@opendatalabs/vana-sdk/dist/crypto/ecies/base.cjs.map

A TypeScript library for interacting with Vana Network smart contracts.

{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.get(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (\n        publicKey[0] === CURVE.PREFIX.COMPRESSED_EVEN ||\n        publicKey[0] === CURVE.PREFIX.COMPRESSED_ODD\n      ) {\n        const decompressed = this.decompressPublicKey(publicKey);\n        if (!decompressed) {\n          throw new ECIESError(\n            \"Failed to decompress public key\",\n            \"INVALID_KEY\",\n          );\n        }\n        // Cache the decompressed key\n        BaseECIESUint8.validatedKeys.set(decompressed, true);\n        return decompressed;\n      }\n      throw new ECIESError(\n        `Invalid compressed public key prefix: expected 0x02 or 0x03, got 0x${publicKey[0].toString(16).padStart(2, \"0\")}`,\n        \"INVALID_KEY\",\n      );\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    // Declare sensitive variables outside try so finally can access them\n    let ephemeralPrivateKey: Uint8Array | undefined;\n    let sharedSecret: Uint8Array | undefined;\n    let kdf: Uint8Array | undefined;\n    let encryptionKey: Uint8Array | undefined;\n    let macKey: Uint8Array | undefined;\n\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      kdf = this.sha512(sharedSecret);\n      encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n      const mac = this.hmacSha256(macKey, macData);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    } finally {\n      // Clear sensitive data on all code paths (success, error, throw)\n      if (ephemeralPrivateKey) this.clearBuffer(ephemeralPrivateKey);\n      if (sharedSecret) this.clearBuffer(sharedSecret);\n      if (kdf) this.clearBuffer(kdf);\n      if (encryptionKey) this.clearBuffer(encryptionKey);\n      if (macKey) this.clearBuffer(macKey);\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    // Declare sensitive variables outside try so finally can access them\n    let sharedSecret: Uint8Array | undefined;\n    let kdf: Uint8Array | undefined;\n    let encryptionKey: Uint8Array | undefined;\n    let macKey: Uint8Array | undefined;\n\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n      if (\n        encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      ) {\n        throw new ECIESError(\n          `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n        throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n      }\n      const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n      // Perform ECDH to recover shared secret\n      sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      kdf = this.sha512(sharedSecret);\n      encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concat([\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      ]);\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    } finally {\n      // Clear sensitive data on all code paths (success, error, throw)\n      if (sharedSecret) this.clearBuffer(sharedSecret);\n      if (kdf) this.clearBuffer(kdf);\n      if (encryptionKey) this.clearBuffer(encryptionKey);\n      if (macKey) this.clearBuffer(macKey);\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA6C;AAC7C,uBAAmC;AACnC,mBAAkC;AAClC,kBAAuB;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,4BAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,uBAAM,8BAA8B;AAC3D,UACE,UAAU,CAAC,MAAM,uBAAM,OAAO,mBAC9B,UAAU,CAAC,MAAM,uBAAM,OAAO,gBAC9B;AACA,cAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,YAAI,CAAC,cAAc;AACjB,gBAAM,IAAI;AAAA,YACR;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAEA,uBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,eAAO;AAAA,MACT;AACA,YAAM,IAAI;AAAA,QACR,sEAAsE,UAAU,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,QAChH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AAEzB,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,4BAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,4BAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,uBAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,qBAAe,KAAK,YAAY,QAAQ,mBAAmB;AAG3D,YAAM,KAAK,OAAO,YAAY;AAC9B,sBAAgB,IAAI;AAAA,QAClB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,eAAS,IAAI;AAAA,QACX,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,wBAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,cAAU,oBAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAE3C,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF,UAAE;AAEA,UAAI,oBAAqB,MAAK,YAAY,mBAAmB;AAC7D,UAAI,aAAc,MAAK,YAAY,YAAY;AAC/C,UAAI,IAAK,MAAK,YAAY,GAAG;AAC7B,UAAI,cAAe,MAAK,YAAY,aAAa;AACjD,UAAI,OAAQ,MAAK,YAAY,MAAM;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AAErB,QAAI;AACJ,QAAI;AACJ,QAAI;AACJ,QAAI;AAEJ,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,4BAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,KAAC,mCAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,uBAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,4BAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,uBAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,uBAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,uBAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,4BAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,qBAAe,KAAK,YAAY,oBAAoB,UAAU;AAG9D,YAAM,KAAK,OAAO,YAAY;AAC9B,sBAAgB,IAAI;AAAA,QAClB,qBAAI;AAAA,QACJ,qBAAI,wBAAwB,qBAAI;AAAA,MAClC;AACA,eAAS,IAAI;AAAA,QACX,qBAAI;AAAA,QACJ,qBAAI,iBAAiB,qBAAI;AAAA,MAC3B;AAGA,YAAM,cAAU,oBAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,KAAC,gCAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,4BAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,4BAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF,UAAE;AAEA,UAAI,aAAc,MAAK,YAAY,YAAY;AAC/C,UAAI,IAAK,MAAK,YAAY,GAAG;AAC7B,UAAI,cAAe,MAAK,YAAY,aAAa;AACjD,UAAI,OAAQ,MAAK,YAAY,MAAM;AAAA,IACrC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}