25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

6191 lines
194 KiB

  1. ;(function (root, factory) {
  2. if (typeof exports === "object") {
  3. // CommonJS
  4. module.exports = exports = factory();
  5. }
  6. else if (typeof define === "function" && define.amd) {
  7. // AMD
  8. define([], factory);
  9. }
  10. else {
  11. // Global (browser)
  12. root.CryptoJS = factory();
  13. }
  14. }(this, function () {
  15. /*globals window, global, require*/
  16. /**
  17. * CryptoJS core components.
  18. */
  19. var CryptoJS = CryptoJS || (function (Math, undefined) {
  20. var crypto;
  21. // Native crypto from window (Browser)
  22. if (typeof window !== 'undefined' && window.crypto) {
  23. crypto = window.crypto;
  24. }
  25. // Native crypto in web worker (Browser)
  26. if (typeof self !== 'undefined' && self.crypto) {
  27. crypto = self.crypto;
  28. }
  29. // Native crypto from worker
  30. if (typeof globalThis !== 'undefined' && globalThis.crypto) {
  31. crypto = globalThis.crypto;
  32. }
  33. // Native (experimental IE 11) crypto from window (Browser)
  34. if (!crypto && typeof window !== 'undefined' && window.msCrypto) {
  35. crypto = window.msCrypto;
  36. }
  37. // Native crypto from global (NodeJS)
  38. if (!crypto && typeof global !== 'undefined' && global.crypto) {
  39. crypto = global.crypto;
  40. }
  41. // Native crypto import via require (NodeJS)
  42. if (!crypto && typeof require === 'function') {
  43. try {
  44. crypto = require('crypto');
  45. } catch (err) {}
  46. }
  47. /*
  48. * Cryptographically secure pseudorandom number generator
  49. *
  50. * As Math.random() is cryptographically not safe to use
  51. */
  52. var cryptoSecureRandomInt = function () {
  53. if (crypto) {
  54. // Use getRandomValues method (Browser)
  55. if (typeof crypto.getRandomValues === 'function') {
  56. try {
  57. return crypto.getRandomValues(new Uint32Array(1))[0];
  58. } catch (err) {}
  59. }
  60. // Use randomBytes method (NodeJS)
  61. if (typeof crypto.randomBytes === 'function') {
  62. try {
  63. return crypto.randomBytes(4).readInt32LE();
  64. } catch (err) {}
  65. }
  66. }
  67. throw new Error('Native crypto module could not be used to get secure random number.');
  68. };
  69. /*
  70. * Local polyfill of Object.create
  71. */
  72. var create = Object.create || (function () {
  73. function F() {}
  74. return function (obj) {
  75. var subtype;
  76. F.prototype = obj;
  77. subtype = new F();
  78. F.prototype = null;
  79. return subtype;
  80. };
  81. }());
  82. /**
  83. * CryptoJS namespace.
  84. */
  85. var C = {};
  86. /**
  87. * Library namespace.
  88. */
  89. var C_lib = C.lib = {};
  90. /**
  91. * Base object for prototypal inheritance.
  92. */
  93. var Base = C_lib.Base = (function () {
  94. return {
  95. /**
  96. * Creates a new object that inherits from this object.
  97. *
  98. * @param {Object} overrides Properties to copy into the new object.
  99. *
  100. * @return {Object} The new object.
  101. *
  102. * @static
  103. *
  104. * @example
  105. *
  106. * var MyType = CryptoJS.lib.Base.extend({
  107. * field: 'value',
  108. *
  109. * method: function () {
  110. * }
  111. * });
  112. */
  113. extend: function (overrides) {
  114. // Spawn
  115. var subtype = create(this);
  116. // Augment
  117. if (overrides) {
  118. subtype.mixIn(overrides);
  119. }
  120. // Create default initializer
  121. if (!subtype.hasOwnProperty('init') || this.init === subtype.init) {
  122. subtype.init = function () {
  123. subtype.$super.init.apply(this, arguments);
  124. };
  125. }
  126. // Initializer's prototype is the subtype object
  127. subtype.init.prototype = subtype;
  128. // Reference supertype
  129. subtype.$super = this;
  130. return subtype;
  131. },
  132. /**
  133. * Extends this object and runs the init method.
  134. * Arguments to create() will be passed to init().
  135. *
  136. * @return {Object} The new object.
  137. *
  138. * @static
  139. *
  140. * @example
  141. *
  142. * var instance = MyType.create();
  143. */
  144. create: function () {
  145. var instance = this.extend();
  146. instance.init.apply(instance, arguments);
  147. return instance;
  148. },
  149. /**
  150. * Initializes a newly created object.
  151. * Override this method to add some logic when your objects are created.
  152. *
  153. * @example
  154. *
  155. * var MyType = CryptoJS.lib.Base.extend({
  156. * init: function () {
  157. * // ...
  158. * }
  159. * });
  160. */
  161. init: function () {
  162. },
  163. /**
  164. * Copies properties into this object.
  165. *
  166. * @param {Object} properties The properties to mix in.
  167. *
  168. * @example
  169. *
  170. * MyType.mixIn({
  171. * field: 'value'
  172. * });
  173. */
  174. mixIn: function (properties) {
  175. for (var propertyName in properties) {
  176. if (properties.hasOwnProperty(propertyName)) {
  177. this[propertyName] = properties[propertyName];
  178. }
  179. }
  180. // IE won't copy toString using the loop above
  181. if (properties.hasOwnProperty('toString')) {
  182. this.toString = properties.toString;
  183. }
  184. },
  185. /**
  186. * Creates a copy of this object.
  187. *
  188. * @return {Object} The clone.
  189. *
  190. * @example
  191. *
  192. * var clone = instance.clone();
  193. */
  194. clone: function () {
  195. return this.init.prototype.extend(this);
  196. }
  197. };
  198. }());
  199. /**
  200. * An array of 32-bit words.
  201. *
  202. * @property {Array} words The array of 32-bit words.
  203. * @property {number} sigBytes The number of significant bytes in this word array.
  204. */
  205. var WordArray = C_lib.WordArray = Base.extend({
  206. /**
  207. * Initializes a newly created word array.
  208. *
  209. * @param {Array} words (Optional) An array of 32-bit words.
  210. * @param {number} sigBytes (Optional) The number of significant bytes in the words.
  211. *
  212. * @example
  213. *
  214. * var wordArray = CryptoJS.lib.WordArray.create();
  215. * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607]);
  216. * var wordArray = CryptoJS.lib.WordArray.create([0x00010203, 0x04050607], 6);
  217. */
  218. init: function (words, sigBytes) {
  219. words = this.words = words || [];
  220. if (sigBytes != undefined) {
  221. this.sigBytes = sigBytes;
  222. } else {
  223. this.sigBytes = words.length * 4;
  224. }
  225. },
  226. /**
  227. * Converts this word array to a string.
  228. *
  229. * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex
  230. *
  231. * @return {string} The stringified word array.
  232. *
  233. * @example
  234. *
  235. * var string = wordArray + '';
  236. * var string = wordArray.toString();
  237. * var string = wordArray.toString(CryptoJS.enc.Utf8);
  238. */
  239. toString: function (encoder) {
  240. return (encoder || Hex).stringify(this);
  241. },
  242. /**
  243. * Concatenates a word array to this word array.
  244. *
  245. * @param {WordArray} wordArray The word array to append.
  246. *
  247. * @return {WordArray} This word array.
  248. *
  249. * @example
  250. *
  251. * wordArray1.concat(wordArray2);
  252. */
  253. concat: function (wordArray) {
  254. // Shortcuts
  255. var thisWords = this.words;
  256. var thatWords = wordArray.words;
  257. var thisSigBytes = this.sigBytes;
  258. var thatSigBytes = wordArray.sigBytes;
  259. // Clamp excess bits
  260. this.clamp();
  261. // Concat
  262. if (thisSigBytes % 4) {
  263. // Copy one byte at a time
  264. for (var i = 0; i < thatSigBytes; i++) {
  265. var thatByte = (thatWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
  266. thisWords[(thisSigBytes + i) >>> 2] |= thatByte << (24 - ((thisSigBytes + i) % 4) * 8);
  267. }
  268. } else {
  269. // Copy one word at a time
  270. for (var j = 0; j < thatSigBytes; j += 4) {
  271. thisWords[(thisSigBytes + j) >>> 2] = thatWords[j >>> 2];
  272. }
  273. }
  274. this.sigBytes += thatSigBytes;
  275. // Chainable
  276. return this;
  277. },
  278. /**
  279. * Removes insignificant bits.
  280. *
  281. * @example
  282. *
  283. * wordArray.clamp();
  284. */
  285. clamp: function () {
  286. // Shortcuts
  287. var words = this.words;
  288. var sigBytes = this.sigBytes;
  289. // Clamp
  290. words[sigBytes >>> 2] &= 0xffffffff << (32 - (sigBytes % 4) * 8);
  291. words.length = Math.ceil(sigBytes / 4);
  292. },
  293. /**
  294. * Creates a copy of this word array.
  295. *
  296. * @return {WordArray} The clone.
  297. *
  298. * @example
  299. *
  300. * var clone = wordArray.clone();
  301. */
  302. clone: function () {
  303. var clone = Base.clone.call(this);
  304. clone.words = this.words.slice(0);
  305. return clone;
  306. },
  307. /**
  308. * Creates a word array filled with random bytes.
  309. *
  310. * @param {number} nBytes The number of random bytes to generate.
  311. *
  312. * @return {WordArray} The random word array.
  313. *
  314. * @static
  315. *
  316. * @example
  317. *
  318. * var wordArray = CryptoJS.lib.WordArray.random(16);
  319. */
  320. random: function (nBytes) {
  321. var words = [];
  322. for (var i = 0; i < nBytes; i += 4) {
  323. words.push(cryptoSecureRandomInt());
  324. }
  325. return new WordArray.init(words, nBytes);
  326. }
  327. });
  328. /**
  329. * Encoder namespace.
  330. */
  331. var C_enc = C.enc = {};
  332. /**
  333. * Hex encoding strategy.
  334. */
  335. var Hex = C_enc.Hex = {
  336. /**
  337. * Converts a word array to a hex string.
  338. *
  339. * @param {WordArray} wordArray The word array.
  340. *
  341. * @return {string} The hex string.
  342. *
  343. * @static
  344. *
  345. * @example
  346. *
  347. * var hexString = CryptoJS.enc.Hex.stringify(wordArray);
  348. */
  349. stringify: function (wordArray) {
  350. // Shortcuts
  351. var words = wordArray.words;
  352. var sigBytes = wordArray.sigBytes;
  353. // Convert
  354. var hexChars = [];
  355. for (var i = 0; i < sigBytes; i++) {
  356. var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
  357. hexChars.push((bite >>> 4).toString(16));
  358. hexChars.push((bite & 0x0f).toString(16));
  359. }
  360. return hexChars.join('');
  361. },
  362. /**
  363. * Converts a hex string to a word array.
  364. *
  365. * @param {string} hexStr The hex string.
  366. *
  367. * @return {WordArray} The word array.
  368. *
  369. * @static
  370. *
  371. * @example
  372. *
  373. * var wordArray = CryptoJS.enc.Hex.parse(hexString);
  374. */
  375. parse: function (hexStr) {
  376. // Shortcut
  377. var hexStrLength = hexStr.length;
  378. // Convert
  379. var words = [];
  380. for (var i = 0; i < hexStrLength; i += 2) {
  381. words[i >>> 3] |= parseInt(hexStr.substr(i, 2), 16) << (24 - (i % 8) * 4);
  382. }
  383. return new WordArray.init(words, hexStrLength / 2);
  384. }
  385. };
  386. /**
  387. * Latin1 encoding strategy.
  388. */
  389. var Latin1 = C_enc.Latin1 = {
  390. /**
  391. * Converts a word array to a Latin1 string.
  392. *
  393. * @param {WordArray} wordArray The word array.
  394. *
  395. * @return {string} The Latin1 string.
  396. *
  397. * @static
  398. *
  399. * @example
  400. *
  401. * var latin1String = CryptoJS.enc.Latin1.stringify(wordArray);
  402. */
  403. stringify: function (wordArray) {
  404. // Shortcuts
  405. var words = wordArray.words;
  406. var sigBytes = wordArray.sigBytes;
  407. // Convert
  408. var latin1Chars = [];
  409. for (var i = 0; i < sigBytes; i++) {
  410. var bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
  411. latin1Chars.push(String.fromCharCode(bite));
  412. }
  413. return latin1Chars.join('');
  414. },
  415. /**
  416. * Converts a Latin1 string to a word array.
  417. *
  418. * @param {string} latin1Str The Latin1 string.
  419. *
  420. * @return {WordArray} The word array.
  421. *
  422. * @static
  423. *
  424. * @example
  425. *
  426. * var wordArray = CryptoJS.enc.Latin1.parse(latin1String);
  427. */
  428. parse: function (latin1Str) {
  429. // Shortcut
  430. var latin1StrLength = latin1Str.length;
  431. // Convert
  432. var words = [];
  433. for (var i = 0; i < latin1StrLength; i++) {
  434. words[i >>> 2] |= (latin1Str.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8);
  435. }
  436. return new WordArray.init(words, latin1StrLength);
  437. }
  438. };
  439. /**
  440. * UTF-8 encoding strategy.
  441. */
  442. var Utf8 = C_enc.Utf8 = {
  443. /**
  444. * Converts a word array to a UTF-8 string.
  445. *
  446. * @param {WordArray} wordArray The word array.
  447. *
  448. * @return {string} The UTF-8 string.
  449. *
  450. * @static
  451. *
  452. * @example
  453. *
  454. * var utf8String = CryptoJS.enc.Utf8.stringify(wordArray);
  455. */
  456. stringify: function (wordArray) {
  457. try {
  458. return decodeURIComponent(escape(Latin1.stringify(wordArray)));
  459. } catch (e) {
  460. throw new Error('Malformed UTF-8 data');
  461. }
  462. },
  463. /**
  464. * Converts a UTF-8 string to a word array.
  465. *
  466. * @param {string} utf8Str The UTF-8 string.
  467. *
  468. * @return {WordArray} The word array.
  469. *
  470. * @static
  471. *
  472. * @example
  473. *
  474. * var wordArray = CryptoJS.enc.Utf8.parse(utf8String);
  475. */
  476. parse: function (utf8Str) {
  477. return Latin1.parse(unescape(encodeURIComponent(utf8Str)));
  478. }
  479. };
  480. /**
  481. * Abstract buffered block algorithm template.
  482. *
  483. * The property blockSize must be implemented in a concrete subtype.
  484. *
  485. * @property {number} _minBufferSize The number of blocks that should be kept unprocessed in the buffer. Default: 0
  486. */
  487. var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm = Base.extend({
  488. /**
  489. * Resets this block algorithm's data buffer to its initial state.
  490. *
  491. * @example
  492. *
  493. * bufferedBlockAlgorithm.reset();
  494. */
  495. reset: function () {
  496. // Initial values
  497. this._data = new WordArray.init();
  498. this._nDataBytes = 0;
  499. },
  500. /**
  501. * Adds new data to this block algorithm's buffer.
  502. *
  503. * @param {WordArray|string} data The data to append. Strings are converted to a WordArray using UTF-8.
  504. *
  505. * @example
  506. *
  507. * bufferedBlockAlgorithm._append('data');
  508. * bufferedBlockAlgorithm._append(wordArray);
  509. */
  510. _append: function (data) {
  511. // Convert string to WordArray, else assume WordArray already
  512. if (typeof data == 'string') {
  513. data = Utf8.parse(data);
  514. }
  515. // Append
  516. this._data.concat(data);
  517. this._nDataBytes += data.sigBytes;
  518. },
  519. /**
  520. * Processes available data blocks.
  521. *
  522. * This method invokes _doProcessBlock(offset), which must be implemented by a concrete subtype.
  523. *
  524. * @param {boolean} doFlush Whether all blocks and partial blocks should be processed.
  525. *
  526. * @return {WordArray} The processed data.
  527. *
  528. * @example
  529. *
  530. * var processedData = bufferedBlockAlgorithm._process();
  531. * var processedData = bufferedBlockAlgorithm._process(!!'flush');
  532. */
  533. _process: function (doFlush) {
  534. var processedWords;
  535. // Shortcuts
  536. var data = this._data;
  537. var dataWords = data.words;
  538. var dataSigBytes = data.sigBytes;
  539. var blockSize = this.blockSize;
  540. var blockSizeBytes = blockSize * 4;
  541. // Count blocks ready
  542. var nBlocksReady = dataSigBytes / blockSizeBytes;
  543. if (doFlush) {
  544. // Round up to include partial blocks
  545. nBlocksReady = Math.ceil(nBlocksReady);
  546. } else {
  547. // Round down to include only full blocks,
  548. // less the number of blocks that must remain in the buffer
  549. nBlocksReady = Math.max((nBlocksReady | 0) - this._minBufferSize, 0);
  550. }
  551. // Count words ready
  552. var nWordsReady = nBlocksReady * blockSize;
  553. // Count bytes ready
  554. var nBytesReady = Math.min(nWordsReady * 4, dataSigBytes);
  555. // Process blocks
  556. if (nWordsReady) {
  557. for (var offset = 0; offset < nWordsReady; offset += blockSize) {
  558. // Perform concrete-algorithm logic
  559. this._doProcessBlock(dataWords, offset);
  560. }
  561. // Remove processed words
  562. processedWords = dataWords.splice(0, nWordsReady);
  563. data.sigBytes -= nBytesReady;
  564. }
  565. // Return processed words
  566. return new WordArray.init(processedWords, nBytesReady);
  567. },
  568. /**
  569. * Creates a copy of this object.
  570. *
  571. * @return {Object} The clone.
  572. *
  573. * @example
  574. *
  575. * var clone = bufferedBlockAlgorithm.clone();
  576. */
  577. clone: function () {
  578. var clone = Base.clone.call(this);
  579. clone._data = this._data.clone();
  580. return clone;
  581. },
  582. _minBufferSize: 0
  583. });
  584. /**
  585. * Abstract hasher template.
  586. *
  587. * @property {number} blockSize The number of 32-bit words this hasher operates on. Default: 16 (512 bits)
  588. */
  589. var Hasher = C_lib.Hasher = BufferedBlockAlgorithm.extend({
  590. /**
  591. * Configuration options.
  592. */
  593. cfg: Base.extend(),
  594. /**
  595. * Initializes a newly created hasher.
  596. *
  597. * @param {Object} cfg (Optional) The configuration options to use for this hash computation.
  598. *
  599. * @example
  600. *
  601. * var hasher = CryptoJS.algo.SHA256.create();
  602. */
  603. init: function (cfg) {
  604. // Apply config defaults
  605. this.cfg = this.cfg.extend(cfg);
  606. // Set initial values
  607. this.reset();
  608. },
  609. /**
  610. * Resets this hasher to its initial state.
  611. *
  612. * @example
  613. *
  614. * hasher.reset();
  615. */
  616. reset: function () {
  617. // Reset data buffer
  618. BufferedBlockAlgorithm.reset.call(this);
  619. // Perform concrete-hasher logic
  620. this._doReset();
  621. },
  622. /**
  623. * Updates this hasher with a message.
  624. *
  625. * @param {WordArray|string} messageUpdate The message to append.
  626. *
  627. * @return {Hasher} This hasher.
  628. *
  629. * @example
  630. *
  631. * hasher.update('message');
  632. * hasher.update(wordArray);
  633. */
  634. update: function (messageUpdate) {
  635. // Append
  636. this._append(messageUpdate);
  637. // Update the hash
  638. this._process();
  639. // Chainable
  640. return this;
  641. },
  642. /**
  643. * Finalizes the hash computation.
  644. * Note that the finalize operation is effectively a destructive, read-once operation.
  645. *
  646. * @param {WordArray|string} messageUpdate (Optional) A final message update.
  647. *
  648. * @return {WordArray} The hash.
  649. *
  650. * @example
  651. *
  652. * var hash = hasher.finalize();
  653. * var hash = hasher.finalize('message');
  654. * var hash = hasher.finalize(wordArray);
  655. */
  656. finalize: function (messageUpdate) {
  657. // Final message update
  658. if (messageUpdate) {
  659. this._append(messageUpdate);
  660. }
  661. // Perform concrete-hasher logic
  662. var hash = this._doFinalize();
  663. return hash;
  664. },
  665. blockSize: 512/32,
  666. /**
  667. * Creates a shortcut function to a hasher's object interface.
  668. *
  669. * @param {Hasher} hasher The hasher to create a helper for.
  670. *
  671. * @return {Function} The shortcut function.
  672. *
  673. * @static
  674. *
  675. * @example
  676. *
  677. * var SHA256 = CryptoJS.lib.Hasher._createHelper(CryptoJS.algo.SHA256);
  678. */
  679. _createHelper: function (hasher) {
  680. return function (message, cfg) {
  681. return new hasher.init(cfg).finalize(message);
  682. };
  683. },
  684. /**
  685. * Creates a shortcut function to the HMAC's object interface.
  686. *
  687. * @param {Hasher} hasher The hasher to use in this HMAC helper.
  688. *
  689. * @return {Function} The shortcut function.
  690. *
  691. * @static
  692. *
  693. * @example
  694. *
  695. * var HmacSHA256 = CryptoJS.lib.Hasher._createHmacHelper(CryptoJS.algo.SHA256);
  696. */
  697. _createHmacHelper: function (hasher) {
  698. return function (message, key) {
  699. return new C_algo.HMAC.init(hasher, key).finalize(message);
  700. };
  701. }
  702. });
  703. /**
  704. * Algorithm namespace.
  705. */
  706. var C_algo = C.algo = {};
  707. return C;
  708. }(Math));
  709. (function (undefined) {
  710. // Shortcuts
  711. var C = CryptoJS;
  712. var C_lib = C.lib;
  713. var Base = C_lib.Base;
  714. var X32WordArray = C_lib.WordArray;
  715. /**
  716. * x64 namespace.
  717. */
  718. var C_x64 = C.x64 = {};
  719. /**
  720. * A 64-bit word.
  721. */
  722. var X64Word = C_x64.Word = Base.extend({
  723. /**
  724. * Initializes a newly created 64-bit word.
  725. *
  726. * @param {number} high The high 32 bits.
  727. * @param {number} low The low 32 bits.
  728. *
  729. * @example
  730. *
  731. * var x64Word = CryptoJS.x64.Word.create(0x00010203, 0x04050607);
  732. */
  733. init: function (high, low) {
  734. this.high = high;
  735. this.low = low;
  736. }
  737. /**
  738. * Bitwise NOTs this word.
  739. *
  740. * @return {X64Word} A new x64-Word object after negating.
  741. *
  742. * @example
  743. *
  744. * var negated = x64Word.not();
  745. */
  746. // not: function () {
  747. // var high = ~this.high;
  748. // var low = ~this.low;
  749. // return X64Word.create(high, low);
  750. // },
  751. /**
  752. * Bitwise ANDs this word with the passed word.
  753. *
  754. * @param {X64Word} word The x64-Word to AND with this word.
  755. *
  756. * @return {X64Word} A new x64-Word object after ANDing.
  757. *
  758. * @example
  759. *
  760. * var anded = x64Word.and(anotherX64Word);
  761. */
  762. // and: function (word) {
  763. // var high = this.high & word.high;
  764. // var low = this.low & word.low;
  765. // return X64Word.create(high, low);
  766. // },
  767. /**
  768. * Bitwise ORs this word with the passed word.
  769. *
  770. * @param {X64Word} word The x64-Word to OR with this word.
  771. *
  772. * @return {X64Word} A new x64-Word object after ORing.
  773. *
  774. * @example
  775. *
  776. * var ored = x64Word.or(anotherX64Word);
  777. */
  778. // or: function (word) {
  779. // var high = this.high | word.high;
  780. // var low = this.low | word.low;
  781. // return X64Word.create(high, low);
  782. // },
  783. /**
  784. * Bitwise XORs this word with the passed word.
  785. *
  786. * @param {X64Word} word The x64-Word to XOR with this word.
  787. *
  788. * @return {X64Word} A new x64-Word object after XORing.
  789. *
  790. * @example
  791. *
  792. * var xored = x64Word.xor(anotherX64Word);
  793. */
  794. // xor: function (word) {
  795. // var high = this.high ^ word.high;
  796. // var low = this.low ^ word.low;
  797. // return X64Word.create(high, low);
  798. // },
  799. /**
  800. * Shifts this word n bits to the left.
  801. *
  802. * @param {number} n The number of bits to shift.
  803. *
  804. * @return {X64Word} A new x64-Word object after shifting.
  805. *
  806. * @example
  807. *
  808. * var shifted = x64Word.shiftL(25);
  809. */
  810. // shiftL: function (n) {
  811. // if (n < 32) {
  812. // var high = (this.high << n) | (this.low >>> (32 - n));
  813. // var low = this.low << n;
  814. // } else {
  815. // var high = this.low << (n - 32);
  816. // var low = 0;
  817. // }
  818. // return X64Word.create(high, low);
  819. // },
  820. /**
  821. * Shifts this word n bits to the right.
  822. *
  823. * @param {number} n The number of bits to shift.
  824. *
  825. * @return {X64Word} A new x64-Word object after shifting.
  826. *
  827. * @example
  828. *
  829. * var shifted = x64Word.shiftR(7);
  830. */
  831. // shiftR: function (n) {
  832. // if (n < 32) {
  833. // var low = (this.low >>> n) | (this.high << (32 - n));
  834. // var high = this.high >>> n;
  835. // } else {
  836. // var low = this.high >>> (n - 32);
  837. // var high = 0;
  838. // }
  839. // return X64Word.create(high, low);
  840. // },
  841. /**
  842. * Rotates this word n bits to the left.
  843. *
  844. * @param {number} n The number of bits to rotate.
  845. *
  846. * @return {X64Word} A new x64-Word object after rotating.
  847. *
  848. * @example
  849. *
  850. * var rotated = x64Word.rotL(25);
  851. */
  852. // rotL: function (n) {
  853. // return this.shiftL(n).or(this.shiftR(64 - n));
  854. // },
  855. /**
  856. * Rotates this word n bits to the right.
  857. *
  858. * @param {number} n The number of bits to rotate.
  859. *
  860. * @return {X64Word} A new x64-Word object after rotating.
  861. *
  862. * @example
  863. *
  864. * var rotated = x64Word.rotR(7);
  865. */
  866. // rotR: function (n) {
  867. // return this.shiftR(n).or(this.shiftL(64 - n));
  868. // },
  869. /**
  870. * Adds this word with the passed word.
  871. *
  872. * @param {X64Word} word The x64-Word to add with this word.
  873. *
  874. * @return {X64Word} A new x64-Word object after adding.
