sjcl.mode.ccm={name:"ccm",encrypt:function(a,b,c,d,e){varf,g=b.slice(0),h=sjcl.bitArray,i=h.bitLength(c)/8,j=h.bitLength(g)/8;e=e||64;d=d||[];if(i<7)thrownewsjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(f=2;f<4&&j>>>8*f;f++);if(f<15-i)f=15-i;c=h.clamp(c,8*(15-f));b=sjcl.mode.ccm.N(a,b,c,d,e,f);g=sjcl.mode.ccm.P(a,g,c,b,e,f);returnh.concat(g.data,g.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];varf=sjcl.bitArray,g=f.bitLength(c)/8,h=f.bitLength(b),i=f.clamp(b,h-e),j=f.bitSlice(b,
h-e);h=(h-e)/8;if(g<7)thrownewsjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;b<4&&h>>>8*b;b++);if(b<15-g)b=15-g;c=f.clamp(c,8*(15-b));i=sjcl.mode.ccm.P(a,i,c,j,e,b);a=sjcl.mode.ccm.N(a,i.data,c,d,e,b);if(!f.equal(i.tag,a))thrownewsjcl.exception.corrupt("ccm: tag doesn't match");returni.data},N:function(a,b,c,d,e,f){varg=[],h=sjcl.bitArray,i=h.i;e/=8;if(e%2||e<4||e>16)thrownewsjcl.exception.invalid("ccm: invalid tag length");if(d.length>0xffffffff||b.length>0xffffffff)thrownewsjcl.exception.bug("ccm: can't deal with 4GiB or more data");
sjcl.mode.ccm={name:"ccm",encrypt:function(a,b,c,d,e){varf,g=b.slice(0),h=sjcl.bitArray,i=h.bitLength(c)/8,j=h.bitLength(g)/8;e=e||64;d=d||[];if(i<7)thrownewsjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(f=2;f<4&&j>>>8*f;f++);if(f<15-i)f=15-i;c=h.clamp(c,8*(15-f));b=sjcl.mode.ccm.P(a,b,c,d,e,f);g=sjcl.mode.ccm.R(a,g,c,b,e,f);returnh.concat(g.data,g.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];varf=sjcl.bitArray,g=f.bitLength(c)/8,h=f.bitLength(b),i=f.clamp(b,h-e),j=f.bitSlice(b,
h-e);h=(h-e)/8;if(g<7)thrownewsjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;b<4&&h>>>8*b;b++);if(b<15-g)b=15-g;c=f.clamp(c,8*(15-b));i=sjcl.mode.ccm.R(a,i,c,j,e,b);a=sjcl.mode.ccm.P(a,i.data,c,d,e,b);if(!f.equal(i.tag,a))thrownewsjcl.exception.corrupt("ccm: tag doesn't match");returni.data},P:function(a,b,c,d,e,f){varg=[],h=sjcl.bitArray,i=h.i;e/=8;if(e%2||e<4||e>16)thrownewsjcl.exception.invalid("ccm: invalid tag length");if(d.length>0xffffffff||b.length>0xffffffff)thrownewsjcl.exception.bug("ccm: can't deal with 4GiB or more data");
sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."]=function(){sjcl.mode.cbc={name:"cbc",encrypt:function(a,b,c,d){if(d&&d.length)thrownewsjcl.exception.invalid("cbc can't authenticate data");if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("cbc iv must be 128 bits");vare=sjcl.bitArray,f=e.i,g=e.bitLength(b),h=0,i=[];if(g&7)thrownewsjcl.exception.invalid("pkcs#5 padding only works for multiples of a byte");for(d=0;h+128<=g;d+=4,h+=128){c=a.encrypt(f(c,
b.slice(d,d+4)));i.splice(d,0,c[0],c[1],c[2],c[3])}g=(16-(g>>3&15))*0x1010101;c=a.encrypt(f(c,e.concat(b,[g,g,g,g]).slice(d,d+4)));i.splice(d,0,c[0],c[1],c[2],c[3]);returni},decrypt:function(a,b,c,d){if(d&&d.length)thrownewsjcl.exception.invalid("cbc can't authenticate data");if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("cbc iv must be 128 bits");if(sjcl.bitArray.bitLength(b)&127||!b.length)thrownewsjcl.exception.corrupt("cbc ciphertext must be a positive multiple of the block size");
sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("ocb iv must be 128 bits");varg,h=sjcl.mode.ocb2.I,i=sjcl.bitArray,j=i.i,k=[0,0,0,0];c=h(a.encrypt(c));varl,m=[];d=d||[];e=e||64;for(g=0;g+4<b.length;g+=4){l=b.slice(g,g+4);k=j(k,l);l=j(c,a.encrypt(j(c,l)));m.splice(g,0,l[0],l[1],l[2],l[3]);c=h(c)}l=b.slice(g);b=i.bitLength(l);g=a.encrypt(j(c,[0,0,0,b]));l=i.clamp(j(l,g),b);k=j(k,j(l,g));k=a.encrypt(j(k,j(c,h(c))));if(d.length)k=
j(k,f?d:sjcl.mode.ocb2.pmac(a,d));returnm.concat(i.concat(l,i.clamp(k,e)))},decrypt:function(a,b,c,d,e,f){if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("ocb iv must be 128 bits");e=e||64;varg=sjcl.mode.ocb2.I,h=sjcl.bitArray,i=h.i,j=[0,0,0,0],k=g(a.encrypt(c)),l,m,n=sjcl.bitArray.bitLength(b)-e,o=[];d=d||[];for(c=0;c+4<n/32;c+=4){l=i(k,a.decrypt(i(k,b.slice(c,c+4))));j=i(j,l);o.splice(c,0,l[0],l[1],l[2],l[3]);k=g(k)}m=n-c*32;l=a.encrypt(i(k,[0,0,0,m]));l=i(l,h.clamp(b.slice(c),
m));j=i(j,l);j=a.encrypt(i(j,i(k,g(k))));if(d.length)j=i(j,f?d:sjcl.mode.ocb2.pmac(a,d));if(!h.equal(h.clamp(j,e),h.bitSlice(b,n)))thrownewsjcl.exception.corrupt("ocb: tag doesn't match");returno.concat(h.clamp(l,m))},pmac:function(a,b){varc,d=sjcl.mode.ocb2.I,e=sjcl.bitArray,f=e.i,g=[0,0,0,0],h=a.encrypt([0,0,0,0]);h=f(h,d(d(h)));for(c=0;c+4<b.length;c+=4){h=d(h);g=f(g,a.encrypt(f(h,b.slice(c,c+4))))}b=b.slice(c);if(e.bitLength(b)<128){h=f(h,d(h));b=e.concat(b,[2147483648|0])}g=f(g,b);returna.encrypt(f(d(f(h,
sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("ocb iv must be 128 bits");varg,h=sjcl.mode.ocb2.K,i=sjcl.bitArray,j=i.i,k=[0,0,0,0];c=h(a.encrypt(c));varl,m=[];d=d||[];e=e||64;for(g=0;g+4<b.length;g+=4){l=b.slice(g,g+4);k=j(k,l);l=j(c,a.encrypt(j(c,l)));m.splice(g,0,l[0],l[1],l[2],l[3]);c=h(c)}l=b.slice(g);b=i.bitLength(l);g=a.encrypt(j(c,[0,0,0,b]));l=i.clamp(j(l,g),b);k=j(k,j(l,g));k=a.encrypt(j(k,j(c,h(c))));if(d.length)k=
j(k,f?d:sjcl.mode.ocb2.pmac(a,d));returnm.concat(i.concat(l,i.clamp(k,e)))},decrypt:function(a,b,c,d,e,f){if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("ocb iv must be 128 bits");e=e||64;varg=sjcl.mode.ocb2.K,h=sjcl.bitArray,i=h.i,j=[0,0,0,0],k=g(a.encrypt(c)),l,m,n=sjcl.bitArray.bitLength(b)-e,o=[];d=d||[];for(c=0;c+4<n/32;c+=4){l=i(k,a.decrypt(i(k,b.slice(c,c+4))));j=i(j,l);o.splice(c,0,l[0],l[1],l[2],l[3]);k=g(k)}m=n-c*32;l=a.encrypt(i(k,[0,0,0,m]));l=i(l,h.clamp(b.slice(c),
m));j=i(j,l);j=a.encrypt(i(j,i(k,g(k))));if(d.length)j=i(j,f?d:sjcl.mode.ocb2.pmac(a,d));if(!h.equal(h.clamp(j,e),h.bitSlice(b,n)))thrownewsjcl.exception.corrupt("ocb: tag doesn't match");returno.concat(h.clamp(l,m))},pmac:function(a,b){varc,d=sjcl.mode.ocb2.K,e=sjcl.bitArray,f=e.i,g=[0,0,0,0],h=a.encrypt([0,0,0,0]);h=f(h,d(d(h)));for(c=0;c+4<b.length;c+=4){h=d(h);g=f(g,a.encrypt(f(h,b.slice(c,c+4))))}b=b.slice(c);if(e.bitLength(b)<128){h=f(h,d(h));b=e.concat(b,[2147483648|0])}g=f(g,b);returna.encrypt(f(d(f(h,
