UNPKG

avo-inspector

Version:

[![npm version](https://badge.fury.io/js/avo-inspector.svg)](https://badge.fury.io/js/avo-inspector)

2 lines 132 kB
/*! For license information please see index.js.LICENSE.txt */ !function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var n=t();for(var r in n)("object"==typeof exports?exports:e)[r]=n[r]}}(self,()=>(()=>{"use strict";var e={562(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.getHash=function(e){return{hash:e}},t.createCurve=function(e,t){const n=t=>(0,r.weierstrass)({...e,hash:t});return{...n(t),create:n}};const r=n(705)},422(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.wNAF=void 0,t.negateCt=a,t.normalizeZ=function(e,t){const n=(0,o.FpInvertBatch)(e.Fp,t.map(e=>e.Z));return t.map((t,r)=>e.fromAffine(t.toAffine(n[r])))},t.mulEndoUnsafe=function(e,t,n,r){let o=t,a=e.ZERO,c=e.ZERO;for(;n>s||r>s;)n&i&&(a=a.add(o)),r&i&&(c=c.add(o)),o=o.double(),n>>=i,r>>=i;return{p1:a,p2:c}},t.pippenger=function(e,t,n,o){f(n,e),h(o,t);const s=n.length,i=o.length;if(s!==i)throw new Error("arrays of points and scalars must have equal length");const a=e.ZERO,c=(0,r.bitLen)(BigInt(s));let u=1;c>12?u=c-3:c>4?u=c-2:c>0&&(u=2);const l=(0,r.bitMask)(u),d=new Array(Number(l)+1).fill(a);let p=a;for(let e=Math.floor((t.BITS-1)/u)*u;e>=0;e-=u){d.fill(a);for(let t=0;t<i;t++){const r=o[t],s=Number(r>>BigInt(e)&l);d[s]=d[s].add(n[t])}let t=a;for(let e=d.length-1,n=a;e>0;e--)n=n.add(d[e]),t=t.add(n);if(p=p.add(t),0!==e)for(let e=0;e<u;e++)p=p.double()}return p},t.precomputeMSMUnsafe=function(e,t,n,o){c(o,t.BITS),f(n,e);const s=e.ZERO,i=2**o-1,a=Math.ceil(t.BITS/o),u=(0,r.bitMask)(o),l=n.map(e=>{const t=[];for(let n=0,r=e;n<i;n++)t.push(r),r=r.add(e);return t});return e=>{if(h(e,t),e.length>n.length)throw new Error("array of scalars must be smaller than array of points");let r=s;for(let t=0;t<a;t++){if(r!==s)for(let e=0;e<o;e++)r=r.double();const n=BigInt(a*o-(t+1)*o);for(let t=0;t<e.length;t++){const o=e[t],s=Number(o>>n&u);s&&(r=r.add(l[t][s-1]))}}return r}},t.validateBasic=function(e){return(0,o.validateField)(e.Fp),(0,r.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,o.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})},t._createCurveFields=function(e,t,n={},r){if(void 0===r&&(r="edwards"===e),!t||"object"!=typeof t)throw new Error(`expected valid ${e} CURVE object`);for(const e of["p","n","h"]){const n=t[e];if(!("bigint"==typeof n&&n>s))throw new Error(`CURVE.${e} must be positive bigint`)}const o=g(t.p,n.Fp,r),i=g(t.n,n.Fn,r),a=["Gx","Gy","a","weierstrass"===e?"b":"d"];for(const e of a)if(!o.isValid(t[e]))throw new Error(`CURVE.${e} must be valid field element of CURVE.Fp`);return{CURVE:t=Object.freeze(Object.assign({},t)),Fp:o,Fn:i}};const r=n(627),o=n(967),s=BigInt(0),i=BigInt(1);function a(e,t){const n=t.negate();return e?n:t}function c(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function u(e,t){c(e,t);const n=2**e;return{windows:Math.ceil(t/e)+1,windowSize:2**(e-1),mask:(0,r.bitMask)(e),maxNumber:n,shiftBy:BigInt(e)}}function l(e,t,n){const{windowSize:r,mask:o,maxNumber:s,shiftBy:a}=n;let c=Number(e&o),u=e>>a;c>r&&(c-=s,u+=i);const l=t*r;return{nextN:u,offset:l+Math.abs(c)-1,isZero:0===c,isNeg:c<0,isNegF:t%2!=0,offsetF:l}}function f(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((e,n)=>{if(!(e instanceof t))throw new Error("invalid point at index "+n)})}function h(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((e,n)=>{if(!t.isValid(e))throw new Error("invalid scalar at index "+n)})}const d=new WeakMap,p=new WeakMap;function y(e){return p.get(e)||1}function v(e){if(e!==s)throw new Error("invalid wNAF")}function g(e,t,n){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,o.validateField)(t),t}return(0,o.Field)(e,{isLE:n})}t.wNAF=class{constructor(e,t){this.BASE=e.BASE,this.ZERO=e.ZERO,this.Fn=e.Fn,this.bits=t}_unsafeLadder(e,t,n=this.ZERO){let r=e;for(;t>s;)t&i&&(n=n.add(r)),r=r.double(),t>>=i;return n}precomputeWindow(e,t){const{windows:n,windowSize:r}=u(t,this.bits),o=[];let s=e,i=s;for(let e=0;e<n;e++){i=s,o.push(i);for(let e=1;e<r;e++)i=i.add(s),o.push(i);s=i.double()}return o}wNAF(e,t,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let r=this.ZERO,o=this.BASE;const s=u(e,this.bits);for(let e=0;e<s.windows;e++){const{nextN:i,offset:c,isZero:u,isNeg:f,isNegF:h,offsetF:d}=l(n,e,s);n=i,u?o=o.add(a(h,t[d])):r=r.add(a(f,t[c]))}return v(n),{p:r,f:o}}wNAFUnsafe(e,t,n,r=this.ZERO){const o=u(e,this.bits);for(let e=0;e<o.windows&&n!==s;e++){const{nextN:s,offset:i,isZero:a,isNeg:c}=l(n,e,o);if(n=s,!a){const e=t[i];r=r.add(c?e.negate():e)}}return v(n),r}getPrecomputes(e,t,n){let r=d.get(t);return r||(r=this.precomputeWindow(t,e),1!==e&&("function"==typeof n&&(r=n(r)),d.set(t,r))),r}cached(e,t,n){const r=y(e);return this.wNAF(r,this.getPrecomputes(r,e,n),t)}unsafe(e,t,n,r){const o=y(e);return 1===o?this._unsafeLadder(e,t,r):this.wNAFUnsafe(o,this.getPrecomputes(o,e,n),t,r)}createCache(e,t){c(t,this.bits),p.set(e,t),d.delete(e)}hasCache(e){return 1!==y(e)}}},761(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t._DST_scalar=void 0,t.expand_message_xmd=l,t.expand_message_xof=f,t.hash_to_field=h,t.isogenyMap=function(e,t){const n=t.map(e=>Array.from(e).reverse());return(t,r)=>{const[s,i,a,c]=n.map(n=>n.reduce((n,r)=>e.add(e.mul(n,t),r))),[u,l]=(0,o.FpInvertBatch)(e,[i,c],!0);return t=e.mul(s,u),r=e.mul(r,e.mul(a,l)),{x:t,y:r}}},t.createHasher=function(e,n,r){if("function"!=typeof n)throw new Error("mapToCurve() must be defined");function o(t){return e.fromAffine(n(t))}function s(t){const n=t.clearCofactor();return n.equals(e.ZERO)?e.ZERO:(n.assertValidity(),n)}return{defaults:r,hashToCurve(e,t){const n=h(e,2,Object.assign({},r,t)),i=o(n[0]),a=o(n[1]);return s(i.add(a))},encodeToCurve(e,t){const n=r.encodeDST?