sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."]=function(){sjcl.mode.cbc={name:"cbc",encrypt:function(a,b,c,d){if(d&&d.length)thrownewsjcl.exception.invalid("cbc can't authenticate data");if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("cbc iv must be 128 bits");vare=sjcl.bitArray,f=e.i,g=e.bitLength(b),h=0,i=[];if(g&7)thrownewsjcl.exception.invalid("pkcs#5 padding only works for multiples of a byte");for(d=0;h+128<=g;d+=4,h+=128){c=a.encrypt(f(c,
b.slice(d,d+4)));i.splice(d,0,c[0],c[1],c[2],c[3])}g=(16-(g>>3&15))*0x1010101;c=a.encrypt(f(c,e.concat(b,[g,g,g,g]).slice(d,d+4)));i.splice(d,0,c[0],c[1],c[2],c[3]);returni},decrypt:function(a,b,c,d){if(d&&d.length)thrownewsjcl.exception.invalid("cbc can't authenticate data");if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("cbc iv must be 128 bits");if(sjcl.bitArray.bitLength(b)&127||!b.length)thrownewsjcl.exception.corrupt("cbc ciphertext must be a positive multiple of the block size");
sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("ocb iv must be 128 bits");varg,h=sjcl.mode.ocb2.I,i=sjcl.bitArray,j=i.i,k=[0,0,0,0];c=h(a.encrypt(c));varl,m=[];d=d||[];e=e||64;for(g=0;g+4<b.length;g+=4){l=b.slice(g,g+4);k=j(k,l);l=j(c,a.encrypt(j(c,l)));m.splice(g,0,l[0],l[1],l[2],l[3]);c=h(c)}l=b.slice(g);b=i.bitLength(l);g=a.encrypt(j(c,[0,0,0,b]));l=i.clamp(j(l,g),b);k=j(k,j(l,g));k=a.encrypt(j(k,j(c,h(c))));if(d.length)k=
j(k,f?d:sjcl.mode.ocb2.pmac(a,d));returnm.concat(i.concat(l,i.clamp(k,e)))},decrypt:function(a,b,c,d,e,f){if(sjcl.bitArray.bitLength(c)!==128)thrownewsjcl.exception.invalid("ocb iv must be 128 bits");e=e||64;varg=sjcl.mode.ocb2.I,h=sjcl.bitArray,i=h.i,j=[0,0,0,0],k=g(a.encrypt(c)),l,m,n=sjcl.bitArray.bitLength(b)-e,o=[];d=d||[];for(c=0;c+4<n/32;c+=4){l=i(k,a.decrypt(i(k,b.slice(c,c+4))));j=i(j,l);o.splice(c,0,l[0],l[1],l[2],l[3]);k=g(k)}m=n-c*32;l=a.encrypt(i(k,[0,0,0,m]));l=i(l,h.clamp(b.slice(c),
m));j=i(j,l);j=a.encrypt(i(j,i(k,g(k))));if(d.length)j=i(j,f?d:sjcl.mode.ocb2.pmac(a,d));if(!h.equal(h.clamp(j,e),h.bitSlice(b,n)))thrownewsjcl.exception.corrupt("ocb: tag doesn't match");returno.concat(h.clamp(l,m))},pmac:function(a,b){varc,d=sjcl.mode.ocb2.I,e=sjcl.bitArray,f=e.i,g=[0,0,0,0],h=a.encrypt([0,0,0,0]);h=f(h,d(d(h)));for(c=0;c+4<b.length;c+=4){h=d(h);g=f(g,a.encrypt(f(h,b.slice(c,c+4))))}b=b.slice(c);if(e.bitLength(b)<128){h=f(h,d(h));b=e.concat(b,[2147483648|0])}g=f(g,b);returna.encrypt(f(d(f(h,