@atproto/crypto 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/did.d.ts +0 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.js +1885 -2533
- package/dist/index.js.map +4 -4
- package/dist/multibase.d.ts +2 -0
- package/dist/p256/keypair.d.ts +9 -9
- package/dist/p256/operations.d.ts +1 -3
- package/dist/random.d.ts +3 -2
- package/dist/secp256k1/operations.d.ts +1 -0
- package/dist/sha.d.ts +0 -2
- package/dist/types.d.ts +1 -0
- package/package.json +10 -7
- package/src/did.ts +4 -8
- package/src/index.ts +0 -1
- package/src/multibase.ts +27 -0
- package/src/p256/encoding.ts +5 -72
- package/src/p256/keypair.ts +25 -41
- package/src/p256/operations.ts +6 -45
- package/src/random.ts +15 -8
- package/src/secp256k1/encoding.ts +3 -5
- package/src/secp256k1/keypair.ts +7 -5
- package/src/secp256k1/operations.ts +12 -3
- package/src/sha.ts +2 -19
- package/src/types.ts +1 -0
- package/tests/did.test.ts +8 -22
- package/tests/key-compression.test.ts +3 -3
- package/tests/keypairs.test.ts +71 -0
- package/tests/signature-fixtures.json +34 -0
- package/tests/signatures.test.ts +161 -0
- package/tsconfig.build.tsbuildinfo +1 -0
- package/tsconfig.json +1 -4
- package/dist/const.d.ts +0 -5
- package/dist/p256/encoding.d.ts +0 -2
- package/dist/p256/plugin.d.ts +0 -3
- package/dist/plugins.d.ts +0 -2
- package/dist/secp256k1/encoding.d.ts +0 -2
- package/dist/secp256k1/keypair.d.ts +0 -20
- package/dist/secp256k1/plugin.d.ts +0 -3
- package/dist/src/aes.d.ts +0 -8
- package/dist/src/const.d.ts +0 -5
- package/dist/src/did.d.ts +0 -7
- package/dist/src/index.d.ts +0 -12
- package/dist/src/multibase.d.ts +0 -1
- package/dist/src/p256/ecdh.d.ts +0 -11
- package/dist/src/p256/ecdsa.d.ts +0 -19
- package/dist/src/p256/encoding.d.ts +0 -2
- package/dist/src/p256/keypair.d.ts +0 -19
- package/dist/src/p256/operations.d.ts +0 -4
- package/dist/src/p256/plugin.d.ts +0 -3
- package/dist/src/plugins.d.ts +0 -2
- package/dist/src/random.d.ts +0 -4
- package/dist/src/secp256k1/encoding.d.ts +0 -2
- package/dist/src/secp256k1/keypair.d.ts +0 -19
- package/dist/src/secp256k1/operations.d.ts +0 -1
- package/dist/src/secp256k1/plugin.d.ts +0 -3
- package/dist/src/sha.d.ts +0 -3
- package/dist/src/types.d.ts +0 -13
- package/dist/src/verify.d.ts +0 -1
- package/dist/verify.d.ts +0 -2
- package/src/aes.ts +0 -64
- package/tests/export.test.ts +0 -50
package/dist/index.js
CHANGED
|
@@ -5,9 +5,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
|
5
5
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
6
|
var __getProtoOf = Object.getPrototypeOf;
|
|
7
7
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
|
-
var __commonJS = (cb, mod2) => function __require() {
|
|
9
|
-
return mod2 || (0, cb[__getOwnPropNames(cb)[0]])((mod2 = { exports: {} }).exports, mod2), mod2.exports;
|
|
10
|
-
};
|
|
11
8
|
var __export = (target, all) => {
|
|
12
9
|
for (var name2 in all)
|
|
13
10
|
__defProp(target, name2, { get: all[name2], enumerable: true });
|
|
@@ -26,1404 +23,50 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
|
|
|
26
23
|
));
|
|
27
24
|
var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
|
|
28
25
|
|
|
29
|
-
// ../../node_modules/big-integer/BigInteger.js
|
|
30
|
-
var require_BigInteger = __commonJS({
|
|
31
|
-
"../../node_modules/big-integer/BigInteger.js"(exports, module2) {
|
|
32
|
-
var bigInt2 = function(undefined2) {
|
|
33
|
-
"use strict";
|
|
34
|
-
var BASE = 1e7, LOG_BASE = 7, MAX_INT = 9007199254740992, MAX_INT_ARR = smallToArray(MAX_INT), DEFAULT_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyz";
|
|
35
|
-
var supportsNativeBigInt = typeof BigInt === "function";
|
|
36
|
-
function Integer(v, radix, alphabet2, caseSensitive) {
|
|
37
|
-
if (typeof v === "undefined")
|
|
38
|
-
return Integer[0];
|
|
39
|
-
if (typeof radix !== "undefined")
|
|
40
|
-
return +radix === 10 && !alphabet2 ? parseValue(v) : parseBase(v, radix, alphabet2, caseSensitive);
|
|
41
|
-
return parseValue(v);
|
|
42
|
-
}
|
|
43
|
-
function BigInteger(value, sign2) {
|
|
44
|
-
this.value = value;
|
|
45
|
-
this.sign = sign2;
|
|
46
|
-
this.isSmall = false;
|
|
47
|
-
}
|
|
48
|
-
BigInteger.prototype = Object.create(Integer.prototype);
|
|
49
|
-
function SmallInteger(value) {
|
|
50
|
-
this.value = value;
|
|
51
|
-
this.sign = value < 0;
|
|
52
|
-
this.isSmall = true;
|
|
53
|
-
}
|
|
54
|
-
SmallInteger.prototype = Object.create(Integer.prototype);
|
|
55
|
-
function NativeBigInt(value) {
|
|
56
|
-
this.value = value;
|
|
57
|
-
}
|
|
58
|
-
NativeBigInt.prototype = Object.create(Integer.prototype);
|
|
59
|
-
function isPrecise(n) {
|
|
60
|
-
return -MAX_INT < n && n < MAX_INT;
|
|
61
|
-
}
|
|
62
|
-
function smallToArray(n) {
|
|
63
|
-
if (n < 1e7)
|
|
64
|
-
return [n];
|
|
65
|
-
if (n < 1e14)
|
|
66
|
-
return [n % 1e7, Math.floor(n / 1e7)];
|
|
67
|
-
return [n % 1e7, Math.floor(n / 1e7) % 1e7, Math.floor(n / 1e14)];
|
|
68
|
-
}
|
|
69
|
-
function arrayToSmall(arr) {
|
|
70
|
-
trim(arr);
|
|
71
|
-
var length2 = arr.length;
|
|
72
|
-
if (length2 < 4 && compareAbs(arr, MAX_INT_ARR) < 0) {
|
|
73
|
-
switch (length2) {
|
|
74
|
-
case 0:
|
|
75
|
-
return 0;
|
|
76
|
-
case 1:
|
|
77
|
-
return arr[0];
|
|
78
|
-
case 2:
|
|
79
|
-
return arr[0] + arr[1] * BASE;
|
|
80
|
-
default:
|
|
81
|
-
return arr[0] + (arr[1] + arr[2] * BASE) * BASE;
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
return arr;
|
|
85
|
-
}
|
|
86
|
-
function trim(v) {
|
|
87
|
-
var i2 = v.length;
|
|
88
|
-
while (v[--i2] === 0)
|
|
89
|
-
;
|
|
90
|
-
v.length = i2 + 1;
|
|
91
|
-
}
|
|
92
|
-
function createArray(length2) {
|
|
93
|
-
var x = new Array(length2);
|
|
94
|
-
var i2 = -1;
|
|
95
|
-
while (++i2 < length2) {
|
|
96
|
-
x[i2] = 0;
|
|
97
|
-
}
|
|
98
|
-
return x;
|
|
99
|
-
}
|
|
100
|
-
function truncate(n) {
|
|
101
|
-
if (n > 0)
|
|
102
|
-
return Math.floor(n);
|
|
103
|
-
return Math.ceil(n);
|
|
104
|
-
}
|
|
105
|
-
function add(a, b) {
|
|
106
|
-
var l_a = a.length, l_b = b.length, r = new Array(l_a), carry = 0, base3 = BASE, sum, i2;
|
|
107
|
-
for (i2 = 0; i2 < l_b; i2++) {
|
|
108
|
-
sum = a[i2] + b[i2] + carry;
|
|
109
|
-
carry = sum >= base3 ? 1 : 0;
|
|
110
|
-
r[i2] = sum - carry * base3;
|
|
111
|
-
}
|
|
112
|
-
while (i2 < l_a) {
|
|
113
|
-
sum = a[i2] + carry;
|
|
114
|
-
carry = sum === base3 ? 1 : 0;
|
|
115
|
-
r[i2++] = sum - carry * base3;
|
|
116
|
-
}
|
|
117
|
-
if (carry > 0)
|
|
118
|
-
r.push(carry);
|
|
119
|
-
return r;
|
|
120
|
-
}
|
|
121
|
-
function addAny(a, b) {
|
|
122
|
-
if (a.length >= b.length)
|
|
123
|
-
return add(a, b);
|
|
124
|
-
return add(b, a);
|
|
125
|
-
}
|
|
126
|
-
function addSmall(a, carry) {
|
|
127
|
-
var l = a.length, r = new Array(l), base3 = BASE, sum, i2;
|
|
128
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
129
|
-
sum = a[i2] - base3 + carry;
|
|
130
|
-
carry = Math.floor(sum / base3);
|
|
131
|
-
r[i2] = sum - carry * base3;
|
|
132
|
-
carry += 1;
|
|
133
|
-
}
|
|
134
|
-
while (carry > 0) {
|
|
135
|
-
r[i2++] = carry % base3;
|
|
136
|
-
carry = Math.floor(carry / base3);
|
|
137
|
-
}
|
|
138
|
-
return r;
|
|
139
|
-
}
|
|
140
|
-
BigInteger.prototype.add = function(v) {
|
|
141
|
-
var n = parseValue(v);
|
|
142
|
-
if (this.sign !== n.sign) {
|
|
143
|
-
return this.subtract(n.negate());
|
|
144
|
-
}
|
|
145
|
-
var a = this.value, b = n.value;
|
|
146
|
-
if (n.isSmall) {
|
|
147
|
-
return new BigInteger(addSmall(a, Math.abs(b)), this.sign);
|
|
148
|
-
}
|
|
149
|
-
return new BigInteger(addAny(a, b), this.sign);
|
|
150
|
-
};
|
|
151
|
-
BigInteger.prototype.plus = BigInteger.prototype.add;
|
|
152
|
-
SmallInteger.prototype.add = function(v) {
|
|
153
|
-
var n = parseValue(v);
|
|
154
|
-
var a = this.value;
|
|
155
|
-
if (a < 0 !== n.sign) {
|
|
156
|
-
return this.subtract(n.negate());
|
|
157
|
-
}
|
|
158
|
-
var b = n.value;
|
|
159
|
-
if (n.isSmall) {
|
|
160
|
-
if (isPrecise(a + b))
|
|
161
|
-
return new SmallInteger(a + b);
|
|
162
|
-
b = smallToArray(Math.abs(b));
|
|
163
|
-
}
|
|
164
|
-
return new BigInteger(addSmall(b, Math.abs(a)), a < 0);
|
|
165
|
-
};
|
|
166
|
-
SmallInteger.prototype.plus = SmallInteger.prototype.add;
|
|
167
|
-
NativeBigInt.prototype.add = function(v) {
|
|
168
|
-
return new NativeBigInt(this.value + parseValue(v).value);
|
|
169
|
-
};
|
|
170
|
-
NativeBigInt.prototype.plus = NativeBigInt.prototype.add;
|
|
171
|
-
function subtract(a, b) {
|
|
172
|
-
var a_l = a.length, b_l = b.length, r = new Array(a_l), borrow = 0, base3 = BASE, i2, difference;
|
|
173
|
-
for (i2 = 0; i2 < b_l; i2++) {
|
|
174
|
-
difference = a[i2] - borrow - b[i2];
|
|
175
|
-
if (difference < 0) {
|
|
176
|
-
difference += base3;
|
|
177
|
-
borrow = 1;
|
|
178
|
-
} else
|
|
179
|
-
borrow = 0;
|
|
180
|
-
r[i2] = difference;
|
|
181
|
-
}
|
|
182
|
-
for (i2 = b_l; i2 < a_l; i2++) {
|
|
183
|
-
difference = a[i2] - borrow;
|
|
184
|
-
if (difference < 0)
|
|
185
|
-
difference += base3;
|
|
186
|
-
else {
|
|
187
|
-
r[i2++] = difference;
|
|
188
|
-
break;
|
|
189
|
-
}
|
|
190
|
-
r[i2] = difference;
|
|
191
|
-
}
|
|
192
|
-
for (; i2 < a_l; i2++) {
|
|
193
|
-
r[i2] = a[i2];
|
|
194
|
-
}
|
|
195
|
-
trim(r);
|
|
196
|
-
return r;
|
|
197
|
-
}
|
|
198
|
-
function subtractAny(a, b, sign2) {
|
|
199
|
-
var value;
|
|
200
|
-
if (compareAbs(a, b) >= 0) {
|
|
201
|
-
value = subtract(a, b);
|
|
202
|
-
} else {
|
|
203
|
-
value = subtract(b, a);
|
|
204
|
-
sign2 = !sign2;
|
|
205
|
-
}
|
|
206
|
-
value = arrayToSmall(value);
|
|
207
|
-
if (typeof value === "number") {
|
|
208
|
-
if (sign2)
|
|
209
|
-
value = -value;
|
|
210
|
-
return new SmallInteger(value);
|
|
211
|
-
}
|
|
212
|
-
return new BigInteger(value, sign2);
|
|
213
|
-
}
|
|
214
|
-
function subtractSmall(a, b, sign2) {
|
|
215
|
-
var l = a.length, r = new Array(l), carry = -b, base3 = BASE, i2, difference;
|
|
216
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
217
|
-
difference = a[i2] + carry;
|
|
218
|
-
carry = Math.floor(difference / base3);
|
|
219
|
-
difference %= base3;
|
|
220
|
-
r[i2] = difference < 0 ? difference + base3 : difference;
|
|
221
|
-
}
|
|
222
|
-
r = arrayToSmall(r);
|
|
223
|
-
if (typeof r === "number") {
|
|
224
|
-
if (sign2)
|
|
225
|
-
r = -r;
|
|
226
|
-
return new SmallInteger(r);
|
|
227
|
-
}
|
|
228
|
-
return new BigInteger(r, sign2);
|
|
229
|
-
}
|
|
230
|
-
BigInteger.prototype.subtract = function(v) {
|
|
231
|
-
var n = parseValue(v);
|
|
232
|
-
if (this.sign !== n.sign) {
|
|
233
|
-
return this.add(n.negate());
|
|
234
|
-
}
|
|
235
|
-
var a = this.value, b = n.value;
|
|
236
|
-
if (n.isSmall)
|
|
237
|
-
return subtractSmall(a, Math.abs(b), this.sign);
|
|
238
|
-
return subtractAny(a, b, this.sign);
|
|
239
|
-
};
|
|
240
|
-
BigInteger.prototype.minus = BigInteger.prototype.subtract;
|
|
241
|
-
SmallInteger.prototype.subtract = function(v) {
|
|
242
|
-
var n = parseValue(v);
|
|
243
|
-
var a = this.value;
|
|
244
|
-
if (a < 0 !== n.sign) {
|
|
245
|
-
return this.add(n.negate());
|
|
246
|
-
}
|
|
247
|
-
var b = n.value;
|
|
248
|
-
if (n.isSmall) {
|
|
249
|
-
return new SmallInteger(a - b);
|
|
250
|
-
}
|
|
251
|
-
return subtractSmall(b, Math.abs(a), a >= 0);
|
|
252
|
-
};
|
|
253
|
-
SmallInteger.prototype.minus = SmallInteger.prototype.subtract;
|
|
254
|
-
NativeBigInt.prototype.subtract = function(v) {
|
|
255
|
-
return new NativeBigInt(this.value - parseValue(v).value);
|
|
256
|
-
};
|
|
257
|
-
NativeBigInt.prototype.minus = NativeBigInt.prototype.subtract;
|
|
258
|
-
BigInteger.prototype.negate = function() {
|
|
259
|
-
return new BigInteger(this.value, !this.sign);
|
|
260
|
-
};
|
|
261
|
-
SmallInteger.prototype.negate = function() {
|
|
262
|
-
var sign2 = this.sign;
|
|
263
|
-
var small = new SmallInteger(-this.value);
|
|
264
|
-
small.sign = !sign2;
|
|
265
|
-
return small;
|
|
266
|
-
};
|
|
267
|
-
NativeBigInt.prototype.negate = function() {
|
|
268
|
-
return new NativeBigInt(-this.value);
|
|
269
|
-
};
|
|
270
|
-
BigInteger.prototype.abs = function() {
|
|
271
|
-
return new BigInteger(this.value, false);
|
|
272
|
-
};
|
|
273
|
-
SmallInteger.prototype.abs = function() {
|
|
274
|
-
return new SmallInteger(Math.abs(this.value));
|
|
275
|
-
};
|
|
276
|
-
NativeBigInt.prototype.abs = function() {
|
|
277
|
-
return new NativeBigInt(this.value >= 0 ? this.value : -this.value);
|
|
278
|
-
};
|
|
279
|
-
function multiplyLong(a, b) {
|
|
280
|
-
var a_l = a.length, b_l = b.length, l = a_l + b_l, r = createArray(l), base3 = BASE, product, carry, i2, a_i, b_j;
|
|
281
|
-
for (i2 = 0; i2 < a_l; ++i2) {
|
|
282
|
-
a_i = a[i2];
|
|
283
|
-
for (var j = 0; j < b_l; ++j) {
|
|
284
|
-
b_j = b[j];
|
|
285
|
-
product = a_i * b_j + r[i2 + j];
|
|
286
|
-
carry = Math.floor(product / base3);
|
|
287
|
-
r[i2 + j] = product - carry * base3;
|
|
288
|
-
r[i2 + j + 1] += carry;
|
|
289
|
-
}
|
|
290
|
-
}
|
|
291
|
-
trim(r);
|
|
292
|
-
return r;
|
|
293
|
-
}
|
|
294
|
-
function multiplySmall(a, b) {
|
|
295
|
-
var l = a.length, r = new Array(l), base3 = BASE, carry = 0, product, i2;
|
|
296
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
297
|
-
product = a[i2] * b + carry;
|
|
298
|
-
carry = Math.floor(product / base3);
|
|
299
|
-
r[i2] = product - carry * base3;
|
|
300
|
-
}
|
|
301
|
-
while (carry > 0) {
|
|
302
|
-
r[i2++] = carry % base3;
|
|
303
|
-
carry = Math.floor(carry / base3);
|
|
304
|
-
}
|
|
305
|
-
return r;
|
|
306
|
-
}
|
|
307
|
-
function shiftLeft(x, n) {
|
|
308
|
-
var r = [];
|
|
309
|
-
while (n-- > 0)
|
|
310
|
-
r.push(0);
|
|
311
|
-
return r.concat(x);
|
|
312
|
-
}
|
|
313
|
-
function multiplyKaratsuba(x, y) {
|
|
314
|
-
var n = Math.max(x.length, y.length);
|
|
315
|
-
if (n <= 30)
|
|
316
|
-
return multiplyLong(x, y);
|
|
317
|
-
n = Math.ceil(n / 2);
|
|
318
|
-
var b = x.slice(n), a = x.slice(0, n), d = y.slice(n), c = y.slice(0, n);
|
|
319
|
-
var ac = multiplyKaratsuba(a, c), bd = multiplyKaratsuba(b, d), abcd = multiplyKaratsuba(addAny(a, b), addAny(c, d));
|
|
320
|
-
var product = addAny(addAny(ac, shiftLeft(subtract(subtract(abcd, ac), bd), n)), shiftLeft(bd, 2 * n));
|
|
321
|
-
trim(product);
|
|
322
|
-
return product;
|
|
323
|
-
}
|
|
324
|
-
function useKaratsuba(l1, l2) {
|
|
325
|
-
return -0.012 * l1 - 0.012 * l2 + 15e-6 * l1 * l2 > 0;
|
|
326
|
-
}
|
|
327
|
-
BigInteger.prototype.multiply = function(v) {
|
|
328
|
-
var n = parseValue(v), a = this.value, b = n.value, sign2 = this.sign !== n.sign, abs;
|
|
329
|
-
if (n.isSmall) {
|
|
330
|
-
if (b === 0)
|
|
331
|
-
return Integer[0];
|
|
332
|
-
if (b === 1)
|
|
333
|
-
return this;
|
|
334
|
-
if (b === -1)
|
|
335
|
-
return this.negate();
|
|
336
|
-
abs = Math.abs(b);
|
|
337
|
-
if (abs < BASE) {
|
|
338
|
-
return new BigInteger(multiplySmall(a, abs), sign2);
|
|
339
|
-
}
|
|
340
|
-
b = smallToArray(abs);
|
|
341
|
-
}
|
|
342
|
-
if (useKaratsuba(a.length, b.length))
|
|
343
|
-
return new BigInteger(multiplyKaratsuba(a, b), sign2);
|
|
344
|
-
return new BigInteger(multiplyLong(a, b), sign2);
|
|
345
|
-
};
|
|
346
|
-
BigInteger.prototype.times = BigInteger.prototype.multiply;
|
|
347
|
-
function multiplySmallAndArray(a, b, sign2) {
|
|
348
|
-
if (a < BASE) {
|
|
349
|
-
return new BigInteger(multiplySmall(b, a), sign2);
|
|
350
|
-
}
|
|
351
|
-
return new BigInteger(multiplyLong(b, smallToArray(a)), sign2);
|
|
352
|
-
}
|
|
353
|
-
SmallInteger.prototype._multiplyBySmall = function(a) {
|
|
354
|
-
if (isPrecise(a.value * this.value)) {
|
|
355
|
-
return new SmallInteger(a.value * this.value);
|
|
356
|
-
}
|
|
357
|
-
return multiplySmallAndArray(Math.abs(a.value), smallToArray(Math.abs(this.value)), this.sign !== a.sign);
|
|
358
|
-
};
|
|
359
|
-
BigInteger.prototype._multiplyBySmall = function(a) {
|
|
360
|
-
if (a.value === 0)
|
|
361
|
-
return Integer[0];
|
|
362
|
-
if (a.value === 1)
|
|
363
|
-
return this;
|
|
364
|
-
if (a.value === -1)
|
|
365
|
-
return this.negate();
|
|
366
|
-
return multiplySmallAndArray(Math.abs(a.value), this.value, this.sign !== a.sign);
|
|
367
|
-
};
|
|
368
|
-
SmallInteger.prototype.multiply = function(v) {
|
|
369
|
-
return parseValue(v)._multiplyBySmall(this);
|
|
370
|
-
};
|
|
371
|
-
SmallInteger.prototype.times = SmallInteger.prototype.multiply;
|
|
372
|
-
NativeBigInt.prototype.multiply = function(v) {
|
|
373
|
-
return new NativeBigInt(this.value * parseValue(v).value);
|
|
374
|
-
};
|
|
375
|
-
NativeBigInt.prototype.times = NativeBigInt.prototype.multiply;
|
|
376
|
-
function square(a) {
|
|
377
|
-
var l = a.length, r = createArray(l + l), base3 = BASE, product, carry, i2, a_i, a_j;
|
|
378
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
379
|
-
a_i = a[i2];
|
|
380
|
-
carry = 0 - a_i * a_i;
|
|
381
|
-
for (var j = i2; j < l; j++) {
|
|
382
|
-
a_j = a[j];
|
|
383
|
-
product = 2 * (a_i * a_j) + r[i2 + j] + carry;
|
|
384
|
-
carry = Math.floor(product / base3);
|
|
385
|
-
r[i2 + j] = product - carry * base3;
|
|
386
|
-
}
|
|
387
|
-
r[i2 + l] = carry;
|
|
388
|
-
}
|
|
389
|
-
trim(r);
|
|
390
|
-
return r;
|
|
391
|
-
}
|
|
392
|
-
BigInteger.prototype.square = function() {
|
|
393
|
-
return new BigInteger(square(this.value), false);
|
|
394
|
-
};
|
|
395
|
-
SmallInteger.prototype.square = function() {
|
|
396
|
-
var value = this.value * this.value;
|
|
397
|
-
if (isPrecise(value))
|
|
398
|
-
return new SmallInteger(value);
|
|
399
|
-
return new BigInteger(square(smallToArray(Math.abs(this.value))), false);
|
|
400
|
-
};
|
|
401
|
-
NativeBigInt.prototype.square = function(v) {
|
|
402
|
-
return new NativeBigInt(this.value * this.value);
|
|
403
|
-
};
|
|
404
|
-
function divMod1(a, b) {
|
|
405
|
-
var a_l = a.length, b_l = b.length, base3 = BASE, result = createArray(b.length), divisorMostSignificantDigit = b[b_l - 1], lambda = Math.ceil(base3 / (2 * divisorMostSignificantDigit)), remainder = multiplySmall(a, lambda), divisor = multiplySmall(b, lambda), quotientDigit, shift, carry, borrow, i2, l, q;
|
|
406
|
-
if (remainder.length <= a_l)
|
|
407
|
-
remainder.push(0);
|
|
408
|
-
divisor.push(0);
|
|
409
|
-
divisorMostSignificantDigit = divisor[b_l - 1];
|
|
410
|
-
for (shift = a_l - b_l; shift >= 0; shift--) {
|
|
411
|
-
quotientDigit = base3 - 1;
|
|
412
|
-
if (remainder[shift + b_l] !== divisorMostSignificantDigit) {
|
|
413
|
-
quotientDigit = Math.floor((remainder[shift + b_l] * base3 + remainder[shift + b_l - 1]) / divisorMostSignificantDigit);
|
|
414
|
-
}
|
|
415
|
-
carry = 0;
|
|
416
|
-
borrow = 0;
|
|
417
|
-
l = divisor.length;
|
|
418
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
419
|
-
carry += quotientDigit * divisor[i2];
|
|
420
|
-
q = Math.floor(carry / base3);
|
|
421
|
-
borrow += remainder[shift + i2] - (carry - q * base3);
|
|
422
|
-
carry = q;
|
|
423
|
-
if (borrow < 0) {
|
|
424
|
-
remainder[shift + i2] = borrow + base3;
|
|
425
|
-
borrow = -1;
|
|
426
|
-
} else {
|
|
427
|
-
remainder[shift + i2] = borrow;
|
|
428
|
-
borrow = 0;
|
|
429
|
-
}
|
|
430
|
-
}
|
|
431
|
-
while (borrow !== 0) {
|
|
432
|
-
quotientDigit -= 1;
|
|
433
|
-
carry = 0;
|
|
434
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
435
|
-
carry += remainder[shift + i2] - base3 + divisor[i2];
|
|
436
|
-
if (carry < 0) {
|
|
437
|
-
remainder[shift + i2] = carry + base3;
|
|
438
|
-
carry = 0;
|
|
439
|
-
} else {
|
|
440
|
-
remainder[shift + i2] = carry;
|
|
441
|
-
carry = 1;
|
|
442
|
-
}
|
|
443
|
-
}
|
|
444
|
-
borrow += carry;
|
|
445
|
-
}
|
|
446
|
-
result[shift] = quotientDigit;
|
|
447
|
-
}
|
|
448
|
-
remainder = divModSmall(remainder, lambda)[0];
|
|
449
|
-
return [arrayToSmall(result), arrayToSmall(remainder)];
|
|
450
|
-
}
|
|
451
|
-
function divMod2(a, b) {
|
|
452
|
-
var a_l = a.length, b_l = b.length, result = [], part = [], base3 = BASE, guess, xlen, highx, highy, check;
|
|
453
|
-
while (a_l) {
|
|
454
|
-
part.unshift(a[--a_l]);
|
|
455
|
-
trim(part);
|
|
456
|
-
if (compareAbs(part, b) < 0) {
|
|
457
|
-
result.push(0);
|
|
458
|
-
continue;
|
|
459
|
-
}
|
|
460
|
-
xlen = part.length;
|
|
461
|
-
highx = part[xlen - 1] * base3 + part[xlen - 2];
|
|
462
|
-
highy = b[b_l - 1] * base3 + b[b_l - 2];
|
|
463
|
-
if (xlen > b_l) {
|
|
464
|
-
highx = (highx + 1) * base3;
|
|
465
|
-
}
|
|
466
|
-
guess = Math.ceil(highx / highy);
|
|
467
|
-
do {
|
|
468
|
-
check = multiplySmall(b, guess);
|
|
469
|
-
if (compareAbs(check, part) <= 0)
|
|
470
|
-
break;
|
|
471
|
-
guess--;
|
|
472
|
-
} while (guess);
|
|
473
|
-
result.push(guess);
|
|
474
|
-
part = subtract(part, check);
|
|
475
|
-
}
|
|
476
|
-
result.reverse();
|
|
477
|
-
return [arrayToSmall(result), arrayToSmall(part)];
|
|
478
|
-
}
|
|
479
|
-
function divModSmall(value, lambda) {
|
|
480
|
-
var length2 = value.length, quotient = createArray(length2), base3 = BASE, i2, q, remainder, divisor;
|
|
481
|
-
remainder = 0;
|
|
482
|
-
for (i2 = length2 - 1; i2 >= 0; --i2) {
|
|
483
|
-
divisor = remainder * base3 + value[i2];
|
|
484
|
-
q = truncate(divisor / lambda);
|
|
485
|
-
remainder = divisor - q * lambda;
|
|
486
|
-
quotient[i2] = q | 0;
|
|
487
|
-
}
|
|
488
|
-
return [quotient, remainder | 0];
|
|
489
|
-
}
|
|
490
|
-
function divModAny(self2, v) {
|
|
491
|
-
var value, n = parseValue(v);
|
|
492
|
-
if (supportsNativeBigInt) {
|
|
493
|
-
return [new NativeBigInt(self2.value / n.value), new NativeBigInt(self2.value % n.value)];
|
|
494
|
-
}
|
|
495
|
-
var a = self2.value, b = n.value;
|
|
496
|
-
var quotient;
|
|
497
|
-
if (b === 0)
|
|
498
|
-
throw new Error("Cannot divide by zero");
|
|
499
|
-
if (self2.isSmall) {
|
|
500
|
-
if (n.isSmall) {
|
|
501
|
-
return [new SmallInteger(truncate(a / b)), new SmallInteger(a % b)];
|
|
502
|
-
}
|
|
503
|
-
return [Integer[0], self2];
|
|
504
|
-
}
|
|
505
|
-
if (n.isSmall) {
|
|
506
|
-
if (b === 1)
|
|
507
|
-
return [self2, Integer[0]];
|
|
508
|
-
if (b == -1)
|
|
509
|
-
return [self2.negate(), Integer[0]];
|
|
510
|
-
var abs = Math.abs(b);
|
|
511
|
-
if (abs < BASE) {
|
|
512
|
-
value = divModSmall(a, abs);
|
|
513
|
-
quotient = arrayToSmall(value[0]);
|
|
514
|
-
var remainder = value[1];
|
|
515
|
-
if (self2.sign)
|
|
516
|
-
remainder = -remainder;
|
|
517
|
-
if (typeof quotient === "number") {
|
|
518
|
-
if (self2.sign !== n.sign)
|
|
519
|
-
quotient = -quotient;
|
|
520
|
-
return [new SmallInteger(quotient), new SmallInteger(remainder)];
|
|
521
|
-
}
|
|
522
|
-
return [new BigInteger(quotient, self2.sign !== n.sign), new SmallInteger(remainder)];
|
|
523
|
-
}
|
|
524
|
-
b = smallToArray(abs);
|
|
525
|
-
}
|
|
526
|
-
var comparison = compareAbs(a, b);
|
|
527
|
-
if (comparison === -1)
|
|
528
|
-
return [Integer[0], self2];
|
|
529
|
-
if (comparison === 0)
|
|
530
|
-
return [Integer[self2.sign === n.sign ? 1 : -1], Integer[0]];
|
|
531
|
-
if (a.length + b.length <= 200)
|
|
532
|
-
value = divMod1(a, b);
|
|
533
|
-
else
|
|
534
|
-
value = divMod2(a, b);
|
|
535
|
-
quotient = value[0];
|
|
536
|
-
var qSign = self2.sign !== n.sign, mod2 = value[1], mSign = self2.sign;
