UNPKG

gun-es

Version:

ES version of GunJS Database

1,481 lines • 64.2 kB

JavaScript

const bt = typeof globalThis == "object" && "crypto" in globalThis ? globalThis.crypto : void 0; /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */ function Lt(t) { return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array"; } function Mt(t) { if (!Number.isSafeInteger(t) || t < 0) throw new Error("positive integer expected, got " + t); } function ut(t, ...e) { if (!Lt(t)) throw new Error("Uint8Array expected"); if (e.length > 0 && !e.includes(t.length)) throw new Error("Uint8Array expected of length " + e + ", got length=" + t.length); } function be(t) { if (typeof t != "function" || typeof t.create != "function") throw new Error("Hash should be wrapped by utils.createHasher"); Mt(t.outputLen), Mt(t.blockLen); } function Ut(t, e = !0) { if (t.destroyed) throw new Error("Hash instance has been destroyed"); if (e && t.finished) throw new Error("Hash#digest() has already been called"); } function Fe(t, e) { ut(t); const r = e.outputLen; if (t.length < r) throw new Error("digestInto() expects output buffer of length at least " + r); } function mt(...t) { for (let e = 0; e < t.length; e++) t[e].fill(0); } function Ct(t) { return new DataView(t.buffer, t.byteOffset, t.byteLength); } function X(t, e) { return t << 32 - e | t >>> e; } const ge = /* @ts-ignore */ typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function", Ye = /* @__PURE__ */ Array.from({ length: 256 }, (t, e) => e.toString(16).padStart(2, "0")); function xt(t) { if (ut(t), ge) return t.toHex(); let e = ""; for (let r = 0; r < t.length; r++) e += Ye[t[r]]; return e; } const J = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 }; function ee(t) { if (t >= J._0 && t <= J._9) return t - J._0; if (t >= J.A && t <= J.F) return t - (J.A - 10); if (t >= J.a && t <= J.f) return t - (J.a - 10); } function Nt(t) { if (typeof t != "string") throw new Error("hex string expected, got " + typeof t); if (ge) return Uint8Array.fromHex(t); const e = t.length, r = e / 2; if (e % 2) throw new Error("hex string expected, got unpadded hex of length " + e); const n = new Uint8Array(r); for (let o = 0, f = 0; o < r; o++, f += 2) { const s = ee(t.charCodeAt(f)), i = ee(t.charCodeAt(f + 1)); if (s === void 0 || i === void 0) { const c = t[f] + t[f + 1]; throw new Error('hex string expected, got non-hex character "' + c + '" at index ' + f); } n[o] = s * 16 + i; } return n; } function ze(t) { if (typeof t != "string") throw new Error("string expected"); return new Uint8Array(new TextEncoder().encode(t)); } function Ft(t) { return typeof t == "string" && (t = ze(t)), ut(t), t; } function it(...t) { let e = 0; for (let n = 0; n < t.length; n++) { const o = t[n]; ut(o), e += o.length; } const r = new Uint8Array(e); for (let n = 0, o = 0; n < t.length; n++) { const f = t[n]; r.set(f, o), o += f.length; } return r; } class we { } function Yt(t) { const e = (n) => t().update(Ft(n)).digest(), r = t(); return e.outputLen = r.outputLen, e.blockLen = r.blockLen, e.create = () => t(), e; } function ye(t = 32) { if (bt && typeof bt.getRandomValues == "function") return bt.getRandomValues(new Uint8Array(t)); if (bt && typeof bt.randomBytes == "function") return Uint8Array.from(bt.randomBytes(t)); throw new Error("crypto.getRandomValues must be defined"); } /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ const zt = /* @__PURE__ */ BigInt(0), $t = /* @__PURE__ */ BigInt(1); function Rt(t, e = "") { if (typeof t != "boolean") { const r = e && `"${e}"`; throw new Error(r + "expected boolean, got type=" + typeof t); } return t; } function at(t, e, r = "") { const n = Lt(t), o = t?.length, f = e !== void 0; if (!n || f && o !== e) { const s = r && `"${r}" `, i = f ? ` of length ${e}` : "", c = n ? `length=${o}` : `type=${typeof t}`; throw new Error(s + "expected Uint8Array" + i + ", got " + c); } return t; } function At(t) { const e = t.toString(16); return e.length & 1 ? "0" + e : e; } function xe(t) { if (typeof t != "string") throw new Error("hex string expected, got " + typeof t); return t === "" ? zt : BigInt("0x" + t); } function qt(t) { return xe(xt(t)); } function pe(t) { return ut(t), xe(xt(Uint8Array.from(t).reverse())); } function Xt(t, e) { return Nt(t.toString(16).padStart(e * 2, "0")); } function me(t, e) { return Xt(t, e).reverse(); } function G(t, e, r) { let n; if (typeof e == "string") try { n = Nt(e); } catch (o) { throw new Error(t + " must be hex string or Uint8Array, cause: " + o); } else if (Lt(e)) n = Uint8Array.from(e); else throw new Error(t + " must be hex string or Uint8Array"); return n.length, n; } const Zt = (t) => typeof t == "bigint" && zt <= t; function Xe(t, e, r) { return Zt(t) && Zt(e) && Zt(r) && e <= t && t < r; } function We(t, e, r, n) { if (!Xe(e, r, n)) throw new Error("expected valid " + t + ": " + r + " <= n < " + n + ", got " + e); } function Ee(t) { let e; for (e = 0; t > zt; t >>= $t, e += 1) ; return e; } const Bt = (t) => ($t << BigInt(t)) - $t; function Pe(t, e, r) { if (typeof t != "number" || t < 2) throw new Error("hashLen must be a number"); if (typeof e != "number" || e < 2) throw new Error("qByteLen must be a number"); if (typeof r != "function") throw new Error("hmacFn must be a function"); const n = (d) => new Uint8Array(d), o = (d) => Uint8Array.of(d); let f = n(t), s = n(t), i = 0; const c = () => { f.fill(1), s.fill(0), i = 0; }, b = (...d) => r(s, f, ...d), w = (d = n(0)) => { s = b(o(0), d), f = b(), d.length !