I'm gonna keep this short and clean.
I need to submit an OTP to Microsoft's API. This OTP however, is encrypted on the client side with some JavaScript function and then submitted to the API. That's the Microsoft's script for encryption (the original script has over 2000 lines, I only left functions used by Encrypt() function. I believe it is just plain RSA encryption in JavaScript but I could be wrong):
function Encrypt(e, t, i, r) {
var n = [];
switch (i.toLowerCase()) {
case "saproof":
if (null == t) {
return null
}
n = PackageSADataForProof(t);
break;
case "newpwd":
if (null == r) {
return null
}
}
if (null == n || "undefined" == typeof n) {
return n
}
if ("undefined" != typeof Key && void 0 !== parseRSAKeyFromString) {
var o = parseRSAKeyFromString(Key)
}
var s = RSAEncrypt(n, o, randomNum);
return s
}
function PackageSADataForProof(e) {
var t, i = [], r = 0;
for (t = 0; t < e.length; t++) {
i[r++] = 127 & e.charCodeAt(t),
i[r++] = (65280 & e.charCodeAt(t)) >> 8
}
return i
}
function parseRSAKeyFromString(e) {
var t = e.indexOf(";");
if (0 > t) {
return null
}
var i = e.substr(0, t)
, r = e.substr(t + 1)
, n = i.indexOf("=");
if (0 > n) {
return null
}
var o = i.substr(n + 1);
if (n = r.indexOf("="),
0 > n) {
return null
}
var s = r.substr(n + 1)
, a = new Object;
return a.n = hexStringToMP(s),
a.e = parseInt(o, 16),
a
}
function hexStringToMP(e) {
var t, i, r = Math.ceil(e.length / 4), n = new JSMPnumber;
for (n.size = r,
t = 0; r > t; t++) {
i = e.substr(4 * t, 4),
n.data[r - 1 - t] = parseInt(i, 16)
}
return n
}
function RSAEncrypt(e, t) {
for (var i = [], r = 42, n = 2 * t.n.size - r, o = 0; o < e.length; o += n) {
if (o + n >= e.length) {
var s = RSAEncryptBlock(e.slice(o), t, randomNum);
s && (i = s.concat(i))
} else {
var s = RSAEncryptBlock(e.slice(o, o + n), t, randomNum);
s && (i = s.concat(i))
}
}
var a = byteArrayToBase64(i);
return a
}
function RSAEncryptBlock(e, t, i) {
var r = t.n
, n = t.e
, o = e.length
, s = 2 * r.size
, a = 42;
if (o + a > s) {
return null
}
applyPKCSv2Padding(e, s, i),
e = e.reverse();
var l = byteArrayToMP(e)
, d = modularExp(l, n, r);
d.size = r.size;
var h = mpToByteArray(d);
return h = h.reverse()
}
function JSMPnumber() {
this.size = 1,
this.data = [],
this.data[0] = 0
}
function byteArrayToMP(e) {
var t = new JSMPnumber
, i = 0
, r = e.length
, n = r >> 1;
for (i = 0; n > i; i++) {
t.data[i] = e[2 * i] + (e[1 + 2 * i] << 8)
}
return r % 2 && (t.data[i++] = e[r - 1]),
t.size = i,
t
}
function modularExp(e, t, i) {
for (var r = [], n = 0; t > 0; ) {
r[n] = 1 & t,
t >>>= 1,
n++
}
for (var o = duplicateMP(e), s = n - 2; s >= 0; s--) {
o = modularMultiply(o, o, i),
1 == r[s] && (o = modularMultiply(o, e, i))
}
return o
}
function modularMultiply(e, t, i) {
var r = multiplyMP(e, t)
, n = divideMP(r, i);
return n.r
}
function multiplyMP(e, t) {
var i = new JSMPnumber;
i.size = e.size + t.size;
var r, n;
for (r = 0; r < i.size; r++) {
i.data[r] = 0
}
var o = e.data
, s = t.data
, a = i.data;
if (e == t) {
for (r = 0; r < e.size; r++) {
a[2 * r] += o[r] * o[r]
}
for (r = 1; r < e.size; r++) {
for (n = 0; r > n; n++) {
a[r + n] += 2 * o[r] * o[n]
}
}
} else {
for (r = 0; r < e.size; r++) {
for (n = 0; n < t.size; n++) {
a[r + n] += o[r] * s[n]
}
}
}
return normalizeJSMP(i),
i
}
function normalizeJSMP(e) {
var t, i, r, n, o;
for (r = e.size,
i = 0,
t = 0; r > t; t++) {
n = e.data[t],
n += i,
o = n,
i = Math.floor(n / 65536),
n -= 65536 * i,
e.data[t] = n
}
}
function removeLeadingZeroes(e) {
for (var t = e.size - 1; t > 0 && 0 == e.data[t--]; ) {
e.size--
}
}
function divideMP(e, t) {
var i = e.size
, r = t.size
, n = t.data[r - 1]
, o = t.data[r - 1] + t.data[r - 2] / 65536
, s = new JSMPnumber;
s.size = i - r + 1,
e.data[i] = 0;
for (var a = i - 1; a >= r - 1; a--) {
var l = a - r + 1
, d = Math.floor((65536 * e.data[a + 1] + e.data[a]) / o);
if (d > 0) {
var h = multiplyAndSubtract(e, d, t, l);
for (0 > h && (d--,
multiplyAndSubtract(e, d, t, l)); h > 0 && e.data[a] >= n; ) {
h = multiplyAndSubtract(e, 1, t, l),
h > 0 && d++
}
}
s.data[l] = d
}
removeLeadingZeroes(e);
var u = {
"q": s,
"r": e
};
return u
}
function multiplyAndSubtract(e, t, i, r) {
var n, o = e.data.slice(0), s = 0, a = e.data;
for (n = 0; n < i.size; n++) {
var l = s + i.data[n] * t;
s = l >>> 16,
l -= 65536 * s,
l > a[n + r] ? (a[n + r] += 65536 - l,
s++) : a[n + r] -= l
}
return s > 0 && (a[n + r] -= s),
a[n + r] < 0 ? (e.data = o.slice(0),
-1) : 1
}
function applyPKCSv2Padding(e, t, i) {
var r, n = e.length, o = [218, 57, 163, 238, 94, 107, 75, 13, 50, 85, 191, 239, 149, 96, 24, 144, 175, 216, 7, 9], s = t - n - 40 - 2, a = [];
for (r = 0; s > r; r++) {
a[r] = 0
}
a[s] = 1;
var l = o.concat(a, e)
, d = [];
for (r = 0; 20 > r; r++) {
d[r] = Math.floor(256 * Math.random())
}
d = SHA1(d.concat(i));
var h = MGF(d, t - 21)
, u = XORarrays(l, h)
, c = MGF(u, 20)
, p = XORarrays(d, c)
, f = [];
for (f[0] = 0,
f = f.concat(p, u),
r = 0; r < f.length; r++) {
e[r] = f[r]
}
}
function MGF(e, t) {
if (t > 4096) {
return null
}
var i = e.slice(0)
, r = i.length;
i[r++] = 0,
i[r++] = 0,
i[r++] = 0,
i[r] = 0;
for (var n = 0, o = []; o.length < t; ) {
i[r] = n++,
o = o.concat(SHA1(i))
}
return o.slice(0, t)
}
function XORarrays(e, t) {
if (e.length != t.length) {
return null
}
for (var i = [], r = e.length, n = 0; r > n; n++) {
i[n] = e[n] ^ t[n]
}
return i
}
function SHA1(e) {
var t, i = e.slice(0);
PadSHA1Input(i);
var r = {
"A": 1732584193,
"B": 4023233417,
"C": 2562383102,
