UNPKG

openpgp

Version:

OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.

openpgpjs.org

openpgpjs/openpgpjs

14 lines (13 loc) 46.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*! OpenPGP.js v6.2.1 - 2025-08-26 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */ "undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self&&self;import{h as t,a as e,b as f,i as r,c as n,d as o,H as i,e as s,t as c,f as a,g as d,r as u,s as l,j as h,k as b,l as g,m as p,n as y,o as m,p as B}from"./sha512.min.mjs"; /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const w=/* @__PURE__ */BigInt(0),E=/* @__PURE__ */BigInt(1);function x(t,e=""){if("boolean"!=typeof t){throw Error((e&&`"${e}"`)+"expected boolean, got type="+typeof t)}return t}function v(t,e,f=""){const n=r(t),o=t?.length,i=void 0!==e;if(!n||i&&o!==e){throw Error((f&&`"${f}" `)+"expected Uint8Array"+(i?" of length "+e:"")+", got "+(n?"length="+o:"type="+typeof t))}return t}function I(t){const e=t.toString(16);return 1&e.length?"0"+e:e}function S(t){if("string"!=typeof t)throw Error("hex string expected, got "+typeof t);return""===t?w:BigInt("0x"+t)}function O(t){return S(f(t))}function R(t){return e(t),S(f(Uint8Array.from(t).reverse()))}function F(e,f){return t(e.toString(16).padStart(2*f,"0"))}function A(t,e){return F(t,e).reverse()}function q(e,f,n){let o;if("string"==typeof f)try{o=t(f)}catch(t){throw Error(e+" must be hex string or Uint8Array, cause: "+t)}else{if(!r(f))throw Error(e+" must be hex string or Uint8Array");o=Uint8Array.from(f)}const i=o.length;if("number"==typeof n&&i!==n)throw Error(e+" of length "+n+" expected, got "+i);return o}function Z(t){return Uint8Array.from(t)}const P=t=>"bigint"==typeof t&&w<=t;function K(t,e,f,r){if(!function(t,e,f){return P(t)&&P(e)&&P(f)&&e<=t&&t<f}(e,f,r))throw Error("expected valid "+t+": "+f+" <= n < "+r+", got "+e)}function N(t){let e;for(e=0;t>w;t>>=E,e+=1);return e}const U=t=>(E<<BigInt(t))-E;function V(t,e,f={}){if(!t||"object"!=typeof t)throw Error("expected valid options object");function r(e,f,r){const n=t[e];if(r&&void 0===n)return;const o=typeof n;if(o!==f||null===n)throw Error(`param "${e}" is invalid: expected ${f}, got ${o}`)}Object.entries(e).forEach((([t,e])=>r(t,e,!1))),Object.entries(f).forEach((([t,e])=>r(t,e,!0)))}function T(t){const e=new WeakMap;return(f,...r)=>{const n=e.get(f);if(void 0!==n)return n;const o=t(f,...r);return e.set(f,o),o}} /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const C=BigInt(0),k=BigInt(1),j=/* @__PURE__ */BigInt(2),L=/* @__PURE__ */BigInt(3),G=/* @__PURE__ */BigInt(4),H=/* @__PURE__ */BigInt(5),Y=/* @__PURE__ */BigInt(7),z=/* @__PURE__ */BigInt(8),_=/* @__PURE__ */BigInt(9),D=/* @__PURE__ */BigInt(16);function X(t,e){const f=t%e;return f>=C?f:e+f}function M(t,e,f){let r=t;for(;e-- >C;)r*=r,r%=f;return r}function $(t,e){if(t===C)throw Error("invert: expected non-zero number");if(e<=C)throw Error("invert: expected positive modulus, got "+e);let f=X(t,e),r=e,n=C,o=k;for(;f!==C;){const t=r%f,e=n-o*(r/f);r=f,f=t,n=o,o=e}if(r!==k)throw Error("invert: does not exist");return X(n,e)}function W(t,e,f){if(!t.eql(t.sqr(e),f))throw Error("Cannot find square root")}function J(t,e){const f=(t.ORDER+k)/G,r=t.pow(e,f);return W(t,r,e),r}function Q(t,e){const f=(t.ORDER-H)/z,r=t.mul(e,j),n=t.pow(r,f),o=t.mul(e,n),i=t.mul(t.mul(o,j),n),s=t.mul(o,t.sub(i,t.ONE));return W(t,s,e),s}function tt(t){if(t<L)throw Error("sqrt is not defined for small field");let e=t-k,f=0;for(;e%j===C;)e/=j,f++;let r=j;const n=it(t);for(;1===nt(n,r);)if(r++>1e3)throw Error("Cannot find square root: probably non-prime P");if(1===f)return J;let o=n.pow(r,e);const i=(e+k)/j;return function(t,r){if(t.is0(r))return r;if(1!==nt(t,r))throw Error("Cannot find square root");let n=f,s=t.mul(t.ONE,o),c=t.pow(r,e),a=t.pow(r,i);for(;!t.eql(c,t.ONE);){if(t.is0(c))return t.ZERO;let e=1,f=t.sqr(c);for(;!t.eql(f,t.ONE);)if(e++,f=t.sqr(f),e===n)throw Error("Cannot find square root");const r=k<<BigInt(n-e-1),o=t.pow(s,r);n=e,s=t.sqr(o),c=t.mul(c,s),a=t.mul(a,o)}return a}}function et(t){return t%G===L?J:t%z===H?Q:t%D===_?function(t){const e=it(t),f=tt(t),r=f(e,e.neg(e.ONE)),n=f(e,r),o=f(e,e.neg(r)),i=(t+Y)/D;return(t,e)=>{let f=t.pow(e,i),s=t.mul(f,r);const c=t.mul(f,n),a=t.mul(f,o),d=t.eql(t.sqr(s),e),u=t.eql(t.sqr(c),e);f=t.cmov(f,s,d),s=t.cmov(a,c,u);const l=t.eql(t.sqr(s),e),h=t.cmov(f,s,l);return W(t,h,e),h}}(t):tt(t)}const ft=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function rt(t,e,f=!1){const r=Array(e.length).fill(f?t.ZERO:void 0),n=e.reduce(((e,f,n)=>t.is0(f)?e:(r[n]=e,t.mul(e,f))),t.ONE),o=t.inv(n);return e.reduceRight(((e,f,n)=>t.is0(f)?e:(r[n]=t.mul(e,r[n]),t.mul(e,f))),o),r}function nt(t,e){const f=(t.ORDER-k)/j,r=t.pow(e,f),n=t.eql(r,t.ONE),o=t.eql(r,t.ZERO),i=t.eql(r,t.neg(t.ONE));if(!n&&!o&&!i)throw Error("invalid Legendre symbol result");return n?1:o?0:-1}function ot(t,e){void 0!==e&&o(e);const f=void 0!==e?e:t.toString(2).length;return{nBitLength:f,nByteLength:Math.ceil(f/8)}}function it(t,e,f=!1,r={}){if(t<=C)throw Error("invalid field: expected ORDER > 0, got "+t);let n,o,i,s=!1;if("object"==typeof e&&null!