gun-es
Version:
ES version of GunJS Database
1,481 lines • 59.8 kB
JavaScript
const ut = typeof globalThis == "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
function Re(e) {
return e instanceof Uint8Array || ArrayBuffer.isView(e) && e.constructor.name === "Uint8Array";
}
function Mt(e) {
if (!Number.isSafeInteger(e) || e < 0)
throw new Error("positive integer expected, got " + e);
}
function Bt(e, ...n) {
if (!Re(e))
throw new Error("Uint8Array expected");
if (n.length > 0 && !n.includes(e.length))
throw new Error("Uint8Array expected of length " + n + ", got length=" + e.length);
}
function ke(e) {
if (typeof e != "function" || typeof e.create != "function")
throw new Error("Hash should be wrapped by utils.createHasher");
Mt(e.outputLen), Mt(e.blockLen);
}
function Nt(e, n = !0) {
if (e.destroyed)
throw new Error("Hash instance has been destroyed");
if (n && e.finished)
throw new Error("Hash#digest() has already been called");
}
function ze(e, n) {
Bt(e);
const t = n.outputLen;
if (e.length < t)
throw new Error("digestInto() expects output buffer of length at least " + t);
}
function gt(...e) {
for (let n = 0; n < e.length; n++)
e[n].fill(0);
}
function _t(e) {
return new DataView(e.buffer, e.byteOffset, e.byteLength);
}
function Y(e, n) {
return e << 32 - n | e >>> n;
}
function Ze(e) {
if (typeof e != "string")
throw new Error("string expected");
return new Uint8Array(new TextEncoder().encode(e));
}
function Wt(e) {
return typeof e == "string" && (e = Ze(e)), Bt(e), e;
}
function Ve(...e) {
let n = 0;
for (let r = 0; r < e.length; r++) {
const o = e[r];
Bt(o), n += o.length;
}
const t = new Uint8Array(n);
for (let r = 0, o = 0; r < e.length; r++) {
const i = e[r];
t.set(i, o), o += i.length;
}
return t;
}
class we {
}
function Pt(e) {
const n = (r) => e().update(Wt(r)).digest(), t = e();
return n.outputLen = t.outputLen, n.blockLen = t.blockLen, n.create = () => e(), n;
}
function Ke(e = 32) {
if (ut && typeof ut.getRandomValues == "function")
return ut.getRandomValues(new Uint8Array(e));
if (ut && typeof ut.randomBytes == "function")
return Uint8Array.from(ut.randomBytes(e));
throw new Error("crypto.getRandomValues must be defined");
}
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const $t = /* @__PURE__ */ BigInt(0), Ft = /* @__PURE__ */ BigInt(1);
function wt(e) {
return e instanceof Uint8Array || ArrayBuffer.isView(e) && e.constructor.name === "Uint8Array";
}
function Xt(e) {
if (!wt(e))
throw new Error("Uint8Array expected");
}
function yt(e, n) {
if (typeof n != "boolean")
throw new Error(e + " boolean expected, got " + n);
}
function vt(e) {
const n = e.toString(16);
return n.length & 1 ? "0" + n : n;
}
function xe(e) {
if (typeof e != "string")
throw new Error("hex string expected, got " + typeof e);
return e === "" ? $t : BigInt("0x" + e);
}
const pe = (
// @ts-ignore
typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function"
), Me = /* @__PURE__ */ Array.from({ length: 256 }, (e, n) => n.toString(16).padStart(2, "0"));
function mt(e) {
if (Xt(e), pe)
return e.toHex();
let n = "";
for (let t = 0; t < e.length; t++)
n += Me[e[t]];
return n;
}
const P = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
function ee(e) {
if (e >= P._0 && e <= P._9)
return e - P._0;
if (e >= P.A && e <= P.F)
return e - (P.A - 10);
if (e >= P.a && e <= P.f)
return e - (P.a - 10);
}
function Ut(e) {
if (typeof e != "string")
throw new Error("hex string expected, got " + typeof e);
if (pe)
return Uint8Array.fromHex(e);
const n = e.length, t = n / 2;
if (n % 2)
throw new Error("hex string expected, got unpadded hex of length " + n);
const r = new Uint8Array(t);
for (let o = 0, i = 0; o < t; o++, i += 2) {
const f = ee(e.charCodeAt(i)), c = ee(e.charCodeAt(i + 1));
if (f === void 0 || c === void 0) {
const s = e[i] + e[i + 1];
throw new Error('hex string expected, got non-hex character "' + s + '" at index ' + i);
}
r[o] = f * 16 + c;
}
return r;
}
function ft(e) {
return xe(mt(e));
}
function ye(e) {
return Xt(e), xe(mt(Uint8Array.from(e).reverse()));
}
function Et(e, n) {
return Ut(e.toString(16).padStart(n * 2, "0"));
}
function me(e, n) {
return Et(e, n).reverse();
}
function j(e, n, t) {
let r;
if (typeof n == "string")
try {
r = Ut(n);
} catch (i) {
throw new Error(e + " must be hex string or Uint8Array, cause: " + i);
}
else if (wt(n))
r = Uint8Array.from(n);
else
throw new Error(e + " must be hex string or Uint8Array");
const o = r.length;
if (typeof t == "number" && o !== t)
throw new Error(e + " of length " + t + " expected, got " + o);
return r;
}
function Lt(...e) {
let n = 0;
for (let r = 0; r < e.length; r++) {
const o = e[r];
Xt(o), n += o.length;
}
const t = new Uint8Array(n);
for (let r = 0, o = 0; r < e.length; r++) {
const i = e[r];
t.set(i, o), o += i.length;
}
return t;
}
const Rt = (e) => typeof e == "bigint" && $t <= e;
function Jt(e, n, t) {
return Rt(e) && Rt(n) && Rt(t) && n <= e && e < t;
}
function bt(e, n, t, r) {
if (!Jt(n, t, r))
throw new Error("expected valid " + e + ": " + t + " <= n < " + r + ", got " + n);
}
function Fe(e) {
let n;
for (n = 0; e > $t; e >>= Ft, n += 1)
;
return n;
}
const Ot = (e) => (Ft << BigInt(e)) - Ft, kt = (e) => new Uint8Array(e), ne = (e) => Uint8Array.from(e);
function Ge(e, n, t) {
if (typeof e != "number" || e < 2)
throw new Error("hashLen must be a number");
if (typeof n != "number" || n < 2)
throw new Error("qByteLen must be a number");
if (typeof t != "function")
throw new Error("hmacFn must be a function");
let r = kt(e), o = kt(e), i = 0;
const f = () => {
r.fill(1), o.fill(0), i = 0;
}, c = (...d) => t(o, r, ...d), s = (d = kt(0)) => {
o = c(ne([0]), d), r = c(), d.length !== 0 && (o = c(ne([1]), d), r = c());
}, l = () => {
if (i++ >= 1e3)
throw new Error("drbg: tried 1000 values");
let d = 0;
const u = [];
for (; d < n; ) {