"D": 271733878,
"E": 3285377520
};
for (t = 0; t < i.length; t += 64) {
SHA1RoundFunction(r, i, t)
}
var n = [];
return wordToBytes(r.A, n, 0),
wordToBytes(r.B, n, 4),
wordToBytes(r.C, n, 8),
wordToBytes(r.D, n, 12),
wordToBytes(r.E, n, 16),
n
}
function wordToBytes(e, t, i) {
var r;
for (r = 3; r >= 0; r--) {
t[i + r] = 255 & e,
e >>>= 8
}
}
function PadSHA1Input(e) {
var t, i = e.length, r = i, n = i % 64, o = 55 > n ? 56 : 120;
for (e[r++] = 128,
t = n + 1; o > t; t++) {
e[r++] = 0
}
var s = 8 * i;
for (t = 1; 8 > t; t++) {
e[r + 8 - t] = 255 & s,
s >>>= 8
}
}
function SHA1RoundFunction(e, t, i) {
var r, n, o, s = 1518500249, a = 1859775393, l = 2400959708, d = 3395469782, h = [], u = e.A, c = e.B, p = e.C, f = e.D, m = e.E;
for (n = 0,
o = i; 16 > n; n++,
o += 4) {
h[n] = t[o] << 24 | t[o + 1] << 16 | t[o + 2] << 8 | t[o + 3] << 0
}
for (n = 16; 80 > n; n++) {
h[n] = rotateLeft(h[n - 3] ^ h[n - 8] ^ h[n - 14] ^ h[n - 16], 1)
}
var g;
for (r = 0; 20 > r; r++) {
g = rotateLeft(u, 5) + (c & p | ~c & f) + m + h[r] + s & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
for (r = 20; 40 > r; r++) {
g = rotateLeft(u, 5) + (c ^ p ^ f) + m + h[r] + a & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
for (r = 40; 60 > r; r++) {
g = rotateLeft(u, 5) + (c & p | c & f | p & f) + m + h[r] + l & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
for (r = 60; 80 > r; r++) {
g = rotateLeft(u, 5) + (c ^ p ^ f) + m + h[r] + d & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
e.A = e.A + u & 4294967295,
e.B = e.B + c & 4294967295,
e.C = e.C + p & 4294967295,
e.D = e.D + f & 4294967295,
e.E = e.E + m & 4294967295
}
function rotateLeft(e, t) {
var i = e >>> 32 - t
, r = (1 << 32 - t) - 1
, n = e & r;
return n << t | i
}
function hexStringToMP(e) {
var t, i, r = Math.ceil(e.length / 4), n = new JSMPnumber;
for (n.size = r,
t = 0; r > t; t++) {
i = e.substr(4 * t, 4),
n.data[r - 1 - t] = parseInt(i, 16)
}
return n
}
function duplicateMP(e) {
var t = new JSMPnumber;
return t.size = e.size,
t.data = e.data.slice(0),
t
}
function mpToByteArray(e) {
var t = []
, i = 0
, r = e.size;
for (i = 0; r > i; i++) {
t[2 * i] = 255 & e.data[i];
var n = e.data[i] >>> 8;
t[2 * i + 1] = n
}
return t
}
function byteArrayToBase64(e) {
var t, i, r = e.length, n = "";
for (t = r - 3; t >= 0; t -= 3) {
i = e[t] | e[t + 1] << 8 | e[t + 2] << 16,
n += base64Encode(i, 4)
}
var o = r % 3;
for (i = 0,
t += 2; t >= 0; t--) {
i = i << 8 | e[t]
}
return 1 == o ? n = n + base64Encode(i << 16, 2) + "==" : 2 == o && (n = n + base64Encode(i << 8, 3) + "="),
n
}
function base64Encode(e, t) {
var i, r = "";
for (i = t; 4 > i; i++) {
e >>= 6
}
for (i = 0; t > i; i++) {
r = mapByteToBase64(63 & e) + r,
e >>= 6
}
return r
}
function mapByteToBase64(e) {
return e >= 0 && 26 > e ? String.fromCharCode(65 + e) : e >= 26 && 52 > e ? String.fromCharCode(97 + e - 26) : e >= 52 && 62 > e ? String.fromCharCode(48 + e - 52) : 62 == e ? "+" : "/"
}
var Key = "e=10001;m=d0fa1d37fa0bb621a8cbb6669249ba1d14bbd5058592f050240d8c3b68674f0e28283018a7753f4377aaa3b3645e5f119a0032129a0a64322f74888aed3519de49e98c5b3c221460218140616f01ac5e9f2f8042e2749b8a89112f15310690dad7531f6758c0c65e525dff7859283b566a5b154352c57161cd24e59133a61432f461583e40cac749d722909dfcf0edd6af3cbc9a25e639b0caaf55e8c7b08b53c7d52038b48e1b26ad40f8bb84b3bb9c92bc9b947d2ab5ae4664a5093a4895af09659a78c9393797ea76b5b9416a45025e2ab3ea1627f08d85abd22e156d3e842efbaa1d0e1e4885028b2bc0aa7be8e444799e96fce0444f2b56bd14c0244b4d"
var randomNum = "AA278C7C00D44877AA95055BB0497A6169195B7B79C664E0AC9DFDCE1112CE28282BAA83D5CD95041CB512CD35624CCD6FD873C98579E4D3C4D25E5E6134F65628BDA9DE9C00A6E53A0194EA7483BCB1AABD8AA983282259E2953CC8705D36BB9936E57E"
console.log(Encrypt(null, "1234", "saproof"))
Example output from above code
V2loAc3ik+qXTJMVF/V/0yKdbQeKGqO7UIA82cqafWUPJ6ALYd/6Bwb9QFsJOEC+yKfwqu5YE36+J3Dpsuk14EQG4YktFVao5D2i5C/2Akm5i1WhPDMbHUFfUJtxbQ3Ldc0jgpMpOrhuEkQ/u9MUgL3l1tL08GTvl4KdnvW2delt1HpuyGFI11WNb5/xXbzmZvRsF2fc3tNpZCvHSTCEQuMOzsQSTeghttXEBFFvmqC9fwH+KjiBGwl11zyH+shv8kYi+LRaqN2LoVz4eFMmWDJ0PNNeA7Aq+mQ/9BIY+tz7Tzz51OSlCgajsPnJbxyHiURdUrc103oKdja8Vd9dnw==
The main function here is Encrypt(). My program is written in Python. I tried encrypting my OTP using Python's rsa module but to no avail. The API rejected the request and marked the encrypted OTP as invalid.
import rsa
import base64
Key = "d0fa1d37fa0bb621a8cbb6669249ba1d14bbd5058592f050240d8c3b68674f0e28283018a7753f4377aaa3b3645e5f119a0032129a0a64322f74888aed3519de49e98c5b3c221460218140616f01ac5e9f2f8042e2749b8a89112f15310690dad7531f6758c0c65e525dff7859283b566a5b154352c57161cd24e59133a61432f461583e40cac749d722909dfcf0edd6af3cbc9a25e639b0caaf55e8c7b08b53c7d52038b48e1b26ad40f8bb84b3bb9c92bc9b947d2ab5ae4664a5093a4895af09659a78c9393797ea76b5b9416a45025e2ab3ea1627f08d85abd22e156d3e842efbaa1d0e1e4885028b2bc0aa7be8e444799e96fce0444f2b56bd14c0244b4d"
encrypted = rsa.encrypt(b'1234', rsa.PublicKey(int(Key, 16), 65537))
b64encrypted = base64.b64encode(encrypted)
print(b64encrypted.decode('utf-8'))
So my question is, how can I use Microsoft's encryption function in Python? Do I need to manually translate the code myself, or maybe I am doing something wrong with rsa module?
Thanks for help.
The JavaScript code uses RSA with OAEP as padding and SHA-1 for both digests (see applyPKCSv2Padding()). In addition, the plaintext is encoded with UTF-16LE (see PackageSADataForProof()) and the ciphertext is encoded in little endian order (see byteArrayToBase64()).