=e){if(r.sqrt||f)throw Error("cannot specify opts in two arguments");const t=e;t.BITS&&(n=t.BITS),t.sqrt&&(o=t.sqrt),"boolean"==typeof t.isLE&&(f=t.isLE),"boolean"==typeof t.modFromBytes&&(s=t.modFromBytes),i=t.allowedLengths}else"number"==typeof e&&(n=e),r.sqrt&&(o=r.sqrt);const{nBitLength:c,nByteLength:a}=ot(t,n);if(a>2048)throw Error("invalid field: expected ORDER of <= 2048 bytes");let d;const u=Object.freeze({ORDER:t,isLE:f,BITS:c,BYTES:a,MASK:U(c),ZERO:C,ONE:k,allowedLengths:i,create:e=>X(e,t),isValid:e=>{if("bigint"!=typeof e)throw Error("invalid field element: expected bigint, got "+typeof e);return C<=e&&e<t},is0:t=>t===C,isValidNot0:t=>!u.is0(t)&&u.isValid(t),isOdd:t=>(t&k)===k,neg:e=>X(-e,t),eql:(t,e)=>t===e,sqr:e=>X(e*e,t),add:(e,f)=>X(e+f,t),sub:(e,f)=>X(e-f,t),mul:(e,f)=>X(e*f,t),pow:(t,e)=>function(t,e,f){if(f<C)throw Error("invalid exponent, negatives unsupported");if(f===C)return t.ONE;if(f===k)return e;let r=t.ONE,n=e;for(;f>C;)f&k&&(r=t.mul(r,n)),n=t.sqr(n),f>>=k;return r}(u,t,e),div:(e,f)=>X(e*$(f,t),t),sqrN:t=>t*t,addN:(t,e)=>t+e,subN:(t,e)=>t-e,mulN:(t,e)=>t*e,inv:e=>$(e,t),sqrt:o||(e=>(d||(d=et(t)),d(u,e))),toBytes:t=>f?A(t,a):F(t,a),fromBytes:(e,r=!0)=>{if(i){if(!i.includes(e.length)||e.length>a)throw Error("Field.fromBytes: expected "+i+" bytes, got "+e.length);const t=new Uint8Array(a);t.set(e,f?0:t.length-e.length),e=t}if(e.length!==a)throw Error("Field.fromBytes: expected "+a+" bytes, got "+e.length);let n=f?R(e):O(e);if(s&&(n=X(n,t)),!r&&!u.isValid(n))throw Error("invalid field element: outside of range 0..ORDER");return n},invertBatch:t=>rt(u,t),cmov:(t,e,f)=>f?e:t});return Object.freeze(u)}function st(t){if("bigint"!=typeof t)throw Error("field order must be bigint");const e=t.toString(2).length;return Math.ceil(e/8)}function ct(t){const e=st(t);return e+Math.ceil(e/2)}class at extends i{constructor(t,e){super(),this.finished=!1,this.destroyed=!1,s(t);const f=c(e);if(this.iHash=t.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const r=this.blockLen,n=new Uint8Array(r);n.set(f.length>r?t.create().update(f).digest():f);for(let t=0;t<n.length;t++)n[t]^=54;this.iHash.update(n),this.oHash=t.create();for(let t=0;t<n.length;t++)n[t]^=106;this.oHash.update(n),a(n)}update(t){return d(this),this.iHash.update(t),this}digestInto(t){d(this),e(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){const t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));const{oHash:e,iHash:f,finished:r,destroyed:n,blockLen:o,outputLen:i}=this;return t.finished=r,t.destroyed=n,t.blockLen=o,t.outputLen=i,t.oHash=e._cloneInto(t.oHash),t.iHash=f._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}}const dt=(t,e,f)=>new at(t,e).update(f).digest();dt.create=(t,e)=>new at(t,e) /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */;const ut=BigInt(0),lt=BigInt(1);function ht(t,e){const f=e.negate();return t?f:e}function bt(t,e){const f=rt(t.Fp,e.map((t=>t.Z)));return e.map(((e,r)=>t.fromAffine(e.toAffine(f[r]))))}function gt(t,e){if(!Number.isSafeInteger(t)||t<=0||t>e)throw Error("invalid window size, expected [1.."+e+"], got W="+t)}function pt(t,e){gt(t,e);const f=2**t;return{windows:Math.ceil(e/t)+1,windowSize:2**(t-1),mask:U(t),maxNumber:f,shiftBy:BigInt(t)}}function yt(t,e,f){const{windowSize:r,mask:n,maxNumber:o,shiftBy:i}=f;let s=Number(t&n),c=t>>i;s>r&&(s-=o,c+=lt);const a=e*r;return{nextN:c,offset:a+Math.abs(s)-1,isZero:0===s,isNeg:s<0,isNegF:e%2!=0,offsetF:a}}const mt=new WeakMap,Bt=new WeakMap;function wt(t){return Bt.get(t)||1}function Et(t){if(t!==ut)throw Error("invalid wNAF")}class xt{constructor(t,e){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=e}_unsafeLadder(t,e,f=this.ZERO){let r=t;for(;e>ut;)e&lt&&(f=f.add(r)),r=r.double(),e>>=lt;return f}precomputeWindow(t,e){const{windows:f,windowSize:r}=pt(e,this.bits),n=[];let o=t,i=o;for(let t=0;t<f;t++){i=o,n.push(i);for(let t=1;t<r;t++)i=i.add(o),n.push(i);o=i.double()}return n}wNAF(t,e,f){if(!this.Fn.isValid(f))throw Error("invalid scalar");let r=this.ZERO,n=this.BASE;const o=pt(t,this.bits);for(let t=0;t<o.windows;t++){const{nextN:i,offset:s,isZero:c,isNeg:a,isNegF:d,offsetF:u}=yt(f,t,o);f=i,c?n=n.add(ht(d,e[u])):r=r.add(ht(a,e[s]))}return Et(f),{p:r,f:n}}wNAFUnsafe(t,e,f,r=this.ZERO){const n=pt(t,this.bits);for(let t=0;t<n.windows&&f!==ut;t++){const{nextN:o,offset:i,isZero:s,isNeg:c}=yt(f,t,n);if(f=o,!s){const t=e[i];r=r.add(c?t.negate():t)}}return Et(f),r}getPrecomputes(t,e,f){let r=mt.get(e);return r||(r=this.precomputeWindow(e,t),1!==t&&("function"==typeof f&&(r=f(r)),mt.set(e,r))),r}cached(t,e,f){const r=wt(t);return this.wNAF(r,this.getPrecomputes(r,t,f),e)}unsafe(t,e,f,r){const n=wt(t);return 1===n?this._unsafeLadder(t,e,r):this.wNAFUnsafe(n,this.getPrecomputes(n,t,f),e,r)}createCache(t,e){gt(e,this.bits),Bt.set(t,e),mt.delete(t)}hasCache(t){return 1!==wt(t)}}function vt(t,e,f,r){!function(t,e){if(!Array.isArray(t))throw Error("array expected");t.forEach(((t,f)=>{if(!(t instanceof e))throw Error("invalid point at index "+f)}))}(f,t),function(t,e){if(!Array.isArray(t))throw Error("array of scalars expected");t.forEach(((t,f)=>{if(!e.isValid(t))throw Error("invalid scalar at index "+f)}))}(r,e);const n=f.length,o=r.length;if(n!==o)throw Error("arrays of points and scalars must have equal length");const i=t.ZERO,s=N(BigInt(n));let c=1;s>12?c=s-3:s>4?c=s-2:s>0&&(c=2);const a=U(c),d=Array(Number(a)+1).fill(i);let u=i;for(let t=Math.floor((e.BITS-1)/c)*c;t>=0;t-=c){d.fill(i);for(let e=0;e<o;e++){const n=r[e],o=Number(n>>BigInt(t)&a);d[o]=d[o].add(f[e])}let e=i;for(let t=d.length-1,f=i;t>0;t--)f=f.add(d[t]),e=e.add(f);if(u=u.add(e),0!