== 0 && (s = b(o(1), d), f = b()); }, g = () => { if (i++ >= 1e3) throw new Error("drbg: tried 1000 values"); let d = 0; const x = []; for (; d < e; ) { f = b(); const m = f.slice(); x.push(m), d += f.length; } return it(...x); }; return (d, x) => { c(), w(d); let m; for (; !(m = x(g())); ) w(); return c(), m; }; } function Wt(t, e, r = {}) { if (!t || typeof t != "object") throw new Error("expected valid options object"); function n(o, f, s) { const i = t[o]; if (s && i === void 0) return; const c = typeof i; if (c !== f || i === null) throw new Error(`param "${o}" is invalid: expected ${f}, got ${c}`); } Object.entries(e).forEach(([o, f]) => n(o, f, !1)), Object.entries(r).forEach(([o, f]) => n(o, f, !0)); } function ne(t) { const e = /* @__PURE__ */ new WeakMap(); return (r, ...n) => { const o = e.get(r); if (o !== void 0) return o; const f = t(r, ...n); return e.set(r, f), f; }; } /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ const F = BigInt(0), M = BigInt(1), lt = /* @__PURE__ */ BigInt(2), Be = /* @__PURE__ */ BigInt(3), ve = /* @__PURE__ */ BigInt(4), Ae = /* @__PURE__ */ BigInt(5), Je = /* @__PURE__ */ BigInt(7), Se = /* @__PURE__ */ BigInt(8), Qe = /* @__PURE__ */ BigInt(9), Ie = /* @__PURE__ */ BigInt(16); function z(t, e) { const r = t % e; return r >= F ? r : e + r; } function re(t, e) { if (t === F) throw new Error("invert: expected non-zero number"); if (e <= F) throw new Error("invert: expected positive modulus, got " + e); let r = z(t, e), n = e, o = F, f = M; for (; r !== F; ) { const i = n / r, c = n % r, b = o - f * i; n = r, r = c, o = f, f = b; } if (n !== M) throw new Error("invert: does not exist"); return z(o, e); } function Pt(t, e, r) { if (!t.eql(t.sqr(e), r)) throw new Error("Cannot find square root"); } function He(t, e) { const r = (t.ORDER + M) / ve, n = t.pow(e, r); return Pt(t, n, e), n; } function tn(t, e) { const r = (t.ORDER - Ae) / Se, n = t.mul(e, lt), o = t.pow(n, r), f = t.mul(e, o), s = t.mul(t.mul(f, lt), o), i = t.mul(f, t.sub(s, t.ONE)); return Pt(t, i, e), i; } function en(t) { const e = ht(t), r = _e(t), n = r(e, e.neg(e.ONE)), o = r(e, n), f = r(e, e.neg(n)), s = (t + Je) / Ie; return (i, c) => { let b = i.pow(c, s), w = i.mul(b, n); const g = i.mul(b, o), a = i.mul(b, f), d = i.eql(i.sqr(w), c), x = i.eql(i.sqr(g), c); b = i.cmov(b, w, d), w = i.cmov(a, g, x); const m = i.eql(i.sqr(w), c), _ = i.cmov(b, w, m); return Pt(i, _, c), _; }; } function _e(t) { if (t < Be) throw new Error("sqrt is not defined for small field"); let e = t - M, r = 0; for (; e % lt === F; ) e /= lt, r++; let n = lt; const o = ht(t); for (; oe(o, n) === 1; ) if (n++ > 1e3) throw new Error("Cannot find square root: probably non-prime P"); if (r === 1) return He; let f = o.pow(n, e); const s = (e + M) / lt; return function(c, b) { if (c.is0(b)) return b; if (oe(c, b) !== 1) throw new Error("Cannot find square root"); let w = r, g = c.mul(c.ONE, f), a = c.pow(b, e), d = c.pow(b, s); for (; !c.eql(a, c.ONE); ) { if (c.is0(a)) return c.ZERO; let x = 1, m = c.sqr(a); for (; !c.eql(m, c.ONE); ) if (x++, m = c.sqr(m), x === w) throw new Error("Cannot find square root"); const _ = M << BigInt(w - x - 1), O = c.pow(g, _); w = x, g = c.sqr(O), a = c.mul(a, g), d = c.mul(d, O); } return d; }; } function nn(t) { return t % ve === Be ? He : t % Se === Ae ? tn : t % Ie === Qe ? en(t) : _e(t); } const rn = [ "create", "isValid", "is0", "neg", "inv", "sqrt", "sqr", "eql", "add", "sub", "mul", "pow", "div", "addN", "subN", "mulN", "sqrN" ]; function on(t) { const e = { ORDER: "bigint", MASK: "bigint", BYTES: "number", BITS: "number" }, r = rn.reduce((n, o) => (n[o] = "function", n), e); return Wt(t, r), t; } function fn(t, e, r) { if (r < F) throw new Error("invalid exponent, negatives unsupported"); if (r === F) return t.ONE; if (r === M) return e; let n = t.ONE, o = e; for (; r > F; ) r & M && (n = t.mul(n, o)), o = t.sqr(o), r >>= M; return n; } function Ue(t, e, r = !1) { const n = new Array(e.length).fill(r ? t.ZERO : void 0), o = e.reduce((s, i, c) => t.is0(i) ? s : (n[c] = s, t.mul(s, i)), t.ONE), f = t.inv(o); return e.reduceRight((s, i, c) => t.is0(i) ? s : (n[c] = t.mul(s, n[c]), t.mul(s, i)), f), n; } function oe(t, e) { const r = (t.ORDER - M) / lt, n = t.pow(e, r), o = t.eql(n, t.ONE), f = t.eql(n, t.ZERO), s = t.eql(n, t.neg(t.ONE)); if (!o && !f && !s) throw new Error("invalid Legendre symbol result"); return o ? 1 : f ? 0 : -1; } function Ne(t, e) { e !== void 0 && Mt(e); const r = e !== void 0 ? e : t.toString(2).length, n = Math.ceil(r / 8); return { nBitLength: r, nByteLength: n }; } function ht(t, e, r = !1, n = {}) { if (t <= F) throw new Error("invalid field: expected ORDER > 0, got " + t); let o, f, s = !1, i; if (typeof e == "object" && e != null) { if (n.sqrt || r) throw new Error("cannot specify opts in two arguments"); const a = e; a.BITS && (o = a.BITS), a.sqrt && (f = a.sqrt), typeof a.isLE == "boolean" && (r = a.isLE), typeof a.modFromBytes == "boolean" && (s = a.modFromBytes), i = a.allowedLengths; } else typeof e == "number" && (o = e), n.sqrt && (f = n.sqrt); const { nBitLength: c, nByteLength: b } = Ne(t, o); if (b > 2048) throw new Error("invalid field: expected ORDER of <= 2048 bytes"); let w; const g = Object.freeze({ ORDER: t, isLE: r, BITS: c, BYTES: b, MASK: Bt(c), ZERO: F, ONE: M, allowedLengths: i, create: (a) => z(a, t), isValid: (a) => { if (typeof a != "bigint") throw new Error("invalid field element: expected bigint, got " + typeof a); return F <= a && a < t; }, is0: (a) => a === F, // is valid and invertible isValidNot0: (a) => !g.is0(a) && g.isValid(a), isOdd: (a) => (a & M) === M, neg: (a) => z(-a, t), eql: (a, d) => a === d, sqr: (a) => z(a * a, t), add: (a, d) => z(a + d, t), sub: (a, d) => z(a - d, t), mul: (a, d) => z(a * d, t), pow: (a, d) => fn(g, a, d), div: (a, d) => z(a * re(d, t), t), // Same as above, but doesn't normalize sqrN: (a) => a * a, addN: (a, d) => a + d, subN: (a, d) => a - d, mulN: (a, d) => a * d, inv: (a) => re(a, t), sqrt: f || ((a) => (w || (w = nn(t)), w(g, a))), toBytes: (a) => r ? me(a, b) : Xt(a, b), fromBytes: (a, d = !0) => { if (i) { if (!i.includes(a.length) || a.length > b) throw new Error("Field.fromBytes: expected " + i + " bytes, got " + a.length); const m = new Uint8Array(b); m.set(a, r ? 