react / wstein / node_modules / browserify / node_modules / crypto-browserify / node_modules / diffie-hellman / node_modules / bn.js / lib / bn.js
80559 views(function (module, exports) {12'use strict';34// Utils56function assert(val, msg) {7if (!val)8throw new Error(msg || 'Assertion failed');9}1011// Could use `inherits` module, but don't want to move from single file12// architecture yet.13function inherits(ctor, superCtor) {14ctor.super_ = superCtor;15var TempCtor = function () {};16TempCtor.prototype = superCtor.prototype;17ctor.prototype = new TempCtor();18ctor.prototype.constructor = ctor;19}2021// BN2223function BN(number, base, endian) {24// May be `new BN(bn)` ?25if (number !== null &&26typeof number === 'object' &&27Array.isArray(number.words)) {28return number;29}3031this.sign = false;32this.words = null;33this.length = 0;3435// Reduction context36this.red = null;3738if (base === 'le' || base === 'be') {39endian = base;40base = 10;41}4243if (number !== null)44this._init(number || 0, base || 10, endian || 'be');45}46if (typeof module === 'object')47module.exports = BN;48else49exports.BN = BN;5051BN.BN = BN;52BN.wordSize = 26;5354BN.prototype._init = function init(number, base, endian) {55if (typeof number === 'number') {56if (number < 0) {57this.sign = true;58number = -number;59}60if (number < 0x4000000) {61this.words = [ number & 0x3ffffff ];62this.length = 1;63} else if (number < 0x10000000000000) {64this.words = [65number & 0x3ffffff,66(number / 0x4000000) & 0x3ffffff67];68this.length = 2;69} else {70assert(number < 0x20000000000000); // 2 ^ 53 (unsafe)71this.words = [72number & 0x3ffffff,73(number / 0x4000000) & 0x3ffffff,74175];76this.length = 3;77}78return;79} else if (typeof number === 'object') {80return this._initArray(number, base, endian);81}82if (base === 'hex')83base = 16;84assert(base === (base | 0) && base >= 2 && base <= 36);8586number = number.toString().replace(/\s+/g, '');87var start = 0;88if (number[0] === '-')89start++;9091if (base === 16)92this._parseHex(number, start);93else94this._parseBase(number, base, start);9596if (number[0] === '-')97this.sign = true;9899this.strip();100};101102BN.prototype._initArray = function _initArray(number, base, endian) {103// Perhaps a Uint8Array104assert(typeof number.length === 'number');105if (number.length <= 0) {106this.words = [ 0 ];107this.length = 1;108return this;109}110111this.length = Math.ceil(number.length / 3);112this.words = new Array(this.length);113for (var i = 0; i < this.length; i++)114this.words[i] = 0;115116var off = 0;117if (endian === 'be') {118for (var i = number.length - 1, j = 0; i >= 0; i -= 3) {119var w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16);120this.words[j] |= (w << off) & 0x3ffffff;121this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;122off += 24;123if (off >= 26) {124off -= 26;125j++;126}127}128} else if (endian === 'le') {129for (var i = 0, j = 0; i < number.length; i += 3) {130var w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16);131this.words[j] |= (w << off) & 0x3ffffff;132this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff;133off += 24;134if (off >= 26) {135off -= 26;136j++;137}138}139}140return this.strip();141};142143function parseHex(str, start, end) {144var r = 0;145var len = Math.min(str.length, end);146for (var i = start; i < len; i++) {147var c = str.charCodeAt(i) - 48;148149r <<= 4;150151// 'a' - 'f'152if (c >= 49 && c <= 54)153r |= c - 49 + 0xa;154155// 'A' - 'F'156else if (c >= 17 && c <= 22)157r |= c - 17 + 0xa;158159// '0' - '9'160else161r |= c & 0xf;162}163return r;164}165166BN.prototype._parseHex = function _parseHex(number, start) {167// Create possibly bigger array to ensure that it fits the number168this.length = Math.ceil((number.length - start) / 6);169this.words = new Array(this.length);170for (var i = 0; i < this.length; i++)171this.words[i] = 0;172173// Scan 24-bit chunks and add them to the number174var off = 0;175for (var i = number.length - 6, j = 0; i >= start; i -= 6) {176var w = parseHex(number, i, i + 6);177this.words[j] |= (w << off) & 0x3ffffff;178this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;179off += 24;180if (off >= 26) {181off -= 26;182j++;183}184}185if (i + 6 !== start) {186var w = parseHex(number, start, i + 6);187this.words[j] |= (w << off) & 0x3ffffff;188this.words[j + 1] |= w >>> (26 - off) & 0x3fffff;189}190this.strip();191};192193function parseBase(str, start, end, mul) {194var r = 0;195var len = Math.min(str.length, end);196for (var i = start; i < len; i++) {197var c = str.charCodeAt(i) - 48;198199r *= mul;200201// 'a'202if (c >= 49)203r += c - 49 + 0xa;204205// 'A'206else if (c >= 17)207r += c - 17 + 0xa;208209// '0' - '9'210else211r += c;212}213return r;214}215216BN.prototype._parseBase = function _parseBase(number, base, start) {217// Initialize as zero218this.words = [ 0 ];219this.length = 1;220221// Find length of limb in base222for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base)223limbLen++;224limbLen--;225limbPow = (limbPow / base) | 0;226227var total = number.length - start;228var mod = total % limbLen;229var end = Math.min(total, total - mod) + start;230231var word = 0;232for (var i = start; i < end; i += limbLen) {233word = parseBase(number, i, i + limbLen, base);234235this.imuln(limbPow);236if (this.words[0] + word < 0x4000000)237this.words[0] += word;238else239this._iaddn(word);240}241242if (mod !