  875. *
  876. * @example
  877. *
  878. * var added = x64Word.add(anotherX64Word);
  879. */
  880. // add: function (word) {
  881. // var low = (this.low + word.low) | 0;
  882. // var carry = (low >>> 0) < (this.low >>> 0) ? 1 : 0;
  883. // var high = (this.high + word.high + carry) | 0;
  884. // return X64Word.create(high, low);
  885. // }
  886. });
  887. /**
  888. * An array of 64-bit words.
  889. *
  890. * @property {Array} words The array of CryptoJS.x64.Word objects.
  891. * @property {number} sigBytes The number of significant bytes in this word array.
  892. */
  893. var X64WordArray = C_x64.WordArray = Base.extend({
  894. /**
  895. * Initializes a newly created word array.
  896. *
  897. * @param {Array} words (Optional) An array of CryptoJS.x64.Word objects.
  898. * @param {number} sigBytes (Optional) The number of significant bytes in the words.
  899. *
  900. * @example
  901. *
  902. * var wordArray = CryptoJS.x64.WordArray.create();
  903. *
  904. * var wordArray = CryptoJS.x64.WordArray.create([
  905. * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
  906. * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
  907. * ]);
  908. *
  909. * var wordArray = CryptoJS.x64.WordArray.create([
  910. * CryptoJS.x64.Word.create(0x00010203, 0x04050607),
  911. * CryptoJS.x64.Word.create(0x18191a1b, 0x1c1d1e1f)
  912. * ], 10);
  913. */
  914. init: function (words, sigBytes) {
  915. words = this.words = words || [];
  916. if (sigBytes != undefined) {
  917. this.sigBytes = sigBytes;
  918. } else {
  919. this.sigBytes = words.length * 8;
  920. }
  921. },
  922. /**
  923. * Converts this 64-bit word array to a 32-bit word array.
  924. *
  925. * @return {CryptoJS.lib.WordArray} This word array's data as a 32-bit word array.
  926. *
  927. * @example
  928. *
  929. * var x32WordArray = x64WordArray.toX32();
  930. */
  931. toX32: function () {
  932. // Shortcuts
  933. var x64Words = this.words;
  934. var x64WordsLength = x64Words.length;
  935. // Convert
  936. var x32Words = [];
  937. for (var i = 0; i < x64WordsLength; i++) {
  938. var x64Word = x64Words[i];
  939. x32Words.push(x64Word.high);
  940. x32Words.push(x64Word.low);
  941. }
  942. return X32WordArray.create(x32Words, this.sigBytes);
  943. },
  944. /**
  945. * Creates a copy of this word array.
  946. *
  947. * @return {X64WordArray} The clone.
  948. *
  949. * @example
  950. *
  951. * var clone = x64WordArray.clone();
  952. */
  953. clone: function () {
  954. var clone = Base.clone.call(this);
  955. // Clone "words" array
  956. var words = clone.words = this.words.slice(0);
  957. // Clone each X64Word object
  958. var wordsLength = words.length;
  959. for (var i = 0; i < wordsLength; i++) {
  960. words[i] = words[i].clone();
  961. }
  962. return clone;
  963. }
  964. });
  965. }());
  966. (function () {
  967. // Check if typed arrays are supported
  968. if (typeof ArrayBuffer != 'function') {
  969. return;
  970. }
  971. // Shortcuts
  972. var C = CryptoJS;
  973. var C_lib = C.lib;
  974. var WordArray = C_lib.WordArray;
  975. // Reference original init
  976. var superInit = WordArray.init;
  977. // Augment WordArray.init to handle typed arrays
  978. var subInit = WordArray.init = function (typedArray) {
  979. // Convert buffers to uint8
  980. if (typedArray instanceof ArrayBuffer) {
  981. typedArray = new Uint8Array(typedArray);
  982. }
  983. // Convert other array views to uint8
  984. if (
  985. typedArray instanceof Int8Array ||
  986. (typeof Uint8ClampedArray !== "undefined" && typedArray instanceof Uint8ClampedArray) ||
  987. typedArray instanceof Int16Array ||
  988. typedArray instanceof Uint16Array ||
  989. typedArray instanceof Int32Array ||
  990. typedArray instanceof Uint32Array ||
  991. typedArray instanceof Float32Array ||
  992. typedArray instanceof Float64Array
  993. ) {
  994. typedArray = new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength);
  995. }
  996. // Handle Uint8Array
  997. if (typedArray instanceof Uint8Array) {
  998. // Shortcut
  999. var typedArrayByteLength = typedArray.byteLength;
  1000. // Extract bytes
  1001. var words = [];
  1002. for (var i = 0; i < typedArrayByteLength; i++) {
  1003. words[i >>> 2] |= typedArray[i] << (24 - (i % 4) * 8);
  1004. }
  1005. // Initialize this word array
  1006. superInit.call(this, words, typedArrayByteLength);
  1007. } else {
  1008. // Else call normal init
  1009. superInit.apply(this, arguments);
  1010. }
  1011. };
  1012. subInit.prototype = WordArray;
  1013. }());
  1014. (function () {
  1015. // Shortcuts
  1016. var C = CryptoJS;
  1017. var C_lib = C.lib;
  1018. var WordArray = C_lib.WordArray;
  1019. var C_enc = C.enc;
  1020. /**
  1021. * UTF-16 BE encoding strategy.
  1022. */
  1023. var Utf16BE = C_enc.Utf16 = C_enc.Utf16BE = {
  1024. /**
  1025. * Converts a word array to a UTF-16 BE string.
  1026. *
  1027. * @param {WordArray} wordArray The word array.
  1028. *
  1029. * @return {string} The UTF-16 BE string.
  1030. *
  1031. * @static
  1032. *
  1033. * @example
  1034. *
  1035. * var utf16String = CryptoJS.enc.Utf16.stringify(wordArray);
  1036. */
  1037. stringify: function (wordArray) {
  1038. // Shortcuts
  1039. var words = wordArray.words;
  1040. var sigBytes = wordArray.sigBytes;
  1041. // Convert
  1042. var utf16Chars = [];
  1043. for (var i = 0; i < sigBytes; i += 2) {
  1044. var codePoint = (words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff;
  1045. utf16Chars.push(String.fromCharCode(codePoint));
  1046. }
  1047. return utf16Chars.join('');
  1048. },
  1049. /**
  1050. * Converts a UTF-16 BE string to a word array.
  1051. *
  1052. * @param {string} utf16Str The UTF-16 BE string.
  1053. *
  1054. * @return {WordArray} The word array.
  1055. *
  1056. * @static
  1057. *
  1058. * @example
  1059. *
  1060. * var wordArray = CryptoJS.enc.Utf16.parse(utf16String);
  1061. */
  1062. parse: function (utf16Str) {
  1063. // Shortcut
  1064. var utf16StrLength = utf16Str.length;
  1065. // Convert
  1066. var words = [];
  1067. for (var i = 0; i < utf16StrLength; i++) {
  1068. words[i >>> 1] |= utf16Str.charCodeAt(i) << (16 - (i % 2) * 16);
  1069. }
  1070. return WordArray.create(words, utf16StrLength * 2);
  1071. }
  1072. };
  1073. /**
  1074. * UTF-16 LE encoding strategy.
  1075. */
  1076. C_enc.Utf16LE = {
  1077. /**
  1078. * Converts a word array to a UTF-16 LE string.
  1079. *
  1080. * @param {WordArray} wordArray The word array.
  1081. *
  1082. * @return {string} The UTF-16 LE string.
  1083. *
  1084. * @static
  1085. *
  1086. * @example
  1087. *
  1088. * var utf16Str = CryptoJS.enc.Utf16LE.stringify(wordArray);
  1089. */
  1090. stringify: function (wordArray) {
  1091. // Shortcuts
  1092. var words = wordArray.words;
  1093. var sigBytes = wordArray.sigBytes;
  1094. // Convert
  1095. var utf16Chars = [];
  1096. for (var i = 0; i < sigBytes; i += 2) {
  1097. var codePoint = swapEndian((words[i >>> 2] >>> (16 - (i % 4) * 8)) & 0xffff);
  1098. utf16Chars.push(String.fromCharCode(codePoint));
  1099. }
  1100. return utf16Chars.join('');
  1101. },
  1102. /**
  1103. * Converts a UTF-16 LE string to a word array.
  1104. *
  1105. * @param {string} utf16Str The UTF-16 LE string.
  1106. *
  1107. * @return {WordArray} The word array.
  1108. *
  1109. * @static
  1110. *
  1111. * @example
  1112. *
  1113. * var wordArray = CryptoJS.enc.Utf16LE.parse(utf16Str);
  1114. */
  1115. parse: function (utf16Str) {
  1116. // Shortcut
  1117. var utf16StrLength = utf16Str.length;
  1118. // Convert
  1119. var words = [];
  1120. for (var i = 0; i < utf16StrLength; i++) {
  1121. words[i >>> 1] |= swapEndian(utf16Str.charCodeAt(i) << (16 - (i % 2) * 16));
  1122. }
  1123. return WordArray.create(words, utf16StrLength * 2);
  1124. }
  1125. };
  1126. function swapEndian(word) {
  1127. return ((word << 8) & 0xff00ff00) | ((word >>> 8) & 0x00ff00ff);
  1128. }
  1129. }());
  1130. (function () {
  1131. // Shortcuts
  1132. var C = CryptoJS;
  1133. var C_lib = C.lib;
  1134. var WordArray = C_lib.WordArray;
  1135. var C_enc = C.enc;
  1136. /**
  1137. * Base64 encoding strategy.
  1138. */
  1139. var Base64 = C_enc.Base64 = {
  1140. /**
  1141. * Converts a word array to a Base64 string.
  1142. *
  1143. * @param {WordArray} wordArray The word array.
  1144. *
  1145. * @return {string} The Base64 string.
  1146. *
  1147. * @static
  1148. *
  1149. * @example
  1150. *
  1151. * var base64String = CryptoJS.enc.Base64.stringify(wordArray);
  1152. */
  1153. stringify: function (wordArray) {
  1154. // Shortcuts
  1155. var words = wordArray.words;
  1156. var sigBytes = wordArray.sigBytes;
  1157. var map = this._map;
  1158. // Clamp excess bits
  1159. wordArray.clamp();
  1160. // Convert
  1161. var base64Chars = [];
  1162. for (var i = 0; i < sigBytes; i += 3) {
  1163. var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
  1164. var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
  1165. var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
  1166. var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
  1167. for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
  1168. base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
  1169. }
  1170. }
  1171. // Add padding
  1172. var paddingChar = map.charAt(64);
  1173. if (paddingChar) {
  1174. while (base64Chars.length % 4) {
  1175. base64Chars.push(paddingChar);
  1176. }
  1177. }
  1178. return base64Chars.join('');
  1179. },
  1180. /**
  1181. * Converts a Base64 string to a word array.
  1182. *
  1183. * @param {string} base64Str The Base64 string.
  1184. *
  1185. * @return {WordArray} The word array.
  1186. *
  1187. * @static
  1188. *
  1189. * @example
  1190. *
  1191. * var wordArray = CryptoJS.enc.Base64.parse(base64String);
  1192. */
  1193. parse: function (base64Str) {
  1194. // Shortcuts
  1195. var base64StrLength = base64Str.length;
  1196. var map = this._map;
  1197. var reverseMap = this._reverseMap;
  1198. if (!reverseMap) {
  1199. reverseMap = this._reverseMap = [];
  1200. for (var j = 0; j < map.length; j++) {
  1201. reverseMap[map.charCodeAt(j)] = j;
  1202. }
  1203. }
  1204. // Ignore padding
  1205. var paddingChar = map.charAt(64);
  1206. if (paddingChar) {
  1207. var paddingIndex = base64Str.indexOf(paddingChar);
  1208. if (paddingIndex !== -1) {
  1209. base64StrLength = paddingIndex;
  1210. }
  1211. }
  1212. // Convert
  1213. return parseLoop(base64Str, base64StrLength, reverseMap);
  1214. },
  1215. _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
  1216. };
  1217. function parseLoop(base64Str, base64StrLength, reverseMap) {
  1218. var words = [];
  1219. var nBytes = 0;
  1220. for (var i = 0; i < base64StrLength; i++) {
  1221. if (i % 4) {
  1222. var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);
  1223. var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);
  1224. var bitsCombined = bits1 | bits2;
  1225. words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8);
  1226. nBytes++;
  1227. }
  1228. }
  1229. return WordArray.create(words, nBytes);
  1230. }
  1231. }());
  1232. (function () {
  1233. // Shortcuts
  1234. var C = CryptoJS;
  1235. var C_lib = C.lib;
  1236. var WordArray = C_lib.WordArray;
  1237. var C_enc = C.enc;
  1238. /**
  1239. * Base64url encoding strategy.
  1240. */
  1241. var Base64url = C_enc.Base64url = {
  1242. /**
  1243. * Converts a word array to a Base64url string.
  1244. *
  1245. * @param {WordArray} wordArray The word array.
  1246. *
  1247. * @param {boolean} urlSafe Whether to use url safe
  1248. *
  1249. * @return {string} The Base64url string.
  1250. *
  1251. * @static
  1252. *
  1253. * @example
  1254. *
  1255. * var base64String = CryptoJS.enc.Base64url.stringify(wordArray);
  1256. */
  1257. stringify: function (wordArray, urlSafe=true) {
  1258. // Shortcuts
  1259. var words = wordArray.words;
  1260. var sigBytes = wordArray.sigBytes;
  1261. var map = urlSafe ? this._safe_map : this._map;
  1262. // Clamp excess bits
  1263. wordArray.clamp();
  1264. // Convert
  1265. var base64Chars = [];
  1266. for (var i = 0; i < sigBytes; i += 3) {
  1267. var byte1 = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff;
  1268. var byte2 = (words[(i + 1) >>> 2] >>> (24 - ((i + 1) % 4) * 8)) & 0xff;
  1269. var byte3 = (words[(i + 2) >>> 2] >>> (24 - ((i + 2) % 4) * 8)) & 0xff;
  1270. var triplet = (byte1 << 16) | (byte2 << 8) | byte3;
  1271. for (var j = 0; (j < 4) && (i + j * 0.75 < sigBytes); j++) {
  1272. base64Chars.push(map.charAt((triplet >>> (6 * (3 - j))) & 0x3f));
  1273. }
  1274. }
  1275. // Add padding
  1276. var paddingChar = map.charAt(64);
  1277. if (paddingChar) {
  1278. while (base64Chars.length % 4) {
  1279. base64Chars.push(paddingChar);
  1280. }
  1281. }
  1282. return base64Chars.join('');
  1283. },
  1284. /**
  1285. * Converts a Base64url string to a word array.
  1286. *
  1287. * @param {string} base64Str The Base64url string.
  1288. *
  1289. * @param {boolean} urlSafe Whether to use url safe
  1290. *
  1291. * @return {WordArray} The word array.
  1292. *
  1293. * @static
  1294. *
  1295. * @example
  1296. *
  1297. * var wordArray = CryptoJS.enc.Base64url.parse(base64String);
  1298. */
  1299. parse: function (base64Str, urlSafe=true) {
  1300. // Shortcuts
  1301. var base64StrLength = base64Str.length;
  1302. var map = urlSafe ? this._safe_map : this._map;
  1303. var reverseMap = this._reverseMap;
  1304. if (!reverseMap) {
  1305. reverseMap = this._reverseMap = [];
  1306. for (var j = 0; j < map.length; j++) {
  1307. reverseMap[map.charCodeAt(j)] = j;
  1308. }
  1309. }
  1310. // Ignore padding
  1311. var paddingChar = map.charAt(64);
  1312. if (paddingChar) {
  1313. var paddingIndex = base64Str.indexOf(paddingChar);
  1314. if (paddingIndex !== -1) {
  1315. base64StrLength = paddingIndex;
  1316. }
  1317. }
  1318. // Convert
  1319. return parseLoop(base64Str, base64StrLength, reverseMap);
  1320. },
  1321. _map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',
  1322. _safe_map: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',
  1323. };
  1324. function parseLoop(base64Str, base64StrLength, reverseMap) {
  1325. var words = [];
  1326. var nBytes = 0;
  1327. for (var i = 0; i < base64StrLength; i++) {
  1328. if (i % 4) {
  1329. var bits1 = reverseMap[base64Str.charCodeAt(i - 1)] << ((i % 4) * 2);
  1330. var bits2 = reverseMap[base64Str.charCodeAt(i)] >>> (6 - (i % 4) * 2);
  1331. var bitsCombined = bits1 | bits2;
  1332. words[nBytes >>> 2] |= bitsCombined << (24 - (nBytes % 4) * 8);
  1333. nBytes++;
  1334. }
  1335. }
  1336. return WordArray.create(words, nBytes);
  1337. }
  1338. }());
  1339. (function (Math) {
  1340. // Shortcuts
  1341. var C = CryptoJS;
  1342. var C_lib = C.lib;
  1343. var WordArray = C_lib.WordArray;
  1344. var Hasher = C_lib.Hasher;
  1345. var C_algo = C.algo;
  1346. // Constants table
  1347. var T = [];
  1348. // Compute constants
  1349. (function () {
  1350. for (var i = 0; i < 64; i++) {
  1351. T[i] = (Math.abs(Math.sin(i + 1)) * 0x100000000) | 0;
  1352. }
  1353. }());
  1354. /**
  1355. * MD5 hash algorithm.
  1356. */
  1357. var MD5 = C_algo.MD5 = Hasher.extend({
  1358. _doReset: function () {
  1359. this._hash = new WordArray.init([
  1360. 0x67452301, 0xefcdab89,
  1361. 0x98badcfe, 0x10325476
  1362. ]);
  1363. },
  1364. _doProcessBlock: function (M, offset) {
  1365. // Swap endian
  1366. for (var i = 0; i < 16; i++) {
  1367. // Shortcuts
  1368. var offset_i = offset + i;
  1369. var M_offset_i = M[offset_i];
  1370. M[offset_i] = (
  1371. (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
  1372. (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
  1373. );
  1374. }
  1375. // Shortcuts
  1376. var H = this._hash.words;
  1377. var M_offset_0 = M[offset + 0];
  1378. var M_offset_1 = M[offset + 1];
  1379. var M_offset_2 = M[offset + 2];
  1380. var M_offset_3 = M[offset + 3];
  1381. var M_offset_4 = M[offset + 4];
  1382. var M_offset_5 = M[offset + 5];
  1383. var M_offset_6 = M[offset + 6];
  1384. var M_offset_7 = M[offset + 7];
  1385. var M_offset_8 = M[offset + 8];
  1386. var M_offset_9 = M[offset + 9];
  1387. var M_offset_10 = M[offset + 10];
  1388. var M_offset_11 = M[offset + 11];
  1389. var M_offset_12 = M[offset + 12];
  1390. var M_offset_13 = M[offset + 13];
  1391. var M_offset_14 = M[offset + 14];
  1392. var M_offset_15 = M[offset + 15];
  1393. // Working varialbes
  1394. var a = H[0];
  1395. var b = H[1];
  1396. var c = H[2];
  1397. var d = H[3];
  1398. // Computation
  1399. a = FF(a, b, c, d, M_offset_0, 7, T[0]);
  1400. d = FF(d, a, b, c, M_offset_1, 12, T[1]);
  1401. c = FF(c, d, a, b, M_offset_2, 17, T[2]);
  1402. b = FF(b, c, d, a, M_offset_3, 22, T[3]);
  1403. a = FF(a, b, c, d, M_offset_4, 7, T[4]);
  1404. d = FF(d, a, b, c, M_offset_5, 12, T[5]);
  1405. c = FF(c, d, a, b, M_offset_6, 17, T[6]);
  1406. b = FF(b, c, d, a, M_offset_7, 22, T[7]);
  1407. a = FF(a, b, c, d, M_offset_8, 7, T[8]);
  1408. d = FF(d, a, b, c, M_offset_9, 12, T[9]);
  1409. c = FF(c, d, a, b, M_offset_10, 17, T[10]);
  1410. b = FF(b, c, d, a, M_offset_11, 22, T[11]);
  1411. a = FF(a, b, c, d, M_offset_12, 7, T[12]);
  1412. d = FF(d, a, b, c, M_offset_13, 12, T[13]);
  1413. c = FF(c, d, a, b, M_offset_14, 17, T[14]);
  1414. b = FF(b, c, d, a, M_offset_15, 22, T[15]);
  1415. a = GG(a, b, c, d, M_offset_1, 5, T[16]);
  1416. d = GG(d, a, b, c, M_offset_6, 9, T[17]);
  1417. c = GG(c, d, a, b, M_offset_11, 14, T[18]);
  1418. b = GG(b, c, d, a, M_offset_0, 20, T[19]);
  1419. a = GG(a, b, c, d, M_offset_5, 5, T[20]);
  1420. d = GG(d, a, b, c, M_offset_10, 9, T[21]);
  1421. c = GG(c, d, a, b, M_offset_15, 14, T[22]);
  1422. b = GG(b, c, d, a, M_offset_4, 20, T[23]);
  1423. a = GG(a, b, c, d, M_offset_9, 5, T[24]);
  1424. d = GG(d, a, b, c, M_offset_14, 9, T[25]);
  1425. c = GG(c, d, a, b, M_offset_3, 14, T[26]);
  1426. b = GG(b, c, d, a, M_offset_8, 20, T[27]);
  1427. a = GG(a, b, c, d, M_offset_13, 5, T[28]);
  1428. d = GG(d, a, b, c, M_offset_2, 9, T[29]);
  1429. c = GG(c, d, a, b, M_offset_7, 14, T[30]);
  1430. b = GG(b, c, d, a, M_offset_12, 20, T[31]);
  1431. a = HH(a, b, c, d, M_offset_5, 4, T[32]);
  1432. d = HH(d, a, b, c, M_offset_8, 11, T[33]);
  1433. c = HH(c, d, a, b, M_offset_11, 16, T[34]);
  1434. b = HH(b, c, d, a, M_offset_14, 23, T[35]);
  1435. a = HH(a, b, c, d, M_offset_1, 4, T[36]);
  1436. d = HH(d, a, b, c, M_offset_4, 11, T[37]);
  1437. c = HH(c, d, a, b, M_offset_7, 16, T[38]);
  1438. b = HH(b, c, d, a, M_offset_10, 23, T[39]);
  1439. a = HH(a, b, c, d, M_offset_13, 4, T[40]);
  1440. d = HH(d, a, b, c, M_offset_0, 11, T[41]);
  1441. c = HH(c, d, a, b, M_offset_3, 16, T[42]);
  1442. b = HH(b, c, d, a, M_offset_6, 23, T[43]);
  1443. a = HH(a, b, c, d, M_offset_9, 4, T[44]);
  1444. d = HH(d, a, b, c, M_offset_12, 11, T[45]);
  1445. c = HH(c, d, a, b, M_offset_15, 16, T[46]);
  1446. b = HH(b, c, d, a, M_offset_2, 23, T[47]);
  1447. a = II(a, b, c, d, M_offset_0, 6, T[48]);
  1448. d = II(d, a, b, c, M_offset_7, 10, T[49]);
  1449. c = II(c, d, a, b, M_offset_14, 15, T[50]);
  1450. b = II(b, c, d, a, M_offset_5, 21, T[51]);
  1451. a = II(a, b, c, d, M_offset_12, 6, T[52]);
  1452. d = II(d, a, b, c, M_offset_3, 10, T[53]);
  1453. c = II(c, d, a, b, M_offset_10, 15, T[54]);
  1454. b = II(b, c, d, a, M_offset_1, 21, T[55]);
  1455. a = II(a, b, c, d, M_offset_8, 6, T[56]);
  1456. d = II(d, a, b, c, M_offset_15, 10, T[57]);
  1457. c = II(c, d, a, b, M_offset_6, 15, T[58]);
  1458. b = II(b, c, d, a, M_offset_13, 21, T[59]);
  1459. a = II(a, b, c, d, M_offset_4, 6, T[60]);
  1460. d = II(d, a, b, c, M_offset_11, 10, T[61]);
  1461. c = II(c, d, a, b, M_offset_2, 15, T[62]);
  1462. b = II(b, c, d, a, M_offset_9, 21, T[63]);
  1463. // Intermediate hash value
  1464. H[0] = (H[0] + a) | 0;
  1465. H[1] = (H[1] + b) | 0;
  1466. H[2] = (H[2] + c) | 0;
  1467. H[3] = (H[3] + d) | 0;
  1468. },
  1469. _doFinalize: function () {
  1470. // Shortcuts
  1471. var data = this._data;
  1472. var dataWords = data.words;
  1473. var nBitsTotal = this._nDataBytes * 8;
  1474. var nBitsLeft = data.sigBytes * 8;
  1475. // Add padding
  1476. dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
  1477. var nBitsTotalH = Math.floor(nBitsTotal / 0x100000000);
  1478. var nBitsTotalL = nBitsTotal;
  1479. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = (
  1480. (((nBitsTotalH << 8) | (nBitsTotalH >>> 24)) & 0x00ff00ff) |
  1481. (((nBitsTotalH << 24) | (nBitsTotalH >>> 8)) & 0xff00ff00)
  1482. );
  1483. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
  1484. (((nBitsTotalL << 8) | (nBitsTotalL >>> 24)) & 0x00ff00ff) |
  1485. (((nBitsTotalL << 24) | (nBitsTotalL >>> 8)) & 0xff00ff00)
  1486. );
  1487. data.sigBytes = (dataWords.length + 1) * 4;
  1488. // Hash final blocks
  1489. this._process();
  1490. // Shortcuts
  1491. var hash = this._hash;
  1492. var H = hash.words;
  1493. // Swap endian
  1494. for (var i = 0; i < 4; i++) {
  1495. // Shortcut
  1496. var H_i = H[i];
  1497. H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
  1498. (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
  1499. }
  1500. // Return final computed hash
  1501. return hash;
  1502. },
  1503. clone: function () {
  1504. var clone = Hasher.clone.call(this);
  1505. clone._hash = this._hash.clone();
  1506. return clone;
  1507. }
  1508. });
  1509. function FF(a, b, c, d, x, s, t) {
  1510. var n = a + ((b & c) | (~b & d)) + x + t;
  1511. return ((n << s) | (n >>> (32 - s))) + b;
  1512. }
  1513. function GG(a, b, c, d, x, s, t) {
  1514. var n = a + ((b & d) | (c & ~d)) + x + t;
  1515. return ((n << s) | (n >>> (32 - s))) + b;
  1516. }
  1517. function HH(a, b, c, d, x, s, t) {
  1518. var n = a + (b ^ c ^ d) + x + t;
  1519. return ((n << s) | (n >>> (32 - s))) + b;
  1520. }
  1521. function II(a, b, c, d, x, s, t) {
  1522. var n = a + (c ^ (b | ~d)) + x + t;
  1523. return ((n << s) | (n >>> (32 - s))) + b;
  1524. }
  1525. /**
  1526. * Shortcut function to the hasher's object interface.