0 : m.length - a.length), a = m; } if (a.length !== b) throw new Error("Field.fromBytes: expected " + b + " bytes, got " + a.length); let x = r ? pe(a) : qt(a); if (s && (x = z(x, t)), !d && !g.isValid(x)) throw new Error("invalid field element: outside of range 0..ORDER"); return x; }, // TODO: we don't need it here, move out to separate fn invertBatch: (a) => Ue(g, a), // We can't move this out because Fp6, Fp12 implement it // and it's unclear what to return in there. cmov: (a, d, x) => x ? d : a }); return Object.freeze(g); } function Re(t) { if (typeof t != "bigint") throw new Error("field order must be bigint"); const e = t.toString(2).length; return Math.ceil(e / 8); } function Oe(t) { const e = Re(t); return e + Math.ceil(e / 2); } function sn(t, e, r = !1) { const n = t.length, o = Re(e), f = Oe(e); if (n < 16 || n < f || n > 1024) throw new Error("expected " + f + "-1024 bytes of input, got " + n); const s = r ? pe(t) : qt(t), i = z(s, e - M) + M; return r ? me(i, o) : Xt(i, o); } function cn(t, e, r, n) { if (typeof t.setBigUint64 == "function") return t.setBigUint64(e, r, n); const o = BigInt(32), f = BigInt(4294967295), s = Number(r >> o & f), i = Number(r & f), c = n ? 4 : 0, b = n ? 0 : 4; t.setUint32(e + c, s, n), t.setUint32(e + b, i, n); } function an(t, e, r) { return t & e ^ ~t & r; } function ln(t, e, r) { return t & e ^ t & r ^ e & r; } class Le extends we { constructor(e, r, n, o) { super(), this.finished = !1, this.length = 0, this.pos = 0, this.destroyed = !1, this.blockLen = e, this.outputLen = r, this.padOffset = n, this.isLE = o, this.buffer = new Uint8Array(e), this.view = Ct(this.buffer); } update(e) { Ut(this), e = Ft(e), ut(e); const { view: r, buffer: n, blockLen: o } = this, f = e.length; for (let s = 0; s < f; ) { const i = Math.min(o - this.pos, f - s); if (i === o) { const c = Ct(e); for (; o <= f - s; s += o) this.process(c, s); continue; } n.set(e.subarray(s, s + i), this.pos), this.pos += i, s += i, this.pos === o && (this.process(r, 0), this.pos = 0); } return this.length += e.length, this.roundClean(), this; } digestInto(e) { Ut(this), Fe(e, this), this.finished = !0; const { buffer: r, view: n, blockLen: o, isLE: f } = this; let { pos: s } = this; r[s++] = 128, mt(this.buffer.subarray(s)), this.padOffset > o - s && (this.process(n, 0), s = 0); for (let g = s; g < o; g++) r[g] = 0; cn(n, o - 8, BigInt(this.length * 8), f), this.process(n, 0); const i = Ct(e), c = this.outputLen; if (c % 4) throw new Error("_sha2: outputLen should be aligned to 32bit"); const b = c / 4, w = this.get(); if (b > w.length) throw new Error("_sha2: outputLen bigger than state"); for (let g = 0; g < b; g++) i.setUint32(4 * g, w[g], f); } digest() { const { buffer: e, outputLen: r } = this; this.digestInto(e); const n = e.slice(0, r); return this.destroy(), n; } _cloneInto(e) { e || (e = new this.constructor()), e.set(...this.get()); const { blockLen: r, buffer: n, length: o, finished: f, destroyed: s, pos: i } = this; return e.destroyed = s, e.finished = f, e.length = o, e.pos = i, o % r && e.buffer.set(n), e; } clone() { return this._cloneInto(); } } const rt = /* @__PURE__ */ Uint32Array.from([ 1779033703, 3144134277, 1013904242, 2773480762, 1359893119, 2600822924, 528734635, 1541459225 ]), K = /* @__PURE__ */ Uint32Array.from([ 3418070365, 3238371032, 1654270250, 914150663, 2438529370, 812702999, 355462360, 4144912697, 1731405415, 4290775857, 2394180231, 1750603025, 3675008525, 1694076839, 1203062813, 3204075428 ]), k = /* @__PURE__ */ Uint32Array.from([ 1779033703, 4089235720, 3144134277, 2227873595, 1013904242, 4271175723, 2773480762, 1595750129, 1359893119, 2917565137, 2600822924, 725511199, 528734635, 4215389547, 1541459225, 327033209 ]), St = /* @__PURE__ */ BigInt(2 ** 32 - 1), fe = /* @__PURE__ */ BigInt(32); function dn(t, e = !1) { return e ? { h: Number(t & St), l: Number(t >> fe & St) } : { h: Number(t >> fe & St) | 0, l: Number(t & St) | 0 }; } function un(t, e = !1) { const r = t.length; let n = new Uint32Array(r), o = new Uint32Array(r); for (let f = 0; f < r; f++) { const { h: s, l: i } = dn(t[f], e); [n[f], o[f]] = [s, i]; } return [n, o]; } const se = (t, e, r) => t >>> r, ie = (t, e, r) => t << 32 - r | e >>> r, gt = (t, e, r) => t >>> r | e << 32 - r, wt = (t, e, r) => t << 32 - r | e >>> r, It = (t, e, r) => t << 64 - r | e >>> r - 32, Ht = (t, e, r) => t >>> r - 32 | e << 64 - r; function Q(t, e, r, n) { const o = (e >>> 0) + (n >>> 0); return { h: t + r + (o / 2 ** 32 | 0) | 0, l: o | 0 }; } const hn = (t, e, r) => (t >>> 0) + (e >>> 0) + (r >>> 0), bn = (t, e, r, n) => e + r + n + (t / 2 ** 32 | 0) | 0, gn = (t, e, r, n) => (t >>> 0) + (e >>> 0) + (r >>> 0) + (n >>> 0), wn = (t, e, r, n, o) => e + r + n + o + (t / 2 ** 32 | 0) | 0, yn = (t, e, r, n, o) => (t >>> 0) + (e >>> 0) + (r >>> 0) + (n >>> 0) + (o >>> 0), xn = (t, e, r, n, o, f) => e + r + n + o + f + (t / 2 ** 32 | 0) | 0, pn = /* @__PURE__ */ Uint32Array.from([ 1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298 ]), ot = /* @__PURE__ */ new Uint32Array(64); class mn extends Le { constructor(e = 32) { super(64, e, 8, !1), this.A = rt[0] | 0, this.B = rt[1] | 0, this.C = rt[2] | 0, this.D = rt[3] | 0, this.E = rt[4] | 0, this.F = rt[5] | 0, this.G = rt[6] | 0, this.H = rt[7] | 0; } get() { const { A: e, B: r, C: n, D: o, E: f, F: s, G: i, H: c } = this; return [e, r, n, o, f, s, i, c]; } // prettier-ignore set(e, r, n, o, f, s, i, c) { this.A = e | 0, this.B = r | 0, this.C = n | 0, this.D = o | 0, this.E = f | 0, this.F = s | 0, this.G = i | 0, this.H = c | 0; } process(e, r) { for (let g = 0; g < 16; g++, r += 4) ot[g] = e.getUint32(r, !1); for (let g = 16; g < 64; g++) { const a = ot[g - 15], d = ot[g - 2], x = X(a, 7) ^ X(a, 18) ^ a >>> 3, m = X(d, 17) ^ X(d, 19) ^ d >>> 10; ot[g] = m + ot[g - 7] + x + ot[g - 16] | 0; } let { A: n, B: o, C: f, D: s, E: i, F: c, G: b, H: w } = this; for (let g = 0; g < 64; g++) { const a = X(i, 6) ^ X(i, 11) ^ X(i, 25), d = w + a + an(i, c, b) + pn[g] + ot[g] | 0, m = (X(n, 2) ^ X(n, 13) ^ X(n, 22)) + ln(n, o, f) | 0; w = b, b = c, c = i, i = s + d | 0, s = f, f = o, o = n, n = d + m | 0; } n = n + this.A | 0, o = o + this.B | 0, f = f + this.C | 0, s = s + this.D | 0, i = i + this.E | 0, c = c + this.F | 0, b = b + this.G | 0, w = w + this.H | 0, this.set(n, o, f, s, i, c, b, w); } roundClean() { mt(ot); } destroy() { this.set(0, 0, 0, 0, 0, 0, 0, 0), mt(this.buffer); } } const qe = un([ "0x428a2f98d728ae22", "0x7137449123ef65cd", "0xb5c0fbcfec4d3b2f", "0xe9b5dba58189dbbc", "0x3956c25bf348b538", "0x59f111f1b605d019", "0x923f82a4af194f9b", "0xab1c5ed5da6d8118", "0xd807aa98a3030242", "0x12835b0145706fbe", "0x243185be4ee4b28c", "0x550c7dc3d5ffb4e2", "0x72be5d74f27b896f", "0x80deb1fe3b1696b1", "0x9bdc06a725c71235", "0xc19bf174cf692694", "0xe49b69c19ef14ad2", "0xefbe4786384f25e3", "0x0fc19dc68b8cd5b5", "0x240ca1cc77ac9c65", "0x2de92c6f592b0275", "0x4a7484aa6ea6e483", "0x5cb0a9dcbd41fbd4", "0x76f988da831153b5", "0x983e5152ee66dfab", "0xa831c66d2db43210", "0xb00327c898fb213f", "0xbf597fc7beef0ee4", "0xc6e00bf33da88fc2", "0xd5a79147930aa725", "0x06ca6351e003826f", "0x142929670a0e6e70", "0x27b70a8546d22ffc", "0x2e1b21385c26c926", "0x4d2c6dfc5ac42aed", "0x53380d139d95b3df", "0x650a73548baf63de", "0x766a0abb3c77b2a8", "0x81c2c92e47edaee6", "0x92722c851482353b", "0xa2bfe8a14cf10364", "0xa81a664bbc423001", "0xc24b8b70d0f89791", "0xc76c51a30654be30", "0xd192e819d6ef5218", "0xd69906245565a910", "0xf40e35855771202a", "0x106aa07032bbd1b8", "0x19a4c116b8d2d0c8", "0x1e376c085141ab53", "0x2748774cdf8eeb99", "0x34b0bcb5e19b48a8", "0x391c0cb3c5c95a63", "0x4ed8aa4ae3418acb", "0x5b9cca4f7763e373", "0x682e6ff3d6b2b8a3", "0x748f82ee5defb2fc", "0x78a5636f43172f60", "0x84c87814a1f0ab72", "0x8cc702081a6439ec", "0x90befffa23631e28", "0xa4506cebde82bde9", "0xbef9a3f7b2c67915", "0xc67178f2e372532b", "0xca273eceea26619c", "0xd186b8c721c0c207", "0xeada7dd6cde0eb1e", "0xf57d4f7fee6ed178", "0x06f067aa72176fba", "0x0a637dc5a2c898a6", "0x113f9804bef90dae", "0x1b710b35131c471b", "0x28db77f523047d84", "0x32caab7b40c72493", "0x3c9ebe0a15c9bebc", "0x431d67c49c100d4c", "0x4cc5d4becb3e42b6", "0x597f299cfc657e2a", "0x5fcb6fab3ad6faec", "0x6c44198c4a475817" ].map((t) => BigInt(t))), En = qe[0], Bn = qe[1], ft = /* @__PURE__ */ new Uint32Array(80), st = /* @__PURE__ */ new Uint32Array(80); class Ce extends Le { constructor(e = 64) { super(128, e, 16, !1), this.Ah = k[0] | 0, this.Al = k[1] | 0, this.Bh = k[2] | 0, this.Bl = k[3] | 0, this.Ch = k[4] | 0, this.Cl = k[5] | 0, this.Dh = k[6] | 0, this.Dl = k[7] | 0, this.Eh = k[8] | 0, this.El = k[9] | 0, this.Fh = k[10] | 0, this.Fl = k[11] | 0, this.Gh = k[12] | 0, this.Gl = k[13] | 0, this.Hh = k[14] | 0, this.Hl = k[15] | 0; } // prettier-ignore get() { const { Ah: e, Al: r, Bh: n, Bl: o, Ch: f, Cl: s, Dh: i, Dl: c, Eh: b, El: w, Fh: g, Fl: a, Gh: d, Gl: x, Hh: m, Hl: _ } = this; return [e, r, n, o, f, s, i, c, b, w, g, a, d, x, m, _]; } // prettier-ignore set(e, r, n, o, f, s, i, c, b, w, g, a, d, x, m, _) { this.Ah = e | 0, this.Al = r | 0, this.Bh = n | 0, this.Bl = o | 0, this.Ch = f | 0, this.Cl = s | 0, this.Dh = i | 0, this.Dl = c | 0, this.Eh = b | 0, this.El = w | 0, this.Fh = g | 0, this.Fl = a | 0, this.Gh = d | 0, this.Gl = x | 0, this.Hh = m | 0, this.Hl = _ | 0; } process(e, r) { for (let S = 0; S < 16; S++, r += 4) ft[S] = e.getUint32(r), st[S] = e.getUint32(r += 4); for (let S = 16; S < 80; S++) { const $ = ft[S - 15] | 0, D = st[S - 15] | 0, ct = gt($, D, 1) ^ gt($, D, 8) ^ se($, D, 7), nt = wt($, D, 1) ^ wt($, D, 8) ^ ie($, D, 7), T = ft[S - 2] | 0, I = st[S - 2] | 0, P = gt(T, I, 19) ^ It(T, I, 61) ^ se(T, I, 6), Y = wt(T, I, 19) ^ Ht(T, I, 61) ^ ie(T, I, 6), U = gn(nt, Y, st[S - 7], st[S - 16]), h = wn(U, ct, P, ft[S - 7], ft[S - 16]); ft[S] = h | 0, st[S] = U | 0; } let { Ah: n, Al: o, Bh: f, Bl: s, Ch: i, Cl: c, Dh: b, Dl: w, Eh: g, El: a, Fh: d, Fl: x, Gh: m, Gl: _, Hh: O, Hl: W } = this; for (let S = 0; S < 80; S++) { const $ = gt(g, a, 14) ^ gt(g, a, 18) ^ It(g, a, 41), D = wt(g, a, 14) ^ wt(g, a, 18) ^ Ht(g, a, 41), ct = g & d ^ ~g & m, nt = a & x ^ ~a & _, T = yn(W, D, nt, Bn[S], st[S]), I = xn(T, O, $, ct, En[S], ft[S]), P = T | 0, Y = gt(n, o, 28) ^ It(n, o, 34) ^ It(n, o, 39), U = wt(n, o, 28) ^ Ht(n, o, 34) ^ Ht(n, o, 39), h = n & f ^ n & i ^ f & i, u = o & s ^ o & c ^ s & c; O = m | 0, W = _ | 0, m = d | 0, _ = x | 0, d = g | 0, x = a | 0, { h: g, l: a } = Q(b | 0, w | 0, I | 0, P | 0), b = i | 0, w = c | 0, i = f | 0, c = s | 0, f = n | 0, s = o | 0; const l = hn(P, U, u); n = bn(l, I, Y, h), o = l | 0; } ({ h: n, l: o } = Q(this.Ah | 0, this.Al | 0, n | 0, o | 0)), { h: f, l: s } = Q(this.Bh | 0, this.Bl | 0, f | 0, s | 0), { h: i, l: c } = Q(this.Ch | 0, this.Cl | 0, i | 0, c | 0), { h: b, l: w } = Q(this.Dh | 0, this.Dl | 0, b | 0, w | 0), { h: g, l: a } = Q(this.Eh | 0, this.El | 0, g | 0, a | 0), { h: d, l: x } = Q(this.Fh | 0, this.Fl | 0, d | 0, x | 0), { h: m, l: _ } = Q(this.Gh | 0, this.Gl | 0, m | 0, _ | 0), { h: O, l: W } = Q(this.Hh | 0, this.Hl | 0, O | 0, W | 0), this.set(n, o, f, s, i, c, b, w, g, a, d, x, m, _, O, W); } roundClean() { mt(ft, st); } destroy() { mt(this.buffer), this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); } } class vn extends Ce { constructor() { super(48), this.Ah = K[0] | 0, this.Al = K[1] | 0, this.Bh = K[2] | 0, this.Bl = K[3] | 0, this.Ch = K[4] | 0, this.Cl = K[5] | 0, this.Dh = K[6] | 0, this.Dl = K[7] | 0, this.Eh = K[8] | 0, this.El = K[9] | 0, this.Fh = K[10] | 0, this.Fl = K[11] | 0, this.Gh = K[12] | 0, this.Gl = K[13] | 0, this.Hh = K[14] | 0, this.Hl = K[15] | 0; } } const An = /* @__PURE__ */ Yt(() => new mn()), Sn = /* @__PURE__ */ Yt(() => new Ce()), In = /* @__PURE__ */ Yt(() => new vn()); class Ze extends we { constructor(e, r) { super(), this.finished = !1, this.destroyed = !1, be(e); const n = Ft(r); if (this.iHash = e.create(), typeof this.iHash.update != "function") throw new Error("Expected instance of class which extends utils.Hash"); this.blockLen = this.iHash.blockLen, this.outputLen = this.iHash.outputLen; const o = this.blockLen, f = new Uint8Array(o); f.set(n.length > o ? e.create().update(n).digest() : n); for (let s = 0; s < f.length; s++) f[s] ^= 54; this.iHash.update(f), this.oHash = e.create(); for (let s = 0; s < f.length; s++) f[s] ^= 106; this.oHash.update(f), mt(f); } update(e) { return Ut(this), this.iHash.update(e), this; } digestInto(e) { Ut(this), ut(e, this.outputLen), this.finished = !0, this.iHash.digestInto(e), this.oHash.update(e), this.oHash.digestInto(e), this.destroy(); } digest() { const e = new Uint8Array(this.oHash.outputLen); return this.digestInto(e), e; } _cloneInto(e) { e || (e = Object.create(Object.getPrototypeOf(this), {})); const { oHash: r, iHash: n, finished: o, destroyed: f, blockLen: s, outputLen: i } = this; return e = e, e.finished = o, e.destroyed = f, e.blockLen = s, e.outputLen = i, e.oHash = r._cloneInto(e.oHash), e.iHash = n._cloneInto(e.iHash), e; } clone() { return this._cloneInto(); } destroy() { this.destroyed = !0, this.oHash.destroy(), this.iHash.destroy(); } } const Te = (t, e, r) => new Ze(t, e).update(r).digest(); Te.create = (t, e) => new Ze(t, e); /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ const Et = BigInt(0), dt = BigInt(1); function Ot(t, e) { const r = e.negate(); return t ? r : e; } function Tt(t, e) { const r = Ue(t.Fp, e.map((n) => n.Z)); return e.map((n, o) => t.fromAffine(n.toAffine(r[o]))); } function Ve(t, e) { if (!Number.isSafeInteger(t) || t <= 0 || t > e) throw new Error("invalid window size, expected [1.." + e + "], got W=" + t); } function Vt(t, e) { Ve(t, e); const r = Math.ceil(e / t) + 1, n = 2 ** (t - 1), o = 2 ** t, f = Bt(t), s = BigInt(t); return { windows: r, windowSize: n, mask: f, maxNumber: o, shiftBy: s }; } function ce(t, e, r) { const { windowSize: n, mask: o, maxNumber: f, shiftBy: s } = r; let i = Number(t & o), c = t >> s; i > n && (i -= f, c += dt); const b = e * n, w = b + Math.abs(i) - 1, g = i === 0, a = i < 0, d = e % 2 !== 0; return { nextN: c, offset: w, isZero: g, isNeg: a, isNegF: d, offsetF: b }; } function Hn(t, e) { if (!Array.isArray(t)) throw new Error("array expected"); t.forEach((r, n) => { if (!(r instanceof e)) throw new Error("invalid point at index " + n); }); } function _n(t, e) { if (!Array.isArray(t)) throw new Error("array of scalars expected"); t.forEach((r, n) => { if (!e.isValid(r)) throw new Error("invalid scalar at index " + n); }); } const Kt = /* @__PURE__ */ new WeakMap(), Ke = /* @__PURE__ */ new WeakMap(); function kt(t) { return Ke.get(t) || 1; } function ae(t) { if (t !== Et) throw new Error("invalid wNAF"); } class Un { // Parametrized with a given Point class (not individual point) constructor(e, r) { this.BASE = e.BASE, this.ZERO = e.ZERO, this.Fn = e.Fn, this.bits = r; } // non-const time multiplication ladder _unsafeLadder(e, r, n = this.ZERO) { let o = e; for (; r > Et; ) r & dt && (n = n.add(o)), o = o.double(), r >>= dt; return n; } /** * Creates a wNAF precomputation window. Used for caching. * Default window size is set by `utils.precompute()` and is equal to 8. * Number of precomputed points depends on the curve size: * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where: * - 𝑊 is the window size * - 𝑛 is the bitlength of the curve order. * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224. * @param point Point instance * @param W window size * @returns precomputed point tables flattened to a single array */ precomputeWindow(e, r) { const { windows: n, windowSize: o } = Vt(r, this.bits), f = []; let s = e, i = s; for (let c = 0; c < n; c++) { i = s, f.push(i); for (let b = 1; b < o; b++) i = i.add(s), f.push(i); s = i.double(); } return f; } /** * Implements ec multiplication using precomputed tables and w-ary non-adjacent form. * More compact implementation: * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541 * @returns real and fake (for const-time) points */ wNAF(e, r, n) { if (!this.Fn.isValid(n)) throw new Error("invalid scalar"); let o = this.ZERO, f = this.BASE; const s = Vt(e, this.bits); for (let i = 0; i < s.windows; i++) { const { nextN: c, offset: b, isZero: w, isNeg: g, isNegF: a, offsetF: d } = ce(n, i, s); n = c, w ? f = f.add(Ot(a, r[d])) : o = o.add(Ot(g, r[b])); } return ae(n), { p: o, f }; } /** * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form. * @param acc accumulator point to add result of multiplication * @returns point */ wNAFUnsafe(e, r, n, o = this.ZERO) { const f = Vt(e, this.bits); for (let s = 0; s < f.windows && n !