UNPKG

@cmdcode/secp256k1

Version:

Humble fork of the @noble/secp256k1 library by Paul Miller.

cmdruid/noble-secp256k1

4 lines (3 loc) • 20.7 kB

JavaScript

var nobleSecp256k1=function(t,e){"use strict";const n=function(){let t=null;r(e.webcrypto)?t=e.webcrypto:r(globalThis.crypto)?t=globalThis.crypto:r(window.crypto)&&(t=window.crypto);if(!r(t))throw console.log("Search for webcrypto library failed!"),console.log("crypto:",typeof e.webcrypto),console.log("globalThis.crypto:",typeof globalThis?.crypto),console.log("window.crypto:",typeof window?.crypto),new Error("Unable to find webcrypto library. If you are running in a NodeJs environment, try using version 19 or newer. If you are running in a browser environment, make sure that you are running in a secure context.");if(!r(t?.subtle))throw new Error("Webcrypto library is partially disabled! Make sure you are running within a secure environment. If you are getting this error in the browser, make sure https is enabled and/or you are testing locally using 127.0.0.1.");return t}();function r(t){try{return null!=t}catch{return!1}} /*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */const i=BigInt(0),o=BigInt(1),s=BigInt(2),a=BigInt(3),c=BigInt(8),f=Object.freeze({a:i,b:BigInt(7),P:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:o,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee")}),u=(t,e)=>(t+e/s)/e,h={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar(t){const{n:e}=f,n=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),r=-o*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),s=n,a=BigInt("0x100000000000000000000000000000000"),c=u(s*t,e),h=u(-r*t,e);let l=K(t-c*n-h*i,e),y=K(-c*r-h*s,e);const d=l>a,w=y>a;if(d&&(l=e-l),w&&(y=e-y),l>a||y>a)throw new Error("splitScalarEndo: Endomorphism failed, k="+String(t));return{k1neg:d,k1:l,k2neg:w,k2:y}}},l=32,y=32,d=32,w=l+1,g=2*l+1;function p(t){const{a:e,b:n}=f,r=K(t*t),i=K(r*t);return K(i+e*t+n)}const m=f.a===i;class E extends Error{constructor(t){super(t)}}function x(t){if(!(t instanceof b))throw new TypeError("JacobianPoint expected")}class b{constructor(t,e,n){this.x=t,this.y=e,this.z=n}static get BASE(){return new b(f.Gx,f.Gy,o)}static get ZERO(){return new b(i,o,i)}static fromAffine(t){if(!(t instanceof A))throw new TypeError("JacobianPoint#fromAffine: expected Point");return t.equals(A.ZERO)?b.ZERO:new b(t.x,t.y,o)}static toAffineBatch(t){const e=function(t,e=f.P){const n=new Array(t.length),r=D(t.reduce(((t,r,o)=>r===i?t:(n[o]=t,K(t*r,e))),o),e);return t.reduceRight(((t,r,o)=>r===i?t:(n[o]=K(t*n[o],e),K(t*r,e))),r),n}(t.map((t=>t.z)));return t.map(((t,n)=>t.toAffine(e[n])))}static normalizeZ(t){return b.toAffineBatch(t).map(b.fromAffine)}equals(t){x(t);const{x:e,y:n,z:r}=this,{x:i,y:o,z:s}=t,a=K(r*r),c=K(s*s),f=K(e*c),u=K(i*a),h=K(K(n*s)*c),l=K(K(o*r)*a);return f===u&&h===l}negate(){return new