==t)for(let t=0;t<c;t++)u=u.double()}return u}function It(t,e,f){if(e){if(e.ORDER!==t)throw Error("Field.ORDER must match order: Fp == p, Fn == n");return function(t){V(t,ft.reduce(((t,e)=>(t[e]="function",t)),{ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"}))}(e),e}return it(t,{isLE:f})}function St(t,e,f={},r){if(void 0===r&&(r="edwards"===t),!e||"object"!=typeof e)throw Error(`expected valid ${t} CURVE object`);for(const t of["p","n","h"]){const f=e[t];if(!("bigint"==typeof f&&f>ut))throw Error(`CURVE.${t} must be positive bigint`)}const n=It(e.p,f.Fp,r),o=It(e.n,f.Fn,r),i=["Gx","Gy","a","weierstrass"===t?"b":"d"];for(const t of i)if(!n.isValid(e[t]))throw Error(`CURVE.${t} must be valid field element of CURVE.Fp`);return{CURVE:e=Object.freeze(Object.assign({},e)),Fp:n,Fn:o}} /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Ot=(t,e)=>(t+(t>=0?e:-e)/Pt)/e;function Rt(t){if(!["compact","recovered","der"].includes(t))throw Error('Signature format must be "compact", "recovered", or "der"');return t}function Ft(t,e){const f={};for(let r of Object.keys(e))f[r]=void 0===t[r]?e[r]:t[r];return x(f.lowS,"lowS"),x(f.prehash,"prehash"),void 0!==f.format&&Rt(f.format),f}const At={Err:class extends Error{constructor(t=""){super(t)}},_tlv:{encode:(t,e)=>{const{Err:f}=At;if(t<0||t>256)throw new f("tlv.encode: wrong tag");if(1&e.length)throw new f("tlv.encode: unpadded data");const r=e.length/2,n=I(r);if(n.length/2&128)throw new f("tlv.encode: long form length too big");const o=r>127?I(n.length/2|128):"";return I(t)+o+n+e},decode(t,e){const{Err:f}=At;let r=0;if(t<0||t>256)throw new f("tlv.encode: wrong tag");if(e.length<2||e[r++]!==t)throw new f("tlv.decode: wrong tlv");const n=e[r++];let o=0;if(!!(128&n)){const t=127&n;if(!t)throw new f("tlv.decode(long): indefinite length not supported");if(t>4)throw new f("tlv.decode(long): byte length is too big");const i=e.subarray(r,r+t);if(i.length!==t)throw new f("tlv.decode: length bytes not complete");if(0===i[0])throw new f("tlv.decode(long): zero leftmost byte");for(const t of i)o=o<<8|t;if(r+=t,o<128)throw new f("tlv.decode(long): not minimal encoding")}else o=n;const i=e.subarray(r,r+o);if(i.length!==o)throw new f("tlv.decode: wrong value length");return{v:i,l:e.subarray(r+o)}}},_int:{encode(t){const{Err:e}=At;if(t<qt)throw new e("integer: negative integers are not allowed");let f=I(t);if(8&Number.parseInt(f[0],16)&&(f="00"+f),1&f.length)throw new e("unexpected DER parsing assertion: unpadded hex");return f},decode(t){const{Err:e}=At;if(128&t[0])throw new e("invalid signature integer: negative");if(0===t[0]&&!(128&t[1]))throw new e("invalid signature integer: unnecessary leading zero");return O(t)}},toSig(t){const{Err:e,_int:f,_tlv:r}=At,n=q("signature",t),{v:o,l:i}=r.decode(48,n);if(i.length)throw new e("invalid signature: left bytes after parsing");const{v:s,l:c}=r.decode(2,o),{v:a,l:d}=r.decode(2,c);if(d.length)throw new e("invalid signature: left bytes after parsing");return{r:f.decode(s),s:f.decode(a)}},hexFromSig(t){const{_tlv:e,_int:f}=At,r=e.encode(2,f.encode(t.r))+e.encode(2,f.encode(t.s));return e.encode(48,r)}},qt=BigInt(0),Zt=BigInt(1),Pt=BigInt(2),Kt=BigInt(3),Nt=BigInt(4);function Ut(t,e){const{BYTES:f}=t;let r;if("bigint"==typeof e)r=e;else{let n=q("private key",e);try{r=t.fromBytes(n)}catch(t){throw Error(`invalid private key: expected ui8a of size ${f}, got ${typeof e}`)}}if(!t.isValidNot0(r))throw Error("invalid private key: out of range [1..N-1]");return r}function Vt(t,e={}){const r=St("weierstrass",t,e),{Fp:o,Fn:i}=r;let s=r.CURVE;const{h:c,n:a}=s;V(e,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});const{endo:d}=e;if(d&&(!o.is0(s.a)||"bigint"!=typeof d.beta||!Array.isArray(d.basises)))throw Error('invalid endo: expected "beta": bigint and "basises": array');const u=Ct(o,i);function l(){if(!o.isOdd)throw Error("compression is not supported: Field does not have .isOdd()")}const h=e.toBytes||function(t,e,f){const{x:r,y:i}=e.toAffine(),s=o.toBytes(r);if(x(f,"isCompressed"),f){l();const t=!o.isOdd(i);return n(Tt(t),s)}return n(Uint8Array.of(4),s,o.toBytes(i))},b=e.fromBytes||function(t){v(t,void 0,"Point");const{publicKey:e,publicKeyUncompressed:f}=u,r=t.length,n=t[0],i=t.subarray(1);if(r!==e||2!==n&&3!==n){if(r===f&&4===n){const t=o.BYTES,e=o.fromBytes(i.subarray(0,t)),f=o.fromBytes(i.subarray(t,2*t));if(!p(e,f))throw Error("bad point: is not on curve");return{x:e,y:f}}throw Error(`bad point: got length ${r}, expected compressed=${e} or uncompressed=${f}`)}{const t=o.fromBytes(i);if(!o.isValid(t))throw Error("bad point: is not on curve, wrong x");const e=g(t);let f;try{f=o.sqrt(e)}catch(t){const e=t instanceof Error?": "+t.message:"";throw Error("bad point: is not on curve, sqrt error"+e)}l();return!(1&~n)!==o.isOdd(f)&&(f=o.neg(f)),{x:t,y:f}}};function g(t){const e=o.sqr(t),f=o.mul(e,t);return o.add(o.add(f,o.mul(t,s.a)),s.b)}function p(t,e){const f=o.sqr(e),r=g(t);return o.eql(f,r)}if(!p(s.Gx,s.Gy))throw Error("bad curve params: generator point");const y=o.mul(o.pow(s.a,Kt),Nt),m=o.mul(o.sqr(s.b),BigInt(27));if(o.is0(o.add(y,m)))throw Error("bad curve params: a or b");function B(t,e,f=!1){if(!o.isValid(e)||f&&o.is0(e))throw Error("bad point coordinate "+t);return e}function w(t){if(!