The RSA library used does not support OAEP, see issue #68. A possible library that supports OAEP is PyCryptodome and a possible implementation that is functionally identical to the JavaScript code is (strictly speaking, this applies only to plaintexts up to 214 bytes, for longer ones see the next section):
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import base64
modulusHex = 'd0fa1d37fa0bb621a8cbb6669249ba1d14bbd5058592f050240d8c3b68674f0e28283018a7753f4377aaa3b3645e5f119a0032129a0a64322f74888aed3519de49e98c5b3c221460218140616f01ac5e9f2f8042e2749b8a89112f15310690dad7531f6758c0c65e525dff7859283b566a5b154352c57161cd24e59133a61432f461583e40cac749d722909dfcf0edd6af3cbc9a25e639b0caaf55e8c7b08b53c7d52038b48e1b26ad40f8bb84b3bb9c92bc9b947d2ab5ae4664a5093a4895af09659a78c9393797ea76b5b9416a45025e2ab3ea1627f08d85abd22e156d3e842efbaa1d0e1e4885028b2bc0aa7be8e444799e96fce0444f2b56bd14c0244b4d';
pubExpHex = '010001'
plaintextStr = '1234'
modulus = int(modulusHex, 16)
pubExp = int(pubExpHex, 16)
plaintext = plaintextStr.encode('utf-16le') # encode plaintext with UTF-16LE
publicKey = RSA.construct((modulus, pubExp))
cipher = PKCS1_OAEP.new(publicKey) # apply OAEP as padding
ciphertext = cipher.encrypt(plaintext)
ciphertextReversed = ciphertext[::-1] # encode ciphertext in little endian order
ciphertextReversedB64 = base64.b64encode(ciphertextReversed)
print(ciphertextReversedB64)
Note that OAEP is not deterministic, i.e. repeated encryption with the same key and plaintext gives different ciphertexts. Therefore, the implementation cannot be verified by comparing the ciphertexts, but only by a successful decryption (see the last section).
Plaintexts, larger than 214 bytes: The posted JavaScript code implements a rather unusual feature: RSA can only encrypt plaintexts whose maximum length is equal to the key length (here 2048 bits = 256 bytes) minus the space required by the padding (here for OAEP with SHA-1: 42 bytes), i.e. the maximum length here is 256 - 42 = 214 bytes, see here.
But the Java Script code posted here splits the plaintext into blocks of 214 bytes (or less in the case of the last block), encrypts each block separately and concatenates the ciphertexts. This allows encryption of arbitrarily long plaintexts.
The Python code snippet above does not take this into account, since it is not needed for the short plaintext 1234 used in the example. But for plaintexts larger than 214 bytes this has to be added.
Note that usually long plaintexts are not encrypted this way, but with hybrid encryption, in which e.g. RSA is combined with AES: The plaintext is encrypted with AES, the AES key with RSA.
Test: The JavaScript code below decrypts a ciphertext generated with the JavaScript code posted in the question and a ciphertext generated with the Python code posted in this answer.
Result: Both ciphertexts can be decrypted with the same logic, which shows that the JavaScript and Python encryption code are functionally identical.
Note that a new key pair was used for this test, since only the public key was posted in the question, and that the public key of this new key pair must be applied when generating the ciphertexts (see JavaScript code for encryption) so that the private key used in decryption matches.
(async () => {
function Encrypt(e, t, i, r) {
var n = [];
switch (i.toLowerCase()) {
case "saproof":
if (null == t) {
return null
}
n = PackageSADataForProof(t);
break;
case "newpwd":
if (null == r) {
return null
}
}
if (null == n || "undefined" == typeof n) {
return n
}
if ("undefined" != typeof Key && void 0 !== parseRSAKeyFromString) {
var o = parseRSAKeyFromString(Key)
}
var s = RSAEncrypt(n, o, randomNum);
return s
}
function PackageSADataForProof(e) {
var t, i = [], r = 0;
for (t = 0; t < e.length; t++) {
i[r++] = 127 & e.charCodeAt(t),
i[r++] = (65280 & e.charCodeAt(t)) >> 8
}
return i
}
function parseRSAKeyFromString(e) {
var t = e.indexOf(";");
if (0 > t) {
return null
}
var i = e.substr(0, t)
, r = e.substr(t + 1)
, n = i.indexOf("=");
if (0 > n) {
return null
}
var o = i.substr(n + 1);
if (n = r.indexOf("="),
0 > n) {
return null
}
var s = r.substr(n + 1)
, a = new Object;
return a.n = hexStringToMP(s),
a.e = parseInt(o, 16),
a
}
function hexStringToMP(e) {
var t, i, r = Math.ceil(e.length / 4), n = new JSMPnumber;
for (n.size = r,
t = 0; r > t; t++) {
i = e.substr(4 * t, 4),
n.data[r - 1 - t] = parseInt(i, 16)
}
return n
}
function RSAEncrypt(e, t) {
for (var i = [], r = 42, n = 2 * t.n.size - r, o = 0; o < e.length; o += n) {
if (o + n >= e.length) {
var s = RSAEncryptBlock(e.slice(o), t, randomNum);
s && (i = s.concat(i))
} else {
var s = RSAEncryptBlock(e.slice(o, o + n), t, randomNum);
s && (i = s.concat(i))
}
}
var a = byteArrayToBase64(i);
return a
}
function RSAEncryptBlock(e, t, i) {
var r = t.n
, n = t.e
, o = e.length
, s = 2 * r.size
, a = 42;
if (o + a > s) {
return null
}
applyPKCSv2Padding(e, s, i),
e = e.reverse();
var l = byteArrayToMP(e)
, d = modularExp(l, n, r);
d.size = r.size;
var h = mpToByteArray(d);
return h = h.reverse()
}
function JSMPnumber() {
this.size = 1,
this.data = [],
this.data[0] = 0
}
function byteArrayToMP(e) {
var t = new JSMPnumber
, i = 0
, r = e.length
, n = r >> 1;
for (i = 0; n > i; i++) {
t.data[i] = e[2 * i] + (e[1 + 2 * i] << 8)
}
return r % 2 && (t.data[i++] = e[r - 1]),
t.size = i,
t
}
function modularExp(e, t, i) {
for (var r = [], n = 0; t > 0; ) {
r[n] = 1 & t,
t >>>= 1,
n++
}
for (var o = duplicateMP(e), s = n - 2; s >= 0; s--) {
o = modularMultiply(o, o, i),
1 == r[s] && (o = modularMultiply(o, e, i))
