!function(e){"object"==typeof exports?module.exports=e():"function"==typeof define&&define.amd?define(e):"undefined"!=typeof window?window.openpgp=e():"undefined"!=typeof global?global.openpgp=e():"undefined"!=typeof self&&(self.openpgp=e())}(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);throw new Error("Cannot find module '"+o+"'")}var f=n[o]={exports:{}};t[o][0].call(f.exports,function(e){var n=t[o][1][e];return s(n?n:e)},f,f.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o 0) { var fn = queue.shift(); fn(); } } }, true); return function nextTick(fn) { queue.push(fn); window.postMessage('process-tick', '*'); }; } return function nextTick(fn) { setTimeout(fn, 0); }; })(); process.title = 'browser'; process.browser = true; process.env = {}; process.argv = []; process.binding = function (name) { throw new Error('process.binding is not supported'); } // TODO(shtylman) process.cwd = function () { return '/' }; process.chdir = function (dir) { throw new Error('process.chdir is not supported'); }; },{}],2:[function(require,module,exports){ "use strict"; var Promise = require("./promise/promise").Promise; var polyfill = require("./promise/polyfill").polyfill; exports.Promise = Promise; exports.polyfill = polyfill; },{"./promise/polyfill":6,"./promise/promise":7}],3:[function(require,module,exports){ "use strict"; /* global toString */ var isArray = require("./utils").isArray; var isFunction = require("./utils").isFunction; /** Returns a promise that is fulfilled when all the given promises have been fulfilled, or rejected if any of them become rejected. The return promise is fulfilled with an array that gives all the values in the order they were passed in the `promises` array argument. Example: ```javascript var promise1 = RSVP.resolve(1); var promise2 = RSVP.resolve(2); var promise3 = RSVP.resolve(3); var promises = [ promise1, promise2, promise3 ]; RSVP.all(promises).then(function(array){ // The array here would be [ 1, 2, 3 ]; }); ``` If any of the `promises` given to `RSVP.all` are rejected, the first promise that is rejected will be given as an argument to the returned promises's rejection handler. For example: Example: ```javascript var promise1 = RSVP.resolve(1); var promise2 = RSVP.reject(new Error("2")); var promise3 = RSVP.reject(new Error("3")); var promises = [ promise1, promise2, promise3 ]; RSVP.all(promises).then(function(array){ // Code here never runs because there are rejected promises! }, function(error) { // error.message === "2" }); ``` @method all @for RSVP @param {Array} promises @param {String} label @return {Promise} promise that is fulfilled when all `promises` have been fulfilled, or rejected if any of them become rejected. */ function all(promises) { /*jshint validthis:true */ var Promise = this; if (!isArray(promises)) { throw new TypeError('You must pass an array to all.'); } return new Promise(function(resolve, reject) { var results = [], remaining = promises.length, promise; if (remaining === 0) { resolve([]); } function resolver(index) { return function(value) { resolveAll(index, value); }; } function resolveAll(index, value) { results[index] = value; if (--remaining === 0) { resolve(results); } } for (var i = 0; i < promises.length; i++) { promise = promises[i]; if (promise && isFunction(promise.then)) { promise.then(resolver(i), reject); } else { resolveAll(i, promise); } } }); } exports.all = all; },{"./utils":11}],4:[function(require,module,exports){ var process=require("__browserify_process"),global=typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {};"use strict"; var browserGlobal = (typeof window !== 'undefined') ? window : {}; var BrowserMutationObserver = browserGlobal.MutationObserver || browserGlobal.WebKitMutationObserver; var local = (typeof global !== 'undefined') ? global : (this === undefined? window:this); // node function useNextTick() { return function() { process.nextTick(flush); }; } function useMutationObserver() { var iterations = 0; var observer = new BrowserMutationObserver(flush); var node = document.createTextNode(''); observer.observe(node, { characterData: true }); return function() { node.data = (iterations = ++iterations % 2); }; } function useSetTimeout() { return function() { local.setTimeout(flush, 1); }; } var queue = []; function flush() { for (var i = 0; i < queue.length; i++) { var tuple = queue[i]; var callback = tuple[0], arg = tuple[1]; callback(arg); } queue = []; } var scheduleFlush; // Decide what async method to use to triggering processing of queued callbacks: if (typeof process !== 'undefined' && {}.toString.call(process) === '[object process]') { scheduleFlush = useNextTick(); } else if (BrowserMutationObserver) { scheduleFlush = useMutationObserver(); } else { scheduleFlush = useSetTimeout(); } function asap(callback, arg) { var length = queue.push([callback, arg]); if (length === 1) { // If length is 1, that means that we need to schedule an async flush. // If additional callbacks are queued before the queue is flushed, they // will be processed by this flush that we are scheduling. scheduleFlush(); } } exports.asap = asap; },{"__browserify_process":1}],5:[function(require,module,exports){ "use strict"; var config = { instrument: false }; function configure(name, value) { if (arguments.length === 2) { config[name] = value; } else { return config[name]; } } exports.config = config; exports.configure = configure; },{}],6:[function(require,module,exports){ var global=typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {};"use strict"; /*global self*/ var RSVPPromise = require("./promise").Promise; var isFunction = require("./utils").isFunction; function polyfill() { var local; if (typeof global !== 'undefined') { local = global; } else if (typeof window !== 'undefined' && window.document) { local = window; } else { local = self; } var es6PromiseSupport = "Promise" in local && // Some of these methods are missing from // Firefox/Chrome experimental implementations "resolve" in local.Promise && "reject" in local.Promise && "all" in local.Promise && "race" in local.Promise && // Older version of the spec had a resolver object // as the arg rather than a function (function() { var resolve; new local.Promise(function(r) { resolve = r; }); return isFunction(resolve); }()); if (!es6PromiseSupport) { local.Promise = RSVPPromise; } } exports.polyfill = polyfill; },{"./promise":7,"./utils":11}],7:[function(require,module,exports){ "use strict"; var config = require("./config").config; var configure = require("./config").configure; var objectOrFunction = require("./utils").objectOrFunction; var isFunction = require("./utils").isFunction; var now = require("./utils").now; var all = require("./all").all; var race = require("./race").race; var staticResolve = require("./resolve").resolve; var staticReject = require("./reject").reject; var asap = require("./asap").asap; var counter = 0; config.async = asap; // default async is asap; function Promise(resolver) { if (!isFunction(resolver)) { throw new TypeError('You must pass a resolver function as the first argument to the promise constructor'); } if (!(this instanceof Promise)) { throw new TypeError("Failed to construct 'Promise': Please use the 'new' operator, this object constructor cannot be called as a function."); } this._subscribers = []; invokeResolver(resolver, this); } function invokeResolver(resolver, promise) { function resolvePromise(value) { resolve(promise, value); } function rejectPromise(reason) { reject(promise, reason); } try { resolver(resolvePromise, rejectPromise); } catch(e) { rejectPromise(e); } } function invokeCallback(settled, promise, callback, detail) { var hasCallback = isFunction(callback), value, error, succeeded, failed; if (hasCallback) { try { value = callback(detail); succeeded = true; } catch(e) { failed = true; error = e; } } else { value = detail; succeeded = true; } if (handleThenable(promise, value)) { return; } else if (hasCallback && succeeded) { resolve(promise, value); } else if (failed) { reject(promise, error); } else if (settled === FULFILLED) { resolve(promise, value); } else if (settled === REJECTED) { reject(promise, value); } } var PENDING = void 0; var SEALED = 0; var FULFILLED = 1; var REJECTED = 2; function subscribe(parent, child, onFulfillment, onRejection) { var subscribers = parent._subscribers; var length = subscribers.length; subscribers[length] = child; subscribers[length + FULFILLED] = onFulfillment; subscribers[length + REJECTED] = onRejection; } function publish(promise, settled) { var child, callback, subscribers = promise._subscribers, detail = promise._detail; for (var i = 0; i < subscribers.length; i += 3) { child = subscribers[i]; callback = subscribers[i + settled]; invokeCallback(settled, child, callback, detail); } promise._subscribers = null; } Promise.prototype = { constructor: Promise, _state: undefined, _detail: undefined, _subscribers: undefined, then: function(onFulfillment, onRejection) { var promise = this; var thenPromise = new this.constructor(function() {}); if (this._state) { var callbacks = arguments; config.async(function invokePromiseCallback() { invokeCallback(promise._state, thenPromise, callbacks[promise._state - 1], promise._detail); }); } else { subscribe(this, thenPromise, onFulfillment, onRejection); } return thenPromise; }, 'catch': function(onRejection) { return this.then(null, onRejection); } }; Promise.all = all; Promise.race = race; Promise.resolve = staticResolve; Promise.reject = staticReject; function handleThenable(promise, value) { var then = null, resolved; try { if (promise === value) { throw new TypeError("A promises callback cannot return that same promise."); } if (objectOrFunction(value)) { then = value.then; if (isFunction(then)) { then.call(value, function(val) { if (resolved) { return true; } resolved = true; if (value !== val) { resolve(promise, val); } else { fulfill(promise, val); } }, function(val) { if (resolved) { return true; } resolved = true; reject(promise, val); }); return true; } } } catch (error) { if (resolved) { return true; } reject(promise, error); return true; } return false; } function resolve(promise, value) { if (promise === value) { fulfill(promise, value); } else if (!handleThenable(promise, value)) { fulfill(promise, value); } } function fulfill(promise, value) { if (promise._state !== PENDING) { return; } promise._state = SEALED; promise._detail = value; config.async(publishFulfillment, promise); } function reject(promise, reason) { if (promise._state !== PENDING) { return; } promise._state = SEALED; promise._detail = reason; config.async(publishRejection, promise); } function publishFulfillment(promise) { publish(promise, promise._state = FULFILLED); } function publishRejection(promise) { publish(promise, promise._state = REJECTED); } exports.Promise = Promise; },{"./all":3,"./asap":4,"./config":5,"./race":8,"./reject":9,"./resolve":10,"./utils":11}],8:[function(require,module,exports){ "use strict"; /* global toString */ var isArray = require("./utils").isArray; /** `RSVP.race` allows you to watch a series of promises and act as soon as the first promise given to the `promises` argument fulfills or rejects. Example: ```javascript var promise1 = new RSVP.Promise(function(resolve, reject){ setTimeout(function(){ resolve("promise 1"); }, 200); }); var promise2 = new RSVP.Promise(function(resolve, reject){ setTimeout(function(){ resolve("promise 2"); }, 100); }); RSVP.race([promise1, promise2]).then(function(result){ // result === "promise 2" because it was resolved before promise1 // was resolved. }); ``` `RSVP.race` is deterministic in that only the state of the first completed promise matters. For example, even if other promises given to the `promises` array argument are resolved, but the first completed promise has become rejected before the other promises became fulfilled, the returned promise will become rejected: ```javascript var promise1 = new RSVP.Promise(function(resolve, reject){ setTimeout(function(){ resolve("promise 1"); }, 200); }); var promise2 = new RSVP.Promise(function(resolve, reject){ setTimeout(function(){ reject(new Error("promise 2")); }, 100); }); RSVP.race([promise1, promise2]).then(function(result){ // Code here never runs because there are rejected promises! }, function(reason){ // reason.message === "promise2" because promise 2 became rejected before // promise 1 became fulfilled }); ``` @method race @for RSVP @param {Array} promises array of promises to observe @param {String} label optional string for describing the promise returned. Useful for tooling. @return {Promise} a promise that becomes fulfilled with the value the first completed promises is resolved with if the first completed promise was fulfilled, or rejected with the reason that the first completed promise was rejected with. */ function race(promises) { /*jshint validthis:true */ var Promise = this; if (!isArray(promises)) { throw new TypeError('You must pass an array to race.'); } return new Promise(function(resolve, reject) { var results = [], promise; for (var i = 0; i < promises.length; i++) { promise = promises[i]; if (promise && typeof promise.then === 'function') { promise.then(resolve, reject); } else { resolve(promise); } } }); } exports.race = race; },{"./utils":11}],9:[function(require,module,exports){ "use strict"; /** `RSVP.reject` returns a promise that will become rejected with the passed `reason`. `RSVP.reject` is essentially shorthand for the following: ```javascript var promise = new RSVP.Promise(function(resolve, reject){ reject(new Error('WHOOPS')); }); promise.then(function(value){ // Code here doesn't run because the promise is rejected! }, function(reason){ // reason.message === 'WHOOPS' }); ``` Instead of writing the above, your code now simply becomes the following: ```javascript var promise = RSVP.reject(new Error('WHOOPS')); promise.then(function(value){ // Code here doesn't run because the promise is rejected! }, function(reason){ // reason.message === 'WHOOPS' }); ``` @method reject @for RSVP @param {Any} reason value that the returned promise will be rejected with. @param {String} label optional string for identifying the returned promise. Useful for tooling. @return {Promise} a promise that will become rejected with the given `reason`. */ function reject(reason) { /*jshint validthis:true */ var Promise = this; return new Promise(function (resolve, reject) { reject(reason); }); } exports.reject = reject; },{}],10:[function(require,module,exports){ "use strict"; function resolve(value) { /*jshint validthis:true */ if (value && typeof value === 'object' && value.constructor === this) { return value; } var Promise = this; return new Promise(function(resolve) { resolve(value); }); } exports.resolve = resolve; },{}],11:[function(require,module,exports){ "use strict"; function objectOrFunction(x) { return isFunction(x) || (typeof x === "object" && x !== null); } function isFunction(x) { return typeof x === "function"; } function isArray(x) { return Object.prototype.toString.call(x) === "[object Array]"; } // Date.now is not available in browsers < IE9 // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now#Compatibility var now = Date.now || function() { return new Date().getTime(); }; exports.objectOrFunction = objectOrFunction; exports.isFunction = isFunction; exports.isArray = isArray; exports.now = now; },{}],12:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires config * @requires encoding/armor * @requires enums * @requires packet * @module cleartext */ 'use strict'; var config = require('./config'), packet = require('./packet'), enums = require('./enums.js'), armor = require('./encoding/armor.js'); /** * @class * @classdesc Class that represents an OpenPGP cleartext signed message. * See {@link http://tools.ietf.org/html/rfc4880#section-7} * @param {String} text The cleartext of the signed message * @param {module:packet/packetlist} packetlist The packetlist with signature packets or undefined * if message not yet signed */ function CleartextMessage(text, packetlist) { if (!(this instanceof CleartextMessage)) { return new CleartextMessage(text, packetlist); } // normalize EOL to canonical form this.text = text.replace(/\r/g, '').replace(/[\t ]+\n/g, "\n").replace(/\n/g,"\r\n"); this.packets = packetlist || new packet.List(); } /** * Returns the key IDs of the keys that signed the cleartext message * @return {Array} array of keyid objects */ CleartextMessage.prototype.getSigningKeyIds = function() { var keyIds = []; var signatureList = this.packets.filterByTag(enums.packet.signature); signatureList.forEach(function(packet) { keyIds.push(packet.issuerKeyId); }); return keyIds; }; /** * Sign the cleartext message * @param {Array} privateKeys private keys with decrypted secret key data for signing */ CleartextMessage.prototype.sign = function(privateKeys) { var packetlist = new packet.List(); var literalDataPacket = new packet.Literal(); literalDataPacket.setText(this.text); for (var i = 0; i < privateKeys.length; i++) { if (privateKeys[i].isPublic()) { throw new Error('Need private key for signing'); } var signaturePacket = new packet.Signature(); signaturePacket.signatureType = enums.signature.text; signaturePacket.hashAlgorithm = config.prefer_hash_algorithm; var signingKeyPacket = privateKeys[i].getSigningKeyPacket(); signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; if (!signingKeyPacket.isDecrypted) throw new Error('Private key is not decrypted.'); signaturePacket.sign(signingKeyPacket, literalDataPacket); packetlist.push(signaturePacket); } this.packets = packetlist; }; /** * Verify signatures of cleartext signed message * @param {Array} keys array of keys to verify signatures * @return {Array<{keyid: module:type/keyid, valid: Boolean}>} list of signer's keyid and validity of signature */ CleartextMessage.prototype.verify = function(keys) { var result = []; var signatureList = this.packets.filterByTag(enums.packet.signature); var literalDataPacket = new packet.Literal(); // we assume that cleartext signature is generated based on UTF8 cleartext literalDataPacket.setText(this.text); for (var i = 0; i < signatureList.length; i++) { var keyPacket = null; for (var j = 0; j < keys.length; j++) { keyPacket = keys[j].getSigningKeyPacket(signatureList[i].issuerKeyId); if (keyPacket) { break; } } var verifiedSig = {}; if (keyPacket) { verifiedSig.keyid = signatureList[i].issuerKeyId; verifiedSig.valid = signatureList[i].verify(keyPacket, literalDataPacket); } else { verifiedSig.keyid = signatureList[i].issuerKeyId; verifiedSig.valid = null; } result.push(verifiedSig); } return result; }; /** * Get cleartext * @return {String} cleartext of message */ CleartextMessage.prototype.getText = function() { // normalize end of line to \n return this.text.replace(/\r\n/g,"\n"); }; /** * Returns ASCII armored text of cleartext signed message * @return {String} ASCII armor */ CleartextMessage.prototype.armor = function() { var body = { hash: enums.read(enums.hash, config.prefer_hash_algorithm).toUpperCase(), text: this.text, data: this.packets.write() }; return armor.encode(enums.armor.signed, body); }; /** * reads an OpenPGP cleartext signed message and returns a CleartextMessage object * @param {String} armoredText text to be parsed * @return {module:cleartext~CleartextMessage} new cleartext message object * @static */ function readArmored(armoredText) { var input = armor.decode(armoredText); if (input.type !== enums.armor.signed) { throw new Error('No cleartext signed message.'); } var packetlist = new packet.List(); packetlist.read(input.data); verifyHeaders(input.headers, packetlist); var newMessage = new CleartextMessage(input.text, packetlist); return newMessage; } /** * Compare hash algorithm specified in the armor header with signatures * @private * @param {Array} headers Armor headers * @param {module:packet/packetlist} packetlist The packetlist with signature packets */ function verifyHeaders(headers, packetlist) { var checkHashAlgos = function(hashAlgos) { for (var i = 0; i < packetlist.length; i++) { if (packetlist[i].tag === enums.packet.signature && !hashAlgos.some(function(algo) { return packetlist[i].hashAlgorithm === algo; })) { return false; } } return true; } var oneHeader = null; var hashAlgos = []; for (var i = 0; i < headers.length; i++) { oneHeader = headers[i].match(/Hash: (.+)/); // get header value if (oneHeader) { oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace oneHeader = oneHeader.split(','); oneHeader = oneHeader.map(function(hash) { hash = hash.toLowerCase(); try { return enums.write(enums.hash, hash); } catch (e) { throw new Error('Unknown hash algorithm in armor header: ' + hash); } }); hashAlgos = hashAlgos.concat(oneHeader); } else { throw new Error('Only "Hash" header allowed in cleartext signed message'); } } if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); } else if (!checkHashAlgos(hashAlgos)) { throw new Error('Hash algorithm mismatch in armor header and signature'); } } exports.CleartextMessage = CleartextMessage; exports.readArmored = readArmored; },{"./config":17,"./encoding/armor.js":41,"./enums.js":43,"./packet":53}],13:[function(require,module,exports){ /** @license zlib.js 2012 - imaya [ https://github.com/imaya/zlib.js ] The MIT License */(function() {'use strict';var n=void 0,u=!0,aa=this;function ba(e,d){var c=e.split("."),f=aa;!(c[0]in f)&&f.execScript&&f.execScript("var "+c[0]);for(var a;c.length&&(a=c.shift());)!c.length&&d!==n?f[a]=d:f=f[a]?f[a]:f[a]={}};var C="undefined"!==typeof Uint8Array&&"undefined"!==typeof Uint16Array&&"undefined"!==typeof Uint32Array&&"undefined"!==typeof DataView;function K(e,d){this.index="number"===typeof d?d:0;this.d=0;this.buffer=e instanceof(C?Uint8Array:Array)?e:new (C?Uint8Array:Array)(32768);if(2*this.buffer.length<=this.index)throw Error("invalid index");this.buffer.length<=this.index&&ca(this)}function ca(e){var d=e.buffer,c,f=d.length,a=new (C?Uint8Array:Array)(f<<1);if(C)a.set(d);else for(c=0;c>>8&255]<<16|L[e>>>16&255]<<8|L[e>>>24&255])>>32-d:L[e]>>8-d);if(8>d+b)k=k<>d-m-1&1,8===++b&&(b=0,f[a++]=L[k],k=0,a===f.length&&(f=ca(this)));f[a]=k;this.buffer=f;this.d=b;this.index=a};K.prototype.finish=function(){var e=this.buffer,d=this.index,c;0M;++M){for(var R=M,S=R,ha=7,R=R>>>1;R;R>>>=1)S<<=1,S|=R&1,--ha;ga[M]=(S<>>0}var L=ga;function ja(e){this.buffer=new (C?Uint16Array:Array)(2*e);this.length=0}ja.prototype.getParent=function(e){return 2*((e-2)/4|0)};ja.prototype.push=function(e,d){var c,f,a=this.buffer,b;c=this.length;a[this.length++]=d;for(a[this.length++]=e;0a[f])b=a[c],a[c]=a[f],a[f]=b,b=a[c+1],a[c+1]=a[f+1],a[f+1]=b,c=f;else break;return this.length}; ja.prototype.pop=function(){var e,d,c=this.buffer,f,a,b;d=c[0];e=c[1];this.length-=2;c[0]=c[this.length];c[1]=c[this.length+1];for(b=0;;){a=2*b+2;if(a>=this.length)break;a+2c[a]&&(a+=2);if(c[a]>c[b])f=c[b],c[b]=c[a],c[a]=f,f=c[b+1],c[b+1]=c[a+1],c[a+1]=f;else break;b=a}return{index:e,value:d,length:this.length}};function ka(e,d){this.e=ma;this.f=0;this.input=C&&e instanceof Array?new Uint8Array(e):e;this.c=0;d&&(d.lazy&&(this.f=d.lazy),"number"===typeof d.compressionType&&(this.e=d.compressionType),d.outputBuffer&&(this.b=C&&d.outputBuffer instanceof Array?new Uint8Array(d.outputBuffer):d.outputBuffer),"number"===typeof d.outputIndex&&(this.c=d.outputIndex));this.b||(this.b=new (C?Uint8Array:Array)(32768))}var ma=2,T=[],U; for(U=0;288>U;U++)switch(u){case 143>=U:T.push([U+48,8]);break;case 255>=U:T.push([U-144+400,9]);break;case 279>=U:T.push([U-256+0,7]);break;case 287>=U:T.push([U-280+192,8]);break;default:throw"invalid literal: "+U;} ka.prototype.h=function(){var e,d,c,f,a=this.input;switch(this.e){case 0:c=0;for(f=a.length;c>>8&255;l[h++]=p&255;l[h++]=p>>>8&255;if(C)l.set(b,h),h+=b.length,l=l.subarray(0,h);else{v=0;for(x=b.length;vs)for(;0s?s:138,A>s-3&&A=A?(E[D++]=17,E[D++]=A-3,H[17]++):(E[D++]=18,E[D++]=A-11,H[18]++),s-=A;else if(E[D++]=F[r],H[F[r]]++,s--,3>s)for(;0s?s:6,A>s-3&&Ay;y++)ia[y]=ea[Ia[y]];for(P=19;4=a:return[265,a-11,1];case 14>=a:return[266,a-13,1];case 16>=a:return[267,a-15,1];case 18>=a:return[268,a-17,1];case 22>=a:return[269,a-19,2];case 26>=a:return[270,a-23,2];case 30>=a:return[271,a-27,2];case 34>=a:return[272, a-31,2];case 42>=a:return[273,a-35,3];case 50>=a:return[274,a-43,3];case 58>=a:return[275,a-51,3];case 66>=a:return[276,a-59,3];case 82>=a:return[277,a-67,4];case 98>=a:return[278,a-83,4];case 114>=a:return[279,a-99,4];case 130>=a:return[280,a-115,4];case 162>=a:return[281,a-131,5];case 194>=a:return[282,a-163,5];case 226>=a:return[283,a-195,5];case 257>=a:return[284,a-227,5];case 258===a:return[285,a-258,0];default:throw"invalid length: "+a;}}var d=[],c,f;for(c=3;258>=c;c++)f=e(c),d[c]=f[2]<<24| f[1]<<16|f[0];return d}(),Ga=C?new Uint32Array(Fa):Fa; function na(e,d){function c(a,c){var b=a.g,d=[],f=0,e;e=Ga[a.length];d[f++]=e&65535;d[f++]=e>>16&255;d[f++]=e>>24;var g;switch(u){case 1===b:g=[0,b-1,0];break;case 2===b:g=[1,b-2,0];break;case 3===b:g=[2,b-3,0];break;case 4===b:g=[3,b-4,0];break;case 6>=b:g=[4,b-5,1];break;case 8>=b:g=[5,b-7,1];break;case 12>=b:g=[6,b-9,2];break;case 16>=b:g=[7,b-13,2];break;case 24>=b:g=[8,b-17,3];break;case 32>=b:g=[9,b-25,3];break;case 48>=b:g=[10,b-33,4];break;case 64>=b:g=[11,b-49,4];break;case 96>=b:g=[12,b- 65,5];break;case 128>=b:g=[13,b-97,5];break;case 192>=b:g=[14,b-129,6];break;case 256>=b:g=[15,b-193,6];break;case 384>=b:g=[16,b-257,7];break;case 512>=b:g=[17,b-385,7];break;case 768>=b:g=[18,b-513,8];break;case 1024>=b:g=[19,b-769,8];break;case 1536>=b:g=[20,b-1025,9];break;case 2048>=b:g=[21,b-1537,9];break;case 3072>=b:g=[22,b-2049,10];break;case 4096>=b:g=[23,b-3073,10];break;case 6144>=b:g=[24,b-4097,11];break;case 8192>=b:g=[25,b-6145,11];break;case 12288>=b:g=[26,b-8193,12];break;case 16384>= b:g=[27,b-12289,12];break;case 24576>=b:g=[28,b-16385,13];break;case 32768>=b:g=[29,b-24577,13];break;default:throw"invalid distance";}e=g;d[f++]=e[0];d[f++]=e[1];d[f++]=e[2];var k,m;k=0;for(m=d.length;k=b;)t[b++]=0;for(b=0;29>=b;)w[b++]=0}t[256]=1;f=0;for(a=d.length;f=a){x&&c(x,-1);b=0;for(k=a-f;bk&&d+kb&&(a=f,b=k);if(258===k)break}return new qa(b,d-a)} function oa(e,d){var c=e.length,f=new ja(572),a=new (C?Uint8Array:Array)(c),b,k,m,g,p;if(!C)for(g=0;g2*a[h-1]+b[h]&&(a[h]=2*a[h-1]+b[h]),m[h]=Array(a[h]),g[h]=Array(a[h]);for(l=0;le[l]?(m[h][q]=t,g[h][q]=d,w+=2):(m[h][q]=e[l],g[h][q]=l,++l);p[h]=0;1===b[h]&&f(h)}return k} function pa(e){var d=new (C?Uint16Array:Array)(e.length),c=[],f=[],a=0,b,k,m,g;b=0;for(k=e.length;b>>=1}return d};ba("Zlib.RawDeflate",ka);ba("Zlib.RawDeflate.prototype.compress",ka.prototype.h);var Ka={NONE:0,FIXED:1,DYNAMIC:ma},V,La,$,Ma;if(Object.keys)V=Object.keys(Ka);else for(La in V=[],$=0,Ka)V[$++]=La;$=0;for(Ma=V.length;$a&&(a=b[n]),b[n]>=1;J=g<<16|n;for(s=m;s>>=1;switch(b){case 0:var e=this.input,a=this.d,c=this.b,d=this.a,f=e.length,g=void 0,h=void 0,k=c.length,m=void 0;this.c=this.f=0;if(a+1>=f)throw Error("invalid uncompressed block header: LEN");g=e[a++]|e[a++]<<8;if(a+1>=f)throw Error("invalid uncompressed block header: NLEN");h=e[a++]|e[a++]<<8;if(g===~h)throw Error("invalid uncompressed block header: length verify");if(a+g>e.length)throw Error("input buffer is broken");switch(this.i){case w:for(;d+ g>c.length;){m=k-d;g-=m;if(q)c.set(e.subarray(a,a+m),d),d+=m,a+=m;else for(;m--;)c[d++]=e[a++];this.a=d;c=this.e();d=this.a}break;case v:for(;d+g>c.length;)c=this.e({o:2});break;default:throw Error("invalid inflate mode");}if(q)c.set(e.subarray(a,a+g),d),d+=g,a+=g;else for(;g--;)c[d++]=e[a++];this.d=a;this.a=d;this.b=c;break;case 1:this.j(y,z);break;case 2:A(this);break;default:throw Error("unknown BTYPE: "+b);}}return this.m()}; var B=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],C=q?new Uint16Array(B):B,D=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,258,258],E=q?new Uint16Array(D):D,F=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0],G=q?new Uint8Array(F):F,H=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577],I=q?new Uint16Array(H):H,K=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13, 13],L=q?new Uint8Array(K):K,M=new (q?Uint8Array:Array)(288),N,O;N=0;for(O=M.length;N=N?8:255>=N?9:279>=N?7:8;var y=t(M),P=new (q?Uint8Array:Array)(30),Q,R;Q=0;for(R=P.length;Q=g)throw Error("input buffer is broken");a|=d[f++]<>>e;b.c=c-e;b.d=f;return h} function S(b,e){for(var a=b.f,c=b.c,d=b.input,f=b.d,g=d.length,h=e[0],k=e[1],m,r;c=g);)a|=d[f++]<>>16;b.f=a>>r;b.c=c-r;b.d=f;return m&65535} function A(b){function e(a,b,c){var e,d=this.p,f,g;for(g=0;gf)c>=d&&(this.a=c,a=this.e(),c=this.a),a[c++]=f;else{g=f-257;k=E[g];0=d&&(this.a=c,a=this.e(),c=this.a);for(;k--;)a[c]=a[c++-h]}for(;8<=this.c;)this.c-=8,this.d--;this.a=c}; u.prototype.t=function(b,e){var a=this.b,c=this.a;this.n=b;for(var d=a.length,f,g,h,k;256!==(f=S(this,b));)if(256>f)c>=d&&(a=this.e(),d=a.length),a[c++]=f;else{g=f-257;k=E[g];0d&&(a=this.e(),d=a.length);for(;k--;)a[c]=a[c++-h]}for(;8<=this.c;)this.c-=8,this.d--;this.a=c}; u.prototype.e=function(){var b=new (q?Uint8Array:Array)(this.a-32768),e=this.a-32768,a,c,d=this.b;if(q)b.set(d.subarray(32768,b.length));else{a=0;for(c=b.length;aa;++a)d[a]=d[e+a];this.a=32768;return d}; u.prototype.v=function(b){var e,a=this.input.length/this.d+1|0,c,d,f,g=this.input,h=this.b;b&&("number"===typeof b.o&&(a=b.o),"number"===typeof b.r&&(a+=b.r));2>a?(c=(g.length-this.d)/this.n[2],f=258*(c/2)|0,d=fe&&(this.b.length=e),b=this.b);return this.buffer=b};p("Zlib.RawInflate",u);p("Zlib.RawInflate.prototype.decompress",u.prototype.u);var T={ADAPTIVE:v,BLOCK:w},U,V,W,X;if(Object.keys)U=Object.keys(T);else for(V in U=[],W=0,T)U[W++]=V;W=0;for(X=U.length;W>>8&255]<<16|N[d>>>16&255]<<8|N[d>>>24&255])>>32-a:N[d]>>8-a);if(8>a+f)g=g<>a-h-1&1,8===++f&&(f=0,e[b++]=N[g],g=0,b===e.length&&(e=this.f()));e[b]=g;this.buffer=e;this.i=f;this.index=b};H.prototype.finish=function(){var d=this.buffer,a=this.index,c;0O;++O){for(var P=O,Q=P,ga=7,P=P>>>1;P;P>>>=1)Q<<=1,Q|=P&1,--ga;fa[O]=(Q<>>0}var N=fa;function ha(d){this.buffer=new (F?Uint16Array:Array)(2*d);this.length=0}ha.prototype.getParent=function(d){return 2*((d-2)/4|0)};ha.prototype.push=function(d,a){var c,e,b=this.buffer,f;c=this.length;b[this.length++]=a;for(b[this.length++]=d;0b[e])f=b[c],b[c]=b[e],b[e]=f,f=b[c+1],b[c+1]=b[e+1],b[e+1]=f,c=e;else break;return this.length}; ha.prototype.pop=function(){var d,a,c=this.buffer,e,b,f;a=c[0];d=c[1];this.length-=2;c[0]=c[this.length];c[1]=c[this.length+1];for(f=0;;){b=2*f+2;if(b>=this.length)break;b+2c[b]&&(b+=2);if(c[b]>c[f])e=c[f],c[f]=c[b],c[b]=e,e=c[f+1],c[f+1]=c[b+1],c[b+1]=e;else break;f=b}return{index:d,value:a,length:this.length}};function R(d){var a=d.length,c=0,e=Number.POSITIVE_INFINITY,b,f,g,h,k,n,q,r,p,m;for(r=0;rc&&(c=d[r]),d[r]>=1;m=g<<16|r;for(p=n;pS;S++)switch(x){case 143>=S:oa.push([S+48,8]);break;case 255>=S:oa.push([S-144+400,9]);break;case 279>=S:oa.push([S-256+0,7]);break;case 287>=S:oa.push([S-280+192,8]);break;default:l("invalid literal: "+S)} ia.prototype.j=function(){var d,a,c,e,b=this.input;switch(this.h){case 0:c=0;for(e=b.length;c>>8&255;p[m++]=n&255;p[m++]=n>>>8&255;if(F)p.set(f,m),m+=f.length,p=p.subarray(0,m);else{q=0;for(r=f.length;qu)for(;0< u--;)G[E++]=0,K[0]++;else for(;0u?u:138,B>u-3&&B=B?(G[E++]=17,G[E++]=B-3,K[17]++):(G[E++]=18,G[E++]=B-11,K[18]++),u-=B;else if(G[E++]=I[t],K[I[t]]++,u--,3>u)for(;0u?u:6,B>u-3&&Bz;z++)ra[z]=ka[gb[z]];for(W=19;4=b:return[265,b-11,1];case 14>=b:return[266,b-13,1];case 16>=b:return[267,b-15,1];case 18>=b:return[268,b-17,1];case 22>=b:return[269,b-19,2];case 26>=b:return[270,b-23,2];case 30>=b:return[271,b-27,2];case 34>=b:return[272, b-31,2];case 42>=b:return[273,b-35,3];case 50>=b:return[274,b-43,3];case 58>=b:return[275,b-51,3];case 66>=b:return[276,b-59,3];case 82>=b:return[277,b-67,4];case 98>=b:return[278,b-83,4];case 114>=b:return[279,b-99,4];case 130>=b:return[280,b-115,4];case 162>=b:return[281,b-131,5];case 194>=b:return[282,b-163,5];case 226>=b:return[283,b-195,5];case 257>=b:return[284,b-227,5];case 258===b:return[285,b-258,0];default:l("invalid length: "+b)}}var a=[],c,e;for(c=3;258>=c;c++)e=d(c),a[c]=e[2]<<24|e[1]<< 16|e[0];return a}(),wa=F?new Uint32Array(va):va; function pa(d,a){function c(b,c){var a=b.H,d=[],e=0,f;f=wa[b.length];d[e++]=f&65535;d[e++]=f>>16&255;d[e++]=f>>24;var g;switch(x){case 1===a:g=[0,a-1,0];break;case 2===a:g=[1,a-2,0];break;case 3===a:g=[2,a-3,0];break;case 4===a:g=[3,a-4,0];break;case 6>=a:g=[4,a-5,1];break;case 8>=a:g=[5,a-7,1];break;case 12>=a:g=[6,a-9,2];break;case 16>=a:g=[7,a-13,2];break;case 24>=a:g=[8,a-17,3];break;case 32>=a:g=[9,a-25,3];break;case 48>=a:g=[10,a-33,4];break;case 64>=a:g=[11,a-49,4];break;case 96>=a:g=[12,a- 65,5];break;case 128>=a:g=[13,a-97,5];break;case 192>=a:g=[14,a-129,6];break;case 256>=a:g=[15,a-193,6];break;case 384>=a:g=[16,a-257,7];break;case 512>=a:g=[17,a-385,7];break;case 768>=a:g=[18,a-513,8];break;case 1024>=a:g=[19,a-769,8];break;case 1536>=a:g=[20,a-1025,9];break;case 2048>=a:g=[21,a-1537,9];break;case 3072>=a:g=[22,a-2049,10];break;case 4096>=a:g=[23,a-3073,10];break;case 6144>=a:g=[24,a-4097,11];break;case 8192>=a:g=[25,a-6145,11];break;case 12288>=a:g=[26,a-8193,12];break;case 16384>= a:g=[27,a-12289,12];break;case 24576>=a:g=[28,a-16385,13];break;case 32768>=a:g=[29,a-24577,13];break;default:l("invalid distance")}f=g;d[e++]=f[0];d[e++]=f[1];d[e++]=f[2];var h,k;h=0;for(k=d.length;h=f;)w[f++]=0;for(f=0;29>=f;)y[f++]=0}w[256]=1;e=0;for(b=a.length;e=b){r&&c(r,-1);f=0;for(g=b-e;fg&&a+gf&&(b=e,f=g);if(258===g)break}return new ta(f,a-b)} function qa(d,a){var c=d.length,e=new ha(572),b=new (F?Uint8Array:Array)(c),f,g,h,k,n;if(!F)for(k=0;k2*b[m-1]+f[m]&&(b[m]=2*b[m-1]+f[m]),h[m]=Array(b[m]),k[m]=Array(b[m]);for(p=0;pd[p]?(h[m][s]=w,k[m][s]=a,y+=2):(h[m][s]=d[p],k[m][s]=p,++p);n[m]=0;1===f[m]&&e(m)}return g} function sa(d){var a=new (F?Uint16Array:Array)(d.length),c=[],e=[],b=0,f,g,h,k;f=0;for(g=d.length;f>>=1}return a};function T(d,a){this.l=[];this.m=32768;this.e=this.g=this.c=this.q=0;this.input=F?new Uint8Array(d):d;this.s=!1;this.n=za;this.C=!1;if(a||!(a={}))a.index&&(this.c=a.index),a.bufferSize&&(this.m=a.bufferSize),a.bufferType&&(this.n=a.bufferType),a.resize&&(this.C=a.resize);switch(this.n){case Aa:this.b=32768;this.a=new (F?Uint8Array:Array)(32768+this.m+258);break;case za:this.b=0;this.a=new (F?Uint8Array:Array)(this.m);this.f=this.K;this.t=this.I;this.o=this.J;break;default:l(Error("invalid inflate mode"))}} var Aa=0,za=1,Ba={F:Aa,D:za}; T.prototype.p=function(){for(;!this.s;){var d=Y(this,3);d&1&&(this.s=x);d>>>=1;switch(d){case 0:var a=this.input,c=this.c,e=this.a,b=this.b,f=a.length,g=v,h=v,k=e.length,n=v;this.e=this.g=0;c+1>=f&&l(Error("invalid uncompressed block header: LEN"));g=a[c++]|a[c++]<<8;c+1>=f&&l(Error("invalid uncompressed block header: NLEN"));h=a[c++]|a[c++]<<8;g===~h&&l(Error("invalid uncompressed block header: length verify"));c+g>a.length&&l(Error("input buffer is broken"));switch(this.n){case Aa:for(;b+g>e.length;){n= k-b;g-=n;if(F)e.set(a.subarray(c,c+n),b),b+=n,c+=n;else for(;n--;)e[b++]=a[c++];this.b=b;e=this.f();b=this.b}break;case za:for(;b+g>e.length;)e=this.f({v:2});break;default:l(Error("invalid inflate mode"))}if(F)e.set(a.subarray(c,c+g),b),b+=g,c+=g;else for(;g--;)e[b++]=a[c++];this.c=c;this.b=b;this.a=e;break;case 1:this.o(Ca,Da);break;case 2:Sa(this);break;default:l(Error("unknown BTYPE: "+d))}}return this.t()}; var Ta=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],Ua=F?new Uint16Array(Ta):Ta,Va=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,258,258],Wa=F?new Uint16Array(Va):Va,Xa=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0,0,0],Ya=F?new Uint8Array(Xa):Xa,Za=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577],$a=F?new Uint16Array(Za):Za,ab=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10, 10,11,11,12,12,13,13],bb=F?new Uint8Array(ab):ab,cb=new (F?Uint8Array:Array)(288),Z,db;Z=0;for(db=cb.length;Z=Z?8:255>=Z?9:279>=Z?7:8;var Ca=R(cb),eb=new (F?Uint8Array:Array)(30),fb,hb;fb=0;for(hb=eb.length;fb=g&&l(Error("input buffer is broken")),c|=b[f++]<>>a;d.e=e-a;d.c=f;return h} function ib(d,a){for(var c=d.g,e=d.e,b=d.input,f=d.c,g=b.length,h=a[0],k=a[1],n,q;e=g);)c|=b[f++]<>>16;d.g=c>>q;d.e=e-q;d.c=f;return n&65535} function Sa(d){function a(a,b,c){var d,e=this.z,f,g;for(g=0;gf)e>=b&&(this.b=e,c=this.f(),e=this.b),c[e++]=f;else{g=f-257;k=Wa[g];0=b&&(this.b=e,c=this.f(),e=this.b);for(;k--;)c[e]=c[e++-h]}for(;8<=this.e;)this.e-=8,this.c--;this.b=e}; T.prototype.J=function(d,a){var c=this.a,e=this.b;this.u=d;for(var b=c.length,f,g,h,k;256!==(f=ib(this,d));)if(256>f)e>=b&&(c=this.f(),b=c.length),c[e++]=f;else{g=f-257;k=Wa[g];0b&&(c=this.f(),b=c.length);for(;k--;)c[e]=c[e++-h]}for(;8<=this.e;)this.e-=8,this.c--;this.b=e}; T.prototype.f=function(){var d=new (F?Uint8Array:Array)(this.b-32768),a=this.b-32768,c,e,b=this.a;if(F)d.set(b.subarray(32768,d.length));else{c=0;for(e=d.length;cc;++c)b[c]=b[a+c];this.b=32768;return b}; T.prototype.K=function(d){var a,c=this.input.length/this.c+1|0,e,b,f,g=this.input,h=this.a;d&&("number"===typeof d.v&&(c=d.v),"number"===typeof d.G&&(c+=d.G));2>c?(e=(g.length-this.c)/this.u[2],f=258*(e/2)|0,b=fa&&(this.a.length=a),d=this.a);return this.buffer=d};function jb(d){if("string"===typeof d){var a=d.split(""),c,e;c=0;for(e=a.length;c>>0;d=a}for(var b=1,f=0,g=d.length,h,k=0;0>>0};function kb(d,a){var c,e;this.input=d;this.c=0;if(a||!(a={}))a.index&&(this.c=a.index),a.verify&&(this.N=a.verify);c=d[this.c++];e=d[this.c++];switch(c&15){case lb:this.method=lb;break;default:l(Error("unsupported compression method"))}0!==((c<<8)+e)%31&&l(Error("invalid fcheck flag:"+((c<<8)+e)%31));e&32&&l(Error("fdict flag is not supported"));this.B=new T(d,{index:this.c,bufferSize:a.bufferSize,bufferType:a.bufferType,resize:a.resize})} kb.prototype.p=function(){var d=this.input,a,c;a=this.B.p();this.c=this.B.c;this.N&&(c=(d[this.c++]<<24|d[this.c++]<<16|d[this.c++]<<8|d[this.c++])>>>0,c!==jb(a)&&l(Error("invalid adler-32 checksum")));return a};var lb=8;function mb(d,a){this.input=d;this.a=new (F?Uint8Array:Array)(32768);this.h=$.k;var c={},e;if((a||!(a={}))&&"number"===typeof a.compressionType)this.h=a.compressionType;for(e in a)c[e]=a[e];c.outputBuffer=this.a;this.A=new ia(this.input,c)}var $=na; mb.prototype.j=function(){var d,a,c,e,b,f,g,h=0;g=this.a;d=lb;switch(d){case lb:a=Math.LOG2E*Math.log(32768)-8;break;default:l(Error("invalid compression method"))}c=a<<4|d;g[h++]=c;switch(d){case lb:switch(this.h){case $.NONE:b=0;break;case $.r:b=1;break;case $.k:b=2;break;default:l(Error("unsupported compression type"))}break;default:l(Error("invalid compression method"))}e=b<<6|0;g[h++]=e|31-(256*c+e)%31;f=jb(this.input);this.A.b=h;g=this.A.j();h=g.length;F&&(g=new Uint8Array(g.buffer),g.length<= h+4&&(this.a=new Uint8Array(g.length+4),this.a.set(g),g=this.a),g=g.subarray(0,h+4));g[h++]=f>>24&255;g[h++]=f>>16&255;g[h++]=f>>8&255;g[h++]=f&255;return g};function nb(d,a){var c,e,b,f;if(Object.keys)c=Object.keys(a);else for(e in c=[],b=0,a)c[b++]=e;b=0;for(f=c.length;b block_size * pos) { var encblock = cipherfn.encrypt(util.str2bin(blockc)); blocki = plaintext.substring((pos * block_size), (pos * block_size) + block_size); for (var i = 0; i < blocki.length; i++) { tempBlock += String.fromCharCode(blocki.charCodeAt(i) ^ encblock[i]); } blockc = tempBlock; tempBlock = ''; cyphertext += blockc; pos++; } return cyphertext; }, normalDecrypt: function(cipherfn, key, ciphertext, iv) { cipherfn = new cipher[cipherfn](key); var block_size = cipherfn.blockSize; var blockp = ''; var pos = 0; var plaintext = ''; var offset = 0; var i; if (iv === null) for (i = 0; i < block_size; i++) { blockp += String.fromCharCode(0); } else blockp = iv.substring(0, block_size); while (ciphertext.length > (block_size * pos)) { var decblock = cipherfn.encrypt(util.str2bin(blockp)); blockp = ciphertext.substring((pos * (block_size)) + offset, (pos * (block_size)) + (block_size) + offset); for (i = 0; i < blockp.length; i++) { plaintext += String.fromCharCode(blockp.charCodeAt(i) ^ decblock[i]); } pos++; } return plaintext; } }; },{"../util.js":74,"./cipher":23}],19:[function(require,module,exports){ /* Rijndael (AES) Encryption * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de * version 1.1, check www.haneWIN.de for the latest version * This software is provided as-is, without express or implied warranty. * Permission to use, copy, modify, distribute or sell this software, with or * without fee, for any purpose and by any individual or organization, is hereby * granted, provided that the above copyright notice and this paragraph appear * in all copies. Distribution as a part of an application or binary must * include the above copyright notice in the documentation and/or other * materials provided with the application or distribution. */ /** * @requires util * @module crypto/cipher/aes */ 'use strict'; var util = require('../../util.js'); // The round constants used in subkey expansion var Rcon = new Uint8Array([ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 ]); // Precomputed lookup table for the SBox var S = new Uint8Array([ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22 ]); var T1 = new Uint32Array([ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c ]); var T2 = new Uint32Array([ 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, 0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f, 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, 0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4, 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018, 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12, 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, 0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a ]); var T3 = new Uint32Array([ 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, 0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec, 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, 0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, 0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c, 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808, 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e, 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, 0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16 ]); var T4 = new Uint32Array([ 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, 0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c, 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, 0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e, 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, 0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616 ]); function B0(x) { return (x & 255); } function B1(x) { return ((x >> 8) & 255); } function B2(x) { return ((x >> 16) & 255); } function B3(x) { return ((x >> 24) & 255); } function F1(x0, x1, x2, x3) { return B1(T1[x0 & 255]) | (B1(T1[(x1 >> 8) & 255]) << 8) | (B1(T1[(x2 >> 16) & 255]) << 16) | (B1(T1[x3 >>> 24]) << 24); } function packBytes(octets) { var i, j; var len = octets.length; var b = new Array(len / 4); if (!octets || len % 4) return; for (i = 0, j = 0; j < len; j += 4) { b[i++] = octets[j] | (octets[j + 1] << 8) | (octets[j + 2] << 16) | (octets[j + 3] << 24); } return b; } function unpackBytes(packed) { var j; var i = 0, l = packed.length; var r = new Array(l * 4); for (j = 0; j < l; j++) { r[i++] = B0(packed[j]); r[i++] = B1(packed[j]); r[i++] = B2(packed[j]); r[i++] = B3(packed[j]); } return r; } // ------------------------------------------------ var maxkc = 8; var maxrk = 14; function keyExpansion(key) { var kc, i, j, r, t; var rounds; var keySched = new Array(maxrk + 1); var keylen = key.length; var k = new Array(maxkc); var tk = new Array(maxkc); var rconpointer = 0; if (keylen == 16) { rounds = 10; kc = 4; } else if (keylen == 24) { rounds = 12; kc = 6; } else if (keylen == 32) { rounds = 14; kc = 8; } else { throw new Error('Invalid key-length for AES key:' + keylen); } for (i = 0; i < maxrk + 1; i++) { keySched[i] = new Uint32Array(4); } for (i = 0, j = 0; j < keylen; j++, i += 4) { k[j] = key.charCodeAt(i) | (key.charCodeAt(i + 1) << 8) | (key.charCodeAt(i + 2) << 16) | (key.charCodeAt(i + 3) << 24); } for (j = kc - 1; j >= 0; j--) { tk[j] = k[j]; } r = 0; t = 0; for (j = 0; (j < kc) && (r < rounds + 1);) { for (; (j < kc) && (t < 4); j++, t++) { keySched[r][t] = tk[j]; } if (t == 4) { r++; t = 0; } } while (r < rounds + 1) { var temp = tk[kc - 1]; tk[0] ^= S[B1(temp)] | (S[B2(temp)] << 8) | (S[B3(temp)] << 16) | (S[B0(temp)] << 24); tk[0] ^= Rcon[rconpointer++]; if (kc != 8) { for (j = 1; j < kc; j++) { tk[j] ^= tk[j - 1]; } } else { for (j = 1; j < kc / 2; j++) { tk[j] ^= tk[j - 1]; } temp = tk[kc / 2 - 1]; tk[kc / 2] ^= S[B0(temp)] | (S[B1(temp)] << 8) | (S[B2(temp)] << 16) | (S[B3(temp)] << 24); for (j = kc / 2 + 1; j < kc; j++) { tk[j] ^= tk[j - 1]; } } for (j = 0; (j < kc) && (r < rounds + 1);) { for (; (j < kc) && (t < 4); j++, t++) { keySched[r][t] = tk[j]; } if (t == 4) { r++; t = 0; } } } return { rounds: rounds, rk: keySched }; } function AESencrypt(block, ctx, t) { var r, rounds, b; b = packBytes(block); rounds = ctx.rounds; for (r = 0; r < rounds - 1; r++) { t[0] = b[0] ^ ctx.rk[r][0]; t[1] = b[1] ^ ctx.rk[r][1]; t[2] = b[2] ^ ctx.rk[r][2]; t[3] = b[3] ^ ctx.rk[r][3]; b[0] = T1[t[0] & 255] ^ T2[(t[1] >> 8) & 255] ^ T3[(t[2] >> 16) & 255] ^ T4[t[3] >>> 24]; b[1] = T1[t[1] & 255] ^ T2[(t[2] >> 8) & 255] ^ T3[(t[3] >> 16) & 255] ^ T4[t[0] >>> 24]; b[2] = T1[t[2] & 255] ^ T2[(t[3] >> 8) & 255] ^ T3[(t[0] >> 16) & 255] ^ T4[t[1] >>> 24]; b[3] = T1[t[3] & 255] ^ T2[(t[0] >> 8) & 255] ^ T3[(t[1] >> 16) & 255] ^ T4[t[2] >>> 24]; } // last round is special r = rounds - 1; t[0] = b[0] ^ ctx.rk[r][0]; t[1] = b[1] ^ ctx.rk[r][1]; t[2] = b[2] ^ ctx.rk[r][2]; t[3] = b[3] ^ ctx.rk[r][3]; b[0] = F1(t[0], t[1], t[2], t[3]) ^ ctx.rk[rounds][0]; b[1] = F1(t[1], t[2], t[3], t[0]) ^ ctx.rk[rounds][1]; b[2] = F1(t[2], t[3], t[0], t[1]) ^ ctx.rk[rounds][2]; b[3] = F1(t[3], t[0], t[1], t[2]) ^ ctx.rk[rounds][3]; return unpackBytes(b); } function makeClass(length) { var c = function(key) { this.key = keyExpansion(key); this._temp = new Uint32Array(this.blockSize / 4); this.encrypt = function(block) { return AESencrypt(block, this.key, this._temp); }; }; c.blockSize = c.prototype.blockSize = 16; c.keySize = c.prototype.keySize = length / 8; return c; } module.exports = {}; var types = [128, 192, 256]; for (var i in types) { module.exports[types[i]] = makeClass(types[i]); } },{"../../util.js":74}],20:[function(require,module,exports){ /* Modified by Recurity Labs GmbH * * Originally written by nklein software (nklein.com) */ /** * @module crypto/cipher/blowfish */ /* * Javascript implementation based on Bruce Schneier's reference implementation. * * * The constructor doesn't do much of anything. It's just here * so we can start defining properties and methods and such. */ function Blowfish() {} /* * Declare the block size so that protocols know what size * Initialization Vector (IV) they will need. */ Blowfish.prototype.BLOCKSIZE = 8; /* * These are the default SBOXES. */ Blowfish.prototype.SBOXES = [ [ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a ], [ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 ], [ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 ], [ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 ] ]; //* //* This is the default PARRAY //* Blowfish.prototype.PARRAY = [ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b ]; //* //* This is the number of rounds the cipher will go //* Blowfish.prototype.NN = 16; //* //* This function is needed to get rid of problems //* with the high-bit getting set. If we don't do //* this, then sometimes ( aa & 0x00FFFFFFFF ) is not //* equal to ( bb & 0x00FFFFFFFF ) even when they //* agree bit-for-bit for the first 32 bits. //* Blowfish.prototype._clean = function(xx) { if (xx < 0) { var yy = xx & 0x7FFFFFFF; xx = yy + 0x80000000; } return xx; }; //* //* This is the mixing function that uses the sboxes //* Blowfish.prototype._F = function(xx) { var aa; var bb; var cc; var dd; var yy; dd = xx & 0x00FF; xx >>>= 8; cc = xx & 0x00FF; xx >>>= 8; bb = xx & 0x00FF; xx >>>= 8; aa = xx & 0x00FF; yy = this.sboxes[0][aa] + this.sboxes[1][bb]; yy = yy ^ this.sboxes[2][cc]; yy = yy + this.sboxes[3][dd]; return yy; }; //* //* This method takes an array with two values, left and right //* and does NN rounds of Blowfish on them. //* Blowfish.prototype._encrypt_block = function(vals) { var dataL = vals[0]; var dataR = vals[1]; var ii; for (ii = 0; ii < this.NN; ++ii) { dataL = dataL ^ this.parray[ii]; dataR = this._F(dataL) ^ dataR; var tmp = dataL; dataL = dataR; dataR = tmp; } dataL = dataL ^ this.parray[this.NN + 0]; dataR = dataR ^ this.parray[this.NN + 1]; vals[0] = this._clean(dataR); vals[1] = this._clean(dataL); }; //* //* This method takes a vector of numbers and turns them //* into long words so that they can be processed by the //* real algorithm. //* //* Maybe I should make the real algorithm above take a vector //* instead. That will involve more looping, but it won't require //* the F() method to deconstruct the vector. //* Blowfish.prototype.encrypt_block = function(vector) { var ii; var vals = [0, 0]; var off = this.BLOCKSIZE / 2; for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { vals[0] = (vals[0] << 8) | (vector[ii + 0] & 0x00FF); vals[1] = (vals[1] << 8) | (vector[ii + off] & 0x00FF); } this._encrypt_block(vals); var ret = []; for (ii = 0; ii < this.BLOCKSIZE / 2; ++ii) { ret[ii + 0] = (vals[0] >>> (24 - 8 * (ii)) & 0x00FF); ret[ii + off] = (vals[1] >>> (24 - 8 * (ii)) & 0x00FF); // vals[ 0 ] = ( vals[ 0 ] >>> 8 ); // vals[ 1 ] = ( vals[ 1 ] >>> 8 ); } return ret; }; //* //* This method takes an array with two values, left and right //* and undoes NN rounds of Blowfish on them. //* Blowfish.prototype._decrypt_block = function(vals) { var dataL = vals[0]; var dataR = vals[1]; var ii; for (ii = this.NN + 1; ii > 1; --ii) { dataL = dataL ^ this.parray[ii]; dataR = this._F(dataL) ^ dataR; var tmp = dataL; dataL = dataR; dataR = tmp; } dataL = dataL ^ this.parray[1]; dataR = dataR ^ this.parray[0]; vals[0] = this._clean(dataR); vals[1] = this._clean(dataL); }; //* //* This method takes a key array and initializes the //* sboxes and parray for this encryption. //* Blowfish.prototype.init = function(key) { var ii; var jj = 0; this.parray = []; for (ii = 0; ii < this.NN + 2; ++ii) { var data = 0x00000000; var kk; for (kk = 0; kk < 4; ++kk) { data = (data << 8) | (key[jj] & 0x00FF); if (++jj >= key.length) { jj = 0; } } this.parray[ii] = this.PARRAY[ii] ^ data; } this.sboxes = []; for (ii = 0; ii < 4; ++ii) { this.sboxes[ii] = []; for (jj = 0; jj < 256; ++jj) { this.sboxes[ii][jj] = this.SBOXES[ii][jj]; } } var vals = [0x00000000, 0x00000000]; for (ii = 0; ii < this.NN + 2; ii += 2) { this._encrypt_block(vals); this.parray[ii + 0] = vals[0]; this.parray[ii + 1] = vals[1]; } for (ii = 0; ii < 4; ++ii) { for (jj = 0; jj < 256; jj += 2) { this._encrypt_block(vals); this.sboxes[ii][jj + 0] = vals[0]; this.sboxes[ii][jj + 1] = vals[1]; } } }; var util = require('../../util.js'); // added by Recurity Labs function BFencrypt(block, key) { var bf = new Blowfish(); bf.init(util.str2bin(key)); return bf.encrypt_block(block); } function BF(key) { this.bf = new Blowfish(); this.bf.init(util.str2bin(key)); this.encrypt = function(block) { return this.bf.encrypt_block(block); }; } module.exports = BF; module.exports.keySize = BF.prototype.keySize = 16; module.exports.blockSize = BF.prototype.blockSize = 16; },{"../../util.js":74}],21:[function(require,module,exports){ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. // Copyright 2010 pjacobs@xeekr.com . All rights reserved. // Modified by Recurity Labs GmbH // fixed/modified by Herbert Hanewinkel, www.haneWIN.de // check www.haneWIN.de for the latest version // cast5.js is a Javascript implementation of CAST-128, as defined in RFC 2144. // CAST-128 is a common OpenPGP cipher. // CAST5 constructor /** @module crypto/cipher/cast5 */ function openpgp_symenc_cast5() { this.BlockSize = 8; this.KeySize = 16; this.setKey = function(key) { this.masking = new Array(16); this.rotate = new Array(16); this.reset(); if (key.length == this.KeySize) { this.keySchedule(key); } else { throw new Error('CAST-128: keys must be 16 bytes'); } return true; }; this.reset = function() { for (var i = 0; i < 16; i++) { this.masking[i] = 0; this.rotate[i] = 0; } }; this.getBlockSize = function() { return BlockSize; }; this.encrypt = function(src) { var dst = new Array(src.length); for (var i = 0; i < src.length; i += 8) { var l = src[i] << 24 | src[i + 1] << 16 | src[i + 2] << 8 | src[i + 3]; var r = src[i + 4] << 24 | src[i + 5] << 16 | src[i + 6] << 8 | src[i + 7]; var t; t = r; r = l ^ f1(r, this.masking[0], this.rotate[0]); l = t; t = r; r = l ^ f2(r, this.masking[1], this.rotate[1]); l = t; t = r; r = l ^ f3(r, this.masking[2], this.rotate[2]); l = t; t = r; r = l ^ f1(r, this.masking[3], this.rotate[3]); l = t; t = r; r = l ^ f2(r, this.masking[4], this.rotate[4]); l = t; t = r; r = l ^ f3(r, this.masking[5], this.rotate[5]); l = t; t = r; r = l ^ f1(r, this.masking[6], this.rotate[6]); l = t; t = r; r = l ^ f2(r, this.masking[7], this.rotate[7]); l = t; t = r; r = l ^ f3(r, this.masking[8], this.rotate[8]); l = t; t = r; r = l ^ f1(r, this.masking[9], this.rotate[9]); l = t; t = r; r = l ^ f2(r, this.masking[10], this.rotate[10]); l = t; t = r; r = l ^ f3(r, this.masking[11], this.rotate[11]); l = t; t = r; r = l ^ f1(r, this.masking[12], this.rotate[12]); l = t; t = r; r = l ^ f2(r, this.masking[13], this.rotate[13]); l = t; t = r; r = l ^ f3(r, this.masking[14], this.rotate[14]); l = t; t = r; r = l ^ f1(r, this.masking[15], this.rotate[15]); l = t; dst[i] = (r >>> 24) & 255; dst[i + 1] = (r >>> 16) & 255; dst[i + 2] = (r >>> 8) & 255; dst[i + 3] = r & 255; dst[i + 4] = (l >>> 24) & 255; dst[i + 5] = (l >>> 16) & 255; dst[i + 6] = (l >>> 8) & 255; dst[i + 7] = l & 255; } return dst; }; this.decrypt = function(src) { var dst = new Array(src.length); for (var i = 0; i < src.length; i += 8) { var l = src[i] << 24 | src[i + 1] << 16 | src[i + 2] << 8 | src[i + 3]; var r = src[i + 4] << 24 | src[i + 5] << 16 | src[i + 6] << 8 | src[i + 7]; var t; t = r; r = l ^ f1(r, this.masking[15], this.rotate[15]); l = t; t = r; r = l ^ f3(r, this.masking[14], this.rotate[14]); l = t; t = r; r = l ^ f2(r, this.masking[13], this.rotate[13]); l = t; t = r; r = l ^ f1(r, this.masking[12], this.rotate[12]); l = t; t = r; r = l ^ f3(r, this.masking[11], this.rotate[11]); l = t; t = r; r = l ^ f2(r, this.masking[10], this.rotate[10]); l = t; t = r; r = l ^ f1(r, this.masking[9], this.rotate[9]); l = t; t = r; r = l ^ f3(r, this.masking[8], this.rotate[8]); l = t; t = r; r = l ^ f2(r, this.masking[7], this.rotate[7]); l = t; t = r; r = l ^ f1(r, this.masking[6], this.rotate[6]); l = t; t = r; r = l ^ f3(r, this.masking[5], this.rotate[5]); l = t; t = r; r = l ^ f2(r, this.masking[4], this.rotate[4]); l = t; t = r; r = l ^ f1(r, this.masking[3], this.rotate[3]); l = t; t = r; r = l ^ f3(r, this.masking[2], this.rotate[2]); l = t; t = r; r = l ^ f2(r, this.masking[1], this.rotate[1]); l = t; t = r; r = l ^ f1(r, this.masking[0], this.rotate[0]); l = t; dst[i] = (r >>> 24) & 255; dst[i + 1] = (r >>> 16) & 255; dst[i + 2] = (r >>> 8) & 255; dst[i + 3] = r & 255; dst[i + 4] = (l >>> 24) & 255; dst[i + 5] = (l >> 16) & 255; dst[i + 6] = (l >> 8) & 255; dst[i + 7] = l & 255; } return dst; }; var scheduleA = new Array(4); scheduleA[0] = new Array(4); scheduleA[0][0] = new Array(4, 0, 0xd, 0xf, 0xc, 0xe, 0x8); scheduleA[0][1] = new Array(5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa); scheduleA[0][2] = new Array(6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9); scheduleA[0][3] = new Array(7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb); scheduleA[1] = new Array(4); scheduleA[1][0] = new Array(0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0); scheduleA[1][1] = new Array(1, 4, 0, 2, 1, 3, 16 + 2); scheduleA[1][2] = new Array(2, 5, 7, 6, 5, 4, 16 + 1); scheduleA[1][3] = new Array(3, 7, 0xa, 9, 0xb, 8, 16 + 3); scheduleA[2] = new Array(4); scheduleA[2][0] = new Array(4, 0, 0xd, 0xf, 0xc, 0xe, 8); scheduleA[2][1] = new Array(5, 2, 16 + 0, 16 + 2, 16 + 1, 16 + 3, 0xa); scheduleA[2][2] = new Array(6, 3, 16 + 7, 16 + 6, 16 + 5, 16 + 4, 9); scheduleA[2][3] = new Array(7, 1, 16 + 0xa, 16 + 9, 16 + 0xb, 16 + 8, 0xb); scheduleA[3] = new Array(4); scheduleA[3][0] = new Array(0, 6, 16 + 5, 16 + 7, 16 + 4, 16 + 6, 16 + 0); scheduleA[3][1] = new Array(1, 4, 0, 2, 1, 3, 16 + 2); scheduleA[3][2] = new Array(2, 5, 7, 6, 5, 4, 16 + 1); scheduleA[3][3] = new Array(3, 7, 0xa, 9, 0xb, 8, 16 + 3); var scheduleB = new Array(4); scheduleB[0] = new Array(4); scheduleB[0][0] = new Array(16 + 8, 16 + 9, 16 + 7, 16 + 6, 16 + 2); scheduleB[0][1] = new Array(16 + 0xa, 16 + 0xb, 16 + 5, 16 + 4, 16 + 6); scheduleB[0][2] = new Array(16 + 0xc, 16 + 0xd, 16 + 3, 16 + 2, 16 + 9); scheduleB[0][3] = new Array(16 + 0xe, 16 + 0xf, 16 + 1, 16 + 0, 16 + 0xc); scheduleB[1] = new Array(4); scheduleB[1][0] = new Array(3, 2, 0xc, 0xd, 8); scheduleB[1][1] = new Array(1, 0, 0xe, 0xf, 0xd); scheduleB[1][2] = new Array(7, 6, 8, 9, 3); scheduleB[1][3] = new Array(5, 4, 0xa, 0xb, 7); scheduleB[2] = new Array(4); scheduleB[2][0] = new Array(16 + 3, 16 + 2, 16 + 0xc, 16 + 0xd, 16 + 9); scheduleB[2][1] = new Array(16 + 1, 16 + 0, 16 + 0xe, 16 + 0xf, 16 + 0xc); scheduleB[2][2] = new Array(16 + 7, 16 + 6, 16 + 8, 16 + 9, 16 + 2); scheduleB[2][3] = new Array(16 + 5, 16 + 4, 16 + 0xa, 16 + 0xb, 16 + 6); scheduleB[3] = new Array(4); scheduleB[3][0] = new Array(8, 9, 7, 6, 3); scheduleB[3][1] = new Array(0xa, 0xb, 5, 4, 7); scheduleB[3][2] = new Array(0xc, 0xd, 3, 2, 8); scheduleB[3][3] = new Array(0xe, 0xf, 1, 0, 0xd); // changed 'in' to 'inn' (in javascript 'in' is a reserved word) this.keySchedule = function(inn) { var t = new Array(8); var k = new Array(32); var i, j; for (i = 0; i < 4; i++) { j = i * 4; t[i] = inn[j] << 24 | inn[j + 1] << 16 | inn[j + 2] << 8 | inn[j + 3]; } var x = [6, 7, 4, 5]; var ki = 0; var w; for (var half = 0; half < 2; half++) { for (var round = 0; round < 4; round++) { for (j = 0; j < 4; j++) { var a = scheduleA[round][j]; w = t[a[1]]; w ^= sBox[4][(t[a[2] >>> 2] >>> (24 - 8 * (a[2] & 3))) & 0xff]; w ^= sBox[5][(t[a[3] >>> 2] >>> (24 - 8 * (a[3] & 3))) & 0xff]; w ^= sBox[6][(t[a[4] >>> 2] >>> (24 - 8 * (a[4] & 3))) & 0xff]; w ^= sBox[7][(t[a[5] >>> 2] >>> (24 - 8 * (a[5] & 3))) & 0xff]; w ^= sBox[x[j]][(t[a[6] >>> 2] >>> (24 - 8 * (a[6] & 3))) & 0xff]; t[a[0]] = w; } for (j = 0; j < 4; j++) { var b = scheduleB[round][j]; w = sBox[4][(t[b[0] >>> 2] >>> (24 - 8 * (b[0] & 3))) & 0xff]; w ^= sBox[5][(t[b[1] >>> 2] >>> (24 - 8 * (b[1] & 3))) & 0xff]; w ^= sBox[6][(t[b[2] >>> 2] >>> (24 - 8 * (b[2] & 3))) & 0xff]; w ^= sBox[7][(t[b[3] >>> 2] >>> (24 - 8 * (b[3] & 3))) & 0xff]; w ^= sBox[4 + j][(t[b[4] >>> 2] >>> (24 - 8 * (b[4] & 3))) & 0xff]; k[ki] = w; ki++; } } } for (i = 0; i < 16; i++) { this.masking[i] = k[i]; this.rotate[i] = k[16 + i] & 0x1f; } }; // These are the three 'f' functions. See RFC 2144, section 2.2. function f1(d, m, r) { var t = m + d; var I = (t << r) | (t >>> (32 - r)); return ((sBox[0][I >>> 24] ^ sBox[1][(I >>> 16) & 255]) - sBox[2][(I >>> 8) & 255]) + sBox[3][I & 255]; } function f2(d, m, r) { var t = m ^ d; var I = (t << r) | (t >>> (32 - r)); return ((sBox[0][I >>> 24] - sBox[1][(I >>> 16) & 255]) + sBox[2][(I >>> 8) & 255]) ^ sBox[3][I & 255]; } function f3(d, m, r) { var t = m - d; var I = (t << r) | (t >>> (32 - r)); return ((sBox[0][I >>> 24] + sBox[1][(I >>> 16) & 255]) ^ sBox[2][(I >>> 8) & 255]) - sBox[3][I & 255]; } var sBox = new Array(8); sBox[0] = new Array( 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf); sBox[1] = new Array( 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1); sBox[2] = new Array( 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783); sBox[3] = new Array( 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2); sBox[4] = new Array( 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4); sBox[5] = new Array( 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f); sBox[6] = new Array( 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3); sBox[7] = new Array( 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e); } var util = require('../../util.js'); function cast5(key) { this.cast5 = new openpgp_symenc_cast5(); this.cast5.setKey(util.str2bin(key)); this.encrypt = function(block) { return this.cast5.encrypt(block); }; } module.exports = cast5; module.exports.blockSize = cast5.prototype.blockSize = 8; module.exports.keySize = cast5.prototype.keySize = 16; },{"../../util.js":74}],22:[function(require,module,exports){ //Paul Tero, July 2001 //http://www.tero.co.uk/des/ // //Optimised for performance with large blocks by Michael Hayworth, November 2001 //http://www.netdealing.com // // Modified by Recurity Labs GmbH //THIS SOFTWARE IS PROVIDED "AS IS" AND //ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE //IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE //ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE //FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL //DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS //OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) //HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT //LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY //OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF //SUCH DAMAGE. //des //this takes the key, the message, and whether to encrypt or decrypt /** * @module crypto/cipher/des */ function des(keys, message, encrypt, mode, iv, padding) { //declaring this locally speeds things up a bit var spfunction1 = new Array(0x1010400, 0, 0x10000, 0x1010404, 0x1010004, 0x10404, 0x4, 0x10000, 0x400, 0x1010400, 0x1010404, 0x400, 0x1000404, 0x1010004, 0x1000000, 0x4, 0x404, 0x1000400, 0x1000400, 0x10400, 0x10400, 0x1010000, 0x1010000, 0x1000404, 0x10004, 0x1000004, 0x1000004, 0x10004, 0, 0x404, 0x10404, 0x1000000, 0x10000, 0x1010404, 0x4, 0x1010000, 0x1010400, 0x1000000, 0x1000000, 0x400, 0x1010004, 0x10000, 0x10400, 0x1000004, 0x400, 0x4, 0x1000404, 0x10404, 0x1010404, 0x10004, 0x1010000, 0x1000404, 0x1000004, 0x404, 0x10404, 0x1010400, 0x404, 0x1000400, 0x1000400, 0, 0x10004, 0x10400, 0, 0x1010004); var spfunction2 = new Array(-0x7fef7fe0, -0x7fff8000, 0x8000, 0x108020, 0x100000, 0x20, -0x7fefffe0, -0x7fff7fe0, - 0x7fffffe0, -0x7fef7fe0, -0x7fef8000, -0x80000000, -0x7fff8000, 0x100000, 0x20, -0x7fefffe0, 0x108000, 0x100020, - 0x7fff7fe0, 0, -0x80000000, 0x8000, 0x108020, -0x7ff00000, 0x100020, -0x7fffffe0, 0, 0x108000, 0x8020, -0x7fef8000, - 0x7ff00000, 0x8020, 0, 0x108020, -0x7fefffe0, 0x100000, -0x7fff7fe0, -0x7ff00000, -0x7fef8000, 0x8000, -0x7ff00000, - 0x7fff8000, 0x20, -0x7fef7fe0, 0x108020, 0x20, 0x8000, -0x80000000, 0x8020, -0x7fef8000, 0x100000, -0x7fffffe0, 0x100020, -0x7fff7fe0, -0x7fffffe0, 0x100020, 0x108000, 0, -0x7fff8000, 0x8020, -0x80000000, -0x7fefffe0, - 0x7fef7fe0, 0x108000); var spfunction3 = new Array(0x208, 0x8020200, 0, 0x8020008, 0x8000200, 0, 0x20208, 0x8000200, 0x20008, 0x8000008, 0x8000008, 0x20000, 0x8020208, 0x20008, 0x8020000, 0x208, 0x8000000, 0x8, 0x8020200, 0x200, 0x20200, 0x8020000, 0x8020008, 0x20208, 0x8000208, 0x20200, 0x20000, 0x8000208, 0x8, 0x8020208, 0x200, 0x8000000, 0x8020200, 0x8000000, 0x20008, 0x208, 0x20000, 0x8020200, 0x8000200, 0, 0x200, 0x20008, 0x8020208, 0x8000200, 0x8000008, 0x200, 0, 0x8020008, 0x8000208, 0x20000, 0x8000000, 0x8020208, 0x8, 0x20208, 0x20200, 0x8000008, 0x8020000, 0x8000208, 0x208, 0x8020000, 0x20208, 0x8, 0x8020008, 0x20200); var spfunction4 = new Array(0x802001, 0x2081, 0x2081, 0x80, 0x802080, 0x800081, 0x800001, 0x2001, 0, 0x802000, 0x802000, 0x802081, 0x81, 0, 0x800080, 0x800001, 0x1, 0x2000, 0x800000, 0x802001, 0x80, 0x800000, 0x2001, 0x2080, 0x800081, 0x1, 0x2080, 0x800080, 0x2000, 0x802080, 0x802081, 0x81, 0x800080, 0x800001, 0x802000, 0x802081, 0x81, 0, 0, 0x802000, 0x2080, 0x800080, 0x800081, 0x1, 0x802001, 0x2081, 0x2081, 0x80, 0x802081, 0x81, 0x1, 0x2000, 0x800001, 0x2001, 0x802080, 0x800081, 0x2001, 0x2080, 0x800000, 0x802001, 0x80, 0x800000, 0x2000, 0x802080); var spfunction5 = new Array(0x100, 0x2080100, 0x2080000, 0x42000100, 0x80000, 0x100, 0x40000000, 0x2080000, 0x40080100, 0x80000, 0x2000100, 0x40080100, 0x42000100, 0x42080000, 0x80100, 0x40000000, 0x2000000, 0x40080000, 0x40080000, 0, 0x40000100, 0x42080100, 0x42080100, 0x2000100, 0x42080000, 0x40000100, 0, 0x42000000, 0x2080100, 0x2000000, 0x42000000, 0x80100, 0x80000, 0x42000100, 0x100, 0x2000000, 0x40000000, 0x2080000, 0x42000100, 0x40080100, 0x2000100, 0x40000000, 0x42080000, 0x2080100, 0x40080100, 0x100, 0x2000000, 0x42080000, 0x42080100, 0x80100, 0x42000000, 0x42080100, 0x2080000, 0, 0x40080000, 0x42000000, 0x80100, 0x2000100, 0x40000100, 0x80000, 0, 0x40080000, 0x2080100, 0x40000100); var spfunction6 = new Array(0x20000010, 0x20400000, 0x4000, 0x20404010, 0x20400000, 0x10, 0x20404010, 0x400000, 0x20004000, 0x404010, 0x400000, 0x20000010, 0x400010, 0x20004000, 0x20000000, 0x4010, 0, 0x400010, 0x20004010, 0x4000, 0x404000, 0x20004010, 0x10, 0x20400010, 0x20400010, 0, 0x404010, 0x20404000, 0x4010, 0x404000, 0x20404000, 0x20000000, 0x20004000, 0x10, 0x20400010, 0x404000, 0x20404010, 0x400000, 0x4010, 0x20000010, 0x400000, 0x20004000, 0x20000000, 0x4010, 0x20000010, 0x20404010, 0x404000, 0x20400000, 0x404010, 0x20404000, 0, 0x20400010, 0x10, 0x4000, 0x20400000, 0x404010, 0x4000, 0x400010, 0x20004010, 0, 0x20404000, 0x20000000, 0x400010, 0x20004010); var spfunction7 = new Array(0x200000, 0x4200002, 0x4000802, 0, 0x800, 0x4000802, 0x200802, 0x4200800, 0x4200802, 0x200000, 0, 0x4000002, 0x2, 0x4000000, 0x4200002, 0x802, 0x4000800, 0x200802, 0x200002, 0x4000800, 0x4000002, 0x4200000, 0x4200800, 0x200002, 0x4200000, 0x800, 0x802, 0x4200802, 0x200800, 0x2, 0x4000000, 0x200800, 0x4000000, 0x200800, 0x200000, 0x4000802, 0x4000802, 0x4200002, 0x4200002, 0x2, 0x200002, 0x4000000, 0x4000800, 0x200000, 0x4200800, 0x802, 0x200802, 0x4200800, 0x802, 0x4000002, 0x4200802, 0x4200000, 0x200800, 0, 0x2, 0x4200802, 0, 0x200802, 0x4200000, 0x800, 0x4000002, 0x4000800, 0x800, 0x200002); var spfunction8 = new Array(0x10001040, 0x1000, 0x40000, 0x10041040, 0x10000000, 0x10001040, 0x40, 0x10000000, 0x40040, 0x10040000, 0x10041040, 0x41000, 0x10041000, 0x41040, 0x1000, 0x40, 0x10040000, 0x10000040, 0x10001000, 0x1040, 0x41000, 0x40040, 0x10040040, 0x10041000, 0x1040, 0, 0, 0x10040040, 0x10000040, 0x10001000, 0x41040, 0x40000, 0x41040, 0x40000, 0x10041000, 0x1000, 0x40, 0x10040040, 0x1000, 0x41040, 0x10001000, 0x40, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x40000, 0x10001040, 0, 0x10041040, 0x40040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0, 0x10041040, 0x41000, 0x41000, 0x1040, 0x1040, 0x40040, 0x10000000, 0x10041000); //create the 16 or 48 subkeys we will need var m = 0, i, j, temp, temp2, right1, right2, left, right, looping; var cbcleft, cbcleft2, cbcright, cbcright2; var endloop, loopinc; var len = message.length; var chunk = 0; //set up the loops for single and triple des var iterations = keys.length == 32 ? 3 : 9; //single or triple des if (iterations == 3) { looping = encrypt ? new Array(0, 32, 2) : new Array(30, -2, -2); } else { looping = encrypt ? new Array(0, 32, 2, 62, 30, -2, 64, 96, 2) : new Array(94, 62, -2, 32, 64, 2, 30, -2, -2); } //pad the message depending on the padding parameter //only add padding if encrypting - note that you need to use the same padding option for both encrypt and decrypt if (encrypt) { message = des_addPadding(message, padding); len = message.length; } //store the result here result = ""; tempresult = ""; if (mode == 1) { //CBC mode cbcleft = (iv.charCodeAt(m++) << 24) | (iv.charCodeAt(m++) << 16) | (iv.charCodeAt(m++) << 8) | iv.charCodeAt(m++); cbcright = (iv.charCodeAt(m++) << 24) | (iv.charCodeAt(m++) << 16) | (iv.charCodeAt(m++) << 8) | iv.charCodeAt(m++); m = 0; } //loop through each 64 bit chunk of the message while (m < len) { left = (message.charCodeAt(m++) << 24) | (message.charCodeAt(m++) << 16) | (message.charCodeAt(m++) << 8) | message .charCodeAt(m++); right = (message.charCodeAt(m++) << 24) | (message.charCodeAt(m++) << 16) | (message.charCodeAt(m++) << 8) | message.charCodeAt(m++); //for Cipher Block Chaining mode, xor the message with the previous result if (mode == 1) { if (encrypt) { left ^= cbcleft; right ^= cbcright; } else { cbcleft2 = cbcleft; cbcright2 = cbcright; cbcleft = left; cbcright = right; } } //first each 64 but chunk of the message must be permuted according to IP temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); temp = ((left >>> 16) ^ right) & 0x0000ffff; right ^= temp; left ^= (temp << 16); temp = ((right >>> 2) ^ left) & 0x33333333; left ^= temp; right ^= (temp << 2); temp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= temp; right ^= (temp << 8); temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); left = ((left << 1) | (left >>> 31)); right = ((right << 1) | (right >>> 31)); //do this either 1 or 3 times for each chunk of the message for (j = 0; j < iterations; j += 3) { endloop = looping[j + 1]; loopinc = looping[j + 2]; //now go through and perform the encryption or decryption for (i = looping[j]; i != endloop; i += loopinc) { //for efficiency right1 = right ^ keys[i]; right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; //the result is attained by passing these bytes through the S selection functions temp = left; left = right; right = temp ^ (spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); } temp = left; left = right; right = temp; //unreverse left and right } //for either 1 or 3 iterations //move then each one bit to the right left = ((left >>> 1) | (left << 31)); right = ((right >>> 1) | (right << 31)); //now perform IP-1, which is IP in the opposite direction temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); temp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= temp; right ^= (temp << 8); temp = ((right >>> 2) ^ left) & 0x33333333; left ^= temp; right ^= (temp << 2); temp = ((left >>> 16) ^ right) & 0x0000ffff; right ^= temp; left ^= (temp << 16); temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); //for Cipher Block Chaining mode, xor the message with the previous result if (mode == 1) { if (encrypt) { cbcleft = left; cbcright = right; } else { left ^= cbcleft2; right ^= cbcright2; } } tempresult += String.fromCharCode((left >>> 24), ((left >>> 16) & 0xff), ((left >>> 8) & 0xff), (left & 0xff), ( right >>> 24), ((right >>> 16) & 0xff), ((right >>> 8) & 0xff), (right & 0xff)); chunk += 8; if (chunk == 512) { result += tempresult; tempresult = ""; chunk = 0; } } //for every 8 characters, or 64 bits in the message //return the result as an array result += tempresult; //only remove padding if decrypting - note that you need to use the same padding option for both encrypt and decrypt if (!encrypt) { result = des_removePadding(result, padding); } return result; } //end of des //des_createKeys //this takes as input a 64 bit key (even though only 56 bits are used) //as an array of 2 integers, and returns 16 48 bit keys function des_createKeys(key) { //declaring this locally speeds things up a bit pc2bytes0 = new Array(0, 0x4, 0x20000000, 0x20000004, 0x10000, 0x10004, 0x20010000, 0x20010004, 0x200, 0x204, 0x20000200, 0x20000204, 0x10200, 0x10204, 0x20010200, 0x20010204); pc2bytes1 = new Array(0, 0x1, 0x100000, 0x100001, 0x4000000, 0x4000001, 0x4100000, 0x4100001, 0x100, 0x101, 0x100100, 0x100101, 0x4000100, 0x4000101, 0x4100100, 0x4100101); pc2bytes2 = new Array(0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808, 0, 0x8, 0x800, 0x808, 0x1000000, 0x1000008, 0x1000800, 0x1000808); pc2bytes3 = new Array(0, 0x200000, 0x8000000, 0x8200000, 0x2000, 0x202000, 0x8002000, 0x8202000, 0x20000, 0x220000, 0x8020000, 0x8220000, 0x22000, 0x222000, 0x8022000, 0x8222000); pc2bytes4 = new Array(0, 0x40000, 0x10, 0x40010, 0, 0x40000, 0x10, 0x40010, 0x1000, 0x41000, 0x1010, 0x41010, 0x1000, 0x41000, 0x1010, 0x41010); pc2bytes5 = new Array(0, 0x400, 0x20, 0x420, 0, 0x400, 0x20, 0x420, 0x2000000, 0x2000400, 0x2000020, 0x2000420, 0x2000000, 0x2000400, 0x2000020, 0x2000420); pc2bytes6 = new Array(0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002, 0, 0x10000000, 0x80000, 0x10080000, 0x2, 0x10000002, 0x80002, 0x10080002); pc2bytes7 = new Array(0, 0x10000, 0x800, 0x10800, 0x20000000, 0x20010000, 0x20000800, 0x20010800, 0x20000, 0x30000, 0x20800, 0x30800, 0x20020000, 0x20030000, 0x20020800, 0x20030800); pc2bytes8 = new Array(0, 0x40000, 0, 0x40000, 0x2, 0x40002, 0x2, 0x40002, 0x2000000, 0x2040000, 0x2000000, 0x2040000, 0x2000002, 0x2040002, 0x2000002, 0x2040002); pc2bytes9 = new Array(0, 0x10000000, 0x8, 0x10000008, 0, 0x10000000, 0x8, 0x10000008, 0x400, 0x10000400, 0x408, 0x10000408, 0x400, 0x10000400, 0x408, 0x10000408); pc2bytes10 = new Array(0, 0x20, 0, 0x20, 0x100000, 0x100020, 0x100000, 0x100020, 0x2000, 0x2020, 0x2000, 0x2020, 0x102000, 0x102020, 0x102000, 0x102020); pc2bytes11 = new Array(0, 0x1000000, 0x200, 0x1000200, 0x200000, 0x1200000, 0x200200, 0x1200200, 0x4000000, 0x5000000, 0x4000200, 0x5000200, 0x4200000, 0x5200000, 0x4200200, 0x5200200); pc2bytes12 = new Array(0, 0x1000, 0x8000000, 0x8001000, 0x80000, 0x81000, 0x8080000, 0x8081000, 0x10, 0x1010, 0x8000010, 0x8001010, 0x80010, 0x81010, 0x8080010, 0x8081010); pc2bytes13 = new Array(0, 0x4, 0x100, 0x104, 0, 0x4, 0x100, 0x104, 0x1, 0x5, 0x101, 0x105, 0x1, 0x5, 0x101, 0x105); //how many iterations (1 for des, 3 for triple des) var iterations = key.length > 8 ? 3 : 1; //changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys //stores the return keys var keys = new Array(32 * iterations); //now define the left shifts which need to be done var shifts = new Array(0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0); //other variables var lefttemp, righttemp, m = 0, n = 0, temp; for (var j = 0; j < iterations; j++) { //either 1 or 3 iterations left = (key.charCodeAt(m++) << 24) | (key.charCodeAt(m++) << 16) | (key.charCodeAt(m++) << 8) | key.charCodeAt(m++); right = (key.charCodeAt(m++) << 24) | (key.charCodeAt(m++) << 16) | (key.charCodeAt(m++) << 8) | key.charCodeAt(m++); temp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= temp; left ^= (temp << 4); temp = ((right >>> -16) ^ left) & 0x0000ffff; left ^= temp; right ^= (temp << -16); temp = ((left >>> 2) ^ right) & 0x33333333; right ^= temp; left ^= (temp << 2); temp = ((right >>> -16) ^ left) & 0x0000ffff; left ^= temp; right ^= (temp << -16); temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); temp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= temp; right ^= (temp << 8); temp = ((left >>> 1) ^ right) & 0x55555555; right ^= temp; left ^= (temp << 1); //the right side needs to be shifted and to get the last four bits of the left side temp = (left << 8) | ((right >>> 20) & 0x000000f0); //left needs to be put upside down left = (right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0); right = temp; //now go through and perform these shifts on the left and right keys for (i = 0; i < shifts.length; i++) { //shift the keys either one or two bits to the left if (shifts[i]) { left = (left << 2) | (left >>> 26); right = (right << 2) | (right >>> 26); } else { left = (left << 1) | (left >>> 27); right = (right << 1) | (right >>> 27); } left &= -0xf; right &= -0xf; //now apply PC-2, in such a way that E is easier when encrypting or decrypting //this conversion will look like PC-2 except only the last 6 bits of each byte are used //rather than 48 consecutive bits and the order of lines will be according to //how the S selection functions will be applied: S2, S4, S6, S8, S1, S3, S5, S7 lefttemp = pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[( left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & 0xf]; righttemp = pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | pc2bytes13[(right >>> 4) & 0xf]; temp = ((righttemp >>> 16) ^ lefttemp) & 0x0000ffff; keys[n++] = lefttemp ^ temp; keys[n++] = righttemp ^ (temp << 16); } } //for each iterations //return the keys we've created return keys; } //end of des_createKeys function des_addPadding(message, padding) { var padLength = 8 - (message.length % 8); if ((padding == 2) && (padLength < 8)) { //pad the message with spaces message += " ".substr(0, padLength); } else if (padding == 1) { //PKCS7 padding message += String.fromCharCode(padLength, padLength, padLength, padLength, padLength, padLength, padLength, padLength).substr(0, padLength); } else if (!padding && (padLength < 8)) { //pad the message out with null bytes message += "\0\0\0\0\0\0\0\0".substr(0, padLength); } return message; } function des_removePadding(message, padding) { if (padding == 2) { // space padded message = message.replace(/ *$/g, ""); } else if (padding == 1) { // PKCS7 var padCount = message.charCodeAt(message.length - 1); message = message.substr(0, message.length - padCount); } else if (!padding) { // null padding message = message.replace(/\0*$/g, ""); } return message; } var util = require('../../util.js'); // added by Recurity Labs function Des(key) { this.key = []; for (var i = 0; i < 3; i++) { this.key.push(key.substr(i * 8, 8)); } this.encrypt = function(block) { return util.str2bin(des(des_createKeys(this.key[2]), des(des_createKeys(this.key[1]), des(des_createKeys(this.key[0]), util.bin2str(block), true, 0, null, null), false, 0, null, null), true, 0, null, null)); }; } Des.keySize = Des.prototype.keySize = 24; Des.blockSize = Des.prototype.blockSize = 8; // This is "original" DES - Des is actually Triple DES. // This is only exported so we can unit test. function OriginalDes(key) { this.key = key; this.encrypt = function(block, padding) { var keys = des_createKeys(this.key); return util.str2bin(des(keys, util.bin2str(block), true, 0, null, padding)); }; this.decrypt = function(block, padding) { var keys = des_createKeys(this.key); return util.str2bin(des(keys, util.bin2str(block), false, 0, null, padding)); }; } module.exports = { /** @static */ des: Des, /** @static */ originalDes: OriginalDes }; },{"../../util.js":74}],23:[function(require,module,exports){ /** * @requires crypto/cipher/aes * @requires crypto/cipher/blowfish * @requires crypto/cipher/cast5 * @requires crypto/cipher/twofish * @module crypto/cipher */ var desModule = require('./des.js'); module.exports = { /** @see module:crypto/cipher/des.originalDes */ des: desModule.originalDes, /** @see module:crypto/cipher/des.des */ tripledes: desModule.des, /** @see module:crypto/cipher/cast5 */ cast5: require('./cast5.js'), /** @see module:crypto/cipher/twofish */ twofish: require('./twofish.js'), /** @see module:crypto/cipher/blowfish */ blowfish: require('./blowfish.js'), /** Not implemented */ idea: function() { throw new Error('IDEA symmetric-key algorithm not implemented'); } }; var aes = require('./aes.js'); for (var i in aes) { module.exports['aes' + i] = aes[i]; } },{"./aes.js":19,"./blowfish.js":20,"./cast5.js":21,"./des.js":22,"./twofish.js":24}],24:[function(require,module,exports){ /* Modified by Recurity Labs GmbH * * Cipher.js * A block-cipher algorithm implementation on JavaScript * See Cipher.readme.txt for further information. * * Copyright(c) 2009 Atsushi Oka [ http://oka.nu/ ] * This script file is distributed under the LGPL * * ACKNOWLEDGMENT * * The main subroutines are written by Michiel van Everdingen. * * Michiel van Everdingen * http://home.versatel.nl/MAvanEverdingen/index.html * * All rights for these routines are reserved to Michiel van Everdingen. * */ /** * @module crypto/cipher/twofish */ //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// //Math //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// var MAXINT = 0xFFFFFFFF; function rotw(w, n) { return (w << n | w >>> (32 - n)) & MAXINT; } function getW(a, i) { return a[i] | a[i + 1] << 8 | a[i + 2] << 16 | a[i + 3] << 24; } function setW(a, i, w) { a.splice(i, 4, w & 0xFF, (w >>> 8) & 0xFF, (w >>> 16) & 0xFF, (w >>> 24) & 0xFF); } function setWInv(a, i, w) { a.splice(i, 4, (w >>> 24) & 0xFF, (w >>> 16) & 0xFF, (w >>> 8) & 0xFF, w & 0xFF); } function getB(x, n) { return (x >>> (n * 8)) & 0xFF; } // ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // Twofish // ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// function createTwofish() { // var keyBytes = null; var dataBytes = null; var dataOffset = -1; // var dataLength = -1; var algorithmName = null; // var idx2 = -1; // algorithmName = "twofish"; var tfsKey = []; var tfsM = [ [], [], [], [] ]; function tfsInit(key) { keyBytes = key; var i, a, b, c, d, meKey = [], moKey = [], inKey = []; var kLen; var sKey = []; var f01, f5b, fef; var q0 = [ [8, 1, 7, 13, 6, 15, 3, 2, 0, 11, 5, 9, 14, 12, 10, 4], [2, 8, 11, 13, 15, 7, 6, 14, 3, 1, 9, 4, 0, 10, 12, 5] ]; var q1 = [ [14, 12, 11, 8, 1, 2, 3, 5, 15, 4, 10, 6, 7, 0, 9, 13], [1, 14, 2, 11, 4, 12, 3, 7, 6, 13, 10, 5, 15, 9, 0, 8] ]; var q2 = [ [11, 10, 5, 14, 6, 13, 9, 0, 12, 8, 15, 3, 2, 4, 7, 1], [4, 12, 7, 5, 1, 6, 9, 10, 0, 14, 13, 8, 2, 11, 3, 15] ]; var q3 = [ [13, 7, 15, 4, 1, 2, 6, 14, 9, 11, 3, 0, 8, 5, 12, 10], [11, 9, 5, 1, 12, 3, 13, 14, 6, 4, 7, 15, 2, 0, 8, 10] ]; var ror4 = [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15]; var ashx = [0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, 5, 14, 7]; var q = [ [], [] ]; var m = [ [], [], [], [] ]; function ffm5b(x) { return x ^ (x >> 2) ^ [0, 90, 180, 238][x & 3]; } function ffmEf(x) { return x ^ (x >> 1) ^ (x >> 2) ^ [0, 238, 180, 90][x & 3]; } function mdsRem(p, q) { var i, t, u; for (i = 0; i < 8; i++) { t = q >>> 24; q = ((q << 8) & MAXINT) | p >>> 24; p = (p << 8) & MAXINT; u = t << 1; if (t & 128) { u ^= 333; } q ^= t ^ (u << 16); u ^= t >>> 1; if (t & 1) { u ^= 166; } q ^= u << 24 | u << 8; } return q; } function qp(n, x) { var a, b, c, d; a = x >> 4; b = x & 15; c = q0[n][a ^ b]; d = q1[n][ror4[b] ^ ashx[a]]; return q3[n][ror4[d] ^ ashx[c]] << 4 | q2[n][c ^ d]; } function hFun(x, key) { var a = getB(x, 0), b = getB(x, 1), c = getB(x, 2), d = getB(x, 3); switch (kLen) { case 4: a = q[1][a] ^ getB(key[3], 0); b = q[0][b] ^ getB(key[3], 1); c = q[0][c] ^ getB(key[3], 2); d = q[1][d] ^ getB(key[3], 3); case 3: a = q[1][a] ^ getB(key[2], 0); b = q[1][b] ^ getB(key[2], 1); c = q[0][c] ^ getB(key[2], 2); d = q[0][d] ^ getB(key[2], 3); case 2: a = q[0][q[0][a] ^ getB(key[1], 0)] ^ getB(key[0], 0); b = q[0][q[1][b] ^ getB(key[1], 1)] ^ getB(key[0], 1); c = q[1][q[0][c] ^ getB(key[1], 2)] ^ getB(key[0], 2); d = q[1][q[1][d] ^ getB(key[1], 3)] ^ getB(key[0], 3); } return m[0][a] ^ m[1][b] ^ m[2][c] ^ m[3][d]; } keyBytes = keyBytes.slice(0, 32); i = keyBytes.length; while (i != 16 && i != 24 && i != 32) keyBytes[i++] = 0; for (i = 0; i < keyBytes.length; i += 4) { inKey[i >> 2] = getW(keyBytes, i); } for (i = 0; i < 256; i++) { q[0][i] = qp(0, i); q[1][i] = qp(1, i); } for (i = 0; i < 256; i++) { f01 = q[1][i]; f5b = ffm5b(f01); fef = ffmEf(f01); m[0][i] = f01 + (f5b << 8) + (fef << 16) + (fef << 24); m[2][i] = f5b + (fef << 8) + (f01 << 16) + (fef << 24); f01 = q[0][i]; f5b = ffm5b(f01); fef = ffmEf(f01); m[1][i] = fef + (fef << 8) + (f5b << 16) + (f01 << 24); m[3][i] = f5b + (f01 << 8) + (fef << 16) + (f5b << 24); } kLen = inKey.length / 2; for (i = 0; i < kLen; i++) { a = inKey[i + i]; meKey[i] = a; b = inKey[i + i + 1]; moKey[i] = b; sKey[kLen - i - 1] = mdsRem(a, b); } for (i = 0; i < 40; i += 2) { a = 0x1010101 * i; b = a + 0x1010101; a = hFun(a, meKey); b = rotw(hFun(b, moKey), 8); tfsKey[i] = (a + b) & MAXINT; tfsKey[i + 1] = rotw(a + 2 * b, 9); } for (i = 0; i < 256; i++) { a = b = c = d = i; switch (kLen) { case 4: a = q[1][a] ^ getB(sKey[3], 0); b = q[0][b] ^ getB(sKey[3], 1); c = q[0][c] ^ getB(sKey[3], 2); d = q[1][d] ^ getB(sKey[3], 3); case 3: a = q[1][a] ^ getB(sKey[2], 0); b = q[1][b] ^ getB(sKey[2], 1); c = q[0][c] ^ getB(sKey[2], 2); d = q[0][d] ^ getB(sKey[2], 3); case 2: tfsM[0][i] = m[0][q[0][q[0][a] ^ getB(sKey[1], 0)] ^ getB(sKey[0], 0)]; tfsM[1][i] = m[1][q[0][q[1][b] ^ getB(sKey[1], 1)] ^ getB(sKey[0], 1)]; tfsM[2][i] = m[2][q[1][q[0][c] ^ getB(sKey[1], 2)] ^ getB(sKey[0], 2)]; tfsM[3][i] = m[3][q[1][q[1][d] ^ getB(sKey[1], 3)] ^ getB(sKey[0], 3)]; } } } function tfsG0(x) { return tfsM[0][getB(x, 0)] ^ tfsM[1][getB(x, 1)] ^ tfsM[2][getB(x, 2)] ^ tfsM[3][getB(x, 3)]; } function tfsG1(x) { return tfsM[0][getB(x, 3)] ^ tfsM[1][getB(x, 0)] ^ tfsM[2][getB(x, 1)] ^ tfsM[3][getB(x, 2)]; } function tfsFrnd(r, blk) { var a = tfsG0(blk[0]); var b = tfsG1(blk[1]); blk[2] = rotw(blk[2] ^ (a + b + tfsKey[4 * r + 8]) & MAXINT, 31); blk[3] = rotw(blk[3], 1) ^ (a + 2 * b + tfsKey[4 * r + 9]) & MAXINT; a = tfsG0(blk[2]); b = tfsG1(blk[3]); blk[0] = rotw(blk[0] ^ (a + b + tfsKey[4 * r + 10]) & MAXINT, 31); blk[1] = rotw(blk[1], 1) ^ (a + 2 * b + tfsKey[4 * r + 11]) & MAXINT; } function tfsIrnd(i, blk) { var a = tfsG0(blk[0]); var b = tfsG1(blk[1]); blk[2] = rotw(blk[2], 1) ^ (a + b + tfsKey[4 * i + 10]) & MAXINT; blk[3] = rotw(blk[3] ^ (a + 2 * b + tfsKey[4 * i + 11]) & MAXINT, 31); a = tfsG0(blk[2]); b = tfsG1(blk[3]); blk[0] = rotw(blk[0], 1) ^ (a + b + tfsKey[4 * i + 8]) & MAXINT; blk[1] = rotw(blk[1] ^ (a + 2 * b + tfsKey[4 * i + 9]) & MAXINT, 31); } function tfsClose() { tfsKey = []; tfsM = [ [], [], [], [] ]; } function tfsEncrypt(data, offset) { dataBytes = data; dataOffset = offset; var blk = [getW(dataBytes, dataOffset) ^ tfsKey[0], getW(dataBytes, dataOffset + 4) ^ tfsKey[1], getW(dataBytes, dataOffset + 8) ^ tfsKey[2], getW(dataBytes, dataOffset + 12) ^ tfsKey[3] ]; for (var j = 0; j < 8; j++) { tfsFrnd(j, blk); } setW(dataBytes, dataOffset, blk[2] ^ tfsKey[4]); setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[5]); setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[6]); setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[7]); dataOffset += 16; return dataBytes; } function tfsDecrypt(data, offset) { dataBytes = data; dataOffset = offset; var blk = [getW(dataBytes, dataOffset) ^ tfsKey[4], getW(dataBytes, dataOffset + 4) ^ tfsKey[5], getW(dataBytes, dataOffset + 8) ^ tfsKey[6], getW(dataBytes, dataOffset + 12) ^ tfsKey[7] ]; for (var j = 7; j >= 0; j--) { tfsIrnd(j, blk); } setW(dataBytes, dataOffset, blk[2] ^ tfsKey[0]); setW(dataBytes, dataOffset + 4, blk[3] ^ tfsKey[1]); setW(dataBytes, dataOffset + 8, blk[0] ^ tfsKey[2]); setW(dataBytes, dataOffset + 12, blk[1] ^ tfsKey[3]); dataOffset += 16; } // added by Recurity Labs function tfsFinal() { return dataBytes; } return { name: "twofish", blocksize: 128 / 8, open: tfsInit, close: tfsClose, encrypt: tfsEncrypt, decrypt: tfsDecrypt, // added by Recurity Labs finalize: tfsFinal }; } var util = require('../../util.js'); // added by Recurity Labs function TFencrypt(block, key) { var block_copy = toArray(block); var tf = createTwofish(); tf.open(util.str2bin(key), 0); var result = tf.encrypt(block_copy, 0); tf.close(); return result; } function TF(key) { this.tf = createTwofish(); this.tf.open(util.str2bin(key), 0); this.encrypt = function(block) { return this.tf.encrypt(toArray(block), 0); }; } function toArray(typedArray) { // Array.apply([], typedArray) does not work in PhantomJS 1.9 var result = []; for (var i = 0; i < typedArray.length; i++) { result[i] = typedArray[i]; } return result; } module.exports = TF; module.exports.keySize = TF.prototype.keySize = 32; module.exports.blockSize = TF.prototype.blockSize = 16; },{"../../util.js":74}],25:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA // The GPG4Browsers crypto interface /** * @requires crypto/cipher * @requires crypto/public_key * @requires crypto/random * @requires type/mpi * @module crypto/crypto */ var random = require('./random.js'), cipher = require('./cipher'), publicKey = require('./public_key'), type_mpi = require('../type/mpi.js'); module.exports = { /** * Encrypts data using the specified public key multiprecision integers * and the specified algorithm. * @param {module:enums.publicKey} algo Algorithm to be used (See {@link http://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}) * @param {Array} publicMPIs Algorithm dependent multiprecision integers * @param {module:type/mpi} data Data to be encrypted as MPI * @return {Array} if RSA an module:type/mpi; * if elgamal encryption an array of two module:type/mpi is returned; otherwise null */ publicKeyEncrypt: function(algo, publicMPIs, data) { var result = (function() { var m; switch (algo) { case 'rsa_encrypt': case 'rsa_encrypt_sign': var rsa = new publicKey.rsa(); var n = publicMPIs[0].toBigInteger(); var e = publicMPIs[1].toBigInteger(); m = data.toBigInteger(); return [rsa.encrypt(m, e, n)]; case 'elgamal': var elgamal = new publicKey.elgamal(); var p = publicMPIs[0].toBigInteger(); var g = publicMPIs[1].toBigInteger(); var y = publicMPIs[2].toBigInteger(); m = data.toBigInteger(); return elgamal.encrypt(m, g, p, y); default: return []; } })(); return result.map(function(bn) { var mpi = new type_mpi(); mpi.fromBigInteger(bn); return mpi; }); }, /** * Decrypts data using the specified public key multiprecision integers of the private key, * the specified secretMPIs of the private key and the specified algorithm. * @param {module:enums.publicKey} algo Algorithm to be used (See {@link http://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}) * @param {Array} publicMPIs Algorithm dependent multiprecision integers * of the public key part of the private key * @param {Array} secretMPIs Algorithm dependent multiprecision integers * of the private key used * @param {module:type/mpi} data Data to be encrypted as MPI * @return {module:type/mpi} returns a big integer containing the decrypted data; otherwise null */ publicKeyDecrypt: function(algo, keyIntegers, dataIntegers) { var p; var bn = (function() { switch (algo) { case 'rsa_encrypt_sign': case 'rsa_encrypt': var rsa = new publicKey.rsa(); // 0 and 1 are the public key. var n = keyIntegers[0].toBigInteger(); var e = keyIntegers[1].toBigInteger(); // 2 to 5 are the private key. var d = keyIntegers[2].toBigInteger(); p = keyIntegers[3].toBigInteger(); var q = keyIntegers[4].toBigInteger(); var u = keyIntegers[5].toBigInteger(); var m = dataIntegers[0].toBigInteger(); return rsa.decrypt(m, n, e, d, p, q, u); case 'elgamal': var elgamal = new publicKey.elgamal(); var x = keyIntegers[3].toBigInteger(); var c1 = dataIntegers[0].toBigInteger(); var c2 = dataIntegers[1].toBigInteger(); p = keyIntegers[0].toBigInteger(); return elgamal.decrypt(c1, c2, p, x); default: return null; } })(); var result = new type_mpi(); result.fromBigInteger(bn); return result; }, /** Returns the number of integers comprising the private key of an algorithm * @param {String} algo The public key algorithm * @return {Integer} The number of integers. */ getPrivateMpiCount: function(algo) { switch (algo) { case 'rsa_encrypt': case 'rsa_encrypt_sign': case 'rsa_sign': // Algorithm-Specific Fields for RSA secret keys: // - multiprecision integer (MPI) of RSA secret exponent d. // - MPI of RSA secret prime value p. // - MPI of RSA secret prime value q (p < q). // - MPI of u, the multiplicative inverse of p, mod q. return 4; case 'elgamal': // Algorithm-Specific Fields for Elgamal secret keys: // - MPI of Elgamal secret exponent x. return 1; case 'dsa': // Algorithm-Specific Fields for DSA secret keys: // - MPI of DSA secret exponent x. return 1; default: throw new Error('Unknown algorithm'); } }, getPublicMpiCount: function(algo) { // - A series of multiprecision integers comprising the key material: // Algorithm-Specific Fields for RSA public keys: // - a multiprecision integer (MPI) of RSA public modulus n; // - an MPI of RSA public encryption exponent e. switch (algo) { case 'rsa_encrypt': case 'rsa_encrypt_sign': case 'rsa_sign': return 2; // Algorithm-Specific Fields for Elgamal public keys: // - MPI of Elgamal prime p; // - MPI of Elgamal group generator g; // - MPI of Elgamal public key value y (= g**x mod p where x is secret). case 'elgamal': return 3; // Algorithm-Specific Fields for DSA public keys: // - MPI of DSA prime p; // - MPI of DSA group order q (q is a prime divisor of p-1); // - MPI of DSA group generator g; // - MPI of DSA public-key value y (= g**x mod p where x is secret). case 'dsa': return 4; default: throw new Error('Unknown algorithm.'); } }, generateMpi: function(algo, bits) { switch (algo) { case 'rsa_encrypt': case 'rsa_encrypt_sign': case 'rsa_sign': //remember "publicKey" refers to the crypto/public_key dir var rsa = new publicKey.rsa(); return rsa.generate(bits, "10001").then(function(keyObject) { var output = []; output.push(keyObject.n); output.push(keyObject.ee); output.push(keyObject.d); output.push(keyObject.p); output.push(keyObject.q); output.push(keyObject.u); return mapResult(output); }); default: throw new Error('Unsupported algorithm for key generation.'); } function mapResult(result) { return result.map(function(bn) { var mpi = new type_mpi(); mpi.fromBigInteger(bn); return mpi; }); } }, /** * generate random byte prefix as string for the specified algorithm * @param {module:enums.symmetric} algo Algorithm to use (see {@link http://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2}) * @return {String} Random bytes with length equal to the block * size of the cipher */ getPrefixRandom: function(algo) { return random.getRandomBytes(cipher[algo].blockSize); }, /** * Generating a session key for the specified symmetric algorithm * @param {module:enums.symmetric} algo Algorithm to use (see {@link http://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2}) * @return {String} Random bytes as a string to be used as a key */ generateSessionKey: function(algo) { return random.getRandomBytes(cipher[algo].keySize); } }; },{"../type/mpi.js":72,"./cipher":23,"./public_key":36,"./random.js":39}],26:[function(require,module,exports){ /** * Secure Hash Algorithm with 256-bit digest (SHA-256) implementation. * * See FIPS 180-2 for details. * * This implementation is currently limited to message lengths (in bytes) that * are up to 32-bits in size. * * @author Dave Longley * * Copyright (c) 2010-2012 Digital Bazaar, Inc. */ var sha256 = module.exports = {}; var util = require('./forge_util.js'); // sha-256 padding bytes not initialized yet var _padding = null; var _initialized = false; // table of constants var _k = null; /** * Initializes the constant tables. */ var _init = function() { // create padding _padding = String.fromCharCode(128); _padding += util.fillString(String.fromCharCode(0x00), 64); // create K table for SHA-256 _k = [ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 ]; // now initialized _initialized = true; }; /** * Updates a SHA-256 state with the given byte buffer. * * @param s the SHA-256 state to update. * @param w the array to use to store words. * @param bytes the byte buffer to update with. */ var _update = function(s, w, bytes) { // consume 512 bit (64 byte) chunks var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h; var len = bytes.length(); while (len >= 64) { // the w array will be populated with sixteen 32-bit big-endian words // and then extended into 64 32-bit words according to SHA-256 for (i = 0; i < 16; ++i) { w[i] = bytes.getInt32(); } for (; i < 64; ++i) { // XOR word 2 words ago rot right 17, rot right 19, shft right 10 t1 = w[i - 2]; t1 = ((t1 >>> 17) | (t1 << 15)) ^ ((t1 >>> 19) | (t1 << 13)) ^ (t1 >>> 10); // XOR word 15 words ago rot right 7, rot right 18, shft right 3 t2 = w[i - 15]; t2 = ((t2 >>> 7) | (t2 << 25)) ^ ((t2 >>> 18) | (t2 << 14)) ^ (t2 >>> 3); // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^32 w[i] = (t1 + w[i - 7] + t2 + w[i - 16]) & 0xFFFFFFFF; } // initialize hash value for this chunk a = s.h0; b = s.h1; c = s.h2; d = s.h3; e = s.h4; f = s.h5; g = s.h6; h = s.h7; // round function for (i = 0; i < 64; ++i) { // Sum1(e) s1 = ((e >>> 6) | (e << 26)) ^ ((e >>> 11) | (e << 21)) ^ ((e >>> 25) | (e << 7)); // Ch(e, f, g) (optimized the same way as SHA-1) ch = g ^ (e & (f ^ g)); // Sum0(a) s0 = ((a >>> 2) | (a << 30)) ^ ((a >>> 13) | (a << 19)) ^ ((a >>> 22) | (a << 10)); // Maj(a, b, c) (optimized the same way as SHA-1) maj = (a & b) | (c & (a ^ b)); // main algorithm t1 = h + s1 + ch + _k[i] + w[i]; t2 = s0 + maj; h = g; g = f; f = e; e = (d + t1) & 0xFFFFFFFF; d = c; c = b; b = a; a = (t1 + t2) & 0xFFFFFFFF; } // update hash state s.h0 = (s.h0 + a) & 0xFFFFFFFF; s.h1 = (s.h1 + b) & 0xFFFFFFFF; s.h2 = (s.h2 + c) & 0xFFFFFFFF; s.h3 = (s.h3 + d) & 0xFFFFFFFF; s.h4 = (s.h4 + e) & 0xFFFFFFFF; s.h5 = (s.h5 + f) & 0xFFFFFFFF; s.h6 = (s.h6 + g) & 0xFFFFFFFF; s.h7 = (s.h7 + h) & 0xFFFFFFFF; len -= 64; } }; /** * Creates a SHA-256 message digest object. * * @return a message digest object. */ sha256.create = function() { // do initialization as necessary if (!