(t instanceof R))throw Error("ProjectivePoint expected")}function E(t){if(!d||!d.basises)throw Error("no endo");return function(t,e,f){const[[r,n],[o,i]]=e,s=Ot(i*t,f),c=Ot(-n*t,f);let a=t-s*r-c*o,d=-s*n-c*i;const u=a<qt,l=d<qt;u&&(a=-a),l&&(d=-d);const h=U(Math.ceil(N(f)/2))+Zt;if(a<qt||a>=h||d<qt||d>=h)throw Error("splitScalar (endomorphism): failed, k="+t);return{k1neg:u,k1:a,k2neg:l,k2:d}}(t,d.basises,i.ORDER)}const I=T(((t,e)=>{const{X:f,Y:r,Z:n}=t;if(o.eql(n,o.ONE))return{x:f,y:r};const i=t.is0();null==e&&(e=i?o.ONE:o.inv(n));const s=o.mul(f,e),c=o.mul(r,e),a=o.mul(n,e);if(i)return{x:o.ZERO,y:o.ZERO};if(!o.eql(a,o.ONE))throw Error("invZ was invalid");return{x:s,y:c}})),S=T((t=>{if(t.is0()){if(e.allowInfinityPoint&&!o.is0(t.Y))return;throw Error("bad point: ZERO")}const{x:f,y:r}=t.toAffine();if(!o.isValid(f)||!o.isValid(r))throw Error("bad point: x or y not field elements");if(!p(f,r))throw Error("bad point: equation left != right");if(!t.isTorsionFree())throw Error("bad point: not in prime-order subgroup");return!0}));function O(t,e,f,r,n){return f=new R(o.mul(f.X,t),f.Y,f.Z),e=ht(r,e),f=ht(n,f),e.add(f)}class R{constructor(t,e,f){this.X=B("x",t),this.Y=B("y",e,!0),this.Z=B("z",f),Object.freeze(this)}static CURVE(){return s}static fromAffine(t){const{x:e,y:f}=t||{};if(!t||!o.isValid(e)||!o.isValid(f))throw Error("invalid affine point");if(t instanceof R)throw Error("projective point not allowed");return o.is0(e)&&o.is0(f)?R.ZERO:new R(e,f,o.ONE)}static fromBytes(t){const e=R.fromAffine(b(v(t,void 0,"point")));return e.assertValidity(),e}static fromHex(t){return R.fromBytes(q("pointHex",t))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(t=8,e=!0){return A.createCache(this,t),e||this.multiply(Kt),this}assertValidity(){S(this)}hasEvenY(){const{y:t}=this.toAffine();if(!o.isOdd)throw Error("Field doesn't support isOdd");return!o.isOdd(t)}equals(t){w(t);const{X:e,Y:f,Z:r}=this,{X:n,Y:i,Z:s}=t,c=o.eql(o.mul(e,s),o.mul(n,r)),a=o.eql(o.mul(f,s),o.mul(i,r));return c&&a}negate(){return new R(this.X,o.neg(this.Y),this.Z)}double(){const{a:t,b:e}=s,f=o.mul(e,Kt),{X:r,Y:n,Z:i}=this;let c=o.ZERO,a=o.ZERO,d=o.ZERO,u=o.mul(r,r),l=o.mul(n,n),h=o.mul(i,i),b=o.mul(r,n);return b=o.add(b,b),d=o.mul(r,i),d=o.add(d,d),c=o.mul(t,d),a=o.mul(f,h),a=o.add(c,a),c=o.sub(l,a),a=o.add(l,a),a=o.mul(c,a),c=o.mul(b,c),d=o.mul(f,d),h=o.mul(t,h),b=o.sub(u,h),b=o.mul(t,b),b=o.add(b,d),d=o.add(u,u),u=o.add(d,u),u=o.add(u,h),u=o.mul(u,b),a=o.add(a,u),h=o.mul(n,i),h=o.add(h,h),u=o.mul(h,b),c=o.sub(c,u),d=o.mul(h,l),d=o.add(d,d),d=o.add(d,d),new R(c,a,d)}add(t){w(t);const{X:e,Y:f,Z:r}=this,{X:n,Y:i,Z:c}=t;let a=o.ZERO,d=o.ZERO,u=o.ZERO;const l=s.a,h=o.mul(s.b,Kt);let b=o.mul(e,n),g=o.mul(f,i),p=o.mul(r,c),y=o.add(e,f),m=o.add(n,i);y=o.mul(y,m),m=o.add(b,g),y=o.sub(y,m),m=o.add(e,r);let B=o.add(n,c);return m=o.mul(m,B),B=o.add(b,p),m=o.sub(m,B),B=o.add(f,r),a=o.add(i,c),B=o.mul(B,a),a=o.add(g,p),B=o.sub(B,a),u=o.mul(l,m),a=o.mul(h,p),u=o.add(a,u),a=o.sub(g,u),u=o.add(g,u),d=o.mul(a,u),g=o.add(b,b),g=o.add(g,b),p=o.mul(l,p),m=o.mul(h,m),g=o.add(g,p),p=o.sub(b,p),p=o.mul(l,p),m=o.add(m,p),b=o.mul(g,m),d=o.add(d,b),b=o.mul(B,m),a=o.mul(y,a),a=o.sub(a,b),b=o.mul(y,g),u=o.mul(B,u),u=o.add(u,b),new R(a,d,u)}subtract(t){return this.add(t.negate())}is0(){return this.equals(R.ZERO)}multiply(t){const{endo:f}=e;if(!i.isValidNot0(t))throw Error("invalid scalar: out of range");let r,n;const o=t=>A.cached(this,t,(t=>bt(R,t)));if(f){const{k1neg:e,k1:i,k2neg:s,k2:c}=E(t),{p:a,f:d}=o(i),{p:u,f:l}=o(c);n=d.add(l),r=O(f.beta,a,u,e,s)}else{const{p:e,f}=o(t);r=e,n=f}return bt(R,[r,n])[0]}multiplyUnsafe(t){const{endo:f}=e,r=this;if(!i.isValid(t))throw Error("invalid scalar: out of range");if(t===qt||r.is0())return R.ZERO;if(t===Zt)return r;if(A.hasCache(this))return this.multiply(t);if(f){const{k1neg:e,k1:n,k2neg:o,k2:i}=E(t),{p1:s,p2:c}=function(t,e,f,r){let n=e,o=t.ZERO,i=t.ZERO;for(;f>ut||r>ut;)f&lt&&(o=o.add(n)),r&lt&&(i=i.add(n)),n=n.double(),f>>=lt,r>>=lt;return{p1:o,p2:i}}(R,r,n,i);return O(f.beta,s,c,e,o)}return A.unsafe(r,t)}multiplyAndAddUnsafe(t,e,f){const r=this.multiplyUnsafe(e).add(t.multiplyUnsafe(f));return r.is0()?void 0:r}toAffine(t){return I(this,t)}isTorsionFree(){const{isTorsionFree:t}=e;return c===Zt||(t?t(R,this):A.unsafe(this,a).is0())}clearCofactor(){const{clearCofactor:t}=e;return c===Zt?this:t?t(R,this):this.multiplyUnsafe(c)}isSmallOrder(){return this.multiplyUnsafe(c).is0()}toBytes(t=!0){return x(t,"isCompressed"),this.assertValidity(),h(R,this,t)}toHex(t=!0){return f(this.toBytes(t))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(t=!0){return this.toBytes(t)}_setWindowSize(t){this.precompute(t)}static normalizeZ(t){return bt(R,t)}static msm(t,e){return vt(R,i,t,e)}static fromPrivateKey(t){return R.BASE.multiply(Ut(i,t))}}R.BASE=new R(s.Gx,s.Gy,o.ONE),R.ZERO=new R(o.ZERO,o.ONE,o.ZERO),R.Fp=o,R.Fn=i;const F=i.BITS,A=new xt(R,e.endo?Math.ceil(F/2):F);return R.BASE.precompute(8),R}function Tt(t){return Uint8Array.of(t?2:3)}function Ct(t,e){return{secretKey:e.BYTES,publicKey:1+t.BYTES,publicKeyUncompressed:1+2*t.BYTES,publicKeyHasPrefix:!0,signature:2*e.BYTES}}function kt(t,e={}){const{Fn:f}=t,r=e.randomBytes||u,n=Object.assign(Ct(t.Fp,f),{seed:ct(f.ORDER)});function o(t){try{return!!Ut(f,t)}catch(t){return!1}}function i(t=r(n.seed)){return function(t,e,f=!1){const r=t.length,n=st(e),o=ct(e);if(r<16||r<o||r>1024)throw Error("expected "+o+"-1024 bytes of input, got "+r);const i=X(f?R(t):O(t),e-k)+k;return f?A(i,n):F(i,n)}(v(t,n.seed,"seed"),f.ORDER)}function s(e,r=!0){return t.BASE.multiply(Ut(f,e)).toBytes(r)}function c(e){if("bigint"==typeof e)return!1;if(e instanceof t)return!0;const{secretKey:r,publicKey:o,publicKeyUncompressed:i}=n;if(f.allowedLengths||r===o)return;const s=q("key",e).length;return s===o||s===i}const a={isValidSecretKey:o,isValidPublicKey:function(e,f){const{publicKey:r,publicKeyUncompressed:o}=n;try{const n=e.length;return(!0!