}
return o
}
function modularMultiply(e, t, i) {
var r = multiplyMP(e, t)
, n = divideMP(r, i);
return n.r
}
function multiplyMP(e, t) {
var i = new JSMPnumber;
i.size = e.size + t.size;
var r, n;
for (r = 0; r < i.size; r++) {
i.data[r] = 0
}
var o = e.data
, s = t.data
, a = i.data;
if (e == t) {
for (r = 0; r < e.size; r++) {
a[2 * r] += o[r] * o[r]
}
for (r = 1; r < e.size; r++) {
for (n = 0; r > n; n++) {
a[r + n] += 2 * o[r] * o[n]
}
}
} else {
for (r = 0; r < e.size; r++) {
for (n = 0; n < t.size; n++) {
a[r + n] += o[r] * s[n]
}
}
}
return normalizeJSMP(i),
i
}
function normalizeJSMP(e) {
var t, i, r, n, o;
for (r = e.size,
i = 0,
t = 0; r > t; t++) {
n = e.data[t],
n += i,
o = n,
i = Math.floor(n / 65536),
n -= 65536 * i,
e.data[t] = n
}
}
function removeLeadingZeroes(e) {
for (var t = e.size - 1; t > 0 && 0 == e.data[t--]; ) {
e.size--
}
}
function divideMP(e, t) {
var i = e.size
, r = t.size
, n = t.data[r - 1]
, o = t.data[r - 1] + t.data[r - 2] / 65536
, s = new JSMPnumber;
s.size = i - r + 1,
e.data[i] = 0;
for (var a = i - 1; a >= r - 1; a--) {
var l = a - r + 1
, d = Math.floor((65536 * e.data[a + 1] + e.data[a]) / o);
if (d > 0) {
var h = multiplyAndSubtract(e, d, t, l);
for (0 > h && (d--,
multiplyAndSubtract(e, d, t, l)); h > 0 && e.data[a] >= n; ) {
h = multiplyAndSubtract(e, 1, t, l),
h > 0 && d++
}
}
s.data[l] = d
}
removeLeadingZeroes(e);
var u = {
"q": s,
"r": e
};
return u
}
function multiplyAndSubtract(e, t, i, r) {
var n, o = e.data.slice(0), s = 0, a = e.data;
for (n = 0; n < i.size; n++) {
var l = s + i.data[n] * t;
s = l >>> 16,
l -= 65536 * s,
l > a[n + r] ? (a[n + r] += 65536 - l,
s++) : a[n + r] -= l
}
return s > 0 && (a[n + r] -= s),
a[n + r] < 0 ? (e.data = o.slice(0),
-1) : 1
}
function applyPKCSv2Padding(e, t, i) {
var r, n = e.length, o = [218, 57, 163, 238, 94, 107, 75, 13, 50, 85, 191, 239, 149, 96, 24, 144, 175, 216, 7, 9], s = t - n - 40 - 2, a = [];
for (r = 0; s > r; r++) {
a[r] = 0
}
a[s] = 1;
var l = o.concat(a, e)
, d = [];
for (r = 0; 20 > r; r++) {
d[r] = Math.floor(256 * Math.random())
}
d = SHA1(d.concat(i));
var h = MGF(d, t - 21)
, u = XORarrays(l, h)
, c = MGF(u, 20)
, p = XORarrays(d, c)
, f = [];
for (f[0] = 0,
f = f.concat(p, u),
r = 0; r < f.length; r++) {
e[r] = f[r]
}
}
function MGF(e, t) {
if (t > 4096) {
return null
}
var i = e.slice(0)
, r = i.length;
i[r++] = 0,
i[r++] = 0,
i[r++] = 0,
i[r] = 0;
for (var n = 0, o = []; o.length < t; ) {
i[r] = n++,
o = o.concat(SHA1(i))
}
return o.slice(0, t)
}
function XORarrays(e, t) {
if (e.length != t.length) {
return null
}
for (var i = [], r = e.length, n = 0; r > n; n++) {
i[n] = e[n] ^ t[n]
}
return i
}
function SHA1(e) {
var t, i = e.slice(0);
PadSHA1Input(i);
var r = {
"A": 1732584193,
"B": 4023233417,
"C": 2562383102,
"D": 271733878,
"E": 3285377520
};
for (t = 0; t < i.length; t += 64) {
SHA1RoundFunction(r, i, t)
}
var n = [];
return wordToBytes(r.A, n, 0),
wordToBytes(r.B, n, 4),
wordToBytes(r.C, n, 8),
wordToBytes(r.D, n, 12),
wordToBytes(r.E, n, 16),
n
}
function wordToBytes(e, t, i) {
var r;
for (r = 3; r >= 0; r--) {
t[i + r] = 255 & e,
e >>>= 8
}
}
function PadSHA1Input(e) {
var t, i = e.length, r = i, n = i % 64, o = 55 > n ? 56 : 120;
for (e[r++] = 128,
t = n + 1; o > t; t++) {
e[r++] = 0
}
var s = 8 * i;
for (t = 1; 8 > t; t++) {
e[r + 8 - t] = 255 & s,
s >>>= 8
}
}
function SHA1RoundFunction(e, t, i) {
var r, n, o, s = 1518500249, a = 1859775393, l = 2400959708, d = 3395469782, h = [], u = e.A, c = e.B, p = e.C, f = e.D, m = e.E;
for (n = 0,
o = i; 16 > n; n++,
o += 4) {
h[n] = t[o] << 24 | t[o + 1] << 16 | t[o + 2] << 8 | t[o + 3] << 0
}
for (n = 16; 80 > n; n++) {
h[n] = rotateLeft(h[n - 3] ^ h[n - 8] ^ h[n - 14] ^ h[n - 16], 1)
}
var g;
for (r = 0; 20 > r; r++) {
g = rotateLeft(u, 5) + (c & p | ~c & f) + m + h[r] + s & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
for (r = 20; 40 > r; r++) {
g = rotateLeft(u, 5) + (c ^ p ^ f) + m + h[r] + a & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
for (r = 40; 60 > r; r++) {
g = rotateLeft(u, 5) + (c & p | c & f | p & f) + m + h[r] + l & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
for (r = 60; 80 > r; r++) {
g = rotateLeft(u, 5) + (c ^ p ^ f) + m + h[r] + d & 4294967295,
m = f,
f = p,
p = rotateLeft(c, 30),
c = u,
u = g
}
e.A = e.A + u & 4294967295,
e.B = e.B + c & 4294967295,
e.C = e.C + p & 4294967295,
e.D = e.D + f & 4294967295,
e.E = e.E + m & 4294967295
}
function rotateLeft(e, t) {
var i = e >>> 32 - t
, r = (1 << 32 - t) - 1
, n = e & r;
return n << t | i
}
function hexStringToMP(e) {
var t, i, r = Math.ceil(e.length / 4), n = new JSMPnumber;
for (n.size = r,
t = 0; r > t; t++) {
i = e.substr(4 * t, 4),
n.data[r - 1 - t] = parseInt(i, 16)
}
return n
}
function duplicateMP(e) {
var t = new JSMPnumber;
return t.size = e.size,
t.data = e.data.slice(0),
t
}
function mpToByteArray(e) {
var t = []
, i = 0
, r = e.size;
for (i = 0; r > i; i++) {
t[2 * i] = 255 & e.data[i];
var n = e.data[i] >>> 8;
t[2 * i + 1] = n
}
return t
}
function byteArrayToBase64(e) {
var t, i, r = e.length, n = "";
for (t = r - 3; t >= 0; t -= 3) {
i = e[t] | e[t + 1] << 8 | e[t + 2] << 16,
n += base64Encode(i, 4)
}
var o = r % 3;
for (i = 0,
t += 2; t >= 0; t--) {
i = i << 8 | e[t]
}
return 1 == o ? n = n + base64Encode(i << 16, 2) + "==" : 2 == o && (n = n + base64Encode(i << 8, 3) + "="),
n
}
function base64Encode(e, t) {
var i, r = "";
for (i = t; 4 > i; i++) {
e >>= 6
}
for (i = 0; t > i; i++) {
r = mapByteToBase64(63 & e) + r,
e >>= 6
}
return r
}