== 0) {243var pow = 1;244var word = parseBase(number, i, number.length, base);245246for (var i = 0; i < mod; i++)247pow *= base;248this.imuln(pow);249if (this.words[0] + word < 0x4000000)250this.words[0] += word;251else252this._iaddn(word);253}254};255256BN.prototype.copy = function copy(dest) {257dest.words = new Array(this.length);258for (var i = 0; i < this.length; i++)259dest.words[i] = this.words[i];260dest.length = this.length;261dest.sign = this.sign;262dest.red = this.red;263};264265BN.prototype.clone = function clone() {266var r = new BN(null);267this.copy(r);268return r;269};270271// Remove leading `0` from `this`272BN.prototype.strip = function strip() {273while (this.length > 1 && this.words[this.length - 1] === 0)274this.length--;275return this._normSign();276};277278BN.prototype._normSign = function _normSign() {279// -0 = 0280if (this.length === 1 && this.words[0] === 0)281this.sign = false;282return this;283};284285BN.prototype.inspect = function inspect() {286return (this.red ? '<BN-R: ' : '<BN: ') + this.toString(16) + '>';287};288289/*290291var zeros = [];292var groupSizes = [];293var groupBases = [];294295var s = '';296var i = -1;297while (++i < BN.wordSize) {298zeros[i] = s;299s += '0';300}301groupSizes[0] = 0;302groupSizes[1] = 0;303groupBases[0] = 0;304groupBases[1] = 0;305var base = 2 - 1;306while (++base < 36 + 1) {307var groupSize = 0;308var groupBase = 1;309while (groupBase < (1 << BN.wordSize) / base) {310groupBase *= base;311groupSize += 1;312}313groupSizes[base] = groupSize;314groupBases[base] = groupBase;315}316317*/318319var zeros = [320'',321'0',322'00',323'000',324'0000',325'00000',326'000000',327'0000000',328'00000000',329'000000000',330'0000000000',331'00000000000',332'000000000000',333'0000000000000',334'00000000000000',335'000000000000000',336'0000000000000000',337'00000000000000000',338'000000000000000000',339'0000000000000000000',340'00000000000000000000',341'000000000000000000000',342'0000000000000000000000',343'00000000000000000000000',344'000000000000000000000000',345'0000000000000000000000000'346];347348var groupSizes = [3490, 0,35025, 16, 12, 11, 10, 9, 8,3518, 7, 7, 7, 7, 6, 6,3526, 6, 6, 6, 6, 5, 5,3535, 5, 5, 5, 5, 5, 5,3545, 5, 5, 5, 5, 5, 5355];356357var groupBases = [3580, 0,35933554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216,36043046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625,36116777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632,3626436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149,36324300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176364];365366BN.prototype.toString = function toString(base, padding) {367base = base || 10;368if (base === 16 || base === 'hex') {369var out = '';370var off = 0;371var padding = padding | 0 || 1;372var carry = 0;373for (var i = 0; i < this.length; i++) {374var w = this.words[i];375var word = (((w << off) | carry) & 0xffffff).toString(16);376carry = (w >>> (24 - off)) & 0xffffff;377if (carry !== 0 || i !== this.length - 1)378out = zeros[6 - word.length] + word + out;379else380out = word + out;381off += 2;382if (off >= 26) {383off -= 26;384i--;385}386}387if (carry !== 0)388out = carry.toString(16) + out;389while (out.length % padding !== 0)390out = '0' + out;391if (this.sign)392out = '-' + out;393return out;394} else if (base === (base | 0) && base >= 2 && base <= 36) {395// var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base));396var groupSize = groupSizes[base];397// var groupBase = Math.pow(base, groupSize);398var groupBase = groupBases[base];399var out = '';400var c = this.clone();401c.sign = false;402while (c.cmpn(0) !== 0) {403var r = c.modn(groupBase).toString(base);404c = c.idivn(groupBase);405406if (c.cmpn(0) !== 0)407out = zeros[groupSize - r.length] + r + out;408else409out = r + out;410}411if (this.cmpn(0) === 0)412out = '0' + out;413if (this.sign)414out = '-' + out;415return out;416} else {417assert(false, 'Base should be between 2 and 36');418}419};420421BN.prototype.toJSON = function toJSON() {422return this.toString(16);423};424425BN.prototype.toArray = function toArray() {426this.strip();427var res = new Array(this.byteLength());428res[0] = 0;429430var q = this.clone();431for (var i = 0; q.cmpn(0) !== 0; i++) {432var b = q.andln(0xff);433q.ishrn(8);434435// Assume big-endian436res[res.length - i - 1] = b;437}438439return res;440};441442if (Math.clz32) {443BN.prototype._countBits = function _countBits(w) {444return 32 - Math.clz32(w);445};446} else {447BN.prototype._countBits = function _countBits(w) {448var t = w;449var r = 0;450if (t >= 0x1000) {451r += 13;452t >>>= 13;453}454if (t >= 0x40) {455r += 7;456t >>>= 7;457}458if (t >= 0x8) {459r += 4;460t >>>= 4;461}462if (t >= 0x02) {463r += 2;464t >>>= 2;465}466return r + t;467};468}469470BN.prototype._zeroBits = function _zeroBits(w) {471// Short-cut472if (w === 0)473return 26;474475var t = w;476var r = 0;477if ((t & 0x1fff) === 0) {478r += 13;479t >>>= 13;480}481if ((t & 0x7f) === 0) {482r += 7;483t >>>= 7;484}485if ((t & 0xf) === 0) {486r += 4;487t >>>= 4;488}489if ((t & 0x3) === 0) {490r += 2;491t >>>= 2;492}493if ((t & 0x1) === 0)494r++;495return r;496};497498// Return number of used bits in a BN499BN.prototype.bitLength = function bitLength() {500var hi = 0;501var w = this.words[this.length - 1];502var hi = this._countBits(w);503return (this.length - 1) * 26 + hi;504};505506// Number of trailing zero bits507BN.prototype.zeroBits = function zeroBits() {508if (this.cmpn(0) === 0)509return 0;510511var r = 0;512for (var i = 0; i < this.length; i++) {513var b = this._zeroBits(this.words[i]);514r += b;515if (b !== 26)516break;517}518return r;519};520521BN.prototype.byteLength = function byteLength() {522return Math.ceil(this.bitLength() / 8);523};524525// Return negative clone of `this`526BN.prototype.neg = function neg() {527if (this.cmpn(0) === 0)528return this.clone();529530var r = this.clone();531r.sign = !this.sign;532return r;533};534535536// Or `num` with `this` in-place537BN.prototype.ior = function ior(num) {538this.sign = this.sign || num.sign;539540while (this.length < num.length)541this.words[this.length++] = 0;542543for (var i = 0; i < num.length; i++)544this.words[i] = this.words[i] | num.words[i];545546return this.strip();547};548549550// Or `num` with `this`551BN.prototype.or = function or(num) {552if (this.length > num.length)553return this.clone().ior(num);554else555return num.clone().ior(this);556};557558559// And `num` with `this` in-place560BN.prototype.iand = function iand(num) {561this.sign = this.sign && num.sign;562563// b = min-length(num, this)564var b;565if (this.length > num.length)566b = num;567else568b = this;569570for (var i = 0; i < b.length; i++)571this.words[i] = this.words[i] & num.words[i];572573this.length = b.length;574575return this.strip();576};577578579// And `num` with `this`580BN.prototype.and = function and(num) {581if (this.length > num.length)582return this.clone().iand(num);583else584return num.clone().iand(this);585};586587588// Xor `num` with `this` in-place589BN.prototype.ixor = function ixor(num) {590this.sign = this.sign || num.sign;591592// a.length > b.length593var a;594var b;595if (this.length > num.length) {596a = this;597b = num;598} else {599a = num;600b = this;601}602603for (var i = 0; i < b.length; i++)604this.words[i] = a.words[i] ^ b.words[i];605606if (this !