|
|
537
|
-
if (typeof quotient === "number") {
|
|
538
|
-
if (qSign)
|
|
539
|
-
quotient = -quotient;
|
|
540
|
-
quotient = new SmallInteger(quotient);
|
|
541
|
-
} else
|
|
542
|
-
quotient = new BigInteger(quotient, qSign);
|
|
543
|
-
if (typeof mod2 === "number") {
|
|
544
|
-
if (mSign)
|
|
545
|
-
mod2 = -mod2;
|
|
546
|
-
mod2 = new SmallInteger(mod2);
|
|
547
|
-
} else
|
|
548
|
-
mod2 = new BigInteger(mod2, mSign);
|
|
549
|
-
return [quotient, mod2];
|
|
550
|
-
}
|
|
551
|
-
BigInteger.prototype.divmod = function(v) {
|
|
552
|
-
var result = divModAny(this, v);
|
|
553
|
-
return {
|
|
554
|
-
quotient: result[0],
|
|
555
|
-
remainder: result[1]
|
|
556
|
-
};
|
|
557
|
-
};
|
|
558
|
-
NativeBigInt.prototype.divmod = SmallInteger.prototype.divmod = BigInteger.prototype.divmod;
|
|
559
|
-
BigInteger.prototype.divide = function(v) {
|
|
560
|
-
return divModAny(this, v)[0];
|
|
561
|
-
};
|
|
562
|
-
NativeBigInt.prototype.over = NativeBigInt.prototype.divide = function(v) {
|
|
563
|
-
return new NativeBigInt(this.value / parseValue(v).value);
|
|
564
|
-
};
|
|
565
|
-
SmallInteger.prototype.over = SmallInteger.prototype.divide = BigInteger.prototype.over = BigInteger.prototype.divide;
|
|
566
|
-
BigInteger.prototype.mod = function(v) {
|
|
567
|
-
return divModAny(this, v)[1];
|
|
568
|
-
};
|
|
569
|
-
NativeBigInt.prototype.mod = NativeBigInt.prototype.remainder = function(v) {
|
|
570
|
-
return new NativeBigInt(this.value % parseValue(v).value);
|
|
571
|
-
};
|
|
572
|
-
SmallInteger.prototype.remainder = SmallInteger.prototype.mod = BigInteger.prototype.remainder = BigInteger.prototype.mod;
|
|
573
|
-
BigInteger.prototype.pow = function(v) {
|
|
574
|
-
var n = parseValue(v), a = this.value, b = n.value, value, x, y;
|
|
575
|
-
if (b === 0)
|
|
576
|
-
return Integer[1];
|
|
577
|
-
if (a === 0)
|
|
578
|
-
return Integer[0];
|
|
579
|
-
if (a === 1)
|
|
580
|
-
return Integer[1];
|
|
581
|
-
if (a === -1)
|
|
582
|
-
return n.isEven() ? Integer[1] : Integer[-1];
|
|
583
|
-
if (n.sign) {
|
|
584
|
-
return Integer[0];
|
|
585
|
-
}
|
|
586
|
-
if (!n.isSmall)
|
|
587
|
-
throw new Error("The exponent " + n.toString() + " is too large.");
|
|
588
|
-
if (this.isSmall) {
|
|
589
|
-
if (isPrecise(value = Math.pow(a, b)))
|
|
590
|
-
return new SmallInteger(truncate(value));
|
|
591
|
-
}
|
|
592
|
-
x = this;
|
|
593
|
-
y = Integer[1];
|
|
594
|
-
while (true) {
|
|
595
|
-
if (b & true) {
|
|
596
|
-
y = y.times(x);
|
|
597
|
-
--b;
|
|
598
|
-
}
|
|
599
|
-
if (b === 0)
|
|
600
|
-
break;
|
|
601
|
-
b /= 2;
|
|
602
|
-
x = x.square();
|
|
603
|
-
}
|
|
604
|
-
return y;
|
|
605
|
-
};
|
|
606
|
-
SmallInteger.prototype.pow = BigInteger.prototype.pow;
|
|
607
|
-
NativeBigInt.prototype.pow = function(v) {
|
|
608
|
-
var n = parseValue(v);
|
|
609
|
-
var a = this.value, b = n.value;
|
|
610
|
-
var _0 = BigInt(0), _1 = BigInt(1), _2 = BigInt(2);
|
|
611
|
-
if (b === _0)
|
|
612
|
-
return Integer[1];
|
|
613
|
-
if (a === _0)
|
|
614
|
-
return Integer[0];
|
|
615
|
-
if (a === _1)
|
|
616
|
-
return Integer[1];
|
|
617
|
-
if (a === BigInt(-1))
|
|
618
|
-
return n.isEven() ? Integer[1] : Integer[-1];
|
|
619
|
-
if (n.isNegative())
|
|
620
|
-
return new NativeBigInt(_0);
|
|
621
|
-
var x = this;
|
|
622
|
-
var y = Integer[1];
|
|
623
|
-
while (true) {
|
|
624
|
-
if ((b & _1) === _1) {
|
|
625
|
-
y = y.times(x);
|
|
626
|
-
--b;
|
|
627
|
-
}
|
|
628
|
-
if (b === _0)
|
|
629
|
-
break;
|
|
630
|
-
b /= _2;
|
|
631
|
-
x = x.square();
|
|
632
|
-
}
|
|
633
|
-
return y;
|
|
634
|
-
};
|
|
635
|
-
BigInteger.prototype.modPow = function(exp, mod2) {
|
|
636
|
-
exp = parseValue(exp);
|
|
637
|
-
mod2 = parseValue(mod2);
|
|
638
|
-
if (mod2.isZero())
|
|
639
|
-
throw new Error("Cannot take modPow with modulus 0");
|
|
640
|
-
var r = Integer[1], base3 = this.mod(mod2);
|
|
641
|
-
if (exp.isNegative()) {
|
|
642
|
-
exp = exp.multiply(Integer[-1]);
|
|
643
|
-
base3 = base3.modInv(mod2);
|
|
644
|
-
}
|
|
645
|
-
while (exp.isPositive()) {
|
|
646
|
-
if (base3.isZero())
|
|
647
|
-
return Integer[0];
|
|
648
|
-
if (exp.isOdd())
|
|
649
|
-
r = r.multiply(base3).mod(mod2);
|
|
650
|
-
exp = exp.divide(2);
|
|
651
|
-
base3 = base3.square().mod(mod2);
|
|
652
|
-
}
|
|
653
|
-
return r;
|
|
654
|
-
};
|
|
655
|
-
NativeBigInt.prototype.modPow = SmallInteger.prototype.modPow = BigInteger.prototype.modPow;
|
|
656
|
-
function compareAbs(a, b) {
|
|
657
|
-
if (a.length !== b.length) {
|
|
658
|
-
return a.length > b.length ? 1 : -1;
|
|
659
|
-
}
|
|
660
|
-
for (var i2 = a.length - 1; i2 >= 0; i2--) {
|
|
661
|
-
if (a[i2] !== b[i2])
|
|
662
|
-
return a[i2] > b[i2] ? 1 : -1;
|
|
663
|
-
}
|
|
664
|
-
return 0;
|
|
665
|
-
}
|
|
666
|
-
BigInteger.prototype.compareAbs = function(v) {
|
|
667
|
-
var n = parseValue(v), a = this.value, b = n.value;
|
|
668
|
-
if (n.isSmall)
|
|
669
|
-
return 1;
|
|
670
|
-
return compareAbs(a, b);
|
|
671
|
-
};
|
|
672
|
-
SmallInteger.prototype.compareAbs = function(v) {
|
|
673
|
-
var n = parseValue(v), a = Math.abs(this.value), b = n.value;
|
|
674
|
-
if (n.isSmall) {
|
|
675
|
-
b = Math.abs(b);
|
|
676
|
-
return a === b ? 0 : a > b ? 1 : -1;
|
|
677
|
-
}
|
|
678
|
-
return -1;
|
|
679
|
-
};
|
|
680
|
-
NativeBigInt.prototype.compareAbs = function(v) {
|
|
681
|
-
var a = this.value;
|
|
682
|
-
var b = parseValue(v).value;
|
|
683
|
-
a = a >= 0 ? a : -a;
|
|
684
|
-
b = b >= 0 ? b : -b;
|
|
685
|
-
return a === b ? 0 : a > b ? 1 : -1;
|
|
686
|
-
};
|
|
687
|
-
BigInteger.prototype.compare = function(v) {
|
|
688
|
-
if (v === Infinity) {
|
|
689
|
-
return -1;
|
|
690
|
-
}
|
|
691
|
-
if (v === -Infinity) {
|
|
692
|
-
return 1;
|
|
693
|
-
}
|
|
694
|
-
var n = parseValue(v), a = this.value, b = n.value;
|
|
695
|
-
if (this.sign !== n.sign) {
|
|
696
|
-
return n.sign ? 1 : -1;
|
|
697
|
-
}
|
|
698
|
-
if (n.isSmall) {
|
|
699
|
-
return this.sign ? -1 : 1;
|
|
700
|
-
}
|
|
701
|
-
return compareAbs(a, b) * (this.sign ? -1 : 1);
|
|
702
|
-
};
|
|
703
|
-
BigInteger.prototype.compareTo = BigInteger.prototype.compare;
|
|
704
|
-
SmallInteger.prototype.compare = function(v) {
|
|
705
|
-
if (v === Infinity) {
|
|
706
|
-
return -1;
|
|
707
|
-
}
|
|
708
|
-
if (v === -Infinity) {
|
|
709
|
-
return 1;
|
|
710
|
-
}
|
|
711
|
-
var n = parseValue(v), a = this.value, b = n.value;
|
|
712
|
-
if (n.isSmall) {
|
|
713
|
-
return a == b ? 0 : a > b ? 1 : -1;
|
|
714
|
-
}
|
|
715
|
-
if (a < 0 !== n.sign) {
|
|
716
|
-
return a < 0 ? -1 : 1;
|
|
717
|
-
}
|
|
718
|
-
return a < 0 ? 1 : -1;
|
|
719
|
-
};
|
|
720
|
-
SmallInteger.prototype.compareTo = SmallInteger.prototype.compare;
|
|
721
|
-
NativeBigInt.prototype.compare = function(v) {
|
|
722
|
-
if (v === Infinity) {
|
|
723
|
-
return -1;
|
|
724
|
-
}
|
|
725
|
-
if (v === -Infinity) {
|
|
726
|
-
return 1;
|
|
727
|
-
}
|
|
728
|
-
var a = this.value;
|
|
729
|
-
var b = parseValue(v).value;
|
|
730
|
-
return a === b ? 0 : a > b ? 1 : -1;
|
|
731
|
-
};
|
|
732
|
-
NativeBigInt.prototype.compareTo = NativeBigInt.prototype.compare;
|
|
733
|
-
BigInteger.prototype.equals = function(v) {
|
|
734
|
-
return this.compare(v) === 0;
|
|
735
|
-
};
|
|
736
|
-
NativeBigInt.prototype.eq = NativeBigInt.prototype.equals = SmallInteger.prototype.eq = SmallInteger.prototype.equals = BigInteger.prototype.eq = BigInteger.prototype.equals;
|
|
737
|
-
BigInteger.prototype.notEquals = function(v) {
|
|
738
|
-
return this.compare(v) !== 0;
|
|
739
|
-
};
|
|
740
|
-
NativeBigInt.prototype.neq = NativeBigInt.prototype.notEquals = SmallInteger.prototype.neq = SmallInteger.prototype.notEquals = BigInteger.prototype.neq = BigInteger.prototype.notEquals;
|
|
741
|
-
BigInteger.prototype.greater = function(v) {
|
|
742
|
-
return this.compare(v) > 0;
|
|
743
|
-
};
|
|
744
|
-
NativeBigInt.prototype.gt = NativeBigInt.prototype.greater = SmallInteger.prototype.gt = SmallInteger.prototype.greater = BigInteger.prototype.gt = BigInteger.prototype.greater;
|
|
745
|
-
BigInteger.prototype.lesser = function(v) {
|
|
746
|
-
return this.compare(v) < 0;
|
|
747
|
-
};
|
|
748
|
-
NativeBigInt.prototype.lt = NativeBigInt.prototype.lesser = SmallInteger.prototype.lt = SmallInteger.prototype.lesser = BigInteger.prototype.lt = BigInteger.prototype.lesser;
|
|
749
|
-
BigInteger.prototype.greaterOrEquals = function(v) {
|
|
750
|
-
return this.compare(v) >= 0;
|
|
751
|
-
};
|
|
752
|
-
NativeBigInt.prototype.geq = NativeBigInt.prototype.greaterOrEquals = SmallInteger.prototype.geq = SmallInteger.prototype.greaterOrEquals = BigInteger.prototype.geq = BigInteger.prototype.greaterOrEquals;
|
|
753
|
-
BigInteger.prototype.lesserOrEquals = function(v) {
|
|
754
|
-
return this.compare(v) <= 0;
|
|
755
|
-
};
|
|
756
|
-
NativeBigInt.prototype.leq = NativeBigInt.prototype.lesserOrEquals = SmallInteger.prototype.leq = SmallInteger.prototype.lesserOrEquals = BigInteger.prototype.leq = BigInteger.prototype.lesserOrEquals;
|
|
757
|
-
BigInteger.prototype.isEven = function() {
|
|
758
|
-
return (this.value[0] & 1) === 0;
|
|
759
|
-
};
|
|
760
|
-
SmallInteger.prototype.isEven = function() {
|
|
761
|
-
return (this.value & 1) === 0;
|
|
762
|
-
};
|
|
763
|
-
NativeBigInt.prototype.isEven = function() {
|
|
764
|
-
return (this.value & BigInt(1)) === BigInt(0);
|
|
765
|
-
};
|
|
766
|
-
BigInteger.prototype.isOdd = function() {
|
|
767
|
-
return (this.value[0] & 1) === 1;
|
|
768
|
-
};
|
|
769
|
-
SmallInteger.prototype.isOdd = function() {
|
|
770
|
-
return (this.value & 1) === 1;
|
|
771
|
-
};
|
|
772
|
-
NativeBigInt.prototype.isOdd = function() {
|
|
773
|
-
return (this.value & BigInt(1)) === BigInt(1);
|
|
774
|
-
};
|
|
775
|
-
BigInteger.prototype.isPositive = function() {
|
|
776
|
-
return !this.sign;
|
|
777
|
-
};
|
|
778
|
-
SmallInteger.prototype.isPositive = function() {
|
|
779
|
-
return this.value > 0;
|
|
780
|
-
};
|
|
781
|
-
NativeBigInt.prototype.isPositive = SmallInteger.prototype.isPositive;
|
|
782
|
-
BigInteger.prototype.isNegative = function() {
|
|
783
|
-
return this.sign;
|
|
784
|
-
};
|
|
785
|
-
SmallInteger.prototype.isNegative = function() {
|
|
786
|
-
return this.value < 0;
|
|
787
|
-
};
|
|
788
|
-
NativeBigInt.prototype.isNegative = SmallInteger.prototype.isNegative;
|
|
789
|
-
BigInteger.prototype.isUnit = function() {
|
|
790
|
-
return false;
|
|
791
|
-
};
|
|
792
|
-
SmallInteger.prototype.isUnit = function() {
|
|
793
|
-
return Math.abs(this.value) === 1;
|
|
794
|
-
};
|
|
795
|
-
NativeBigInt.prototype.isUnit = function() {
|
|
796
|
-
return this.abs().value === BigInt(1);
|
|
797
|
-
};
|
|
798
|
-
BigInteger.prototype.isZero = function() {
|
|
799
|
-
return false;
|
|
800
|
-
};
|
|
801
|
-
SmallInteger.prototype.isZero = function() {
|
|
802
|
-
return this.value === 0;
|
|
803
|
-
};
|
|
804
|
-
NativeBigInt.prototype.isZero = function() {
|
|
805
|
-
return this.value === BigInt(0);
|
|
806
|
-
};
|
|
807
|
-
BigInteger.prototype.isDivisibleBy = function(v) {
|
|
808
|
-
var n = parseValue(v);
|
|
809
|
-
if (n.isZero())
|
|
810
|
-
return false;
|
|
811
|
-
if (n.isUnit())
|
|
812
|
-
return true;
|
|
813
|
-
if (n.compareAbs(2) === 0)
|
|
814
|
-
return this.isEven();
|
|
815
|
-
return this.mod(n).isZero();
|
|
816
|
-
};
|
|
817
|
-
NativeBigInt.prototype.isDivisibleBy = SmallInteger.prototype.isDivisibleBy = BigInteger.prototype.isDivisibleBy;
|
|
818
|
-
function isBasicPrime(v) {
|
|
819
|
-
var n = v.abs();
|
|
820
|
-
if (n.isUnit())
|
|
821
|
-
return false;
|
|
822
|
-
if (n.equals(2) || n.equals(3) || n.equals(5))
|
|
823
|
-
return true;
|
|
824
|
-
if (n.isEven() || n.isDivisibleBy(3) || n.isDivisibleBy(5))
|
|
825
|
-
return false;
|
|
826
|
-
if (n.lesser(49))
|
|
827
|
-
return true;
|
|
828
|
-
}
|
|
829
|
-
function millerRabinTest(n, a) {
|
|
830
|
-
var nPrev = n.prev(), b = nPrev, r = 0, d, t, i2, x;
|
|
831
|
-
while (b.isEven())
|
|
832
|
-
b = b.divide(2), r++;
|
|
833
|
-
next:
|
|
834
|
-
for (i2 = 0; i2 < a.length; i2++) {
|
|
835
|
-
if (n.lesser(a[i2]))
|
|
836
|
-
continue;
|
|
837
|
-
x = bigInt2(a[i2]).modPow(b, n);
|
|
838
|
-
if (x.isUnit() || x.equals(nPrev))
|
|
839
|
-
continue;
|
|
840
|
-
for (d = r - 1; d != 0; d--) {
|
|
841
|
-
x = x.square().mod(n);
|
|
842
|
-
if (x.isUnit())
|
|
843
|
-
return false;
|
|
844
|
-
if (x.equals(nPrev))
|
|
845
|
-
continue next;
|
|
846
|
-
}
|
|
847
|
-
return false;
|
|
848
|
-
}
|
|
849
|
-
return true;
|
|
850
|
-
}
|
|
851
|
-
BigInteger.prototype.isPrime = function(strict) {
|
|
852
|
-
var isPrime = isBasicPrime(this);
|
|
853
|
-
if (isPrime !== undefined2)
|
|
854
|
-
return isPrime;
|
|
855
|
-
var n = this.abs();
|
|
856
|
-
var bits = n.bitLength();
|
|
857
|
-
if (bits <= 64)
|
|
858
|
-
return millerRabinTest(n, [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37]);
|
|
859
|
-
var logN = Math.log(2) * bits.toJSNumber();
|
|
860
|
-
var t = Math.ceil(strict === true ? 2 * Math.pow(logN, 2) : logN);
|
|
861
|
-
for (var a = [], i2 = 0; i2 < t; i2++) {
|
|
862
|
-
a.push(bigInt2(i2 + 2));
|
|
863
|
-
}
|
|
864
|
-
return millerRabinTest(n, a);
|
|
865
|
-
};
|
|
866
|
-
NativeBigInt.prototype.isPrime = SmallInteger.prototype.isPrime = BigInteger.prototype.isPrime;
|
|
867
|
-
BigInteger.prototype.isProbablePrime = function(iterations, rng) {
|
|
868
|
-
var isPrime = isBasicPrime(this);
|
|
869
|
-
if (isPrime !== undefined2)
|
|
870
|
-
return isPrime;
|
|
871
|
-
var n = this.abs();
|
|
872
|
-
var t = iterations === undefined2 ? 5 : iterations;
|
|
873
|
-
for (var a = [], i2 = 0; i2 < t; i2++) {
|
|
874
|
-
a.push(bigInt2.randBetween(2, n.minus(2), rng));
|
|
875
|
-
}
|
|
876
|
-
return millerRabinTest(n, a);
|
|
877
|
-
};
|
|
878
|
-
NativeBigInt.prototype.isProbablePrime = SmallInteger.prototype.isProbablePrime = BigInteger.prototype.isProbablePrime;
|
|
879
|
-
BigInteger.prototype.modInv = function(n) {
|
|
880
|
-
var t = bigInt2.zero, newT = bigInt2.one, r = parseValue(n), newR = this.abs(), q, lastT, lastR;
|
|
881
|
-
while (!newR.isZero()) {
|
|
882
|
-
q = r.divide(newR);
|
|
883
|
-
lastT = t;
|
|
884
|
-
lastR = r;
|
|
885
|
-
t = newT;
|
|
886
|
-
r = newR;
|
|
887
|
-
newT = lastT.subtract(q.multiply(newT));
|
|
888
|
-
newR = lastR.subtract(q.multiply(newR));
|
|
889
|
-
}
|
|
890
|
-
if (!r.isUnit())
|
|
891
|
-
throw new Error(this.toString() + " and " + n.toString() + " are not co-prime");
|
|
892
|
-
if (t.compare(0) === -1) {
|
|
893
|
-
t = t.add(n);
|
|
894
|
-
}
|
|
895
|
-
if (this.isNegative()) {
|
|
896
|
-
return t.negate();
|
|
897
|
-
}
|
|
898
|
-
return t;
|
|
899
|
-
};
|
|
900
|
-
NativeBigInt.prototype.modInv = SmallInteger.prototype.modInv = BigInteger.prototype.modInv;
|
|
901
|
-
BigInteger.prototype.next = function() {
|
|
902
|
-
var value = this.value;
|
|
903
|
-
if (this.sign) {
|
|
904
|
-
return subtractSmall(value, 1, this.sign);
|
|
905
|
-
}
|
|
906
|
-
return new BigInteger(addSmall(value, 1), this.sign);
|
|
907
|
-
};
|
|
908
|
-
SmallInteger.prototype.next = function() {
|
|
909
|
-
var value = this.value;
|
|
910
|
-
if (value + 1 < MAX_INT)
|
|
911
|
-
return new SmallInteger(value + 1);
|
|
912
|
-
return new BigInteger(MAX_INT_ARR, false);
|
|
913
|
-
};
|
|
914
|
-
NativeBigInt.prototype.next = function() {
|
|
915
|
-
return new NativeBigInt(this.value + BigInt(1));
|
|
916
|
-
};
|
|
917
|
-
BigInteger.prototype.prev = function() {
|
|
918
|
-
var value = this.value;
|
|
919
|
-
if (this.sign) {
|
|
920
|
-
return new BigInteger(addSmall(value, 1), true);
|
|
921
|
-
}
|
|
922
|
-
return subtractSmall(value, 1, this.sign);
|
|
923
|
-
};
|
|
924
|
-
SmallInteger.prototype.prev = function() {
|
|
925
|
-
var value = this.value;
|
|
926
|
-
if (value - 1 > -MAX_INT)
|
|
927
|
-
return new SmallInteger(value - 1);
|
|
928
|
-
return new BigInteger(MAX_INT_ARR, true);
|
|
929
|
-
};
|
|
930
|
-
NativeBigInt.prototype.prev = function() {
|
|
931
|
-
return new NativeBigInt(this.value - BigInt(1));
|
|
932
|
-
};
|
|
933
|
-
var powersOfTwo = [1];
|
|
934
|
-
while (2 * powersOfTwo[powersOfTwo.length - 1] <= BASE)
|
|
935
|
-
powersOfTwo.push(2 * powersOfTwo[powersOfTwo.length - 1]);
|
|
936
|
-
var powers2Length = powersOfTwo.length, highestPower2 = powersOfTwo[powers2Length - 1];
|
|
937
|
-
function shift_isSmall(n) {
|
|
938
|
-
return Math.abs(n) <= BASE;
|
|
939
|
-
}
|
|
940
|
-
BigInteger.prototype.shiftLeft = function(v) {
|
|
941
|
-
var n = parseValue(v).toJSNumber();
|
|
942
|
-
if (!shift_isSmall(n)) {
|
|
943
|
-
throw new Error(String(n) + " is too large for shifting.");
|
|
944
|
-
}
|
|
945
|
-
if (n < 0)
|
|
946
|
-
return this.shiftRight(-n);
|
|
947
|
-
var result = this;
|
|
948
|
-
if (result.isZero())
|
|
949
|
-
return result;
|
|
950
|
-
while (n >= powers2Length) {
|
|
951
|
-
result = result.multiply(highestPower2);
|
|
952
|
-
n -= powers2Length - 1;
|
|
953
|
-
}
|
|
954
|
-
return result.multiply(powersOfTwo[n]);
|
|
955
|
-
};
|
|
956
|
-
NativeBigInt.prototype.shiftLeft = SmallInteger.prototype.shiftLeft = BigInteger.prototype.shiftLeft;
|
|
957
|
-
BigInteger.prototype.shiftRight = function(v) {
|
|
958
|
-
var remQuo;
|
|
959
|
-
var n = parseValue(v).toJSNumber();
|
|
960
|
-
if (!shift_isSmall(n)) {
|
|
961
|
-
throw new Error(String(n) + " is too large for shifting.");
|
|
962
|
-
}
|
|
963
|
-
if (n < 0)
|
|
964
|
-
return this.shiftLeft(-n);
|
|
965
|
-
var result = this;
|
|
966
|
-
while (n >= powers2Length) {
|
|
967
|
-
if (result.isZero() || result.isNegative() && result.isUnit())
|
|
968
|
-
return result;
|
|
969
|
-
remQuo = divModAny(result, highestPower2);
|
|
970
|
-
result = remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
|
|
971
|
-
n -= powers2Length - 1;
|
|
972
|
-
}
|
|
973
|
-
remQuo = divModAny(result, powersOfTwo[n]);
|
|
974
|
-
return remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
|
|
975
|
-
};
|
|
976
|
-
NativeBigInt.prototype.shiftRight = SmallInteger.prototype.shiftRight = BigInteger.prototype.shiftRight;
|
|
977
|
-
function bitwise(x, y, fn) {
|
|
978
|
-
y = parseValue(y);
|
|
979
|
-
var xSign = x.isNegative(), ySign = y.isNegative();
|
|
980
|
-
var xRem = xSign ? x.not() : x, yRem = ySign ? y.not() : y;
|
|
981
|
-
var xDigit = 0, yDigit = 0;
|
|
982
|
-
var xDivMod = null, yDivMod = null;
|
|
983
|
-
var result = [];
|
|
984
|
-
while (!xRem.isZero() || !yRem.isZero()) {
|
|
985
|
-
xDivMod = divModAny(xRem, highestPower2);
|
|
986
|
-
xDigit = xDivMod[1].toJSNumber();
|
|
987
|
-
if (xSign) {
|
|
988
|
-
xDigit = highestPower2 - 1 - xDigit;
|
|
989
|
-
}
|
|
990
|
-
yDivMod = divModAny(yRem, highestPower2);
|
|
991
|
-
yDigit = yDivMod[1].toJSNumber();
|
|
992
|
-
if (ySign) {
|
|
993
|
-
yDigit = highestPower2 - 1 - yDigit;
|
|
994
|
-
}
|
|
995
|
-
xRem = xDivMod[0];
|
|
996
|
-
yRem = yDivMod[0];
|
|
997
|
-
result.push(fn(xDigit, yDigit));
|
|
998
|
-
}
|
|
999
|
-
var sum = fn(xSign ? 1 : 0, ySign ? 1 : 0) !== 0 ? bigInt2(-1) : bigInt2(0);
|
|
1000
|
-
for (var i2 = result.length - 1; i2 >= 0; i2 -= 1) {
|
|
1001
|
-
sum = sum.multiply(highestPower2).add(bigInt2(result[i2]));
|
|
1002
|
-
}
|
|
1003
|
-
return sum;
|
|
1004
|
-
}
|
|
1005
|
-
BigInteger.prototype.not = function() {
|
|
1006
|
-
return this.negate().prev();
|
|
1007
|
-
};
|
|
1008
|
-
NativeBigInt.prototype.not = SmallInteger.prototype.not = BigInteger.prototype.not;
|
|
1009
|
-
BigInteger.prototype.and = function(n) {
|
|
1010
|
-
return bitwise(this, n, function(a, b) {
|
|
1011
|
-
return a & b;
|
|
1012
|
-
});
|
|
1013
|
-
};
|
|
1014
|
-
NativeBigInt.prototype.and = SmallInteger.prototype.and = BigInteger.prototype.and;
|
|
1015
|
-
BigInteger.prototype.or = function(n) {
|
|
1016
|
-
return bitwise(this, n, function(a, b) {
|
|
1017
|
-
return a | b;
|
|
1018
|
-
});
|
|
1019
|
-
};
|
|
1020
|
-
NativeBigInt.prototype.or = SmallInteger.prototype.or = BigInteger.prototype.or;
|
|
1021
|
-
BigInteger.prototype.xor = function(n) {
|
|
1022
|
-
return bitwise(this, n, function(a, b) {
|
|
1023
|
-
return a ^ b;
|
|
1024
|
-
});
|
|
1025
|
-
};
|
|
1026
|
-
NativeBigInt.prototype.xor = SmallInteger.prototype.xor = BigInteger.prototype.xor;
|
|
1027
|
-
var LOBMASK_I = 1 << 30, LOBMASK_BI = (BASE & -BASE) * (BASE & -BASE) | LOBMASK_I;
|
|
1028
|
-
function roughLOB(n) {
|
|
1029
|
-
var v = n.value, x = typeof v === "number" ? v | LOBMASK_I : typeof v === "bigint" ? v | BigInt(LOBMASK_I) : v[0] + v[1] * BASE | LOBMASK_BI;
|
|
1030
|
-
return x & -x;
|
|
1031
|
-
}
|
|
1032
|
-
function integerLogarithm(value, base3) {
|
|
1033
|
-
if (base3.compareTo(value) <= 0) {
|
|
1034
|
-
var tmp = integerLogarithm(value, base3.square(base3));
|
|
1035
|
-
var p = tmp.p;
|
|
1036
|
-
var e = tmp.e;
|
|
1037
|
-
var t = p.multiply(base3);
|
|
1038
|
-
return t.compareTo(value) <= 0 ? { p: t, e: e * 2 + 1 } : { p, e: e * 2 };
|
|
1039
|
-
}
|
|
1040
|
-
return { p: bigInt2(1), e: 0 };
|
|
1041
|
-
}
|
|
1042
|
-
BigInteger.prototype.bitLength = function() {
|
|
1043
|
-
var n = this;
|
|
1044
|
-
if (n.compareTo(bigInt2(0)) < 0) {
|
|
1045
|
-
n = n.negate().subtract(bigInt2(1));
|
|
1046
|
-
}
|
|
1047
|
-
if (n.compareTo(bigInt2(0)) === 0) {
|
|
1048
|
-
return bigInt2(0);
|
|
1049
|
-
}
|
|
1050
|
-
return bigInt2(integerLogarithm(n, bigInt2(2)).e).add(bigInt2(1));
|
|
1051
|
-
};
|
|
1052
|
-
NativeBigInt.prototype.bitLength = SmallInteger.prototype.bitLength = BigInteger.prototype.bitLength;
|
|
1053
|
-
function max(a, b) {
|
|
1054
|
-
a = parseValue(a);
|
|
1055
|
-
b = parseValue(b);
|
|
1056
|
-
return a.greater(b) ? a : b;
|
|
1057
|
-
}
|
|
1058
|
-
function min(a, b) {
|
|
1059
|
-
a = parseValue(a);
|
|
1060
|
-
b = parseValue(b);
|
|
1061
|
-
return a.lesser(b) ? a : b;
|
|
1062
|
-
}
|
|
1063
|
-
function gcd(a, b) {
|
|
1064
|
-
a = parseValue(a).abs();
|
|
1065
|
-
b = parseValue(b).abs();
|
|
1066
|
-
if (a.equals(b))
|
|
1067
|
-
return a;
|
|
1068
|
-
if (a.isZero())
|
|
1069
|
-
return b;
|
|
1070
|
-
if (b.isZero())
|
|
1071
|
-
return a;
|
|
1072
|
-
var c = Integer[1], d, t;
|
|
1073
|
-
while (a.isEven() && b.isEven()) {
|
|
1074
|
-
d = min(roughLOB(a), roughLOB(b));
|
|
1075
|
-
a = a.divide(d);
|
|
1076
|
-
b = b.divide(d);
|
|
1077
|
-
c = c.multiply(d);
|
|
1078
|
-
}
|
|
1079
|
-
while (a.isEven()) {
|
|
1080
|
-
a = a.divide(roughLOB(a));
|
|
1081
|
-
}
|
|
1082
|
-
do {
|
|
1083
|
-
while (b.isEven()) {
|
|
1084
|
-
b = b.divide(roughLOB(b));
|
|
1085
|
-
}
|
|
1086
|
-
if (a.greater(b)) {
|
|
1087
|
-
t = b;
|
|
1088
|
-
b = a;
|
|
1089
|
-
a = t;
|
|
1090
|
-
}
|
|
1091
|
-
b = b.subtract(a);
|
|
1092
|
-
} while (!b.isZero());
|
|
1093
|
-
return c.isUnit() ? a : a.multiply(c);
|
|
1094
|
-
}
|
|
1095
|
-
function lcm(a, b) {
|
|
1096
|
-
a = parseValue(a).abs();
|
|
1097
|
-
b = parseValue(b).abs();
|
|
1098
|
-
return a.divide(gcd(a, b)).multiply(b);
|
|
1099
|
-
}
|
|
1100
|
-
function randBetween(a, b, rng) {
|
|
1101
|
-
a = parseValue(a);
|
|
1102
|
-
b = parseValue(b);
|
|
1103
|
-
var usedRNG = rng || Math.random;
|
|
1104
|
-
var low = min(a, b), high = max(a, b);