b(this.x,K(-this.y),this.z)}double(){const{x:t,y:e,z:n}=this,r=K(t*t),i=K(e*e),o=K(i*i),f=t+i,u=K(s*(K(f*f)-r-o)),h=K(a*r),l=K(h*h),y=K(l-s*u),d=K(h*(u-y)-c*o),w=K(s*e*n);return new b(y,d,w)}add(t){x(t);const{x:e,y:n,z:r}=this,{x:o,y:a,z:c}=t;if(o===i||a===i)return this;if(e===i||n===i)return t;const f=K(r*r),u=K(c*c),h=K(e*u),l=K(o*f),y=K(K(n*c)*u),d=K(K(a*r)*f),w=K(l-h),g=K(d-y);if(w===i)return g===i?this.double():b.ZERO;const p=K(w*w),m=K(w*p),E=K(h*p),S=K(g*g-m-s*E),v=K(g*(E-S)-y*m),A=K(r*c*w);return new b(S,v,A)}subtract(t){return this.add(t.negate())}multiplyUnsafe(t){const e=b.ZERO;if("bigint"==typeof t&&t===i)return e;let n=V(t);if(n===o)return this;if(!m){let t=e,r=this;for(;n>i;)1n===(n&o)&&(t=t.add(r)),r=r.double(),n>>=o;return t}let{k1neg:r,k1:s,k2neg:a,k2:c}=h.splitScalar(n),f=e,u=e,l=this;for(;s>i||c>i;)1n===(s&o)&&(f=f.add(l)),1n===(c&o)&&(u=u.add(l)),l=l.double(),s>>=o,c>>=o;return r&&(f=f.negate()),a&&(u=u.negate()),u=new b(K(u.x*h.beta),u.y,u.z),f.add(u)}precomputeWindow(t){const e=m?128/t+1:256/t+1,n=[];let r=this,i=r;for(let o=0;o<e;o++){i=r,n.push(i);for(let e=1;e<2**(t-1);e++)i=i.add(r),n.push(i);r=i.double()}return n}wNAF(t,e){null==e&&this.equals(b.BASE)&&(e=A.BASE);const n=e?._WINDOW_SIZE??1;if(256%n==1)throw new Error("Point#wNAF: Invalid precomputation window, must be power of 2");let r=null!=e?v.get(e):[];null==r&&(r=this.precomputeWindow(n),null!=e&&1!==n&&(r=b.normalizeZ(r),v.set(e,r)));let i=b.ZERO,s=b.BASE;const a=1+(m?128/n:256/n),c=2**(n-1),f=BigInt(2**n-1),u=2**n,h=BigInt(n);for(let e=0;e<a;e++){const n=e*c;let a=Number(t&f);t>>=h,a>c&&(a-=u,t+=o);const l=n,y=n+Math.abs(a)-1,d=e%2!=0,w=a<0;0===a?s=s.add(S(d,r[l])):i=i.add(S(w,r[y]))}return{p:i,f:s}}multiply(t,e){const n=V(t);let r,i;if(m){const{k1neg:t,k1:o,k2neg:s,k2:a}=h.splitScalar(n);let{p:c,f:f}=this.wNAF(o,e),{p:u,f:l}=this.wNAF(a,e);c=S(t,c),u=S(s,u),u=new b(K(u.x*h.beta),u.y,u.z),r=c.add(u),i=f.add(l)}else{const{p:t,f:o}=this.wNAF(n,e);r=t,i=o}return b.normalizeZ([r,i])[0]}toAffine(t){const{x:e,y:n,z:r}=this,i=this.equals(b.ZERO);null==t&&(t=i?c:D(r));const s=t,a=K(s*s),f=K(a*s),u=K(e*a),h=K(n*f),l=K(r*s);if(i)return A.ZERO;if(l!==o)throw new Error("invZ was invalid");return new A(u,h)}}function S(t,e){if(void 0===e)throw new Error("Point is undefined!");const n=e.negate();return t?n:e}const v=new WeakMap;class A{constructor(t,e){this.x=t,this.y=e}_setWindowSize(t){this._WINDOW_SIZE=t,v.delete(this)}static get BASE(){return new A(f.Gx,f.Gy)}static get ZERO(){return new A(i,i)}hasEvenY(){return this.y%s===i}static fromCompressedHex(t){const e=32===t.length,n=O(e?t:t.subarray(1));if(!M(n))throw new Error("Point is not on curve");let r=function(t){const{P:e}=f,n=BigInt(6),r=BigInt(11),i=BigInt(22),o=BigInt(23),c=BigInt(44),u=BigInt(88),h=t*t*t%e,l=h*h*t%e,y=q(l,a)*l%e,d=q(y,a)*l%e,w=q(d,s)*h%e,g=q(w,r)*w%e,p=q(g,i)*g%e,m=q(p,c)*p%e,E=q(m,u)*m%e,x=q(E,c)*p%e,b=q(x,a)*l%e,S=q(b,o)*g%e,v=q(S,n)*h%e,A=q(v,s);if(A*A%e!