function mapByteToBase64(e) {
return e >= 0 && 26 > e ? String.fromCharCode(65 + e) : e >= 26 && 52 > e ? String.fromCharCode(97 + e - 26) : e >= 52 && 62 > e ? String.fromCharCode(48 + e - 52) : 62 == e ? "+" : "/"
}
var Key = "e=10001;m=ba71796836ba1c27cb30c23f3192d3e610e4df4e0253eca914c162063a3041d50c40a60767e7e4941ec6a4bc426adc5827f859eeb8df1c7dca96adb4fd8d446d80d1a29c9349f92b4f33f3c2c5f852bfe5db90ad75095d847093320c1ffc4bff6ee04da1b7f375913e0e176fe654302ad8c8e379432af022e6411eb764c5c1f25c26b06244978470b7d58164d7191427ee09e058aca452ee6b4bcdde014d711fd14ba2341fca26bcf7f13292238eeffdd45b077e3004d9f472e34b1dbf2dfde0da3afcd5e89f12660396b8bf399a783a166efb4068d4b5e5a024defaf9884366025fb11ab543aec9032dd95c31e2e57e77f0370cfe8fb4c1812a917c4ade221b"
var randomNum = "AA278C7C00D44877AA95055BB0497A6169195B7B79C664E0AC9DFDCE1112CE28282BAA83D5CD95041CB512CD35624CCD6FD873C98579E4D3C4D25E5E6134F65628BDA9DE9C00A6E53A0194EA7483BCB1AABD8AA983282259E2953CC8705D36BB9936E57E"
var ciphertextB64FromJS = Encrypt(null, "1234", "saproof");
document.getElementById("js_enc").innerHTML = "JavaScript code (encryption): " + ciphertextB64FromJS;
// Decryption ======================================================================================================================================================
// Decryption of a ciphertext from the JavaScript Code
var decryptedCiphertextFromJS = await decrypt(ciphertextB64FromJS);
document.getElementById("js_dec").innerHTML = "JavaScript code (decryption): " + decryptedCiphertextFromJS;
// Decryption of a ciphertext from the Python code for encryption
var ciphertextB64FromPy = 'iQefWJtEXRjMpJj59NmODmDVuJJkmsSV2pNvPrAX74lDWiXHjY4H34XAEGHY5bJ/3xJ3f7pM1R0Nb8cBJSgQMpCO/0PCdDSbalw7M/cbEEOzrIVMxg8NXOsUM6tqetaroSAutyesg8+EsP4liow3ssV6I7cX/QDpunFV0vRHxTM9Am35QNrNfpvZMu4kV642dq9ocSJLdbaBfaKXUyBA6nYzUIhq3nHx8XzPxo9DnAoE6qkGeRpQzV7Mo+jeY26YOP/DyVmb0JuOXPI8Uz/4yxhQp7ygAVOF5CNojZN0XtZVqORV4+2bFEMD+Fi9YIIFFMrym169ACoy2faTfLYjlw=='; // MAKE SURE TO USE THE CORRECT PUBLIC KEY DURING ENCRYPTION!!!: modulus = 0xba717968..., public exponent = 0x10001 (s. above)
var decryptedCiphertextFromPy = await decrypt(ciphertextB64FromPy);
document.getElementById("py_dec").innerHTML = "Python code (decryption): " + decryptedCiphertextFromPy;
async function decrypt(ciphertextBase64){
var pkcs8Der = b642ab('MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6cXloNrocJ8swwj8xktPmEOTfTgJT7KkUwWIGOjBB1QxApgdn5+SUHsakvEJq3Fgn+FnuuN8cfcqWrbT9jURtgNGinJNJ+StPM/PCxfhSv+XbkK11CV2EcJMyDB/8S/9u4E2ht/N1kT4OF2/mVDAq2MjjeUMq8CLmQR63ZMXB8lwmsGJEl4Rwt9WBZNcZFCfuCeBYrKRS7mtLzd4BTXEf0UuiNB/KJrz38TKSI47v/dRbB34wBNn0cuNLHb8t/eDaOvzV6J8SZgOWuL85mng6Fm77QGjUteWgJN76+YhDZgJfsRq1Q67JAy3ZXDHi5X538DcM/o+0wYEqkXxK3iIbAgMBAAECggEASlJj0ExIomKmmBhG8q8SM1s2sWG6gdQMjs6MEeluRT/1c2v79cq2Dum5y/+UBl8x8TUKPKSLpCLs+GXkiVKgHXrFlqoN+OYQArG2EUWzuODwczdYPhhupBXwR3oX4g41k/BsYfQfZBVzBFEJdWrIDLyAUFWNlfdGIj2BTiAoySfyqmamvmW8bsvc8coiGlZ28UC85/Xqx9wOzjeGoRkCH7PcTMlc9F7SxSthwX/k1VBXmNOHa+HzGOgO/W3k1LDqJbq2wKjZTW3iVEg2VodjxgBLMm0MueSGoI6IuaZSPMyFEM3gGvC2+cDBI2SL/amhiTUa/VDlTVw/IKbSuar9uQKBgQDd76M0Po5Lqh8ZhQ3obhFqkfO5EBXy7HUL15cw51kVtwF6Gf/J2HNHjwsg9Nb0eJETTS6bbuVd9bn884JoRS986nVTFNZ4dnjEgKjjQ8GjfzdkpbUxsRLWiIxuOQSpIUZGdMi2ctTTtspvMsDsjRRYdYIQCe/SDsdHGT3vcUCybwKBgQDXDz6iVnY84Fh5iDDVrQOR4lYoxCL/ikCDJjC6y1mjR0eVFdBPQ4j1dDSPU9lahBLby0VyagQCDp/kxQOl0z2zBLRI4I8jUtz9/9KW6ze7U7dQJ7OTfumd5I97OyQOG9XZwKUkRgfyb/PAMBSUSLgosi38f+OC3IN3qlvHFzvxFQKBgQCITpUDEmSczih5qQGIvolN1cRF5j5Ey7t7gXbnXz+Umah7kJpMIvdyfMVOAXJABgi8PQwiBLM0ySXo2LpARjXLV8ilNUggBktYDNktc8DrJMgltayaj3HNd2IglD5rjfc2cKWRgOd7/GlKcHaTEnbreYhfR2sWrWLxJOyoMfuVWwKBgFalCbMV6qU0LfEo8aPlBN8ttVDPVNpntP4h0NgxPXgPK8Pg+gA1UWSy4MouGg/hzkdHaj9ifyLlCX598a5JoT4S0x/ZeVHd/LNI8mtjcRzD6cMde7gdFbpLb5NSjIAyrsIAX4hxvpnqiOYRePkVIz0iLGziiaMbfMwlkrxvm/LRAoGBALPRbtSbE2pPgvOHKHTGPr7gKbmsWVbOcQA8rG801T38W/UPe1XtynMEjzzQ29OaVeQwvUN9+DxFXJ6Yvwj6ih4Wdq109i7Oo1fDnMczOQN9DKch2eNAHrNSOMyLDCBm++wbyHAsS2T0VO8+gzLABviZm5AFCQWfke4LZo5mOS10');
var privateKey = await window.crypto.subtle.importKey("pkcs8", pkcs8Der, {name: "RSA-OAEP", hash: "SHA-1"}, true, ["decrypt"]);
var ciphertext = b642ab(ciphertextBase64);
ciphertext = ciphertext.reverse(); // reverse little endian order
var decrypted = await window.crypto.subtle.decrypt({name: "RSA-OAEP"}, privateKey, ciphertext); // apply OAEP as padding
return decodeUTF16LE(decrypted); // decode with UTF-16LE
}
// Helper
function b642ab(base64_string){
return Uint8Array.from(window.atob(base64_string), c => c.charCodeAt(0));
}
// https://stackoverflow.com/a/14601808
function decodeUTF16LE(buf) {
var cp = [];
var binaryStr = String.fromCharCode.apply(null, new Uint8Array(buf));
for( var i = 0; i < binaryStr.length; i+=2) {
cp.push(
binaryStr.charCodeAt(i) |
( binaryStr.charCodeAt(i+1) << 8 )
);
}
return String.fromCharCode.apply( String, cp );
}
})();
<p style="font-family:'Courier New', monospace;" id="js_enc"></p>
<p style="font-family:'Courier New', monospace;" id="js_dec"></p>
<p style="font-family:'Courier New', monospace;" id="py_dec"></p>
For example, a js file called x.js (it's very simple just for explanation):
function func2(x, y) {
return x + y
}
function func1(x, y) {
return func2(x, y)
}
Now the module name is jstopy:
import jstopy
jsobj = jstopy.load("x.js")
jsobj.call("func1",1,2) # will return 3
I've searched answer for a long time. Answers such as this are all for python 2 version. Execjs, pyv8 I've all tried.
You can see my final goal in this question. I've tried to reimplement it to Python but I failed, it's simply beyond my current js skills.