== Et; s++) { const { nextN: i, offset: c, isZero: b, isNeg: w } = ce(n, s, f); if (n = i, !b) { const g = r[c]; o = o.add(w ? g.negate() : g); } } return ae(n), o; } getPrecomputes(e, r, n) { let o = Kt.get(r); return o || (o = this.precomputeWindow(r, e), e !== 1 && (typeof n == "function" && (o = n(o)), Kt.set(r, o))), o; } cached(e, r, n) { const o = kt(e); return this.wNAF(o, this.getPrecomputes(o, e, n), r); } unsafe(e, r, n, o) { const f = kt(e); return f === 1 ? this._unsafeLadder(e, r, o) : this.wNAFUnsafe(f, this.getPrecomputes(f, e, n), r, o); } // We calculate precomputes for elliptic curve point multiplication // using windowed method. This specifies window size and // stores precomputed values. Usually only base point would be precomputed. createCache(e, r) { Ve(r, this.bits), Ke.set(e, r), Kt.delete(e); } hasCache(e) { return kt(e) !== 1; } } function Nn(t, e, r, n) { let o = e, f = t.ZERO, s = t.ZERO; for (; r > Et || n > Et; ) r & dt && (f = f.add(o)), n & dt && (s = s.add(o)), o = o.double(), r >>= dt, n >>= dt; return { p1: f, p2: s }; } function Rn(t, e, r, n) { Hn(r, t), _n(n, e); const o = r.length, f = n.length; if (o !== f) throw new Error("arrays of points and scalars must have equal length"); const s = t.ZERO, i = Ee(BigInt(o)); let c = 1; i > 12 ? c = i - 3 : i > 4 ? c = i - 2 : i > 0 && (c = 2); const b = Bt(c), w = new Array(Number(b) + 1).fill(s), g = Math.floor((e.BITS - 1) / c) * c; let a = s; for (let d = g; d >= 0; d -= c) { w.fill(s); for (let m = 0; m < f; m++) { const _ = n[m], O = Number(_ >> BigInt(d) & b); w[O] = w[O].add(r[m]); } let x = s; for (let m = w.length - 1, _ = s; m > 0; m--) _ = _.add(w[m]), x = x.add(_); if (a = a.add(x), d !== 0) for (let m = 0; m < c; m++) a = a.double(); } return a; } function le(t, e, r) { if (e) { if (e.ORDER !== t) throw new Error("Field.ORDER must match order: Fp == p, Fn == n"); return on(e), e; } else return ht(t, { isLE: r }); } function On(t, e, r = {}, n) { if (n === void 0 && (n = t === "edwards"), !e || typeof e != "object") throw new Error(`expected valid ${t} CURVE object`); for (const c of ["p", "n", "h"]) { const b = e[c]; if (!(typeof b == "bigint" && b > Et)) throw new Error(`CURVE.${c} must be positive bigint`); } const o = le(e.p, r.Fp, n), f = le(e.n, r.Fn, n), i = ["Gx", "Gy", "a", "b"]; for (const c of i) if (!o.isValid(e[c])) throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`); return e = Object.freeze(Object.assign({}, e)), { CURVE: e, Fp: o, Fn: f }; } /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ const de = (t, e) => (t + (t >= 0 ? e : -e) / ke) / e; function Ln(t, e, r) { const [[n, o], [f, s]] = e, i = de(s * t, r), c = de(-o * t, r); let b = t - i * n - c * f, w = -i * o - c * s; const g = b < et, a = w < et; g && (b = -b), a && (w = -w); const d = Bt(Math.ceil(Ee(r) / 2)) + pt; if (b < et || b >= d || w < et || w >= d) throw new Error("splitScalar (endomorphism): failed, k=" + t); return { k1neg: g, k1: b, k2neg: a, k2: w }; } function jt(t) { if (!["compact", "recovered", "der"].includes(t)) throw new Error('Signature format must be "compact", "recovered", or "der"'); return t; } function Dt(t, e) { const r = {}; for (let n of Object.keys(e)) r[n] = t[n] === void 0 ? e[n] : t[n]; return Rt(r.lowS, "lowS"), Rt(r.prehash, "prehash"), r.format !== void 0 && jt(r.format), r; } class qn extends Error { constructor(e = "") { super(e); } } const tt = { // asn.1 DER encoding utils Err: qn, // Basic building block is TLV (Tag-Length-Value) _tlv: { encode: (t, e) => { const { Err: r } = tt; if (t < 0 || t > 256) throw new r("tlv.encode: wrong tag"); if (e.length & 1) throw new r("tlv.encode: unpadded data"); const n = e.length / 2, o = At(n); if (o.length / 2 & 128) throw new r("tlv.encode: long form length too big"); const f = n > 127 ? At(o.length / 2 | 128) : ""; return At(t) + f + o + e; }, // v - value, l - left bytes (unparsed) decode(t, e) { const { Err: r } = tt; let n = 0; if (t < 0 || t > 256) throw new r("tlv.encode: wrong tag"); if (e.length < 2 || e[n++] !== t) throw new r("tlv.decode: wrong tlv"); const o = e[n++], f = !!(o & 128); let s = 0; if (!f) s = o; else { const c = o & 127; if (!c) throw new r("tlv.decode(long): indefinite length not supported"); if (c > 4) throw new r("tlv.decode(long): byte length is too big"); const b = e.subarray(n, n + c); if (b.length !== c) throw new r("tlv.decode: length bytes not complete"); if (b[0] === 0) throw new r("tlv.decode(long): zero leftmost byte"); for (const w of b) s = s << 8 | w; if (n += c, s < 128) throw new r("tlv.decode(long): not minimal encoding"); } const i = e.subarray(n, n + s); if (i.length !