_initialized) { _init(); } // SHA-256 state contains eight 32-bit integers var _state = null; // input buffer var _input = util.createBuffer(); // used for word storage var _w = new Array(64); // message digest object var md = { algorithm: 'sha256', blockLength: 64, digestLength: 32, // length of message so far (does not including padding) messageLength: 0 }; /** * Starts the digest. * * @return this digest object. */ md.start = function() { md.messageLength = 0; _input = util.createBuffer(); _state = { h0: 0x6A09E667, h1: 0xBB67AE85, h2: 0x3C6EF372, h3: 0xA54FF53A, h4: 0x510E527F, h5: 0x9B05688C, h6: 0x1F83D9AB, h7: 0x5BE0CD19 }; return md; }; // start digest automatically for first time md.start(); /** * Updates the digest with the given message input. The given input can * treated as raw input (no encoding will be applied) or an encoding of * 'utf8' maybe given to encode the input using UTF-8. * * @param msg the message input to update with. * @param encoding the encoding to use (default: 'raw', other: 'utf8'). * * @return this digest object. */ md.update = function(msg, encoding) { if (encoding === 'utf8') { msg = util.encodeUtf8(msg); } // update message length md.messageLength += msg.length; // add bytes to input buffer _input.putBytes(msg); // process bytes _update(_state, _w, _input); // compact input buffer every 2K or if empty if (_input.read > 2048 || _input.length() === 0) { _input.compact(); } return md; }; /** * Produces the digest. * * @return a byte buffer containing the digest value. */ md.digest = function() { /* Note: Here we copy the remaining bytes in the input buffer and add the appropriate SHA-256 padding. Then we do the final update on a copy of the state so that if the user wants to get intermediate digests they can do so. */ /* Determine the number of bytes that must be added to the message to ensure its length is congruent to 448 mod 512. In other words, a 64-bit integer that gives the length of the message will be appended to the message and whatever the length of the message is plus 64 bits must be a multiple of 512. So the length of the message must be congruent to 448 mod 512 because 512 - 64 = 448. In order to fill up the message length it must be filled with padding that begins with 1 bit followed by all 0 bits. Padding must *always* be present, so if the message length is already congruent to 448 mod 512, then 512 padding bits must be added. */ // 512 bits == 64 bytes, 448 bits == 56 bytes, 64 bits = 8 bytes // _padding starts with 1 byte with first bit is set in it which // is byte value 128, then there may be up to 63 other pad bytes var len = md.messageLength; var padBytes = util.createBuffer(); padBytes.putBytes(_input.bytes()); padBytes.putBytes(_padding.substr(0, 64 - ((len + 8) % 64))); /* Now append length of the message. The length is appended in bits as a 64-bit number in big-endian order. Since we store the length in bytes, we must multiply it by 8 (or left shift by 3). So here store the high 3 bits in the low end of the first 32-bits of the 64-bit number and the lower 5 bits in the high end of the second 32-bits. */ padBytes.putInt32((len >>> 29) & 0xFF); padBytes.putInt32((len << 3) & 0xFFFFFFFF); var s2 = { h0: _state.h0, h1: _state.h1, h2: _state.h2, h3: _state.h3, h4: _state.h4, h5: _state.h5, h6: _state.h6, h7: _state.h7 }; _update(s2, _w, padBytes); var rval = util.createBuffer(); rval.putInt32(s2.h0); rval.putInt32(s2.h1); rval.putInt32(s2.h2); rval.putInt32(s2.h3); rval.putInt32(s2.h4); rval.putInt32(s2.h5); rval.putInt32(s2.h6); rval.putInt32(s2.h7); return rval; }; return md; }; },{"./forge_util.js":27}],27:[function(require,module,exports){ /** * Utility functions for web applications. * * @author Dave Longley * * Copyright (c) 2010-2012 Digital Bazaar, Inc. */ /* Utilities API */ var util = module.exports = {}; // define isArray util.isArray = Array.isArray || function(x) { return Object.prototype.toString.call(x) === '[object Array]'; }; // define isArrayBuffer util.isArrayBuffer = function(x) { return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer; }; // define isArrayBufferView var _arrayBufferViews = []; if(typeof Int8Array !== 'undefined') { _arrayBufferViews.push(Int8Array); } if(typeof Uint8Array !== 'undefined') { _arrayBufferViews.push(Uint8Array); } if(typeof Uint8ClampedArray !== 'undefined') { _arrayBufferViews.push(Uint8ClampedArray); } if(typeof Int16Array !== 'undefined') { _arrayBufferViews.push(Int16Array); } if(typeof Uint16Array !== 'undefined') { _arrayBufferViews.push(Uint16Array); } if(typeof Int32Array !== 'undefined') { _arrayBufferViews.push(Int32Array); } if(typeof Uint32Array !== 'undefined') { _arrayBufferViews.push(Uint32Array); } if(typeof Float32Array !== 'undefined') { _arrayBufferViews.push(Float32Array); } if(typeof Float64Array !== 'undefined') { _arrayBufferViews.push(Float64Array); } util.isArrayBufferView = function(x) { for(var i = 0; i < _arrayBufferViews.length; ++i) { if(x instanceof _arrayBufferViews[i]) { return true; } } return false; }; /** * Constructor for a byte buffer. * * @param [b] the bytes to wrap (either encoded as string, one byte per * character, or as an ArrayBuffer or Typed Array). */ util.ByteBuffer = function(b) { // the data in this buffer this.data = ''; // the pointer for reading from this buffer this.read = 0; if(typeof b === 'string') { this.data = b; } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) { // convert native buffer to forge buffer // FIXME: support native buffers internally instead var arr = new Uint8Array(b); try { this.data = String.fromCharCode.apply(null, arr); } catch(e) { for(var i = 0; i < arr.length; ++i) { this.putByte(arr[i]); } } } }; /** * Gets the number of bytes in this buffer. * * @return the number of bytes in this buffer. */ util.ByteBuffer.prototype.length = function() { return this.data.length - this.read; }; /** * Gets whether or not this buffer is empty. * * @return true if this buffer is empty, false if not. */ util.ByteBuffer.prototype.isEmpty = function() { return this.length() <= 0; }; /** * Puts a byte in this buffer. * * @param b the byte to put. * * @return this buffer. */ util.ByteBuffer.prototype.putByte = function(b) { this.data += String.fromCharCode(b); return this; }; /** * Puts a byte in this buffer N times. * * @param b the byte to put. * @param n the number of bytes of value b to put. * * @return this buffer. */ util.ByteBuffer.prototype.fillWithByte = function(b, n) { b = String.fromCharCode(b); var d = this.data; while(n > 0) { if(n & 1) { d += b; } n >>>= 1; if(n > 0) { b += b; } } this.data = d; return this; }; /** * Puts bytes in this buffer. * * @param bytes the bytes (as a UTF-8 encoded string) to put. * * @return this buffer. */ util.ByteBuffer.prototype.putBytes = function(bytes) { this.data += bytes; return this; }; /** * Puts a UTF-16 encoded string into this buffer. * * @param str the string to put. * * @return this buffer. */ util.ByteBuffer.prototype.putString = function(str) { this.data += util.encodeUtf8(str); return this; }; /** * Puts a 16-bit integer in this buffer in big-endian order. * * @param i the 16-bit integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt16 = function(i) { this.data += String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF); return this; }; /** * Puts a 24-bit integer in this buffer in big-endian order. * * @param i the 24-bit integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt24 = function(i) { this.data += String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF); return this; }; /** * Puts a 32-bit integer in this buffer in big-endian order. * * @param i the 32-bit integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt32 = function(i) { this.data += String.fromCharCode(i >> 24 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF); return this; }; /** * Puts a 16-bit integer in this buffer in little-endian order. * * @param i the 16-bit integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt16Le = function(i) { this.data += String.fromCharCode(i & 0xFF) + String.fromCharCode(i >> 8 & 0xFF); return this; }; /** * Puts a 24-bit integer in this buffer in little-endian order. * * @param i the 24-bit integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt24Le = function(i) { this.data += String.fromCharCode(i & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF); return this; }; /** * Puts a 32-bit integer in this buffer in little-endian order. * * @param i the 32-bit integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt32Le = function(i) { this.data += String.fromCharCode(i & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 24 & 0xFF); return this; }; /** * Puts an n-bit integer in this buffer in big-endian order. * * @param i the n-bit integer. * @param n the number of bits in the integer. * * @return this buffer. */ util.ByteBuffer.prototype.putInt = function(i, n) { do { n -= 8; this.data += String.fromCharCode((i >> n) & 0xFF); } while(n > 0); return this; }; /** * Puts a signed n-bit integer in this buffer in big-endian order. Two's * complement representation is used. * * @param i the n-bit integer. * @param n the number of bits in the integer. * * @return this buffer. */ util.ByteBuffer.prototype.putSignedInt = function(i, n) { if(i < 0) { i += 2 << (n - 1); } return this.putInt(i, n); }; /** * Puts the given buffer into this buffer. * * @param buffer the buffer to put into this one. * * @return this buffer. */ util.ByteBuffer.prototype.putBuffer = function(buffer) { this.data += buffer.getBytes(); return this; }; /** * Gets a byte from this buffer and advances the read pointer by 1. * * @return the byte. */ util.ByteBuffer.prototype.getByte = function() { return this.data.charCodeAt(this.read++); }; /** * Gets a uint16 from this buffer in big-endian order and advances the read * pointer by 2. * * @return the uint16. */ util.ByteBuffer.prototype.getInt16 = function() { var rval = ( this.data.charCodeAt(this.read) << 8 ^ this.data.charCodeAt(this.read + 1)); this.read += 2; return rval; }; /** * Gets a uint24 from this buffer in big-endian order and advances the read * pointer by 3. * * @return the uint24. */ util.ByteBuffer.prototype.getInt24 = function() { var rval = ( this.data.charCodeAt(this.read) << 16 ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2)); this.read += 3; return rval; }; /** * Gets a uint32 from this buffer in big-endian order and advances the read * pointer by 4. * * @return the word. */ util.ByteBuffer.prototype.getInt32 = function() { var rval = ( this.data.charCodeAt(this.read) << 24 ^ this.data.charCodeAt(this.read + 1) << 16 ^ this.data.charCodeAt(this.read + 2) << 8 ^ this.data.charCodeAt(this.read + 3)); this.read += 4; return rval; }; /** * Gets a uint16 from this buffer in little-endian order and advances the read * pointer by 2. * * @return the uint16. */ util.ByteBuffer.prototype.getInt16Le = function() { var rval = ( this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8); this.read += 2; return rval; }; /** * Gets a uint24 from this buffer in little-endian order and advances the read * pointer by 3. * * @return the uint24. */ util.ByteBuffer.prototype.getInt24Le = function() { var rval = ( this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16); this.read += 3; return rval; }; /** * Gets a uint32 from this buffer in little-endian order and advances the read * pointer by 4. * * @return the word. */ util.ByteBuffer.prototype.getInt32Le = function() { var rval = ( this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16 ^ this.data.charCodeAt(this.read + 3) << 24); this.read += 4; return rval; }; /** * Gets an n-bit integer from this buffer in big-endian order and advances the * read pointer by n/8. * * @param n the number of bits in the integer. * * @return the integer. */ util.ByteBuffer.prototype.getInt = function(n) { var rval = 0; do { rval = (rval << 8) + this.data.charCodeAt(this.read++); n -= 8; } while(n > 0); return rval; }; /** * Gets a signed n-bit integer from this buffer in big-endian order, using * two's complement, and advances the read pointer by n/8. * * @param n the number of bits in the integer. * * @return the integer. */ util.ByteBuffer.prototype.getSignedInt = function(n) { var x = this.getInt(n); var max = 2 << (n - 2); if(x >= max) { x -= max << 1; } return x; }; /** * Reads bytes out into a UTF-8 string and clears them from the buffer. * * @param count the number of bytes to read, undefined or null for all. * * @return a UTF-8 string of bytes. */ util.ByteBuffer.prototype.getBytes = function(count) { var rval; if(count) { // read count bytes count = Math.min(this.length(), count); rval = this.data.slice(this.read, this.read + count); this.read += count; } else if(count === 0) { rval = ''; } else { // read all bytes, optimize to only copy when needed rval = (this.read === 0) ? this.data : this.data.slice(this.read); this.clear(); } return rval; }; /** * Gets a UTF-8 encoded string of the bytes from this buffer without modifying * the read pointer. * * @param count the number of bytes to get, omit to get all. * * @return a string full of UTF-8 encoded characters. */ util.ByteBuffer.prototype.bytes = function(count) { return (typeof(count) === 'undefined' ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count)); }; /** * Gets a byte at the given index without modifying the read pointer. * * @param i the byte index. * * @return the byte. */ util.ByteBuffer.prototype.at = function(i) { return this.data.charCodeAt(this.read + i); }; /** * Puts a byte at the given index without modifying the read pointer. * * @param i the byte index. * @param b the byte to put. * * @return this buffer. */ util.ByteBuffer.prototype.setAt = function(i, b) { this.data = this.data.substr(0, this.read + i) + String.fromCharCode(b) + this.data.substr(this.read + i + 1); return this; }; /** * Gets the last byte without modifying the read pointer. * * @return the last byte. */ util.ByteBuffer.prototype.last = function() { return this.data.charCodeAt(this.data.length - 1); }; /** * Creates a copy of this buffer. * * @return the copy. */ util.ByteBuffer.prototype.copy = function() { var c = util.createBuffer(this.data); c.read = this.read; return c; }; /** * Compacts this buffer. * * @return this buffer. */ util.ByteBuffer.prototype.compact = function() { if(this.read > 0) { this.data = this.data.slice(this.read); this.read = 0; } return this; }; /** * Clears this buffer. * * @return this buffer. */ util.ByteBuffer.prototype.clear = function() { this.data = ''; this.read = 0; return this; }; /** * Shortens this buffer by triming bytes off of the end of this buffer. * * @param count the number of bytes to trim off. * * @return this buffer. */ util.ByteBuffer.prototype.truncate = function(count) { var len = Math.max(0, this.length() - count); this.data = this.data.substr(this.read, len); this.read = 0; return this; }; /** * Converts this buffer to a hexadecimal string. * * @return a hexadecimal string. */ util.ByteBuffer.prototype.toHex = function() { var rval = ''; for(var i = this.read; i < this.data.length; ++i) { var b = this.data.charCodeAt(i); if(b < 16) { rval += '0'; } rval += b.toString(16); } return rval; }; /** * Converts this buffer to a UTF-16 string (standard JavaScript string). * * @return a UTF-16 string. */ util.ByteBuffer.prototype.toString = function() { return util.decodeUtf8(this.bytes()); }; /** * Creates a buffer that stores bytes. A value may be given to put into the * buffer that is either a string of bytes or a UTF-16 string that will * be encoded using UTF-8 (to do the latter, specify 'utf8' as the encoding). * * @param [input] the bytes to wrap (as a string) or a UTF-16 string to encode * as UTF-8. * @param [encoding] (default: 'raw', other: 'utf8'). */ util.createBuffer = function(input, encoding) { encoding = encoding || 'raw'; if(input !== undefined && encoding === 'utf8') { input = util.encodeUtf8(input); } return new util.ByteBuffer(input); }; /** * Fills a string with a particular value. If you want the string to be a byte * string, pass in String.fromCharCode(theByte). * * @param c the character to fill the string with, use String.fromCharCode * to fill the string with a byte value. * @param n the number of characters of value c to fill with. * * @return the filled string. */ util.fillString = function(c, n) { var s = ''; while(n > 0) { if(n & 1) { s += c; } n >>>= 1; if(n > 0) { c += c; } } return s; }; /** * Performs a per byte XOR between two byte strings and returns the result as a * string of bytes. * * @param s1 first string of bytes. * @param s2 second string of bytes. * @param n the number of bytes to XOR. * * @return the XOR'd result. */ util.xorBytes = function(s1, s2, n) { var s3 = ''; var b = ''; var t = ''; var i = 0; var c = 0; for(; n > 0; --n, ++i) { b = s1.charCodeAt(i) ^ s2.charCodeAt(i); if(c >= 10) { s3 += t; t = ''; c = 0; } t += String.fromCharCode(b); ++c; } s3 += t; return s3; }; /** * Converts a hex string into a UTF-8 string of bytes. * * @param hex the hexadecimal string to convert. * * @return the string of bytes. */ util.hexToBytes = function(hex) { var rval = ''; var i = 0; if(hex.length & 1 == 1) { // odd number of characters, convert first character alone i = 1; rval += String.fromCharCode(parseInt(hex[0], 16)); } // convert 2 characters (1 byte) at a time for(; i < hex.length; i += 2) { rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); } return rval; }; /** * Converts a UTF-8 byte string into a string of hexadecimal characters. * * @param bytes the byte string to convert. * * @return the string of hexadecimal characters. */ util.bytesToHex = function(bytes) { return util.createBuffer(bytes).toHex(); }; /** * Converts an 32-bit integer to 4-big-endian byte string. * * @param i the integer. * * @return the byte string. */ util.int32ToBytes = function(i) { return ( String.fromCharCode(i >> 24 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF)); }; // base64 characters, reverse mapping var _base64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; var _base64Idx = [ /*43 -43 = 0*/ /*'+', 1, 2, 3,'/' */ 62, -1, -1, -1, 63, /*'0','1','2','3','4','5','6','7','8','9' */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, /*15, 16, 17,'=', 19, 20, 21 */ -1, -1, -1, 64, -1, -1, -1, /*65 - 43 = 22*/ /*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, /*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, /*91 - 43 = 48 */ /*48, 49, 50, 51, 52, 53 */ -1, -1, -1, -1, -1, -1, /*97 - 43 = 54*/ /*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, /*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 ]; /** * Base64 encodes a UTF-8 string of bytes. * * @param input the UTF-8 string of bytes to encode. * @param maxline the maximum number of encoded bytes per line to use, * defaults to none. * * @return the base64-encoded output. */ util.encode64 = function(input, maxline) { var line = ''; var output = ''; var chr1, chr2, chr3; var i = 0; while(i < input.length) { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); // encode 4 character group line += _base64.charAt(chr1 >> 2); line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); if(isNaN(chr2)) { line += '=='; } else { line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); } if(maxline && line.length > maxline) { output += line.substr(0, maxline) + '\r\n'; line = line.substr(maxline); } } output += line; return output; }; /** * Base64 decodes a string into a UTF-8 string of bytes. * * @param input the base64-encoded input. * * @return the raw bytes. */ util.decode64 = function(input) { // remove all non-base64 characters input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); var output = ''; var enc1, enc2, enc3, enc4; var i = 0; while(i < input.length) { enc1 = _base64Idx[input.charCodeAt(i++) - 43]; enc2 = _base64Idx[input.charCodeAt(i++) - 43]; enc3 = _base64Idx[input.charCodeAt(i++) - 43]; enc4 = _base64Idx[input.charCodeAt(i++) - 43]; output += String.fromCharCode((enc1 << 2) | (enc2 >> 4)); if(enc3 !== 64) { // decoded at least 2 bytes output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2)); if(enc4 !== 64) { // decoded 3 bytes output += String.fromCharCode(((enc3 & 3) << 6) | enc4); } } } return output; }; /** * UTF-8 encodes the given UTF-16 encoded string (a standard JavaScript * string). Non-ASCII characters will be encoded as multiple bytes according * to UTF-8. * * @param str the string to encode. * * @return the UTF-8 encoded string. */ util.encodeUtf8 = function(str) { return unescape(encodeURIComponent(str)); }; /** * Decodes a UTF-8 encoded string into a UTF-16 string. * * @param str the string to encode. * * @return the UTF-16 encoded string (standard JavaScript string). */ util.decodeUtf8 = function(str) { return decodeURIComponent(escape(str)); }; },{}],28:[function(require,module,exports){ /** * @requires crypto/hash/sha * @module crypto/hash */ var sha = require('./sha.js'), forge_sha256 = require('./forge_sha256.js'); module.exports = { /** @see module:crypto/hash/md5 */ md5: require('./md5.js'), /** @see module:crypto/hash/sha.sha1 */ sha1: sha.sha1, /** @see module:crypto/hash/sha.sha224 */ sha224: sha.sha224, /** @see module:crypto/hash/sha.sha256 */ sha256: sha.sha256, /** @see module:crypto/hash/sha.sha384 */ sha384: sha.sha384, /** @see module:crypto/hash/sha.sha512 */ sha512: sha.sha512, /** @see module:crypto/hash/ripe-md */ ripemd: require('./ripe-md.js'), /** * Create a hash on the specified data using the specified algorithm * @param {module:enums.hash} algo Hash algorithm type (see {@link http://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) * @param {String} data Data to be hashed * @return {String} hash value */ digest: function(algo, data) { switch (algo) { case 1: // - MD5 [HAC] return this.md5(data); case 2: // - SHA-1 [FIPS180] return this.sha1(data); case 3: // - RIPE-MD/160 [HAC] return this.ripemd(data); case 8: // - SHA256 [FIPS180] var sha256 = forge_sha256.create(); sha256.update(data); return sha256.digest().getBytes(); case 9: // - SHA384 [FIPS180] return this.sha384(data); case 10: // - SHA512 [FIPS180] return this.sha512(data); case 11: // - SHA224 [FIPS180] return this.sha224(data); default: throw new Error('Invalid hash function.'); } }, /** * Returns the hash size in bytes of the specified hash algorithm type * @param {module:enums.hash} algo Hash algorithm type (See {@link http://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) * @return {Integer} Size in bytes of the resulting hash */ getHashByteLength: function(algo) { switch (algo) { case 1: // - MD5 [HAC] return 16; case 2: // - SHA-1 [FIPS180] case 3: // - RIPE-MD/160 [HAC] return 20; case 8: // - SHA256 [FIPS180] return 32; case 9: // - SHA384 [FIPS180] return 48; case 10: // - SHA512 [FIPS180] return 64; case 11: // - SHA224 [FIPS180] return 28; default: throw new Error('Invalid hash algorithm.'); } } }; },{"./forge_sha256.js":26,"./md5.js":29,"./ripe-md.js":30,"./sha.js":31}],29:[function(require,module,exports){ /** * A fast MD5 JavaScript implementation * Copyright (c) 2012 Joseph Myers * http://www.myersdaily.org/joseph/javascript/md5-text.html * * Permission to use, copy, modify, and distribute this software * and its documentation for any purposes and without * fee is hereby granted provided that this copyright notice * appears in all copies. * * Of course, this soft is provided "as is" without express or implied * warranty of any kind. */ /** * @requires util * @module crypto/hash/md5 */ var util = require('../../util.js'); /** * MD5 hash * @param {String} entree string to hash */ module.exports = function (entree) { var hex = md5(entree); var bin = util.hex2bin(hex); return bin; }; function md5cycle(x, k) { var a = x[0], b = x[1], c = x[2], d = x[3]; a = ff(a, b, c, d, k[0], 7, -680876936); d = ff(d, a, b, c, k[1], 12, -389564586); c = ff(c, d, a, b, k[2], 17, 606105819); b = ff(b, c, d, a, k[3], 22, -1044525330); a = ff(a, b, c, d, k[4], 7, -176418897); d = ff(d, a, b, c, k[5], 12, 1200080426); c = ff(c, d, a, b, k[6], 17, -1473231341); b = ff(b, c, d, a, k[7], 22, -45705983); a = ff(a, b, c, d, k[8], 7, 1770035416); d = ff(d, a, b, c, k[9], 12, -1958414417); c = ff(c, d, a, b, k[10], 17, -42063); b = ff(b, c, d, a, k[11], 22, -1990404162); a = ff(a, b, c, d, k[12], 7, 1804603682); d = ff(d, a, b, c, k[13], 12, -40341101); c = ff(c, d, a, b, k[14], 17, -1502002290); b = ff(b, c, d, a, k[15], 22, 1236535329); a = gg(a, b, c, d, k[1], 5, -165796510); d = gg(d, a, b, c, k[6], 9, -1069501632); c = gg(c, d, a, b, k[11], 14, 643717713); b = gg(b, c, d, a, k[0], 20, -373897302); a = gg(a, b, c, d, k[5], 5, -701558691); d = gg(d, a, b, c, k[10], 9, 38016083); c = gg(c, d, a, b, k[15], 14, -660478335); b = gg(b, c, d, a, k[4], 20, -405537848); a = gg(a, b, c, d, k[9], 5, 568446438); d = gg(d, a, b, c, k[14], 9, -1019803690); c = gg(c, d, a, b, k[3], 14, -187363961); b = gg(b, c, d, a, k[8], 20, 1163531501); a = gg(a, b, c, d, k[13], 5, -1444681467); d = gg(d, a, b, c, k[2], 9, -51403784); c = gg(c, d, a, b, k[7], 14, 1735328473); b = gg(b, c, d, a, k[12], 20, -1926607734); a = hh(a, b, c, d, k[5], 4, -378558); d = hh(d, a, b, c, k[8], 11, -2022574463); c = hh(c, d, a, b, k[11], 16, 1839030562); b = hh(b, c, d, a, k[14], 23, -35309556); a = hh(a, b, c, d, k[1], 4, -1530992060); d = hh(d, a, b, c, k[4], 11, 1272893353); c = hh(c, d, a, b, k[7], 16, -155497632); b = hh(b, c, d, a, k[10], 23, -1094730640); a = hh(a, b, c, d, k[13], 4, 681279174); d = hh(d, a, b, c, k[0], 11, -358537222); c = hh(c, d, a, b, k[3], 16, -722521979); b = hh(b, c, d, a, k[6], 23, 76029189); a = hh(a, b, c, d, k[9], 4, -640364487); d = hh(d, a, b, c, k[12], 11, -421815835); c = hh(c, d, a, b, k[15], 16, 530742520); b = hh(b, c, d, a, k[2], 23, -995338651); a = ii(a, b, c, d, k[0], 6, -198630844); d = ii(d, a, b, c, k[7], 10, 1126891415); c = ii(c, d, a, b, k[14], 15, -1416354905); b = ii(b, c, d, a, k[5], 21, -57434055); a = ii(a, b, c, d, k[12], 6, 1700485571); d = ii(d, a, b, c, k[3], 10, -1894986606); c = ii(c, d, a, b, k[10], 15, -1051523); b = ii(b, c, d, a, k[1], 21, -2054922799); a = ii(a, b, c, d, k[8], 6, 1873313359); d = ii(d, a, b, c, k[15], 10, -30611744); c = ii(c, d, a, b, k[6], 15, -1560198380); b = ii(b, c, d, a, k[13], 21, 1309151649); a = ii(a, b, c, d, k[4], 6, -145523070); d = ii(d, a, b, c, k[11], 10, -1120210379); c = ii(c, d, a, b, k[2], 15, 718787259); b = ii(b, c, d, a, k[9], 21, -343485551); x[0] = add32(a, x[0]); x[1] = add32(b, x[1]); x[2] = add32(c, x[2]); x[3] = add32(d, x[3]); } function cmn(q, a, b, x, s, t) { a = add32(add32(a, q), add32(x, t)); return add32((a << s) | (a >>> (32 - s)), b); } function ff(a, b, c, d, x, s, t) { return cmn((b & c) | ((~b) & d), a, b, x, s, t); } function gg(a, b, c, d, x, s, t) { return cmn((b & d) | (c & (~d)), a, b, x, s, t); } function hh(a, b, c, d, x, s, t) { return cmn(b ^ c ^ d, a, b, x, s, t); } function ii(a, b, c, d, x, s, t) { return cmn(c ^ (b | (~d)), a, b, x, s, t); } function md51(s) { txt = ''; var n = s.length, state = [1732584193, -271733879, -1732584194, 271733878], i; for (i = 64; i <= s.length; i += 64) { md5cycle(state, md5blk(s.substring(i - 64, i))); } s = s.substring(i - 64); var tail = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; for (i = 0; i < s.length; i++) tail[i >> 2] |= s.charCodeAt(i) << ((i % 4) << 3); tail[i >> 2] |= 0x80 << ((i % 4) << 3); if (i > 55) { md5cycle(state, tail); for (i = 0; i < 16; i++) tail[i] = 0; } tail[14] = n * 8; md5cycle(state, tail); return state; } /* there needs to be support for Unicode here, * unless we pretend that we can redefine the MD-5 * algorithm for multi-byte characters (perhaps * by adding every four 16-bit characters and * shortening the sum to 32 bits). Otherwise * I suggest performing MD-5 as if every character * was two bytes--e.g., 0040 0025 = @%--but then * how will an ordinary MD-5 sum be matched? * There is no way to standardize text to something * like UTF-8 before transformation; speed cost is * utterly prohibitive. The JavaScript standard * itself needs to look at this: it should start * providing access to strings as preformed UTF-8 * 8-bit unsigned value arrays. */ function md5blk(s) { /* I figured global was faster. */ var md5blks = [], i; /* Andy King said do it this way. */ for (i = 0; i < 64; i += 4) { md5blks[i >> 2] = s.charCodeAt(i) + (s.charCodeAt(i + 1) << 8) + (s.charCodeAt(i + 2) << 16) + (s.charCodeAt(i + 3) << 24); } return md5blks; } var hex_chr = '0123456789abcdef'.split(''); function rhex(n) { var s = '', j = 0; for (; j < 4; j++) s += hex_chr[(n >> (j * 8 + 4)) & 0x0F] + hex_chr[(n >> (j * 8)) & 0x0F]; return s; } function hex(x) { for (var i = 0; i < x.length; i++) x[i] = rhex(x[i]); return x.join(''); } function md5(s) { return hex(md51(s)); } /* this function is much faster, so if possible we use it. Some IEs are the only ones I know of that need the idiotic second function, generated by an if clause. */ function add32(a, b) { return (a + b) & 0xFFFFFFFF; } if (md5('hello') != '5d41402abc4b2a76b9719d911017c592') { function add32(x, y) { var lsw = (x & 0xFFFF) + (y & 0xFFFF), msw = (x >> 16) + (y >> 16) + (lsw >> 16); return (msw << 16) | (lsw & 0xFFFF); } } },{"../../util.js":74}],30:[function(require,module,exports){ /* * CryptoMX Tools * Copyright (C) 2004 - 2006 Derek Buitenhuis * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Modified by Recurity Labs GmbH */ /** * @module crypto/hash/ripe-md */ var RMDsize = 160; var X = []; function ROL(x, n) { return new Number((x << n) | (x >>> (32 - n))); } function F(x, y, z) { return new Number(x ^ y ^ z); } function G(x, y, z) { return new Number((x & y) | (~x & z)); } function H(x, y, z) { return new Number((x | ~y) ^ z); } function I(x, y, z) { return new Number((x & z) | (y & ~z)); } function J(x, y, z) { return new Number(x ^ (y | ~z)); } function mixOneRound(a, b, c, d, e, x, s, roundNumber) { switch (roundNumber) { case 0: a += F(b, c, d) + x + 0x00000000; break; case 1: a += G(b, c, d) + x + 0x5a827999; break; case 2: a += H(b, c, d) + x + 0x6ed9eba1; break; case 3: a += I(b, c, d) + x + 0x8f1bbcdc; break; case 4: a += J(b, c, d) + x + 0xa953fd4e; break; case 5: a += J(b, c, d) + x + 0x50a28be6; break; case 6: a += I(b, c, d) + x + 0x5c4dd124; break; case 7: a += H(b, c, d) + x + 0x6d703ef3; break; case 8: a += G(b, c, d) + x + 0x7a6d76e9; break; case 9: a += F(b, c, d) + x + 0x00000000; break; default: throw new Error("Bogus round number"); break; } a = ROL(a, s) + e; c = ROL(c, 10); a &= 0xffffffff; b &= 0xffffffff; c &= 0xffffffff; d &= 0xffffffff; e &= 0xffffffff; var retBlock = []; retBlock[0] = a; retBlock[1] = b; retBlock[2] = c; retBlock[3] = d; retBlock[4] = e; retBlock[5] = x; retBlock[6] = s; return retBlock; } function MDinit(MDbuf) { MDbuf[0] = 0x67452301; MDbuf[1] = 0xefcdab89; MDbuf[2] = 0x98badcfe; MDbuf[3] = 0x10325476; MDbuf[4] = 0xc3d2e1f0; } var ROLs = [ [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8], [7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12], [11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5], [11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12], [9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6], [8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6], [9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11], [9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5], [15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8], [8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11] ]; var indexes = [ [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], [7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8], [3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12], [1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2], [4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13], [5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12], [6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2], [15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13], [8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14], [12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11] ]; function compress(MDbuf, X) { blockA = []; blockB = []; var retBlock; var i, j; for (i = 0; i < 5; i++) { blockA[i] = new Number(MDbuf[i]); blockB[i] = new Number(MDbuf[i]); } var step = 0; for (j = 0; j < 5; j++) { for (i = 0; i < 16; i++) { retBlock = mixOneRound( blockA[(step + 0) % 5], blockA[(step + 1) % 5], blockA[(step + 2) % 5], blockA[(step + 3) % 5], blockA[(step + 4) % 5], X[indexes[j][i]], ROLs[j][i], j); blockA[(step + 0) % 5] = retBlock[0]; blockA[(step + 1) % 5] = retBlock[1]; blockA[(step + 2) % 5] = retBlock[2]; blockA[(step + 3) % 5] = retBlock[3]; blockA[(step + 4) % 5] = retBlock[4]; step += 4; } } step = 0; for (j = 5; j < 10; j++) { for (i = 0; i < 16; i++) { retBlock = mixOneRound( blockB[(step + 0) % 5], blockB[(step + 1) % 5], blockB[(step + 2) % 5], blockB[(step + 3) % 5], blockB[(step + 4) % 5], X[indexes[j][i]], ROLs[j][i], j); blockB[(step + 0) % 5] = retBlock[0]; blockB[(step + 1) % 5] = retBlock[1]; blockB[(step + 2) % 5] = retBlock[2]; blockB[(step + 3) % 5] = retBlock[3]; blockB[(step + 4) % 5] = retBlock[4]; step += 4; } } blockB[3] += blockA[2] + MDbuf[1]; MDbuf[1] = MDbuf[2] + blockA[3] + blockB[4]; MDbuf[2] = MDbuf[3] + blockA[4] + blockB[0]; MDbuf[3] = MDbuf[4] + blockA[0] + blockB[1]; MDbuf[4] = MDbuf[0] + blockA[1] + blockB[2]; MDbuf[0] = blockB[3]; } function zeroX(X) { for (var i = 0; i < 16; i++) { X[i] = 0; } } function MDfinish(MDbuf, strptr, lswlen, mswlen) { var X = new Array(16); zeroX(X); var j = 0; for (var i = 0; i < (lswlen & 63); i++) { X[i >>> 2] ^= (strptr.charCodeAt(j++) & 255) << (8 * (i & 3)); } X[(lswlen >>> 2) & 15] ^= 1 << (8 * (lswlen & 3) + 7); if ((lswlen & 63) > 55) { compress(MDbuf, X); X = new Array(16); zeroX(X); } X[14] = lswlen << 3; X[15] = (lswlen >>> 29) | (mswlen << 3); compress(MDbuf, X); } function BYTES_TO_DWORD(fourChars) { var tmp = (fourChars.charCodeAt(3) & 255) << 24; tmp |= (fourChars.charCodeAt(2) & 255) << 16; tmp |= (fourChars.charCodeAt(1) & 255) << 8; tmp |= (fourChars.charCodeAt(0) & 255); return tmp; } function RMD(message) { var MDbuf = new Array(RMDsize / 32); var hashcode = new Array(RMDsize / 8); var length; var nbytes; MDinit(MDbuf); length = message.length; var X = new Array(16); zeroX(X); var i, j = 0; for (nbytes = length; nbytes > 63; nbytes -= 64) { for (i = 0; i < 16; i++) { X[i] = BYTES_TO_DWORD(message.substr(j, 4)); j += 4; } compress(MDbuf, X); } MDfinish(MDbuf, message.substr(j), length, 0); for (i = 0; i < RMDsize / 8; i += 4) { hashcode[i] = MDbuf[i >>> 2] & 255; hashcode[i + 1] = (MDbuf[i >>> 2] >>> 8) & 255; hashcode[i + 2] = (MDbuf[i >>> 2] >>> 16) & 255; hashcode[i + 3] = (MDbuf[i >>> 2] >>> 24) & 255; } return hashcode; } function RMDstring(message) { var hashcode = RMD(message); var retString = ""; for (var i = 0; i < RMDsize / 8; i++) { retString += String.fromCharCode(hashcode[i]); } return retString; } module.exports = RMDstring; },{}],31:[function(require,module,exports){ /* A JavaScript implementation of the SHA family of hashes, as defined in FIPS * PUB 180-2 as well as the corresponding HMAC implementation as defined in * FIPS PUB 198a * * Version 1.3 Copyright Brian Turek 2008-2010 * Distributed under the BSD License * See http://jssha.sourceforge.net/ for more information * * Several functions taken from Paul Johnson */ /* Modified by Recurity Labs GmbH * * This code has been slightly modified direct string output: * - bin2bstr has been added * - following wrappers of this library have been added: * - str_sha1 * - str_sha256 * - str_sha224 * - str_sha384 * - str_sha512 */ /** * @module crypto/hash/sha */ var jsSHA = (function() { /* * Configurable variables. Defaults typically work */ /* Number of Bits Per character (8 for ASCII, 16 for Unicode) */ var charSize = 8, /* base-64 pad character. "=" for strict RFC compliance */ b64pad = "", /* hex output format. 0 - lowercase; 1 - uppercase */ hexCase = 0, /* * Int_64 is a object for 2 32-bit numbers emulating a 64-bit number * * @constructor * @param {Number} msint_32 The most significant 32-bits of a 64-bit number * @param {Number} lsint_32 The least significant 32-bits of a 64-bit number */ Int_64 = function(msint_32, lsint_32) { this.highOrder = msint_32; this.lowOrder = lsint_32; }, /* * Convert a string to an array of big-endian words * If charSize is ASCII, characters >255 have their hi-byte silently * ignored. * * @param {String} str String to be converted to binary representation * @return Integer array representation of the parameter */ str2binb = function(str) { var bin = [], mask = (1 << charSize) - 1, length = str.length * charSize, i; for (i = 0; i < length; i += charSize) { bin[i >> 5] |= (str.charCodeAt(i / charSize) & mask) << (32 - charSize - (i % 32)); } return bin; }, /* * Convert a hex string to an array of big-endian words * * @param {String} str String to be converted to binary representation * @return Integer array representation of the parameter */ hex2binb = function(str) { var bin = [], length = str.length, i, num; for (i = 0; i < length; i += 2) { num = parseInt(str.substr(i, 2), 16); if (!isNaN(num)) { bin[i >> 3] |= num << (24 - (4 * (i % 8))); } else { throw new Error("INVALID HEX STRING"); } } return bin; }, /* * Convert an array of big-endian words to a hex string. * * @private * @param {Array} binarray Array of integers to be converted to hexidecimal * representation * @return Hexidecimal representation of the parameter in String form */ binb2hex = function(binarray) { var hex_tab = (hexCase) ? "0123456789ABCDEF" : "0123456789abcdef", str = "", length = binarray.length * 4, i, srcByte; for (i = 0; i < length; i += 1) { srcByte = binarray[i >> 2] >> ((3 - (i % 4)) * 8); str += hex_tab.charAt((srcByte >> 4) & 0xF) + hex_tab.charAt(srcByte & 0xF); } return str; }, /* * Convert an array of big-endian words to a base-64 string * * @private * @param {Array} binarray Array of integers to be converted to base-64 * representation * @return Base-64 encoded representation of the parameter in String form */ binb2b64 = function(binarray) { var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789+/", str = "", length = binarray.length * 4, i, j, triplet; for (i = 0; i < length; i += 3) { triplet = (((binarray[i >> 2] >> 8 * (3 - i % 4)) & 0xFF) << 16) | (((binarray[i + 1 >> 2] >> 8 * (3 - (i + 1) % 4)) & 0xFF) << 8) | ((binarray[i + 2 >> 2] >> 8 * (3 - (i + 2) % 4)) & 0xFF); for (j = 0; j < 4; j += 1) { if (i * 8 + j * 6 <= binarray.length * 32) { str += tab.charAt((triplet >> 6 * (3 - j)) & 0x3F); } else { str += b64pad; } } } return str; }, /* * Convert an array of big-endian words to a string */ binb2str = function(bin) { var str = ""; var mask = (1 << 8) - 1; for (var i = 0; i < bin.length * 32; i += 8) str += String.fromCharCode((bin[i >> 5] >>> (24 - i % 32)) & mask); return str; }, /* * The 32-bit implementation of circular rotate left * * @private * @param {Number} x The 32-bit integer argument * @param {Number} n The number of bits to shift * @return The x shifted circularly by n bits */ rotl_32 = function(x, n) { return (x << n) | (x >>> (32 - n)); }, /* * The 32-bit implementation of circular rotate right * * @private * @param {Number} x The 32-bit integer argument * @param {Number} n The number of bits to shift * @return The x shifted circularly by n bits */ rotr_32 = function(x, n) { return (x >>> n) | (x << (32 - n)); }, /* * The 64-bit implementation of circular rotate right * * @private * @param {Int_64} x The 64-bit integer argument * @param {Number} n The number of bits to shift * @return The x shifted circularly by n bits */ rotr_64 = function(x, n) { if (n <= 32) { return new Int_64( (x.highOrder >>> n) | (x.lowOrder << (32 - n)), (x.lowOrder >>> n) | (x.highOrder << (32 - n))); } else { return new Int_64( (x.lowOrder >>> n) | (x.highOrder << (32 - n)), (x.highOrder >>> n) | (x.lowOrder << (32 - n))); } }, /* * The 32-bit implementation of shift right * * @private * @param {Number} x The 32-bit integer argument * @param {Number} n The number of bits to shift * @return The x shifted by n bits */ shr_32 = function(x, n) { return x >>> n; }, /* * The 64-bit implementation of shift right * * @private * @param {Int_64} x The 64-bit integer argument * @param {Number} n The number of bits to shift * @return The x shifted by n bits */ shr_64 = function(x, n) { if (n <= 32) { return new Int_64( x.highOrder >>> n, x.lowOrder >>> n | (x.highOrder << (32 - n))); } else { return new Int_64( 0, x.highOrder << (32 - n)); } }, /* * The 32-bit implementation of the NIST specified Parity function * * @private * @param {Number} x The first 32-bit integer argument * @param {Number} y The second 32-bit integer argument * @param {Number} z The third 32-bit integer argument * @return The NIST specified output of the function */ parity_32 = function(x, y, z) { return x ^ y ^ z; }, /* * The 32-bit implementation of the NIST specified Ch function * * @private * @param {Number} x The first 32-bit integer argument * @param {Number} y The second 32-bit integer argument * @param {Number} z The third 32-bit integer argument * @return The NIST specified output of the function */ ch_32 = function(x, y, z) { return (x & y) ^ (~x & z); }, /* * The 64-bit implementation of the NIST specified Ch function * * @private * @param {Int_64} x The first 64-bit integer argument * @param {Int_64} y The second 64-bit integer argument * @param {Int_64} z The third 64-bit integer argument * @return The NIST specified output of the function */ ch_64 = function(x, y, z) { return new Int_64( (x.highOrder & y.highOrder) ^ (~x.highOrder & z.highOrder), (x.lowOrder & y.lowOrder) ^ (~x.lowOrder & z.lowOrder)); }, /* * The 32-bit implementation of the NIST specified Maj function * * @private * @param {Number} x The first 32-bit integer argument * @param {Number} y The second 32-bit integer argument * @param {Number} z The third 32-bit integer argument * @return The NIST specified output of the function */ maj_32 = function(x, y, z) { return (x & y) ^ (x & z) ^ (y & z); }, /* * The 64-bit implementation of the NIST specified Maj function * * @private * @param {Int_64} x The first 64-bit integer argument * @param {Int_64} y The second 64-bit integer argument * @param {Int_64} z The third 64-bit integer argument * @return The NIST specified output of the function */ maj_64 = function(x, y, z) { return new Int_64( (x.highOrder & y.highOrder) ^ (x.highOrder & z.highOrder) ^ (y.highOrder & z.highOrder), (x.lowOrder & y.lowOrder) ^ (x.lowOrder & z.lowOrder) ^ (y.lowOrder & z.lowOrder)); }, /* * The 32-bit implementation of the NIST specified Sigma0 function * * @private * @param {Number} x The 32-bit integer argument * @return The NIST specified output of the function */ sigma0_32 = function(x) { return rotr_32(x, 2) ^ rotr_32(x, 13) ^ rotr_32(x, 22); }, /* * The 64-bit implementation of the NIST specified Sigma0 function * * @private * @param {Int_64} x The 64-bit integer argument * @return The NIST specified output of the function */ sigma0_64 = function(x) { var rotr28 = rotr_64(x, 28), rotr34 = rotr_64(x, 34), rotr39 = rotr_64(x, 39); return new Int_64( rotr28.highOrder ^ rotr34.highOrder ^ rotr39.highOrder, rotr28.lowOrder ^ rotr34.lowOrder ^ rotr39.lowOrder); }, /* * The 32-bit implementation of the NIST specified Sigma1 function * * @private * @param {Number} x The 32-bit integer argument * @return The NIST specified output of the function */ sigma1_32 = function(x) { return rotr_32(x, 6) ^ rotr_32(x, 11) ^ rotr_32(x, 25); }, /* * The 64-bit implementation of the NIST specified Sigma1 function * * @private * @param {Int_64} x The 64-bit integer argument * @return The NIST specified output of the function */ sigma1_64 = function(x) { var rotr14 = rotr_64(x, 14), rotr18 = rotr_64(x, 18), rotr41 = rotr_64(x, 41); return new Int_64( rotr14.highOrder ^ rotr18.highOrder ^ rotr41.highOrder, rotr14.lowOrder ^ rotr18.lowOrder ^ rotr41.lowOrder); }, /* * The 32-bit implementation of the NIST specified Gamma0 function * * @private * @param {Number} x The 32-bit integer argument * @return The NIST specified output of the function */ gamma0_32 = function(x) { return rotr_32(x, 7) ^ rotr_32(x, 18) ^ shr_32(x, 3); }, /* * The 64-bit implementation of the NIST specified Gamma0 function * * @private * @param {Int_64} x The 64-bit integer argument * @return The NIST specified output of the function */ gamma0_64 = function(x) { var rotr1 = rotr_64(x, 1), rotr8 = rotr_64(x, 8), shr7 = shr_64(x, 7); return new Int_64( rotr1.highOrder ^ rotr8.highOrder ^ shr7.highOrder, rotr1.lowOrder ^ rotr8.lowOrder ^ shr7.lowOrder); }, /* * The 32-bit implementation of the NIST specified Gamma1 function * * @private * @param {Number} x The 32-bit integer argument * @return The NIST specified output of the function */ gamma1_32 = function(x) { return rotr_32(x, 17) ^ rotr_32(x, 19) ^ shr_32(x, 10); }, /* * The 64-bit implementation of the NIST specified Gamma1 function * * @private * @param {Int_64} x The 64-bit integer argument * @return The NIST specified output of the function */ gamma1_64 = function(x) { var rotr19 = rotr_64(x, 19), rotr61 = rotr_64(x, 61), shr6 = shr_64(x, 6); return new Int_64( rotr19.highOrder ^ rotr61.highOrder ^ shr6.highOrder, rotr19.lowOrder ^ rotr61.lowOrder ^ shr6.lowOrder); }, /* * Add two 32-bit integers, wrapping at 2^32. This uses 16-bit operations * internally to work around bugs in some JS interpreters. * * @private * @param {Number} x The first 32-bit integer argument to be added * @param {Number} y The second 32-bit integer argument to be added * @return The sum of x + y */ safeAdd_32_2 = function(x, y) { var lsw = (x & 0xFFFF) + (y & 0xFFFF), msw = (x >>> 16) + (y >>> 16) + (lsw >>> 16); return ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); }, /* * Add four 32-bit integers, wrapping at 2^32. This uses 16-bit operations * internally to work around bugs in some JS interpreters. * * @private * @param {Number} a The first 32-bit integer argument to be added * @param {Number} b The second 32-bit integer argument to be added * @param {Number} c The third 32-bit integer argument to be added * @param {Number} d The fourth 32-bit integer argument