  1527. *
  1528. * @param {WordArray|string} message The message to hash.
  1529. *
  1530. * @return {WordArray} The hash.
  1531. *
  1532. * @static
  1533. *
  1534. * @example
  1535. *
  1536. * var hash = CryptoJS.MD5('message');
  1537. * var hash = CryptoJS.MD5(wordArray);
  1538. */
  1539. C.MD5 = Hasher._createHelper(MD5);
  1540. /**
  1541. * Shortcut function to the HMAC's object interface.
  1542. *
  1543. * @param {WordArray|string} message The message to hash.
  1544. * @param {WordArray|string} key The secret key.
  1545. *
  1546. * @return {WordArray} The HMAC.
  1547. *
  1548. * @static
  1549. *
  1550. * @example
  1551. *
  1552. * var hmac = CryptoJS.HmacMD5(message, key);
  1553. */
  1554. C.HmacMD5 = Hasher._createHmacHelper(MD5);
  1555. }(Math));
  1556. (function () {
  1557. // Shortcuts
  1558. var C = CryptoJS;
  1559. var C_lib = C.lib;
  1560. var WordArray = C_lib.WordArray;
  1561. var Hasher = C_lib.Hasher;
  1562. var C_algo = C.algo;
  1563. // Reusable object
  1564. var W = [];
  1565. /**
  1566. * SHA-1 hash algorithm.
  1567. */
  1568. var SHA1 = C_algo.SHA1 = Hasher.extend({
  1569. _doReset: function () {
  1570. this._hash = new WordArray.init([
  1571. 0x67452301, 0xefcdab89,
  1572. 0x98badcfe, 0x10325476,
  1573. 0xc3d2e1f0
  1574. ]);
  1575. },
  1576. _doProcessBlock: function (M, offset) {
  1577. // Shortcut
  1578. var H = this._hash.words;
  1579. // Working variables
  1580. var a = H[0];
  1581. var b = H[1];
  1582. var c = H[2];
  1583. var d = H[3];
  1584. var e = H[4];
  1585. // Computation
  1586. for (var i = 0; i < 80; i++) {
  1587. if (i < 16) {
  1588. W[i] = M[offset + i] | 0;
  1589. } else {
  1590. var n = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
  1591. W[i] = (n << 1) | (n >>> 31);
  1592. }
  1593. var t = ((a << 5) | (a >>> 27)) + e + W[i];
  1594. if (i < 20) {
  1595. t += ((b & c) | (~b & d)) + 0x5a827999;
  1596. } else if (i < 40) {
  1597. t += (b ^ c ^ d) + 0x6ed9eba1;
  1598. } else if (i < 60) {
  1599. t += ((b & c) | (b & d) | (c & d)) - 0x70e44324;
  1600. } else /* if (i < 80) */ {
  1601. t += (b ^ c ^ d) - 0x359d3e2a;
  1602. }
  1603. e = d;
  1604. d = c;
  1605. c = (b << 30) | (b >>> 2);
  1606. b = a;
  1607. a = t;
  1608. }
  1609. // Intermediate hash value
  1610. H[0] = (H[0] + a) | 0;
  1611. H[1] = (H[1] + b) | 0;
  1612. H[2] = (H[2] + c) | 0;
  1613. H[3] = (H[3] + d) | 0;
  1614. H[4] = (H[4] + e) | 0;
  1615. },
  1616. _doFinalize: function () {
  1617. // Shortcuts
  1618. var data = this._data;
  1619. var dataWords = data.words;
  1620. var nBitsTotal = this._nDataBytes * 8;
  1621. var nBitsLeft = data.sigBytes * 8;
  1622. // Add padding
  1623. dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
  1624. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
  1625. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
  1626. data.sigBytes = dataWords.length * 4;
  1627. // Hash final blocks
  1628. this._process();
  1629. // Return final computed hash
  1630. return this._hash;
  1631. },
  1632. clone: function () {
  1633. var clone = Hasher.clone.call(this);
  1634. clone._hash = this._hash.clone();
  1635. return clone;
  1636. }
  1637. });
  1638. /**
  1639. * Shortcut function to the hasher's object interface.
  1640. *
  1641. * @param {WordArray|string} message The message to hash.
  1642. *
  1643. * @return {WordArray} The hash.
  1644. *
  1645. * @static
  1646. *
  1647. * @example
  1648. *
  1649. * var hash = CryptoJS.SHA1('message');
  1650. * var hash = CryptoJS.SHA1(wordArray);
  1651. */
  1652. C.SHA1 = Hasher._createHelper(SHA1);
  1653. /**
  1654. * Shortcut function to the HMAC's object interface.
  1655. *
  1656. * @param {WordArray|string} message The message to hash.
  1657. * @param {WordArray|string} key The secret key.
  1658. *
  1659. * @return {WordArray} The HMAC.
  1660. *
  1661. * @static
  1662. *
  1663. * @example
  1664. *
  1665. * var hmac = CryptoJS.HmacSHA1(message, key);
  1666. */
  1667. C.HmacSHA1 = Hasher._createHmacHelper(SHA1);
  1668. }());
  1669. (function (Math) {
  1670. // Shortcuts
  1671. var C = CryptoJS;
  1672. var C_lib = C.lib;
  1673. var WordArray = C_lib.WordArray;
  1674. var Hasher = C_lib.Hasher;
  1675. var C_algo = C.algo;
  1676. // Initialization and round constants tables
  1677. var H = [];
  1678. var K = [];
  1679. // Compute constants
  1680. (function () {
  1681. function isPrime(n) {
  1682. var sqrtN = Math.sqrt(n);
  1683. for (var factor = 2; factor <= sqrtN; factor++) {
  1684. if (!(n % factor)) {
  1685. return false;
  1686. }
  1687. }
  1688. return true;
  1689. }
  1690. function getFractionalBits(n) {
  1691. return ((n - (n | 0)) * 0x100000000) | 0;
  1692. }
  1693. var n = 2;
  1694. var nPrime = 0;
  1695. while (nPrime < 64) {
  1696. if (isPrime(n)) {
  1697. if (nPrime < 8) {
  1698. H[nPrime] = getFractionalBits(Math.pow(n, 1 / 2));
  1699. }
  1700. K[nPrime] = getFractionalBits(Math.pow(n, 1 / 3));
  1701. nPrime++;
  1702. }
  1703. n++;
  1704. }
  1705. }());
  1706. // Reusable object
  1707. var W = [];
  1708. /**
  1709. * SHA-256 hash algorithm.
  1710. */
  1711. var SHA256 = C_algo.SHA256 = Hasher.extend({
  1712. _doReset: function () {
  1713. this._hash = new WordArray.init(H.slice(0));
  1714. },
  1715. _doProcessBlock: function (M, offset) {
  1716. // Shortcut
  1717. var H = this._hash.words;
  1718. // Working variables
  1719. var a = H[0];
  1720. var b = H[1];
  1721. var c = H[2];
  1722. var d = H[3];
  1723. var e = H[4];
  1724. var f = H[5];
  1725. var g = H[6];
  1726. var h = H[7];
  1727. // Computation
  1728. for (var i = 0; i < 64; i++) {
  1729. if (i < 16) {
  1730. W[i] = M[offset + i] | 0;
  1731. } else {
  1732. var gamma0x = W[i - 15];
  1733. var gamma0 = ((gamma0x << 25) | (gamma0x >>> 7)) ^
  1734. ((gamma0x << 14) | (gamma0x >>> 18)) ^
  1735. (gamma0x >>> 3);
  1736. var gamma1x = W[i - 2];
  1737. var gamma1 = ((gamma1x << 15) | (gamma1x >>> 17)) ^
  1738. ((gamma1x << 13) | (gamma1x >>> 19)) ^
  1739. (gamma1x >>> 10);
  1740. W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16];
  1741. }
  1742. var ch = (e & f) ^ (~e & g);
  1743. var maj = (a & b) ^ (a & c) ^ (b & c);
  1744. var sigma0 = ((a << 30) | (a >>> 2)) ^ ((a << 19) | (a >>> 13)) ^ ((a << 10) | (a >>> 22));
  1745. var sigma1 = ((e << 26) | (e >>> 6)) ^ ((e << 21) | (e >>> 11)) ^ ((e << 7) | (e >>> 25));
  1746. var t1 = h + sigma1 + ch + K[i] + W[i];
  1747. var t2 = sigma0 + maj;
  1748. h = g;
  1749. g = f;
  1750. f = e;
  1751. e = (d + t1) | 0;
  1752. d = c;
  1753. c = b;
  1754. b = a;
  1755. a = (t1 + t2) | 0;
  1756. }
  1757. // Intermediate hash value
  1758. H[0] = (H[0] + a) | 0;
  1759. H[1] = (H[1] + b) | 0;
  1760. H[2] = (H[2] + c) | 0;
  1761. H[3] = (H[3] + d) | 0;
  1762. H[4] = (H[4] + e) | 0;
  1763. H[5] = (H[5] + f) | 0;
  1764. H[6] = (H[6] + g) | 0;
  1765. H[7] = (H[7] + h) | 0;
  1766. },
  1767. _doFinalize: function () {
  1768. // Shortcuts
  1769. var data = this._data;
  1770. var dataWords = data.words;
  1771. var nBitsTotal = this._nDataBytes * 8;
  1772. var nBitsLeft = data.sigBytes * 8;
  1773. // Add padding
  1774. dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
  1775. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = Math.floor(nBitsTotal / 0x100000000);
  1776. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 15] = nBitsTotal;
  1777. data.sigBytes = dataWords.length * 4;
  1778. // Hash final blocks
  1779. this._process();
  1780. // Return final computed hash
  1781. return this._hash;
  1782. },
  1783. clone: function () {
  1784. var clone = Hasher.clone.call(this);
  1785. clone._hash = this._hash.clone();
  1786. return clone;
  1787. }
  1788. });
  1789. /**
  1790. * Shortcut function to the hasher's object interface.
  1791. *
  1792. * @param {WordArray|string} message The message to hash.
  1793. *
  1794. * @return {WordArray} The hash.
  1795. *
  1796. * @static
  1797. *
  1798. * @example
  1799. *
  1800. * var hash = CryptoJS.SHA256('message');
  1801. * var hash = CryptoJS.SHA256(wordArray);
  1802. */
  1803. C.SHA256 = Hasher._createHelper(SHA256);
  1804. /**
  1805. * Shortcut function to the HMAC's object interface.
  1806. *
  1807. * @param {WordArray|string} message The message to hash.
  1808. * @param {WordArray|string} key The secret key.
  1809. *
  1810. * @return {WordArray} The HMAC.
  1811. *
  1812. * @static
  1813. *
  1814. * @example
  1815. *
  1816. * var hmac = CryptoJS.HmacSHA256(message, key);
  1817. */
  1818. C.HmacSHA256 = Hasher._createHmacHelper(SHA256);
  1819. }(Math));
  1820. (function () {
  1821. // Shortcuts
  1822. var C = CryptoJS;
  1823. var C_lib = C.lib;
  1824. var WordArray = C_lib.WordArray;
  1825. var C_algo = C.algo;
  1826. var SHA256 = C_algo.SHA256;
  1827. /**
  1828. * SHA-224 hash algorithm.
  1829. */
  1830. var SHA224 = C_algo.SHA224 = SHA256.extend({
  1831. _doReset: function () {
  1832. this._hash = new WordArray.init([
  1833. 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
  1834. 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
  1835. ]);
  1836. },
  1837. _doFinalize: function () {
  1838. var hash = SHA256._doFinalize.call(this);
  1839. hash.sigBytes -= 4;
  1840. return hash;
  1841. }
  1842. });
  1843. /**
  1844. * Shortcut function to the hasher's object interface.
  1845. *
  1846. * @param {WordArray|string} message The message to hash.
  1847. *
  1848. * @return {WordArray} The hash.
  1849. *
  1850. * @static
  1851. *
  1852. * @example
  1853. *
  1854. * var hash = CryptoJS.SHA224('message');
  1855. * var hash = CryptoJS.SHA224(wordArray);
  1856. */
  1857. C.SHA224 = SHA256._createHelper(SHA224);
  1858. /**
  1859. * Shortcut function to the HMAC's object interface.
  1860. *
  1861. * @param {WordArray|string} message The message to hash.
  1862. * @param {WordArray|string} key The secret key.
  1863. *
  1864. * @return {WordArray} The HMAC.
  1865. *
  1866. * @static
  1867. *
  1868. * @example
  1869. *
  1870. * var hmac = CryptoJS.HmacSHA224(message, key);
  1871. */
  1872. C.HmacSHA224 = SHA256._createHmacHelper(SHA224);
  1873. }());
  1874. (function () {
  1875. // Shortcuts
  1876. var C = CryptoJS;
  1877. var C_lib = C.lib;
  1878. var Hasher = C_lib.Hasher;
  1879. var C_x64 = C.x64;
  1880. var X64Word = C_x64.Word;
  1881. var X64WordArray = C_x64.WordArray;
  1882. var C_algo = C.algo;
  1883. function X64Word_create() {
  1884. return X64Word.create.apply(X64Word, arguments);
  1885. }
  1886. // Constants
  1887. var K = [
  1888. X64Word_create(0x428a2f98, 0xd728ae22), X64Word_create(0x71374491, 0x23ef65cd),
  1889. X64Word_create(0xb5c0fbcf, 0xec4d3b2f), X64Word_create(0xe9b5dba5, 0x8189dbbc),
  1890. X64Word_create(0x3956c25b, 0xf348b538), X64Word_create(0x59f111f1, 0xb605d019),
  1891. X64Word_create(0x923f82a4, 0xaf194f9b), X64Word_create(0xab1c5ed5, 0xda6d8118),
  1892. X64Word_create(0xd807aa98, 0xa3030242), X64Word_create(0x12835b01, 0x45706fbe),
  1893. X64Word_create(0x243185be, 0x4ee4b28c), X64Word_create(0x550c7dc3, 0xd5ffb4e2),
  1894. X64Word_create(0x72be5d74, 0xf27b896f), X64Word_create(0x80deb1fe, 0x3b1696b1),
  1895. X64Word_create(0x9bdc06a7, 0x25c71235), X64Word_create(0xc19bf174, 0xcf692694),
  1896. X64Word_create(0xe49b69c1, 0x9ef14ad2), X64Word_create(0xefbe4786, 0x384f25e3),
  1897. X64Word_create(0x0fc19dc6, 0x8b8cd5b5), X64Word_create(0x240ca1cc, 0x77ac9c65),
  1898. X64Word_create(0x2de92c6f, 0x592b0275), X64Word_create(0x4a7484aa, 0x6ea6e483),
  1899. X64Word_create(0x5cb0a9dc, 0xbd41fbd4), X64Word_create(0x76f988da, 0x831153b5),
  1900. X64Word_create(0x983e5152, 0xee66dfab), X64Word_create(0xa831c66d, 0x2db43210),
  1901. X64Word_create(0xb00327c8, 0x98fb213f), X64Word_create(0xbf597fc7, 0xbeef0ee4),
  1902. X64Word_create(0xc6e00bf3, 0x3da88fc2), X64Word_create(0xd5a79147, 0x930aa725),
  1903. X64Word_create(0x06ca6351, 0xe003826f), X64Word_create(0x14292967, 0x0a0e6e70),
  1904. X64Word_create(0x27b70a85, 0x46d22ffc), X64Word_create(0x2e1b2138, 0x5c26c926),
  1905. X64Word_create(0x4d2c6dfc, 0x5ac42aed), X64Word_create(0x53380d13, 0x9d95b3df),
  1906. X64Word_create(0x650a7354, 0x8baf63de), X64Word_create(0x766a0abb, 0x3c77b2a8),
  1907. X64Word_create(0x81c2c92e, 0x47edaee6), X64Word_create(0x92722c85, 0x1482353b),
  1908. X64Word_create(0xa2bfe8a1, 0x4cf10364), X64Word_create(0xa81a664b, 0xbc423001),
  1909. X64Word_create(0xc24b8b70, 0xd0f89791), X64Word_create(0xc76c51a3, 0x0654be30),
  1910. X64Word_create(0xd192e819, 0xd6ef5218), X64Word_create(0xd6990624, 0x5565a910),
  1911. X64Word_create(0xf40e3585, 0x5771202a), X64Word_create(0x106aa070, 0x32bbd1b8),
  1912. X64Word_create(0x19a4c116, 0xb8d2d0c8), X64Word_create(0x1e376c08, 0x5141ab53),
  1913. X64Word_create(0x2748774c, 0xdf8eeb99), X64Word_create(0x34b0bcb5, 0xe19b48a8),
  1914. X64Word_create(0x391c0cb3, 0xc5c95a63), X64Word_create(0x4ed8aa4a, 0xe3418acb),
  1915. X64Word_create(0x5b9cca4f, 0x7763e373), X64Word_create(0x682e6ff3, 0xd6b2b8a3),
  1916. X64Word_create(0x748f82ee, 0x5defb2fc), X64Word_create(0x78a5636f, 0x43172f60),
  1917. X64Word_create(0x84c87814, 0xa1f0ab72), X64Word_create(0x8cc70208, 0x1a6439ec),
  1918. X64Word_create(0x90befffa, 0x23631e28), X64Word_create(0xa4506ceb, 0xde82bde9),
  1919. X64Word_create(0xbef9a3f7, 0xb2c67915), X64Word_create(0xc67178f2, 0xe372532b),
  1920. X64Word_create(0xca273ece, 0xea26619c), X64Word_create(0xd186b8c7, 0x21c0c207),
  1921. X64Word_create(0xeada7dd6, 0xcde0eb1e), X64Word_create(0xf57d4f7f, 0xee6ed178),
  1922. X64Word_create(0x06f067aa, 0x72176fba), X64Word_create(0x0a637dc5, 0xa2c898a6),
  1923. X64Word_create(0x113f9804, 0xbef90dae), X64Word_create(0x1b710b35, 0x131c471b),
  1924. X64Word_create(0x28db77f5, 0x23047d84), X64Word_create(0x32caab7b, 0x40c72493),
  1925. X64Word_create(0x3c9ebe0a, 0x15c9bebc), X64Word_create(0x431d67c4, 0x9c100d4c),
  1926. X64Word_create(0x4cc5d4be, 0xcb3e42b6), X64Word_create(0x597f299c, 0xfc657e2a),
  1927. X64Word_create(0x5fcb6fab, 0x3ad6faec), X64Word_create(0x6c44198c, 0x4a475817)
  1928. ];
  1929. // Reusable objects
  1930. var W = [];
  1931. (function () {
  1932. for (var i = 0; i < 80; i++) {
  1933. W[i] = X64Word_create();
  1934. }
  1935. }());
  1936. /**
  1937. * SHA-512 hash algorithm.
  1938. */
  1939. var SHA512 = C_algo.SHA512 = Hasher.extend({
  1940. _doReset: function () {
  1941. this._hash = new X64WordArray.init([
  1942. new X64Word.init(0x6a09e667, 0xf3bcc908), new X64Word.init(0xbb67ae85, 0x84caa73b),
  1943. new X64Word.init(0x3c6ef372, 0xfe94f82b), new X64Word.init(0xa54ff53a, 0x5f1d36f1),
  1944. new X64Word.init(0x510e527f, 0xade682d1), new X64Word.init(0x9b05688c, 0x2b3e6c1f),
  1945. new X64Word.init(0x1f83d9ab, 0xfb41bd6b), new X64Word.init(0x5be0cd19, 0x137e2179)
  1946. ]);
  1947. },
  1948. _doProcessBlock: function (M, offset) {
  1949. // Shortcuts
  1950. var H = this._hash.words;
  1951. var H0 = H[0];
  1952. var H1 = H[1];
  1953. var H2 = H[2];
  1954. var H3 = H[3];
  1955. var H4 = H[4];
  1956. var H5 = H[5];
  1957. var H6 = H[6];
  1958. var H7 = H[7];
  1959. var H0h = H0.high;
  1960. var H0l = H0.low;
  1961. var H1h = H1.high;
  1962. var H1l = H1.low;
  1963. var H2h = H2.high;
  1964. var H2l = H2.low;
  1965. var H3h = H3.high;
  1966. var H3l = H3.low;
  1967. var H4h = H4.high;
  1968. var H4l = H4.low;
  1969. var H5h = H5.high;
  1970. var H5l = H5.low;
  1971. var H6h = H6.high;
  1972. var H6l = H6.low;
  1973. var H7h = H7.high;
  1974. var H7l = H7.low;
  1975. // Working variables
  1976. var ah = H0h;
  1977. var al = H0l;
  1978. var bh = H1h;
  1979. var bl = H1l;
  1980. var ch = H2h;
  1981. var cl = H2l;
  1982. var dh = H3h;
  1983. var dl = H3l;
  1984. var eh = H4h;
  1985. var el = H4l;
  1986. var fh = H5h;
  1987. var fl = H5l;
  1988. var gh = H6h;
  1989. var gl = H6l;
  1990. var hh = H7h;
  1991. var hl = H7l;
  1992. // Rounds
  1993. for (var i = 0; i < 80; i++) {
  1994. var Wil;
  1995. var Wih;
  1996. // Shortcut
  1997. var Wi = W[i];
  1998. // Extend message
  1999. if (i < 16) {
  2000. Wih = Wi.high = M[offset + i * 2] | 0;
  2001. Wil = Wi.low = M[offset + i * 2 + 1] | 0;
  2002. } else {
  2003. // Gamma0
  2004. var gamma0x = W[i - 15];
  2005. var gamma0xh = gamma0x.high;
  2006. var gamma0xl = gamma0x.low;
  2007. var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
  2008. var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
  2009. // Gamma1
  2010. var gamma1x = W[i - 2];
  2011. var gamma1xh = gamma1x.high;
  2012. var gamma1xl = gamma1x.low;
  2013. var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
  2014. var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
  2015. // W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
  2016. var Wi7 = W[i - 7];
  2017. var Wi7h = Wi7.high;
  2018. var Wi7l = Wi7.low;
  2019. var Wi16 = W[i - 16];
  2020. var Wi16h = Wi16.high;
  2021. var Wi16l = Wi16.low;
  2022. Wil = gamma0l + Wi7l;
  2023. Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
  2024. Wil = Wil + gamma1l;
  2025. Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
  2026. Wil = Wil + Wi16l;
  2027. Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
  2028. Wi.high = Wih;
  2029. Wi.low = Wil;
  2030. }
  2031. var chh = (eh & fh) ^ (~eh & gh);
  2032. var chl = (el & fl) ^ (~el & gl);
  2033. var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
  2034. var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
  2035. var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
  2036. var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
  2037. var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
  2038. var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
  2039. // t1 = h + sigma1 + ch + K[i] + W[i]
  2040. var Ki = K[i];
  2041. var Kih = Ki.high;
  2042. var Kil = Ki.low;
  2043. var t1l = hl + sigma1l;
  2044. var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
  2045. var t1l = t1l + chl;
  2046. var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
  2047. var t1l = t1l + Kil;
  2048. var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
  2049. var t1l = t1l + Wil;
  2050. var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
  2051. // t2 = sigma0 + maj
  2052. var t2l = sigma0l + majl;
  2053. var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
  2054. // Update working variables
  2055. hh = gh;
  2056. hl = gl;
  2057. gh = fh;
  2058. gl = fl;
  2059. fh = eh;
  2060. fl = el;
  2061. el = (dl + t1l) | 0;
  2062. eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
  2063. dh = ch;
  2064. dl = cl;
  2065. ch = bh;
  2066. cl = bl;
  2067. bh = ah;
  2068. bl = al;
  2069. al = (t1l + t2l) | 0;
  2070. ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
  2071. }
  2072. // Intermediate hash value
  2073. H0l = H0.low = (H0l + al);
  2074. H0.high = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
  2075. H1l = H1.low = (H1l + bl);
  2076. H1.high = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
  2077. H2l = H2.low = (H2l + cl);
  2078. H2.high = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
  2079. H3l = H3.low = (H3l + dl);
  2080. H3.high = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
  2081. H4l = H4.low = (H4l + el);
  2082. H4.high = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
  2083. H5l = H5.low = (H5l + fl);
  2084. H5.high = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
  2085. H6l = H6.low = (H6l + gl);
  2086. H6.high = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
  2087. H7l = H7.low = (H7l + hl);
  2088. H7.high = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
  2089. },
  2090. _doFinalize: function () {
  2091. // Shortcuts
  2092. var data = this._data;
  2093. var dataWords = data.words;
  2094. var nBitsTotal = this._nDataBytes * 8;
  2095. var nBitsLeft = data.sigBytes * 8;
  2096. // Add padding
  2097. dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
  2098. dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 30] = Math.floor(nBitsTotal / 0x100000000);
  2099. dataWords[(((nBitsLeft + 128) >>> 10) << 5) + 31] = nBitsTotal;
  2100. data.sigBytes = dataWords.length * 4;
  2101. // Hash final blocks
  2102. this._process();
  2103. // Convert hash to 32-bit word array before returning
  2104. var hash = this._hash.toX32();
  2105. // Return final computed hash
  2106. return hash;
  2107. },
  2108. clone: function () {
  2109. var clone = Hasher.clone.call(this);
  2110. clone._hash = this._hash.clone();
  2111. return clone;
  2112. },
  2113. blockSize: 1024/32
  2114. });
  2115. /**
  2116. * Shortcut function to the hasher's object interface.
  2117. *
  2118. * @param {WordArray|string} message The message to hash.
  2119. *
  2120. * @return {WordArray} The hash.
  2121. *
  2122. * @static
  2123. *
  2124. * @example
  2125. *
  2126. * var hash = CryptoJS.SHA512('message');
  2127. * var hash = CryptoJS.SHA512(wordArray);
  2128. */
  2129. C.SHA512 = Hasher._createHelper(SHA512);
  2130. /**
  2131. * Shortcut function to the HMAC's object interface.
  2132. *
  2133. * @param {WordArray|string} message The message to hash.
  2134. * @param {WordArray|string} key The secret key.
  2135. *
  2136. * @return {WordArray} The HMAC.
  2137. *
  2138. * @static
  2139. *
  2140. * @example
  2141. *
  2142. * var hmac = CryptoJS.HmacSHA512(message, key);
  2143. */
  2144. C.HmacSHA512 = Hasher._createHmacHelper(SHA512);
  2145. }());
  2146. (function () {
  2147. // Shortcuts
  2148. var C = CryptoJS;
  2149. var C_x64 = C.x64;
  2150. var X64Word = C_x64.Word;
  2151. var X64WordArray = C_x64.WordArray;
  2152. var C_algo = C.algo;
  2153. var SHA512 = C_algo.SHA512;
  2154. /**
  2155. * SHA-384 hash algorithm.
