node-jsencrypt
Version:
A port of JSEncrypt to NodeJS.
1,669 lines (1,552 loc) • 152 kB
JavaScript
var getRandomValues = require('get-random-values');
var fs = require("fs");
var hardLimit = 100,
ellipsis = "\u2026",
DOM = {
tag: function (tagName, className) {
var t = document.createElement(tagName);
t.className = className;
return t;
},
text: function (str) {
return document.createTextNode(str);
}
};
function Stream(enc, pos) {
if (enc instanceof Stream) {
this.enc = enc.enc;
this.pos = enc.pos;
} else {
this.enc = enc;
this.pos = pos;
}
}
Stream.prototype.get = function (pos) {
if (pos === undefined)
pos = this.pos++;
if (pos >= this.enc.length)
throw 'Requesting byte offset ' + pos + ' on a stream of length ' + this.enc.length;
return this.enc[pos];
};
Stream.prototype.hexDigits = "0123456789ABCDEF";
Stream.prototype.hexByte = function (b) {
return this.hexDigits.charAt((b >> 4) & 0xF) + this.hexDigits.charAt(b & 0xF);
};
Stream.prototype.hexDump = function (start, end, raw) {
var s = "";
for (var i = start; i < end; ++i) {
s += this.hexByte(this.get(i));
if (raw !== true)
switch (i & 0xF) {
case 0x7:
s += " ";
break;
case 0xF:
s += "\n";
break;
default:
s += " ";
}
}
return s;
};
Stream.prototype.parseStringISO = function (start, end) {
var s = "";
for (var i = start; i < end; ++i)
s += String.fromCharCode(this.get(i));
return s;
};
Stream.prototype.parseStringUTF = function (start, end) {
var s = "";
for (var i = start; i < end;) {
var c = this.get(i++);
if (c < 128)
s += String.fromCharCode(c);
else if ((c > 191) && (c < 224))
s += String.fromCharCode(((c & 0x1F) << 6) | (this.get(i++) & 0x3F));
else
s += String.fromCharCode(((c & 0x0F) << 12) | ((this.get(i++) & 0x3F) << 6) | (this.get(i++) & 0x3F));
}
return s;
};
Stream.prototype.parseStringBMP = function (start, end) {
var str = ""
for (var i = start; i < end; i += 2) {
var high_byte = this.get(i);
var low_byte = this.get(i + 1);
str += String.fromCharCode((high_byte << 8) + low_byte);
}
return str;
};
Stream.prototype.reTime = /^((?:1[89]|2\d)?\d\d)(0[1-9]|1[0-2])(0[1-9]|[12]\d|3[01])([01]\d|2[0-3])(?:([0-5]\d)(?:([0-5]\d)(?:[.,](\d{1,3}))?)?)?(Z|[-+](?:[0]\d|1[0-2])([0-5]\d)?)?$/;
Stream.prototype.parseTime = function (start, end) {
var s = this.parseStringISO(start, end),
m = this.reTime.exec(s);
if (!m)
return "Unrecognized time: " + s;
s = m[1] + "-" + m[2] + "-" + m[3] + " " + m[4];
if (m[5]) {
s += ":" + m[5];
if (m[6]) {
s += ":" + m[6];
if (m[7])
s += "." + m[7];
}
}
if (m[8]) {
s += " UTC";
if (m[8] != 'Z') {
s += m[8];
if (m[9])
s += ":" + m[9];
}
}
return s;
};
Stream.prototype.parseInteger = function (start, end) {
//TODO support negative numbers
var len = end - start;
if (len > 4) {
len <<= 3;
var s = this.get(start);
if (s === 0)
len -= 8;
else
while (s < 128) {
s <<= 1;
--len;
}
return "(" + len + " bit)";
}
var n = 0;
for (var i = start; i < end; ++i)
n = (n << 8) | this.get(i);
return n;
};
Stream.prototype.parseBitString = function (start, end) {
var unusedBit = this.get(start),
lenBit = ((end - start - 1) << 3) - unusedBit,
s = "(" + lenBit + " bit)";
if (lenBit <= 20) {
var skip = unusedBit;
s += " ";
for (var i = end - 1; i > start; --i) {
var b = this.get(i);
for (var j = skip; j < 8; ++j)
s += (b >> j) & 1 ? "1" : "0";
skip = 0;
}
}
return s;
};
Stream.prototype.parseOctetString = function (start, end) {
var len = end - start,
s = "(" + len + " byte) ";
if (len > hardLimit)
end = start + hardLimit;
for (var i = start; i < end; ++i)
s += this.hexByte(this.get(i)); //TODO: also try Latin1?
