@atproto/crypto 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/dist/did.d.ts +0 -1
  2. package/dist/index.d.ts +0 -1
  3. package/dist/index.js +1885 -2533
  4. package/dist/index.js.map +4 -4
  5. package/dist/multibase.d.ts +2 -0
  6. package/dist/p256/keypair.d.ts +9 -9
  7. package/dist/p256/operations.d.ts +1 -3
  8. package/dist/random.d.ts +3 -2
  9. package/dist/secp256k1/operations.d.ts +1 -0
  10. package/dist/sha.d.ts +0 -2
  11. package/dist/types.d.ts +1 -0
  12. package/package.json +10 -7
  13. package/src/did.ts +4 -8
  14. package/src/index.ts +0 -1
  15. package/src/multibase.ts +27 -0
  16. package/src/p256/encoding.ts +5 -72
  17. package/src/p256/keypair.ts +25 -41
  18. package/src/p256/operations.ts +6 -45
  19. package/src/random.ts +15 -8
  20. package/src/secp256k1/encoding.ts +3 -5
  21. package/src/secp256k1/keypair.ts +7 -5
  22. package/src/secp256k1/operations.ts +12 -3
  23. package/src/sha.ts +2 -19
  24. package/src/types.ts +1 -0
  25. package/tests/did.test.ts +8 -22
  26. package/tests/key-compression.test.ts +3 -3
  27. package/tests/keypairs.test.ts +71 -0
  28. package/tests/signature-fixtures.json +34 -0
  29. package/tests/signatures.test.ts +161 -0
  30. package/tsconfig.build.tsbuildinfo +1 -0
  31. package/tsconfig.json +1 -4
  32. package/dist/const.d.ts +0 -5
  33. package/dist/p256/encoding.d.ts +0 -2
  34. package/dist/p256/plugin.d.ts +0 -3
  35. package/dist/plugins.d.ts +0 -2
  36. package/dist/secp256k1/encoding.d.ts +0 -2
  37. package/dist/secp256k1/keypair.d.ts +0 -20
  38. package/dist/secp256k1/plugin.d.ts +0 -3
  39. package/dist/src/aes.d.ts +0 -8
  40. package/dist/src/const.d.ts +0 -5
  41. package/dist/src/did.d.ts +0 -7
  42. package/dist/src/index.d.ts +0 -12
  43. package/dist/src/multibase.d.ts +0 -1
  44. package/dist/src/p256/ecdh.d.ts +0 -11
  45. package/dist/src/p256/ecdsa.d.ts +0 -19
  46. package/dist/src/p256/encoding.d.ts +0 -2
  47. package/dist/src/p256/keypair.d.ts +0 -19
  48. package/dist/src/p256/operations.d.ts +0 -4
  49. package/dist/src/p256/plugin.d.ts +0 -3
  50. package/dist/src/plugins.d.ts +0 -2
  51. package/dist/src/random.d.ts +0 -4
  52. package/dist/src/secp256k1/encoding.d.ts +0 -2
  53. package/dist/src/secp256k1/keypair.d.ts +0 -19
  54. package/dist/src/secp256k1/operations.d.ts +0 -1
  55. package/dist/src/secp256k1/plugin.d.ts +0 -3
  56. package/dist/src/sha.d.ts +0 -3
  57. package/dist/src/types.d.ts +0 -13
  58. package/dist/src/verify.d.ts +0 -1
  59. package/dist/verify.d.ts +0 -2
  60. package/src/aes.ts +0 -64
  61. package/tests/export.test.ts +0 -50
package/dist/index.js CHANGED
@@ -5,9 +5,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
5
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
6
  var __getProtoOf = Object.getPrototypeOf;
7
7
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
- var __commonJS = (cb, mod2) => function __require() {
9
- return mod2 || (0, cb[__getOwnPropNames(cb)[0]])((mod2 = { exports: {} }).exports, mod2), mod2.exports;
10
- };
11
8
  var __export = (target, all) => {
12
9
  for (var name2 in all)
13
10
  __defProp(target, name2, { get: all[name2], enumerable: true });
@@ -26,1404 +23,50 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
26
23
  ));
27
24
  var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
28
25
 
29
- // ../../node_modules/big-integer/BigInteger.js
30
- var require_BigInteger = __commonJS({
31
- "../../node_modules/big-integer/BigInteger.js"(exports, module2) {
32
- var bigInt2 = function(undefined2) {
33
- "use strict";
34
- var BASE = 1e7, LOG_BASE = 7, MAX_INT = 9007199254740992, MAX_INT_ARR = smallToArray(MAX_INT), DEFAULT_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyz";
35
- var supportsNativeBigInt = typeof BigInt === "function";
36
- function Integer(v, radix, alphabet2, caseSensitive) {
37
- if (typeof v === "undefined")
38
- return Integer[0];
39
- if (typeof radix !== "undefined")
40
- return +radix === 10 && !alphabet2 ? parseValue(v) : parseBase(v, radix, alphabet2, caseSensitive);
41
- return parseValue(v);
42
- }
43
- function BigInteger(value, sign2) {
44
- this.value = value;
45
- this.sign = sign2;
46
- this.isSmall = false;
47
- }
48
- BigInteger.prototype = Object.create(Integer.prototype);
49
- function SmallInteger(value) {
50
- this.value = value;
51
- this.sign = value < 0;
52
- this.isSmall = true;
53
- }
54
- SmallInteger.prototype = Object.create(Integer.prototype);
55
- function NativeBigInt(value) {
56
- this.value = value;
57
- }
58
- NativeBigInt.prototype = Object.create(Integer.prototype);
59
- function isPrecise(n) {
60
- return -MAX_INT < n && n < MAX_INT;
61
- }
62
- function smallToArray(n) {
63
- if (n < 1e7)
64
- return [n];
65
- if (n < 1e14)
66
- return [n % 1e7, Math.floor(n / 1e7)];
67
- return [n % 1e7, Math.floor(n / 1e7) % 1e7, Math.floor(n / 1e14)];
68
- }
69
- function arrayToSmall(arr) {
70
- trim(arr);
71
- var length2 = arr.length;
72
- if (length2 < 4 && compareAbs(arr, MAX_INT_ARR) < 0) {
73
- switch (length2) {
74
- case 0:
75
- return 0;
76
- case 1:
77
- return arr[0];
78
- case 2:
79
- return arr[0] + arr[1] * BASE;
80
- default:
81
- return arr[0] + (arr[1] + arr[2] * BASE) * BASE;
82
- }
83
- }
84
- return arr;
85
- }
86
- function trim(v) {
87
- var i2 = v.length;
88
- while (v[--i2] === 0)
89
- ;
90
- v.length = i2 + 1;
91
- }
92
- function createArray(length2) {
93
- var x = new Array(length2);
94
- var i2 = -1;
95
- while (++i2 < length2) {
96
- x[i2] = 0;
97
- }
98
- return x;
99
- }
100
- function truncate(n) {
101
- if (n > 0)
102
- return Math.floor(n);
103
- return Math.ceil(n);
104
- }
105
- function add(a, b) {
106
- var l_a = a.length, l_b = b.length, r = new Array(l_a), carry = 0, base3 = BASE, sum, i2;
107
- for (i2 = 0; i2 < l_b; i2++) {
108
- sum = a[i2] + b[i2] + carry;
109
- carry = sum >= base3 ? 1 : 0;
110
- r[i2] = sum - carry * base3;
111
- }
112
- while (i2 < l_a) {
113
- sum = a[i2] + carry;
114
- carry = sum === base3 ? 1 : 0;
115
- r[i2++] = sum - carry * base3;
116
- }
117
- if (carry > 0)
118
- r.push(carry);
119
- return r;
120
- }
121
- function addAny(a, b) {
122
- if (a.length >= b.length)
123
- return add(a, b);
124
- return add(b, a);
125
- }
126
- function addSmall(a, carry) {
127
- var l = a.length, r = new Array(l), base3 = BASE, sum, i2;
128
- for (i2 = 0; i2 < l; i2++) {
129
- sum = a[i2] - base3 + carry;
130
- carry = Math.floor(sum / base3);
131
- r[i2] = sum - carry * base3;
132
- carry += 1;
133
- }
134
- while (carry > 0) {
135
- r[i2++] = carry % base3;
136
- carry = Math.floor(carry / base3);
137
- }
138
- return r;
139
- }
140
- BigInteger.prototype.add = function(v) {
141
- var n = parseValue(v);
142
- if (this.sign !== n.sign) {
143
- return this.subtract(n.negate());
144
- }
145
- var a = this.value, b = n.value;
146
- if (n.isSmall) {
147
- return new BigInteger(addSmall(a, Math.abs(b)), this.sign);
148
- }
149
- return new BigInteger(addAny(a, b), this.sign);
150
- };
151
- BigInteger.prototype.plus = BigInteger.prototype.add;
152
- SmallInteger.prototype.add = function(v) {
153
- var n = parseValue(v);
154
- var a = this.value;
155
- if (a < 0 !== n.sign) {
156
- return this.subtract(n.negate());
157
- }
158
- var b = n.value;
159
- if (n.isSmall) {
160
- if (isPrecise(a + b))
161
- return new SmallInteger(a + b);
162
- b = smallToArray(Math.abs(b));
163
- }
164
- return new BigInteger(addSmall(b, Math.abs(a)), a < 0);
165
- };
166
- SmallInteger.prototype.plus = SmallInteger.prototype.add;
167
- NativeBigInt.prototype.add = function(v) {
168
- return new NativeBigInt(this.value + parseValue(v).value);
169
- };
170
- NativeBigInt.prototype.plus = NativeBigInt.prototype.add;
171
- function subtract(a, b) {
172
- var a_l = a.length, b_l = b.length, r = new Array(a_l), borrow = 0, base3 = BASE, i2, difference;
173
- for (i2 = 0; i2 < b_l; i2++) {
174
- difference = a[i2] - borrow - b[i2];
175
- if (difference < 0) {
176
- difference += base3;
177
- borrow = 1;
178
- } else
179
- borrow = 0;
180
- r[i2] = difference;
181
- }
182
- for (i2 = b_l; i2 < a_l; i2++) {
183
- difference = a[i2] - borrow;
184
- if (difference < 0)
185
- difference += base3;
186
- else {
187
- r[i2++] = difference;
188
- break;
189
- }
190
- r[i2] = difference;
191
- }
192
- for (; i2 < a_l; i2++) {
193
- r[i2] = a[i2];
194
- }
195
- trim(r);
196
- return r;
197
- }
198
- function subtractAny(a, b, sign2) {
199
- var value;
200
- if (compareAbs(a, b) >= 0) {
201
- value = subtract(a, b);
202
- } else {
203
- value = subtract(b, a);
204
- sign2 = !sign2;
205
- }
206
- value = arrayToSmall(value);
207
- if (typeof value === "number") {
208
- if (sign2)
209
- value = -value;
210
- return new SmallInteger(value);
211
- }
212
- return new BigInteger(value, sign2);
213
- }
214
- function subtractSmall(a, b, sign2) {
215
- var l = a.length, r = new Array(l), carry = -b, base3 = BASE, i2, difference;
216
- for (i2 = 0; i2 < l; i2++) {
217
- difference = a[i2] + carry;
218
- carry = Math.floor(difference / base3);
219
- difference %= base3;
220
- r[i2] = difference < 0 ? difference + base3 : difference;
221
- }
222
- r = arrayToSmall(r);
223
- if (typeof r === "number") {
224
- if (sign2)
225
- r = -r;
226
- return new SmallInteger(r);
227
- }
228
- return new BigInteger(r, sign2);
229
- }
230
- BigInteger.prototype.subtract = function(v) {
231
- var n = parseValue(v);
232
- if (this.sign !== n.sign) {
233
- return this.add(n.negate());
234
- }
235
- var a = this.value, b = n.value;
236
- if (n.isSmall)
237
- return subtractSmall(a, Math.abs(b), this.sign);
238
- return subtractAny(a, b, this.sign);
239
- };
240
- BigInteger.prototype.minus = BigInteger.prototype.subtract;
241
- SmallInteger.prototype.subtract = function(v) {
242
- var n = parseValue(v);
243
- var a = this.value;
244
- if (a < 0 !== n.sign) {
245
- return this.add(n.negate());
246
- }
247
- var b = n.value;
248
- if (n.isSmall) {
249
- return new SmallInteger(a - b);
250
- }
251
- return subtractSmall(b, Math.abs(a), a >= 0);
252
- };
253
- SmallInteger.prototype.minus = SmallInteger.prototype.subtract;
254
- NativeBigInt.prototype.subtract = function(v) {
255
- return new NativeBigInt(this.value - parseValue(v).value);
256
- };
257
- NativeBigInt.prototype.minus = NativeBigInt.prototype.subtract;
258
- BigInteger.prototype.negate = function() {
259
- return new BigInteger(this.value, !this.sign);
260
- };
261
- SmallInteger.prototype.negate = function() {
262
- var sign2 = this.sign;
263
- var small = new SmallInteger(-this.value);
264
- small.sign = !sign2;
265
- return small;
266
- };
267
- NativeBigInt.prototype.negate = function() {
268
- return new NativeBigInt(-this.value);
269
- };
270
- BigInteger.prototype.abs = function() {
271
- return new BigInteger(this.value, false);
272
- };
273
- SmallInteger.prototype.abs = function() {
274
- return new SmallInteger(Math.abs(this.value));
275
- };
276
- NativeBigInt.prototype.abs = function() {
277
- return new NativeBigInt(this.value >= 0 ? this.value : -this.value);
278
- };
279
- function multiplyLong(a, b) {
280
- var a_l = a.length, b_l = b.length, l = a_l + b_l, r = createArray(l), base3 = BASE, product, carry, i2, a_i, b_j;
281
- for (i2 = 0; i2 < a_l; ++i2) {
282
- a_i = a[i2];
283
- for (var j = 0; j < b_l; ++j) {
284
- b_j = b[j];
285
- product = a_i * b_j + r[i2 + j];
286
- carry = Math.floor(product / base3);
287
- r[i2 + j] = product - carry * base3;
288
- r[i2 + j + 1] += carry;
289
- }
290
- }
291
- trim(r);
292
- return r;
293
- }
294
- function multiplySmall(a, b) {
295
- var l = a.length, r = new Array(l), base3 = BASE, carry = 0, product, i2;
296
- for (i2 = 0; i2 < l; i2++) {
297
- product = a[i2] * b + carry;
298
- carry = Math.floor(product / base3);
299
- r[i2] = product - carry * base3;
300
- }
301
- while (carry > 0) {
302
- r[i2++] = carry % base3;
303
- carry = Math.floor(carry / base3);
304
- }
305
- return r;
306
- }
307
- function shiftLeft(x, n) {
308
- var r = [];
309
- while (n-- > 0)
310
- r.push(0);
311
- return r.concat(x);
312
- }
313
- function multiplyKaratsuba(x, y) {
314
- var n = Math.max(x.length, y.length);
315
- if (n <= 30)
316
- return multiplyLong(x, y);
317
- n = Math.ceil(n / 2);
318
- var b = x.slice(n), a = x.slice(0, n), d = y.slice(n), c = y.slice(0, n);
319
- var ac = multiplyKaratsuba(a, c), bd = multiplyKaratsuba(b, d), abcd = multiplyKaratsuba(addAny(a, b), addAny(c, d));
320
- var product = addAny(addAny(ac, shiftLeft(subtract(subtract(abcd, ac), bd), n)), shiftLeft(bd, 2 * n));
321
- trim(product);
322
- return product;
323
- }
324
- function useKaratsuba(l1, l2) {
325
- return -0.012 * l1 - 0.012 * l2 + 15e-6 * l1 * l2 > 0;
326
- }
327
- BigInteger.prototype.multiply = function(v) {
328
- var n = parseValue(v), a = this.value, b = n.value, sign2 = this.sign !== n.sign, abs;
329
- if (n.isSmall) {
330
- if (b === 0)
331
- return Integer[0];
332
- if (b === 1)
333
- return this;
334
- if (b === -1)
335
- return this.negate();
336
- abs = Math.abs(b);
337
- if (abs < BASE) {
338
- return new BigInteger(multiplySmall(a, abs), sign2);
339
- }
340
- b = smallToArray(abs);
341
- }
342
- if (useKaratsuba(a.length, b.length))
343
- return new BigInteger(multiplyKaratsuba(a, b), sign2);
344
- return new BigInteger(multiplyLong(a, b), sign2);
345
- };
346
- BigInteger.prototype.times = BigInteger.prototype.multiply;
347
- function multiplySmallAndArray(a, b, sign2) {
348
- if (a < BASE) {
349
- return new BigInteger(multiplySmall(b, a), sign2);
350
- }
351
- return new BigInteger(multiplyLong(b, smallToArray(a)), sign2);
352
- }
353
- SmallInteger.prototype._multiplyBySmall = function(a) {
354
- if (isPrecise(a.value * this.value)) {
