d3a\u0d3d\u0d4e\u0d60\u0d61\u0d7a-\u0d7f\u0d85-\u0d96\u0d9a-\u0db1\u0db3-\u0dbb\u0dbd\u0dc0-\u0dc6\u0e01-\u0e30\u0e32\u0e33\u0e40-\u0e46\u0e81\u0e82\u0e84\u0e87\u0e88\u0e8a\u0e8d\u0e94-\u0e97\u0e99-\u0e9f\u0ea1-\u0ea3\u0ea5\u0ea7\u0eaa\u0eab\u0ead-\u0eb0\u0eb2\u0eb3\u0ebd\u0ec0-\u0ec4\u0ec6\u0edc-\u0edf\u0f00\u0f40-\u0f47\u0f49-\u0f6c\u0f88-\u0f8c\u1000-\u102a\u103f\u1050-\u1055\u105a-\u105d\u1061\u1065\u1066\u106e-\u1070\u1075-\u1081\u108e\u10a0-\u10c5\u10c7\u10cd\u10d0-\u10fa\u10fc-\u1248\u124a-\u124d\u1250-\u1256\u1258\u125a-\u125d\u1260-\u1288\u128a-\u128d\u1290-\u12b0\u12b2-\u12b5\u12b8-\u12be\u12c0\u12c2-\u12c5\u12c8-\u12d6\u12d8-\u1310\u1312-\u1315\u1318-\u135a\u1380-\u138f\u13a0-\u13f4\u1401-\u166c\u166f-\u167f\u1681-\u169a\u16a0-\u16ea\u16ee-\u16f0\u1700-\u170c\u170e-\u1711\u1720-\u1731\u1740-\u1751\u1760-\u176c\u176e-\u1770\u1780-\u17b3\u17d7\u17dc\u1820-\u1877\u1880-\u18a8\u18aa\u18b0-\u18f5\u1900-\u191c\u1950-\u196d\u1970-\u1974\u1980-\u19ab\u19c1-\u19c7\u1a00-\u1a16\u1a20-\u1a54\u1aa7\u1b05-\u1b33\u1b45-\u1b4b\u1b83-\u1ba0\u1bae\u1baf\u1bba-\u1be5\u1c00-\u1c23\u1c4d-\u1c4f\u1c5a-\u1c7d\u1ce9-\u1cec\u1cee-\u1cf1\u1cf5\u1cf6\u1d00-\u1dbf\u1e00-\u1f15\u1f18-\u1f1d\u1f20-\u1f45\u1f48-\u1f4d\u1f50-\u1f57\u1f59\u1f5b\u1f5d\u1f5f-\u1f7d\u1f80-\u1fb4\u1fb6-\u1fbc\u1fbe\u1fc2-\u1fc4\u1fc6-\u1fcc\u1fd0-\u1fd3\u1fd6-\u1fdb\u1fe0-\u1fec\u1ff2-\u1ff4\u1ff6-\u1ffc\u2071\u207f\u2090-\u209c\u2102\u2107\u210a-\u2113\u2115\u2119-\u211d\u2124\u2126\u2128\u212a-\u212d\u212f-\u2139\u213c-\u213f\u2145-\u2149\u214e\u2160-\u2188\u2c00-\u2c2e\u2c30-\u2c5e\u2c60-\u2ce4\u2ceb-\u2cee\u2cf2\u2cf3\u2d00-\u2d25\u2d27\u2d2d\u2d30-\u2d67\u2d6f\u2d80-\u2d96\u2da0-\u2da6\u2da8-\u2dae\u2db0-\u2db6\u2db8-\u2dbe\u2dc0-\u2dc6\u2dc8-\u2dce\u2dd0-\u2dd6\u2dd8-\u2dde\u2e2f\u3005-\u3007\u3021-\u3029\u3031-\u3035\u3038-\u303c\u3041-\u3096\u309d-\u309f\u30a1-\u30fa\u30fc-\u30ff\u3105-\u312d\u3131-\u318e\u31a0-\u31ba\u31f0-\u31ff\u3400-\u4db5\u4e00-\u9fcc\ua000-\ua48c\ua4d0-\ua4fd\ua500-\ua60c\ua610-\ua61f\ua62a\ua62b\ua640-\ua66e\ua67f-\ua697\ua6a0-\ua6ef\ua717-\ua71f\ua722-\ua788\ua78b-\ua78e\ua790-\ua793\ua7a0-\ua7aa\ua7f8-\ua801\ua803-\ua805\ua807-\ua80a\ua80c-\ua822\ua840-\ua873\ua882-\ua8b3\ua8f2-\ua8f7\ua8fb\ua90a-\ua925\ua930-\ua946\ua960-\ua97c\ua984-\ua9b2\ua9cf\uaa00-\uaa28\uaa40-\uaa42\uaa44-\uaa4b\uaa60-\uaa76\uaa7a\uaa80-\uaaaf\uaab1\uaab5\uaab6\uaab9-\uaabd\uaac0\uaac2\uaadb-\uaadd\uaae0-\uaaea\uaaf2-\uaaf4\uab01-\uab06\uab09-\uab0e\uab11-\uab16\uab20-\uab26\uab28-\uab2e\uabc0-\uabe2\uac00-\ud7a3\