Update the encryption is done by the function do_encrypt:
\* ori_password.value is the original password string a user entered
en_password.value will be set to the encrypt password*\
function do_encrypt(ori_password, en_password) {
var rsa = new RSAKey();
rsa.setPublic(rsa_key,'10001');
var en_pwd = document.getElementById(en_password);
var pwd = document.getElementById(ori_password);
var pwd_value = pwd.value;
var sts = document.getElementById('sts').value;
if(pwd_value.length!=0){
var res = rsa.encrypt(pwd_value+"\n"+sts);
if(res) {
en_pwd.value = hex2b64(res);
pwd.value = "";
}
}
}
The content of js file is (if needed):
var b64map = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var b64pad = "=";
function hex2b64(d) {
var b;
var e;
var a = "";
for (b = 0; b + 3 <= d.length; b += 3) {
e = parseInt(d.substring(b, b + 3), 16);
a += b64map.charAt(e >> 6) + b64map.charAt(e & 63)
}
if (b + 1 == d.length) {
e = parseInt(d.substring(b, b + 1), 16);
a += b64map.charAt(e << 2)
} else {
if (b + 2 == d.length) {
e = parseInt(d.substring(b, b + 2), 16);
a += b64map.charAt(e >> 2) + b64map.charAt((e & 3) << 4)
}
}
while ((a.length & 3) > 0) {
a += b64pad
}
return a
}
function b64tohex(e) {
var c = "";
var d;
var a = 0;
var b;
for (d = 0; d < e.length; ++d) {
if (e.charAt(d) == b64pad) {
break
}
v = b64map.indexOf(e.charAt(d));
if (v < 0) {
continue
}
if (a == 0) {
c += int2char(v >> 2);
b = v & 3;
a = 1
} else {
if (a == 1) {
c += int2char((b << 2) | (v >> 4));
b = v & 15;
a = 2
} else {
if (a == 2) {
c += int2char(b);
c += int2char(v >> 2);
b = v & 3;
a = 3
} else {
c += int2char((b << 2) | (v >> 4));
c += int2char(v & 15);
a = 0
}
}
}
}
if (a == 1) {
c += int2char(b << 2)
}
return c
}
function b64toBA(e) {
var d = b64tohex(e);
var c;
var b = new Array();
for (c = 0; 2 * c < d.length; ++c) {
b[c] = parseInt(d.substring(2 * c, 2 * c + 2), 16)
}
return b
}
function do_encrypt(e, i) {
var c = new RSAKey();
var h = "A86C210DEB066606F7BB171ACD3EB98A7978833747B7CF488C788954785FFE58839BE7F9E490F12FFE7A6F3D31D993936D20245ECB6A40713999A8D472B89D0F3113226DA30656CD84B186FA4EC28A8A5AEF8781FC3A49B6C504BD9094523E930E754A12C9A0A54D474A99F0B754B047B0BFAAE7A6D6C97DA2D4C2623A6083B3";
c.setPublic(h, "10001");
var b = document.getElementById(i);
var d = document.getElementById(e);
var a = d.value;
var g = document.getElementById("sts").value;
if (a.length != 0) {
var f = c.encrypt(a + "\n" + g);
if (f) {
b.value = hex2b64(f);
d.value = ""
}
}
}
var dbits;
var canary = 244837814094590;
var j_lm = ((canary & 16777215) == 15715070);
function BigInteger(e, d, f) {
if (e != null) {
if ("number" == typeof e) {
this.fromNumber(e, d, f)
} else {
if (d == null && "string" != typeof e) {
this.fromString(e, 256)
} else {
this.fromString(e, d)
}
}
}
}
function nbi() {
return new BigInteger(null)
}
function am1(f, a, b, e, h, g) {
while (--g >= 0) {
var d = a * this[f++] + b[e] + h;
h = Math.floor(d / 67108864);
b[e++] = d & 67108863
}
return h
}
function am2(f, q, r, e, o, a) {
var k = q & 32767,
p = q >> 15;
while (--a >= 0) {
var d = this[f] & 32767;
var g = this[f++] >> 15;
var b = p * d + g * k;
d = k * d + ((b & 32767) << 15) + r[e] + (o & 1073741823);
o = (d >>> 30) + (b >>> 15) + p * g + (o >>> 30);
r[e++] = d & 1073741823
}
return o
}
function am3(f, q, r, e, o, a) {
var k = q & 16383,
p = q >> 14;
while (--a >= 0) {
var d = this[f] & 16383;
var g = this[f++] >> 14;
var b = p * d + g * k;
d = k * d + ((b & 16383) << 14) + r[e] + o;
o = (d >> 28) + (b >> 14) + p * g;
r[e++] = d & 268435455
}
return o
}
if (j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
BigInteger.prototype.am = am2;
dbits = 30
} else {
if (j_lm && (navigator.appName != "Netscape")) {
BigInteger.prototype.am = am1;
dbits = 26
} else {
BigInteger.prototype.am = am3;
dbits = 28
}
}
BigInteger.prototype.DB = dbits;
BigInteger.prototype.DM = ((1 << dbits) - 1);
BigInteger.prototype.DV = (1 << dbits);
var BI_FP = 52;
BigInteger.prototype.FV = Math.pow(2, BI_FP);
BigInteger.prototype.F1 = BI_FP - dbits;
BigInteger.prototype.F2 = 2 * dbits - BI_FP;
var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz";
var BI_RC = new Array();
var rr, vv;
rr = "0".charCodeAt(0);
for (vv = 0; vv <= 9; ++vv) {
BI_RC[rr++] = vv
}
rr = "a".charCodeAt(0);
for (vv = 10; vv < 36; ++vv) {
BI_RC[rr++] = vv
}
rr = "A".charCodeAt(0);
for (vv = 10; vv < 36; ++vv) {
BI_RC[rr++] = vv
}
function int2char(a) {
return BI_RM.charAt(a)
}
function intAt(b, a) {
var d = BI_RC[b.charCodeAt(a)];
return (d == null) ? -1 : d
}
function bnpCopyTo(b) {
for (var a = this.t - 1; a >= 0; --a) {
b[a] = this[a]
}
b.t = this.t;
b.s = this.s
}
function bnpFromInt(a) {
this.t = 1;
this.s = (a < 0) ? -1 : 0;
if (a > 0) {
this[0] = a
} else {
if (a < -1) {
this[0] = a + DV
} else {
this.t = 0
}
}
}
function nbv(a) {
var b = nbi();
b.fromInt(a);
return b
}
function bnpFromString(h, c) {
var e;
if (c == 16) {
e = 4
} else {
if (c == 8) {
e = 3
} else {
if (c == 256) {
e = 8
} else {
if (c == 2) {
e = 1
} else {
if (c == 32) {
e = 5
} else {
if (c == 4) {
e = 2
} else {
this.fromRadix(h, c);
return
}
}
}
}
}
}
this.t = 0;
this.s = 0;
var g = h.length,
d = false,
f = 0;
while (--g >= 0) {
var a = (e == 8) ? h[g] & 255 : intAt(h, g);
if (a < 0) {
if (h.charAt(g) == "-") {
d = true
}
continue
}
d = false;
if (f == 0) {
this[this.t++] = a
} else {
if (f + e > this.DB) {
this[this.t - 1] |= (a & ((1 << (this.DB - f)) - 1)) << f;
this[this.t++] = (a >> (this.DB - f))
} else {
this[this.t - 1] |= a << f
}
}
f += e;
if (f >= this.DB) {
f -= this.DB
}
}
if (e == 8 && (h[0] & 128) != 0) {
this.s = -1;
if (f > 0) {
this[this.t - 1] |= ((1 << (this.DB - f)) - 1) << f
}
}
this.clamp();
if (d) {
BigInteger.ZERO.subTo(this, this)
}
}
function bnpClamp() {
var a = this.s & this.DM;
while (this.t > 0 && this[this.t - 1] == a) {
--this.t
}
}
function bnToString(c) {
if (this.s < 0) {
return "-" + this.negate().toString(c)
}
var e;
if (c == 16) {
e = 4
} else {