355
- return new SmallInteger(a.value * this.value);
356
- }
357
- return multiplySmallAndArray(Math.abs(a.value), smallToArray(Math.abs(this.value)), this.sign !== a.sign);
358
- };
359
- BigInteger.prototype._multiplyBySmall = function(a) {
360
- if (a.value === 0)
361
- return Integer[0];
362
- if (a.value === 1)
363
- return this;
364
- if (a.value === -1)
365
- return this.negate();
366
- return multiplySmallAndArray(Math.abs(a.value), this.value, this.sign !== a.sign);
367
- };
368
- SmallInteger.prototype.multiply = function(v) {
369
- return parseValue(v)._multiplyBySmall(this);
370
- };
371
- SmallInteger.prototype.times = SmallInteger.prototype.multiply;
372
- NativeBigInt.prototype.multiply = function(v) {
373
- return new NativeBigInt(this.value * parseValue(v).value);
374
- };
375
- NativeBigInt.prototype.times = NativeBigInt.prototype.multiply;
376
- function square(a) {
377
- var l = a.length, r = createArray(l + l), base3 = BASE, product, carry, i2, a_i, a_j;
378
- for (i2 = 0; i2 < l; i2++) {
379
- a_i = a[i2];
380
- carry = 0 - a_i * a_i;
381
- for (var j = i2; j < l; j++) {
382
- a_j = a[j];
383
- product = 2 * (a_i * a_j) + r[i2 + j] + carry;
384
- carry = Math.floor(product / base3);
385
- r[i2 + j] = product - carry * base3;
386
- }
387
- r[i2 + l] = carry;
388
- }
389
- trim(r);
390
- return r;
391
- }
392
- BigInteger.prototype.square = function() {
393
- return new BigInteger(square(this.value), false);
394
- };
395
- SmallInteger.prototype.square = function() {
396
- var value = this.value * this.value;
397
- if (isPrecise(value))
398
- return new SmallInteger(value);
399
- return new BigInteger(square(smallToArray(Math.abs(this.value))), false);
400
- };
401
- NativeBigInt.prototype.square = function(v) {
402
- return new NativeBigInt(this.value * this.value);
403
- };
404
- function divMod1(a, b) {
405
- var a_l = a.length, b_l = b.length, base3 = BASE, result = createArray(b.length), divisorMostSignificantDigit = b[b_l - 1], lambda = Math.ceil(base3 / (2 * divisorMostSignificantDigit)), remainder = multiplySmall(a, lambda), divisor = multiplySmall(b, lambda), quotientDigit, shift, carry, borrow, i2, l, q;
406
- if (remainder.length <= a_l)
407
- remainder.push(0);
408
- divisor.push(0);
409
- divisorMostSignificantDigit = divisor[b_l - 1];
410
- for (shift = a_l - b_l; shift >= 0; shift--) {
411
- quotientDigit = base3 - 1;
412
- if (remainder[shift + b_l] !== divisorMostSignificantDigit) {
413
- quotientDigit = Math.floor((remainder[shift + b_l] * base3 + remainder[shift + b_l - 1]) / divisorMostSignificantDigit);
414
- }
415
- carry = 0;
416
- borrow = 0;
417
- l = divisor.length;
418
- for (i2 = 0; i2 < l; i2++) {
419
- carry += quotientDigit * divisor[i2];
420
- q = Math.floor(carry / base3);
421
- borrow += remainder[shift + i2] - (carry - q * base3);
422
- carry = q;
423
- if (borrow < 0) {
424
- remainder[shift + i2] = borrow + base3;
425
- borrow = -1;
426
- } else {
427
- remainder[shift + i2] = borrow;
428
- borrow = 0;
429
- }
430
- }
431
- while (borrow !== 0) {
432
- quotientDigit -= 1;
433
- carry = 0;
434
- for (i2 = 0; i2 < l; i2++) {
435
- carry += remainder[shift + i2] - base3 + divisor[i2];
436
- if (carry < 0) {
437
- remainder[shift + i2] = carry + base3;
438
- carry = 0;
439
- } else {
440
- remainder[shift + i2] = carry;
441
- carry = 1;
442
- }
443
- }
444
- borrow += carry;
445
- }
446
- result[shift] = quotientDigit;
447
- }
448
- remainder = divModSmall(remainder, lambda)[0];
449
- return [arrayToSmall(result), arrayToSmall(remainder)];
450
- }
451
- function divMod2(a, b) {
452
- var a_l = a.length, b_l = b.length, result = [], part = [], base3 = BASE, guess, xlen, highx, highy, check;
453
- while (a_l) {
454
- part.unshift(a[--a_l]);
455
- trim(part);
456
- if (compareAbs(part, b) < 0) {
457
- result.push(0);
458
- continue;
459
- }
460
- xlen = part.length;
461
- highx = part[xlen - 1] * base3 + part[xlen - 2];
462
- highy = b[b_l - 1] * base3 + b[b_l - 2];
463
- if (xlen > b_l) {
464
- highx = (highx + 1) * base3;
465
- }
466
- guess = Math.ceil(highx / highy);
467
- do {
468
- check = multiplySmall(b, guess);
469
- if (compareAbs(check, part) <= 0)
470
- break;
471
- guess--;
472
- } while (guess);
473
- result.push(guess);
474
- part = subtract(part, check);
475
- }
476
- result.reverse();
477
- return [arrayToSmall(result), arrayToSmall(part)];
478
- }
479
- function divModSmall(value, lambda) {
480
- var length2 = value.length, quotient = createArray(length2), base3 = BASE, i2, q, remainder, divisor;
481
- remainder = 0;
482
- for (i2 = length2 - 1; i2 >= 0; --i2) {
483
- divisor = remainder * base3 + value[i2];
484
- q = truncate(divisor / lambda);
485
- remainder = divisor - q * lambda;
486
- quotient[i2] = q | 0;
487
- }
488
- return [quotient, remainder | 0];
489
- }
490
- function divModAny(self2, v) {
491
- var value, n = parseValue(v);
492
- if (supportsNativeBigInt) {
493
- return [new NativeBigInt(self2.value / n.value), new NativeBigInt(self2.value % n.value)];
494
- }
495
- var a = self2.value, b = n.value;
496
- var quotient;
497
- if (b === 0)
498
- throw new Error("Cannot divide by zero");
499
- if (self2.isSmall) {
500
- if (n.isSmall) {
501
- return [new SmallInteger(truncate(a / b)), new SmallInteger(a % b)];
502
- }
503
- return [Integer[0], self2];
504
- }
505
- if (n.isSmall) {
506
- if (b === 1)
507
- return [self2, Integer[0]];
508
- if (b == -1)
509
- return [self2.negate(), Integer[0]];
510
- var abs = Math.abs(b);
511
- if (abs < BASE) {
512
- value = divModSmall(a, abs);
513
- quotient = arrayToSmall(value[0]);
514
- var remainder = value[1];
515
- if (self2.sign)
516
- remainder = -remainder;
517
- if (typeof quotient === "number") {
518
- if (self2.sign !== n.sign)
519
- quotient = -quotient;
520
- return [new SmallInteger(quotient), new SmallInteger(remainder)];
521
- }
522
- return [new BigInteger(quotient, self2.sign !== n.sign), new SmallInteger(remainder)];
523
- }
524
- b = smallToArray(abs);
525
- }
526
- var comparison = compareAbs(a, b);
527
- if (comparison === -1)
528
- return [Integer[0], self2];
529
- if (comparison === 0)
530
- return [Integer[self2.sign === n.sign ? 1 : -1], Integer[0]];
531
- if (a.length + b.length <= 200)
532
- value = divMod1(a, b);
533
- else
534
- value = divMod2(a, b);
535
- quotient = value[0];
536
- var qSign = self2.sign !== n.sign, mod2 = value[1], mSign = self2.sign;
537
- if (typeof quotient === "number") {
538
- if (qSign)
539
- quotient = -quotient;
540
- quotient = new SmallInteger(quotient);
541
- } else
542
- quotient = new BigInteger(quotient, qSign);
543
- if (typeof mod2 === "number") {
544
- if (mSign)
545
- mod2 = -mod2;
546
- mod2 = new SmallInteger(mod2);
547
- } else
548
- mod2 = new BigInteger(mod2, mSign);
549
- return [quotient, mod2];
550
- }
551
- BigInteger.prototype.divmod = function(v) {
552
- var result = divModAny(this, v);
553
- return {
554
- quotient: result[0],
555
- remainder: result[1]
556
- };
557
- };
558
- NativeBigInt.prototype.divmod = SmallInteger.prototype.divmod = BigInteger.prototype.divmod;
559
- BigInteger.prototype.divide = function(v) {
560
- return divModAny(this, v)[0];
561
- };
562
- NativeBigInt.prototype.over = NativeBigInt.prototype.divide = function(v) {
563
- return new NativeBigInt(this.value / parseValue(v).value);
564
- };
565
- SmallInteger.prototype.over = SmallInteger.prototype.divide = BigInteger.prototype.over = BigInteger.prototype.divide;
566
- BigInteger.prototype.mod = function(v) {
567
- return divModAny(this, v)[1];
568
- };
569
- NativeBigInt.prototype.mod = NativeBigInt.prototype.remainder = function(v) {
570
- return new NativeBigInt(this.value % parseValue(v).value);
571
- };
572
- SmallInteger.prototype.remainder = SmallInteger.prototype.mod = BigInteger.prototype.remainder = BigInteger.prototype.mod;
573
- BigInteger.prototype.pow = function(v) {
574
- var n = parseValue(v), a = this.value, b = n.value, value, x, y;
575
- if (b === 0)
576
- return Integer[1];
577
- if (a === 0)
578
- return Integer[0];
579
- if (a === 1)
580
- return Integer[1];
581
- if (a === -1)
582
- return n.isEven() ? Integer[1] : Integer[-1];
583
- if (n.sign) {
584
- return Integer[0];
585
- }
586
- if (!n.isSmall)
587
- throw new Error("The exponent " + n.toString() + " is too large.");
588
- if (this.isSmall) {
589
- if (isPrecise(value = Math.pow(a, b)))
590
- return new SmallInteger(truncate(value));
591
- }
592
- x = this;
593
- y = Integer[1];
594
- while (true) {
595
- if (b & true) {
596
- y = y.times(x);
597
- --b;
598
- }
599
- if (b === 0)
600
- break;
601
- b /= 2;
602
- x = x.square();
603
- }
604
- return y;
605
- };
606
- SmallInteger.prototype.pow = BigInteger.prototype.pow;
607
- NativeBigInt.prototype.pow = function(v) {
608
- var n = parseValue(v);
609
- var a = this.value, b = n.value;
610
- var _0 = BigInt(0), _1 = BigInt(1), _2 = BigInt(2);
611
- if (b === _0)
612
- return Integer[1];
613
- if (a === _0)
614
- return Integer[0];
615
- if (a === _1)
616
- return Integer[1];
617
- if (a === BigInt(-1))
618
- return n.isEven() ? Integer[1] : Integer[-1];
619
- if (n.isNegative())
620
- return new NativeBigInt(_0);
621
- var x = this;
622
- var y = Integer[1];
623
- while (true) {
624
- if ((b & _1) === _1) {
625
- y = y.times(x);
626
- --b;
627
- }
628
- if (b === _0)
629
- break;
630
- b /= _2;
631
- x = x.square();
632
- }
633
- return y;
634
- };
635
- BigInteger.prototype.modPow = function(exp, mod2) {
636
- exp = parseValue(exp);
637
- mod2 = parseValue(mod2);
638
- if (mod2.isZero())
639
- throw new Error("Cannot take modPow with modulus 0");
640
- var r = Integer[1], base3 = this.mod(mod2);
641
- if (exp.isNegative()) {
642
- exp = exp.multiply(Integer[-1]);
643
- base3 = base3.modInv(mod2);
644
- }
645
- while (exp.isPositive()) {
646
- if (base3.isZero())
647
- return Integer[0];
648
- if (exp.isOdd())
649
- r = r.multiply(base3).mod(mod2);
650
- exp = exp.divide(2);
651
- base3 = base3.square().mod(mod2);
652
- }
653
- return r;
654
- };
655
- NativeBigInt.prototype.modPow = SmallInteger.prototype.modPow = BigInteger.prototype.modPow;
656
- function compareAbs(a, b) {
657
- if (a.length !== b.length) {
658
- return a.length > b.length ? 1 : -1;
659
- }
660
- for (var i2 = a.length - 1; i2 >= 0; i2--) {
661
- if (a[i2] !== b[i2])
662
- return a[i2] > b[i2] ? 1 : -1;
663
- }
664
- return 0;
665
- }
666
- BigInteger.prototype.compareAbs = function(v) {
667
- var n = parseValue(v), a = this.value, b = n.value;
668
- if (n.isSmall)
669
- return 1;
670
- return compareAbs(a, b);
671
- };
672
- SmallInteger.prototype.compareAbs = function(v) {
673
- var n = parseValue(v), a = Math.abs(this.value), b = n.value;
674
- if (n.isSmall) {
675
- b = Math.abs(b);
676
- return a === b ? 0 : a > b ? 1 : -1;
677
- }
678
- return -1;
679
- };
680
- NativeBigInt.prototype.compareAbs = function(v) {
681
- var a = this.value;
682
- var b = parseValue(v).value;
683
- a = a >= 0 ? a : -a;
684
- b = b >= 0 ? b : -b;
685
- return a === b ? 0 : a > b ? 1 : -1;
686
- };
687
- BigInteger.prototype.compare = function(v) {
688
- if (v === Infinity) {
689
- return -1;
690
- }
691
- if (v === -Infinity) {
692
- return 1;
693
- }
694
- var n = parseValue(v), a = this.value, b = n.value;
695
- if (this.sign !== n.sign) {
696
- return n.sign ? 1 : -1;
697
- }
698
- if (n.isSmall) {
699
- return this.sign ? -1 : 1;
700
- }
701
- return compareAbs(a, b) * (this.sign ? -1 : 1);
702
- };
703
- BigInteger.prototype.compareTo = BigInteger.prototype.compare;
704
- SmallInteger.prototype.compare = function(v) {
705
- if (v === Infinity) {
706
- return -1;
707
- }
708
- if (v === -Infinity) {
709
- return 1;
710
- }
711
- var n = parseValue(v), a = this.value, b = n.value;
712
- if (n.isSmall) {
713
- return a == b ? 0 : a > b ? 1 : -1;
714
- }
715
- if (a < 0 !== n.sign) {
716
- return a < 0 ? -1 : 1;
717
- }
718
- return a < 0 ? 1 : -1;
719
- };
720
- SmallInteger.prototype.compareTo = SmallInteger.prototype.compare;
721
- NativeBigInt.prototype.compare = function(v) {
722
- if (v === Infinity) {
723
- return -1;
724
- }
725
- if (v === -Infinity) {
726
- return 1;
727
- }
728
- var a = this.value;
729
- var b = parseValue(v).value;
730
- return a === b ? 0 : a > b ? 1 : -1;
731
- };
732
- NativeBigInt.prototype.compareTo = NativeBigInt.prototype.compare;
733
- BigInteger.prototype.equals = function(v) {
734
- return this.compare(v) === 0;
735
- };
736
- NativeBigInt.prototype.eq = NativeBigInt.prototype.equals = SmallInteger.prototype.eq = SmallInteger.prototype.equals = BigInteger.prototype.eq = BigInteger.prototype.equals;
737
- BigInteger.prototype.notEquals = function(v) {
738
- return this.compare(v) !== 0;
739
- };
740
- NativeBigInt.prototype.neq = NativeBigInt.prototype.notEquals = SmallInteger.prototype.neq = SmallInteger.prototype.notEquals = BigInteger.prototype.neq = BigInteger.prototype.notEquals;
741
- BigInteger.prototype.greater = function(v) {
742
- return this.compare(v) > 0;
743
- };
744
- NativeBigInt.prototype.gt = NativeBigInt.prototype.greater = SmallInteger.prototype.gt = SmallInteger.prototype.greater = BigInteger.prototype.gt = BigInteger.prototype.greater;
745
- BigInteger.prototype.lesser = function(v) {
746
- return this.compare(v) < 0;
747
- };
748
- NativeBigInt.prototype.lt = NativeBigInt.prototype.lesser = SmallInteger.prototype.lt = SmallInteger.prototype.lesser = BigInteger.prototype.lt = BigInteger.prototype.lesser;
749
- BigInteger.prototype.greaterOrEquals = function(v) {
750
- return this.compare(v) >= 0;
751
- };
752
- NativeBigInt.prototype.geq = NativeBigInt.prototype.greaterOrEquals = SmallInteger.prototype.geq = SmallInteger.prototype.greaterOrEquals = BigInteger.prototype.geq = BigInteger.prototype.greaterOrEquals;