|
|
1105
|
-
var range = high.subtract(low).add(1);
|
|
1106
|
-
if (range.isSmall)
|
|
1107
|
-
return low.add(Math.floor(usedRNG() * range));
|
|
1108
|
-
var digits = toBase(range, BASE).value;
|
|
1109
|
-
var result = [], restricted = true;
|
|
1110
|
-
for (var i2 = 0; i2 < digits.length; i2++) {
|
|
1111
|
-
var top = restricted ? digits[i2] + (i2 + 1 < digits.length ? digits[i2 + 1] / BASE : 0) : BASE;
|
|
1112
|
-
var digit = truncate(usedRNG() * top);
|
|
1113
|
-
result.push(digit);
|
|
1114
|
-
if (digit < digits[i2])
|
|
1115
|
-
restricted = false;
|
|
1116
|
-
}
|
|
1117
|
-
return low.add(Integer.fromArray(result, BASE, false));
|
|
1118
|
-
}
|
|
1119
|
-
var parseBase = function(text, base3, alphabet2, caseSensitive) {
|
|
1120
|
-
alphabet2 = alphabet2 || DEFAULT_ALPHABET;
|
|
1121
|
-
text = String(text);
|
|
1122
|
-
if (!caseSensitive) {
|
|
1123
|
-
text = text.toLowerCase();
|
|
1124
|
-
alphabet2 = alphabet2.toLowerCase();
|
|
1125
|
-
}
|
|
1126
|
-
var length2 = text.length;
|
|
1127
|
-
var i2;
|
|
1128
|
-
var absBase = Math.abs(base3);
|
|
1129
|
-
var alphabetValues = {};
|
|
1130
|
-
for (i2 = 0; i2 < alphabet2.length; i2++) {
|
|
1131
|
-
alphabetValues[alphabet2[i2]] = i2;
|
|
1132
|
-
}
|
|
1133
|
-
for (i2 = 0; i2 < length2; i2++) {
|
|
1134
|
-
var c = text[i2];
|
|
1135
|
-
if (c === "-")
|
|
1136
|
-
continue;
|
|
1137
|
-
if (c in alphabetValues) {
|
|
1138
|
-
if (alphabetValues[c] >= absBase) {
|
|
1139
|
-
if (c === "1" && absBase === 1)
|
|
1140
|
-
continue;
|
|
1141
|
-
throw new Error(c + " is not a valid digit in base " + base3 + ".");
|
|
1142
|
-
}
|
|
1143
|
-
}
|
|
1144
|
-
}
|
|
1145
|
-
base3 = parseValue(base3);
|
|
1146
|
-
var digits = [];
|
|
1147
|
-
var isNegative = text[0] === "-";
|
|
1148
|
-
for (i2 = isNegative ? 1 : 0; i2 < text.length; i2++) {
|
|
1149
|
-
var c = text[i2];
|
|
1150
|
-
if (c in alphabetValues)
|
|
1151
|
-
digits.push(parseValue(alphabetValues[c]));
|
|
1152
|
-
else if (c === "<") {
|
|
1153
|
-
var start = i2;
|
|
1154
|
-
do {
|
|
1155
|
-
i2++;
|
|
1156
|
-
} while (text[i2] !== ">" && i2 < text.length);
|
|
1157
|
-
digits.push(parseValue(text.slice(start + 1, i2)));
|
|
1158
|
-
} else
|
|
1159
|
-
throw new Error(c + " is not a valid character");
|
|
1160
|
-
}
|
|
1161
|
-
return parseBaseFromArray(digits, base3, isNegative);
|
|
1162
|
-
};
|
|
1163
|
-
function parseBaseFromArray(digits, base3, isNegative) {
|
|
1164
|
-
var val = Integer[0], pow = Integer[1], i2;
|
|
1165
|
-
for (i2 = digits.length - 1; i2 >= 0; i2--) {
|
|
1166
|
-
val = val.add(digits[i2].times(pow));
|
|
1167
|
-
pow = pow.times(base3);
|
|
1168
|
-
}
|
|
1169
|
-
return isNegative ? val.negate() : val;
|
|
1170
|
-
}
|
|
1171
|
-
function stringify(digit, alphabet2) {
|
|
1172
|
-
alphabet2 = alphabet2 || DEFAULT_ALPHABET;
|
|
1173
|
-
if (digit < alphabet2.length) {
|
|
1174
|
-
return alphabet2[digit];
|
|
1175
|
-
}
|
|
1176
|
-
return "<" + digit + ">";
|
|
1177
|
-
}
|
|
1178
|
-
function toBase(n, base3) {
|
|
1179
|
-
base3 = bigInt2(base3);
|
|
1180
|
-
if (base3.isZero()) {
|
|
1181
|
-
if (n.isZero())
|
|
1182
|
-
return { value: [0], isNegative: false };
|
|
1183
|
-
throw new Error("Cannot convert nonzero numbers to base 0.");
|
|
1184
|
-
}
|
|
1185
|
-
if (base3.equals(-1)) {
|
|
1186
|
-
if (n.isZero())
|
|
1187
|
-
return { value: [0], isNegative: false };
|
|
1188
|
-
if (n.isNegative())
|
|
1189
|
-
return {
|
|
1190
|
-
value: [].concat.apply(
|
|
1191
|
-
[],
|
|
1192
|
-
Array.apply(null, Array(-n.toJSNumber())).map(Array.prototype.valueOf, [1, 0])
|
|
1193
|
-
),
|
|
1194
|
-
isNegative: false
|
|
1195
|
-
};
|
|
1196
|
-
var arr = Array.apply(null, Array(n.toJSNumber() - 1)).map(Array.prototype.valueOf, [0, 1]);
|
|
1197
|
-
arr.unshift([1]);
|
|
1198
|
-
return {
|
|
1199
|
-
value: [].concat.apply([], arr),
|
|
1200
|
-
isNegative: false
|
|
1201
|
-
};
|
|
1202
|
-
}
|
|
1203
|
-
var neg = false;
|
|
1204
|
-
if (n.isNegative() && base3.isPositive()) {
|
|
1205
|
-
neg = true;
|
|
1206
|
-
n = n.abs();
|
|
1207
|
-
}
|
|
1208
|
-
if (base3.isUnit()) {
|
|
1209
|
-
if (n.isZero())
|
|
1210
|
-
return { value: [0], isNegative: false };
|
|
1211
|
-
return {
|
|
1212
|
-
value: Array.apply(null, Array(n.toJSNumber())).map(Number.prototype.valueOf, 1),
|
|
1213
|
-
isNegative: neg
|
|
1214
|
-
};
|
|
1215
|
-
}
|
|
1216
|
-
var out = [];
|
|
1217
|
-
var left = n, divmod;
|
|
1218
|
-
while (left.isNegative() || left.compareAbs(base3) >= 0) {
|
|
1219
|
-
divmod = left.divmod(base3);
|
|
1220
|
-
left = divmod.quotient;
|
|
1221
|
-
var digit = divmod.remainder;
|
|
1222
|
-
if (digit.isNegative()) {
|
|
1223
|
-
digit = base3.minus(digit).abs();
|
|
1224
|
-
left = left.next();
|
|
1225
|
-
}
|
|
1226
|
-
out.push(digit.toJSNumber());
|
|
1227
|
-
}
|
|
1228
|
-
out.push(left.toJSNumber());
|
|
1229
|
-
return { value: out.reverse(), isNegative: neg };
|
|
1230
|
-
}
|
|
1231
|
-
function toBaseString(n, base3, alphabet2) {
|
|
1232
|
-
var arr = toBase(n, base3);
|
|
1233
|
-
return (arr.isNegative ? "-" : "") + arr.value.map(function(x) {
|
|
1234
|
-
return stringify(x, alphabet2);
|
|
1235
|
-
}).join("");
|
|
1236
|
-
}
|
|
1237
|
-
BigInteger.prototype.toArray = function(radix) {
|
|
1238
|
-
return toBase(this, radix);
|
|
1239
|
-
};
|
|
1240
|
-
SmallInteger.prototype.toArray = function(radix) {
|
|
1241
|
-
return toBase(this, radix);
|
|
1242
|
-
};
|
|
1243
|
-
NativeBigInt.prototype.toArray = function(radix) {
|
|
1244
|
-
return toBase(this, radix);
|
|
1245
|
-
};
|
|
1246
|
-
BigInteger.prototype.toString = function(radix, alphabet2) {
|
|
1247
|
-
if (radix === undefined2)
|
|
1248
|
-
radix = 10;
|
|
1249
|
-
if (radix !== 10)
|
|
1250
|
-
return toBaseString(this, radix, alphabet2);
|
|
1251
|
-
var v = this.value, l = v.length, str = String(v[--l]), zeros = "0000000", digit;
|
|
1252
|
-
while (--l >= 0) {
|
|
1253
|
-
digit = String(v[l]);
|
|
1254
|
-
str += zeros.slice(digit.length) + digit;
|
|
1255
|
-
}
|
|
1256
|
-
var sign2 = this.sign ? "-" : "";
|
|
1257
|
-
return sign2 + str;
|
|
1258
|
-
};
|
|
1259
|
-
SmallInteger.prototype.toString = function(radix, alphabet2) {
|
|
1260
|
-
if (radix === undefined2)
|
|
1261
|
-
radix = 10;
|
|
1262
|
-
if (radix != 10)
|
|
1263
|
-
return toBaseString(this, radix, alphabet2);
|
|
1264
|
-
return String(this.value);
|
|
1265
|
-
};
|
|
1266
|
-
NativeBigInt.prototype.toString = SmallInteger.prototype.toString;
|
|
1267
|
-
NativeBigInt.prototype.toJSON = BigInteger.prototype.toJSON = SmallInteger.prototype.toJSON = function() {
|
|
1268
|
-
return this.toString();
|
|
1269
|
-
};
|
|
1270
|
-
BigInteger.prototype.valueOf = function() {
|
|
1271
|
-
return parseInt(this.toString(), 10);
|
|
1272
|
-
};
|
|
1273
|
-
BigInteger.prototype.toJSNumber = BigInteger.prototype.valueOf;
|
|
1274
|
-
SmallInteger.prototype.valueOf = function() {
|
|
1275
|
-
return this.value;
|
|
1276
|
-
};
|
|
1277
|
-
SmallInteger.prototype.toJSNumber = SmallInteger.prototype.valueOf;
|
|
1278
|
-
NativeBigInt.prototype.valueOf = NativeBigInt.prototype.toJSNumber = function() {
|
|
1279
|
-
return parseInt(this.toString(), 10);
|
|
1280
|
-
};
|
|
1281
|
-
function parseStringValue(v) {
|
|
1282
|
-
if (isPrecise(+v)) {
|
|
1283
|
-
var x = +v;
|
|
1284
|
-
if (x === truncate(x))
|
|
1285
|
-
return supportsNativeBigInt ? new NativeBigInt(BigInt(x)) : new SmallInteger(x);
|
|
1286
|
-
throw new Error("Invalid integer: " + v);
|
|
1287
|
-
}
|
|
1288
|
-
var sign2 = v[0] === "-";
|
|
1289
|
-
if (sign2)
|
|
1290
|
-
v = v.slice(1);
|
|
1291
|
-
var split = v.split(/e/i);
|
|
1292
|
-
if (split.length > 2)
|
|
1293
|
-
throw new Error("Invalid integer: " + split.join("e"));
|
|
1294
|
-
if (split.length === 2) {
|
|
1295
|
-
var exp = split[1];
|
|
1296
|
-
if (exp[0] === "+")
|
|
1297
|
-
exp = exp.slice(1);
|
|
1298
|
-
exp = +exp;
|
|
1299
|
-
if (exp !== truncate(exp) || !isPrecise(exp))
|
|
1300
|
-
throw new Error("Invalid integer: " + exp + " is not a valid exponent.");
|
|
1301
|
-
var text = split[0];
|
|
1302
|
-
var decimalPlace = text.indexOf(".");
|
|
1303
|
-
if (decimalPlace >= 0) {
|
|
1304
|
-
exp -= text.length - decimalPlace - 1;
|
|
1305
|
-
text = text.slice(0, decimalPlace) + text.slice(decimalPlace + 1);
|
|
1306
|
-
}
|
|
1307
|
-
if (exp < 0)
|
|
1308
|
-
throw new Error("Cannot include negative exponent part for integers");
|
|
1309
|
-
text += new Array(exp + 1).join("0");
|
|
1310
|
-
v = text;
|
|
1311
|
-
}
|
|
1312
|
-
var isValid = /^([0-9][0-9]*)$/.test(v);
|
|
1313
|
-
if (!isValid)
|
|
1314
|
-
throw new Error("Invalid integer: " + v);
|
|
1315
|
-
if (supportsNativeBigInt) {
|
|
1316
|
-
return new NativeBigInt(BigInt(sign2 ? "-" + v : v));
|
|
1317
|
-
}
|
|
1318
|
-
var r = [], max2 = v.length, l = LOG_BASE, min2 = max2 - l;
|
|
1319
|
-
while (max2 > 0) {
|
|
1320
|
-
r.push(+v.slice(min2, max2));
|
|
1321
|
-
min2 -= l;
|
|
1322
|
-
if (min2 < 0)
|
|
1323
|
-
min2 = 0;
|
|
1324
|
-
max2 -= l;
|
|
1325
|
-
}
|
|
1326
|
-
trim(r);
|
|
1327
|
-
return new BigInteger(r, sign2);
|
|
1328
|
-
}
|
|
1329
|
-
function parseNumberValue(v) {
|
|
1330
|
-
if (supportsNativeBigInt) {
|
|
1331
|
-
return new NativeBigInt(BigInt(v));
|
|
1332
|
-
}
|
|
1333
|
-
if (isPrecise(v)) {
|
|
1334
|
-
if (v !== truncate(v))
|
|
1335
|
-
throw new Error(v + " is not an integer.");
|
|
1336
|
-
return new SmallInteger(v);
|
|
1337
|
-
}
|
|
1338
|
-
return parseStringValue(v.toString());
|
|
1339
|
-
}
|
|
1340
|
-
function parseValue(v) {
|
|
1341
|
-
if (typeof v === "number") {
|
|
1342
|
-
return parseNumberValue(v);
|
|
1343
|
-
}
|
|
1344
|
-
if (typeof v === "string") {
|
|
1345
|
-
return parseStringValue(v);
|
|
1346
|
-
}
|
|
1347
|
-
if (typeof v === "bigint") {
|
|
1348
|
-
return new NativeBigInt(v);
|
|
1349
|
-
}
|
|
1350
|
-
return v;
|
|
1351
|
-
}
|
|
1352
|
-
for (var i = 0; i < 1e3; i++) {
|
|
1353
|
-
Integer[i] = parseValue(i);
|
|
1354
|
-
if (i > 0)
|
|
1355
|
-
Integer[-i] = parseValue(-i);
|
|
1356
|
-
}
|
|
1357
|
-
Integer.one = Integer[1];
|
|
1358
|
-
Integer.zero = Integer[0];
|
|
1359
|
-
Integer.minusOne = Integer[-1];
|
|
1360
|
-
Integer.max = max;
|
|
1361
|
-
Integer.min = min;
|
|
1362
|
-
Integer.gcd = gcd;
|
|
1363
|
-
Integer.lcm = lcm;
|
|
1364
|
-
Integer.isInstance = function(x) {
|
|
1365
|
-
return x instanceof BigInteger || x instanceof SmallInteger || x instanceof NativeBigInt;
|
|
1366
|
-
};
|
|
1367
|
-
Integer.randBetween = randBetween;
|
|
1368
|
-
Integer.fromArray = function(digits, base3, isNegative) {
|
|
1369
|
-
return parseBaseFromArray(digits.map(parseValue), parseValue(base3 || 10), isNegative);
|
|
1370
|
-
};
|
|
1371
|
-
return Integer;
|
|
1372
|
-
}();
|
|
1373
|
-
if (typeof module2 !== "undefined" && module2.hasOwnProperty("exports")) {
|
|
1374
|
-
module2.exports = bigInt2;
|
|
1375
|
-
}
|
|
1376
|
-
if (typeof define === "function" && define.amd) {
|
|
1377
|
-
define(function() {
|
|
1378
|
-
return bigInt2;
|
|
1379
|
-
});
|
|
1380
|
-
}
|
|
1381
|
-
}
|
|
1382
|
-
});
|
|
1383
|
-
|
|
1384
26
|
// src/index.ts
|
|
1385
27
|
var src_exports2 = {};
|
|
1386
28
|
__export(src_exports2, {
|
|
1387
|
-
AesKey: () => AesKey,
|
|
1388
29
|
BASE58_DID_PREFIX: () => BASE58_DID_PREFIX,
|
|
1389
|
-
|
|
1390
|
-
EcdsaKeypair: () => EcdsaKeypair,
|
|
30
|
+
P256Keypair: () => P256Keypair,
|
|
1391
31
|
P256_DID_PREFIX: () => P256_DID_PREFIX,
|
|
1392
32
|
P256_JWT_ALG: () => P256_JWT_ALG,
|
|
1393
33
|
SECP256K1_DID_PREFIX: () => SECP256K1_DID_PREFIX,
|
|
1394
34
|
SECP256K1_JWT_ALG: () => SECP256K1_JWT_ALG,
|
|
1395
35
|
Secp256k1Keypair: () => Secp256k1Keypair,
|
|
36
|
+
bytesToMultibase: () => bytesToMultibase,
|
|
1396
37
|
formatDidKey: () => formatDidKey,
|
|
1397
38
|
multibaseToBytes: () => multibaseToBytes,
|
|
1398
39
|
p256Plugin: () => p256Plugin,
|
|
1399
40
|
parseDidKey: () => parseDidKey,
|
|
1400
|
-
randomBytes: () =>
|
|
1401
|
-
|
|
41
|
+
randomBytes: () => randomBytes2,
|
|
42
|
+
randomIntFromSeed: () => randomIntFromSeed,
|
|
1402
43
|
randomStr: () => randomStr,
|
|
1403
44
|
secp256k1Plugin: () => secp256k1Plugin,
|
|
1404
|
-
sha256: () =>
|
|
1405
|
-
sha256Stream: () => sha256Stream,
|
|
45
|
+
sha256: () => sha2563,
|
|
1406
46
|
verifySignature: () => verifySignature,
|
|
1407
47
|
verifySignatureUtf8: () => verifySignatureUtf8
|
|
1408
48
|
});
|
|
1409
49
|
module.exports = __toCommonJS(src_exports2);
|
|
1410
50
|
|
|
1411
|
-
//
|
|
1412
|
-
var
|
|
1413
|
-
var
|
|
51
|
+
// src/const.ts
|
|
52
|
+
var P256_DID_PREFIX = new Uint8Array([128, 36]);
|
|
53
|
+
var SECP256K1_DID_PREFIX = new Uint8Array([231, 1]);
|
|
54
|
+
var BASE58_DID_PREFIX = "did:key:z";
|
|
55
|
+
var P256_JWT_ALG = "ES256";
|
|
56
|
+
var SECP256K1_JWT_ALG = "ES256K";
|
|
1414
57
|
|
|
1415
58
|
// ../../node_modules/uint8arrays/esm/src/concat.js
|
|
1416
59
|
function concat(arrays, length2) {
|
|
1417
60
|
if (!length2) {
|
|
1418
61
|
length2 = arrays.reduce((acc, curr) => acc + curr.length, 0);
|
|
1419
62
|
}
|
|
1420
|
-
const
|
|
63
|
+
const output2 = new Uint8Array(length2);
|
|
1421
64
|
let offset = 0;
|
|
1422
65
|
for (const arr of arrays) {
|
|
1423
|
-
|
|
66
|
+
output2.set(arr, offset);
|
|
1424
67
|
offset += arr.length;
|
|
1425
68
|
}
|
|
1426
|
-
return
|
|
69
|
+
return output2;
|
|
1427
70
|
}
|
|
1428
71
|
|
|
1429
72
|
// ../../node_modules/uint8arrays/esm/src/equals.js
|
|
@@ -1619,9 +262,9 @@ var Encoder = class {
|
|
|
1619
262
|
this.prefix = prefix;
|
|
1620
263
|
this.baseEncode = baseEncode;
|
|
1621
264
|
}
|
|
1622
|
-
encode(
|
|
1623
|
-
if (
|
|
1624
|
-
return `${this.prefix}${this.baseEncode(
|
|
265
|
+
encode(bytes2) {
|
|
266
|
+
if (bytes2 instanceof Uint8Array) {
|
|
267
|
+
return `${this.prefix}${this.baseEncode(bytes2)}`;
|
|
1625
268
|
} else {
|
|
1626
269
|
throw Error("Unknown type, must be binary type");
|
|
1627
270
|
}
|
|
@@ -2006,7 +649,7 @@ __export(sha2_exports, {
|
|
|
2006
649
|
sha256: () => sha256,
|
|
2007
650
|
sha512: () => sha512
|
|
2008
651
|
});
|
|
2009
|
-
var
|
|
652
|
+
var import_crypto = __toESM(require("crypto"), 1);
|
|
2010
653
|
|
|
2011
654
|
// ../../node_modules/multiformats/esm/vendor/varint.js
|
|
2012
655
|
var encode_1 = encode3;
|
|
@@ -2088,21 +731,21 @@ var create = (code2, digest2) => {
|
|
|
2088
731
|
const size = digest2.byteLength;
|
|
2089
732
|
const sizeOffset = encodingLength(code2);
|
|
2090
733
|
const digestOffset = sizeOffset + encodingLength(size);
|
|
2091
|
-
const
|
|
2092
|
-
encodeTo(code2,
|
|
2093
|
-
encodeTo(size,
|
|
2094
|
-
|
|
2095
|
-
return new Digest(code2, size, digest2,
|
|
734
|
+
const bytes2 = new Uint8Array(digestOffset + size);
|
|
735
|
+
encodeTo(code2, bytes2, 0);
|
|
736
|
+
encodeTo(size, bytes2, sizeOffset);
|
|
737
|
+
bytes2.set(digest2, digestOffset);
|
|
738
|
+
return new Digest(code2, size, digest2, bytes2);
|
|
2096
739
|
};
|
|
2097
740
|
var decode5 = (multihash) => {
|
|
2098
|
-
const
|
|
2099
|
-
const [code2, sizeOffset] = decode4(
|
|
2100
|
-
const [size, digestOffset] = decode4(
|
|
2101
|
-
const digest2 =
|
|
741
|
+
const bytes2 = coerce(multihash);
|
|
742
|
+
const [code2, sizeOffset] = decode4(bytes2);
|
|
743
|
+
const [size, digestOffset] = decode4(bytes2.subarray(sizeOffset));
|
|
744
|
+
const digest2 = bytes2.subarray(sizeOffset + digestOffset);
|
|
2102
745
|
if (digest2.byteLength !== size) {
|
|
2103
746
|
throw new Error("Incorrect length");
|
|
2104
747
|
}
|
|
2105
|
-
return new Digest(code2, size, digest2,
|
|
748
|
+
return new Digest(code2, size, digest2, bytes2);
|
|
2106
749
|
};
|
|
2107
750
|
var equals3 = (a, b) => {
|
|
2108
751
|
if (a === b) {
|
|
@@ -2112,11 +755,11 @@ var equals3 = (a, b) => {
|
|
|
2112
755
|
}
|
|
2113
756
|
};
|
|
2114
757
|
var Digest = class {
|
|
2115
|
-
constructor(code2, size, digest2,
|
|
758
|
+
constructor(code2, size, digest2, bytes2) {
|
|
2116
759
|
this.code = code2;
|
|
2117
760
|
this.size = size;
|
|
2118
761
|
this.digest = digest2;
|
|
2119
|
-
this.bytes =
|
|
762
|
+
this.bytes = bytes2;
|
|
2120
763
|
}
|
|
2121
764
|
};
|
|
2122
765
|
|
|
@@ -2142,12 +785,12 @@ var Hasher = class {
|
|
|
2142
785
|
var sha256 = from2({
|
|
2143
786
|
name: "sha2-256",
|
|
2144
787
|
code: 18,
|
|
2145
|
-
encode: (input) => coerce(
|
|
788
|
+
encode: (input) => coerce(import_crypto.default.createHash("sha256").update(input).digest())
|
|
2146
789
|
});
|
|
2147
790
|
var sha512 = from2({
|
|
2148
791
|
name: "sha2-512",
|
|
2149
792
|
code: 19,
|
|
2150
|
-
encode: (input) => coerce(
|
|
793
|
+
encode: (input) => coerce(import_crypto.default.createHash("sha512").update(input).digest())
|
|
2151
794
|
});
|
|
2152
795
|
|
|
2153
796
|
// ../../node_modules/multiformats/esm/src/hashes/identity.js
|
|
@@ -2172,13 +815,13 @@ var textDecoder = new TextDecoder();
|
|
|
2172
815
|
|
|
2173
816
|
// ../../node_modules/multiformats/esm/src/cid.js
|
|
2174
817
|
var CID = class {
|
|
2175
|
-
constructor(version2, code2, multihash,
|
|
818
|
+
constructor(version2, code2, multihash, bytes2) {
|
|
2176
819
|
this.code = code2;
|
|
2177
820
|
this.version = version2;
|
|
2178
821
|
this.multihash = multihash;
|
|
2179
|
-
this.bytes =
|
|
2180
|
-
this.byteOffset =
|
|
2181
|
-
this.byteLength =
|
|
822
|
+
this.bytes = bytes2;
|
|
823
|
+
this.byteOffset = bytes2.byteOffset;
|
|
824
|
+
this.byteLength = bytes2.byteLength;
|
|
2182
825
|
this.asCID = this;
|
|
2183
826
|
this._baseCache = /* @__PURE__ */ new Map();
|
|
2184
827
|
Object.defineProperties(this, {
|
|
@@ -2228,12 +871,12 @@ var CID = class {
|
|
|
2228
871
|
return other && this.code === other.code && this.version === other.version && equals3(this.multihash, other.multihash);
|
|
2229
872
|
}
|
|
2230
873
|
toString(base3) {
|
|
2231
|
-
const { bytes, version: version2, _baseCache } = this;
|
|
874
|
+
const { bytes: bytes2, version: version2, _baseCache } = this;
|
|
2232
875
|
switch (version2) {
|
|
2233
876
|
case 0:
|
|
2234
|
-
return toStringV0(
|
|
877
|
+
return toStringV0(bytes2, _baseCache, base3 || base58btc.encoder);
|
|
2235
878
|
default:
|
|
2236
|
-
return toStringV1(
|
|
879
|
+
return toStringV1(bytes2, _baseCache, base3 || base32.encoder);
|
|
2237
880
|
}
|
|
2238
881
|
}
|
|
2239
882
|
toJSON() {
|
|
@@ -2272,8 +915,8 @@ var CID = class {
|
|
|
2272
915
|
if (value instanceof CID) {
|
|
2273
916
|
return value;
|
|
2274
917
|
} else if (value != null && value.asCID === value) {
|
|
2275
|
-
const { version: version2, code: code2, multihash, bytes } = value;
|
|
2276
|
-
return new CID(version2, code2, multihash,
|
|
918
|
+
const { version: version2, code: code2, multihash, bytes: bytes2 } = value;
|
|
919
|
+
return new CID(version2, code2, multihash, bytes2 || encodeCID(version2, code2, multihash.bytes));
|
|
2277
920
|
} else if (value != null && value[cidSymbol] === true) {
|
|
2278
921
|
const { version: version2, multihash, code: code2 } = value;
|
|
2279
922
|
const digest2 = decode5(multihash);
|
|
@@ -2295,8 +938,8 @@ var CID = class {
|
|
|
2295
938
|
}
|
|
2296
939
|
}
|
|
2297
940
|
case 1: {
|
|
2298
|
-
const
|
|
2299
|
-
return new CID(version2, code2, digest2,
|
|
941
|
+
const bytes2 = encodeCID(version2, code2, digest2.bytes);
|
|
942
|
+
return new CID(version2, code2, digest2, bytes2);
|
|
2300
943
|
}
|
|
2301
944
|
default: {
|
|
2302
945
|
throw new Error("Invalid version");
|
|
@@ -2309,17 +952,17 @@ var CID = class {
|
|
|
2309
952
|
static createV1(code2, digest2) {
|
|
2310
953
|
return CID.create(1, code2, digest2);
|
|
2311
954
|
}
|
|
2312
|
-
static decode(
|
|
2313
|
-
const [cid, remainder] = CID.decodeFirst(
|
|
955
|
+
static decode(bytes2) {
|
|
956
|
+
const [cid, remainder] = CID.decodeFirst(bytes2);
|
|
2314
957
|
if (remainder.length) {
|
|
2315
958
|
throw new Error("Incorrect length");
|
|
2316
959
|
}
|
|
2317
960
|
return cid;
|
|
2318
961
|
}
|
|
2319
|
-
static decodeFirst(
|
|
2320
|
-
const specs = CID.inspectBytes(
|
|
962
|
+
static decodeFirst(bytes2) {
|
|
963
|
+
const specs = CID.inspectBytes(bytes2);
|
|
2321
964
|
const prefixSize = specs.size - specs.multihashSize;
|
|
2322
|
-
const multihashBytes = coerce(
|
|
965
|
+
const multihashBytes = coerce(bytes2.subarray(prefixSize, prefixSize + specs.multihashSize));
|
|
2323
966
|
if (multihashBytes.byteLength !== specs.multihashSize) {
|
|
2324
967
|
throw new Error("Incorrect length");
|
|
2325
968
|
}
|
|
@@ -2328,7 +971,7 @@ var CID = class {
|
|
|
2328
971
|
const cid = specs.version === 0 ? CID.createV0(digest2) : CID.createV1(specs.codec, digest2);
|
|
2329
972
|
return [
|
|
2330
973
|
cid,
|
|
2331
|
-
|
|
974
|
+
bytes2.subarray(specs.size)
|
|
2332
975
|
];
|
|
2333
976
|
}
|
|
2334
977
|
static inspectBytes(initialBytes) {
|
|
@@ -2364,8 +1007,8 @@ var CID = class {
|
|
|
2364
1007
|
};
|
|
2365
1008
|
}
|
|
2366
1009
|
static parse(source, base3) {
|
|
2367
|
-
const [prefix,
|
|
2368
|
-
const cid = CID.decode(
|
|
1010
|
+
const [prefix, bytes2] = parseCIDtoBytes(source, base3);
|
|
1011
|
+
const cid = CID.decode(bytes2);
|
|
2369
1012
|
cid._baseCache.set(prefix, source);
|
|
2370
1013
|
return cid;
|
|
2371
1014
|
}
|
|
@@ -2404,25 +1047,25 @@ var parseCIDtoBytes = (source, base3) => {
|
|
|
2404
1047
|
}
|
|
2405
1048
|
}
|
|
2406
1049
|
};
|
|
2407
|
-
var toStringV0 = (
|
|
1050
|
+
var toStringV0 = (bytes2, cache, base3) => {
|
|
2408
1051
|
const { prefix } = base3;
|
|
2409
1052
|
if (prefix !== base58btc.prefix) {
|
|
2410
1053
|
throw Error(`Cannot string encode V0 in ${base3.name} encoding`);
|
|
2411
1054
|
}
|
|
2412
1055
|
const cid = cache.get(prefix);
|
|
2413
1056
|
if (cid == null) {
|
|
2414
|
-
const cid2 = base3.encode(
|
|
1057
|
+
const cid2 = base3.encode(bytes2).slice(1);
|
|
2415
1058
|
cache.set(prefix, cid2);
|
|
2416
1059
|
return cid2;
|
|
2417
1060
|
} else {
|
|
2418
1061
|
return cid;
|
|
2419
1062
|
}
|
|
2420
1063
|
};
|
|
2421
|
-
var toStringV1 = (
|
|
1064
|
+
var toStringV1 = (bytes2, cache, base3) => {
|
|
2422
1065
|
const { prefix } = base3;
|
|
2423
1066
|
const cid = cache.get(prefix);
|
|
2424
1067
|
if (cid == null) {
|
|
2425
|
-
const cid2 = base3.encode(
|
|
1068
|
+
const cid2 = base3.encode(bytes2);
|
|
2426
1069
|
cache.set(prefix, cid2);
|
|
2427
1070
|
return cid2;
|
|
2428
1071
|
} else {
|
|
@@ -2434,11 +1077,11 @@ var SHA_256_CODE = 18;
|
|
|
2434
1077
|
var encodeCID = (version2, code2, multihash) => {
|
|
2435
1078
|
const codeOffset = encodingLength(version2);
|
|
2436
1079
|
const hashOffset = codeOffset + encodingLength(code2);
|
|
2437
|
-
const
|
|
2438
|
-
encodeTo(version2,
|
|
2439
|
-
encodeTo(code2,
|
|
2440
|
-
|
|
2441
|
-
return
|
|
1080
|
+
const bytes2 = new Uint8Array(hashOffset + multihash.byteLength);
|
|
1081
|
+
encodeTo(version2, bytes2, 0);
|
|
1082
|
+
encodeTo(code2, bytes2, codeOffset);
|
|
1083
|
+
bytes2.set(multihash, hashOffset);
|
|
1084
|
+
return bytes2;
|
|
2442
1085
|
};
|
|
2443
1086
|
var cidSymbol = Symbol.for("@ipld/js-cid/CID");
|
|
2444
1087
|
var readonly = {
|
|