{DST:r.encodeDST}:{};return s(o(h(e,1,Object.assign({},r,n,t))[0]))},mapToCurve(e){if(!Array.isArray(e))throw new Error("expected array of bigints");for(const t of e)if("bigint"!=typeof t)throw new Error("expected array of bigints");return s(o(e))},hashToScalar(n,o){const s=e.Fn.ORDER;return h(n,1,Object.assign({},r,{p:s,m:1,DST:t._DST_scalar},o))[0][0]}}};const r=n(627),o=n(967),s=r.bytesToNumberBE;function i(e,t){if(c(e),c(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);const n=Array.from({length:t}).fill(0);for(let r=t-1;r>=0;r--)n[r]=255&e,e>>>=8;return new Uint8Array(n)}function a(e,t){const n=new Uint8Array(e.length);for(let r=0;r<e.length;r++)n[r]=e[r]^t[r];return n}function c(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function u(e){if(!(0,r.isBytes)(e)&&"string"!=typeof e)throw new Error("DST must be Uint8Array or string");return"string"==typeof e?(0,r.utf8ToBytes)(e):e}function l(e,t,n,o){(0,r.abytes)(e),c(n),(t=u(t)).length>255&&(t=o((0,r.concatBytes)((0,r.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));const{outputLen:s,blockLen:l}=o,f=Math.ceil(n/s);if(n>65535||f>255)throw new Error("expand_message_xmd: invalid lenInBytes");const h=(0,r.concatBytes)(t,i(t.length,1)),d=i(0,l),p=i(n,2),y=new Array(f),v=o((0,r.concatBytes)(d,e,p,i(0,1),h));y[0]=o((0,r.concatBytes)(v,i(1,1),h));for(let e=1;e<=f;e++){const t=[a(v,y[e-1]),i(e+1,1),h];y[e]=o((0,r.concatBytes)(...t))}return(0,r.concatBytes)(...y).slice(0,n)}function f(e,t,n,o,s){if((0,r.abytes)(e),c(n),(t=u(t)).length>255){const e=Math.ceil(2*o/8);t=s.create({dkLen:e}).update((0,r.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(n>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return s.create({dkLen:n}).update(e).update(i(n,2)).update(t).update(i(t.length,1)).digest()}function h(e,t,n){(0,r._validateObject)(n,{p:"bigint",m:"number",k:"number",hash:"function"});const{p:i,k:a,m:u,hash:h,expand:d,DST:p}=n;if(!(0,r.isHash)(n.hash))throw new Error("expected valid hash");(0,r.abytes)(e),c(t);const y=i.toString(2).length,v=Math.ceil((y+a)/8),g=t*u*v;let b;if("xmd"===d)b=l(e,p,g,h);else if("xof"===d)b=f(e,p,g,a,h);else{if("_internal_pass"!==d)throw new Error('expand must be "xmd" or "xof"');b=e}const m=new Array(t);for(let e=0;e<t;e++){const t=new Array(u);for(let n=0;n<u;n++){const r=v*(n+e*u),a=b.subarray(r,r+v);t[n]=(0,o.mod)(s(a),i)}m[e]=t}return m}t._DST_scalar=(0,r.utf8ToBytes)("HashToScalar-")},967(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.isNegativeLE=void 0,t.mod=p,t.pow=function(e,t,n){return I(_(n),e,t)},t.pow2=function(e,t,n){let r=e;for(;t-- >o;)r*=r,r%=n;return r},t.invert=y,t.tonelliShanks=m,t.FpSqrt=w,t.validateField=function(e){const t=E.reduce((e,t)=>(e[t]="function",e),{ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"});return(0,r._validateObject)(e,t),e},t.FpPow=I,t.FpInvertBatch=S,t.FpDiv=function(e,t,n){return e.mul(t,"bigint"==typeof n?y(n,e.ORDER):e.inv(n))},t.FpLegendre=A,t.FpIsSquare=function(e,t){return 1===A(e,t)},t.nLength=x,t.Field=_,t.FpSqrtOdd=function(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");const n=e.sqrt(t);return e.isOdd(n)?n:e.neg(n)},t.FpSqrtEven=function(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");const n=e.sqrt(t);return e.isOdd(n)?e.neg(n):n},t.hashToPrivateScalar=function(e,t,n=!1){const o=(e=(0,r.ensureBytes)("privateHash",e)).length,i=x(t).nByteLength+8;if(i<24||o<i||o>1024)throw new Error("hashToPrivateScalar: expected "+i+"-1024 bytes of input, got "+o);return p(n?(0,r.bytesToNumberLE)(e):(0,r.bytesToNumberBE)(e),t-s)+s},t.getFieldBytesLength=O,t.getMinHashLength=B,t.mapHashToField=function(e,t,n=!1){const o=e.length,i=O(t),a=B(t);if(o<16||o<a||o>1024)throw new Error("expected "+a+"-1024 bytes of input, got "+o);const c=p(n?(0,r.bytesToNumberLE)(e):(0,r.bytesToNumberBE)(e),t-s)+s;return n?(0,r.numberToBytesLE)(c,i):(0,r.numberToBytesBE)(c,i)};const r=n(627),o=BigInt(0),s=BigInt(1),i=BigInt(2),a=BigInt(3),c=BigInt(4),u=BigInt(5),l=BigInt(7),f=BigInt(8),h=BigInt(9),d=BigInt(16);function p(e,t){const n=e%t;return n>=o?n:t+n}function y(e,t){if(e===o)throw new Error("invert: expected non-zero number");if(t<=o)throw new Error("invert: expected positive modulus, got "+t);let n=p(e,t),r=t,i=o,a=s,c=s,u=o;for(;n!==o;){const e=r/n,t=r%n,o=i-c*e,s=a-u*e;r=n,n=t,i=c,a=u,c=o,u=s}if(r!==s)throw new Error("invert: does not exist");return p(i,t)}function v(e,t,n){if(!e.eql(e.sqr(t),n))throw new Error("Cannot find square root")}function g(e,t){const n=(e.ORDER+s)/c,r=e.pow(t,n);return v(e,r,t),r}function b(e,t){const n=(e.ORDER-u)/f,r=e.mul(t,i),o=e.pow(r,n),s=e.mul(t,o),a=e.mul(e.mul(s,i),o),c=e.mul(s,e.sub(a,e.ONE));return v(e,c,t),c}function m(e){if(e<a)throw new Error("sqrt is not defined for small field");let t=e-s,n=0;for(;t%i===o;)t/=i,n++;let r=i;const c=_(e);for(;1===A(c,r);)if(r++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(1===n)return g;let u=c.pow(r,t);const l=(t+s)/i;return function(e,r){if(e.is0(r))return r;if(1!