753
- BigInteger.prototype.lesserOrEquals = function(v) {
754
- return this.compare(v) <= 0;
755
- };
756
- NativeBigInt.prototype.leq = NativeBigInt.prototype.lesserOrEquals = SmallInteger.prototype.leq = SmallInteger.prototype.lesserOrEquals = BigInteger.prototype.leq = BigInteger.prototype.lesserOrEquals;
757
- BigInteger.prototype.isEven = function() {
758
- return (this.value[0] & 1) === 0;
759
- };
760
- SmallInteger.prototype.isEven = function() {
761
- return (this.value & 1) === 0;
762
- };
763
- NativeBigInt.prototype.isEven = function() {
764
- return (this.value & BigInt(1)) === BigInt(0);
765
- };
766
- BigInteger.prototype.isOdd = function() {
767
- return (this.value[0] & 1) === 1;
768
- };
769
- SmallInteger.prototype.isOdd = function() {
770
- return (this.value & 1) === 1;
771
- };
772
- NativeBigInt.prototype.isOdd = function() {
773
- return (this.value & BigInt(1)) === BigInt(1);
774
- };
775
- BigInteger.prototype.isPositive = function() {
776
- return !this.sign;
777
- };
778
- SmallInteger.prototype.isPositive = function() {
779
- return this.value > 0;
780
- };
781
- NativeBigInt.prototype.isPositive = SmallInteger.prototype.isPositive;
782
- BigInteger.prototype.isNegative = function() {
783
- return this.sign;
784
- };
785
- SmallInteger.prototype.isNegative = function() {
786
- return this.value < 0;
787
- };
788
- NativeBigInt.prototype.isNegative = SmallInteger.prototype.isNegative;
789
- BigInteger.prototype.isUnit = function() {
790
- return false;
791
- };
792
- SmallInteger.prototype.isUnit = function() {
793
- return Math.abs(this.value) === 1;
794
- };
795
- NativeBigInt.prototype.isUnit = function() {
796
- return this.abs().value === BigInt(1);
797
- };
798
- BigInteger.prototype.isZero = function() {
799
- return false;
800
- };
801
- SmallInteger.prototype.isZero = function() {
802
- return this.value === 0;
803
- };
804
- NativeBigInt.prototype.isZero = function() {
805
- return this.value === BigInt(0);
806
- };
807
- BigInteger.prototype.isDivisibleBy = function(v) {
808
- var n = parseValue(v);
809
- if (n.isZero())
810
- return false;
811
- if (n.isUnit())
812
- return true;
813
- if (n.compareAbs(2) === 0)
814
- return this.isEven();
815
- return this.mod(n).isZero();
816
- };
817
- NativeBigInt.prototype.isDivisibleBy = SmallInteger.prototype.isDivisibleBy = BigInteger.prototype.isDivisibleBy;
818
- function isBasicPrime(v) {
819
- var n = v.abs();
820
- if (n.isUnit())
821
- return false;
822
- if (n.equals(2) || n.equals(3) || n.equals(5))
823
- return true;
824
- if (n.isEven() || n.isDivisibleBy(3) || n.isDivisibleBy(5))
825
- return false;
826
- if (n.lesser(49))
827
- return true;
828
- }
829
- function millerRabinTest(n, a) {
830
- var nPrev = n.prev(), b = nPrev, r = 0, d, t, i2, x;
831
- while (b.isEven())
832
- b = b.divide(2), r++;
833
- next:
834
- for (i2 = 0; i2 < a.length; i2++) {
835
- if (n.lesser(a[i2]))
836
- continue;
837
- x = bigInt2(a[i2]).modPow(b, n);
838
- if (x.isUnit() || x.equals(nPrev))
839
- continue;
840
- for (d = r - 1; d != 0; d--) {
841
- x = x.square().mod(n);
842
- if (x.isUnit())
843
- return false;
844
- if (x.equals(nPrev))
845
- continue next;
846
- }
847
- return false;
848
- }
849
- return true;
850
- }
851
- BigInteger.prototype.isPrime = function(strict) {
852
- var isPrime = isBasicPrime(this);
853
- if (isPrime !== undefined2)
854
- return isPrime;
855
- var n = this.abs();
856
- var bits = n.bitLength();
857
- if (bits <= 64)
858
- return millerRabinTest(n, [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37]);
859
- var logN = Math.log(2) * bits.toJSNumber();
860
- var t = Math.ceil(strict === true ? 2 * Math.pow(logN, 2) : logN);
861
- for (var a = [], i2 = 0; i2 < t; i2++) {
862
- a.push(bigInt2(i2 + 2));
863
- }
864
- return millerRabinTest(n, a);
865
- };
866
- NativeBigInt.prototype.isPrime = SmallInteger.prototype.isPrime = BigInteger.prototype.isPrime;
867
- BigInteger.prototype.isProbablePrime = function(iterations, rng) {
868
- var isPrime = isBasicPrime(this);
869
- if (isPrime !== undefined2)
870
- return isPrime;
871
- var n = this.abs();
872
- var t = iterations === undefined2 ? 5 : iterations;
873
- for (var a = [], i2 = 0; i2 < t; i2++) {
874
- a.push(bigInt2.randBetween(2, n.minus(2), rng));
875
- }
876
- return millerRabinTest(n, a);
877
- };
878
- NativeBigInt.prototype.isProbablePrime = SmallInteger.prototype.isProbablePrime = BigInteger.prototype.isProbablePrime;
879
- BigInteger.prototype.modInv = function(n) {
880
- var t = bigInt2.zero, newT = bigInt2.one, r = parseValue(n), newR = this.abs(), q, lastT, lastR;
881
- while (!newR.isZero()) {
882
- q = r.divide(newR);
883
- lastT = t;
884
- lastR = r;
885
- t = newT;
886
- r = newR;
887
- newT = lastT.subtract(q.multiply(newT));
888
- newR = lastR.subtract(q.multiply(newR));
889
- }
890
- if (!r.isUnit())
891
- throw new Error(this.toString() + " and " + n.toString() + " are not co-prime");
892
- if (t.compare(0) === -1) {
893
- t = t.add(n);
894
- }
895
- if (this.isNegative()) {
896
- return t.negate();
897
- }
898
- return t;
899
- };
900
- NativeBigInt.prototype.modInv = SmallInteger.prototype.modInv = BigInteger.prototype.modInv;
901
- BigInteger.prototype.next = function() {
902
- var value = this.value;
903
- if (this.sign) {
904
- return subtractSmall(value, 1, this.sign);
905
- }
906
- return new BigInteger(addSmall(value, 1), this.sign);
907
- };
908
- SmallInteger.prototype.next = function() {
909
- var value = this.value;
910
- if (value + 1 < MAX_INT)
911
- return new SmallInteger(value + 1);
912
- return new BigInteger(MAX_INT_ARR, false);
913
- };
914
- NativeBigInt.prototype.next = function() {
915
- return new NativeBigInt(this.value + BigInt(1));
916
- };
917
- BigInteger.prototype.prev = function() {
918
- var value = this.value;
919
- if (this.sign) {
920
- return new BigInteger(addSmall(value, 1), true);
921
- }
922
- return subtractSmall(value, 1, this.sign);
923
- };
924
- SmallInteger.prototype.prev = function() {
925
- var value = this.value;
926
- if (value - 1 > -MAX_INT)
927
- return new SmallInteger(value - 1);
928
- return new BigInteger(MAX_INT_ARR, true);
929
- };
930
- NativeBigInt.prototype.prev = function() {
931
- return new NativeBigInt(this.value - BigInt(1));
932
- };
933
- var powersOfTwo = [1];
934
- while (2 * powersOfTwo[powersOfTwo.length - 1] <= BASE)
935
- powersOfTwo.push(2 * powersOfTwo[powersOfTwo.length - 1]);
936
- var powers2Length = powersOfTwo.length, highestPower2 = powersOfTwo[powers2Length - 1];
937
- function shift_isSmall(n) {
938
- return Math.abs(n) <= BASE;
939
- }
940
- BigInteger.prototype.shiftLeft = function(v) {
941
- var n = parseValue(v).toJSNumber();
942
- if (!shift_isSmall(n)) {
943
- throw new Error(String(n) + " is too large for shifting.");
944
- }
945
- if (n < 0)
946
- return this.shiftRight(-n);
947
- var result = this;
948
- if (result.isZero())
949
- return result;
950
- while (n >= powers2Length) {
951
- result = result.multiply(highestPower2);
952
- n -= powers2Length - 1;
953
- }
954
- return result.multiply(powersOfTwo[n]);
955
- };
956
- NativeBigInt.prototype.shiftLeft = SmallInteger.prototype.shiftLeft = BigInteger.prototype.shiftLeft;
957
- BigInteger.prototype.shiftRight = function(v) {
958
- var remQuo;
959
- var n = parseValue(v).toJSNumber();
960
- if (!shift_isSmall(n)) {
961
- throw new Error(String(n) + " is too large for shifting.");
962
- }
963
- if (n < 0)
964
- return this.shiftLeft(-n);
965
- var result = this;
966
- while (n >= powers2Length) {
967
- if (result.isZero() || result.isNegative() && result.isUnit())
968
- return result;
969
- remQuo = divModAny(result, highestPower2);
970
- result = remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
971
- n -= powers2Length - 1;
972
- }
973
- remQuo = divModAny(result, powersOfTwo[n]);
974
- return remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
975
- };
976
- NativeBigInt.prototype.shiftRight = SmallInteger.prototype.shiftRight = BigInteger.prototype.shiftRight;
977
- function bitwise(x, y, fn) {
978
- y = parseValue(y);
979
- var xSign = x.isNegative(), ySign = y.isNegative();
980
- var xRem = xSign ? x.not() : x, yRem = ySign ? y.not() : y;
981
- var xDigit = 0, yDigit = 0;
982
- var xDivMod = null, yDivMod = null;
983
- var result = [];
984
- while (!xRem.isZero() || !yRem.isZero()) {
985
- xDivMod = divModAny(xRem, highestPower2);
986
- xDigit = xDivMod[1].toJSNumber();
987
- if (xSign) {
988
- xDigit = highestPower2 - 1 - xDigit;
989
- }
990
- yDivMod = divModAny(yRem, highestPower2);
991
- yDigit = yDivMod[1].toJSNumber();
992
- if (ySign) {
993
- yDigit = highestPower2 - 1 - yDigit;
994
- }
995
- xRem = xDivMod[0];
996
- yRem = yDivMod[0];
997
- result.push(fn(xDigit, yDigit));
998
- }
999
- var sum = fn(xSign ? 1 : 0, ySign ? 1 : 0) !== 0 ? bigInt2(-1) : bigInt2(0);
1000
- for (var i2 = result.length - 1; i2 >= 0; i2 -= 1) {
1001
- sum = sum.multiply(highestPower2).add(bigInt2(result[i2]));
1002
- }
1003
- return sum;
1004
- }
1005
- BigInteger.prototype.not = function() {
1006
- return this.negate().prev();
1007
- };
1008
- NativeBigInt.prototype.not = SmallInteger.prototype.not = BigInteger.prototype.not;
1009
- BigInteger.prototype.and = function(n) {
1010
- return bitwise(this, n, function(a, b) {
1011
- return a & b;
1012
- });
1013
- };
1014
- NativeBigInt.prototype.and = SmallInteger.prototype.and = BigInteger.prototype.and;
1015
- BigInteger.prototype.or = function(n) {
1016
- return bitwise(this, n, function(a, b) {
1017
- return a | b;
1018
- });
1019
- };
1020
- NativeBigInt.prototype.or = SmallInteger.prototype.or = BigInteger.prototype.or;
1021
- BigInteger.prototype.xor = function(n) {
1022
- return bitwise(this, n, function(a, b) {
1023
- return a ^ b;
1024
- });
1025
- };
1026
- NativeBigInt.prototype.xor = SmallInteger.prototype.xor = BigInteger.prototype.xor;
1027
- var LOBMASK_I = 1 << 30, LOBMASK_BI = (BASE & -BASE) * (BASE & -BASE) | LOBMASK_I;
1028
- function roughLOB(n) {
1029
- var v = n.value, x = typeof v === "number" ? v | LOBMASK_I : typeof v === "bigint" ? v | BigInt(LOBMASK_I) : v[0] + v[1] * BASE | LOBMASK_BI;
1030
- return x & -x;
1031
- }
1032
- function integerLogarithm(value, base3) {
1033
- if (base3.compareTo(value) <= 0) {
1034
- var tmp = integerLogarithm(value, base3.square(base3));
1035
- var p = tmp.p;
1036
- var e = tmp.e;
1037
- var t = p.multiply(base3);
1038
- return t.compareTo(value) <= 0 ? { p: t, e: e * 2 + 1 } : { p, e: e * 2 };
1039
- }
1040
- return { p: bigInt2(1), e: 0 };
1041
- }
1042
- BigInteger.prototype.bitLength = function() {
1043
- var n = this;
1044
- if (n.compareTo(bigInt2(0)) < 0) {
1045
- n = n.negate().subtract(bigInt2(1));
1046
- }
1047
- if (n.compareTo(bigInt2(0)) === 0) {
1048
- return bigInt2(0);
1049
- }
1050
- return bigInt2(integerLogarithm(n, bigInt2(2)).e).add(bigInt2(1));
1051
- };
1052
- NativeBigInt.prototype.bitLength = SmallInteger.prototype.bitLength = BigInteger.prototype.bitLength;
1053
- function max(a, b) {
1054
- a = parseValue(a);
1055
- b = parseValue(b);
1056
- return a.greater(b) ? a : b;
1057
- }
1058
- function min(a, b) {
1059
- a = parseValue(a);
1060
- b = parseValue(b);
1061
- return a.lesser(b) ? a : b;
1062
- }
1063
- function gcd(a, b) {
1064
- a = parseValue(a).abs();
1065
- b = parseValue(b).abs();
1066
- if (a.equals(b))
1067
- return a;
1068
- if (a.isZero())
1069
- return b;
1070
- if (b.isZero())
1071
- return a;
1072
- var c = Integer[1], d, t;
1073
- while (a.isEven() && b.isEven()) {
1074
- d = min(roughLOB(a), roughLOB(b));
1075
- a = a.divide(d);
1076
- b = b.divide(d);
1077
- c = c.multiply(d);
1078
- }
1079
- while (a.isEven()) {
1080
- a = a.divide(roughLOB(a));
1081
- }
1082
- do {
1083
- while (b.isEven()) {
1084
- b = b.divide(roughLOB(b));
1085
- }
1086
- if (a.greater(b)) {
1087
- t = b;
1088
- b = a;
1089
- a = t;
1090
- }
1091
- b = b.subtract(a);
1092
- } while (!b.isZero());
1093
- return c.isUnit() ? a : a.multiply(c);
1094
- }
1095
- function lcm(a, b) {
1096
- a = parseValue(a).abs();
1097
- b = parseValue(b).abs();
1098
- return a.divide(gcd(a, b)).multiply(b);
1099
- }
1100
- function randBetween(a, b, rng) {
1101
- a = parseValue(a);
1102
- b = parseValue(b);
1103
- var usedRNG = rng || Math.random;
1104
- var low = min(a, b), high = max(a, b);
1105
- var range = high.subtract(low).add(1);
1106
- if (range.isSmall)
1107
- return low.add(Math.floor(usedRNG() * range));
1108
- var digits = toBase(range, BASE).value;
1109
- var result = [], restricted = true;
1110
- for (var i2 = 0; i2 < digits.length; i2++) {
1111
- var top = restricted ? digits[i2] + (i2 + 1 < digits.length ? digits[i2 + 1] / BASE : 0) : BASE;
1112
- var digit = truncate(usedRNG() * top);
1113
- result.push(digit);
1114
- if (digit < digits[i2])
1115
- restricted = false;
1116
- }
1117
- return low.add(Integer.fromArray(result, BASE, false));
1118
- }
1119
- var parseBase = function(text, base3, alphabet2, caseSensitive) {
1120
- alphabet2 = alphabet2 || DEFAULT_ALPHABET;
1121
- text = String(text);
1122
- if (!caseSensitive) {
1123
- text = text.toLowerCase();
1124
- alphabet2 = alphabet2.toLowerCase();
1125
- }
1126
- var length2 = text.length;
1127
- var i2;
1128
- var absBase = Math.abs(base3);
1129
- var alphabetValues = {};
1130
- for (i2 = 0; i2 < alphabet2.length; i2++) {
1131
- alphabetValues[alphabet2[i2]] = i2;
1132
- }
1133
- for (i2 = 0; i2 < length2; i2++) {
1134
- var c = text[i2];
1135
- if (c === "-")
1136
- continue;
1137
- if (c in alphabetValues) {
1138
- if (alphabetValues[c] >= absBase) {
1139
- if (c === "1" && absBase === 1)
1140
- continue;
1141