@@ -2556,650 +1199,223 @@ function toString2(array, encoding = "utf8") {
|
|
|
2556
1199
|
return base3.encoder.encode(array).substring(1);
|
|
2557
1200
|
}
|
|
2558
1201
|
|
|
2559
|
-
//
|
|
2560
|
-
|
|
2561
|
-
|
|
2562
|
-
};
|
|
2563
|
-
|
|
2564
|
-
|
|
2565
|
-
|
|
2566
|
-
|
|
2567
|
-
|
|
2568
|
-
|
|
2569
|
-
|
|
2570
|
-
|
|
2571
|
-
|
|
2572
|
-
|
|
2573
|
-
|
|
2574
|
-
|
|
2575
|
-
|
|
2576
|
-
|
|
2577
|
-
|
|
2578
|
-
|
|
2579
|
-
|
|
2580
|
-
|
|
2581
|
-
|
|
2582
|
-
|
|
2583
|
-
|
|
2584
|
-
);
|
|
2585
|
-
|
|
2586
|
-
|
|
2587
|
-
|
|
2588
|
-
|
|
2589
|
-
|
|
2590
|
-
|
|
2591
|
-
{
|
|
2592
|
-
name: "AES-GCM",
|
|
2593
|
-
iv
|
|
2594
|
-
},
|
|
2595
|
-
this.key,
|
|
2596
|
-
dataBytes
|
|
2597
|
-
);
|
|
2598
|
-
const encryptedBytes = new Uint8Array(buf);
|
|
2599
|
-
const encrypted = toString2(
|
|
2600
|
-
concat([iv, encryptedBytes]),
|
|
2601
|
-
"base64pad"
|
|
2602
|
-
);
|
|
2603
|
-
return encrypted;
|
|
2604
|
-
}
|
|
2605
|
-
async decrypt(data) {
|
|
2606
|
-
const dataBytes = fromString2(data, "base64pad");
|
|
2607
|
-
const iv = dataBytes.slice(0, 12);
|
|
2608
|
-
const encrypted = dataBytes.slice(12);
|
|
2609
|
-
const buf = await webcrypto.subtle.decrypt(
|
|
2610
|
-
{
|
|
2611
|
-
name: "AES-GCM",
|
|
2612
|
-
iv
|
|
2613
|
-
},
|
|
2614
|
-
this.key,
|
|
2615
|
-
encrypted
|
|
2616
|
-
);
|
|
2617
|
-
const decryptedBytes = new Uint8Array(buf);
|
|
2618
|
-
return toString2(decryptedBytes, "utf8");
|
|
1202
|
+
// ../../node_modules/@noble/hashes/esm/_assert.js
|
|
1203
|
+
function number(n) {
|
|
1204
|
+
if (!Number.isSafeInteger(n) || n < 0)
|
|
1205
|
+
throw new Error(`Wrong positive integer: ${n}`);
|
|
1206
|
+
}
|
|
1207
|
+
function bool(b) {
|
|
1208
|
+
if (typeof b !== "boolean")
|
|
1209
|
+
throw new Error(`Expected boolean, not ${b}`);
|
|
1210
|
+
}
|
|
1211
|
+
function bytes(b, ...lengths) {
|
|
1212
|
+
if (!(b instanceof Uint8Array))
|
|
1213
|
+
throw new Error("Expected Uint8Array");
|
|
1214
|
+
if (lengths.length > 0 && !lengths.includes(b.length))
|
|
1215
|
+
throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
|
|
1216
|
+
}
|
|
1217
|
+
function hash(hash2) {
|
|
1218
|
+
if (typeof hash2 !== "function" || typeof hash2.create !== "function")
|
|
1219
|
+
throw new Error("Hash should be wrapped by utils.wrapConstructor");
|
|
1220
|
+
number(hash2.outputLen);
|
|
1221
|
+
number(hash2.blockLen);
|
|
1222
|
+
}
|
|
1223
|
+
function exists(instance, checkFinished = true) {
|
|
1224
|
+
if (instance.destroyed)
|
|
1225
|
+
throw new Error("Hash instance has been destroyed");
|
|
1226
|
+
if (checkFinished && instance.finished)
|
|
1227
|
+
throw new Error("Hash#digest() has already been called");
|
|
1228
|
+
}
|
|
1229
|
+
function output(out, instance) {
|
|
1230
|
+
bytes(out);
|
|
1231
|
+
const min = instance.outputLen;
|
|
1232
|
+
if (out.length < min) {
|
|
1233
|
+
throw new Error(`digestInto() expects output buffer of length at least ${min}`);
|
|
2619
1234
|
}
|
|
2620
|
-
}
|
|
2621
|
-
|
|
2622
|
-
|
|
2623
|
-
|
|
2624
|
-
|
|
2625
|
-
|
|
2626
|
-
|
|
2627
|
-
|
|
1235
|
+
}
|
|
1236
|
+
var assert = {
|
|
1237
|
+
number,
|
|
1238
|
+
bool,
|
|
1239
|
+
bytes,
|
|
1240
|
+
hash,
|
|
1241
|
+
exists,
|
|
1242
|
+
output
|
|
1243
|
+
};
|
|
1244
|
+
var assert_default = assert;
|
|
2628
1245
|
|
|
2629
|
-
//
|
|
2630
|
-
var
|
|
2631
|
-
var
|
|
2632
|
-
if (pubkeyBytes.length !== 65) {
|
|
2633
|
-
throw new Error("Expected 65 byte pubkey");
|
|
2634
|
-
} else if (pubkeyBytes[0] !== 4) {
|
|
2635
|
-
throw new Error("Expected first byte to be 0x04");
|
|
2636
|
-
}
|
|
2637
|
-
const x = pubkeyBytes.slice(1, 33);
|
|
2638
|
-
const y = pubkeyBytes.slice(33, 65);
|
|
2639
|
-
const out = new Uint8Array(x.length + 1);
|
|
2640
|
-
out[0] = 2 + (y[y.length - 1] & 1);
|
|
2641
|
-
out.set(x, 1);
|
|
2642
|
-
return out;
|
|
2643
|
-
};
|
|
2644
|
-
var decompressPubkey = (compressed) => {
|
|
2645
|
-
if (compressed.length !== 33) {
|
|
2646
|
-
throw new Error("Expected 33 byte compress pubkey");
|
|
2647
|
-
} else if (compressed[0] !== 2 && compressed[0] !== 3) {
|
|
2648
|
-
throw new Error("Expected first byte to be 0x02 or 0x03");
|
|
2649
|
-
}
|
|
2650
|
-
const two = (0, import_big_integer.default)(2);
|
|
2651
|
-
const prime = two.pow(256).subtract(two.pow(224)).add(two.pow(192)).add(two.pow(96)).subtract(1);
|
|
2652
|
-
const b = (0, import_big_integer.default)(
|
|
2653
|
-
"41058363725152142129326129780047268409114441015993725554835256314039467401291"
|
|
2654
|
-
);
|
|
2655
|
-
const pIdent = prime.add(1).divide(4);
|
|
2656
|
-
const signY = (0, import_big_integer.default)(compressed[0] - 2);
|
|
2657
|
-
const x = compressed.slice(1);
|
|
2658
|
-
const xBig = (0, import_big_integer.default)(toString2(x, "base10"));
|
|
2659
|
-
const maybeY = xBig.pow(3).subtract(xBig.multiply(3)).add(b).modPow(pIdent, prime);
|
|
2660
|
-
let yBig;
|
|
2661
|
-
if (maybeY.mod(2).equals(signY)) {
|
|
2662
|
-
yBig = maybeY;
|
|
2663
|
-
} else {
|
|
2664
|
-
yBig = prime.subtract(maybeY);
|
|
2665
|
-
}
|
|
2666
|
-
const y = fromString2(yBig.toString(10), "base10");
|
|
2667
|
-
const offset = 32 - y.length;
|
|
2668
|
-
const yPadded = new Uint8Array(32);
|
|
2669
|
-
yPadded.set(y, offset);
|
|
2670
|
-
const publicKey = concat([[4], x, yPadded]);
|
|
2671
|
-
return publicKey;
|
|
2672
|
-
};
|
|
1246
|
+
// ../../node_modules/@noble/hashes/esm/cryptoNode.js
|
|
1247
|
+
var nc = __toESM(require("node:crypto"), 1);
|
|
1248
|
+
var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : void 0;
|
|
2673
1249
|
|
|
2674
|
-
// ../../node_modules/@noble/
|
|
2675
|
-
var
|
|
2676
|
-
var
|
|
2677
|
-
var
|
|
2678
|
-
var
|
|
2679
|
-
|
|
2680
|
-
|
|
2681
|
-
var
|
|
2682
|
-
|
|
2683
|
-
|
|
2684
|
-
|
|
2685
|
-
|
|
2686
|
-
h: _1n,
|
|
2687
|
-
Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
|
|
2688
|
-
Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
|
|
2689
|
-
beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee")
|
|
2690
|
-
});
|
|
2691
|
-
function weistrass(x) {
|
|
2692
|
-
const { a, b } = CURVE;
|
|
2693
|
-
const x2 = mod(x * x);
|
|
2694
|
-
const x3 = mod(x2 * x);
|
|
2695
|
-
return mod(x3 + a * x + b);
|
|
1250
|
+
// ../../node_modules/@noble/hashes/esm/utils.js
|
|
1251
|
+
var u8a = (a) => a instanceof Uint8Array;
|
|
1252
|
+
var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
|
|
1253
|
+
var rotr = (word, shift) => word << 32 - shift | word >>> shift;
|
|
1254
|
+
var isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
|
|
1255
|
+
if (!isLE)
|
|
1256
|
+
throw new Error("Non little-endian hardware is not supported");
|
|
1257
|
+
var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
|
|
1258
|
+
function utf8ToBytes(str) {
|
|
1259
|
+
if (typeof str !== "string")
|
|
1260
|
+
throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
|
|
1261
|
+
return new Uint8Array(new TextEncoder().encode(str));
|
|
2696
1262
|
}
|
|
2697
|
-
|
|
2698
|
-
|
|
2699
|
-
|
|
2700
|
-
|
|
2701
|
-
|
|
2702
|
-
|
|
2703
|
-
var JacobianPoint = class {
|
|
2704
|
-
constructor(x, y, z) {
|
|
2705
|
-
this.x = x;
|
|
2706
|
-
this.y = y;
|
|
2707
|
-
this.z = z;
|
|
2708
|
-
}
|
|
2709
|
-
static fromAffine(p) {
|
|
2710
|
-
if (!(p instanceof Point)) {
|
|
2711
|
-
throw new TypeError("JacobianPoint#fromAffine: expected Point");
|
|
2712
|
-
}
|
|
2713
|
-
return new JacobianPoint(p.x, p.y, _1n);
|
|
2714
|
-
}
|
|
2715
|
-
static toAffineBatch(points) {
|
|
2716
|
-
const toInv = invertBatch(points.map((p) => p.z));
|
|
2717
|
-
return points.map((p, i) => p.toAffine(toInv[i]));
|
|
2718
|
-
}
|
|
2719
|
-
static normalizeZ(points) {
|
|
2720
|
-
return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
|
|
2721
|
-
}
|
|
2722
|
-
equals(other) {
|
|
2723
|
-
if (!(other instanceof JacobianPoint))
|
|
2724
|
-
throw new TypeError("JacobianPoint expected");
|
|
2725
|
-
const { x: X1, y: Y1, z: Z1 } = this;
|
|
2726
|
-
const { x: X2, y: Y2, z: Z2 } = other;
|
|
2727
|
-
const Z1Z1 = mod(Z1 * Z1);
|
|
2728
|
-
const Z2Z2 = mod(Z2 * Z2);
|
|
2729
|
-
const U1 = mod(X1 * Z2Z2);
|
|
2730
|
-
const U2 = mod(X2 * Z1Z1);
|
|
2731
|
-
const S1 = mod(mod(Y1 * Z2) * Z2Z2);
|
|
2732
|
-
const S2 = mod(mod(Y2 * Z1) * Z1Z1);
|
|
2733
|
-
return U1 === U2 && S1 === S2;
|
|
2734
|
-
}
|
|
2735
|
-
negate() {
|
|
2736
|
-
return new JacobianPoint(this.x, mod(-this.y), this.z);
|
|
2737
|
-
}
|
|
2738
|
-
double() {
|
|
2739
|
-
const { x: X1, y: Y1, z: Z1 } = this;
|
|
2740
|
-
const A = mod(X1 * X1);
|
|
2741
|
-
const B = mod(Y1 * Y1);
|
|
2742
|
-
const C = mod(B * B);
|
|
2743
|
-
const x1b = X1 + B;
|
|
2744
|
-
const D = mod(_2n * (mod(x1b * x1b) - A - C));
|
|
2745
|
-
const E = mod(_3n * A);
|
|
2746
|
-
const F = mod(E * E);
|
|
2747
|
-
const X3 = mod(F - _2n * D);
|
|
2748
|
-
const Y3 = mod(E * (D - X3) - _8n * C);
|
|
2749
|
-
const Z3 = mod(_2n * Y1 * Z1);
|
|
2750
|
-
return new JacobianPoint(X3, Y3, Z3);
|
|
2751
|
-
}
|
|
2752
|
-
add(other) {
|
|
2753
|
-
if (!(other instanceof JacobianPoint))
|
|
2754
|
-
throw new TypeError("JacobianPoint expected");
|
|
2755
|
-
const { x: X1, y: Y1, z: Z1 } = this;
|
|
2756
|
-
const { x: X2, y: Y2, z: Z2 } = other;
|
|
2757
|
-
if (X2 === _0n || Y2 === _0n)
|
|
2758
|
-
return this;
|
|
2759
|
-
if (X1 === _0n || Y1 === _0n)
|
|
2760
|
-
return other;
|
|
2761
|
-
const Z1Z1 = mod(Z1 * Z1);
|
|
2762
|
-
const Z2Z2 = mod(Z2 * Z2);
|
|
2763
|
-
const U1 = mod(X1 * Z2Z2);
|
|
2764
|
-
const U2 = mod(X2 * Z1Z1);
|
|
2765
|
-
const S1 = mod(mod(Y1 * Z2) * Z2Z2);
|
|
2766
|
-
const S2 = mod(mod(Y2 * Z1) * Z1Z1);
|
|
2767
|
-
const H = mod(U2 - U1);
|
|
2768
|
-
const r = mod(S2 - S1);
|
|
2769
|
-
if (H === _0n) {
|
|
2770
|
-
if (r === _0n) {
|
|
2771
|
-
return this.double();
|
|
2772
|
-
} else {
|
|
2773
|
-
return JacobianPoint.ZERO;
|
|
2774
|
-
}
|
|
2775
|
-
}
|
|
2776
|
-
const HH = mod(H * H);
|
|
2777
|
-
const HHH = mod(H * HH);
|
|
2778
|
-
const V = mod(U1 * HH);
|
|
2779
|
-
const X3 = mod(r * r - HHH - _2n * V);
|
|
2780
|
-
const Y3 = mod(r * (V - X3) - S1 * HHH);
|
|
2781
|
-
const Z3 = mod(Z1 * Z2 * H);
|
|
2782
|
-
return new JacobianPoint(X3, Y3, Z3);
|
|
2783
|
-
}
|
|
2784
|
-
subtract(other) {
|
|
2785
|
-
return this.add(other.negate());
|
|
2786
|
-
}
|
|
2787
|
-
multiplyUnsafe(scalar) {
|
|
2788
|
-
const P0 = JacobianPoint.ZERO;
|
|
2789
|
-
if (typeof scalar === "bigint" && scalar === _0n)
|
|
2790
|
-
return P0;
|
|
2791
|
-
let n = normalizeScalar(scalar);
|
|
2792
|
-
if (n === _1n)
|
|
2793
|
-
return this;
|
|
2794
|
-
if (!USE_ENDOMORPHISM) {
|
|
2795
|
-
let p = P0;
|
|
2796
|
-
let d2 = this;
|
|
2797
|
-
while (n > _0n) {
|
|
2798
|
-
if (n & _1n)
|
|
2799
|
-
p = p.add(d2);
|
|
2800
|
-
d2 = d2.double();
|
|
2801
|
-
n >>= _1n;
|
|
2802
|
-
}
|
|
2803
|
-
return p;
|
|
2804
|
-
}
|
|
2805
|
-
let { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
|
|
2806
|
-
let k1p = P0;
|
|
2807
|
-
let k2p = P0;
|
|
2808
|
-
let d = this;
|
|
2809
|
-
while (k1 > _0n || k2 > _0n) {
|
|
2810
|
-
if (k1 & _1n)
|
|
2811
|
-
k1p = k1p.add(d);
|
|
2812
|
-
if (k2 & _1n)
|
|
2813
|
-
k2p = k2p.add(d);
|
|
2814
|
-
d = d.double();
|
|
2815
|
-
k1 >>= _1n;
|
|
2816
|
-
k2 >>= _1n;
|
|
2817
|
-
}
|
|
2818
|
-
if (k1neg)
|
|
2819
|
-
k1p = k1p.negate();
|
|
2820
|
-
if (k2neg)
|
|
2821
|
-
k2p = k2p.negate();
|
|
2822
|
-
k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
|
|
2823
|
-
return k1p.add(k2p);
|
|
2824
|
-
}
|
|
2825
|
-
precomputeWindow(W) {
|
|
2826
|
-
const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
|
|
2827
|
-
const points = [];
|
|
2828
|
-
let p = this;
|
|
2829
|
-
let base3 = p;
|
|
2830
|
-
for (let window = 0; window < windows; window++) {
|
|
2831
|
-
base3 = p;
|
|
2832
|
-
points.push(base3);
|
|
2833
|
-
for (let i = 1; i < 2 ** (W - 1); i++) {
|
|
2834
|
-
base3 = base3.add(p);
|
|
2835
|
-
points.push(base3);
|
|
2836
|
-
}
|
|
2837
|
-
p = base3.double();
|
|
2838
|
-
}
|
|
2839
|
-
return points;
|
|
2840
|
-
}
|
|
2841
|
-
wNAF(n, affinePoint) {
|
|
2842
|
-
if (!affinePoint && this.equals(JacobianPoint.BASE))
|
|
2843
|
-
affinePoint = Point.BASE;
|
|
2844
|
-
const W = affinePoint && affinePoint._WINDOW_SIZE || 1;
|
|
2845
|
-
if (256 % W) {
|
|
2846
|
-
throw new Error("Point#wNAF: Invalid precomputation window, must be power of 2");
|
|
2847
|
-
}
|
|
2848
|
-
let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
|
|
2849
|
-
if (!precomputes) {
|
|
2850
|
-
precomputes = this.precomputeWindow(W);
|
|
2851
|
-
if (affinePoint && W !== 1) {
|
|
2852
|
-
precomputes = JacobianPoint.normalizeZ(precomputes);
|
|
2853
|
-
pointPrecomputes.set(affinePoint, precomputes);
|
|
2854
|
-
}
|
|
2855
|
-
}
|
|
2856
|
-
let p = JacobianPoint.ZERO;
|
|
2857
|
-
let f = JacobianPoint.ZERO;
|
|
2858
|
-
const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
|
|
2859
|
-
const windowSize = 2 ** (W - 1);
|
|
2860
|
-
const mask = BigInt(2 ** W - 1);
|
|
2861
|
-
const maxNumber = 2 ** W;
|
|
2862
|
-
const shiftBy = BigInt(W);
|
|
2863
|
-
for (let window = 0; window < windows; window++) {
|
|
2864
|
-
const offset = window * windowSize;
|
|
2865
|
-
let wbits = Number(n & mask);
|
|
2866
|
-
n >>= shiftBy;
|
|
2867
|
-
if (wbits > windowSize) {
|
|
2868
|
-
wbits -= maxNumber;
|
|
2869
|
-
n += _1n;
|
|
2870
|
-
}
|
|
2871
|
-
if (wbits === 0) {
|
|
2872
|
-
let pr = precomputes[offset];
|
|
2873
|
-
if (window % 2)
|
|
2874
|
-
pr = pr.negate();
|
|
2875
|
-
f = f.add(pr);
|
|
2876
|
-
} else {
|
|
2877
|
-
let cached = precomputes[offset + Math.abs(wbits) - 1];
|
|
2878
|
-
if (wbits < 0)
|
|
2879
|
-
cached = cached.negate();
|
|
2880
|
-
p = p.add(cached);
|
|
2881
|
-
}
|
|
2882
|
-
}
|
|
2883
|
-
return { p, f };
|
|
2884
|
-
}
|
|
2885
|
-
multiply(scalar, affinePoint) {
|
|
2886
|
-
let n = normalizeScalar(scalar);
|
|
2887
|
-
let point;
|
|
2888
|
-
let fake;
|
|
2889
|
-
if (USE_ENDOMORPHISM) {
|
|
2890
|
-
const { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
|
|
2891
|
-
let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
|
|
2892
|
-
let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
|
|
2893
|
-
if (k1neg)
|
|
2894
|
-
k1p = k1p.negate();
|
|
2895
|
-
if (k2neg)
|
|
2896
|
-
k2p = k2p.negate();
|
|
2897
|
-
k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
|
|
2898
|
-
point = k1p.add(k2p);
|
|
2899
|
-
fake = f1p.add(f2p);
|
|
2900
|
-
} else {
|
|
2901
|
-
const { p, f } = this.wNAF(n, affinePoint);
|
|
2902
|
-
point = p;
|
|
2903
|
-
fake = f;
|
|
2904
|
-
}
|
|
2905
|
-
return JacobianPoint.normalizeZ([point, fake])[0];
|
|
2906
|
-
}
|
|
2907
|
-
toAffine(invZ = invert(this.z)) {
|
|
2908
|
-
const { x, y, z } = this;
|
|
2909
|
-
const iz1 = invZ;
|
|
2910
|
-
const iz2 = mod(iz1 * iz1);
|
|
2911
|
-
const iz3 = mod(iz2 * iz1);
|
|
2912
|
-
const ax = mod(x * iz2);
|
|
2913
|
-
const ay = mod(y * iz3);
|
|
2914
|
-
const zz = mod(z * iz1);
|
|
2915
|
-
if (zz !== _1n)
|
|
2916
|
-
throw new Error("invZ was invalid");
|
|
2917
|
-
return new Point(ax, ay);
|
|
2918
|
-
}
|
|
2919
|
-
};
|
|
2920
|
-
JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
|
|
2921
|
-
JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
|
|
2922
|
-
var pointPrecomputes = /* @__PURE__ */ new WeakMap();
|
|
2923
|
-
var Point = class {
|
|
2924
|
-
constructor(x, y) {
|
|
2925
|
-
this.x = x;
|
|
2926
|
-
this.y = y;
|
|
2927
|
-
}
|
|
2928
|
-
_setWindowSize(windowSize) {
|
|
2929
|
-
this._WINDOW_SIZE = windowSize;
|
|
2930
|
-
pointPrecomputes.delete(this);
|
|
2931
|
-
}
|
|
2932
|
-
hasEvenY() {
|
|
2933
|
-
return this.y % _2n === _0n;
|
|
2934
|
-
}
|
|
2935
|
-
static fromCompressedHex(bytes) {
|
|
2936
|
-
const isShort = bytes.length === 32;
|
|
2937
|
-
const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
|
|
2938
|
-
if (!isValidFieldElement(x))
|
|
2939
|
-
throw new Error("Point is not on curve");
|
|
2940
|
-
const y2 = weistrass(x);
|
|
2941
|
-
let y = sqrtMod(y2);
|
|
2942
|
-
const isYOdd = (y & _1n) === _1n;
|
|
2943
|
-
if (isShort) {
|
|
2944
|
-
if (isYOdd)
|
|
2945
|
-
y = mod(-y);
|
|
2946
|
-
} else {
|
|
2947
|
-
const isFirstByteOdd = (bytes[0] & 1) === 1;
|
|
2948
|
-
if (isFirstByteOdd !== isYOdd)
|
|
2949
|
-
y = mod(-y);
|
|
2950
|
-
}
|
|
2951
|
-
const point = new Point(x, y);
|
|
2952
|
-
point.assertValidity();
|
|
2953
|
-
return point;
|
|
2954
|
-
}
|
|
2955
|
-
static fromUncompressedHex(bytes) {
|
|
2956
|
-
const x = bytesToNumber(bytes.subarray(1, 33));
|
|
2957
|
-
const y = bytesToNumber(bytes.subarray(33, 65));
|
|
2958
|
-
const point = new Point(x, y);
|
|
2959
|
-
point.assertValidity();
|
|
2960
|
-
return point;
|
|
2961
|
-
}
|
|
2962
|
-
static fromHex(hex) {
|
|
2963
|
-
const bytes = ensureBytes(hex);
|
|
2964
|
-
const len = bytes.length;
|
|
2965
|
-
const header = bytes[0];
|
|
2966
|
-
if (len === 32 || len === 33 && (header === 2 || header === 3)) {
|
|
2967
|
-
return this.fromCompressedHex(bytes);
|
|
2968
|
-
}
|
|
2969
|
-
if (len === 65 && header === 4)
|
|
2970
|
-
return this.fromUncompressedHex(bytes);
|
|
2971
|
-
throw new Error(`Point.fromHex: received invalid point. Expected 32-33 compressed bytes or 65 uncompressed bytes, not ${len}`);
|
|
2972
|
-
}
|
|
2973
|
-
static fromPrivateKey(privateKey) {
|
|
2974
|
-
return Point.BASE.multiply(normalizePrivateKey(privateKey));
|
|
2975
|
-
}
|
|
2976
|
-
static fromSignature(msgHash, signature, recovery) {
|
|
2977
|
-
msgHash = ensureBytes(msgHash);
|
|
2978
|
-
const h = truncateHash(msgHash);
|
|
2979
|
-
const { r, s } = normalizeSignature(signature);
|
|
2980
|
-
if (recovery !== 0 && recovery !== 1) {
|
|
2981
|
-
throw new Error("Cannot recover signature: invalid recovery bit");
|
|
2982
|
-
}
|
|
2983
|
-
const prefix = recovery & 1 ? "03" : "02";
|
|
2984
|
-
const R = Point.fromHex(prefix + numTo32bStr(r));
|
|
2985
|
-
const { n } = CURVE;
|
|
2986
|
-
const rinv = invert(r, n);
|
|
2987
|
-
const u1 = mod(-h * rinv, n);
|
|
2988
|
-
const u2 = mod(s * rinv, n);
|
|
2989
|
-
const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
|
|
2990
|
-
if (!Q)
|
|
2991
|
-
throw new Error("Cannot recover signature: point at infinify");
|
|
2992
|
-
Q.assertValidity();
|
|
2993
|
-
return Q;
|
|
2994
|
-
}
|
|
2995
|
-
toRawBytes(isCompressed = false) {
|
|
2996
|
-
return hexToBytes(this.toHex(isCompressed));
|
|
2997
|
-
}
|
|
2998
|
-
toHex(isCompressed = false) {
|
|
2999
|
-
const x = numTo32bStr(this.x);
|
|
3000
|
-
if (isCompressed) {
|
|
3001
|
-
const prefix = this.hasEvenY() ? "02" : "03";
|
|
3002
|
-
return `${prefix}${x}`;
|
|
3003
|
-
} else {
|
|
3004
|
-
return `04${x}${numTo32bStr(this.y)}`;
|
|
3005
|
-
}
|
|
3006
|
-
}
|
|
3007
|
-
toHexX() {
|
|
3008
|
-
return this.toHex(true).slice(2);
|
|
3009
|
-
}
|
|
3010
|
-
toRawX() {
|
|
3011
|
-
return this.toRawBytes(true).slice(1);
|
|
3012
|
-
}
|
|
3013
|
-
assertValidity() {
|
|
3014
|
-
const msg = "Point is not on elliptic curve";
|
|
3015
|
-
const { x, y } = this;
|
|
3016
|
-
if (!isValidFieldElement(x) || !isValidFieldElement(y))
|
|
3017
|
-
throw new Error(msg);
|
|
3018
|
-
const left = mod(y * y);
|
|
3019
|
-
const right = weistrass(x);
|
|
3020
|
-
if (mod(left - right) !== _0n)
|
|
3021
|
-
throw new Error(msg);
|
|
3022
|
-
}
|
|
3023
|
-
equals(other) {
|
|
3024
|
-
return this.x === other.x && this.y === other.y;
|
|
3025
|
-
}
|
|
3026
|
-
negate() {
|
|
3027
|
-
return new Point(this.x, mod(-this.y));
|
|
3028
|
-
}
|
|
3029
|
-
double() {
|
|
3030
|
-
return JacobianPoint.fromAffine(this).double().toAffine();
|
|
3031
|
-
}
|
|
3032
|
-
add(other) {
|
|
3033
|
-
return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
|
|
3034
|
-
}
|
|
3035
|
-
subtract(other) {
|
|
3036
|
-
return this.add(other.negate());
|
|
3037
|
-
}
|
|
3038
|
-
multiply(scalar) {
|
|
3039
|
-
return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
|
|
3040
|
-
}
|
|
3041
|
-
multiplyAndAddUnsafe(Q, a, b) {
|
|
3042
|
-
const P = JacobianPoint.fromAffine(this);
|
|
3043
|
-
const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
|
|
3044
|
-
const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
|
|
3045
|
-
const sum = aP.add(bQ);
|
|
3046
|
-
return sum.equals(JacobianPoint.ZERO) ? void 0 : sum.toAffine();
|
|
3047
|
-
}
|
|
3048
|
-
};
|
|
3049
|
-
Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
|
|
3050
|
-
Point.ZERO = new Point(_0n, _0n);
|
|
3051
|
-
function sliceDER(s) {
|
|
3052
|
-
return Number.parseInt(s[0], 16) >= 8 ? "00" + s : s;
|
|
1263
|
+
function toBytes(data) {
|
|
1264
|
+
if (typeof data === "string")
|
|
1265
|
+
data = utf8ToBytes(data);
|
|
1266
|
+
if (!u8a(data))
|
|
1267
|
+
throw new Error(`expected Uint8Array, got ${typeof data}`);
|
|
1268
|
+
return data;
|
|
3053
1269
|
}
|
|
3054
|
-
function
|
|
3055
|
-
|
|
3056
|
-
|
|
3057
|
-
|
|
3058
|
-
|
|
3059
|
-
|
|
3060
|
-
|
|
3061
|
-
|
|
3062
|
-
}
|
|
3063
|
-
|
|
3064
|
-
throw new Error("Invalid signature integer: trailing length");
|
|
3065
|
-
}
|
|
3066
|
-
return { data: bytesToNumber(res), left: data.subarray(len + 2) };
|
|
1270
|
+
function concatBytes(...arrays) {
|
|
1271
|
+
const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
|
|
1272
|
+
let pad = 0;
|
|
1273
|
+
arrays.forEach((a) => {
|
|
1274
|
+
if (!u8a(a))
|
|
1275
|
+
throw new Error("Uint8Array expected");
|
|
1276
|
+
r.set(a, pad);
|
|
1277
|
+
pad += a.length;
|
|
1278
|
+
});
|
|
1279
|
+
return r;
|
|
3067
1280
|
}
|
|
3068
|
-
|
|
3069
|
-
|
|
3070
|
-
|
|
3071
|
-
}
|
|
3072
|
-
|
|
3073
|
-
|
|
3074
|
-
|
|
3075
|
-
const
|
|
3076
|
-
|
|
3077
|
-
|
|
3078
|
-
|
|
3079
|
-
|
|
3080
|
-
return { r, s };
|
|
1281
|
+
var Hash = class {
|
|
1282
|
+
clone() {
|
|
1283
|
+
return this._cloneInto();
|
|
1284
|
+
}
|
|
1285
|
+
};
|
|
1286
|
+
function wrapConstructor(hashCons) {
|
|
1287
|
+
const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
|
|
1288
|
+
const tmp = hashCons();
|
|
1289
|
+
hashC.outputLen = tmp.outputLen;
|
|
1290
|
+
hashC.blockLen = tmp.blockLen;
|
|
1291
|
+
hashC.create = () => hashCons();
|
|
1292
|
+
return hashC;
|
|
3081
1293
|
}
|
|
3082
|
-
|
|
3083
|
-
|
|
3084
|
-
|
|
3085
|
-
this.s = s;
|
|
3086
|
-
this.assertValidity();
|
|
3087
|
-
}
|
|
3088
|
-
static fromCompact(hex) {
|
|
3089
|
-
const arr = hex instanceof Uint8Array;
|
|
3090
|
-
const name2 = "Signature.fromCompact";
|
|
3091
|
-
if (typeof hex !== "string" && !arr)
|
|
3092
|
-
throw new TypeError(`${name2}: Expected string or Uint8Array`);
|
|
3093
|
-
const str = arr ? bytesToHex(hex) : hex;
|
|
3094
|
-
if (str.length !== 128)
|
|
3095
|
-
throw new Error(`${name2}: Expected 64-byte hex`);
|
|
3096
|
-
return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
|
|
3097
|
-
}
|
|
3098
|
-
static fromDER(hex) {
|
|
3099
|
-
const arr = hex instanceof Uint8Array;
|
|
3100
|
-
if (typeof hex !== "string" && !arr)
|
|
3101
|
-
throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
|
|
3102
|
-
const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
|
|