==f||n===r)&&((!1!==f||n===o)&&!!t.fromBytes(e))}catch(t){return!1}},randomSecretKey:i,isValidPrivateKey:o,randomPrivateKey:i,normPrivateKeyToScalar:t=>Ut(f,t),precompute:(e=8,f=t.BASE)=>f.precompute(e,!1)};return Object.freeze({getPublicKey:s,getSharedSecret:function(e,r,n=!0){if(!0===c(e))throw Error("first arg must be private key");if(!1===c(r))throw Error("second arg must be public key");const o=Ut(f,e);return t.fromHex(r).multiply(o).toBytes(n)},keygen:function(t){const e=i(t);return{secretKey:e,publicKey:s(e)}},Point:t,utils:a,lengths:n})}function jt(e,o,i={}){s(o),V(i,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});const c=i.randomBytes||u,a=i.hmac||((t,...e)=>dt(o,t,n(...e))),{Fp:d,Fn:l}=e,{ORDER:h,BITS:b}=l,{keygen:g,getPublicKey:p,getSharedSecret:y,utils:m,lengths:B}=kt(e,i),w={prehash:!1,lowS:"boolean"==typeof i.lowS&&i.lowS,format:void 0,extraEntropy:!1},E="compact";function x(t){return t>h>>Zt}function I(t,e){if(!l.isValidNot0(e))throw Error(`invalid signature ${t}: out of range 1..Point.Fn.ORDER`);return e}class S{constructor(t,e,f){this.r=I("r",t),this.s=I("s",e),null!=f&&(this.recovery=f),Object.freeze(this)}static fromBytes(t,e=E){let f;if(function(t,e){Rt(e);const f=B.signature;v(t,"compact"===e?f:"recovered"===e?f+1:void 0,e+" signature")}(t,e),"der"===e){const{r:e,s:f}=At.toSig(v(t));return new S(e,f)}"recovered"===e&&(f=t[0],e="compact",t=t.subarray(1));const r=l.BYTES,n=t.subarray(0,r),o=t.subarray(r,2*r);return new S(l.fromBytes(n),l.fromBytes(o),f)}static fromHex(e,f){return this.fromBytes(t(e),f)}addRecoveryBit(t){return new S(this.r,this.s,t)}recoverPublicKey(t){const f=d.ORDER,{r,s:o,recovery:i}=this;if(null==i||![0,1,2,3].includes(i))throw Error("recovery id invalid");if(h*Pt<f&&i>1)throw Error("recovery id is ambiguous for h>1 curve");const s=2===i||3===i?r+h:r;if(!d.isValid(s))throw Error("recovery id 2 or 3 invalid");const c=d.toBytes(s),a=e.fromBytes(n(Tt(!(1&i)),c)),u=l.inv(s),b=F(q("msgHash",t)),g=l.create(-b*u),p=l.create(o*u),y=e.BASE.multiplyUnsafe(g).add(a.multiplyUnsafe(p));if(y.is0())throw Error("point at infinify");return y.assertValidity(),y}hasHighS(){return x(this.s)}toBytes(e=E){if(Rt(e),"der"===e)return t(At.hexFromSig(this));const f=l.toBytes(this.r),r=l.toBytes(this.s);if("recovered"===e){if(null==this.recovery)throw Error("recovery bit must be present");return n(Uint8Array.of(this.recovery),f,r)}return n(f,r)}toHex(t){return f(this.toBytes(t))}assertValidity(){}static fromCompact(t){return S.fromBytes(q("sig",t),"compact")}static fromDER(t){return S.fromBytes(q("sig",t),"der")}normalizeS(){return this.hasHighS()?new S(this.r,l.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return f(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return f(this.toBytes("compact"))}}const R=i.bits2int||function(t){if(t.length>8192)throw Error("input is too large");const e=O(t),f=8*t.length-b;return f>0?e>>BigInt(f):e},F=i.bits2int_modN||function(t){return l.create(R(t))},A=U(b);function Z(t){return K("num < 2^"+b,t,qt,A),l.toBytes(t)}function P(t,e){return v(t,void 0,"message"),e?v(o(t),void 0,"prehashed message"):t}return Object.freeze({keygen:g,getPublicKey:p,getSharedSecret:y,utils:m,lengths:B,Point:e,sign:function(t,f,r={}){t=q("message",t);const{seed:i,k2sig:s}=function(t,f,r){if(["recovered","canonical"].some((t=>t in r)))throw Error("sign() legacy options not supported");const{lowS:o,prehash:i,extraEntropy:s}=Ft(r,w);t=P(t,i);const a=F(t),d=Ut(l,f),u=[Z(d),Z(a)];if(null!=s&&!1!==s){const t=!0===s?c(B.secretKey):s;u.push(q("extraEntropy",t))}const h=n(...u),b=a;return{seed:h,k2sig:function(t){const f=R(t);if(!l.isValidNot0(f))return;const r=l.inv(f),n=e.BASE.multiply(f).toAffine(),i=l.create(n.x);if(i===qt)return;const s=l.create(r*l.create(b+i*d));if(s===qt)return;let c=(n.x===i?0:2)|Number(n.y&Zt),a=s;return o&&x(s)&&(a=l.neg(s),c^=1),new S(i,a,c)}}}(t,f,r);return function(t,e,f){if("number"!=typeof t||t<2)throw Error("hashLen must be a number");if("number"!=typeof e||e<2)throw Error("qByteLen must be a number");if("function"!=typeof f)throw Error("hmacFn must be a function");const r=t=>new Uint8Array(t),o=t=>Uint8Array.of(t);let i=r(t),s=r(t),c=0;const a=()=>{i.fill(1),s.fill(0),c=0},d=(...t)=>f(s,i,...t),u=(t=r(0))=>{s=d(o(0),t),i=d(),0!==t.length&&(s=d(o(1),t),i=d())},l=()=>{if(c++>=1e3)throw Error("drbg: tried 1000 values");let t=0;const f=[];for(;t<e;){i=d();const e=i.slice();f.push(e),t+=i.length}return n(...f)};return(t,e)=>{let f;for(a(),u(t);!(f=e(l()));)u();return a(),f}}(o.outputLen,l.BYTES,a)(i,s)},verify:function(t,f,n,o={}){const{lowS:i,prehash:s,format:c}=Ft(o,w);if(n=q("publicKey",n),f=P(q("message",f),s),"strict"in o)throw Error("options.strict was renamed to lowS");const a=void 0===c?function(t){let e;const f="string"==typeof t||r(t),n=!f&&null!