if (c == 8) {
e = 3
} else {
if (c == 2) {
e = 1
} else {
if (c == 32) {
e = 5
} else {
if (c == 4) {
e = 2
} else {
return this.toRadix(c)
}
}
}
}
}
var g = (1 << e) - 1,
l, a = false,
h = "",
f = this.t;
var j = this.DB - (f * this.DB) % e;
if (f-- > 0) {
if (j < this.DB && (l = this[f] >> j) > 0) {
a = true;
h = int2char(l)
}
while (f >= 0) {
if (j < e) {
l = (this[f] & ((1 << j) - 1)) << (e - j);
l |= this[--f] >> (j += this.DB - e)
} else {
l = (this[f] >> (j -= e)) & g;
if (j <= 0) {
j += this.DB;
--f
}
}
if (l > 0) {
a = true
}
if (a) {
h += int2char(l)
}
}
}
return a ? h : "0"
}
function bnNegate() {
var a = nbi();
BigInteger.ZERO.subTo(this, a);
return a
}
function bnAbs() {
return (this.s < 0) ? this.negate() : this
}
function bnCompareTo(b) {
var d = this.s - b.s;
if (d != 0) {
return d
}
var c = this.t;
d = c - b.t;
if (d != 0) {
return (this.s < 0) ? -d : d
}
while (--c >= 0) {
if ((d = this[c] - b[c]) != 0) {
return d
}
}
return 0
}
function nbits(a) {
var c = 1,
b;
if ((b = a >>> 16) != 0) {
a = b;
c += 16
}
if ((b = a >> 8) != 0) {
a = b;
c += 8
}
if ((b = a >> 4) != 0) {
a = b;
c += 4
}
if ((b = a >> 2) != 0) {
a = b;
c += 2
}
if ((b = a >> 1) != 0) {
a = b;
c += 1
}
return c
}
function bnBitLength() {
if (this.t <= 0) {
return 0
}
return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM))
}
function bnpDLShiftTo(c, b) {
var a;
for (a = this.t - 1; a >= 0; --a) {
b[a + c] = this[a]
}
for (a = c - 1; a >= 0; --a) {
b[a] = 0
}
b.t = this.t + c;
b.s = this.s
}
function bnpDRShiftTo(c, b) {
for (var a = c; a < this.t; ++a) {
b[a - c] = this[a]
}
b.t = Math.max(this.t - c, 0);
b.s = this.s
}
function bnpLShiftTo(j, e) {
var b = j % this.DB;
var a = this.DB - b;
var g = (1 << a) - 1;
var f = Math.floor(j / this.DB),
h = (this.s << b) & this.DM,
d;
for (d = this.t - 1; d >= 0; --d) {
e[d + f + 1] = (this[d] >> a) | h;
h = (this[d] & g) << b
}
for (d = f - 1; d >= 0; --d) {
e[d] = 0
}
e[f] = h;
e.t = this.t + f + 1;
e.s = this.s;
e.clamp()
}
function bnpRShiftTo(g, d) {
d.s = this.s;
var e = Math.floor(g / this.DB);
if (e >= this.t) {
d.t = 0;
return
}
var b = g % this.DB;
var a = this.DB - b;
var f = (1 << b) - 1;
d[0] = this[e] >> b;
for (var c = e + 1; c < this.t; ++c) {
d[c - e - 1] |= (this[c] & f) << a;
d[c - e] = this[c] >> b
}
if (b > 0) {
d[this.t - e - 1] |= (this.s & f) << a
}
d.t = this.t - e;
d.clamp()
}
function bnpSubTo(d, f) {
var e = 0,
g = 0,
b = Math.min(d.t, this.t);
while (e < b) {
g += this[e] - d[e];
f[e++] = g & this.DM;
g >>= this.DB
}
if (d.t < this.t) {
g -= d.s;
while (e < this.t) {
g += this[e];
f[e++] = g & this.DM;
g >>= this.DB
}
g += this.s
} else {
g += this.s;
while (e < d.t) {
g -= d[e];
f[e++] = g & this.DM;
g >>= this.DB
}
g -= d.s
}
f.s = (g < 0) ? -1 : 0;
if (g < -1) {
f[e++] = this.DV + g
} else {
if (g > 0) {
f[e++] = g
}
}
f.t = e;
f.clamp()
}
function bnpMultiplyTo(c, e) {
var b = this.abs(),
f = c.abs();
var d = b.t;
e.t = d + f.t;
while (--d >= 0) {
e[d] = 0
}
for (d = 0; d < f.t; ++d) {
e[d + b.t] = b.am(0, f[d], e, d, 0, b.t)
}
e.s = 0;
e.clamp();
if (this.s != c.s) {
BigInteger.ZERO.subTo(e, e)
}
}
function bnpSquareTo(d) {
var a = this.abs();
var b = d.t = 2 * a.t;
while (--b >= 0) {
d[b] = 0
}
for (b = 0; b < a.t - 1; ++b) {
var e = a.am(b, a[b], d, 2 * b, 0, 1);
if ((d[b + a.t] += a.am(b + 1, 2 * a[b], d, 2 * b + 1, e, a.t - b - 1)) >= a.DV) {
d[b + a.t] -= a.DV;
d[b + a.t + 1] = 1
}
}
if (d.t > 0) {
d[d.t - 1] += a.am(b, a[b], d, 2 * b, 0, 1)
}
d.s = 0;
d.clamp()
}
function bnpDivRemTo(n, h, g) {
var x = n.abs();
if (x.t <= 0) {
return
}
var k = this.abs();
if (k.t < x.t) {
if (h != null) {
h.fromInt(0)
}
if (g != null) {
this.copyTo(g)
}
return
}
if (g == null) {
g = nbi()
}
var d = nbi(),
a = this.s,
l = n.s;
var w = this.DB - nbits(x[x.t - 1]);
if (w > 0) {
x.lShiftTo(w, d);
k.lShiftTo(w, g)
} else {
x.copyTo(d);
k.copyTo(g)
}
var p = d.t;
var b = d[p - 1];
if (b == 0) {
return
}
var o = b * (1 << this.F1) + ((p > 1) ? d[p - 2] >> this.F2 : 0);
var C = this.FV / o,
B = (1 << this.F1) / o,
A = 1 << this.F2;
var u = g.t,
s = u - p,
f = (h == null) ? nbi() : h;
d.dlShiftTo(s, f);
if (g.compareTo(f) >= 0) {
g[g.t++] = 1;
g.subTo(f, g)
}
BigInteger.ONE.dlShiftTo(p, f);
f.subTo(d, d);
while (d.t < p) {
d[d.t++] = 0
}
while (--s >= 0) {
var c = (g[--u] == b) ? this.DM : Math.floor(g[u] * C + (g[u - 1] + A) * B);
if ((g[u] += d.am(0, c, g, s, 0, p)) < c) {
d.dlShiftTo(s, f);
g.subTo(f, g);
while (g[u] < --c) {
g.subTo(f, g)
}
}
}
if (h != null) {
g.drShiftTo(p, h);
if (a != l) {
BigInteger.ZERO.subTo(h, h)
}
}
g.t = p;
g.clamp();
if (w > 0) {
g.rShiftTo(w, g)
}
if (a < 0) {
BigInteger.ZERO.subTo(g, g)
}
}
function bnMod(b) {
var c = nbi();
this.abs().divRemTo(b, null, c);
if (this.s < 0 && c.compareTo(BigInteger.ZERO) > 0) {
b.subTo(c, c)
}
return c
}
function Classic(a) {
this.m = a
}
function cConvert(a) {
if (a.s < 0 || a.compareTo(this.m) >= 0) {
return a.mod(this.m)
} else {
return a
}
}
function cRevert(a) {
return a
}
function cReduce(a) {
a.divRemTo(this.m, null, a)
}
function cMulTo(a, c, b) {
a.multiplyTo(c, b);
this.reduce(b)
}
function cSqrTo(a, b) {
a.squareTo(b);
this.reduce(b)
}
Classic.prototype.convert = cConvert;
Classic.prototype.revert = cRevert;
Classic.prototype.reduce = cReduce;
Classic.prototype.mulTo = cMulTo;
Classic.prototype.sqrTo = cSqrTo;
function bnpInvDigit() {
if (this.t < 1) {
return 0
}
var a = this[0];
if ((a & 1) == 0) {
return 0
}
var b = a & 3;
b = (b * (2 - (a & 15) * b)) & 15;
b = (b * (2 - (a & 255) * b)) & 255;
b = (b * (2 - (((a & 65535) * b) & 65535))) & 65535;
b = (b * (2 - a * b % this.DV)) % this.DV;
return (b > 0) ? this.DV - b : -b
}
function Montgomery(a) {
this.m = a;
this.mp = a.invDigit();
this.mpl = this.mp & 32767;
this.mph = this.mp >> 15;
this.um = (1 << (a.DB - 15)) - 1;
this.mt2 = 2 * a.t
}
function montConvert(a) {
var b = nbi();
a.abs().dlShiftTo(this.m.t, b);
b.divRemTo(this.m, null, b);
if (a.s < 0 && b.compareTo(BigInteger.ZERO) > 0) {