if (len > hardLimit)
s += ellipsis;
return s;
};
Stream.prototype.parseOID = function (start, end) {
var s = '',
n = 0,
bits = 0;
for (var i = start; i < end; ++i) {
var v = this.get(i);
n = (n << 7) | (v & 0x7F);
bits += 7;
if (!(v & 0x80)) { // finished
if (s === '') {
var m = n < 80 ? n < 40 ? 0 : 1 : 2;
s = m + "." + (n - m * 40);
} else
s += "." + ((bits >= 31) ? "bigint" : n);
n = bits = 0;
}
}
return s;
};
var Base64 = {},
decoder;
Base64.decode = function (a) {
var i;
if (decoder === undefined) {
var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
ignore = "= \f\n\r\t\u00A0\u2028\u2029";
decoder = [];
for (i = 0; i < 64; ++i)
decoder[b64.charAt(i)] = i;
for (i = 0; i < ignore.length; ++i)
decoder[ignore.charAt(i)] = -1;
}
var out = [];
var bits = 0, char_count = 0;
for (i = 0; i < a.length; ++i) {
var c = a.charAt(i);
if (c == '=')
break;
c = decoder[c];
if (c == -1)
continue;
if (c === undefined)
throw 'Illegal character at offset ' + i;
bits |= c;
if (++char_count >= 4) {
out[out.length] = (bits >> 16);
out[out.length] = (bits >> 8) & 0xFF;
out[out.length] = bits & 0xFF;
bits = 0;
char_count = 0;
} else {
bits <<= 6;
}
}
switch (char_count) {
case 1:
throw "Base64 encoding incomplete: at least 2 bits missing";
case 2:
out[out.length] = (bits >> 10);
break;
case 3:
out[out.length] = (bits >> 16);
out[out.length] = (bits >> 8) & 0xFF;
break;
}
return out;
};
Base64.re = /-----BEGIN [^-]+-----([A-Za-z0-9+\/=\s]+)-----END [^-]+-----|begin-base64[^\n]+\n([A-Za-z0-9+\/=\s]+)====/;
Base64.unarmor = function (a) {
var m = Base64.re.exec(a);
if (m) {
if (m[1])
a = m[1];
else if (m[2])
a = m[2];
else
throw "RegExp out of sync";
}
return Base64.decode(a);
};
var JSEncryptExports = {};
var Hex;
function ASN1(stream, header, length, tag, sub) {
this.stream = stream;
this.header = header;
this.length = length;
this.tag = tag;
this.sub = sub;
}
/**
* Retrieve the hexadecimal value (as a string) of the current ASN.1 element
* @returns {string}
* @public
*/
ASN1.prototype.getHexStringValue = function () {
var hexString = this.toHexString();
var offset = this.header * 2;
var length = this.length * 2;
return hexString.substr(offset, length);
};
ASN1.prototype.typeName = function () {
if (this.tag === undefined)
return "unknown";
var tagClass = this.tag >> 6,
tagConstructed = (this.tag >> 5) & 1,
tagNumber = this.tag & 0x1F;
switch (tagClass) {
case 0: // universal
switch (tagNumber) {
case 0x00:
return "EOC";
case 0x01:
return "BOOLEAN";
case 0x02:
return "INTEGER";
case 0x03:
return "BIT_STRING";
case 0x04:
return "OCTET_STRING";
case 0x05:
return "NULL";
case 0x06:
return "OBJECT_IDENTIFIER";
case 0x07:
return "ObjectDescriptor";
case 0x08:
return "EXTERNAL";
case 0x09:
return "REAL";
case 0x0A:
return "ENUMERATED";
case 0x0B:
return "EMBEDDED_PDV";
case 0x0C:
return "UTF8String";
case 0x10:
return "SEQUENCE";
case 0x11:
return "SET";
case 0x12:
return "NumericString";
case 0x13:
return "PrintableString"; // ASCII subset
case 0x14:
return "TeletexString"; // aka T61String
case 0x15:
return "VideotexString";
case 0x16:
return "IA5String"; // ASCII
case 0x17:
return "UTCTime";
case 0x18:
return "GeneralizedTime";
case 0x19:
return "GraphicString";
case 0x1A:
return "VisibleString"; // ASCII subset
case 0x1B:
return "GeneralString";
case 0x1C:
return "UniversalString";
case 0x1E:
return "BMPString";
default:
return "Universal_" + tagNumber.toString(16);
}
case 1:
return "Application_" + tagNumber.toString(16);
case 2:
return "[" + tagNumber + "]"; // Context
case 3:
return "Private_" + tagNumber.toString(16);
}
};
ASN1.prototype.reSeemsASCII = /^[ -~]+$/;
ASN1.prototype.content = function () {
if (this.tag === undefined)
return null;
var tagClass = this.tag >> 6,
tagNumber = this.tag & 0x1F,
content = this.posContent(),
len = Math.abs(this.length);
if (tagClass !== 0) { // universal
if (this.sub !== null)
return "(" + this.sub.length + " elem)";
//TODO: TRY TO PARSE ASCII STRING
var s = this.stream.parseStringISO(content, content + Math.min(len, hardLimit));
if (this.reSeemsASCII.test(s))
return s.substring(0, 2 * hardLimit) + ((s.length > 2 * hardLimit) ? ellipsis : "");
else
return this.stream.parseOctetString(content, content + len);
}
switch (tagNumber) {
case 0x01: // BOOLEAN
return (this.stream.get(content) === 0) ? "false" : "true";
case 0x02: // INTEGER
return this.stream.parseInteger(content, content + len);
case 0x03: // BIT_STRING
return this.sub ? "(" + this.sub.length + " elem)" :
this.stream.parseBitString(content, content + len);
case 0x04: // OCTET_STRING
return this.sub ? "(" + this.sub.length + " elem)" :
this.stream.parseOctetString(content, content + len);
//case 0x05: // NULL
case 0x06: // OBJECT_IDENTIFIER
return this.stream.parseOID(content, content + len);
//case 0x07: // ObjectDescriptor
//case 0x08: // EXTERNAL
//case 0x09: // REAL
//case 0x0A: // ENUMERATED
//case 0x0B: // EMBEDDED_PDV
case 0x10: // SEQUENCE
case 0x11: // SET
return "(" + this.sub.length + " elem)";
case 0x0C: // UTF8String
return this.stream.parseStringUTF(content, content + len);
case 0x12: // NumericString
case 0x13: // PrintableString
case 0x14: // TeletexString
case 0x15: // VideotexString
case 0x16: // IA5String
//case 0x19: // GraphicString
case 0x1A: // VisibleString
//case 0x1B: // GeneralString
//case 0x1C: // UniversalString
return this.stream.parseStringISO(content, content + len);
case 0x1E: // BMPString
return this.stream.parseStringBMP(content, content + len);
case 0x17: // UTCTime
case 0x18: // GeneralizedTime
return this.stream.parseTime(content, content + len);
}
return null;
};
ASN1.prototype.toString = function () {
return this.typeName() + "@" + this.stream.pos + "[header:" + this.header + ",length:" + this.length + ",sub:" + ((this.sub === null) ? 'null' : this.sub.length) + "]";
};
ASN1.prototype.print = function (indent) {
if (indent === undefined) indent = '';
document.writeln(indent + this);
if (this.sub !== null) {
indent += ' ';
for (var i = 0, max = this.sub.length; i < max; ++i)
this.sub[i].print(indent);
}
};
ASN1.prototype.toPrettyString = function (indent) {
if (indent === undefined) indent = '';
var s = indent + this.typeName() + " @" + this.stream.pos;
if (this.length >= 0)
s += "+";
s += this.length;
if (this.tag & 0x20)
s += " (constructed)";