== s) throw new r("tlv.decode: wrong value length"); return { v: i, l: e.subarray(n + s) }; } }, // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag, // since we always use positive integers here. It must always be empty: // - add zero byte if exists // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding) _int: { encode(t) { const { Err: e } = tt; if (t < et) throw new e("integer: negative integers are not allowed"); let r = At(t); if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1) throw new e("unexpected DER parsing assertion: unpadded hex"); return r; }, decode(t) { const { Err: e } = tt; if (t[0] & 128) throw new e("invalid signature integer: negative"); if (t[0] === 0 && !(t[1] & 128)) throw new e("invalid signature integer: unnecessary leading zero"); return qt(t); } }, toSig(t) { const { Err: e, _int: r, _tlv: n } = tt, o = G("signature", t), { v: f, l: s } = n.decode(48, o); if (s.length) throw new e("invalid signature: left bytes after parsing"); const { v: i, l: c } = n.decode(2, f), { v: b, l: w } = n.decode(2, c); if (w.length) throw new e("invalid signature: left bytes after parsing"); return { r: r.decode(i), s: r.decode(b) }; }, hexFromSig(t) { const { _tlv: e, _int: r } = tt, n = e.encode(2, r.encode(t.r)), o = e.encode(2, r.encode(t.s)), f = n + o; return e.encode(48, f); } }, et = BigInt(0), pt = BigInt(1), ke = BigInt(2), _t = BigInt(3), Cn = BigInt(4); function yt(t, e) { const { BYTES: r } = t; let n; if (typeof e == "bigint") n = e; else { let o = G("private key", e); try { n = t.fromBytes(o); } catch { throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof e}`); } } if (!t.isValidNot0(n)) throw new Error("invalid private key: out of range [1..N-1]"); return n; } function Zn(t, e = {}) { const r = On("weierstrass", t, e), { Fp: n, Fn: o } = r; let f = r.CURVE; const { h: s, n: i } = f; Wt(e, {}, { allowInfinityPoint: "boolean", clearCofactor: "function", isTorsionFree: "function", fromBytes: "function", toBytes: "function", endo: "object", wrapPrivateKey: "boolean" }); const { endo: c } = e; if (c && (!n.is0(f.a) || typeof c.beta != "bigint" || !Array.isArray(c.basises))) throw new Error('invalid endo: expected "beta": bigint and "basises": array'); const b = Me(n, o); function w() { if (!n.isOdd) throw new Error("compression is not supported: Field does not have .isOdd()"); } function g(U, h, u) { const { x: l, y } = h.toAffine(), p = n.toBytes(l); if (Rt(u, "isCompressed"), u) { w(); const v = !n.isOdd(y); return it(De(v), p); } else return it(Uint8Array.of(4), p, n.toBytes(y)); } function a(U) { at(U, void 0, "Point"); const { publicKey: h, publicKeyUncompressed: u } = b, l = U.length, y = U[0], p = U.subarray(1); if (l === h && (y === 2 || y === 3)) { const v = n.fromBytes(p); if (!n.isValid(v)) throw new Error("bad point: is not on curve, wrong x"); const B = m(v); let E; try { E = n.sqrt(B); } catch (C) { const R = C instanceof Error ? ": " + C.message : ""; throw new Error("bad point: is not on curve, sqrt error" + R); } w(); const A = n.isOdd(E); return (y & 1) === 1 !== A && (E = n.neg(E)), { x: v, y: E }; } else if (l === u && y === 4) { const v = n.BYTES, B = n.fromBytes(p.subarray(0, v)), E = n.fromBytes(p.subarray(v, v * 2)); if (!_(B, E)) throw new Error("bad point: is not on curve"); return { x: B, y: E }; } else throw new Error(`bad point: got length ${l}, expected compressed=${h} or uncompressed=${u}`); } const d = e.toBytes || g, x = e.fromBytes || a; function m(U) { const h = n.sqr(U), u = n.mul(h, U); return n.add(n.add(u, n.mul(U, f.a)), f.b); } function _(U, h) { const u = n.sqr(h), l = m(U); return n.eql(u, l); } if (!_(f.Gx, f.Gy)) throw new Error("bad curve params: generator point"); const O = n.mul(n.pow(f.a, _t), Cn), W = n.mul(n.sqr(f.b), BigInt(27)); if (n.is0(n.add(O, W))) throw new Error("bad curve params: a or b"); function S(U, h, u = !1) { if (!n.isValid(h) || u && n.is0(h)) throw new Error(`bad point coordinate ${U}`); return h; } function $(U) { if (!(U instanceof I)) throw new Error("ProjectivePoint expected"); } function D(U) { if (!c || !c.basises) throw new Error("no endo"); return Ln(U, c.basises, o.ORDER); } const ct = ne((U, h) => { const { X: u, Y: l, Z: y } = U; if (n.eql(y, n.ONE)) return { x: u, y: l }; const p = U.is0(); h == null && (h = p ? n.ONE : n.inv(y)); const v = n.mul(u, h), B = n.mul(l, h), E = n.mul(y, h); if (p) return { x: n.ZERO, y: n.ZERO }; if (!n.eql(E, n.ONE)) throw new Error("invZ was invalid"); return { x: v, y: B }; }), nt = ne((U) => { if (U.is0()) { if (e.allowInfinityPoint && !n.is0(U.Y)) return; throw new Error("bad point: ZERO"); } const { x: h, y: u } = U.toAffine(); if (!n.isValid(h) || !n.isValid(u)) throw new Error("bad point: x or y not field elements"); if (!_(h, u)) throw new Error("bad point: equation left != right"); if (!U.isTorsionFree()) throw new Error("bad point: not in prime-order subgroup"); return !0; }); function T(U, h, u, l, y) { return u = new I(n.mul(u.X, U), u.Y, u.Z), h = Ot(l, h), u = Ot(y, u), h.add(u); } class I { /** Does NOT validate if the point is valid. Use `.assertValidity()`. */ constructor(h, u, l) { this.X = S("x", h), this.Y = S("y", u, !0), this.Z = S("z", l), Object.freeze(this); } static CURVE() { return f; } /** Does NOT validate if the point is valid. Use `.assertValidity()`. */ static fromAffine(h) { const { x: u, y: l } = h || {}; if (!h || !n.isValid(u) || !n.isValid(l)) throw new Error("invalid affine point"); if (h instanceof I) throw new Error("projective point not allowed"); return n.is0(u) && n.is0(l) ? I.ZERO : new I(u, l, n.ONE); } static fromBytes(h) { const u = I.fromAffine(x(at(h, void 0, "point"))); return u.assertValidity(), u; } static