== a)607for (; i < a.length; i++)608this.words[i] = a.words[i];609610this.length = a.length;611612return this.strip();613};614615616// Xor `num` with `this`617BN.prototype.xor = function xor(num) {618if (this.length > num.length)619return this.clone().ixor(num);620else621return num.clone().ixor(this);622};623624625// Set `bit` of `this`626BN.prototype.setn = function setn(bit, val) {627assert(typeof bit === 'number' && bit >= 0);628629var off = (bit / 26) | 0;630var wbit = bit % 26;631632while (this.length <= off)633this.words[this.length++] = 0;634635if (val)636this.words[off] = this.words[off] | (1 << wbit);637else638this.words[off] = this.words[off] & ~(1 << wbit);639640return this.strip();641};642643644// Add `num` to `this` in-place645BN.prototype.iadd = function iadd(num) {646// negative + positive647if (this.sign && !num.sign) {648this.sign = false;649var r = this.isub(num);650this.sign = !this.sign;651return this._normSign();652653// positive + negative654} else if (!this.sign && num.sign) {655num.sign = false;656var r = this.isub(num);657num.sign = true;658return r._normSign();659}660661// a.length > b.length662var a;663var b;664if (this.length > num.length) {665a = this;666b = num;667} else {668a = num;669b = this;670}671672var carry = 0;673for (var i = 0; i < b.length; i++) {674var r = a.words[i] + b.words[i] + carry;675this.words[i] = r & 0x3ffffff;676carry = r >>> 26;677}678for (; carry !== 0 && i < a.length; i++) {679var r = a.words[i] + carry;680this.words[i] = r & 0x3ffffff;681carry = r >>> 26;682}683684this.length = a.length;685if (carry !== 0) {686this.words[this.length] = carry;687this.length++;688// Copy the rest of the words689} else if (a !== this) {690for (; i < a.length; i++)691this.words[i] = a.words[i];692}693694return this;695};696697// Add `num` to `this`698BN.prototype.add = function add(num) {699if (num.sign && !this.sign) {700num.sign = false;701var res = this.sub(num);702num.sign = true;703return res;704} else if (!num.sign && this.sign) {705this.sign = false;706var res = num.sub(this);707this.sign = true;708return res;709}710711if (this.length > num.length)712return this.clone().iadd(num);713else714return num.clone().iadd(this);715};716717// Subtract `num` from `this` in-place718BN.prototype.isub = function isub(num) {719// this - (-num) = this + num720if (num.sign) {721num.sign = false;722var r = this.iadd(num);723num.sign = true;724return r._normSign();725726// -this - num = -(this + num)727} else if (this.sign) {728this.sign = false;729this.iadd(num);730this.sign = true;731return this._normSign();732}733734// At this point both numbers are positive735var cmp = this.cmp(num);736737// Optimization - zeroify738if (cmp === 0) {739this.sign = false;740this.length = 1;741this.words[0] = 0;742return this;743}744745// a > b746var a;747var b;748if (cmp > 0) {749a = this;750b = num;751} else {752a = num;753b = this;754}755756var carry = 0;757for (var i = 0; i < b.length; i++) {758var r = a.words[i] - b.words[i] + carry;759carry = r >> 26;760this.words[i] = r & 0x3ffffff;761}762for (; carry !== 0 && i < a.length; i++) {763var r = a.words[i] + carry;764carry = r >> 26;765this.words[i] = r & 0x3ffffff;766}767768// Copy rest of the words769if (carry === 0 && i < a.length && a !== this)770for (; i < a.length; i++)771this.words[i] = a.words[i];772this.length = Math.max(this.length, i);773774if (a !== this)775this.sign = true;776777return this.strip();778};779780// Subtract `num` from `this`781BN.prototype.sub = function sub(num) {782return this.clone().isub(num);783};784785/*786// NOTE: This could be potentionally used to generate loop-less multiplications787function _genCombMulTo(alen, blen) {788var len = alen + blen - 1;789var src = [790'var a = this.words, b = num.words, o = out.words, c = 0, w, ' +791'mask = 0x3ffffff, shift = 0x4000000;',792'out.length = ' + len + ';'793];794for (var k = 0; k < len; k++) {795var minJ = Math.max(0, k - alen + 1);796var maxJ = Math.min(k, blen - 1);797798for (var j = minJ; j <= maxJ; j++) {799var i = k - j;800var mul = 'a[' + i + '] * b[' + j + ']';801802if (j === minJ) {803src.push('w = ' + mul + ' + c;');804src.push('c = (w / shift) | 0;');805} else {806src.push('w += ' + mul + ';');807src.push('c += (w / shift) | 0;');808}809src.push('w &= mask;');810}811src.push('o[' + k + '] = w;');812}813src.push('if (c !== 0) {',814' o[' + k + '] = c;',815' out.length++;',816'}',817'return out;');818819return src.join('\n');820}821*/822823BN.prototype._smallMulTo = function _smallMulTo(num, out) {824out.sign = num.sign !== this.sign;825out.length = this.length + num.length;826827var carry = 0;828for (var k = 0; k < out.length - 1; k++) {829// Sum all words with the same `i + j = k` and accumulate `ncarry`,830// note that ncarry could be >= 0x3ffffff831var ncarry = carry >>> 26;832var rword = carry & 0x3ffffff;833var maxJ = Math.min(k, num.length - 1);834for (var j = Math.max(0, k - this.length + 1); j <= maxJ; j++) {835var i = k - j;836var a = this.words[i] | 0;837var b = num.words[j] | 0;838var r = a * b;839840var lo = r & 0x3ffffff;841ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;842lo = (lo + rword) | 0;843rword = lo & 0x3ffffff;844ncarry = (ncarry + (lo >>> 26)) | 0;845}846out.words[k] = rword;847carry = ncarry;848}849if (carry !== 0) {850out.words[k] = carry;851} else {852out.length--;853}854855return out.strip();856};857858BN.prototype._bigMulTo = function _bigMulTo(num, out) {859out.sign = num.sign !== this.sign;860out.length = this.length + num.length;861862var carry = 0;863var hncarry = 0;864for (var k = 0; k < out.length - 1; k++) {865// Sum all words with the same `i + j = k` and accumulate `ncarry`,866// note that ncarry could be >= 0x3ffffff867var ncarry = hncarry;868hncarry = 0;869var rword = carry & 0x3ffffff;870var maxJ = Math.min(k, num.length - 1);871for (var j = Math.max(0, k - this.length + 1); j <= maxJ; j++) {872var i = k - j;873var a = this.words[i] | 0;874var b = num.words[j] | 0;875var r = a * b;876877var lo = r & 0x3ffffff;878ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0;879lo = (lo + rword) | 0;880rword = lo & 0x3ffffff;881ncarry = (ncarry + (lo >>> 26)) | 0;882883hncarry += ncarry >>> 26;884ncarry &= 0x3ffffff;885}886out.words[k] = rword;887carry = ncarry;888ncarry = hncarry;889}890if (carry !