to be added * @return The sum of a + b + c + d */ safeAdd_32_4 = function(a, b, c, d) { var lsw = (a & 0xFFFF) + (b & 0xFFFF) + (c & 0xFFFF) + (d & 0xFFFF), msw = (a >>> 16) + (b >>> 16) + (c >>> 16) + (d >>> 16) + (lsw >>> 16); return ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); }, /* * Add five 32-bit integers, wrapping at 2^32. This uses 16-bit operations * internally to work around bugs in some JS interpreters. * * @private * @param {Number} a The first 32-bit integer argument to be added * @param {Number} b The second 32-bit integer argument to be added * @param {Number} c The third 32-bit integer argument to be added * @param {Number} d The fourth 32-bit integer argument to be added * @param {Number} e The fifth 32-bit integer argument to be added * @return The sum of a + b + c + d + e */ safeAdd_32_5 = function(a, b, c, d, e) { var lsw = (a & 0xFFFF) + (b & 0xFFFF) + (c & 0xFFFF) + (d & 0xFFFF) + (e & 0xFFFF), msw = (a >>> 16) + (b >>> 16) + (c >>> 16) + (d >>> 16) + (e >>> 16) + (lsw >>> 16); return ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); }, /* * Add two 64-bit integers, wrapping at 2^64. This uses 16-bit operations * internally to work around bugs in some JS interpreters. * * @private * @param {Int_64} x The first 64-bit integer argument to be added * @param {Int_64} y The second 64-bit integer argument to be added * @return The sum of x + y */ safeAdd_64_2 = function(x, y) { var lsw, msw, lowOrder, highOrder; lsw = (x.lowOrder & 0xFFFF) + (y.lowOrder & 0xFFFF); msw = (x.lowOrder >>> 16) + (y.lowOrder >>> 16) + (lsw >>> 16); lowOrder = ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); lsw = (x.highOrder & 0xFFFF) + (y.highOrder & 0xFFFF) + (msw >>> 16); msw = (x.highOrder >>> 16) + (y.highOrder >>> 16) + (lsw >>> 16); highOrder = ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); return new Int_64(highOrder, lowOrder); }, /* * Add four 64-bit integers, wrapping at 2^64. This uses 16-bit operations * internally to work around bugs in some JS interpreters. * * @private * @param {Int_64} a The first 64-bit integer argument to be added * @param {Int_64} b The second 64-bit integer argument to be added * @param {Int_64} c The third 64-bit integer argument to be added * @param {Int_64} d The fouth 64-bit integer argument to be added * @return The sum of a + b + c + d */ safeAdd_64_4 = function(a, b, c, d) { var lsw, msw, lowOrder, highOrder; lsw = (a.lowOrder & 0xFFFF) + (b.lowOrder & 0xFFFF) + (c.lowOrder & 0xFFFF) + (d.lowOrder & 0xFFFF); msw = (a.lowOrder >>> 16) + (b.lowOrder >>> 16) + (c.lowOrder >>> 16) + (d.lowOrder >>> 16) + (lsw >>> 16); lowOrder = ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); lsw = (a.highOrder & 0xFFFF) + (b.highOrder & 0xFFFF) + (c.highOrder & 0xFFFF) + (d.highOrder & 0xFFFF) + (msw >>> 16); msw = (a.highOrder >>> 16) + (b.highOrder >>> 16) + (c.highOrder >>> 16) + (d.highOrder >>> 16) + (lsw >>> 16); highOrder = ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); return new Int_64(highOrder, lowOrder); }, /* * Add five 64-bit integers, wrapping at 2^64. This uses 16-bit operations * internally to work around bugs in some JS interpreters. * * @private * @param {Int_64} a The first 64-bit integer argument to be added * @param {Int_64} b The second 64-bit integer argument to be added * @param {Int_64} c The third 64-bit integer argument to be added * @param {Int_64} d The fouth 64-bit integer argument to be added * @param {Int_64} e The fouth 64-bit integer argument to be added * @return The sum of a + b + c + d + e */ safeAdd_64_5 = function(a, b, c, d, e) { var lsw, msw, lowOrder, highOrder; lsw = (a.lowOrder & 0xFFFF) + (b.lowOrder & 0xFFFF) + (c.lowOrder & 0xFFFF) + (d.lowOrder & 0xFFFF) + (e.lowOrder & 0xFFFF); msw = (a.lowOrder >>> 16) + (b.lowOrder >>> 16) + (c.lowOrder >>> 16) + (d.lowOrder >>> 16) + (e.lowOrder >>> 16) + (lsw >>> 16); lowOrder = ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); lsw = (a.highOrder & 0xFFFF) + (b.highOrder & 0xFFFF) + (c.highOrder & 0xFFFF) + (d.highOrder & 0xFFFF) + (e.highOrder & 0xFFFF) + (msw >>> 16); msw = (a.highOrder >>> 16) + (b.highOrder >>> 16) + (c.highOrder >>> 16) + (d.highOrder >>> 16) + (e.highOrder >>> 16) + (lsw >>> 16); highOrder = ((msw & 0xFFFF) << 16) | (lsw & 0xFFFF); return new Int_64(highOrder, lowOrder); }, /* * Calculates the SHA-1 hash of the string set at instantiation * * @private * @param {Array} message The binary array representation of the string to * hash * @param {Number} messageLen The number of bits in the message * @return The array of integers representing the SHA-1 hash of message */ coreSHA1 = function(message, messageLen) { var W = [], a, b, c, d, e, T, ch = ch_32, parity = parity_32, maj = maj_32, rotl = rotl_32, safeAdd_2 = safeAdd_32_2, i, t, safeAdd_5 = safeAdd_32_5, appendedMessageLength, H = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ], K = [ 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6 ]; /* Append '1' at the end of the binary string */ message[messageLen >> 5] |= 0x80 << (24 - (messageLen % 32)); /* Append length of binary string in the position such that the new length is a multiple of 512. Logic does not work for even multiples of 512 but there can never be even multiples of 512 */ message[(((messageLen + 65) >> 9) << 4) + 15] = messageLen; appendedMessageLength = message.length; for (i = 0; i < appendedMessageLength; i += 16) { a = H[0]; b = H[1]; c = H[2]; d = H[3]; e = H[4]; for (t = 0; t < 80; t += 1) { if (t < 16) { W[t] = message[t + i]; } else { W[t] = rotl(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1); } if (t < 20) { T = safeAdd_5(rotl(a, 5), ch(b, c, d), e, K[t], W[t]); } else if (t < 40) { T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, K[t], W[t]); } else if (t < 60) { T = safeAdd_5(rotl(a, 5), maj(b, c, d), e, K[t], W[t]); } else { T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, K[t], W[t]); } e = d; d = c; c = rotl(b, 30); b = a; a = T; } H[0] = safeAdd_2(a, H[0]); H[1] = safeAdd_2(b, H[1]); H[2] = safeAdd_2(c, H[2]); H[3] = safeAdd_2(d, H[3]); H[4] = safeAdd_2(e, H[4]); } return H; }, /* * Calculates the desired SHA-2 hash of the string set at instantiation * * @private * @param {Array} The binary array representation of the string to hash * @param {Number} The number of bits in message * @param {String} variant The desired SHA-2 variant * @return The array of integers representing the SHA-2 hash of message */ coreSHA2 = function(message, messageLen, variant) { var a, b, c, d, e, f, g, h, T1, T2, H, numRounds, lengthPosition, i, t, binaryStringInc, binaryStringMult, safeAdd_2, safeAdd_4, safeAdd_5, gamma0, gamma1, sigma0, sigma1, ch, maj, Int, K, W = [], appendedMessageLength; /* Set up the various function handles and variable for the specific * variant */ if (variant === "SHA-224" || variant === "SHA-256") { /* 32-bit variant */ numRounds = 64; lengthPosition = (((messageLen + 65) >> 9) << 4) + 15; binaryStringInc = 16; binaryStringMult = 1; Int = Number; safeAdd_2 = safeAdd_32_2; safeAdd_4 = safeAdd_32_4; safeAdd_5 = safeAdd_32_5; gamma0 = gamma0_32; gamma1 = gamma1_32; sigma0 = sigma0_32; sigma1 = sigma1_32; maj = maj_32; ch = ch_32; K = [ 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2 ]; if (variant === "SHA-224") { H = [ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; } else { H = [ 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 ]; } } else if (variant === "SHA-384" || variant === "SHA-512") { /* 64-bit variant */ numRounds = 80; lengthPosition = (((messageLen + 128) >> 10) << 5) + 31; binaryStringInc = 32; binaryStringMult = 2; Int = Int_64; safeAdd_2 = safeAdd_64_2; safeAdd_4 = safeAdd_64_4; safeAdd_5 = safeAdd_64_5; gamma0 = gamma0_64; gamma1 = gamma1_64; sigma0 = sigma0_64; sigma1 = sigma1_64; maj = maj_64; ch = ch_64; K = [ new Int(0x428a2f98, 0xd728ae22), new Int(0x71374491, 0x23ef65cd), new Int(0xb5c0fbcf, 0xec4d3b2f), new Int(0xe9b5dba5, 0x8189dbbc), new Int(0x3956c25b, 0xf348b538), new Int(0x59f111f1, 0xb605d019), new Int(0x923f82a4, 0xaf194f9b), new Int(0xab1c5ed5, 0xda6d8118), new Int(0xd807aa98, 0xa3030242), new Int(0x12835b01, 0x45706fbe), new Int(0x243185be, 0x4ee4b28c), new Int(0x550c7dc3, 0xd5ffb4e2), new Int(0x72be5d74, 0xf27b896f), new Int(0x80deb1fe, 0x3b1696b1), new Int(0x9bdc06a7, 0x25c71235), new Int(0xc19bf174, 0xcf692694), new Int(0xe49b69c1, 0x9ef14ad2), new Int(0xefbe4786, 0x384f25e3), new Int(0x0fc19dc6, 0x8b8cd5b5), new Int(0x240ca1cc, 0x77ac9c65), new Int(0x2de92c6f, 0x592b0275), new Int(0x4a7484aa, 0x6ea6e483), new Int(0x5cb0a9dc, 0xbd41fbd4), new Int(0x76f988da, 0x831153b5), new Int(0x983e5152, 0xee66dfab), new Int(0xa831c66d, 0x2db43210), new Int(0xb00327c8, 0x98fb213f), new Int(0xbf597fc7, 0xbeef0ee4), new Int(0xc6e00bf3, 0x3da88fc2), new Int(0xd5a79147, 0x930aa725), new Int(0x06ca6351, 0xe003826f), new Int(0x14292967, 0x0a0e6e70), new Int(0x27b70a85, 0x46d22ffc), new Int(0x2e1b2138, 0x5c26c926), new Int(0x4d2c6dfc, 0x5ac42aed), new Int(0x53380d13, 0x9d95b3df), new Int(0x650a7354, 0x8baf63de), new Int(0x766a0abb, 0x3c77b2a8), new Int(0x81c2c92e, 0x47edaee6), new Int(0x92722c85, 0x1482353b), new Int(0xa2bfe8a1, 0x4cf10364), new Int(0xa81a664b, 0xbc423001), new Int(0xc24b8b70, 0xd0f89791), new Int(0xc76c51a3, 0x0654be30), new Int(0xd192e819, 0xd6ef5218), new Int(0xd6990624, 0x5565a910), new Int(0xf40e3585, 0x5771202a), new Int(0x106aa070, 0x32bbd1b8), new Int(0x19a4c116, 0xb8d2d0c8), new Int(0x1e376c08, 0x5141ab53), new Int(0x2748774c, 0xdf8eeb99), new Int(0x34b0bcb5, 0xe19b48a8), new Int(0x391c0cb3, 0xc5c95a63), new Int(0x4ed8aa4a, 0xe3418acb), new Int(0x5b9cca4f, 0x7763e373), new Int(0x682e6ff3, 0xd6b2b8a3), new Int(0x748f82ee, 0x5defb2fc), new Int(0x78a5636f, 0x43172f60), new Int(0x84c87814, 0xa1f0ab72), new Int(0x8cc70208, 0x1a6439ec), new Int(0x90befffa, 0x23631e28), new Int(0xa4506ceb, 0xde82bde9), new Int(0xbef9a3f7, 0xb2c67915), new Int(0xc67178f2, 0xe372532b), new Int(0xca273ece, 0xea26619c), new Int(0xd186b8c7, 0x21c0c207), new Int(0xeada7dd6, 0xcde0eb1e), new Int(0xf57d4f7f, 0xee6ed178), new Int(0x06f067aa, 0x72176fba), new Int(0x0a637dc5, 0xa2c898a6), new Int(0x113f9804, 0xbef90dae), new Int(0x1b710b35, 0x131c471b), new Int(0x28db77f5, 0x23047d84), new Int(0x32caab7b, 0x40c72493), new Int(0x3c9ebe0a, 0x15c9bebc), new Int(0x431d67c4, 0x9c100d4c), new Int(0x4cc5d4be, 0xcb3e42b6), new Int(0x597f299c, 0xfc657e2a), new Int(0x5fcb6fab, 0x3ad6faec), new Int(0x6c44198c, 0x4a475817) ]; if (variant === "SHA-384") { H = [ new Int(0xcbbb9d5d, 0xc1059ed8), new Int(0x0629a292a, 0x367cd507), new Int(0x9159015a, 0x3070dd17), new Int(0x0152fecd8, 0xf70e5939), new Int(0x67332667, 0xffc00b31), new Int(0x98eb44a87, 0x68581511), new Int(0xdb0c2e0d, 0x64f98fa7), new Int(0x047b5481d, 0xbefa4fa4) ]; } else { H = [ new Int(0x6a09e667, 0xf3bcc908), new Int(0xbb67ae85, 0x84caa73b), new Int(0x3c6ef372, 0xfe94f82b), new Int(0xa54ff53a, 0x5f1d36f1), new Int(0x510e527f, 0xade682d1), new Int(0x9b05688c, 0x2b3e6c1f), new Int(0x1f83d9ab, 0xfb41bd6b), new Int(0x5be0cd19, 0x137e2179) ]; } } /* Append '1' at the end of the binary string */ message[messageLen >> 5] |= 0x80 << (24 - messageLen % 32); /* Append length of binary string in the position such that the new * length is correct */ message[lengthPosition] = messageLen; appendedMessageLength = message.length; for (i = 0; i < appendedMessageLength; i += binaryStringInc) { a = H[0]; b = H[1]; c = H[2]; d = H[3]; e = H[4]; f = H[5]; g = H[6]; h = H[7]; for (t = 0; t < numRounds; t += 1) { if (t < 16) { /* Bit of a hack - for 32-bit, the second term is ignored */ W[t] = new Int(message[t * binaryStringMult + i], message[t * binaryStringMult + i + 1]); } else { W[t] = safeAdd_4( gamma1(W[t - 2]), W[t - 7], gamma0(W[t - 15]), W[t - 16]); } T1 = safeAdd_5(h, sigma1(e), ch(e, f, g), K[t], W[t]); T2 = safeAdd_2(sigma0(a), maj(a, b, c)); h = g; g = f; f = e; e = safeAdd_2(d, T1); d = c; c = b; b = a; a = safeAdd_2(T1, T2); } H[0] = safeAdd_2(a, H[0]); H[1] = safeAdd_2(b, H[1]); H[2] = safeAdd_2(c, H[2]); H[3] = safeAdd_2(d, H[3]); H[4] = safeAdd_2(e, H[4]); H[5] = safeAdd_2(f, H[5]); H[6] = safeAdd_2(g, H[6]); H[7] = safeAdd_2(h, H[7]); } switch (variant) { case "SHA-224": return [ H[0], H[1], H[2], H[3], H[4], H[5], H[6]]; case "SHA-256": return H; case "SHA-384": return [ H[0].highOrder, H[0].lowOrder, H[1].highOrder, H[1].lowOrder, H[2].highOrder, H[2].lowOrder, H[3].highOrder, H[3].lowOrder, H[4].highOrder, H[4].lowOrder, H[5].highOrder, H[5].lowOrder]; case "SHA-512": return [ H[0].highOrder, H[0].lowOrder, H[1].highOrder, H[1].lowOrder, H[2].highOrder, H[2].lowOrder, H[3].highOrder, H[3].lowOrder, H[4].highOrder, H[4].lowOrder, H[5].highOrder, H[5].lowOrder, H[6].highOrder, H[6].lowOrder, H[7].highOrder, H[7].lowOrder]; default: /* This should never be reached */ throw new Error('Unknown SHA variant'); } }, /* * jsSHA is the workhorse of the library. Instantiate it with the string to * be hashed as the parameter * * @constructor * @param {String} srcString The string to be hashed * @param {String} inputFormat The format of srcString, ASCII or HEX */ jsSHA = function(srcString, inputFormat) { this.sha1 = null; this.sha224 = null; this.sha256 = null; this.sha384 = null; this.sha512 = null; this.strBinLen = null; this.strToHash = null; /* Convert the input string into the correct type */ if ("HEX" === inputFormat) { if (0 !== (srcString.length % 2)) { throw new Error("TEXT MUST BE IN BYTE INCREMENTS"); } this.strBinLen = srcString.length * 4; this.strToHash = hex2binb(srcString); } else if (("ASCII" === inputFormat) || ('undefined' === typeof(inputFormat))) { this.strBinLen = srcString.length * charSize; this.strToHash = str2binb(srcString); } else { throw new Error("UNKNOWN TEXT INPUT TYPE"); } }; jsSHA.prototype = { /* * Returns the desired SHA hash of the string specified at instantiation * using the specified parameters * * @param {String} variant The desired SHA variant (SHA-1, SHA-224, * SHA-256, SHA-384, or SHA-512) * @param {String} format The desired output formatting (B64 or HEX) * @return The string representation of the hash in the format specified */ getHash: function(variant, format) { var formatFunc = null, message = this.strToHash.slice(); switch (format) { case "HEX": formatFunc = binb2hex; break; case "B64": formatFunc = binb2b64; break; case "ASCII": formatFunc = binb2str; break; default: throw new Error("FORMAT NOT RECOGNIZED"); } switch (variant) { case "SHA-1": if (null === this.sha1) { this.sha1 = coreSHA1(message, this.strBinLen); } return formatFunc(this.sha1); case "SHA-224": if (null === this.sha224) { this.sha224 = coreSHA2(message, this.strBinLen, variant); } return formatFunc(this.sha224); case "SHA-256": if (null === this.sha256) { this.sha256 = coreSHA2(message, this.strBinLen, variant); } return formatFunc(this.sha256); case "SHA-384": if (null === this.sha384) { this.sha384 = coreSHA2(message, this.strBinLen, variant); } return formatFunc(this.sha384); case "SHA-512": if (null === this.sha512) { this.sha512 = coreSHA2(message, this.strBinLen, variant); } return formatFunc(this.sha512); default: throw new Error("HASH NOT RECOGNIZED"); } }, /* * Returns the desired HMAC of the string specified at instantiation * using the key and variant param. * * @param {String} key The key used to calculate the HMAC * @param {String} inputFormat The format of key, ASCII or HEX * @param {String} variant The desired SHA variant (SHA-1, SHA-224, * SHA-256, SHA-384, or SHA-512) * @param {String} outputFormat The desired output formatting * (B64 or HEX) * @return The string representation of the hash in the format specified */ getHMAC: function(key, inputFormat, variant, outputFormat) { var formatFunc, keyToUse, blockByteSize, blockBitSize, i, retVal, lastArrayIndex, keyBinLen, hashBitSize, keyWithIPad = [], keyWithOPad = []; /* Validate the output format selection */ switch (outputFormat) { case "HEX": formatFunc = binb2hex; break; case "B64": formatFunc = binb2b64; break; case "ASCII": formatFunc = binb2str; break; default: throw new Error("FORMAT NOT RECOGNIZED"); } /* Validate the hash variant selection and set needed variables */ switch (variant) { case "SHA-1": blockByteSize = 64; hashBitSize = 160; break; case "SHA-224": blockByteSize = 64; hashBitSize = 224; break; case "SHA-256": blockByteSize = 64; hashBitSize = 256; break; case "SHA-384": blockByteSize = 128; hashBitSize = 384; break; case "SHA-512": blockByteSize = 128; hashBitSize = 512; break; default: throw new Error("HASH NOT RECOGNIZED"); } /* Validate input format selection */ if ("HEX" === inputFormat) { /* Nibbles must come in pairs */ if (0 !== (key.length % 2)) { throw new Error("KEY MUST BE IN BYTE INCREMENTS"); } keyToUse = hex2binb(key); keyBinLen = key.length * 4; } else if ("ASCII" === inputFormat) { keyToUse = str2binb(key); keyBinLen = key.length * charSize; } else { throw new Error("UNKNOWN KEY INPUT TYPE"); } /* These are used multiple times, calculate and store them */ blockBitSize = blockByteSize * 8; lastArrayIndex = (blockByteSize / 4) - 1; /* Figure out what to do with the key based on its size relative to * the hash's block size */ if (blockByteSize < (keyBinLen / 8)) { if ("SHA-1" === variant) { keyToUse = coreSHA1(keyToUse, keyBinLen); } else { keyToUse = coreSHA2(keyToUse, keyBinLen, variant); } /* For all variants, the block size is bigger than the output * size so there will never be a useful byte at the end of the * string */ keyToUse[lastArrayIndex] &= 0xFFFFFF00; } else if (blockByteSize > (keyBinLen / 8)) { /* If the blockByteSize is greater than the key length, there * will always be at LEAST one "useless" byte at the end of the * string */ keyToUse[lastArrayIndex] &= 0xFFFFFF00; } /* Create ipad and opad */ for (i = 0; i <= lastArrayIndex; i += 1) { keyWithIPad[i] = keyToUse[i] ^ 0x36363636; keyWithOPad[i] = keyToUse[i] ^ 0x5C5C5C5C; } /* Calculate the HMAC */ if ("SHA-1" === variant) { retVal = coreSHA1( keyWithIPad.concat(this.strToHash), blockBitSize + this.strBinLen); retVal = coreSHA1( keyWithOPad.concat(retVal), blockBitSize + hashBitSize); } else { retVal = coreSHA2( keyWithIPad.concat(this.strToHash), blockBitSize + this.strBinLen, variant); retVal = coreSHA2( keyWithOPad.concat(retVal), blockBitSize + hashBitSize, variant); } return (formatFunc(retVal)); } }; return jsSHA; }()); module.exports = { /** SHA1 hash */ sha1: function(str) { var shaObj = new jsSHA(str, "ASCII"); return shaObj.getHash("SHA-1", "ASCII"); }, /** SHA224 hash */ sha224: function(str) { var shaObj = new jsSHA(str, "ASCII"); return shaObj.getHash("SHA-224", "ASCII"); }, /** SHA256 hash */ sha256: function(str) { var shaObj = new jsSHA(str, "ASCII"); return shaObj.getHash("SHA-256", "ASCII"); }, /** SHA384 hash */ sha384: function(str) { var shaObj = new jsSHA(str, "ASCII"); return shaObj.getHash("SHA-384", "ASCII"); }, /** SHA512 hash */ sha512: function(str) { var shaObj = new jsSHA(str, "ASCII"); return shaObj.getHash("SHA-512", "ASCII"); } }; },{}],32:[function(require,module,exports){ /** * @see module:crypto/crypto * @module crypto */ module.exports = { /** @see module:crypto/cipher */ cipher: require('./cipher'), /** @see module:crypto/hash */ hash: require('./hash'), /** @see module:crypto/cfb */ cfb: require('./cfb.js'), /** @see module:crypto/public_key */ publicKey: require('./public_key'), /** @see module:crypto/signature */ signature: require('./signature.js'), /** @see module:crypto/random */ random: require('./random.js'), /** @see module:crypto/pkcs1 */ pkcs1: require('./pkcs1.js') }; var crypto = require('./crypto.js'); for (var i in crypto) module.exports[i] = crypto[i]; },{"./cfb.js":18,"./cipher":23,"./crypto.js":25,"./hash":28,"./pkcs1.js":33,"./public_key":36,"./random.js":39,"./signature.js":40}],33:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * PKCS1 encoding * @requires crypto/crypto * @requires crypto/hash * @requires crypto/public_key/jsbn * @requires crypto/random * @requires util * @module crypto/pkcs1 */ /** * ASN1 object identifiers for hashes (See {@link http://tools.ietf.org/html/rfc4880#section-5.2.2}) */ var hash_headers = []; hash_headers[1] = [0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 ]; hash_headers[2] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14]; hash_headers[3] = [0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14]; hash_headers[8] = [0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 ]; hash_headers[9] = [0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 ]; hash_headers[10] = [0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 ]; hash_headers[11] = [0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C ]; var crypto = require('./crypto.js'), random = require('./random.js'), util = require('../util.js'), BigInteger = require('./public_key/jsbn.js'), hash = require('./hash'); /** * Create padding with secure random data * @private * @param {Integer} length Length of the padding in bytes * @return {String} Padding as string */ function getPkcs1Padding(length) { var result = ''; var randomByte; while (result.length < length) { randomByte = random.getSecureRandomOctet(); if (randomByte !== 0) { result += String.fromCharCode(randomByte); } } return result; } module.exports = { eme: { /** * create a EME-PKCS1-v1_5 padding (See {@link http://tools.ietf.org/html/rfc4880#section-13.1.1|RFC 4880 13.1.1}) * @param {String} M message to be encoded * @param {Integer} k the length in octets of the key modulus * @return {String} EME-PKCS1 padded message */ encode: function(M, k) { var mLen = M.length; // length checking if (mLen > k - 11) { throw new Error('Message too long'); } // Generate an octet string PS of length k - mLen - 3 consisting of // pseudo-randomly generated nonzero octets var PS = getPkcs1Padding(k - mLen - 3); // Concatenate PS, the message M, and other padding to form an // encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. var EM = String.fromCharCode(0) + String.fromCharCode(2) + PS + String.fromCharCode(0) + M; return EM; }, /** * decodes a EME-PKCS1-v1_5 padding (See {@link http://tools.ietf.org/html/rfc4880#section-13.1.2|RFC 4880 13.1.2}) * @param {String} EM encoded message, an octet string * @return {String} message, an octet string */ decode: function(EM) { // leading zeros truncated by jsbn if (EM.charCodeAt(0) !== 0) { EM = String.fromCharCode(0) + EM; } var firstOct = EM.charCodeAt(0); var secondOct = EM.charCodeAt(1); var i = 2; while (EM.charCodeAt(i) !== 0 && i < EM.length) { i++; } var psLen = i - 2; var separator = EM.charCodeAt(i++); if (firstOct === 0 && secondOct === 2 && psLen >= 8 && separator === 0) { return EM.substr(i); } else { throw new Error('Decryption error'); } } }, emsa: { /** * create a EMSA-PKCS1-v1_5 padding (See {@link http://tools.ietf.org/html/rfc4880#section-13.1.3|RFC 4880 13.1.3}) * @param {Integer} algo Hash algorithm type used * @param {String} M message to be encoded * @param {Integer} emLen intended length in octets of the encoded message * @returns {String} encoded message */ encode: function(algo, M, emLen) { var i; // Apply the hash function to the message M to produce a hash value H var H = hash.digest(algo, M); if (H.length !== hash.getHashByteLength(algo)) { throw new Error('Invalid hash length'); } // produce an ASN.1 DER value for the hash function used. // Let T be the full hash prefix var T = ''; for (i = 0; i < hash_headers[algo].length; i++) { T += String.fromCharCode(hash_headers[algo][i]); } // add hash value to prefix T += H; // and let tLen be the length in octets of T var tLen = T.length; if (emLen < tLen + 11) { throw new Error('Intended encoded message length too short'); } // an octet string PS consisting of emLen - tLen - 3 octets with hexadecimal value 0xFF // The length of PS will be at least 8 octets var PS = ''; for (i = 0; i < (emLen - tLen - 3); i++) { PS += String.fromCharCode(0xff); } // Concatenate PS, the hash prefix T, and other padding to form the // encoded message EM as EM = 0x00 || 0x01 || PS || 0x00 || T. var EM = String.fromCharCode(0x00) + String.fromCharCode(0x01) + PS + String.fromCharCode(0x00) + T; return new BigInteger(util.hexstrdump(EM), 16); } } }; },{"../util.js":74,"./crypto.js":25,"./hash":28,"./public_key/jsbn.js":37,"./random.js":39}],34:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA // // A Digital signature algorithm implementation /** * @requires crypto/hash * @requires crypto/public_key/jsbn * @requires crypto/random * @requires util * @module crypto/public_key/dsa */ var BigInteger = require('./jsbn.js'), random = require('../random.js'), hashModule = require('../hash'), util = require('../../util.js'), config = require('../../config'); function DSA() { // s1 = ((g**s) mod p) mod q // s1 = ((s**-1)*(sha-1(m)+(s1*x) mod q) function sign(hashalgo, m, g, p, q, x) { // If the output size of the chosen hash is larger than the number of // bits of q, the hash result is truncated to fit by taking the number // of leftmost bits equal to the number of bits of q. This (possibly // truncated) hash function result is treated as a number and used // directly in the DSA signature algorithm. var hashed_data = util.getLeftNBits(hashModule.digest(hashalgo, m), q.bitLength()); var hash = new BigInteger(util.hexstrdump(hashed_data), 16); // FIPS-186-4, section 4.6: // The values of r and s shall be checked to determine if r = 0 or s = 0. // If either r = 0 or s = 0, a new value of k shall be generated, and the // signature shall be recalculated. It is extremely unlikely that r = 0 // or s = 0 if signatures are generated properly. var k, s1, s2; while (true) { k = random.getRandomBigIntegerInRange(BigInteger.ONE, q.subtract(BigInteger.ONE)); s1 = (g.modPow(k, p)).mod(q); s2 = (k.modInverse(q).multiply(hash.add(x.multiply(s1)))).mod(q); if (s1 != 0 && s2 != 0) { break; } } var result = []; result[0] = s1.toMPI(); result[1] = s2.toMPI(); return result; } function select_hash_algorithm(q) { var usersetting = config.prefer_hash_algorithm; /* * 1024-bit key, 160-bit q, SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512 hash * 2048-bit key, 224-bit q, SHA-224, SHA-256, SHA-384, or SHA-512 hash * 2048-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash * 3072-bit key, 256-bit q, SHA-256, SHA-384, or SHA-512 hash */ switch (Math.round(q.bitLength() / 8)) { case 20: // 1024 bit if (usersetting != 2 && usersetting > 11 && usersetting != 10 && usersetting < 8) return 2; // prefer sha1 return usersetting; case 28: // 2048 bit if (usersetting > 11 && usersetting < 8) return 11; return usersetting; case 32: // 4096 bit // prefer sha224 if (usersetting > 10 && usersetting < 8) return 8; // prefer sha256 return usersetting; default: util.print_debug("DSA select hash algorithm: returning null for an unknown length of q"); return null; } } this.select_hash_algorithm = select_hash_algorithm; function verify(hashalgo, s1, s2, m, p, q, g, y) { var hashed_data = util.getLeftNBits(hashModule.digest(hashalgo, m), q.bitLength()); var hash = new BigInteger(util.hexstrdump(hashed_data), 16); if (BigInteger.ZERO.compareTo(s1) >= 0 || s1.compareTo(q) >= 0 || BigInteger.ZERO.compareTo(s2) >= 0 || s2.compareTo(q) >= 0) { util.print_debug("invalid DSA Signature"); return null; } var w = s2.modInverse(q); if (BigInteger.ZERO.compareTo(w) == 0) { util.print_debug("invalid DSA Signature"); return null; } var u1 = hash.multiply(w).mod(q); var u2 = s1.multiply(w).mod(q); return g.modPow(u1, p).multiply(y.modPow(u2, p)).mod(p).mod(q); } /* * unused code. This can be used as a start to write a key generator * function. function generateKey(bitcount) { var qi = new BigInteger(bitcount, primeCenterie); var pi = generateP(q, 512); var gi = generateG(p, q, bitcount); var xi; do { xi = new BigInteger(q.bitCount(), rand); } while (x.compareTo(BigInteger.ZERO) != 1 && x.compareTo(q) != -1); var yi = g.modPow(x, p); return {x: xi, q: qi, p: pi, g: gi, y: yi}; } function generateP(q, bitlength, randomfn) { if (bitlength % 64 != 0) { return false; } var pTemp; var pTemp2; do { pTemp = randomfn(bitcount, true); pTemp2 = pTemp.subtract(BigInteger.ONE); pTemp = pTemp.subtract(pTemp2.remainder(q)); } while (!pTemp.isProbablePrime(primeCenterie) || pTemp.bitLength() != l); return pTemp; } function generateG(p, q, bitlength, randomfn) { var aux = p.subtract(BigInteger.ONE); var pow = aux.divide(q); var gTemp; do { gTemp = randomfn(bitlength); } while (gTemp.compareTo(aux) != -1 && gTemp.compareTo(BigInteger.ONE) != 1); return gTemp.modPow(pow, p); } function generateK(q, bitlength, randomfn) { var tempK; do { tempK = randomfn(bitlength, false); } while (tempK.compareTo(q) != -1 && tempK.compareTo(BigInteger.ZERO) != 1); return tempK; } function generateR(q,p) { k = generateK(q); var r = g.modPow(k, p).mod(q); return r; } function generateS(hashfn,k,r,m,q,x) { var hash = hashfn(m); s = (k.modInverse(q).multiply(hash.add(x.multiply(r)))).mod(q); return s; } */ this.sign = sign; this.verify = verify; // this.generate = generateKey; } module.exports = DSA; },{"../../config":17,"../../util.js":74,"../hash":28,"../random.js":39,"./jsbn.js":37}],35:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA // // ElGamal implementation /** * @requires crypto/public_key/jsbn * @requires crypto/random * @requires util * @module crypto/public_key/elgamal */ var BigInteger = require('./jsbn.js'), random = require('../random.js'), util = require('../../util.js'); function Elgamal() { function encrypt(m, g, p, y) { // choose k in {2,...,p-2} var pMinus2 = p.subtract(BigInteger.TWO); var k = random.getRandomBigIntegerInRange(BigInteger.ONE, pMinus2); k = k.mod(pMinus2).add(BigInteger.ONE); var c = []; c[0] = g.modPow(k, p); c[1] = y.modPow(k, p).multiply(m).mod(p); return c; } function decrypt(c1, c2, p, x) { util.print_debug("Elgamal Decrypt:\nc1:" + util.hexstrdump(c1.toMPI()) + "\n" + "c2:" + util.hexstrdump(c2.toMPI()) + "\n" + "p:" + util.hexstrdump(p.toMPI()) + "\n" + "x:" + util.hexstrdump(x.toMPI())); return (c1.modPow(x, p).modInverse(p)).multiply(c2).mod(p); //var c = c1.pow(x).modInverse(p); // c0^-a mod p //return c.multiply(c2).mod(p); } // signing and signature verification using Elgamal is not required by OpenPGP. this.encrypt = encrypt; this.decrypt = decrypt; } module.exports = Elgamal; },{"../../util.js":74,"../random.js":39,"./jsbn.js":37}],36:[function(require,module,exports){ /** * @requires crypto/public_key/dsa * @requires crypto/public_key/elgamal * @requires crypto/public_key/rsa * @module crypto/public_key */ module.exports = { /** @see module:crypto/public_key/rsa */ rsa: require('./rsa.js'), /** @see module:crypto/public_key/elgamal */ elgamal: require('./elgamal.js'), /** @see module:crypto/public_key/dsa */ dsa: require('./dsa.js') }; },{"./dsa.js":34,"./elgamal.js":35,"./rsa.js":38}],37:[function(require,module,exports){ /* * Copyright (c) 2003-2005 Tom Wu (tjw@cs.Stanford.EDU) * All Rights Reserved. * * Modified by Recurity Labs GmbH * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. * * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * In addition, the following condition applies: * * All redistributions must retain an intact copy of this copyright notice * and disclaimer. */ /** * @requires util * @module crypto/public_key/jsbn */ var util = require('../../util.js'); // Basic JavaScript BN library - subset useful for RSA encryption. // Bits per digit var dbits; // JavaScript engine analysis var canary = 0xdeadbeefcafe; var j_lm = ((canary & 0xffffff) == 0xefcafe); // (public) Constructor function BigInteger(a, b, c) { if (a != null) if ("number" == typeof a) this.fromNumber(a, b, c); else if (b == null && "string" != typeof a) this.fromString(a, 256); else this.fromString(a, b); } // return new, unset BigInteger function nbi() { return new BigInteger(null); } // am: Compute w_j += (x*this_i), propagate carries, // c is initial carry, returns final carry. // c < 3*dvalue, x < 2*dvalue, this_i < dvalue // We need to select the fastest one that works in this environment. // am1: use a single mult and divide to get the high bits, // max digit bits should be 26 because // max internal value = 2*dvalue^2-2*dvalue (< 2^53) function am1(i, x, w, j, c, n) { while (--n >= 0) { var v = x * this[i++] + w[j] + c; c = Math.floor(v / 0x4000000); w[j++] = v & 0x3ffffff; } return c; } // am2 avoids a big mult-and-extract completely. // Max digit bits should be <= 30 because we do bitwise ops // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) function am2(i, x, w, j, c, n) { var xl = x & 0x7fff, xh = x >> 15; while (--n >= 0) { var l = this[i] & 0x7fff; var h = this[i++] >> 15; var m = xh * l + h * xl; l = xl * l + ((m & 0x7fff) << 15) + w[j] + (c & 0x3fffffff); c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30); w[j++] = l & 0x3fffffff; } return c; } // Alternately, set max digit bits to 28 since some // browsers slow down when dealing with 32-bit numbers. function am3(i, x, w, j, c, n) { var xl = x & 0x3fff, xh = x >> 14; while (--n >= 0) { var l = this[i] & 0x3fff; var h = this[i++] >> 14; var m = xh * l + h * xl; l = xl * l + ((m & 0x3fff) << 14) + w[j] + c; c = (l >> 28) + (m >> 14) + xh * h; w[j++] = l & 0xfffffff; } return c; } /*if(j_lm && (navigator != undefined && navigator.appName == "Microsoft Internet Explorer")) { BigInteger.prototype.am = am2; dbits = 30; } else if(j_lm && (navigator != undefined && navigator.appName != "Netscape")) {*/ BigInteger.prototype.am = am1; dbits = 26; /*} else { // Mozilla/Netscape seems to prefer am3 BigInteger.prototype.am = am3; dbits = 28; }*/ BigInteger.prototype.DB = dbits; BigInteger.prototype.DM = ((1 << dbits) - 1); BigInteger.prototype.DV = (1 << dbits); var BI_FP = 52; BigInteger.prototype.FV = Math.pow(2, BI_FP); BigInteger.prototype.F1 = BI_FP - dbits; BigInteger.prototype.F2 = 2 * dbits - BI_FP; // Digit conversions var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz"; var BI_RC = new Array(); var rr, vv; rr = "0".charCodeAt(0); for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv; rr = "a".charCodeAt(0); for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; rr = "A".charCodeAt(0); for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; function int2char(n) { return BI_RM.charAt(n); } function intAt(s, i) { var c = BI_RC[s.charCodeAt(i)]; return (c == null) ? -1 : c; } // (protected) copy this to r function bnpCopyTo(r) { for (var i = this.t - 1; i >= 0; --i) r[i] = this[i]; r.t = this.t; r.s = this.s; } // (protected) set from integer value x, -DV <= x < DV function bnpFromInt(x) { this.t = 1; this.s = (x < 0) ? -1 : 0; if (x > 0) this[0] = x; else if (x < -1) this[0] = x + this.DV; else this.t = 0; } // return bigint initialized to value function nbv(i) { var r = nbi(); r.fromInt(i); return r; } // (protected) set from string and radix function bnpFromString(s, b) { var k; if (b == 16) k = 4; else if (b == 8) k = 3; else if (b == 256) k = 8; // byte array else if (b == 2) k = 1; else if (b == 32) k = 5; else if (b == 4) k = 2; else { this.fromRadix(s, b); return; } this.t = 0; this.s = 0; var i = s.length, mi = false, sh = 0; while (--i >= 0) { var x = (k == 8) ? s[i] & 0xff : intAt(s, i); if (x < 0) { if (s.charAt(i) == "-") mi = true; continue; } mi = false; if (sh == 0) this[this.t++] = x; else if (sh + k > this.DB) { this[this.t - 1] |= (x & ((1 << (this.DB - sh)) - 1)) << sh; this[this.t++] = (x >> (this.DB - sh)); } else this[this.t - 1] |= x << sh; sh += k; if (sh >= this.DB) sh -= this.DB; } if (k == 8 && (s[0] & 0x80) != 0) { this.s = -1; if (sh > 0) this[this.t - 1] |= ((1 << (this.DB - sh)) - 1) << sh; } this.clamp(); if (mi) BigInteger.ZERO.subTo(this, this); } // (protected) clamp off excess high words function bnpClamp() { var c = this.s & this.DM; while (this.t > 0 && this[this.t - 1] == c)--this.t; } // (public) return string representation in given radix function bnToString(b) { if (this.s < 0) return "-" + this.negate().toString(b); var k; if (b == 16) k = 4; else if (b == 8) k = 3; else if (b == 2) k = 1; else if (b == 32) k = 5; else if (b == 4) k = 2; else return this.toRadix(b); var km = (1 << k) - 1, d, m = false, r = "", i = this.t; var p = this.DB - (i * this.DB) % k; if (i-- > 0) { if (p < this.DB && (d = this[i] >> p) > 0) { m = true; r = int2char(d); } while (i >= 0) { if (p < k) { d = (this[i] & ((1 << p) - 1)) << (k - p); d |= this[--i] >> (p += this.DB - k); } else { d = (this[i] >> (p -= k)) & km; if (p <= 0) { p += this.DB; --i; } } if (d > 0) m = true; if (m) r += int2char(d); } } return m ? r : "0"; } // (public) -this function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this, r); return r; } // (public) |this| function bnAbs() { return (this.s < 0) ? this.negate() : this; } // (public) return + if this > a, - if this < a, 0 if equal function bnCompareTo(a) { var r = this.s - a.s; if (r != 0) return r; var i = this.t; r = i - a.t; if (r != 0) return (this.s < 0) ? -r : r; while (--i >= 0) if ((r = this[i] - a[i]) != 0) return r; return 0; } // returns bit length of the integer x function nbits(x) { var r = 1, t; if ((t = x >>> 16) != 0) { x = t; r += 16; } if ((t = x >> 8) != 0) { x = t; r += 8; } if ((t = x >> 4) != 0) { x = t; r += 4; } if ((t = x >> 2) != 0) { x = t; r += 2; } if ((t = x >> 1) != 0) { x = t; r += 1; } return r; } // (public) return the number of bits in "this" function bnBitLength() { if (this.t <= 0) return 0; return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM)); } // (protected) r = this << n*DB function bnpDLShiftTo(n, r) { var i; for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i]; for (i = n - 1; i >= 0; --i) r[i] = 0; r.t = this.t + n; r.s = this.s; } // (protected) r = this >> n*DB function bnpDRShiftTo(n, r) { for (var i = n; i < this.t; ++i) r[i - n] = this[i]; r.t = Math.max(this.t - n, 0); r.s = this.s; } // (protected) r = this << n function bnpLShiftTo(n, r) { var bs = n % this.DB; var cbs = this.DB - bs; var bm = (1 << cbs) - 1; var ds = Math.floor(n / this.DB), c = (this.s << bs) & this.DM, i; for (i = this.t - 1; i >= 0; --i) { r[i + ds + 1] = (this[i] >> cbs) | c; c = (this[i] & bm) << bs; } for (i = ds - 1; i >= 0; --i) r[i] = 0; r[ds] = c; r.t = this.t + ds + 1; r.s = this.s; r.clamp(); } // (protected) r = this >> n function bnpRShiftTo(n, r) { r.s = this.s; var ds = Math.floor(n / this.DB); if (ds >= this.t) { r.t = 0; return; } var bs = n % this.DB; var cbs = this.DB - bs; var bm = (1 << bs) - 1; r[0] = this[ds] >> bs; for (var i = ds + 1; i < this.t; ++i) { r[i - ds - 1] |= (this[i] & bm) << cbs; r[i - ds] = this[i] >> bs; } if (bs > 0) r[this.t - ds - 1] |= (this.s & bm) << cbs; r.t = this.t - ds; r.clamp(); } // (protected) r = this - a function bnpSubTo(a, r) { var i = 0, c = 0, m = Math.min(a.t, this.t); while (i < m) { c += this[i] - a[i]; r[i++] = c & this.DM; c >>= this.DB; } if (a.t < this.t) { c -= a.s; while (i < this.t) { c += this[i]; r[i++] = c & this.DM; c >>= this.DB; } c += this.s; } else { c += this.s; while (i < a.t) { c -= a[i]; r[i++] = c & this.DM; c >>= this.DB; } c -= a.s; } r.s = (c < 0) ? -1 : 0; if (c < -1) r[i++] = this.DV + c; else if (c > 0) r[i++] = c; r.t = i; r.clamp(); } // (protected) r = this * a, r != this,a (HAC 14.12) // "this" should be the larger one if appropriate. function bnpMultiplyTo(a, r) { var x = this.abs(), y = a.abs(); var i = x.t; r.t = i + y.t; while (--i >= 0) r[i] = 0; for (i = 0; i < y.t; ++i) r[i + x.t] = x.am(0, y[i], r, i, 0, x.t); r.s = 0; r.clamp(); if (this.s != a.s) BigInteger.ZERO.subTo(r, r); } // (protected) r = this^2, r != this (HAC 14.16) function bnpSquareTo(r) { var x = this.abs(); var i = r.t = 2 * x.t; while (--i >= 0) r[i] = 0; for (i = 0; i < x.t - 1; ++i) { var c = x.am(i, x[i], r, 2 * i, 0, 1); if ((r[i + x.t] += x.am(i + 1, 2 * x[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) { r[i + x.t] -= x.DV; r[i + x.t + 1] = 1; } } if (r.t > 0) r[r.t - 1] += x.am(i, x[i], r, 2 * i, 0, 1); r.s = 0; r.clamp(); } // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) // r != q, this != m. q or r may be null. function bnpDivRemTo(m, q, r) { var pm = m.abs(); if (pm.t <= 0) return; var pt = this.abs(); if (pt.t < pm.t) { if (q != null) q.fromInt(0); if (r != null) this.copyTo(r); return; } if (r == null) r = nbi(); var y = nbi(), ts = this.s, ms = m.s; var nsh = this.DB - nbits(pm[pm.t - 1]); // normalize modulus if (nsh > 0) { pm.lShiftTo(nsh, y); pt.lShiftTo(nsh, r); } else { pm.copyTo(y); pt.copyTo(r); } var ys = y.t; var y0 = y[ys - 1]; if (y0 == 0) return; var yt = y0 * (1 << this.F1) + ((ys > 1) ? y[ys - 2] >> this.F2 : 0); var d1 = this.FV / yt, d2 = (1 << this.F1) / yt, e = 1 << this.F2; var i = r.t, j = i - ys, t = (q == null) ? nbi() : q; y.dlShiftTo(j, t); if (r.compareTo(t) >= 0) { r[r.t++] = 1; r.subTo(t, r); } BigInteger.ONE.dlShiftTo(ys, t); t.subTo(y, y); // "negative" y so we can replace sub with am later while (y.t < ys) y[y.t++] = 0; while (--j >= 0) { // Estimate quotient digit var qd = (r[--i] == y0) ? this.DM : Math.floor(r[i] * d1 + (r[i - 1] + e) * d2); if ((r[i] += y.am(0, qd, r, j, 0, ys)) < qd) { // Try it out y.dlShiftTo(j, t); r.subTo(t, r); while (r[i] < --qd) r.subTo(t, r); } } if (q != null) { r.drShiftTo(ys, q); if (ts != ms) BigInteger.ZERO.subTo(q, q); } r.t = ys; r.clamp(); if (nsh > 0) r.rShiftTo(nsh, r); // Denormalize remainder if (ts < 0) BigInteger.ZERO.subTo(r, r); } // (public) this mod a function bnMod(a) { var r = nbi(); this.abs().divRemTo(a, null, r); if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r); return r; } // Modular reduction using "classic" algorithm function Classic(m) { this.m = m; } function cConvert(x) { if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); else return x; } function cRevert(x) { return x; } function cReduce(x) { x.divRemTo(this.m, null, x); } function cMulTo(x, y, r) { x.multiplyTo(y, r); this.reduce(r); } function cSqrTo(x, r) { x.squareTo(r); this.reduce(r); } Classic.prototype.convert = cConvert; Classic.prototype.revert = cRevert; Classic.prototype.reduce = cReduce; Classic.prototype.mulTo = cMulTo; Classic.prototype.sqrTo = cSqrTo; // (protected) return "-1/this % 2^DB"; useful for Mont. reduction // justification: // xy == 1 (mod m) // xy = 1+km // xy(2-xy) = (1+km)(1-km) // x[y(2-xy)] = 1-k^2m^2 // x[y(2-xy)] == 1 (mod m^2) // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 // should reduce x and y(2-xy) by m^2 at each step to keep size bounded. // JS multiply "overflows" differently from C/C++, so care is needed here. function bnpInvDigit() { if (this.t < 1) return 0; var x = this[0]; if ((x & 1) == 0) return 0; var y = x & 3; // y == 1/x mod 2^2 y = (y * (2 - (x & 0xf) * y)) & 0xf; // y == 1/x mod 2^4 y = (y * (2 - (x & 0xff) * y)) & 0xff; // y == 1/x mod 2^8 y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff; // y == 1/x mod 2^16 // last step - calculate inverse mod DV directly; // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints y = (y * (2 - x * y % this.DV)) % this.DV; // y == 1/x mod 2^dbits // we really want the negative inverse, and -DV < y < DV return (y > 0) ? this.DV - y : -y; } // Montgomery reduction function Montgomery(m) { this.m = m; this.mp = m.invDigit(); this.mpl = this.mp & 0x7fff; this.mph = this.mp >> 15; this.um = (1 << (m.DB - 15)) - 1; this.mt2 = 2 * m.t; } // xR mod m function montConvert(x) { var r = nbi(); x.abs().dlShiftTo(this.m.t, r); r.divRemTo(this.m, null, r); if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r); return r; } // x/R mod m function montRevert(x) { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } // x = x/R mod m (HAC 14.32) function montReduce(x) { while (x.t <= this.mt2) // pad x so am has enough room later x[x.t++] = 0; for (var i = 0; i < this.m.t; ++i) { // faster way of calculating u0 = x[i]*mp mod DV var j = x[i] & 0x7fff; var u0 = (j * this.mpl + (((j * this.mph + (x[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM; // use am to combine the multiply-shift-add into one call j = i + this.m.t; x[j] += this.m.am(0, u0, x, i, 0, this.m.t); // propagate carry while (x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; } } x.clamp(); x.drShiftTo(this.m.t, x); if (x.compareTo(this.m) >= 0) x.subTo(this.m, x); } // r = "x^2/R mod m"; x != r function montSqrTo(x, r) { x.squareTo(r); this.reduce(r); } // r = "xy/R mod m"; x,y != r function montMulTo(x, y, r) { x.multiplyTo(y, r); this.reduce(r); } Montgomery.prototype.convert = montConvert; Montgomery.prototype.revert = montRevert; Montgomery.prototype.reduce = montReduce; Montgomery.prototype.mulTo = montMulTo; Montgomery.prototype.sqrTo = montSqrTo; // (protected) true iff this is even function bnpIsEven() { return ((this.t > 0) ? (this[0] & 1) : this.s) == 0; } // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) function bnpExp(e, z) { if (e > 0xffffffff || e < 1) return BigInteger.ONE; var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e) - 1; g.copyTo(r); while (--i >= 0) { z.sqrTo(r, r2); if ((e & (1 << i)) > 0) z.mulTo(r2, g, r); else { var t = r; r = r2; r2 = t; } } return z.revert(r); } // (public) this^e % m, 0 <= e < 2^32 function bnModPowInt(e, m) { var z; if (e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); return this.exp(e, z); } // protected BigInteger.prototype.copyTo = bnpCopyTo; BigInteger.prototype.fromInt = bnpFromInt; BigInteger.prototype.fromString = bnpFromString; BigInteger.prototype.clamp = bnpClamp; BigInteger.prototype.dlShiftTo = bnpDLShiftTo; BigInteger.prototype.drShiftTo = bnpDRShiftTo; BigInteger.prototype.lShiftTo = bnpLShiftTo; BigInteger.prototype.rShiftTo = bnpRShiftTo; BigInteger.prototype.subTo = bnpSubTo; BigInteger.prototype.multiplyTo = bnpMultiplyTo; BigInteger.prototype.squareTo = bnpSquareTo; BigInteger.prototype.divRemTo = bnpDivRemTo; BigInteger.prototype.invDigit = bnpInvDigit; BigInteger.prototype.isEven = bnpIsEven; BigInteger.prototype.exp = bnpExp; // public BigInteger.prototype.toString = bnToString; BigInteger.prototype.negate = bnNegate; BigInteger.prototype.abs = bnAbs; BigInteger.prototype.compareTo = bnCompareTo; BigInteger.prototype.bitLength = bnBitLength; BigInteger.prototype.mod = bnMod; BigInteger.prototype.modPowInt = bnModPowInt; // "constants" BigInteger.ZERO = nbv(0); BigInteger.ONE = nbv(1); BigInteger.TWO = nbv(2); module.exports = BigInteger; /* * Copyright (c) 2003-2005 Tom Wu (tjw@cs.Stanford.EDU) * All Rights Reserved. * * Modified by Recurity Labs GmbH * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. * * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * In addition, the following condition applies: * * All redistributions must retain an intact copy of this copyright notice * and disclaimer. */ // Extended JavaScript BN functions, required for RSA private ops. // Version 1.1: new BigInteger("0", 10) returns "proper" zero // Version 1.2: square() API, isProbablePrime fix // (public) function bnClone() { var r = nbi(); this.copyTo(r); return r; } // (public) return value as integer function bnIntValue() { if (this.s < 0) { if (this.t == 1) return this[0] - this.DV; else if (this.t == 0) return -1; } else if (this.t == 1) return this[0]; else if (this.t == 0) return 0; // assumes 16 < DB < 32 return ((this[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this[0]; } // (public) return value as byte function bnByteValue() { return (this.t == 0) ? this.s : (this[0] << 24) >> 24; } // (public) return value as short (assumes DB>=16) function bnShortValue() { return (this.t == 0) ? this.s : (this[0] << 16) >> 16; } // (protected) return x s.t. r^x < DV function bnpChunkSize(r) { return Math.floor(Math.LN2 * this.DB / Math.log(r)); } // (public) 0 if this == 0, 1 if this > 0 function bnSigNum() { if (this.s < 0) return -1; else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; else return 1; } // (protected) convert to radix string function bnpToRadix(b) { if (b == null) b = 10; if (this.signum() == 0 || b < 2 || b > 36) return "0"; var cs = this.chunkSize(b); var a = Math.pow(b, cs); var d = nbv(a), y = nbi(), z = nbi(), r = ""; this.divRemTo(d, y, z); while (y.signum() > 0) { r = (a + z.intValue()).toString(b).substr(1) + r; y.divRemTo(d, y, z); } return z.intValue().toString(b) + r; } // (protected) convert from radix string function bnpFromRadix(s, b) { this.fromInt(0); if (b == null) b = 10; var cs = this.chunkSize(b); var d = Math.pow(b, cs), mi = false, j = 0, w = 0; for (var i = 0; i < s.length; ++i) { var x = intAt(s, i); if (x < 0) { if (s.charAt(i) == "-" && this.signum() == 0) mi = true; continue; } w = b * w + x; if (++j >= cs) { this.dMultiply(d); this.dAddOffset(w, 0); j = 0; w = 0; } } if (j > 0) { this.dMultiply(Math.pow(b, j)); this.dAddOffset(w, 0); } if (mi) BigInteger.ZERO.subTo(this, this); } // (protected) alternate constructor function bnpFromNumber(a, b, c) { if ("number" == typeof b) { // new BigInteger(int,int,RNG) if (a < 2) this.fromInt(1); else { this.fromNumber(a, c); if (!this.testBit(a - 1)) // force MSB set this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this); if (this.isEven()) this.dAddOffset(1, 0); // force odd while (!this.isProbablePrime(b)) { this.dAddOffset(2, 0); if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this); } } } else { // new BigInteger(int,RNG) var x = new Array(), t = a & 7; x.length = (a >> 3) + 1; b.nextBytes(x); if (t > 0) x[0] &= ((1 << t) - 1); else x[0] = 0; this.fromString(x, 256); } } // (public) convert to bigendian byte array function bnToByteArray() { var i = this.t, r = new Array(); r[0] = this.s; var p = this.DB - (i * this.DB) % 8, d, k = 0; if (i-- > 0) { if (p < this.DB && (d = this[i] >> p) != (this.s & this.DM) >> p) r[k++] = d | (this.s << (this.DB - p)); while (i >= 0) { if (p < 8) { d = (this[i] & ((1 << p) - 1)) << (8 - p); d |= this[--i] >> (p += this.DB - 8); } else { d = (this[i] >> (p -= 8)) & 0xff; if (p <= 0) { p += this.DB; --i; } } //if((d&0x80) != 0) d |= -256; //if(k == 0 && (this.s&0x80) != (d&0x80)) ++k; if (k > 0 || d != this.s) r[k++] = d; } } return r; } function bnEquals(a) { return (this.compareTo(a) == 0); } function bnMin(a) { return (this.compareTo(a) < 0) ? this : a; } function bnMax(a) { return (this.compareTo(a) > 0) ? this : a; } // (protected) r = this op a (bitwise) function bnpBitwiseTo(a, op, r) { var i, f, m = Math.min(a.t, this.t); for (i = 0; i < m; ++i) r[i] = op(this[i], a[i]); if (a.t < this.t) { f = a.s & this.DM; for (i = m; i < this.t; ++i) r[i] = op(this[i], f); r.t = this.t; } else { f = this.s & this.DM; for (i = m; i < a.t; ++i) r[i] = op(f, a[i]); r.t = a.t; } r.s = op(this.s, a.s); r.clamp(); } // (public) this & a function op_and(x, y) { return x & y; } function bnAnd(a) { var r = nbi(); this.bitwiseTo(a, op_and, r); return r; } // (public) this | a function op_or(x, y) { return x | y; } function bnOr(a) { var r = nbi(); this.bitwiseTo(a, op_or, r); return r; } // (public) this ^ a function op_xor(x, y) { return x ^ y; } function bnXor(a) { var r = nbi(); this.bitwiseTo(a, op_xor, r); return r; } // (public) this & ~a function op_andnot(x, y) { return x & ~y; } function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a, op_andnot, r); return r; } // (public) ~this function bnNot() { var r = nbi(); for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i]; r.t = this.t; r.s = ~this.s; return r; } // (public) this << n function bnShiftLeft(n) { var r = nbi(); if (n < 0) this.rShiftTo(-n, r); else this.lShiftTo(n, r); return r; } // (public) this >> n function bnShiftRight(n) { var r = nbi(); if (n < 0) this.lShiftTo(-n, r); else this.rShiftTo(n, r); return r; } // return index of lowest 1-bit in x, x < 2^31 function lbit(x) { if (x == 0) return -1; var r = 0; if ((x & 0xffff) == 0) { x >>= 16; r += 16; } if ((x & 0xff) == 0) { x >>= 8; r += 8; } if ((x & 0xf) == 0) { x >>= 4; r += 4; } if ((x & 3) == 0) { x >>= 2; r += 2; } if ((x & 1) == 0)++r; return r; } // (public) returns index of lowest 1-bit (or -1 if none) function bnGetLowestSetBit() { for (var i = 0; i < this.t; ++i) if (this[i] != 0) return i * this.DB + lbit(this[i]); if (this.s < 0) return this.t * this.DB; return -1; } // return number of 1 bits in x function cbit(x) { var r = 0; while (x != 0) { x &= x - 1; ++r; } return r; } // (public) return number of set bits function bnBitCount() { var r = 0, x = this.s & this.DM; for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x); return r; } // (public) true iff nth bit is set function bnTestBit(n) { var j = Math.floor(n / this.DB); if (j >= this.t) return (this.s != 0); return ((this[j] & (1 << (n % this.DB))) != 0); } // (protected) this op (1<>= this.DB; } if (a.t < this.t) { c += a.s; while (i < this.t) { c += this[i]; r[i++] = c & this.DM; c >>= this.DB; } c += this.s; } else { c += this.s; while (i < a.t) { c += a[i]; r[i++] = c & this.DM; c >>= this.DB; } c += a.s; } r.s = (c < 0) ? -1 : 0; if (c > 0) r[i++] = c; else if (c < -1) r[i++] = this.DV + c; r.t = i; r.clamp(); } // (public) this + a function bnAdd(a) { var r = nbi(); this.addTo(a, r); return r; } // (public) this - a function bnSubtract(a) { var r = nbi(); this.subTo(a, r); return r; } // (public) this * a function bnMultiply(a) { var r = nbi(); this.multiplyTo(a, r); return r; } // (public) this^2 function bnSquare() { var r = nbi(); this.squareTo(r); return r; } // (public) this / a function bnDivide(a) { var r = nbi(); this.divRemTo(a, r, null); return r; } // (public) this % a function bnRemainder(a) { var r = nbi(); this.divRemTo(a, null, r); return r; } // (public) [this/a,this%a] function bnDivideAndRemainder(a) { var q = nbi(), r = nbi(); this.divRemTo(a, q, r); return new Array(q, r); } // (protected) this *= n, this >= 0, 1 < n < DV function bnpDMultiply(n) { this[this.t] = this.am(0, n - 1, this, 0, 0, this.t); ++this.t; this.clamp(); } // (protected) this += n << w words, this >= 0 function bnpDAddOffset(n, w) { if (n == 0) return; while (this.t <= w) this[this.t++] = 0; this[w] += n; while (this[w] >= this.DV) { this[w] -= this.DV; if (++w >= this.t) this[this.t++] = 0; ++this[w]; } } // A "null" reducer function NullExp() {} function nNop(x) { return x; } function nMulTo(x, y, r) { x.multiplyTo(y, r); } function nSqrTo(x, r) { x.squareTo(r); } NullExp.prototype.convert = nNop; NullExp.prototype.revert = nNop; NullExp.prototype.mulTo = nMulTo; NullExp.prototype.sqrTo = nSqrTo; // (public) this^e function bnPow(e) { return this.exp(e, new NullExp()); } // (protected) r = lower n words of "this * a", a.t <= n // "this" should be the larger one if appropriate. function bnpMultiplyLowerTo(a, n, r) { var i = Math.min(this.t + a.t, n); r.s = 0; // assumes a,this >= 0 r.t = i; while (i > 0) r[--i] = 0; var j; for (j = r.t - this.t; i < j; ++i) r[i + this.t] = this.am(0, a[i], r, i, 0, this.t); for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a[i], r, i, 0, n - i); r.clamp(); } // (protected) r = "this * a" without lower n words, n > 0 // "this" should be the larger one if appropriate. function bnpMultiplyUpperTo(a, n, r) { --n; var i = r.t = this.t + a.t - n; r.s = 0; // assumes a,this >= 0 while (--i >= 0) r[i] = 0; for (i = Math.max(n - this.t, 0); i < a.t; ++i) r[this.t + i - n] = this.am(n - i, a[i], r, 0, 0, this.t + i - n); r.clamp(); r.drShiftTo(1, r); } // Barrett modular reduction function Barrett(m) { // setup Barrett this.r2 = nbi(); this.q3 = nbi(); BigInteger.ONE.dlShiftTo(2 * m.t, this.r2); this.mu = this.r2.divide(m); this.m = m; } function barrettConvert(x) { if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m); else if (x.compareTo(this.m) < 0) return x; else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } } function barrettRevert(x) { return x; } // x = x mod m (HAC 14.42) function barrettReduce(x) { x.drShiftTo(this.m.t - 1, this.r2); if (x.t > this.m.t + 1) { x.t = this.m.t + 1; x.clamp(); } this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3); this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2); while (x.compareTo(this.r2) < 0) x.dAddOffset(1, this.m.t + 1); x.subTo(this.r2, x); while (x.compareTo(this.m) >= 0) x.subTo(this.m, x); } // r = x^2 mod m; x != r function barrettSqrTo(x, r) { x.squareTo(r); this.reduce(r); } // r = x*y mod m; x,y != r function barrettMulTo(x, y, r) { x.multiplyTo(y, r); this.reduce(r); } Barrett.prototype.convert = barrettConvert; Barrett.prototype.revert = barrettRevert; Barrett.prototype.reduce = barrettReduce; Barrett.prototype.mulTo = barrettMulTo; Barrett.prototype.sqrTo = barrettSqrTo; // (public) this^e % m (HAC 14.85) function bnModPow(e, m) { var i = e.bitLength(), k, r = nbv(1), z; if (i <= 0) return r; else if (i < 18) k = 1; else if (i < 48) k = 3; else if (i < 144) k = 4; else if (i < 768) k = 5; else k = 6; if (i < 8) z = new Classic(m); else if (m.isEven()) z = new Barrett(m); else z = new Montgomery(m); // precomputation var g = new Array(), n = 3, k1 = k - 1, km = (1 << k) - 1; g[1] = z.convert(this); if (k > 1) { var g2 = nbi(); z.sqrTo(g[1], g2); while (n <= km) { g[n] = nbi(); z.mulTo(g2, g[n - 2], g[n]); n += 2; } } var j = e.t - 1, w, is1 = true, r2 = nbi(), t; i = nbits(e[j]) - 1; while (j >= 0) { if (i >= k1) w = (e[j] >> (i - k1)) & km; else { w = (e[j] & ((1 << (i + 1)) - 1)) << (k1 - i); if (j > 0) w |= e[j - 1] >> (this.DB + i - k1); } n = k; while ((w & 1) == 0) { w >>= 1; --n; } if ((i -= n) < 0) { i += this.DB; --j; } if (is1) { // ret == 1, don't bother squaring or multiplying it g[w].copyTo(r); is1 = false; } else { while (n > 1) { z.sqrTo(r, r2); z.sqrTo(r2, r); n -= 2; } if (n > 0) z.sqrTo(r, r2); else { t = r; r = r2; r2 = t; } z.mulTo(r2, g[w], r); } while (j >= 0 && (e[j] & (1 << i)) == 0) { z.sqrTo(r, r2); t = r; r = r2; r2 = t; if (--i < 0) { i = this.DB - 1; --j; } } } return z.revert(r); } // (public) gcd(this,a) (HAC 14.54) function bnGCD(a) { var x = (this.s < 0) ? this.negate() : this.clone(); var y = (a.s < 0) ? a.negate() : a.clone(); if (x.compareTo(y) < 0) { var t = x; x = y; y = t; } var i = x.getLowestSetBit(), g = y.getLowestSetBit(); if (g < 0) return x; if (i < g) g = i; if (g > 0) { x.rShiftTo(g, x); y.rShiftTo(g, y); } while (x.signum() > 0) { if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x); if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y); if (x.compareTo(y) >= 0) { x.subTo(y, x); x.rShiftTo(1, x); } else { y.subTo(x, y); y.rShiftTo(1, y); } } if (g > 0) y.lShiftTo(g, y); return y; } // (protected) this % n, n < 2^26 function bnpModInt(n) { if (n <= 0) return 0; var d = this.DV % n, r = (this.s < 0) ? n - 1 : 0; if (this.t > 0) if (d == 0) r = this[0] % n; else for (var i = this.t - 1; i >= 0; --i) r = (d * r + this[i]) % n; return r; } // (public) 1/this % m (HAC 14.61) function bnModInverse(m) { var ac = m.isEven(); if ((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO; var u = m.clone(), v = this.clone(); var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); while (u.signum() != 0) { while (u.isEven()) { u.rShiftTo(1, u); if (ac) { if (!a.isEven() || !b.isEven()) { a.addTo(this, a); b.subTo(m, b); } a.rShiftTo(1, a); } else if (!b.isEven()) b.subTo(m, b); b.rShiftTo(1, b); } while (v.isEven()) { v.rShiftTo(1, v); if (ac) { if (!c.isEven() || !d.isEven()) { c.addTo(this, c); d.subTo(m, d); } c.rShiftTo(1, c); } else if (!d.isEven()) d.subTo(m, d); d.rShiftTo(1, d); } if (u.compareTo(v) >= 0) { u.subTo(v, u); if (ac) a.subTo(c, a); b.subTo(d, b); } else { v.subTo(u, v); if (ac) c.subTo(a, c); d.subTo(b, d); } } if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; if (d.compareTo(m) >= 0) return d.subtract(m); if (d.signum() < 0) d.addTo(m, d); else return d; if (d.signum() < 0) return d.add(m); else return d; } var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997 ]; var lplim = (1 << 26) / lowprimes[lowprimes.length - 1]; // (public) test primality with certainty >= 1-.5^t function bnIsProbablePrime(t) { var i, x = this.abs(); if (x.t == 1 && x[0] <= lowprimes[lowprimes.length - 1]) { for (i = 0; i < lowprimes.length; ++i) if (x[0] == lowprimes[i]) return true; return false; } if (x.isEven()) return false; i = 1; while (i < lowprimes.length) { var m = lowprimes[i], j = i + 1; while (j < lowprimes.length && m < lplim) m *= lowprimes[j++]; m = x.modInt(m); while (i < j) if (m % lowprimes[i++] == 0) return false; } return x.millerRabin(t); } /* added by Recurity Labs */ function nbits(x) { var n = 1, t; if ((t = x >>> 16) != 0) { x = t; n += 16; } if ((t = x >> 8) != 0) { x = t; n += 8; } if ((t = x >> 4) != 0) { x = t; n += 4; } if ((t = x >> 2) != 0) { x = t; n += 2; } if ((t = x >> 1) != 0) { x = t; n += 1; } return n; } function bnToMPI() { var ba = this.toByteArray(); var size = (ba.length - 1) * 8 + nbits(ba[0]); var result = ""; result += String.fromCharCode((size & 0xFF00) >> 8); result += String.fromCharCode(size & 0xFF); result += util.bin2str(ba); return result; } /* END of addition */ // (protected) true if probably prime (HAC 4.24, Miller-Rabin) function bnpMillerRabin(t) { var n1 = this.subtract(BigInteger.ONE); var k = n1.getLowestSetBit(); if (k <= 0) return false; var r = n1.shiftRight(k); t = (t + 1) >> 1; if (t > lowprimes.length) t = lowprimes.length; var a = nbi(); var j, bases = []; for (var i = 0; i < t; ++i) { //Pick bases at random, instead of starting at 2 for (;;) { j = lowprimes[Math.floor(Math.random() * lowprimes.length)]; if (bases.indexOf(j) == -1) break; } bases.push(j); a.fromInt(j); var y = a.modPow(r, this); if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { var j = 1; while (j++ < k && y.compareTo(n1) != 0) { y = y.modPowInt(2, this); if (y.compareTo(BigInteger.ONE) == 0) return false; } if (y.compareTo(n1) != 0) return false; } } return true; } var BigInteger = require('./jsbn.js'); // protected BigInteger.prototype.chunkSize = bnpChunkSize; BigInteger.prototype.toRadix = bnpToRadix; BigInteger.prototype.fromRadix = bnpFromRadix; BigInteger.prototype.fromNumber = bnpFromNumber; BigInteger.prototype.bitwiseTo = bnpBitwiseTo; BigInteger.prototype.changeBit = bnpChangeBit; BigInteger.prototype.addTo = bnpAddTo; BigInteger.prototype.dMultiply = bnpDMultiply; BigInteger.prototype.dAddOffset = bnpDAddOffset; BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; BigInteger.prototype.modInt = bnpModInt; BigInteger.prototype.millerRabin = bnpMillerRabin; // public BigInteger.prototype.clone = bnClone; BigInteger.prototype.intValue = bnIntValue; BigInteger.prototype.byteValue = bnByteValue; BigInteger.prototype.shortValue = bnShortValue; BigInteger.prototype.signum = bnSigNum; BigInteger.prototype.toByteArray = bnToByteArray; BigInteger.prototype.equals = bnEquals; BigInteger.prototype.min = bnMin; BigInteger.prototype.max = bnMax; BigInteger.prototype.and = bnAnd; BigInteger.prototype.or = bnOr; BigInteger.prototype.xor = bnXor; BigInteger.prototype.andNot = bnAndNot; BigInteger.prototype.not = bnNot; BigInteger.prototype.shiftLeft = bnShiftLeft; BigInteger.prototype.shiftRight = bnShiftRight; BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; BigInteger.prototype.bitCount = bnBitCount; BigInteger.prototype.testBit = bnTestBit; BigInteger.prototype.setBit = bnSetBit; BigInteger.prototype.clearBit = bnClearBit; BigInteger.prototype.flipBit = bnFlipBit; BigInteger.prototype.add = bnAdd; BigInteger.prototype.subtract = bnSubtract; BigInteger.prototype.multiply = bnMultiply; BigInteger.prototype.divide = bnDivide; BigInteger.prototype.remainder = bnRemainder; BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; BigInteger.prototype.modPow = bnModPow; BigInteger.prototype.modInverse = bnModInverse; BigInteger.prototype.pow = bnPow; BigInteger.prototype.gcd = bnGCD; BigInteger.prototype.isProbablePrime = bnIsProbablePrime; BigInteger.prototype.toMPI = bnToMPI; // JSBN-specific extension BigInteger.prototype.square = bnSquare; },{"../../util.js":74,"./jsbn.js":37}],38:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA // // RSA implementation /** * @requires crypto/public_key/jsbn * @requires crypto/random * @requires util * @module crypto/public_key/rsa */ var BigInteger = require('./jsbn.js'), util = require('../../util.js'), random = require('../random.js'), config = require('../../config'); function SecureRandom() { function nextBytes(byteArray) { for (var n = 0; n < byteArray.length; n++) { byteArray[n] = random.getSecureRandomOctet(); } } this.nextBytes = nextBytes; } var blinder = BigInteger.ZERO; var unblinder = BigInteger.ZERO; function blind(m, n, e) { if (unblinder.bitLength() === n.bitLength()) { unblinder = unblinder.square().mod(n); } else { unblinder = random.getRandomBigIntegerInRange(BigInteger.TWO, n); } blinder = unblinder.modInverse(n).modPow(e, n); return m.multiply(blinder).mod(n); } function unblind(t, n) { return t.multiply(unblinder).mod(n); } function RSA() { /** * This function uses jsbn Big Num library to decrypt RSA * @param m * message * @param n * RSA public modulus n as BigInteger * @param e * RSA public exponent as BigInteger * @param d * RSA d as BigInteger * @param p * RSA p as BigInteger * @param q * RSA q as BigInteger * @param u * RSA u as BigInteger * @return {BigInteger} The decrypted value of the message */ function decrypt(m, n, e, d, p, q, u) { if (config.rsa_blinding) { m = blind(m, n, e); } var xp = m.mod(p).modPow(d.mod(p.subtract(BigInteger.ONE)), p); var xq = m.mod(q).modPow(d.mod(q.subtract(BigInteger.ONE)), q); util.print_debug("rsa.js decrypt\nxpn:" + util.hexstrdump(xp.toMPI()) + "\nxqn:" + util.hexstrdump(xq.toMPI())); var t = xq.subtract(xp); if (t[0] === 0) { t = xp.subtract(xq); t = t.multiply(u).mod(q); t = q.subtract(t); } else { t = t.multiply(u).mod(q); } t = t.multiply(p).add(xp); if (config.rsa_blinding) { t = unblind(t, n); } return t; } /** * encrypt message * @param m message as BigInteger * @param e public MPI part as BigInteger * @param n public MPI part as BigInteger * @return BigInteger */ function encrypt(m, e, n) { return m.modPowInt(e, n); } /* Sign and Verify */ function sign(m, d, n) { return m.modPow(d, n); } function verify(x, e, n) { return x.modPowInt(e, n); } // "empty" RSA key constructor function keyObject() { this.n = null; this.e = 0; this.ee = null; this.d = null; this.p = null; this.q = null; this.dmp1 = null; this.dmq1 = null; this.u = null; } // Generate a new random private key B bits long, using public expt E function generate(B, E) { var webCrypto = util.getWebCrypto(); // // Native RSA keygen using Web Crypto // if (webCrypto) { var Euint32 = new Uint32Array([parseInt(E, 16)]); // get integer of exponent var Euint8 = new Uint8Array(Euint32.buffer); // get bytes of exponent var keyGenOpt; var keys; if (window.crypto && window.crypto.webkitSubtle) { // outdated spec implemented by Webkit keyGenOpt = { name: 'RSA-OAEP', modulusLength: B, // the specified keysize in bits publicExponent: Euint8.subarray(0, 3), // take three bytes (max 65537) }; keys = webCrypto.generateKey(keyGenOpt, true, ['encrypt', 'decrypt']); } else { // current standard spec keyGenOpt = { name: 'RSASSA-PKCS1-v1_5', modulusLength: B, // the specified keysize in bits publicExponent: Euint8.subarray(0, 3), // take three bytes (max 65537) hash: { name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify' } }; keys = webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']); if (!(keys instanceof Promise)) { // IE11 KeyOperation keys = convertKeyOperation(keys, 'Error generating RSA key pair.'); } } return keys.then(exportKey).then(function(key) { if (key instanceof ArrayBuffer) { // parse raw ArrayBuffer bytes to jwk/json (WebKit/Safari/IE11 quirk) return decodeKey(JSON.parse(String.fromCharCode.apply(null, new Uint8Array(key)))); } return decodeKey(key); }); } function exportKey(keypair) { // export the generated keys as JsonWebKey (JWK) // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33 var key = webCrypto.exportKey('jwk', keypair.privateKey); if (!(key instanceof Promise)) { // IE11 KeyOperation key = convertKeyOperation(key, 'Error exporting RSA key pair.'); } return key; } function decodeKey(jwk) { // map JWK parameters to local BigInteger type system var key = new keyObject(); key.n = toBigInteger(jwk.n); key.ee = new BigInteger(E, 16); key.d = toBigInteger(jwk.d); key.p = toBigInteger(jwk.p); key.q = toBigInteger(jwk.q); key.u = key.p.modInverse(key.q); function toBigInteger(base64url) { var base64 = base64url.replace(/\-/g, '+').replace(/_/g, '/'); var hex = util.hexstrdump(atob(base64)); return new BigInteger(hex, 16); } return key; } function convertKeyOperation(keyop, errmsg) { return new Promise(function(resolve, reject) { keyop.onerror = function (err) { reject(new Error(errmsg)); } keyop.oncomplete = function (e) { resolve(e.target.result); } }); } // // JS code // return new Promise(function(resolve) { var key = new keyObject(); var rng = new SecureRandom(); var qs = B >> 1; key.e = parseInt(E, 16); key.ee = new BigInteger(E, 16); for (;;) { for (;;) { key.p = new BigInteger(B - qs, 1, rng); if (key.p.subtract(BigInteger.ONE).gcd(key.ee).compareTo(BigInteger.ONE) === 0 && key.p.isProbablePrime(10)) break; } for (;;) { key.q = new BigInteger(qs, 1, rng); if (key.q.subtract(BigInteger.ONE).gcd(key.ee).compareTo(BigInteger.ONE) === 0 && key.q.isProbablePrime(10)) break; } if (key.p.compareTo(key.q) <= 0) { var t = key.p; key.p = key.q; key.q = t; } var p1 = key.p.subtract(BigInteger.ONE); var q1 = key.q.subtract(BigInteger.ONE); var phi = p1.multiply(q1); if (phi.gcd(key.ee).compareTo(BigInteger.ONE) === 0) { key.n = key.p.multiply(key.q); key.d = key.ee.modInverse(phi); key.dmp1 = key.d.mod(p1); key.dmq1 = key.d.mod(q1); key.u = key.p.modInverse(key.q); break; } } resolve(key); }); } this.encrypt = encrypt; this.decrypt = decrypt; this.verify = verify; this.sign = sign; this.generate = generate; this.keyObject = keyObject; } module.exports = RSA; },{"../../config":17,"../../util.js":74,"../random.js":39,"./jsbn.js":37}],39:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA // The GPG4Browsers crypto interface /** * @requires type/mpi * @module crypto/random */ var type_mpi = require('../type/mpi.js'); var nodeCrypto = null; if (typeof window === 'undefined') { nodeCrypto = require('crypto'); } module.exports = { /** * Retrieve secure random byte string of the specified length * @param {Integer} length Length in bytes to generate * @return {String} Random byte string */ getRandomBytes: function(length) { var result = ''; for (var i = 0; i < length; i++) { result += String.fromCharCode(this.getSecureRandomOctet()); } return result; }, /** * Return a secure random number in the specified range * @param {Integer} from Min of the random number * @param {Integer} to Max of the random number (max 32bit) * @return {Integer} A secure random number */ getSecureRandom: function(from, to) { var randUint = this.getSecureRandomUint(); var bits = ((to - from)).toString(2).length; while ((randUint & (Math.pow(2, bits) - 1)) > (to - from)) { randUint = this.getSecureRandomUint(); } return from + (Math.abs(randUint & (Math.pow(2, bits) - 1))); }, getSecureRandomOctet: function() { var buf = new Uint8Array(1); this.getRandomValues(buf); return buf[0]; }, getSecureRandomUint: function() { var buf = new Uint8Array(4); var dv = new DataView(buf.buffer); this.getRandomValues(buf); return dv.getUint32(0); }, /** * Helper routine which calls platform specific crypto random generator * @param {Uint8Array} buf */ getRandomValues: function(buf) { if (!(buf instanceof Uint8Array)) { throw new Error('Invalid type: buf not an Uint8Array'); } if (typeof window !== 'undefined' && window.crypto && window.crypto.getRandomValues) { window.crypto.getRandomValues(buf); } else if (typeof window !== 'undefined' && typeof window.msCrypto === 'object' && typeof window.msCrypto.getRandomValues === 'function') { window.msCrypto.getRandomValues(buf); } else if (nodeCrypto) { var bytes = nodeCrypto.randomBytes(buf.length); buf.set(bytes); } else if (this.randomBuffer.buffer) { this.randomBuffer.get(buf); } else { throw new Error('No secure random number generator available.'); } }, /** * Create a secure random big integer of bits length * @param {Integer} bits Bit length of the MPI to create * @return {BigInteger} Resulting big integer */ getRandomBigInteger: function(bits) { if (bits < 1) { throw new Error('Illegal parameter value: bits < 1'); } var numBytes = Math.floor((bits + 7) / 8); var randomBits = this.getRandomBytes(numBytes); if (bits % 8 > 0) { randomBits = String.fromCharCode( (Math.pow(2, bits % 8) - 1) & randomBits.charCodeAt(0)) + randomBits.substring(1); } var mpi = new type_mpi(); mpi.fromBytes(randomBits); return mpi.toBigInteger(); }, getRandomBigIntegerInRange: function(min, max) { if (max.compareTo(min) <= 0) { throw new Error('Illegal parameter value: max <= min'); } var range = max.subtract(min); var r = this.getRandomBigInteger(range.bitLength()); while (r.compareTo(range) > 0) { r = this.getRandomBigInteger(range.bitLength()); } return min.add(r); }, randomBuffer: new RandomBuffer() }; /** * Buffer for secure random numbers */ function RandomBuffer() { this.buffer = null; this.size = null; } /** * Initialize buffer * @param {Integer} size size of buffer */ RandomBuffer.prototype.init = function(size) { this.buffer = new Uint8Array(size); this.size = 0; }; /** * Concat array of secure random numbers to buffer * @param {Uint8Array} buf */ RandomBuffer.prototype.set = function(buf) { if (!this.buffer) { throw new Error('RandomBuffer is not initialized'); } if (!(buf instanceof Uint8Array)) { throw new Error('Invalid type: buf not an Uint8Array'); } var freeSpace = this.buffer.length - this.size; if (buf.length > freeSpace) { buf = buf.subarray(0, freeSpace); } // set buf with offset old size of buffer this.buffer.set(buf, this.size); this.size += buf.length; }; /** * Take numbers out of buffer and copy to array * @param {Uint8Array} buf the destination array */ RandomBuffer.prototype.get = function(buf) { if (!this.buffer) { throw new Error('RandomBuffer is not initialized'); } if (!(buf instanceof Uint8Array)) { throw new Error('Invalid type: buf not an Uint8Array'); } if (this.size < buf.length) { throw new Error('Random number buffer depleted'); } for (var i = 0; i < buf.length; i++) { buf[i] = this.buffer[--this.size]; // clear buffer value this.buffer[this.size] = 0; } }; },{"../type/mpi.js":72,"crypto":false}],40:[function(require,module,exports){ /** * @requires crypto/hash * @requires crypto/pkcs1 * @requires crypto/public_key * @module crypto/signature */ var publicKey = require('./public_key'), pkcs1 = require('./pkcs1.js'), hashModule = require('./hash'); module.exports = { /** * * @param {module:enums.publicKey} algo public Key algorithm * @param {module:enums.hash} hash_algo Hash algorithm * @param {Array} msg_MPIs Signature multiprecision integers * @param {Array} publickey_MPIs Public key multiprecision integers * @param {String} data Data on where the signature was computed on. * @return {Boolean} true if signature (sig_data was equal to data over hash) */ verify: function(algo, hash_algo, msg_MPIs, publickey_MPIs, data) { switch (algo) { case 1: // RSA (Encrypt or Sign) [HAC] case 2: // RSA Encrypt-Only [HAC] case 3: // RSA Sign-Only [HAC] var rsa = new publicKey.rsa(); var n = publickey_MPIs[0].toBigInteger(); var k = publickey_MPIs[0].byteLength(); var e = publickey_MPIs[1].toBigInteger(); var m = msg_MPIs[0].toBigInteger(); var EM = rsa.verify(m, e, n); var EM2 = pkcs1.emsa.encode(hash_algo, data, k); return EM.compareTo(EM2) === 0; case 16: // Elgamal (Encrypt-Only) [ELGAMAL] [HAC] throw new Error("signing with Elgamal is not defined in the OpenPGP standard."); case 17: // DSA (Digital Signature Algorithm) [FIPS186] [HAC] var dsa = new publicKey.dsa(); var s1 = msg_MPIs[0].toBigInteger(); var s2 = msg_MPIs[1].toBigInteger(); var p = publickey_MPIs[0].toBigInteger(); var q = publickey_MPIs[1].toBigInteger(); var g = publickey_MPIs[2].toBigInteger(); var y = publickey_MPIs[3].toBigInteger(); var m = data; var dopublic = dsa.verify(hash_algo, s1, s2, m, p, q, g, y); return dopublic.compareTo(s1) === 0; default: throw new Error('Invalid signature algorithm.'); } }, /** * Create a signature on data using the specified algorithm * @param {module:enums.hash} hash_algo hash Algorithm to use (See {@link http://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}) * @param {module:enums.publicKey} algo Asymmetric cipher algorithm to use (See {@link http://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}) * @param {Array} publicMPIs Public key multiprecision integers * of the private key * @param {Array} secretMPIs Private key multiprecision * integers which is used to sign the data * @param {String} data Data to be signed * @return {Array} */ sign: function(hash_algo, algo, keyIntegers, data) { var m; switch (algo) { case 1: // RSA (Encrypt or Sign) [HAC] case 2: // RSA Encrypt-Only [HAC] case 3: // RSA Sign-Only [HAC] var rsa = new publicKey.rsa(); var d = keyIntegers[2].toBigInteger(); var n = keyIntegers[0].toBigInteger(); m = pkcs1.emsa.encode(hash_algo, data, keyIntegers[0].byteLength()); return rsa.sign(m, d, n).toMPI(); case 17: // DSA (Digital Signature Algorithm) [FIPS186] [HAC] var dsa = new publicKey.dsa(); var p = keyIntegers[0].toBigInteger(); var q = keyIntegers[1].toBigInteger(); var g = keyIntegers[2].toBigInteger(); var y = keyIntegers[3].toBigInteger(); var x = keyIntegers[4].toBigInteger(); m = data; var result = dsa.sign(hash_algo, m, g, p, q, x); return result[0].toString() + result[1].toString(); case 16: // Elgamal (Encrypt-Only) [ELGAMAL] [HAC] throw new Error('Signing with Elgamal is not defined in the OpenPGP standard.'); default: throw new Error('Invalid signature algorithm.'); } } }; },{"./hash":28,"./pkcs1.js":33,"./public_key":36}],41:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires encoding/base64 * @requires enums * @requires config * @module encoding/armor */ var base64 = require('./base64.js'), enums = require('../enums.js'), config = require('../config'); /** * Finds out which Ascii Armoring type is used. Throws error if unknown type. * @private * @param {String} text [String] ascii armored text * @returns {Integer} 0 = MESSAGE PART n of m * 1 = MESSAGE PART n * 2 = SIGNED MESSAGE * 3 = PGP MESSAGE * 4 = PUBLIC KEY BLOCK * 5 = PRIVATE KEY BLOCK */ function getType(text) { var reHeader = /^-----BEGIN PGP (MESSAGE, PART \d+\/\d+|MESSAGE, PART \d+|SIGNED MESSAGE|MESSAGE|PUBLIC KEY BLOCK|PRIVATE KEY BLOCK|SIGNATURE)-----$\n/m; var header = text.match(reHeader); if (!header) { throw new Error('Unknown ASCII armor type'); } // BEGIN PGP MESSAGE, PART X/Y // Used for multi-part messages, where the armor is split amongst Y // parts, and this is the Xth part out of Y. if (header[1].match(/MESSAGE, PART \d+\/\d+/)) { return enums.armor.multipart_section; } else // BEGIN PGP MESSAGE, PART X // Used for multi-part messages, where this is the Xth part of an // unspecified number of parts. Requires the MESSAGE-ID Armor // Header to be used. if (header[1].match(/MESSAGE, PART \d+/)) { return enums.armor.multipart_last; } else // BEGIN PGP SIGNATURE // Used for detached signatures, OpenPGP/MIME signatures, and // cleartext signatures. Note that PGP 2.x uses BEGIN PGP MESSAGE // for detached signatures. if (header[1].match(/SIGNED MESSAGE/)) { return enums.armor.signed; } else // BEGIN PGP MESSAGE // Used for signed, encrypted, or compressed files. if (header[1].match(/MESSAGE/)) { return enums.armor.message; } else // BEGIN PGP PUBLIC KEY BLOCK // Used for armoring public keys. if (header[1].match(/PUBLIC KEY BLOCK/)) { return enums.armor.public_key; } else // BEGIN PGP PRIVATE KEY BLOCK // Used for armoring private keys. if (header[1].match(/PRIVATE KEY BLOCK/)) { return enums.armor.private_key; } } /** * Add additional information to the armor version of an OpenPGP binary * packet block. * @author Alex * @version 2011-12-16 * @returns {String} The header information */ function addheader() { var result = ""; if (config.show_version) { result += "Version: " + config.versionstring + '\r\n'; } if (config.show_comment) { result += "Comment: " + config.commentstring + '\r\n'; } result += '\r\n'; return result; } /** * Calculates a checksum over the given data and returns it base64 encoded * @param {String} data Data to create a CRC-24 checksum for * @return {String} Base64 encoded checksum */ function getCheckSum(data) { var c = createcrc24(data); var str = "" + String.fromCharCode(c >> 16) + String.fromCharCode((c >> 8) & 0xFF) + String.fromCharCode(c & 0xFF); return base64.encode(str); } /** * Calculates the checksum over the given data and compares it with the * given base64 encoded checksum * @param {String} data Data to create a CRC-24 checksum for * @param {String} checksum Base64 encoded checksum * @return {Boolean} True if the given checksum is correct; otherwise false */ function verifyCheckSum(data, checksum) { var c = getCheckSum(data); var d = checksum; return c[0] == d[0] && c[1] == d[1] && c[2] == d[2] && c[3] == d[3]; } /** * Internal function to calculate a CRC-24 checksum over a given string (data) * @param {String} data Data to create a CRC-24 checksum for * @return {Integer} The CRC-24 checksum as number */ var crc_table = [ 0x00000000, 0x00864cfb, 0x018ad50d, 0x010c99f6, 0x0393e6e1, 0x0315aa1a, 0x021933ec, 0x029f7f17, 0x07a18139, 0x0727cdc2, 0x062b5434, 0x06ad18cf, 0x043267d8, 0x04b42b23, 0x05b8b2d5, 0x053efe2e, 0x0fc54e89, 0x0f430272, 0x0e4f9b84, 0x0ec9d77f, 0x0c56a868, 0x0cd0e493, 0x0ddc7d65, 0x0d5a319e, 0x0864cfb0, 0x08e2834b, 0x09ee1abd, 0x09685646, 0x0bf72951, 0x0b7165aa, 0x0a7dfc5c, 0x0afbb0a7, 0x1f0cd1e9, 0x1f8a9d12, 0x1e8604e4, 0x1e00481f, 0x1c9f3708, 0x1c197bf3, 0x1d15e205, 0x1d93aefe, 0x18ad50d0, 0x182b1c2b, 0x192785dd, 0x19a1c926, 0x1b3eb631, 0x1bb8faca, 0x1ab4633c, 0x1a322fc7, 0x10c99f60, 0x104fd39b, 0x11434a6d, 0x11c50696, 0x135a7981, 0x13dc357a, 0x12d0ac8c, 0x1256e077, 0x17681e59, 0x17ee52a2, 0x16e2cb54, 0x166487af, 0x14fbf8b8, 0x147db443, 0x15712db5, 0x15f7614e, 0x3e19a3d2, 0x3e9fef29, 0x3f9376df, 0x3f153a24, 0x3d8a4533, 0x3d0c09c8, 0x3c00903e, 0x3c86dcc5, 0x39b822eb, 0x393e6e10, 0x3832f7e6, 0x38b4bb1d, 0x3a2bc40a, 0x3aad88f1, 0x3ba11107, 0x3b275dfc, 0x31dced5b, 0x315aa1a0, 0x30563856, 0x30d074ad, 0x324f0bba, 0x32c94741, 0x33c5deb7, 0x3343924c, 0x367d6c62, 0x36fb2099, 0x37f7b96f, 0x3771f594, 0x35ee8a83, 0x3568c678, 0x34645f8e, 0x34e21375, 0x2115723b, 0x21933ec0, 0x209fa736, 0x2019ebcd, 0x228694da, 0x2200d821, 0x230c41d7, 0x238a0d2c, 0x26b4f302, 0x2632bff9, 0x273e260f, 0x27b86af4, 0x252715e3, 0x25a15918, 0x24adc0ee, 0x242b8c15, 0x2ed03cb2, 0x2e567049, 0x2f5ae9bf, 0x2fdca544, 0x2d43da53, 0x2dc596a8, 0x2cc90f5e, 0x2c4f43a5, 0x2971bd8b, 0x29f7f170, 0x28fb6886, 0x287d247d, 0x2ae25b6a, 0x2a641791, 0x2b688e67, 0x2beec29c, 0x7c3347a4, 0x7cb50b5f, 0x7db992a9, 0x7d3fde52, 0x7fa0a145, 0x7f26edbe, 0x7e2a7448, 0x7eac38b3, 0x7b92c69d, 0x7b148a66, 0x7a181390, 0x7a9e5f6b, 0x7801207c, 0x78876c87, 0x798bf571, 0x790db98a, 0x73f6092d, 0x737045d6, 0x727cdc20, 0x72fa90db, 0x7065efcc, 0x70e3a337, 0x71ef3ac1, 0x7169763a, 0x74578814, 0x74d1c4ef, 0x75dd5d19, 0x755b11e2, 0x77c46ef5, 0x7742220e, 0x764ebbf8, 0x76c8f703, 0x633f964d, 0x63b9dab6, 0x62b54340, 0x62330fbb, 0x60ac70ac, 0x602a3c57, 0x6126a5a1, 0x61a0e95a, 0x649e1774, 0x64185b8f, 0x6514c279, 0x65928e82, 0x670df195, 0x678bbd6e, 0x66872498, 0x66016863, 0x6cfad8c4, 0x6c7c943f, 0x6d700dc9, 0x6df64132, 0x6f693e25, 0x6fef72de, 0x6ee3eb28, 0x6e65a7d3, 0x6b5b59fd, 0x6bdd1506, 0x6ad18cf0, 0x6a57c00b, 0x68c8bf1c, 0x684ef3e7, 0x69426a11, 0x69c426ea, 0x422ae476, 0x42aca88d, 0x43a0317b, 0x43267d80, 0x41b90297, 0x413f4e6c, 0x4033d79a, 0x40b59b61, 0x458b654f, 0x450d29b4, 0x4401b042, 0x4487fcb9, 0x461883ae, 0x469ecf55, 0x479256a3, 0x47141a58, 0x4defaaff, 0x4d69e604, 0x4c657ff2, 0x4ce33309, 0x4e7c4c1e, 0x4efa00e5, 0x4ff69913, 0x4f70d5e8, 0x4a4e2bc6, 0x4ac8673d, 0x4bc4fecb, 0x4b42b230, 0x49ddcd27, 0x495b81dc, 0x4857182a, 0x48d154d1, 0x5d26359f, 0x5da07964, 0x5cace092, 0x5c2aac69, 0x5eb5d37e, 0x5e339f85, 0x5f3f0673, 0x5fb94a88, 0x5a87b4a6, 0x5a01f85d, 0x5b0d61ab, 0x5b8b2d50, 0x59145247, 0x59921ebc, 0x589e874a, 0x5818cbb1, 0x52e37b16, 0x526537ed, 0x5369ae1b, 0x53efe2e0, 0x51709df7, 0x51f6d10c, 0x50fa48fa, 0x507c0401, 0x5542fa2f, 0x55c4b6d4, 0x54c82f22, 0x544e63d9, 0x56d11cce, 0x56575035, 0x575bc9c3, 0x57dd8538 ]; function createcrc24(input) { var crc = 0xB704CE; var index = 0; while ((input.length - index) > 16) { crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 1)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 2)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 3)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 4)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 5)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 6)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 7)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 8)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 9)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 10)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 11)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 12)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 13)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 14)) & 0xff]; crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index + 15)) & 0xff]; index += 16; } for (var j = index; j < input.length; j++) { crc = (crc << 8) ^ crc_table[((crc >> 16) ^ input.charCodeAt(index++)) & 0xff]; } return crc & 0xffffff; } /** * Splits a message into two parts, the headers and the body. This is an internal function * @param {String} text OpenPGP armored message part * @returns {(Boolean|Object)} Either false in case of an error * or an object with attribute "headers" containing the headers and * and an attribute "body" containing the body. */ function splitHeaders(text) { // empty line with whitespace characters var reEmptyLine = /^[ \f\r\t\u00a0\u2000-\u200a\u202f\u205f\u3000]*\n/m; var headers = ''; var body = text; var matchResult = reEmptyLine.exec(text); if (matchResult !== null) { headers = text.slice(0, matchResult.index); body = text.slice(matchResult.index + matchResult[0].length); } else { throw new Error('Mandatory blank line missing between armor headers and armor data'); } headers = headers.split('\n'); // remove empty entry headers.pop(); return { headers: headers, body: body }; } /** * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted * Armor Headers to be corruption of the ASCII Armor." * @private * @param {Array} headers Armor headers */ function verifyHeaders(headers) { for (var i = 0; i < headers.length; i++) { if (!headers[i].match(/^(Version|Comment|MessageID|Hash|Charset): .+$/)) { throw new Error('Improperly formatted armor header: ' + headers[i]);; } } } /** * Splits a message into two parts, the body and the checksum. This is an internal function * @param {String} text OpenPGP armored message part * @returns {(Boolean|Object)} Either false in case of an error * or an object with attribute "body" containing the body * and an attribute "checksum" containing the checksum. */ function splitChecksum(text) { var reChecksumStart = /^=/m; var body = text; var checksum = ""; var matchResult = reChecksumStart.exec(text); if (matchResult !== null) { body = text.slice(0, matchResult.index); checksum = text.slice(matchResult.index + 1); } return { body: body, checksum: checksum }; } /** * DeArmor an OpenPGP armored message; verify the checksum and return * the encoded bytes * @param {String} text OpenPGP armored message * @returns {Object} An object with attribute "text" containing the message text, * an attribute "data" containing the bytes and "type" for the ASCII armor type * @static */ function dearmor(text) { var reSplit = /^-----[^-]+-----$\n/m; // remove trailing whitespace at end of line text = text.replace(/[\t\r ]+\n/g, '\n'); var type = getType(text); var splittext = text.split(reSplit); // IE has a bug in split with a re. If the pattern matches the beginning of the // string it doesn't create an empty array element 0. So we need to detect this // so we know the index of the data we are interested in. var indexBase = 1; var result, checksum, msg; if (text.search(reSplit) != splittext[0].length) { indexBase = 0; } if (type != 2) { msg = splitHeaders(splittext[indexBase]); var msg_sum = splitChecksum(msg.body); result = { data: base64.decode(msg_sum.body), headers: msg.headers, type: type }; checksum = msg_sum.checksum; } else { // Reverse dash-escaping for msg msg = splitHeaders(splittext[indexBase].replace(/^- /mg, '')); var sig = splitHeaders(splittext[indexBase + 1].replace(/^- /mg, '')); verifyHeaders(sig.headers); var sig_sum = splitChecksum(sig.body); result = { text: msg.body.replace(/\n$/, '').replace(/\n/g, "\r\n"), data: base64.decode(sig_sum.body), headers: msg.headers, type: type }; checksum = sig_sum.checksum; } checksum = checksum.substr(0, 4); if (!verifyCheckSum(result.data, checksum)) { throw new Error("Ascii armor integrity check on message failed: '" + checksum + "' should be '" + getCheckSum(result.data) + "'"); } verifyHeaders(result.headers); return result; } /** * Armor an OpenPGP binary packet block * @param {Integer} messagetype type of the message * @param body * @param {Integer} partindex * @param {Integer} parttotal * @returns {String} Armored text * @static */ function armor(messagetype, body, partindex, parttotal) { var result = []; switch (messagetype) { case enums.armor.multipart_section: result.push("-----BEGIN PGP MESSAGE, PART " + partindex + "/" + parttotal + "-----\r\n"); result.push(addheader()); result.push(base64.encode(body)); result.push("\r\n=" + getCheckSum(body) + "\r\n"); result.push("-----END PGP MESSAGE, PART " + partindex + "/" + parttotal + "-----\r\n"); break; case enums.armor.multipart_last: result.push("-----BEGIN PGP MESSAGE, PART " + partindex + "-----\r\n"); result.push(addheader()); result.push(base64.encode(body)); result.push("\r\n=" + getCheckSum(body) + "\r\n"); result.push("-----END PGP MESSAGE, PART " + partindex + "-----\r\n"); break; case enums.armor.signed: result.push("\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\n"); result.push("Hash: " + body.hash + "\r\n\r\n"); result.push(body.text.replace(/\n-/g, "\n- -")); result.push("\r\n-----BEGIN PGP SIGNATURE-----\r\n"); result.push(addheader()); result.push(base64.encode(body.data)); result.push("\r\n=" + getCheckSum(body.data) + "\r\n"); result.push("-----END PGP SIGNATURE-----\r\n"); break; case enums.armor.message: result.push("-----BEGIN PGP MESSAGE-----\r\n"); result.push(addheader()); result.push(base64.encode(body)); result.push("\r\n=" + getCheckSum(body) + "\r\n"); result.push("-----END PGP MESSAGE-----\r\n"); break; case enums.armor.public_key: result.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n"); result.push(addheader()); result.push(base64.encode(body)); result.push("\r\n=" + getCheckSum(body) + "\r\n"); result.push("-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n"); break; case enums.armor.private_key: result.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\r\n"); result.push(addheader()); result.push(base64.encode(body)); result.push("\r\n=" + getCheckSum(body) + "\r\n"); result.push("-----END PGP PRIVATE KEY BLOCK-----\r\n"); break; } return result.join(''); } module.exports = { encode: armor, decode: dearmor }; },{"../config":17,"../enums.js":43,"./base64.js":42}],42:[function(require,module,exports){ /* OpenPGP radix-64/base64 string encoding/decoding * Copyright 2005 Herbert Hanewinkel, www.haneWIN.de * version 1.0, check www.haneWIN.de for the latest version * * This software is provided as-is, without express or implied warranty. * Permission to use, copy, modify, distribute or sell this software, with or * without fee, for any purpose and by any individual or organization, is hereby * granted, provided that the above copyright notice and this paragraph appear * in all copies. Distribution as a part of an application or binary must * include the above copyright notice in the documentation and/or other materials * provided with the application or distribution. */ /** * @module encoding/base64 */ var b64s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; /** * Convert binary string to radix-64 * @param {String} t binary string to convert * @returns {string} radix-64 version of input string * @static */ function s2r(t, o) { // TODO check btoa alternative var a, c, n; var r = o ? o : [], l = 0, s = 0; var tl = t.length; for (n = 0; n < tl; n++) { c = t.charCodeAt(n); if (s === 0) { r.push(b64s.charAt((c >> 2) & 63)); a = (c & 3) << 4; } else if (s == 1) { r.push(b64s.charAt((a | (c >> 4) & 15))); a = (c & 15) << 2; } else if (s == 2) { r.push(b64s.charAt(a | ((c >> 6) & 3))); l += 1; if ((l % 60) === 0) r.push("\n"); r.push(b64s.charAt(c & 63)); } l += 1; if ((l % 60) === 0) r.push("\n"); s += 1; if (s == 3) s = 0; } if (s > 0) { r.push(b64s.charAt(a)); l += 1; if ((l % 60) === 0) r.push("\n"); r.push('='); l += 1; } if (s == 1) { if ((l % 60) === 0) r.push("\n"); r.push('='); } if (o) { return; } return r.join(''); } /** * Convert radix-64 to binary string * @param {String} t radix-64 string to convert * @returns {string} binary version of input string * @static */ function r2s(t) { // TODO check atob alternative var c, n; var r = [], s = 0, a = 0; var tl = t.length; for (n = 0; n < tl; n++) { c = b64s.indexOf(t.charAt(n)); if (c >= 0) { if (s) r.push(String.fromCharCode(a | (c >> (6 - s)) & 255)); s = (s + 2) & 7; a = (c << s) & 255; } } return r.join(''); } module.exports = { encode: s2r, decode: r2s }; },{}],43:[function(require,module,exports){ 'use strict'; /** * @module enums */ module.exports = { /** A string to key specifier type * @enum {Integer} * @readonly */ s2k: { simple: 0, salted: 1, iterated: 3, gnu: 101 }, /** {@link http://tools.ietf.org/html/rfc4880#section-9.1|RFC4880, section 9.1} * @enum {Integer} * @readonly */ publicKey: { rsa_encrypt_sign: 1, rsa_encrypt: 2, rsa_sign: 3, elgamal: 16, dsa: 17 }, /** {@link http://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} * @enum {Integer} * @readonly */ symmetric: { plaintext: 0, /** Not implemented! */ idea: 1, tripledes: 2, cast5: 3, blowfish: 4, aes128: 7, aes192: 8, aes256: 9, twofish: 10 }, /** {@link http://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3} * @enum {Integer} * @readonly */ compression: { uncompressed: 0, /** RFC1951 */ zip: 1, /** RFC1950 */ zlib: 2, bzip2: 3 }, /** {@link http://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4} * @enum {Integer} * @readonly */ hash: { md5: 1, sha1: 2, ripemd: 3, sha256: 8, sha384: 9, sha512: 10, sha224: 11 }, /** A list of packet types and numeric tags associated with them. * @enum {Integer} * @readonly */ packet: { publicKeyEncryptedSessionKey: 1, signature: 2, symEncryptedSessionKey: 3, onePassSignature: 4, secretKey: 5, publicKey: 6, secretSubkey: 7, compressed: 8, symmetricallyEncrypted: 9, marker: 10, literal: 11, trust: 12, userid: 13, publicSubkey: 14, userAttribute: 17, symEncryptedIntegrityProtected: 18, modificationDetectionCode: 19 }, /** Data types in the literal packet * @enum {Integer} * @readonly */ literal: { /** Binary data 'b' */ binary: 'b'.charCodeAt(), /** Text data 't' */ text: 't'.charCodeAt(), /** Utf8 data 'u' */ utf8: 'u'.charCodeAt() }, /** One pass signature packet type * @enum {Integer} * @readonly */ signature: { /** 0x00: Signature of a binary document. */ binary: 0, /** 0x01: Signature of a canonical text document.