==A(e,r))throw new Error("Cannot find square root");let o=n,i=e.mul(e.ONE,u),a=e.pow(r,t),c=e.pow(r,l);for(;!e.eql(a,e.ONE);){if(e.is0(a))return e.ZERO;let t=1,n=e.sqr(a);for(;!e.eql(n,e.ONE);)if(t++,n=e.sqr(n),t===o)throw new Error("Cannot find square root");const r=s<<BigInt(o-t-1),u=e.pow(i,r);o=t,i=e.sqr(u),a=e.mul(a,i),c=e.mul(c,u)}return c}}function w(e){return e%c===a?g:e%f===u?b:e%d===h?function(e){const t=_(e),n=m(e),r=n(t,t.neg(t.ONE)),o=n(t,r),s=n(t,t.neg(r)),i=(e+l)/d;return(e,t)=>{let n=e.pow(t,i),a=e.mul(n,r);const c=e.mul(n,o),u=e.mul(n,s),l=e.eql(e.sqr(a),t),f=e.eql(e.sqr(c),t);n=e.cmov(n,a,l),a=e.cmov(u,c,f);const h=e.eql(e.sqr(a),t),d=e.cmov(n,a,h);return v(e,d,t),d}}(e):m(e)}t.isNegativeLE=(e,t)=>(p(e,t)&s)===s;const E=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function I(e,t,n){if(n<o)throw new Error("invalid exponent, negatives unsupported");if(n===o)return e.ONE;if(n===s)return t;let r=e.ONE,i=t;for(;n>o;)n&s&&(r=e.mul(r,i)),i=e.sqr(i),n>>=s;return r}function S(e,t,n=!1){const r=new Array(t.length).fill(n?e.ZERO:void 0),o=t.reduce((t,n,o)=>e.is0(n)?t:(r[o]=t,e.mul(t,n)),e.ONE),s=e.inv(o);return t.reduceRight((t,n,o)=>e.is0(n)?t:(r[o]=e.mul(t,r[o]),e.mul(t,n)),s),r}function A(e,t){const n=(e.ORDER-s)/i,r=e.pow(t,n),o=e.eql(r,e.ONE),a=e.eql(r,e.ZERO),c=e.eql(r,e.neg(e.ONE));if(!o&&!a&&!c)throw new Error("invalid Legendre symbol result");return o?1:a?0:-1}function x(e,t){void 0!==t&&(0,r.anumber)(t);const n=void 0!==t?t:e.toString(2).length;return{nBitLength:n,nByteLength:Math.ceil(n/8)}}function _(e,t,n=!1,i={}){if(e<=o)throw new Error("invalid field: expected ORDER > 0, got "+e);let a,c,u,l=!1;if("object"==typeof t&&null!=t){if(i.sqrt||n)throw new Error("cannot specify opts in two arguments");const e=t;e.BITS&&(a=e.BITS),e.sqrt&&(c=e.sqrt),"boolean"==typeof e.isLE&&(n=e.isLE),"boolean"==typeof e.modFromBytes&&(l=e.modFromBytes),u=e.allowedLengths}else"number"==typeof t&&(a=t),i.sqrt&&(c=i.sqrt);const{nBitLength:f,nByteLength:h}=x(e,a);if(h>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d;const v=Object.freeze({ORDER:e,isLE:n,BITS:f,BYTES:h,MASK:(0,r.bitMask)(f),ZERO:o,ONE:s,allowedLengths:u,create:t=>p(t,e),isValid:t=>{if("bigint"!=typeof t)throw new Error("invalid field element: expected bigint, got "+typeof t);return o<=t&&t<e},is0:e=>e===o,isValidNot0:e=>!v.is0(e)&&v.isValid(e),isOdd:e=>(e&s)===s,neg:t=>p(-t,e),eql:(e,t)=>e===t,sqr:t=>p(t*t,e),add:(t,n)=>p(t+n,e),sub:(t,n)=>p(t-n,e),mul:(t,n)=>p(t*n,e),pow:(e,t)=>I(v,e,t),div:(t,n)=>p(t*y(n,e),e),sqrN:e=>e*e,addN:(e,t)=>e+t,subN:(e,t)=>e-t,mulN:(e,t)=>e*t,inv:t=>y(t,e),sqrt:c||(t=>(d||(d=w(e)),d(v,t))),toBytes:e=>n?(0,r.numberToBytesLE)(e,h):(0,r.numberToBytesBE)(e,h),fromBytes:(t,o=!0)=>{if(u){if(!u.includes(t.length)||t.length>h)throw new Error("Field.fromBytes: expected "+u+" bytes, got "+t.length);const e=new Uint8Array(h);e.set(t,n?0:e.length-t.length),t=e}if(t.length!==h)throw new Error("Field.fromBytes: expected "+h+" bytes, got "+t.length);let s=n?(0,r.bytesToNumberLE)(t):(0,r.bytesToNumberBE)(t);if(l&&(s=p(s,e)),!o&&!v.isValid(s))throw new Error("invalid field element: outside of range 0..ORDER");return s},invertBatch:e=>S(v,e),cmov:(e,t,n)=>n?t:e});return Object.freeze(v)}function O(e){if("bigint"!=typeof e)throw new Error("field order must be bigint");const t=e.toString(2).length;return Math.ceil(t/8)}function B(e){const t=O(e);return t+Math.ceil(t/2)}},705(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.DER=t.DERErr=void 0,t._splitEndoScalar=u,t._normFnElement=b,t.weierstrassN=m,t.SWUFpSqrtRatio=E,t.mapToCurveSimpleSWU=function(e,t){(0,a.validateField)(e);const{A:n,B:r,Z:o}=t;if(!e.isValid(n)||!e.isValid(r)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");const s=E(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return t=>{let i,c,u,l,f,h,d,p;i=e.sqr(t),i=e.mul(i,o),c=e.sqr(i),c=e.add(c,i),u=e.add(c,e.ONE),u=e.mul(u,r),l=e.cmov(o,e.neg(c),!e.eql(c,e.ZERO)),l=e.mul(l,n),c=e.sqr(u),h=e.sqr(l),f=e.mul(h,n),c=e.add(c,f),c=e.mul(c,u),h=e.mul(h,l),f=e.mul(h,r),c=e.add(c,f),d=e.mul(i,u);const{isValid:y,value:v}=s(c,h);p=e.mul(i,t),p=e.mul(p,v),d=e.cmov(d,u,y),p=e.cmov(p,v,y);const g=e.isOdd(t)===e.isOdd(p);p=e.cmov(e.neg(p),p,g);const b=(0,a.FpInvertBatch)(e,[l],!0)[0];return d=e.mul(d,b),{x:d,y:p}}},t.ecdh=S,t.ecdsa=A,t.weierstrassPoints=function(e){const{CURVE:t,curveOpts:n}=x(e);return function(e,t){const{Fp:n,Fn:r}=t;const o=_(n,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:e=>b(r,e),weierstrassEquation:o,isWithinCurveOrder:function(e){return(0,s.inRange)(e,p,r.ORDER)}})}(e,m(t,n))},t._legacyHelperEquat=_,t.weierstrass=function(e){const{CURVE:t,curveOpts:n,hash:r,ecdsaOpts:o}=function(e){const{CURVE:t,curveOpts:n}=x(e),r={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:n,hash:e.hash,ecdsaOpts:r}}(e);return function(e,t){const n=t.Point;return Object.assign({},t,{ProjectivePoint:n,CURVE:Object.assign({},e,(0,a.nLength)(n.Fn.ORDER,n.Fn.BITS))})}(e,A(m(t,n),r,o))};const r=n(615),o=n(175),s=n(627),i=n(422),a=n(967),c=(e,t)=>(e+(e>=0?t:-t)/y)/t;function u(e,t,n){const[[r,o],[i,a]]=t,u=c(a*e,n),l=c(-o*e,n);let f=e-u*r-l*i,h=-u*o-l*a;const y=f<d,v=h<d;y&&(f=-f),v&&(h=-h);const g=(0,s.bitMask)(Math.ceil((0,s.bitLen)(n)/2))+p;if(f<d||f>=g||h<d||h>=g)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:y,k1:f,k2neg:v,k2:h}}function l(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function f(e,t){const n={};for(let r of Object.keys(t))n[r]=void 0===e[r]?t[r]:e[r];return(0,s._abool2)(n.lowS,"lowS"),(0,s._abool2)(n.prehash,"prehash"),void 0!==n.format&&l(n.format),n}class h extends Error{constructor(e=""){super(e)}}t.DERErr=h,t.DER={Err:h,_tlv:{encode:(e,n)=>{const{Err:r}=t.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(1&n.length)throw new r("tlv.encode: unpadded data");const o=n.length/2,i=(0,s.numberToHexUnpadded)(o);if(i.length/2&128)throw new r("tlv.encode: long form length too big");const a=o>127?(0,s.numberToHexUnpadded)(i.length/2|128):"";return(0,s.numberToHexUnpadded)(e)+a+i+n},decode(e,n){const{Err:r}=t.DER;let o=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(n.length<2||n[o++]!==e)throw new r("tlv.decode: wrong tlv");const s=n[o++];let i=0;if(128&s){const e=127&s;if(!e)throw new r("tlv.decode(long): indefinite length not supported");if(e>4)throw new r("tlv.decode(long): byte length is too big");const t=n.subarray(o,o+e);if(t.length!