else if (((this.tag == 0x03) || (this.tag == 0x04)) && (this.sub !== null))
s += " (encapsulates)";
s += "\n";
if (this.sub !== null) {
indent += ' ';
for (var i = 0, max = this.sub.length; i < max; ++i)
s += this.sub[i].toPrettyString(indent);
}
return s;
};
ASN1.prototype.toDOM = function () {
var node = DOM.tag("div", "node");
node.asn1 = this;
var head = DOM.tag("div", "head");
var s = this.typeName().replace(/_/g, " ");
head.innerHTML = s;
var content = this.content();
if (content !== null) {
content = String(content).replace(/</g, "<");
var preview = DOM.tag("span", "preview");
preview.appendChild(DOM.text(content));
head.appendChild(preview);
}
node.appendChild(head);
this.node = node;
this.head = head;
var value = DOM.tag("div", "value");
s = "Offset: " + this.stream.pos + "<br/>";
s += "Length: " + this.header + "+";
if (this.length >= 0)
s += this.length;
else
s += (-this.length) + " (undefined)";
if (this.tag & 0x20)
s += "<br/>(constructed)";
else if (((this.tag == 0x03) || (this.tag == 0x04)) && (this.sub !== null))
s += "<br/>(encapsulates)";
//TODO if (this.tag == 0x03) s += "Unused bits: "
if (content !== null) {
s += "<br/>Value:<br/><b>" + content + "</b>";
if ((typeof oids === 'object') && (this.tag == 0x06)) {
var oid = oids[content];
if (oid) {
if (oid.d) s += "<br/>" + oid.d;
if (oid.c) s += "<br/>" + oid.c;
if (oid.w) s += "<br/>(warning!)";
}
}
}
value.innerHTML = s;
node.appendChild(value);
var sub = DOM.tag("div", "sub");
if (this.sub !== null) {
for (var i = 0, max = this.sub.length; i < max; ++i)
sub.appendChild(this.sub[i].toDOM());
}
node.appendChild(sub);
head.onclick = function () {
node.className = (node.className == "node collapsed") ? "node" : "node collapsed";
};
return node;
};
ASN1.prototype.posStart = function () {
return this.stream.pos;
};
ASN1.prototype.posContent = function () {
return this.stream.pos + this.header;
};
ASN1.prototype.posEnd = function () {
return this.stream.pos + this.header + Math.abs(this.length);
};
ASN1.prototype.fakeHover = function (current) {
this.node.className += " hover";
if (current)
this.head.className += " hover";
};
ASN1.prototype.fakeOut = function (current) {
var re = / ?hover/;
this.node.className = this.node.className.replace(re, "");
if (current)
this.head.className = this.head.className.replace(re, "");
};
ASN1.prototype.toHexDOM_sub = function (node, className, stream, start, end) {
if (start >= end)
return;
var sub = DOM.tag("span", className);
sub.appendChild(DOM.text(
stream.hexDump(start, end)));
node.appendChild(sub);
};
ASN1.prototype.toHexDOM = function (root) {
var node = DOM.tag("span", "hex");
if (root === undefined) root = node;
this.head.hexNode = node;
this.head.onmouseover = function () {
this.hexNode.className = "hexCurrent";
};
this.head.onmouseout = function () {
this.hexNode.className = "hex";
};
node.asn1 = this;
node.onmouseover = function () {
var current = !root.selected;
if (current) {
root.selected = this.asn1;
this.className = "hexCurrent";
}
this.asn1.fakeHover(current);
};
node.onmouseout = function () {
var current = (root.selected == this.asn1);
this.asn1.fakeOut(current);
if (current) {
root.selected = null;
this.className = "hex";
}
};
this.toHexDOM_sub(node, "tag", this.stream, this.posStart(), this.posStart() + 1);
this.toHexDOM_sub(node, (this.length >= 0) ? "dlen" : "ulen", this.stream, this.posStart() + 1, this.posContent());
if (this.sub === null)
node.appendChild(DOM.text(
this.stream.hexDump(this.posContent(), this.posEnd())));
else if (this.sub.length > 0) {
var first = this.sub[0];
var last = this.sub[this.sub.length - 1];
this.toHexDOM_sub(node, "intro", this.stream, this.posContent(), first.posStart());
for (var i = 0, max = this.sub.length; i < max; ++i)
node.appendChild(this.sub[i].toHexDOM(root));
this.toHexDOM_sub(node, "outro", this.stream, last.posEnd(), this.posEnd());
}
return node;
};
ASN1.prototype.toHexString = function (root) {
return this.stream.hexDump(this.posStart(), this.posEnd(), true);
};
ASN1.decodeLength = function (stream) {
var buf = stream.get(),
len = buf & 0x7F;
if (len == buf)
return len;
if (len > 3)
throw "Length over 24 bits not supported at position " + (stream.pos - 1);
if (len === 0)
return -1; // undefined
buf = 0;
for (var i = 0; i < len; ++i)
buf = (buf << 8) | stream.get();
return buf;
};
ASN1.hasContent = function (tag, len, stream) {
if (tag & 0x20) // constructed
return true;
if ((tag < 0x03) || (tag > 0x04))
return false;
var p = new Stream(stream);
if (tag == 0x03) p.get(); // BitString unused bits, must be in [0, 7]
var subTag = p.get();
if ((subTag >> 6) & 0x01) // not (universal or context)
return false;
try {
var subLength = ASN1.decodeLength(p);
return ((p.pos - stream.pos) + subLength == len);
} catch (exception) {
return false;
}
};
ASN1.decode = function (stream) {
if (!(stream instanceof Stream))
stream = new Stream(stream, 0);
var streamStart = new Stream(stream),
tag = stream.get(),
len = ASN1.decodeLength(stream),
header = stream.pos - streamStart.pos,
sub = null;
if (ASN1.hasContent(tag, len, stream)) {
// it has content, so we decode it
var start = stream.pos;
if (tag == 0x03) stream.get(); // skip BitString unused bits, must be in [0, 7]
sub = [];
if (len >= 0) {
// definite length
var end = start + len;
while (stream.pos < end)
sub[sub.length] = ASN1.decode(stream);
if (stream.pos != end)
throw "Content size is not correct for container starting at offset " + start;
} else {
// undefined length
try {
for (; ;) {
var s = ASN1.decode(stream);
if (s.tag === 0)
break;
sub[sub.length] = s;
}
len = start - stream.pos;
} catch (e) {
throw "Exception while decoding undefined length content: " + e;
}
}
} else
stream.pos += len; // skip content
return new ASN1(streamStart, header, len, tag, sub);
};
ASN1.test = function () {
var test = [
{value: [0x27], expected: 0x27},
{value: [0x81, 0xC9], expected: 0xC9},
{value: [0x83, 0xFE, 0xDC, 0xBA], expected: 0xFEDCBA}
];
for (var i = 0, max = test.length; i < max; ++i) {
var pos = 0,
stream = new Stream(test[i].value, 0),
res = ASN1.decodeLength(stream);
if (res != test[i].expected)
document.write("In test[" + i + "] expected " + test[i].expected + " got " + res + "\n");
}
};
(function (exports) {
// Copyright (c) 2005 Tom Wu
// All Rights Reserved.