== 0) {891out.words[k] = carry;892} else {893out.length--;894}895896return out.strip();897};898899BN.prototype.mulTo = function mulTo(num, out) {900var res;901if (this.length + num.length < 63)902res = this._smallMulTo(num, out);903else904res = this._bigMulTo(num, out);905return res;906};907908// Multiply `this` by `num`909BN.prototype.mul = function mul(num) {910var out = new BN(null);911out.words = new Array(this.length + num.length);912return this.mulTo(num, out);913};914915// In-place Multiplication916BN.prototype.imul = function imul(num) {917if (this.cmpn(0) === 0 || num.cmpn(0) === 0) {918this.words[0] = 0;919this.length = 1;920return this;921}922923var tlen = this.length;924var nlen = num.length;925926this.sign = num.sign !== this.sign;927this.length = this.length + num.length;928this.words[this.length - 1] = 0;929930for (var k = this.length - 2; k >= 0; k--) {931// Sum all words with the same `i + j = k` and accumulate `carry`,932// note that carry could be >= 0x3ffffff933var carry = 0;934var rword = 0;935var maxJ = Math.min(k, nlen - 1);936for (var j = Math.max(0, k - tlen + 1); j <= maxJ; j++) {937var i = k - j;938var a = this.words[i];939var b = num.words[j];940var r = a * b;941942var lo = r & 0x3ffffff;943carry += (r / 0x4000000) | 0;944lo += rword;945rword = lo & 0x3ffffff;946carry += lo >>> 26;947}948this.words[k] = rword;949this.words[k + 1] += carry;950carry = 0;951}952953// Propagate overflows954var carry = 0;955for (var i = 1; i < this.length; i++) {956var w = this.words[i] + carry;957this.words[i] = w & 0x3ffffff;958carry = w >>> 26;959}960961return this.strip();962};963964BN.prototype.imuln = function imuln(num) {965assert(typeof num === 'number');966967// Carry968var carry = 0;969for (var i = 0; i < this.length; i++) {970var w = this.words[i] * num;971var lo = (w & 0x3ffffff) + (carry & 0x3ffffff);972carry >>= 26;973carry += (w / 0x4000000) | 0;974// NOTE: lo is 27bit maximum975carry += lo >>> 26;976this.words[i] = lo & 0x3ffffff;977}978979if (carry !== 0) {980this.words[i] = carry;981this.length++;982}983984return this;985};986987// `this` * `this`988BN.prototype.sqr = function sqr() {989return this.mul(this);990};991992// `this` * `this` in-place993BN.prototype.isqr = function isqr() {994return this.mul(this);995};996997// Shift-left in-place998BN.prototype.ishln = function ishln(bits) {999assert(typeof bits === 'number' && bits >= 0);1000var r = bits % 26;1001var s = (bits - r) / 26;1002var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r);10031004if (r !== 0) {1005var carry = 0;1006for (var i = 0; i < this.length; i++) {1007var newCarry = this.words[i] & carryMask;1008var c = (this.words[i] - newCarry) << r;1009this.words[i] = c | carry;1010carry = newCarry >>> (26 - r);1011}1012if (carry) {1013this.words[i] = carry;1014this.length++;1015}1016}10171018if (s !== 0) {1019for (var i = this.length - 1; i >= 0; i--)1020this.words[i + s] = this.words[i];1021for (var i = 0; i < s; i++)1022this.words[i] = 0;1023this.length += s;1024}10251026return this.strip();1027};10281029// Shift-right in-place1030// NOTE: `hint` is a lowest bit before trailing zeroes1031// NOTE: if `extended` is present - it will be filled with destroyed bits1032BN.prototype.ishrn = function ishrn(bits, hint, extended) {1033assert(typeof bits === 'number' && bits >= 0);1034var h;1035if (hint)1036h = (hint - (hint % 26)) / 26;1037else1038h = 0;10391040var r = bits % 26;1041var s = Math.min((bits - r) / 26, this.length);1042var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);1043var maskedWords = extended;10441045h -= s;1046h = Math.max(0, h);10471048// Extended mode, copy masked part1049if (maskedWords) {1050for (var i = 0; i < s; i++)1051maskedWords.words[i] = this.words[i];1052maskedWords.length = s;1053}10541055if (s === 0) {1056// No-op, we should not move anything at all1057} else if (this.length > s) {1058this.length -= s;1059for (var i = 0; i < this.length; i++)1060this.words[i] = this.words[i + s];1061} else {1062this.words[0] = 0;1063this.length = 1;1064}10651066var carry = 0;1067for (var i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) {1068var word = this.words[i];1069this.words[i] = (carry << (26 - r)) | (word >>> r);1070carry = word & mask;1071}10721073// Push carried bits as a mask1074if (maskedWords && carry !== 0)1075maskedWords.words[maskedWords.length++] = carry;10761077if (this.length === 0) {1078this.words[0] = 0;1079this.length = 1;1080}10811082this.strip();10831084return this;1085};10861087// Shift-left1088BN.prototype.shln = function shln(bits) {1089return this.clone().ishln(bits);1090};10911092// Shift-right1093BN.prototype.shrn = function shrn(bits) {1094return this.clone().ishrn(bits);1095};10961097// Test if n bit is set1098BN.prototype.testn = function testn(bit) {1099assert(typeof bit === 'number' && bit >= 0);1100var r = bit % 26;1101var s = (bit - r) / 26;1102var q = 1 << r;11031104// Fast case: bit is much higher than all existing words1105if (this.length <= s) {1106return false;1107}11081109// Check bit and return1110var w = this.words[s];11111112return !!(w & q);1113};11141115// Return only lowers bits of number (in-place)1116BN.prototype.imaskn = function imaskn(bits) {1117assert(typeof bits === 'number' && bits >= 0);1118var r = bits % 26;1119var s = (bits - r) / 26;11201121assert(!this.sign, 'imaskn works only with positive numbers');11221123if (r !== 0)1124s++;1125this.length = Math.min(s, this.length);11261127if (r !