  2156. */
  2157. var SHA384 = C_algo.SHA384 = SHA512.extend({
  2158. _doReset: function () {
  2159. this._hash = new X64WordArray.init([
  2160. new X64Word.init(0xcbbb9d5d, 0xc1059ed8), new X64Word.init(0x629a292a, 0x367cd507),
  2161. new X64Word.init(0x9159015a, 0x3070dd17), new X64Word.init(0x152fecd8, 0xf70e5939),
  2162. new X64Word.init(0x67332667, 0xffc00b31), new X64Word.init(0x8eb44a87, 0x68581511),
  2163. new X64Word.init(0xdb0c2e0d, 0x64f98fa7), new X64Word.init(0x47b5481d, 0xbefa4fa4)
  2164. ]);
  2165. },
  2166. _doFinalize: function () {
  2167. var hash = SHA512._doFinalize.call(this);
  2168. hash.sigBytes -= 16;
  2169. return hash;
  2170. }
  2171. });
  2172. /**
  2173. * Shortcut function to the hasher's object interface.
  2174. *
  2175. * @param {WordArray|string} message The message to hash.
  2176. *
  2177. * @return {WordArray} The hash.
  2178. *
  2179. * @static
  2180. *
  2181. * @example
  2182. *
  2183. * var hash = CryptoJS.SHA384('message');
  2184. * var hash = CryptoJS.SHA384(wordArray);
  2185. */
  2186. C.SHA384 = SHA512._createHelper(SHA384);
  2187. /**
  2188. * Shortcut function to the HMAC's object interface.
  2189. *
  2190. * @param {WordArray|string} message The message to hash.
  2191. * @param {WordArray|string} key The secret key.
  2192. *
  2193. * @return {WordArray} The HMAC.
  2194. *
  2195. * @static
  2196. *
  2197. * @example
  2198. *
  2199. * var hmac = CryptoJS.HmacSHA384(message, key);
  2200. */
  2201. C.HmacSHA384 = SHA512._createHmacHelper(SHA384);
  2202. }());
  2203. (function (Math) {
  2204. // Shortcuts
  2205. var C = CryptoJS;
  2206. var C_lib = C.lib;
  2207. var WordArray = C_lib.WordArray;
  2208. var Hasher = C_lib.Hasher;
  2209. var C_x64 = C.x64;
  2210. var X64Word = C_x64.Word;
  2211. var C_algo = C.algo;
  2212. // Constants tables
  2213. var RHO_OFFSETS = [];
  2214. var PI_INDEXES = [];
  2215. var ROUND_CONSTANTS = [];
  2216. // Compute Constants
  2217. (function () {
  2218. // Compute rho offset constants
  2219. var x = 1, y = 0;
  2220. for (var t = 0; t < 24; t++) {
  2221. RHO_OFFSETS[x + 5 * y] = ((t + 1) * (t + 2) / 2) % 64;
  2222. var newX = y % 5;
  2223. var newY = (2 * x + 3 * y) % 5;
  2224. x = newX;
  2225. y = newY;
  2226. }
  2227. // Compute pi index constants
  2228. for (var x = 0; x < 5; x++) {
  2229. for (var y = 0; y < 5; y++) {
  2230. PI_INDEXES[x + 5 * y] = y + ((2 * x + 3 * y) % 5) * 5;
  2231. }
  2232. }
  2233. // Compute round constants
  2234. var LFSR = 0x01;
  2235. for (var i = 0; i < 24; i++) {
  2236. var roundConstantMsw = 0;
  2237. var roundConstantLsw = 0;
  2238. for (var j = 0; j < 7; j++) {
  2239. if (LFSR & 0x01) {
  2240. var bitPosition = (1 << j) - 1;
  2241. if (bitPosition < 32) {
  2242. roundConstantLsw ^= 1 << bitPosition;
  2243. } else /* if (bitPosition >= 32) */ {
  2244. roundConstantMsw ^= 1 << (bitPosition - 32);
  2245. }
  2246. }
  2247. // Compute next LFSR
  2248. if (LFSR & 0x80) {
  2249. // Primitive polynomial over GF(2): x^8 + x^6 + x^5 + x^4 + 1
  2250. LFSR = (LFSR << 1) ^ 0x71;
  2251. } else {
  2252. LFSR <<= 1;
  2253. }
  2254. }
  2255. ROUND_CONSTANTS[i] = X64Word.create(roundConstantMsw, roundConstantLsw);
  2256. }
  2257. }());
  2258. // Reusable objects for temporary values
  2259. var T = [];
  2260. (function () {
  2261. for (var i = 0; i < 25; i++) {
  2262. T[i] = X64Word.create();
  2263. }
  2264. }());
  2265. /**
  2266. * SHA-3 hash algorithm.
  2267. */
  2268. var SHA3 = C_algo.SHA3 = Hasher.extend({
  2269. /**
  2270. * Configuration options.
  2271. *
  2272. * @property {number} outputLength
  2273. * The desired number of bits in the output hash.
  2274. * Only values permitted are: 224, 256, 384, 512.
  2275. * Default: 512
  2276. */
  2277. cfg: Hasher.cfg.extend({
  2278. outputLength: 512
  2279. }),
  2280. _doReset: function () {
  2281. var state = this._state = []
  2282. for (var i = 0; i < 25; i++) {
  2283. state[i] = new X64Word.init();
  2284. }
  2285. this.blockSize = (1600 - 2 * this.cfg.outputLength) / 32;
  2286. },
  2287. _doProcessBlock: function (M, offset) {
  2288. // Shortcuts
  2289. var state = this._state;
  2290. var nBlockSizeLanes = this.blockSize / 2;
  2291. // Absorb
  2292. for (var i = 0; i < nBlockSizeLanes; i++) {
  2293. // Shortcuts
  2294. var M2i = M[offset + 2 * i];
  2295. var M2i1 = M[offset + 2 * i + 1];
  2296. // Swap endian
  2297. M2i = (
  2298. (((M2i << 8) | (M2i >>> 24)) & 0x00ff00ff) |
  2299. (((M2i << 24) | (M2i >>> 8)) & 0xff00ff00)
  2300. );
  2301. M2i1 = (
  2302. (((M2i1 << 8) | (M2i1 >>> 24)) & 0x00ff00ff) |
  2303. (((M2i1 << 24) | (M2i1 >>> 8)) & 0xff00ff00)
  2304. );
  2305. // Absorb message into state
  2306. var lane = state[i];
  2307. lane.high ^= M2i1;
  2308. lane.low ^= M2i;
  2309. }
  2310. // Rounds
  2311. for (var round = 0; round < 24; round++) {
  2312. // Theta
  2313. for (var x = 0; x < 5; x++) {
  2314. // Mix column lanes
  2315. var tMsw = 0, tLsw = 0;
  2316. for (var y = 0; y < 5; y++) {
  2317. var lane = state[x + 5 * y];
  2318. tMsw ^= lane.high;
  2319. tLsw ^= lane.low;
  2320. }
  2321. // Temporary values
  2322. var Tx = T[x];
  2323. Tx.high = tMsw;
  2324. Tx.low = tLsw;
  2325. }
  2326. for (var x = 0; x < 5; x++) {
  2327. // Shortcuts
  2328. var Tx4 = T[(x + 4) % 5];
  2329. var Tx1 = T[(x + 1) % 5];
  2330. var Tx1Msw = Tx1.high;
  2331. var Tx1Lsw = Tx1.low;
  2332. // Mix surrounding columns
  2333. var tMsw = Tx4.high ^ ((Tx1Msw << 1) | (Tx1Lsw >>> 31));
  2334. var tLsw = Tx4.low ^ ((Tx1Lsw << 1) | (Tx1Msw >>> 31));
  2335. for (var y = 0; y < 5; y++) {
  2336. var lane = state[x + 5 * y];
  2337. lane.high ^= tMsw;
  2338. lane.low ^= tLsw;
  2339. }
  2340. }
  2341. // Rho Pi
  2342. for (var laneIndex = 1; laneIndex < 25; laneIndex++) {
  2343. var tMsw;
  2344. var tLsw;
  2345. // Shortcuts
  2346. var lane = state[laneIndex];
  2347. var laneMsw = lane.high;
  2348. var laneLsw = lane.low;
  2349. var rhoOffset = RHO_OFFSETS[laneIndex];
  2350. // Rotate lanes
  2351. if (rhoOffset < 32) {
  2352. tMsw = (laneMsw << rhoOffset) | (laneLsw >>> (32 - rhoOffset));
  2353. tLsw = (laneLsw << rhoOffset) | (laneMsw >>> (32 - rhoOffset));
  2354. } else /* if (rhoOffset >= 32) */ {
  2355. tMsw = (laneLsw << (rhoOffset - 32)) | (laneMsw >>> (64 - rhoOffset));
  2356. tLsw = (laneMsw << (rhoOffset - 32)) | (laneLsw >>> (64 - rhoOffset));
  2357. }
  2358. // Transpose lanes
  2359. var TPiLane = T[PI_INDEXES[laneIndex]];
  2360. TPiLane.high = tMsw;
  2361. TPiLane.low = tLsw;
  2362. }
  2363. // Rho pi at x = y = 0
  2364. var T0 = T[0];
  2365. var state0 = state[0];
  2366. T0.high = state0.high;
  2367. T0.low = state0.low;
  2368. // Chi
  2369. for (var x = 0; x < 5; x++) {
  2370. for (var y = 0; y < 5; y++) {
  2371. // Shortcuts
  2372. var laneIndex = x + 5 * y;
  2373. var lane = state[laneIndex];
  2374. var TLane = T[laneIndex];
  2375. var Tx1Lane = T[((x + 1) % 5) + 5 * y];
  2376. var Tx2Lane = T[((x + 2) % 5) + 5 * y];
  2377. // Mix rows
  2378. lane.high = TLane.high ^ (~Tx1Lane.high & Tx2Lane.high);
  2379. lane.low = TLane.low ^ (~Tx1Lane.low & Tx2Lane.low);
  2380. }
  2381. }
  2382. // Iota
  2383. var lane = state[0];
  2384. var roundConstant = ROUND_CONSTANTS[round];
  2385. lane.high ^= roundConstant.high;
  2386. lane.low ^= roundConstant.low;
  2387. }
  2388. },
  2389. _doFinalize: function () {
  2390. // Shortcuts
  2391. var data = this._data;
  2392. var dataWords = data.words;
  2393. var nBitsTotal = this._nDataBytes * 8;
  2394. var nBitsLeft = data.sigBytes * 8;
  2395. var blockSizeBits = this.blockSize * 32;
  2396. // Add padding
  2397. dataWords[nBitsLeft >>> 5] |= 0x1 << (24 - nBitsLeft % 32);
  2398. dataWords[((Math.ceil((nBitsLeft + 1) / blockSizeBits) * blockSizeBits) >>> 5) - 1] |= 0x80;
  2399. data.sigBytes = dataWords.length * 4;
  2400. // Hash final blocks
  2401. this._process();
  2402. // Shortcuts
  2403. var state = this._state;
  2404. var outputLengthBytes = this.cfg.outputLength / 8;
  2405. var outputLengthLanes = outputLengthBytes / 8;
  2406. // Squeeze
  2407. var hashWords = [];
  2408. for (var i = 0; i < outputLengthLanes; i++) {
  2409. // Shortcuts
  2410. var lane = state[i];
  2411. var laneMsw = lane.high;
  2412. var laneLsw = lane.low;
  2413. // Swap endian
  2414. laneMsw = (
  2415. (((laneMsw << 8) | (laneMsw >>> 24)) & 0x00ff00ff) |
  2416. (((laneMsw << 24) | (laneMsw >>> 8)) & 0xff00ff00)
  2417. );
  2418. laneLsw = (
  2419. (((laneLsw << 8) | (laneLsw >>> 24)) & 0x00ff00ff) |
  2420. (((laneLsw << 24) | (laneLsw >>> 8)) & 0xff00ff00)
  2421. );
  2422. // Squeeze state to retrieve hash
  2423. hashWords.push(laneLsw);
  2424. hashWords.push(laneMsw);
  2425. }
  2426. // Return final computed hash
  2427. return new WordArray.init(hashWords, outputLengthBytes);
  2428. },
  2429. clone: function () {
  2430. var clone = Hasher.clone.call(this);
  2431. var state = clone._state = this._state.slice(0);
  2432. for (var i = 0; i < 25; i++) {
  2433. state[i] = state[i].clone();
  2434. }
  2435. return clone;
  2436. }
  2437. });
  2438. /**
  2439. * Shortcut function to the hasher's object interface.
  2440. *
  2441. * @param {WordArray|string} message The message to hash.
  2442. *
  2443. * @return {WordArray} The hash.
  2444. *
  2445. * @static
  2446. *
  2447. * @example
  2448. *
  2449. * var hash = CryptoJS.SHA3('message');
  2450. * var hash = CryptoJS.SHA3(wordArray);
  2451. */
  2452. C.SHA3 = Hasher._createHelper(SHA3);
  2453. /**
  2454. * Shortcut function to the HMAC's object interface.
  2455. *
  2456. * @param {WordArray|string} message The message to hash.
  2457. * @param {WordArray|string} key The secret key.
  2458. *
  2459. * @return {WordArray} The HMAC.
  2460. *
  2461. * @static
  2462. *
  2463. * @example
  2464. *
  2465. * var hmac = CryptoJS.HmacSHA3(message, key);
  2466. */
  2467. C.HmacSHA3 = Hasher._createHmacHelper(SHA3);
  2468. }(Math));
  2469. /** @preserve
  2470. (c) 2012 by Cédric Mesnil. All rights reserved.
  2471. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
  2472. - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2473. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  2474. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  2475. */
  2476. (function (Math) {
  2477. // Shortcuts
  2478. var C = CryptoJS;
  2479. var C_lib = C.lib;
  2480. var WordArray = C_lib.WordArray;
  2481. var Hasher = C_lib.Hasher;
  2482. var C_algo = C.algo;
  2483. // Constants table
  2484. var _zl = WordArray.create([
  2485. 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
  2486. 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
  2487. 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
  2488. 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
  2489. 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13]);
  2490. var _zr = WordArray.create([
  2491. 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
  2492. 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
  2493. 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
  2494. 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
  2495. 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11]);
  2496. var _sl = WordArray.create([
  2497. 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
  2498. 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
  2499. 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
  2500. 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
  2501. 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 ]);
  2502. var _sr = WordArray.create([
  2503. 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
  2504. 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
  2505. 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
  2506. 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
  2507. 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 ]);
  2508. var _hl = WordArray.create([ 0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]);
  2509. var _hr = WordArray.create([ 0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]);
  2510. /**
  2511. * RIPEMD160 hash algorithm.
  2512. */
  2513. var RIPEMD160 = C_algo.RIPEMD160 = Hasher.extend({
  2514. _doReset: function () {
  2515. this._hash = WordArray.create([0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0]);
  2516. },
  2517. _doProcessBlock: function (M, offset) {
  2518. // Swap endian
  2519. for (var i = 0; i < 16; i++) {
  2520. // Shortcuts
  2521. var offset_i = offset + i;
  2522. var M_offset_i = M[offset_i];
  2523. // Swap
  2524. M[offset_i] = (
  2525. (((M_offset_i << 8) | (M_offset_i >>> 24)) & 0x00ff00ff) |
  2526. (((M_offset_i << 24) | (M_offset_i >>> 8)) & 0xff00ff00)
  2527. );
  2528. }
  2529. // Shortcut
  2530. var H = this._hash.words;
  2531. var hl = _hl.words;
  2532. var hr = _hr.words;
  2533. var zl = _zl.words;
  2534. var zr = _zr.words;
  2535. var sl = _sl.words;
  2536. var sr = _sr.words;
  2537. // Working variables
  2538. var al, bl, cl, dl, el;
  2539. var ar, br, cr, dr, er;
  2540. ar = al = H[0];
  2541. br = bl = H[1];
  2542. cr = cl = H[2];
  2543. dr = dl = H[3];
  2544. er = el = H[4];
  2545. // Computation
  2546. var t;
  2547. for (var i = 0; i < 80; i += 1) {
  2548. t = (al + M[offset+zl[i]])|0;
  2549. if (i<16){
  2550. t += f1(bl,cl,dl) + hl[0];
  2551. } else if (i<32) {
  2552. t += f2(bl,cl,dl) + hl[1];
  2553. } else if (i<48) {
  2554. t += f3(bl,cl,dl) + hl[2];
  2555. } else if (i<64) {
  2556. t += f4(bl,cl,dl) + hl[3];
  2557. } else {// if (i<80) {
  2558. t += f5(bl,cl,dl) + hl[4];
  2559. }
  2560. t = t|0;
  2561. t = rotl(t,sl[i]);
  2562. t = (t+el)|0;
  2563. al = el;
  2564. el = dl;
  2565. dl = rotl(cl, 10);
  2566. cl = bl;
  2567. bl = t;
  2568. t = (ar + M[offset+zr[i]])|0;
  2569. if (i<16){
  2570. t += f5(br,cr,dr) + hr[0];
  2571. } else if (i<32) {
  2572. t += f4(br,cr,dr) + hr[1];
  2573. } else if (i<48) {
  2574. t += f3(br,cr,dr) + hr[2];
  2575. } else if (i<64) {
  2576. t += f2(br,cr,dr) + hr[3];
  2577. } else {// if (i<80) {
  2578. t += f1(br,cr,dr) + hr[4];
  2579. }
  2580. t = t|0;
  2581. t = rotl(t,sr[i]) ;
  2582. t = (t+er)|0;
  2583. ar = er;
  2584. er = dr;
  2585. dr = rotl(cr, 10);
  2586. cr = br;
  2587. br = t;
  2588. }
  2589. // Intermediate hash value
  2590. t = (H[1] + cl + dr)|0;
  2591. H[1] = (H[2] + dl + er)|0;
  2592. H[2] = (H[3] + el + ar)|0;
  2593. H[3] = (H[4] + al + br)|0;
  2594. H[4] = (H[0] + bl + cr)|0;
  2595. H[0] = t;
  2596. },
  2597. _doFinalize: function () {
  2598. // Shortcuts
  2599. var data = this._data;
  2600. var dataWords = data.words;
  2601. var nBitsTotal = this._nDataBytes * 8;
  2602. var nBitsLeft = data.sigBytes * 8;
  2603. // Add padding
  2604. dataWords[nBitsLeft >>> 5] |= 0x80 << (24 - nBitsLeft % 32);
  2605. dataWords[(((nBitsLeft + 64) >>> 9) << 4) + 14] = (
  2606. (((nBitsTotal << 8) | (nBitsTotal >>> 24)) & 0x00ff00ff) |
  2607. (((nBitsTotal << 24) | (nBitsTotal >>> 8)) & 0xff00ff00)
  2608. );
  2609. data.sigBytes = (dataWords.length + 1) * 4;
  2610. // Hash final blocks
  2611. this._process();
  2612. // Shortcuts
  2613. var hash = this._hash;
  2614. var H = hash.words;
  2615. // Swap endian
  2616. for (var i = 0; i < 5; i++) {
  2617. // Shortcut
  2618. var H_i = H[i];
  2619. // Swap
  2620. H[i] = (((H_i << 8) | (H_i >>> 24)) & 0x00ff00ff) |
  2621. (((H_i << 24) | (H_i >>> 8)) & 0xff00ff00);
  2622. }
  2623. // Return final computed hash
  2624. return hash;
  2625. },
  2626. clone: function () {
  2627. var clone = Hasher.clone.call(this);
  2628. clone._hash = this._hash.clone();
  2629. return clone;
  2630. }
  2631. });
  2632. function f1(x, y, z) {
  2633. return ((x) ^ (y) ^ (z));
  2634. }
  2635. function f2(x, y, z) {
  2636. return (((x)&(y)) | ((~x)&(z)));
  2637. }
  2638. function f3(x, y, z) {
  2639. return (((x) | (~(y))) ^ (z));
  2640. }
  2641. function f4(x, y, z) {
  2642. return (((x) & (z)) | ((y)&(~(z))));
  2643. }
  2644. function f5(x, y, z) {
  2645. return ((x) ^ ((y) |(~(z))));
  2646. }
  2647. function rotl(x,n) {
  2648. return (x<<n) | (x>>>(32-n));
  2649. }
  2650. /**
  2651. * Shortcut function to the hasher's object interface.
  2652. *
  2653. * @param {WordArray|string} message The message to hash.
  2654. *
  2655. * @return {WordArray} The hash.
  2656. *
  2657. * @static
  2658. *
  2659. * @example
  2660. *
  2661. * var hash = CryptoJS.RIPEMD160('message');
  2662. * var hash = CryptoJS.RIPEMD160(wordArray);
  2663. */
  2664. C.RIPEMD160 = Hasher._createHelper(RIPEMD160);
  2665. /**
  2666. * Shortcut function to the HMAC's object interface.
  2667. *
  2668. * @param {WordArray|string} message The message to hash.
  2669. * @param {WordArray|string} key The secret key.
  2670. *
  2671. * @return {WordArray} The HMAC.
  2672. *
  2673. * @static
  2674. *
  2675. * @example
  2676. *
  2677. * var hmac = CryptoJS.HmacRIPEMD160(message, key);
  2678. */
  2679. C.HmacRIPEMD160 = Hasher._createHmacHelper(RIPEMD160);
  2680. }(Math));
  2681. (function () {
  2682. // Shortcuts
  2683. var C = CryptoJS;
  2684. var C_lib = C.lib;
  2685. var Base = C_lib.Base;
  2686. var C_enc = C.enc;
  2687. var Utf8 = C_enc.Utf8;
  2688. var C_algo = C.algo;
  2689. /**
  2690. * HMAC algorithm.
  2691. */
  2692. var HMAC = C_algo.HMAC = Base.extend({
  2693. /**
  2694. * Initializes a newly created HMAC.
  2695. *
  2696. * @param {Hasher} hasher The hash algorithm to use.
  2697. * @param {WordArray|string} key The secret key.
  2698. *
  2699. * @example
  2700. *
  2701. * var hmacHasher = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
  2702. */
  2703. init: function (hasher, key) {
  2704. // Init hasher
  2705. hasher = this._hasher = new hasher.init();
  2706. // Convert string to WordArray, else assume WordArray already
  2707. if (typeof key == 'string') {
  2708. key = Utf8.parse(key);
  2709. }
  2710. // Shortcuts
  2711. var hasherBlockSize = hasher.blockSize;
  2712. var hasherBlockSizeBytes = hasherBlockSize * 4;
  2713. // Allow arbitrary length keys
  2714. if (key.sigBytes > hasherBlockSizeBytes) {
  2715. key = hasher.finalize(key);
  2716. }
  2717. // Clamp excess bits
  2718. key.clamp();
  2719. // Clone key for inner and outer pads
  2720. var oKey = this._oKey = key.clone();
  2721. var iKey = this._iKey = key.clone();
  2722. // Shortcuts
  2723. var oKeyWords = oKey.words;
  2724. var iKeyWords = iKey.words;
  2725. // XOR keys with pad constants
  2726. for (var i = 0; i < hasherBlockSize; i++) {
  2727. oKeyWords[i] ^= 0x5c5c5c5c;
  2728. iKeyWords[i] ^= 0x36363636;
  2729. }
  2730. oKey.sigBytes = iKey.sigBytes = hasherBlockSizeBytes;
  2731. // Set initial values
  2732. this.reset();
  2733. },
  2734. /**
  2735. * Resets this HMAC to its initial state.
  2736. *
  2737. * @example
  2738. *
  2739. * hmacHasher.reset();
  2740. */
  2741. reset: function () {
  2742. // Shortcut
  2743. var hasher = this._hasher;
  2744. // Reset
  2745. hasher.reset();
  2746. hasher.update(this._iKey);
  2747. },
  2748. /**
  2749. * Updates this HMAC with a message.
  2750. *
  2751. * @param {WordArray|string} messageUpdate The message to append.
  2752. *
  2753. * @return {HMAC} This HMAC instance.
  2754. *
  2755. * @example
  2756. *
  2757. * hmacHasher.update('message');
  2758. * hmacHasher.update(wordArray);
  2759. */
  2760. update: function (messageUpdate) {
  2761. this._hasher.update(messageUpdate);
  2762. // Chainable
  2763. return this;
  2764. },
  2765. /**
  2766. * Finalizes the HMAC computation.
  2767. * Note that the finalize operation is effectively a destructive, read-once operation.
  2768. *
  2769. * @param {WordArray|string} messageUpdate (Optional) A final message update.
  2770. *
  2771. * @return {WordArray} The HMAC.
  2772. *
  2773. * @example
  2774. *
  2775. * var hmac = hmacHasher.finalize();
  2776. * var hmac = hmacHasher.finalize('message');
  2777. * var hmac = hmacHasher.finalize(wordArray);
  2778. */
  2779. finalize: function (messageUpdate) {
  2780. // Shortcut
  2781. var hasher = this._hasher;
  2782. // Compute HMAC
  2783. var innerHash = hasher.finalize(messageUpdate);
  2784. hasher.reset();
  2785. var hmac = hasher.finalize(this._oKey.clone().concat(innerHash));
  2786. return hmac;
  2787. }
  2788. });
  2789. }());
  2790. (function () {
  2791. // Shortcuts
  2792. var C = CryptoJS;
  2793. var C_lib = C.lib;
  2794. var Base = C_lib.Base;
  2795. var WordArray = C_lib.WordArray;
  2796. var C_algo = C.algo;
  2797. var SHA1 = C_algo.SHA1;
  2798. var HMAC = C_algo.HMAC;
  2799. /**
  2800. * Password-Based Key Derivation Function 2 algorithm.
  2801. */
  2802. var PBKDF2 = C_algo.PBKDF2 = Base.extend({
  2803. /**
  2804. * Configuration options.
  2805. *
  2806. * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
  2807. * @property {Hasher} hasher The hasher to use. Default: SHA1
  2808. * @property {number} iterations The number of iterations to perform. Default: 1
  2809. */
  2810. cfg: Base.extend({
  2811. keySize: 128/32,
  2812. hasher: SHA1,
  2813. iterations: 1
  2814. }),
  2815. /**
  2816. * Initializes a newly created key derivation function.
  2817. *
  2818. * @param {Object} cfg (Optional) The configuration options to use for the derivation.