==t)throw new Error("Cannot find square root");return A}(p(n));const i=(r&o)===o;if(e)i&&(r=K(-r));else{1==(1&t[0])!==i&&(r=K(-r))}const c=new A(n,r);return c.assertValidity(),c}static fromUncompressedHex(t){const e=O(t.subarray(1,l+1)),n=O(t.subarray(l+1,2*l+1)),r=new A(e,n);return r.assertValidity(),r}static fromHex(t){const e=Z(t),n=e.length,r=e[0];if(n===l)return this.fromCompressedHex(e);if(n===w&&(2===r||3===r))return this.fromCompressedHex(e);if(n===g&&4===r)return this.fromUncompressedHex(e);throw new Error(`Point.fromHex: received invalid point. Expected 32-${w} compressed bytes or ${g} uncompressed bytes, not ${n}`)}static fromPrivateKey(t){return A.BASE.multiply(j(t))}static fromSignature(t,e,n){const{r:r,s:i}=Y(e);if(![0,1,2,3].includes(n))throw new Error("Cannot recover: invalid recovery bit");const o=_(Z(t)),{n:s}=f,a=2===n||3===n?r+s:r,c=D(a,s),u=K(-o*c,s),h=K(i*c,s),l=1==(1&n)?"03":"02",y=A.fromHex(l+z(a)),d=A.BASE.multiplyAndAddUnsafe(y,u,h);if(null==d)throw new Error("Cannot recover signature: point at infinify");return d.assertValidity(),d}toRawBytes(t=!1){return C(this.toHex(t))}toHex(t=!1){const e=z(this.x);if(t){return`${this.hasEvenY()?"02":"03"}${e}`}return`04${e}${z(this.y)}`}toHexX(){return this.toHex(!0).slice(2)}toRawX(){return this.toRawBytes(!0).slice(1)}assertValidity(){const t="Point is not on elliptic curve",{x:e,y:n}=this;if(!M(e)||!M(n))throw new Error(t);const r=K(n*n);if(K(r-p(e))!==i)throw new Error(t)}equals(t){return this.x===t.x&&this.y===t.y}negate(){return new A(this.x,K(-this.y))}double(){return b.fromAffine(this).double().toAffine()}add(t){return b.fromAffine(this).add(b.fromAffine(t)).toAffine()}subtract(t){return this.add(t.negate())}multiply(t){return b.fromAffine(this).multiply(t,this).toAffine()}multiplyAndAddUnsafe(t,e,n){const r=b.fromAffine(this),s=e===i||e===o||this!==A.BASE?r.multiplyUnsafe(e):r.multiply(e),a=b.fromAffine(t).multiplyUnsafe(n),c=s.add(a);return c.equals(b.ZERO)?void 0:c.toAffine()}}function B(t){return Number.parseInt(t[0],16)>=8?"00"+t:t}function I(t){if(t.length<2||2!==t[0])throw new Error(`Invalid signature integer tag: ${P(t)}`);const e=t[1],n=t.subarray(2,e+2);if(0===e||n.length!==e)throw new Error("Invalid signature integer: wrong length");if(0===n[0]&&n[1]<=127)throw new Error("Invalid signature integer: trailing length");return{data:O(n),left:t.subarray(e+2)}}class R{constructor(t,e){this.r=t,this.s=e,this.assertValidity()}static fromCompact(t){const e=t instanceof Uint8Array,n="Signature.fromCompact";if("string"!=typeof t&&!e)throw new TypeError(`${n}: Expected string or Uint8Array`);const r=e?P(t):t;if(128!==r.length)throw new Error(`${n}: Expected 64-byte hex`);return new R($(r.slice(0,64)),$(r.slice(64,128)))}static fromDER(t){const e=t instanceof Uint8Array;if("string"!=typeof t&&!e)throw new TypeError("Signature.fromDER: Expected string or Uint8Array");const{r:n,s:r}=function(t){if(t.length<2||48!