ud7b0-\ud7c6\ud7cb-\ud7fb\uf900-\ufa6d\ufa70-\ufad9\ufb00-\ufb06\ufb13-\ufb17\ufb1d\ufb1f-\ufb28\ufb2a-\ufb36\ufb38-\ufb3c\ufb3e\ufb40\ufb41\ufb43\ufb44\ufb46-\ufbb1\ufbd3-\ufd3d\ufd50-\ufd8f\ufd92-\ufdc7\ufdf0-\ufdfb\ufe70-\ufe74\ufe76-\ufefc\uff21-\uff3a\uff41-\uff5a\uff66-\uffbe\uffc2-\uffc7\uffca-\uffcf\uffd2-\uffd7\uffda-\uffdc0-9\u0300-\u036f\u0483-\u0487\u0591-\u05bd\u05bf\u05c1\u05c2\u05c4\u05c5\u05c7\u0610-\u061a\u064b-\u0669\u0670\u06d6-\u06dc\u06df-\u06e4\u06e7\u06e8\u06ea-\u06ed\u06f0-\u06f9\u0711\u0730-\u074a\u07a6-\u07b0\u07c0-\u07c9\u07eb-\u07f3\u0816-\u0819\u081b-\u0823\u0825-\u0827\u0829-\u082d\u0859-\u085b\u08e4-\u08fe\u0900-\u0903\u093a-\u093c\u093e-\u094f\u0951-\u0957\u0962\u0963\u0966-\u096f\u0981-\u0983\u09bc\u09be-\u09c4\u09c7\u09c8\u09cb-\u09cd\u09d7\u09e2\u09e3\u09e6-\u09ef\u0a01-\u0a03\u0a3c\u0a3e-\u0a42\u0a47\u0a48\u0a4b-\u0a4d\u0a51\u0a66-\u0a71\u0a75\u0a81-\u0a83\u0abc\u0abe-\u0ac5\u0ac7-\u0ac9\u0acb-\u0acd\u0ae2\u0ae3\u0ae6-\u0aef\u0b01-\u0b03\u0b3c\u0b3e-\u0b44\u0b47\u0b48\u0b4b-\u0b4d\u0b56\u0b57\u0b62\u0b63\u0b66-\u0b6f\u0b82\u0bbe-\u0bc2\u0bc6-\u0bc8\u0bca-\u0bcd\u0bd7\u0be6-\u0bef\u0c01-\u0c03\u0c3e-\u0c44\u0c46-\u0c48\u0c4a-\u0c4d\u0c55\u0c56\u0c62\u0c63\u0c66-\u0c6f\u0c82\u0c83\u0cbc\u0cbe-\u0cc4\u0cc6-\u0cc8\u0cca-\u0ccd\u0cd5\u0cd6\u0ce2\u0ce3\u0ce6-\u0cef\u0d02\u0d03\u0d3e-\u0d44\u0d46-\u0d48\u0d4a-\u0d4d\u0d57\u0d62\u0d63\u0d66-\u0d6f\u0d82\u0d83\u0dca\u0dcf-\u0dd4\u0dd6\u0dd8-\u0ddf\u0df2\u0df3\u0e31\u0e34-\u0e3a\u0e47-\u0e4e\u0e50-\u0e59\u0eb1\u0eb4-\u0eb9\u0ebb\u0ebc\u0ec8-\u0ecd\u0ed0-\u0ed9\u0f18\u0f19\u0f20-\u0f29\u0f35\u0f37\u0f39\u0f3e\u0f3f\u0f71-\u0f84\u0f86\u0f87\u0f8d-\u0f97\u0f99-\u0fbc\u0fc6\u102b-\u103e\u1040-\u1049\u1056-\u1059\u105e-\u1060\u1062-\u1064\u1067-\u106d\u1071-\u1074\u1082-\u108d\u108f-\u109d\u135d-\u135f\u1712-\u1714\u1732-\u1734\u1752\u1753\u1772\u1773\u17b4-\u17d3\u17dd\u17e0-\u17e9\u180b-\u180d\u1810-\u1819\u18a9\u1920-\u192b\u1930-\u193b\u1946-\u194f\u19b0-\u19c0\u19c8\u19c9\u19d0-\u19d9\u1a17-\u1a1b\u1a55-\u1a5e\u1a60-\u1a7c\u1a7f-\u1a89\u1a90-\u1a99\u1b00-\u1b04\u1b34-\u1b44\u1b50-\u1b59\u1b6b-\u1b73\u1b80-\u1b82\u1ba1-\u1bad\u1bb0-\u1bb9\u1be6-\u1bf3\u1c24-\u1c37\u1c40-\u1c49\u1c50-\u1c59\u1cd0-\u1cd2\u1cd4-\u1ce8\u1ced\u1cf2-\u1cf4\u1dc0-\u1de6\u1dfc-\u1dff\u200c\u200d\u203f\u2040\u2054\u20d0-\u20dc\u20e1\u20e5-\u20f0\u2cef-\u2cf1\u2d7f\u2de0-\u2dff\u302a-\u302f\u3099\u309a\ua620-\ua629\ua66f\ua674-\ua67d\ua69f\ua6f0\ua6f1\ua802\ua806\ua80b\ua823-\ua827\ua880\ua881\ua8b4-\ua8c4\ua8d0-\ua8d9\ua8e0-\ua8f1\ua900-\ua909\ua926-\ua92d\ua947-\ua953\ua980-\ua983\ua9b3-\ua9c0\ua9d0-\ua9d9\uaa29-\uaa36\uaa43\uaa4c\uaa4d\uaa50-\uaa59\uaa7b\uaab0\uaab2-\uaab4\uaab7\uaab8\uaabe\uaabf\uaac1\uaaeb-\uaaef\uaaf5\uaaf6\uabe3-\uabea\uabec\uabed\uabf0-\uabf9\ufb1e\ufe00-\ufe0f\ufe20-\ufe26\ufe33\ufe34\ufe4d-\ufe4f\uff10-\uff19\uff3f]*$/.test(str)