  2819. *
  2820. * @example
  2821. *
  2822. * var kdf = CryptoJS.algo.PBKDF2.create();
  2823. * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8 });
  2824. * var kdf = CryptoJS.algo.PBKDF2.create({ keySize: 8, iterations: 1000 });
  2825. */
  2826. init: function (cfg) {
  2827. this.cfg = this.cfg.extend(cfg);
  2828. },
  2829. /**
  2830. * Computes the Password-Based Key Derivation Function 2.
  2831. *
  2832. * @param {WordArray|string} password The password.
  2833. * @param {WordArray|string} salt A salt.
  2834. *
  2835. * @return {WordArray} The derived key.
  2836. *
  2837. * @example
  2838. *
  2839. * var key = kdf.compute(password, salt);
  2840. */
  2841. compute: function (password, salt) {
  2842. // Shortcut
  2843. var cfg = this.cfg;
  2844. // Init HMAC
  2845. var hmac = HMAC.create(cfg.hasher, password);
  2846. // Initial values
  2847. var derivedKey = WordArray.create();
  2848. var blockIndex = WordArray.create([0x00000001]);
  2849. // Shortcuts
  2850. var derivedKeyWords = derivedKey.words;
  2851. var blockIndexWords = blockIndex.words;
  2852. var keySize = cfg.keySize;
  2853. var iterations = cfg.iterations;
  2854. // Generate key
  2855. while (derivedKeyWords.length < keySize) {
  2856. var block = hmac.update(salt).finalize(blockIndex);
  2857. hmac.reset();
  2858. // Shortcuts
  2859. var blockWords = block.words;
  2860. var blockWordsLength = blockWords.length;
  2861. // Iterations
  2862. var intermediate = block;
  2863. for (var i = 1; i < iterations; i++) {
  2864. intermediate = hmac.finalize(intermediate);
  2865. hmac.reset();
  2866. // Shortcut
  2867. var intermediateWords = intermediate.words;
  2868. // XOR intermediate with block
  2869. for (var j = 0; j < blockWordsLength; j++) {
  2870. blockWords[j] ^= intermediateWords[j];
  2871. }
  2872. }
  2873. derivedKey.concat(block);
  2874. blockIndexWords[0]++;
  2875. }
  2876. derivedKey.sigBytes = keySize * 4;
  2877. return derivedKey;
  2878. }
  2879. });
  2880. /**
  2881. * Computes the Password-Based Key Derivation Function 2.
  2882. *
  2883. * @param {WordArray|string} password The password.
  2884. * @param {WordArray|string} salt A salt.
  2885. * @param {Object} cfg (Optional) The configuration options to use for this computation.
  2886. *
  2887. * @return {WordArray} The derived key.
  2888. *
  2889. * @static
  2890. *
  2891. * @example
  2892. *
  2893. * var key = CryptoJS.PBKDF2(password, salt);
  2894. * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8 });
  2895. * var key = CryptoJS.PBKDF2(password, salt, { keySize: 8, iterations: 1000 });
  2896. */
  2897. C.PBKDF2 = function (password, salt, cfg) {
  2898. return PBKDF2.create(cfg).compute(password, salt);
  2899. };
  2900. }());
  2901. (function () {
  2902. // Shortcuts
  2903. var C = CryptoJS;
  2904. var C_lib = C.lib;
  2905. var Base = C_lib.Base;
  2906. var WordArray = C_lib.WordArray;
  2907. var C_algo = C.algo;
  2908. var MD5 = C_algo.MD5;
  2909. /**
  2910. * This key derivation function is meant to conform with EVP_BytesToKey.
  2911. * www.openssl.org/docs/crypto/EVP_BytesToKey.html
  2912. */
  2913. var EvpKDF = C_algo.EvpKDF = Base.extend({
  2914. /**
  2915. * Configuration options.
  2916. *
  2917. * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
  2918. * @property {Hasher} hasher The hash algorithm to use. Default: MD5
  2919. * @property {number} iterations The number of iterations to perform. Default: 1
  2920. */
  2921. cfg: Base.extend({
  2922. keySize: 128/32,
  2923. hasher: MD5,
  2924. iterations: 1
  2925. }),
  2926. /**
  2927. * Initializes a newly created key derivation function.
  2928. *
  2929. * @param {Object} cfg (Optional) The configuration options to use for the derivation.
  2930. *
  2931. * @example
  2932. *
  2933. * var kdf = CryptoJS.algo.EvpKDF.create();
  2934. * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8 });
  2935. * var kdf = CryptoJS.algo.EvpKDF.create({ keySize: 8, iterations: 1000 });
  2936. */
  2937. init: function (cfg) {
  2938. this.cfg = this.cfg.extend(cfg);
  2939. },
  2940. /**
  2941. * Derives a key from a password.
  2942. *
  2943. * @param {WordArray|string} password The password.
  2944. * @param {WordArray|string} salt A salt.
  2945. *
  2946. * @return {WordArray} The derived key.
  2947. *
  2948. * @example
  2949. *
  2950. * var key = kdf.compute(password, salt);
  2951. */
  2952. compute: function (password, salt) {
  2953. var block;
  2954. // Shortcut
  2955. var cfg = this.cfg;
  2956. // Init hasher
  2957. var hasher = cfg.hasher.create();
  2958. // Initial values
  2959. var derivedKey = WordArray.create();
  2960. // Shortcuts
  2961. var derivedKeyWords = derivedKey.words;
  2962. var keySize = cfg.keySize;
  2963. var iterations = cfg.iterations;
  2964. // Generate key
  2965. while (derivedKeyWords.length < keySize) {
  2966. if (block) {
  2967. hasher.update(block);
  2968. }
  2969. block = hasher.update(password).finalize(salt);
  2970. hasher.reset();
  2971. // Iterations
  2972. for (var i = 1; i < iterations; i++) {
  2973. block = hasher.finalize(block);
  2974. hasher.reset();
  2975. }
  2976. derivedKey.concat(block);
  2977. }
  2978. derivedKey.sigBytes = keySize * 4;
  2979. return derivedKey;
  2980. }
  2981. });
  2982. /**
  2983. * Derives a key from a password.
  2984. *
  2985. * @param {WordArray|string} password The password.
  2986. * @param {WordArray|string} salt A salt.
  2987. * @param {Object} cfg (Optional) The configuration options to use for this computation.
  2988. *
  2989. * @return {WordArray} The derived key.
  2990. *
  2991. * @static
  2992. *
  2993. * @example
  2994. *
  2995. * var key = CryptoJS.EvpKDF(password, salt);
  2996. * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8 });
  2997. * var key = CryptoJS.EvpKDF(password, salt, { keySize: 8, iterations: 1000 });
  2998. */
  2999. C.EvpKDF = function (password, salt, cfg) {
  3000. return EvpKDF.create(cfg).compute(password, salt);
  3001. };
  3002. }());
  3003. /**
  3004. * Cipher core components.
  3005. */
  3006. CryptoJS.lib.Cipher || (function (undefined) {
  3007. // Shortcuts
  3008. var C = CryptoJS;
  3009. var C_lib = C.lib;
  3010. var Base = C_lib.Base;
  3011. var WordArray = C_lib.WordArray;
  3012. var BufferedBlockAlgorithm = C_lib.BufferedBlockAlgorithm;
  3013. var C_enc = C.enc;
  3014. var Utf8 = C_enc.Utf8;
  3015. var Base64 = C_enc.Base64;
  3016. var C_algo = C.algo;
  3017. var EvpKDF = C_algo.EvpKDF;
  3018. /**
  3019. * Abstract base cipher template.
  3020. *
  3021. * @property {number} keySize This cipher's key size. Default: 4 (128 bits)
  3022. * @property {number} ivSize This cipher's IV size. Default: 4 (128 bits)
  3023. * @property {number} _ENC_XFORM_MODE A constant representing encryption mode.
  3024. * @property {number} _DEC_XFORM_MODE A constant representing decryption mode.
  3025. */
  3026. var Cipher = C_lib.Cipher = BufferedBlockAlgorithm.extend({
  3027. /**
  3028. * Configuration options.
  3029. *
  3030. * @property {WordArray} iv The IV to use for this operation.
  3031. */
  3032. cfg: Base.extend(),
  3033. /**
  3034. * Creates this cipher in encryption mode.
  3035. *
  3036. * @param {WordArray} key The key.
  3037. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3038. *
  3039. * @return {Cipher} A cipher instance.
  3040. *
  3041. * @static
  3042. *
  3043. * @example
  3044. *
  3045. * var cipher = CryptoJS.algo.AES.createEncryptor(keyWordArray, { iv: ivWordArray });
  3046. */
  3047. createEncryptor: function (key, cfg) {
  3048. return this.create(this._ENC_XFORM_MODE, key, cfg);
  3049. },
  3050. /**
  3051. * Creates this cipher in decryption mode.
  3052. *
  3053. * @param {WordArray} key The key.
  3054. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3055. *
  3056. * @return {Cipher} A cipher instance.
  3057. *
  3058. * @static
  3059. *
  3060. * @example
  3061. *
  3062. * var cipher = CryptoJS.algo.AES.createDecryptor(keyWordArray, { iv: ivWordArray });
  3063. */
  3064. createDecryptor: function (key, cfg) {
  3065. return this.create(this._DEC_XFORM_MODE, key, cfg);
  3066. },
  3067. /**
  3068. * Initializes a newly created cipher.
  3069. *
  3070. * @param {number} xformMode Either the encryption or decryption transormation mode constant.
  3071. * @param {WordArray} key The key.
  3072. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3073. *
  3074. * @example
  3075. *
  3076. * var cipher = CryptoJS.algo.AES.create(CryptoJS.algo.AES._ENC_XFORM_MODE, keyWordArray, { iv: ivWordArray });
  3077. */
  3078. init: function (xformMode, key, cfg) {
  3079. // Apply config defaults
  3080. this.cfg = this.cfg.extend(cfg);
  3081. // Store transform mode and key
  3082. this._xformMode = xformMode;
  3083. this._key = key;
  3084. // Set initial values
  3085. this.reset();
  3086. },
  3087. /**
  3088. * Resets this cipher to its initial state.
  3089. *
  3090. * @example
  3091. *
  3092. * cipher.reset();
  3093. */
  3094. reset: function () {
  3095. // Reset data buffer
  3096. BufferedBlockAlgorithm.reset.call(this);
  3097. // Perform concrete-cipher logic
  3098. this._doReset();
  3099. },
  3100. /**
  3101. * Adds data to be encrypted or decrypted.
  3102. *
  3103. * @param {WordArray|string} dataUpdate The data to encrypt or decrypt.
  3104. *
  3105. * @return {WordArray} The data after processing.
  3106. *
  3107. * @example
  3108. *
  3109. * var encrypted = cipher.process('data');
  3110. * var encrypted = cipher.process(wordArray);
  3111. */
  3112. process: function (dataUpdate) {
  3113. // Append
  3114. this._append(dataUpdate);
  3115. // Process available blocks
  3116. return this._process();
  3117. },
  3118. /**
  3119. * Finalizes the encryption or decryption process.
  3120. * Note that the finalize operation is effectively a destructive, read-once operation.
  3121. *
  3122. * @param {WordArray|string} dataUpdate The final data to encrypt or decrypt.
  3123. *
  3124. * @return {WordArray} The data after final processing.
  3125. *
  3126. * @example
  3127. *
  3128. * var encrypted = cipher.finalize();
  3129. * var encrypted = cipher.finalize('data');
  3130. * var encrypted = cipher.finalize(wordArray);
  3131. */
  3132. finalize: function (dataUpdate) {
  3133. // Final data update
  3134. if (dataUpdate) {
  3135. this._append(dataUpdate);
  3136. }
  3137. // Perform concrete-cipher logic
  3138. var finalProcessedData = this._doFinalize();
  3139. return finalProcessedData;
  3140. },
  3141. keySize: 128/32,
  3142. ivSize: 128/32,
  3143. _ENC_XFORM_MODE: 1,
  3144. _DEC_XFORM_MODE: 2,
  3145. /**
  3146. * Creates shortcut functions to a cipher's object interface.
  3147. *
  3148. * @param {Cipher} cipher The cipher to create a helper for.
  3149. *
  3150. * @return {Object} An object with encrypt and decrypt shortcut functions.
  3151. *
  3152. * @static
  3153. *
  3154. * @example
  3155. *
  3156. * var AES = CryptoJS.lib.Cipher._createHelper(CryptoJS.algo.AES);
  3157. */
  3158. _createHelper: (function () {
  3159. function selectCipherStrategy(key) {
  3160. if (typeof key == 'string') {
  3161. return PasswordBasedCipher;
  3162. } else {
  3163. return SerializableCipher;
  3164. }
  3165. }
  3166. return function (cipher) {
  3167. return {
  3168. encrypt: function (message, key, cfg) {
  3169. return selectCipherStrategy(key).encrypt(cipher, message, key, cfg);
  3170. },
  3171. decrypt: function (ciphertext, key, cfg) {
  3172. return selectCipherStrategy(key).decrypt(cipher, ciphertext, key, cfg);
  3173. }
  3174. };
  3175. };
  3176. }())
  3177. });
  3178. /**
  3179. * Abstract base stream cipher template.
  3180. *
  3181. * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 1 (32 bits)
  3182. */
  3183. var StreamCipher = C_lib.StreamCipher = Cipher.extend({
  3184. _doFinalize: function () {
  3185. // Process partial blocks
  3186. var finalProcessedBlocks = this._process(!!'flush');
  3187. return finalProcessedBlocks;
  3188. },
  3189. blockSize: 1
  3190. });
  3191. /**
  3192. * Mode namespace.
  3193. */
  3194. var C_mode = C.mode = {};
  3195. /**
  3196. * Abstract base block cipher mode template.
  3197. */
  3198. var BlockCipherMode = C_lib.BlockCipherMode = Base.extend({
  3199. /**
  3200. * Creates this mode for encryption.
  3201. *
  3202. * @param {Cipher} cipher A block cipher instance.
  3203. * @param {Array} iv The IV words.
  3204. *
  3205. * @static
  3206. *
  3207. * @example
  3208. *
  3209. * var mode = CryptoJS.mode.CBC.createEncryptor(cipher, iv.words);
  3210. */
  3211. createEncryptor: function (cipher, iv) {
  3212. return this.Encryptor.create(cipher, iv);
  3213. },
  3214. /**
  3215. * Creates this mode for decryption.
  3216. *
  3217. * @param {Cipher} cipher A block cipher instance.
  3218. * @param {Array} iv The IV words.
  3219. *
  3220. * @static
  3221. *
  3222. * @example
  3223. *
  3224. * var mode = CryptoJS.mode.CBC.createDecryptor(cipher, iv.words);
  3225. */
  3226. createDecryptor: function (cipher, iv) {
  3227. return this.Decryptor.create(cipher, iv);
  3228. },
  3229. /**
  3230. * Initializes a newly created mode.
  3231. *
  3232. * @param {Cipher} cipher A block cipher instance.
  3233. * @param {Array} iv The IV words.
  3234. *
  3235. * @example
  3236. *
  3237. * var mode = CryptoJS.mode.CBC.Encryptor.create(cipher, iv.words);
  3238. */
  3239. init: function (cipher, iv) {
  3240. this._cipher = cipher;
  3241. this._iv = iv;
  3242. }
  3243. });
  3244. /**
  3245. * Cipher Block Chaining mode.
  3246. */
  3247. var CBC = C_mode.CBC = (function () {
  3248. /**
  3249. * Abstract base CBC mode.
  3250. */
  3251. var CBC = BlockCipherMode.extend();
  3252. /**
  3253. * CBC encryptor.
  3254. */
  3255. CBC.Encryptor = CBC.extend({
  3256. /**
  3257. * Processes the data block at offset.
  3258. *
  3259. * @param {Array} words The data words to operate on.
  3260. * @param {number} offset The offset where the block starts.
  3261. *
  3262. * @example
  3263. *
  3264. * mode.processBlock(data.words, offset);
  3265. */
  3266. processBlock: function (words, offset) {
  3267. // Shortcuts
  3268. var cipher = this._cipher;
  3269. var blockSize = cipher.blockSize;
  3270. // XOR and encrypt
  3271. xorBlock.call(this, words, offset, blockSize);
  3272. cipher.encryptBlock(words, offset);
  3273. // Remember this block to use with next block
  3274. this._prevBlock = words.slice(offset, offset + blockSize);
  3275. }
  3276. });
  3277. /**
  3278. * CBC decryptor.
  3279. */
  3280. CBC.Decryptor = CBC.extend({
  3281. /**
  3282. * Processes the data block at offset.
  3283. *
  3284. * @param {Array} words The data words to operate on.
  3285. * @param {number} offset The offset where the block starts.
  3286. *
  3287. * @example
  3288. *
  3289. * mode.processBlock(data.words, offset);
  3290. */
  3291. processBlock: function (words, offset) {
  3292. // Shortcuts
  3293. var cipher = this._cipher;
  3294. var blockSize = cipher.blockSize;
  3295. // Remember this block to use with next block
  3296. var thisBlock = words.slice(offset, offset + blockSize);
  3297. // Decrypt and XOR
  3298. cipher.decryptBlock(words, offset);
  3299. xorBlock.call(this, words, offset, blockSize);
  3300. // This block becomes the previous block
  3301. this._prevBlock = thisBlock;
  3302. }
  3303. });
  3304. function xorBlock(words, offset, blockSize) {
  3305. var block;
  3306. // Shortcut
  3307. var iv = this._iv;
  3308. // Choose mixing block
  3309. if (iv) {
  3310. block = iv;
  3311. // Remove IV for subsequent blocks
  3312. this._iv = undefined;
  3313. } else {
  3314. block = this._prevBlock;
  3315. }
  3316. // XOR blocks
  3317. for (var i = 0; i < blockSize; i++) {
  3318. words[offset + i] ^= block[i];
  3319. }
  3320. }
  3321. return CBC;
  3322. }());
  3323. /**
  3324. * Padding namespace.
  3325. */
  3326. var C_pad = C.pad = {};
  3327. /**
  3328. * PKCS #5/7 padding strategy.
  3329. */
  3330. var Pkcs7 = C_pad.Pkcs7 = {
  3331. /**
  3332. * Pads data using the algorithm defined in PKCS #5/7.
  3333. *
  3334. * @param {WordArray} data The data to pad.
  3335. * @param {number} blockSize The multiple that the data should be padded to.
  3336. *
  3337. * @static
  3338. *
  3339. * @example
  3340. *
  3341. * CryptoJS.pad.Pkcs7.pad(wordArray, 4);
  3342. */
  3343. pad: function (data, blockSize) {
  3344. // Shortcut
  3345. var blockSizeBytes = blockSize * 4;
  3346. // Count padding bytes
  3347. var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
  3348. // Create padding word
  3349. var paddingWord = (nPaddingBytes << 24) | (nPaddingBytes << 16) | (nPaddingBytes << 8) | nPaddingBytes;
  3350. // Create padding
  3351. var paddingWords = [];
  3352. for (var i = 0; i < nPaddingBytes; i += 4) {
  3353. paddingWords.push(paddingWord);
  3354. }
  3355. var padding = WordArray.create(paddingWords, nPaddingBytes);
  3356. // Add padding
  3357. data.concat(padding);
  3358. },
  3359. /**
  3360. * Unpads data that had been padded using the algorithm defined in PKCS #5/7.
  3361. *
  3362. * @param {WordArray} data The data to unpad.
  3363. *
  3364. * @static
  3365. *
  3366. * @example
  3367. *
  3368. * CryptoJS.pad.Pkcs7.unpad(wordArray);
  3369. */
  3370. unpad: function (data) {
  3371. // Get number of padding bytes from last byte
  3372. var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
  3373. // Remove padding
  3374. data.sigBytes -= nPaddingBytes;
  3375. }
  3376. };
  3377. /**
  3378. * Abstract base block cipher template.
  3379. *
  3380. * @property {number} blockSize The number of 32-bit words this cipher operates on. Default: 4 (128 bits)
  3381. */
  3382. var BlockCipher = C_lib.BlockCipher = Cipher.extend({
  3383. /**
  3384. * Configuration options.
  3385. *
  3386. * @property {Mode} mode The block mode to use. Default: CBC
  3387. * @property {Padding} padding The padding strategy to use. Default: Pkcs7
  3388. */
  3389. cfg: Cipher.cfg.extend({
  3390. mode: CBC,
  3391. padding: Pkcs7
  3392. }),
  3393. reset: function () {
  3394. var modeCreator;
  3395. // Reset cipher
  3396. Cipher.reset.call(this);
  3397. // Shortcuts
  3398. var cfg = this.cfg;
  3399. var iv = cfg.iv;
  3400. var mode = cfg.mode;
  3401. // Reset block mode
  3402. if (this._xformMode == this._ENC_XFORM_MODE) {
  3403. modeCreator = mode.createEncryptor;
  3404. } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
  3405. modeCreator = mode.createDecryptor;
  3406. // Keep at least one block in the buffer for unpadding
  3407. this._minBufferSize = 1;
  3408. }
  3409. if (this._mode && this._mode.__creator == modeCreator) {
  3410. this._mode.init(this, iv && iv.words);
  3411. } else {
  3412. this._mode = modeCreator.call(mode, this, iv && iv.words);
  3413. this._mode.__creator = modeCreator;
  3414. }
  3415. },
  3416. _doProcessBlock: function (words, offset) {
  3417. this._mode.processBlock(words, offset);
  3418. },
  3419. _doFinalize: function () {
  3420. var finalProcessedBlocks;
  3421. // Shortcut
  3422. var padding = this.cfg.padding;
  3423. // Finalize
  3424. if (this._xformMode == this._ENC_XFORM_MODE) {
  3425. // Pad data
  3426. padding.pad(this._data, this.blockSize);
  3427. // Process final blocks
  3428. finalProcessedBlocks = this._process(!!'flush');
  3429. } else /* if (this._xformMode == this._DEC_XFORM_MODE) */ {
  3430. // Process final blocks
  3431. finalProcessedBlocks = this._process(!!'flush');
  3432. // Unpad data
  3433. padding.unpad(finalProcessedBlocks);
  3434. }
  3435. return finalProcessedBlocks;
  3436. },
  3437. blockSize: 128/32
  3438. });
  3439. /**
  3440. * A collection of cipher parameters.
  3441. *
  3442. * @property {WordArray} ciphertext The raw ciphertext.
  3443. * @property {WordArray} key The key to this ciphertext.
  3444. * @property {WordArray} iv The IV used in the ciphering operation.
  3445. * @property {WordArray} salt The salt used with a key derivation function.
  3446. * @property {Cipher} algorithm The cipher algorithm.
  3447. * @property {Mode} mode The block mode used in the ciphering operation.
  3448. * @property {Padding} padding The padding scheme used in the ciphering operation.
  3449. * @property {number} blockSize The block size of the cipher.
  3450. * @property {Format} formatter The default formatting strategy to convert this cipher params object to a string.
  3451. */
  3452. var CipherParams = C_lib.CipherParams = Base.extend({
  3453. /**
  3454. * Initializes a newly created cipher params object.
  3455. *
  3456. * @param {Object} cipherParams An object with any of the possible cipher parameters.
  3457. *
  3458. * @example
  3459. *
  3460. * var cipherParams = CryptoJS.lib.CipherParams.create({
  3461. * ciphertext: ciphertextWordArray,
  3462. * key: keyWordArray,
  3463. * iv: ivWordArray,
  3464. * salt: saltWordArray,
  3465. * algorithm: CryptoJS.algo.AES,
  3466. * mode: CryptoJS.mode.CBC,
  3467. * padding: CryptoJS.pad.PKCS7,
  3468. * blockSize: 4,
  3469. * formatter: CryptoJS.format.OpenSSL
  3470. * });
  3471. */
  3472. init: function (cipherParams) {
  3473. this.mixIn(cipherParams);
  3474. },
  3475. /**
  3476. * Converts this cipher params object to a string.
  3477. *
  3478. * @param {Format} formatter (Optional) The formatting strategy to use.
  3479. *
  3480. * @return {string} The stringified cipher params.
  3481. *
  3482. * @throws Error If neither the formatter nor the default formatter is set.
  3483. *
  3484. * @example
  3485. *
  3486. * var string = cipherParams + '';
  3487. * var string = cipherParams.toString();
  3488. * var string = cipherParams.toString(CryptoJS.format.OpenSSL);
  3489. */
  3490. toString: function (formatter) {
  3491. return (formatter || this.formatter).stringify(this);
  3492. }
  3493. });
  3494. /**
  3495. * Format namespace.
  3496. */
  3497. var C_format = C.format = {};
  3498. /**
  3499. * OpenSSL formatting strategy.
  3500. */
  3501. var OpenSSLFormatter = C_format.OpenSSL = {
  3502. /**
  3503. * Converts a cipher params object to an OpenSSL-compatible string.
  3504. *
  3505. * @param {CipherParams} cipherParams The cipher params object.
  3506. *
  3507. * @return {string} The OpenSSL-compatible string.
  3508. *
  3509. * @static
  3510. *
  3511. * @example
  3512. *
  3513. * var openSSLString = CryptoJS.format.OpenSSL.stringify(cipherParams);
  3514. */
  3515. stringify: function (cipherParams) {
  3516. var wordArray;
  3517. // Shortcuts
  3518. var ciphertext = cipherParams.ciphertext;
  3519. var salt = cipherParams.salt;
  3520. // Format
  3521. if (salt) {
  3522. wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
  3523. } else {
  3524. wordArray = ciphertext;
  3525. }
  3526. return wordArray.toString(Base64);
  3527. },
  3528. /**
  3529. * Converts an OpenSSL-compatible string to a cipher params object.
  3530. *
  3531. * @param {string} openSSLStr The OpenSSL-compatible string.
  3532. *
  3533. * @return {CipherParams} The cipher params object.
  3534. *
  3535. * @static
  3536. *
  3537. * @example
  3538. *
  3539. * var cipherParams = CryptoJS.format.OpenSSL.parse(openSSLString);
  3540. */
  3541. parse: function (openSSLStr) {
  3542. var salt;
  3543. // Parse base64
  3544. var ciphertext = Base64.parse(openSSLStr);
  3545. // Shortcut
  3546. var ciphertextWords = ciphertext.words;
  3547. // Test for salt
  3548. if (ciphertextWords[0] == 0x53616c74 && ciphertextWords[1] == 0x65645f5f) {
  3549. // Extract salt
  3550. salt = WordArray.create(ciphertextWords.slice(2, 4));
  3551. // Remove salt from ciphertext
  3552. ciphertextWords.splice(0, 4);
  3553. ciphertext.sigBytes -= 16;
  3554. }
  3555. return CipherParams.create({ ciphertext: ciphertext, salt: salt });
  3556. }
  3557. };
  3558. /**
  3559. * A cipher wrapper that returns ciphertext as a serializable cipher params object.