== 0) {1128var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r);1129this.words[this.length - 1] &= mask;1130}11311132return this.strip();1133};11341135// Return only lowers bits of number1136BN.prototype.maskn = function maskn(bits) {1137return this.clone().imaskn(bits);1138};11391140// Add plain number `num` to `this`1141BN.prototype.iaddn = function iaddn(num) {1142assert(typeof num === 'number');1143if (num < 0)1144return this.isubn(-num);11451146// Possible sign change1147if (this.sign) {1148if (this.length === 1 && this.words[0] < num) {1149this.words[0] = num - this.words[0];1150this.sign = false;1151return this;1152}11531154this.sign = false;1155this.isubn(num);1156this.sign = true;1157return this;1158}11591160// Add without checks1161return this._iaddn(num);1162};11631164BN.prototype._iaddn = function _iaddn(num) {1165this.words[0] += num;11661167// Carry1168for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) {1169this.words[i] -= 0x4000000;1170if (i === this.length - 1)1171this.words[i + 1] = 1;1172else1173this.words[i + 1]++;1174}1175this.length = Math.max(this.length, i + 1);11761177return this;1178};11791180// Subtract plain number `num` from `this`1181BN.prototype.isubn = function isubn(num) {1182assert(typeof num === 'number');1183if (num < 0)1184return this.iaddn(-num);11851186if (this.sign) {1187this.sign = false;1188this.iaddn(num);1189this.sign = true;1190return this;1191}11921193this.words[0] -= num;11941195// Carry1196for (var i = 0; i < this.length && this.words[i] < 0; i++) {1197this.words[i] += 0x4000000;1198this.words[i + 1] -= 1;1199}12001201return this.strip();1202};12031204BN.prototype.addn = function addn(num) {1205return this.clone().iaddn(num);1206};12071208BN.prototype.subn = function subn(num) {1209return this.clone().isubn(num);1210};12111212BN.prototype.iabs = function iabs() {1213this.sign = false;12141215return this;1216};12171218BN.prototype.abs = function abs() {1219return this.clone().iabs();1220};12211222BN.prototype._ishlnsubmul = function _ishlnsubmul(num, mul, shift) {1223// Bigger storage is needed1224var len = num.length + shift;1225var i;1226if (this.words.length < len) {1227var t = new Array(len);1228for (var i = 0; i < this.length; i++)1229t[i] = this.words[i];1230this.words = t;1231} else {1232i = this.length;1233}12341235// Zeroify rest1236this.length = Math.max(this.length, len);1237for (; i < this.length; i++)1238this.words[i] = 0;12391240var carry = 0;1241for (var i = 0; i < num.length; i++) {1242var w = this.words[i + shift] + carry;1243var right = num.words[i] * mul;1244w -= right & 0x3ffffff;1245carry = (w >> 26) - ((right / 0x4000000) | 0);1246this.words[i + shift] = w & 0x3ffffff;1247}1248for (; i < this.length - shift; i++) {1249var w = this.words[i + shift] + carry;1250carry = w >> 26;1251this.words[i + shift] = w & 0x3ffffff;1252}12531254if (carry === 0)1255return this.strip();12561257// Subtraction overflow1258assert(carry === -1);1259carry = 0;1260for (var i = 0; i < this.length; i++) {1261var w = -this.words[i] + carry;1262carry = w >> 26;1263this.words[i] = w & 0x3ffffff;1264}1265this.sign = true;12661267return this.strip();1268};12691270BN.prototype._wordDiv = function _wordDiv(num, mode) {1271var shift = this.length - num.length;12721273var a = this.clone();1274var b = num;12751276// Normalize1277var bhi = b.words[b.length - 1];1278var bhiBits = this._countBits(bhi);1279shift = 26 - bhiBits;1280if (shift !== 0) {1281b = b.shln(shift);1282a.ishln(shift);1283bhi = b.words[b.length - 1];1284}12851286// Initialize quotient1287var m = a.length - b.length;1288var q;12891290if (mode !== 'mod') {1291q = new BN(null);1292q.length = m + 1;1293q.words = new Array(q.length);1294for (var i = 0; i < q.length; i++)1295q.words[i] = 0;1296}12971298var diff = a.clone()._ishlnsubmul(b, 1, m);1299if (!diff.sign) {1300a = diff;1301if (q)1302q.words[m] = 1;1303}13041305for (var j = m - 1; j >= 0; j--) {1306var qj = a.words[b.length + j] * 0x4000000 + a.words[b.length + j - 1];13071308// NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max1309// (0x7ffffff)1310qj = Math.min((qj / bhi) | 0, 0x3ffffff);13111312a._ishlnsubmul(b, qj, j);1313while (a.sign) {1314qj--;1315a.sign = false;1316a._ishlnsubmul(b, 1, j);1317if (a.cmpn(0) !== 0)1318a.sign = !a.sign;1319}1320if (q)1321q.words[j] = qj;1322}1323if (q)1324q.strip();1325a.strip();13261327// Denormalize1328if (mode !== 'div' && shift !== 0)1329a.ishrn(shift);1330return { div: q ? q : null, mod: a };1331};13321333BN.prototype.divmod = function divmod(num, mode) {1334assert(num.cmpn(0) !== 0);13351336if (this.sign && !num.sign) {1337var res = this.neg().divmod(num, mode);1338var div;1339var mod;1340if (mode !== 'mod')1341div = res.div.neg();1342if (mode !== 'div')1343mod = res.mod.cmpn(0) === 0 ? res.mod : num.sub(res.mod);1344return {1345div: div,1346mod: mod1347};1348} else if (!this.sign && num.sign) {1349var res = this.divmod(num.neg(), mode);1350var div;1351if (mode !== 'mod')1352div = res.div.neg();1353return { div: div, mod: res.mod };1354} else if (this.sign && num.sign) {1355return this.neg().divmod(num.neg(), mode);1356}13571358// Both numbers are positive at this point13591360// Strip both numbers to approximate shift value1361if (num.length > this.length || this.cmp(num) < 0)1362return { div: new BN(0), mod: this };13631364// Very short reduction1365if (num.length === 1) {1366if (mode === 'div')1367return { div: this.divn(num.words[0]), mod: null };1368else if (mode === 'mod')1369return { div: null, mod: new BN(this.modn(num.words[0])) };1370return {1371div: this.divn(num.words[0]),1372mod: new BN(this.modn(num.words[0]))1373};1374}13751376return this._wordDiv(num, mode);1377};13781379// Find `this` / `num`1380BN.prototype.div = function div(num) {1381return this.divmod(num, 'div').div;1382};13831384// Find `this` % `num`1385BN.prototype.mod = function mod(num) {1386return this.divmod(num, 'mod').mod;1387};13881389// Find Round(`this` / `num`)1390BN.prototype.divRound = function divRound(num) {1391var dm = this.divmod(num);13921393// Fast case - exact division1394if (dm.mod.cmpn(0) === 0)1395return dm.div;13961397var mod = dm.div.sign ? dm.mod.isub(num) : dm.mod;13981399var half = num.shrn(1);1400var r2 = num.andln(1);1401var cmp = mod.cmp(half);14021403// Round down1404if (cmp < 0 || r2 === 1 && cmp === 0)1405return dm.div;14061407// Round up1408return dm.div.sign ? dm.div.isubn(1) : dm.div.iaddn(1);1409};14101411BN.prototype.modn = function modn(num) {1412assert(num <= 0x3ffffff);1413var p = (1 << 26) % num;14141415var acc = 0;1416for (var i = this.length - 1; i >= 0; i--)1417acc = (p * acc + this.words[i]) % num;14181419return acc;1420};14211422// In-place division by number1423BN.prototype.idivn = function idivn(num) {1424assert(num <= 0x3ffffff);14251426var carry = 0;1427for (var i = this.length - 1; i >= 0; i--) {1428var w = this.words[i] + carry * 0x4000000;1429this.words[i] = (w / num) | 0;1430carry = w % num;1431}14321433return this.strip();1434};14351436BN.prototype.divn = function divn(num) {1437return this.clone().idivn(num);1438};14391440BN.prototype.egcd = function egcd(p) {1441assert(!p.sign);1442assert(p.cmpn(0) !