* Canonicalyzing the document by converting line endings. */ text: 1, /** 0x02: Standalone signature.
* This signature is a signature of only its own subpacket contents. * It is calculated identically to a signature over a zero-lengh * binary document. Note that it doesn't make sense to have a V3 * standalone signature. */ standalone: 2, /** 0x10: Generic certification of a User ID and Public-Key packet.
* The issuer of this certification does not make any particular * assertion as to how well the certifier has checked that the owner * of the key is in fact the person described by the User ID. */ cert_generic: 16, /** 0x11: Persona certification of a User ID and Public-Key packet.
* The issuer of this certification has not done any verification of * the claim that the owner of this key is the User ID specified. */ cert_persona: 17, /** 0x12: Casual certification of a User ID and Public-Key packet.
* The issuer of this certification has done some casual * verification of the claim of identity. */ cert_casual: 18, /** 0x13: Positive certification of a User ID and Public-Key packet.
* The issuer of this certification has done substantial * verification of the claim of identity.
*
* Most OpenPGP implementations make their "key signatures" as 0x10 * certifications. Some implementations can issue 0x11-0x13 * certifications, but few differentiate between the types. */ cert_positive: 19, /** 0x30: Certification revocation signature
* This signature revokes an earlier User ID certification signature * (signature class 0x10 through 0x13) or direct-key signature * (0x1F). It should be issued by the same key that issued the * revoked signature or an authorized revocation key. The signature * is computed over the same data as the certificate that it * revokes, and should have a later creation date than that * certificate. */ cert_revocation: 48, /** 0x18: Subkey Binding Signature
* This signature is a statement by the top-level signing key that * indicates that it owns the subkey. This signature is calculated * directly on the primary key and subkey, and not on any User ID or * other packets. A signature that binds a signing subkey MUST have * an Embedded Signature subpacket in this binding signature that * contains a 0x19 signature made by the signing subkey on the * primary key and subkey. */ subkey_binding: 24, /** 0x19: Primary Key Binding Signature
* This signature is a statement by a signing subkey, indicating * that it is owned by the primary key and subkey. This signature * is calculated the same way as a 0x18 signature: directly on the * primary key and subkey, and not on any User ID or other packets.
*
* When a signature is made over a key, the hash data starts with the * octet 0x99, followed by a two-octet length of the key, and then body * of the key packet. (Note that this is an old-style packet header for * a key packet with two-octet length.) A subkey binding signature * (type 0x18) or primary key binding signature (type 0x19) then hashes * the subkey using the same format as the main key (also using 0x99 as * the first octet). */ key_binding: 25, /** 0x1F: Signature directly on a key
* This signature is calculated directly on a key. It binds the * information in the Signature subpackets to the key, and is * appropriate to be used for subpackets that provide information * about the key, such as the Revocation Key subpacket. It is also * appropriate for statements that non-self certifiers want to make * about the key itself, rather than the binding between a key and a * name. */ key: 31, /** 0x20: Key revocation signature
* The signature is calculated directly on the key being revoked. A * revoked key is not to be used. Only revocation signatures by the * key being revoked, or by an authorized revocation key, should be * considered valid revocation signatures.a */ key_revocation: 32, /** 0x28: Subkey revocation signature
* The signature is calculated directly on the subkey being revoked. * A revoked subkey is not to be used. Only revocation signatures * by the top-level signature key that is bound to this subkey, or * by an authorized revocation key, should be considered valid * revocation signatures.
*
* Key revocation signatures (types 0x20 and 0x28) * hash only the key being revoked. */ subkey_revocation: 40, /** 0x40: Timestamp signature.
* This signature is only meaningful for the timestamp contained in * it. */ timestamp: 64, /** 0x50: Third-Party Confirmation signature.
* This signature is a signature over some other OpenPGP Signature * packet(s). It is analogous to a notary seal on the signed data. * A third-party signature SHOULD include Signature Target * subpacket(s) to give easy identification. Note that we really do * mean SHOULD. There are plausible uses for this (such as a blind * party that only sees the signature, not the key or source * document) that cannot include a target subpacket. */ third_party: 80 }, /** Signature subpacket type * @enum {Integer} * @readonly */ signatureSubpacket: { signature_creation_time: 2, signature_expiration_time: 3, exportable_certification: 4, trust_signature: 5, regular_expression: 6, revocable: 7, key_expiration_time: 9, placeholder_backwards_compatibility: 10, preferred_symmetric_algorithms: 11, revocation_key: 12, issuer: 16, notation_data: 20, preferred_hash_algorithms: 21, preferred_compression_algorithms: 22, key_server_preferences: 23, preferred_key_server: 24, primary_user_id: 25, policy_uri: 26, key_flags: 27, signers_user_id: 28, reason_for_revocation: 29, features: 30, signature_target: 31, embedded_signature: 32 }, /** Key flags * @enum {Integer} * @readonly */ keyFlags: { /** 0x01 - This key may be used to certify other keys. */ certify_keys: 1, /** 0x02 - This key may be used to sign data. */ sign_data: 2, /** 0x04 - This key may be used to encrypt communications. */ encrypt_communication: 4, /** 0x08 - This key may be used to encrypt storage. */ encrypt_storage: 8, /** 0x10 - The private component of this key may have been split * by a secret-sharing mechanism. */ split_private_key: 16, /** 0x20 - This key may be used for authentication. */ authentication: 32, /** 0x80 - The private component of this key may be in the * possession of more than one person. */ shared_private_key: 128 }, /** Key status * @enum {Integer} * @readonly */ keyStatus: { invalid: 0, expired: 1, revoked: 2, valid: 3, no_self_cert: 4 }, /** Armor type * @enum {Integer} * @readonly */ armor: { multipart_section: 0, multipart_last: 1, signed: 2, message: 3, public_key: 4, private_key: 5 }, /** Asserts validity and converts from string/integer to integer. */ write: function(type, e) { if (typeof e == 'number') { e = this.read(type, e); } if (type[e] !== undefined) { return type[e]; } else throw new Error('Invalid enum value.'); }, /** Converts from an integer to string. */ read: function(type, e) { for (var i in type) if (type[i] == e) return i; throw new Error('Invalid enum value.'); } }; },{}],44:[function(require,module,exports){ 'use strict'; module.exports = require('./openpgp.js'); /** * @see module:key * @name module:openpgp.key */ module.exports.key = require('./key.js'); /** * @see module:message * @name module:openpgp.message */ module.exports.message = require('./message.js'); /** * @see module:cleartext * @name module:openpgp.cleartext */ module.exports.cleartext = require('./cleartext.js'); /** * @see module:util * @name module:openpgp.util */ module.exports.util = require('./util.js'); /** * @see module:packet * @name module:openpgp.packet */ module.exports.packet = require('./packet'); /** * @see module:type/mpi * @name module:openpgp.MPI */ module.exports.MPI = require('./type/mpi.js'); /** * @see module:type/s2k * @name module:openpgp.S2K */ module.exports.S2K = require('./type/s2k.js'); /** * @see module:type/keyid * @name module:openpgp.Keyid */ module.exports.Keyid = require('./type/keyid.js'); /** * @see module:encoding/armor * @name module:openpgp.armor */ module.exports.armor = require('./encoding/armor.js'); /** * @see module:enums * @name module:openpgp.enums */ module.exports.enums = require('./enums.js'); /** * @see module:config/config * @name module:openpgp.config */ module.exports.config = require('./config/config.js'); /** * @see module:crypto * @name module:openpgp.crypto */ module.exports.crypto = require('./crypto'); /** * @see module:keyring * @name module:openpgp.Keyring */ module.exports.Keyring = require('./keyring'); /** * @see module:worker/async_proxy * @name module:openpgp.AsyncProxy */ module.exports.AsyncProxy = require('./worker/async_proxy.js'); },{"./cleartext.js":12,"./config/config.js":16,"./crypto":32,"./encoding/armor.js":41,"./enums.js":43,"./key.js":45,"./keyring":46,"./message.js":49,"./openpgp.js":50,"./packet":53,"./type/keyid.js":71,"./type/mpi.js":72,"./type/s2k.js":73,"./util.js":74,"./worker/async_proxy.js":75}],45:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires config * @requires encoding/armor * @requires enums * @requires packet * @module key */ 'use strict'; var packet = require('./packet'), enums = require('./enums.js'), armor = require('./encoding/armor.js'), config = require('./config'), util = require('./util'); /** * @class * @classdesc Class that represents an OpenPGP key. Must contain a primary key. * Can contain additional subkeys, signatures, user ids, user attributes. * @param {module:packet/packetlist} packetlist The packets that form this key */ function Key(packetlist) { if (!(this instanceof Key)) { return new Key(packetlist); } // same data as in packetlist but in structured form this.primaryKey = null; this.revocationSignature = null; this.directSignatures = null; this.users = null; this.subKeys = null; this.packetlist2structure(packetlist); if (!this.primaryKey || !this.users) { throw new Error('Invalid key: need at least key and user ID packet'); } } /** * Transforms packetlist to structured key data * @param {module:packet/packetlist} packetlist The packets that form a key */ Key.prototype.packetlist2structure = function(packetlist) { var user, primaryKeyId, subKey; for (var i = 0; i < packetlist.length; i++) { switch (packetlist[i].tag) { case enums.packet.publicKey: case enums.packet.secretKey: this.primaryKey = packetlist[i]; primaryKeyId = this.primaryKey.getKeyId(); break; case enums.packet.userid: case enums.packet.userAttribute: user = new User(packetlist[i]); if (!this.users) this.users = []; this.users.push(user); break; case enums.packet.publicSubkey: case enums.packet.secretSubkey: user = null; if (!this.subKeys) this.subKeys = []; subKey = new SubKey(packetlist[i]); this.subKeys.push(subKey); break; case enums.packet.signature: switch (packetlist[i].signatureType) { case enums.signature.cert_generic: case enums.signature.cert_persona: case enums.signature.cert_casual: case enums.signature.cert_positive: if (!user) { util.print_debug('Dropping certification signatures without preceding user packet'); continue; } if (packetlist[i].issuerKeyId.equals(primaryKeyId)) { if (!user.selfCertifications) user.selfCertifications = []; user.selfCertifications.push(packetlist[i]); } else { if (!user.otherCertifications) user.otherCertifications = []; user.otherCertifications.push(packetlist[i]); } break; case enums.signature.cert_revocation: if (user) { if (!user.revocationCertifications) user.revocationCertifications = []; user.revocationCertifications.push(packetlist[i]); } else { if (!this.directSignatures) this.directSignatures = []; this.directSignatures.push(packetlist[i]); } break; case enums.signature.key: if (!this.directSignatures) this.directSignatures = []; this.directSignatures.push(packetlist[i]); break; case enums.signature.subkey_binding: if (!subKey) { util.print_debug('Dropping subkey binding signature without preceding subkey packet'); continue; } subKey.bindingSignature = packetlist[i]; break; case enums.signature.key_revocation: this.revocationSignature = packetlist[i]; break; case enums.signature.subkey_revocation: if (!subKey) { util.print_debug('Dropping subkey revocation signature without preceding subkey packet'); continue; } subKey.revocationSignature = packetlist[i]; break; } break; } } }; /** * Transforms structured key data to packetlist * @return {module:packet/packetlist} The packets that form a key */ Key.prototype.toPacketlist = function() { var packetlist = new packet.List(); packetlist.push(this.primaryKey); packetlist.push(this.revocationSignature); packetlist.concat(this.directSignatures); var i; for (i = 0; i < this.users.length; i++) { packetlist.concat(this.users[i].toPacketlist()); } if (this.subKeys) { for (i = 0; i < this.subKeys.length; i++) { packetlist.concat(this.subKeys[i].toPacketlist()); } } return packetlist; }; /** * Returns all the private and public subkey packets * @returns {Array<(module:packet/public_subkey|module:packet/secret_subkey)>} */ Key.prototype.getSubkeyPackets = function() { var subKeys = []; if (this.subKeys) { for (var i = 0; i < this.subKeys.length; i++) { subKeys.push(this.subKeys[i].subKey); } } return subKeys; }; /** * Returns all the private and public key and subkey packets * @returns {Array<(module:packet/public_subkey|module:packet/secret_subkey|module:packet/secret_key|module:packet/public_key)>} */ Key.prototype.getAllKeyPackets = function() { return [this.primaryKey].concat(this.getSubkeyPackets()); }; /** * Returns key IDs of all key packets * @returns {Array} */ Key.prototype.getKeyIds = function() { var keyIds = []; var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { keyIds.push(keys[i].getKeyId()); } return keyIds; }; /** * Returns first key packet for given array of key IDs * @param {Array} keyIds * @return {(module:packet/public_subkey|module:packet/public_key| * module:packet/secret_subkey|module:packet/secret_key|null)} */ Key.prototype.getKeyPacket = function(keyIds) { var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { var keyId = keys[i].getKeyId(); for (var j = 0; j < keyIds.length; j++) { if (keyId.equals(keyIds[j])) { return keys[i]; } } } return null; }; /** * Returns userids * @return {Array} array of userids */ Key.prototype.getUserIds = function() { var userids = []; for (var i = 0; i < this.users.length; i++) { if (this.users[i].userId) { userids.push(this.users[i].userId.write()); } } return userids; }; /** * Returns true if this is a public key * @return {Boolean} */ Key.prototype.isPublic = function() { return this.primaryKey.tag == enums.packet.publicKey; }; /** * Returns true if this is a private key * @return {Boolean} */ Key.prototype.isPrivate = function() { return this.primaryKey.tag == enums.packet.secretKey; }; /** * Returns key as public key (shallow copy) * @return {module:key~Key} new public Key */ Key.prototype.toPublic = function() { var packetlist = new packet.List(); var keyPackets = this.toPacketlist(); var bytes; for (var i = 0; i < keyPackets.length; i++) { switch (keyPackets[i].tag) { case enums.packet.secretKey: bytes = keyPackets[i].writePublicKey(); var pubKeyPacket = new packet.PublicKey(); pubKeyPacket.read(bytes); packetlist.push(pubKeyPacket); break; case enums.packet.secretSubkey: bytes = keyPackets[i].writePublicKey(); var pubSubkeyPacket = new packet.PublicSubkey(); pubSubkeyPacket.read(bytes); packetlist.push(pubSubkeyPacket); break; default: packetlist.push(keyPackets[i]); } } return new Key(packetlist); }; /** * Returns ASCII armored text of key * @return {String} ASCII armor */ Key.prototype.armor = function() { var type = this.isPublic() ? enums.armor.public_key : enums.armor.private_key; return armor.encode(type, this.toPacketlist().write()); }; /** * Returns first key packet or key packet by given keyId that is available for signing or signature verification * @param {module:type/keyid} keyId, optional * @return {(module:packet/secret_subkey|module:packet/secret_key|null)} key packet or null if no signing key has been found */ Key.prototype.getSigningKeyPacket = function(keyId) { var primaryUser = this.getPrimaryUser(); if (primaryUser && isValidSigningKeyPacket(this.primaryKey, primaryUser.selfCertificate) && (!keyId || this.primaryKey.getKeyId().equals(keyId))) { return this.primaryKey; } if (this.subKeys) { for (var i = 0; i < this.subKeys.length; i++) { if (this.subKeys[i].isValidSigningKey(this.primaryKey) && (!keyId || this.subKeys[i].subKey.getKeyId().equals(keyId))) { return this.subKeys[i].subKey; } } } return null; }; /** * Returns preferred signature hash algorithm of this key * @return {String} */ Key.prototype.getPreferredHashAlgorithm = function() { var primaryUser = this.getPrimaryUser(); if (primaryUser && primaryUser.selfCertificate.preferredHashAlgorithms) { return primaryUser.selfCertificate.preferredHashAlgorithms[0]; } return config.prefer_hash_algorithm; }; function isValidEncryptionKeyPacket(keyPacket, signature) { return keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.dsa) && keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.rsa_sign) && (!signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & enums.keyFlags.encrypt_storage) !== 0); } function isValidSigningKeyPacket(keyPacket, signature) { return (keyPacket.algorithm == enums.read(enums.publicKey, enums.publicKey.dsa) || keyPacket.algorithm == enums.read(enums.publicKey, enums.publicKey.rsa_sign) || keyPacket.algorithm == enums.read(enums.publicKey, enums.publicKey.rsa_encrypt_sign)) && (!signature.keyFlags || (signature.keyFlags[0] & enums.keyFlags.sign_data) !== 0); } /** * Returns the first valid encryption key packet for this key * @returns {(module:packet/public_subkey|module:packet/secret_subkey|module:packet/secret_key|module:packet/public_key|null)} key packet or null if no encryption key has been found */ Key.prototype.getEncryptionKeyPacket = function() { // V4: by convention subkeys are prefered for encryption service // V3: keys MUST NOT have subkeys if (this.subKeys) { for (var i = 0; i < this.subKeys.length; i++) { if (this.subKeys[i].isValidEncryptionKey(this.primaryKey)) { return this.subKeys[i].subKey; } } } // if no valid subkey for encryption, evaluate primary key var primaryUser = this.getPrimaryUser(); if (primaryUser && isValidEncryptionKeyPacket(this.primaryKey, primaryUser.selfCertificate)) { return this.primaryKey; } return null; }; /** * Decrypts all secret key and subkey packets * @param {String} passphrase * @return {Boolean} true if all key and subkey packets decrypted successfully */ Key.prototype.decrypt = function(passphrase) { if (this.isPrivate()) { var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { var success = keys[i].decrypt(passphrase); if (!success) return false; } } else { throw new Error("Nothing to decrypt in a public key"); } return true; }; /** * Decrypts specific key packets by key ID * @param {Array} keyIds * @param {String} passphrase * @return {Boolean} true if all key packets decrypted successfully */ Key.prototype.decryptKeyPacket = function(keyIds, passphrase) { if (this.isPrivate()) { var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { var keyId = keys[i].getKeyId(); for (var j = 0; j < keyIds.length; j++) { if (keyId.equals(keyIds[j])) { var success = keys[i].decrypt(passphrase); if (!success) return false; } } } } else { throw new Error("Nothing to decrypt in a public key"); } return true; }; /** * Verify primary key. Checks for revocation signatures, expiration time * and valid self signature * @return {module:enums.keyStatus} The status of the primary key */ Key.prototype.verifyPrimaryKey = function() { // check revocation signature if (this.revocationSignature && !this.revocationSignature.isExpired() && (this.revocationSignature.verified || this.revocationSignature.verify(this.primaryKey, {key: this.primaryKey}))) { return enums.keyStatus.revoked; } // check V3 expiration time if (this.primaryKey.version == 3 && this.primaryKey.expirationTimeV3 !== 0 && Date.now() > (this.primaryKey.created.getTime() + this.primaryKey.expirationTimeV3*24*3600*1000)) { return enums.keyStatus.expired; } // check for at least one self signature. Self signature of user ID not mandatory // See {@link http://tools.ietf.org/html/rfc4880#section-11.1} var selfSigned = false; for (var i = 0; i < this.users.length; i++) { if (this.users[i].userId && this.users[i].selfCertifications) { selfSigned = true; } } if (!selfSigned) { return enums.keyStatus.no_self_cert; } // check for valid self signature var primaryUser = this.getPrimaryUser(); if (!primaryUser) { return enums.keyStatus.invalid; } // check V4 expiration time if (this.primaryKey.version == 4 && primaryUser.selfCertificate.keyNeverExpires === false && Date.now() > (this.primaryKey.created.getTime() + primaryUser.selfCertificate.keyExpirationTime*1000)) { return enums.keyStatus.expired; } return enums.keyStatus.valid; }; /** * Returns the expiration time of the primary key or null if key does not expire * @return {Date|null} */ Key.prototype.getExpirationTime = function() { if (this.primaryKey.version == 3) { return getExpirationTime(this.primaryKey); } if (this.primaryKey.version == 4) { var primaryUser = this.getPrimaryUser(); if (!primaryUser) { return null; } return getExpirationTime(this.primaryKey, primaryUser.selfCertificate); } }; function getExpirationTime(keyPacket, selfCertificate) { // check V3 expiration time if (keyPacket.version == 3 && keyPacket.expirationTimeV3 !== 0) { return new Date(keyPacket.created.getTime() + keyPacket.expirationTimeV3*24*3600*1000); } // check V4 expiration time if (keyPacket.version == 4 && selfCertificate.keyNeverExpires === false) { return new Date(keyPacket.created.getTime() + selfCertificate.keyExpirationTime*1000); } return null; } /** * Returns primary user and most significant (latest valid) self signature * - if multiple users are marked as primary users returns the one with the latest self signature * - if no primary user is found returns the user with the latest self signature * @return {{user: Array, selfCertificate: Array}|null} The primary user and the self signature */ Key.prototype.getPrimaryUser = function() { var primUser = []; for (var i = 0; i < this.users.length; i++) { if (!this.users[i].userId || !this.users[i].selfCertifications) { continue; } for (var j = 0; j < this.users[i].selfCertifications.length; j++) { primUser.push({user: this.users[i], selfCertificate: this.users[i].selfCertifications[j]}); } } // sort by primary user flag and signature creation time primUser = primUser.sort(function(a, b) { if (a.selfCertificate.isPrimaryUserID > b.selfCertificate.isPrimaryUserID) { return -1; } else if (a.selfCertificate.isPrimaryUserID < b.selfCertificate.isPrimaryUserID) { return 1; } else if (a.selfCertificate.created > b.selfCertificate.created) { return -1; } else if (a.selfCertificate.created < b.selfCertificate.created) { return 1; } else { return 0; } }); // return first valid for (var i = 0; i < primUser.length; i++) { if (primUser[i].user.isValidSelfCertificate(this.primaryKey, primUser[i].selfCertificate)) { return primUser[i]; } } return null; }; /** * Update key with new components from specified key with same key ID: * users, subkeys, certificates are merged into the destination key, * duplicates are ignored. * If the specified key is a private key and the destination key is public, * the destination key is tranformed to a private key. * @param {module:key~Key} key source key to merge */ Key.prototype.update = function(key) { var that = this; if (key.verifyPrimaryKey() === enums.keyStatus.invalid) { return; } if (this.primaryKey.getFingerprint() !== key.primaryKey.getFingerprint()) { throw new Error('Key update method: fingerprints of keys not equal'); } if (this.isPublic() && key.isPrivate()) { // check for equal subkey packets var equal = ((this.subKeys && this.subKeys.length) === (key.subKeys && key.subKeys.length)) && (!this.subKeys || this.subKeys.every(function(destSubKey) { return key.subKeys.some(function(srcSubKey) { return destSubKey.subKey.getFingerprint() === srcSubKey.subKey.getFingerprint(); }); })); if (!equal) { throw new Error('Cannot update public key with private key if subkey mismatch'); } this.primaryKey = key.primaryKey; } // revocation signature if (!this.revocationSignature && key.revocationSignature && !key.revocationSignature.isExpired() && (key.revocationSignature.verified || key.revocationSignature.verify(key.primaryKey, {key: key.primaryKey}))) { this.revocationSignature = key.revocationSignature; } // direct signatures mergeSignatures(key, this, 'directSignatures'); // users key.users.forEach(function(srcUser) { var found = false; for (var i = 0; i < that.users.length; i++) { if (srcUser.userId && (srcUser.userId.userid === that.users[i].userId.userid) || srcUser.userAttribute && (srcUser.userAttribute.equals(that.users[i].userAttribute))) { that.users[i].update(srcUser, that.primaryKey); found = true; break; } } if (!found) { that.users.push(srcUser); } }); // subkeys if (key.subKeys) { key.subKeys.forEach(function(srcSubKey) { var found = false; for (var i = 0; i < that.subKeys.length; i++) { if (srcSubKey.subKey.getFingerprint() === that.subKeys[i].subKey.getFingerprint()) { that.subKeys[i].update(srcSubKey, that.primaryKey); found = true; break; } } if (!found) { that.subKeys.push(srcSubKey); } }); } }; /** * Merges signatures from source[attr] to dest[attr] * @private * @param {Object} source * @param {Object} dest * @param {String} attr * @param {Function} checkFn optional, signature only merged if true */ function mergeSignatures(source, dest, attr, checkFn) { source = source[attr]; if (source) { if (!dest[attr]) { dest[attr] = source; } else { source.forEach(function(sourceSig) { if (!sourceSig.isExpired() && (!checkFn || checkFn(sourceSig)) && !dest[attr].some(function(destSig) { return destSig.signature === sourceSig.signature; })) { dest[attr].push(sourceSig); } }); } } } // TODO Key.prototype.revoke = function() { }; /** * @class * @classdesc Class that represents an user ID or attribute packet and the relevant signatures. */ function User(userPacket) { if (!(this instanceof User)) { return new User(userPacket); } this.userId = userPacket.tag == enums.packet.userid ? userPacket : null; this.userAttribute = userPacket.tag == enums.packet.userAttribute ? userPacket : null; this.selfCertifications = null; this.otherCertifications = null; this.revocationCertifications = null; } /** * Transforms structured user data to packetlist * @return {module:packet/packetlist} */ User.prototype.toPacketlist = function() { var packetlist = new packet.List(); packetlist.push(this.userId || this.userAttribute); packetlist.concat(this.revocationCertifications); packetlist.concat(this.selfCertifications); packetlist.concat(this.otherCertifications); return packetlist; }; /** * Checks if a self signature of the user is revoked * @param {module:packet/signature} certificate * @param {module:packet/secret_key|module:packet/public_key} primaryKey The primary key packet * @return {Boolean} True if the certificate is revoked */ User.prototype.isRevoked = function(certificate, primaryKey) { if (this.revocationCertifications) { var that = this; return this.revocationCertifications.some(function(revCert) { return revCert.issuerKeyId.equals(certificate.issuerKeyId) && !revCert.isExpired() && (revCert.verified || revCert.verify(primaryKey, {userid: that.userId || that.userAttribute, key: primaryKey})); }); } else { return false; } }; /** * Returns the most significant (latest valid) self signature of the user * @param {module:packet/secret_key|module:packet/public_key} primaryKey The primary key packet * @return {module:packet/signature} The self signature */ User.prototype.getValidSelfCertificate = function(primaryKey) { if (!this.selfCertifications) { return null; } // most recent first var validCert = this.selfCertifications.sort(function(a, b) { a = a.created; b = b.created; return a>b ? -1 : a (this.subKey.created.getTime() + this.subKey.expirationTimeV3*24*3600*1000)) { return enums.keyStatus.expired; } // check subkey binding signature if (!this.bindingSignature) { return enums.keyStatus.invalid; } if (this.bindingSignature.isExpired()) { return enums.keyStatus.expired; } if (!(this.bindingSignature.verified || this.bindingSignature.verify(primaryKey, {key: primaryKey, bind: this.subKey}))) { return enums.keyStatus.invalid; } // check V4 expiration time if (this.subKey.version == 4 && this.bindingSignature.keyNeverExpires === false && Date.now() > (this.subKey.created.getTime() + this.bindingSignature.keyExpirationTime*1000)) { return enums.keyStatus.expired; } return enums.keyStatus.valid; }; /** * Returns the expiration time of the subkey or null if key does not expire * @return {Date|null} */ SubKey.prototype.getExpirationTime = function() { return getExpirationTime(this.subKey, this.bindingSignature); }; /** * Update subkey with new components from specified subkey * @param {module:key~SubKey} subKey source subkey to merge * @param {module:packet/signature} primaryKey primary key used for validation */ SubKey.prototype.update = function(subKey, primaryKey) { if (subKey.verify(primaryKey) === enums.keyStatus.invalid) { return; } if (this.subKey.getFingerprint() !== subKey.subKey.getFingerprint()) { throw new Error('SubKey update method: fingerprints of subkeys not equal'); } // key packet if (this.subKey.tag === enums.packet.publicSubkey && subKey.subKey.tag === enums.packet.secretSubkey) { this.subKey = subKey.subKey; } // binding signature if (!this.bindingSignature && subKey.bindingSignature && (subKey.bindingSignature.verified || subKey.bindingSignature.verify(primaryKey, {key: primaryKey, bind: this.subKey}))) { this.bindingSignature = subKey.bindingSignature; } // revocation signature if (!this.revocationSignature && subKey.revocationSignature && !subKey.revocationSignature.isExpired() && (subKey.revocationSignature.verified || subKey.revocationSignature.verify(primaryKey, {key: primaryKey, bind: this.subKey}))) { this.revocationSignature = subKey.revocationSignature; } }; /** * Reads an OpenPGP armored text and returns one or multiple key objects * @param {String} armoredText text to be parsed * @return {{keys: Array, err: (Array|null)}} result object with key and error arrays * @static */ function readArmored(armoredText) { var result = {}; result.keys = []; try { var input = armor.decode(armoredText); if (!(input.type == enums.armor.public_key || input.type == enums.armor.private_key)) { throw new Error('Armored text not of type key'); } var packetlist = new packet.List(); packetlist.read(input.data); var keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey); if (keyIndex.length === 0) { throw new Error('No key packet found in armored text'); } for (var i = 0; i < keyIndex.length; i++) { var oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); try { var newKey = new Key(oneKeyList); result.keys.push(newKey); } catch (e) { result.err = result.err || []; result.err.push(e); } } } catch (e) { result.err = result.err || []; result.err.push(e); } return result; } /** * Generates a new OpenPGP key. Currently only supports RSA keys. * Primary and subkey will be of same type. * @param {module:enums.publicKey} [options.keyType=module:enums.publicKey.rsa_encrypt_sign] to indicate what type of key to make. * RSA is 1. See {@link http://tools.ietf.org/html/rfc4880#section-9.1} * @param {Integer} options.numBits number of bits for the key creation. * @param {String} options.userId assumes already in form of "User Name " * @param {String} options.passphrase The passphrase used to encrypt the resulting private key * @param {Boolean} [options.unlocked=false] The secret part of the generated key is unlocked * @return {module:key~Key} * @static */ function generate(options) { var packetlist, secretKeyPacket, userIdPacket, dataToSign, signaturePacket, secretSubkeyPacket, subkeySignaturePacket; options.keyType = options.keyType || enums.publicKey.rsa_encrypt_sign; // RSA Encrypt-Only and RSA Sign-Only are deprecated and SHOULD NOT be generated if (options.keyType !== enums.publicKey.rsa_encrypt_sign) { throw new Error('Only RSA Encrypt or Sign supported'); } // Key without passphrase is unlocked by definition if (!options.passphrase) { options.unlocked = true; } // generate var genSecretKey = generateSecretKey(); var genSecretSubkey = generateSecretSubkey(); return Promise.all([genSecretKey, genSecretSubkey]).then(wrapKeyObject); function generateSecretKey() { secretKeyPacket = new packet.SecretKey(); secretKeyPacket.algorithm = enums.read(enums.publicKey, options.keyType); return secretKeyPacket.generate(options.numBits); } function generateSecretSubkey() { secretSubkeyPacket = new packet.SecretSubkey(); secretSubkeyPacket.algorithm = enums.read(enums.publicKey, options.keyType); return secretSubkeyPacket.generate(options.numBits); } function wrapKeyObject() { // set passphrase protection if (options.passphrase) { secretKeyPacket.encrypt(options.passphrase); secretSubkeyPacket.encrypt(options.passphrase); } packetlist = new packet.List(); userIdPacket = new packet.Userid(); userIdPacket.read(options.userId); dataToSign = {}; dataToSign.userid = userIdPacket; dataToSign.key = secretKeyPacket; signaturePacket = new packet.Signature(); signaturePacket.signatureType = enums.signature.cert_generic; signaturePacket.publicKeyAlgorithm = options.keyType; signaturePacket.hashAlgorithm = config.prefer_hash_algorithm; signaturePacket.keyFlags = [enums.keyFlags.certify_keys | enums.keyFlags.sign_data]; signaturePacket.preferredSymmetricAlgorithms = []; signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.aes256); signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.aes192); signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.aes128); signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.cast5); signaturePacket.preferredSymmetricAlgorithms.push(enums.symmetric.tripledes); signaturePacket.preferredHashAlgorithms = []; signaturePacket.preferredHashAlgorithms.push(enums.hash.sha256); signaturePacket.preferredHashAlgorithms.push(enums.hash.sha1); signaturePacket.preferredHashAlgorithms.push(enums.hash.sha512); signaturePacket.preferredCompressionAlgorithms = []; signaturePacket.preferredCompressionAlgorithms.push(enums.compression.zlib); signaturePacket.preferredCompressionAlgorithms.push(enums.compression.zip); if (config.integrity_protect) { signaturePacket.features = []; signaturePacket.features.push(1); // Modification Detection } signaturePacket.sign(secretKeyPacket, dataToSign); dataToSign = {}; dataToSign.key = secretKeyPacket; dataToSign.bind = secretSubkeyPacket; subkeySignaturePacket = new packet.Signature(); subkeySignaturePacket.signatureType = enums.signature.subkey_binding; subkeySignaturePacket.publicKeyAlgorithm = options.keyType; subkeySignaturePacket.hashAlgorithm = config.prefer_hash_algorithm; subkeySignaturePacket.keyFlags = [enums.keyFlags.encrypt_communication | enums.keyFlags.encrypt_storage]; subkeySignaturePacket.sign(secretKeyPacket, dataToSign); packetlist.push(secretKeyPacket); packetlist.push(userIdPacket); packetlist.push(signaturePacket); packetlist.push(secretSubkeyPacket); packetlist.push(subkeySignaturePacket); if (!options.unlocked) { secretKeyPacket.clearPrivateMPIs(); secretSubkeyPacket.clearPrivateMPIs(); } return new Key(packetlist); } } /** * Returns the preferred symmetric algorithm for a set of keys * @param {Array} keys Set of keys * @return {enums.symmetric} Preferred symmetric algorithm */ function getPreferredSymAlgo(keys) { var prioMap = {}; for (var i = 0; i < keys.length; i++) { var primaryUser = keys[i].getPrimaryUser(); if (!primaryUser || !primaryUser.selfCertificate.preferredSymmetricAlgorithms) { return config.encryption_cipher; } primaryUser.selfCertificate.preferredSymmetricAlgorithms.forEach(function(algo, index) { var entry = prioMap[algo] || (prioMap[algo] = {prio: 0, count: 0, algo: algo}); entry.prio += 64 >> index; entry.count++; }); } var prefAlgo = {prio: 0, algo: config.encryption_cipher}; for (var algo in prioMap) { try { if (algo !== enums.symmetric.plaintext && algo !== enums.symmetric.idea && // not implemented enums.read(enums.symmetric, algo) && // known algorithm prioMap[algo].count === keys.length && // available for all keys prioMap[algo].prio > prefAlgo.prio) { prefAlgo = prioMap[algo]; } } catch (e) {} } return prefAlgo.algo; } exports.Key = Key; exports.readArmored = readArmored; exports.generate = generate; exports.getPreferredSymAlgo = getPreferredSymAlgo; },{"./config":17,"./encoding/armor.js":41,"./enums.js":43,"./packet":53,"./util":74}],46:[function(require,module,exports){ /** * @see module:keyring/keyring * @module keyring */ module.exports = require('./keyring.js'); module.exports.localstore = require('./localstore.js'); },{"./keyring.js":47,"./localstore.js":48}],47:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * The class that deals with storage of the keyring. Currently the only option is to use HTML5 local storage. * @requires enums * @requires key * @requires util * @module keyring/keyring */ var enums = require('../enums.js'), keyModule = require('../key.js'), util = require('../util.js'); module.exports = Keyring; /** * Initialization routine for the keyring. This method reads the * keyring from HTML5 local storage and initializes this instance. * @constructor * @param {class} [storeHandler] class implementing load() and store() methods */ function Keyring(storeHandler) { this.storeHandler = storeHandler || new (require('./localstore.js'))(); this.publicKeys = new KeyArray(this.storeHandler.loadPublic()); this.privateKeys = new KeyArray(this.storeHandler.loadPrivate()); } /** * Calls the storeHandler to save the keys */ Keyring.prototype.store = function () { this.storeHandler.storePublic(this.publicKeys.keys); this.storeHandler.storePrivate(this.privateKeys.keys); }; /** * Clear the keyring - erase all the keys */ Keyring.prototype.clear = function() { this.publicKeys.keys = []; this.privateKeys.keys = []; }; /** * Searches the keyring for keys having the specified key id * @param {String} keyId provided as string of lowercase hex number * withouth 0x prefix (can be 16-character key ID or fingerprint) * @param {Boolean} deep if true search also in subkeys * @return {Array|null} keys found or null */ Keyring.prototype.getKeysForId = function (keyId, deep) { var result = []; result = result.concat(this.publicKeys.getForId(keyId, deep) || []); result = result.concat(this.privateKeys.getForId(keyId, deep) || []); return result.length ? result : null; }; /** * Removes keys having the specified key id from the keyring * @param {String} keyId provided as string of lowercase hex number * withouth 0x prefix (can be 16-character key ID or fingerprint) * @return {Array|null} keys found or null */ Keyring.prototype.removeKeysForId = function (keyId) { var result = []; result = result.concat(this.publicKeys.removeForId(keyId) || []); result = result.concat(this.privateKeys.removeForId(keyId) || []); return result.length ? result : null; }; /** * Get all public and private keys * @return {Array} all keys */ Keyring.prototype.getAllKeys = function () { return this.publicKeys.keys.concat(this.privateKeys.keys); }; /** * Array of keys * @param {Array} keys The keys to store in this array */ function KeyArray(keys) { this.keys = keys; } /** * Searches all keys in the KeyArray matching the address or address part of the user ids * @param {String} email email address to search for * @return {Array} The public keys associated with provided email address. */ KeyArray.prototype.getForAddress = function(email) { var results = []; for (var i = 0; i < this.keys.length; i++) { if (emailCheck(email, this.keys[i])) { results.push(this.keys[i]); } } return results; }; /** * Checks a key to see if it matches the specified email address * @private * @param {String} email email address to search for * @param {module:key~Key} key The key to be checked. * @return {Boolean} True if the email address is defined in the specified key */ function emailCheck(email, key) { // escape email before using in regular expression email = email.toLowerCase().replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); var emailRegex = new RegExp('<' + email + '>'); var keyEmails = key.getUserIds(); for (var i = 0; i < keyEmails.length; i++) { if (emailRegex.test(keyEmails[i].toLowerCase())) { return true; } } return false; } /** * Checks a key to see if it matches the specified keyid * @private * @param {String} keyId provided as string of lowercase hex number * withouth 0x prefix (can be 16-character key ID or fingerprint) * @param {module:packet/secret_key|public_key|public_subkey|secret_subkey} keypacket The keypacket to be checked * @return {Boolean} True if keypacket has the specified keyid */ function keyIdCheck(keyId, keypacket) { if (keyId.length === 16) { return keyId === keypacket.getKeyId().toHex(); } else { return keyId === keypacket.getFingerprint(); } } /** * Searches the KeyArray for a key having the specified key id * @param {String} keyId provided as string of lowercase hex number * withouth 0x prefix (can be 16-character key ID or fingerprint) * @param {Boolean} deep if true search also in subkeys * @return {module:key~Key|null} key found or null */ KeyArray.prototype.getForId = function (keyId, deep) { for (var i = 0; i < this.keys.length; i++) { if (keyIdCheck(keyId, this.keys[i].primaryKey)) { return this.keys[i]; } if (deep && this.keys[i].subKeys) { for (var j = 0; j < this.keys[i].subKeys.length; j++) { if (keyIdCheck(keyId, this.keys[i].subKeys[j].subKey)) { return this.keys[i]; } } } } return null; }; /** * Imports a key from an ascii armored message * @param {String} armored message to read the keys/key from * @return {Array|null} array of error objects or null */ KeyArray.prototype.importKey = function (armored) { var imported = keyModule.readArmored(armored); var that = this; imported.keys.forEach(function(key) { // check if key already in key array var keyidHex = key.primaryKey.getKeyId().toHex(); var keyFound = that.getForId(keyidHex); if (keyFound) { keyFound.update(key); } else { that.push(key); } }); return imported.err ? imported.err : null; }; /** * Add key to KeyArray * @param {module:key~Key} key The key that will be added to the keyring * @return {Number} The new length of the KeyArray */ KeyArray.prototype.push = function (key) { return this.keys.push(key); }; /** * Removes a key with the specified keyid from the keyring * @param {String} keyId provided as string of lowercase hex number * withouth 0x prefix (can be 16-character key ID or fingerprint) * @return {module:key~Key|null} The key object which has been removed or null */ KeyArray.prototype.removeForId = function (keyId) { for (var i = 0; i < this.keys.length; i++) { if (keyIdCheck(keyId, this.keys[i].primaryKey)) { return this.keys.splice(i, 1)[0]; } } return null; }; },{"../enums.js":43,"../key.js":45,"../util.js":74,"./localstore.js":48}],48:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * The class that deals with storage of the keyring. Currently the only option is to use HTML5 local storage. * @requires config * @module keyring/localstore * @param {String} prefix prefix for itemnames in localstore */ module.exports = LocalStore; var config = require('../config'), keyModule = require('../key.js'), util = require('../util.js'); function LocalStore(prefix) { prefix = prefix || 'openpgp-'; this.publicKeysItem = prefix + this.publicKeysItem; this.privateKeysItem = prefix + this.privateKeysItem; if (typeof window != 'undefined' && window.localStorage) { this.storage = window.localStorage; } else { this.storage = new (require('node-localstorage').LocalStorage)(config.node_store); } } /* * Declare the localstore itemnames */ LocalStore.prototype.publicKeysItem = 'public-keys'; LocalStore.prototype.privateKeysItem = 'private-keys'; /** * Load the public keys from HTML5 local storage. * @return {Array} array of keys retrieved from localstore */ LocalStore.prototype.loadPublic = function () { return loadKeys(this.storage, this.publicKeysItem); }; /** * Load the private keys from HTML5 local storage. * @return {Array} array of keys retrieved from localstore */ LocalStore.prototype.loadPrivate = function () { return loadKeys(this.storage, this.privateKeysItem); }; function loadKeys(storage, itemname) { var armoredKeys = JSON.parse(storage.getItem(itemname)); var keys = []; if (armoredKeys !== null && armoredKeys.length !== 0) { var key; for (var i = 0; i < armoredKeys.length; i++) { key = keyModule.readArmored(armoredKeys[i]); if (!key.err) { keys.push(key.keys[0]); } else { util.print_debug("Error reading armored key from keyring index: " + i); } } } return keys; } /** * Saves the current state of the public keys to HTML5 local storage. * The key array gets stringified using JSON * @param {Array} keys array of keys to save in localstore */ LocalStore.prototype.storePublic = function (keys) { storeKeys(this.storage, this.publicKeysItem, keys); }; /** * Saves the current state of the private keys to HTML5 local storage. * The key array gets stringified using JSON * @param {Array} keys array of keys to save in localstore */ LocalStore.prototype.storePrivate = function (keys) { storeKeys(this.storage, this.privateKeysItem, keys); }; function storeKeys(storage, itemname, keys) { var armoredKeys = []; for (var i = 0; i < keys.length; i++) { armoredKeys.push(keys[i].armor()); } storage.setItem(itemname, JSON.stringify(armoredKeys)); } },{"../config":17,"../key.js":45,"../util.js":74,"node-localstorage":false}],49:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires config * @requires crypto * @requires encoding/armor * @requires enums * @requires packet * @module message */ 'use strict'; var packet = require('./packet'), enums = require('./enums.js'), armor = require('./encoding/armor.js'), config = require('./config'), crypto = require('./crypto'), keyModule = require('./key.js'); /** * @class * @classdesc Class that represents an OpenPGP message. * Can be an encrypted message, signed message, compressed message or literal message * @param {module:packet/packetlist} packetlist The packets that form this message * See {@link http://tools.ietf.org/html/rfc4880#section-11.3} */ function Message(packetlist) { if (!(this instanceof Message)) { return new Message(packetlist); } this.packets = packetlist || new packet.List(); } /** * Returns the key IDs of the keys to which the session key is encrypted * @return {Array} array of keyid objects */ Message.prototype.getEncryptionKeyIds = function() { var keyIds = []; var pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); pkESKeyPacketlist.forEach(function(packet) { keyIds.push(packet.publicKeyId); }); return keyIds; }; /** * Returns the key IDs of the keys that signed the message * @return {Array} array of keyid objects */ Message.prototype.getSigningKeyIds = function() { var keyIds = []; var msg = this.unwrapCompressed(); // search for one pass signatures var onePassSigList = msg.packets.filterByTag(enums.packet.onePassSignature); onePassSigList.forEach(function(packet) { keyIds.push(packet.signingKeyId); }); // if nothing found look for signature packets if (!keyIds.length) { var signatureList = msg.packets.filterByTag(enums.packet.signature); signatureList.forEach(function(packet) { keyIds.push(packet.issuerKeyId); }); } return keyIds; }; /** * Decrypt the message * @param {module:key~Key} privateKey private key with decrypted secret data * @return {Array} new message with decrypted content */ Message.prototype.decrypt = function(privateKey) { var encryptionKeyIds = this.getEncryptionKeyIds(); if (!encryptionKeyIds.length) { // nothing to decrypt return unmodified message return this; } var privateKeyPacket = privateKey.getKeyPacket(encryptionKeyIds); if (!privateKeyPacket.isDecrypted) throw new Error('Private key is not decrypted.'); var pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey); var pkESKeyPacket; for (var i = 0; i < pkESKeyPacketlist.length; i++) { if (pkESKeyPacketlist[i].publicKeyId.equals(privateKeyPacket.getKeyId())) { pkESKeyPacket = pkESKeyPacketlist[i]; pkESKeyPacket.decrypt(privateKeyPacket); break; } } if (pkESKeyPacket) { var symEncryptedPacketlist = this.packets.filterByTag(enums.packet.symmetricallyEncrypted, enums.packet.symEncryptedIntegrityProtected); if (symEncryptedPacketlist.length !== 0) { var symEncryptedPacket = symEncryptedPacketlist[0]; symEncryptedPacket.decrypt(pkESKeyPacket.sessionKeyAlgorithm, pkESKeyPacket.sessionKey); var resultMsg = new Message(symEncryptedPacket.packets); // remove packets after decryption symEncryptedPacket.packets = new packet.List(); return resultMsg; } } }; /** * Get literal data that is the body of the message * @return {(String|null)} literal body of the message as string */ Message.prototype.getLiteralData = function() { var literal = this.packets.findPacket(enums.packet.literal); return literal && literal.data || null; }; /** * Get literal data as text * @return {(String|null)} literal body of the message interpreted as text */ Message.prototype.getText = function() { var literal = this.packets.findPacket(enums.packet.literal); if (literal) { return literal.getText(); } else { return null; } }; /** * Encrypt the message * @param {Array} keys array of keys, used to encrypt the message * @return {Array} new message with encrypted content */ Message.prototype.encrypt = function(keys) { var packetlist = new packet.List(); var symAlgo = keyModule.getPreferredSymAlgo(keys); var sessionKey = crypto.generateSessionKey(enums.read(enums.symmetric, symAlgo)); keys.forEach(function(key) { var encryptionKeyPacket = key.getEncryptionKeyPacket(); if (encryptionKeyPacket) { var pkESKeyPacket = new packet.PublicKeyEncryptedSessionKey(); pkESKeyPacket.publicKeyId = encryptionKeyPacket.getKeyId(); pkESKeyPacket.publicKeyAlgorithm = encryptionKeyPacket.algorithm; pkESKeyPacket.sessionKey = sessionKey; pkESKeyPacket.sessionKeyAlgorithm = enums.read(enums.symmetric, symAlgo); pkESKeyPacket.encrypt(encryptionKeyPacket); packetlist.push(pkESKeyPacket); } else { throw new Error('Could not find valid key packet for encryption in key ' + key.primaryKey.getKeyId().toHex()); } }); var symEncryptedPacket; if (config.integrity_protect) { symEncryptedPacket = new packet.SymEncryptedIntegrityProtected(); } else { symEncryptedPacket = new packet.SymmetricallyEncrypted(); } symEncryptedPacket.packets = this.packets; symEncryptedPacket.encrypt(enums.read(enums.symmetric, symAlgo), sessionKey); packetlist.push(symEncryptedPacket); // remove packets after encryption symEncryptedPacket.packets = new packet.List(); return new Message(packetlist); }; /** * Encrypt the message symmetrically using a passphrase. * https://tools.ietf.org/html/rfc4880#section-3.7.2.2 * @param {String} passphrase * @return {Array} new message with encrypted content */ Message.prototype.symEncrypt = function(passphrase) { if (!passphrase) { throw new Error('The passphrase cannot be empty!'); } var algo = enums.read(enums.symmetric, config.encryption_cipher); var packetlist = new packet.List(); // create a Symmetric-key Encrypted Session Key (ESK) var symESKPacket = new packet.SymEncryptedSessionKey(); symESKPacket.sessionKeyAlgorithm = algo; symESKPacket.decrypt(passphrase); // generate the session key packetlist.push(symESKPacket); // create integrity protected packet var symEncryptedPacket = new packet.SymEncryptedIntegrityProtected(); symEncryptedPacket.packets = this.packets; symEncryptedPacket.encrypt(algo, symESKPacket.sessionKey); packetlist.push(symEncryptedPacket); // remove packets after encryption symEncryptedPacket.packets = new packet.List(); return new Message(packetlist); }; /** * Decrypt the message symmetrically using a passphrase. * https://tools.ietf.org/html/rfc4880#section-3.7.2.2 * @param {String} passphrase * @return {Array} new message with decrypted content */ Message.prototype.symDecrypt = function(passphrase) { var symEncryptedPacketlist = this.packets.filterByTag(enums.packet.symEncryptedSessionKey, enums.packet.symEncryptedIntegrityProtected); // decrypt Symmetric-key Encrypted Session Key (ESK) var symESKPacket = symEncryptedPacketlist[0]; symESKPacket.decrypt(passphrase); // decrypt integrity protected packet var symEncryptedPacket = symEncryptedPacketlist[1]; symEncryptedPacket.decrypt(symESKPacket.sessionKeyAlgorithm, symESKPacket.sessionKey); var resultMsg = new Message(symEncryptedPacket.packets); // remove packets after decryption symEncryptedPacket.packets = new packet.List(); return resultMsg; }; /** * Sign the message (the literal data packet of the message) * @param {Array} privateKey private keys with decrypted secret key data for signing * @return {module:message~Message} new message with signed content */ Message.prototype.sign = function(privateKeys) { var packetlist = new packet.List(); var literalDataPacket = this.packets.findPacket(enums.packet.literal); if (!literalDataPacket) throw new Error('No literal data packet to sign.'); var literalFormat = enums.write(enums.literal, literalDataPacket.format); var signatureType = literalFormat == enums.literal.binary ? enums.signature.binary : enums.signature.text; var i; for (i = 0; i < privateKeys.length; i++) { if (privateKeys[i].isPublic()) { throw new Error('Need private key for signing'); } var onePassSig = new packet.OnePassSignature(); onePassSig.type = signatureType; //TODO get preferred hashg algo from key signature onePassSig.hashAlgorithm = config.prefer_hash_algorithm; var signingKeyPacket = privateKeys[i].getSigningKeyPacket(); if (!signingKeyPacket) { throw new Error('Could not find valid key packet for signing in key ' + privateKeys[i].primaryKey.getKeyId().toHex()); } onePassSig.publicKeyAlgorithm = signingKeyPacket.algorithm; onePassSig.signingKeyId = signingKeyPacket.getKeyId(); packetlist.push(onePassSig); } packetlist.push(literalDataPacket); for (i = privateKeys.length - 1; i >= 0; i--) { var signaturePacket = new packet.Signature(); signaturePacket.signatureType = signatureType; signaturePacket.hashAlgorithm = config.prefer_hash_algorithm; signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; if (!signingKeyPacket.isDecrypted) throw new Error('Private key is not decrypted.'); signaturePacket.sign(signingKeyPacket, literalDataPacket); packetlist.push(signaturePacket); } return new Message(packetlist); }; /** * Verify message signatures * @param {Array} keys array of keys to verify signatures * @return {Array<({keyid: module:type/keyid, valid: Boolean})>} list of signer's keyid and validity of signature */ Message.prototype.verify = function(keys) { var result = []; var msg = this.unwrapCompressed(); var literalDataList = msg.packets.filterByTag(enums.packet.literal); if (literalDataList.length !