// See "LICENSE" for details.
// Basic JavaScript BN library - subset useful for RSA encryption.
// Bits per digit
var dbits;
// JavaScript engine analysis
var canary = 0xdeadbeefcafe;
var j_lm = ((canary & 0xffffff) == 0xefcafe);
// (public) Constructor
function BigInteger(a, b, c) {
if (a != null)
if ("number" == typeof a) this.fromNumber(a, b, c);
else if (b == null && "string" != typeof a) this.fromString(a, 256);
else this.fromString(a, b);
}
// return new, unset BigInteger
function nbi() {
return new BigInteger(null);
}
// am: Compute w_j += (x*this_i), propagate carries,
// c is initial carry, returns final carry.
// c < 3*dvalue, x < 2*dvalue, this_i < dvalue
// We need to select the fastest one that works in this environment.
// am1: use a single mult and divide to get the high bits,
// max digit bits should be 26 because
// max internal value = 2*dvalue^2-2*dvalue (< 2^53)
function am1(i, x, w, j, c, n) {
while (--n >= 0) {
var v = x * this[i++] + w[j] + c;
c = Math.floor(v / 0x4000000);
w[j++] = v & 0x3ffffff;
}
return c;
}
// am2 avoids a big mult-and-extract completely.
// Max digit bits should be <= 30 because we do bitwise ops
// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
function am2(i, x, w, j, c, n) {
var xl = x & 0x7fff, xh = x >> 15;
while (--n >= 0) {
var l = this[i] & 0x7fff;
var h = this[i++] >> 15;
var m = xh * l + h * xl;
l = xl * l + ((m & 0x7fff) << 15) + w[j] + (c & 0x3fffffff);
c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30);
w[j++] = l & 0x3fffffff;
}
return c;
}
// Alternately, set max digit bits to 28 since some
// browsers slow down when dealing with 32-bit numbers.
function am3(i, x, w, j, c, n) {
var xl = x & 0x3fff, xh = x >> 14;
while (--n >= 0) {
var l = this[i] & 0x3fff;
var h = this[i++] >> 14;
var m = xh * l + h * xl;
l = xl * l + ((m & 0x3fff) << 14) + w[j] + c;
c = (l >> 28) + (m >> 14) + xh * h;
w[j++] = l & 0xfffffff;
}
return c;
}
// override
BigInteger.prototype.am = am3;
dbits = 28;
BigInteger.prototype.DB = dbits;
BigInteger.prototype.DM = ((1 << dbits) - 1);
BigInteger.prototype.DV = (1 << dbits);
var BI_FP = 52;
BigInteger.prototype.FV = Math.pow(2, BI_FP);
BigInteger.prototype.F1 = BI_FP - dbits;
BigInteger.prototype.F2 = 2 * dbits - BI_FP;
// Digit conversions
var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
var BI_RC = new Array();
var rr, vv;
rr = "0".charCodeAt(0);
for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;
rr = "a".charCodeAt(0);
for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
rr = "A".charCodeAt(0);
for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;
function int2char(n) {
return BI_RM.charAt(n);
}
function intAt(s, i) {
var c = BI_RC[s.charCodeAt(i)];
return (c == null) ? -1 : c;
}
// (protected) copy this to r
function bnpCopyTo(r) {
for (var i = this.t - 1; i >= 0; --i) r[i] = this[i];
r.t = this.t;
r.s = this.s;
}
// (protected) set from integer value x, -DV <= x < DV
function bnpFromInt(x) {
this.t = 1;
this.s = (x < 0) ? -1 : 0;
if (x > 0) this[0] = x;
else if (x < -1) this[0] = x + DV;
else this.t = 0;
}
// return bigint initialized to value
function nbv(i) {
var r = nbi();
r.fromInt(i);
return r;
}
// (protected) set from string and radix
function bnpFromString(s, b) {
var k;
if (b == 16) k = 4;
else if (b == 8) k = 3;
else if (b == 256) k = 8; // byte array
else if (b == 2) k = 1;
else if (b == 32) k = 5;
else if (b == 4) k = 2;
else {
this.fromRadix(s, b);
return;
}
this.t = 0;
this.s = 0;
var i = s.length, mi = false, sh = 0;
while (--i >= 0) {
var x = (k == 8) ? s[i] & 0xff : intAt(s, i);
if (x < 0) {
if (s.charAt(i) == "-") mi = true;
continue;
}
mi = false;
if (sh == 0)
this[this.t++] = x;
else if (sh + k > this.DB) {
this[this.t - 1] |= (x & ((1 << (this.DB - sh)) - 1)) << sh;
this[this.t++] = (x >> (this.DB - sh));
}
else
this[this.t - 1] |= x << sh;
sh += k;
if (sh >= this.DB) sh -= this.DB;
}
if (k == 8 && (s[0] & 0x80) != 0) {
this.s = -1;
if (sh > 0) this[this.t - 1] |= ((1 << (this.DB - sh)) - 1) << sh;
}
this.clamp();
if (mi) BigInteger.ZERO.subTo(this, this);
}
// (protected) clamp off excess high words
function bnpClamp() {
var c = this.s & this.DM;
while (this.t > 0 && this[this.t - 1] == c) --this.t;
}