fromHex(h) { return I.fromBytes(G("pointHex", h)); } get x() { return this.toAffine().x; } get y() { return this.toAffine().y; } /** * * @param windowSize * @param isLazy true will defer table computation until the first multiplication * @returns */ precompute(h = 8, u = !0) { return Y.createCache(this, h), u || this.multiply(_t), this; } // TODO: return `this` /** A point on curve is valid if it conforms to equation. */ assertValidity() { nt(this); } hasEvenY() { const { y: h } = this.toAffine(); if (!n.isOdd) throw new Error("Field doesn't support isOdd"); return !n.isOdd(h); } /** Compare one point to another. */ equals(h) { $(h); const { X: u, Y: l, Z: y } = this, { X: p, Y: v, Z: B } = h, E = n.eql(n.mul(u, B), n.mul(p, y)), A = n.eql(n.mul(l, B), n.mul(v, y)); return E && A; } /** Flips point to one corresponding to (x, -y) in Affine coordinates. */ negate() { return new I(this.X, n.neg(this.Y), this.Z); } // Renes-Costello-Batina exception-free doubling formula. // There is 30% faster Jacobian formula, but it is not complete. // https://eprint.iacr.org/2015/1060, algorithm 3 // Cost: 8M + 3S + 3*a + 2*b3 + 15add. double() { const { a: h, b: u } = f, l = n.mul(u, _t), { X: y, Y: p, Z: v } = this; let B = n.ZERO, E = n.ZERO, A = n.ZERO, H = n.mul(y, y), C = n.mul(p, p), R = n.mul(v, v), N = n.mul(y, p); return N = n.add(N, N), A = n.mul(y, v), A = n.add(A, A), B = n.mul(h, A), E = n.mul(l, R), E = n.add(B, E), B = n.sub(C, E), E = n.add(C, E), E = n.mul(B, E), B = n.mul(N, B), A = n.mul(l, A), R = n.mul(h, R), N = n.sub(H, R), N = n.mul(h, N), N = n.add(N, A), A = n.add(H, H), H = n.add(A, H), H = n.add(H, R), H = n.mul(H, N), E = n.add(E, H), R = n.mul(p, v), R = n.add(R, R), H = n.mul(R, N), B = n.sub(B, H), A = n.mul(R, C), A = n.add(A, A), A = n.add(A, A), new I(B, E, A); } // Renes-Costello-Batina exception-free addition formula. // There is 30% faster Jacobian formula, but it is not complete. // https://eprint.iacr.org/2015/1060, algorithm 1 // Cost: 12M + 0S + 3*a + 3*b3 + 23add. add(h) { $(h); const { X: u, Y: l, Z: y } = this, { X: p, Y: v, Z: B } = h; let E = n.ZERO, A = n.ZERO, H = n.ZERO; const C = f.a, R = n.mul(f.b, _t); let N = n.mul(u, p), L = n.mul(l, v), Z = n.mul(y, B), j = n.add(u, l), q = n.add(p, v); j = n.mul(j, q), q = n.add(N, L), j = n.sub(j, q), q = n.add(u, y); let V = n.add(p, B); return q = n.mul(q, V), V = n.add(N, Z), q = n.sub(q, V), V = n.add(l, y), E = n.add(v, B), V = n.mul(V, E), E = n.add(L, Z), V = n.sub(V, E), H = n.mul(C, q), E = n.mul(R, Z), H = n.add(E, H), E = n.sub(L, H), H = n.add(L, H), A = n.mul(E, H), L = n.add(N, N), L = n.add(L, N), Z = n.mul(C, Z), q = n.mul(R, q), L = n.add(L, Z), Z = n.sub(N, Z), Z = n.mul(C, Z), q = n.add(q, Z), N = n.mul(L, q), A = n.add(A, N), N = n.mul(V, q), E = n.mul(j, E), E = n.sub(E, N), N = n.mul(j, L), H = n.mul(V, H), H = n.add(H, N), new I(E, A, H); } subtract(h) { return this.add(h.negate()); } is0() { return this.equals(I.ZERO); } /** * Constant time multiplication. * Uses wNAF method. Windowed method may be 10% faster, * but takes 2x longer to generate and consumes 2x memory. * Uses precomputes when available. * Uses endomorphism for Koblitz curves. * @param scalar by which the point would be multiplied * @returns New point */ multiply(h) { const { endo: u } = e; if (!o.isValidNot0(h)) throw new Error("invalid scalar: out of range"); let l, y; const p = (v) => Y.cached(this, v, (B) => Tt(I, B)); if (u) { const { k1neg: v, k1: B, k2neg: E, k2: A } = D(h), { p: H, f: C } = p(B), { p: R, f: N } = p(A); y = C.add(N), l = T(u.beta, H, R, v, E); } else { const { p: v, f: B } = p(h); l = v, y = B; } return Tt(I, [l, y])[0]; } /** * Non-constant-time multiplication. Uses double-and-add algorithm. * It's faster, but should only be used when you don't care about * an exposed secret key e.g. sig verification, which works over *public* keys. */ multiplyUnsafe(h) { const { endo: u } = e, l = this; if (!o.isValid(h)) throw new Error("invalid scalar: out of range"); if (h === et || l.is0()) return I.ZERO; if (h === pt) return l; if (Y.hasCache(this)) return this.multiply(h); if (u) { const { k1neg: y, k1: p, k2neg: v, k2: B } = D(h), { p1: E, p2: A } = Nn(I, l, p, B); return T(u.beta, E, A, y, v); } else return Y.unsafe(l, h); } multiplyAndAddUnsafe(h, u, l) { const y = this.multiplyUnsafe(u).add(h.multiplyUnsafe(l)); return y.is0() ? void 0 : y; } /** * Converts Projective point to affine (x, y) coordinates. * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch */ toAffine(h) { return ct(this, h); } /** * Checks whether Point is free of torsion elements (is in prime subgroup). * Always torsion-free for cofactor=1 curves. */ isTorsionFree() { const { isTorsionFree: h } = e; return s === pt ? !0 : h ? h(I, this) : Y.unsafe(this, i).is0(); } clearCofactor() { const { clearCofactor: h } = e; return s === pt ? this : h ? h(I, this) : this.multiplyUnsafe(s); } isSmallOrder() { return this.multiplyUnsafe(s).is0(); } toBytes(h = !0) { return Rt(h, "isCompressed"), this.assertValidity(), d(I, this, h); } toHex(h = !0) { return xt(this.toBytes(h)); } toString() { return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`; } // TODO: remove get px() { return this.X; } get py() { return this.X; } get pz() { return this.Z; } toRawBytes(h = !0) { return this.toBytes(h); } _setWindowSize(h) { this.precompute(h); } static normalizeZ(h) { return Tt(I, h); } static msm(h, u) { return Rn(I, o, h, u); } static fromPrivateKey(h) { return I.BASE.multiply(yt(o, h)); } }