- throw new Error(c + " is not a valid digit in base " + base3 + ".");
1142
- }
1143
- }
1144
- }
1145
- base3 = parseValue(base3);
1146
- var digits = [];
1147
- var isNegative = text[0] === "-";
1148
- for (i2 = isNegative ? 1 : 0; i2 < text.length; i2++) {
1149
- var c = text[i2];
1150
- if (c in alphabetValues)
1151
- digits.push(parseValue(alphabetValues[c]));
1152
- else if (c === "<") {
1153
- var start = i2;
1154
- do {
1155
- i2++;
1156
- } while (text[i2] !== ">" && i2 < text.length);
1157
- digits.push(parseValue(text.slice(start + 1, i2)));
1158
- } else
1159
- throw new Error(c + " is not a valid character");
1160
- }
1161
- return parseBaseFromArray(digits, base3, isNegative);
1162
- };
1163
- function parseBaseFromArray(digits, base3, isNegative) {
1164
- var val = Integer[0], pow = Integer[1], i2;
1165
- for (i2 = digits.length - 1; i2 >= 0; i2--) {
1166
- val = val.add(digits[i2].times(pow));
1167
- pow = pow.times(base3);
1168
- }
1169
- return isNegative ? val.negate() : val;
1170
- }
1171
- function stringify(digit, alphabet2) {
1172
- alphabet2 = alphabet2 || DEFAULT_ALPHABET;
1173
- if (digit < alphabet2.length) {
1174
- return alphabet2[digit];
1175
- }
1176
- return "<" + digit + ">";
1177
- }
1178
- function toBase(n, base3) {
1179
- base3 = bigInt2(base3);
1180
- if (base3.isZero()) {
1181
- if (n.isZero())
1182
- return { value: [0], isNegative: false };
1183
- throw new Error("Cannot convert nonzero numbers to base 0.");
1184
- }
1185
- if (base3.equals(-1)) {
1186
- if (n.isZero())
1187
- return { value: [0], isNegative: false };
1188
- if (n.isNegative())
1189
- return {
1190
- value: [].concat.apply(
1191
- [],
1192
- Array.apply(null, Array(-n.toJSNumber())).map(Array.prototype.valueOf, [1, 0])
1193
- ),
1194
- isNegative: false
1195
- };
1196
- var arr = Array.apply(null, Array(n.toJSNumber() - 1)).map(Array.prototype.valueOf, [0, 1]);
1197
- arr.unshift([1]);
1198
- return {
1199
- value: [].concat.apply([], arr),
1200
- isNegative: false
1201
- };
1202
- }
1203
- var neg = false;
1204
- if (n.isNegative() && base3.isPositive()) {
1205
- neg = true;
1206
- n = n.abs();
1207
- }
1208
- if (base3.isUnit()) {
1209
- if (n.isZero())
1210
- return { value: [0], isNegative: false };
1211
- return {
1212
- value: Array.apply(null, Array(n.toJSNumber())).map(Number.prototype.valueOf, 1),
1213
- isNegative: neg
1214
- };
1215
- }
1216
- var out = [];
1217
- var left = n, divmod;
1218
- while (left.isNegative() || left.compareAbs(base3) >= 0) {
1219
- divmod = left.divmod(base3);
1220
- left = divmod.quotient;
1221
- var digit = divmod.remainder;
1222
- if (digit.isNegative()) {
1223
- digit = base3.minus(digit).abs();
1224
- left = left.next();
1225
- }
1226
- out.push(digit.toJSNumber());
1227
- }
1228
- out.push(left.toJSNumber());
1229
- return { value: out.reverse(), isNegative: neg };
1230
- }
1231
- function toBaseString(n, base3, alphabet2) {
1232
- var arr = toBase(n, base3);
1233
- return (arr.isNegative ? "-" : "") + arr.value.map(function(x) {
1234
- return stringify(x, alphabet2);
1235
- }).join("");
1236
- }
1237
- BigInteger.prototype.toArray = function(radix) {
1238
- return toBase(this, radix);
1239
- };
1240
- SmallInteger.prototype.toArray = function(radix) {
1241
- return toBase(this, radix);
1242
- };
1243
- NativeBigInt.prototype.toArray = function(radix) {
1244
- return toBase(this, radix);
1245
- };
1246
- BigInteger.prototype.toString = function(radix, alphabet2) {
1247
- if (radix === undefined2)
1248
- radix = 10;
1249
- if (radix !== 10)
1250
- return toBaseString(this, radix, alphabet2);
1251
- var v = this.value, l = v.length, str = String(v[--l]), zeros = "0000000", digit;
1252
- while (--l >= 0) {
1253
- digit = String(v[l]);
1254
- str += zeros.slice(digit.length) + digit;
1255
- }
1256
- var sign2 = this.sign ? "-" : "";
1257
- return sign2 + str;
1258
- };
1259
- SmallInteger.prototype.toString = function(radix, alphabet2) {
1260
- if (radix === undefined2)
1261
- radix = 10;
1262
- if (radix != 10)
1263
- return toBaseString(this, radix, alphabet2);
1264
- return String(this.value);
1265
- };
1266
- NativeBigInt.prototype.toString = SmallInteger.prototype.toString;
1267
- NativeBigInt.prototype.toJSON = BigInteger.prototype.toJSON = SmallInteger.prototype.toJSON = function() {
1268
- return this.toString();
1269
- };
1270
- BigInteger.prototype.valueOf = function() {
1271
- return parseInt(this.toString(), 10);
1272
- };
1273
- BigInteger.prototype.toJSNumber = BigInteger.prototype.valueOf;
1274
- SmallInteger.prototype.valueOf = function() {
1275
- return this.value;
1276
- };
1277
- SmallInteger.prototype.toJSNumber = SmallInteger.prototype.valueOf;
1278
- NativeBigInt.prototype.valueOf = NativeBigInt.prototype.toJSNumber = function() {
1279
- return parseInt(this.toString(), 10);
1280
- };
1281
- function parseStringValue(v) {
1282
- if (isPrecise(+v)) {
1283
- var x = +v;
1284
- if (x === truncate(x))
1285
- return supportsNativeBigInt ? new NativeBigInt(BigInt(x)) : new SmallInteger(x);
1286
- throw new Error("Invalid integer: " + v);
1287
- }
1288
- var sign2 = v[0] === "-";
1289
- if (sign2)
1290
- v = v.slice(1);
1291
- var split = v.split(/e/i);
1292
- if (split.length > 2)
1293
- throw new Error("Invalid integer: " + split.join("e"));
1294
- if (split.length === 2) {
1295
- var exp = split[1];
1296
- if (exp[0] === "+")
1297
- exp = exp.slice(1);
1298
- exp = +exp;
1299
- if (exp !== truncate(exp) || !isPrecise(exp))
1300
- throw new Error("Invalid integer: " + exp + " is not a valid exponent.");
1301
- var text = split[0];
1302
- var decimalPlace = text.indexOf(".");
1303
- if (decimalPlace >= 0) {
1304
- exp -= text.length - decimalPlace - 1;
1305
- text = text.slice(0, decimalPlace) + text.slice(decimalPlace + 1);
1306
- }
1307
- if (exp < 0)
1308
- throw new Error("Cannot include negative exponent part for integers");
1309
- text += new Array(exp + 1).join("0");
1310
- v = text;
1311
- }
1312
- var isValid = /^([0-9][0-9]*)$/.test(v);
1313
- if (!isValid)
1314
- throw new Error("Invalid integer: " + v);
1315
- if (supportsNativeBigInt) {
1316
- return new NativeBigInt(BigInt(sign2 ? "-" + v : v));
1317
- }
1318
- var r = [], max2 = v.length, l = LOG_BASE, min2 = max2 - l;
1319
- while (max2 > 0) {
1320
- r.push(+v.slice(min2, max2));
1321
- min2 -= l;
1322
- if (min2 < 0)
1323
- min2 = 0;
1324
- max2 -= l;
1325
- }
1326
- trim(r);
1327
- return new BigInteger(r, sign2);
1328
- }
1329
- function parseNumberValue(v) {
1330
- if (supportsNativeBigInt) {
1331
- return new NativeBigInt(BigInt(v));
1332
- }
1333
- if (isPrecise(v)) {
1334
- if (v !== truncate(v))
1335
- throw new Error(v + " is not an integer.");
1336
- return new SmallInteger(v);
1337
- }
1338
- return parseStringValue(v.toString());
1339
- }
1340
- function parseValue(v) {
1341
- if (typeof v === "number") {
1342
- return parseNumberValue(v);
1343
- }
1344
- if (typeof v === "string") {
1345
- return parseStringValue(v);
1346
- }
1347
- if (typeof v === "bigint") {
1348
- return new NativeBigInt(v);
1349
- }
1350
- return v;
1351
- }
1352
- for (var i = 0; i < 1e3; i++) {
1353
- Integer[i] = parseValue(i);
1354
- if (i > 0)
1355
- Integer[-i] = parseValue(-i);
1356
- }
1357
- Integer.one = Integer[1];
1358
- Integer.zero = Integer[0];
1359
- Integer.minusOne = Integer[-1];
1360
- Integer.max = max;
1361
- Integer.min = min;
1362
- Integer.gcd = gcd;
1363
- Integer.lcm = lcm;
1364
- Integer.isInstance = function(x) {
1365
- return x instanceof BigInteger || x instanceof SmallInteger || x instanceof NativeBigInt;
1366
- };
1367
- Integer.randBetween = randBetween;
1368
- Integer.fromArray = function(digits, base3, isNegative) {
1369
- return parseBaseFromArray(digits.map(parseValue), parseValue(base3 || 10), isNegative);
1370
- };
1371
- return Integer;
1372
- }();
1373
- if (typeof module2 !== "undefined" && module2.hasOwnProperty("exports")) {
1374
- module2.exports = bigInt2;
1375
- }
1376
- if (typeof define === "function" && define.amd) {
1377
- define(function() {
1378
- return bigInt2;
1379
- });
1380
- }
1381
- }
1382
- });
1383
-
1384
26
  // src/index.ts
1385
27
  var src_exports2 = {};
1386
28
  __export(src_exports2, {
1387
- AesKey: () => AesKey,
1388
29
  BASE58_DID_PREFIX: () => BASE58_DID_PREFIX,
1389
- DID_KEY_BASE58_PREFIX: () => DID_KEY_BASE58_PREFIX,
1390
- EcdsaKeypair: () => EcdsaKeypair,
30
+ P256Keypair: () => P256Keypair,
1391
31
  P256_DID_PREFIX: () => P256_DID_PREFIX,
1392
32
  P256_JWT_ALG: () => P256_JWT_ALG,
1393
33
  SECP256K1_DID_PREFIX: () => SECP256K1_DID_PREFIX,
1394
34
  SECP256K1_JWT_ALG: () => SECP256K1_JWT_ALG,
1395
35
  Secp256k1Keypair: () => Secp256k1Keypair,
36
+ bytesToMultibase: () => bytesToMultibase,
1396
37
  formatDidKey: () => formatDidKey,
1397
38
  multibaseToBytes: () => multibaseToBytes,
1398
39
  p256Plugin: () => p256Plugin,
1399
40
  parseDidKey: () => parseDidKey,
1400
- randomBytes: () => randomBytes,
1401
- randomIV: () => randomIV,
41
+ randomBytes: () => randomBytes2,
42
+ randomIntFromSeed: () => randomIntFromSeed,
1402
43
  randomStr: () => randomStr,
1403
44
  secp256k1Plugin: () => secp256k1Plugin,
1404
- sha256: () => sha2562,
1405
- sha256Stream: () => sha256Stream,
45
+ sha256: () => sha2563,
1406
46
  verifySignature: () => verifySignature,
1407
47
  verifySignatureUtf8: () => verifySignatureUtf8
1408
48
  });
1409
49
  module.exports = __toCommonJS(src_exports2);
1410
50
 
1411
- // ../../node_modules/one-webcrypto/node.mjs
1412
- var import_crypto = __toESM(require("crypto"), 1);
1413
- var webcrypto = import_crypto.default.webcrypto;
51
+ // src/const.ts
52
+ var P256_DID_PREFIX = new Uint8Array([128, 36]);
53
+ var SECP256K1_DID_PREFIX = new Uint8Array([231, 1]);
54
+ var BASE58_DID_PREFIX = "did:key:z";
55
+ var P256_JWT_ALG = "ES256";
56
+ var SECP256K1_JWT_ALG = "ES256K";
1414
57
 
1415
58
  // ../../node_modules/uint8arrays/esm/src/concat.js
1416
59
  function concat(arrays, length2) {
1417
60
  if (!length2) {
1418
61
  length2 = arrays.reduce((acc, curr) => acc + curr.length, 0);
1419
62
  }
1420
- const output = new Uint8Array(length2);
63
+ const output2 = new Uint8Array(length2);
1421
64
  let offset = 0;
1422
65
  for (const arr of arrays) {
1423
- output.set(arr, offset);
66
+ output2.set(arr, offset);
1424
67
  offset += arr.length;
1425
68
  }
1426
- return output;
69
+ return output2;
1427
70
  }
1428
71
 
1429
72
  // ../../node_modules/uint8arrays/esm/src/equals.js
@@ -1619,9 +262,9 @@ var Encoder = class {
1619
262
  this.prefix = prefix;
1620
263
  this.baseEncode = baseEncode;
1621
264
  }
1622
- encode(bytes) {
1623
- if (bytes instanceof Uint8Array) {
1624
- return `${this.prefix}${this.baseEncode(bytes)}`;
265
+ encode(bytes2) {
266
+ if (bytes2 instanceof Uint8Array) {
267
+ return `${this.prefix}${this.baseEncode(bytes2)}`;
1625
268
  } else {
1626
269
  throw Error("Unknown type, must be binary type");
1627
270
  }
@@ -2006,7 +649,7 @@ __export(sha2_exports, {
2006
649
  sha256: () => sha256,
2007
650
  sha512: () => sha512
2008
651
  });
2009
- var import_crypto2 = __toESM(require("crypto"), 1);
652
+ var import_crypto = __toESM(require("crypto"), 1);
2010
653
 
2011
654
  // ../../node_modules/multiformats/esm/vendor/varint.js
2012
655
  var encode_1 = encode3;
@@ -2088,21 +731,21 @@ var create = (code2, digest2) => {
2088
731
  const size = digest2.byteLength;
2089
732
  const sizeOffset = encodingLength(code2);
2090
733
  const digestOffset = sizeOffset + encodingLength(size);
2091
- const bytes = new Uint8Array(digestOffset + size);
2092
- encodeTo(code2, bytes, 0);
2093
- encodeTo(size, bytes, sizeOffset);
2094
- bytes.set(digest2, digestOffset);
2095
- return new Digest(code2, size, digest2, bytes);
734
+ const bytes2 = new Uint8Array(digestOffset + size);
735
+ encodeTo(code2, bytes2, 0);
736
+ encodeTo(size, bytes2, sizeOffset);
737
+ bytes2.set(digest2, digestOffset);
738
+ return new Digest(code2, size, digest2, bytes2);
2096
739
  };
2097
740
  var decode5 = (multihash) => {
2098
- const bytes = coerce(multihash);
2099
- const [code2, sizeOffset] = decode4(bytes);
2100
- const [size, digestOffset] = decode4(bytes.subarray(sizeOffset));
2101
- const digest2 = bytes.subarray(sizeOffset + digestOffset);
741
+ const bytes2 = coerce(multihash);
742
+ const [code2, sizeOffset] = decode4(bytes2);
743
+ const [size, digestOffset] = decode4(bytes2.subarray(sizeOffset));
744
+ const digest2 = bytes2.subarray(sizeOffset + digestOffset);
2102
745
  if (digest2.byteLength !== size) {
2103
746
  throw new Error("Incorrect length");
2104
747
  }
2105
- return new Digest(code2, size, digest2, bytes);
748
+ return new Digest(code2, size, digest2, bytes2);
2106
749
  };
2107
750
  var equals3 = (a, b) => {
2108
751
  if (a === b) {
@@ -2112,11 +755,11 @@ var equals3 = (a, b) => {
2112
755
  }
2113
756
  };
2114
757
  var Digest = class {
2115
- constructor(code2, size, digest2, bytes) {
758
+ constructor(code2, size, digest2, bytes2) {
2116
759
  this.code = code2;
2117
760
  this.size = size;
2118
761
  this.digest = digest2;
2119
- this.bytes = bytes;
762
+ this.bytes = bytes2;
2120
763
  }
2121
764
  };
2122
765
 
@@ -2142,12 +785,12 @@ var Hasher = class {
2142
785
  var sha256 = from2({
2143
786
  name: "sha2-256",
2144
787
  code: 18,
2145
- encode: (input) => coerce(import_crypto2.default.createHash("sha256").update(input).digest())
788
+ encode: (input) => coerce(import_crypto.default.createHash("sha256").update(input).digest())
2146
789
  });
2147
790
  var sha512 = from2({
2148
791
  name: "sha2-512",
2149
792
  code: 19,
2150
- encode: (input) => coerce(import_crypto2.default.createHash("sha512").update(input).digest())
793