// (public) return string representation in given radix
function bnToString(b) {
if (this.s < 0) return "-" + this.negate().toString(b);
var k;
if (b == 16) k = 4;
else if (b == 8) k = 3;
else if (b == 2) k = 1;
else if (b == 32) k = 5;
else if (b == 4) k = 2;
else return this.toRadix(b);
var km = (1 << k) - 1, d, m = false, r = "", i = this.t;
var p = this.DB - (i * this.DB) % k;
if (i-- > 0) {
if (p < this.DB && (d = this[i] >> p) > 0) {
m = true;
r = int2char(d);
}
while (i >= 0) {
if (p < k) {
d = (this[i] & ((1 << p) - 1)) << (k - p);
d |= this[--i] >> (p += this.DB - k);
}
else {
d = (this[i] >> (p -= k)) & km;
if (p <= 0) {
p += this.DB;
--i;
}
}
if (d > 0) m = true;
if (m) r += int2char(d);
}
}
return m ? r : "0";
}
// (public) -this
function bnNegate() {
var r = nbi();
BigInteger.ZERO.subTo(this, r);
return r;
}
// (public) |this|
function bnAbs() {
return (this.s < 0) ? this.negate() : this;
}
// (public) return + if this > a, - if this < a, 0 if equal
function bnCompareTo(a) {
var r = this.s - a.s;
if (r != 0) return r;
var i = this.t;
r = i - a.t;
if (r != 0) return (this.s < 0) ? -r : r;
while (--i >= 0) if ((r = this[i] - a[i]) != 0) return r;
return 0;
}
// returns bit length of the integer x
function nbits(x) {
var r = 1, t;
if ((t = x >>> 16) != 0) {
x = t;
r += 16;
}
if ((t = x >> 8) != 0) {
x = t;
r += 8;
}
if ((t = x >> 4) != 0) {
x = t;
r += 4;
}
if ((t = x >> 2) != 0) {
x = t;
r += 2;
}
if ((t = x >> 1) != 0) {
x = t;
r += 1;
}
return r;
}
// (public) return the number of bits in "this"
function bnBitLength() {
if (this.t <= 0) return 0;
return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM));
}
// (protected) r = this << n*DB
function bnpDLShiftTo(n, r) {
var i;
for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i];
for (i = n - 1; i >= 0; --i) r[i] = 0;
r.t = this.t + n;
r.s = this.s;
}
// (protected) r = this >> n*DB
function bnpDRShiftTo(n, r) {
for (var i = n; i < this.t; ++i) r[i - n] = this[i];
r.t = Math.max(this.t - n, 0);
r.s = this.s;
}
// (protected) r = this << n
function bnpLShiftTo(n, r) {
var bs = n % this.DB;
var cbs = this.DB - bs;
var bm = (1 << cbs) - 1;
var ds = Math.floor(n / this.DB), c = (this.s << bs) & this.DM, i;
for (i = this.t - 1; i >= 0; --i) {
r[i + ds + 1] = (this[i] >> cbs) | c;
c = (this[i] & bm) << bs;
}
for (i = ds - 1; i >= 0; --i) r[i] = 0;
r[ds] = c;
r.t = this.t + ds + 1;
r.s = this.s;
r.clamp();
}
// (protected) r = this >> n
function bnpRShiftTo(n, r) {
r.s = this.s;
var ds = Math.floor(n / this.DB);
if (ds >= this.t) {
r.t = 0;
return;
}
var bs = n % this.DB;
var cbs = this.DB - bs;
var bm = (1 << bs) - 1;
r[0] = this[ds] >> bs;
for (var i = ds + 1; i < this.t; ++i) {
r[i - ds - 1] |= (this[i] & bm) << cbs;
r[i - ds] = this[i] >> bs;
}
if (bs > 0) r[this.t - ds - 1] |= (this.s & bm) << cbs;
r.t = this.t - ds;
r.clamp();
}
// (protected) r = this - a
function bnpSubTo(a, r) {
var i = 0, c = 0, m = Math.min(a.t, this.t);
while (i < m) {
c += this[i] - a[i];
r[i++] = c & this.DM;
c >>= this.DB;
}
if (a.t < this.t) {
c -= a.s;
while (i < this.t) {
c += this[i];
r[i++] = c & this.DM;
c >>= this.DB;
}
c += this.s;
}
else {
c += this.s;
while (i < a.t) {
c -= a[i];
r[i++] = c & this.DM;
c >>= this.DB;
}
c -= a.s;
}
r.s = (c < 0) ? -1 : 0;
if (c < -1) r[i++] = this.DV + c;
else if (c > 0) r[i++] = c;
r.t = i;
r.clamp();
}
// (protected) r = this * a, r != this,a (HAC 14.12)
// "this" should be the larger one if appropriate.
function bnpMultiplyTo(a, r) {
var x = this.abs(), y = a.abs();
var i = x.t;
r.t = i + y.t;
while (--i >= 0) r[i] = 0;
for (i = 0; i < y.t; ++i) r[i + x.t] = x.am(0, y[i], r, i, 0, x.t);
r.s = 0;
r.clamp();
if (this.s != a.s) BigInteger.ZERO.subTo(r, r);
}
// (protected) r = this^2, r != this (HAC 14.16)
function bnpSquareTo(r) {
var x = this.abs();
var i = r.t = 2 * x.t;
while (--i >= 0) r[i] = 0;
for (i = 0; i < x.t - 1; ++i) {
var c = x.am(i, x[i], r, 2 * i, 0, 1);
if ((r[i + x.t] += x.am(i + 1, 2 * x[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) {
r[i + x.t] -= x.DV;
r[i + x.t + 1] = 1;
}
}
if (r.t > 0) r[r.t - 1] += x.am(i, x[i], r, 2 * i, 0, 1);
r.s = 0;
r.clamp();
}
// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
// r != q, this != m. q or r may be null.