== 1) throw new Error('Can only verify message with one literal data packet.'); var signatureList = msg.packets.filterByTag(enums.packet.signature); for (var i = 0; i < signatureList.length; i++) { var keyPacket = null; for (var j = 0; j < keys.length; j++) { keyPacket = keys[j].getSigningKeyPacket(signatureList[i].issuerKeyId); if (keyPacket) { break; } } var verifiedSig = {}; if (keyPacket) { verifiedSig.keyid = signatureList[i].issuerKeyId; verifiedSig.valid = signatureList[i].verify(keyPacket, literalDataList[0]); } else { verifiedSig.keyid = signatureList[i].issuerKeyId; verifiedSig.valid = null; } result.push(verifiedSig); } return result; }; /** * Unwrap compressed message * @return {module:message~Message} message Content of compressed message */ Message.prototype.unwrapCompressed = function() { var compressed = this.packets.filterByTag(enums.packet.compressed); if (compressed.length) { return new Message(compressed[0].packets); } else { return this; } }; /** * Returns ASCII armored text of message * @return {String} ASCII armor */ Message.prototype.armor = function() { return armor.encode(enums.armor.message, this.packets.write()); }; /** * reads an OpenPGP armored message and returns a message object * @param {String} armoredText text to be parsed * @return {module:message~Message} new message object * @static */ function readArmored(armoredText) { //TODO how do we want to handle bad text? Exception throwing //TODO don't accept non-message armored texts var input = armor.decode(armoredText).data; var packetlist = new packet.List(); packetlist.read(input); var newMessage = new Message(packetlist); return newMessage; } /** * Create a message object from signed content and a detached armored signature. * @param {String} content An 8 bit ascii string containing e.g. a MIME subtree with text nodes or attachments * @param {String} detachedSignature The detached ascii armored PGP signarure */ function readSignedContent(content, detachedSignature) { var literalDataPacket = new packet.Literal(); literalDataPacket.setBytes(content, enums.read(enums.literal, enums.literal.binary)); var packetlist = new packet.List(); packetlist.push(literalDataPacket); var input = armor.decode(detachedSignature).data; packetlist.read(input); var newMessage = new Message(packetlist); return newMessage; } /** * creates new message object from text * @param {String} text * @return {module:message~Message} new message object * @static */ function fromText(text) { var literalDataPacket = new packet.Literal(); // text will be converted to UTF8 literalDataPacket.setText(text); var literalDataPacketlist = new packet.List(); literalDataPacketlist.push(literalDataPacket); var newMessage = new Message(literalDataPacketlist); return newMessage; } /** * creates new message object from binary data * @param {String} bytes * @return {module:message~Message} new message object * @static */ function fromBinary(bytes) { var literalDataPacket = new packet.Literal(); literalDataPacket.setBytes(bytes, enums.read(enums.literal, enums.literal.binary)); var literalDataPacketlist = new packet.List(); literalDataPacketlist.push(literalDataPacket); var newMessage = new Message(literalDataPacketlist); return newMessage; } exports.Message = Message; exports.readArmored = readArmored; exports.readSignedContent = readSignedContent; exports.fromText = fromText; exports.fromBinary = fromBinary; },{"./config":17,"./crypto":32,"./encoding/armor.js":41,"./enums.js":43,"./key.js":45,"./packet":53}],50:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @fileoverview The openpgp base module should provide all of the functionality * to consume the openpgp.js library. All additional classes are documented * for extending and developing on top of the base library. */ /** * @requires cleartext * @requires config * @requires encoding/armor * @requires enums * @requires message * @requires packet * @module openpgp */ 'use strict'; var armor = require('./encoding/armor.js'), enums = require('./enums.js'), message = require('./message.js'), cleartext = require('./cleartext.js'), key = require('./key.js'), util = require('./util'), AsyncProxy = require('./worker/async_proxy.js'); if (typeof Promise === 'undefined') { // load ES6 Promises polyfill require('es6-promise').polyfill(); } var asyncProxy = null; // instance of the asyncproxy /** * Set the path for the web worker script and create an instance of the async proxy * @param {String} path relative path to the worker scripts, default: 'openpgp.worker.js' * @param {Object} [options.worker=Object] alternative to path parameter: * web worker initialized with 'openpgp.worker.js' * @return {Boolean} true if worker created successfully */ function initWorker(path, options) { if (options && options.worker || typeof window !== 'undefined' && window.Worker) { options = options || {}; options.config = this.config; asyncProxy = new AsyncProxy(path, options); return true; } else { return false; } } /** * Returns a reference to the async proxy if the worker was initialized with openpgp.initWorker() * @return {module:worker/async_proxy~AsyncProxy|null} the async proxy or null if not initialized */ function getWorker() { return asyncProxy; } /** * Encrypts message text with keys * @param {(Array|module:key~Key)} keys array of keys or single key, used to encrypt the message * @param {String} text message as native JavaScript string * @return {Promise} encrypted ASCII armored message * @static */ function encryptMessage(keys, text) { if (!keys.length) { keys = [keys]; } if (asyncProxy) { return asyncProxy.encryptMessage(keys, text); } return execute(function() { var msg, armored; msg = message.fromText(text); msg = msg.encrypt(keys); armored = armor.encode(enums.armor.message, msg.packets.write()); return armored; }, 'Error encrypting message!'); } /** * Signs message text and encrypts it * @param {(Array|module:key~Key)} publicKeys array of keys or single key, used to encrypt the message * @param {module:key~Key} privateKey private key with decrypted secret key data for signing * @param {String} text message as native JavaScript string * @return {Promise} encrypted ASCII armored message * @static */ function signAndEncryptMessage(publicKeys, privateKey, text) { if (!publicKeys.length) { publicKeys = [publicKeys]; } if (asyncProxy) { return asyncProxy.signAndEncryptMessage(publicKeys, privateKey, text); } return execute(function() { var msg, armored; msg = message.fromText(text); msg = msg.sign([privateKey]); msg = msg.encrypt(publicKeys); armored = armor.encode(enums.armor.message, msg.packets.write()); return armored; }, 'Error signing and encrypting message!'); } /** * Decrypts message * @param {module:key~Key} privateKey private key with decrypted secret key data * @param {module:message~Message} msg the message object with the encrypted data * @return {Promise<(String|null)>} decrypted message as as native JavaScript string * or null if no literal data found * @static */ function decryptMessage(privateKey, msg) { if (asyncProxy) { return asyncProxy.decryptMessage(privateKey, msg); } return execute(function() { msg = msg.decrypt(privateKey); return msg.getText(); }, 'Error decrypting message!'); } /** * Decrypts message and verifies signatures * @param {module:key~Key} privateKey private key with decrypted secret key data * @param {(Array|module:key~Key)} publicKeys array of keys or single key, to verify signatures * @param {module:message~Message} msg the message object with signed and encrypted data * @return {Promise<{text: String, signatures: Array<{keyid: module:type/keyid, valid: Boolean}>}>} * decrypted message as as native JavaScript string * with verified signatures or null if no literal data found * @static */ function decryptAndVerifyMessage(privateKey, publicKeys, msg) { if (!publicKeys.length) { publicKeys = [publicKeys]; } if (asyncProxy) { return asyncProxy.decryptAndVerifyMessage(privateKey, publicKeys, msg); } return execute(function() { var result = {}; msg = msg.decrypt(privateKey); result.text = msg.getText(); if (result.text) { result.signatures = msg.verify(publicKeys); return result; } return null; }, 'Error decrypting and verifying message!'); } /** * Signs a cleartext message * @param {(Array|module:key~Key)} privateKeys array of keys or single key with decrypted secret key data to sign cleartext * @param {String} text cleartext * @return {Promise} ASCII armored message * @static */ function signClearMessage(privateKeys, text) { if (!privateKeys.length) { privateKeys = [privateKeys]; } if (asyncProxy) { return asyncProxy.signClearMessage(privateKeys, text); } return execute(function() { var cleartextMessage = new cleartext.CleartextMessage(text); cleartextMessage.sign(privateKeys); return cleartextMessage.armor(); }, 'Error signing cleartext message!'); } /** * Verifies signatures of cleartext signed message * @param {(Array|module:key~Key)} publicKeys array of keys or single key, to verify signatures * @param {module:cleartext~CleartextMessage} msg cleartext message object with signatures * @return {Promise<{text: String, signatures: Array<{keyid: module:type/keyid, valid: Boolean}>}>} * cleartext with status of verified signatures * @static */ function verifyClearSignedMessage(publicKeys, msg) { if (!publicKeys.length) { publicKeys = [publicKeys]; } if (asyncProxy) { return asyncProxy.verifyClearSignedMessage(publicKeys, msg); } return execute(function() { var result = {}; if (!(msg instanceof cleartext.CleartextMessage)) { throw new Error('Parameter [message] needs to be of type CleartextMessage.'); } result.text = msg.getText(); result.signatures = msg.verify(publicKeys); return result; }, 'Error verifying cleartext signed message!'); } /** * Generates a new OpenPGP key pair. Currently only supports RSA keys. * Primary and subkey will be of same type. * @param {module:enums.publicKey} [options.keyType=module:enums.publicKey.rsa_encrypt_sign] to indicate what type of key to make. * RSA is 1. See {@link http://tools.ietf.org/html/rfc4880#section-9.1} * @param {Integer} options.numBits number of bits for the key creation. (should be 1024+, generally) * @param {String} options.userId assumes already in form of "User Name " * @param {String} options.passphrase The passphrase used to encrypt the resulting private key * @param {Boolean} [options.unlocked=false] The secret part of the generated key is unlocked * @return {Promise} {key: module:key~Key, privateKeyArmored: String, publicKeyArmored: String} * @static */ function generateKeyPair(options) { // use web worker if web crypto apis are not supported if (!util.getWebCrypto() && asyncProxy) { return asyncProxy.generateKeyPair(options); } return key.generate(options).then(function(newKey) { var result = {}; result.key = newKey; result.privateKeyArmored = newKey.armor(); result.publicKeyArmored = newKey.toPublic().armor(); return result; }).catch(function(err) { console.error(err); if (!util.getWebCrypto()) { // js fallback already tried throw new Error('Error generating keypair using js fallback!'); } // fall back to js keygen in a worker console.log('Error generating keypair using native WebCrypto... falling back back to js!'); return asyncProxy.generateKeyPair(options); }).catch(onError.bind(null, 'Error generating keypair!')); } // // helper functions // /** * Command pattern that wraps synchronous code into a promise * @param {function} cmd The synchronous function with a return value * to be wrapped in a promise * @param {String} errMsg A human readable error Message * @return {Promise} The promise wrapped around cmd */ function execute(cmd, errMsg) { // wrap the sync cmd in a promise var promise = new Promise(function(resolve) { var result = cmd(); resolve(result); }); // handler error globally return promise.catch(onError.bind(null, errMsg)); } /** * Global error handler that logs the stack trace and * rethrows a high lvl error message * @param {String} message A human readable high level error Message * @param {Error} error The internal error that caused the failure */ function onError(message, error) { // log the stack trace console.error(error.stack); // rethrow new high level error for api users throw new Error(message); } exports.initWorker = initWorker; exports.getWorker = getWorker; exports.encryptMessage = encryptMessage; exports.signAndEncryptMessage = signAndEncryptMessage; exports.decryptMessage = decryptMessage; exports.decryptAndVerifyMessage = decryptAndVerifyMessage; exports.signClearMessage = signClearMessage; exports.verifyClearSignedMessage = verifyClearSignedMessage; exports.generateKeyPair = generateKeyPair; },{"./cleartext.js":12,"./encoding/armor.js":41,"./enums.js":43,"./key.js":45,"./message.js":49,"./util":74,"./worker/async_proxy.js":75,"es6-promise":2}],51:[function(require,module,exports){ /** * @requires enums * @module packet */ var enums = require('../enums.js'); // This is pretty ugly, but browserify needs to have the requires explicitly written. module.exports = { /** @see module:packet/compressed */ Compressed: require('./compressed.js'), /** @see module:packet/sym_encrypted_integrity_protected */ SymEncryptedIntegrityProtected: require('./sym_encrypted_integrity_protected.js'), /** @see module:packet/public_key_encrypted_session_key */ PublicKeyEncryptedSessionKey: require('./public_key_encrypted_session_key.js'), /** @see module:packet/sym_encrypted_session_key */ SymEncryptedSessionKey: require('./sym_encrypted_session_key.js'), /** @see module:packet/literal */ Literal: require('./literal.js'), /** @see module:packet/public_key */ PublicKey: require('./public_key.js'), /** @see module:packet/symmetrically_encrypted */ SymmetricallyEncrypted: require('./symmetrically_encrypted.js'), /** @see module:packet/marker */ Marker: require('./marker.js'), /** @see module:packet/public_subkey */ PublicSubkey: require('./public_subkey.js'), /** @see module:packet/user_attribute */ UserAttribute: require('./user_attribute.js'), /** @see module:packet/one_pass_signature */ OnePassSignature: require('./one_pass_signature.js'), /** @see module:packet/secret_key */ SecretKey: require('./secret_key.js'), /** @see module:packet/userid */ Userid: require('./userid.js'), /** @see module:packet/secret_subkey */ SecretSubkey: require('./secret_subkey.js'), /** @see module:packet/signature */ Signature: require('./signature.js'), /** @see module:packet/trust */ Trust: require('./trust.js'), /** * Allocate a new packet * @param {String} tag property name from {@link module:enums.packet} * @returns {Object} new packet object with type based on tag */ newPacketFromTag: function (tag) { return new this[packetClassFromTagName(tag)](); }, /** * Allocate a new packet from structured packet clone * See {@link http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#safe-passing-of-structured-data} * @param {Object} packetClone packet clone * @returns {Object} new packet object with data from packet clone */ fromStructuredClone: function(packetClone) { var tagName = enums.read(enums.packet, packetClone.tag) var packet = this.newPacketFromTag(tagName); for (var attr in packetClone) { if (packetClone.hasOwnProperty(attr)) { packet[attr] = packetClone[attr]; } } if (packet.postCloneTypeFix) { packet.postCloneTypeFix(); } return packet; } }; /** * Convert tag name to class name * @param {String} tag property name from {@link module:enums.packet} * @returns {String} */ function packetClassFromTagName(tag) { return tag.substr(0, 1).toUpperCase() + tag.substr(1); } },{"../enums.js":43,"./compressed.js":52,"./literal.js":54,"./marker.js":55,"./one_pass_signature.js":56,"./public_key.js":59,"./public_key_encrypted_session_key.js":60,"./public_subkey.js":61,"./secret_key.js":62,"./secret_subkey.js":63,"./signature.js":64,"./sym_encrypted_integrity_protected.js":65,"./sym_encrypted_session_key.js":66,"./symmetrically_encrypted.js":67,"./trust.js":68,"./user_attribute.js":69,"./userid.js":70}],52:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Compressed Data Packet (Tag 8)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.6|RFC4880 5.6}: The Compressed Data packet contains compressed data. Typically, * this packet is found as the contents of an encrypted packet, or following * a Signature or One-Pass Signature packet, and contains a literal data packet. * @requires compression/zlib * @requires compression/rawinflate * @requires compression/rawdeflate * @requires enums * @requires util * @module packet/compressed */ module.exports = Compressed; var enums = require('../enums.js'), util = require('../util.js'), Zlib = require('../compression/zlib.min.js'), RawInflate = require('../compression/rawinflate.min.js'), RawDeflate = require('../compression/rawdeflate.min.js'); /** * @constructor */ function Compressed() { /** * Packet type * @type {module:enums.packet} */ this.tag = enums.packet.compressed; /** * List of packets * @type {module:packet/packetlist} */ this.packets = null; /** * Compression algorithm * @type {compression} */ this.algorithm = 'zip'; /** * Compressed packet data * @type {String} */ this.compressed = null; } /** * Parsing function for the packet. * @param {String} bytes Payload of a tag 8 packet */ Compressed.prototype.read = function (bytes) { // One octet that gives the algorithm used to compress the packet. this.algorithm = enums.read(enums.compression, bytes.charCodeAt(0)); // Compressed data, which makes up the remainder of the packet. this.compressed = bytes.substr(1); this.decompress(); }; /** * Return the compressed packet. * @return {String} binary compressed packet */ Compressed.prototype.write = function () { if (this.compressed === null) this.compress(); return String.fromCharCode(enums.write(enums.compression, this.algorithm)) + this.compressed; }; /** * Decompression method for decompressing the compressed data * read by read_packet */ Compressed.prototype.decompress = function () { var decompressed; switch (this.algorithm) { case 'uncompressed': decompressed = this.compressed; break; case 'zip': var inflate = new RawInflate.Zlib.RawInflate(util.str2Uint8Array(this.compressed)); decompressed = util.Uint8Array2str(inflate.decompress()); break; case 'zlib': var inflate = new Zlib.Zlib.Inflate(util.str2Uint8Array(this.compressed)); decompressed = util.Uint8Array2str(inflate.decompress()); break; case 'bzip2': // TODO: need to implement this throw new Error('Compression algorithm BZip2 [BZ2] is not implemented.'); default: throw new Error("Compression algorithm unknown :" + this.alogrithm); } this.packets.read(decompressed); }; /** * Compress the packet data (member decompressedData) */ Compressed.prototype.compress = function () { var uncompressed, deflate; uncompressed = this.packets.write(); switch (this.algorithm) { case 'uncompressed': // - Uncompressed this.compressed = uncompressed; break; case 'zip': // - ZIP [RFC1951] deflate = new RawDeflate.Zlib.RawDeflate(util.str2Uint8Array(uncompressed)); this.compressed = util.Uint8Array2str(deflate.compress()); break; case 'zlib': // - ZLIB [RFC1950] deflate = new Zlib.Zlib.Deflate(util.str2Uint8Array(uncompressed)); this.compressed = util.Uint8Array2str(deflate.compress()); break; case 'bzip2': // - BZip2 [BZ2] // TODO: need to implement this throw new Error("Compression algorithm BZip2 [BZ2] is not implemented."); default: throw new Error("Compression algorithm unknown :" + this.type); } }; },{"../compression/rawdeflate.min.js":13,"../compression/rawinflate.min.js":14,"../compression/zlib.min.js":15,"../enums.js":43,"../util.js":74}],53:[function(require,module,exports){ var enums = require('../enums.js'); module.exports = { /** * @name module:packet.List * @see module:packet/packetlist */ List: require('./packetlist.js') }; var packets = require('./all_packets.js'); for (var i in packets) module.exports[i] = packets[i]; },{"../enums.js":43,"./all_packets.js":51,"./packetlist.js":58}],54:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Literal Data Packet (Tag 11)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.9|RFC4880 5.9}: A Literal Data packet contains the body of a message; data that * is not to be further interpreted. * @requires enums * @requires util * @module packet/literal */ module.exports = Literal; var util = require('../util.js'), enums = require('../enums.js'); /** * @constructor */ function Literal() { this.tag = enums.packet.literal; this.format = 'utf8'; // default format for literal data packets this.data = ''; // literal data representation as native JavaScript string or bytes this.date = new Date(); this.filename = 'msg.txt'; } /** * Set the packet data to a javascript native string, end of line * will be normalized to \r\n and by default text is converted to UTF8 * @param {String} text Any native javascript string */ Literal.prototype.setText = function (text) { // normalize EOL to \r\n text = text.replace(/\r/g, '').replace(/\n/g, '\r\n'); // encode UTF8 this.data = this.format == 'utf8' ? util.encode_utf8(text) : text; }; /** * Returns literal data packets as native JavaScript string * with normalized end of line to \n * @return {String} literal data as text */ Literal.prototype.getText = function () { // decode UTF8 var text = util.decode_utf8(this.data); // normalize EOL to \n return text.replace(/\r\n/g, '\n'); }; /** * Set the packet data to value represented by the provided string of bytes. * @param {String} bytes The string of bytes * @param {utf8|binary|text} format The format of the string of bytes */ Literal.prototype.setBytes = function (bytes, format) { this.format = format; this.data = bytes; }; /** * Get the byte sequence representing the literal packet data * @returns {String} A sequence of bytes */ Literal.prototype.getBytes = function () { return this.data; }; /** * Sets the filename of the literal packet data * @param {String} filename Any native javascript string */ Literal.prototype.setFilename = function (filename) { this.filename = filename; }; /** * Get the filename of the literal packet data * @returns {String} filename */ Literal.prototype.getFilename = function() { return this.filename; }; /** * Parsing function for a literal data packet (tag 11). * * @param {String} input Payload of a tag 11 packet * @param {Integer} position * Position to start reading from the input string * @param {Integer} len * Length of the packet or the remaining length of * input at position * @return {module:packet/literal} object representation */ Literal.prototype.read = function (bytes) { // - A one-octet field that describes how the data is formatted. var format = enums.read(enums.literal, bytes.charCodeAt(0)); var filename_len = bytes.charCodeAt(1); this.filename = util.decode_utf8(bytes.substr(2, filename_len)); this.date = util.readDate(bytes.substr(2 + filename_len, 4)); var data = bytes.substring(6 + filename_len); this.setBytes(data, format); }; /** * Creates a string representation of the packet * * @param {String} data The data to be inserted as body * @return {String} string-representation of the packet */ Literal.prototype.write = function () { var filename = util.encode_utf8(this.filename); var data = this.getBytes(); var result = ''; result += String.fromCharCode(enums.write(enums.literal, this.format)); result += String.fromCharCode(filename.length); result += filename; result += util.writeDate(this.date); result += data; return result; }; },{"../enums.js":43,"../util.js":74}],55:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the strange "Marker packet" (Tag 10)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.8|RFC4880 5.8}: An experimental version of PGP used this packet as the Literal * packet, but no released version of PGP generated Literal packets with this * tag. With PGP 5.x, this packet has been reassigned and is reserved for use as * the Marker packet.
*
* Such a packet MUST be ignored when received. * @requires enums * @module packet/marker */ module.exports = Marker; var enums = require('../enums.js'); /** * @constructor */ function Marker() { this.tag = enums.packet.marker; } /** * Parsing function for a literal data packet (tag 10). * * @param {String} input Payload of a tag 10 packet * @param {Integer} position * Position to start reading from the input string * @param {Integer} len * Length of the packet or the remaining length of * input at position * @return {module:packet/marker} Object representation */ Marker.prototype.read = function (bytes) { if (bytes.charCodeAt(0) == 0x50 && // P bytes.charCodeAt(1) == 0x47 && // G bytes.charCodeAt(2) == 0x50) // P return true; // marker packet does not contain "PGP" return false; }; },{"../enums.js":43}],56:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the One-Pass Signature Packets (Tag 4)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.4|RFC4880 5.4}: The One-Pass Signature packet precedes the signed data and contains * enough information to allow the receiver to begin calculating any * hashes needed to verify the signature. It allows the Signature * packet to be placed at the end of the message, so that the signer * can compute the entire signed message in one pass. * @requires enums * @requires type/keyid * @module packet/one_pass_signature */ module.exports = OnePassSignature; var enums = require('../enums.js'), type_keyid = require('../type/keyid.js'); /** * @constructor */ function OnePassSignature() { this.tag = enums.packet.onePassSignature; // The packet type this.version = null; // A one-octet version number. The current version is 3. this.type = null; // A one-octet signature type. Signature types are described in {@link http://tools.ietf.org/html/rfc4880#section-5.2.1|RFC4880 Section 5.2.1}. this.hashAlgorithm = null; // A one-octet number describing the hash algorithm used. (See {@link http://tools.ietf.org/html/rfc4880#section-9.4|RFC4880 9.4}) this.publicKeyAlgorithm = null; // A one-octet number describing the public-key algorithm used. (See {@link http://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1}) this.signingKeyId = null; // An eight-octet number holding the Key ID of the signing key. this.flags = null; // A one-octet number holding a flag showing whether the signature is nested. A zero value indicates that the next packet is another One-Pass Signature packet that describes another signature to be applied to the same message data. } /** * parsing function for a one-pass signature packet (tag 4). * @param {String} bytes payload of a tag 4 packet * @return {module:packet/one_pass_signature} object representation */ OnePassSignature.prototype.read = function (bytes) { var mypos = 0; // A one-octet version number. The current version is 3. this.version = bytes.charCodeAt(mypos++); // A one-octet signature type. Signature types are described in // Section 5.2.1. this.type = enums.read(enums.signature, bytes.charCodeAt(mypos++)); // A one-octet number describing the hash algorithm used. this.hashAlgorithm = enums.read(enums.hash, bytes.charCodeAt(mypos++)); // A one-octet number describing the public-key algorithm used. this.publicKeyAlgorithm = enums.read(enums.publicKey, bytes.charCodeAt(mypos++)); // An eight-octet number holding the Key ID of the signing key. this.signingKeyId = new type_keyid(); this.signingKeyId.read(bytes.substr(mypos)); mypos += 8; // A one-octet number holding a flag showing whether the signature // is nested. A zero value indicates that the next packet is // another One-Pass Signature packet that describes another // signature to be applied to the same message data. this.flags = bytes.charCodeAt(mypos++); return this; }; /** * creates a string representation of a one-pass signature packet * @return {String} a string representation of a one-pass signature packet */ OnePassSignature.prototype.write = function () { var result = ""; result += String.fromCharCode(3); result += String.fromCharCode(enums.write(enums.signature, this.type)); result += String.fromCharCode(enums.write(enums.hash, this.hashAlgorithm)); result += String.fromCharCode(enums.write(enums.publicKey, this.publicKeyAlgorithm)); result += this.signingKeyId.write(); result += String.fromCharCode(this.flags); return result; }; /** * Fix custom types after cloning */ OnePassSignature.prototype.postCloneTypeFix = function() { this.signingKeyId = type_keyid.fromClone(this.signingKeyId); }; },{"../enums.js":43,"../type/keyid.js":71}],57:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires enums * @requires util * @module packet/packet */ var enums = require('../enums.js'), util = require('../util.js'); module.exports = { readSimpleLength: function(bytes) { var len = 0, offset, type = bytes.charCodeAt(0); if (type < 192) { len = bytes.charCodeAt(0); offset = 1; } else if (type < 255) { len = ((bytes.charCodeAt(0) - 192) << 8) + (bytes.charCodeAt(1)) + 192; offset = 2; } else if (type == 255) { len = util.readNumber(bytes.substr(1, 4)); offset = 5; } return { len: len, offset: offset }; }, /** * Encodes a given integer of length to the openpgp length specifier to a * string * * @param {Integer} length The length to encode * @return {String} String with openpgp length representation */ writeSimpleLength: function(length) { var result = ""; if (length < 192) { result += String.fromCharCode(length); } else if (length > 191 && length < 8384) { /* * let a = (total data packet length) - 192 let bc = two octet * representation of a let d = b + 192 */ result += String.fromCharCode(((length - 192) >> 8) + 192); result += String.fromCharCode((length - 192) & 0xFF); } else { result += String.fromCharCode(255); result += util.writeNumber(length, 4); } return result; }, /** * Writes a packet header version 4 with the given tag_type and length to a * string * * @param {Integer} tag_type Tag type * @param {Integer} length Length of the payload * @return {String} String of the header */ writeHeader: function(tag_type, length) { /* we're only generating v4 packet headers here */ var result = ""; result += String.fromCharCode(0xC0 | tag_type); result += this.writeSimpleLength(length); return result; }, /** * Writes a packet header Version 3 with the given tag_type and length to a * string * * @param {Integer} tag_type Tag type * @param {Integer} length Length of the payload * @return {String} String of the header */ writeOldHeader: function(tag_type, length) { var result = ""; if (length < 256) { result += String.fromCharCode(0x80 | (tag_type << 2)); result += String.fromCharCode(length); } else if (length < 65536) { result += String.fromCharCode(0x80 | (tag_type << 2) | 1); result += util.writeNumber(length, 2); } else { result += String.fromCharCode(0x80 | (tag_type << 2) | 2); result += util.writeNumber(length, 4); } return result; }, /** * Generic static Packet Parser function * * @param {String} input Input stream as string * @param {integer} position Position to start parsing * @param {integer} len Length of the input from position on * @return {Object} Returns a parsed module:packet/packet */ read: function(input, position, len) { // some sanity checks if (input === null || input.length <= position || input.substring(position).length < 2 || (input.charCodeAt(position) & 0x80) === 0) { throw new Error("Error during parsing. This message / key is probably not containing a valid OpenPGP format."); } var mypos = position; var tag = -1; var format = -1; var packet_length; format = 0; // 0 = old format; 1 = new format if ((input.charCodeAt(mypos) & 0x40) !== 0) { format = 1; } var packet_length_type; if (format) { // new format header tag = input.charCodeAt(mypos) & 0x3F; // bit 5-0 } else { // old format header tag = (input.charCodeAt(mypos) & 0x3F) >> 2; // bit 5-2 packet_length_type = input.charCodeAt(mypos) & 0x03; // bit 1-0 } // header octet parsing done mypos++; // parsed length from length field var bodydata = null; // used for partial body lengths var real_packet_length = -1; if (!format) { // 4.2.1. Old Format Packet Lengths switch (packet_length_type) { case 0: // The packet has a one-octet length. The header is 2 octets // long. packet_length = input.charCodeAt(mypos++); break; case 1: // The packet has a two-octet length. The header is 3 octets // long. packet_length = (input.charCodeAt(mypos++) << 8) | input.charCodeAt(mypos++); break; case 2: // The packet has a four-octet length. The header is 5 // octets long. packet_length = (input.charCodeAt(mypos++) << 24) | (input.charCodeAt(mypos++) << 16) | (input.charCodeAt(mypos++) << 8) | input.charCodeAt(mypos++); break; default: // 3 - The packet is of indeterminate length. The header is 1 // octet long, and the implementation must determine how long // the packet is. If the packet is in a file, this means that // the packet extends until the end of the file. In general, // an implementation SHOULD NOT use indeterminate-length // packets except where the end of the data will be clear // from the context, and even then it is better to use a // definite length, or a new format header. The new format // headers described below have a mechanism for precisely // encoding data of indeterminate length. packet_length = len; break; } } else // 4.2.2. New Format Packet Lengths { // 4.2.2.1. One-Octet Lengths if (input.charCodeAt(mypos) < 192) { packet_length = input.charCodeAt(mypos++); util.print_debug("1 byte length:" + packet_length); // 4.2.2.2. Two-Octet Lengths } else if (input.charCodeAt(mypos) >= 192 && input.charCodeAt(mypos) < 224) { packet_length = ((input.charCodeAt(mypos++) - 192) << 8) + (input.charCodeAt(mypos++)) + 192; util.print_debug("2 byte length:" + packet_length); // 4.2.2.4. Partial Body Lengths } else if (input.charCodeAt(mypos) > 223 && input.charCodeAt(mypos) < 255) { packet_length = 1 << (input.charCodeAt(mypos++) & 0x1F); util.print_debug("4 byte length:" + packet_length); // EEEK, we're reading the full data here... var mypos2 = mypos + packet_length; bodydata = input.substring(mypos, mypos + packet_length); var tmplen; while (true) { if (input.charCodeAt(mypos2) < 192) { tmplen = input.charCodeAt(mypos2++); packet_length += tmplen; bodydata += input.substring(mypos2, mypos2 + tmplen); mypos2 += tmplen; break; } else if (input.charCodeAt(mypos2) >= 192 && input.charCodeAt(mypos2) < 224) { tmplen = ((input.charCodeAt(mypos2++) - 192) << 8) + (input.charCodeAt(mypos2++)) + 192; packet_length += tmplen; bodydata += input.substring(mypos2, mypos2 + tmplen); mypos2 += tmplen; break; } else if (input.charCodeAt(mypos2) > 223 && input.charCodeAt(mypos2) < 255) { tmplen = 1 << (input.charCodeAt(mypos2++) & 0x1F); packet_length += tmplen; bodydata += input.substring(mypos2, mypos2 + tmplen); mypos2 += tmplen; } else { mypos2++; tmplen = (input.charCodeAt(mypos2++) << 24) | (input.charCodeAt(mypos2++) << 16) | (input .charCodeAt(mypos2++) << 8) | input.charCodeAt(mypos2++); bodydata += input.substring(mypos2, mypos2 + tmplen); packet_length += tmplen; mypos2 += tmplen; break; } } real_packet_length = mypos2 - mypos; // 4.2.2.3. Five-Octet Lengths } else { mypos++; packet_length = (input.charCodeAt(mypos++) << 24) | (input.charCodeAt(mypos++) << 16) | (input.charCodeAt(mypos++) << 8) | input.charCodeAt(mypos++); } } // if there was'nt a partial body length: use the specified // packet_length if (real_packet_length == -1) { real_packet_length = packet_length; } if (bodydata === null) { bodydata = input.substring(mypos, mypos + real_packet_length); } return { tag: tag, packet: bodydata, offset: mypos + real_packet_length }; } }; },{"../enums.js":43,"../util.js":74}],58:[function(require,module,exports){ /** * This class represents a list of openpgp packets. * Take care when iterating over it - the packets themselves * are stored as numerical indices. * @requires enums * @requires packet * @requires packet/packet * @module packet/packetlist */ module.exports = Packetlist; var packetParser = require('./packet.js'), packets = require('./all_packets.js'), enums = require('../enums.js'); /** * @constructor */ function Packetlist() { /** The number of packets contained within the list. * @readonly * @type {Integer} */ this.length = 0; } /** * Reads a stream of binary data and interprents it as a list of packets. * @param {String} A binary string of bytes. */ Packetlist.prototype.read = function (bytes) { var i = 0; while (i < bytes.length) { var parsed = packetParser.read(bytes, i, bytes.length - i); i = parsed.offset; var tag = enums.read(enums.packet, parsed.tag); var packet = packets.newPacketFromTag(tag); this.push(packet); packet.read(parsed.packet); } }; /** * Creates a binary representation of openpgp objects contained within the * class instance. * @returns {String} A binary string of bytes containing valid openpgp packets. */ Packetlist.prototype.write = function () { var bytes = ''; for (var i = 0; i < this.length; i++) { var packetbytes = this[i].write(); bytes += packetParser.writeHeader(this[i].tag, packetbytes.length); bytes += packetbytes; } return bytes; }; /** * Adds a packet to the list. This is the only supported method of doing so; * writing to packetlist[i] directly will result in an error. */ Packetlist.prototype.push = function (packet) { if (!packet) return; packet.packets = packet.packets || new Packetlist(); this[this.length] = packet; this.length++; }; /** * Creates a new PacketList with all packets that pass the test implemented by the provided function. */ Packetlist.prototype.filter = function (callback) { var filtered = new Packetlist(); for (var i = 0; i < this.length; i++) { if (callback(this[i], i, this)) { filtered.push(this[i]); } } return filtered; }; /** * Creates a new PacketList with all packets from the given types */ Packetlist.prototype.filterByTag = function () { var args = Array.prototype.slice.call(arguments); var filtered = new Packetlist(); var that = this; for (var i = 0; i < this.length; i++) { if (args.some(function(packetType) {return that[i].tag == packetType;})) { filtered.push(this[i]); } } return filtered; }; /** * Executes the provided callback once for each element */ Packetlist.prototype.forEach = function (callback) { for (var i = 0; i < this.length; i++) { callback(this[i]); } }; /** * Traverses packet tree and returns first matching packet * @param {module:enums.packet} type The packet type * @return {module:packet/packet|null} */ Packetlist.prototype.findPacket = function (type) { var packetlist = this.filterByTag(type); if (packetlist.length) { return packetlist[0]; } else { var found = null; for (var i = 0; i < this.length; i++) { if (this[i].packets.length) { found = this[i].packets.findPacket(type); if (found) return found; } } } return null; }; /** * Returns array of found indices by tag */ Packetlist.prototype.indexOfTag = function () { var args = Array.prototype.slice.call(arguments); var tagIndex = []; var that = this; for (var i = 0; i < this.length; i++) { if (args.some(function(packetType) {return that[i].tag == packetType;})) { tagIndex.push(i); } } return tagIndex; }; /** * Returns slice of packetlist */ Packetlist.prototype.slice = function (begin, end) { if (!end) { end = this.length; } var part = new Packetlist(); for (var i = begin; i < end; i++) { part.push(this[i]); } return part; }; /** * Concatenates packetlist or array of packets */ Packetlist.prototype.concat = function (packetlist) { if (packetlist) { for (var i = 0; i < packetlist.length; i++) { this.push(packetlist[i]); } } }; /** * Allocate a new packetlist from structured packetlist clone * See {@link http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#safe-passing-of-structured-data} * @param {Object} packetClone packetlist clone * @returns {Object} new packetlist object with data from packetlist clone */ module.exports.fromStructuredClone = function(packetlistClone) { var packetlist = new Packetlist(); for (var i = 0; i < packetlistClone.length; i++) { packetlist.push(packets.fromStructuredClone(packetlistClone[i])); if (packetlist[i].packets.length !== 0) { packetlist[i].packets = this.fromStructuredClone(packetlist[i].packets); } else { packetlist[i].packets = new Packetlist(); } } return packetlist; }; },{"../enums.js":43,"./all_packets.js":51,"./packet.js":57}],59:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Key Material Packet (Tag 5,6,7,14)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: * A key material packet contains all the information about a public or * private key. There are four variants of this packet type, and two * major versions. Consequently, this section is complex. * @requires crypto * @requires enums * @requires type/keyid * @requires type/mpi * @requires util * @module packet/public_key */ module.exports = PublicKey; var util = require('../util.js'), type_mpi = require('../type/mpi.js'), type_keyid = require('../type/keyid.js'), enums = require('../enums.js'), crypto = require('../crypto'); /** * @constructor */ function PublicKey() { this.tag = enums.packet.publicKey; this.version = 4; /** Key creation date. * @type {Date} */ this.created = new Date(); /** A list of multiprecision integers * @type {module:type/mpi} */ this.mpi = []; /** Public key algorithm * @type {module:enums.publicKey} */ this.algorithm = 'rsa_sign'; // time in days (V3 only) this.expirationTimeV3 = 0; /** * Fingerprint in lowercase hex * @type {String} */ this.fingerprint = null; /** * Keyid * @type {module:type/keyid} */ this.keyid = null; } /** * Internal Parser for public keys as specified in {@link http://tools.ietf.org/html/rfc4880#section-5.5.2|RFC 4880 section 5.5.2 Public-Key Packet Formats} * called by read_tag<num> * @param {String} input Input string to read the packet from * @return {Object} This object with attributes set by the parser */ PublicKey.prototype.read = function (bytes) { var pos = 0; // A one-octet version number (3 or 4). this.version = bytes.charCodeAt(pos++); if (this.version == 3 || this.version == 4) { // - A four-octet number denoting the time that the key was created. this.created = util.readDate(bytes.substr(pos, 4)); pos += 4; if (this.version == 3) { // - A two-octet number denoting the time in days that this key is // valid. If this number is zero, then it does not expire. this.expirationTimeV3 = util.readNumber(bytes.substr(pos, 2)); pos += 2; } // - A one-octet number denoting the public-key algorithm of this key. this.algorithm = enums.read(enums.publicKey, bytes.charCodeAt(pos++)); var mpicount = crypto.getPublicMpiCount(this.algorithm); this.mpi = []; var bmpi = bytes.substr(pos); var p = 0; for (var i = 0; i < mpicount && p < bmpi.length; i++) { this.mpi[i] = new type_mpi(); p += this.mpi[i].read(bmpi.substr(p)); if (p > bmpi.length) { throw new Error('Error reading MPI @:' + p); } } return p + 6; } else { throw new Error('Version ' + this.version + ' of the key packet is unsupported.'); } }; /** * Alias of read() * @see module:packet/public_key~PublicKey#read */ PublicKey.prototype.readPublicKey = PublicKey.prototype.read; /** * Same as write_private_key, but has less information because of * public key. * @return {Object} {body: [string]OpenPGP packet body contents, * header: [string] OpenPGP packet header, string: [string] header+body} */ PublicKey.prototype.write = function () { // Version var result = String.fromCharCode(this.version); result += util.writeDate(this.created); if (this.version == 3) { result += util.writeNumber(this.expirationTimeV3, 2); } result += String.fromCharCode(enums.write(enums.publicKey, this.algorithm)); var mpicount = crypto.getPublicMpiCount(this.algorithm); for (var i = 0; i < mpicount; i++) { result += this.mpi[i].write(); } return result; }; /** * Alias of write() * @see module:packet/public_key~PublicKey#write */ PublicKey.prototype.writePublicKey = PublicKey.prototype.write; /** * Write an old version packet - it's used by some of the internal routines. */ PublicKey.prototype.writeOld = function () { var bytes = this.writePublicKey(); return String.fromCharCode(0x99) + util.writeNumber(bytes.length, 2) + bytes; }; /** * Calculates the key id of the key * @return {String} A 8 byte key id */ PublicKey.prototype.getKeyId = function () { if (this.keyid) { return this.keyid; } this.keyid = new type_keyid(); if (this.version == 4) { this.keyid.read(util.hex2bin(this.getFingerprint()).substr(12, 8)); } else if (this.version == 3) { this.keyid.read(this.mpi[0].write().substr(-8)); } return this.keyid; }; /** * Calculates the fingerprint of the key * @return {String} A string containing the fingerprint in lowercase hex */ PublicKey.prototype.getFingerprint = function () { if (this.fingerprint) { return this.fingerprint; } var toHash = ''; if (this.version == 4) { toHash = this.writeOld(); this.fingerprint = crypto.hash.sha1(toHash); } else if (this.version == 3) { var mpicount = crypto.getPublicMpiCount(this.algorithm); for (var i = 0; i < mpicount; i++) { toHash += this.mpi[i].toBytes(); } this.fingerprint = crypto.hash.md5(toHash); } this.fingerprint = util.hexstrdump(this.fingerprint); return this.fingerprint; }; /** * Returns bit size of key * @return {int} Number of bits */ PublicKey.prototype.getBitSize = function () { return this.mpi[0].byteLength() * 8; }; /** * Fix custom types after cloning */ PublicKey.prototype.postCloneTypeFix = function() { for (var i = 0; i < this.mpi.length; i++) { this.mpi[i] = type_mpi.fromClone(this.mpi[i]); } if (this.keyid) { this.keyid = type_keyid.fromClone(this.keyid); } }; },{"../crypto":32,"../enums.js":43,"../type/keyid.js":71,"../type/mpi.js":72,"../util.js":74}],60:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Public-Key Encrypted Session Key Packets (Tag 1)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: A Public-Key Encrypted Session Key packet holds the session key * used to encrypt a message. Zero or more Public-Key Encrypted Session Key * packets and/or Symmetric-Key Encrypted Session Key packets may precede a * Symmetrically Encrypted Data Packet, which holds an encrypted message. The * message is encrypted with the session key, and the session key is itself * encrypted and stored in the Encrypted Session Key packet(s). The * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted * Session Key packet for each OpenPGP key to which the message is encrypted. * The recipient of the message finds a session key that is encrypted to their * public key, decrypts the session key, and then uses the session key to * decrypt the message. * @requires crypto * @requires enums * @requires type/keyid * @requires type/mpi * @requires util * @module packet/public_key_encrypted_session_key */ module.exports = PublicKeyEncryptedSessionKey; var type_keyid = require('../type/keyid.js'), util = require('../util.js'), type_mpi = require('../type/mpi.js'), enums = require('../enums.js'), crypto = require('../crypto'); /** * @constructor */ function PublicKeyEncryptedSessionKey() { this.tag = enums.packet.publicKeyEncryptedSessionKey; this.version = 3; this.publicKeyId = new type_keyid(); this.publicKeyAlgorithm = 'rsa_encrypt'; this.sessionKey = null; this.sessionKeyAlgorithm = 'aes256'; /** @type {Array} */ this.encrypted = []; } /** * Parsing function for a publickey encrypted session key packet (tag 1). * * @param {String} input Payload of a tag 1 packet * @param {Integer} position Position to start reading from the input string * @param {Integer} len Length of the packet or the remaining length of * input at position * @return {module:packet/public_key_encrypted_session_key} Object representation */ PublicKeyEncryptedSessionKey.prototype.read = function (bytes) { this.version = bytes.charCodeAt(0); this.publicKeyId.read(bytes.substr(1)); this.publicKeyAlgorithm = enums.read(enums.publicKey, bytes.charCodeAt(9)); var i = 10; var integerCount = (function(algo) { switch (algo) { case 'rsa_encrypt': case 'rsa_encrypt_sign': return 1; case 'elgamal': return 2; default: throw new Error("Invalid algorithm."); } })(this.publicKeyAlgorithm); this.encrypted = []; for (var j = 0; j < integerCount; j++) { var mpi = new type_mpi(); i += mpi.read(bytes.substr(i)); this.encrypted.push(mpi); } }; /** * Create a string representation of a tag 1 packet * * @param {String} publicKeyId * The public key id corresponding to publicMPIs key as string * @param {Array} publicMPIs * Multiprecision integer objects describing the public key * @param {module:enums.publicKey} pubalgo * The corresponding public key algorithm // See {@link http://tools.ietf.org/html/rfc4880#section-9.1|RFC4880 9.1} * @param {module:enums.symmetric} symmalgo * The symmetric cipher algorithm used to encrypt the data * within an encrypteddatapacket or encryptedintegrity- * protecteddatapacket * following this packet //See {@link http://tools.ietf.org/html/rfc4880#section-9.2|RFC4880 9.2} * @param {String} sessionkey * A string of randombytes representing the session key * @return {String} The string representation */ PublicKeyEncryptedSessionKey.prototype.write = function () { var result = String.fromCharCode(this.version); result += this.publicKeyId.write(); result += String.fromCharCode( enums.write(enums.publicKey, this.publicKeyAlgorithm)); for (var i = 0; i < this.encrypted.length; i++) { result += this.encrypted[i].write(); } return result; }; PublicKeyEncryptedSessionKey.prototype.encrypt = function (key) { var data = String.fromCharCode( enums.write(enums.symmetric, this.sessionKeyAlgorithm)); data += this.sessionKey; var checksum = util.calc_checksum(this.sessionKey); data += util.writeNumber(checksum, 2); var mpi = new type_mpi(); mpi.fromBytes(crypto.pkcs1.eme.encode( data, key.mpi[0].byteLength())); this.encrypted = crypto.publicKeyEncrypt( this.publicKeyAlgorithm, key.mpi, mpi); }; /** * Decrypts the session key (only for public key encrypted session key * packets (tag 1) * * @param {module:packet/secret_key} key * Private key with secMPIs unlocked * @return {String} The unencrypted session key */ PublicKeyEncryptedSessionKey.prototype.decrypt = function (key) { var result = crypto.publicKeyDecrypt( this.publicKeyAlgorithm, key.mpi, this.encrypted).toBytes(); var checksum = util.readNumber(result.substr(result.length - 2)); var decoded = crypto.pkcs1.eme.decode(result); key = decoded.substring(1, decoded.length - 2); if (checksum != util.calc_checksum(key)) { throw new Error('Checksum mismatch'); } else { this.sessionKey = key; this.sessionKeyAlgorithm = enums.read(enums.symmetric, decoded.charCodeAt(0)); } }; /** * Fix custom types after cloning */ PublicKeyEncryptedSessionKey.prototype.postCloneTypeFix = function() { this.publicKeyId = type_keyid.fromClone(this.publicKeyId); for (var i = 0; i < this.encrypted.length; i++) { this.encrypted[i] = type_mpi.fromClone(this.encrypted[i]); } }; },{"../crypto":32,"../enums.js":43,"../type/keyid.js":71,"../type/mpi.js":72,"../util.js":74}],61:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires packet/public_key * @requires enums * @module packet/public_subkey */ module.exports = PublicSubkey; var publicKey = require('./public_key.js'), enums = require('../enums.js'); /** * @constructor * @extends module:packet/public_key */ function PublicSubkey() { publicKey.call(this); this.tag = enums.packet.publicSubkey; } PublicSubkey.prototype = new publicKey(); PublicSubkey.prototype.constructor = PublicSubkey; },{"../enums.js":43,"./public_key.js":59}],62:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Key Material Packet (Tag 5,6,7,14)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.5|RFC4480 5.5}: * A key material packet contains all the information about a public or * private key. There are four variants of this packet type, and two * major versions. Consequently, this section is complex. * @requires crypto * @requires enums * @requires packet/public_key * @requires type/mpi * @requires type/s2k * @requires util * @module packet/secret_key */ module.exports = SecretKey; var publicKey = require('./public_key.js'), enums = require('../enums.js'), util = require('../util.js'), crypto = require('../crypto'), type_mpi = require('../type/mpi.js'), type_s2k = require('../type/s2k.js'); /** * @constructor * @extends module:packet/public_key */ function SecretKey() { publicKey.call(this); this.tag = enums.packet.secretKey; // encrypted secret-key data this.encrypted = null; // indicator if secret-key data is available in decrypted form this.isDecrypted = false; } SecretKey.prototype = new publicKey(); SecretKey.prototype.constructor = SecretKey; function get_hash_len(hash) { if (hash == 'sha1') return 20; else return 2; } function get_hash_fn(hash) { if (hash == 'sha1') return crypto.hash.sha1; else return function(c) { return util.writeNumber(util.calc_checksum(c), 2); }; } // Helper function function parse_cleartext_mpi(hash_algorithm, cleartext, algorithm) { var hashlen = get_hash_len(hash_algorithm), hashfn = get_hash_fn(hash_algorithm); var hashtext = cleartext.substr(cleartext.length - hashlen); cleartext = cleartext.substr(0, cleartext.length - hashlen); var hash = hashfn(cleartext); if (hash != hashtext) return new Error("Hash mismatch."); var mpis = crypto.getPrivateMpiCount(algorithm); var j = 0; var mpi = []; for (var i = 0; i < mpis && j < cleartext.length; i++) { mpi[i] = new type_mpi(); j += mpi[i].read(cleartext.substr(j)); } return mpi; } function write_cleartext_mpi(hash_algorithm, algorithm, mpi) { var bytes = ''; var discard = crypto.getPublicMpiCount(algorithm); for (var i = discard; i < mpi.length; i++) { bytes += mpi[i].write(); } bytes += get_hash_fn(hash_algorithm)(bytes); return bytes; } // 5.5.3. Secret-Key Packet Formats /** * Internal parser for private keys as specified in {@link http://tools.ietf.org/html/rfc4880#section-5.5.3|RFC 4880 section 5.5.3} * @param {String} bytes Input string to read the packet from */ SecretKey.prototype.read = function (bytes) { // - A Public-Key or Public-Subkey packet, as described above. var len = this.readPublicKey(bytes); bytes = bytes.substr(len); // - One octet indicating string-to-key usage conventions. Zero // indicates that the secret-key data is not encrypted. 255 or 254 // indicates that a string-to-key specifier is being given. Any // other value is a symmetric-key encryption algorithm identifier. var isEncrypted = bytes.charCodeAt(0); if (isEncrypted) { this.encrypted = bytes; } else { // - Plain or encrypted multiprecision integers comprising the secret // key data. These algorithm-specific fields are as described // below. var parsedMPI = parse_cleartext_mpi('mod', bytes.substr(1), this.algorithm); if (parsedMPI instanceof Error) throw parsedMPI; this.mpi = this.mpi.concat(parsedMPI); this.isDecrypted = true; } }; /** Creates an OpenPGP key packet for the given key. * @return {String} A string of bytes containing the secret key OpenPGP packet */ SecretKey.prototype.write = function () { var bytes = this.writePublicKey(); if (!this.encrypted) { bytes += String.fromCharCode(0); bytes += write_cleartext_mpi('mod', this.algorithm, this.mpi); } else { bytes += this.encrypted; } return bytes; }; /** Encrypt the payload. By default, we use aes256 and iterated, salted string * to key specifier. If the key is in a decrypted state (isDecrypted == true) * and the passphrase is empty or undefined, the key will be set as not encrypted. * This can be used to remove passphrase protection after calling decrypt(). * @param {String} passphrase */ SecretKey.prototype.encrypt = function (passphrase) { if (this.isDecrypted && !passphrase) { this.encrypted = null; return; } else if (!passphrase) { throw new Error('The key must be decrypted before removing passphrase protection.'); } var s2k = new type_s2k(), symmetric = 'aes256', cleartext = write_cleartext_mpi('sha1', this.algorithm, this.mpi), key = produceEncryptionKey(s2k, passphrase, symmetric), blockLen = crypto.cipher[symmetric].blockSize, iv = crypto.random.getRandomBytes(blockLen); this.encrypted = ''; this.encrypted += String.fromCharCode(254); this.encrypted += String.fromCharCode(enums.write(enums.symmetric, symmetric)); this.encrypted += s2k.write(); this.encrypted += iv; this.encrypted += crypto.cfb.normalEncrypt(symmetric, key, cleartext, iv); }; function produceEncryptionKey(s2k, passphrase, algorithm) { return s2k.produce_key(passphrase, crypto.cipher[algorithm].keySize); } /** * Decrypts the private key MPIs which are needed to use the key. * @link module:packet/secret_key.isDecrypted should be * false otherwise a call to this function is not needed * * @param {String} str_passphrase The passphrase for this private key * as string * @return {Boolean} True if the passphrase was correct or MPI already * decrypted; false if not */ SecretKey.prototype.decrypt = function (passphrase) { if (this.isDecrypted) return true; var i = 0, symmetric, key; var s2k_usage = this.encrypted.charCodeAt(i++); // - [Optional] If string-to-key usage octet was 255 or 254, a one- // octet symmetric encryption algorithm. if (s2k_usage == 255 || s2k_usage == 254) { symmetric = this.encrypted.charCodeAt(i++); symmetric = enums.read(enums.symmetric, symmetric); // - [Optional] If string-to-key usage octet was 255 or 254, a // string-to-key specifier. The length of the string-to-key // specifier is implied by its type, as described above. var s2k = new type_s2k(); i += s2k.read(this.encrypted.substr(i)); key = produceEncryptionKey(s2k, passphrase, symmetric); } else { symmetric = s2k_usage; symmetric = enums.read(enums.symmetric, symmetric); key = crypto.hash.md5(passphrase); } // - [Optional] If secret data is encrypted (string-to-key usage octet // not zero), an Initial Vector (IV) of the same length as the // cipher's block size. var iv = this.encrypted.substr(i, crypto.cipher[symmetric].blockSize); i += iv.length; var cleartext, ciphertext = this.encrypted.substr(i); cleartext = crypto.cfb.normalDecrypt(symmetric, key, ciphertext, iv); var hash = s2k_usage == 254 ? 