r = c();
const m = r.slice();
u.push(m), d += r.length;
}
return Lt(...u);
};
return (d, u) => {
f(), s(d);
let m;
for (; !(m = u(l())); )
s();
return f(), m;
};
}
const De = {
bigint: (e) => typeof e == "bigint",
function: (e) => typeof e == "function",
boolean: (e) => typeof e == "boolean",
string: (e) => typeof e == "string",
stringOrUint8Array: (e) => typeof e == "string" || wt(e),
isSafeInteger: (e) => Number.isSafeInteger(e),
array: (e) => Array.isArray(e),
field: (e, n) => n.Fp.isValid(e),
hash: (e) => typeof e == "function" && Number.isSafeInteger(e.outputLen)
};
function qt(e, n, t = {}) {
const r = (o, i, f) => {
const c = De[i];
if (typeof c != "function")
throw new Error("invalid validator function");
const s = e[o];
if (!(f && s === void 0) && !c(s, e))
throw new Error("param " + String(o) + " is invalid. Expected " + i + ", got " + s);
};
for (const [o, i] of Object.entries(n))
r(o, i, !1);
for (const [o, i] of Object.entries(t))
r(o, i, !0);
return e;
}
function re(e) {
const n = /* @__PURE__ */ new WeakMap();
return (t, ...r) => {
const o = n.get(t);
if (o !== void 0)
return o;
const i = e(t, ...r);
return n.set(t, i), i;
};
}
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const F = BigInt(0), Z = BigInt(1), st = /* @__PURE__ */ BigInt(2), je = /* @__PURE__ */ BigInt(3), Gt = /* @__PURE__ */ BigInt(4), oe = /* @__PURE__ */ BigInt(5), ie = /* @__PURE__ */ BigInt(8);
function G(e, n) {
const t = e % n;
return t >= F ? t : n + t;
}
function Dt(e, n) {
if (e === F)
throw new Error("invert: expected non-zero number");
if (n <= F)
throw new Error("invert: expected positive modulus, got " + n);
let t = G(e, n), r = n, o = F, i = Z;
for (; t !== F; ) {
const c = r / t, s = r % t, l = o - i * c;
r = t, t = s, o = i, i = l;
}
if (r !== Z)
throw new Error("invert: does not exist");
return G(o, n);
}
function Ye(e) {
let n = e - Z, t = 0;
for (; n % st === F; )
n /= st, t++;
let r = st;
const o = At(e);
for (; r < e && se(o, r); )
if (r++ > 1e3)
throw new Error("Cannot find square root: probably non-prime P");
if (t === 1) {
const f = (e + Z) / Gt;
return function(s, l) {
const y = s.pow(l, f);
if (!s.eql(s.sqr(y), l))
throw new Error("Cannot find square root");
return y;
};
}
const i = (n + Z) / st;
return function(c, s) {
if (!se(c, s))
throw new Error("Cannot find square root");
let l = t, y = c.pow(c.mul(c.ONE, r), n), d = c.pow(s, i), u = c.pow(s, n);
for (; !c.eql(u, c.ONE); ) {
if (c.eql(u, c.ZERO))
return c.ZERO;
let m = 1;
for (let x = c.sqr(u); m < l && !c.eql(x, c.ONE); m++)
x = c.sqr(x);
const H = c.pow(y, Z << BigInt(l - m - 1));
y = c.sqr(H), d = c.mul(d, H), u = c.mul(u, y), l = m;
}
return d;
};
}
function We(e) {
return e % Gt === je ? function(t, r) {
const o = (e + Z) / Gt, i = t.pow(r, o);
if (!t.eql(t.sqr(i), r))
throw new Error("Cannot find square root");
return i;
} : e % ie === oe ? function(t, r) {
const o = t.mul(r, st), i = (e - oe) / ie, f = t.pow(o, i), c = t.mul(r, f), s = t.mul(t.mul(c, st), f), l = t.mul(c, t.sub(s, t.ONE));
if (!t.eql(t.sqr(l), r))
throw new Error("Cannot find square root");
return l;
} : Ye(e);
}
const Pe = [
"create",
"isValid",
"is0",
"neg",
"inv",
"sqrt",
"sqr",
"eql",
"add",
"sub",
"mul",
"pow",
"div",
"addN",
"subN",
"mulN",
"sqrN"
];
function $e(e) {
const n = {
ORDER: "bigint",
MASK: "bigint",
BYTES: "isSafeInteger",
BITS: "isSafeInteger"
}, t = Pe.reduce((r, o) => (r[o] = "function", r), n);
return qt(e, t);
}
function Xe(e, n, t) {
if (t < F)
throw new Error("invalid exponent, negatives unsupported");
if (t === F)
return e.ONE;
if (t === Z)
return n;
let r = e.ONE, o = n;
for (; t > F; )
t & Z && (r = e.mul(r, o)), o = e.sqr(o), t >>= Z;
return r;
}
function Ee(e, n, t = !1) {
const r = new Array(n.length).fill(t ? e.ZERO : void 0), o = n.reduce((f, c, s) => e.is0(c) ? f : (r[s] = f, e.mul(f, c)), e.ONE), i = e.inv(o);
return n.reduceRight((f, c, s) => e.is0(c) ? f : (r[s] = e.mul(f, r[s]), e.mul(f, c)), i), r;
}
function Je(e, n) {
const t = (e.ORDER - Z) / st, r = e.pow(n, t), o = e.eql(r, e.ONE), i = e.eql(r, e.ZERO), f = e.eql(r, e.neg(e.ONE));
if (!o && !i && !f)
throw new Error("Cannot find square root: probably non-prime P");
return o ? 1 : i ? 0 : -1;
}
function se(e, n) {
const t = Je(e, n);
return t === 0 || t === 1;
}
function Be(e, n) {
n !== void 0 && Mt(n);
const t = n !== void 0 ? n : e.toString(2).length, r = Math.ceil(t / 8);
return { nBitLength: t, nByteLength: r };
}
function At(e, n, t = !1, r = {}) {
if (e <= F)
throw new Error("invalid field: expected ORDER > 0, got " + e);
const { nBitLength: o, nByteLength: i } = Be(e, n);
if (i > 2048)
throw new Error("invalid field: expected ORDER of <= 2048 bytes");
let f;
const c = Object.freeze({
ORDER: e,
isLE: t,
BITS: o,
BYTES: i,
MASK: Ot(o),
ZERO: F,
ONE: Z,
create: (s) => G(s, e),
isValid: (s) => {
if (typeof s != "bigint")
throw new Error("invalid field element: expected bigint, got " + typeof s);
return F <= s && s < e;
},
is0: (s) => s === F,
isOdd: (s) => (s & Z) === Z,
neg: (s) => G(-s, e),
eql: (s, l) => s === l,
sqr: (s) => G(s * s, e),
add: (s, l) => G(s + l, e),
sub: (s, l) => G(s - l, e),
mul: (s, l) => G(s * l, e),
pow: (s, l) => Xe(c, s, l),
div: (s, l) => G(s * Dt(l, e), e),
// Same as above, but doesn't normalize
sqrN: (s) => s * s,
addN: (s, l) => s + l,
subN: (s, l) => s - l,
mulN: (s, l) => s * l,
inv: (s) => Dt(s, e),
sqrt: r.sqrt || ((s) => (f || (f = We(e)), f(c, s))),
toBytes: (s) => t ? me(s, i) : Et(s, i),
fromBytes: (s) => {
if (s.length !== i)
throw new Error("Field.fromBytes: expected " + i + " bytes, got " + s.length);
return t ? ye(s) : ft(s);
},
// TODO: we don't need it here, move out to separate fn
invertBatch: (s) => Ee(c, s),
// We can't move this out because Fp6, Fp12 implement it
// and it's unclear what to return in there.