  3560. */
  3561. var SerializableCipher = C_lib.SerializableCipher = Base.extend({
  3562. /**
  3563. * Configuration options.
  3564. *
  3565. * @property {Formatter} format The formatting strategy to convert cipher param objects to and from a string. Default: OpenSSL
  3566. */
  3567. cfg: Base.extend({
  3568. format: OpenSSLFormatter
  3569. }),
  3570. /**
  3571. * Encrypts a message.
  3572. *
  3573. * @param {Cipher} cipher The cipher algorithm to use.
  3574. * @param {WordArray|string} message The message to encrypt.
  3575. * @param {WordArray} key The key.
  3576. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3577. *
  3578. * @return {CipherParams} A cipher params object.
  3579. *
  3580. * @static
  3581. *
  3582. * @example
  3583. *
  3584. * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key);
  3585. * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv });
  3586. * var ciphertextParams = CryptoJS.lib.SerializableCipher.encrypt(CryptoJS.algo.AES, message, key, { iv: iv, format: CryptoJS.format.OpenSSL });
  3587. */
  3588. encrypt: function (cipher, message, key, cfg) {
  3589. // Apply config defaults
  3590. cfg = this.cfg.extend(cfg);
  3591. // Encrypt
  3592. var encryptor = cipher.createEncryptor(key, cfg);
  3593. var ciphertext = encryptor.finalize(message);
  3594. // Shortcut
  3595. var cipherCfg = encryptor.cfg;
  3596. // Create and return serializable cipher params
  3597. return CipherParams.create({
  3598. ciphertext: ciphertext,
  3599. key: key,
  3600. iv: cipherCfg.iv,
  3601. algorithm: cipher,
  3602. mode: cipherCfg.mode,
  3603. padding: cipherCfg.padding,
  3604. blockSize: cipher.blockSize,
  3605. formatter: cfg.format
  3606. });
  3607. },
  3608. /**
  3609. * Decrypts serialized ciphertext.
  3610. *
  3611. * @param {Cipher} cipher The cipher algorithm to use.
  3612. * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
  3613. * @param {WordArray} key The key.
  3614. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3615. *
  3616. * @return {WordArray} The plaintext.
  3617. *
  3618. * @static
  3619. *
  3620. * @example
  3621. *
  3622. * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, key, { iv: iv, format: CryptoJS.format.OpenSSL });
  3623. * var plaintext = CryptoJS.lib.SerializableCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, key, { iv: iv, format: CryptoJS.format.OpenSSL });
  3624. */
  3625. decrypt: function (cipher, ciphertext, key, cfg) {
  3626. // Apply config defaults
  3627. cfg = this.cfg.extend(cfg);
  3628. // Convert string to CipherParams
  3629. ciphertext = this._parse(ciphertext, cfg.format);
  3630. // Decrypt
  3631. var plaintext = cipher.createDecryptor(key, cfg).finalize(ciphertext.ciphertext);
  3632. return plaintext;
  3633. },
  3634. /**
  3635. * Converts serialized ciphertext to CipherParams,
  3636. * else assumed CipherParams already and returns ciphertext unchanged.
  3637. *
  3638. * @param {CipherParams|string} ciphertext The ciphertext.
  3639. * @param {Formatter} format The formatting strategy to use to parse serialized ciphertext.
  3640. *
  3641. * @return {CipherParams} The unserialized ciphertext.
  3642. *
  3643. * @static
  3644. *
  3645. * @example
  3646. *
  3647. * var ciphertextParams = CryptoJS.lib.SerializableCipher._parse(ciphertextStringOrParams, format);
  3648. */
  3649. _parse: function (ciphertext, format) {
  3650. if (typeof ciphertext == 'string') {
  3651. return format.parse(ciphertext, this);
  3652. } else {
  3653. return ciphertext;
  3654. }
  3655. }
  3656. });
  3657. /**
  3658. * Key derivation function namespace.
  3659. */
  3660. var C_kdf = C.kdf = {};
  3661. /**
  3662. * OpenSSL key derivation function.
  3663. */
  3664. var OpenSSLKdf = C_kdf.OpenSSL = {
  3665. /**
  3666. * Derives a key and IV from a password.
  3667. *
  3668. * @param {string} password The password to derive from.
  3669. * @param {number} keySize The size in words of the key to generate.
  3670. * @param {number} ivSize The size in words of the IV to generate.
  3671. * @param {WordArray|string} salt (Optional) A 64-bit salt to use. If omitted, a salt will be generated randomly.
  3672. *
  3673. * @return {CipherParams} A cipher params object with the key, IV, and salt.
  3674. *
  3675. * @static
  3676. *
  3677. * @example
  3678. *
  3679. * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32);
  3680. * var derivedParams = CryptoJS.kdf.OpenSSL.execute('Password', 256/32, 128/32, 'saltsalt');
  3681. */
  3682. execute: function (password, keySize, ivSize, salt) {
  3683. // Generate random salt
  3684. if (!salt) {
  3685. salt = WordArray.random(64/8);
  3686. }
  3687. // Derive key and IV
  3688. var key = EvpKDF.create({ keySize: keySize + ivSize }).compute(password, salt);
  3689. // Separate key and IV
  3690. var iv = WordArray.create(key.words.slice(keySize), ivSize * 4);
  3691. key.sigBytes = keySize * 4;
  3692. // Return params
  3693. return CipherParams.create({ key: key, iv: iv, salt: salt });
  3694. }
  3695. };
  3696. /**
  3697. * A serializable cipher wrapper that derives the key from a password,
  3698. * and returns ciphertext as a serializable cipher params object.
  3699. */
  3700. var PasswordBasedCipher = C_lib.PasswordBasedCipher = SerializableCipher.extend({
  3701. /**
  3702. * Configuration options.
  3703. *
  3704. * @property {KDF} kdf The key derivation function to use to generate a key and IV from a password. Default: OpenSSL
  3705. */
  3706. cfg: SerializableCipher.cfg.extend({
  3707. kdf: OpenSSLKdf
  3708. }),
  3709. /**
  3710. * Encrypts a message using a password.
  3711. *
  3712. * @param {Cipher} cipher The cipher algorithm to use.
  3713. * @param {WordArray|string} message The message to encrypt.
  3714. * @param {string} password The password.
  3715. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3716. *
  3717. * @return {CipherParams} A cipher params object.
  3718. *
  3719. * @static
  3720. *
  3721. * @example
  3722. *
  3723. * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password');
  3724. * var ciphertextParams = CryptoJS.lib.PasswordBasedCipher.encrypt(CryptoJS.algo.AES, message, 'password', { format: CryptoJS.format.OpenSSL });
  3725. */
  3726. encrypt: function (cipher, message, password, cfg) {
  3727. // Apply config defaults
  3728. cfg = this.cfg.extend(cfg);
  3729. // Derive key and other params
  3730. var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize);
  3731. // Add IV to config
  3732. cfg.iv = derivedParams.iv;
  3733. // Encrypt
  3734. var ciphertext = SerializableCipher.encrypt.call(this, cipher, message, derivedParams.key, cfg);
  3735. // Mix in derived params
  3736. ciphertext.mixIn(derivedParams);
  3737. return ciphertext;
  3738. },
  3739. /**
  3740. * Decrypts serialized ciphertext using a password.
  3741. *
  3742. * @param {Cipher} cipher The cipher algorithm to use.
  3743. * @param {CipherParams|string} ciphertext The ciphertext to decrypt.
  3744. * @param {string} password The password.
  3745. * @param {Object} cfg (Optional) The configuration options to use for this operation.
  3746. *
  3747. * @return {WordArray} The plaintext.
  3748. *
  3749. * @static
  3750. *
  3751. * @example
  3752. *
  3753. * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, formattedCiphertext, 'password', { format: CryptoJS.format.OpenSSL });
  3754. * var plaintext = CryptoJS.lib.PasswordBasedCipher.decrypt(CryptoJS.algo.AES, ciphertextParams, 'password', { format: CryptoJS.format.OpenSSL });
  3755. */
  3756. decrypt: function (cipher, ciphertext, password, cfg) {
  3757. // Apply config defaults
  3758. cfg = this.cfg.extend(cfg);
  3759. // Convert string to CipherParams
  3760. ciphertext = this._parse(ciphertext, cfg.format);
  3761. // Derive key and other params
  3762. var derivedParams = cfg.kdf.execute(password, cipher.keySize, cipher.ivSize, ciphertext.salt);
  3763. // Add IV to config
  3764. cfg.iv = derivedParams.iv;
  3765. // Decrypt
  3766. var plaintext = SerializableCipher.decrypt.call(this, cipher, ciphertext, derivedParams.key, cfg);
  3767. return plaintext;
  3768. }
  3769. });
  3770. }());
  3771. /**
  3772. * Cipher Feedback block mode.
  3773. */
  3774. CryptoJS.mode.CFB = (function () {
  3775. var CFB = CryptoJS.lib.BlockCipherMode.extend();
  3776. CFB.Encryptor = CFB.extend({
  3777. processBlock: function (words, offset) {
  3778. // Shortcuts
  3779. var cipher = this._cipher;
  3780. var blockSize = cipher.blockSize;
  3781. generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
  3782. // Remember this block to use with next block
  3783. this._prevBlock = words.slice(offset, offset + blockSize);
  3784. }
  3785. });
  3786. CFB.Decryptor = CFB.extend({
  3787. processBlock: function (words, offset) {
  3788. // Shortcuts
  3789. var cipher = this._cipher;
  3790. var blockSize = cipher.blockSize;
  3791. // Remember this block to use with next block
  3792. var thisBlock = words.slice(offset, offset + blockSize);
  3793. generateKeystreamAndEncrypt.call(this, words, offset, blockSize, cipher);
  3794. // This block becomes the previous block
  3795. this._prevBlock = thisBlock;
  3796. }
  3797. });
  3798. function generateKeystreamAndEncrypt(words, offset, blockSize, cipher) {
  3799. var keystream;
  3800. // Shortcut
  3801. var iv = this._iv;
  3802. // Generate keystream
  3803. if (iv) {
  3804. keystream = iv.slice(0);
  3805. // Remove IV for subsequent blocks
  3806. this._iv = undefined;
  3807. } else {
  3808. keystream = this._prevBlock;
  3809. }
  3810. cipher.encryptBlock(keystream, 0);
  3811. // Encrypt
  3812. for (var i = 0; i < blockSize; i++) {
  3813. words[offset + i] ^= keystream[i];
  3814. }
  3815. }
  3816. return CFB;
  3817. }());
  3818. /**
  3819. * Counter block mode.
  3820. */
  3821. CryptoJS.mode.CTR = (function () {
  3822. var CTR = CryptoJS.lib.BlockCipherMode.extend();
  3823. var Encryptor = CTR.Encryptor = CTR.extend({
  3824. processBlock: function (words, offset) {
  3825. // Shortcuts
  3826. var cipher = this._cipher
  3827. var blockSize = cipher.blockSize;
  3828. var iv = this._iv;
  3829. var counter = this._counter;
  3830. // Generate keystream
  3831. if (iv) {
  3832. counter = this._counter = iv.slice(0);
  3833. // Remove IV for subsequent blocks
  3834. this._iv = undefined;
  3835. }
  3836. var keystream = counter.slice(0);
  3837. cipher.encryptBlock(keystream, 0);
  3838. // Increment counter
  3839. counter[blockSize - 1] = (counter[blockSize - 1] + 1) | 0
  3840. // Encrypt
  3841. for (var i = 0; i < blockSize; i++) {
  3842. words[offset + i] ^= keystream[i];
  3843. }
  3844. }
  3845. });
  3846. CTR.Decryptor = Encryptor;
  3847. return CTR;
  3848. }());
  3849. /** @preserve
  3850. * Counter block mode compatible with Dr Brian Gladman fileenc.c
  3851. * derived from CryptoJS.mode.CTR
  3852. * Jan Hruby jhruby.web@gmail.com
  3853. */
  3854. CryptoJS.mode.CTRGladman = (function () {
  3855. var CTRGladman = CryptoJS.lib.BlockCipherMode.extend();
  3856. function incWord(word)
  3857. {
  3858. if (((word >> 24) & 0xff) === 0xff) { //overflow
  3859. var b1 = (word >> 16)&0xff;
  3860. var b2 = (word >> 8)&0xff;
  3861. var b3 = word & 0xff;
  3862. if (b1 === 0xff) // overflow b1
  3863. {
  3864. b1 = 0;
  3865. if (b2 === 0xff)
  3866. {
  3867. b2 = 0;
  3868. if (b3 === 0xff)
  3869. {
  3870. b3 = 0;
  3871. }
  3872. else
  3873. {
  3874. ++b3;
  3875. }
  3876. }
  3877. else
  3878. {
  3879. ++b2;
  3880. }
  3881. }
  3882. else
  3883. {
  3884. ++b1;
  3885. }
  3886. word = 0;
  3887. word += (b1 << 16);
  3888. word += (b2 << 8);
  3889. word += b3;
  3890. }
  3891. else
  3892. {
  3893. word += (0x01 << 24);
  3894. }
  3895. return word;
  3896. }
  3897. function incCounter(counter)
  3898. {
  3899. if ((counter[0] = incWord(counter[0])) === 0)
  3900. {
  3901. // encr_data in fileenc.c from Dr Brian Gladman's counts only with DWORD j < 8
  3902. counter[1] = incWord(counter[1]);
  3903. }
  3904. return counter;
  3905. }
  3906. var Encryptor = CTRGladman.Encryptor = CTRGladman.extend({
  3907. processBlock: function (words, offset) {
  3908. // Shortcuts
  3909. var cipher = this._cipher
  3910. var blockSize = cipher.blockSize;
  3911. var iv = this._iv;
  3912. var counter = this._counter;
  3913. // Generate keystream
  3914. if (iv) {
  3915. counter = this._counter = iv.slice(0);
  3916. // Remove IV for subsequent blocks
  3917. this._iv = undefined;
  3918. }
  3919. incCounter(counter);
  3920. var keystream = counter.slice(0);
  3921. cipher.encryptBlock(keystream, 0);
  3922. // Encrypt
  3923. for (var i = 0; i < blockSize; i++) {
  3924. words[offset + i] ^= keystream[i];
  3925. }
  3926. }
  3927. });
  3928. CTRGladman.Decryptor = Encryptor;
  3929. return CTRGladman;
  3930. }());
  3931. /**
  3932. * Output Feedback block mode.
  3933. */
  3934. CryptoJS.mode.OFB = (function () {
  3935. var OFB = CryptoJS.lib.BlockCipherMode.extend();
  3936. var Encryptor = OFB.Encryptor = OFB.extend({
  3937. processBlock: function (words, offset) {
  3938. // Shortcuts
  3939. var cipher = this._cipher
  3940. var blockSize = cipher.blockSize;
  3941. var iv = this._iv;
  3942. var keystream = this._keystream;
  3943. // Generate keystream
  3944. if (iv) {
  3945. keystream = this._keystream = iv.slice(0);
  3946. // Remove IV for subsequent blocks
  3947. this._iv = undefined;
  3948. }
  3949. cipher.encryptBlock(keystream, 0);
  3950. // Encrypt
  3951. for (var i = 0; i < blockSize; i++) {
  3952. words[offset + i] ^= keystream[i];
  3953. }
  3954. }
  3955. });
  3956. OFB.Decryptor = Encryptor;
  3957. return OFB;
  3958. }());
  3959. /**
  3960. * Electronic Codebook block mode.
  3961. */
  3962. CryptoJS.mode.ECB = (function () {
  3963. var ECB = CryptoJS.lib.BlockCipherMode.extend();
  3964. ECB.Encryptor = ECB.extend({
  3965. processBlock: function (words, offset) {
  3966. this._cipher.encryptBlock(words, offset);
  3967. }
  3968. });
  3969. ECB.Decryptor = ECB.extend({
  3970. processBlock: function (words, offset) {
  3971. this._cipher.decryptBlock(words, offset);
  3972. }
  3973. });
  3974. return ECB;
  3975. }());
  3976. /**
  3977. * ANSI X.923 padding strategy.
  3978. */
  3979. CryptoJS.pad.AnsiX923 = {
  3980. pad: function (data, blockSize) {
  3981. // Shortcuts
  3982. var dataSigBytes = data.sigBytes;
  3983. var blockSizeBytes = blockSize * 4;
  3984. // Count padding bytes
  3985. var nPaddingBytes = blockSizeBytes - dataSigBytes % blockSizeBytes;
  3986. // Compute last byte position
  3987. var lastBytePos = dataSigBytes + nPaddingBytes - 1;
  3988. // Pad
  3989. data.clamp();
  3990. data.words[lastBytePos >>> 2] |= nPaddingBytes << (24 - (lastBytePos % 4) * 8);
  3991. data.sigBytes += nPaddingBytes;
  3992. },
  3993. unpad: function (data) {
  3994. // Get number of padding bytes from last byte
  3995. var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
  3996. // Remove padding
  3997. data.sigBytes -= nPaddingBytes;
  3998. }
  3999. };
  4000. /**
  4001. * ISO 10126 padding strategy.
  4002. */
  4003. CryptoJS.pad.Iso10126 = {
  4004. pad: function (data, blockSize) {
  4005. // Shortcut
  4006. var blockSizeBytes = blockSize * 4;
  4007. // Count padding bytes
  4008. var nPaddingBytes = blockSizeBytes - data.sigBytes % blockSizeBytes;
  4009. // Pad
  4010. data.concat(CryptoJS.lib.WordArray.random(nPaddingBytes - 1)).
  4011. concat(CryptoJS.lib.WordArray.create([nPaddingBytes << 24], 1));
  4012. },
  4013. unpad: function (data) {
  4014. // Get number of padding bytes from last byte
  4015. var nPaddingBytes = data.words[(data.sigBytes - 1) >>> 2] & 0xff;
  4016. // Remove padding
  4017. data.sigBytes -= nPaddingBytes;
  4018. }
  4019. };
  4020. /**
  4021. * ISO/IEC 9797-1 Padding Method 2.
  4022. */
  4023. CryptoJS.pad.Iso97971 = {
  4024. pad: function (data, blockSize) {
  4025. // Add 0x80 byte
  4026. data.concat(CryptoJS.lib.WordArray.create([0x80000000], 1));
  4027. // Zero pad the rest
  4028. CryptoJS.pad.ZeroPadding.pad(data, blockSize);
  4029. },
  4030. unpad: function (data) {
  4031. // Remove zero padding
  4032. CryptoJS.pad.ZeroPadding.unpad(data);
  4033. // Remove one more byte -- the 0x80 byte
  4034. data.sigBytes--;
  4035. }
  4036. };
  4037. /**
  4038. * Zero padding strategy.
  4039. */
  4040. CryptoJS.pad.ZeroPadding = {
  4041. pad: function (data, blockSize) {
  4042. // Shortcut
  4043. var blockSizeBytes = blockSize * 4;
  4044. // Pad
  4045. data.clamp();
  4046. data.sigBytes += blockSizeBytes - ((data.sigBytes % blockSizeBytes) || blockSizeBytes);
  4047. },
  4048. unpad: function (data) {
  4049. // Shortcut
  4050. var dataWords = data.words;
  4051. // Unpad
  4052. var i = data.sigBytes - 1;
  4053. for (var i = data.sigBytes - 1; i >= 0; i--) {
  4054. if (((dataWords[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff)) {
  4055. data.sigBytes = i + 1;
  4056. break;
  4057. }
  4058. }
  4059. }
  4060. };
  4061. /**
  4062. * A noop padding strategy.
  4063. */
  4064. CryptoJS.pad.NoPadding = {
  4065. pad: function () {
  4066. },
  4067. unpad: function () {
  4068. }
  4069. };
  4070. (function (undefined) {
  4071. // Shortcuts
  4072. var C = CryptoJS;
  4073. var C_lib = C.lib;
  4074. var CipherParams = C_lib.CipherParams;
  4075. var C_enc = C.enc;
  4076. var Hex = C_enc.Hex;
  4077. var C_format = C.format;
  4078. var HexFormatter = C_format.Hex = {
  4079. /**
  4080. * Converts the ciphertext of a cipher params object to a hexadecimally encoded string.
  4081. *
  4082. * @param {CipherParams} cipherParams The cipher params object.
  4083. *
  4084. * @return {string} The hexadecimally encoded string.
  4085. *
  4086. * @static
  4087. *
  4088. * @example
  4089. *
  4090. * var hexString = CryptoJS.format.Hex.stringify(cipherParams);
  4091. */
  4092. stringify: function (cipherParams) {
  4093. return cipherParams.ciphertext.toString(Hex);
  4094. },
  4095. /**
  4096. * Converts a hexadecimally encoded ciphertext string to a cipher params object.
  4097. *
  4098. * @param {string} input The hexadecimally encoded string.
  4099. *
  4100. * @return {CipherParams} The cipher params object.
  4101. *
  4102. * @static
  4103. *
  4104. * @example
  4105. *
  4106. * var cipherParams = CryptoJS.format.Hex.parse(hexString);
  4107. */
  4108. parse: function (input) {
  4109. var ciphertext = Hex.parse(input);
  4110. return CipherParams.create({ ciphertext: ciphertext });
  4111. }
  4112. };
  4113. }());
  4114. (function () {
  4115. // Shortcuts
  4116. var C = CryptoJS;
  4117. var C_lib = C.lib;
  4118. var BlockCipher = C_lib.BlockCipher;
  4119. var C_algo = C.algo;
  4120. // Lookup tables
  4121. var SBOX = [];
  4122. var INV_SBOX = [];
  4123. var SUB_MIX_0 = [];
  4124. var SUB_MIX_1 = [];
  4125. var SUB_MIX_2 = [];
  4126. var SUB_MIX_3 = [];
  4127. var INV_SUB_MIX_0 = [];
  4128. var INV_SUB_MIX_1 = [];
  4129. var INV_SUB_MIX_2 = [];
  4130. var INV_SUB_MIX_3 = [];
  4131. // Compute lookup tables
  4132. (function () {
  4133. // Compute double table
  4134. var d = [];
  4135. for (var i = 0; i < 256; i++) {
  4136. if (i < 128) {
  4137. d[i] = i << 1;
  4138. } else {
  4139. d[i] = (i << 1) ^ 0x11b;
  4140. }
  4141. }
  4142. // Walk GF(2^8)
  4143. var x = 0;
  4144. var xi = 0;
  4145. for (var i = 0; i < 256; i++) {
  4146. // Compute sbox
  4147. var sx = xi ^ (xi << 1) ^ (xi << 2) ^ (xi << 3) ^ (xi << 4);
  4148. sx = (sx >>> 8) ^ (sx & 0xff) ^ 0x63;
  4149. SBOX[x] = sx;
  4150. INV_SBOX[sx] = x;
  4151. // Compute multiplication
  4152. var x2 = d[x];
  4153. var x4 = d[x2];
  4154. var x8 = d[x4];
  4155. // Compute sub bytes, mix columns tables
  4156. var t = (d[sx] * 0x101) ^ (sx * 0x1010100);
  4157. SUB_MIX_0[x] = (t << 24) | (t >>> 8);
  4158. SUB_MIX_1[x] = (t << 16) | (t >>> 16);
  4159. SUB_MIX_2[x] = (t << 8) | (t >>> 24);
  4160. SUB_MIX_3[x] = t;
  4161. // Compute inv sub bytes, inv mix columns tables
  4162. var t = (x8 * 0x1010101) ^ (x4 * 0x10001) ^ (x2 * 0x101) ^ (x * 0x1010100);
  4163. INV_SUB_MIX_0[sx] = (t << 24) | (t >>> 8);
  4164. INV_SUB_MIX_1[sx] = (t << 16) | (t >>> 16);
  4165. INV_SUB_MIX_2[sx] = (t << 8) | (t >>> 24);
  4166. INV_SUB_MIX_3[sx] = t;
  4167. // Compute next counter
  4168. if (!x) {
  4169. x = xi = 1;
  4170. } else {
  4171. x = x2 ^ d[d[d[x8 ^ x2]]];
  4172. xi ^= d[d[xi]];
  4173. }
  4174. }
  4175. }());
  4176. // Precomputed Rcon lookup
  4177. var RCON = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36];
  4178. /**
  4179. * AES block cipher algorithm.