function bnpDivRemTo(m, q, r) {
var pm = m.abs();
if (pm.t <= 0) return;
var pt = this.abs();
if (pt.t < pm.t) {
if (q != null) q.fromInt(0);
if (r != null) this.copyTo(r);
return;
}
if (r == null) r = nbi();
var y = nbi(), ts = this.s, ms = m.s;
var nsh = this.DB - nbits(pm[pm.t - 1]); // normalize modulus
if (nsh > 0) {
pm.lShiftTo(nsh, y);
pt.lShiftTo(nsh, r);
}
else {
pm.copyTo(y);
pt.copyTo(r);
}
var ys = y.t;
var y0 = y[ys - 1];
if (y0 == 0) return;
var yt = y0 * (1 << this.F1) + ((ys > 1) ? y[ys - 2] >> this.F2 : 0);
var d1 = this.FV / yt, d2 = (1 << this.F1) / yt, e = 1 << this.F2;
var i = r.t, j = i - ys, t = (q == null) ? nbi() : q;
y.dlShiftTo(j, t);
if (r.compareTo(t) >= 0) {
r[r.t++] = 1;
r.subTo(t, r);
}
BigInteger.ONE.dlShiftTo(ys, t);
t.subTo(y, y); // "negative" y so we can replace sub with am later
while (y.t < ys) y[y.t++] = 0;
while (--j >= 0) {
// Estimate quotient digit
var qd = (r[--i] == y0) ? this.DM : Math.floor(r[i] * d1 + (r[i - 1] + e) * d2);
if ((r[i] += y.am(0, qd, r, j, 0, ys)) < qd) { // Try it out
y.dlShiftTo(j, t);
r.subTo(t, r);
while (r[i] < --qd) r.subTo(t, r);
}
}
if (q != null) {
r.drShiftTo(ys, q);
if (ts != ms) BigInteger.ZERO.subTo(q, q);
}
r.t = ys;
r.clamp();
if (nsh > 0) r.rShiftTo(nsh, r); // Denormalize remainder
if (ts < 0) BigInteger.ZERO.subTo(r, r);
}
// (public) this mod a
function bnMod(a) {
var r = nbi();
this.abs().divRemTo(a, null, r);
if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r);
return r;
}
// Modular reduction using "classic" algorithm
function Classic(m) {
this.m = m;
}
function cConvert(x) {
if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
else return x;
}
function cRevert(x) {
return x;
}
function cReduce(x) {
x.divRemTo(this.m, null, x);
}
function cMulTo(x, y, r) {
x.multiplyTo(y, r);
this.reduce(r);
}
function cSqrTo(x, r) {
x.squareTo(r);
this.reduce(r);
}
Classic.prototype.convert = cConvert;
Classic.prototype.revert = cRevert;
Classic.prototype.reduce = cReduce;
Classic.prototype.mulTo = cMulTo;
Classic.prototype.sqrTo = cSqrTo;
// (protected) return "-1/this % 2^DB"; useful for Mont. reduction
// justification:
// xy == 1 (mod m)
// xy = 1+km
// xy(2-xy) = (1+km)(1-km)
// x[y(2-xy)] = 1-k^2m^2
// x[y(2-xy)] == 1 (mod m^2)
// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
// JS multiply "overflows" differently from C/C++, so care is needed here.
function bnpInvDigit() {
if (this.t < 1) return 0;
var x = this[0];
if ((x & 1) == 0) return 0;
var y = x & 3; // y == 1/x mod 2^2
y = (y * (2 - (x & 0xf) * y)) & 0xf; // y == 1/x mod 2^4
y = (y * (2 - (x & 0xff) * y)) & 0xff; // y == 1/x mod 2^8
y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff; // y == 1/x mod 2^16
// last step - calculate inverse mod DV directly;
// assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
y = (y * (2 - x * y % this.DV)) % this.DV; // y == 1/x mod 2^dbits
// we really want the negative inverse, and -DV < y < DV
return (y > 0) ? this.DV - y : -y;
}
// Montgomery reduction
function Montgomery(m) {
this.m = m;
this.mp = m.invDigit();
this.mpl = this.mp & 0x7fff;
this.mph = this.mp >> 15;
this.um = (1 << (m.DB - 15)) - 1;
this.mt2 = 2 * m.t;
}
// xR mod m
function montConvert(x) {
var r = nbi();
x.abs().dlShiftTo(this.m.t, r);
r.divRemTo(this.m, null, r);
if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r);
return r;
}
// x/R mod m
function montRevert(x) {
var r = nbi();
x.copyTo(r);
this.reduce(r);
return r;
}
// x = x/R mod m (HAC 14.32)
function montReduce(x) {
while (x.t <= this.mt2) // pad x so am has enough room later
x[x.t++] = 0;
for (var i = 0; i < this.m.t; ++i) {
// faster way of calculating u0 = x[i]*mp mod DV
var j = x[i] & 0x7fff;
var u0 = (j * this.mpl + (((j * this.mph + (x[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM;
// use am to combine the multiply-shift-add into one call
j = i + this.m.t;
x[j] += this.m.am(0, u0, x, i, 0, this.m.t);
// propagate carry
while (x[j] >= x.DV) {
x[j] -= x.DV;
x[++j]++;
}
}
x.clamp();
x.drShiftTo(this.m.t, x);
if (x.compareTo(this.m) >= 0) x.subTo(this.m, x);
}
// r = "x^2/R mod m"; x != r
function montSqrTo(x, r) {
x.squareTo(r);
this.reduce(r);
}
// r = "xy/R mod m"; x,y != r
function montMulTo(x, y, r) {
x.multiplyTo(y, r);
this.reduce(r);
}
Montgomery.prototype.convert = montConvert;
Montgomery.prototype.revert = montRevert;
Montgomery.prototype.reduce = montReduce;
Montgomery.prototype.mulTo = montMulTo;
Montgomery.prototype.sqrTo = montSqrTo;
// (protected) true iff this is even
function bnpIsEven() {