+ encode: (input) => coerce(import_crypto.default.createHash("sha512").update(input).digest())
2151
794
  });
2152
795
 
2153
796
  // ../../node_modules/multiformats/esm/src/hashes/identity.js
@@ -2172,13 +815,13 @@ var textDecoder = new TextDecoder();
2172
815
 
2173
816
  // ../../node_modules/multiformats/esm/src/cid.js
2174
817
  var CID = class {
2175
- constructor(version2, code2, multihash, bytes) {
818
+ constructor(version2, code2, multihash, bytes2) {
2176
819
  this.code = code2;
2177
820
  this.version = version2;
2178
821
  this.multihash = multihash;
2179
- this.bytes = bytes;
2180
- this.byteOffset = bytes.byteOffset;
2181
- this.byteLength = bytes.byteLength;
822
+ this.bytes = bytes2;
823
+ this.byteOffset = bytes2.byteOffset;
824
+ this.byteLength = bytes2.byteLength;
2182
825
  this.asCID = this;
2183
826
  this._baseCache = /* @__PURE__ */ new Map();
2184
827
  Object.defineProperties(this, {
@@ -2228,12 +871,12 @@ var CID = class {
2228
871
  return other && this.code === other.code && this.version === other.version && equals3(this.multihash, other.multihash);
2229
872
  }
2230
873
  toString(base3) {
2231
- const { bytes, version: version2, _baseCache } = this;
874
+ const { bytes: bytes2, version: version2, _baseCache } = this;
2232
875
  switch (version2) {
2233
876
  case 0:
2234
- return toStringV0(bytes, _baseCache, base3 || base58btc.encoder);
877
+ return toStringV0(bytes2, _baseCache, base3 || base58btc.encoder);
2235
878
  default:
2236
- return toStringV1(bytes, _baseCache, base3 || base32.encoder);
879
+ return toStringV1(bytes2, _baseCache, base3 || base32.encoder);
2237
880
  }
2238
881
  }
2239
882
  toJSON() {
@@ -2272,8 +915,8 @@ var CID = class {
2272
915
  if (value instanceof CID) {
2273
916
  return value;
2274
917
  } else if (value != null && value.asCID === value) {
2275
- const { version: version2, code: code2, multihash, bytes } = value;
2276
- return new CID(version2, code2, multihash, bytes || encodeCID(version2, code2, multihash.bytes));
918
+ const { version: version2, code: code2, multihash, bytes: bytes2 } = value;
919
+ return new CID(version2, code2, multihash, bytes2 || encodeCID(version2, code2, multihash.bytes));
2277
920
  } else if (value != null && value[cidSymbol] === true) {
2278
921
  const { version: version2, multihash, code: code2 } = value;
2279
922
  const digest2 = decode5(multihash);
@@ -2295,8 +938,8 @@ var CID = class {
2295
938
  }
2296
939
  }
2297
940
  case 1: {
2298
- const bytes = encodeCID(version2, code2, digest2.bytes);
2299
- return new CID(version2, code2, digest2, bytes);
941
+ const bytes2 = encodeCID(version2, code2, digest2.bytes);
942
+ return new CID(version2, code2, digest2, bytes2);
2300
943
  }
2301
944
  default: {
2302
945
  throw new Error("Invalid version");
@@ -2309,17 +952,17 @@ var CID = class {
2309
952
  static createV1(code2, digest2) {
2310
953
  return CID.create(1, code2, digest2);
2311
954
  }
2312
- static decode(bytes) {
2313
- const [cid, remainder] = CID.decodeFirst(bytes);
955
+ static decode(bytes2) {
956
+ const [cid, remainder] = CID.decodeFirst(bytes2);
2314
957
  if (remainder.length) {
2315
958
  throw new Error("Incorrect length");
2316
959
  }
2317
960
  return cid;
2318
961
  }
2319
- static decodeFirst(bytes) {
2320
- const specs = CID.inspectBytes(bytes);
962
+ static decodeFirst(bytes2) {
963
+ const specs = CID.inspectBytes(bytes2);
2321
964
  const prefixSize = specs.size - specs.multihashSize;
2322
- const multihashBytes = coerce(bytes.subarray(prefixSize, prefixSize + specs.multihashSize));
965
+ const multihashBytes = coerce(bytes2.subarray(prefixSize, prefixSize + specs.multihashSize));
2323
966
  if (multihashBytes.byteLength !== specs.multihashSize) {
2324
967
  throw new Error("Incorrect length");
2325
968
  }
@@ -2328,7 +971,7 @@ var CID = class {
2328
971
  const cid = specs.version === 0 ? CID.createV0(digest2) : CID.createV1(specs.codec, digest2);
2329
972
  return [
2330
973
  cid,
2331
- bytes.subarray(specs.size)
974
+ bytes2.subarray(specs.size)
2332
975
  ];
2333
976
  }
2334
977
  static inspectBytes(initialBytes) {
@@ -2364,8 +1007,8 @@ var CID = class {
2364
1007
  };
2365
1008
  }
2366
1009
  static parse(source, base3) {
2367
- const [prefix, bytes] = parseCIDtoBytes(source, base3);
2368
- const cid = CID.decode(bytes);
1010
+ const [prefix, bytes2] = parseCIDtoBytes(source, base3);
1011
+ const cid = CID.decode(bytes2);
2369
1012
  cid._baseCache.set(prefix, source);
2370
1013
  return cid;
2371
1014
  }
@@ -2404,25 +1047,25 @@ var parseCIDtoBytes = (source, base3) => {
2404
1047
  }
2405
1048
  }
2406
1049
  };
2407
- var toStringV0 = (bytes, cache, base3) => {
1050
+ var toStringV0 = (bytes2, cache, base3) => {
2408
1051
  const { prefix } = base3;
2409
1052
  if (prefix !== base58btc.prefix) {
2410
1053
  throw Error(`Cannot string encode V0 in ${base3.name} encoding`);
2411
1054
  }
2412
1055
  const cid = cache.get(prefix);
2413
1056
  if (cid == null) {
2414
- const cid2 = base3.encode(bytes).slice(1);
1057
+ const cid2 = base3.encode(bytes2).slice(1);
2415
1058
  cache.set(prefix, cid2);
2416
1059
  return cid2;
2417
1060
  } else {
2418
1061
  return cid;
2419
1062
  }
2420
1063
  };
2421
- var toStringV1 = (bytes, cache, base3) => {
1064
+ var toStringV1 = (bytes2, cache, base3) => {
2422
1065
  const { prefix } = base3;
2423
1066
  const cid = cache.get(prefix);
2424
1067
  if (cid == null) {
2425
- const cid2 = base3.encode(bytes);
1068
+ const cid2 = base3.encode(bytes2);
2426
1069
  cache.set(prefix, cid2);
2427
1070
  return cid2;
2428
1071
  } else {
@@ -2434,11 +1077,11 @@ var SHA_256_CODE = 18;
2434
1077
  var encodeCID = (version2, code2, multihash) => {
2435
1078
  const codeOffset = encodingLength(version2);
2436
1079
  const hashOffset = codeOffset + encodingLength(code2);
2437
- const bytes = new Uint8Array(hashOffset + multihash.byteLength);
2438
- encodeTo(version2, bytes, 0);
2439
- encodeTo(code2, bytes, codeOffset);
2440
- bytes.set(multihash, hashOffset);
2441
- return bytes;
1080
+ const bytes2 = new Uint8Array(hashOffset + multihash.byteLength);
1081
+ encodeTo(version2, bytes2, 0);
1082
+ encodeTo(code2, bytes2, codeOffset);
1083
+ bytes2.set(multihash, hashOffset);
1084
+ return bytes2;
2442
1085
  };
2443
1086
  var cidSymbol = Symbol.for("@ipld/js-cid/CID");
2444
1087
  var readonly = {
@@ -2556,650 +1199,223 @@ function toString2(array, encoding = "utf8") {
2556
1199
  return base3.encoder.encode(array).substring(1);
2557
1200
  }
2558
1201
 
2559
- // src/random.ts
2560
- var randomBytes = (length2) => {
2561
- return webcrypto.getRandomValues(new Uint8Array(length2));
2562
- };
2563
- var randomIV = () => {
2564
- return randomBytes(12);
2565
- };
2566
- var randomStr = (byteLength, encoding) => {
2567
- const bytes = randomBytes(byteLength);
2568
- return toString2(bytes, encoding);
2569
- };
2570
-
2571
- // src/aes.ts
2572
- var AesKey = class {
2573
- constructor(key) {
2574
- this.key = key;
2575
- }
2576
- static async create() {
2577
- const key = await webcrypto.subtle.generateKey(
2578
- {
2579
- name: "AES-GCM",
2580
- length: 256
2581
- },
2582
- true,
2583
- ["encrypt", "decrypt"]
2584
- );
2585
- return new AesKey(key);
2586
- }
2587
- async encrypt(data) {
2588
- const iv = randomIV();
2589
- const dataBytes = fromString2(data, "utf8");
2590
- const buf = await webcrypto.subtle.encrypt(
2591
- {
2592
- name: "AES-GCM",
2593
- iv
2594
- },
2595
- this.key,
2596
- dataBytes
2597
- );
2598
- const encryptedBytes = new Uint8Array(buf);
2599
- const encrypted = toString2(
2600
- concat([iv, encryptedBytes]),
2601
- "base64pad"
2602
- );
2603
- return encrypted;
2604
- }
2605
- async decrypt(data) {
2606
- const dataBytes = fromString2(data, "base64pad");
2607
- const iv = dataBytes.slice(0, 12);
2608
- const encrypted = dataBytes.slice(12);
2609
- const buf = await webcrypto.subtle.decrypt(
2610
- {
2611
- name: "AES-GCM",
2612
- iv
2613
- },
2614
- this.key,
2615
- encrypted
2616
- );
2617
- const decryptedBytes = new Uint8Array(buf);
2618
- return toString2(decryptedBytes, "utf8");
1202
+ // ../../node_modules/@noble/hashes/esm/_assert.js
1203
+ function number(n) {
1204
+ if (!Number.isSafeInteger(n) || n < 0)
1205
+ throw new Error(`Wrong positive integer: ${n}`);
1206
+ }
1207
+ function bool(b) {
1208
+ if (typeof b !== "boolean")
1209
+ throw new Error(`Expected boolean, not ${b}`);
1210
+ }
1211
+ function bytes(b, ...lengths) {
1212
+ if (!(b instanceof Uint8Array))
1213
+ throw new Error("Expected Uint8Array");
1214
+ if (lengths.length > 0 && !lengths.includes(b.length))
1215
+ throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
1216
+ }
1217
+ function hash(hash2) {
1218
+ if (typeof hash2 !== "function" || typeof hash2.create !== "function")
1219
+ throw new Error("Hash should be wrapped by utils.wrapConstructor");
1220
+ number(hash2.outputLen);
1221
+ number(hash2.blockLen);
1222
+ }
1223
+ function exists(instance, checkFinished = true) {
1224
+ if (instance.destroyed)
1225
+ throw new Error("Hash instance has been destroyed");
1226
+ if (checkFinished && instance.finished)
1227
+ throw new Error("Hash#digest() has already been called");
1228
+ }
1229
+ function output(out, instance) {
1230
+ bytes(out);
1231
+ const min = instance.outputLen;
1232
+ if (out.length < min) {
1233
+ throw new Error(`digestInto() expects output buffer of length at least ${min}`);
2619
1234
  }
2620
- };
2621
-
2622
- // src/const.ts
2623
- var P256_DID_PREFIX = new Uint8Array([128, 36]);
2624
- var SECP256K1_DID_PREFIX = new Uint8Array([231, 1]);
2625
- var BASE58_DID_PREFIX = "did:key:z";
2626
- var P256_JWT_ALG = "ES256";
2627
- var SECP256K1_JWT_ALG = "ES256K";
1235
+ }
1236
+ var assert = {
1237
+ number,
1238
+ bool,
1239
+ bytes,
1240
+ hash,
1241
+ exists,
1242
+ output
1243
+ };
1244
+ var assert_default = assert;
2628
1245
 
2629
- // src/p256/encoding.ts
2630
- var import_big_integer = __toESM(require_BigInteger());
2631
- var compressPubkey = (pubkeyBytes) => {
2632
- if (pubkeyBytes.length !== 65) {
2633
- throw new Error("Expected 65 byte pubkey");
2634
- } else if (pubkeyBytes[0] !== 4) {
2635
- throw new Error("Expected first byte to be 0x04");
2636
- }
2637
- const x = pubkeyBytes.slice(1, 33);
2638
- const y = pubkeyBytes.slice(33, 65);
2639
- const out = new Uint8Array(x.length + 1);
2640
- out[0] = 2 + (y[y.length - 1] & 1);
2641
- out.set(x, 1);
2642
- return out;
2643
- };
2644
- var decompressPubkey = (compressed) => {
2645
- if (compressed.length !== 33) {
2646
- throw new Error("Expected 33 byte compress pubkey");
2647
- } else if (compressed[0] !== 2 && compressed[0] !== 3) {
2648
- throw new Error("Expected first byte to be 0x02 or 0x03");
2649
- }
2650
- const two = (0, import_big_integer.default)(2);
2651
- const prime = two.pow(256).subtract(two.pow(224)).add(two.pow(192)).add(two.pow(96)).subtract(1);
2652
- const b = (0, import_big_integer.default)(
2653
- "41058363725152142129326129780047268409114441015993725554835256314039467401291"
2654
- );
2655
- const pIdent = prime.add(1).divide(4);
2656
- const signY = (0, import_big_integer.default)(compressed[0] - 2);
2657
- const x = compressed.slice(1);
2658
- const xBig = (0, import_big_integer.default)(toString2(x, "base10"));
2659
- const maybeY = xBig.pow(3).subtract(xBig.multiply(3)).add(b).modPow(pIdent, prime);
2660
- let yBig;
2661
- if (maybeY.mod(2).equals(signY)) {
2662
- yBig = maybeY;
2663
- } else {
2664
- yBig = prime.subtract(maybeY);
2665
- }
2666
- const y = fromString2(yBig.toString(10), "base10");
2667
- const offset = 32 - y.length;
2668
- const yPadded = new Uint8Array(32);
2669
- yPadded.set(y, offset);
2670
- const publicKey = concat([[4], x, yPadded]);
2671
- return publicKey;
2672
- };
1246
+ // ../../node_modules/@noble/hashes/esm/cryptoNode.js
1247
+ var nc = __toESM(require("node:crypto"), 1);
1248
+ var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : void 0;
2673
1249
 
2674
- // ../../node_modules/@noble/secp256k1/lib/esm/index.js
2675
- var nodeCrypto = __toESM(require("crypto"), 1);
2676
- var _0n = BigInt(0);
2677
- var _1n = BigInt(1);
2678
- var _2n = BigInt(2);
2679
- var _3n = BigInt(3);
2680
- var _8n = BigInt(8);
2681
- var CURVE = Object.freeze({
2682
- a: _0n,
2683
- b: BigInt(7),
2684
- P: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
2685
- n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
2686
- h: _1n,
2687
- Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
2688
- Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
2689
- beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee")
2690
- });
2691
- function weistrass(x) {
2692
- const { a, b } = CURVE;
2693
- const x2 = mod(x * x);
2694
- const x3 = mod(x2 * x);
2695
- return mod(x3 + a * x + b);
1250
+ // ../../node_modules/@noble/hashes/esm/utils.js
1251
+ var u8a = (a) => a instanceof Uint8Array;
1252
+ var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
1253
+ var rotr = (word, shift) => word << 32 - shift | word >>> shift;
1254
+ var isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
1255
+ if (!isLE)
1256
+ throw new Error("Non little-endian hardware is not supported");
1257
+ var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
1258
+ function utf8ToBytes(str) {
1259
+ if (typeof str !== "string")
1260
+ throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
1261
+ return new Uint8Array(new TextEncoder().encode(str));
2696
1262
  }
2697
- var USE_ENDOMORPHISM = CURVE.a === _0n;
2698
- var ShaError = class extends Error {
2699
- constructor(message) {
2700
- super(message);
2701
- }
2702
- };
2703
- var JacobianPoint = class {
2704
- constructor(x, y, z) {
2705