3103
|
-
return new Signature(r, s);
|
|
3104
|
-
}
|
|
3105
|
-
static fromHex(hex) {
|
|
3106
|
-
return this.fromDER(hex);
|
|
3107
|
-
}
|
|
3108
|
-
assertValidity() {
|
|
3109
|
-
const { r, s } = this;
|
|
3110
|
-
if (!isWithinCurveOrder(r))
|
|
3111
|
-
throw new Error("Invalid Signature: r must be 0 < r < n");
|
|
3112
|
-
if (!isWithinCurveOrder(s))
|
|
3113
|
-
throw new Error("Invalid Signature: s must be 0 < s < n");
|
|
3114
|
-
}
|
|
3115
|
-
hasHighS() {
|
|
3116
|
-
const HALF = CURVE.n >> _1n;
|
|
3117
|
-
return this.s > HALF;
|
|
3118
|
-
}
|
|
3119
|
-
normalizeS() {
|
|
3120
|
-
return this.hasHighS() ? new Signature(this.r, CURVE.n - this.s) : this;
|
|
3121
|
-
}
|
|
3122
|
-
toDERRawBytes(isCompressed = false) {
|
|
3123
|
-
return hexToBytes(this.toDERHex(isCompressed));
|
|
3124
|
-
}
|
|
3125
|
-
toDERHex(isCompressed = false) {
|
|
3126
|
-
const sHex = sliceDER(numberToHexUnpadded(this.s));
|
|
3127
|
-
if (isCompressed)
|
|
3128
|
-
return sHex;
|
|
3129
|
-
const rHex = sliceDER(numberToHexUnpadded(this.r));
|
|
3130
|
-
const rLen = numberToHexUnpadded(rHex.length / 2);
|
|
3131
|
-
const sLen = numberToHexUnpadded(sHex.length / 2);
|
|
3132
|
-
const length2 = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
|
|
3133
|
-
return `30${length2}02${rLen}${rHex}02${sLen}${sHex}`;
|
|
3134
|
-
}
|
|
3135
|
-
toRawBytes() {
|
|
3136
|
-
return this.toDERRawBytes();
|
|
3137
|
-
}
|
|
3138
|
-
toHex() {
|
|
3139
|
-
return this.toDERHex();
|
|
3140
|
-
}
|
|
3141
|
-
toCompactRawBytes() {
|
|
3142
|
-
return hexToBytes(this.toCompactHex());
|
|
3143
|
-
}
|
|
3144
|
-
toCompactHex() {
|
|
3145
|
-
return numTo32bStr(this.r) + numTo32bStr(this.s);
|
|
1294
|
+
function randomBytes(bytesLength = 32) {
|
|
1295
|
+
if (crypto2 && typeof crypto2.getRandomValues === "function") {
|
|
1296
|
+
return crypto2.getRandomValues(new Uint8Array(bytesLength));
|
|
3146
1297
|
}
|
|
3147
|
-
|
|
3148
|
-
function concatBytes(...arrays) {
|
|
3149
|
-
if (!arrays.every((b) => b instanceof Uint8Array))
|
|
3150
|
-
throw new Error("Uint8Array list expected");
|
|
3151
|
-
if (arrays.length === 1)
|
|
3152
|
-
return arrays[0];
|
|
3153
|
-
const length2 = arrays.reduce((a, arr) => a + arr.length, 0);
|
|
3154
|
-
const result = new Uint8Array(length2);
|
|
3155
|
-
for (let i = 0, pad = 0; i < arrays.length; i++) {
|
|
3156
|
-
const arr = arrays[i];
|
|
3157
|
-
result.set(arr, pad);
|
|
3158
|
-
pad += arr.length;
|
|
3159
|
-
}
|
|
3160
|
-
return result;
|
|
1298
|
+
throw new Error("crypto.getRandomValues must be defined");
|
|
3161
1299
|
}
|
|
3162
|
-
|
|
3163
|
-
|
|
3164
|
-
|
|
3165
|
-
|
|
1300
|
+
|
|
1301
|
+
// ../../node_modules/@noble/hashes/esm/hmac.js
|
|
1302
|
+
var HMAC = class extends Hash {
|
|
1303
|
+
constructor(hash2, _key) {
|
|
1304
|
+
super();
|
|
1305
|
+
this.finished = false;
|
|
1306
|
+
this.destroyed = false;
|
|
1307
|
+
assert_default.hash(hash2);
|
|
1308
|
+
const key = toBytes(_key);
|
|
1309
|
+
this.iHash = hash2.create();
|
|
1310
|
+
if (typeof this.iHash.update !== "function")
|
|
1311
|
+
throw new Error("Expected instance of class which extends utils.Hash");
|
|
1312
|
+
this.blockLen = this.iHash.blockLen;
|
|
1313
|
+
this.outputLen = this.iHash.outputLen;
|
|
1314
|
+
const blockLen = this.blockLen;
|
|
1315
|
+
const pad = new Uint8Array(blockLen);
|
|
1316
|
+
pad.set(key.length > blockLen ? hash2.create().update(key).digest() : key);
|
|
1317
|
+
for (let i = 0; i < pad.length; i++)
|
|
1318
|
+
pad[i] ^= 54;
|
|
1319
|
+
this.iHash.update(pad);
|
|
1320
|
+
this.oHash = hash2.create();
|
|
1321
|
+
for (let i = 0; i < pad.length; i++)
|
|
1322
|
+
pad[i] ^= 54 ^ 92;
|
|
1323
|
+
this.oHash.update(pad);
|
|
1324
|
+
pad.fill(0);
|
|
1325
|
+
}
|
|
1326
|
+
update(buf) {
|
|
1327
|
+
assert_default.exists(this);
|
|
1328
|
+
this.iHash.update(buf);
|
|
1329
|
+
return this;
|
|
1330
|
+
}
|
|
1331
|
+
digestInto(out) {
|
|
1332
|
+
assert_default.exists(this);
|
|
1333
|
+
assert_default.bytes(out, this.outputLen);
|
|
1334
|
+
this.finished = true;
|
|
1335
|
+
this.iHash.digestInto(out);
|
|
1336
|
+
this.oHash.update(out);
|
|
1337
|
+
this.oHash.digestInto(out);
|
|
1338
|
+
this.destroy();
|
|
1339
|
+
}
|
|
1340
|
+
digest() {
|
|
1341
|
+
const out = new Uint8Array(this.oHash.outputLen);
|
|
1342
|
+
this.digestInto(out);
|
|
1343
|
+
return out;
|
|
1344
|
+
}
|
|
1345
|
+
_cloneInto(to) {
|
|
1346
|
+
to || (to = Object.create(Object.getPrototypeOf(this), {}));
|
|
1347
|
+
const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
|
|
1348
|
+
to = to;
|
|
1349
|
+
to.finished = finished;
|
|
1350
|
+
to.destroyed = destroyed;
|
|
1351
|
+
to.blockLen = blockLen;
|
|
1352
|
+
to.outputLen = outputLen;
|
|
1353
|
+
to.oHash = oHash._cloneInto(to.oHash);
|
|
1354
|
+
to.iHash = iHash._cloneInto(to.iHash);
|
|
1355
|
+
return to;
|
|
1356
|
+
}
|
|
1357
|
+
destroy() {
|
|
1358
|
+
this.destroyed = true;
|
|
1359
|
+
this.oHash.destroy();
|
|
1360
|
+
this.iHash.destroy();
|
|
1361
|
+
}
|
|
1362
|
+
};
|
|
1363
|
+
var hmac = (hash2, key, message) => new HMAC(hash2, key).update(message).digest();
|
|
1364
|
+
hmac.create = (hash2, key) => new HMAC(hash2, key);
|
|
1365
|
+
|
|
1366
|
+
// ../../node_modules/@noble/curves/esm/abstract/utils.js
|
|
1367
|
+
var utils_exports = {};
|
|
1368
|
+
__export(utils_exports, {
|
|
1369
|
+
bitGet: () => bitGet,
|
|
1370
|
+
bitLen: () => bitLen,
|
|
1371
|
+
bitMask: () => bitMask,
|
|
1372
|
+
bitSet: () => bitSet,
|
|
1373
|
+
bytesToHex: () => bytesToHex,
|
|
1374
|
+
bytesToNumberBE: () => bytesToNumberBE,
|
|
1375
|
+
bytesToNumberLE: () => bytesToNumberLE,
|
|
1376
|
+
concatBytes: () => concatBytes2,
|
|
1377
|
+
createHmacDrbg: () => createHmacDrbg,
|
|
1378
|
+
ensureBytes: () => ensureBytes,
|
|
1379
|
+
equalBytes: () => equalBytes,
|
|
1380
|
+
hexToBytes: () => hexToBytes,
|
|
1381
|
+
hexToNumber: () => hexToNumber,
|
|
1382
|
+
numberToBytesBE: () => numberToBytesBE,
|
|
1383
|
+
numberToBytesLE: () => numberToBytesLE,
|
|
1384
|
+
numberToHexUnpadded: () => numberToHexUnpadded,
|
|
1385
|
+
numberToVarBytesBE: () => numberToVarBytesBE,
|
|
1386
|
+
utf8ToBytes: () => utf8ToBytes2,
|
|
1387
|
+
validateObject: () => validateObject
|
|
1388
|
+
});
|
|
1389
|
+
var _0n = BigInt(0);
|
|
1390
|
+
var _1n = BigInt(1);
|
|
1391
|
+
var _2n = BigInt(2);
|
|
1392
|
+
var u8a2 = (a) => a instanceof Uint8Array;
|
|
1393
|
+
var hexes2 = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
|
|
1394
|
+
function bytesToHex(bytes2) {
|
|
1395
|
+
if (!u8a2(bytes2))
|
|
1396
|
+
throw new Error("Uint8Array expected");
|
|
3166
1397
|
let hex = "";
|
|
3167
|
-
for (let i = 0; i <
|
|
3168
|
-
hex +=
|
|
1398
|
+
for (let i = 0; i < bytes2.length; i++) {
|
|
1399
|
+
hex += hexes2[bytes2[i]];
|
|
3169
1400
|
}
|
|
3170
1401
|
return hex;
|
|
3171
1402
|
}
|
|
3172
|
-
var POW_2_256 = BigInt("0x10000000000000000000000000000000000000000000000000000000000000000");
|
|
3173
|
-
function numTo32bStr(num) {
|
|
3174
|
-
if (typeof num !== "bigint")
|
|
3175
|
-
throw new Error("Expected bigint");
|
|
3176
|
-
if (!(_0n <= num && num < POW_2_256))
|
|
3177
|
-
throw new Error("Expected number < 2^256");
|
|
3178
|
-
return num.toString(16).padStart(64, "0");
|
|
3179
|
-
}
|
|
3180
|
-
function numTo32b(num) {
|
|
3181
|
-
const b = hexToBytes(numTo32bStr(num));
|
|
3182
|
-
if (b.length !== 32)
|
|
3183
|
-
throw new Error("Error: expected 32 bytes");
|
|
3184
|
-
return b;
|
|
3185
|
-
}
|
|
3186
1403
|
function numberToHexUnpadded(num) {
|
|
3187
1404
|
const hex = num.toString(16);
|
|
3188
1405
|
return hex.length & 1 ? `0${hex}` : hex;
|
|
3189
1406
|
}
|
|
3190
1407
|
function hexToNumber(hex) {
|
|
3191
|
-
if (typeof hex !== "string")
|
|
3192
|
-
throw new
|
|
3193
|
-
}
|
|
3194
|
-
return BigInt(`0x${hex}`);
|
|
1408
|
+
if (typeof hex !== "string")
|
|
1409
|
+
throw new Error("hex string expected, got " + typeof hex);
|
|
1410
|
+
return BigInt(hex === "" ? "0" : `0x${hex}`);
|
|
3195
1411
|
}
|
|
3196
1412
|
function hexToBytes(hex) {
|
|
3197
|
-
if (typeof hex !== "string")
|
|
3198
|
-
throw new
|
|
3199
|
-
|
|
3200
|
-
if (
|
|
3201
|
-
throw new Error("
|
|
3202
|
-
const array = new Uint8Array(
|
|
1413
|
+
if (typeof hex !== "string")
|
|
1414
|
+
throw new Error("hex string expected, got " + typeof hex);
|
|
1415
|
+
const len = hex.length;
|
|
1416
|
+
if (len % 2)
|
|
1417
|
+
throw new Error("padded hex string expected, got unpadded hex of length " + len);
|
|
1418
|
+
const array = new Uint8Array(len / 2);
|
|
3203
1419
|
for (let i = 0; i < array.length; i++) {
|
|
3204
1420
|
const j = i * 2;
|
|
3205
1421
|
const hexByte = hex.slice(j, j + 2);
|
|
@@ -3210,63 +1426,201 @@ function hexToBytes(hex) {
|
|
|
3210
1426
|
}
|
|
3211
1427
|
return array;
|
|
3212
1428
|
}
|
|
3213
|
-
function
|
|
3214
|
-
return hexToNumber(bytesToHex(
|
|
1429
|
+
function bytesToNumberBE(bytes2) {
|
|
1430
|
+
return hexToNumber(bytesToHex(bytes2));
|
|
3215
1431
|
}
|
|
3216
|
-
function
|
|
3217
|
-
|
|
1432
|
+
function bytesToNumberLE(bytes2) {
|
|
1433
|
+
if (!u8a2(bytes2))
|
|
1434
|
+
throw new Error("Uint8Array expected");
|
|
1435
|
+
return hexToNumber(bytesToHex(Uint8Array.from(bytes2).reverse()));
|
|
3218
1436
|
}
|
|
3219
|
-
function
|
|
3220
|
-
|
|
3221
|
-
|
|
3222
|
-
|
|
3223
|
-
|
|
3224
|
-
|
|
1437
|
+
function numberToBytesBE(n, len) {
|
|
1438
|
+
return hexToBytes(n.toString(16).padStart(len * 2, "0"));
|
|
1439
|
+
}
|
|
1440
|
+
function numberToBytesLE(n, len) {
|
|
1441
|
+
return numberToBytesBE(n, len).reverse();
|
|
1442
|
+
}
|
|
1443
|
+
function numberToVarBytesBE(n) {
|
|
1444
|
+
return hexToBytes(numberToHexUnpadded(n));
|
|
1445
|
+
}
|
|
1446
|
+
function ensureBytes(title, hex, expectedLength) {
|
|
1447
|
+
let res;
|
|
1448
|
+
if (typeof hex === "string") {
|
|
1449
|
+
try {
|
|
1450
|
+
res = hexToBytes(hex);
|
|
1451
|
+
} catch (e) {
|
|
1452
|
+
throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
|
|
1453
|
+
}
|
|
1454
|
+
} else if (u8a2(hex)) {
|
|
1455
|
+
res = Uint8Array.from(hex);
|
|
1456
|
+
} else {
|
|
1457
|
+
throw new Error(`${title} must be hex string or Uint8Array`);
|
|
1458
|
+
}
|
|
1459
|
+
const len = res.length;
|
|
1460
|
+
if (typeof expectedLength === "number" && len !== expectedLength)
|
|
1461
|
+
throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
|
|
1462
|
+
return res;
|
|
1463
|
+
}
|
|
1464
|
+
function concatBytes2(...arrays) {
|
|
1465
|
+
const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
|
|
1466
|
+
let pad = 0;
|
|
1467
|
+
arrays.forEach((a) => {
|
|
1468
|
+
if (!u8a2(a))
|
|
1469
|
+
throw new Error("Uint8Array expected");
|
|
1470
|
+
r.set(a, pad);
|
|
1471
|
+
pad += a.length;
|
|
1472
|
+
});
|
|
1473
|
+
return r;
|
|
1474
|
+
}
|
|
1475
|
+
function equalBytes(b1, b2) {
|
|
1476
|
+
if (b1.length !== b2.length)
|
|
1477
|
+
return false;
|
|
1478
|
+
for (let i = 0; i < b1.length; i++)
|
|
1479
|
+
if (b1[i] !== b2[i])
|
|
1480
|
+
return false;
|
|
1481
|
+
return true;
|
|
1482
|
+
}
|
|
1483
|
+
function utf8ToBytes2(str) {
|
|
1484
|
+
if (typeof str !== "string")
|
|
1485
|
+
throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
|
|
1486
|
+
return new Uint8Array(new TextEncoder().encode(str));
|
|
1487
|
+
}
|
|
1488
|
+
function bitLen(n) {
|
|
1489
|
+
let len;
|
|
1490
|
+
for (len = 0; n > _0n; n >>= _1n, len += 1)
|
|
1491
|
+
;
|
|
1492
|
+
return len;
|
|
1493
|
+
}
|
|
1494
|
+
function bitGet(n, pos) {
|
|
1495
|
+
return n >> BigInt(pos) & _1n;
|
|
1496
|
+
}
|
|
1497
|
+
var bitSet = (n, pos, value) => {
|
|
1498
|
+
return n | (value ? _1n : _0n) << BigInt(pos);
|
|
1499
|
+
};
|
|
1500
|
+
var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
|
|
1501
|
+
var u8n = (data) => new Uint8Array(data);
|
|
1502
|
+
var u8fr = (arr) => Uint8Array.from(arr);
|
|
1503
|
+
function createHmacDrbg(hashLen, qByteLen, hmacFn) {
|
|
1504
|
+
if (typeof hashLen !== "number" || hashLen < 2)
|
|
1505
|
+
throw new Error("hashLen must be a number");
|
|
1506
|
+
if (typeof qByteLen !== "number" || qByteLen < 2)
|
|
1507
|
+
throw new Error("qByteLen must be a number");
|
|
1508
|
+
if (typeof hmacFn !== "function")
|
|
1509
|
+
throw new Error("hmacFn must be a function");
|
|
1510
|
+
let v = u8n(hashLen);
|
|
1511
|
+
let k = u8n(hashLen);
|
|
1512
|
+
let i = 0;
|
|
1513
|
+
const reset = () => {
|
|
1514
|
+
v.fill(1);
|
|
1515
|
+
k.fill(0);
|
|
1516
|
+
i = 0;
|
|
1517
|
+
};
|
|
1518
|
+
const h = (...b) => hmacFn(k, v, ...b);
|
|
1519
|
+
const reseed = (seed = u8n()) => {
|
|
1520
|
+
k = h(u8fr([0]), seed);
|
|
1521
|
+
v = h();
|
|
1522
|
+
if (seed.length === 0)
|
|
1523
|
+
return;
|
|
1524
|
+
k = h(u8fr([1]), seed);
|
|
1525
|
+
v = h();
|
|
1526
|
+
};
|
|
1527
|
+
const gen = () => {
|
|
1528
|
+
if (i++ >= 1e3)
|
|
1529
|
+
throw new Error("drbg: tried 1000 values");
|
|
1530
|
+
let len = 0;
|
|
1531
|
+
const out = [];
|
|
1532
|
+
while (len < qByteLen) {
|
|
1533
|
+
v = h();
|
|
1534
|
+
const sl = v.slice();
|
|
1535
|
+
out.push(sl);
|
|
1536
|
+
len += v.length;
|
|
1537
|
+
}
|
|
1538
|
+
return concatBytes2(...out);
|
|
1539
|
+
};
|
|
1540
|
+
const genUntil = (seed, pred) => {
|
|
1541
|
+
reset();
|
|
1542
|
+
reseed(seed);
|
|
1543
|
+
let res = void 0;
|
|
1544
|
+
while (!(res = pred(gen())))
|
|
1545
|
+
reseed();
|
|
1546
|
+
reset();
|
|
1547
|
+
return res;
|
|
1548
|
+
};
|
|
1549
|
+
return genUntil;
|
|
1550
|
+
}
|
|
1551
|
+
var validatorFns = {
|
|
1552
|
+
bigint: (val) => typeof val === "bigint",
|
|
1553
|
+
function: (val) => typeof val === "function",
|
|
1554
|
+
boolean: (val) => typeof val === "boolean",
|
|
1555
|
+
string: (val) => typeof val === "string",
|
|
1556
|
+
isSafeInteger: (val) => Number.isSafeInteger(val),
|
|
1557
|
+
array: (val) => Array.isArray(val),
|
|
1558
|
+
field: (val, object) => object.Fp.isValid(val),
|
|
1559
|
+
hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
|
|
1560
|
+
};
|
|
1561
|
+
function validateObject(object, validators, optValidators = {}) {
|
|
1562
|
+
const checkField = (fieldName, type, isOptional) => {
|
|
1563
|
+
const checkVal = validatorFns[type];
|
|
1564
|
+
if (typeof checkVal !== "function")
|
|
1565
|
+
throw new Error(`Invalid validator "${type}", expected function`);
|
|
1566
|
+
const val = object[fieldName];
|
|
1567
|
+
if (isOptional && val === void 0)
|
|
1568
|
+
return;
|
|
1569
|
+
if (!checkVal(val, object)) {
|
|
1570
|
+
throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
|
|
1571
|
+
}
|
|
1572
|
+
};
|
|
1573
|
+
for (const [fieldName, type] of Object.entries(validators))
|
|
1574
|
+
checkField(fieldName, type, false);
|
|
1575
|
+
for (const [fieldName, type] of Object.entries(optValidators))
|
|
1576
|
+
checkField(fieldName, type, true);
|
|
1577
|
+
return object;
|
|
3225
1578
|
}
|
|
3226
|
-
|
|
1579
|
+
|
|
1580
|
+
// ../../node_modules/@noble/curves/esm/abstract/modular.js
|
|
1581
|
+
var _0n2 = BigInt(0);
|
|
1582
|
+
var _1n2 = BigInt(1);
|
|
1583
|
+
var _2n2 = BigInt(2);
|
|
1584
|
+
var _3n = BigInt(3);
|
|
1585
|
+
var _4n = BigInt(4);
|
|
1586
|
+
var _5n = BigInt(5);
|
|
1587
|
+
var _8n = BigInt(8);
|
|
1588
|
+
var _9n = BigInt(9);
|
|
1589
|
+
var _16n = BigInt(16);
|
|
1590
|
+
function mod(a, b) {
|
|
3227
1591
|
const result = a % b;
|
|
3228
|
-
return result >=
|
|
1592
|
+
return result >= _0n2 ? result : b + result;
|
|
1593
|
+
}
|
|
1594
|
+
function pow(num, power, modulo) {
|
|
1595
|
+
if (modulo <= _0n2 || power < _0n2)
|
|
1596
|
+
throw new Error("Expected power/modulo > 0");
|
|
1597
|
+
if (modulo === _1n2)
|
|
1598
|
+
return _0n2;
|
|
1599
|
+
let res = _1n2;
|
|
1600
|
+
while (power > _0n2) {
|
|
1601
|
+
if (power & _1n2)
|
|
1602
|
+
res = res * num % modulo;
|
|
1603
|
+
num = num * num % modulo;
|
|
1604
|
+
power >>= _1n2;
|
|
1605
|
+
}
|
|
1606
|
+
return res;
|
|
3229
1607
|
}
|
|
3230
|
-
function pow2(x, power) {
|
|
3231
|
-
const { P } = CURVE;
|
|
1608
|
+
function pow2(x, power, modulo) {
|
|
3232
1609
|
let res = x;
|
|
3233
|
-
while (power-- >
|
|
1610
|
+
while (power-- > _0n2) {
|
|
3234
1611
|
res *= res;
|
|
3235
|
-
res %=
|
|
1612
|
+
res %= modulo;
|
|
3236
1613
|
}
|
|
3237
1614
|
return res;
|
|
3238
1615
|
}
|
|
3239
|
-
function
|
|
3240
|
-
|
|
3241
|
-
|
|
3242
|
-
const _11n = BigInt(11);
|
|
3243
|
-
const _22n = BigInt(22);
|
|
3244
|
-
const _23n = BigInt(23);
|
|
3245
|
-
const _44n = BigInt(44);
|
|
3246
|
-
const _88n = BigInt(88);
|
|
3247
|
-
const b2 = x * x * x % P;
|
|
3248
|
-
const b3 = b2 * b2 * x % P;
|
|
3249
|
-
const b6 = pow2(b3, _3n) * b3 % P;
|
|
3250
|
-
const b9 = pow2(b6, _3n) * b3 % P;
|
|
3251
|
-
const b11 = pow2(b9, _2n) * b2 % P;
|
|
3252
|
-
const b22 = pow2(b11, _11n) * b11 % P;
|
|
3253
|
-
const b44 = pow2(b22, _22n) * b22 % P;
|
|
3254
|
-
const b88 = pow2(b44, _44n) * b44 % P;
|
|
3255
|
-
const b176 = pow2(b88, _88n) * b88 % P;
|
|
3256
|
-
const b220 = pow2(b176, _44n) * b44 % P;
|
|
3257
|
-
const b223 = pow2(b220, _3n) * b3 % P;
|
|
3258
|
-
const t1 = pow2(b223, _23n) * b22 % P;
|
|
3259
|
-
const t2 = pow2(t1, _6n) * b2 % P;
|
|
3260
|
-
return pow2(t2, _2n);
|
|
3261
|
-
}
|
|
3262
|
-
function invert(number, modulo = CURVE.P) {
|
|
3263
|
-
if (number === _0n || modulo <= _0n) {
|
|
3264
|
-
throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
|
|
1616
|
+
function invert(number2, modulo) {
|
|
1617
|
+
if (number2 === _0n2 || modulo <= _0n2) {
|
|
1618
|
+
throw new Error(`invert: expected positive integers, got n=${number2} mod=${modulo}`);
|
|
3265
1619
|
}
|
|
3266
|
-
let a = mod(
|
|
1620
|
+
let a = mod(number2, modulo);
|
|
3267
1621
|
let b = modulo;
|
|
3268
|
-
let x =
|
|
3269
|
-
while (a !==
|
|
1622
|
+
let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
|
|
1623
|
+
while (a !== _0n2) {
|
|
3270
1624
|
const q = b / a;
|
|
3271
1625
|
const r = b % a;
|
|
3272
1626
|
const m = x - u * q;
|
|
@@ -3274,440 +1628,1427 @@ function invert(number, modulo = CURVE.P) {
|
|
|
3274
1628
|
b = a, a = r, x = u, y = v, u = m, v = n;
|
|
3275
1629
|
}
|
|
3276
1630
|
const gcd = b;
|
|
3277
|
-
if (gcd !==
|
|
1631
|
+
if (gcd !== _1n2)
|
|
3278
1632
|
throw new Error("invert: does not exist");
|
|
3279
1633
|
return mod(x, modulo);
|
|
3280
1634
|
}
|
|
3281
|
-
function
|
|
3282
|
-
const
|
|
3283
|
-
|
|
3284
|
-
|
|
3285
|
-
|
|
3286
|
-
|
|
3287
|
-
|
|
3288
|
-
|
|
3289
|
-
|
|
3290
|
-
|
|
3291
|
-
|
|
3292
|
-
|
|
3293
|
-
|
|
3294
|
-
|
|
3295
|
-
|
|
3296
|
-
return scratch;
|
|
3297
|
-
}
|
|
3298
|
-
var divNearest = (a, b) => (a + b / _2n) / b;
|
|
3299
|
-
var ENDO = {
|
|
3300
|
-
a1: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
|
|
3301
|
-
b1: -_1n * BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),
|
|
3302
|
-
a2: BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),
|
|
3303
|
-
b2: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
|
|
3304
|
-
POW_2_128: BigInt("0x100000000000000000000000000000000")
|
|
3305
|
-
};
|
|
3306
|
-
function splitScalarEndo(k) {
|
|
3307
|
-
const { n } = CURVE;
|
|
3308
|
-
const { a1, b1, a2, b2, POW_2_128 } = ENDO;
|
|
3309
|
-
const c1 = divNearest(b2 * k, n);
|
|
3310
|
-
const c2 = divNearest(-b1 * k, n);
|
|
3311
|
-
let k1 = mod(k - c1 * a1 - c2 * a2, n);
|
|
3312
|
-
let k2 = mod(-c1 * b1 - c2 * b2, n);
|
|
3313
|
-
const k1neg = k1 > POW_2_128;
|
|
3314
|
-
const k2neg = k2 > POW_2_128;
|
|
3315
|
-
if (k1neg)
|
|
3316
|
-
k1 = n - k1;
|
|
3317
|
-
if (k2neg)
|
|
3318
|
-
k2 = n - k2;
|
|
3319
|
-
if (k1 > POW_2_128 || k2 > POW_2_128) {
|
|
3320
|
-
throw new Error("splitScalarEndo: Endomorphism failed, k=" + k);
|
|
3321
|
-
}
|
|
3322
|
-
return { k1neg, k1, k2neg, k2 };
|
|
3323
|
-
}
|
|
3324
|
-
function truncateHash(hash) {
|
|
3325
|
-
const { n } = CURVE;
|
|
3326
|
-
const byteLength = hash.length;
|
|
3327
|
-
const delta = byteLength * 8 - 256;
|
|
3328
|
-
let h = bytesToNumber(hash);
|
|
3329
|
-
if (delta > 0)
|
|
3330
|
-
h = h >> BigInt(delta);
|
|
3331
|
-
if (h >= n)
|
|
3332
|
-
h -= n;
|
|
3333
|
-
return h;
|
|
3334
|
-
}
|
|
3335
|
-
var _sha256Sync;
|
|
3336
|
-
var _hmacSha256Sync;
|
|
3337
|
-
var HmacDrbg = class {
|
|
3338
|
-
constructor() {
|
|
3339
|
-
this.v = new Uint8Array(32).fill(1);
|
|
3340
|
-
this.k = new Uint8Array(32).fill(0);
|
|
3341
|
-
this.counter = 0;
|
|
3342
|
-
}
|
|
3343
|
-
hmac(...values) {
|
|
3344
|
-
return utils.hmacSha256(this.k, ...values);
|
|
3345
|
-
}
|
|
3346
|
-
hmacSync(...values) {
|
|
3347
|
-
return _hmacSha256Sync(this.k, ...values);
|
|
3348
|
-
}
|
|
3349
|
-
checkSync() {
|
|
3350
|
-
if (typeof _hmacSha256Sync !== "function")
|
|
3351
|
-
throw new ShaError("hmacSha256Sync needs to be set");
|
|
3352
|
-
}
|
|
3353
|
-
incr() {
|
|
3354
|
-
if (this.counter >= 1e3)
|
|
3355
|
-
throw new Error("Tried 1,000 k values for sign(), all were invalid");
|
|
3356
|
-
this.counter += 1;
|
|
3357
|
-
}
|
|
3358
|
-
async reseed(seed = new Uint8Array()) {
|
|
3359
|
-
this.k = await this.hmac(this.v, Uint8Array.from([0]), seed);
|
|
3360
|
-
this.v = await this.hmac(this.v);
|
|
3361
|
-
if (seed.length === 0)
|
|
3362
|
-
return;
|
|
3363
|
-
this.k = await this.hmac(this.v, Uint8Array.from([1]), seed);
|
|
3364
|
-
this.v = await this.hmac(this.v);
|
|
3365
|
-
}
|
|
3366
|
-
reseedSync(seed = new Uint8Array()) {
|
|
3367
|
-
this.checkSync();
|
|
3368
|
-
this.k = this.hmacSync(this.v, Uint8Array.from([0]), seed);
|
|
3369
|
-
this.v = this.hmacSync(this.v);
|
|
3370
|
-
if (seed.length === 0)
|
|
3371
|
-
return;
|
|
3372
|
-
this.k = this.hmacSync(this.v, Uint8Array.from([1]), seed);
|
|
3373
|
-
this.v = this.hmacSync(this.v);
|
|
1635
|
+
function tonelliShanks(P) {
|
|
1636
|
+
const legendreC = (P - _1n2) / _2n2;
|
|
1637
|
+
let Q, S, Z;
|
|
1638
|
+
for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
|
|
1639
|
+
;
|
|
1640
|
+
for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++)
|
|
1641
|
+
;
|
|
1642
|
+
if (S === 1) {
|
|
1643
|
+
const p1div4 = (P + _1n2) / _4n;
|
|
1644
|
+
return function tonelliFast(Fp3, n) {
|
|
1645
|
+
const root = Fp3.pow(n, p1div4);
|
|
1646
|
+
if (!Fp3.eql(Fp3.sqr(root), n))
|
|
1647
|
+
throw new Error("Cannot find square root");
|
|
1648
|
+
return root;
|
|
1649
|
+
};
|
|
3374
1650
|
}
|
|
3375
|
-
|
|
3376
|
-
|
|
3377
|
-
|
|
3378
|
-
|
|
1651
|
+
const Q1div2 = (Q + _1n2) / _2n2;
|
|
1652
|
+
return function tonelliSlow(Fp3, n) {
|
|
1653
|
+
if (Fp3.pow(n, legendreC) === Fp3.neg(Fp3.ONE))
|
|
1654
|
+
throw new Error("Cannot find square root");
|
|
1655
|
+
let r = S;
|
|
1656
|
+
let g = Fp3.pow(Fp3.mul(Fp3.ONE, Z), Q);
|
|
1657
|
+
let x = Fp3.pow(n, Q1div2);
|
|
1658
|
+
let b = Fp3.pow(n, Q);
|
|
1659
|
+
while (!Fp3.eql(b, Fp3.ONE)) {
|
|
1660
|
+
if (Fp3.eql(b, Fp3.ZERO))
|
|
1661
|
+
return Fp3.ZERO;
|
|
1662
|
+
let m = 1;
|
|
1663
|
+
for (let t2 = Fp3.sqr(b); m < r; m++) {
|
|
1664
|
+
if (Fp3.eql(t2, Fp3.ONE))
|
|
1665
|
+
break;
|
|
1666
|
+
t2 = Fp3.sqr(t2);