}
module.exports = isProperty
/***/ },
/* 176 */
/***/ function(module, exports, __webpack_require__) {
var util = __webpack_require__(87)
var INDENT_START = /[\{\[]/
var INDENT_END = /[\}\]]/
module.exports = function() {
var lines = []
var indent = 0
var push = function(str) {
var spaces = ''
while (spaces.length < indent*2) spaces += ' '
lines.push(spaces+str)
}
var line = function(fmt) {
if (!fmt) return line
if (INDENT_END.test(fmt.trim()[0]) && INDENT_START.test(fmt[fmt.length-1])) {
indent--
push(util.format.apply(util, arguments))
indent++
return line
}
if (INDENT_START.test(fmt[fmt.length-1])) {
push(util.format.apply(util, arguments))
indent++
return line
}
if (INDENT_END.test(fmt.trim()[0])) {
indent--
push(util.format.apply(util, arguments))
return line
}
push(util.format.apply(util, arguments))
return line
}
line.toString = function() {
return lines.join('\n')
}
line.toFunction = function(scope) {
var src = 'return ('+line.toString()+')'
var keys = Object.keys(scope || {}).map(function(key) {
return key
})
var vals = keys.map(function(key) {
return scope[key]
})
return Function.apply(null, keys.concat(src)).apply(null, vals)
}
if (arguments.length) line.apply(null, arguments)
return line
}
/***/ },
/* 177 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(process) {// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.
// resolves . and .. elements in a path array with directory names there
// must be no slashes, empty elements, or device names (c:\) in the array
// (so also no leading and trailing slashes - it does not distinguish
// relative and absolute paths)
function normalizeArray(parts, allowAboveRoot) {
// if the path tries to go above the root, `up` ends up > 0
var up = 0;
for (var i = parts.length - 1; i >= 0; i--) {
var last = parts[i];
if (last === '.') {
parts.splice(i, 1);
} else if (last === '..') {
parts.splice(i, 1);
up++;
} else if (up) {
parts.splice(i, 1);
up--;
}
}
// if the path is allowed to go above the root, restore leading ..s
if (allowAboveRoot) {
for (; up--; up) {
parts.unshift('..');
}
}
return parts;
}
// Split a filename into [root, dir, basename, ext], unix version
// 'root' is just a slash, or nothing.