==e)throw new r("tlv.decode: length bytes not complete");if(0===t[0])throw new r("tlv.decode(long): zero leftmost byte");for(const e of t)i=i<<8|e;if(o+=e,i<128)throw new r("tlv.decode(long): not minimal encoding")}else i=s;const a=n.subarray(o,o+i);if(a.length!==i)throw new r("tlv.decode: wrong value length");return{v:a,l:n.subarray(o+i)}}},_int:{encode(e){const{Err:n}=t.DER;if(e<d)throw new n("integer: negative integers are not allowed");let r=(0,s.numberToHexUnpadded)(e);if(8&Number.parseInt(r[0],16)&&(r="00"+r),1&r.length)throw new n("unexpected DER parsing assertion: unpadded hex");return r},decode(e){const{Err:n}=t.DER;if(128&e[0])throw new n("invalid signature integer: negative");if(0===e[0]&&!(128&e[1]))throw new n("invalid signature integer: unnecessary leading zero");return(0,s.bytesToNumberBE)(e)}},toSig(e){const{Err:n,_int:r,_tlv:o}=t.DER,i=(0,s.ensureBytes)("signature",e),{v:a,l:c}=o.decode(48,i);if(c.length)throw new n("invalid signature: left bytes after parsing");const{v:u,l}=o.decode(2,a),{v:f,l:h}=o.decode(2,l);if(h.length)throw new n("invalid signature: left bytes after parsing");return{r:r.decode(u),s:r.decode(f)}},hexFromSig(e){const{_tlv:n,_int:r}=t.DER,o=n.encode(2,r.encode(e.r))+n.encode(2,r.encode(e.s));return n.encode(48,o)}};const d=BigInt(0),p=BigInt(1),y=BigInt(2),v=BigInt(3),g=BigInt(4);function b(e,t){const{BYTES:n}=e;let r;if("bigint"==typeof t)r=t;else{let o=(0,s.ensureBytes)("private key",t);try{r=e.fromBytes(o)}catch(e){throw new Error(`invalid private key: expected ui8a of size ${n}, got ${typeof t}`)}}if(!e.isValidNot0(r))throw new Error("invalid private key: out of range [1..N-1]");return r}function m(e,t={}){const n=(0,i._createCurveFields)("weierstrass",e,t),{Fp:r,Fn:o}=n;let a=n.CURVE;const{h:c,n:l}=a;(0,s._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});const{endo:f}=t;if(f&&(!r.is0(a.a)||"bigint"!=typeof f.beta||!Array.isArray(f.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');const h=I(r,o);function y(){if(!r.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}const m=t.toBytes||function(e,t,n){const{x:o,y:i}=t.toAffine(),a=r.toBytes(o);if((0,s._abool2)(n,"isCompressed"),n){y();const e=!r.isOdd(i);return(0,s.concatBytes)(w(e),a)}return(0,s.concatBytes)(Uint8Array.of(4),a,r.toBytes(i))},E=t.fromBytes||function(e){(0,s._abytes2)(e,void 0,"Point");const{publicKey:t,publicKeyUncompressed:n}=h,o=e.length,i=e[0],a=e.subarray(1);if(o!==t||2!==i&&3!==i){if(o===n&&4===i){const e=r.BYTES,t=r.fromBytes(a.subarray(0,e)),n=r.fromBytes(a.subarray(e,2*e));if(!A(t,n))throw new Error("bad point: is not on curve");return{x:t,y:n}}throw new Error(`bad point: got length ${o}, expected compressed=${t} or uncompressed=${n}`)}{const e=r.fromBytes(a);if(!r.isValid(e))throw new Error("bad point: is not on curve, wrong x");const t=S(e);let n;try{n=r.sqrt(t)}catch(e){const t=e instanceof Error?": "+e.message:"";throw new Error("bad point: is not on curve, sqrt error"+t)}return y(),!(1&~i)!==r.isOdd(n)&&(n=r.neg(n)),{x:e,y:n}}};function S(e){const t=r.sqr(e),n=r.mul(t,e);return r.add(r.add(n,r.mul(e,a.a)),a.b)}function A(e,t){const n=r.sqr(t),o=S(e);return r.eql(n,o)}if(!A(a.Gx,a.Gy))throw new Error("bad curve params: generator point");const x=r.mul(r.pow(a.a,v),g),_=r.mul(r.sqr(a.b),BigInt(27));if(r.is0(r.add(x,_)))throw new Error("bad curve params: a or b");function O(e,t,n=!1){if(!r.isValid(t)||n&&r.is0(t))throw new Error(`bad point coordinate ${e}`);return t}function B(e){if(!(e instanceof C))throw new Error("ProjectivePoint expected")}function H(e){if(!f||!f.basises)throw new Error("no endo");return u(e,f.basises,o.ORDER)}const R=(0,s.memoized)((e,t)=>{const{X:n,Y:o,Z:s}=e;if(r.eql(s,r.ONE))return{x:n,y:o};const i=e.is0();null==t&&(t=i?r.ONE:r.inv(s));const a=r.mul(n,t),c=r.mul(o,t),u=r.mul(s,t);if(i)return{x:r.ZERO,y:r.ZERO};if(!r.eql(u,r.ONE))throw new Error("invZ was invalid");return{x:a,y:c}}),P=(0,s.memoized)(e=>{if(e.is0()){if(t.allowInfinityPoint&&!r.is0(e.Y))return;throw new Error("bad point: ZERO")}const{x:n,y:o}=e.toAffine();if(!r.isValid(n)||!r.isValid(o))throw new Error("bad point: x or y not field elements");if(!A(n,o))throw new Error("bad point: equation left != right");if(!e.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function T(e,t,n,o,s){return n=new C(r.mul(n.X,e),n.Y,n.Z),t=(0,i.negateCt)(o,t),n=(0,i.negateCt)(s,n),t.add(n)}class C{constructor(e,t,n){this.X=O("x",e),this.Y=O("y",t,!0),this.Z=O("z",n),Object.freeze(this)}static CURVE(){return a}static fromAffine(e){const{x:t,y:n}=e||{};if(!e||!r.isValid(t)||!r.isValid(n))throw new Error("invalid affine point");if(e instanceof C)throw new Error("projective point not allowed");return r.is0(t)&&r.is0(n)?C.ZERO:new C(t,n,r.ONE)}static fromBytes(e){const t=C.fromAffine(E((0,s._abytes2)(e,void 0,"point")));return t.assertValidity(),t}static fromHex(e){return C.fromBytes((0,s.ensureBytes)("pointHex",e))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(e=8,t=!0){return N.createCache(this,e),t||this.multiply(v),this}assertValidity(){P(this)}hasEvenY(){const{y:e}=this.toAffine();if(!r.isOdd)throw new Error("Field doesn't support isOdd");return!r.isOdd(e)}equals(e){B(e);const{X:t,Y:n,Z:o}=this,{X:s,Y:i,Z:a}=e,c=r.eql(r.mul(t,a),r.mul(s,o)),u=r.eql(r.mul(n,a),r.mul(i,o));return c&&u}negate(){return new C(this.X,r.neg(this.Y),this.Z)}double(){const{a:e,b:t}=a,n=r.mul(t,v),{X:o,Y:s,Z:i}=this;let c=r.ZERO,u=r.ZERO,l=r.ZERO,f=r.mul(o,o),h=r.mul(s,s),d=r.mul(i,i),p=r.mul(o,s);return p=r.add(p,p),l=r.mul(o,i),l=r.add(l,l),c=r.mul(e,l),u=r.mul(n,d),u=r.add(c,u),c=r.sub(h,u),u=r.add(h,u),u=r.mul(c,u),c=r.mul(p,c),l=r.mul(n,l),d=r.mul(e,d),p=r.sub(f,d),p=r.mul(e,p),p=r.add(p,l),l=r.add(f,f),f=r.add(l,f),f=r.add(f,d),f=r.mul(f,p),u=r.add(u,f),d=r.mul(s,i),d=r.add(d,d),f=r.mul(d,p),c=r.sub(c,f),l=r.mul(d,h),l=r.add(l,l),l=r.add(l,l),new