|
|
1667
|
+
}
|
|
1668
|
+
const ge = Fp3.pow(g, _1n2 << BigInt(r - m - 1));
|
|
1669
|
+
g = Fp3.sqr(ge);
|
|
1670
|
+
x = Fp3.mul(x, ge);
|
|
1671
|
+
b = Fp3.mul(b, g);
|
|
1672
|
+
r = m;
|
|
1673
|
+
}
|
|
1674
|
+
return x;
|
|
1675
|
+
};
|
|
1676
|
+
}
|
|
1677
|
+
function FpSqrt(P) {
|
|
1678
|
+
if (P % _4n === _3n) {
|
|
1679
|
+
const p1div4 = (P + _1n2) / _4n;
|
|
1680
|
+
return function sqrt3mod4(Fp3, n) {
|
|
1681
|
+
const root = Fp3.pow(n, p1div4);
|
|
1682
|
+
if (!Fp3.eql(Fp3.sqr(root), n))
|
|
1683
|
+
throw new Error("Cannot find square root");
|
|
1684
|
+
return root;
|
|
1685
|
+
};
|
|
3379
1686
|
}
|
|
3380
|
-
|
|
3381
|
-
|
|
3382
|
-
|
|
3383
|
-
|
|
3384
|
-
|
|
1687
|
+
if (P % _8n === _5n) {
|
|
1688
|
+
const c1 = (P - _5n) / _8n;
|
|
1689
|
+
return function sqrt5mod8(Fp3, n) {
|
|
1690
|
+
const n2 = Fp3.mul(n, _2n2);
|
|
1691
|
+
const v = Fp3.pow(n2, c1);
|
|
1692
|
+
const nv = Fp3.mul(n, v);
|
|
1693
|
+
const i = Fp3.mul(Fp3.mul(nv, _2n2), v);
|
|
1694
|
+
const root = Fp3.mul(nv, Fp3.sub(i, Fp3.ONE));
|
|
1695
|
+
if (!Fp3.eql(Fp3.sqr(root), n))
|
|
1696
|
+
throw new Error("Cannot find square root");
|
|
1697
|
+
return root;
|
|
1698
|
+
};
|
|
3385
1699
|
}
|
|
3386
|
-
|
|
3387
|
-
function isWithinCurveOrder(num) {
|
|
3388
|
-
return _0n < num && num < CURVE.n;
|
|
3389
|
-
}
|
|
3390
|
-
function isValidFieldElement(num) {
|
|
3391
|
-
return _0n < num && num < CURVE.P;
|
|
3392
|
-
}
|
|
3393
|
-
function kmdToSig(kBytes, m, d) {
|
|
3394
|
-
const k = bytesToNumber(kBytes);
|
|
3395
|
-
if (!isWithinCurveOrder(k))
|
|
3396
|
-
return;
|
|
3397
|
-
const { n } = CURVE;
|
|
3398
|
-
const q = Point.BASE.multiply(k);
|
|
3399
|
-
const r = mod(q.x, n);
|
|
3400
|
-
if (r === _0n)
|
|
3401
|
-
return;
|
|
3402
|
-
const s = mod(invert(k, n) * mod(m + d * r, n), n);
|
|
3403
|
-
if (s === _0n)
|
|
3404
|
-
return;
|
|
3405
|
-
const sig = new Signature(r, s);
|
|
3406
|
-
const recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
|
|
3407
|
-
return { sig, recovery };
|
|
3408
|
-
}
|
|
3409
|
-
function normalizePrivateKey(key) {
|
|
3410
|
-
let num;
|
|
3411
|
-
if (typeof key === "bigint") {
|
|
3412
|
-
num = key;
|
|
3413
|
-
} else if (typeof key === "number" && Number.isSafeInteger(key) && key > 0) {
|
|
3414
|
-
num = BigInt(key);
|
|
3415
|
-
} else if (typeof key === "string") {
|
|
3416
|
-
if (key.length !== 64)
|
|
3417
|
-
throw new Error("Expected 32 bytes of private key");
|
|
3418
|
-
num = hexToNumber(key);
|
|
3419
|
-
} else if (key instanceof Uint8Array) {
|
|
3420
|
-
if (key.length !== 32)
|
|
3421
|
-
throw new Error("Expected 32 bytes of private key");
|
|
3422
|
-
num = bytesToNumber(key);
|
|
3423
|
-
} else {
|
|
3424
|
-
throw new TypeError("Expected valid private key");
|
|
1700
|
+
if (P % _16n === _9n) {
|
|
3425
1701
|
}
|
|
3426
|
-
|
|
3427
|
-
throw new Error("Expected private key: 0 < key < n");
|
|
3428
|
-
return num;
|
|
1702
|
+
return tonelliShanks(P);
|
|
3429
1703
|
}
|
|
3430
|
-
|
|
3431
|
-
|
|
3432
|
-
|
|
3433
|
-
|
|
3434
|
-
|
|
3435
|
-
|
|
3436
|
-
|
|
1704
|
+
var FIELD_FIELDS = [
|
|
1705
|
+
"create",
|
|
1706
|
+
"isValid",
|
|
1707
|
+
"is0",
|
|
1708
|
+
"neg",
|
|
1709
|
+
"inv",
|
|
1710
|
+
"sqrt",
|
|
1711
|
+
"sqr",
|
|
1712
|
+
"eql",
|
|
1713
|
+
"add",
|
|
1714
|
+
"sub",
|
|
1715
|
+
"mul",
|
|
1716
|
+
"pow",
|
|
1717
|
+
"div",
|
|
1718
|
+
"addN",
|
|
1719
|
+
"subN",
|
|
1720
|
+
"mulN",
|
|
1721
|
+
"sqrN"
|
|
1722
|
+
];
|
|
1723
|
+
function validateField(field) {
|
|
1724
|
+
const initial = {
|
|
1725
|
+
ORDER: "bigint",
|
|
1726
|
+
MASK: "bigint",
|
|
1727
|
+
BYTES: "isSafeInteger",
|
|
1728
|
+
BITS: "isSafeInteger"
|
|
1729
|
+
};
|
|
1730
|
+
const opts = FIELD_FIELDS.reduce((map, val) => {
|
|
1731
|
+
map[val] = "function";
|
|
1732
|
+
return map;
|
|
1733
|
+
}, initial);
|
|
1734
|
+
return validateObject(field, opts);
|
|
3437
1735
|
}
|
|
3438
|
-
function
|
|
3439
|
-
if (
|
|
3440
|
-
|
|
3441
|
-
|
|
3442
|
-
|
|
3443
|
-
|
|
3444
|
-
return
|
|
3445
|
-
|
|
3446
|
-
|
|
1736
|
+
function FpPow(f, num, power) {
|
|
1737
|
+
if (power < _0n2)
|
|
1738
|
+
throw new Error("Expected power > 0");
|
|
1739
|
+
if (power === _0n2)
|
|
1740
|
+
return f.ONE;
|
|
1741
|
+
if (power === _1n2)
|
|
1742
|
+
return num;
|
|
1743
|
+
let p = f.ONE;
|
|
1744
|
+
let d = num;
|
|
1745
|
+
while (power > _0n2) {
|
|
1746
|
+
if (power & _1n2)
|
|
1747
|
+
p = f.mul(p, d);
|
|
1748
|
+
d = f.sqr(d);
|
|
1749
|
+
power >>= _1n2;
|
|
3447
1750
|
}
|
|
1751
|
+
return p;
|
|
3448
1752
|
}
|
|
3449
|
-
function
|
|
3450
|
-
|
|
3451
|
-
|
|
3452
|
-
|
|
3453
|
-
|
|
3454
|
-
|
|
1753
|
+
function FpInvertBatch(f, nums) {
|
|
1754
|
+
const tmp = new Array(nums.length);
|
|
1755
|
+
const lastMultiplied = nums.reduce((acc, num, i) => {
|
|
1756
|
+
if (f.is0(num))
|
|
1757
|
+
return acc;
|
|
1758
|
+
tmp[i] = acc;
|
|
1759
|
+
return f.mul(acc, num);
|
|
1760
|
+
}, f.ONE);
|
|
1761
|
+
const inverted = f.inv(lastMultiplied);
|
|
1762
|
+
nums.reduceRight((acc, num, i) => {
|
|
1763
|
+
if (f.is0(num))
|
|
1764
|
+
return acc;
|
|
1765
|
+
tmp[i] = f.mul(acc, tmp[i]);
|
|
1766
|
+
return f.mul(acc, num);
|
|
1767
|
+
}, inverted);
|
|
1768
|
+
return tmp;
|
|
3455
1769
|
}
|
|
3456
|
-
function
|
|
3457
|
-
const
|
|
3458
|
-
const
|
|
3459
|
-
return
|
|
1770
|
+
function nLength(n, nBitLength) {
|
|
1771
|
+
const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
|
|
1772
|
+
const nByteLength = Math.ceil(_nBitLength / 8);
|
|
1773
|
+
return { nBitLength: _nBitLength, nByteLength };
|
|
3460
1774
|
}
|
|
3461
|
-
function
|
|
3462
|
-
|
|
1775
|
+
function Field(ORDER, bitLen2, isLE2 = false, redef = {}) {
|
|
1776
|
+
if (ORDER <= _0n2)
|
|
1777
|
+
throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);
|
|
1778
|
+
const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
|
|
1779
|
+
if (BYTES > 2048)
|
|
1780
|
+
throw new Error("Field lengths over 2048 bytes are not supported");
|
|
1781
|
+
const sqrtP = FpSqrt(ORDER);
|
|
1782
|
+
const f = Object.freeze({
|
|
1783
|
+
ORDER,
|
|
1784
|
+
BITS,
|
|
1785
|
+
BYTES,
|
|
1786
|
+
MASK: bitMask(BITS),
|
|
1787
|
+
ZERO: _0n2,
|
|
1788
|
+
ONE: _1n2,
|
|
1789
|
+
create: (num) => mod(num, ORDER),
|
|
1790
|
+
isValid: (num) => {
|
|
1791
|
+
if (typeof num !== "bigint")
|
|
1792
|
+
throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
|
|
1793
|
+
return _0n2 <= num && num < ORDER;
|
|
1794
|
+
},
|
|
1795
|
+
is0: (num) => num === _0n2,
|
|
1796
|
+
isOdd: (num) => (num & _1n2) === _1n2,
|
|
1797
|
+
neg: (num) => mod(-num, ORDER),
|
|
1798
|
+
eql: (lhs, rhs) => lhs === rhs,
|
|
1799
|
+
sqr: (num) => mod(num * num, ORDER),
|
|
1800
|
+
add: (lhs, rhs) => mod(lhs + rhs, ORDER),
|
|
1801
|
+
sub: (lhs, rhs) => mod(lhs - rhs, ORDER),
|
|
1802
|
+
mul: (lhs, rhs) => mod(lhs * rhs, ORDER),
|
|
1803
|
+
pow: (num, power) => FpPow(f, num, power),
|
|
1804
|
+
div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),
|
|
1805
|
+
sqrN: (num) => num * num,
|
|
1806
|
+
addN: (lhs, rhs) => lhs + rhs,
|
|
1807
|
+
subN: (lhs, rhs) => lhs - rhs,
|
|
1808
|
+
mulN: (lhs, rhs) => lhs * rhs,
|
|
1809
|
+
inv: (num) => invert(num, ORDER),
|
|
1810
|
+
sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
|
|
1811
|
+
invertBatch: (lst) => FpInvertBatch(f, lst),
|
|
1812
|
+
cmov: (a, b, c) => c ? b : a,
|
|
1813
|
+
toBytes: (num) => isLE2 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES),
|
|
1814
|
+
fromBytes: (bytes2) => {
|
|
1815
|
+
if (bytes2.length !== BYTES)
|
|
1816
|
+
throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes2.length}`);
|
|
1817
|
+
return isLE2 ? bytesToNumberLE(bytes2) : bytesToNumberBE(bytes2);
|
|
1818
|
+
}
|
|
1819
|
+
});
|
|
1820
|
+
return Object.freeze(f);
|
|
3463
1821
|
}
|
|
3464
|
-
function
|
|
3465
|
-
|
|
3466
|
-
|
|
3467
|
-
const
|
|
3468
|
-
|
|
3469
|
-
|
|
3470
|
-
|
|
3471
|
-
|
|
3472
|
-
extraEntropy = utils.randomBytes(32);
|
|
3473
|
-
const e = ensureBytes(extraEntropy);
|
|
3474
|
-
if (e.length !== 32)
|
|
3475
|
-
throw new Error("sign: Expected 32 bytes of extra data");
|
|
3476
|
-
seedArgs.push(e);
|
|
3477
|
-
}
|
|
3478
|
-
const seed = concatBytes(...seedArgs);
|
|
3479
|
-
const m = bits2int(h1);
|
|
3480
|
-
return { seed, m, d };
|
|
1822
|
+
function hashToPrivateScalar(hash2, groupOrder, isLE2 = false) {
|
|
1823
|
+
hash2 = ensureBytes("privateHash", hash2);
|
|
1824
|
+
const hashLen = hash2.length;
|
|
1825
|
+
const minLen = nLength(groupOrder).nByteLength + 8;
|
|
1826
|
+
if (minLen < 24 || hashLen < minLen || hashLen > 1024)
|
|
1827
|
+
throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);
|
|
1828
|
+
const num = isLE2 ? bytesToNumberLE(hash2) : bytesToNumberBE(hash2);
|
|
1829
|
+
return mod(num, groupOrder - _1n2) + _1n2;
|
|
3481
1830
|
}
|
|
3482
|
-
|
|
3483
|
-
|
|
3484
|
-
|
|
3485
|
-
|
|
3486
|
-
|
|
3487
|
-
|
|
3488
|
-
|
|
3489
|
-
|
|
3490
|
-
|
|
1831
|
+
|
|
1832
|
+
// ../../node_modules/@noble/curves/esm/abstract/curve.js
|
|
1833
|
+
var _0n3 = BigInt(0);
|
|
1834
|
+
var _1n3 = BigInt(1);
|
|
1835
|
+
function wNAF(c, bits) {
|
|
1836
|
+
const constTimeNegate = (condition, item) => {
|
|
1837
|
+
const neg = item.negate();
|
|
1838
|
+
return condition ? neg : item;
|
|
1839
|
+
};
|
|
1840
|
+
const opts = (W) => {
|
|
1841
|
+
const windows = Math.ceil(bits / W) + 1;
|
|
1842
|
+
const windowSize = 2 ** (W - 1);
|
|
1843
|
+
return { windows, windowSize };
|
|
1844
|
+
};
|
|
1845
|
+
return {
|
|
1846
|
+
constTimeNegate,
|
|
1847
|
+
unsafeLadder(elm, n) {
|
|
1848
|
+
let p = c.ZERO;
|
|
1849
|
+
let d = elm;
|
|
1850
|
+
while (n > _0n3) {
|
|
1851
|
+
if (n & _1n3)
|
|
1852
|
+
p = p.add(d);
|
|
1853
|
+
d = d.double();
|
|
1854
|
+
n >>= _1n3;
|
|
1855
|
+
}
|
|
1856
|
+
return p;
|
|
1857
|
+
},
|
|
1858
|
+
precomputeWindow(elm, W) {
|
|
1859
|
+
const { windows, windowSize } = opts(W);
|
|
1860
|
+
const points = [];
|
|
1861
|
+
let p = elm;
|
|
1862
|
+
let base3 = p;
|
|
1863
|
+
for (let window = 0; window < windows; window++) {
|
|
1864
|
+
base3 = p;
|
|
1865
|
+
points.push(base3);
|
|
1866
|
+
for (let i = 1; i < windowSize; i++) {
|
|
1867
|
+
base3 = base3.add(p);
|
|
1868
|
+
points.push(base3);
|
|
1869
|
+
}
|
|
1870
|
+
p = base3.double();
|
|
1871
|
+
}
|
|
1872
|
+
return points;
|
|
1873
|
+
},
|
|
1874
|
+
wNAF(W, precomputes, n) {
|
|
1875
|
+
const { windows, windowSize } = opts(W);
|
|
1876
|
+
let p = c.ZERO;
|
|
1877
|
+
let f = c.BASE;
|
|
1878
|
+
const mask = BigInt(2 ** W - 1);
|
|
1879
|
+
const maxNumber = 2 ** W;
|
|
1880
|
+
const shiftBy = BigInt(W);
|
|
1881
|
+
for (let window = 0; window < windows; window++) {
|
|
1882
|
+
const offset = window * windowSize;
|
|
1883
|
+
let wbits = Number(n & mask);
|
|
1884
|
+
n >>= shiftBy;
|
|
1885
|
+
if (wbits > windowSize) {
|
|
1886
|
+
wbits -= maxNumber;
|
|
1887
|
+
n += _1n3;
|
|
1888
|
+
}
|
|
1889
|
+
const offset1 = offset;
|
|
1890
|
+
const offset2 = offset + Math.abs(wbits) - 1;
|
|
1891
|
+
const cond1 = window % 2 !== 0;
|
|
1892
|
+
const cond2 = wbits < 0;
|
|
1893
|
+
if (wbits === 0) {
|
|
1894
|
+
f = f.add(constTimeNegate(cond1, precomputes[offset1]));
|
|
1895
|
+
} else {
|
|
1896
|
+
p = p.add(constTimeNegate(cond2, precomputes[offset2]));
|
|
1897
|
+
}
|
|
1898
|
+
}
|
|
1899
|
+
return { p, f };
|
|
1900
|
+
},
|
|
1901
|
+
wNAFCached(P, precomputesMap, n, transform) {
|
|
1902
|
+
const W = P._WINDOW_SIZE || 1;
|
|
1903
|
+
let comp = precomputesMap.get(P);
|
|
1904
|
+
if (!comp) {
|
|
1905
|
+
comp = this.precomputeWindow(P, W);
|
|
1906
|
+
if (W !== 1) {
|
|
1907
|
+
precomputesMap.set(P, transform(comp));
|
|
1908
|
+
}
|
|
1909
|
+
}
|
|
1910
|
+
return this.wNAF(W, comp, n);
|
|
1911
|
+
}
|
|
1912
|
+
};
|
|
3491
1913
|
}
|
|
3492
|
-
|
|
3493
|
-
|
|
3494
|
-
|
|
3495
|
-
|
|
3496
|
-
|
|
3497
|
-
|
|
3498
|
-
|
|
3499
|
-
|
|
1914
|
+
function validateBasic(curve) {
|
|
1915
|
+
validateField(curve.Fp);
|
|
1916
|
+
validateObject(curve, {
|
|
1917
|
+
n: "bigint",
|
|
1918
|
+
h: "bigint",
|
|
1919
|
+
Gx: "field",
|
|
1920
|
+
Gy: "field"
|
|
1921
|
+
}, {
|
|
1922
|
+
nBitLength: "isSafeInteger",
|
|
1923
|
+
nByteLength: "isSafeInteger"
|
|
1924
|
+
});
|
|
1925
|
+
return Object.freeze({
|
|
1926
|
+
...nLength(curve.n, curve.nBitLength),
|
|
1927
|
+
...curve,
|
|
1928
|
+
...{ p: curve.Fp.ORDER }
|
|
1929
|
+
});
|
|
3500
1930
|
}
|
|
3501
|
-
|
|
3502
|
-
|
|
3503
|
-
|
|
3504
|
-
|
|
3505
|
-
|
|
3506
|
-
|
|
3507
|
-
|
|
3508
|
-
|
|
3509
|
-
|
|
3510
|
-
|
|
3511
|
-
|
|
3512
|
-
|
|
3513
|
-
|
|
3514
|
-
|
|
3515
|
-
|
|
3516
|
-
|
|
3517
|
-
}
|
|
3518
|
-
|
|
1931
|
+
|
|
1932
|
+
// ../../node_modules/@noble/curves/esm/abstract/weierstrass.js
|
|
1933
|
+
function validatePointOpts(curve) {
|
|
1934
|
+
const opts = validateBasic(curve);
|
|
1935
|
+
validateObject(opts, {
|
|
1936
|
+
a: "field",
|
|
1937
|
+
b: "field"
|
|
1938
|
+
}, {
|
|
1939
|
+
allowedPrivateKeyLengths: "array",
|
|
1940
|
+
wrapPrivateKey: "boolean",
|
|
1941
|
+
isTorsionFree: "function",
|
|
1942
|
+
clearCofactor: "function",
|
|
1943
|
+
allowInfinityPoint: "boolean",
|
|
1944
|
+
fromBytes: "function",
|
|
1945
|
+
toBytes: "function"
|
|
1946
|
+
});
|
|
1947
|
+
const { endo, Fp: Fp3, a } = opts;
|
|
1948
|
+
if (endo) {
|
|
1949
|
+
if (!Fp3.eql(a, Fp3.ZERO)) {
|
|
1950
|
+
throw new Error("Endomorphism can only be defined for Koblitz curves that have a=0");
|
|
1951
|
+
}
|
|
1952
|
+
if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
|
|
1953
|
+
throw new Error("Expected endomorphism with beta: bigint and splitScalar: function");
|
|
1954
|
+
}
|
|
3519
1955
|
}
|
|
3520
|
-
|
|
3521
|
-
const sinv = invert(s, n);
|
|
3522
|
-
const u1 = mod(h * sinv, n);
|
|
3523
|
-
const u2 = mod(r * sinv, n);
|
|
3524
|
-
const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
|
|
3525
|
-
if (!R)
|
|
3526
|
-
return false;
|
|
3527
|
-
const v = mod(R.x, n);
|
|
3528
|
-
return v === r;
|
|
1956
|
+
return Object.freeze({ ...opts });
|
|
3529
1957
|
}
|
|
3530
|
-
|
|
3531
|
-
var
|
|
3532
|
-
|
|
3533
|
-
|
|
3534
|
-
|
|
3535
|
-
var TAGGED_HASH_PREFIXES = {};
|
|
3536
|
-
var utils = {
|
|
3537
|
-
bytesToHex,
|
|
3538
|
-
hexToBytes,
|
|
3539
|
-
concatBytes,
|
|
3540
|
-
mod,
|
|
3541
|
-
invert,
|
|
3542
|
-
isValidPrivateKey(privateKey) {
|
|
3543
|
-
try {
|
|
3544
|
-
normalizePrivateKey(privateKey);
|
|
3545
|
-
return true;
|
|
3546
|
-
} catch (error) {
|
|
3547
|
-
return false;
|
|
1958
|
+
var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
|
|
1959
|
+
var DER = {
|
|
1960
|
+
Err: class DERErr extends Error {
|
|
1961
|
+
constructor(m = "") {
|
|
1962
|
+
super(m);
|
|
3548
1963
|
}
|
|
3549
1964
|
},
|
|
3550
|
-
|
|
3551
|
-
|
|
3552
|
-
|
|
3553
|
-
|
|
3554
|
-
|
|
3555
|
-
|
|
3556
|
-
|
|
3557
|
-
|
|
3558
|
-
|
|
3559
|
-
|
|
3560
|
-
if (
|
|
3561
|
-
|
|
3562
|
-
|
|
3563
|
-
const { randomBytes: randomBytes2 } = crypto3.node;
|
|
3564
|
-
return Uint8Array.from(randomBytes2(bytesLength));
|
|
3565
|
-
} else {
|
|
3566
|
-
throw new Error("The environment doesn't have randomBytes function");
|
|
3567
|
-
}
|
|
1965
|
+
_parseInt(data) {
|
|
1966
|
+
const { Err: E } = DER;
|
|
1967
|
+
if (data.length < 2 || data[0] !== 2)
|
|
1968
|
+
throw new E("Invalid signature integer tag");
|
|
1969
|
+
const len = data[1];
|
|
1970
|
+
const res = data.subarray(2, len + 2);
|
|
1971
|
+
if (!len || res.length !== len)
|
|
1972
|
+
throw new E("Invalid signature integer: wrong length");
|
|
1973
|
+
if (res[0] & 128)
|
|
1974
|
+
throw new E("Invalid signature integer: negative");
|
|
1975
|
+
if (res[0] === 0 && !(res[1] & 128))
|
|
1976
|
+
throw new E("Invalid signature integer: unnecessary leading zero");
|
|
1977
|
+
return { d: b2n(res), l: data.subarray(len + 2) };
|
|
3568
1978
|
},
|
|
3569
|
-
|
|
3570
|
-
|
|
1979
|
+
toSig(hex) {
|
|
1980
|
+
const { Err: E } = DER;
|
|
1981
|
+
const data = typeof hex === "string" ? h2b(hex) : hex;
|
|
1982
|
+
if (!(data instanceof Uint8Array))
|
|
1983
|
+
throw new Error("ui8a expected");
|
|
1984
|
+
let l = data.length;
|
|
1985
|
+
if (l < 2 || data[0] != 48)
|
|
1986
|
+
throw new E("Invalid signature tag");
|
|
1987
|
+
if (data[1] !== l - 2)
|
|
1988
|
+
throw new E("Invalid signature: incorrect length");
|
|
1989
|
+
const { d: r, l: sBytes } = DER._parseInt(data.subarray(2));
|
|
1990
|
+
const { d: s, l: rBytesLeft } = DER._parseInt(sBytes);
|
|
1991
|
+
if (rBytesLeft.length)
|
|
1992
|
+
throw new E("Invalid signature: left bytes after parsing");
|
|
1993
|
+
return { r, s };
|
|
3571
1994
|
},
|
|
3572
|
-
|
|
3573
|
-
|
|
3574
|
-
|
|
3575
|
-
|
|
3576
|
-
|
|
3577
|
-
|
|
3578
|
-
|
|
3579
|
-
|
|
3580
|
-
|
|
3581
|
-
|
|
3582
|
-
|
|
1995
|
+
hexFromSig(sig) {
|
|
1996
|
+
const slice = (s2) => Number.parseInt(s2[0], 16) & 8 ? "00" + s2 : s2;
|
|
1997
|
+
const h = (num) => {
|
|
1998
|
+
const hex = num.toString(16);
|
|
1999
|
+
return hex.length & 1 ? `0${hex}` : hex;
|
|
2000
|
+
};
|
|
2001
|
+
const s = slice(h(sig.s));
|
|
2002
|
+
const r = slice(h(sig.r));
|
|
2003
|
+
const shl = s.length / 2;
|
|
2004
|
+
const rhl = r.length / 2;
|
|
2005
|
+
const sl = h(shl);
|
|
2006
|
+
const rl = h(rhl);
|
|
2007
|
+
return `30${h(rhl + shl + 4)}02${rl}${r}02${sl}${s}`;
|
|
2008
|
+
}
|
|
2009
|
+
};
|
|
2010
|
+
var _0n4 = BigInt(0);
|
|
2011
|
+
var _1n4 = BigInt(1);
|
|
2012
|
+
var _2n3 = BigInt(2);
|
|
2013
|
+
var _3n2 = BigInt(3);
|
|
2014
|
+
var _4n2 = BigInt(4);
|
|
2015
|
+
function weierstrassPoints(opts) {
|
|
2016
|
+
const CURVE = validatePointOpts(opts);
|
|
2017
|
+
const { Fp: Fp3 } = CURVE;
|
|
2018
|
+
const toBytes2 = CURVE.toBytes || ((c, point, isCompressed) => {
|
|
2019
|
+
const a = point.toAffine();
|
|
2020
|
+
return concatBytes2(Uint8Array.from([4]), Fp3.toBytes(a.x), Fp3.toBytes(a.y));
|
|
2021
|
+
});
|
|
2022
|
+
const fromBytes = CURVE.fromBytes || ((bytes2) => {
|
|
2023
|
+
const tail = bytes2.subarray(1);
|
|
2024
|
+
const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
|
|
2025
|
+
const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
|
|
2026
|
+
return { x, y };
|
|
2027
|
+
});
|
|
2028
|
+
function weierstrassEquation(x) {
|
|
2029
|
+
const { a, b } = CURVE;
|
|
2030
|
+
const x2 = Fp3.sqr(x);
|
|
2031
|
+
const x3 = Fp3.mul(x2, x);
|
|
2032
|
+
return Fp3.add(Fp3.add(x3, Fp3.mul(x, a)), b);
|
|
2033
|
+
}
|
|
2034
|
+
if (!Fp3.eql(Fp3.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
|
|
2035
|
+
throw new Error("bad generator point: equation left != right");
|
|
2036
|
+
function isWithinCurveOrder(num) {
|
|
2037
|
+
return typeof num === "bigint" && _0n4 < num && num < CURVE.n;
|
|
2038
|
+
}
|
|
2039
|
+
function assertGE(num) {
|
|
2040
|
+
if (!isWithinCurveOrder(num))
|
|
2041
|
+
throw new Error("Expected valid bigint: 0 < bigint < curve.n");
|
|
2042
|
+
}
|
|
2043
|
+
function normPrivateKeyToScalar(key) {
|
|
2044
|
+
const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
|
|
2045
|
+
if (lengths && typeof key !== "bigint") {
|
|
2046
|
+
if (key instanceof Uint8Array)
|
|
2047
|
+
key = bytesToHex(key);
|
|
2048
|
+
if (typeof key !== "string" || !lengths.includes(key.length))
|
|
2049
|
+
throw new Error("Invalid key");
|
|
2050
|
+
key = key.padStart(nByteLength * 2, "0");
|
|
2051
|
+
}
|
|
2052
|
+
let num;
|
|
2053
|
+
try {
|
|
2054
|
+
num = typeof key === "bigint" ? key : bytesToNumberBE(ensureBytes("private key", key, nByteLength));
|
|
2055
|
+
} catch (error) {
|
|
2056
|
+
throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
|
|
3583
2057
|
}
|
|
3584
|
-
|
|
3585
|
-
|
|
3586
|
-
|
|
3587
|
-
|
|
3588
|
-
|
|
3589
|
-
|
|
3590
|
-
|
|
3591
|
-
|
|
3592
|
-
|
|
3593
|
-
|
|
3594
|
-
|
|
3595
|
-
|
|
3596
|
-
|
|
3597
|
-
|
|
2058
|
+
if (wrapPrivateKey)
|
|
2059
|
+
num = mod(num, n);
|
|
2060
|
+
assertGE(num);
|
|
2061
|
+
return num;
|
|
2062
|
+
}
|
|
2063
|
+
const pointPrecomputes = /* @__PURE__ */ new Map();
|
|
2064
|
+
function assertPrjPoint(other) {
|
|
2065
|
+
if (!(other instanceof Point2))
|
|
2066
|
+
throw new Error("ProjectivePoint expected");
|
|
2067
|
+
}
|
|
2068
|
+
class Point2 {
|
|
2069
|
+
constructor(px, py, pz) {
|
|
2070
|
+
this.px = px;
|
|
2071
|
+
this.py = py;
|
|
2072
|
+
this.pz = pz;
|
|
2073
|
+
if (px == null || !Fp3.isValid(px))
|
|
2074
|
+
throw new Error("x required");
|
|
2075
|
+
if (py == null || !Fp3.isValid(py))
|
|
2076
|
+
throw new Error("y required");
|
|
2077
|
+
if (pz == null || !Fp3.isValid(pz))
|
|
2078
|
+
throw new Error("z required");
|
|
2079
|
+
}
|
|
2080
|
+
static fromAffine(p) {
|
|
2081
|
+
const { x, y } = p || {};
|
|
2082
|
+
if (!p || !Fp3.isValid(x) || !Fp3.isValid(y))
|
|
2083
|
+
throw new Error("invalid affine point");
|
|
2084
|
+
if (p instanceof Point2)
|
|
2085
|
+
throw new Error("projective point not allowed");
|
|
2086
|
+
const is0 = (i) => Fp3.eql(i, Fp3.ZERO);
|
|
2087
|
+
if (is0(x) && is0(y))
|
|
2088
|
+
return Point2.ZERO;
|
|
2089
|
+
return new Point2(x, y, Fp3.ONE);
|
|
2090
|
+
}
|
|
2091
|
+
get x() {
|
|
2092
|
+
return this.toAffine().x;
|
|
2093
|
+
}
|
|
2094
|
+
get y() {
|
|
2095
|
+
return this.toAffine().y;
|
|
2096
|
+
}
|
|
2097
|
+
static normalizeZ(points) {
|
|
2098
|
+
const toInv = Fp3.invertBatch(points.map((p) => p.pz));
|
|
2099
|
+
return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
|
|
2100
|
+
}
|
|
2101
|
+
static fromHex(hex) {
|
|
2102
|
+
const P = Point2.fromAffine(fromBytes(ensureBytes("pointHex", hex)));
|
|
2103
|
+
P.assertValidity();
|
|
2104
|
+
return P;
|
|
2105
|
+
}
|
|
2106
|
+
static fromPrivateKey(privateKey) {
|
|
2107
|
+
return Point2.BASE.multiply(normPrivateKeyToScalar(privateKey));
|
|
2108
|
+
}
|
|
2109
|
+
_setWindowSize(windowSize) {
|
|
2110
|
+
this._WINDOW_SIZE = windowSize;
|
|
2111
|
+
pointPrecomputes.delete(this);
|
|
2112
|
+
}
|
|
2113
|
+
assertValidity() {
|
|
2114
|
+
if (this.is0()) {
|
|
2115
|
+
if (CURVE.allowInfinityPoint)
|
|
2116
|
+
return;
|
|
2117
|
+
throw new Error("bad point: ZERO");
|
|
2118
|
+
}
|
|
2119
|
+
const { x, y } = this.toAffine();
|
|
2120
|
+
if (!Fp3.isValid(x) || !Fp3.isValid(y))
|
|
2121
|
+
throw new Error("bad point: x or y not FE");
|
|
2122
|
+
const left = Fp3.sqr(y);
|
|
2123
|
+
const right = weierstrassEquation(x);
|
|
2124
|
+
if (!Fp3.eql(left, right))
|
|
2125
|
+
throw new Error("bad point: equation left != right");
|
|
2126
|
+
if (!this.isTorsionFree())
|
|
2127
|
+
throw new Error("bad point: not in prime-order subgroup");
|
|
2128
|
+
}
|
|
2129
|
+
hasEvenY() {
|
|
2130
|
+
const { y } = this.toAffine();
|
|
2131
|
+
if (Fp3.isOdd)
|
|
2132
|
+
return !Fp3.isOdd(y);
|
|
2133
|
+
throw new Error("Field doesn't support isOdd");
|
|
2134
|
+
}
|
|
2135
|
+
equals(other) {
|
|
2136
|
+
assertPrjPoint(other);
|
|
2137
|
+
const { px: X1, py: Y1, pz: Z1 } = this;
|
|
2138
|
+
const { px: X2, py: Y2, pz: Z2 } = other;
|
|
2139
|
+
const U1 = Fp3.eql(Fp3.mul(X1, Z2), Fp3.mul(X2, Z1));
|
|