'sha1' : 'mod'; var parsedMPI = parse_cleartext_mpi(hash, cleartext, this.algorithm); if (parsedMPI instanceof Error) { return false; } this.mpi = this.mpi.concat(parsedMPI); this.isDecrypted = true; return true; }; SecretKey.prototype.generate = function (bits) { var self = this; return crypto.generateMpi(self.algorithm, bits).then(function(mpi) { self.mpi = mpi; self.isDecrypted = true; }); }; /** * Clear private MPIs, return to initial state */ SecretKey.prototype.clearPrivateMPIs = function () { if (!this.encrypted) { throw new Error('If secret key is not encrypted, clearing private MPIs is irreversible.'); } this.mpi = this.mpi.slice(0, crypto.getPublicMpiCount(this.algorithm)); this.isDecrypted = false; }; },{"../crypto":32,"../enums.js":43,"../type/mpi.js":72,"../type/s2k.js":73,"../util.js":74,"./public_key.js":59}],63:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires packet/secret_key * @requires enums * @module packet/secret_subkey */ module.exports = SecretSubkey; var secretKey = require('./secret_key.js'), enums = require('../enums.js'); /** * @constructor * @extends module:packet/secret_key */ function SecretSubkey() { secretKey.call(this); this.tag = enums.packet.secretSubkey; } SecretSubkey.prototype = new secretKey(); SecretSubkey.prototype.constructor = SecretSubkey; },{"../enums.js":43,"./secret_key.js":62}],64:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Signature Packet (Tag 2)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.2|RFC4480 5.2}: * A Signature packet describes a binding between some public key and * some data. The most common signatures are a signature of a file or a * block of text, and a signature that is a certification of a User ID. * @requires crypto * @requires enums * @requires packet/packet * @requires type/keyid * @requires type/mpi * @requires util * @module packet/signature */ module.exports = Signature; var util = require('../util.js'), packet = require('./packet.js'), enums = require('../enums.js'), crypto = require('../crypto'), type_mpi = require('../type/mpi.js'), type_keyid = require('../type/keyid.js'); /** * @constructor */ function Signature() { this.tag = enums.packet.signature; this.version = 4; this.signatureType = null; this.hashAlgorithm = null; this.publicKeyAlgorithm = null; this.signatureData = null; this.unhashedSubpackets = null; this.signedHashValue = null; this.created = new Date(); this.signatureExpirationTime = null; this.signatureNeverExpires = true; this.exportable = null; this.trustLevel = null; this.trustAmount = null; this.regularExpression = null; this.revocable = null; this.keyExpirationTime = null; this.keyNeverExpires = null; this.preferredSymmetricAlgorithms = null; this.revocationKeyClass = null; this.revocationKeyAlgorithm = null; this.revocationKeyFingerprint = null; this.issuerKeyId = new type_keyid(); this.notation = null; this.preferredHashAlgorithms = null; this.preferredCompressionAlgorithms = null; this.keyServerPreferences = null; this.preferredKeyServer = null; this.isPrimaryUserID = null; this.policyURI = null; this.keyFlags = null; this.signersUserId = null; this.reasonForRevocationFlag = null; this.reasonForRevocationString = null; this.features = null; this.signatureTargetPublicKeyAlgorithm = null; this.signatureTargetHashAlgorithm = null; this.signatureTargetHash = null; this.embeddedSignature = null; this.verified = false; } /** * parsing function for a signature packet (tag 2). * @param {String} bytes payload of a tag 2 packet * @param {Integer} position position to start reading from the bytes string * @param {Integer} len length of the packet or the remaining length of bytes at position * @return {module:packet/signature} object representation */ Signature.prototype.read = function (bytes) { var i = 0; this.version = bytes.charCodeAt(i++); // switch on version (3 and 4) switch (this.version) { case 3: // One-octet length of following hashed material. MUST be 5. if (bytes.charCodeAt(i++) != 5) util.print_debug("packet/signature.js\n" + 'invalid One-octet length of following hashed material.' + 'MUST be 5. @:' + (i - 1)); var sigpos = i; // One-octet signature type. this.signatureType = bytes.charCodeAt(i++); // Four-octet creation time. this.created = util.readDate(bytes.substr(i, 4)); i += 4; // storing data appended to data which gets verified this.signatureData = bytes.substring(sigpos, i); // Eight-octet Key ID of signer. this.issuerKeyId.read(bytes.substring(i, i + 8)); i += 8; // One-octet public-key algorithm. this.publicKeyAlgorithm = bytes.charCodeAt(i++); // One-octet hash algorithm. this.hashAlgorithm = bytes.charCodeAt(i++); break; case 4: this.signatureType = bytes.charCodeAt(i++); this.publicKeyAlgorithm = bytes.charCodeAt(i++); this.hashAlgorithm = bytes.charCodeAt(i++); function subpackets(bytes) { // Two-octet scalar octet count for following subpacket data. var subpacket_length = util.readNumber( bytes.substr(0, 2)); var i = 2; // subpacket data set (zero or more subpackets) var subpacked_read = 0; while (i < 2 + subpacket_length) { var len = packet.readSimpleLength(bytes.substr(i)); i += len.offset; this.read_sub_packet(bytes.substr(i, len.len)); i += len.len; } return i; } // hashed subpackets i += subpackets.call(this, bytes.substr(i), true); // A V4 signature hashes the packet body // starting from its first field, the version number, through the end // of the hashed subpacket data. Thus, the fields hashed are the // signature version, the signature type, the public-key algorithm, the // hash algorithm, the hashed subpacket length, and the hashed // subpacket body. this.signatureData = bytes.substr(0, i); var sigDataLength = i; // unhashed subpackets i += subpackets.call(this, bytes.substr(i), false); this.unhashedSubpackets = bytes.substr(sigDataLength, i - sigDataLength); break; default: throw new Error('Version ' + this.version + ' of the signature is unsupported.'); } // Two-octet field holding left 16 bits of signed hash value. this.signedHashValue = bytes.substr(i, 2); i += 2; this.signature = bytes.substr(i); }; Signature.prototype.write = function () { var result = ''; switch (this.version) { case 3: result += String.fromCharCode(3); // version result += String.fromCharCode(5); // One-octet length of following hashed material. MUST be 5 result += this.signatureData; result += this.issuerKeyId.write(); result += String.fromCharCode(this.publicKeyAlgorithm); result += String.fromCharCode(this.hashAlgorithm); break; case 4: result += this.signatureData; result += this.unhashedSubpackets ? this.unhashedSubpackets : util.writeNumber(0, 2); break; } result += this.signedHashValue + this.signature; return result; }; /** * Signs provided data. This needs to be done prior to serialization. * @param {module:packet/secret_key} key private key used to sign the message. * @param {Object} data Contains packets to be signed. */ Signature.prototype.sign = function (key, data) { var signatureType = enums.write(enums.signature, this.signatureType), publicKeyAlgorithm = enums.write(enums.publicKey, this.publicKeyAlgorithm), hashAlgorithm = enums.write(enums.hash, this.hashAlgorithm); var result = String.fromCharCode(4); result += String.fromCharCode(signatureType); result += String.fromCharCode(publicKeyAlgorithm); result += String.fromCharCode(hashAlgorithm); this.issuerKeyId = key.getKeyId(); // Add hashed subpackets result += this.write_all_sub_packets(); this.signatureData = result; var trailer = this.calculateTrailer(); var toHash = this.toSign(signatureType, data) + this.signatureData + trailer; var hash = crypto.hash.digest(hashAlgorithm, toHash); this.signedHashValue = hash.substr(0, 2); this.signature = crypto.signature.sign(hashAlgorithm, publicKeyAlgorithm, key.mpi, toHash); }; /** * Creates string of bytes with all subpacket data * @return {String} a string-representation of a all subpacket data */ Signature.prototype.write_all_sub_packets = function () { var sub = enums.signatureSubpacket; var result = ''; var bytes = ''; if (this.created !== null) { result += write_sub_packet(sub.signature_creation_time, util.writeDate(this.created)); } if (this.signatureExpirationTime !== null) { result += write_sub_packet(sub.signature_expiration_time, util.writeNumber(this.signatureExpirationTime, 4)); } if (this.exportable !== null) { result += write_sub_packet(sub.exportable_certification, String.fromCharCode(this.exportable ? 1 : 0)); } if (this.trustLevel !== null) { bytes = String.fromCharCode(this.trustLevel) + String.fromCharCode(this.trustAmount); result += write_sub_packet(sub.trust_signature, bytes); } if (this.regularExpression !== null) { result += write_sub_packet(sub.regular_expression, this.regularExpression); } if (this.revocable !== null) { result += write_sub_packet(sub.revocable, String.fromCharCode(this.revocable ? 1 : 0)); } if (this.keyExpirationTime !== null) { result += write_sub_packet(sub.key_expiration_time, util.writeNumber(this.keyExpirationTime, 4)); } if (this.preferredSymmetricAlgorithms !== null) { bytes = util.bin2str(this.preferredSymmetricAlgorithms); result += write_sub_packet(sub.preferred_symmetric_algorithms, bytes); } if (this.revocationKeyClass !== null) { bytes = String.fromCharCode(this.revocationKeyClass); bytes += String.fromCharCode(this.revocationKeyAlgorithm); bytes += this.revocationKeyFingerprint; result += write_sub_packet(sub.revocation_key, bytes); } if (!this.issuerKeyId.isNull()) { result += write_sub_packet(sub.issuer, this.issuerKeyId.write()); } if (this.notation !== null) { for (var name in this.notation) { if (this.notation.hasOwnProperty(name)) { var value = this.notation[name]; bytes = String.fromCharCode(0x80); bytes += String.fromCharCode(0); bytes += String.fromCharCode(0); bytes += String.fromCharCode(0); // 2 octets of name length bytes += util.writeNumber(name.length, 2); // 2 octets of value length bytes += util.writeNumber(value.length, 2); bytes += name + value; result += write_sub_packet(sub.notation_data, bytes); } } } if (this.preferredHashAlgorithms !== null) { bytes = util.bin2str(this.preferredHashAlgorithms); result += write_sub_packet(sub.preferred_hash_algorithms, bytes); } if (this.preferredCompressionAlgorithms !== null) { bytes = util.bin2str(this.preferredCompressionAlgorithms); result += write_sub_packet(sub.preferred_compression_algorithms, bytes); } if (this.keyServerPreferences !== null) { bytes = util.bin2str(this.keyServerPreferences); result += write_sub_packet(sub.key_server_preferences, bytes); } if (this.preferredKeyServer !== null) { result += write_sub_packet(sub.preferred_key_server, this.preferredKeyServer); } if (this.isPrimaryUserID !== null) { result += write_sub_packet(sub.primary_user_id, String.fromCharCode(this.isPrimaryUserID ? 1 : 0)); } if (this.policyURI !== null) { result += write_sub_packet(sub.policy_uri, this.policyURI); } if (this.keyFlags !== null) { bytes = util.bin2str(this.keyFlags); result += write_sub_packet(sub.key_flags, bytes); } if (this.signersUserId !== null) { result += write_sub_packet(sub.signers_user_id, this.signersUserId); } if (this.reasonForRevocationFlag !== null) { bytes = String.fromCharCode(this.reasonForRevocationFlag); bytes += this.reasonForRevocationString; result += write_sub_packet(sub.reason_for_revocation, bytes); } if (this.features !== null) { bytes = util.bin2str(this.features); result += write_sub_packet(sub.features, bytes); } if (this.signatureTargetPublicKeyAlgorithm !== null) { bytes = String.fromCharCode(this.signatureTargetPublicKeyAlgorithm); bytes += String.fromCharCode(this.signatureTargetHashAlgorithm); bytes += this.signatureTargetHash; result += write_sub_packet(sub.signature_target, bytes); } if (this.embeddedSignature !== null) { result += write_sub_packet(sub.embedded_signature, this.embeddedSignature.write()); } result = util.writeNumber(result.length, 2) + result; return result; }; /** * creates a string representation of a sub signature packet (See {@link http://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC 4880 5.2.3.1}) * @param {Integer} type subpacket signature type. Signature types as described * in {@link http://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 Section 5.2.3.2} * @param {String} data data to be included * @return {String} a string-representation of a sub signature packet (See {@link http://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC 4880 5.2.3.1}) */ function write_sub_packet(type, data) { var result = ""; result += packet.writeSimpleLength(data.length + 1); result += String.fromCharCode(type); result += data; return result; } // V4 signature sub packets Signature.prototype.read_sub_packet = function (bytes) { var mypos = 0; function read_array(prop, bytes) { this[prop] = []; for (var i = 0; i < bytes.length; i++) { this[prop].push(bytes.charCodeAt(i)); } } // The leftwost bit denotes a "critical" packet, but we ignore it. var type = bytes.charCodeAt(mypos++) & 0x7F; var seconds; // subpacket type switch (type) { case 2: // Signature Creation Time this.created = util.readDate(bytes.substr(mypos)); break; case 3: // Signature Expiration Time in seconds seconds = util.readNumber(bytes.substr(mypos)); this.signatureNeverExpires = seconds === 0; this.signatureExpirationTime = seconds; break; case 4: // Exportable Certification this.exportable = bytes.charCodeAt(mypos++) == 1; break; case 5: // Trust Signature this.trustLevel = bytes.charCodeAt(mypos++); this.trustAmount = bytes.charCodeAt(mypos++); break; case 6: // Regular Expression this.regularExpression = bytes.substr(mypos); break; case 7: // Revocable this.revocable = bytes.charCodeAt(mypos++) == 1; break; case 9: // Key Expiration Time in seconds seconds = util.readNumber(bytes.substr(mypos)); this.keyExpirationTime = seconds; this.keyNeverExpires = seconds === 0; break; case 11: // Preferred Symmetric Algorithms read_array.call(this, 'preferredSymmetricAlgorithms', bytes.substr(mypos)); break; case 12: // Revocation Key // (1 octet of class, 1 octet of public-key algorithm ID, 20 // octets of // fingerprint) this.revocationKeyClass = bytes.charCodeAt(mypos++); this.revocationKeyAlgorithm = bytes.charCodeAt(mypos++); this.revocationKeyFingerprint = bytes.substr(mypos, 20); break; case 16: // Issuer this.issuerKeyId.read(bytes.substr(mypos)); break; case 20: // Notation Data // We don't know how to handle anything but a text flagged data. if (bytes.charCodeAt(mypos) == 0x80) { // We extract key/value tuple from the byte stream. mypos += 4; var m = util.readNumber(bytes.substr(mypos, 2)); mypos += 2; var n = util.readNumber(bytes.substr(mypos, 2)); mypos += 2; var name = bytes.substr(mypos, m), value = bytes.substr(mypos + m, n); this.notation = this.notation || {}; this.notation[name] = value; } else { util.print_debug("Unsupported notation flag "+bytes.charCodeAt(mypos)); } break; case 21: // Preferred Hash Algorithms read_array.call(this, 'preferredHashAlgorithms', bytes.substr(mypos)); break; case 22: // Preferred Compression Algorithms read_array.call(this, 'preferredCompressionAlgorithms', bytes.substr(mypos)); break; case 23: // Key Server Preferences read_array.call(this, 'keyServerPreferencess', bytes.substr(mypos)); break; case 24: // Preferred Key Server this.preferredKeyServer = bytes.substr(mypos); break; case 25: // Primary User ID this.isPrimaryUserID = bytes[mypos++] !== 0; break; case 26: // Policy URI this.policyURI = bytes.substr(mypos); break; case 27: // Key Flags read_array.call(this, 'keyFlags', bytes.substr(mypos)); break; case 28: // Signer's User ID this.signersUserId += bytes.substr(mypos); break; case 29: // Reason for Revocation this.reasonForRevocationFlag = bytes.charCodeAt(mypos++); this.reasonForRevocationString = bytes.substr(mypos); break; case 30: // Features read_array.call(this, 'features', bytes.substr(mypos)); break; case 31: // Signature Target // (1 octet public-key algorithm, 1 octet hash algorithm, N octets hash) this.signatureTargetPublicKeyAlgorithm = bytes.charCodeAt(mypos++); this.signatureTargetHashAlgorithm = bytes.charCodeAt(mypos++); var len = crypto.getHashByteLength(this.signatureTargetHashAlgorithm); this.signatureTargetHash = bytes.substr(mypos, len); break; case 32: // Embedded Signature this.embeddedSignature = new Signature(); this.embeddedSignature.read(bytes.substr(mypos)); break; default: util.print_debug("Unknown signature subpacket type " + type + " @:" + mypos); } }; // Produces data to produce signature on Signature.prototype.toSign = function (type, data) { var t = enums.signature; switch (type) { case t.binary: case t.text: return data.getBytes(); case t.standalone: return ''; case t.cert_generic: case t.cert_persona: case t.cert_casual: case t.cert_positive: case t.cert_revocation: var packet, tag; if (data.userid !== undefined) { tag = 0xB4; packet = data.userid; } else if (data.userattribute !== undefined) { tag = 0xD1; packet = data.userattribute; } else throw new Error('Either a userid or userattribute packet needs to be ' + 'supplied for certification.'); var bytes = packet.write(); if (this.version == 4) { return this.toSign(t.key, data) + String.fromCharCode(tag) + util.writeNumber(bytes.length, 4) + bytes; } else if (this.version == 3) { return this.toSign(t.key, data) + bytes; } break; case t.subkey_binding: case t.subkey_revocation: case t.key_binding: return this.toSign(t.key, data) + this.toSign(t.key, { key: data.bind }); case t.key: if (data.key === undefined) throw new Error('Key packet is required for this signature.'); return data.key.writeOld(); case t.key_revocation: return this.toSign(t.key, data); case t.timestamp: return ''; case t.third_party: throw new Error('Not implemented'); default: throw new Error('Unknown signature type.'); } }; Signature.prototype.calculateTrailer = function () { // calculating the trailer var trailer = ''; // V3 signatures don't have a trailer if (this.version == 3) return trailer; trailer += String.fromCharCode(4); // Version trailer += String.fromCharCode(0xFF); trailer += util.writeNumber(this.signatureData.length, 4); return trailer; }; /** * verifys the signature packet. Note: not signature types are implemented * @param {String|Object} data data which on the signature applies * @param {module:packet/public_subkey|module:packet/public_key| * module:packet/secret_subkey|module:packet/secret_key} key the public key to verify the signature * @return {boolean} True if message is verified, else false. */ Signature.prototype.verify = function (key, data) { var signatureType = enums.write(enums.signature, this.signatureType), publicKeyAlgorithm = enums.write(enums.publicKey, this.publicKeyAlgorithm), hashAlgorithm = enums.write(enums.hash, this.hashAlgorithm); var bytes = this.toSign(signatureType, data), trailer = this.calculateTrailer(); var mpicount = 0; // Algorithm-Specific Fields for RSA signatures: // - multiprecision number (MPI) of RSA signature value m**d mod n. if (publicKeyAlgorithm > 0 && publicKeyAlgorithm < 4) mpicount = 1; // Algorithm-Specific Fields for DSA signatures: // - MPI of DSA value r. // - MPI of DSA value s. else if (publicKeyAlgorithm == 17) mpicount = 2; var mpi = [], i = 0; for (var j = 0; j < mpicount; j++) { mpi[j] = new type_mpi(); i += mpi[j].read(this.signature.substr(i)); } this.verified = crypto.signature.verify(publicKeyAlgorithm, hashAlgorithm, mpi, key.mpi, bytes + this.signatureData + trailer); return this.verified; }; /** * Verifies signature expiration date * @return {Boolean} true if expired */ Signature.prototype.isExpired = function () { if (!this.signatureNeverExpires) { return Date.now() > (this.created.getTime() + this.signatureExpirationTime*1000); } return false; }; /** * Fix custom types after cloning */ Signature.prototype.postCloneTypeFix = function() { this.issuerKeyId = type_keyid.fromClone(this.issuerKeyId); }; },{"../crypto":32,"../enums.js":43,"../type/keyid.js":71,"../type/mpi.js":72,"../util.js":74,"./packet.js":57}],65:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Sym. Encrypted Integrity Protected Data * Packet (Tag 18)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.13|RFC4880 5.13}: * The Symmetrically Encrypted Integrity Protected Data packet is * a variant of the Symmetrically Encrypted Data packet. It is a new feature * created for OpenPGP that addresses the problem of detecting a modification to * encrypted data. It is used in combination with a Modification Detection Code * packet. * @requires crypto * @requires util * @requires enums * @module packet/sym_encrypted_integrity_protected */ module.exports = SymEncryptedIntegrityProtected; var util = require('../util.js'), crypto = require('../crypto'), enums = require('../enums.js'); /** * @constructor */ function SymEncryptedIntegrityProtected() { this.tag = enums.packet.symEncryptedIntegrityProtected; /** The encrypted payload. */ this.encrypted = null; // string /** * If after decrypting the packet this is set to true, * a modification has been detected and thus the contents * should be discarded. * @type {Boolean} */ this.modification = false; this.packets = null; } SymEncryptedIntegrityProtected.prototype.read = function (bytes) { // - A one-octet version number. The only currently defined value is 1. var version = bytes.charCodeAt(0); if (version != 1) { throw new Error('Invalid packet version.'); } // - Encrypted data, the output of the selected symmetric-key cipher // operating in Cipher Feedback mode with shift amount equal to the // block size of the cipher (CFB-n where n is the block size). this.encrypted = bytes.substr(1); }; SymEncryptedIntegrityProtected.prototype.write = function () { // 1 = Version return String.fromCharCode(1) + this.encrypted; }; SymEncryptedIntegrityProtected.prototype.encrypt = function (sessionKeyAlgorithm, key) { var bytes = this.packets.write(); var prefixrandom = crypto.getPrefixRandom(sessionKeyAlgorithm); var prefix = prefixrandom + prefixrandom.charAt(prefixrandom.length - 2) + prefixrandom.charAt(prefixrandom.length - 1); var tohash = bytes; // Modification detection code packet. tohash += String.fromCharCode(0xD3); tohash += String.fromCharCode(0x14); tohash += crypto.hash.sha1(prefix + tohash); this.encrypted = crypto.cfb.encrypt(prefixrandom, sessionKeyAlgorithm, tohash, key, false); if (prefix.length + tohash.length != this.encrypted.length) { this.encrypted = this.encrypted.substring(0, prefix.length + tohash.length); } }; /** * Decrypts the encrypted data contained in this object read_packet must * have been called before * * @param {module:enums.symmetric} sessionKeyAlgorithm * The selected symmetric encryption algorithm to be used * @param {String} key The key of cipher blocksize length to be used * @return {String} The decrypted data of this packet */ SymEncryptedIntegrityProtected.prototype.decrypt = function (sessionKeyAlgorithm, key) { var decrypted = crypto.cfb.decrypt( sessionKeyAlgorithm, key, this.encrypted, false); var mdc = decrypted.slice(decrypted.length - 20, decrypted.length).join(''); decrypted.splice(decrypted.length - 20); // there must be a modification detection code packet as the // last packet and everything gets hashed except the hash itself this.hash = crypto.hash.sha1( crypto.cfb.mdc(sessionKeyAlgorithm, key, this.encrypted) + decrypted.join('')); if (this.hash != mdc) { throw new Error('Modification detected.'); } else { decrypted.splice(decrypted.length - 2); this.packets.read(decrypted.join('')); } }; },{"../crypto":32,"../enums.js":43,"../util.js":74}],66:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Public-Key Encrypted Session Key Packets (Tag 1)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.1|RFC4880 5.1}: A Public-Key Encrypted Session Key packet holds the session key * used to encrypt a message. Zero or more Public-Key Encrypted Session Key * packets and/or Symmetric-Key Encrypted Session Key packets may precede a * Symmetrically Encrypted Data Packet, which holds an encrypted message. The * message is encrypted with the session key, and the session key is itself * encrypted and stored in the Encrypted Session Key packet(s). The * Symmetrically Encrypted Data Packet is preceded by one Public-Key Encrypted * Session Key packet for each OpenPGP key to which the message is encrypted. * The recipient of the message finds a session key that is encrypted to their * public key, decrypts the session key, and then uses the session key to * decrypt the message. * @requires crypto * @requires enums * @requires type/s2k * @module packet/sym_encrypted_session_key */ var type_s2k = require('../type/s2k.js'), enums = require('../enums.js'), crypto = require('../crypto'); module.exports = SymEncryptedSessionKey; /** * @constructor */ function SymEncryptedSessionKey() { this.tag = enums.packet.symEncryptedSessionKey; this.version = 4; this.sessionKeyEncryptionAlgorithm = null; this.sessionKeyAlgorithm = 'aes256'; this.encrypted = null; this.s2k = new type_s2k(); } /** * Parsing function for a symmetric encrypted session key packet (tag 3). * * @param {String} input Payload of a tag 1 packet * @param {Integer} position Position to start reading from the input string * @param {Integer} len * Length of the packet or the remaining length of * input at position * @return {module:packet/sym_encrypted_session_key} Object representation */ SymEncryptedSessionKey.prototype.read = function(bytes) { // A one-octet version number. The only currently defined version is 4. this.version = bytes.charCodeAt(0); // A one-octet number describing the symmetric algorithm used. var algo = enums.read(enums.symmetric, bytes.charCodeAt(1)); // A string-to-key (S2K) specifier, length as defined above. var s2klength = this.s2k.read(bytes.substr(2)); // Optionally, the encrypted session key itself, which is decrypted // with the string-to-key object. var done = s2klength + 2; if (done < bytes.length) { this.encrypted = bytes.substr(done); this.sessionKeyEncryptionAlgorithm = algo; } else this.sessionKeyAlgorithm = algo; }; SymEncryptedSessionKey.prototype.write = function() { var algo = this.encrypted === null ? this.sessionKeyAlgorithm : this.sessionKeyEncryptionAlgorithm; var bytes = String.fromCharCode(this.version) + String.fromCharCode(enums.write(enums.symmetric, algo)) + this.s2k.write(); if (this.encrypted !== null) bytes += this.encrypted; return bytes; }; /** * Decrypts the session key (only for public key encrypted session key * packets (tag 1) * * @return {String} The unencrypted session key */ SymEncryptedSessionKey.prototype.decrypt = function(passphrase) { var algo = this.sessionKeyEncryptionAlgorithm !== null ? this.sessionKeyEncryptionAlgorithm : this.sessionKeyAlgorithm; var length = crypto.cipher[algo].keySize; var key = this.s2k.produce_key(passphrase, length); if (this.encrypted === null) { this.sessionKey = key; } else { var decrypted = crypto.cfb.decrypt( this.sessionKeyEncryptionAlgorithm, key, this.encrypted, true); decrypted = decrypted.join(''); this.sessionKeyAlgorithm = enums.read(enums.symmetric, decrypted[0].keyCodeAt()); this.sessionKey = decrypted.substr(1); } }; SymEncryptedSessionKey.prototype.encrypt = function(passphrase) { var length = crypto.getKeyLength(this.sessionKeyEncryptionAlgorithm); var key = this.s2k.produce_key(passphrase, length); var private_key = String.fromCharCode( enums.write(enums.symmetric, this.sessionKeyAlgorithm)) + crypto.getRandomBytes( crypto.getKeyLength(this.sessionKeyAlgorithm)); this.encrypted = crypto.cfb.encrypt( crypto.getPrefixRandom(this.sessionKeyEncryptionAlgorithm), this.sessionKeyEncryptionAlgorithm, key, private_key, true); }; /** * Fix custom types after cloning */ SymEncryptedSessionKey.prototype.postCloneTypeFix = function() { this.s2k = type_s2k.fromClone(this.s2k); }; },{"../crypto":32,"../enums.js":43,"../type/s2k.js":73}],67:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the Symmetrically Encrypted Data Packet (Tag 9)
*
* {@link http://tools.ietf.org/html/rfc4880#section-5.7|RFC4880 5.7}: The Symmetrically Encrypted Data packet contains data encrypted * with a symmetric-key algorithm. When it has been decrypted, it contains other * packets (usually a literal data packet or compressed data packet, but in * theory other Symmetrically Encrypted Data packets or sequences of packets * that form whole OpenPGP messages). * @requires crypto * @requires enums * @module packet/symmetrically_encrypted */ module.exports = SymmetricallyEncrypted; var crypto = require('../crypto'), enums = require('../enums.js'); /** * @constructor */ function SymmetricallyEncrypted() { this.tag = enums.packet.symmetricallyEncrypted; this.encrypted = null; /** Decrypted packets contained within. * @type {module:packet/packetlist} */ this.packets = null; } SymmetricallyEncrypted.prototype.read = function (bytes) { this.encrypted = bytes; }; SymmetricallyEncrypted.prototype.write = function () { return this.encrypted; }; /** * Symmetrically decrypt the packet data * * @param {module:enums.symmetric} sessionKeyAlgorithm * Symmetric key algorithm to use // See {@link http://tools.ietf.org/html/rfc4880#section-9.2|RFC4880 9.2} * @param {String} key * Key as string with the corresponding length to the * algorithm */ SymmetricallyEncrypted.prototype.decrypt = function (sessionKeyAlgorithm, key) { var decrypted = crypto.cfb.decrypt( sessionKeyAlgorithm, key, this.encrypted, true); this.packets.read(decrypted.join('')) }; SymmetricallyEncrypted.prototype.encrypt = function (algo, key) { var data = this.packets.write(); this.encrypted = crypto.cfb.encrypt( crypto.getPrefixRandom(algo), algo, data, key, true); }; },{"../crypto":32,"../enums.js":43}],68:[function(require,module,exports){ /** * @requires enums * @module packet/trust */ module.exports = Trust; var enums = require('../enums.js'); /** * @constructor */ function Trust() { this.tag = enums.packet.trust; } /** * Parsing function for a trust packet (tag 12). * Currently empty as we ignore trust packets * @param {String} byptes payload of a tag 12 packet */ Trust.prototype.read = function (bytes) { }; },{"../enums.js":43}],69:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the User Attribute Packet (Tag 17)
*
* The User Attribute packet is a variation of the User ID packet. It * is capable of storing more types of data than the User ID packet, * which is limited to text. Like the User ID packet, a User Attribute * packet may be certified by the key owner ("self-signed") or any other * key owner who cares to certify it. Except as noted, a User Attribute * packet may be used anywhere that a User ID packet may be used. *
* While User Attribute packets are not a required part of the OpenPGP * standard, implementations SHOULD provide at least enough * compatibility to properly handle a certification signature on the * User Attribute packet. A simple way to do this is by treating the * User Attribute packet as a User ID packet with opaque contents, but * an implementation may use any method desired. * module packet/user_attribute * @requires enums * @module packet/user_attribute */ var util = require('../util.js'), packet = require('./packet.js'), enums = require('../enums.js'); module.exports = UserAttribute; /** * @constructor */ function UserAttribute() { this.tag = enums.packet.userAttribute; this.attributes = []; } /** * parsing function for a user attribute packet (tag 17). * @param {String} input payload of a tag 17 packet */ UserAttribute.prototype.read = function(bytes) { var i = 0; while (i < bytes.length) { var len = packet.readSimpleLength(bytes.substr(i)); i += len.offset; this.attributes.push(bytes.substr(i, len.len)); i += len.len; } }; /** * Creates a string representation of the user attribute packet * @return {String} string representation */ UserAttribute.prototype.write = function() { var result = ''; for (var i = 0; i < this.attributes.length; i++) { result += packet.writeSimpleLength(this.attributes[i].length); result += this.attributes[i]; } return result; }; /** * Compare for equality * @param {module:user_attribute~UserAttribute} usrAttr * @return {Boolean} true if equal */ UserAttribute.prototype.equals = function(usrAttr) { if (!usrAttr || !(usrAttr instanceof UserAttribute)) { return false; } return this.attributes.every(function(attr, index) { return attr === usrAttr.attributes[index]; }); }; },{"../enums.js":43,"../util.js":74,"./packet.js":57}],70:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the User ID Packet (Tag 13)
*
* A User ID packet consists of UTF-8 text that is intended to represent * the name and email address of the key holder. By convention, it * includes an RFC 2822 [RFC2822] mail name-addr, but there are no * restrictions on its content. The packet length in the header * specifies the length of the User ID. * @requires util * @requires enums * @module packet/userid */ module.exports = Userid; var util = require('../util.js'), enums = require('../enums.js'); /** * @constructor */ function Userid() { this.tag = enums.packet.userid; /** A string containing the user id. Usually in the form * John Doe * @type {String} */ this.userid = ''; } /** * Parsing function for a user id packet (tag 13). * @param {String} input payload of a tag 13 packet */ Userid.prototype.read = function (bytes) { this.userid = util.decode_utf8(bytes); }; /** * Creates a string representation of the user id packet * @return {String} string representation */ Userid.prototype.write = function () { return util.encode_utf8(this.userid); }; },{"../enums.js":43,"../util.js":74}],71:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of type key id ({@link http://tools.ietf.org/html/rfc4880#section-3.3|RFC4880 3.3})
*
* A Key ID is an eight-octet scalar that identifies a key. * Implementations SHOULD NOT assume that Key IDs are unique. The * section "Enhanced Key Formats" below describes how Key IDs are * formed. * @requires util * @module type/keyid */ module.exports = Keyid; var util = require('../util.js'); /** * @constructor */ function Keyid() { this.bytes = ''; } /** * Parsing method for a key id * @param {String} input Input to read the key id from */ Keyid.prototype.read = function(bytes) { this.bytes = bytes.substr(0, 8); }; Keyid.prototype.write = function() { return this.bytes; }; Keyid.prototype.toHex = function() { return util.hexstrdump(this.bytes); }; Keyid.prototype.equals = function(keyid) { return this.bytes == keyid.bytes; }; Keyid.prototype.isNull = function() { return this.bytes === ''; }; module.exports.mapToHex = function (keyId) { return keyId.toHex(); }; module.exports.fromClone = function (clone) { var keyid = new Keyid(); keyid.bytes = clone.bytes; return keyid; }; module.exports.fromId = function (hex) { var keyid = new Keyid(); keyid.read(util.hex2bin(hex)); return keyid; }; },{"../util.js":74}],72:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA // Hint: We hold our MPIs as an array of octets in big endian format preceeding a two // octet scalar: MPI: [a,b,c,d,e,f] // - MPI size: (a << 8) | b // - MPI = c | d << 8 | e << ((MPI.length -2)*8) | f ((MPI.length -2)*8) /** * Implementation of type MPI ({@link http://tools.ietf.org/html/rfc4880#section-3.2|RFC4880 3.2})
*
* Multiprecision integers (also called MPIs) are unsigned integers used * to hold large integers such as the ones used in cryptographic * calculations. * An MPI consists of two pieces: a two-octet scalar that is the length * of the MPI in bits followed by a string of octets that contain the * actual integer. * @requires crypto/public_key/jsbn * @requires util * @module type/mpi */ module.exports = MPI; var BigInteger = require('../crypto/public_key/jsbn.js'), util = require('../util.js'); /** * @constructor */ function MPI() { /** An implementation dependent integer */ this.data = null; } /** * Parsing function for a mpi ({@link http://tools.ietf.org/html/rfc4880#section3.2|RFC 4880 3.2}). * @param {String} input Payload of mpi data * @return {Integer} Length of data read */ MPI.prototype.read = function (bytes) { var bits = (bytes.charCodeAt(0) << 8) | bytes.charCodeAt(1); // Additional rules: // // The size of an MPI is ((MPI.length + 7) / 8) + 2 octets. // // The length field of an MPI describes the length starting from its // most significant non-zero bit. Thus, the MPI [00 02 01] is not // formed correctly. It should be [00 01 01]. // TODO: Verification of this size method! This size calculation as // specified above is not applicable in JavaScript var bytelen = Math.ceil(bits / 8); var raw = bytes.substr(2, bytelen); this.fromBytes(raw); return 2 + bytelen; }; MPI.prototype.fromBytes = function (bytes) { this.data = new BigInteger(util.hexstrdump(bytes), 16); }; MPI.prototype.toBytes = function () { return this.write().substr(2); }; MPI.prototype.byteLength = function () { return this.toBytes().length; }; /** * Converts the mpi object to a string as specified in {@link http://tools.ietf.org/html/rfc4880#section-3.2|RFC4880 3.2} * @return {String} mpi Byte representation */ MPI.prototype.write = function () { return this.data.toMPI(); }; MPI.prototype.toBigInteger = function () { return this.data.clone(); }; MPI.prototype.fromBigInteger = function (bn) { this.data = bn.clone(); }; module.exports.fromClone = function (clone) { clone.data.copyTo = BigInteger.prototype.copyTo; var bn = new BigInteger(); clone.data.copyTo(bn); var mpi = new MPI(); mpi.data = bn; return mpi; }; },{"../crypto/public_key/jsbn.js":37,"../util.js":74}],73:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * Implementation of the String-to-key specifier ({@link http://tools.ietf.org/html/rfc4880#section-3.7|RFC4880 3.7})
*
* String-to-key (S2K) specifiers are used to convert passphrase strings * into symmetric-key encryption/decryption keys. They are used in two * places, currently: to encrypt the secret part of private keys in the * private keyring, and to convert passphrases to encryption keys for * symmetrically encrypted messages. * @requires crypto * @requires enums * @requires util * @module type/s2k */ module.exports = S2K; var enums = require('../enums.js'), util = require('../util.js'), crypto = require('../crypto'); /** * @constructor */ function S2K() { /** @type {module:enums.hash} */ this.algorithm = 'sha256'; /** @type {module:enums.s2k} */ this.type = 'iterated'; this.c = 96; /** Eight bytes of salt in a binary string. * @type {String} */ this.salt = crypto.random.getRandomBytes(8); } S2K.prototype.get_count = function () { // Exponent bias, defined in RFC4880 var expbias = 6; return (16 + (this.c & 15)) << ((this.c >> 4) + expbias); }; /** * Parsing function for a string-to-key specifier ({@link http://tools.ietf.org/html/rfc4880#section-3.7|RFC 4880 3.7}). * @param {String} input Payload of string-to-key specifier * @return {Integer} Actual length of the object */ S2K.prototype.read = function (bytes) { var i = 0; this.type = enums.read(enums.s2k, bytes.charCodeAt(i++)); this.algorithm = enums.read(enums.hash, bytes.charCodeAt(i++)); switch (this.type) { case 'simple': break; case 'salted': this.salt = bytes.substr(i, 8); i += 8; break; case 'iterated': this.salt = bytes.substr(i, 8); i += 8; // Octet 10: count, a one-octet, coded value this.c = bytes.charCodeAt(i++); break; case 'gnu': if (bytes.substr(i, 3) == "GNU") { i += 3; // GNU var gnuExtType = 1000 + bytes.charCodeAt(i++); if (gnuExtType == 1001) { this.type = gnuExtType; // GnuPG extension mode 1001 -- don't write secret key at all } else { throw new Error("Unknown s2k gnu protection mode."); } } else { throw new Error("Unknown s2k type."); } break; default: throw new Error("Unknown s2k type."); } return i; }; /** * writes an s2k hash based on the inputs. * @return {String} Produced key of hashAlgorithm hash length */ S2K.prototype.write = function () { var bytes = String.fromCharCode(enums.write(enums.s2k, this.type)); bytes += String.fromCharCode(enums.write(enums.hash, this.algorithm)); switch (this.type) { case 'simple': break; case 'salted': bytes += this.salt; break; case 'iterated': bytes += this.salt; bytes += String.fromCharCode(this.c); break; } return bytes; }; /** * Produces a key using the specified passphrase and the defined * hashAlgorithm * @param {String} passphrase Passphrase containing user input * @return {String} Produced key with a length corresponding to * hashAlgorithm hash length */ S2K.prototype.produce_key = function (passphrase, numBytes) { passphrase = util.encode_utf8(passphrase); function round(prefix, s2k) { var algorithm = enums.write(enums.hash, s2k.algorithm); switch (s2k.type) { case 'simple': return crypto.hash.digest(algorithm, prefix + passphrase); case 'salted': return crypto.hash.digest(algorithm, prefix + s2k.salt + passphrase); case 'iterated': var isp = [], count = s2k.get_count(); data = s2k.salt + passphrase; while (isp.length * data.length < count) isp.push(data); isp = isp.join(''); if (isp.length > count) isp = isp.substr(0, count); return crypto.hash.digest(algorithm, prefix + isp); } } var result = '', prefix = ''; while (result.length <= numBytes) { result += round(prefix, this); prefix += String.fromCharCode(0); } return result.substr(0, numBytes); }; module.exports.fromClone = function (clone) { var s2k = new S2K(); this.algorithm = clone.algorithm; this.type = clone.type; this.c = clone.c; this.salt = clone.salt; return s2k; }; },{"../crypto":32,"../enums.js":43,"../util.js":74}],74:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * This object contains utility functions * @requires config * @module util */ 'use strict'; var config = require('./config'); module.exports = { readNumber: function (bytes) { var n = 0; for (var i = 0; i < bytes.length; i++) { n <<= 8; n += bytes.charCodeAt(i); } return n; }, writeNumber: function (n, bytes) { var b = ''; for (var i = 0; i < bytes; i++) { b += String.fromCharCode((n >> (8 * (bytes - i - 1))) & 0xFF); } return b; }, readDate: function (bytes) { var n = this.readNumber(bytes); var d = new Date(); d.setTime(n * 1000); return d; }, writeDate: function (time) { var numeric = Math.round(time.getTime() / 1000); return this.writeNumber(numeric, 4); }, emailRegEx: /^[+a-zA-Z0-9_.-]+@([a-zA-Z0-9-]+\.)+[a-zA-Z0-9]{2,6}$/, hexdump: function (str) { var r = []; var e = str.length; var c = 0; var h; var i = 0; while (c < e) { h = str.charCodeAt(c++).toString(16); while (h.length < 2) h = "0" + h; r.push(" " + h); i++; if (i % 32 === 0) r.push("\n "); } return r.join(''); }, /** * Create hexstring from a binary * @param {String} str String to convert * @return {String} String containing the hexadecimal values */ hexstrdump: function (str) { if (str === null) return ""; var r = []; var e = str.length; var c = 0; var h; while (c < e) { h = str.charCodeAt(c++).toString(16); while (h.length < 2) h = "0" + h; r.push("" + h); } return r.join(''); }, /** * Create binary string from a hex encoded string * @param {String} str Hex string to convert * @return {String} String containing the binary values */ hex2bin: function (hex) { var str = ''; for (var i = 0; i < hex.length; i += 2) str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); return str; }, /** * Creating a hex string from an binary array of integers (0..255) * @param {String} str Array of bytes to convert * @return {String} Hexadecimal representation of the array */ hexidump: function (str) { var r = []; var e = str.length; var c = 0; var h; while (c < e) { h = str[c++].toString(16); while (h.length < 2) h = "0" + h; r.push("" + h); } return r.join(''); }, /** * Convert a native javascript string to a string of utf8 bytes * @param {String} str The string to convert * @return {String} A valid squence of utf8 bytes */ encode_utf8: function (str) { return unescape(encodeURIComponent(str)); }, /** * Convert a string of utf8 bytes to a native javascript string * @param {String} utf8 A valid squence of utf8 bytes * @return {String} A native javascript string */ decode_utf8: function (utf8) { if (typeof utf8 !== 'string') { throw new Error('Parameter "utf8" is not of type string'); } try { return decodeURIComponent(escape(utf8)); } catch (e) { return utf8; } }, /** * Convert an array of integers(0.255) to a string * @param {Array} bin An array of (binary) integers to convert * @return {String} The string representation of the array */ bin2str: function (bin) { var result = []; for (var i = 0; i < bin.length; i++) { result[i] = String.fromCharCode(bin[i]); } return result.join(''); }, /** * Convert a string to an array of integers(0.255) * @param {String} str String to convert * @return {Array} An array of (binary) integers */ str2bin: function (str) { var result = []; for (var i = 0; i < str.length; i++) { result[i] = str.charCodeAt(i); } return result; }, /** * Convert a string to a Uint8Array * @param {String} str String to convert * @return {Uint8Array} The array of (binary) integers */ str2Uint8Array: function (str) { var result = new Uint8Array(str.length); for (var i = 0; i < str.length; i++) { result[i] = str.charCodeAt(i); } return result; }, /** * Convert a Uint8Array to a string. This currently functions * the same as bin2str. * @function module:util.Uint8Array2str * @param {Uint8Array} bin An array of (binary) integers to convert * @return {String} String representation of the array */ Uint8Array2str: function (bin) { var result = []; for (var i = 0; i < bin.length; i++) { result[i] = String.fromCharCode(bin[i]); } return result.join(''); }, /** * Calculates a 16bit sum of a string by adding each character * codes modulus 65535 * @param {String} text String to create a sum of * @return {Integer} An integer containing the sum of all character * codes % 65535 */ calc_checksum: function (text) { var checksum = { s: 0, add: function (sadd) { this.s = (this.s + sadd) % 65536; } }; for (var i = 0; i < text.length; i++) { checksum.add(text.charCodeAt(i)); } return checksum.s; }, /** * Helper function to print a debug message. Debug * messages are only printed if * @link module:config/config.debug is set to true. * @param {String} str String of the debug message */ print_debug: function (str) { if (config.debug) { console.log(str); } }, /** * Helper function to print a debug message. Debug * messages are only printed if * @link module:config/config.debug is set to true. * Different than print_debug because will call hexstrdump iff necessary. * @param {String} str String of the debug message */ print_debug_hexstr_dump: function (str, strToHex) { if (config.debug) { str = str + this.hexstrdump(strToHex); console.log(str); } }, getLeftNBits: function (string, bitcount) { var rest = bitcount % 8; if (rest === 0) return string.substring(0, bitcount / 8); var bytes = (bitcount - rest) / 8 + 1; var result = string.substring(0, bytes); return this.shiftRight(result, 8 - rest); // +String.fromCharCode(string.charCodeAt(bytes -1) << (8-rest) & 0xFF); }, /** * Shifting a string to n bits right * @param {String} value The string to shift * @param {Integer} bitcount Amount of bits to shift (MUST be smaller * than 9) * @return {String} Resulting string. */ shiftRight: function (value, bitcount) { var temp = util.str2bin(value); if (bitcount % 8 !== 0) { for (var i = temp.length - 1; i >= 0; i--) { temp[i] >>= bitcount % 8; if (i > 0) temp[i] |= (temp[i - 1] << (8 - (bitcount % 8))) & 0xFF; } } else { return value; } return util.bin2str(temp); }, /** * Return the algorithm type as string * @return {String} String representing the message type */ get_hashAlgorithmString: function (algo) { switch (algo) { case 1: return "MD5"; case 2: return "SHA1"; case 3: return "RIPEMD160"; case 8: return "SHA256"; case 9: return "SHA384"; case 10: return "SHA512"; case 11: return "SHA224"; } return "unknown"; }, /** * Get native Web Cryptography api. The default configuration is to use * the api when available. But it can also be deactivated with config.useWebCrypto * @return {Object} The SubtleCrypto api or 'undefined' */ getWebCrypto: function() { if (config.useWebCrypto === false) { // make web crypto optional return; } if (typeof window !== 'undefined') { if (window.crypto) { return window.crypto.subtle || window.crypto.webkitSubtle; } if (window.msCrypto) { return window.msCrypto.subtle; } } } }; },{"./config":17}],75:[function(require,module,exports){ // GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 3.0 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires crypto * @requires enums * @requires packet * @requires type_keyid * @requires key * @module async_proxy */ 'use strict'; var crypto = require('../crypto'), packet = require('../packet'), key = require('../key.js'), type_keyid = require('../type/keyid.js'); var INITIAL_RANDOM_SEED = 50000, // random bytes seeded to worker RANDOM_SEED_REQUEST = 20000; // random bytes seeded after worker request /** * Initializes a new proxy and loads the web worker * @constructor * @param {String} path The path to the worker or 'openpgp.worker.js' by default * @param {Object} [options.config=Object] config The worker configuration * @param {Object} [options.worker=Object] alternative to path parameter: * web worker initialized with 'openpgp.worker.js' */ function AsyncProxy(path, options) { if (options && options.worker) { this.worker = options.worker; } else { this.worker = new Worker(path || 'openpgp.worker.js'); } this.worker.onmessage = this.onMessage.bind(this); this.worker.onerror = function(e) { throw new Error('Unhandled error in openpgp worker: ' + e.message + ' (' + e.filename + ':' + e.lineno + ')'); }; this.seedRandom(INITIAL_RANDOM_SEED); // FIFO this.tasks = []; if (options && options.config) { this.worker.postMessage({event: 'configure', config: options.config}); } } /** * Command pattern that wraps synchronous code into a promise * @param {Object} self The current this * @param {function} cmd The synchronous function with a return value * to be wrapped in a promise * @return {Promise} The promise wrapped around cmd */ AsyncProxy.prototype.execute = function(cmd) { var self = this; var promise = new Promise(function(resolve, reject) { cmd(); self.tasks.push({ resolve:resolve, reject:reject }); }); return promise; }; /** * Message handling */ AsyncProxy.prototype.onMessage = function(event) { var msg = event.data; switch (msg.event) { case 'method-return': if (msg.err) { // fail this.tasks.shift().reject(new Error(msg.err)); } else { // success this.tasks.shift().resolve(msg.data); } break; case 'request-seed': this.seedRandom(RANDOM_SEED_REQUEST); break; default: throw new Error('Unknown Worker Event.'); } }; /** * Send message to worker with random data * @param {Integer} size Number of bytes to send */ AsyncProxy.prototype.seedRandom = function(size) { var buf = this.getRandomBuffer(size); this.worker.postMessage({event: 'seed-random', buf: buf}); }; /** * Get Uint8Array with random numbers * @param {Integer} size Length of buffer * @return {Uint8Array} */ AsyncProxy.prototype.getRandomBuffer = function(size) { if (!size) return null; var buf = new Uint8Array(size); crypto.random.getRandomValues(buf); return buf; }; /** * Terminates the worker */ AsyncProxy.prototype.terminate = function() { this.worker.terminate(); }; /** * Encrypts message text with keys * @param {(Array|module:key~Key)} keys array of keys or single key, used to encrypt the message * @param {String} text message as native JavaScript string */ AsyncProxy.prototype.encryptMessage = function(keys, text) { var self = this; return self.execute(function() { if (!keys.length) { keys = [keys]; } keys = keys.map(function(key) { return key.toPacketlist(); }); self.worker.postMessage({ event: 'encrypt-message', keys: keys, text: text }); }); }; /** * Signs message text and encrypts it * @param {(Array|module:key~Key)} publicKeys array of keys or single key, used to encrypt the message * @param {module:key~Key} privateKey private key with decrypted secret key data for signing * @param {String} text message as native JavaScript string */ AsyncProxy.prototype.signAndEncryptMessage = function(publicKeys, privateKey, text) { var self = this; return self.execute(function() { if (!publicKeys.length) { publicKeys = [publicKeys]; } publicKeys = publicKeys.map(function(key) { return key.toPacketlist(); }); privateKey = privateKey.toPacketlist(); self.worker.postMessage({ event: 'sign-and-encrypt-message', publicKeys: publicKeys, privateKey: privateKey, text: text }); }); }; /** * Decrypts message * @param {module:key~Key} privateKey private key with decrypted secret key data * @param {module:message~Message} message the message object with the encrypted data */ AsyncProxy.prototype.decryptMessage = function(privateKey, message) { var self = this; return self.execute(function() { privateKey = privateKey.toPacketlist(); self.worker.postMessage({ event: 'decrypt-message', privateKey: privateKey, message: message }); }); }; /** * Decrypts message and verifies signatures * @param {module:key~Key} privateKey private key with decrypted secret key data * @param {(Array|module:key~Key)} publicKeys array of keys or single key to verify signatures * @param {module:message~Message} message the message object with signed and encrypted data */ AsyncProxy.prototype.decryptAndVerifyMessage = function(privateKey, publicKeys, message) { var self = this; var promise = new Promise(function(resolve, reject) { privateKey = privateKey.toPacketlist(); if (!publicKeys.length) { publicKeys = [publicKeys]; } publicKeys = publicKeys.map(function(key) { return key.toPacketlist(); }); self.worker.postMessage({ event: 'decrypt-and-verify-message', privateKey: privateKey, publicKeys: publicKeys, message: message }); self.tasks.push({ resolve:function(data) { data.signatures = data.signatures.map(function(sig) { sig.keyid = type_keyid.fromClone(sig.keyid); return sig; }); resolve(data); }, reject:reject }); }); return promise; }; /** * Signs a cleartext message * @param {(Array|module:key~Key)} privateKeys array of keys or single key, with decrypted secret key data to sign cleartext * @param {String} text cleartext */ AsyncProxy.prototype.signClearMessage = function(privateKeys, text) { var self = this; return self.execute(function() { if (!privateKeys.length) { privateKeys = [privateKeys]; } privateKeys = privateKeys.map(function(key) { return key.toPacketlist(); }); self.worker.postMessage({ event: 'sign-clear-message', privateKeys: privateKeys, text: text }); }); }; /** * Verifies signatures of cleartext signed message * @param {(Array|module:key~Key)} publicKeys array of keys or single key, to verify signatures * @param {module:cleartext~CleartextMessage} message cleartext message object with signatures */ AsyncProxy.prototype.verifyClearSignedMessage = function(publicKeys, message) { var self = this; var promise = new Promise(function(resolve, reject) { if (!publicKeys.length) { publicKeys = [publicKeys]; } publicKeys = publicKeys.map(function(key) { return key.toPacketlist(); }); self.worker.postMessage({ event: 'verify-clear-signed-message', publicKeys: publicKeys, message: message }); self.tasks.push({ resolve:function(data) { data.signatures = data.signatures.map(function(sig) { sig.keyid = type_keyid.fromClone(sig.keyid); return sig; }); resolve(data); }, reject:reject }); }); return promise; }; /** * Generates a new OpenPGP key pair. Currently only supports RSA keys. * Primary and subkey will be of same type. * @param {module:enums.publicKey} keyType to indicate what type of key to make. * RSA is 1. See {@link http://tools.ietf.org/html/rfc4880#section-9.1} * @param {Integer} numBits number of bits for the key creation. (should be 1024+, generally) * @param {String} userId assumes already in form of "User Name " * @param {String} passphrase The passphrase used to encrypt the resulting private key */ AsyncProxy.prototype.generateKeyPair = function(options) { var self = this; var promise = new Promise(function(resolve, reject) { self.worker.postMessage({ event: 'generate-key-pair', options: options }); self.tasks.push({ resolve:function(data) { var packetlist = packet.List.fromStructuredClone(data.key); data.key = new key.Key(packetlist); resolve(data); }, reject:reject }); }); return promise; }; /** * Decrypts secret part of all secret key packets of key. * @param {module:key~Key} privateKey private key with encrypted secret key data * @param {String} password password to unlock the key */ AsyncProxy.prototype.decryptKey = function(privateKey, password) { var self = this; var promise = new Promise(function(resolve, reject) { privateKey = privateKey.toPacketlist(); self.worker.postMessage({ event: 'decrypt-key', privateKey: privateKey, password: password }); self.tasks.push({ resolve:function(data) { var packetlist = packet.List.fromStructuredClone(data); data = new key.Key(packetlist); resolve(data); }, reject:reject }); }); return promise; }; /** * Decrypts secret part of key packets matching array of keyids. * @param {module:key~Key} privateKey private key with encrypted secret key data * @param {Array} keyIds * @param {String} password password to unlock the key */ AsyncProxy.prototype.decryptKeyPacket = function(privateKey, keyIds, password) { var self = this; var promise = new Promise(function(resolve, reject) { privateKey = privateKey.toPacketlist(); self.worker.postMessage({ event: 'decrypt-key-packet', privateKey: privateKey, keyIds: keyIds, password: password }); self.tasks.push({ resolve:function(data) { var packetlist = packet.List.fromStructuredClone(data); data = new key.Key(packetlist); resolve(data); }, reject:reject }); }); return promise; }; module.exports = AsyncProxy; },{"../crypto":32,"../key.js":45,"../packet":53,"../type/keyid.js":71}]},{},[44]) (44) }); ;