C(c,u,l)}add(e){B(e);const{X:t,Y:n,Z:o}=this,{X:s,Y:i,Z:c}=e;let u=r.ZERO,l=r.ZERO,f=r.ZERO;const h=a.a,d=r.mul(a.b,v);let p=r.mul(t,s),y=r.mul(n,i),g=r.mul(o,c),b=r.add(t,n),m=r.add(s,i);b=r.mul(b,m),m=r.add(p,y),b=r.sub(b,m),m=r.add(t,o);let w=r.add(s,c);return m=r.mul(m,w),w=r.add(p,g),m=r.sub(m,w),w=r.add(n,o),u=r.add(i,c),w=r.mul(w,u),u=r.add(y,g),w=r.sub(w,u),f=r.mul(h,m),u=r.mul(d,g),f=r.add(u,f),u=r.sub(y,f),f=r.add(y,f),l=r.mul(u,f),y=r.add(p,p),y=r.add(y,p),g=r.mul(h,g),m=r.mul(d,m),y=r.add(y,g),g=r.sub(p,g),g=r.mul(h,g),m=r.add(m,g),p=r.mul(y,m),l=r.add(l,p),p=r.mul(w,m),u=r.mul(b,u),u=r.sub(u,p),p=r.mul(b,y),f=r.mul(w,f),f=r.add(f,p),new C(u,l,f)}subtract(e){return this.add(e.negate())}is0(){return this.equals(C.ZERO)}multiply(e){const{endo:n}=t;if(!o.isValidNot0(e))throw new Error("invalid scalar: out of range");let r,s;const a=e=>N.cached(this,e,e=>(0,i.normalizeZ)(C,e));if(n){const{k1neg:t,k1:o,k2neg:i,k2:c}=H(e),{p:u,f:l}=a(o),{p:f,f:h}=a(c);s=l.add(h),r=T(n.beta,u,f,t,i)}else{const{p:t,f:n}=a(e);r=t,s=n}return(0,i.normalizeZ)(C,[r,s])[0]}multiplyUnsafe(e){const{endo:n}=t,r=this;if(!o.isValid(e))throw new Error("invalid scalar: out of range");if(e===d||r.is0())return C.ZERO;if(e===p)return r;if(N.hasCache(this))return this.multiply(e);if(n){const{k1neg:t,k1:o,k2neg:s,k2:a}=H(e),{p1:c,p2:u}=(0,i.mulEndoUnsafe)(C,r,o,a);return T(n.beta,c,u,t,s)}return N.unsafe(r,e)}multiplyAndAddUnsafe(e,t,n){const r=this.multiplyUnsafe(t).add(e.multiplyUnsafe(n));return r.is0()?void 0:r}toAffine(e){return R(this,e)}isTorsionFree(){const{isTorsionFree:e}=t;return c===p||(e?e(C,this):N.unsafe(this,l).is0())}clearCofactor(){const{clearCofactor:e}=t;return c===p?this:e?e(C,this):this.multiplyUnsafe(c)}isSmallOrder(){return this.multiplyUnsafe(c).is0()}toBytes(e=!0){return(0,s._abool2)(e,"isCompressed"),this.assertValidity(),m(C,this,e)}toHex(e=!0){return(0,s.bytesToHex)(this.toBytes(e))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(e=!0){return this.toBytes(e)}_setWindowSize(e){this.precompute(e)}static normalizeZ(e){return(0,i.normalizeZ)(C,e)}static msm(e,t){return(0,i.pippenger)(C,o,e,t)}static fromPrivateKey(e){return C.BASE.multiply(b(o,e))}}C.BASE=new C(a.Gx,a.Gy,r.ONE),C.ZERO=new C(r.ZERO,r.ONE,r.ZERO),C.Fp=r,C.Fn=o;const k=o.BITS,N=new i.wNAF(C,t.endo?Math.ceil(k/2):k);return C.BASE.precompute(8),C}function w(e){return Uint8Array.of(e?2:3)}function E(e,t){const n=e.ORDER;let r=d;for(let e=n-p;e%y===d;e/=y)r+=p;const o=r,s=y<<o-p-p,i=s*y,a=(n-p)/i,c=(a-p)/y,u=i-p,l=s,f=e.pow(t,a),h=e.pow(t,(a+p)/y);let b=(t,n)=>{let r=f,s=e.pow(n,u),i=e.sqr(s);i=e.mul(i,n);let a=e.mul(t,i);a=e.pow(a,c),a=e.mul(a,s),s=e.mul(a,n),i=e.mul(a,t);let d=e.mul(i,s);a=e.pow(d,l);let v=e.eql(a,e.ONE);s=e.mul(i,h),a=e.mul(d,r),i=e.cmov(s,i,v),d=e.cmov(a,d,v);for(let t=o;t>p;t--){let n=t-y;n=y<<n-p;let o=e.pow(d,n);const a=e.eql(o,e.ONE);s=e.mul(i,r),r=e.mul(r,r),o=e.mul(d,r),i=e.cmov(s,i,a),d=e.cmov(o,d,a)}return{isValid:v,value:i}};if(e.ORDER%g===v){const n=(e.ORDER-v)/g,r=e.sqrt(e.neg(t));b=(t,o)=>{let s=e.sqr(o);const i=e.mul(t,o);s=e.mul(s,i);let a=e.pow(s,n);a=e.mul(a,i);const c=e.mul(a,r),u=e.mul(e.sqr(a),o),l=e.eql(u,t);return{isValid:l,value:e.cmov(c,a,l)}}}return b}function I(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function S(e,t={}){const{Fn:n}=e,r=t.randomBytes||s.randomBytes,o=Object.assign(I(e.Fp,n),{seed:(0,a.getMinHashLength)(n.ORDER)});function i(e){try{return!!b(n,e)}catch(e){return!1}}function c(e=r(o.seed)){return(0,a.mapHashToField)((0,s._abytes2)(e,o.seed,"seed"),n.ORDER)}function u(t,r=!0){return e.BASE.multiply(b(n,t)).toBytes(r)}function l(t){if("bigint"==typeof t)return!1;if(t instanceof e)return!0;const{secretKey:r,publicKey:i,publicKeyUncompressed:a}=o;if(n.allowedLengths||r===i)return;const c=(0,s.ensureBytes)("key",t).length;return c===i||c===a}const f={isValidSecretKey:i,isValidPublicKey:function(t,n){const{publicKey:r,publicKeyUncompressed:s}=o;try{const o=t.length;return!(!0===n&&o!==r||!1===n&&o!==s||!e.fromBytes(t))}catch(e){return!1}},randomSecretKey:c,isValidPrivateKey:i,randomPrivateKey:c,normPrivateKeyToScalar:e=>b(n,e),precompute:(t=8,n=e.BASE)=>n.precompute(t,!1)};return Object.freeze({getPublicKey:u,getSharedSecret:function(t,r,o=!0){if(!0===l(t))throw new Error("first arg must be private key");if(!1===l(r))throw new Error("second arg must be public key");const s=b(n,t);return e.fromHex(r).multiply(s).toBytes(o)},keygen:function(e){const t=c(e);return{secretKey:t,publicKey:u(t)}},Point:e,utils:f,lengths:o})}function A(e,n,i={}){(0,o.ahash)(n),(0,s._validateObject)(i,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});const a=i.randomBytes||s.randomBytes,c=i.hmac||((e,...t)=>(0,r.hmac)(n,e,(0,s.concatBytes)(...t))),{Fp:u,Fn:h}=e,{ORDER:v,BITS:g}=h,{keygen:m,getPublicKey:E,getSharedSecret:I,utils:A,lengths:x}=S(e,i),_={prehash:!1,lowS:"boolean"==typeof i.lowS&&i.lowS,format:void 0,extraEntropy:!1},O="compact";function B(e){return e>v>>p}function H(e,t){if(!h.isValidNot0(t))throw new Error(`invalid signature ${e}: out of range 1..Point.Fn.ORDER`);return t}class R{constructor(e,t,n){this.r=H("r",e),this.s=H("s",t),null!