==t&&"object"==typeof t&&"bigint"==typeof t.r&&"bigint"==typeof t.s;if(!f&&!n)throw Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(n)e=new S(t.r,t.s);else if(f){try{e=S.fromBytes(q("sig",t),"der")}catch(t){if(!(t instanceof At.Err))throw t}if(!e)try{e=S.fromBytes(q("sig",t),"compact")}catch(t){return!1}}return e||!1}(t):S.fromBytes(q("sig",t),c);if(!1===a)return!1;try{const t=e.fromBytes(n);if(i&&a.hasHighS())return!1;const{r,s:o}=a,s=F(f),c=l.inv(o),d=l.create(s*c),u=l.create(r*c),h=e.BASE.multiplyUnsafe(d).add(t.multiplyUnsafe(u));if(h.is0())return!1;return l.create(h.x)===r}catch(t){return!1}},recoverPublicKey:function(t,e,f={}){const{prehash:r}=Ft(f,w);return e=P(e,r),S.fromBytes(t,"recovered").recoverPublicKey(e).toBytes()},Signature:S,hash:o})}function Lt(t){const{CURVE:e,curveOpts:f}=function(t){const e={a:t.a,b:t.b,p:t.Fp.ORDER,n:t.n,h:t.h,Gx:t.Gx,Gy:t.Gy},f=t.Fp;let r=t.allowedPrivateKeyLengths?Array.from(new Set(t.allowedPrivateKeyLengths.map((t=>Math.ceil(t/2))))):void 0;return{CURVE:e,curveOpts:{Fp:f,Fn:it(e.n,{BITS:t.nBitLength,allowedLengths:r,modFromBytes:t.wrapPrivateKey}),allowInfinityPoint:t.allowInfinityPoint,endo:t.endo,isTorsionFree:t.isTorsionFree,clearCofactor:t.clearCofactor,fromBytes:t.fromBytes,toBytes:t.toBytes}}}(t),r={hmac:t.hmac,randomBytes:t.randomBytes,lowS:t.lowS,bits2int:t.bits2int,bits2int_modN:t.bits2int_modN};return{CURVE:e,curveOpts:f,hash:t.hash,ecdsaOpts:r}}function Gt(t){const{CURVE:e,curveOpts:f,hash:r,ecdsaOpts:n}=Lt(t);return function(t,e){const f=e.Point;return Object.assign({},e,{ProjectivePoint:f,CURVE:Object.assign({},t,ot(f.Fn.ORDER,f.Fn.BITS))})}(t,jt(Vt(e,f),r,n))} /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function Ht(t,e){const f=e=>Gt({...t,hash:e});return{...f(e),create:f}} /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Yt={p:BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),n:BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),h:BigInt(1),a:BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),b:BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),Gx:BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),Gy:BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")},zt={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"),n:BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),h:BigInt(1),a:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"),b:BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),Gx:BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),Gy:BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")},_t={p:BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),n:BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),h:BigInt(1),a:BigInt("0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"),b:BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),Gx:BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),Gy:BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")},Dt=it(Yt.p),Xt=it(zt.p),Mt=it(_t.p),$t=Ht({...Yt,Fp:Dt,lowS:!1},l),Wt=Ht({...zt,Fp:Xt,lowS:!1},h),Jt=Ht({..._t,Fp:Mt,lowS:!1,allowedPrivateKeyLengths:[130,131,132]},b),Qt=BigInt(0),te=BigInt(1),ee=BigInt(2),fe=BigInt(8);function re(t,e={}){const r=St("edwards",t,e,e.FpFnLE),{Fp:n,Fn:o}=r;let i=r.CURVE;const{h:s}=i;V(e,{},{uvRatio:"function"});const c=ee<<BigInt(8*o.BYTES)-te,a=t=>n.create(t),d=e.uvRatio||((t,e)=>{try{return{isValid:!0,value:n.sqrt(n.div(t,e))}}catch(t){return{isValid:!1,value:Qt}}});if(!function(t,e,f,r){const n=t.sqr(f),o=t.sqr(r),i=t.add(t.mul(e.a,n),o),s=t.add(t.ONE,t.mul(e.d,t.mul(n,o)));return t.eql(i,s)}(n,i,i.Gx,i.Gy))throw Error("bad curve params: generator point");function u(t,e,f=!1){return K("coordinate "+t,e,f?te:Qt,c),e}function l(t){if(!(t instanceof g))throw Error("ExtendedPoint expected")}const h=T(((t,e)=>{const{X:f,Y:r,Z:o}=t,i=t.is0();null==e&&(e=i?fe:n.inv(o));const s=a(f*e),c=a(r*e),d=n.mul(o,e);if(i)return{x:Qt,y:te};if(d!==te)throw Error("invZ was invalid");return{x:s,y:c}})),b=T((t=>{const{a:e,d:f}=i;if(t.is0())throw Error("bad point: ZERO");const{X:r,Y:n,Z:o,T:s}=t,c=a(r*r),d=a(n*n),u=a(o*o),l=a(u*u),h=a(c*e);if(a(u*a(h+d))!==a(l+a(f*a(c*d))))throw Error("bad point: equation left != right (1)");if(a(r*n)!==a(o*s))throw Error("bad point: equation left != right (2)");return!0}));class g{constructor(t,e,f,r){this.X=u("x",t),this.Y=u("y",e),this.Z=u("z",f,!0),this.T=u("t",r),Object.freeze(this)}static CURVE(){return i}static fromAffine(t){if(t instanceof g)throw Error("extended point not allowed");const{x:e,y:f}=t||{};return u("x",e),u("y",f),new g(e,f,te,a(e*f))}static fromBytes(t,e=!1){const f=n.BYTES,{a:r,d:o}=i;t=Z(v(t,f,"point")),x(e,"zip215");const s=Z(t),u=t[f-1];s[f-1]=-129&u;const l=R(s),h=e?c:n.ORDER;K("point.y",l,Qt,h);const b=a(l*l),p=a(b-te),y=a(o*b-r);let{isValid:m,value:B}=d(p,y);if(!m)throw Error("bad point: invalid y coordinate");const w=(B&te)===te,E=!!(128&u);if(!e&&B===Qt&&E)throw Error("bad point: x=0 and x_0=1");return E!