sjcl.misc.pbkdf2=function(a,b,c,d,e){c=c||1E3;if(d<0||c<0)throwsjcl.exception.invalid("invalid params to pbkdf2");if(typeofa==="string")a=sjcl.codec.utf8String.toBits(a);e=e||sjcl.misc.hmac;a=newe(a);varf,g,h,i,j=[],k=sjcl.bitArray;for(i=1;32*j.length<(d||1);i++){e=f=a.encrypt(k.concat(b,[i]));for(g=1;g<c;g++){f=a.encrypt(f);for(h=0;h<f.length;h++)e[h]^=f[h]}j=j.concat(e)}if(d)j=k.clamp(j,d);returnj};
this.w[c]=(this.w[c]+1)%this.f.length;switch(typeofa){case"number":break;case"object":if(b===undefined)for(c=b=0;c<a.length;c++)for(e=a[c];e>0;){b++;e>>>=1}this.f[g].update([d,this.R++,2,b,f,a.length].concat(a));break;case"string":if(b===undefined)b=a.length;this.f[g].update([d,this.R++,3,b,f,a.length]);this.f[g].update(a);break;default:thrownewsjcl.exception.bug("random: addEntropy only supports number, array or string");}this.o[g]+=b;this.k+=b;if(h===0){this.isReady()!==0&&this.T("seeded",
this.w[c]=(this.w[c]+1)%this.f.length;switch(typeofa){case"number":break;case"object":if(b===undefined)for(c=b=0;c<a.length;c++)for(e=a[c];e>0;){b++;e>>>=1}this.f[g].update([d,this.T++,2,b,f,a.length].concat(a));break;case"string":if(b===undefined)b=a.length;this.f[g].update([d,this.T++,3,b,f,a.length]);this.f[g].update(a);break;default:thrownewsjcl.exception.bug("random: addEntropy only supports number, array or string");}this.o[g]+=b;this.k+=b;if(h===0){this.isReady()!==0&&this.U("seeded",
sjcl.ecc.pointJac.prototype={add:function(a){varb,c,d,e;if(this.curve!==a.curve)throw"sjcl['ecc']['add'](): Points must be on the same curve to add them!";if(this.isIdentity)returna.toJac();elseif(a.isIdentity)returnthis;b=this.z.square();c=a.x.mul(b).subM(this.x);if(c.equals(0))returnthis.y.equals(a.y.mul(b.mul(this.z)))?this.doubl():newsjcl.ecc.pointJac(this.curve);b=a.y.mul(b.mul(this.z)).subM(this.y);d=c.square();a=b.square();e=c.square().mul(c).addM(this.x.add(this.x).mul(d));a=a.subM(e);
sjcl.ecc.Q=function(a){sjcl.ecc[a]={publicKey:function(b,c){this.e=b;this.Z=cinstanceofArray?b.fromBits(c):c},secretKey:function(b,c){this.e=b;this.S=c},generateKeys:function(b,c){if(b===undefined)b=0x100;if(typeofb==="number"){b=sjcl.ecc.curves["c"+b];if(b===undefined)thrownewsjcl.exception.invalid("no such curve");}c=sjcl.bn.random(b.r,c);vard=b.G.mult(c);return{pub:newsjcl.ecc[a].publicKey(b,d),sec:newsjcl.ecc[a].secretKey(b,c)}}}};sjcl.ecc.Q("elGamal");
sjcl.ecc.S=function(a){sjcl.ecc[a]={publicKey:function(b,c){this.e=b;this.H=cinstanceofArray?b.fromBits(c):c},secretKey:function(b,c){this.e=b;this.D=c},generateKeys:function(b,c){if(b===undefined)b=0x100;if(typeofb==="number"){b=sjcl.ecc.curves["c"+b];if(b===undefined)thrownewsjcl.exception.invalid("no such curve");}c=sjcl.bn.random(b.r,c);vard=b.G.mult(c);return{pub:newsjcl.ecc[a].publicKey(b,d),sec:newsjcl.ecc[a].secretKey(b,c)}}}};sjcl.ecc.S("elGamal");