=n&&(this.recovery=n),Object.freeze(this)}static fromBytes(e,n=O){let r;if(function(e,t){l(t);const n=x.signature,r="compact"===t?n:"recovered"===t?n+1:void 0;(0,s._abytes2)(e,r,`${t} signature`)}(e,n),"der"===n){const{r:n,s:r}=t.DER.toSig((0,s._abytes2)(e));return new R(n,r)}"recovered"===n&&(r=e[0],n="compact",e=e.subarray(1));const o=h.BYTES,i=e.subarray(0,o),a=e.subarray(o,2*o);return new R(h.fromBytes(i),h.fromBytes(a),r)}static fromHex(e,t){return this.fromBytes((0,s.hexToBytes)(e),t)}addRecoveryBit(e){return new R(this.r,this.s,e)}recoverPublicKey(t){const n=u.ORDER,{r,s:o,recovery:i}=this;if(null==i||![0,1,2,3].includes(i))throw new Error("recovery id invalid");if(v*y<n&&i>1)throw new Error("recovery id is ambiguous for h>1 curve");const a=2===i||3===i?r+v:r;if(!u.isValid(a))throw new Error("recovery id 2 or 3 invalid");const c=u.toBytes(a),l=e.fromBytes((0,s.concatBytes)(w(!(1&i)),c)),f=h.inv(a),d=T((0,s.ensureBytes)("msgHash",t)),p=h.create(-d*f),g=h.create(o*f),b=e.BASE.multiplyUnsafe(p).add(l.multiplyUnsafe(g));if(b.is0())throw new Error("point at infinify");return b.assertValidity(),b}hasHighS(){return B(this.s)}toBytes(e=O){if(l(e),"der"===e)return(0,s.hexToBytes)(t.DER.hexFromSig(this));const n=h.toBytes(this.r),r=h.toBytes(this.s);if("recovered"===e){if(null==this.recovery)throw new Error("recovery bit must be present");return(0,s.concatBytes)(Uint8Array.of(this.recovery),n,r)}return(0,s.concatBytes)(n,r)}toHex(e){return(0,s.bytesToHex)(this.toBytes(e))}assertValidity(){}static fromCompact(e){return R.fromBytes((0,s.ensureBytes)("sig",e),"compact")}static fromDER(e){return R.fromBytes((0,s.ensureBytes)("sig",e),"der")}normalizeS(){return this.hasHighS()?new R(this.r,h.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,s.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,s.bytesToHex)(this.toBytes("compact"))}}const P=i.bits2int||function(e){if(e.length>8192)throw new Error("input is too large");const t=(0,s.bytesToNumberBE)(e),n=8*e.length-g;return n>0?t>>BigInt(n):t},T=i.bits2int_modN||function(e){return h.create(P(e))},C=(0,s.bitMask)(g);function k(e){return(0,s.aInRange)("num < 2^"+g,e,d,C),h.toBytes(e)}function N(e,t){return(0,s._abytes2)(e,void 0,"message"),t?(0,s._abytes2)(n(e),void 0,"prehashed message"):e}return Object.freeze({keygen:m,getPublicKey:E,getSharedSecret:I,utils:A,lengths:x,Point:e,sign:function(t,r,o={}){t=(0,s.ensureBytes)("message",t);const{seed:i,k2sig:u}=function(t,n,r){if(["recovered","canonical"].some(e=>e in r))throw new Error("sign() legacy options not supported");const{lowS:o,prehash:i,extraEntropy:c}=f(r,_);t=N(t,i);const u=T(t),l=b(h,n),y=[k(l),k(u)];if(null!=c&&!1!==c){const e=!0===c?a(x.secretKey):c;y.push((0,s.ensureBytes)("extraEntropy",e))}const v=(0,s.concatBytes)(...y),g=u;return{seed:v,k2sig:function(t){const n=P(t);if(!h.isValidNot0(n))return;const r=h.inv(n),s=e.BASE.multiply(n).toAffine(),i=h.create(s.x);if(i===d)return;const a=h.create(r*h.create(g+i*l));if(a===d)return;let c=(s.x===i?0:2)|Number(s.y&p),u=a;return o&&B(a)&&(u=h.neg(a),c^=1),new R(i,u,c)}}}(t,r,o);return(0,s.createHmacDrbg)(n.outputLen,h.BYTES,c)(i,u)},verify:function(n,r,o,i={}){const{lowS:a,prehash:c,format:u}=f(i,_);if(o=(0,s.ensureBytes)("publicKey",o),r=N((0,s.ensureBytes)("message",r),c),"strict"in i)throw new Error("options.strict was renamed to lowS");const l=void 0===u?function(e){let n;const r="string"==typeof e||(0,s.isBytes)(e),o=!r&&null!==e&&"object"==typeof e&&"bigint"==typeof e.r&&"bigint"==typeof e.s;if(!r&&!o)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(o)n=new R(e.r,e.s);else if(r){try{n=R.fromBytes((0,s.ensureBytes)("sig",e),"der")}catch(e){if(!(e instanceof t.DER.Err))throw e}if(!n)try{n=R.fromBytes((0,s.ensureBytes)("sig",e),"compact")}catch(e){return!1}}return n||!1}(n):R.fromBytes((0,s.ensureBytes)("sig",n),u);if(!1===l)return!1;try{const t=e.fromBytes(o);if(a&&l.hasHighS())return!1;const{r:n,s}=l,i=T(r),c=h.inv(s),u=h.create(i*c),f=h.create(n*c),d=e.BASE.multiplyUnsafe(u).add(t.multiplyUnsafe(f));return!d.is0()&&h.create(d.x)===n}catch(e){return!1}},recoverPublicKey:function(e,t,n={}){const{prehash:r}=f(n,_);return t=N(t,r),R.fromBytes(e,"recovered").recoverPublicKey(t).toBytes()},Signature:R,hash:n})}function x(e){const t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},n=e.Fp;let r=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(e=>Math.ceil(e/2)))):void 0;return{CURVE:t,curveOpts:{Fp:n,Fn:(0,a.Field)(t.n,{BITS:e.nBitLength,allowedLengths:r,modFromBytes:e.wrapPrivateKey}),allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes}}}function _(e,t,n){return function(r){const o=e.sqr(r),s=e.mul(o,r);return e.add(e.add(s,e.mul(r,t)),n)}}},54(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.p521_hasher=t.secp521r1=t.secp384r1=t.secp256r1=t.p521=t.p384_hasher=t.p384=t.p256_hasher=t.p256=void 0;const r=n(76),o=n(562),s=n(761),i=n(967),a=n(705),c={p:BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),h:BigInt(1),a:BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")},u={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"),n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),h:BigInt(1),a:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")},l={p:BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),h:BigInt(1),a:BigInt("0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")},f=(0,i.Field)(c.p),h=(0,i.Field)(u.p),d=(0,i.Field)(l.p);function p(e,t){const n=(0,a.mapToCurveSimpleSWU)(e.Fp,t);return e=>n(e[0])}t.p256=(0,o.createCurve)({...c,Fp:f,lowS:!1},r.sha256),t.p256_hasher=(0,s.createHasher)(t.p256.Point,p(t.p256.Point,{A:c.a,B:c.b,Z:t.p256.Point.Fp.create(BigInt("-10"))}),{DST:"P256_XMD:SHA-256_SSWU_RO_",encodeDST:"P256_XMD:SHA-256_SSWU_NU_",p:c.p,m:1,k:128,expand:"xmd",hash:r.sha256}),t.p384=(0,o.createCurve)({...u,Fp:h,lowS:!1},r.sha384),t.p384_hasher=(0,s.createHasher)(t.p384.Point,p(t.p384.Point,{A:u.a,B:u.b,Z:t.p384.Point.Fp.create(BigInt("-12"))}),{DST:"P384_XMD:SHA-384_SSWU_RO_",encodeDST:"P384_XMD:SHA-384_SSWU_NU_",p:u.p,m:1,k:192,expand:"xmd",hash:r.sha384}),t.p521=(0,o.createCurve)({...l,Fp:d,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},r.sha512),t.secp256r1=t.p256,t.secp384r1=t.p384,t.secp521r1=t.p521,t.p521_hasher=(0,s.createHasher)(t.p521.Point,p(t.p521.Point,{A:l.a,B:l.b,Z:t.p521.Point.Fp.create(BigInt("-4"))}),{DST:"P521_XMD:SHA-512_SSWU_RO_",encodeDST:"P521_XMD:SHA-512_SSWU_NU_",p:l.p,m:1,k:256,expand:"xmd",hash:r.sha512})},897(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.encodeToCurve=t.hashToCurve=t.secp256r1=t.p256=void 0;const r=n(54);t.p256=r.p256,t.secp256r1=r.p256,t.hashToCurve=r.p256_hasher.hashToCurve,t.encodeToCurve=r.p256_hasher.encodeToCurve},627(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.notImplemented=t.bitMask=t.utf8ToBytes=t.randomBytes=t.isBytes=t.hexToBytes=t.concatBytes=t.bytesToUtf8=t.bytesToHex=t.anumber=t.abytes=void 0,t.abool=function(e,t){if("boolean"!