return ((this.t > 0) ? (this[0] & 1) : this.s) == 0;
}
// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
function bnpExp(e, z) {
if (e > 0xffffffff || e < 1) return BigInteger.ONE;
var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e) - 1;
g.copyTo(r);
while (--i >= 0) {
z.sqrTo(r, r2);
if ((e & (1 << i)) > 0) z.mulTo(r2, g, r);
else {
var t = r;
r = r2;
r2 = t;
}
}
return z.revert(r);
}
// (public) this^e % m, 0 <= e < 2^32
function bnModPowInt(e, m) {
var z;
if (e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
return this.exp(e, z);
}
// protected
BigInteger.prototype.copyTo = bnpCopyTo;
BigInteger.prototype.fromInt = bnpFromInt;
BigInteger.prototype.fromString = bnpFromString;
BigInteger.prototype.clamp = bnpClamp;
BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
BigInteger.prototype.drShiftTo = bnpDRShiftTo;
BigInteger.prototype.lShiftTo = bnpLShiftTo;
BigInteger.prototype.rShiftTo = bnpRShiftTo;
BigInteger.prototype.subTo = bnpSubTo;
BigInteger.prototype.multiplyTo = bnpMultiplyTo;
BigInteger.prototype.squareTo = bnpSquareTo;
BigInteger.prototype.divRemTo = bnpDivRemTo;
BigInteger.prototype.invDigit = bnpInvDigit;
BigInteger.prototype.isEven = bnpIsEven;
BigInteger.prototype.exp = bnpExp;
// public
BigInteger.prototype.toString = bnToString;
BigInteger.prototype.negate = bnNegate;
BigInteger.prototype.abs = bnAbs;
BigInteger.prototype.compareTo = bnCompareTo;
BigInteger.prototype.bitLength = bnBitLength;
BigInteger.prototype.mod = bnMod;
BigInteger.prototype.modPowInt = bnModPowInt;
// "constants"
BigInteger.ZERO = nbv(0);
BigInteger.ONE = nbv(1);
// Copyright (c) 2005-2009 Tom Wu
// All Rights Reserved.
// See "LICENSE" for details.
// Extended JavaScript BN functions, required for RSA private ops.
// Version 1.1: new BigInteger("0", 10) returns "proper" zero
// Version 1.2: square() API, isProbablePrime fix
// (public)
function bnClone() {
var r = nbi();
this.copyTo(r);
return r;
}
// (public) return value as integer
function bnIntValue() {
if (this.s < 0) {
if (this.t == 1) return this[0] - this.DV;
else if (this.t == 0) return -1;
}
else if (this.t == 1) return this[0];
else if (this.t == 0) return 0;
// assumes 16 < DB < 32
return ((this[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this[0];
}
// (public) return value as byte
function bnByteValue() {
return (this.t == 0) ? this.s : (this[0] << 24) >> 24;
}
// (public) return value as short (assumes DB>=16)
function bnShortValue() {
return (this.t == 0) ? this.s : (this[0] << 16) >> 16;
}
// (protected) return x s.t. r^x < DV
function bnpChunkSize(r) {
return Math.floor(Math.LN2 * this.DB / Math.log(r));
}
// (public) 0 if this == 0, 1 if this > 0
function bnSigNum() {
if (this.s < 0) return -1;
else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0;
else return 1;
}
// (protected) convert to radix string
function bnpToRadix(b) {
if (b == null) b = 10;
if (this.signum() == 0 || b < 2 || b > 36) return "0";
var cs = this.chunkSize(b);
var a = Math.pow(b, cs);
var d = nbv(a), y = nbi(), z = nbi(), r = "";
this.divRemTo(d, y, z);
while (y.signum() > 0) {
r = (a + z.intValue()).toString(b).substr(1) + r;
y.divRemTo(d, y, z);
}
return z.intValue().toString(b) + r;
}
// (protected) convert from radix string
function bnpFromRadix(s, b) {
this.fromInt(0);
if (b == null) b = 10;
var cs = this.chunkSize(b);
var d = Math.pow(b, cs), mi = false, j = 0, w = 0;
for (var i = 0; i < s.length; ++i) {
var x = intAt(s, i);
if (x < 0) {
if (s.charAt(i) == "-" && this.signum() == 0) mi = true;
continue;
}
w = b * w + x;
if (++j >= cs) {
this.dMultiply(d);
this.dAddOffset(w, 0);
j = 0;
w = 0;
}
}
if (j > 0) {
this.dMultiply(Math.pow(b, j));
this.dAddOffset(w, 0);
}
if (mi) BigInteger.ZERO.subTo(this, this);
}
// (protected) alternate constructor
function bnpFromNumber(a, b, c) {
if ("number" == typeof b) {
// new BigInteger(int,int,RNG)
if (a < 2) this.fromInt(1);
else {
this.fromNumber(a, c);
if (!this.testBit(a - 1)) // force MSB set
this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this);
if (this.isEven()) this.dAddOffset(1, 0); // force odd
while (!this.isProbablePrime(b)) {
this.dAddOffset(2, 0);
if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this);
}
}
}
else {
// new BigInteger(int,RNG)
var x = new Array(), t = a & 7;
x.length = (a >> 3) + 1;
b.nextBytes(x);
if (t > 0) x[0] &= ((1 << t) - 1); else x[0] = 0;
this.fromString(x, 256);
}
}
// (public) convert to bigendian byte array
function bnToByteArray() {
var i = this.t, r = new Array();