- this.x = x;
2706
- this.y = y;
2707
- this.z = z;
2708
- }
2709
- static fromAffine(p) {
2710
- if (!(p instanceof Point)) {
2711
- throw new TypeError("JacobianPoint#fromAffine: expected Point");
2712
- }
2713
- return new JacobianPoint(p.x, p.y, _1n);
2714
- }
2715
- static toAffineBatch(points) {
2716
- const toInv = invertBatch(points.map((p) => p.z));
2717
- return points.map((p, i) => p.toAffine(toInv[i]));
2718
- }
2719
- static normalizeZ(points) {
2720
- return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
2721
- }
2722
- equals(other) {
2723
- if (!(other instanceof JacobianPoint))
2724
- throw new TypeError("JacobianPoint expected");
2725
- const { x: X1, y: Y1, z: Z1 } = this;
2726
- const { x: X2, y: Y2, z: Z2 } = other;
2727
- const Z1Z1 = mod(Z1 * Z1);
2728
- const Z2Z2 = mod(Z2 * Z2);
2729
- const U1 = mod(X1 * Z2Z2);
2730
- const U2 = mod(X2 * Z1Z1);
2731
- const S1 = mod(mod(Y1 * Z2) * Z2Z2);
2732
- const S2 = mod(mod(Y2 * Z1) * Z1Z1);
2733
- return U1 === U2 && S1 === S2;
2734
- }
2735
- negate() {
2736
- return new JacobianPoint(this.x, mod(-this.y), this.z);
2737
- }
2738
- double() {
2739
- const { x: X1, y: Y1, z: Z1 } = this;
2740
- const A = mod(X1 * X1);
2741
- const B = mod(Y1 * Y1);
2742
- const C = mod(B * B);
2743
- const x1b = X1 + B;
2744
- const D = mod(_2n * (mod(x1b * x1b) - A - C));
2745
- const E = mod(_3n * A);
2746
- const F = mod(E * E);
2747
- const X3 = mod(F - _2n * D);
2748
- const Y3 = mod(E * (D - X3) - _8n * C);
2749
- const Z3 = mod(_2n * Y1 * Z1);
2750
- return new JacobianPoint(X3, Y3, Z3);
2751
- }
2752
- add(other) {
2753
- if (!(other instanceof JacobianPoint))
2754
- throw new TypeError("JacobianPoint expected");
2755
- const { x: X1, y: Y1, z: Z1 } = this;
2756
- const { x: X2, y: Y2, z: Z2 } = other;
2757
- if (X2 === _0n || Y2 === _0n)
2758
- return this;
2759
- if (X1 === _0n || Y1 === _0n)
2760
- return other;
2761
- const Z1Z1 = mod(Z1 * Z1);
2762
- const Z2Z2 = mod(Z2 * Z2);
2763
- const U1 = mod(X1 * Z2Z2);
2764
- const U2 = mod(X2 * Z1Z1);
2765
- const S1 = mod(mod(Y1 * Z2) * Z2Z2);
2766
- const S2 = mod(mod(Y2 * Z1) * Z1Z1);
2767
- const H = mod(U2 - U1);
2768
- const r = mod(S2 - S1);
2769
- if (H === _0n) {
2770
- if (r === _0n) {
2771
- return this.double();
2772
- } else {
2773
- return JacobianPoint.ZERO;
2774
- }
2775
- }
2776
- const HH = mod(H * H);
2777
- const HHH = mod(H * HH);
2778
- const V = mod(U1 * HH);
2779
- const X3 = mod(r * r - HHH - _2n * V);
2780
- const Y3 = mod(r * (V - X3) - S1 * HHH);
2781
- const Z3 = mod(Z1 * Z2 * H);
2782
- return new JacobianPoint(X3, Y3, Z3);
2783
- }
2784
- subtract(other) {
2785
- return this.add(other.negate());
2786
- }
2787
- multiplyUnsafe(scalar) {
2788
- const P0 = JacobianPoint.ZERO;
2789
- if (typeof scalar === "bigint" && scalar === _0n)
2790
- return P0;
2791
- let n = normalizeScalar(scalar);
2792
- if (n === _1n)
2793
- return this;
2794
- if (!USE_ENDOMORPHISM) {
2795
- let p = P0;
2796
- let d2 = this;
2797
- while (n > _0n) {
2798
- if (n & _1n)
2799
- p = p.add(d2);
2800
- d2 = d2.double();
2801
- n >>= _1n;
2802
- }
2803
- return p;
2804
- }
2805
- let { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
2806
- let k1p = P0;
2807
- let k2p = P0;
2808
- let d = this;
2809
- while (k1 > _0n || k2 > _0n) {
2810
- if (k1 & _1n)
2811
- k1p = k1p.add(d);
2812
- if (k2 & _1n)
2813
- k2p = k2p.add(d);
2814
- d = d.double();
2815
- k1 >>= _1n;
2816
- k2 >>= _1n;
2817
- }
2818
- if (k1neg)
2819
- k1p = k1p.negate();
2820
- if (k2neg)
2821
- k2p = k2p.negate();
2822
- k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
2823
- return k1p.add(k2p);
2824
- }
2825
- precomputeWindow(W) {
2826
- const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
2827
- const points = [];
2828
- let p = this;
2829
- let base3 = p;
2830
- for (let window = 0; window < windows; window++) {
2831
- base3 = p;
2832
- points.push(base3);
2833
- for (let i = 1; i < 2 ** (W - 1); i++) {
2834
- base3 = base3.add(p);
2835
- points.push(base3);
2836
- }
2837
- p = base3.double();
2838
- }
2839
- return points;
2840
- }
2841
- wNAF(n, affinePoint) {
2842
- if (!affinePoint && this.equals(JacobianPoint.BASE))
2843
- affinePoint = Point.BASE;
2844
- const W = affinePoint && affinePoint._WINDOW_SIZE || 1;
2845
- if (256 % W) {
2846
- throw new Error("Point#wNAF: Invalid precomputation window, must be power of 2");
2847
- }
2848
- let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
2849
- if (!precomputes) {
2850
- precomputes = this.precomputeWindow(W);
2851
- if (affinePoint && W !== 1) {
2852
- precomputes = JacobianPoint.normalizeZ(precomputes);
2853
- pointPrecomputes.set(affinePoint, precomputes);
2854
- }
2855
- }
2856
- let p = JacobianPoint.ZERO;
2857
- let f = JacobianPoint.ZERO;
2858
- const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
2859
- const windowSize = 2 ** (W - 1);
2860
- const mask = BigInt(2 ** W - 1);
2861
- const maxNumber = 2 ** W;
2862
- const shiftBy = BigInt(W);
2863
- for (let window = 0; window < windows; window++) {
2864
- const offset = window * windowSize;
2865
- let wbits = Number(n & mask);
2866
- n >>= shiftBy;
2867
- if (wbits > windowSize) {
2868
- wbits -= maxNumber;
2869
- n += _1n;
2870
- }
2871
- if (wbits === 0) {
2872
- let pr = precomputes[offset];
2873
- if (window % 2)
2874
- pr = pr.negate();
2875
- f = f.add(pr);
2876
- } else {
2877
- let cached = precomputes[offset + Math.abs(wbits) - 1];
2878
- if (wbits < 0)
2879
- cached = cached.negate();
2880
- p = p.add(cached);
2881
- }
2882
- }
2883
- return { p, f };
2884
- }
2885
- multiply(scalar, affinePoint) {
2886
- let n = normalizeScalar(scalar);
2887
- let point;
2888
- let fake;
2889
- if (USE_ENDOMORPHISM) {
2890
- const { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
2891
- let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
2892
- let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
2893
- if (k1neg)
2894
- k1p = k1p.negate();
2895
- if (k2neg)
2896
- k2p = k2p.negate();
2897
- k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
2898
- point = k1p.add(k2p);
2899
- fake = f1p.add(f2p);
2900
- } else {
2901
- const { p, f } = this.wNAF(n, affinePoint);
2902
- point = p;
2903
- fake = f;
2904
- }
2905
- return JacobianPoint.normalizeZ([point, fake])[0];
2906
- }
2907
- toAffine(invZ = invert(this.z)) {
2908
- const { x, y, z } = this;
2909
- const iz1 = invZ;
2910
- const iz2 = mod(iz1 * iz1);
2911
- const iz3 = mod(iz2 * iz1);
2912
- const ax = mod(x * iz2);
2913
- const ay = mod(y * iz3);
2914
- const zz = mod(z * iz1);
2915
- if (zz !== _1n)
2916
- throw new Error("invZ was invalid");
2917
- return new Point(ax, ay);
2918
- }
2919
- };
2920
- JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
2921
- JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
2922
- var pointPrecomputes = /* @__PURE__ */ new WeakMap();
2923
- var Point = class {
2924
- constructor(x, y) {
2925
- this.x = x;
2926
- this.y = y;
2927
- }
2928
- _setWindowSize(windowSize) {
2929
- this._WINDOW_SIZE = windowSize;
2930
- pointPrecomputes.delete(this);
2931
- }
2932
- hasEvenY() {
2933
- return this.y % _2n === _0n;
2934
- }
2935
- static fromCompressedHex(bytes) {
2936
- const isShort = bytes.length === 32;
2937
- const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
2938
- if (!isValidFieldElement(x))
2939
- throw new Error("Point is not on curve");
2940
- const y2 = weistrass(x);
2941
- let y = sqrtMod(y2);
2942
- const isYOdd = (y & _1n) === _1n;
2943
- if (isShort) {
2944
- if (isYOdd)
2945
- y = mod(-y);
2946
- } else {
2947
- const isFirstByteOdd = (bytes[0] & 1) === 1;
2948
- if (isFirstByteOdd !== isYOdd)
2949
- y = mod(-y);
2950
- }
2951
- const point = new Point(x, y);
2952
- point.assertValidity();
2953
- return point;
2954
- }
2955
- static fromUncompressedHex(bytes) {
2956
- const x = bytesToNumber(bytes.subarray(1, 33));
2957
- const y = bytesToNumber(bytes.subarray(33, 65));
2958
- const point = new Point(x, y);
2959
- point.assertValidity();
2960
- return point;
2961
- }
2962
- static fromHex(hex) {
2963
- const bytes = ensureBytes(hex);
2964
- const len = bytes.length;
2965
- const header = bytes[0];
2966
- if (len === 32 || len === 33 && (header === 2 || header === 3)) {
2967
- return this.fromCompressedHex(bytes);
2968
- }
2969
- if (len === 65 && header === 4)
2970
- return this.fromUncompressedHex(bytes);
2971
- throw new Error(`Point.fromHex: received invalid point. Expected 32-33 compressed bytes or 65 uncompressed bytes, not ${len}`);
2972
- }
2973
- static fromPrivateKey(privateKey) {
2974
- return Point.BASE.multiply(normalizePrivateKey(privateKey));
2975
- }
2976
- static fromSignature(msgHash, signature, recovery) {
2977
- msgHash = ensureBytes(msgHash);
2978
- const h = truncateHash(msgHash);
2979
- const { r, s } = normalizeSignature(signature);
2980
- if (recovery !== 0 && recovery !== 1) {
2981
- throw new Error("Cannot recover signature: invalid recovery bit");
2982
- }
2983
- const prefix = recovery & 1 ? "03" : "02";
2984
- const R = Point.fromHex(prefix + numTo32bStr(r));
2985
- const { n } = CURVE;
2986
- const rinv = invert(r, n);
2987
- const u1 = mod(-h * rinv, n);
2988
- const u2 = mod(s * rinv, n);
2989
- const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
2990
- if (!Q)
2991
- throw new Error("Cannot recover signature: point at infinify");
2992
- Q.assertValidity();
2993
- return Q;
2994
- }
2995
- toRawBytes(isCompressed = false) {
2996
- return hexToBytes(this.toHex(isCompressed));
2997
- }
2998
- toHex(isCompressed = false) {
2999
- const x = numTo32bStr(this.x);
3000
- if (isCompressed) {
3001
- const prefix = this.hasEvenY() ? "02" : "03";
3002
- return `${prefix}${x}`;
3003
- } else {
3004
- return `04${x}${numTo32bStr(this.y)}`;
3005
- }
3006
- }
3007
- toHexX() {
3008
- return this.toHex(true).slice(2);
3009
- }
3010
- toRawX() {
3011
- return this.toRawBytes(true).slice(1);
3012
- }
3013
- assertValidity() {
3014
- const msg = "Point is not on elliptic curve";
3015
- const { x, y } = this;
3016
- if (!isValidFieldElement(x) || !isValidFieldElement(y))
3017
- throw new Error(msg);
3018
- const left = mod(y * y);
3019
- const right = weistrass(x);
3020
- if (mod(left - right) !== _0n)
3021
- throw new Error(msg);
3022
- }
3023
- equals(other) {
3024
- return this.x === other.x && this.y === other.y;
3025
- }
3026
- negate() {
3027
- return new Point(this.x, mod(-this.y));
3028
- }
3029
- double() {
3030
- return JacobianPoint.fromAffine(this).double().toAffine();
3031
- }
3032
- add(other) {
3033
- return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
3034
- }
3035
- subtract(other) {
3036
- return this.add(other.negate());
3037
- }
3038
- multiply(scalar) {
3039
- return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
3040
- }
3041
- multiplyAndAddUnsafe(Q, a, b) {
3042
- const P = JacobianPoint.fromAffine(this);
3043
- const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
3044
- const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
3045
- const sum = aP.add(bQ);
3046
- return sum.equals(JacobianPoint.ZERO) ? void 0 : sum.toAffine();
3047
- }
3048
- };
3049
- Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
3050
- Point.ZERO = new Point(_0n, _0n);
3051
- function sliceDER(s) {
3052
- return Number.parseInt(s[0], 16) >= 8 ? "00" + s : s;
1263
+ function toBytes(data) {
1264
+ if (typeof data === "string")
1265
+ data = utf8ToBytes(data);
1266
+ if (!u8a(data))
1267
+ throw new Error(`expected Uint8Array, got ${typeof data}`);
1268
+ return data;
3053
1269
  }
3054
- function parseDERInt(data) {
3055
- if (data.length < 2 || data[0] !== 2) {
3056
- throw new Error(`Invalid signature integer tag: ${bytesToHex(data)}`);
3057
- }
3058
- const len = data[1];
3059
- const res = data.subarray(2, len + 2);
3060
- if (!len || res.length !== len) {
3061
- throw new Error(`Invalid signature integer: wrong length`);
3062
- }
3063
- if (res[0] === 0 && res[1] <= 127) {
3064
- throw new Error("Invalid signature integer: trailing length");
3065
- }
3066
- return { data: bytesToNumber(res), left: data.subarray(len + 2) };
1270
+ function concatBytes(...arrays) {
1271
+ const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
1272
+ let pad = 0;
1273
+ arrays.forEach((a) => {
1274
+ if (!u8a(a))
1275
+ throw new Error("Uint8Array expected");
1276
+ r.set(a, pad);
1277
+ pad += a.length;
1278
+ });
1279
+ return r;
3067
1280
  }
3068
- function parseDERSignature(data) {
3069
- if (data.length < 2 || data[0] != 48) {
3070
- throw new Error(`Invalid signature tag: ${bytesToHex(data)}`);
3071
- }
3072
- if (data[1] !== data.length - 2) {
3073
- throw new Error("Invalid signature: incorrect length");
3074
- }
3075
- const { data: r, left: sBytes } = parseDERInt(data.subarray(2));
3076
- const { data: s, left: rBytesLeft } = parseDERInt(sBytes);
3077
- if (rBytesLeft.length) {
3078
- throw new Error(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
3079
- }
3080
- return { r, s };
1281
+ var Hash = class {
1282
+ clone() {
1283
+ return this._cloneInto();
1284
+ }
1285
+ };
1286
+ function wrapConstructor(hashCons) {
1287
+ const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
1288
+ const tmp = hashCons();
1289
+ hashC.outputLen = tmp.outputLen;
1290
+ hashC.blockLen = tmp.blockLen;
1291
+ hashC.create = () => hashCons();
1292
+ return hashC;
3081
1293
  }
3082
- var Signature = class {
3083
- constructor(r, s) {
3084
- this.r = r;
3085
- this.s = s;
3086
- this.assertValidity();
3087
- }
3088
- static fromCompact(hex) {
3089
- const arr = hex instanceof Uint8Array;
3090
- const name2 = "Signature.fromCompact";
3091
- if (typeof hex !== "string" && !arr)
3092