==t[0])throw new Error(`Invalid signature tag: ${P(t)}`);if(t[1]!==t.length-2)throw new Error("Invalid signature: incorrect length");const{data:e,left:n}=I(t.subarray(2)),{data:r,left:i}=I(n);if(0!==i.length)throw new Error(`Invalid signature: left bytes after parsing: ${P(i)}`);return{r:e,s:r}}(e?t:C(t));return new R(n,r)}static fromHex(t){return this.fromDER(t)}assertValidity(){const{r:t,s:e}=this;if(!L(t))throw new Error("Invalid Signature: r must be 0 < r < n");if(!L(e))throw new Error("Invalid Signature: s must be 0 < s < n")}hasHighS(){const t=f.n>>o;return this.s>t}normalizeS(){return this.hasHighS()?new R(this.r,K(-this.s,f.n)):this}toDERRawBytes(){return C(this.toDERHex())}toDERHex(){const t=B(N(this.s)),e=B(N(this.r)),n=t.length/2,r=e.length/2,i=N(n),o=N(r);return`30${N(r+n+4)}02${o}${e}02${i}${t}`}toRawBytes(){return this.toDERRawBytes()}toHex(){return this.toDERHex()}toCompactRawBytes(){return C(this.toCompactHex())}toCompactHex(){return z(this.r)+z(this.s)}}function k(...t){if(!t.every((t=>t instanceof Uint8Array)))throw new Error("Uint8Array list expected");if(1===t.length)return t[0];const e=t.reduce(((t,e)=>t+e.length),0),n=new Uint8Array(e);for(let e=0,r=0;e<t.length;e++){const i=t[e];n.set(i,r),r+=i.length}return n}const H=Array.from({length:256},((t,e)=>e.toString(16).padStart(2,"0")));function P(t){if(!(t instanceof Uint8Array))throw new Error("Expected Uint8Array");let e="";for(let n=0;n<t.length;n++)e+=H[t[n]];return e}const U=BigInt("0x10000000000000000000000000000000000000000000000000000000000000000");function z(t){if("bigint"!=typeof t)throw new Error("Expected bigint");if(!(i<=t&&t<U))throw new Error("Expected number 0 <= n < 2^256");return t.toString(16).padStart(64,"0")}function T(t){const e=C(z(t));if(32!==e.length)throw new Error("Error: expected 32 bytes");return e}function N(t){const e=t.toString(16);return 0!=(1&e.length)?`0${e}`:e}function $(t){if("string"!=typeof t)throw new TypeError("hexToNumber: expected string, got "+typeof t);return BigInt(`0x${t}`)}function C(t){if("string"!=typeof t)throw new TypeError("hexToBytes: expected string, got "+typeof t);if(t.length%2!=0)throw new Error("hexToBytes: received invalid unpadded hex"+String(t.length));const e=new Uint8Array(t.length/2);for(let n=0;n<e.length;n++){const r=2*n,i=t.slice(r,r+2),o=Number.parseInt(i,16);if(Number.isNaN(o)||o<0)throw new Error("Invalid byte sequence");e[n]=o}return e}function O(t){return $(P(t))}function Z(t){return t instanceof Uint8Array?Uint8Array.from(t):C(t)}function V(t){if("number"==typeof t&&Number.isSafeInteger(t)&&t>0)return BigInt(t);if("bigint"==typeof t&&L(t))return t;throw new TypeError("Expected valid private scalar: 0 < scalar < curve.n")}function K(t,e=f.P){const n=t%e;return n>=i?n:e+n}function q(t,e){const{P:n}=f;let r=t;for(;e-- >i;)r*=r,r%=n;return r}function D(t,e=f.P){if(t===i||e<=i)throw new Error(`invert: expected positive integers, got n=${t} mod=${e}`);let n=K(t,e),r=e,s=i,a=o;for(;n!