==w&&(B=a(-B)),g.fromAffine({x:B,y:l})}static fromHex(t,e=!1){return g.fromBytes(q("point",t),e)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(t=8,e=!0){return p.createCache(this,t),e||this.multiply(ee),this}assertValidity(){b(this)}equals(t){l(t);const{X:e,Y:f,Z:r}=this,{X:n,Y:o,Z:i}=t,s=a(e*i),c=a(n*r),d=a(f*i),u=a(o*r);return s===c&&d===u}is0(){return this.equals(g.ZERO)}negate(){return new g(a(-this.X),this.Y,this.Z,a(-this.T))}double(){const{a:t}=i,{X:e,Y:f,Z:r}=this,n=a(e*e),o=a(f*f),s=a(ee*a(r*r)),c=a(t*n),d=e+f,u=a(a(d*d)-n-o),l=c+o,h=l-s,b=c-o,p=a(u*h),y=a(l*b),m=a(u*b),B=a(h*l);return new g(p,y,B,m)}add(t){l(t);const{a:e,d:f}=i,{X:r,Y:n,Z:o,T:s}=this,{X:c,Y:d,Z:u,T:h}=t,b=a(r*c),p=a(n*d),y=a(s*f*h),m=a(o*u),B=a((r+n)*(c+d)-b-p),w=m-y,E=m+y,x=a(p-e*b),v=a(B*w),I=a(E*x),S=a(B*x),O=a(w*E);return new g(v,I,O,S)}subtract(t){return this.add(t.negate())}multiply(t){if(!o.isValidNot0(t))throw Error("invalid scalar: expected 1 <= sc < curve.n");const{p:e,f}=p.cached(this,t,(t=>bt(g,t)));return bt(g,[e,f])[0]}multiplyUnsafe(t,e=g.ZERO){if(!o.isValid(t))throw Error("invalid scalar: expected 0 <= sc < curve.n");return t===Qt?g.ZERO:this.is0()||t===te?this:p.unsafe(this,t,(t=>bt(g,t)),e)}isSmallOrder(){return this.multiplyUnsafe(s).is0()}isTorsionFree(){return p.unsafe(this,i.n).is0()}toAffine(t){return h(this,t)}clearCofactor(){return s===te?this:this.multiplyUnsafe(s)}toBytes(){const{x:t,y:e}=this.toAffine(),f=n.toBytes(e);return f[f.length-1]|=t&te?128:0,f}toHex(){return f(this.toBytes())}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get ex(){return this.X}get ey(){return this.Y}get ez(){return this.Z}get et(){return this.T}static normalizeZ(t){return bt(g,t)}static msm(t,e){return vt(g,o,t,e)}_setWindowSize(t){this.precompute(t)}toRawBytes(){return this.toBytes()}}g.BASE=new g(i.Gx,i.Gy,te,a(i.Gx*i.Gy)),g.ZERO=new g(Qt,te,te,Qt),g.Fp=n,g.Fn=o;const p=new xt(g,o.BITS);return g.BASE.precompute(8),g}function ne(t,e,f={}){if("function"!=typeof e)throw Error('"hash" function param is required');V(f,{},{adjustScalarBytes:"function",randomBytes:"function",domain:"function",prehash:"function",mapToCurve:"function"});const{prehash:o}=f,{BASE:i,Fp:s,Fn:c}=t,a=f.randomBytes||u,d=f.adjustScalarBytes||(t=>t),l=f.domain||((t,e,f)=>{if(x(f,"phflag"),e.length||f)throw Error("Contexts/pre-hash are not supported");return t});function h(t){return c.create(R(t))}function b(t){const{head:f,prefix:r,scalar:n}=function(t){const f=B.secretKey;t=q("private key",t,f);const r=q("hashed private key",e(t),2*f),n=d(r.slice(0,f));return{head:n,prefix:r.slice(f,2*f),scalar:h(n)}}(t),o=i.multiply(n),s=o.toBytes();return{head:f,prefix:r,scalar:n,point:o,pointBytes:s}}function g(t){return b(t).pointBytes}function p(t=Uint8Array.of(),...f){const r=n(...f);return h(e(l(r,q("context",t),!!o)))}const y={zip215:!0};const m=s.BYTES,B={secretKey:m,publicKey:m,signature:2*m,seed:m};function w(t=a(B.seed)){return v(t,B.seed,"seed")}const E={getExtendedPublicKey:b,randomSecretKey:w,isValidSecretKey:function(t){return r(t)&&t.length===c.BYTES},isValidPublicKey:function(e,f){try{return!!t.fromBytes(e,f)}catch(t){return!1}},toMontgomery(e){const{y:f}=t.fromBytes(e),r=B.publicKey,n=32===r;if(!n&&57!==r)throw Error("only defined for 25519 and 448");const o=n?s.div(te+f,te-f):s.div(f-te,f+te);return s.toBytes(o)},toMontgomeryPriv(t){const f=B.secretKey;v(t,f);const r=e(t.subarray(0,f));return d(r).subarray(0,f)},randomPrivateKey:w,precompute:(e=8,f=t.BASE)=>f.precompute(e,!1)};return Object.freeze({keygen:function(t){const e=E.randomSecretKey(t);return{secretKey:e,publicKey:g(e)}},getPublicKey:g,sign:function(t,e,f={}){t=q("message",t),o&&(t=o(t));const{prefix:r,scalar:s,pointBytes:a}=b(e),d=p(f.context,r,t),u=i.multiply(d).toBytes(),l=p(f.context,u,a,t),h=c.create(d+l*s);if(!c.isValid(h))throw Error("sign failed: invalid s");return v(n(u,c.toBytes(h)),B.signature,"result")},verify:function(e,f,r,n=y){const{context:s,zip215:c}=n,a=B.signature;e=q("signature",e,a),f=q("message",f),r=q("publicKey",r,B.publicKey),void 0!==c&&x(c,"zip215"),o&&(f=o(f));const d=a/2,u=e.subarray(0,d),l=R(e.subarray(d,a));let h,b,g;try{h=t.fromBytes(r,c),b=t.fromBytes(u,c),g=i.multiplyUnsafe(l)}catch(t){return!1}if(!c&&h.isSmallOrder())return!1;const m=p(s,b.toBytes(),h.toBytes(),f);return b.add(h.multiplyUnsafe(m)).subtract(g).clearCofactor().is0()},utils:E,Point:t,lengths:B})} /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ const oe=BigInt(0),ie=BigInt(1),se=BigInt(2);function ce(t){const f=(V(r=t,{adjustScalarBytes:"function",powPminus2:"function"}),Object.freeze({...r}));var r;const{P:n,type:o,adjustScalarBytes:i,powPminus2:s,randomBytes:c}=f,a="x25519"===o;if(!a&&"x448"!==o)throw Error("invalid type");const d=c||u,l=a?255:448,h=a?32:56,b=a?BigInt(9):BigInt(5),g=a?BigInt(121665):BigInt(39081),p=a?se**BigInt(254):se**BigInt(447),y=a?BigInt(8)*se**BigInt(251)-ie:BigInt(4)*se**BigInt(445)-ie,m=p+y+ie,B=t=>X(t,n),w=E(b);function E(t){return A(B(t),h)}function x(t,e){const f=function(t,e){K("u",t,oe,n),K("scalar",e,p,m);const f=e,r=t;let o=ie,i=oe,c=t,a=ie,d=oe;for(let t=BigInt(l-1);t>=oe;t--){const e=f>>t&ie;d^=e,({x_2:o,x_3:c}=I(d,o,c)),({x_2:i,x_3:a}=I(d,i,a)),d=e;const n=o+i,s=B(n*n),u=o-i,l=B(u*u),h=s-l,b=c+a,p=B((c-a)*n),y=B(b*u),m=p+y,w=p-y;c=B(m*m),a=B(r*B(w*w)),o=B(s*l),i=B(h*(s+B(g*h)))}({x_2:o,x_3:c}=I(d,o,c)),({x_2:i,x_3:a}=I(d,i,a));const u=s(i);return B(o*u)}(function(t){const e=q("u coordinate",t,h);return a&&(e[31]&=127),B(R(e))}(e),function(t){return R(i(q("scalar",t,h)))}(t));if(f===oe)throw Error("invalid private or public key received");return E(f)}function v(t){return