cmov: (s, l, y) => y ? l : s
});
return Object.freeze(c);
}
function Ae(e) {
if (typeof e != "bigint")
throw new Error("field order must be bigint");
const n = e.toString(2).length;
return Math.ceil(n / 8);
}
function ve(e) {
const n = Ae(e);
return n + Math.ceil(n / 2);
}
function Qe(e, n, t = !1) {
const r = e.length, o = Ae(n), i = ve(n);
if (r < 16 || r < i || r > 1024)
throw new Error("expected " + i + "-1024 bytes of input, got " + r);
const f = t ? ye(e) : ft(e), c = G(f, n - Z) + Z;
return t ? me(c, o) : Et(c, o);
}
function tn(e, n, t, r) {
if (typeof e.setBigUint64 == "function")
return e.setBigUint64(n, t, r);
const o = BigInt(32), i = BigInt(4294967295), f = Number(t >> o & i), c = Number(t & i), s = r ? 4 : 0, l = r ? 0 : 4;
e.setUint32(n + s, f, r), e.setUint32(n + l, c, r);
}
function en(e, n, t) {
return e & n ^ ~e & t;
}
function nn(e, n, t) {
return e & n ^ e & t ^ n & t;
}
class Se extends we {
constructor(n, t, r, o) {
super(), this.finished = !1, this.length = 0, this.pos = 0, this.destroyed = !1, this.blockLen = n, this.outputLen = t, this.padOffset = r, this.isLE = o, this.buffer = new Uint8Array(n), this.view = _t(this.buffer);
}
update(n) {
Nt(this), n = Wt(n), Bt(n);
const { view: t, buffer: r, blockLen: o } = this, i = n.length;
for (let f = 0; f < i; ) {
const c = Math.min(o - this.pos, i - f);
if (c === o) {
const s = _t(n);
for (; o <= i - f; f += o)
this.process(s, f);
continue;
}
r.set(n.subarray(f, f + c), this.pos), this.pos += c, f += c, this.pos === o && (this.process(t, 0), this.pos = 0);
}
return this.length += n.length, this.roundClean(), this;
}
digestInto(n) {
Nt(this), ze(n, this), this.finished = !0;
const { buffer: t, view: r, blockLen: o, isLE: i } = this;
let { pos: f } = this;
t[f++] = 128, gt(this.buffer.subarray(f)), this.padOffset > o - f && (this.process(r, 0), f = 0);
for (let d = f; d < o; d++)
t[d] = 0;
tn(r, o - 8, BigInt(this.length * 8), i), this.process(r, 0);
const c = _t(n), s = this.outputLen;
if (s % 4)
throw new Error("_sha2: outputLen should be aligned to 32bit");
const l = s / 4, y = this.get();
if (l > y.length)
throw new Error("_sha2: outputLen bigger than state");
for (let d = 0; d < l; d++)
c.setUint32(4 * d, y[d], i);
}
digest() {
const { buffer: n, outputLen: t } = this;
this.digestInto(n);
const r = n.slice(0, t);
return this.destroy(), r;
}
_cloneInto(n) {
n || (n = new this.constructor()), n.set(...this.get());
const { blockLen: t, buffer: r, length: o, finished: i, destroyed: f, pos: c } = this;
return n.destroyed = f, n.finished = i, n.length = o, n.pos = c, o % t && n.buffer.set(r), n;
}
clone() {
return this._cloneInto();
}
}
const tt = /* @__PURE__ */ Uint32Array.from([
1779033703,
3144134277,
1013904242,
2773480762,
1359893119,
2600822924,
528734635,
1541459225
]), k = /* @__PURE__ */ Uint32Array.from([
3418070365,
3238371032,
1654270250,
914150663,
2438529370,
812702999,
355462360,
4144912697,
1731405415,
4290775857,
2394180231,
1750603025,
3675008525,
1694076839,
1203062813,
3204075428
]), z = /* @__PURE__ */ Uint32Array.from([
1779033703,
4089235720,
3144134277,
2227873595,
1013904242,
4271175723,
2773480762,
1595750129,
1359893119,
2917565137,
2600822924,
725511199,
528734635,
4215389547,
1541459225,
327033209
]), St = /* @__PURE__ */ BigInt(2 ** 32 - 1), fe = /* @__PURE__ */ BigInt(32);
function rn(e, n = !1) {
return n ? { h: Number(e & St), l: Number(e >> fe & St) } : { h: Number(e >> fe & St) | 0, l: Number(e & St) | 0 };
}
function on(e, n = !1) {
const t = e.length;
let r = new Uint32Array(t), o = new Uint32Array(t);
for (let i = 0; i < t; i++) {
const { h: f, l: c } = rn(e[i], n);
[r[i], o[i]] = [f, c];
}
return [r, o];
}
const ce = (e, n, t) => e >>> t, ae = (e, n, t) => e << 32 - t | n >>> t, dt = (e, n, t) => e >>> t | n << 32 - t, ht = (e, n, t) => e << 32 - t | n >>> t, It = (e, n, t) => e << 64 - t | n >>> t - 32, Ht = (e, n, t) => e >>> t - 32 | n << 64 - t;
function $(e, n, t, r) {
const o = (n >>> 0) + (r >>> 0);
return { h: e + t + (o / 2 ** 32 | 0) | 0, l: o | 0 };
}
const sn = (e, n, t) => (e >>> 0) + (n >>> 0) + (t >>> 0), fn = (e, n, t, r) => n + t + r + (e / 2 ** 32 | 0) | 0, cn = (e, n, t, r) => (e >>> 0) + (n >>> 0) + (t >>> 0) + (r >>> 0), an = (e, n, t, r, o) => n + t + r + o + (e / 2 ** 32 | 0) | 0, ln = (e, n, t, r, o) => (e >>> 0) + (n >>> 0) + (t >>> 0) + (r >>> 0) + (o >>> 0), un = (e, n, t, r, o, i) => n + t + r + o + i + (e / 2 ** 32 | 0) | 0, dn = /* @__PURE__ */ Uint32Array.from([
1116352408,
1899447441,
3049323471,
3921009573,
961987163,
1508970993,
2453635748,
2870763221,
3624381080,
310598401,
607225278,
1426881987,
1925078388,
2162078206,
2614888103,
3248222580,
3835390401,
4022224774,
264347078,
604807628,
770255983,
1249150122,
1555081692,
1996064986,
2554220882,
2821834349,
2952996808,
3210313671,
3336571891,
3584528711,
113926993,
338241895,
666307205,
773529912,
1294757372,
1396182291,
1695183700,
1986661051,
2177026350,
2456956037,
2730485921,
2820302411,
3259730800,
3345764771,
3516065817,
3600352804,
4094571909,
275423344,
430227734,
506948616,
659060556,
883997877,