==i;){const t=r%n,e=s-a*(r/n);r=n,n=t,s=a,a=e}if(r!==o)throw new Error("invert: does not exist");return K(s,e)}function _(t,e=!1){const n=function(t){const e=8*t.length-8*y,n=O(t);return e>0?n>>BigInt(e):n}(t);if(e)return n;const{n:r}=f;return n>=r?n-r:n}let W,F;class G{constructor(t,e){if(this.hashLen=t,this.qByteLen=e,"number"!=typeof t||t<2)throw new Error("hashLen must be a number");if("number"!=typeof e||e<2)throw new Error("qByteLen must be a number");this.v=new Uint8Array(t).fill(1),this.k=new Uint8Array(t).fill(0),this.counter=0}async hmac(...t){return gt.hmacSha256(this.k,...t)}hmacSync(...t){if(void 0===F)throw new Error("hmacSha256Sync is undefined!");return F(this.k,...t)}checkSync(){if("function"!=typeof F)throw new E("hmacSha256Sync needs to be set")}incr(){if(this.counter>=1e3)throw new Error("Tried 1,000 k values for sign(), all were invalid");this.counter+=1}async reseed(t=new Uint8Array){this.k=await this.hmac(this.v,Uint8Array.from([0]),t),this.v=await this.hmac(this.v),0!==t.length&&(this.k=await this.hmac(this.v,Uint8Array.from([1]),t),this.v=await this.hmac(this.v))}reseedSync(t=new Uint8Array){this.checkSync(),this.k=this.hmacSync(this.v,Uint8Array.from([0]),t),this.v=this.hmacSync(this.v),0!==t.length&&(this.k=this.hmacSync(this.v,Uint8Array.from([1]),t),this.v=this.hmacSync(this.v))}async generate(){this.incr();let t=0;const e=[];for(;t<this.qByteLen;){this.v=await this.hmac(this.v);const n=this.v.slice();e.push(n),t+=this.v.length}return k(...e)}generateSync(){this.checkSync(),this.incr();let t=0;const e=[];for(;t<this.qByteLen;){this.v=this.hmacSync(this.v);const n=this.v.slice();e.push(n),t+=this.v.length}return k(...e)}}function L(t){return i<t&&t<f.n}function M(t){return i<t&&t<f.P}function X(t,e,n,r=!0){const{n:s}=f,a=_(t,!0);if(!L(a))return;const c=D(a,s),u=A.BASE.multiply(a),h=K(u.x,s);if(h===i)return;const l=K(c*K(e+n*h,s),s);if(l===i)return;let y=new R(h,l),d=(u.x===y.r?0:2)|Number(u.y&o);return r&&y.hasHighS()&&(y=y.normalizeS(),d^=1),{sig:y,recovery:d}}function j(t){let e;if("bigint"==typeof t)e=t;else if("number"==typeof t&&Number.isSafeInteger(t)&&t>0)e=BigInt(t);else if("string"==typeof t){if(t.length!==2*y)throw new Error("Expected 32 bytes of private key");e=$(t)}else{if(!(t instanceof Uint8Array))throw new TypeError("Expected valid private key");if(t.length!==y)throw new Error("Expected 32 bytes of private key");e=O(t)}if(!L(e))throw new Error("Expected private key: 0 < key < n");return e}function J(t){return t instanceof A?(t.assertValidity(),t):A.fromHex(t)}function Y(t){if(t instanceof R)return t.assertValidity(),t;try{return R.fromDER(t)}catch(e){return R.fromCompact(t)}}function Q(t){const e=t instanceof Uint8Array,n="string"==typeof t,r=(e||n)&&t.length;return e?r===w||r===g:n?r===2*w||r===2*g:t instanceof A}function tt(t){return O(t.length>l?t.slice(0,l):t)}function et(t){const e=tt(t),n=K(e,f.n);return nt(n<i?e:n)}function nt(t){return T(t)}function rt(t,e,n){if(null===t)throw new Error("sign: expected valid message hash, not null.");const r=Z(t),i=j(e),o=[nt(i),et(r)];if(null!