== 0);14431444var x = this;1445var y = p.clone();14461447if (x.sign)1448x = x.mod(p);1449else1450x = x.clone();14511452// A * x + B * y = x1453var A = new BN(1);1454var B = new BN(0);14551456// C * x + D * y = y1457var C = new BN(0);1458var D = new BN(1);14591460var g = 0;14611462while (x.isEven() && y.isEven()) {1463x.ishrn(1);1464y.ishrn(1);1465++g;1466}14671468var yp = y.clone();1469var xp = x.clone();14701471while (x.cmpn(0) !== 0) {1472while (x.isEven()) {1473x.ishrn(1);1474if (A.isEven() && B.isEven()) {1475A.ishrn(1);1476B.ishrn(1);1477} else {1478A.iadd(yp).ishrn(1);1479B.isub(xp).ishrn(1);1480}1481}14821483while (y.isEven()) {1484y.ishrn(1);1485if (C.isEven() && D.isEven()) {1486C.ishrn(1);1487D.ishrn(1);1488} else {1489C.iadd(yp).ishrn(1);1490D.isub(xp).ishrn(1);1491}1492}14931494if (x.cmp(y) >= 0) {1495x.isub(y);1496A.isub(C);1497B.isub(D);1498} else {1499y.isub(x);1500C.isub(A);1501D.isub(B);1502}1503}15041505return {1506a: C,1507b: D,1508gcd: y.ishln(g)1509};1510};15111512// This is reduced incarnation of the binary EEA1513// above, designated to invert members of the1514// _prime_ fields F(p) at a maximal speed1515BN.prototype._invmp = function _invmp(p) {1516assert(!p.sign);1517assert(p.cmpn(0) !== 0);15181519var a = this;1520var b = p.clone();15211522if (a.sign)1523a = a.mod(p);1524else1525a = a.clone();15261527var x1 = new BN(1);1528var x2 = new BN(0);15291530var delta = b.clone();15311532while (a.cmpn(1) > 0 && b.cmpn(1) > 0) {1533while (a.isEven()) {1534a.ishrn(1);1535if (x1.isEven())1536x1.ishrn(1);1537else1538x1.iadd(delta).ishrn(1);1539}1540while (b.isEven()) {1541b.ishrn(1);1542if (x2.isEven())1543x2.ishrn(1);1544else1545x2.iadd(delta).ishrn(1);1546}1547if (a.cmp(b) >= 0) {1548a.isub(b);1549x1.isub(x2);1550} else {1551b.isub(a);1552x2.isub(x1);1553}1554}1555if (a.cmpn(1) === 0)1556return x1;1557else1558return x2;1559};15601561BN.prototype.gcd = function gcd(num) {1562if (this.cmpn(0) === 0)1563return num.clone();1564if (num.cmpn(0) === 0)1565return this.clone();15661567var a = this.clone();1568var b = num.clone();1569a.sign = false;1570b.sign = false;15711572// Remove common factor of two1573for (var shift = 0; a.isEven() && b.isEven(); shift++) {1574a.ishrn(1);1575b.ishrn(1);1576}15771578do {1579while (a.isEven())1580a.ishrn(1);1581while (b.isEven())1582b.ishrn(1);15831584var r = a.cmp(b);1585if (r < 0) {1586// Swap `a` and `b` to make `a` always bigger than `b`1587var t = a;1588a = b;1589b = t;1590} else if (r === 0 || b.cmpn(1) === 0) {1591break;1592}15931594a.isub(b);1595} while (true);15961597return b.ishln(shift);1598};15991600// Invert number in the field F(num)1601BN.prototype.invm = function invm(num) {1602return this.egcd(num).a.mod(num);1603};16041605BN.prototype.isEven = function isEven() {1606return (this.words[0] & 1) === 0;1607};16081609BN.prototype.isOdd = function isOdd() {1610return (this.words[0] & 1) === 1;1611};16121613// And first word and num1614BN.prototype.andln = function andln(num) {1615return this.words[0] & num;1616};16171618// Increment at the bit position in-line1619BN.prototype.bincn = function bincn(bit) {1620assert(typeof bit === 'number');1621var r = bit % 26;1622var s = (bit - r) / 26;1623var q = 1 << r;16241625// Fast case: bit is much higher than all existing words1626if (this.length <= s) {1627for (var i = this.length; i < s + 1; i++)1628this.words[i] = 0;1629this.words[s] |= q;1630this.length = s + 1;1631return this;1632}16331634// Add bit and propagate, if needed1635var carry = q;1636for (var i = s; carry !== 0 && i < this.length; i++) {1637var w = this.words[i];1638w += carry;1639carry = w >>> 26;1640w &= 0x3ffffff;1641this.words[i] = w;1642}1643if (carry !== 0) {1644this.words[i] = carry;1645this.length++;1646}1647return this;1648};16491650BN.prototype.cmpn = function cmpn(num) {1651var sign = num < 0;1652if (sign)1653num = -num;16541655if (this.sign && !sign)1656return -1;1657else if (!this.sign && sign)1658return 1;16591660num &= 0x3ffffff;1661this.strip();16621663var res;1664if (this.length > 1) {1665res = 1;1666} else {1667var w = this.words[0];1668res = w === num ? 0 : w < num ? -1 : 1;1669}1670if (this.sign)1671res = -res;1672return res;1673};16741675// Compare two numbers and return:1676// 1 - if `this` > `num`1677// 0 - if `this` == `num`1678// -1 - if `this` < `num`1679BN.prototype.cmp = function cmp(num) {1680if (this.sign && !num.sign)1681return -1;1682else if (!this.sign && num.sign)1683return 1;16841685var res = this.ucmp(num);1686if (this.sign)1687return -res;1688else1689return res;1690};16911692// Unsigned comparison1693BN.prototype.ucmp = function ucmp(num) {1694// At this point both numbers have the same sign1695if (this.length > num.length)1696return 1;1697else if (this.length < num.length)1698return -1;16991700var res = 0;1701for (var i = this.length - 1; i >= 0; i--) {1702var a = this.words[i];1703var b = num.words[i];17041705if (a === b)1706continue;1707if (a < b)1708res = -1;1709else if (a > b)1710res = 1;1711break;1712}1713return res;1714};17151716//1717// A reduce context, could be using montgomery or something better, depending1718// on the `m` itself.1719//1720BN.red = function red(num) {1721return new Red(num);1722};17231724BN.prototype.toRed = function toRed(ctx) {1725assert(!this.red, 'Already a number in reduction context');1726assert(!this.sign, 'red works only with positives');1727return ctx.convertTo(this)._forceRed(ctx);1728};17291730BN.prototype.fromRed = function fromRed() {1731assert(this.red, 'fromRed works only with numbers in reduction context');1732return this.red.convertFrom(this);1733};17341735BN.prototype._forceRed = function _forceRed(ctx) {1736this.red = ctx;1737return this;1738};17391740BN.prototype.forceRed = function forceRed(ctx) {1741assert(!this.red, 'Already a number in reduction context');1742return this._forceRed(ctx);1743};17441745BN.prototype.redAdd = function redAdd(num) {1746assert(this.red, 'redAdd works only with red numbers');1747return