r[0] = this.s;
var p = this.DB - (i * this.DB) % 8, d, k = 0;
if (i-- > 0) {
if (p < this.DB && (d = this[i] >> p) != (this.s & this.DM) >> p)
r[k++] = d | (this.s << (this.DB - p));
while (i >= 0) {
if (p < 8) {
d = (this[i] & ((1 << p) - 1)) << (8 - p);
d |= this[--i] >> (p += this.DB - 8);
}
else {
d = (this[i] >> (p -= 8)) & 0xff;
if (p <= 0) {
p += this.DB;
--i;
}
}
if ((d & 0x80) != 0) d |= -256;
if (k == 0 && (this.s & 0x80) != (d & 0x80)) ++k;
if (k > 0 || d != this.s) r[k++] = d;
}
}
return r;
}
function bnEquals(a) {
return (this.compareTo(a) == 0);
}
function bnMin(a) {
return (this.compareTo(a) < 0) ? this : a;
}
function bnMax(a) {
return (this.compareTo(a) > 0) ? this : a;
}
// (protected) r = this op a (bitwise)
function bnpBitwiseTo(a, op, r) {
var i, f, m = Math.min(a.t, this.t);
for (i = 0; i < m; ++i) r[i] = op(this[i], a[i]);
if (a.t < this.t) {
f = a.s & this.DM;
for (i = m; i < this.t; ++i) r[i] = op(this[i], f);
r.t = this.t;
}
else {
f = this.s & this.DM;
for (i = m; i < a.t; ++i) r[i] = op(f, a[i]);
r.t = a.t;
}
r.s = op(this.s, a.s);
r.clamp();
}
// (public) this & a
function op_and(x, y) {
return x & y;
}
function bnAnd(a) {
var r = nbi();
this.bitwiseTo(a, op_and, r);
return r;
}
// (public) this | a
function op_or(x, y) {
return x | y;
}
function bnOr(a) {
var r = nbi();
this.bitwiseTo(a, op_or, r);
return r;
}
// (public) this ^ a
function op_xor(x, y) {
return x ^ y;
}
function bnXor(a) {
var r = nbi();
this.bitwiseTo(a, op_xor, r);
return r;
}
// (public) this & ~a
function op_andnot(x, y) {
return x & ~y;
}
function bnAndNot(a) {
var r = nbi();
this.bitwiseTo(a, op_andnot, r);
return r;
}
// (public) ~this
function bnNot() {
var r = nbi();
for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i];
r.t = this.t;
r.s = ~this.s;
return r;
}
// (public) this << n
function bnShiftLeft(n) {
var r = nbi();
if (n < 0) this.rShiftTo(-n, r); else this.lShiftTo(n, r);
return r;
}
// (public) this >> n
function bnShiftRight(n) {
var r = nbi();
if (n < 0) this.lShiftTo(-n, r); else this.rShiftTo(n, r);
return r;
}
// return index of lowest 1-bit in x, x < 2^31
function lbit(x) {
if (x == 0) return -1;
var r = 0;
if ((x & 0xffff) == 0) {
x >>= 16;
r += 16;
}
if ((x & 0xff) == 0) {
x >>= 8;
r += 8;
}
if ((x & 0xf) == 0) {
x >>= 4;
r += 4;
}
if ((x & 3) == 0) {
x >>= 2;
r += 2;
}
if ((x & 1) == 0) ++r;
return r;
}
// (public) returns index of lowest 1-bit (or -1 if none)
function bnGetLowestSetBit() {
for (var i = 0; i < this.t; ++i)
if (this[i] != 0) return i * this.DB + lbit(this[i]);
if (this.s < 0) return this.t * this.DB;
return -1;
}
// return number of 1 bits in x
function cbit(x) {
var r = 0;
while (x != 0) {
x &= x - 1;
++r;
}
return r;
}
// (public) return number of set bits
function bnBitCount() {
var r = 0, x = this.s & this.DM;
for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x);
return r;
}
// (public) true iff nth bit is set
function bnTestBit(n) {
var j = Math.floor(n / this.DB);
if (j >= this.t) return (this.s != 0);
return ((this[j] & (1 << (n % this.DB))) != 0);
}
// (protected) this op (1<<n)
function bnpChangeBit(n, op) {
var r = BigInteger.ONE.shiftLeft(n);
this.bitwiseTo(r, op, r);
return r;
}
// (public) this | (1<<n)
function bnSetBit(n) {
return this.changeBit(n, op_or);
}
// (public) this & ~(1<<n)
function bnClearBit(n) {
return this.changeBit(n, op_andnot);
}
// (public) this ^ (1<<n)
function bnFlipBit(n) {
return this.changeBit(n, op_xor);
}
// (protected) r = this + a
function bnpAddTo(a, r) {
var i = 0, c = 0, m = Math.min(a.t, this.t);
while (i < m) {
c += this[i] + a[i];
r[i++] = c & this.DM;
c >>= this.DB;
}
if (a.t < this.t) {
c += a.s;
while (i < this.t) {
c += this[i];
r[i++] = c & this.DM;
c >>= this.DB;
}
c += this.s;
}
else {
c += this.s;
while (i < a.t) {
c += a[i];
r[i++] = c & this.DM;
c >>= this.DB;
}
c += a.s;
}
r.s = (c < 0) ? -1 : 0;
if (c > 0) r[i++] = c;
else if (c < -1) r[i++] = this.DV + c;
r.t = i;
r.clamp();
}
// (public) this + a
function bnAdd(a) {
var r = nbi();
this.addTo(a, r);
return r;
}
// (public) this - a
function bnSubtract(a) {
var r = nbi();
this.subTo(a, r);
return r;
}
// (public) this * a
function bnMultiply(a) {
var r = nbi();
this.multiplyTo(a, r);
return r;
}
// (public) this^2
function bnSquare() {
var r = nbi();
this.squareTo(r);
return r;
}
// (public) this / a
function bnDivide(a) {
var r = nbi();
this.divRemTo(a, r, null);
return r;
}
// (public) this % a
function bnRemainder(a) {
var r = nbi();
this.divRemTo(a, null, r);