=n){!0===n&&(n=gt.randomBytes(l));const t=Z(n);if(t.length!==l)throw new Error(`sign: Expected ${l} bytes of extra data`);o.push(t)}return{seed:k(...o),m:tt(r),d:i}}function it(t,e){const{sig:n,recovery:r}=t,{der:i,recovered:o}=Object.assign({canonical:!0,der:!0},e),s=i?n.toDERRawBytes():n.toCompactRawBytes();return!0===o?[s,r]:s}const ot={strict:!0};function st(t){return K(O(t),f.n)}class at{constructor(t,e){this.r=t,this.s=e,this.assertValidity()}static fromHex(t){const e=Z(t);if(64!==e.length)throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${e.length}`);const n=O(e.subarray(0,32)),r=O(e.subarray(32,64));return new at(n,r)}assertValidity(){const{r:t,s:e}=this;if(!M(t)||!L(e))throw new Error("Invalid signature")}toHex(){return z(this.r)+z(this.s)}toRawBytes(){return C(this.toHex())}}class ct{constructor(t,e,n=gt.randomBytes()){if(null===t)throw new TypeError("sign: Expected valid message, not null.");this.m=Z(t);const{x:r,scalar:i}=this.getScalar(j(e));if(this.px=r,this.d=i,this.rand=Z(n),32!==this.rand.length)throw new TypeError("sign: Expected 32 bytes of aux randomness")}getScalar(t){const e=A.fromPrivateKey(t),n=e.hasEvenY()?t:f.n-t;return{point:e,scalar:n,x:e.toRawX()}}initNonce(t,e){return T(t^O(e))}finalizeNonce(t){const e=K(O(t),f.n);if(e===i)throw new Error("sign: Creation of signature failed. k is zero");const{point:n,x:r,scalar:o}=this.getScalar(e);return{R:n,rx:r,k:o}}finalizeSig(t,e,n,r){return new at(t.x,K(e+n*r,f.n)).toRawBytes()}error(){throw new Error("sign: Invalid signature produced")}async calc(){const{m:t,d:e,px:n,rand:r}=this,i=gt.taggedHash,o=this.initNonce(e,await i(dt.aux,r)),{R:s,rx:a,k:c}=this.finalizeNonce(await i(dt.nonce,o,n,t)),f=st(await i(dt.challenge,a,n,t)),u=this.finalizeSig(s,c,f,e);return await ht(u,t,n)||this.error(),u}calcSync(){const{m:t,d:e,px:n,rand:r}=this,i=gt.taggedHashSync,o=this.initNonce(e,i(dt.aux,r)),{R:s,rx:a,k:c}=this.finalizeNonce(i(dt.nonce,o,n,t)),f=st(i(dt.challenge,a,n,t)),u=this.finalizeSig(s,c,f,e);return lt(u,t,n)||this.error(),u}}function ft(t,e,n){const r=t instanceof at,i=r?t:at.fromHex(t);return r&&i.assertValidity(),{...i,m:Z(e),P:J(n)}}function ut(t,e,n,r){const i=A.BASE.multiplyAndAddUnsafe(e,j(n),K(-r,f.n));return!(null==i||!i.hasEvenY()||i.x!==t)}async function ht(t,e,n){try{const{r:r,s:i,m:o,P:s}=ft(t,e,n),a=st(await gt.taggedHash(dt.challenge,T(r),s.toRawX(),o));return ut(r,s,i,a)}catch(t){return!1}}function lt(t,e,n){try{const{r:r,s:i,m:o,P:s}=ft(t,e,n),a=st(gt.taggedHashSync(dt.challenge,T(r),s.toRawX(),o));return ut(r,s,i,a)}catch(t){if(t instanceof E)throw t;return!1}}const yt={Signature:at,getPublicKey:function(t){return A.fromPrivateKey(t).toRawX()},sign:async function(t,e,n){return new