=typeof t)throw new Error(e+" boolean expected, got "+t)},t._abool2=function(e,t=""){if("boolean"!=typeof e)throw new Error((t&&`"${t}"`)+"expected boolean, got type="+typeof e);return e},t._abytes2=function(e,t,n=""){const o=(0,r.isBytes)(e),s=e?.length,i=void 0!==t;if(!o||i&&s!==t)throw new Error((n&&`"${n}" `)+"expected Uint8Array"+(i?` of length ${t}`:"")+", got "+(o?`length=${s}`:"type="+typeof e));return e},t.numberToHexUnpadded=a,t.hexToNumber=c,t.bytesToNumberBE=function(e){return c((0,r.bytesToHex)(e))},t.bytesToNumberLE=function(e){return(0,r.abytes)(e),c((0,r.bytesToHex)(Uint8Array.from(e).reverse()))},t.numberToBytesBE=u,t.numberToBytesLE=function(e,t){return u(e,t).reverse()},t.numberToVarBytesBE=function(e){return(0,r.hexToBytes)(a(e))},t.ensureBytes=function(e,t,n){let o;if("string"==typeof t)try{o=(0,r.hexToBytes)(t)}catch(t){throw new Error(e+" must be hex string or Uint8Array, cause: "+t)}else{if(!(0,r.isBytes)(t))throw new Error(e+" must be hex string or Uint8Array");o=Uint8Array.from(t)}const s=o.length;if("number"==typeof n&&s!==n)throw new Error(e+" of length "+n+" expected, got "+s);return o},t.equalBytes=function(e,t){if(e.length!==t.length)return!1;let n=0;for(let r=0;r<e.length;r++)n|=e[r]^t[r];return 0===n},t.copyBytes=function(e){return Uint8Array.from(e)},t.asciiToBytes=function(e){return Uint8Array.from(e,(t,n)=>{const r=t.charCodeAt(0);if(1!==t.length||r>127)throw new Error(`string contains non-ASCII character "${e[n]}" with code ${r} at position ${n}`);return r})},t.inRange=f,t.aInRange=function(e,t,n,r){if(!f(t,n,r))throw new Error("expected valid "+e+": "+n+" <= n < "+r+", got "+t)},t.bitLen=function(e){let t;for(t=0;e>s;e>>=i,t+=1);return t},t.bitGet=function(e,t){return e>>BigInt(t)&i},t.bitSet=function(e,t,n){return e|(n?i:s)<<BigInt(t)},t.createHmacDrbg=function(e,t,n){if("number"!=typeof e||e<2)throw new Error("hashLen must be a number");if("number"!=typeof t||t<2)throw new Error("qByteLen must be a number");if("function"!=typeof n)throw new Error("hmacFn must be a function");const o=e=>new Uint8Array(e),s=e=>Uint8Array.of(e);let i=o(e),a=o(e),c=0;const u=()=>{i.fill(1),a.fill(0),c=0},l=(...e)=>n(a,i,...e),f=(e=o(0))=>{a=l(s(0),e),i=l(),0!==e.length&&(a=l(s(1),e),i=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let e=0;const n=[];for(;e<t;){i=l();const t=i.slice();n.push(t),e+=i.length}return(0,r.concatBytes)(...n)};return(e,t)=>{let n;for(u(),f(e);!(n=t(h()));)f();return u(),n}},t.validateObject=function(e,t,n={}){const r=(t,n,r)=>{const o=h[n];if("function"!=typeof o)throw new Error("invalid validator function");const s=e[t];if(!(r&&void 0===s||o(s,e)))throw new Error("param "+String(t)+" is invalid. Expected "+n+", got "+s)};for(const[e,n]of Object.entries(t))r(e,n,!1);for(const[e,t]of Object.entries(n))r(e,t,!0);return e},t.isHash=function(e){return"function"==typeof e&&Number.isSafeInteger(e.outputLen)},t._validateObject=function(e,t,n={}){if(!e||"object"!=typeof e)throw new Error("expected valid options object");function r(t,n,r){const o=e[t];if(r&&void 0===o)return;const s=typeof o;if(s!==n||null===o)throw new Error(`param "${t}" is invalid: expected ${n}, got ${s}`)}Object.entries(t).forEach(([e,t])=>r(e,t,!1)),Object.entries(n).forEach(([e,t])=>r(e,t,!0))},t.memoized=function(e){const t=new WeakMap;return(n,...r)=>{const o=t.get(n);if(void 0!==o)return o;const s=e(n,...r);return t.set(n,s),s}};const r=n(175);var o=n(175);Object.defineProperty(t,"abytes",{enumerable:!0,get:function(){return o.abytes}}),Object.defineProperty(t,"anumber",{enumerable:!0,get:function(){return o.anumber}}),Object.defineProperty(t,"bytesToHex",{enumerable:!0,get:function(){return o.bytesToHex}}),Object.defineProperty(t,"bytesToUtf8",{enumerable:!0,get:function(){return o.bytesToUtf8}}),Object.defineProperty(t,"concatBytes",{enumerable:!0,get:function(){return o.concatBytes}}),Object.defineProperty(t,"hexToBytes",{enumerable:!0,get:function(){return o.hexToBytes}}),Object.defineProperty(t,"isBytes",{enumerable:!0,get:function(){return o.isBytes}}),Object.defineProperty(t,"randomBytes",{enumerable:!0,get:function(){return o.randomBytes}}),Object.defineProperty(t,"utf8ToBytes",{enumerable:!0,get:function(){return o.utf8ToBytes}});const s=BigInt(0),i=BigInt(1);function a(e){const t=e.toString(16);return 1&t.length?"0"+t:t}function c(e){if("string"!=typeof e)throw new Error("hex string expected, got "+typeof e);return""===e?s:BigInt("0x"+e)}function u(e,t){return(0,r.hexToBytes)(e.toString(16).padStart(2*t,"0"))}const l=e=>"bigint"==typeof e&&s<=e;function f(e,t,n){return l(e)&&l(t)&&l(n)&&t<=e&&e<n}t.bitMask=e=>(i<<BigInt(e))-i;const h={bigint:e=>"bigint"==typeof e,function:e=>"function"==typeof e,boolean:e=>"boolean"==typeof e,string:e=>"string"==typeof e,stringOrUint8Array:e=>"string"==typeof e||(0,r.