958139571,
1322822218,
1537002063,
1747873779,
1955562222,
2024104815,
2227730452,
2361852424,
2428436474,
2756734187,
3204031479,
3329325298
]), et = /* @__PURE__ */ new Uint32Array(64);
class hn extends Se {
constructor(n = 32) {
super(64, n, 8, !1), this.A = tt[0] | 0, this.B = tt[1] | 0, this.C = tt[2] | 0, this.D = tt[3] | 0, this.E = tt[4] | 0, this.F = tt[5] | 0, this.G = tt[6] | 0, this.H = tt[7] | 0;
}
get() {
const { A: n, B: t, C: r, D: o, E: i, F: f, G: c, H: s } = this;
return [n, t, r, o, i, f, c, s];
}
// prettier-ignore
set(n, t, r, o, i, f, c, s) {
this.A = n | 0, this.B = t | 0, this.C = r | 0, this.D = o | 0, this.E = i | 0, this.F = f | 0, this.G = c | 0, this.H = s | 0;
}
process(n, t) {
for (let d = 0; d < 16; d++, t += 4)
et[d] = n.getUint32(t, !1);
for (let d = 16; d < 64; d++) {
const u = et[d - 15], m = et[d - 2], H = Y(u, 7) ^ Y(u, 18) ^ u >>> 3, x = Y(m, 17) ^ Y(m, 19) ^ m >>> 10;
et[d] = x + et[d - 7] + H + et[d - 16] | 0;
}
let { A: r, B: o, C: i, D: f, E: c, F: s, G: l, H: y } = this;
for (let d = 0; d < 64; d++) {
const u = Y(c, 6) ^ Y(c, 11) ^ Y(c, 25), m = y + u + en(c, s, l) + dn[d] + et[d] | 0, x = (Y(r, 2) ^ Y(r, 13) ^ Y(r, 22)) + nn(r, o, i) | 0;
y = l, l = s, s = c, c = f + m | 0, f = i, i = o, o = r, r = m + x | 0;
}
r = r + this.A | 0, o = o + this.B | 0, i = i + this.C | 0, f = f + this.D | 0, c = c + this.E | 0, s = s + this.F | 0, l = l + this.G | 0, y = y + this.H | 0, this.set(r, o, i, f, c, s, l, y);
}
roundClean() {
gt(et);
}
destroy() {
this.set(0, 0, 0, 0, 0, 0, 0, 0), gt(this.buffer);
}
}
const Ie = on([
"0x428a2f98d728ae22",
"0x7137449123ef65cd",
"0xb5c0fbcfec4d3b2f",
"0xe9b5dba58189dbbc",
"0x3956c25bf348b538",
"0x59f111f1b605d019",
"0x923f82a4af194f9b",
"0xab1c5ed5da6d8118",
"0xd807aa98a3030242",
"0x12835b0145706fbe",
"0x243185be4ee4b28c",
"0x550c7dc3d5ffb4e2",
"0x72be5d74f27b896f",
"0x80deb1fe3b1696b1",
"0x9bdc06a725c71235",
"0xc19bf174cf692694",
"0xe49b69c19ef14ad2",
"0xefbe4786384f25e3",
"0x0fc19dc68b8cd5b5",
"0x240ca1cc77ac9c65",
"0x2de92c6f592b0275",
"0x4a7484aa6ea6e483",
"0x5cb0a9dcbd41fbd4",
"0x76f988da831153b5",
"0x983e5152ee66dfab",
"0xa831c66d2db43210",
"0xb00327c898fb213f",
"0xbf597fc7beef0ee4",
"0xc6e00bf33da88fc2",
"0xd5a79147930aa725",
"0x06ca6351e003826f",
"0x142929670a0e6e70",
"0x27b70a8546d22ffc",
"0x2e1b21385c26c926",
"0x4d2c6dfc5ac42aed",
"0x53380d139d95b3df",
"0x650a73548baf63de",
"0x766a0abb3c77b2a8",
"0x81c2c92e47edaee6",
"0x92722c851482353b",
"0xa2bfe8a14cf10364",
"0xa81a664bbc423001",
"0xc24b8b70d0f89791",
"0xc76c51a30654be30",
"0xd192e819d6ef5218",
"0xd69906245565a910",
"0xf40e35855771202a",
"0x106aa07032bbd1b8",
"0x19a4c116b8d2d0c8",
"0x1e376c085141ab53",
"0x2748774cdf8eeb99",
"0x34b0bcb5e19b48a8",
"0x391c0cb3c5c95a63",
"0x4ed8aa4ae3418acb",
"0x5b9cca4f7763e373",
"0x682e6ff3d6b2b8a3",
"0x748f82ee5defb2fc",
"0x78a5636f43172f60",
"0x84c87814a1f0ab72",
"0x8cc702081a6439ec",
"0x90befffa23631e28",
"0xa4506cebde82bde9",
"0xbef9a3f7b2c67915",
"0xc67178f2e372532b",
"0xca273eceea26619c",
"0xd186b8c721c0c207",
"0xeada7dd6cde0eb1e",
"0xf57d4f7fee6ed178",
"0x06f067aa72176fba",
"0x0a637dc5a2c898a6",
"0x113f9804bef90dae",
"0x1b710b35131c471b",
"0x28db77f523047d84",
"0x32caab7b40c72493",
"0x3c9ebe0a15c9bebc",
"0x431d67c49c100d4c",
"0x4cc5d4becb3e42b6",
"0x597f299cfc657e2a",
"0x5fcb6fab3ad6faec",
"0x6c44198c4a475817"
].map((e) => BigInt(e))), bn = Ie[0], gn = Ie[1], nt = /* @__PURE__ */ new Uint32Array(80), rt = /* @__PURE__ */ new Uint32Array(80);
class He extends Se {
constructor(n = 64) {
super(128, n, 16, !1), this.Ah = z[0] | 0, this.Al = z[1] | 0, this.Bh = z[2] | 0, this.Bl = z[3] | 0, this.Ch = z[4] | 0, this.Cl = z[5] | 0, this.Dh = z[6] | 0, this.Dl = z[7] | 0, this.Eh = z[8] | 0, this.El = z[9] | 0, this.Fh = z[10] | 0, this.Fl = z[11] | 0, this.Gh = z[12] | 0, this.Gl = z[13] | 0, this.Hh = z[14] | 0, this.Hl = z[15] | 0;
}
// prettier-ignore
get() {
const { Ah: n, Al: t, Bh: r, Bl: o, Ch: i, Cl: f, Dh: c, Dl: s, Eh: l, El: y, Fh: d, Fl: u, Gh: m, Gl: H, Hh: x, Hl: a } = this;
return [n, t, r, o, i, f, c, s, l, y, d, u, m, H, x, a];
}
// prettier-ignore
set(n, t, r, o, i, f, c, s, l, y, d, u, m, H, x, a) {
this.Ah = n | 0, this.Al = t | 0, this.Bh = r | 0, this.Bl = o | 0, this.Ch = i | 0, this.Cl = f | 0, this.Dh = c | 0, this.Dl = s | 0, this.Eh = l | 0, this.El = y | 0, this.Fh = d | 0, this.Fl = u | 0, this.Gh = m | 0, this.Gl = H | 0, this.Hh = x | 0, this.Hl = a | 0;
}
process(n, t) {
for (let b = 0; b < 16; b++, t += 4)
nt[b] = n.getUint32(t), rt[b] = n.getUint32(t += 4);
for (let b = 16; b < 80; b++) {
const S = nt[b - 15] | 0, N = rt[b - 15] | 0, U = dt(S, N, 1) ^ dt(S, N, 8) ^ ce(S, N, 7), A = ht(S, N, 1) ^ ht(S, N, 8) ^ ae(S, N, 7), v = nt[b - 2] | 0, E = rt[b - 2] | 0, C = dt(v, E, 19) ^ It(v, E, 61) ^ ce(v, E, 6), q = ht(v, E, 19) ^ Ht(v, E, 61) ^ ae(v, E, 6), L = cn(A, q, rt[b - 7], rt[b - 16]), R = an(L, U, C, nt[b - 7], nt[b - 16]);
nt[b] = R | 0, rt[b] = L | 0;
}
let { Ah: r, Al: o, Bh: i, Bl: f, Ch: c, Cl: s, Dh: l, Dl: y, Eh: d, El: u, Fh: m, Fl: H, Gh: x, Gl: a, Hh: g, Hl: B } = this;
for (let b = 0; b < 80; b++) {