ct(t,e,n).calc()},verify:ht,signSync:function(t,e,n){return new ct(t,e,n).calcSync()},verifySync:lt};A.BASE._setWindowSize(8);const dt={challenge:"BIP0340/challenge",aux:"BIP0340/aux",nonce:"BIP0340/nonce"},wt={},gt={bytesToHex:P,hexToBytes:C,concatBytes:k,mod:K,invert:D,isValidPrivateKey(t){try{return j(t),!0}catch(t){return!1}},_bigintTo32Bytes:T,_normalizePrivateKey:j,hashToPrivateKey:t=>{t=Z(t);const e=y+8;if(t.length<e||t.length>1024)throw new Error("Expected valid bytes of private key as per FIPS 186");return T(K(O(t),f.n-o)+o)},randomBytes:(t=32)=>n.getRandomValues(new Uint8Array(t)),randomPrivateKey:()=>gt.hashToPrivateKey(gt.randomBytes(y+8)),precompute(t=8,e=A.BASE){const n=e===A.BASE?e:new A(e.x,e.y);return n._setWindowSize(t),n.multiply(a),n},sha256:async(...t)=>{const e=await n.subtle.digest("SHA-256",k(...t));return new Uint8Array(e)},hmacSha256:async(t,...e)=>{const r=await n.subtle.importKey("raw",t,{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),i=k(...e),o=await n.subtle.sign("HMAC",r,i);return new Uint8Array(o)},sha256Sync:void 0,hmacSha256Sync:void 0,taggedHash:async(t,...e)=>{let n=wt[t];if(void 0===n){const e=await gt.sha256(Uint8Array.from(t,(t=>t.charCodeAt(0))));n=k(e,e),wt[t]=n}return gt.sha256(n,...e)},taggedHashSync:(t,...e)=>{if("function"!=typeof W)throw new E("sha256Sync is undefined, you need to set it");let n=wt[t];if(void 0===n){const e=W(Uint8Array.from(t,(t=>t.charCodeAt(0))));n=k(e,e),wt[t]=n}return W(n,...e)},_JacobianPoint:b};return Object.defineProperties(gt,{sha256Sync:{configurable:!1,get:()=>W,set(t){null==W&&(W=t)}},hmacSha256Sync:{configurable:!1,get:()=>F,set(t){null==F&&(F=t)}}}),t.CURVE=f,t.Point=A,t.Signature=R,t.getPublicKey=function(t,e=!1){return A.fromPrivateKey(t).toRawBytes(e)},t.getSharedSecret=function(t,e,n=!1){if(Q(t))throw new TypeError("getSharedSecret: first arg must be private key");if(!Q(e))throw new TypeError("getSharedSecret: second arg must be public key");const r=J(e);return r.assertValidity(),r.multiply(j(t)).toRawBytes(n)},t.recoverPublicKey=function(t,e,n,r=!1){return A.fromSignature(t,e,n).toRawBytes(r)},t.schnorr=yt,t.sign=async function(t,e,n={}){const{seed:r,m:i,d:o}=rt(t,e,n.extraEntropy),s=new G(d,y);let a;for(await s.reseed(r);null==(a=X(await s.generate(),i,o,n.canonical));)await s.reseed();return it(a,n)},t.signSync=function(t,e,n={}){const{seed:r,m:i,d:o}=rt(t,e,n.extraEntropy),s=new G(d,y);let a;for(s.reseedSync(r);null==(a=X(s.generateSync(),i,o,n.canonical));)s.reseedSync();return it(a,n)},t.utils=gt,t.verify=function(t,e,n,r=ot){let i;try{i=Y(t),e=Z(e)}catch(t){return!1}const{r:o,s:s}=i;if(!0===r.strict&&i.hasHighS())return!1;const a=_(e);let c;try{c=J(n)}catch(t){return!1}const{n:u}=f,h=D(s,u),l=K(a*h,u),y=K(o*h,u),d=A.BASE.multiplyAndAddUnsafe(c,l,y);return null!=d&&K(d.x,u)===o},Object.defineProperty(t,"__esModule",{value:!0}),t}({},crypto); //# sourceMappingURL=bundle.min.js.map