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>"function"==typeof e&&Number.isSafeInteger(e.outputLen)};t.notImplemented=()=>{throw new Error("not implemented")}},202(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.SHA512_IV=t.SHA384_IV=t.SHA224_IV=t.SHA256_IV=t.HashMD=void 0,t.setBigUint64=o,t.Chi=function(e,t,n){return e&t^~e&n},t.Maj=function(e,t,n){return e&t^e&n^t&n};const r=n(175);function o(e,t,n,r){if("function"==typeof e.setBigUint64)return e.setBigUint64(t,n,r);const o=BigInt(32),s=BigInt(4294967295),i=Number(n>>o&s),a=Number(n&s),c=r?4:0,u=r?0:4;e.setUint32(t+c,i,r),e.setUint32(t+u,a,r)}class s extends r.Hash{constructor(e,t,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=e,this.outputLen=t,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(e),this.view=(0,r.createView)(this.buffer)}update(e){(0,r.aexists)(this),e=(0,r.toBytes)(e),(0,r.abytes)(e);const{view:t,buffer:n,blockLen:o}=this,s=e.length;for(let i=0;i<s;){const a=Math.min(o-this.pos,s-i);if(a===o){const t=(0,r.createView)(e);for(;o<=s-i;i+=o)this.process(t,i);continue}n.set(e.subarray(i,i+a),this.pos),this.pos+=a,i+=a,this.pos===o&&(this.process(t,0),this.pos=0)}return this.length+=e.length,this.roundClean(),this}digestInto(e){(0,r.aexists)(this),(0,r.aoutput)(e,this),this.finished=!0;const{buffer:t,view:n,blockLen:s,isLE:i}=this;let{pos:a}=this;t[a++]=128,(0,r.clean)(this.buffer.subarray(a)),this.padOffset>s-a&&(this.process(n,0),a=0);for(let e=a;e<s;e++)t[e]=0;o(n,s-8,BigInt(8*this.length),i),this.process(n,0);const c=(0,r.createView)(e),u=this.outputLen;if(u%4)throw new Error("_sha2: outputLen should be aligned to 32bit");const l=u/4,f=this.get();if(l>f.length)throw new Error("_sha2: outputLen bigger than state");for(let e=0;e<l;e++)c.setUint32(4*e,f[e],i)}digest(){const{buffer:e,outputLen:t}=this;this.digestInto(e);const n=e.slice(0,t);return this.destroy(),n}_cloneInto(e){e||(e=new this.constructor),e.set(...this.get());const{blockLen:t,buffer:n,length:r,finished:o,destroyed:s,pos:i}=this;return e.destroyed=s,e.finished=o,e.length=r,e.pos=i,r%t&&e.buffer.set(n),e}clone(){return this._cloneInto()}}t.HashMD=s,t.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),t.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]),t.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]),t.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])},318(e,t){Object.defineProperty(t,"__esModule",{value:!0}),t.toBig=t.shrSL=t.shrSH=t.rotrSL=t.rotrSH=t.rotrBL=t.rotrBH=t.rotr32L=t.rotr32H=t.rotlSL=t.rotlSH=t.rotlBL=t.rotlBH=t.add5L=t.add5H=t.add4L=t.add4H=t.add3L=t.add3H=void 0,t.add=m,t.fromBig=o,t.split=s;const n=BigInt(2**32-1),r=BigInt(32);function o(e,t=!1){return t?{h:Number(e&n),l:Number(e>>r&n)}:{h:0|Number(e>>r&n),l:0|Number(e&n)}}function s(e,t=!1){const n=e.length;let r=new Uint32Array(n),s=new Uint32Array(n);for(let i=0;i<n;i++){const{h:n,l:a}=o(e[i],t);[r[i],s[i]]=[n,a]}return[r,s]}const i=(e,t)=>BigInt(e>>>0)<<r|BigInt(t>>>0);t.toBig=i;const a=(e,t,n)=>e>>>n;t.shrSH=a;const c=(e,t,n)=>e<<32-n|t>>>n;t.shrSL=c;const u=(e,t,n)=>e>>>n|t<<32-n;t.rotrSH=u;const l=(e,t,n)=>e<<32-n|t>>>n;t.rotrSL=l;const f=(e,t,n)=>e<<64-n|t>>>n-32;t.rotrBH=f;const h=(e,t,n)=>e>>>n-32|t<<64-n;t.rotrBL=h;const d=(e,t)=>t;t.rotr32H=d;const p=(e,t)=>e;t.rotr32L=p;const y=(e,t,n)=>e<<n|t>>>32-n;t.rotlSH=y;const v=(e,t,n)=>t<<n|e>>>32-n;t.rotlSL=v;const g=(e,t,n)=>t<<n-32|e>>>64-n;t.rotlBH=g;const b=(e,t,n)=>e<<n-32|t>>>64-n;function m(e,t,n,r){const o=(t>>>0)+(r>>>0);return{h:e+n+(o/2**32|0)|0,l:0|o}}t.rotlBL=b;const w=(e,t,n)=>(e>>>0)+(t>>>0)+(n>>>0);t.add3L=w;const E=(e,t,n,r)=>t+n+r+(e/2**32|0)|0;t.add3H=E;const I=(e,t,n,r)=>(e>>>0)+(t>>>0)+(n>>>0)+(r>>>0);t.add4L=I;const S=(e,t,n,r,o)=>t+n+r+o+(e/2**32|0)|0;t.add4H=S;const A=(e,t,n,r,o)=>(e>>>0)+(t>>>0)+(n>>>0)+(r>>>0)+(o>>>0);t.add5L=A;const x=(e,t,n,r,o,s)=>t+n+r+o+s+(e/2**32|0)|0;t.add5H=x;const _={fromBig:o,split:s,toBig:i,shrSH:a,shrSL:c,rotrSH:u,rotrSL:l,rotrBH:f,rotrBL:h,rotr32H:d,rotr32L:p,rotlSH:y,rotlSL:v,rotlBH:g,rotlBL:b,add:m,add3L:w,add3H:E,add4L:I,add4H:S,add5H:x,add5L:A};t.default=_},145(e,t){Object.defineProperty(t,"__esModule",{value:!0}),t.crypto=void 0,t.crypto="object"==typeof globalThis&&"crypto"in globalThis?globalThis.crypto:void 0},615(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.hmac=t.HMAC=void 0;const r=n(175);class o extends r.Hash{constructor(e,t){super(),this.finished=!1,this.destroyed=!1,(0,r.ahash)(e);const n=(0,r.toBytes)(t);if(this.iHash=e.create(),"function"!=typeof this.iHash.update)throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?e.create().update(n).digest():n);for(let e=0;e<s.length;e++)s[e]^=54;this.iHash.update(s),this.oHash=e.create();for(let e=0;e<s.length;e++)s[e]^=106;this.oHash.update(s),(0,r.clean)(s)}update(e){return(0,r.aexists)(this),this.iHash.update(e),this}digestInto(e){(0,r.aexists)(this),(0,r.abytes)(e,this.outputLen),this.finished=!0,this.iHash.digestInto(e),this.oHash.update(e),this.oHash.digestInto(e),this.destroy()}digest(){const e=new Uint8Array(this.oHash.outputLen);return this.digestInto(e),e}_cloneInto(e){e||(e=Object.create(Object.getPrototypeOf(this),{}));const{oHash:t,iHash:n,finished:r,destroyed:o,blockLen:s,outputLen:i}=this;return e.finished=r,e.destroyed=o,e.blockLen=s,e.outputLen=i,e.oHash=t._cloneInto(e.oHash),e.iHash=n._cloneInto(e.iHash),e}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}}t.HMAC=o,t.hmac=(e,t,n)=>new o(e,t).update(n).digest(),t.hmac.create=(e,t)=>new o(e,t)},76(e,t,n){Object.defineProperty(t,"__esModule",{value:!0}),t.sha512_224=t.sha512_256=t.sha384=t.sha512=t.sha224=t.sha256=t.SHA512_256=t.SHA512_224=t.SHA384=t.SHA512=t.SHA224=t.SHA256=void 0;const r=n(202),o=n(318),s=n(175),i=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),a=new Uint3