  4180. */
  4181. var AES = C_algo.AES = BlockCipher.extend({
  4182. _doReset: function () {
  4183. var t;
  4184. // Skip reset of nRounds has been set before and key did not change
  4185. if (this._nRounds && this._keyPriorReset === this._key) {
  4186. return;
  4187. }
  4188. // Shortcuts
  4189. var key = this._keyPriorReset = this._key;
  4190. var keyWords = key.words;
  4191. var keySize = key.sigBytes / 4;
  4192. // Compute number of rounds
  4193. var nRounds = this._nRounds = keySize + 6;
  4194. // Compute number of key schedule rows
  4195. var ksRows = (nRounds + 1) * 4;
  4196. // Compute key schedule
  4197. var keySchedule = this._keySchedule = [];
  4198. for (var ksRow = 0; ksRow < ksRows; ksRow++) {
  4199. if (ksRow < keySize) {
  4200. keySchedule[ksRow] = keyWords[ksRow];
  4201. } else {
  4202. t = keySchedule[ksRow - 1];
  4203. if (!(ksRow % keySize)) {
  4204. // Rot word
  4205. t = (t << 8) | (t >>> 24);
  4206. // Sub word
  4207. t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
  4208. // Mix Rcon
  4209. t ^= RCON[(ksRow / keySize) | 0] << 24;
  4210. } else if (keySize > 6 && ksRow % keySize == 4) {
  4211. // Sub word
  4212. t = (SBOX[t >>> 24] << 24) | (SBOX[(t >>> 16) & 0xff] << 16) | (SBOX[(t >>> 8) & 0xff] << 8) | SBOX[t & 0xff];
  4213. }
  4214. keySchedule[ksRow] = keySchedule[ksRow - keySize] ^ t;
  4215. }
  4216. }
  4217. // Compute inv key schedule
  4218. var invKeySchedule = this._invKeySchedule = [];
  4219. for (var invKsRow = 0; invKsRow < ksRows; invKsRow++) {
  4220. var ksRow = ksRows - invKsRow;
  4221. if (invKsRow % 4) {
  4222. var t = keySchedule[ksRow];
  4223. } else {
  4224. var t = keySchedule[ksRow - 4];
  4225. }
  4226. if (invKsRow < 4 || ksRow <= 4) {
  4227. invKeySchedule[invKsRow] = t;
  4228. } else {
  4229. invKeySchedule[invKsRow] = INV_SUB_MIX_0[SBOX[t >>> 24]] ^ INV_SUB_MIX_1[SBOX[(t >>> 16) & 0xff]] ^
  4230. INV_SUB_MIX_2[SBOX[(t >>> 8) & 0xff]] ^ INV_SUB_MIX_3[SBOX[t & 0xff]];
  4231. }
  4232. }
  4233. },
  4234. encryptBlock: function (M, offset) {
  4235. this._doCryptBlock(M, offset, this._keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX);
  4236. },
  4237. decryptBlock: function (M, offset) {
  4238. // Swap 2nd and 4th rows
  4239. var t = M[offset + 1];
  4240. M[offset + 1] = M[offset + 3];
  4241. M[offset + 3] = t;
  4242. this._doCryptBlock(M, offset, this._invKeySchedule, INV_SUB_MIX_0, INV_SUB_MIX_1, INV_SUB_MIX_2, INV_SUB_MIX_3, INV_SBOX);
  4243. // Inv swap 2nd and 4th rows
  4244. var t = M[offset + 1];
  4245. M[offset + 1] = M[offset + 3];
  4246. M[offset + 3] = t;
  4247. },
  4248. _doCryptBlock: function (M, offset, keySchedule, SUB_MIX_0, SUB_MIX_1, SUB_MIX_2, SUB_MIX_3, SBOX) {
  4249. // Shortcut
  4250. var nRounds = this._nRounds;
  4251. // Get input, add round key
  4252. var s0 = M[offset] ^ keySchedule[0];
  4253. var s1 = M[offset + 1] ^ keySchedule[1];
  4254. var s2 = M[offset + 2] ^ keySchedule[2];
  4255. var s3 = M[offset + 3] ^ keySchedule[3];
  4256. // Key schedule row counter
  4257. var ksRow = 4;
  4258. // Rounds
  4259. for (var round = 1; round < nRounds; round++) {
  4260. // Shift rows, sub bytes, mix columns, add round key
  4261. var t0 = SUB_MIX_0[s0 >>> 24] ^ SUB_MIX_1[(s1 >>> 16) & 0xff] ^ SUB_MIX_2[(s2 >>> 8) & 0xff] ^ SUB_MIX_3[s3 & 0xff] ^ keySchedule[ksRow++];
  4262. var t1 = SUB_MIX_0[s1 >>> 24] ^ SUB_MIX_1[(s2 >>> 16) & 0xff] ^ SUB_MIX_2[(s3 >>> 8) & 0xff] ^ SUB_MIX_3[s0 & 0xff] ^ keySchedule[ksRow++];
  4263. var t2 = SUB_MIX_0[s2 >>> 24] ^ SUB_MIX_1[(s3 >>> 16) & 0xff] ^ SUB_MIX_2[(s0 >>> 8) & 0xff] ^ SUB_MIX_3[s1 & 0xff] ^ keySchedule[ksRow++];
  4264. var t3 = SUB_MIX_0[s3 >>> 24] ^ SUB_MIX_1[(s0 >>> 16) & 0xff] ^ SUB_MIX_2[(s1 >>> 8) & 0xff] ^ SUB_MIX_3[s2 & 0xff] ^ keySchedule[ksRow++];
  4265. // Update state
  4266. s0 = t0;
  4267. s1 = t1;
  4268. s2 = t2;
  4269. s3 = t3;
  4270. }
  4271. // Shift rows, sub bytes, add round key
  4272. var t0 = ((SBOX[s0 >>> 24] << 24) | (SBOX[(s1 >>> 16) & 0xff] << 16) | (SBOX[(s2 >>> 8) & 0xff] << 8) | SBOX[s3 & 0xff]) ^ keySchedule[ksRow++];
  4273. var t1 = ((SBOX[s1 >>> 24] << 24) | (SBOX[(s2 >>> 16) & 0xff] << 16) | (SBOX[(s3 >>> 8) & 0xff] << 8) | SBOX[s0 & 0xff]) ^ keySchedule[ksRow++];
  4274. var t2 = ((SBOX[s2 >>> 24] << 24) | (SBOX[(s3 >>> 16) & 0xff] << 16) | (SBOX[(s0 >>> 8) & 0xff] << 8) | SBOX[s1 & 0xff]) ^ keySchedule[ksRow++];
  4275. var t3 = ((SBOX[s3 >>> 24] << 24) | (SBOX[(s0 >>> 16) & 0xff] << 16) | (SBOX[(s1 >>> 8) & 0xff] << 8) | SBOX[s2 & 0xff]) ^ keySchedule[ksRow++];
  4276. // Set output
  4277. M[offset] = t0;
  4278. M[offset + 1] = t1;
  4279. M[offset + 2] = t2;
  4280. M[offset + 3] = t3;
  4281. },
  4282. keySize: 256/32
  4283. });
  4284. /**
  4285. * Shortcut functions to the cipher's object interface.
  4286. *
  4287. * @example
  4288. *
  4289. * var ciphertext = CryptoJS.AES.encrypt(message, key, cfg);
  4290. * var plaintext = CryptoJS.AES.decrypt(ciphertext, key, cfg);
  4291. */
  4292. C.AES = BlockCipher._createHelper(AES);
  4293. }());
  4294. (function () {
  4295. // Shortcuts
  4296. var C = CryptoJS;
  4297. var C_lib = C.lib;
  4298. var WordArray = C_lib.WordArray;
  4299. var BlockCipher = C_lib.BlockCipher;
  4300. var C_algo = C.algo;
  4301. // Permuted Choice 1 constants
  4302. var PC1 = [
  4303. 57, 49, 41, 33, 25, 17, 9, 1,
  4304. 58, 50, 42, 34, 26, 18, 10, 2,
  4305. 59, 51, 43, 35, 27, 19, 11, 3,
  4306. 60, 52, 44, 36, 63, 55, 47, 39,
  4307. 31, 23, 15, 7, 62, 54, 46, 38,
  4308. 30, 22, 14, 6, 61, 53, 45, 37,
  4309. 29, 21, 13, 5, 28, 20, 12, 4
  4310. ];
  4311. // Permuted Choice 2 constants
  4312. var PC2 = [
  4313. 14, 17, 11, 24, 1, 5,
  4314. 3, 28, 15, 6, 21, 10,
  4315. 23, 19, 12, 4, 26, 8,
  4316. 16, 7, 27, 20, 13, 2,
  4317. 41, 52, 31, 37, 47, 55,
  4318. 30, 40, 51, 45, 33, 48,
  4319. 44, 49, 39, 56, 34, 53,
  4320. 46, 42, 50, 36, 29, 32
  4321. ];
  4322. // Cumulative bit shift constants
  4323. var BIT_SHIFTS = [1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28];
  4324. // SBOXes and round permutation constants
  4325. var SBOX_P = [
  4326. {
  4327. 0x0: 0x808200,
  4328. 0x10000000: 0x8000,
  4329. 0x20000000: 0x808002,
  4330. 0x30000000: 0x2,
  4331. 0x40000000: 0x200,
  4332. 0x50000000: 0x808202,
  4333. 0x60000000: 0x800202,
  4334. 0x70000000: 0x800000,
  4335. 0x80000000: 0x202,
  4336. 0x90000000: 0x800200,
  4337. 0xa0000000: 0x8200,
  4338. 0xb0000000: 0x808000,
  4339. 0xc0000000: 0x8002,
  4340. 0xd0000000: 0x800002,
  4341. 0xe0000000: 0x0,
  4342. 0xf0000000: 0x8202,
  4343. 0x8000000: 0x0,
  4344. 0x18000000: 0x808202,
  4345. 0x28000000: 0x8202,
  4346. 0x38000000: 0x8000,
  4347. 0x48000000: 0x808200,
  4348. 0x58000000: 0x200,
  4349. 0x68000000: 0x808002,
  4350. 0x78000000: 0x2,
  4351. 0x88000000: 0x800200,
  4352. 0x98000000: 0x8200,
  4353. 0xa8000000: 0x808000,
  4354. 0xb8000000: 0x800202,
  4355. 0xc8000000: 0x800002,
  4356. 0xd8000000: 0x8002,
  4357. 0xe8000000: 0x202,
  4358. 0xf8000000: 0x800000,
  4359. 0x1: 0x8000,
  4360. 0x10000001: 0x2,
  4361. 0x20000001: 0x808200,
  4362. 0x30000001: 0x800000,
  4363. 0x40000001: 0x808002,
  4364. 0x50000001: 0x8200,
  4365. 0x60000001: 0x200,
  4366. 0x70000001: 0x800202,
  4367. 0x80000001: 0x808202,
  4368. 0x90000001: 0x808000,
  4369. 0xa0000001: 0x800002,
  4370. 0xb0000001: 0x8202,
  4371. 0xc0000001: 0x202,
  4372. 0xd0000001: 0x800200,
  4373. 0xe0000001: 0x8002,
  4374. 0xf0000001: 0x0,
  4375. 0x8000001: 0x808202,
  4376. 0x18000001: 0x808000,
  4377. 0x28000001: 0x800000,
  4378. 0x38000001: 0x200,
  4379. 0x48000001: 0x8000,
  4380. 0x58000001: 0x800002,
  4381. 0x68000001: 0x2,
  4382. 0x78000001: 0x8202,
  4383. 0x88000001: 0x8002,
  4384. 0x98000001: 0x800202,
  4385. 0xa8000001: 0x202,
  4386. 0xb8000001: 0x808200,
  4387. 0xc8000001: 0x800200,
  4388. 0xd8000001: 0x0,
  4389. 0xe8000001: 0x8200,
  4390. 0xf8000001: 0x808002
  4391. },
  4392. {
  4393. 0x0: 0x40084010,
  4394. 0x1000000: 0x4000,
  4395. 0x2000000: 0x80000,
  4396. 0x3000000: 0x40080010,
  4397. 0x4000000: 0x40000010,
  4398. 0x5000000: 0x40084000,
  4399. 0x6000000: 0x40004000,
  4400. 0x7000000: 0x10,
  4401. 0x8000000: 0x84000,
  4402. 0x9000000: 0x40004010,
  4403. 0xa000000: 0x40000000,
  4404. 0xb000000: 0x84010,
  4405. 0xc000000: 0x80010,
  4406. 0xd000000: 0x0,
  4407. 0xe000000: 0x4010,
  4408. 0xf000000: 0x40080000,
  4409. 0x800000: 0x40004000,
  4410. 0x1800000: 0x84010,
  4411. 0x2800000: 0x10,
  4412. 0x3800000: 0x40004010,
  4413. 0x4800000: 0x40084010,
  4414. 0x5800000: 0x40000000,
  4415. 0x6800000: 0x80000,
  4416. 0x7800000: 0x40080010,
  4417. 0x8800000: 0x80010,
  4418. 0x9800000: 0x0,
  4419. 0xa800000: 0x4000,
  4420. 0xb800000: 0x40080000,
  4421. 0xc800000: 0x40000010,
  4422. 0xd800000: 0x84000,
  4423. 0xe800000: 0x40084000,
  4424. 0xf800000: 0x4010,
  4425. 0x10000000: 0x0,
  4426. 0x11000000: 0x40080010,
  4427. 0x12000000: 0x40004010,
  4428. 0x13000000: 0x40084000,
  4429. 0x14000000: 0x40080000,
  4430. 0x15000000: 0x10,
  4431. 0x16000000: 0x84010,
  4432. 0x17000000: 0x4000,
  4433. 0x18000000: 0x4010,
  4434. 0x19000000: 0x80000,
  4435. 0x1a000000: 0x80010,
  4436. 0x1b000000: 0x40000010,
  4437. 0x1c000000: 0x84000,
  4438. 0x1d000000: 0x40004000,
  4439. 0x1e000000: 0x40000000,
  4440. 0x1f000000: 0x40084010,
  4441. 0x10800000: 0x84010,
  4442. 0x11800000: 0x80000,
  4443. 0x12800000: 0x40080000,
  4444. 0x13800000: 0x4000,
  4445. 0x14800000: 0x40004000,
  4446. 0x15800000: 0x40084010,
  4447. 0x16800000: 0x10,
  4448. 0x17800000: 0x40000000,
  4449. 0x18800000: 0x40084000,
  4450. 0x19800000: 0x40000010,
  4451. 0x1a800000: 0x40004010,
  4452. 0x1b800000: 0x80010,
  4453. 0x1c800000: 0x0,
  4454. 0x1d800000: 0x4010,
  4455. 0x1e800000: 0x40080010,
  4456. 0x1f800000: 0x84000
  4457. },
  4458. {
  4459. 0x0: 0x104,
  4460. 0x100000: 0x0,
  4461. 0x200000: 0x4000100,
  4462. 0x300000: 0x10104,
  4463. 0x400000: 0x10004,
  4464. 0x500000: 0x4000004,
  4465. 0x600000: 0x4010104,
  4466. 0x700000: 0x4010000,
  4467. 0x800000: 0x4000000,
  4468. 0x900000: 0x4010100,
  4469. 0xa00000: 0x10100,
  4470. 0xb00000: 0x4010004,
  4471. 0xc00000: 0x4000104,
  4472. 0xd00000: 0x10000,
  4473. 0xe00000: 0x4,
  4474. 0xf00000: 0x100,
  4475. 0x80000: 0x4010100,
  4476. 0x180000: 0x4010004,
  4477. 0x280000: 0x0,
  4478. 0x380000: 0x4000100,
  4479. 0x480000: 0x4000004,
  4480. 0x580000: 0x10000,
  4481. 0x680000: 0x10004,
  4482. 0x780000: 0x104,
  4483. 0x880000: 0x4,
  4484. 0x980000: 0x100,
  4485. 0xa80000: 0x4010000,
  4486. 0xb80000: 0x10104,
  4487. 0xc80000: 0x10100,
  4488. 0xd80000: 0x4000104,
  4489. 0xe80000: 0x4010104,
  4490. 0xf80000: 0x4000000,
  4491. 0x1000000: 0x4010100,
  4492. 0x1100000: 0x10004,
  4493. 0x1200000: 0x10000,
  4494. 0x1300000: 0x4000100,
  4495. 0x1400000: 0x100,
  4496. 0x1500000: 0x4010104,
  4497. 0x1600000: 0x4000004,
  4498. 0x1700000: 0x0,
  4499. 0x1800000: 0x4000104,
  4500. 0x1900000: 0x4000000,
  4501. 0x1a00000: 0x4,
  4502. 0x1b00000: 0x10100,
  4503. 0x1c00000: 0x4010000,
  4504. 0x1d00000: 0x104,
  4505. 0x1e00000: 0x10104,
  4506. 0x1f00000: 0x4010004,
  4507. 0x1080000: 0x4000000,
  4508. 0x1180000: 0x104,
  4509. 0x1280000: 0x4010100,
  4510. 0x1380000: 0x0,
  4511. 0x1480000: 0x10004,
  4512. 0x1580000: 0x4000100,
  4513. 0x1680000: 0x100,
  4514. 0x1780000: 0x4010004,
  4515. 0x1880000: 0x10000,
  4516. 0x1980000: 0x4010104,
  4517. 0x1a80000: 0x10104,
  4518. 0x1b80000: 0x4000004,
  4519. 0x1c80000: 0x4000104,
  4520. 0x1d80000: 0x4010000,
  4521. 0x1e80000: 0x4,
  4522. 0x1f80000: 0x10100
  4523. },
  4524. {
  4525. 0x0: 0x80401000,
  4526. 0x10000: 0x80001040,
  4527. 0x20000: 0x401040,
  4528. 0x30000: 0x80400000,
  4529. 0x40000: 0x0,
  4530. 0x50000: 0x401000,
  4531. 0x60000: 0x80000040,
  4532. 0x70000: 0x400040,
  4533. 0x80000: 0x80000000,
  4534. 0x90000: 0x400000,
  4535. 0xa0000: 0x40,
  4536. 0xb0000: 0x80001000,
  4537. 0xc0000: 0x80400040,
  4538. 0xd0000: 0x1040,
  4539. 0xe0000: 0x1000,
  4540. 0xf0000: 0x80401040,
  4541. 0x8000: 0x80001040,
  4542. 0x18000: 0x40,
  4543. 0x28000: 0x80400040,
  4544. 0x38000: 0x80001000,
  4545. 0x48000: 0x401000,
  4546. 0x58000: 0x80401040,
  4547. 0x68000: 0x0,
  4548. 0x78000: 0x80400000,
  4549. 0x88000: 0x1000,
  4550. 0x98000: 0x80401000,
  4551. 0xa8000: 0x400000,
  4552. 0xb8000: 0x1040,
  4553. 0xc8000: 0x80000000,
  4554. 0xd8000: 0x400040,
  4555. 0xe8000: 0x401040,
  4556. 0xf8000: 0x80000040,
  4557. 0x100000: 0x400040,
  4558. 0x110000: 0x401000,
  4559. 0x120000: 0x80000040,
  4560. 0x130000: 0x0,
  4561. 0x140000: 0x1040,
  4562. 0x150000: 0x80400040,
  4563. 0x160000: 0x80401000,
  4564. 0x170000: 0x80001040,
  4565. 0x180000: 0x80401040,
  4566. 0x190000: 0x80000000,
  4567. 0x1a0000: 0x80400000,
  4568. 0x1b0000: 0x401040,
  4569. 0x1c0000: 0x80001000,
  4570. 0x1d0000: 0x400000,
  4571. 0x1e0000: 0x40,
  4572. 0x1f0000: 0x1000,
  4573. 0x108000: 0x80400000,
  4574. 0x118000: 0x80401040,
  4575. 0x128000: 0x0,
  4576. 0x138000: 0x401000,
  4577. 0x148000: 0x400040,
  4578. 0x158000: 0x80000000,
  4579. 0x168000: 0x80001040,
  4580. 0x178000: 0x40,
  4581. 0x188000: 0x80000040,
  4582. 0x198000: 0x1000,
  4583. 0x1a8000: 0x80001000,
  4584. 0x1b8000: 0x80400040,
  4585. 0x1c8000: 0x1040,
  4586. 0x1d8000: 0x80401000,
  4587. 0x1e8000: 0x400000,
  4588. 0x1f8000: 0x401040
  4589. },
  4590. {
  4591. 0x0: 0x80,
  4592. 0x1000: 0x1040000,
  4593. 0x2000: 0x40000,
  4594. 0x3000: 0x20000000,
  4595. 0x4000: 0x20040080,
  4596. 0x5000: 0x1000080,
  4597. 0x6000: 0x21000080,
  4598. 0x7000: 0x40080,
  4599. 0x8000: 0x1000000,
  4600. 0x9000: 0x20040000,
  4601. 0xa000: 0x20000080,
  4602. 0xb000: 0x21040080,
  4603. 0xc000: 0x21040000,
  4604. 0xd000: 0x0,
  4605. 0xe000: 0x1040080,
  4606. 0xf000: 0x21000000,
  4607. 0x800: 0x1040080,
  4608. 0x1800: 0x21000080,
  4609. 0x2800: 0x80,
  4610. 0x3800: 0x1040000,
  4611. 0x4800: 0x40000,
  4612. 0x5800: 0x20040080,
  4613. 0x6800: 0x21040000,
  4614. 0x7800: 0x20000000,
  4615. 0x8800: 0x20040000,
  4616. 0x9800: 0x0,
  4617. 0xa800: 0x21040080,
  4618. 0xb800: 0x1000080,
  4619. 0xc800: 0x20000080,
  4620. 0xd800: 0x21000000,
  4621. 0xe800: 0x1000000,
  4622. 0xf800: 0x40080,
  4623. 0x10000: 0x40000,
  4624. 0x11000: 0x80,
  4625. 0x12000: 0x20000000,
  4626. 0x13000: 0x21000080,
  4627. 0x14000: 0x1000080,
  4628. 0x15000: 0x21040000,
  4629. 0x16000: 0x20040080,
  4630. 0x17000: 0x1000000,
  4631. 0x18000: 0x21040080,
  4632. 0x19000: 0x21000000,
  4633. 0x1a000: 0x1040000,
  4634. 0x1b000: 0x20040000,
  4635. 0x1c000: 0x40080,
  4636. 0x1d000: 0x20000080,
  4637. 0x1e000: 0x0,
  4638. 0x1f000: 0x1040080,
  4639. 0x10800: 0x21000080,
  4640. 0x11800: 0x1000000,
  4641. 0x12800: 0x1040000,
  4642. 0x13800: 0x20040080,
  4643. 0x14800: 0x20000000,
  4644. 0x15800: 0x1040080,
  4645. 0x16800: 0x80,
  4646. 0x17800: 0x21040000,
  4647. 0x18800: 0x40080,
  4648. 0x19800: 0x21040080,
  4649. 0x1a800: 0x0,
  4650. 0x1b800: 0x21000000,
  4651. 0x1c800: 0x1000080,
  4652. 0x1d800: 0x40000,
  4653. 0x1e800: 0x20040000,
  4654. 0x1f800: 0x20000080
  4655. },
  4656. {
  4657. 0x0: 0x10000008,
  4658. 0x100: 0x2000,
  4659. 0x200: 0x10200000,
  4660. 0x300: 0x10202008,
  4661. 0x400: 0x10002000,
  4662. 0x500: 0x200000,
  4663. 0x600: 0x200008,
  4664. 0x700: 0x10000000,
  4665. 0x800: 0x0,
  4666. 0x900: 0x10002008,
  4667. 0xa00: 0x202000,
  4668. 0xb00: 0x8,
  4669. 0xc00: 0x10200008,
  4670. 0xd00: 0x202008,
  4671. 0xe00: 0x2008,
  4672. 0xf00: 0x10202000,
  4673. 0x80: 0x10200000,
  4674. 0x180: 0x10202008,
  4675. 0x280: 0x8,
  4676. 0x380: 0x200000,
  4677. 0x480: 0x202008,
  4678. 0x580: 0x10000008,
  4679. 0x680: 0x10002000,
  4680. 0x780: 0x2008,
  4681. 0x880: 0x200008,
  4682. 0x980: 0x2000,
  4683. 0xa80: 0x10002008,
  4684. 0xb80: 0x10200008,
  4685. 0xc80: 0x0,
  4686. 0xd80: 0x10202000,
  4687. 0xe80: 0x202000,
  4688. 0xf80: 0x10000000,
  4689. 0x1000: 0x10002000,
  4690. 0x1100: 0x10200008,
  4691. 0x1200: 0x10202008,
  4692. 0x1300: 0x2008,
  4693. 0x1400: 0x200000,
  4694. 0x1500: 0x10000000,
  4695. 0x1600: 0x10000008,
  4696. 0x1700: 0x202000,
  4697. 0x1800: 0x202008,
  4698. 0x1900: 0x0,
  4699. 0x1a00: 0x8,
  4700. 0x1b00: 0x10200000,
  4701. 0x1c00: 0x2000,
  4702. 0x1d00: 0x10002008,
  4703. 0x1e00: 0x10202000,
  4704. 0x1f00: 0x200008,
  4705. 0x1080: 0x8,
  4706. 0x1180: 0x202000,
  4707. 0x1280: 0x200000,
  4708. 0x1380: 0x10000008,
  4709. 0x1480: 0x10002000,
  4710. 0x1580: 0x2008,
  4711. 0x1680: 0x10202008,
  4712. 0x1780: 0x10200000,
  4713. 0x1880: 0x10202000,
  4714. 0x1980: 0x10200008,
  4715. 0x1a80: 0x2000,
  4716. 0x1b80: 0x202008,
  4717. 0x1c80: 0x200008,
  4718. 0x1d80: 0x0,
  4719. 0x1e80: 0x10000000,
  4720. 0x1f80: 0x10002008
  4721. },
  4722. {
  4723. 0x0: 0x100000,
  4724. 0x10: 0x2000401,
  4725. 0x20: 0x400,
  4726. 0x30: 0x100401,
  4727. 0x40: 0x2100401,
  4728. 0x50: 0x0,
  4729. 0x60: 0x1,
  4730. 0x70: 0x2100001,
  4731. 0x80: 0x2000400,
  4732. 0x90: 0x100001,
  4733. 0xa0: 0x2000001,
  4734. 0xb0: 0x2100400,
  4735. 0xc0: 0x2100000,
  4736. 0xd0: 0x401,
  4737. 0xe0: 0x100400,
  4738. 0xf0: 0x2000000,
  4739. 0x8: 0x2100001,
  4740. 0x18: 0x0,
  4741. 0x28: 0x2000401,
  4742. 0x38: 0x2100400,
  4743. 0x48: 0x100000,
  4744. 0x58: 0x2000001,
  4745. 0x68: 0x2000000,
  4746. 0x78: 0x401,
  4747. 0x88: 0x100401,
  4748. 0x98: 0x2000400,
  4749. 0xa8: 0x2100000,
  4750. 0xb8: 0x100001,
  4751. 0xc8: 0x400,
  4752. 0xd8: 0x2100401,
  4753. 0xe8: 0x1,
  4754. 0xf8: 0x100400,
  4755. 0x100: 0x2000000,
  4756. 0x110: 0x100000,
  4757. 0x120: 0x2000401,
  4758. 0x130: 0x2100001,
  4759. 0x140: 0x100001,
  4760. 0x150: 0x2000400,
  4761. 0x160: 0x2100400,
  4762. 0x170: 0x100401,
  4763. 0x180: 0x401,
  4764. 0x190: 0x2100401,
  4765. 0x1a0: 0x100400,
  4766. 0x1b0: 0x1,
  4767. 0x1c0: 0x0,
  4768. 0x1d0: 0x2100000,
  4769. 0x1e0: 0x2000001,
  4770. 0x1f0: 0x400,
  4771. 0x108: 0x100400,
  4772. 0x118: 0x2000401,
  4773. 0x128: 0x2100001,
  4774. 0x138: 0x1,
  4775. 0x148: 0x2000000,
  4776. 0x158: 0x100000,
  4777. 0x168: 0x401,
  4778. 0x178: 0x2100400,
  4779. 0x188: 0x2000001,
  4780. 0x198: 0x2100000,
  4781. 0x1a8: 0x0,
  4782. 0x1b8: 0x2100401,
  4783. 0x1c8: 0x100401,
  4784. 0x1d8: 0x400,
  4785. 0x1e8: 0x2000400,
  4786. 0x1f8: 0x100001
  4787. },
  4788. {
  4789. 0x0: 0x8000820,
  4790. 0x1: 0x20000,
  4791. 0x2: 0x8000000,
  4792. 0x3: 0x20,
  4793. 0x4: 0x20020,
  4794. 0x5: 0x8020820,
  4795. 0x6: 0x8020800,
  4796. 0x7: 0x800,
  4797. 0x8: 0x8020000,
  4798. 0x9: 0x8000800,
  4799. 0xa: 0x20800,
  4800. 0xb: 0x8020020,
  4801. 0xc: 0x820,
  4802. 0xd: 0x0,
  4803. 0xe: 0x8000020,
  4804. 0xf: 0x20820,
  4805. 0x80000000: 0x800,
  4806. 0x80000001: 0x8020820,
  4807. 0x80000002: 0x8000820,
  4808. 0x80000003: 0x8000000,
  4809. 0x80000004: 0x8020000,
  4810. 0x80000005: 0x20800,
  4811. 0x80000006: 0x20820,
  4812. 0x80000007: 0x20,
  4813. 0x80000008: 0x8000020,
  4814. 0x80000009: 0x820,
  4815. 0x8000000a: 0x20020,
  4816. 0x8000000b: 0x8020800,
  4817. 0x8000000c: 0x0,
  4818. 0x8000000d: 0x8020020,
  4819. 0x8000000e: 0x8000800,
  4820. 0x8000000f: 0x20000,
  4821. 0x10: 0x20820,
  4822. 0x11: 0x8020800,
  4823. 0x12: 0x20,
  4824. 0x13: 0x800,
  4825. 0x14: 0x8000800,
  4826. 0x15: 0x8000020,
  4827. 0x16: 0x8020020,
  4828. 0x17: 0x20000,
  4829. 0x18: 0x0,
  4830. 0x19: 0x20020,
  4831. 0x1a: 0x8020000,
  4832. 0x1b: 0x8000820,
  4833. 0x1c: 0x8020820,
  4834. 0x1d: 0x20800,
  4835. 0x1e: 0x820,
  4836. 0x1f: 0x8000000,
  4837. 0x80000010: 0x20000,
  4838. 0x80000011: 0x800,
  4839. 0x80000012: 0x8020020,
  4840. 0x80000013: 0x20820,
  4841. 0x80000014: 0x20,
  4842. 0x80000015: 0x8020000,
  4843. 0x80000016: 0x8000000,
  4844. 0x80000017: 0x8000820,
  4845. 0x80000018: 0x8020820,
  4846. 0x80000019: 0x8000020,
  4847. 0x8000001a: 0x8000800,
  4848. 0x8000001b: 0x0,
  4849. 0x8000001c: 0x20800,
  4850. 0x8000001d: 0x820,
  4851. 0x8000001e: 0x20020,
  4852. 0x8000001f: 0x8020800
  4853. }
  4854. ];
  4855. // Masks that select the SBOX input
  4856. var SBOX_MASK = [
  4857. 0xf8000001, 0x1f800000, 0x01f80000, 0x001f8000,
  4858. 0x0001f800, 0x00001f80, 0x000001f8, 0x8000001f
  4859. ];
  4860. /**
  4861. * DES block cipher algorithm.