const S = dt(d, u, 14) ^ dt(d, u, 18) ^ It(d, u, 41), N = ht(d, u, 14) ^ ht(d, u, 18) ^ Ht(d, u, 41), U = d & m ^ ~d & x, A = u & H ^ ~u & a, v = ln(B, N, A, gn[b], rt[b]), E = un(v, g, S, U, bn[b], nt[b]), C = v | 0, q = dt(r, o, 28) ^ It(r, o, 34) ^ It(r, o, 39), L = ht(r, o, 28) ^ Ht(r, o, 34) ^ Ht(r, o, 39), R = r & i ^ r & c ^ i & c, h = o & f ^ o & s ^ f & s;
g = x | 0, B = a | 0, x = m | 0, a = H | 0, m = d | 0, H = u | 0, { h: d, l: u } = $(l | 0, y | 0, E | 0, C | 0), l = c | 0, y = s | 0, c = i | 0, s = f | 0, i = r | 0, f = o | 0;
const w = sn(C, L, h);
r = fn(w, E, q, R), o = w | 0;
}
({ h: r, l: o } = $(this.Ah | 0, this.Al | 0, r | 0, o | 0)), { h: i, l: f } = $(this.Bh | 0, this.Bl | 0, i | 0, f | 0), { h: c, l: s } = $(this.Ch | 0, this.Cl | 0, c | 0, s | 0), { h: l, l: y } = $(this.Dh | 0, this.Dl | 0, l | 0, y | 0), { h: d, l: u } = $(this.Eh | 0, this.El | 0, d | 0, u | 0), { h: m, l: H } = $(this.Fh | 0, this.Fl | 0, m | 0, H | 0), { h: x, l: a } = $(this.Gh | 0, this.Gl | 0, x | 0, a | 0), { h: g, l: B } = $(this.Hh | 0, this.Hl | 0, g | 0, B | 0), this.set(r, o, i, f, c, s, l, y, d, u, m, H, x, a, g, B);
}
roundClean() {
gt(nt, rt);
}
destroy() {
gt(this.buffer), this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
}
}
class wn extends He {
constructor() {
super(48), this.Ah = k[0] | 0, this.Al = k[1] | 0, this.Bh = k[2] | 0, this.Bl = k[3] | 0, this.Ch = k[4] | 0, this.Cl = k[5] | 0, this.Dh = k[6] | 0, this.Dl = k[7] | 0, this.Eh = k[8] | 0, this.El = k[9] | 0, this.Fh = k[10] | 0, this.Fl = k[11] | 0, this.Gh = k[12] | 0, this.Gl = k[13] | 0, this.Hh = k[14] | 0, this.Hl = k[15] | 0;
}
}
const xn = /* @__PURE__ */ Pt(() => new hn()), pn = /* @__PURE__ */ Pt(() => new He()), yn = /* @__PURE__ */ Pt(() => new wn());
class Ne extends we {
constructor(n, t) {
super(), this.finished = !1, this.destroyed = !1, ke(n);
const r = Wt(t);
if (this.iHash = n.create(), typeof this.iHash.update != "function")
throw new Error("Expected instance of class which extends utils.Hash");
this.blockLen = this.iHash.blockLen, this.outputLen = this.iHash.outputLen;
const o = this.blockLen, i = new Uint8Array(o);
i.set(r.length > o ? n.create().update(r).digest() : r);
for (let f = 0; f < i.length; f++)
i[f] ^= 54;
this.iHash.update(i), this.oHash = n.create();
for (let f = 0; f < i.length; f++)
i[f] ^= 106;
this.oHash.update(i), gt(i);
}
update(n) {
return Nt(this), this.iHash.update(n), this;
}
digestInto(n) {
Nt(this), Bt(n, this.outputLen), this.finished = !0, this.iHash.digestInto(n), this.oHash.update(n), this.oHash.digestInto(n), this.destroy();
}
digest() {
const n = new Uint8Array(this.oHash.outputLen);
return this.digestInto(n), n;
}
_cloneInto(n) {
n || (n = Object.create(Object.getPrototypeOf(this), {}));
const { oHash: t, iHash: r, finished: o, destroyed: i, blockLen: f, outputLen: c } = this;
return n = n, n.finished = o, n.destroyed = i, n.blockLen = f, n.outputLen = c, n.oHash = t._cloneInto(n.oHash), n.iHash = r._cloneInto(n.iHash), n;
}
clone() {
return this._cloneInto();
}
destroy() {
this.destroyed = !0, this.oHash.destroy(), this.iHash.destroy();
}
}
const Ue = (e, n, t) => new Ne(e, n).update(t).digest();
Ue.create = (e, n) => new Ne(e, n);
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const le = BigInt(0), jt = BigInt(1);
function zt(e, n) {
const t = n.negate();
return e ? t : n;
}
function Le(e, n) {
if (!Number.isSafeInteger(e) || e <= 0 || e > n)
throw new Error("invalid window size, expected [1.." + n + "], got W=" + e);
}
function Zt(e, n) {
Le(e, n);
const t = Math.ceil(n / e) + 1, r = 2 ** (e - 1), o = 2 ** e, i = Ot(e), f = BigInt(e);
return { windows: t, windowSize: r, mask: i, maxNumber: o, shiftBy: f };
}
function ue(e, n, t) {
const { windowSize: r, mask: o, maxNumber: i, shiftBy: f } = t;
let c = Number(e & o), s = e >> f;
c > r && (c -= i, s += jt);
const l = n * r, y = l + Math.abs(c) - 1, d = c === 0, u = c < 0, m = n % 2 !== 0;
return { nextN: s, offset: y, isZero: d, isNeg: u, isNegF: m, offsetF: l };
}
function mn(e, n) {
if (!Array.isArray(e))
throw new Error("array expected");
e.forEach((t, r) => {
if (!(t instanceof n))
throw new Error("invalid point at index " + r);
});
}
function En(e, n) {
if (!Array.isArray(e))
throw new Error("array of scalars expected");
e.forEach((t, r) => {
if (!n.isValid(t))
throw new Error("invalid scalar at index " + r);
});
}
const Vt = /* @__PURE__ */ new WeakMap(), Oe = /* @__PURE__ */ new WeakMap();
function Kt(e) {
return Oe.get(e) || 1;
}
function Bn(e, n) {
return {
constTimeNegate: zt,
hasPrecomputes(t) {
return Kt(t) !== 1;
},
// non-const time multiplication ladder
unsafeLadder(t, r, o = e.ZERO) {
let i = t;
for (; r > le; )
r & jt && (o = o.add(i)), i = i.double(), r >>= jt;
return o;
},
/**
* Creates a wNAF precomputation window. Used for caching.
* Default window size is set by `utils.precompute()` and is equal to 8.
* Number of precomputed points depends on the curve size:
* 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
* - 𝑊 is the window size
* - 𝑛 is the bitlength of the curve order.