var splitPathRe =
/^(\/?|)([\s\S]*?)((?:\.{1,2}|[^\/]+?|)(\.[^.\/]*|))(?:[\/]*)$/;
var splitPath = function(filename) {
return splitPathRe.exec(filename).slice(1);
};
// path.resolve([from ...], to)
// posix version
exports.resolve = function() {
var resolvedPath = '',
resolvedAbsolute = false;
for (var i = arguments.length - 1; i >= -1 && !resolvedAbsolute; i--) {
var path = (i >= 0) ? arguments[i] : process.cwd();
// Skip empty and invalid entries
if (typeof path !== 'string') {
throw new TypeError('Arguments to path.resolve must be strings');
} else if (!path) {
continue;
}
resolvedPath = path + '/' + resolvedPath;
resolvedAbsolute = path.charAt(0) === '/';
}
// At this point the path should be resolved to a full absolute path, but
// handle relative paths to be safe (might happen when process.cwd() fails)
// Normalize the path
resolvedPath = normalizeArray(filter(resolvedPath.split('/'), function(p) {
return !!p;
}), !resolvedAbsolute).join('/');
return ((resolvedAbsolute ? '/' : '') + resolvedPath) || '.';
};
// path.normalize(path)
// posix version
exports.normalize = function(path) {
var isAbsolute = exports.isAbsolute(path),
trailingSlash = substr(path, -1) === '/';
// Normalize the path
path = normalizeArray(filter(path.split('/'), function(p) {
return !!p;
}), !isAbsolute).join('/');
if (!path && !isAbsolute) {
path = '.';
}
if (path && trailingSlash) {
path += '/';
}
return (isAbsolute ? '/' : '') + path;
};
// posix version
exports.isAbsolute = function(path) {
return path.charAt(0) === '/';
};
// posix version
exports.join = function() {
var paths = Array.prototype.slice.call(arguments, 0);
return exports.normalize(filter(paths, function(p, index) {
if (typeof p !== 'string') {
throw new TypeError('Arguments to path.join must be strings');
}
return p;
}).join('/'));
};
// path.relative(from, to)
// posix version
exports.relative = function(from, to) {
from = exports.resolve(from).substr(1);
to = exports.resolve(to).substr(1);
function trim(arr) {
var start = 0;
for (; start < arr.length; start++) {
if (arr[start] !== '') break;
}
var end = arr.length - 1;
for (; end >= 0; end--) {
if (arr[end] !== '') break;
}
if (start > end) return [];
return arr.slice(start, end - start + 1);
}
var fromParts = trim(from.split('/'));
var toParts = trim(to.split('/'));
var length = Math.min(fromParts.length, toParts.length);
var samePartsLength = length;
for (var i = 0; i < length; i++) {
if (fromParts[i] !== toParts[i]) {
samePartsLength = i;
break;
}
}
var outputParts = [];
for (var i = samePartsLength; i < fromParts.length; i++) {
outputParts.push('..');
}
outputParts = outputParts.concat(toParts.slice(samePartsLength));
return outputParts.join('/');
};
exports.sep = '/';
exports.delimiter = ':';
exports.dirname = function(path) {
var result = splitPath(path),
root = result[0],
dir = result[1];
if (!root && !dir) {
// No dirname whatsoever
return '.';
}
if (dir) {
// It has a dirname, strip trailing slash
dir = dir.substr(0, dir.length - 1);
}
return root + dir;
};
exports.basename = function(path, ext) {
var f = splitPath(path)[2];
// TODO: make this comparison case-insensitive on windows?
if (ext && f.substr(-1 * ext.length) === ext) {
f = f.substr(0, f.length - ext.length);
}
return f;
};
exports.extname = function(path) {
return splitPath(path)[3];
};
function filter (xs, f) {
if (xs.filter) return xs.filter(f);
var res = [];
for (var i = 0; i < xs.length; i++) {
if (f(xs[i], i, xs)) res.push(xs[i]);
}
return res;
}
// String.prototype.substr - negative index don't work in IE8
var substr = 'ab'.substr(-1) === 'b'
? function (str, start, len) { return str.substr(start, len) }
: function (str, start, len) {
if (start < 0) start = str.length + start;
return str.substr(start, len);
}
;
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(13)))
/***/ },
/* 178 */
/***/ function(module, exports, __webpack_require__) {
/* WEBPACK VAR INJECTION */(function(Buffer) {module.exports = new Buffer([101,110,117,109,32,75,101,121,84,121,112,101,32,123,10,9,82,83,65,32,61,32,48,59,10,125,10,10,109,101,115,115,97,103,101,32,80,117,98,108,105,99,75,101,121,32,123,10,9,114,101,113,117,105,114,101,100,32,75,101,121,84,121,112,101,32,84,121,112,101,32,61,32,49,59,10,9,114,101,113,117,105,114,101,100,32,98,121,116,101,115,32,68,97,116,97,32,61,32,50,59,10,125,10,10,109,101,115,115,97,103,101,32,80,114,105,118,97,116,101,75,101,121,32,123,10,9,114,101,113,117,105,114,101,100,32,75,101,121,84,121,112,101,32,84,121,112,101,32,61,32,49,59,10,9,114,101,113,117,105,114,101,100,32,98,121,116,101,115,32,68,97,116,97,32,61,32,50,59,10,125])
/* WEBPACK VAR INJECTION */}.call(exports, __webpack_require__(1).Buffer))
/***/ }
/******/ ]);
Reference in New Issue View Git Blame Copy Permalink