  4862. */
  4863. var DES = C_algo.DES = BlockCipher.extend({
  4864. _doReset: function () {
  4865. // Shortcuts
  4866. var key = this._key;
  4867. var keyWords = key.words;
  4868. // Select 56 bits according to PC1
  4869. var keyBits = [];
  4870. for (var i = 0; i < 56; i++) {
  4871. var keyBitPos = PC1[i] - 1;
  4872. keyBits[i] = (keyWords[keyBitPos >>> 5] >>> (31 - keyBitPos % 32)) & 1;
  4873. }
  4874. // Assemble 16 subkeys
  4875. var subKeys = this._subKeys = [];
  4876. for (var nSubKey = 0; nSubKey < 16; nSubKey++) {
  4877. // Create subkey
  4878. var subKey = subKeys[nSubKey] = [];
  4879. // Shortcut
  4880. var bitShift = BIT_SHIFTS[nSubKey];
  4881. // Select 48 bits according to PC2
  4882. for (var i = 0; i < 24; i++) {
  4883. // Select from the left 28 key bits
  4884. subKey[(i / 6) | 0] |= keyBits[((PC2[i] - 1) + bitShift) % 28] << (31 - i % 6);
  4885. // Select from the right 28 key bits
  4886. subKey[4 + ((i / 6) | 0)] |= keyBits[28 + (((PC2[i + 24] - 1) + bitShift) % 28)] << (31 - i % 6);
  4887. }
  4888. // Since each subkey is applied to an expanded 32-bit input,
  4889. // the subkey can be broken into 8 values scaled to 32-bits,
  4890. // which allows the key to be used without expansion
  4891. subKey[0] = (subKey[0] << 1) | (subKey[0] >>> 31);
  4892. for (var i = 1; i < 7; i++) {
  4893. subKey[i] = subKey[i] >>> ((i - 1) * 4 + 3);
  4894. }
  4895. subKey[7] = (subKey[7] << 5) | (subKey[7] >>> 27);
  4896. }
  4897. // Compute inverse subkeys
  4898. var invSubKeys = this._invSubKeys = [];
  4899. for (var i = 0; i < 16; i++) {
  4900. invSubKeys[i] = subKeys[15 - i];
  4901. }
  4902. },
  4903. encryptBlock: function (M, offset) {
  4904. this._doCryptBlock(M, offset, this._subKeys);
  4905. },
  4906. decryptBlock: function (M, offset) {
  4907. this._doCryptBlock(M, offset, this._invSubKeys);
  4908. },
  4909. _doCryptBlock: function (M, offset, subKeys) {
  4910. // Get input
  4911. this._lBlock = M[offset];
  4912. this._rBlock = M[offset + 1];
  4913. // Initial permutation
  4914. exchangeLR.call(this, 4, 0x0f0f0f0f);
  4915. exchangeLR.call(this, 16, 0x0000ffff);
  4916. exchangeRL.call(this, 2, 0x33333333);
  4917. exchangeRL.call(this, 8, 0x00ff00ff);
  4918. exchangeLR.call(this, 1, 0x55555555);
  4919. // Rounds
  4920. for (var round = 0; round < 16; round++) {
  4921. // Shortcuts
  4922. var subKey = subKeys[round];
  4923. var lBlock = this._lBlock;
  4924. var rBlock = this._rBlock;
  4925. // Feistel function
  4926. var f = 0;
  4927. for (var i = 0; i < 8; i++) {
  4928. f |= SBOX_P[i][((rBlock ^ subKey[i]) & SBOX_MASK[i]) >>> 0];
  4929. }
  4930. this._lBlock = rBlock;
  4931. this._rBlock = lBlock ^ f;
  4932. }
  4933. // Undo swap from last round
  4934. var t = this._lBlock;
  4935. this._lBlock = this._rBlock;
  4936. this._rBlock = t;
  4937. // Final permutation
  4938. exchangeLR.call(this, 1, 0x55555555);
  4939. exchangeRL.call(this, 8, 0x00ff00ff);
  4940. exchangeRL.call(this, 2, 0x33333333);
  4941. exchangeLR.call(this, 16, 0x0000ffff);
  4942. exchangeLR.call(this, 4, 0x0f0f0f0f);
  4943. // Set output
  4944. M[offset] = this._lBlock;
  4945. M[offset + 1] = this._rBlock;
  4946. },
  4947. keySize: 64/32,
  4948. ivSize: 64/32,
  4949. blockSize: 64/32
  4950. });
  4951. // Swap bits across the left and right words
  4952. function exchangeLR(offset, mask) {
  4953. var t = ((this._lBlock >>> offset) ^ this._rBlock) & mask;
  4954. this._rBlock ^= t;
  4955. this._lBlock ^= t << offset;
  4956. }
  4957. function exchangeRL(offset, mask) {
  4958. var t = ((this._rBlock >>> offset) ^ this._lBlock) & mask;
  4959. this._lBlock ^= t;
  4960. this._rBlock ^= t << offset;
  4961. }
  4962. /**
  4963. * Shortcut functions to the cipher's object interface.
  4964. *
  4965. * @example
  4966. *
  4967. * var ciphertext = CryptoJS.DES.encrypt(message, key, cfg);
  4968. * var plaintext = CryptoJS.DES.decrypt(ciphertext, key, cfg);
  4969. */
  4970. C.DES = BlockCipher._createHelper(DES);
  4971. /**
  4972. * Triple-DES block cipher algorithm.
  4973. */
  4974. var TripleDES = C_algo.TripleDES = BlockCipher.extend({
  4975. _doReset: function () {
  4976. // Shortcuts
  4977. var key = this._key;
  4978. var keyWords = key.words;
  4979. // Make sure the key length is valid (64, 128 or >= 192 bit)
  4980. if (keyWords.length !== 2 && keyWords.length !== 4 && keyWords.length < 6) {
  4981. throw new Error('Invalid key length - 3DES requires the key length to be 64, 128, 192 or >192.');
  4982. }
  4983. // Extend the key according to the keying options defined in 3DES standard
  4984. var key1 = keyWords.slice(0, 2);
  4985. var key2 = keyWords.length < 4 ? keyWords.slice(0, 2) : keyWords.slice(2, 4);
  4986. var key3 = keyWords.length < 6 ? keyWords.slice(0, 2) : keyWords.slice(4, 6);
  4987. // Create DES instances
  4988. this._des1 = DES.createEncryptor(WordArray.create(key1));
  4989. this._des2 = DES.createEncryptor(WordArray.create(key2));
  4990. this._des3 = DES.createEncryptor(WordArray.create(key3));
  4991. },
  4992. encryptBlock: function (M, offset) {
  4993. this._des1.encryptBlock(M, offset);
  4994. this._des2.decryptBlock(M, offset);
  4995. this._des3.encryptBlock(M, offset);
  4996. },
  4997. decryptBlock: function (M, offset) {
  4998. this._des3.decryptBlock(M, offset);
  4999. this._des2.encryptBlock(M, offset);
  5000. this._des1.decryptBlock(M, offset);
  5001. },
  5002. keySize: 192/32,
  5003. ivSize: 64/32,
  5004. blockSize: 64/32
  5005. });
  5006. /**
  5007. * Shortcut functions to the cipher's object interface.
  5008. *
  5009. * @example
  5010. *
  5011. * var ciphertext = CryptoJS.TripleDES.encrypt(message, key, cfg);
  5012. * var plaintext = CryptoJS.TripleDES.decrypt(ciphertext, key, cfg);
  5013. */
  5014. C.TripleDES = BlockCipher._createHelper(TripleDES);
  5015. }());
  5016. (function () {
  5017. // Shortcuts
  5018. var C = CryptoJS;
  5019. var C_lib = C.lib;
  5020. var StreamCipher = C_lib.StreamCipher;
  5021. var C_algo = C.algo;
  5022. /**
  5023. * RC4 stream cipher algorithm.
  5024. */
  5025. var RC4 = C_algo.RC4 = StreamCipher.extend({
  5026. _doReset: function () {
  5027. // Shortcuts
  5028. var key = this._key;
  5029. var keyWords = key.words;
  5030. var keySigBytes = key.sigBytes;
  5031. // Init sbox
  5032. var S = this._S = [];
  5033. for (var i = 0; i < 256; i++) {
  5034. S[i] = i;
  5035. }
  5036. // Key setup
  5037. for (var i = 0, j = 0; i < 256; i++) {
  5038. var keyByteIndex = i % keySigBytes;
  5039. var keyByte = (keyWords[keyByteIndex >>> 2] >>> (24 - (keyByteIndex % 4) * 8)) & 0xff;
  5040. j = (j + S[i] + keyByte) % 256;
  5041. // Swap
  5042. var t = S[i];
  5043. S[i] = S[j];
  5044. S[j] = t;
  5045. }
  5046. // Counters
  5047. this._i = this._j = 0;
  5048. },
  5049. _doProcessBlock: function (M, offset) {
  5050. M[offset] ^= generateKeystreamWord.call(this);
  5051. },
  5052. keySize: 256/32,
  5053. ivSize: 0
  5054. });
  5055. function generateKeystreamWord() {
  5056. // Shortcuts
  5057. var S = this._S;
  5058. var i = this._i;
  5059. var j = this._j;
  5060. // Generate keystream word
  5061. var keystreamWord = 0;
  5062. for (var n = 0; n < 4; n++) {
  5063. i = (i + 1) % 256;
  5064. j = (j + S[i]) % 256;
  5065. // Swap
  5066. var t = S[i];
  5067. S[i] = S[j];
  5068. S[j] = t;
  5069. keystreamWord |= S[(S[i] + S[j]) % 256] << (24 - n * 8);
  5070. }
  5071. // Update counters
  5072. this._i = i;
  5073. this._j = j;
  5074. return keystreamWord;
  5075. }
  5076. /**
  5077. * Shortcut functions to the cipher's object interface.
  5078. *
  5079. * @example
  5080. *
  5081. * var ciphertext = CryptoJS.RC4.encrypt(message, key, cfg);
  5082. * var plaintext = CryptoJS.RC4.decrypt(ciphertext, key, cfg);
  5083. */
  5084. C.RC4 = StreamCipher._createHelper(RC4);
  5085. /**
  5086. * Modified RC4 stream cipher algorithm.
  5087. */
  5088. var RC4Drop = C_algo.RC4Drop = RC4.extend({
  5089. /**
  5090. * Configuration options.
  5091. *
  5092. * @property {number} drop The number of keystream words to drop. Default 192
  5093. */
  5094. cfg: RC4.cfg.extend({
  5095. drop: 192
  5096. }),
  5097. _doReset: function () {
  5098. RC4._doReset.call(this);
  5099. // Drop
  5100. for (var i = this.cfg.drop; i > 0; i--) {
  5101. generateKeystreamWord.call(this);
  5102. }
  5103. }
  5104. });
  5105. /**
  5106. * Shortcut functions to the cipher's object interface.
  5107. *
  5108. * @example
  5109. *
  5110. * var ciphertext = CryptoJS.RC4Drop.encrypt(message, key, cfg);
  5111. * var plaintext = CryptoJS.RC4Drop.decrypt(ciphertext, key, cfg);
  5112. */
  5113. C.RC4Drop = StreamCipher._createHelper(RC4Drop);
  5114. }());
  5115. (function () {
  5116. // Shortcuts
  5117. var C = CryptoJS;
  5118. var C_lib = C.lib;
  5119. var StreamCipher = C_lib.StreamCipher;
  5120. var C_algo = C.algo;
  5121. // Reusable objects
  5122. var S = [];
  5123. var C_ = [];
  5124. var G = [];
  5125. /**
  5126. * Rabbit stream cipher algorithm
  5127. */
  5128. var Rabbit = C_algo.Rabbit = StreamCipher.extend({
  5129. _doReset: function () {
  5130. // Shortcuts
  5131. var K = this._key.words;
  5132. var iv = this.cfg.iv;
  5133. // Swap endian
  5134. for (var i = 0; i < 4; i++) {
  5135. K[i] = (((K[i] << 8) | (K[i] >>> 24)) & 0x00ff00ff) |
  5136. (((K[i] << 24) | (K[i] >>> 8)) & 0xff00ff00);
  5137. }
  5138. // Generate initial state values
  5139. var X = this._X = [
  5140. K[0], (K[3] << 16) | (K[2] >>> 16),
  5141. K[1], (K[0] << 16) | (K[3] >>> 16),
  5142. K[2], (K[1] << 16) | (K[0] >>> 16),
  5143. K[3], (K[2] << 16) | (K[1] >>> 16)
  5144. ];
  5145. // Generate initial counter values
  5146. var C = this._C = [
  5147. (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
  5148. (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
  5149. (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
  5150. (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
  5151. ];
  5152. // Carry bit
  5153. this._b = 0;
  5154. // Iterate the system four times
  5155. for (var i = 0; i < 4; i++) {
  5156. nextState.call(this);
  5157. }
  5158. // Modify the counters
  5159. for (var i = 0; i < 8; i++) {
  5160. C[i] ^= X[(i + 4) & 7];
  5161. }
  5162. // IV setup
  5163. if (iv) {
  5164. // Shortcuts
  5165. var IV = iv.words;
  5166. var IV_0 = IV[0];
  5167. var IV_1 = IV[1];
  5168. // Generate four subvectors
  5169. var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
  5170. var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
  5171. var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
  5172. var i3 = (i2 << 16) | (i0 & 0x0000ffff);
  5173. // Modify counter values
  5174. C[0] ^= i0;
  5175. C[1] ^= i1;
  5176. C[2] ^= i2;
  5177. C[3] ^= i3;
  5178. C[4] ^= i0;
  5179. C[5] ^= i1;
  5180. C[6] ^= i2;
  5181. C[7] ^= i3;
  5182. // Iterate the system four times
  5183. for (var i = 0; i < 4; i++) {
  5184. nextState.call(this);
  5185. }
  5186. }
  5187. },
  5188. _doProcessBlock: function (M, offset) {
  5189. // Shortcut
  5190. var X = this._X;
  5191. // Iterate the system
  5192. nextState.call(this);
  5193. // Generate four keystream words
  5194. S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
  5195. S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
  5196. S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
  5197. S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
  5198. for (var i = 0; i < 4; i++) {
  5199. // Swap endian
  5200. S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
  5201. (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
  5202. // Encrypt
  5203. M[offset + i] ^= S[i];
  5204. }
  5205. },
  5206. blockSize: 128/32,
  5207. ivSize: 64/32
  5208. });
  5209. function nextState() {
  5210. // Shortcuts
  5211. var X = this._X;
  5212. var C = this._C;
  5213. // Save old counter values
  5214. for (var i = 0; i < 8; i++) {
  5215. C_[i] = C[i];
  5216. }
  5217. // Calculate new counter values
  5218. C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
  5219. C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
  5220. C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
  5221. C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
  5222. C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
  5223. C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
  5224. C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
  5225. C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
  5226. this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
  5227. // Calculate the g-values
  5228. for (var i = 0; i < 8; i++) {
  5229. var gx = X[i] + C[i];
  5230. // Construct high and low argument for squaring
  5231. var ga = gx & 0xffff;
  5232. var gb = gx >>> 16;
  5233. // Calculate high and low result of squaring
  5234. var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
  5235. var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
  5236. // High XOR low
  5237. G[i] = gh ^ gl;
  5238. }
  5239. // Calculate new state values
  5240. X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
  5241. X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
  5242. X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
  5243. X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
  5244. X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
  5245. X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
  5246. X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
  5247. X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
  5248. }
  5249. /**
  5250. * Shortcut functions to the cipher's object interface.
  5251. *
  5252. * @example
  5253. *
  5254. * var ciphertext = CryptoJS.Rabbit.encrypt(message, key, cfg);
  5255. * var plaintext = CryptoJS.Rabbit.decrypt(ciphertext, key, cfg);
  5256. */
  5257. C.Rabbit = StreamCipher._createHelper(Rabbit);
  5258. }());
  5259. (function () {
  5260. // Shortcuts
  5261. var C = CryptoJS;
  5262. var C_lib = C.lib;
  5263. var StreamCipher = C_lib.StreamCipher;
  5264. var C_algo = C.algo;
  5265. // Reusable objects
  5266. var S = [];
  5267. var C_ = [];
  5268. var G = [];
  5269. /**
  5270. * Rabbit stream cipher algorithm.
  5271. *
  5272. * This is a legacy version that neglected to convert the key to little-endian.
  5273. * This error doesn't affect the cipher's security,
  5274. * but it does affect its compatibility with other implementations.
  5275. */
  5276. var RabbitLegacy = C_algo.RabbitLegacy = StreamCipher.extend({
  5277. _doReset: function () {
  5278. // Shortcuts
  5279. var K = this._key.words;
  5280. var iv = this.cfg.iv;
  5281. // Generate initial state values
  5282. var X = this._X = [
  5283. K[0], (K[3] << 16) | (K[2] >>> 16),
  5284. K[1], (K[0] << 16) | (K[3] >>> 16),
  5285. K[2], (K[1] << 16) | (K[0] >>> 16),
  5286. K[3], (K[2] << 16) | (K[1] >>> 16)
  5287. ];
  5288. // Generate initial counter values
  5289. var C = this._C = [
  5290. (K[2] << 16) | (K[2] >>> 16), (K[0] & 0xffff0000) | (K[1] & 0x0000ffff),
  5291. (K[3] << 16) | (K[3] >>> 16), (K[1] & 0xffff0000) | (K[2] & 0x0000ffff),
  5292. (K[0] << 16) | (K[0] >>> 16), (K[2] & 0xffff0000) | (K[3] & 0x0000ffff),
  5293. (K[1] << 16) | (K[1] >>> 16), (K[3] & 0xffff0000) | (K[0] & 0x0000ffff)
  5294. ];
  5295. // Carry bit
  5296. this._b = 0;
  5297. // Iterate the system four times
  5298. for (var i = 0; i < 4; i++) {
  5299. nextState.call(this);
  5300. }
  5301. // Modify the counters
  5302. for (var i = 0; i < 8; i++) {
  5303. C[i] ^= X[(i + 4) & 7];
  5304. }
  5305. // IV setup
  5306. if (iv) {
  5307. // Shortcuts
  5308. var IV = iv.words;
  5309. var IV_0 = IV[0];
  5310. var IV_1 = IV[1];
  5311. // Generate four subvectors
  5312. var i0 = (((IV_0 << 8) | (IV_0 >>> 24)) & 0x00ff00ff) | (((IV_0 << 24) | (IV_0 >>> 8)) & 0xff00ff00);
  5313. var i2 = (((IV_1 << 8) | (IV_1 >>> 24)) & 0x00ff00ff) | (((IV_1 << 24) | (IV_1 >>> 8)) & 0xff00ff00);
  5314. var i1 = (i0 >>> 16) | (i2 & 0xffff0000);
  5315. var i3 = (i2 << 16) | (i0 & 0x0000ffff);
  5316. // Modify counter values
  5317. C[0] ^= i0;
  5318. C[1] ^= i1;
  5319. C[2] ^= i2;
  5320. C[3] ^= i3;
  5321. C[4] ^= i0;
  5322. C[5] ^= i1;
  5323. C[6] ^= i2;
  5324. C[7] ^= i3;
  5325. // Iterate the system four times
  5326. for (var i = 0; i < 4; i++) {
  5327. nextState.call(this);
  5328. }
  5329. }
  5330. },
  5331. _doProcessBlock: function (M, offset) {
  5332. // Shortcut
  5333. var X = this._X;
  5334. // Iterate the system
  5335. nextState.call(this);
  5336. // Generate four keystream words
  5337. S[0] = X[0] ^ (X[5] >>> 16) ^ (X[3] << 16);
  5338. S[1] = X[2] ^ (X[7] >>> 16) ^ (X[5] << 16);
  5339. S[2] = X[4] ^ (X[1] >>> 16) ^ (X[7] << 16);
  5340. S[3] = X[6] ^ (X[3] >>> 16) ^ (X[1] << 16);
  5341. for (var i = 0; i < 4; i++) {
  5342. // Swap endian
  5343. S[i] = (((S[i] << 8) | (S[i] >>> 24)) & 0x00ff00ff) |
  5344. (((S[i] << 24) | (S[i] >>> 8)) & 0xff00ff00);
  5345. // Encrypt
  5346. M[offset + i] ^= S[i];
  5347. }
  5348. },
  5349. blockSize: 128/32,
  5350. ivSize: 64/32
  5351. });
  5352. function nextState() {
  5353. // Shortcuts
  5354. var X = this._X;
  5355. var C = this._C;
  5356. // Save old counter values
  5357. for (var i = 0; i < 8; i++) {
  5358. C_[i] = C[i];
  5359. }
  5360. // Calculate new counter values
  5361. C[0] = (C[0] + 0x4d34d34d + this._b) | 0;
  5362. C[1] = (C[1] + 0xd34d34d3 + ((C[0] >>> 0) < (C_[0] >>> 0) ? 1 : 0)) | 0;
  5363. C[2] = (C[2] + 0x34d34d34 + ((C[1] >>> 0) < (C_[1] >>> 0) ? 1 : 0)) | 0;
  5364. C[3] = (C[3] + 0x4d34d34d + ((C[2] >>> 0) < (C_[2] >>> 0) ? 1 : 0)) | 0;
  5365. C[4] = (C[4] + 0xd34d34d3 + ((C[3] >>> 0) < (C_[3] >>> 0) ? 1 : 0)) | 0;
  5366. C[5] = (C[5] + 0x34d34d34 + ((C[4] >>> 0) < (C_[4] >>> 0) ? 1 : 0)) | 0;
  5367. C[6] = (C[6] + 0x4d34d34d + ((C[5] >>> 0) < (C_[5] >>> 0) ? 1 : 0)) | 0;
  5368. C[7] = (C[7] + 0xd34d34d3 + ((C[6] >>> 0) < (C_[6] >>> 0) ? 1 : 0)) | 0;
  5369. this._b = (C[7] >>> 0) < (C_[7] >>> 0) ? 1 : 0;
  5370. // Calculate the g-values
  5371. for (var i = 0; i < 8; i++) {
  5372. var gx = X[i] + C[i];
  5373. // Construct high and low argument for squaring
  5374. var ga = gx & 0xffff;
  5375. var gb = gx >>> 16;
  5376. // Calculate high and low result of squaring
  5377. var gh = ((((ga * ga) >>> 17) + ga * gb) >>> 15) + gb * gb;
  5378. var gl = (((gx & 0xffff0000) * gx) | 0) + (((gx & 0x0000ffff) * gx) | 0);
  5379. // High XOR low
  5380. G[i] = gh ^ gl;
  5381. }
  5382. // Calculate new state values
  5383. X[0] = (G[0] + ((G[7] << 16) | (G[7] >>> 16)) + ((G[6] << 16) | (G[6] >>> 16))) | 0;
  5384. X[1] = (G[1] + ((G[0] << 8) | (G[0] >>> 24)) + G[7]) | 0;
  5385. X[2] = (G[2] + ((G[1] << 16) | (G[1] >>> 16)) + ((G[0] << 16) | (G[0] >>> 16))) | 0;
  5386. X[3] = (G[3] + ((G[2] << 8) | (G[2] >>> 24)) + G[1]) | 0;
  5387. X[4] = (G[4] + ((G[3] << 16) | (G[3] >>> 16)) + ((G[2] << 16) | (G[2] >>> 16))) | 0;
  5388. X[5] = (G[5] + ((G[4] << 8) | (G[4] >>> 24)) + G[3]) | 0;
  5389. X[6] = (G[6] + ((G[5] << 16) | (G[5] >>> 16)) + ((G[4] << 16) | (G[4] >>> 16))) | 0;
  5390. X[7] = (G[7] + ((G[6] << 8) | (G[6] >>> 24)) + G[5]) | 0;
  5391. }
  5392. /**
  5393. * Shortcut functions to the cipher's object interface.
  5394. *
  5395. * @example
  5396. *
  5397. * var ciphertext = CryptoJS.RabbitLegacy.encrypt(message, key, cfg);
  5398. * var plaintext = CryptoJS.RabbitLegacy.decrypt(ciphertext, key, cfg);
  5399. */
  5400. C.RabbitLegacy = StreamCipher._createHelper(RabbitLegacy);
  5401. }());
  5402. return CryptoJS;
  5403. }));