* For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
* @param elm Point instance
* @param W window size
* @returns precomputed point tables flattened to a single array
*/
precomputeWindow(t, r) {
const { windows: o, windowSize: i } = Zt(r, n), f = [];
let c = t, s = c;
for (let l = 0; l < o; l++) {
s = c, f.push(s);
for (let y = 1; y < i; y++)
s = s.add(c), f.push(s);
c = s.double();
}
return f;
},
/**
* Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
* @param W window size
* @param precomputes precomputed tables
* @param n scalar (we don't check here, but should be less than curve order)
* @returns real and fake (for const-time) points
*/
wNAF(t, r, o) {
let i = e.ZERO, f = e.BASE;
const c = Zt(t, n);
for (let s = 0; s < c.windows; s++) {
const { nextN: l, offset: y, isZero: d, isNeg: u, isNegF: m, offsetF: H } = ue(o, s, c);
o = l, d ? f = f.add(zt(m, r[H])) : i = i.add(zt(u, r[y]));
}
return { p: i, f };
},
/**
* Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
* @param W window size
* @param precomputes precomputed tables
* @param n scalar (we don't check here, but should be less than curve order)
* @param acc accumulator point to add result of multiplication
* @returns point
*/
wNAFUnsafe(t, r, o, i = e.ZERO) {
const f = Zt(t, n);
for (let c = 0; c < f.windows && o !== le; c++) {
const { nextN: s, offset: l, isZero: y, isNeg: d } = ue(o, c, f);
if (o = s, !y) {
const u = r[l];
i = i.add(d ? u.negate() : u);
}
}
return i;
},
getPrecomputes(t, r, o) {
let i = Vt.get(r);
return i || (i = this.precomputeWindow(r, t), t !== 1 && Vt.set(r, o(i))), i;
},
wNAFCached(t, r, o) {
const i = Kt(t);
return this.wNAF(i, this.getPrecomputes(i, t, o), r);
},
wNAFCachedUnsafe(t, r, o, i) {
const f = Kt(t);
return f === 1 ? this.unsafeLadder(t, r, i) : this.wNAFUnsafe(f, this.getPrecomputes(f, t, o), r, i);
},
// We calculate precomputes for elliptic curve point multiplication
// using windowed method. This specifies window size and
// stores precomputed values. Usually only base point would be precomputed.
setWindowSize(t, r) {
Le(r, n), Oe.set(t, r), Vt.delete(t);
}
};
}
function An(e, n, t, r) {
if (mn(t, e), En(r, n), t.length !== r.length)
throw new Error("arrays of points and scalars must have equal length");
const o = e.ZERO, i = Fe(BigInt(t.length)), f = i > 12 ? i - 3 : i > 4 ? i - 2 : i ? 2 : 1, c = Ot(f), s = new Array(Number(c) + 1).fill(o), l = Math.floor((n.BITS - 1) / f) * f;
let y = o;
for (let d = l; d >= 0; d -= f) {
s.fill(o);
for (let m = 0; m < r.length; m++) {
const H = r[m], x = Number(H >> BigInt(d) & c);
s[x] = s[x].add(t[m]);
}
let u = o;
for (let m = s.length - 1, H = o; m > 0; m--)
H = H.add(s[m]), u = u.add(H);
if (y = y.add(u), d !== 0)
for (let m = 0; m < f; m++)
y = y.double();
}
return y;
}
function qe(e) {
return $e(e.Fp), qt(e, {
n: "bigint",
h: "bigint",
Gx: "field",
Gy: "field"
}, {
nBitLength: "isSafeInteger",
nByteLength: "isSafeInteger"
}), Object.freeze({
...Be(e.n, e.nBitLength),
...e,
p: e.Fp.ORDER
});
}
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
function de(e) {
e.lowS !== void 0 && yt("lowS", e.lowS), e.prehash !== void 0 && yt("prehash", e.prehash);
}
function vn(e) {
const n = qe(e);
qt(n, {
a: "field",
b: "field"
}, {
allowedPrivateKeyLengths: "array",
wrapPrivateKey: "boolean",
isTorsionFree: "function",
clearCofactor: "function",
allowInfinityPoint: "boolean",
fromBytes: "function",
toBytes: "function"
});
const { endo: t, Fp: r, a: o } = n;
if (t) {
if (!r.eql(o, r.ZERO))
throw new Error("invalid endomorphism, can only be defined for Koblitz curves that have a=0");
if (typeof t != "object" || typeof t.beta != "bigint" || typeof t.splitScalar != "function")
throw new Error("invalid endomorphism, expected beta: bigint and splitScalar: function");
}
return Object.freeze({ ...n });
}
class Sn extends Error {
constructor(n = "") {
super(n);
}
}
const X = {
// asn.1 DER encoding utils
Err: Sn,
// Basic building block is TLV (Tag-Length-Value)
_tlv: {
encode: (e, n) => {
const { Err: t } = X;
if (e < 0 || e > 256)
throw new t("tlv.encode: wrong tag");
if (n.length & 1)
throw new t("tlv.encode: unpadded data");
const r = n.length / 2, o = vt(r);
if (o.length / 2 & 128)
throw new t("tlv.encode: long form length too big");
const i = r > 127 ? vt(o.length / 2 | 128) : "";
return vt(e) + i + o + n;
},
// v - value, l - left bytes (unparsed)
decode(e, n) {
const { Err: t } = X;
let r = 0;
if (e < 0 || e > 256)
throw new t("tlv.encode: wrong tag");
if (n.length < 2 || n[r++] !== e)
throw new t("tlv.decode: wrong tlv");
const o = n[r++], i = !!(o & 128);
let f = 0;
if (!i)
f = o;
else {
const s = o & 127;
if (!s)
throw new t("tlv.decode(long): indefinite length not supported");
if (s > 4)
throw new t("tlv.decode(long): byte length is too big");
const l = n.subarray(r, r + s);
if (l.length !== s)
throw new t("tlv.decode: length bytes not complete");
if (l[0] === 0)
throw new t("tlv.decode(long): zero leftmost byte");
for (const y of l)
f = f << 8 | y;
if (r += s, f < 128)
throw new t("tlv.decode(long): not minimal encoding");
}
const c = n.subarray(r, r + f);
if (c.length !== f)
throw new t("tlv.decode: wrong value length");
return { v: c, l: n.subarray(r + f) };
}
},
// https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
// since we always use positive integers here. It must always be empty:
// - add zero byte if exists
// - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
_int: {
encode(e) {
const { Err: n } = X;
if (e < J)
throw new n("integer: negative integers are not allowed");
let t = vt(e);
if (Number.parseInt(t[0], 16) & 8 && (t = "00" + t), t.length & 1)
throw new n("unexpected DER parsing assertion: unpadded hex");
return t;
},
decode(e) {
const { Err: n } = X;
if (e[0] & 128)
throw new n("invalid signature integer: negative");
if (e[0] === 0 && !(e[1] & 128))