x(t,w)}function I(t,e,f){const r=B(t*(e-f));return{x_2:e=B(e-r),x_3:f=B(f+r)}}const S={secretKey:h,publicKey:h,seed:h},O=(t=d(h))=>(e(t,S.seed),t);return{keygen:function(t){const e=O(t);return{secretKey:e,publicKey:v(e)}},getSharedSecret:(t,e)=>x(t,e),getPublicKey:t=>v(t),scalarMult:x,scalarMultBase:v,utils:{randomSecretKey:O,randomPrivateKey:O},GuBytes:w.slice(),lengths:S}} /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const ae={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),n:BigInt("0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3"),h:BigInt(4),a:BigInt(1),d:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff6756"),Gx:BigInt("0x4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e"),Gy:BigInt("0x693f46716eb6bc248876203756c9c7624bea73736ca3984087789c1e05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14")},de=Object.assign({},ae,{d:BigInt("0xd78b4bdc7f0daf19f24f38c29373a2ccad46157242a50f37809b1da3412a12e79ccc9c81264cfe9ad080997058fb61c4243cc32dbaa156b9"),Gx:BigInt("0x79a70b2b70400553ae7c9df416c792c61128751ac92969240c25a07d728bdc93e21f7787ed6972249de732f38496cd11698713093e9c04fc"),Gy:BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000000000000000000000000000000000000000000000000001")}),ue=/* @__PURE__ */g((()=>p.create({dkLen:114}))),le=BigInt(1),he=BigInt(2),be=BigInt(3);BigInt(4);const ge=BigInt(11),pe=BigInt(22),ye=BigInt(44),me=BigInt(88),Be=BigInt(223);function we(t){const e=ae.p,f=t*t*t%e,r=f*f*t%e,n=M(r,be,e)*r%e,o=M(n,be,e)*r%e,i=M(o,he,e)*f%e,s=M(i,ge,e)*i%e,c=M(s,pe,e)*s%e,a=M(c,ye,e)*c%e,d=M(a,me,e)*a%e,u=M(d,ye,e)*c%e,l=M(u,he,e)*f%e,h=M(l,le,e)*t%e;return M(h,Be,e)*l%e}function Ee(t){return t[0]&=252,t[55]|=128,t[56]=0,t}function xe(t,e){const f=ae.p,r=X(t*t*e,f),n=X(r*t,f),o=X(n*r*e,f),i=X(n*we(o),f),s=X(i*i,f);return{isValid:X(s*e,f)===t,value:i}}const ve=/* @__PURE__ */(()=>it(ae.p,{BITS:456,isLE:!0}))(),Ie=/* @__PURE__ */(()=>it(ae.n,{BITS:456,isLE:!0}))();function Se(t,e,f){if(e.length>255)throw Error("context must be smaller than 255, got: "+e.length);return n((r="SigEd448",Uint8Array.from(r,((t,e)=>{const f=t.charCodeAt(0);if(1!==t.length||f>127)throw Error(`string contains non-ASCII character "${r[e]}" with code ${f} at position ${e}`);return f}))),new Uint8Array([f?1:0,e.length]),e,t);var r}const Oe=function(t){const{CURVE:e,curveOpts:f,hash:r,eddsaOpts:n}=function(t){const e={a:t.a,d:t.d,p:t.Fp.ORDER,n:t.n,h:t.h,Gx:t.Gx,Gy:t.Gy},f={Fp:t.Fp,Fn:it(e.n,t.nBitLength,!0),uvRatio:t.uvRatio},r={randomBytes:t.randomBytes,adjustScalarBytes:t.adjustScalarBytes,domain:t.domain,prehash:t.prehash,mapToCurve:t.mapToCurve};return{CURVE:e,curveOpts:f,hash:t.hash,eddsaOpts:r}}(t);return function(t,e){const f=e.Point;return Object.assign({},e,{ExtendedPoint:f,CURVE:t,nBitLength:f.Fn.BITS,nByteLength:f.Fn.BYTES})}(t,ne(re(e,f),r,n))}(/* @__PURE__ */(()=>({...ae,Fp:ve,Fn:Ie,nBitLength:Ie.BITS,hash:ue,adjustScalarBytes:Ee,domain:Se,uvRatio:xe}))());re(de);const Re=/* @__PURE__ */(()=>{const t=ae.p;return ce({P:t,type:"x448",powPminus2:e=>X(M(we(e),he,t)*e,t),adjustScalarBytes:Ee})})(),Fe={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},Ae={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},qe=/* @__PURE__ */BigInt(2); /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Ze=it(Fe.p,{sqrt:function(t){const e=Fe.p,f=BigInt(3),r=BigInt(6),n=BigInt(11),o=BigInt(22),i=BigInt(23),s=BigInt(44),c=BigInt(88),a=t*t*t%e,d=a*a*t%e,u=M(d,f,e)*d%e,l=M(u,f,e)*d%e,h=M(l,qe,e)*a%e,b=M(h,n,e)*h%e,g=M(b,o,e)*b%e,p=M(g,s,e)*g%e,y=M(p,c,e)*p%e,m=M(y,s,e)*g%e,B=M(m,f,e)*d%e,w=M(B,i,e)*b%e,E=M(w,r,e)*a%e,x=M(E,qe,e);if(!Ze.eql(Ze.sqr(x),t))throw Error("Cannot find square root");return x}}),Pe=Ht({...Fe,Fp:Ze,lowS:!0,endo:Ae},l),Ke=it(BigInt("0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377")),Ne=Ht({a:Ke.create(BigInt("0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9")),b:BigInt("0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6"),Fp:Ke,n:BigInt("0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7"),Gx:BigInt("0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262"),Gy:BigInt("0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"),h:BigInt(1),lowS:!1},y),Ue=it(BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53")),Ve=Ht({a:Ue.create(BigInt("0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826")),b:BigInt("0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11"),Fp:Ue,n:BigInt("0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565"),Gx:BigInt("0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e"),Gy:BigInt("0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315"),h:BigInt(1),lowS:!1},m),Te=it(BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3")),Ce=Ht({a:Te.create(BigInt("0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca")),b:BigInt("0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723"),Fp:Te,n:BigInt("0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069"),Gx:BigInt("0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822"),Gy:BigInt("0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"),h:BigInt(1),lowS:!1},B),ke=new Map(Object.entries({nistP256:$t,nistP384:Wt,nistP521:Jt,brainpoolP256r1:Ne,brainpoolP384r1:Ve,brainpoolP512r1:Ce,secp256k1:Pe,x448:Re,ed448:Oe}));export{ke as nobleCurves}; //# sourceMappingURL=noble_curves.min.mjs.map