2140
|
+
const U2 = Fp3.eql(Fp3.mul(Y1, Z2), Fp3.mul(Y2, Z1));
|
|
2141
|
+
return U1 && U2;
|
|
2142
|
+
}
|
|
2143
|
+
negate() {
|
|
2144
|
+
return new Point2(this.px, Fp3.neg(this.py), this.pz);
|
|
2145
|
+
}
|
|
2146
|
+
double() {
|
|
2147
|
+
const { a, b } = CURVE;
|
|
2148
|
+
const b3 = Fp3.mul(b, _3n2);
|
|
2149
|
+
const { px: X1, py: Y1, pz: Z1 } = this;
|
|
2150
|
+
let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
|
|
2151
|
+
let t0 = Fp3.mul(X1, X1);
|
|
2152
|
+
let t1 = Fp3.mul(Y1, Y1);
|
|
2153
|
+
let t2 = Fp3.mul(Z1, Z1);
|
|
2154
|
+
let t3 = Fp3.mul(X1, Y1);
|
|
2155
|
+
t3 = Fp3.add(t3, t3);
|
|
2156
|
+
Z3 = Fp3.mul(X1, Z1);
|
|
2157
|
+
Z3 = Fp3.add(Z3, Z3);
|
|
2158
|
+
X3 = Fp3.mul(a, Z3);
|
|
2159
|
+
Y3 = Fp3.mul(b3, t2);
|
|
2160
|
+
Y3 = Fp3.add(X3, Y3);
|
|
2161
|
+
X3 = Fp3.sub(t1, Y3);
|
|
2162
|
+
Y3 = Fp3.add(t1, Y3);
|
|
2163
|
+
Y3 = Fp3.mul(X3, Y3);
|
|
2164
|
+
X3 = Fp3.mul(t3, X3);
|
|
2165
|
+
Z3 = Fp3.mul(b3, Z3);
|
|
2166
|
+
t2 = Fp3.mul(a, t2);
|
|
2167
|
+
t3 = Fp3.sub(t0, t2);
|
|
2168
|
+
t3 = Fp3.mul(a, t3);
|
|
2169
|
+
t3 = Fp3.add(t3, Z3);
|
|
2170
|
+
Z3 = Fp3.add(t0, t0);
|
|
2171
|
+
t0 = Fp3.add(Z3, t0);
|
|
2172
|
+
t0 = Fp3.add(t0, t2);
|
|
2173
|
+
t0 = Fp3.mul(t0, t3);
|
|
2174
|
+
Y3 = Fp3.add(Y3, t0);
|
|
2175
|
+
t2 = Fp3.mul(Y1, Z1);
|
|
2176
|
+
t2 = Fp3.add(t2, t2);
|
|
2177
|
+
t0 = Fp3.mul(t2, t3);
|
|
2178
|
+
X3 = Fp3.sub(X3, t0);
|
|
2179
|
+
Z3 = Fp3.mul(t2, t1);
|
|
2180
|
+
Z3 = Fp3.add(Z3, Z3);
|
|
2181
|
+
Z3 = Fp3.add(Z3, Z3);
|
|
2182
|
+
return new Point2(X3, Y3, Z3);
|
|
2183
|
+
}
|
|
2184
|
+
add(other) {
|
|
2185
|
+
assertPrjPoint(other);
|
|
2186
|
+
const { px: X1, py: Y1, pz: Z1 } = this;
|
|
2187
|
+
const { px: X2, py: Y2, pz: Z2 } = other;
|
|
2188
|
+
let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
|
|
2189
|
+
const a = CURVE.a;
|
|
2190
|
+
const b3 = Fp3.mul(CURVE.b, _3n2);
|
|
2191
|
+
let t0 = Fp3.mul(X1, X2);
|
|
2192
|
+
let t1 = Fp3.mul(Y1, Y2);
|
|
2193
|
+
let t2 = Fp3.mul(Z1, Z2);
|
|
2194
|
+
let t3 = Fp3.add(X1, Y1);
|
|
2195
|
+
let t4 = Fp3.add(X2, Y2);
|
|
2196
|
+
t3 = Fp3.mul(t3, t4);
|
|
2197
|
+
t4 = Fp3.add(t0, t1);
|
|
2198
|
+
t3 = Fp3.sub(t3, t4);
|
|
2199
|
+
t4 = Fp3.add(X1, Z1);
|
|
2200
|
+
let t5 = Fp3.add(X2, Z2);
|
|
2201
|
+
t4 = Fp3.mul(t4, t5);
|
|
2202
|
+
t5 = Fp3.add(t0, t2);
|
|
2203
|
+
t4 = Fp3.sub(t4, t5);
|
|
2204
|
+
t5 = Fp3.add(Y1, Z1);
|
|
2205
|
+
X3 = Fp3.add(Y2, Z2);
|
|
2206
|
+
t5 = Fp3.mul(t5, X3);
|
|
2207
|
+
X3 = Fp3.add(t1, t2);
|
|
2208
|
+
t5 = Fp3.sub(t5, X3);
|
|
2209
|
+
Z3 = Fp3.mul(a, t4);
|
|
2210
|
+
X3 = Fp3.mul(b3, t2);
|
|
2211
|
+
Z3 = Fp3.add(X3, Z3);
|
|
2212
|
+
X3 = Fp3.sub(t1, Z3);
|
|
2213
|
+
Z3 = Fp3.add(t1, Z3);
|
|
2214
|
+
Y3 = Fp3.mul(X3, Z3);
|
|
2215
|
+
t1 = Fp3.add(t0, t0);
|
|
2216
|
+
t1 = Fp3.add(t1, t0);
|
|
2217
|
+
t2 = Fp3.mul(a, t2);
|
|
2218
|
+
t4 = Fp3.mul(b3, t4);
|
|
2219
|
+
t1 = Fp3.add(t1, t2);
|
|
2220
|
+
t2 = Fp3.sub(t0, t2);
|
|
2221
|
+
t2 = Fp3.mul(a, t2);
|
|
2222
|
+
t4 = Fp3.add(t4, t2);
|
|
2223
|
+
t0 = Fp3.mul(t1, t4);
|
|
2224
|
+
Y3 = Fp3.add(Y3, t0);
|
|
2225
|
+
t0 = Fp3.mul(t5, t4);
|
|
2226
|
+
X3 = Fp3.mul(t3, X3);
|
|
2227
|
+
X3 = Fp3.sub(X3, t0);
|
|
2228
|
+
t0 = Fp3.mul(t3, t1);
|
|
2229
|
+
Z3 = Fp3.mul(t5, Z3);
|
|
2230
|
+
Z3 = Fp3.add(Z3, t0);
|
|
2231
|
+
return new Point2(X3, Y3, Z3);
|
|
2232
|
+
}
|
|
2233
|
+
subtract(other) {
|
|
2234
|
+
return this.add(other.negate());
|
|
2235
|
+
}
|
|
2236
|
+
is0() {
|
|
2237
|
+
return this.equals(Point2.ZERO);
|
|
2238
|
+
}
|
|
2239
|
+
wNAF(n) {
|
|
2240
|
+
return wnaf.wNAFCached(this, pointPrecomputes, n, (comp) => {
|
|
2241
|
+
const toInv = Fp3.invertBatch(comp.map((p) => p.pz));
|
|
2242
|
+
return comp.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
|
|
2243
|
+
});
|
|
3598
2244
|
}
|
|
3599
|
-
|
|
3600
|
-
|
|
3601
|
-
|
|
3602
|
-
|
|
3603
|
-
|
|
3604
|
-
|
|
3605
|
-
|
|
3606
|
-
|
|
3607
|
-
|
|
3608
|
-
|
|
3609
|
-
|
|
3610
|
-
|
|
3611
|
-
|
|
3612
|
-
|
|
3613
|
-
|
|
3614
|
-
|
|
3615
|
-
|
|
3616
|
-
|
|
3617
|
-
|
|
3618
|
-
|
|
3619
|
-
|
|
3620
|
-
|
|
3621
|
-
|
|
3622
|
-
|
|
3623
|
-
|
|
3624
|
-
|
|
3625
|
-
|
|
3626
|
-
|
|
3627
|
-
|
|
3628
|
-
}
|
|
3629
|
-
|
|
3630
|
-
|
|
3631
|
-
|
|
3632
|
-
|
|
3633
|
-
|
|
2245
|
+
multiplyUnsafe(n) {
|
|
2246
|
+
const I = Point2.ZERO;
|
|
2247
|
+
if (n === _0n4)
|
|
2248
|
+
return I;
|
|
2249
|
+
assertGE(n);
|
|
2250
|
+
if (n === _1n4)
|
|
2251
|
+
return this;
|
|
2252
|
+
const { endo } = CURVE;
|
|
2253
|
+
if (!endo)
|
|
2254
|
+
return wnaf.unsafeLadder(this, n);
|
|
2255
|
+
let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
|
|
2256
|
+
let k1p = I;
|
|
2257
|
+
let k2p = I;
|
|
2258
|
+
let d = this;
|
|
2259
|
+
while (k1 > _0n4 || k2 > _0n4) {
|
|
2260
|
+
if (k1 & _1n4)
|
|
2261
|
+
k1p = k1p.add(d);
|
|
2262
|
+
if (k2 & _1n4)
|
|
2263
|
+
k2p = k2p.add(d);
|
|
2264
|
+
d = d.double();
|
|
2265
|
+
k1 >>= _1n4;
|
|
2266
|
+
k2 >>= _1n4;
|
|
2267
|
+
}
|
|
2268
|
+
if (k1neg)
|
|
2269
|
+
k1p = k1p.negate();
|
|
2270
|
+
if (k2neg)
|
|
2271
|
+
k2p = k2p.negate();
|
|
2272
|
+
k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
|
|
2273
|
+
return k1p.add(k2p);
|
|
2274
|
+
}
|
|
2275
|
+
multiply(scalar) {
|
|
2276
|
+
assertGE(scalar);
|
|
2277
|
+
let n = scalar;
|
|
2278
|
+
let point, fake;
|
|
2279
|
+
const { endo } = CURVE;
|
|
2280
|
+
if (endo) {
|
|
2281
|
+
const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
|
|
2282
|
+
let { p: k1p, f: f1p } = this.wNAF(k1);
|
|
2283
|
+
let { p: k2p, f: f2p } = this.wNAF(k2);
|
|
2284
|
+
k1p = wnaf.constTimeNegate(k1neg, k1p);
|
|
2285
|
+
k2p = wnaf.constTimeNegate(k2neg, k2p);
|
|
2286
|
+
k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
|
|
2287
|
+
point = k1p.add(k2p);
|
|
2288
|
+
fake = f1p.add(f2p);
|
|
2289
|
+
} else {
|
|
2290
|
+
const { p, f } = this.wNAF(n);
|
|
2291
|
+
point = p;
|
|
2292
|
+
fake = f;
|
|
2293
|
+
}
|
|
2294
|
+
return Point2.normalizeZ([point, fake])[0];
|
|
2295
|
+
}
|
|
2296
|
+
multiplyAndAddUnsafe(Q, a, b) {
|
|
2297
|
+
const G = Point2.BASE;
|
|
2298
|
+
const mul = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
|
|
2299
|
+
const sum = mul(this, a).add(mul(Q, b));
|
|
2300
|
+
return sum.is0() ? void 0 : sum;
|
|
2301
|
+
}
|
|
2302
|
+
toAffine(iz) {
|
|
2303
|
+
const { px: x, py: y, pz: z } = this;
|
|
2304
|
+
const is0 = this.is0();
|
|
2305
|
+
if (iz == null)
|
|
2306
|
+
iz = is0 ? Fp3.ONE : Fp3.inv(z);
|
|
2307
|
+
const ax = Fp3.mul(x, iz);
|
|
2308
|
+
const ay = Fp3.mul(y, iz);
|
|
2309
|
+
const zz = Fp3.mul(z, iz);
|
|
2310
|
+
if (is0)
|
|
2311
|
+
return { x: Fp3.ZERO, y: Fp3.ZERO };
|
|
2312
|
+
if (!Fp3.eql(zz, Fp3.ONE))
|
|
2313
|
+
throw new Error("invZ was invalid");
|
|
2314
|
+
return { x: ax, y: ay };
|
|
2315
|
+
}
|
|
2316
|
+
isTorsionFree() {
|
|
2317
|
+
const { h: cofactor, isTorsionFree } = CURVE;
|
|
2318
|
+
if (cofactor === _1n4)
|
|
2319
|
+
return true;
|
|
2320
|
+
if (isTorsionFree)
|
|
2321
|
+
return isTorsionFree(Point2, this);
|
|
2322
|
+
throw new Error("isTorsionFree() has not been declared for the elliptic curve");
|
|
2323
|
+
}
|
|
2324
|
+
clearCofactor() {
|
|
2325
|
+
const { h: cofactor, clearCofactor } = CURVE;
|
|
2326
|
+
if (cofactor === _1n4)
|
|
2327
|
+
return this;
|
|
2328
|
+
if (clearCofactor)
|
|
2329
|
+
return clearCofactor(Point2, this);
|
|
2330
|
+
return this.multiplyUnsafe(CURVE.h);
|
|
2331
|
+
}
|
|
2332
|
+
toRawBytes(isCompressed = true) {
|
|
2333
|
+
this.assertValidity();
|
|
2334
|
+
return toBytes2(Point2, this, isCompressed);
|
|
2335
|
+
}
|
|
2336
|
+
toHex(isCompressed = true) {
|
|
2337
|
+
return bytesToHex(this.toRawBytes(isCompressed));
|
|
2338
|
+
}
|
|
2339
|
+
}
|
|
2340
|
+
Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp3.ONE);
|
|
2341
|
+
Point2.ZERO = new Point2(Fp3.ZERO, Fp3.ONE, Fp3.ZERO);
|
|
2342
|
+
const _bits = CURVE.nBitLength;
|
|
2343
|
+
const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
|
|
2344
|
+
return {
|
|
2345
|
+
CURVE,
|
|
2346
|
+
ProjectivePoint: Point2,
|
|
2347
|
+
normPrivateKeyToScalar,
|
|
2348
|
+
weierstrassEquation,
|
|
2349
|
+
isWithinCurveOrder
|
|
2350
|
+
};
|
|
2351
|
+
}
|
|
2352
|
+
function validateOpts(curve) {
|
|
2353
|
+
const opts = validateBasic(curve);
|
|
2354
|
+
validateObject(opts, {
|
|
2355
|
+
hash: "hash",
|
|
2356
|
+
hmac: "function",
|
|
2357
|
+
randomBytes: "function"
|
|
2358
|
+
}, {
|
|
2359
|
+
bits2int: "function",
|
|
2360
|
+
bits2int_modN: "function",
|
|
2361
|
+
lowS: "boolean"
|
|
2362
|
+
});
|
|
2363
|
+
return Object.freeze({ lowS: true, ...opts });
|
|
2364
|
+
}
|
|
2365
|
+
function weierstrass(curveDef) {
|
|
2366
|
+
const CURVE = validateOpts(curveDef);
|
|
2367
|
+
const { Fp: Fp3, n: CURVE_ORDER } = CURVE;
|
|
2368
|
+
const compressedLen = Fp3.BYTES + 1;
|
|
2369
|
+
const uncompressedLen = 2 * Fp3.BYTES + 1;
|
|
2370
|
+
function isValidFieldElement(num) {
|
|
2371
|
+
return _0n4 < num && num < Fp3.ORDER;
|
|
2372
|
+
}
|
|
2373
|
+
function modN(a) {
|
|
2374
|
+
return mod(a, CURVE_ORDER);
|
|
2375
|
+
}
|
|
2376
|
+
function invN(a) {
|
|
2377
|
+
return invert(a, CURVE_ORDER);
|
|
2378
|
+
}
|
|
2379
|
+
const { ProjectivePoint: Point2, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder } = weierstrassPoints({
|
|
2380
|
+
...CURVE,
|
|
2381
|
+
toBytes(c, point, isCompressed) {
|
|
2382
|
+
const a = point.toAffine();
|
|
2383
|
+
const x = Fp3.toBytes(a.x);
|
|
2384
|
+
const cat = concatBytes2;
|
|
2385
|
+
if (isCompressed) {
|
|
2386
|
+
return cat(Uint8Array.from([point.hasEvenY() ? 2 : 3]), x);
|
|
2387
|
+
} else {
|
|
2388
|
+
return cat(Uint8Array.from([4]), x, Fp3.toBytes(a.y));
|
|
2389
|
+
}
|
|
3634
2390
|
},
|
|
3635
|
-
|
|
3636
|
-
|
|
3637
|
-
|
|
2391
|
+
fromBytes(bytes2) {
|
|
2392
|
+
const len = bytes2.length;
|
|
2393
|
+
const head = bytes2[0];
|
|
2394
|
+
const tail = bytes2.subarray(1);
|
|
2395
|
+
if (len === compressedLen && (head === 2 || head === 3)) {
|
|
2396
|
+
const x = bytesToNumberBE(tail);
|
|
2397
|
+
if (!isValidFieldElement(x))
|
|
2398
|
+
throw new Error("Point is not on curve");
|
|
2399
|
+
const y2 = weierstrassEquation(x);
|
|
2400
|
+
let y = Fp3.sqrt(y2);
|
|
2401
|
+
const isYOdd = (y & _1n4) === _1n4;
|
|
2402
|
+
const isHeadOdd = (head & 1) === 1;
|
|
2403
|
+
if (isHeadOdd !== isYOdd)
|
|
2404
|
+
y = Fp3.neg(y);
|
|
2405
|
+
return { x, y };
|
|
2406
|
+
} else if (len === uncompressedLen && head === 4) {
|
|
2407
|
+
const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
|
|
2408
|
+
const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
|
|
2409
|
+
return { x, y };
|
|
2410
|
+
} else {
|
|
2411
|
+
throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
|
|
2412
|
+
}
|
|
3638
2413
|
}
|
|
3639
|
-
}
|
|
3640
|
-
|
|
3641
|
-
|
|
3642
|
-
|
|
3643
|
-
|
|
2414
|
+
});
|
|
2415
|
+
const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength));
|
|
2416
|
+
function isBiggerThanHalfOrder(number2) {
|
|
2417
|
+
const HALF = CURVE_ORDER >> _1n4;
|
|
2418
|
+
return number2 > HALF;
|
|
2419
|
+
}
|
|
2420
|
+
function normalizeS(s) {
|
|
2421
|
+
return isBiggerThanHalfOrder(s) ? modN(-s) : s;
|
|
2422
|
+
}
|
|
2423
|
+
const slcNum = (b, from3, to) => bytesToNumberBE(b.slice(from3, to));
|
|
2424
|
+
class Signature {
|
|
2425
|
+
constructor(r, s, recovery) {
|
|
2426
|
+
this.r = r;
|
|
2427
|
+
this.s = s;
|
|
2428
|
+
this.recovery = recovery;
|
|
2429
|
+
this.assertValidity();
|
|
2430
|
+
}
|
|
2431
|
+
static fromCompact(hex) {
|
|
2432
|
+
const l = CURVE.nByteLength;
|
|
2433
|
+
hex = ensureBytes("compactSignature", hex, l * 2);
|
|
2434
|
+
return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
|
|
2435
|
+
}
|
|
2436
|
+
static fromDER(hex) {
|
|
2437
|
+
const { r, s } = DER.toSig(ensureBytes("DER", hex));
|
|
2438
|
+
return new Signature(r, s);
|
|
2439
|
+
}
|
|
2440
|
+
assertValidity() {
|
|
2441
|
+
if (!isWithinCurveOrder(this.r))
|
|
2442
|
+
throw new Error("r must be 0 < r < CURVE.n");
|
|
2443
|
+
if (!isWithinCurveOrder(this.s))
|
|
2444
|
+
throw new Error("s must be 0 < s < CURVE.n");
|
|
2445
|
+
}
|
|
2446
|
+
addRecoveryBit(recovery) {
|
|
2447
|
+
return new Signature(this.r, this.s, recovery);
|
|
2448
|
+
}
|
|
2449
|
+
recoverPublicKey(msgHash) {
|
|
2450
|
+
const { r, s, recovery: rec } = this;
|
|
2451
|
+
const h = bits2int_modN(ensureBytes("msgHash", msgHash));
|
|
2452
|
+
if (rec == null || ![0, 1, 2, 3].includes(rec))
|
|
2453
|
+
throw new Error("recovery id invalid");
|
|
2454
|
+
const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
|
|
2455
|
+
if (radj >= Fp3.ORDER)
|
|
2456
|
+
throw new Error("recovery id 2 or 3 invalid");
|
|
2457
|
+
const prefix = (rec & 1) === 0 ? "02" : "03";
|
|
2458
|
+
const R = Point2.fromHex(prefix + numToNByteStr(radj));
|
|
2459
|
+
const ir = invN(radj);
|
|
2460
|
+
const u1 = modN(-h * ir);
|
|
2461
|
+
const u2 = modN(s * ir);
|
|
2462
|
+
const Q = Point2.BASE.multiplyAndAddUnsafe(R, u1, u2);
|
|
2463
|
+
if (!Q)
|
|
2464
|
+
throw new Error("point at infinify");
|
|
2465
|
+
Q.assertValidity();
|
|
2466
|
+
return Q;
|
|
2467
|
+
}
|
|
2468
|
+
hasHighS() {
|
|
2469
|
+
return isBiggerThanHalfOrder(this.s);
|
|
2470
|
+
}
|
|
2471
|
+
normalizeS() {
|
|
2472
|
+
return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;
|
|
2473
|
+
}
|
|
2474
|
+
toDERRawBytes() {
|
|
2475
|
+
return hexToBytes(this.toDERHex());
|
|
2476
|
+
}
|
|
2477
|
+
toDERHex() {
|
|
2478
|
+
return DER.hexFromSig({ r: this.r, s: this.s });
|
|
2479
|
+
}
|
|
2480
|
+
toCompactRawBytes() {
|
|
2481
|
+
return hexToBytes(this.toCompactHex());
|
|
2482
|
+
}
|
|
2483
|
+
toCompactHex() {
|
|
2484
|
+
return numToNByteStr(this.r) + numToNByteStr(this.s);
|
|
2485
|
+
}
|
|
2486
|
+
}
|
|
2487
|
+
const utils = {
|
|
2488
|
+
isValidPrivateKey(privateKey) {
|
|
2489
|
+
try {
|
|
2490
|
+
normPrivateKeyToScalar(privateKey);
|
|
2491
|
+
return true;
|
|
2492
|
+
} catch (error) {
|
|
2493
|
+
return false;
|
|
2494
|
+
}
|
|
3644
2495
|
},
|
|
3645
|
-
|
|
3646
|
-
|
|
3647
|
-
|
|
2496
|
+
normPrivateKeyToScalar,
|
|
2497
|
+
randomPrivateKey: () => {
|
|
2498
|
+
const rand = CURVE.randomBytes(Fp3.BYTES + 8);
|
|
2499
|
+
const num = hashToPrivateScalar(rand, CURVE_ORDER);
|
|
2500
|
+
return numberToBytesBE(num, CURVE.nByteLength);
|
|
2501
|
+
},
|
|
2502
|
+
precompute(windowSize = 8, point = Point2.BASE) {
|
|
2503
|
+
point._setWindowSize(windowSize);
|
|
2504
|
+
point.multiply(BigInt(3));
|
|
2505
|
+
return point;
|
|
3648
2506
|
}
|
|
2507
|
+
};
|
|
2508
|
+
function getPublicKey(privateKey, isCompressed = true) {
|
|
2509
|
+
return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
|
|
2510
|
+
}
|
|
2511
|
+
function isProbPub(item) {
|
|
2512
|
+
const arr = item instanceof Uint8Array;
|
|
2513
|
+
const str = typeof item === "string";
|
|
2514
|
+
const len = (arr || str) && item.length;
|
|
2515
|
+
if (arr)
|
|
2516
|
+
return len === compressedLen || len === uncompressedLen;
|
|
2517
|
+
if (str)
|
|
2518
|
+
return len === 2 * compressedLen || len === 2 * uncompressedLen;
|
|
2519
|
+
if (item instanceof Point2)
|
|
2520
|
+
return true;
|
|
2521
|
+
return false;
|
|
3649
2522
|
}
|
|
3650
|
-
|
|
2523
|
+
function getSharedSecret(privateA, publicB, isCompressed = true) {
|
|
2524
|
+
if (isProbPub(privateA))
|
|
2525
|
+
throw new Error("first arg must be private key");
|
|
2526
|
+
if (!isProbPub(publicB))
|
|
2527
|
+
throw new Error("second arg must be public key");
|
|
2528
|
+
const b = Point2.fromHex(publicB);
|
|
2529
|
+
return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
|
|
2530
|
+
}
|
|
2531
|
+
const bits2int = CURVE.bits2int || function(bytes2) {
|
|
2532
|
+
const num = bytesToNumberBE(bytes2);
|
|
2533
|
+
const delta = bytes2.length * 8 - CURVE.nBitLength;
|
|
2534
|
+
return delta > 0 ? num >> BigInt(delta) : num;
|
|
2535
|
+
};
|
|
2536
|
+
const bits2int_modN = CURVE.bits2int_modN || function(bytes2) {
|
|
2537
|
+
return modN(bits2int(bytes2));
|
|
2538
|
+
};
|
|
2539
|
+
const ORDER_MASK = bitMask(CURVE.nBitLength);
|
|
2540
|
+
function int2octets(num) {
|
|
2541
|
+
if (typeof num !== "bigint")
|
|
2542
|
+
throw new Error("bigint expected");
|
|
2543
|
+
if (!(_0n4 <= num && num < ORDER_MASK))
|
|
2544
|
+
throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
|
|
2545
|
+
return numberToBytesBE(num, CURVE.nByteLength);
|
|
2546
|
+
}
|
|
2547
|
+
function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
|
|
2548
|
+
if (["recovered", "canonical"].some((k) => k in opts))
|
|
2549
|
+
throw new Error("sign() legacy options not supported");
|
|
2550
|
+
const { hash: hash2, randomBytes: randomBytes3 } = CURVE;
|
|
2551
|
+
let { lowS, prehash, extraEntropy: ent } = opts;
|
|
2552
|
+
if (lowS == null)
|
|
2553
|
+
lowS = true;
|
|
2554
|
+
msgHash = ensureBytes("msgHash", msgHash);
|
|
2555
|
+
if (prehash)
|
|
2556
|
+
msgHash = ensureBytes("prehashed msgHash", hash2(msgHash));
|
|
2557
|
+
const h1int = bits2int_modN(msgHash);
|
|
2558
|
+
const d = normPrivateKeyToScalar(privateKey);
|
|
2559
|
+
const seedArgs = [int2octets(d), int2octets(h1int)];
|
|
2560
|
+
if (ent != null) {
|
|
2561
|
+
const e = ent === true ? randomBytes3(Fp3.BYTES) : ent;
|
|
2562
|
+
seedArgs.push(ensureBytes("extraEntropy", e, Fp3.BYTES));
|
|
2563
|
+
}
|
|
2564
|
+
const seed = concatBytes2(...seedArgs);
|
|
2565
|
+
const m = h1int;
|
|
2566
|
+
function k2sig(kBytes) {
|
|
2567
|
+
const k = bits2int(kBytes);
|
|
2568
|
+
if (!isWithinCurveOrder(k))
|
|
2569
|
+
return;
|
|
2570
|
+
const ik = invN(k);
|
|
2571
|
+
const q = Point2.BASE.multiply(k).toAffine();
|
|
2572
|
+
const r = modN(q.x);
|
|
2573
|
+
if (r === _0n4)
|
|
2574
|
+
return;
|
|
2575
|
+
const s = modN(ik * modN(m + r * d));
|
|
2576
|
+
if (s === _0n4)
|
|
2577
|
+
return;
|
|
2578
|
+
let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
|
|
2579
|
+
let normS = s;
|
|
2580
|
+
if (lowS && isBiggerThanHalfOrder(s)) {
|
|
2581
|
+
normS = normalizeS(s);
|
|
2582
|
+
recovery ^= 1;
|
|
2583
|
+
}
|
|
2584
|
+
return new Signature(r, normS, recovery);
|
|
2585
|
+
}
|
|
2586
|
+
return { seed, k2sig };
|
|
2587
|
+
}
|
|
2588
|
+
const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
|
|
2589
|
+
const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
|
|
2590
|
+
function sign(msgHash, privKey, opts = defaultSigOpts) {
|
|
2591
|
+
const { seed, k2sig } = prepSig(msgHash, privKey, opts);
|
|
2592
|
+
const C = CURVE;
|
|
2593
|
+
const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);
|
|
2594
|
+
return drbg(seed, k2sig);
|
|
2595
|
+
}
|
|
2596
|
+
Point2.BASE._setWindowSize(8);
|
|
2597
|
+
function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
|
|
2598
|
+
const sg = signature;
|
|
2599
|
+
msgHash = ensureBytes("msgHash", msgHash);
|
|
2600
|
+
publicKey = ensureBytes("publicKey", publicKey);
|
|
2601
|
+
if ("strict" in opts)
|
|
2602
|
+
throw new Error("options.strict was renamed to lowS");
|
|
2603
|
+
const { lowS, prehash } = opts;
|
|
2604
|
+
let _sig = void 0;
|
|
2605
|
+
let P;
|
|
2606
|
+
try {
|
|
2607
|
+
if (typeof sg === "string" || sg instanceof Uint8Array) {
|
|
2608
|
+
try {
|
|
2609
|
+
_sig = Signature.fromDER(sg);
|
|
2610
|
+
} catch (derError) {
|
|
2611
|
+
if (!(derError instanceof DER.Err))
|
|
2612
|
+
throw derError;
|
|
2613
|
+
_sig = Signature.fromCompact(sg);
|
|
2614
|
+
}
|
|
2615
|
+
} else if (typeof sg === "object" && typeof sg.r === "bigint" && typeof sg.s === "bigint") {
|
|
2616
|
+
const { r: r2, s: s2 } = sg;
|
|
2617
|
+
_sig = new Signature(r2, s2);
|
|
2618
|
+
} else {
|
|
2619
|
+
throw new Error("PARSE");
|
|
2620
|
+
}
|
|
2621
|
+
P = Point2.fromHex(publicKey);
|
|
2622
|
+
} catch (error) {
|
|
2623
|
+
if (error.message === "PARSE")
|
|
2624
|
+
throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
|
|
2625
|
+
return false;
|
|
2626
|
+
}
|
|
2627
|
+
if (lowS && _sig.hasHighS())
|
|
2628
|
+
return false;
|
|
2629
|
+
if (prehash)
|
|
2630
|
+
msgHash = CURVE.hash(msgHash);
|
|
2631
|
+
const { r, s } = _sig;
|
|
2632
|
+
const h = bits2int_modN(msgHash);
|
|
2633
|
+
const is = invN(s);
|
|
2634
|
+
const u1 = modN(h * is);
|
|
2635
|
+
const u2 = modN(r * is);
|
|
2636
|
+
const R = Point2.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine();
|
|
2637
|
+
if (!R)
|
|
2638
|
+
return false;
|
|
2639
|
+
const v = modN(R.x);
|
|
2640
|
+
return v === r;
|
|
2641
|
+
}
|
|
2642
|
+
return {
|
|
2643
|
+
CURVE,
|
|
2644
|
+
getPublicKey,
|
|
2645
|
+
getSharedSecret,
|
|
2646
|
+
sign,
|
|
2647
|
+
verify,
|
|
2648
|
+
ProjectivePoint: Point2,
|
|
2649
|
+
Signature,
|
|
2650
|
+
utils
|
|
2651
|
+
};
|
|
2652
|
+
}
|
|
2653
|
+
|
|
2654
|
+
// ../../node_modules/@noble/curves/esm/_shortw_utils.js
|
|
2655
|
+
function getHash(hash2) {
|
|
2656
|
+
return {
|
|
2657
|
+
hash: hash2,
|
|
2658
|
+
hmac: (key, ...msgs) => hmac(hash2, key, concatBytes(...msgs)),
|
|
2659
|
+
randomBytes
|
|
2660
|
+
};
|
|
2661
|
+
}
|
|
2662
|
+
function createCurve(curveDef, defHash) {
|
|
2663
|
+
const create2 = (hash2) => weierstrass({ ...curveDef, ...getHash(hash2) });
|
|
2664
|
+
return Object.freeze({ ...create2(defHash), create: create2 });
|
|
2665
|
+
}
|
|
2666
|
+
|
|
2667
|
+
// ../../node_modules/@noble/hashes/esm/_sha2.js
|
|
2668
|
+
function setBigUint64(view, byteOffset, value, isLE2) {
|
|
2669
|
+
if (typeof view.setBigUint64 === "function")
|
|
2670
|
+
return view.setBigUint64(byteOffset, value, isLE2);
|
|
2671
|
+
const _32n = BigInt(32);
|
|
2672
|
+
const _u32_max = BigInt(4294967295);
|
|
2673
|
+
const wh = Number(value >> _32n & _u32_max);
|
|
2674
|
+
const wl = Number(value & _u32_max);
|
|
2675
|
+
const h = isLE2 ? 4 : 0;
|
|
2676
|
+
const l = isLE2 ? 0 : 4;
|
|
2677
|
+
view.setUint32(byteOffset + h, wh, isLE2);
|
|
2678
|
+
view.setUint32(byteOffset + l, wl, isLE2);
|
|
2679
|
+
}
|
|
2680
|
+
var SHA2 = class extends Hash {
|
|
2681
|
+
constructor(blockLen, outputLen, padOffset, isLE2) {
|
|
2682
|
+
super();
|
|
2683
|
+
this.blockLen = blockLen;
|
|
2684
|
+
this.outputLen = outputLen;
|
|
2685
|
+
this.padOffset = padOffset;
|
|
2686
|
+
this.isLE = isLE2;
|
|
2687
|
+
this.finished = false;
|
|
2688
|
+
this.length = 0;
|
|
2689
|
+
this.pos = 0;
|
|
2690
|
+
this.destroyed = false;
|
|
2691
|
+
this.buffer = new Uint8Array(blockLen);
|
|
2692
|
+
this.view = createView(this.buffer);
|
|
2693
|
+
}
|
|
2694
|
+
update(data) {
|
|
2695
|
+
assert_default.exists(this);
|
|
2696
|
+
const { view, buffer, blockLen } = this;
|
|
2697
|
+
data = toBytes(data);
|
|
2698
|
+
const len = data.length;
|
|
2699
|
+
for (let pos = 0; pos < len; ) {
|
|
2700
|
+
const take = Math.min(blockLen - this.pos, len - pos);
|
|
2701
|
+
if (take === blockLen) {
|
|
2702
|
+
const dataView = createView(data);
|
|
2703
|
+
for (; blockLen <= len - pos; pos += blockLen)
|
|
2704
|
+
this.process(dataView, pos);
|
|
2705
|
+
continue;
|
|
2706