throw new n("invalid signature integer: unnecessary leading zero");
return ft(e);
}
},
toSig(e) {
const { Err: n, _int: t, _tlv: r } = X, o = j("signature", e), { v: i, l: f } = r.decode(48, o);
if (f.length)
throw new n("invalid signature: left bytes after parsing");
const { v: c, l: s } = r.decode(2, i), { v: l, l: y } = r.decode(2, s);
if (y.length)
throw new n("invalid signature: left bytes after parsing");
return { r: t.decode(c), s: t.decode(l) };
},
hexFromSig(e) {
const { _tlv: n, _int: t } = X, r = n.encode(2, t.encode(e.r)), o = n.encode(2, t.encode(e.s)), i = r + o;
return n.encode(48, i);
}
}, J = BigInt(0), _ = BigInt(1);
BigInt(2);
const he = BigInt(3);
BigInt(4);
function In(e) {
const n = vn(e), { Fp: t } = n, r = At(n.n, n.nBitLength), o = n.toBytes || ((x, a, g) => {
const B = a.toAffine();
return Lt(Uint8Array.from([4]), t.toBytes(B.x), t.toBytes(B.y));
}), i = n.fromBytes || ((x) => {
const a = x.subarray(1), g = t.fromBytes(a.subarray(0, t.BYTES)), B = t.fromBytes(a.subarray(t.BYTES, 2 * t.BYTES));
return { x: g, y: B };
});
function f(x) {
const { a, b: g } = n, B = t.sqr(x), b = t.mul(B, x);
return t.add(t.add(b, t.mul(x, a)), g);
}
if (!t.eql(t.sqr(n.Gy), f(n.Gx)))
throw new Error("bad generator point: equation left != right");
function c(x) {
return Jt(x, _, n.n);
}
function s(x) {
const { allowedPrivateKeyLengths: a, nByteLength: g, wrapPrivateKey: B, n: b } = n;
if (a && typeof x != "bigint") {
if (wt(x) && (x = mt(x)), typeof x != "string" || !a.includes(x.length))
throw new Error("invalid private key");
x = x.padStart(g * 2, "0");
}
let S;
try {
S = typeof x == "bigint" ? x : ft(j("private key", x, g));
} catch {
throw new Error("invalid private key, expected hex or " + g + " bytes, got " + typeof x);
}
return B && (S = G(S, b)), bt("private key", S, _, b), S;
}
function l(x) {
if (!(x instanceof u))
throw new Error("ProjectivePoint expected");
}
const y = re((x, a) => {
const { px: g, py: B, pz: b } = x;
if (t.eql(b, t.ONE))
return { x: g, y: B };
const S = x.is0();
a == null && (a = S ? t.ONE : t.inv(b));
const N = t.mul(g, a), U = t.mul(B, a), A = t.mul(b, a);
if (S)
return { x: t.ZERO, y: t.ZERO };
if (!t.eql(A, t.ONE))
throw new Error("invZ was invalid");
return { x: N, y: U };
}), d = re((x) => {
if (x.is0()) {
if (n.allowInfinityPoint && !t.is0(x.py))
return;
throw new Error("bad point: ZERO");
}
const { x: a, y: g } = x.toAffine();
if (!t.isValid(a) || !t.isValid(g))
throw new Error("bad point: x or y not FE");
const B = t.sqr(g), b = f(a);
if (!t.eql(B, b))
throw new Error("bad point: equation left != right");
if (!x.isTorsionFree())
throw new Error("bad point: not in prime-order subgroup");
return !0;
});
class u {
constructor(a, g, B) {
if (a == null || !t.isValid(a))
throw new Error("x required");
if (g == null || !t.isValid(g) || t.is0(g))
throw new Error("y required");
if (B == null || !t.isValid(B))
throw new Error("z required");
this.px = a, this.py = g, this.pz = B, Object.freeze(this);
}
// Does not validate if the point is on-curve.
// Use fromHex instead, or call assertValidity() later.
static fromAffine(a) {
const { x: g, y: B } = a || {};
if (!a || !t.isValid(g) || !t.isValid(B))
throw new Error("invalid affine point");
if (a instanceof u)
throw new Error("projective point not allowed");
const b = (S) => t.eql(S, t.ZERO);
return b(g) && b(B) ? u.ZERO : new u(g, B, t.ONE);
}
get x() {
return this.toAffine().x;
}
get y() {
return this.toAffine().y;
}
/**
* Takes a bunch of Projective Points but executes only one
* inversion on all of them. Inversion is very slow operation,
* so this improves performance massively.
* Optimization: converts a list of projective points to a list of identical points with Z=1.
*/
static normalizeZ(a) {
const g = Ee(t, a.map((B) => B.pz));
return a.map((B, b) => B.toAffine(g[b])).map(u.fromAffine);
}
/**
* Converts hash string or Uint8Array to Point.
* @param hex short/long ECDSA hex
*/
static fromHex(a) {
const g = u.fromAffine(i(j("pointHex", a)));
return g.assertValidity(), g;
}
// Multiplies generator point by privateKey.
static fromPrivateKey(a) {
return u.BASE.multiply(s(a));
}
// Multiscalar Multiplication
static msm(a, g) {
return An(u, r, a, g);
}
// "Private method", don't use it directly
_setWindowSize(a) {
H.setWindowSize(this, a);
}
// A point on curve is valid if it conforms to equation.
assertValidity() {
d(this);
}
hasEvenY() {
const { y: a } = this.toAffine();
if (t.isOdd)
return !t.isOdd(a);
throw new Error("Field doesn't support isOdd");
}
/**
* Compare one point to another.
*/
equals(a) {
l(a);
const { px: g, py: B, pz: b } = this, { px: S, py: N, pz: U } = a, A = t.eql(t.mul(g, U), t.mul(S, b)), v = t.eql(t.mul(B, U), t.mul(N, b));
return A && v;
}
/**
* Flips point to one corresponding to (x, -y) in Affine coordinates.
*/
negate() {
return new u(this.px, t.neg(this.py), this.pz);
}
// Renes-Costello-Batina exception-free doubling formula.
// There is 30% faster Jacobian formula, but it is not complete.
// https://eprint.iacr.org/2015/1060, algorithm 3
// Cost: 8M + 3S + 3*a + 2*b3 + 15add.
double() {
const { a, b: g } = n, B = t.mul(g, he), { px: b, py: S, pz: N } = this;
let U = t.ZERO, A = t.ZERO, v = t.ZERO, E = t.mul(b, b), C = t.mul(S, S), q = t.mul(N, N), L = t.mul(b, S);
return L = t.add(L, L), v = t.mul(b, N), v = t.add(v, v), U = t.mul(a, v), A = t.mul(B, q), A = t.add(U, A), U = t.sub(C, A), A = t.add(C, A), A = t.mul(U, A), U = t.mul(L, U), v = t.mul(B, v), q = t.mul(a, q), L = t.sub(E, q), L = t.mul(a, L), L = t.add(L, v), v = t.add(E, E), E = t.add(v, E), E = t.add(E, q), E = t.mul(E, L), A = t.add(A, E), q = t.mul(S, N), q = t.add(q, q), E = t.mul(q, L), U = t.sub(U, E), v = t.mul(q, C), v = t.add(v, v), v = t.add(v, v), new u(U, A, v);
}
// Renes-Costello-Batina exception-free addition formula.
// There is 30% faster Jacobian formula, but it is not complete.