this.m.subTo(b, b)
}
return b
}
function montRevert(a) {
var b = nbi();
a.copyTo(b);
this.reduce(b);
return b
}
function montReduce(a) {
while (a.t <= this.mt2) {
a[a.t++] = 0
}
for (var c = 0; c < this.m.t; ++c) {
var b = a[c] & 32767;
var d = (b * this.mpl + (((b * this.mph + (a[c] >> 15) * this.mpl) & this.um) << 15)) & a.DM;
b = c + this.m.t;
a[b] += this.m.am(0, d, a, c, 0, this.m.t);
while (a[b] >= a.DV) {
a[b] -= a.DV;
a[++b]++
}
}
a.clamp();
a.drShiftTo(this.m.t, a);
if (a.compareTo(this.m) >= 0) {
a.subTo(this.m, a)
}
}
function montSqrTo(a, b) {
a.squareTo(b);
this.reduce(b)
}
function montMulTo(a, c, b) {
a.multiplyTo(c, b);
this.reduce(b)
}
Montgomery.prototype.convert = montConvert;
Montgomery.prototype.revert = montRevert;
Montgomery.prototype.reduce = montReduce;
Montgomery.prototype.mulTo = montMulTo;
Montgomery.prototype.sqrTo = montSqrTo;
function bnpIsEven() {
return ((this.t > 0) ? (this[0] & 1) : this.s) == 0
}
function bnpExp(h, j) {
if (h > 4294967295 || h < 1) {
return BigInteger.ONE
}
var f = nbi(),
a = nbi(),
d = j.convert(this),
c = nbits(h) - 1;
d.copyTo(f);
while (--c >= 0) {
j.sqrTo(f, a);
if ((h & (1 << c)) > 0) {
j.mulTo(a, d, f)
} else {
var b = f;
f = a;
a = b
}
}
return j.revert(f)
}
function bnModPowInt(b, a) {
var c;
if (b < 256 || a.isEven()) {
c = new Classic(a)
} else {
c = new Montgomery(a)
}
return this.exp(b, c)
}
BigInteger.prototype.copyTo = bnpCopyTo;
BigInteger.prototype.fromInt = bnpFromInt;
BigInteger.prototype.fromString = bnpFromString;
BigInteger.prototype.clamp = bnpClamp;
BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
BigInteger.prototype.drShiftTo = bnpDRShiftTo;
BigInteger.prototype.lShiftTo = bnpLShiftTo;
BigInteger.prototype.rShiftTo = bnpRShiftTo;
BigInteger.prototype.subTo = bnpSubTo;
BigInteger.prototype.multiplyTo = bnpMultiplyTo;
BigInteger.prototype.squareTo = bnpSquareTo;
BigInteger.prototype.divRemTo = bnpDivRemTo;
BigInteger.prototype.invDigit = bnpInvDigit;
BigInteger.prototype.isEven = bnpIsEven;
BigInteger.prototype.exp = bnpExp;
BigInteger.prototype.toString = bnToString;
BigInteger.prototype.negate = bnNegate;
BigInteger.prototype.abs = bnAbs;
BigInteger.prototype.compareTo = bnCompareTo;
BigInteger.prototype.bitLength = bnBitLength;
BigInteger.prototype.mod = bnMod;
BigInteger.prototype.modPowInt = bnModPowInt;
BigInteger.ZERO = nbv(0);
BigInteger.ONE = nbv(1);
function Arcfour() {
this.i = 0;
this.j = 0;
this.S = new Array()
}
function ARC4init(d) {
var c, a, b;
for (c = 0; c < 256; ++c) {
this.S[c] = c
}
a = 0;
for (c = 0; c < 256; ++c) {
a = (a + this.S[c] + d[c % d.length]) & 255;
b = this.S[c];
this.S[c] = this.S[a];
this.S[a] = b
}
this.i = 0;
this.j = 0
}
function ARC4next() {
var a;
this.i = (this.i + 1) & 255;
this.j = (this.j + this.S[this.i]) & 255;
a = this.S[this.i];
this.S[this.i] = this.S[this.j];
this.S[this.j] = a;
return this.S[(a + this.S[this.i]) & 255]
}
Arcfour.prototype.init = ARC4init;
Arcfour.prototype.next = ARC4next;
function prng_newstate() {
return new Arcfour()
}
var rng_psize = 256;
var rng_state;
var rng_pool;
var rng_pptr;
function rng_seed_int(a) {
rng_pool[rng_pptr++] ^= a & 255;
rng_pool[rng_pptr++] ^= (a >> 8) & 255;
rng_pool[rng_pptr++] ^= (a >> 16) & 255;
rng_pool[rng_pptr++] ^= (a >> 24) & 255;
if (rng_pptr >= rng_psize) {
rng_pptr -= rng_psize
}
}
function rng_seed_time() {
rng_seed_int(new Date().getTime())
}
if (rng_pool == null) {
rng_pool = new Array();
rng_pptr = 0;
var t;
if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto) {
var z = window.crypto.random(32);
for (t = 0; t < z.length; ++t) {
rng_pool[rng_pptr++] = z.charCodeAt(t) & 255
}
}
while (rng_pptr < rng_psize) {
t = Math.floor(65536 * Math.random());
rng_pool[rng_pptr++] = t >>> 8;
rng_pool[rng_pptr++] = t & 255
}
rng_pptr = 0;
rng_seed_time()
}
function rng_get_byte() {
if (rng_state == null) {
rng_seed_time();
rng_state = prng_newstate();
rng_state.init(rng_pool);
for (rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr) {
rng_pool[rng_pptr] = 0
}
rng_pptr = 0
}
return rng_state.next()
}
function rng_get_bytes(b) {
var a;
for (a = 0; a < b.length; ++a) {
b[a] = rng_get_byte()
}
}
function SecureRandom() {}
SecureRandom.prototype.nextBytes = rng_get_bytes;
function parseBigInt(b, a) {
return new BigInteger(b, a)
}
function linebrk(c, d) {
var a = "";
var b = 0;
while (b + d < c.length) {
a += c.substring(b, b + d) + "\n";
b += d
}
return a + c.substring(b, c.length)
}
function byte2Hex(a) {
if (a < 16) {
return "0" + a.toString(16)
} else {
return a.toString(16)
}
}
function pkcs1pad2(e, h) {
if (h < e.length + 11) {
alert("Message too long for RSA");
return null
}
var g = new Array();
var d = e.length - 1;
while (d >= 0 && h > 0) {
var f = e.charCodeAt(d--);
if (f < 128) {
g[--h] = f
} else {
if ((f > 127) && (f < 2048)) {
g[--h] = (f & 63) | 128;
g[--h] = (f >> 6) | 192
} else {
g[--h] = (f & 63) | 128;
g[--h] = ((f >> 6) & 63) | 128;
g[--h] = (f >> 12) | 224
}
}
}
g[--h] = 0;
var b = new SecureRandom();
var a = new Array();
while (h > 2) {
a[0] = 0;
while (a[0] == 0) {
b.nextBytes(a)
}
g[--h] = a[0]
}
g[--h] = 2;
g[--h] = 0;
return new BigInteger(g)
}
function RSAKey() {
this.n = null;
this.e = 0;
this.d = null;
this.p = null;
this.q = null;
this.dmp1 = null;
this.dmq1 = null;
this.coeff = null
}
function RSASetPublic(b, a) {
if (b != null && a != null && b.length > 0 && a.length > 0) {
this.n = parseBigInt(b, 16);
this.e = parseInt(a, 16)
} else {
alert("Invalid RSA public key")
}
}
function RSADoPublic(a) {
return a.modPowInt(this.e, this.n)
}
function RSAEncrypt(d) {
var a = pkcs1pad2(d, (this.n.bitLength() + 7) >> 3);
if (a == null) {
return null
}
var e = this.doPublic(a);
if (e == null) {
return null
}
var b = e.toString(16);
if ((b.length & 1) == 0) {
return b
} else {
return "0" + b
}
}
RSAKey.prototype.doPublic = RSADoPublic;
RSAKey.prototype.setPublic = RSASetPublic;
RSAKey.prototype.encrypt = RSAEncrypt;