this.red.add(this, num);1748};17491750BN.prototype.redIAdd = function redIAdd(num) {1751assert(this.red, 'redIAdd works only with red numbers');1752return this.red.iadd(this, num);1753};17541755BN.prototype.redSub = function redSub(num) {1756assert(this.red, 'redSub works only with red numbers');1757return this.red.sub(this, num);1758};17591760BN.prototype.redISub = function redISub(num) {1761assert(this.red, 'redISub works only with red numbers');1762return this.red.isub(this, num);1763};17641765BN.prototype.redShl = function redShl(num) {1766assert(this.red, 'redShl works only with red numbers');1767return this.red.shl(this, num);1768};17691770BN.prototype.redMul = function redMul(num) {1771assert(this.red, 'redMul works only with red numbers');1772this.red._verify2(this, num);1773return this.red.mul(this, num);1774};17751776BN.prototype.redIMul = function redIMul(num) {1777assert(this.red, 'redMul works only with red numbers');1778this.red._verify2(this, num);1779return this.red.imul(this, num);1780};17811782BN.prototype.redSqr = function redSqr() {1783assert(this.red, 'redSqr works only with red numbers');1784this.red._verify1(this);1785return this.red.sqr(this);1786};17871788BN.prototype.redISqr = function redISqr() {1789assert(this.red, 'redISqr works only with red numbers');1790this.red._verify1(this);1791return this.red.isqr(this);1792};17931794// Square root over p1795BN.prototype.redSqrt = function redSqrt() {1796assert(this.red, 'redSqrt works only with red numbers');1797this.red._verify1(this);1798return this.red.sqrt(this);1799};18001801BN.prototype.redInvm = function redInvm() {1802assert(this.red, 'redInvm works only with red numbers');1803this.red._verify1(this);1804return this.red.invm(this);1805};18061807// Return negative clone of `this` % `red modulo`1808BN.prototype.redNeg = function redNeg() {1809assert(this.red, 'redNeg works only with red numbers');1810this.red._verify1(this);1811return this.red.neg(this);1812};18131814BN.prototype.redPow = function redPow(num) {1815assert(this.red && !num.red, 'redPow(normalNum)');1816this.red._verify1(this);1817return this.red.pow(this, num);1818};18191820// Prime numbers with efficient reduction1821var primes = {1822k256: null,1823p224: null,1824p192: null,1825p25519: null1826};18271828// Pseudo-Mersenne prime1829function MPrime(name, p) {1830// P = 2 ^ N - K1831this.name = name;1832this.p = new BN(p, 16);1833this.n = this.p.bitLength();1834this.k = new BN(1).ishln(this.n).isub(this.p);18351836this.tmp = this._tmp();1837}18381839MPrime.prototype._tmp = function _tmp() {1840var tmp = new BN(null);1841tmp.words = new Array(Math.ceil(this.n / 13));1842return tmp;1843};18441845MPrime.prototype.ireduce = function ireduce(num) {1846// Assumes that `num` is less than `P^2`1847// num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P)1848var r = num;1849var rlen;18501851do {1852this.split(r, this.tmp);1853r = this.imulK(r);1854r = r.iadd(this.tmp);1855rlen = r.bitLength();1856} while (rlen > this.n);18571858var cmp = rlen < this.n ? -1 : r.ucmp(this.p);1859if (cmp === 0) {1860r.words[0] = 0;1861r.length = 1;1862} else if (cmp > 0) {1863r.isub(this.p);1864} else {1865r.strip();1866}18671868return r;1869};18701871MPrime.prototype.split = function split(input, out) {1872input.ishrn(this.n, 0, out);1873};18741875MPrime.prototype.imulK = function imulK(num) {1876return num.imul(this.k);1877};18781879function K256() {1880MPrime.call(1881this,1882'k256',1883'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f');1884}1885inherits(K256, MPrime);18861887K256.prototype.split = function split(input, output) {1888// 256 = 9 * 26 + 221889var mask = 0x3fffff;18901891var outLen = Math.min(input.length, 9);1892for (var i = 0; i < outLen; i++)1893output.words[i] = input.words[i];1894output.length = outLen;18951896if (input.length <= 9) {1897input.words[0] = 0;1898input.length = 1;1899return;1900}19011902// Shift by 9 limbs1903var prev = input.words[9];1904output.words[output.length++] = prev & mask;19051906for (var i = 10; i < input.length; i++) {1907var next = input.words[i];1908input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22);1909prev = next;1910}1911input.words[i - 10] = prev >>> 22;1912input.length -= 9;1913};19141915K256.prototype.imulK = function imulK(num) {1916// K = 0x1000003d1 = [ 0x40, 0x3d1 ]1917num.words[num.length] = 0;1918num.words[num.length + 1] = 0;1919num.length += 2;19201921// bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x1000003901922var hi;1923var lo = 0;1924for (var i = 0; i < num.length; i++) {1925var w = num.words[i];1926hi = w * 0x40;1927lo += w * 0x3d1;1928hi += (lo / 0x4000000) | 0;1929lo &= 0x3ffffff;19301931num.words[i] = lo;19321933lo = hi;1934}19351936// Fast length reduction1937if (num.words[num.length - 1] === 0) {1938num.length--;1939if (num.words[num.length - 1] === 0)1940num.length--;1941}1942return num;1943};19441945function P224() {1946MPrime.call(1947this,1948'p224',1949'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001');1950}1951inherits(P224, MPrime);19521953function P192() {1954MPrime.call(1955this,1956'p192',1957'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff');1958}1959inherits(P192, MPrime);19601961function P25519() {1962// 2 ^ 255 - 191963MPrime.call(1964this,1965'25519',1966'7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed');1967}1968inherits(P25519, MPrime);19691970P25519.prototype.imulK = function imulK(num) {1971// K = 0x131972var carry = 0;1973for (var i = 0; i < num.length; i++) {1974var hi = num.words[i] * 0x13 + carry;1975var lo = hi & 0x3ffffff;1976hi >>>= 26;19771978num.words[i] = lo;1979carry = hi;1980}1981if (carry !