// https://eprint.iacr.org/2015/1060, algorithm 1
// Cost: 12M + 0S + 3*a + 3*b3 + 23add.
add(a) {
l(a);
const { px: g, py: B, pz: b } = this, { px: S, py: N, pz: U } = a;
let A = t.ZERO, v = t.ZERO, E = t.ZERO;
const C = n.a, q = t.mul(n.b, he);
let L = t.mul(g, S), R = t.mul(B, N), h = t.mul(b, U), w = t.add(g, B), p = t.add(S, N);
w = t.mul(w, p), p = t.add(L, R), w = t.sub(w, p), p = t.add(g, b);
let I = t.add(S, U);
return p = t.mul(p, I), I = t.add(L, h), p = t.sub(p, I), I = t.add(B, b), A = t.add(N, U), I = t.mul(I, A), A = t.add(R, h), I = t.sub(I, A), E = t.mul(C, p), A = t.mul(q, h), E = t.add(A, E), A = t.sub(R, E), E = t.add(R, E), v = t.mul(A, E), R = t.add(L, L), R = t.add(R, L), h = t.mul(C, h), p = t.mul(q, p), R = t.add(R, h), h = t.sub(L, h), h = t.mul(C, h), p = t.add(p, h), L = t.mul(R, p), v = t.add(v, L), L = t.mul(I, p), A = t.mul(w, A), A = t.sub(A, L), L = t.mul(w, R), E = t.mul(I, E), E = t.add(E, L), new u(A, v, E);
}
subtract(a) {
return this.add(a.negate());
}
is0() {
return this.equals(u.ZERO);
}
wNAF(a) {
return H.wNAFCached(this, a, u.normalizeZ);
}
/**
* Non-constant-time multiplication. Uses double-and-add algorithm.
* It's faster, but should only be used when you don't care about
* an exposed private key e.g. sig verification, which works over *public* keys.
*/
multiplyUnsafe(a) {
const { endo: g, n: B } = n;
bt("scalar", a, J, B);
const b = u.ZERO;
if (a === J)
return b;
if (this.is0() || a === _)
return this;
if (!g || H.hasPrecomputes(this))
return H.wNAFCachedUnsafe(this, a, u.normalizeZ);
let { k1neg: S, k1: N, k2neg: U, k2: A } = g.splitScalar(a), v = b, E = b, C = this;
for (; N > J || A > J; )
N & _ && (v = v.add(C)), A & _ && (E = E.add(C)), C = C.double(), N >>= _, A >>= _;
return S && (v = v.negate()), U && (E = E.negate()), E = new u(t.mul(E.px, g.beta), E.py, E.pz), v.add(E);
}
/**
* Constant time multiplication.
* Uses wNAF method. Windowed method may be 10% faster,
* but takes 2x longer to generate and consumes 2x memory.
* Uses precomputes when available.
* Uses endomorphism for Koblitz curves.
* @param scalar by which the point would be multiplied
* @returns New point
*/
multiply(a) {
const { endo: g, n: B } = n;
bt("scalar", a, _, B);
let b, S;
if (g) {
const { k1neg: N, k1: U, k2neg: A, k2: v } = g.splitScalar(a);
let { p: E, f: C } = this.wNAF(U), { p: q, f: L } = this.wNAF(v);
E = H.constTimeNegate(N, E), q = H.constTimeNegate(A, q), q = new u(t.mul(q.px, g.beta), q.py, q.pz), b = E.add(q), S = C.add(L);
} else {
const { p: N, f: U } = this.wNAF(a);
b = N, S = U;
}
return u.normalizeZ([b, S])[0];
}
/**
* Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.
* Not using Strauss-Shamir trick: precomputation tables are faster.
* The trick could be useful if both P and Q are not G (not in our case).
* @returns non-zero affine point
*/
multiplyAndAddUnsafe(a, g, B) {
const b = u.BASE, S = (U, A) => A === J || A === _ || !U.equals(b) ? U.multiplyUnsafe(A) : U.multiply(A), N = S(this, g).add(S(a, B));
return N.is0() ? void 0 : N;
}
// Converts Projective point to affine (x, y) coordinates.
// Can accept precomputed Z^-1 - for example, from invertBatch.
// (x, y, z) ∋ (x=x/z, y=y/z)
toAffine(a) {
return y(this, a);
}
isTorsionFree() {
const { h: a, isTorsionFree: g } = n;
if (a === _)
return !0;
if (g)
return g(u, this);
throw new Error("isTorsionFree() has not been declared for the elliptic curve");
}
clearCofactor() {
const { h: a, clearCofactor: g } = n;
return a === _ ? this : g ? g(u, this) : this.multiplyUnsafe(n.h);
}
toRawBytes(a = !0) {
return yt("isCompressed", a), this.assertValidity(), o(u, this, a);
}
toHex(a = !0) {
return yt("isCompressed", a), mt(this.toRawBytes(a));
}
}
u.BASE = new u(n.Gx, n.Gy, t.ONE), u.ZERO = new u(t.ZERO, t.ONE, t.ZERO);
const m = n.nBitLength, H = Bn(u, n.endo ? Math.ceil(m / 2) : m);
return {
CURVE: n,
ProjectivePoint: u,
normPrivateKeyToScalar: s,
weierstrassEquation: f,
isWithinCurveOrder: c
};
}
function Hn(e) {
const n = qe(e);
return qt(n, {
hash: "hash",
hmac: "function",
randomBytes: "function"
}, {
bits2int: "function",
bits2int_modN: "function",
lowS: "boolean"
}), Object.freeze({ lowS: !0, ...n });
}
function Nn(e) {
const n = Hn(e), { Fp: t, n: r } = n, o = t.BYTES + 1, i = 2 * t.BYTES + 1;
function f(h) {
return G(h, r);
}
function c(h) {
return Dt(h, r);
}
const { ProjectivePoint: s, normPrivateKeyToScalar: l, weierstrassEquation: y, isWithinCurveOrder: d } = In({
...n,
toBytes(h, w, p) {
const I = w.toAffine(), O = t.toBytes(I.x), T = Lt;
return yt("isCompressed", p), p ? T(Uint8Array.from([w.hasEvenY() ? 2 : 3]), O) : T(Uint8Array.from([4]), O, t.toBytes(I.y));
},
fromBytes(h) {
const w = h.length, p = h[0], I = h.subarray(1);
if (w === o && (p === 2 || p === 3)) {
const O = ft(I);
if (!Jt(O, _, t.ORDER))
throw new Error("Point is not on curve");
const T = y(O);
let K;
try {
K = t.sqrt(T);
} catch (D) {
const M = D instanceof Error ? ": " + D.message : "";
throw new Error("Point is not on curve" + M);
}
const V = (K & _) === _;
return (p & 1) === 1 !== V && (K = t.neg(K)), { x: O, y: K };
} else if (w === i && p === 4) {
const O = t.fromBytes(I.subarray(0, t.BYTES)), T = t.fromBytes(I.subarray(t.BYTES, 2 * t.BYTES));
return { x: O, y: T };
} else {
const O = o, T = i;
throw new Error("invalid Point, expected length of " + O + ", or uncompressed " + T + ", got " + w);
}
}
}), u = (h) => mt(Et(h, n.nByteLength));
function m(h) {
const w = r >> _;
return h > w;
}
function H(h) {
return m(h) ? f(-h) : h;
}
const x = (h, w, p) => ft(h.slice(w, p));
class a {
constructor(w, p, I) {
bt("r", w, _, r), bt("s", p, _, r), this.r = w, this.s = p, I != null && (this.recovery = I), Object.freeze(this);
}
// pair (bytes of r, bytes of s)
static fromCompact(w) {
const p = n.nByteLength;
return w = j("compactSignature", w, p * 2), new a(x(w, 0, p), x(w, p, 2 * p));
}
// DER encoded ECDSA signature
// https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
static fromDER(w) {
const { r: p, s: I } = X.toSig(j("DER", w));
return new a(p, I);
}
/**
* @todo remove
* @deprecated
*/
as