- throw new TypeError(`${name2}: Expected string or Uint8Array`);
3093
- const str = arr ? bytesToHex(hex) : hex;
3094
- if (str.length !== 128)
3095
- throw new Error(`${name2}: Expected 64-byte hex`);
3096
- return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
3097
- }
3098
- static fromDER(hex) {
3099
- const arr = hex instanceof Uint8Array;
3100
- if (typeof hex !== "string" && !arr)
3101
- throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
3102
- const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
3103
- return new Signature(r, s);
3104
- }
3105
- static fromHex(hex) {
3106
- return this.fromDER(hex);
3107
- }
3108
- assertValidity() {
3109
- const { r, s } = this;
3110
- if (!isWithinCurveOrder(r))
3111
- throw new Error("Invalid Signature: r must be 0 < r < n");
3112
- if (!isWithinCurveOrder(s))
3113
- throw new Error("Invalid Signature: s must be 0 < s < n");
3114
- }
3115
- hasHighS() {
3116
- const HALF = CURVE.n >> _1n;
3117
- return this.s > HALF;
3118
- }
3119
- normalizeS() {
3120
- return this.hasHighS() ? new Signature(this.r, CURVE.n - this.s) : this;
3121
- }
3122
- toDERRawBytes(isCompressed = false) {
3123
- return hexToBytes(this.toDERHex(isCompressed));
3124
- }
3125
- toDERHex(isCompressed = false) {
3126
- const sHex = sliceDER(numberToHexUnpadded(this.s));
3127
- if (isCompressed)
3128
- return sHex;
3129
- const rHex = sliceDER(numberToHexUnpadded(this.r));
3130
- const rLen = numberToHexUnpadded(rHex.length / 2);
3131
- const sLen = numberToHexUnpadded(sHex.length / 2);
3132
- const length2 = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
3133
- return `30${length2}02${rLen}${rHex}02${sLen}${sHex}`;
3134
- }
3135
- toRawBytes() {
3136
- return this.toDERRawBytes();
3137
- }
3138
- toHex() {
3139
- return this.toDERHex();
3140
- }
3141
- toCompactRawBytes() {
3142
- return hexToBytes(this.toCompactHex());
3143
- }
3144
- toCompactHex() {
3145
- return numTo32bStr(this.r) + numTo32bStr(this.s);
1294
+ function randomBytes(bytesLength = 32) {
1295
+ if (crypto2 && typeof crypto2.getRandomValues === "function") {
1296
+ return crypto2.getRandomValues(new Uint8Array(bytesLength));
3146
1297
  }
3147
- };
3148
- function concatBytes(...arrays) {
3149
- if (!arrays.every((b) => b instanceof Uint8Array))
3150
- throw new Error("Uint8Array list expected");
3151
- if (arrays.length === 1)
3152
- return arrays[0];
3153
- const length2 = arrays.reduce((a, arr) => a + arr.length, 0);
3154
- const result = new Uint8Array(length2);
3155
- for (let i = 0, pad = 0; i < arrays.length; i++) {
3156
- const arr = arrays[i];
3157
- result.set(arr, pad);
3158
- pad += arr.length;
3159
- }
3160
- return result;
1298
+ throw new Error("crypto.getRandomValues must be defined");
3161
1299
  }
3162
- var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
3163
- function bytesToHex(uint8a) {
3164
- if (!(uint8a instanceof Uint8Array))
3165
- throw new Error("Expected Uint8Array");
1300
+
1301
+ // ../../node_modules/@noble/hashes/esm/hmac.js
1302
+ var HMAC = class extends Hash {
1303
+ constructor(hash2, _key) {
1304
+ super();
1305
+ this.finished = false;
1306
+ this.destroyed = false;
1307
+ assert_default.hash(hash2);
1308
+ const key = toBytes(_key);
1309
+ this.iHash = hash2.create();
1310
+ if (typeof this.iHash.update !== "function")
1311
+ throw new Error("Expected instance of class which extends utils.Hash");
1312
+ this.blockLen = this.iHash.blockLen;
1313
+ this.outputLen = this.iHash.outputLen;
1314
+ const blockLen = this.blockLen;
1315
+ const pad = new Uint8Array(blockLen);
1316
+ pad.set(key.length > blockLen ? hash2.create().update(key).digest() : key);
1317
+ for (let i = 0; i < pad.length; i++)
1318
+ pad[i] ^= 54;
1319
+ this.iHash.update(pad);
1320
+ this.oHash = hash2.create();
1321
+ for (let i = 0; i < pad.length; i++)
1322
+ pad[i] ^= 54 ^ 92;
1323
+ this.oHash.update(pad);
1324
+ pad.fill(0);
1325
+ }
1326
+ update(buf) {
1327
+ assert_default.exists(this);
1328
+ this.iHash.update(buf);
1329
+ return this;
1330
+ }
1331
+ digestInto(out) {
1332
+ assert_default.exists(this);
1333
+ assert_default.bytes(out, this.outputLen);
1334
+ this.finished = true;
1335
+ this.iHash.digestInto(out);
1336
+ this.oHash.update(out);
1337
+ this.oHash.digestInto(out);
1338
+ this.destroy();
1339
+ }
1340
+ digest() {
1341
+ const out = new Uint8Array(this.oHash.outputLen);
1342
+ this.digestInto(out);
1343
+ return out;
1344
+ }
1345
+ _cloneInto(to) {
1346
+ to || (to = Object.create(Object.getPrototypeOf(this), {}));
1347
+ const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
1348
+ to = to;
1349
+ to.finished = finished;
1350
+ to.destroyed = destroyed;
1351
+ to.blockLen = blockLen;
1352
+ to.outputLen = outputLen;
1353
+ to.oHash = oHash._cloneInto(to.oHash);
1354
+ to.iHash = iHash._cloneInto(to.iHash);
1355
+ return to;
1356
+ }
1357
+ destroy() {
1358
+ this.destroyed = true;
1359
+ this.oHash.destroy();
1360
+ this.iHash.destroy();
1361
+ }
1362
+ };
1363
+ var hmac = (hash2, key, message) => new HMAC(hash2, key).update(message).digest();
1364
+ hmac.create = (hash2, key) => new HMAC(hash2, key);
1365
+
1366
+ // ../../node_modules/@noble/curves/esm/abstract/utils.js
1367
+ var utils_exports = {};
1368
+ __export(utils_exports, {
1369
+ bitGet: () => bitGet,
1370
+ bitLen: () => bitLen,
1371
+ bitMask: () => bitMask,
1372
+ bitSet: () => bitSet,
1373
+ bytesToHex: () => bytesToHex,
1374
+ bytesToNumberBE: () => bytesToNumberBE,
1375
+ bytesToNumberLE: () => bytesToNumberLE,
1376
+ concatBytes: () => concatBytes2,
1377
+ createHmacDrbg: () => createHmacDrbg,
1378
+ ensureBytes: () => ensureBytes,
1379
+ equalBytes: () => equalBytes,
1380
+ hexToBytes: () => hexToBytes,
1381
+ hexToNumber: () => hexToNumber,
1382
+ numberToBytesBE: () => numberToBytesBE,
1383
+ numberToBytesLE: () => numberToBytesLE,
1384
+ numberToHexUnpadded: () => numberToHexUnpadded,
1385
+ numberToVarBytesBE: () => numberToVarBytesBE,
1386
+ utf8ToBytes: () => utf8ToBytes2,
1387
+ validateObject: () => validateObject
1388
+ });
1389
+ var _0n = BigInt(0);
1390
+ var _1n = BigInt(1);
1391
+ var _2n = BigInt(2);
1392
+ var u8a2 = (a) => a instanceof Uint8Array;
1393
+ var hexes2 = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
1394
+ function bytesToHex(bytes2) {
1395
+ if (!u8a2(bytes2))
1396
+ throw new Error("Uint8Array expected");
3166
1397
  let hex = "";
3167
- for (let i = 0; i < uint8a.length; i++) {
3168
- hex += hexes[uint8a[i]];
1398
+ for (let i = 0; i < bytes2.length; i++) {
1399
+ hex += hexes2[bytes2[i]];
3169
1400
  }
3170
1401
  return hex;
3171
1402
  }
3172
- var POW_2_256 = BigInt("0x10000000000000000000000000000000000000000000000000000000000000000");
3173
- function numTo32bStr(num) {
3174
- if (typeof num !== "bigint")
3175
- throw new Error("Expected bigint");
3176
- if (!(_0n <= num && num < POW_2_256))
3177
- throw new Error("Expected number < 2^256");
3178
- return num.toString(16).padStart(64, "0");
3179
- }
3180
- function numTo32b(num) {
3181
- const b = hexToBytes(numTo32bStr(num));
3182
- if (b.length !== 32)
3183
- throw new Error("Error: expected 32 bytes");
3184
- return b;
3185
- }
3186
1403
  function numberToHexUnpadded(num) {
3187
1404
  const hex = num.toString(16);
3188
1405
  return hex.length & 1 ? `0${hex}` : hex;
3189
1406
  }
3190
1407
  function hexToNumber(hex) {
3191
- if (typeof hex !== "string") {
3192
- throw new TypeError("hexToNumber: expected string, got " + typeof hex);
3193
- }
3194
- return BigInt(`0x${hex}`);
1408
+ if (typeof hex !== "string")
1409
+ throw new Error("hex string expected, got " + typeof hex);
1410
+ return BigInt(hex === "" ? "0" : `0x${hex}`);
3195
1411
  }
3196
1412
  function hexToBytes(hex) {
3197
- if (typeof hex !== "string") {
3198
- throw new TypeError("hexToBytes: expected string, got " + typeof hex);
3199
- }
3200
- if (hex.length % 2)
3201
- throw new Error("hexToBytes: received invalid unpadded hex" + hex.length);
3202
- const array = new Uint8Array(hex.length / 2);
1413
+ if (typeof hex !== "string")
1414
+ throw new Error("hex string expected, got " + typeof hex);
1415
+ const len = hex.length;
1416
+ if (len % 2)
1417
+ throw new Error("padded hex string expected, got unpadded hex of length " + len);
1418
+ const array = new Uint8Array(len / 2);
3203
1419
  for (let i = 0; i < array.length; i++) {
3204
1420
  const j = i * 2;
3205
1421
  const hexByte = hex.slice(j, j + 2);
@@ -3210,63 +1426,201 @@ function hexToBytes(hex) {
3210
1426
  }
3211
1427
  return array;
3212
1428
  }
3213
- function bytesToNumber(bytes) {
3214
- return hexToNumber(bytesToHex(bytes));
1429
+ function bytesToNumberBE(bytes2) {
1430
+ return hexToNumber(bytesToHex(bytes2));
3215
1431
  }
3216
- function ensureBytes(hex) {
3217
- return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
1432
+ function bytesToNumberLE(bytes2) {
1433
+ if (!u8a2(bytes2))
1434
+ throw new Error("Uint8Array expected");
1435
+ return hexToNumber(bytesToHex(Uint8Array.from(bytes2).reverse()));
3218
1436
  }
3219
- function normalizeScalar(num) {
3220
- if (typeof num === "number" && Number.isSafeInteger(num) && num > 0)
3221
- return BigInt(num);
3222
- if (typeof num === "bigint" && isWithinCurveOrder(num))
3223
- return num;
3224
- throw new TypeError("Expected valid private scalar: 0 < scalar < curve.n");
1437
+ function numberToBytesBE(n, len) {
1438
+ return hexToBytes(n.toString(16).padStart(len * 2, "0"));
1439
+ }
1440
+ function numberToBytesLE(n, len) {
1441
+ return numberToBytesBE(n, len).reverse();
1442
+ }
1443
+ function numberToVarBytesBE(n) {
1444
+ return hexToBytes(numberToHexUnpadded(n));
1445
+ }
1446
+ function ensureBytes(title, hex, expectedLength) {
1447
+ let res;
1448
+ if (typeof hex === "string") {
1449
+ try {
1450
+ res = hexToBytes(hex);
1451
+ } catch (e) {
1452
+ throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
1453
+ }
1454
+ } else if (u8a2(hex)) {
1455
+ res = Uint8Array.from(hex);
1456
+ } else {
1457
+ throw new Error(`${title} must be hex string or Uint8Array`);
1458
+ }
1459
+ const len = res.length;
1460
+ if (typeof expectedLength === "number" && len !== expectedLength)
1461
+ throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
1462
+ return res;
1463
+ }
1464
+ function concatBytes2(...arrays) {
1465
+ const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
1466
+ let pad = 0;
1467
+ arrays.forEach((a) => {
1468
+ if (!u8a2(a))
1469
+ throw new Error("Uint8Array expected");
1470
+ r.set(a, pad);
1471
+ pad += a.length;
1472
+ });
1473
+ return r;
1474
+ }
1475
+ function equalBytes(b1, b2) {
1476
+ if (b1.length !== b2.length)
1477
+ return false;
1478
+ for (let i = 0; i < b1.length; i++)
1479
+ if (b1[i] !== b2[i])
1480
+ return false;
1481
+ return true;
1482
+ }
1483
+ function utf8ToBytes2(str) {
1484
+ if (typeof str !== "string")
1485
+ throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
1486
+ return new Uint8Array(new TextEncoder().encode(str));
1487
+ }
1488
+ function bitLen(n) {
1489
+ let len;
1490
+ for (len = 0; n > _0n; n >>= _1n, len += 1)
1491
+ ;
1492
+ return len;
1493
+ }
1494
+ function bitGet(n, pos) {
1495
+ return n >> BigInt(pos) & _1n;
1496
+ }
1497
+ var bitSet = (n, pos, value) => {
1498
+ return n | (value ? _1n : _0n) << BigInt(pos);
1499
+ };
1500
+ var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
1501
+ var u8n = (data) => new Uint8Array(data);
1502
+ var u8fr = (arr) => Uint8Array.from(arr);
1503
+ function createHmacDrbg(hashLen, qByteLen, hmacFn) {
1504
+ if (typeof hashLen !== "number" || hashLen < 2)
1505
+ throw new Error("hashLen must be a number");
1506
+ if (typeof qByteLen !== "number" || qByteLen < 2)
1507
+ throw new Error("qByteLen must be a number");
1508
+ if (typeof hmacFn !== "function")
1509
+ throw new Error("hmacFn must be a function");
1510
+ let v = u8n(hashLen);
1511
+ let k = u8n(hashLen);
1512
+ let i = 0;
1513
+ const reset = () => {
1514
+ v.fill(1);
1515
+ k.fill(0);
1516
+ i = 0;
1517
+ };
1518
+ const h = (...b) => hmacFn(k, v, ...b);
1519
+ const reseed = (seed = u8n()) => {
1520
+ k = h(u8fr([0]), seed);
1521
+ v = h();
1522
+ if (seed.length === 0)
1523
+ return;
1524
+ k = h(u8fr([1]), seed);
1525
+ v = h();
1526
+ };
1527
+ const gen = () => {
1528
+ if (i++ >= 1e3)
1529
+ throw new Error("drbg: tried 1000 values");
1530
+ let len = 0;
1531
+ const out = [];
1532
+ while (len < qByteLen) {
1533
+ v = h();
1534
+ const sl = v.slice();
1535
+ out.push(sl);
1536
+ len += v.length;
1537
+ }
1538
+ return concatBytes2(...out);
1539
+ };
1540
+ const genUntil = (seed, pred) => {
1541
+ reset();
1542
+ reseed(seed);
1543
+ let res = void 0;
1544
+ while (!(res = pred(gen())))
1545
+ reseed();
1546
+ reset();
1547
+ return res;
1548
+ };
1549
+ return genUntil;
1550
+ }
1551
+ var validatorFns = {
1552
+ bigint: (val) => typeof val === "bigint",
1553
+ function: (val) => typeof val === "function",
1554
+ boolean: (val) => typeof val === "boolean",
1555
+ string: (val) => typeof val === "string",
1556
+ isSafeInteger: (val) => Number.isSafeInteger(val),
1557
+ array: (val) => Array.isArray(val),
1558
+ field: (val, object) => object.Fp.isValid(val),
1559
+ hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
1560
+ };
1561
+ function validateObject(object, validators, optValidators = {}) {
1562
+ const checkField = (fieldName, type, isOptional) => {
1563
+ const checkVal = validatorFns[type];
1564
+ if (typeof checkVal !== "function")
1565
+ throw new Error(`Invalid validator "${type}", expected function`);
1566
+ const val = object[fieldName];
1567
+ if (isOptional && val === void 0)
1568
+ return;
1569
+ if (!checkVal(val, object)) {
1570
+ throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