== 0)1982num.words[num.length++] = carry;1983return num;1984};19851986// Exported mostly for testing purposes, use plain name instead1987BN._prime = function prime(name) {1988// Cached version of prime1989if (primes[name])1990return primes[name];19911992var prime;1993if (name === 'k256')1994prime = new K256();1995else if (name === 'p224')1996prime = new P224();1997else if (name === 'p192')1998prime = new P192();1999else if (name === 'p25519')2000prime = new P25519();2001else2002throw new Error('Unknown prime ' + name);2003primes[name] = prime;20042005return prime;2006};20072008//2009// Base reduction engine2010//2011function Red(m) {2012if (typeof m === 'string') {2013var prime = BN._prime(m);2014this.m = prime.p;2015this.prime = prime;2016} else {2017this.m = m;2018this.prime = null;2019}2020}20212022Red.prototype._verify1 = function _verify1(a) {2023assert(!a.sign, 'red works only with positives');2024assert(a.red, 'red works only with red numbers');2025};20262027Red.prototype._verify2 = function _verify2(a, b) {2028assert(!a.sign && !b.sign, 'red works only with positives');2029assert(a.red && a.red === b.red,2030'red works only with red numbers');2031};20322033Red.prototype.imod = function imod(a) {2034if (this.prime)2035return this.prime.ireduce(a)._forceRed(this);2036return a.mod(this.m)._forceRed(this);2037};20382039Red.prototype.neg = function neg(a) {2040var r = a.clone();2041r.sign = !r.sign;2042return r.iadd(this.m)._forceRed(this);2043};20442045Red.prototype.add = function add(a, b) {2046this._verify2(a, b);20472048var res = a.add(b);2049if (res.cmp(this.m) >= 0)2050res.isub(this.m);2051return res._forceRed(this);2052};20532054Red.prototype.iadd = function iadd(a, b) {2055this._verify2(a, b);20562057var res = a.iadd(b);2058if (res.cmp(this.m) >= 0)2059res.isub(this.m);2060return res;2061};20622063Red.prototype.sub = function sub(a, b) {2064this._verify2(a, b);20652066var res = a.sub(b);2067if (res.cmpn(0) < 0)2068res.iadd(this.m);2069return res._forceRed(this);2070};20712072Red.prototype.isub = function isub(a, b) {2073this._verify2(a, b);20742075var res = a.isub(b);2076if (res.cmpn(0) < 0)2077res.iadd(this.m);2078return res;2079};20802081Red.prototype.shl = function shl(a, num) {2082this._verify1(a);2083return this.imod(a.shln(num));2084};20852086Red.prototype.imul = function imul(a, b) {2087this._verify2(a, b);2088return this.imod(a.imul(b));2089};20902091Red.prototype.mul = function mul(a, b) {2092this._verify2(a, b);2093return this.imod(a.mul(b));2094};20952096Red.prototype.isqr = function isqr(a) {2097return this.imul(a, a);2098};20992100Red.prototype.sqr = function sqr(a) {2101return this.mul(a, a);2102};21032104Red.prototype.sqrt = function sqrt(a) {2105if (a.cmpn(0) === 0)2106return a.clone();21072108var mod3 = this.m.andln(3);2109assert(mod3 % 2 === 1);21102111// Fast case2112if (mod3 === 3) {2113var pow = this.m.add(new BN(1)).ishrn(2);2114var r = this.pow(a, pow);2115return r;2116}21172118// Tonelli-Shanks algorithm (Totally unoptimized and slow)2119//2120// Find Q and S, that Q * 2 ^ S = (P - 1)2121var q = this.m.subn(1);2122var s = 0;2123while (q.cmpn(0) !== 0 && q.andln(1) === 0) {2124s++;2125q.ishrn(1);2126}2127assert(q.cmpn(0) !== 0);21282129var one = new BN(1).toRed(this);2130var nOne = one.redNeg();21312132// Find quadratic non-residue2133// NOTE: Max is such because of generalized Riemann hypothesis.2134var lpow = this.m.subn(1).ishrn(1);2135var z = this.m.bitLength();2136z = new BN(2 * z * z).toRed(this);2137while (this.pow(z, lpow).cmp(nOne) !== 0)2138z.redIAdd(nOne);21392140var c = this.pow(z, q);2141var r = this.pow(a, q.addn(1).ishrn(1));2142var t = this.pow(a, q);2143var m = s;2144while (t.cmp(one) !== 0) {2145var tmp = t;2146for (var i = 0; tmp.cmp(one) !== 0; i++)2147tmp = tmp.redSqr();2148assert(i < m);2149var b = this.pow(c, new BN(1).ishln(m - i - 1));21502151r = r.redMul(b);2152c = b.redSqr();2153t = t.redMul(c);2154m = i;2155}21562157return r;2158};21592160Red.prototype.invm = function invm(a) {2161var inv = a._invmp(this.m);2162if (inv.sign) {2163inv.sign = false;2164return this.imod(inv).redNeg();2165} else {2166return this.imod(inv);2167}2168};21692170Red.prototype.pow = function pow(a, num) {2171var w = [];21722173if (num.cmpn(0) === 0)2174return new BN(1);21752176var q = num.clone();21772178while (q.cmpn(0) !== 0) {2179w.push(q.andln(1));2180q.ishrn(1);2181}21822183// Skip leading zeroes2184var res = a;2185for (var i = 0; i < w.length; i++, res = this.sqr(res))2186if (w[i] !== 0)2187break;21882189if (++i < w.length) {2190for (var q = this.sqr(res); i < w.length; i++, q = this.sqr(q)) {2191if (w[i] === 0)2192continue;2193res = this.mul(res, q);2194}2195}21962197return res;2198};21992200Red.prototype.convertTo = function convertTo(num) {2201var r = num.mod(this.m);2202if (r === num)2203return r.clone();2204else2205return r;2206};22072208Red.prototype.convertFrom = function convertFrom(num) {2209var res = num.clone();2210res.red = null;2211return res;2212};22132214//2215// Montgomery method engine2216//22172218BN.mont = function mont(num) {2219return new Mont(num);2220};22212222function Mont(m) {2223Red.call(this, m);22242225this.shift = this.m.bitLength();2226if (this.shift % 26 !== 0)2227this.shift += 26 - (this.shift % 26);2228this.r = new BN(1).ishln(this.shift);2229this.r2 = this.imod(this.r.sqr());2230this.rinv = this.r._invmp(this.m);22312232this.minv = this.rinv.mul(this.r).isubn(1).div(this.m);2233this.minv.sign = true;2234this.minv = this.minv.mod(this.r);2235}2236inherits(Mont, Red);22372238Mont.prototype.convertTo = function convertTo(num) {2239return this.imod(num.shln(this.shift));2240};22412242Mont.prototype.convertFrom = function convertFrom(num) {2243var r = this.imod(num.mul(this.rinv));2244r.red = null;2245return r;2246};22472248Mont.prototype.imul = function imul(a, b) {2249if (a.cmpn(0) === 0 || b.cmpn(0) === 0) {2250a.words[0] = 0;2251a.length = 1;2252return a;2253}22542255var t = a.imul(b);2256var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);2257var u = t.isub(c).ishrn(this.shift);2258var res = u;2259if (u.cmp(this.m) >= 0)2260res = u.isub(this.m);2261else if (u.cmpn(0) < 0)2262res = u.iadd(this.m);22632264return res._forceRed(this);2265};22662267Mont.prototype.mul = function mul(a, b) {2268if (a.cmpn(0) === 0 || b.cmpn(0) === 0)2269return new BN(0)._forceRed(this);22702271var t = a.mul(b);2272var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m);2273var u = t.isub(c).ishrn(this.shift);2274var res = u;2275if (u.cmp(this.m) >= 0)2276res = u.isub(this.m);2277else if (u.cmpn(0) < 0)2278res = u.iadd(this.m);22792280return res._forceRed(this);2281};22822283Mont.prototype.invm = function invm(a) {2284// (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R2285var res = this.imod(a._invmp(this.m).mul(this.r2));2286return res._forceRed(this);2287};22882289})(typeof module === 'undefined' || module, this);229022912292