|
+
}
|
|
2707
|
+
buffer.set(data.subarray(pos, pos + take), this.pos);
|
|
2708
|
+
this.pos += take;
|
|
2709
|
+
pos += take;
|
|
2710
|
+
if (this.pos === blockLen) {
|
|
2711
|
+
this.process(view, 0);
|
|
2712
|
+
this.pos = 0;
|
|
2713
|
+
}
|
|
2714
|
+
}
|
|
2715
|
+
this.length += data.length;
|
|
2716
|
+
this.roundClean();
|
|
2717
|
+
return this;
|
|
2718
|
+
}
|
|
2719
|
+
digestInto(out) {
|
|
2720
|
+
assert_default.exists(this);
|
|
2721
|
+
assert_default.output(out, this);
|
|
2722
|
+
this.finished = true;
|
|
2723
|
+
const { buffer, view, blockLen, isLE: isLE2 } = this;
|
|
2724
|
+
let { pos } = this;
|
|
2725
|
+
buffer[pos++] = 128;
|
|
2726
|
+
this.buffer.subarray(pos).fill(0);
|
|
2727
|
+
if (this.padOffset > blockLen - pos) {
|
|
2728
|
+
this.process(view, 0);
|
|
2729
|
+
pos = 0;
|
|
2730
|
+
}
|
|
2731
|
+
for (let i = pos; i < blockLen; i++)
|
|
2732
|
+
buffer[i] = 0;
|
|
2733
|
+
setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
|
|
2734
|
+
this.process(view, 0);
|
|
2735
|
+
const oview = createView(out);
|
|
2736
|
+
const len = this.outputLen;
|
|
2737
|
+
if (len % 4)
|
|
2738
|
+
throw new Error("_sha2: outputLen should be aligned to 32bit");
|
|
2739
|
+
const outLen = len / 4;
|
|
2740
|
+
const state = this.get();
|
|
2741
|
+
if (outLen > state.length)
|
|
2742
|
+
throw new Error("_sha2: outputLen bigger than state");
|
|
2743
|
+
for (let i = 0; i < outLen; i++)
|
|
2744
|
+
oview.setUint32(4 * i, state[i], isLE2);
|
|
2745
|
+
}
|
|
2746
|
+
digest() {
|
|
2747
|
+
const { buffer, outputLen } = this;
|
|
2748
|
+
this.digestInto(buffer);
|
|
2749
|
+
const res = buffer.slice(0, outputLen);
|
|
2750
|
+
this.destroy();
|
|
2751
|
+
return res;
|
|
2752
|
+
}
|
|
2753
|
+
_cloneInto(to) {
|
|
2754
|
+
to || (to = new this.constructor());
|
|
2755
|
+
to.set(...this.get());
|
|
2756
|
+
const { blockLen, buffer, length: length2, finished, destroyed, pos } = this;
|
|
2757
|
+
to.length = length2;
|
|
2758
|
+
to.pos = pos;
|
|
2759
|
+
to.finished = finished;
|
|
2760
|
+
to.destroyed = destroyed;
|
|
2761
|
+
if (length2 % blockLen)
|
|
2762
|
+
to.buffer.set(buffer);
|
|
2763
|
+
return to;
|
|
2764
|
+
}
|
|
2765
|
+
};
|
|
2766
|
+
|
|
2767
|
+
// ../../node_modules/@noble/hashes/esm/sha256.js
|
|
2768
|
+
var Chi = (a, b, c) => a & b ^ ~a & c;
|
|
2769
|
+
var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
|
|
2770
|
+
var SHA256_K = new Uint32Array([
|
|
2771
|
+
1116352408,
|
|
2772
|
+
1899447441,
|
|
2773
|
+
3049323471,
|
|
2774
|
+
3921009573,
|
|
2775
|
+
961987163,
|
|
2776
|
+
1508970993,
|
|
2777
|
+
2453635748,
|
|
2778
|
+
2870763221,
|
|
2779
|
+
3624381080,
|
|
2780
|
+
310598401,
|
|
2781
|
+
607225278,
|
|
2782
|
+
1426881987,
|
|
2783
|
+
1925078388,
|
|
2784
|
+
2162078206,
|
|
2785
|
+
2614888103,
|
|
2786
|
+
3248222580,
|
|
2787
|
+
3835390401,
|
|
2788
|
+
4022224774,
|
|
2789
|
+
264347078,
|
|
2790
|
+
604807628,
|
|
2791
|
+
770255983,
|
|
2792
|
+
1249150122,
|
|
2793
|
+
1555081692,
|
|
2794
|
+
1996064986,
|
|
2795
|
+
2554220882,
|
|
2796
|
+
2821834349,
|
|
2797
|
+
2952996808,
|
|
2798
|
+
3210313671,
|
|
2799
|
+
3336571891,
|
|
2800
|
+
3584528711,
|
|
2801
|
+
113926993,
|
|
2802
|
+
338241895,
|
|
2803
|
+
666307205,
|
|
2804
|
+
773529912,
|
|
2805
|
+
1294757372,
|
|
2806
|
+
1396182291,
|
|
2807
|
+
1695183700,
|
|
2808
|
+
1986661051,
|
|
2809
|
+
2177026350,
|
|
2810
|
+
2456956037,
|
|
2811
|
+
2730485921,
|
|
2812
|
+
2820302411,
|
|
2813
|
+
3259730800,
|
|
2814
|
+
3345764771,
|
|
2815
|
+
3516065817,
|
|
2816
|
+
3600352804,
|
|
2817
|
+
4094571909,
|
|
2818
|
+
275423344,
|
|
2819
|
+
430227734,
|
|
2820
|
+
506948616,
|
|
2821
|
+
659060556,
|
|
2822
|
+
883997877,
|
|
2823
|
+
958139571,
|
|
2824
|
+
1322822218,
|
|
2825
|
+
1537002063,
|
|
2826
|
+
1747873779,
|
|
2827
|
+
1955562222,
|
|
2828
|
+
2024104815,
|
|
2829
|
+
2227730452,
|
|
2830
|
+
2361852424,
|
|
2831
|
+
2428436474,
|
|
2832
|
+
2756734187,
|
|
2833
|
+
3204031479,
|
|
2834
|
+
3329325298
|
|
2835
|
+
]);
|
|
2836
|
+
var IV = new Uint32Array([
|
|
2837
|
+
1779033703,
|
|
2838
|
+
3144134277,
|
|
2839
|
+
1013904242,
|
|
2840
|
+
2773480762,
|
|
2841
|
+
1359893119,
|
|
2842
|
+
2600822924,
|
|
2843
|
+
528734635,
|
|
2844
|
+
1541459225
|
|
2845
|
+
]);
|
|
2846
|
+
var SHA256_W = new Uint32Array(64);
|
|
2847
|
+
var SHA256 = class extends SHA2 {
|
|
2848
|
+
constructor() {
|
|
2849
|
+
super(64, 32, 8, false);
|
|
2850
|
+
this.A = IV[0] | 0;
|
|
2851
|
+
this.B = IV[1] | 0;
|
|
2852
|
+
this.C = IV[2] | 0;
|
|
2853
|
+
this.D = IV[3] | 0;
|
|
2854
|
+
this.E = IV[4] | 0;
|
|
2855
|
+
this.F = IV[5] | 0;
|
|
2856
|
+
this.G = IV[6] | 0;
|
|
2857
|
+
this.H = IV[7] | 0;
|
|
2858
|
+
}
|
|
2859
|
+
get() {
|
|
2860
|
+
const { A, B, C, D, E, F, G, H } = this;
|
|
2861
|
+
return [A, B, C, D, E, F, G, H];
|
|
2862
|
+
}
|
|
2863
|
+
set(A, B, C, D, E, F, G, H) {
|
|
2864
|
+
this.A = A | 0;
|
|
2865
|
+
this.B = B | 0;
|
|
2866
|
+
this.C = C | 0;
|
|
2867
|
+
this.D = D | 0;
|
|
2868
|
+
this.E = E | 0;
|
|
2869
|
+
this.F = F | 0;
|
|
2870
|
+
this.G = G | 0;
|
|
2871
|
+
this.H = H | 0;
|
|
2872
|
+
}
|
|
2873
|
+
process(view, offset) {
|
|
2874
|
+
for (let i = 0; i < 16; i++, offset += 4)
|
|
2875
|
+
SHA256_W[i] = view.getUint32(offset, false);
|
|
2876
|
+
for (let i = 16; i < 64; i++) {
|
|
2877
|
+
const W15 = SHA256_W[i - 15];
|
|
2878
|
+
const W2 = SHA256_W[i - 2];
|
|
2879
|
+
const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
|
|
2880
|
+
const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
|
|
2881
|
+
SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
|
|
2882
|
+
}
|
|
2883
|
+
let { A, B, C, D, E, F, G, H } = this;
|
|
2884
|
+
for (let i = 0; i < 64; i++) {
|
|
2885
|
+
const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
|
|
2886
|
+
const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i] | 0;
|
|
2887
|
+
const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
|
|
2888
|
+
const T2 = sigma0 + Maj(A, B, C) | 0;
|
|
2889
|
+
H = G;
|
|
2890
|
+
G = F;
|
|
2891
|
+
F = E;
|
|
2892
|
+
E = D + T1 | 0;
|
|
2893
|
+
D = C;
|
|
2894
|
+
C = B;
|
|
2895
|
+
B = A;
|
|
2896
|
+
A = T1 + T2 | 0;
|
|
2897
|
+
}
|
|
2898
|
+
A = A + this.A | 0;
|
|
2899
|
+
B = B + this.B | 0;
|
|
2900
|
+
C = C + this.C | 0;
|
|
2901
|
+
D = D + this.D | 0;
|
|
2902
|
+
E = E + this.E | 0;
|
|
2903
|
+
F = F + this.F | 0;
|
|
2904
|
+
G = G + this.G | 0;
|
|
2905
|
+
H = H + this.H | 0;
|
|
2906
|
+
this.set(A, B, C, D, E, F, G, H);
|
|
2907
|
+
}
|
|
2908
|
+
roundClean() {
|
|
2909
|
+
SHA256_W.fill(0);
|
|
2910
|
+
}
|
|
2911
|
+
destroy() {
|
|
2912
|
+
this.set(0, 0, 0, 0, 0, 0, 0, 0);
|
|
2913
|
+
this.buffer.fill(0);
|
|
2914
|
+
}
|
|
2915
|
+
};
|
|
2916
|
+
var SHA224 = class extends SHA256 {
|
|
2917
|
+
constructor() {
|
|
2918
|
+
super();
|
|
2919
|
+
this.A = 3238371032 | 0;
|
|
2920
|
+
this.B = 914150663 | 0;
|
|
2921
|
+
this.C = 812702999 | 0;
|
|
2922
|
+
this.D = 4144912697 | 0;
|
|
2923
|
+
this.E = 4290775857 | 0;
|
|
2924
|
+
this.F = 1750603025 | 0;
|
|
2925
|
+
this.G = 1694076839 | 0;
|
|
2926
|
+
this.H = 3204075428 | 0;
|
|
2927
|
+
this.outputLen = 28;
|
|
2928
|
+
}
|
|
2929
|
+
};
|
|
2930
|
+
var sha2562 = wrapConstructor(() => new SHA256());
|
|
2931
|
+
var sha224 = wrapConstructor(() => new SHA224());
|
|
2932
|
+
|
|
2933
|
+
// ../../node_modules/@noble/curves/esm/p256.js
|
|
2934
|
+
var Fp = Field(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"));
|
|
2935
|
+
var CURVE_A = Fp.create(BigInt("-3"));
|
|
2936
|
+
var CURVE_B = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
|
|
2937
|
+
var p256 = createCurve({
|
|
2938
|
+
a: CURVE_A,
|
|
2939
|
+
b: CURVE_B,
|
|
2940
|
+
Fp,
|
|
2941
|
+
n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
|
|
2942
|
+
Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
|
|
2943
|
+
Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),
|
|
2944
|
+
h: BigInt(1),
|
|
2945
|
+
lowS: false
|
|
2946
|
+
}, sha2562);
|
|
2947
|
+
|
|
2948
|
+
// src/p256/encoding.ts
|
|
2949
|
+
var compressPubkey = (pubkeyBytes) => {
|
|
2950
|
+
const point = p256.ProjectivePoint.fromHex(pubkeyBytes);
|
|
2951
|
+
return point.toRawBytes(true);
|
|
2952
|
+
};
|
|
2953
|
+
var decompressPubkey = (compressed) => {
|
|
2954
|
+
if (compressed.length !== 33) {
|
|
2955
|
+
throw new Error("Expected 33 byte compress pubkey");
|
|
2956
|
+
}
|
|
2957
|
+
const point = p256.ProjectivePoint.fromHex(compressed);
|
|
2958
|
+
return point.toRawBytes(false);
|
|
2959
|
+
};
|
|
2960
|
+
|
|
2961
|
+
// ../../node_modules/@noble/curves/esm/secp256k1.js
|
|
2962
|
+
var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
|
|
2963
|
+
var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
|
|
2964
|
+
var _1n5 = BigInt(1);
|
|
2965
|
+
var _2n4 = BigInt(2);
|
|
2966
|
+
var divNearest = (a, b) => (a + b / _2n4) / b;
|
|
2967
|
+
function sqrtMod(y) {
|
|
2968
|
+
const P = secp256k1P;
|
|
2969
|
+
const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
|
|
2970
|
+
const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);
|
|
2971
|
+
const b2 = y * y * y % P;
|
|
2972
|
+
const b3 = b2 * b2 * y % P;
|
|
2973
|
+
const b6 = pow2(b3, _3n3, P) * b3 % P;
|
|
2974
|
+
const b9 = pow2(b6, _3n3, P) * b3 % P;
|
|
2975
|
+
const b11 = pow2(b9, _2n4, P) * b2 % P;
|
|
2976
|
+
const b22 = pow2(b11, _11n, P) * b11 % P;
|
|
2977
|
+
const b44 = pow2(b22, _22n, P) * b22 % P;
|
|
2978
|
+
const b88 = pow2(b44, _44n, P) * b44 % P;
|
|
2979
|
+
const b176 = pow2(b88, _88n, P) * b88 % P;
|
|
2980
|
+
const b220 = pow2(b176, _44n, P) * b44 % P;
|
|
2981
|
+
const b223 = pow2(b220, _3n3, P) * b3 % P;
|
|
2982
|
+
const t1 = pow2(b223, _23n, P) * b22 % P;
|
|
2983
|
+
const t2 = pow2(t1, _6n, P) * b2 % P;
|
|
2984
|
+
const root = pow2(t2, _2n4, P);
|
|
2985
|
+
if (!Fp2.eql(Fp2.sqr(root), y))
|
|
2986
|
+
throw new Error("Cannot find square root");
|
|
2987
|
+
return root;
|
|
2988
|
+
}
|
|
2989
|
+
var Fp2 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
|
|
2990
|
+
var secp256k1 = createCurve({
|
|
2991
|
+
a: BigInt(0),
|
|
2992
|
+
b: BigInt(7),
|
|
2993
|
+
Fp: Fp2,
|
|
2994
|
+
n: secp256k1N,
|
|
2995
|
+
Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
|
|
2996
|
+
Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
|
|
2997
|
+
h: BigInt(1),
|
|
2998
|
+
lowS: true,
|
|
2999
|
+
endo: {
|
|
3000
|
+
beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
|
|
3001
|
+
splitScalar: (k) => {
|
|
3002
|
+
const n = secp256k1N;
|
|
3003
|
+
const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
|
|
3004
|
+
const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
|
|
3005
|
+
const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
|
|
3006
|
+
const b2 = a1;
|
|
3007
|
+
const POW_2_128 = BigInt("0x100000000000000000000000000000000");
|
|
3008
|
+
const c1 = divNearest(b2 * k, n);
|
|
3009
|
+
const c2 = divNearest(-b1 * k, n);
|
|
3010
|
+
let k1 = mod(k - c1 * a1 - c2 * a2, n);
|
|
3011
|
+
let k2 = mod(-c1 * b1 - c2 * b2, n);
|
|
3012
|
+
const k1neg = k1 > POW_2_128;
|
|
3013
|
+
const k2neg = k2 > POW_2_128;
|
|
3014
|
+
if (k1neg)
|
|
3015
|
+
k1 = n - k1;
|
|
3016
|
+
if (k2neg)
|
|
3017
|
+
k2 = n - k2;
|
|
3018
|
+
if (k1 > POW_2_128 || k2 > POW_2_128) {
|
|
3019
|
+
throw new Error("splitScalar: Endomorphism failed, k=" + k);
|
|
3020
|
+
}
|
|
3021
|
+
return { k1neg, k1, k2neg, k2 };
|
|
3022
|
+
}
|
|
3023
|
+
}
|
|
3024
|
+
}, sha2562);
|
|
3025
|
+
var _0n5 = BigInt(0);
|
|
3026
|
+
var Point = secp256k1.ProjectivePoint;
|
|
3651
3027
|
|
|
3652
3028
|
// src/secp256k1/encoding.ts
|
|
3653
3029
|
var compressPubkey2 = (pubkeyBytes) => {
|
|
3654
|
-
const
|
|
3655
|
-
const point = Point.fromHex(hex);
|
|
3030
|
+
const point = secp256k1.ProjectivePoint.fromHex(pubkeyBytes);
|
|
3656
3031
|
return point.toRawBytes(true);
|
|
3657
3032
|
};
|
|
3658
3033
|
var decompressPubkey2 = (compressed) => {
|
|
3659
3034
|
if (compressed.length !== 33) {
|
|
3660
3035
|
throw new Error("Expected 33 byte compress pubkey");
|
|
3661
3036
|
}
|
|
3662
|
-
const
|
|
3663
|
-
const point = Point.fromHex(hex);
|
|
3037
|
+
const point = secp256k1.ProjectivePoint.fromHex(compressed);
|
|
3664
3038
|
return point.toRawBytes(false);
|
|
3665
3039
|
};
|
|
3666
3040
|
|
|
3667
3041
|
// src/p256/operations.ts
|
|
3668
|
-
var importKeypairJwk = async (jwk, exportable = false) => {
|
|
3669
|
-
const privateKey = await webcrypto.subtle.importKey(
|
|
3670
|
-
"jwk",
|
|
3671
|
-
jwk,
|
|
3672
|
-
{ name: "ECDSA", namedCurve: "P-256" },
|
|
3673
|
-
exportable,
|
|
3674
|
-
["sign"]
|
|
3675
|
-
);
|
|
3676
|
-
const { kty, crv, x, y } = jwk;
|
|
3677
|
-
const pubKeyJwk = { kty, crv, x, y };
|
|
3678
|
-
const publicKey = await webcrypto.subtle.importKey(
|
|
3679
|
-
"jwk",
|
|
3680
|
-
pubKeyJwk,
|
|
3681
|
-
{ name: "ECDSA", namedCurve: "P-256" },
|
|
3682
|
-
true,
|
|
3683
|
-
["verify"]
|
|
3684
|
-
);
|
|
3685
|
-
return { privateKey, publicKey };
|
|
3686
|
-
};
|
|
3687
3042
|
var verifyDidSig = async (did, data, sig) => {
|
|
3688
3043
|
const { jwtAlg, keyBytes } = parseDidKey(did);
|
|
3689
3044
|
if (jwtAlg !== P256_JWT_ALG) {
|
|
3690
3045
|
throw new Error(`Not a P-256 did:key: ${did}`);
|
|
3691
3046
|
}
|
|
3692
|
-
return
|
|
3693
|
-
};
|
|
3694
|
-
var verify2 = async (publicKey, data, sig) => {
|
|
3695
|
-
const importedKey = await importEcdsaPublicKey(publicKey);
|
|
3696
|
-
return webcrypto.subtle.verify(
|
|
3697
|
-
{ name: "ECDSA", hash: { name: "SHA-256" } },
|
|
3698
|
-
importedKey,
|
|
3699
|
-
sig,
|
|
3700
|
-
data
|
|
3701
|
-
);
|
|
3047
|
+
return verifySig(keyBytes, data, sig);
|
|
3702
3048
|
};
|
|
3703
|
-
var
|
|
3704
|
-
|
|
3705
|
-
|
|
3706
|
-
keyBytes,
|
|
3707
|
-
{ name: "ECDSA", namedCurve: "P-256" },
|
|
3708
|
-
true,
|
|
3709
|
-
["verify"]
|
|
3710
|
-
);
|
|
3049
|
+
var verifySig = async (publicKey, data, sig) => {
|
|
3050
|
+
const msgHash = await sha2562(data);
|
|
3051
|
+
return p256.verify(sig, msgHash, publicKey, { lowS: true });
|
|
3711
3052
|
};
|
|
3712
3053
|
|
|
3713
3054
|
// src/p256/plugin.ts
|
|
@@ -3724,8 +3065,11 @@ var verifyDidSig2 = async (did, data, sig) => {
|
|
|
3724
3065
|
if (jwtAlg !== SECP256K1_JWT_ALG) {
|
|
3725
3066
|
throw new Error(`Not a secp256k1 did:key: ${did}`);
|
|
3726
3067
|
}
|
|
3727
|
-
|
|
3728
|
-
|
|
3068
|
+
return verifySig2(keyBytes, data, sig);
|
|
3069
|
+
};
|
|
3070
|
+
var verifySig2 = async (publicKey, data, sig) => {
|
|
3071
|
+
const msgHash = await sha2562(data);
|
|
3072
|
+
return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
|
|
3729
3073
|
};
|
|
3730
3074
|
|
|
3731
3075
|
// src/secp256k1/plugin.ts
|
|
@@ -3741,13 +3085,12 @@ var plugins = [plugin_default, plugin_default2];
|
|
|
3741
3085
|
var plugins_default = plugins;
|
|
3742
3086
|
|
|
3743
3087
|
// src/did.ts
|
|
3744
|
-
var DID_KEY_BASE58_PREFIX = "did:key:z";
|
|
3745
3088
|
var parseDidKey = (did) => {
|
|
3746
|
-
if (!did.startsWith(
|
|
3089
|
+
if (!did.startsWith(BASE58_DID_PREFIX)) {
|
|
3747
3090
|
throw new Error(`Incorrect prefix for did:key: ${did}`);
|
|
3748
3091
|
}
|
|
3749
3092
|
const prefixedBytes = fromString2(
|
|
3750
|
-
did.slice(
|
|
3093
|
+
did.slice(BASE58_DID_PREFIX.length),
|
|
3751
3094
|
"base58btc"
|
|
3752
3095
|
);
|
|
3753
3096
|
const plugin = plugins_default.find((p) => hasPrefix(prefixedBytes, p.prefix));
|
|
@@ -3776,10 +3119,10 @@ var formatDidKey = (jwtAlg, keyBytes) => {
|
|
|
3776
3119
|
keyBytes = compressPubkey2(keyBytes);
|
|
3777
3120
|
}
|
|
3778
3121
|
const prefixedBytes = concat([plugin.prefix, keyBytes]);
|
|
3779
|
-
return
|
|
3122
|
+
return BASE58_DID_PREFIX + toString2(prefixedBytes, "base58btc");
|
|
3780
3123
|
};
|
|
3781
|
-
var hasPrefix = (
|
|
3782
|
-
return equals(prefix,
|
|
3124
|
+
var hasPrefix = (bytes2, prefix) => {
|
|
3125
|
+
return equals(prefix, bytes2.subarray(0, prefix.byteLength));
|
|
3783
3126
|
};
|
|
3784
3127
|
|
|
3785
3128
|
// src/multibase.ts
|
|
@@ -3807,26 +3150,47 @@ var multibaseToBytes = (mb) => {
|
|
|
3807
3150
|
throw new Error(`Unsupported multibase: :${mb}`);
|
|
3808
3151
|
}
|
|
3809
3152
|
};
|
|
3153
|
+
var bytesToMultibase = (mb, encoding) => {
|
|
3154
|
+
switch (encoding) {
|
|
3155
|
+
case "base16":
|
|
3156
|
+
return "f" + toString2(mb, encoding);
|
|
3157
|
+
case "base16upper":
|
|
3158
|
+
return "F" + toString2(mb, encoding);
|
|
3159
|
+
case "base32":
|
|
3160
|
+
return "b" + toString2(mb, encoding);
|
|
3161
|
+
case "base32upper":
|
|
3162
|
+
return "B" + toString2(mb, encoding);
|
|
3163
|
+
case "base58btc":
|
|
3164
|
+
return "z" + toString2(mb, encoding);
|
|
3165
|
+
case "base64":
|
|
3166
|
+
return "m" + toString2(mb, encoding);
|
|
3167
|
+
case "base64url":
|
|
3168
|
+
return "u" + toString2(mb, encoding);
|
|
3169
|
+
case "base64urlpad":
|
|
3170
|
+
return "U" + toString2(mb, encoding);
|
|
3171
|
+
default:
|
|
3172
|
+
throw new Error(`Unsupported multibase: :${mb}`);
|
|
3173
|
+
}
|
|
3174
|
+
};
|
|
3810
3175
|
|
|
3811
3176
|
// src/sha.ts
|
|
3812
|
-
var
|
|
3813
|
-
|
|
3814
|
-
|
|
3815
|
-
const hash = await sha256.digest(bytes);
|
|
3816
|
-
return hash.digest;
|
|
3177
|
+
var sha2563 = async (input) => {
|
|
3178
|
+
const bytes2 = typeof input === "string" ? fromString2(input, "utf8") : input;
|
|
3179
|
+
return sha2562(bytes2);
|
|
3817
3180
|
};
|
|
3818
|
-
|
|
3819
|
-
|
|
3820
|
-
|
|
3821
|
-
|
|
3822
|
-
|
|
3823
|
-
|
|
3824
|
-
|
|
3825
|
-
|
|
3826
|
-
|
|
3827
|
-
|
|
3828
|
-
|
|
3829
|
-
|
|
3181
|
+
|
|
3182
|
+
// src/random.ts
|
|
3183
|
+
var randomBytes2 = randomBytes;
|
|
3184
|
+
var randomStr = (byteLength, encoding) => {
|
|
3185
|
+
const bytes2 = randomBytes2(byteLength);
|
|
3186
|
+
return toString2(bytes2, encoding);
|
|
3187
|
+
};
|
|
3188
|
+
var randomIntFromSeed = async (seed, high, low = 0) => {
|
|
3189
|
+
const hash2 = await sha2563(seed);
|
|
3190
|
+
const number2 = Buffer.from(hash2).readUintBE(0, 6);
|
|
3191
|
+
const range = high - low;
|
|
3192
|
+
const normalized = number2 % range;
|
|
3193
|
+
return normalized + low;
|
|
3830
3194
|
};
|
|
3831
3195
|
|
|
3832
3196
|
// src/verify.ts
|
|
@@ -3845,30 +3209,22 @@ var verifySignatureUtf8 = async (didKey, data, sig) => {
|
|
|
3845
3209
|
};
|
|
3846
3210
|
|
|
3847
3211
|
// src/p256/keypair.ts
|
|
3848
|
-
var
|
|
3849
|
-
constructor(
|
|
3850
|
-
this.
|
|
3851
|
-
this.keypair = keypair;
|
|
3852
|
-
this.publicKey = publicKey;
|
|
3212
|
+
var P256Keypair = class {
|
|
3213
|
+
constructor(privateKey, exportable) {
|
|
3214
|
+
this.privateKey = privateKey;
|
|
3853
3215
|
this.exportable = exportable;
|
|
3216
|
+
this.jwtAlg = P256_JWT_ALG;
|
|
3217
|
+
this.publicKey = p256.getPublicKey(privateKey);
|
|
3854
3218
|
}
|
|
3855
3219
|
static async create(opts) {
|
|
3856
3220
|
const { exportable = false } = opts || {};
|
|
3857
|
-
const
|
|
3858
|
-
|
|
3859
|
-
|
|
3860
|
-
|
|
3861
|
-
);
|
|
3862
|
-
const pubkeyBuf = await webcrypto.subtle.exportKey("raw", keypair.publicKey);
|
|
3863
|
-
const pubkeyBytes = new Uint8Array(pubkeyBuf);
|
|
3864
|
-
return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
|
|
3865
|
-
}
|
|
3866
|
-
static async import(jwk, opts) {
|
|
3221
|
+
const privKey = p256.utils.randomPrivateKey();
|
|
3222
|
+
return new P256Keypair(privKey, exportable);
|
|
3223
|
+
}
|
|
3224
|
+
static async import(privKey, opts) {
|
|
3867
3225
|
const { exportable = false } = opts || {};
|
|
3868
|
-
const
|
|
3869
|
-
|
|
3870
|
-
const pubkeyBytes = new Uint8Array(pubkeyBuf);
|
|
3871
|
-
return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
|
|
3226
|
+
const privKeyBytes = typeof privKey === "string" ? fromString2(privKey, "hex") : privKey;
|
|
3227
|
+
return new P256Keypair(privKeyBytes, exportable);
|
|
3872
3228
|
}
|
|
3873
3229
|
publicKeyBytes() {
|
|
3874
3230
|
return this.publicKey;
|
|
@@ -3880,19 +3236,15 @@ var EcdsaKeypair = class {
|
|
|
3880
3236
|
return formatDidKey(this.jwtAlg, this.publicKey);
|
|
3881
3237
|
}
|
|
3882
3238
|
async sign(msg) {
|
|
3883
|
-
const
|
|
3884
|
-
|
|
3885
|
-
|
|
3886
|
-
msg.buffer
|
|
3887
|
-
);
|
|
3888
|
-
return new Uint8Array(buf);
|
|
3239
|
+
const msgHash = await sha2562(msg);
|
|
3240
|
+
const sig = await p256.sign(msgHash, this.privateKey, { lowS: true });
|
|
3241
|
+
return sig.toCompactRawBytes();
|
|
3889
3242
|
}
|
|
3890
3243
|
async export() {
|
|
3891
3244
|
if (!this.exportable) {
|
|
3892
3245
|
throw new Error("Private key is not exportable");
|
|
3893
3246
|
}
|
|
3894
|
-
|
|
3895
|
-
return jwk;
|
|
3247
|
+
return this.privateKey;
|
|
3896
3248
|
}
|
|
3897
3249
|
};
|
|
3898
3250
|
|
|
@@ -3902,11 +3254,11 @@ var Secp256k1Keypair = class {
|
|
|
3902
3254
|
this.privateKey = privateKey;
|
|
3903
3255
|
this.exportable = exportable;
|
|
3904
3256
|
this.jwtAlg = SECP256K1_JWT_ALG;
|
|
3905
|
-
this.publicKey = getPublicKey(privateKey);
|
|
3257
|
+
this.publicKey = secp256k1.getPublicKey(privateKey);
|
|
3906
3258
|
}
|
|
3907
3259
|
static async create(opts) {
|
|
3908
3260
|
const { exportable = false } = opts || {};
|
|
3909
|
-
const privKey = utils.randomPrivateKey();
|
|
3261
|
+
const privKey = secp256k1.utils.randomPrivateKey();
|
|
3910
3262
|
return new Secp256k1Keypair(privKey, exportable);
|
|
3911
3263
|
}
|
|
3912
3264
|
static async import(privKey, opts) {
|
|
@@ -3924,8 +3276,9 @@ var Secp256k1Keypair = class {
|
|
|
3924
3276
|
return formatDidKey(this.jwtAlg, this.publicKey);
|
|
3925
3277
|
}
|
|
3926
3278
|
async sign(msg) {
|
|
3927
|
-
const msgHash = await
|
|
3928
|
-
|
|
3279
|
+
const msgHash = await sha2562(msg);
|
|
3280
|
+
const sig = await secp256k1.sign(msgHash, this.privateKey, { lowS: true });
|
|
3281
|
+
return sig.toCompactRawBytes();
|
|
3929
3282
|
}
|
|
3930
3283
|
async export() {
|
|
3931
3284
|
if (!this.exportable) {
|
|
@@ -3936,27 +3289,26 @@ var Secp256k1Keypair = class {
|
|
|
3936
3289
|
};
|
|
3937
3290
|
// Annotate the CommonJS export names for ESM import in node:
|
|
3938
3291
|
0 && (module.exports = {
|
|
3939
|
-
AesKey,
|
|
3940
3292
|
BASE58_DID_PREFIX,
|
|
3941
|
-
|
|
3942
|
-
EcdsaKeypair,
|
|
3293
|
+
P256Keypair,
|
|
3943
3294
|
P256_DID_PREFIX,
|
|
3944
3295
|
P256_JWT_ALG,
|
|
3945
3296
|
SECP256K1_DID_PREFIX,
|
|
3946
3297
|
SECP256K1_JWT_ALG,
|
|
3947
3298
|
Secp256k1Keypair,
|
|
3299
|
+
bytesToMultibase,
|
|
3948
3300
|
formatDidKey,
|
|
3949
3301
|
multibaseToBytes,
|
|
3950
3302
|
p256Plugin,
|
|
3951
3303
|
parseDidKey,
|
|
3952
3304
|
randomBytes,
|
|
3953
|
-
|
|
3305
|
+
randomIntFromSeed,
|
|
3954
3306
|
randomStr,
|
|
3955
3307
|
secp256k1Plugin,
|
|
3956
3308
|
sha256,
|
|
3957
|
-
sha256Stream,
|
|
3958
3309
|
verifySignature,
|
|
3959
3310
|
verifySignatureUtf8
|
|
3960
3311
|
});
|
|
3961
|
-
/*! noble-
|
|
3312
|
+
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
3313
|
+
/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
3962
3314
|
//# sourceMappingURL=index.js.map
|