1571
+ }
1572
+ };
1573
+ for (const [fieldName, type] of Object.entries(validators))
1574
+ checkField(fieldName, type, false);
1575
+ for (const [fieldName, type] of Object.entries(optValidators))
1576
+ checkField(fieldName, type, true);
1577
+ return object;
3225
1578
  }
3226
- function mod(a, b = CURVE.P) {
1579
+
1580
+ // ../../node_modules/@noble/curves/esm/abstract/modular.js
1581
+ var _0n2 = BigInt(0);
1582
+ var _1n2 = BigInt(1);
1583
+ var _2n2 = BigInt(2);
1584
+ var _3n = BigInt(3);
1585
+ var _4n = BigInt(4);
1586
+ var _5n = BigInt(5);
1587
+ var _8n = BigInt(8);
1588
+ var _9n = BigInt(9);
1589
+ var _16n = BigInt(16);
1590
+ function mod(a, b) {
3227
1591
  const result = a % b;
3228
- return result >= _0n ? result : b + result;
1592
+ return result >= _0n2 ? result : b + result;
1593
+ }
1594
+ function pow(num, power, modulo) {
1595
+ if (modulo <= _0n2 || power < _0n2)
1596
+ throw new Error("Expected power/modulo > 0");
1597
+ if (modulo === _1n2)
1598
+ return _0n2;
1599
+ let res = _1n2;
1600
+ while (power > _0n2) {
1601
+ if (power & _1n2)
1602
+ res = res * num % modulo;
1603
+ num = num * num % modulo;
1604
+ power >>= _1n2;
1605
+ }
1606
+ return res;
3229
1607
  }
3230
- function pow2(x, power) {
3231
- const { P } = CURVE;
1608
+ function pow2(x, power, modulo) {
3232
1609
  let res = x;
3233
- while (power-- > _0n) {
1610
+ while (power-- > _0n2) {
3234
1611
  res *= res;
3235
- res %= P;
1612
+ res %= modulo;
3236
1613
  }
3237
1614
  return res;
3238
1615
  }
3239
- function sqrtMod(x) {
3240
- const { P } = CURVE;
3241
- const _6n = BigInt(6);
3242
- const _11n = BigInt(11);
3243
- const _22n = BigInt(22);
3244
- const _23n = BigInt(23);
3245
- const _44n = BigInt(44);
3246
- const _88n = BigInt(88);
3247
- const b2 = x * x * x % P;
3248
- const b3 = b2 * b2 * x % P;
3249
- const b6 = pow2(b3, _3n) * b3 % P;
3250
- const b9 = pow2(b6, _3n) * b3 % P;
3251
- const b11 = pow2(b9, _2n) * b2 % P;
3252
- const b22 = pow2(b11, _11n) * b11 % P;
3253
- const b44 = pow2(b22, _22n) * b22 % P;
3254
- const b88 = pow2(b44, _44n) * b44 % P;
3255
- const b176 = pow2(b88, _88n) * b88 % P;
3256
- const b220 = pow2(b176, _44n) * b44 % P;
3257
- const b223 = pow2(b220, _3n) * b3 % P;
3258
- const t1 = pow2(b223, _23n) * b22 % P;
3259
- const t2 = pow2(t1, _6n) * b2 % P;
3260
- return pow2(t2, _2n);
3261
- }
3262
- function invert(number, modulo = CURVE.P) {
3263
- if (number === _0n || modulo <= _0n) {
3264
- throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
1616
+ function invert(number2, modulo) {
1617
+ if (number2 === _0n2 || modulo <= _0n2) {
1618
+ throw new Error(`invert: expected positive integers, got n=${number2} mod=${modulo}`);
3265
1619
  }
3266
- let a = mod(number, modulo);
1620
+ let a = mod(number2, modulo);
3267
1621
  let b = modulo;
3268
- let x = _0n, y = _1n, u = _1n, v = _0n;
3269
- while (a !== _0n) {
1622
+ let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
1623
+ while (a !== _0n2) {
3270
1624
  const q = b / a;
3271
1625
  const r = b % a;
3272
1626
  const m = x - u * q;
@@ -3274,440 +1628,1427 @@ function invert(number, modulo = CURVE.P) {
3274
1628
  b = a, a = r, x = u, y = v, u = m, v = n;
3275
1629
  }
3276
1630
  const gcd = b;
3277
- if (gcd !== _1n)
1631
+ if (gcd !== _1n2)
3278
1632
  throw new Error("invert: does not exist");
3279
1633
  return mod(x, modulo);
3280
1634
  }
3281
- function invertBatch(nums, p = CURVE.P) {
3282
- const scratch = new Array(nums.length);
3283
- const lastMultiplied = nums.reduce((acc, num, i) => {
3284
- if (num === _0n)
3285
- return acc;
3286
- scratch[i] = acc;
3287
- return mod(acc * num, p);
3288
- }, _1n);
3289
- const inverted = invert(lastMultiplied, p);
3290
- nums.reduceRight((acc, num, i) => {
3291
- if (num === _0n)
3292
- return acc;
3293
- scratch[i] = mod(acc * scratch[i], p);
3294
- return mod(acc * num, p);
3295
- }, inverted);
3296
- return scratch;
3297
- }
3298
- var divNearest = (a, b) => (a + b / _2n) / b;
3299
- var ENDO = {
3300
- a1: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
3301
- b1: -_1n * BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),
3302
- a2: BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),
3303
- b2: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
3304
- POW_2_128: BigInt("0x100000000000000000000000000000000")
3305
- };
3306
- function splitScalarEndo(k) {
3307
- const { n } = CURVE;
3308
- const { a1, b1, a2, b2, POW_2_128 } = ENDO;
3309
- const c1 = divNearest(b2 * k, n);
3310
- const c2 = divNearest(-b1 * k, n);
3311
- let k1 = mod(k - c1 * a1 - c2 * a2, n);
3312
- let k2 = mod(-c1 * b1 - c2 * b2, n);
3313
- const k1neg = k1 > POW_2_128;
3314
- const k2neg = k2 > POW_2_128;
3315
- if (k1neg)
3316
- k1 = n - k1;
3317
- if (k2neg)
3318
- k2 = n - k2;
3319
- if (k1 > POW_2_128 || k2 > POW_2_128) {
3320
- throw new Error("splitScalarEndo: Endomorphism failed, k=" + k);
3321
- }
3322
- return { k1neg, k1, k2neg, k2 };
3323
- }
3324
- function truncateHash(hash) {
3325
- const { n } = CURVE;
3326
- const byteLength = hash.length;
3327
- const delta = byteLength * 8 - 256;
3328
- let h = bytesToNumber(hash);
3329
- if (delta > 0)
3330
- h = h >> BigInt(delta);
3331
- if (h >= n)
3332
- h -= n;
3333
- return h;
3334
- }
3335
- var _sha256Sync;
3336
- var _hmacSha256Sync;
3337
- var HmacDrbg = class {
3338
- constructor() {
3339
- this.v = new Uint8Array(32).fill(1);
3340
- this.k = new Uint8Array(32).fill(0);
3341
- this.counter = 0;
3342
- }
3343
- hmac(...values) {
3344
- return utils.hmacSha256(this.k, ...values);
3345
- }
3346
- hmacSync(...values) {
3347
- return _hmacSha256Sync(this.k, ...values);
3348
- }
3349
- checkSync() {
3350
- if (typeof _hmacSha256Sync !== "function")
3351
- throw new ShaError("hmacSha256Sync needs to be set");
3352
- }
3353
- incr() {
3354
- if (this.counter >= 1e3)
3355
- throw new Error("Tried 1,000 k values for sign(), all were invalid");
3356
- this.counter += 1;
3357
- }
3358
- async reseed(seed = new Uint8Array()) {
3359
- this.k = await this.hmac(this.v, Uint8Array.from([0]), seed);
3360
- this.v = await this.hmac(this.v);
3361
- if (seed.length === 0)
3362
- return;
3363
- this.k = await this.hmac(this.v, Uint8Array.from([1]), seed);
3364
- this.v = await this.hmac(this.v);
3365
- }
3366
- reseedSync(seed = new Uint8Array()) {
3367
- this.checkSync();
3368
- this.k = this.hmacSync(this.v, Uint8Array.from([0]), seed);
3369
- this.v = this.hmacSync(this.v);
3370
- if (seed.length === 0)
3371
- return;
3372
- this.k = this.hmacSync(this.v, Uint8Array.from([1]), seed);
3373
- this.v = this.hmacSync(this.v);
1635
+ function tonelliShanks(P) {
1636
+ const legendreC = (P - _1n2) / _2n2;
1637
+ let Q, S, Z;
1638
+ for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
1639
+ ;
1640
+ for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++)
1641
+ ;
1642
+ if (S === 1) {
1643
+ const p1div4 = (P + _1n2) / _4n;
1644
+ return function tonelliFast(Fp3, n) {
1645
+ const root = Fp3.pow(n, p1div4);
1646
+ if (!Fp3.eql(Fp3.sqr(root), n))
1647
+ throw new Error("Cannot find square root");
1648
+ return root;
1649
+ };
3374
1650
  }
3375
- async generate() {
3376
- this.incr();
3377
- this.v = await this.hmac(this.v);
3378
- return this.v;
1651
+ const Q1div2 = (Q + _1n2) / _2n2;
1652
+ return function tonelliSlow(Fp3, n) {
1653
+ if (Fp3.pow(n, legendreC) === Fp3.neg(Fp3.ONE))
1654
+ throw new Error("Cannot find square root");
1655
+ let r = S;
1656
+ let g = Fp3.pow(Fp3.mul(Fp3.ONE, Z), Q);
1657
+ let x = Fp3.pow(n, Q1div2);
1658
+ let b = Fp3.pow(n, Q);
1659
+ while (!Fp3.eql(b, Fp3.ONE)) {
1660
+ if (Fp3.eql(b, Fp3.ZERO))
1661
+ return Fp3.ZERO;
1662
+ let m = 1;
1663
+ for (let t2 = Fp3.sqr(b); m < r; m++) {
1664
+ if (Fp3.eql(t2, Fp3.ONE))
1665
+ break;
1666
+ t2 = Fp3.sqr(t2);
1667
+ }
1668
+ const ge = Fp3.pow(g, _1n2 << BigInt(r - m - 1));
1669
+ g = Fp3.sqr(ge);
1670
+ x = Fp3.mul(x, ge);
1671
+ b = Fp3.mul(b, g);
1672
+ r = m;
1673
+ }
1674
+ return x;
1675
+ };
1676
+ }
1677
+ function FpSqrt(P) {
1678
+ if (P % _4n === _3n) {
1679
+ const p1div4 = (P + _1n2) / _4n;
1680
+ return function sqrt3mod4(Fp3, n) {
1681
+ const root = Fp3.pow(n, p1div4);
1682
+ if (!Fp3.eql(Fp3.sqr(root), n))
1683
+ throw new Error("Cannot find square root");
1684
+ return root;
1685
+ };
3379
1686
  }
3380
- generateSync() {
3381
- this.checkSync();
3382
- this.incr();
3383
- this.v = this.hmacSync(this.v);
3384
- return this.v;
1687
+ if (P % _8n === _5n) {
1688
+ const c1 = (P - _5n) / _8n;
1689
+ return function sqrt5mod8(Fp3, n) {
1690
+ const n2 = Fp3.mul(n, _2n2);
1691
+ const v = Fp3.pow(n2, c1);
1692
+ const nv = Fp3.mul(n, v);
1693
+ const i = Fp3.mul(Fp3.mul(nv, _2n2), v);
1694
+ const root = Fp3.mul(nv, Fp3.sub(i, Fp3.ONE));
1695
+ if (!Fp3.eql(Fp3.sqr(root), n))
1696
+ throw new Error("Cannot find square root");
1697
+ return root;
1698
+ };
3385
1699
  }
3386
- };
3387
- function isWithinCurveOrder(num) {
3388
- return _0n < num && num < CURVE.n;
3389
- }
3390
- function isValidFieldElement(num) {
3391
- return _0n < num && num < CURVE.P;
3392
- }
3393
- function kmdToSig(kBytes, m, d) {
3394
- const k = bytesToNumber(kBytes);
3395
- if (!isWithinCurveOrder(k))
3396
- return;
3397
- const { n } = CURVE;
3398
- const q = Point.BASE.multiply(k);
3399
- const r = mod(q.x, n);
3400
- if (r === _0n)
3401
- return;
3402
- const s = mod(invert(k, n) * mod(m + d * r, n), n);
3403
- if (s === _0n)
3404
- return;
3405
- const sig = new Signature(r, s);
3406
- const recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
3407
- return { sig, recovery };
3408
- }
3409
- function normalizePrivateKey(key) {
3410
- let num;
3411
- if (typeof key === "bigint") {
3412
- num = key;
3413
- } else if (typeof key === "number" && Number.isSafeInteger(key) && key > 0) {
3414
- num = BigInt(key);
3415
- } else if (typeof key === "string") {
3416
- if (key.length !== 64)
3417
- throw new Error("Expected 32 bytes of private key");
3418
- num = hexToNumber(key);
3419
- } else if (key instanceof Uint8Array) {
3420
- if (key.length !== 32)
3421
- throw new Error("Expected 32 bytes of private key");
3422
- num = bytesToNumber(key);
3423
- } else {
3424
- throw new TypeError("Expected valid private key");
1700
+ if (P % _16n === _9n) {
3425
1701
  }
3426
- if (!isWithinCurveOrder(num))
3427
- throw new Error("Expected private key: 0 < key < n");
3428
- return num;
1702
+ return tonelliShanks(P);
3429
1703
  }
3430
- function normalizePublicKey(publicKey) {
3431
- if (publicKey instanceof Point) {
3432
- publicKey.assertValidity();
3433
- return publicKey;
3434
- } else {
3435
- return Point.fromHex(publicKey);
3436
- }
1704
+ var FIELD_FIELDS = [
1705
+ "create",
1706
+ "isValid",
1707
+ "is0",
1708
+ "neg",
1709
+ "inv",
1710
+ "sqrt",
1711
+ "sqr",
1712
+ "eql",
1713
+ "add",
1714
+ "sub",
1715
+ "mul",
1716
+ "pow",
1717
+ "div",
1718
+ "addN",
1719
+ "subN",
1720
+ "mulN",
1721
+ "sqrN"
1722
+ ];
1723
+ function validateField(field) {
1724
+ const initial = {
1725
+ ORDER: "bigint",
1726
+ MASK: "bigint",
1727
+ BYTES: "isSafeInteger",
1728
+ BITS: "isSafeInteger"
1729
+ };
1730
+ const opts = FIELD_FIELDS.reduce((map, val) => {
1731
+ map[val] = "function";
1732
+ return map;
1733
+ }, initial);
1734
+ return validateObject(field, opts);
3437
1735
  }
3438
- function normalizeSignature(signature) {
3439
- if (signature instanceof Signature) {
3440
- signature.assertValidity();
3441
- return signature;
3442
- }
3443
- try {
3444
- return Signature.fromDER(signature);
3445
- } catch (error) {
3446
- return Signature.fromCompact(signature);
1736
+ function FpPow(f, num, power) {
1737
+ if (power < _0n2)
1738
+ throw new Error("Expected power > 0");
1739
+ if (power === _0n2)
1740
+ return f.ONE;
1741
+ if (power === _1n2)
1742
+ return num;
1743
+ let p = f.ONE;
1744
+ let d = num;
1745
+ while (power > _0n2) {
1746
+ if (power & _1n2)
1747
+ p = f.mul(p, d);
1748
+ d = f.sqr(d);
1749
+ power >>= _1n2;
3447
1750
  }
1751
+ return p;
3448
1752
  }
3449
- function getPublicKey(privateKey, isCompressed = false) {
3450
- return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);
3451
- }
3452
- function bits2int(bytes) {
3453
- const slice = bytes.length > 32 ? bytes.slice(0, 32) : bytes;
3454
- return bytesToNumber(slice);
1753
+ function FpInvertBatch(f, nums) {
1754
+ const tmp = new Array(nums.length);
1755
+ const lastMultiplied = nums.reduce((acc, num, i) => {
1756
+ if (f.is0(num))
1757
+ return acc;
1758
+ tmp[i] = acc;
1759
+ return f.mul(acc, num);
1760
+ }, f.ONE);
1761
+ const inverted = f.inv(lastMultiplied);
1762
+ nums.reduceRight((acc, num, i) => {
1763
+ if (f.is0(num))
1764
+ return acc;
1765
+ tmp[i] = f.mul(acc, tmp[i]);
1766
+ return f.mul(acc, num);
1767
+ }, inverted);
1768
+ return tmp;
3455
1769
  }
3456
- function bits2octets(bytes) {
3457
- const z1 = bits2int(bytes);
3458
- const z2 = mod(z1, CURVE.n);
3459
- return int2octets(z2 < _0n ? z1 : z2);
1770
+ function nLength(n, nBitLength) {
1771
+ const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
1772
+ const nByteLength = Math.ceil(_nBitLength / 8);
1773
+ return { nBitLength: _nBitLength, nByteLength };
3460
1774
  }
3461
- function int2octets(num) {
3462
- return numTo32b(num);
1775
+ function Field(ORDER, bitLen2, isLE2 = false, redef = {}) {
1776
+ if (ORDER <= _0n2)
1777
+ throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);
1778
+ const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
1779
+ if (BYTES > 2048)
1780
+ throw new Error("Field lengths over 2048 bytes are not supported");
1781
+ const sqrtP = FpSqrt(ORDER);
1782
+ const f = Object.freeze({
1783
+ ORDER,
1784
+ BITS,
1785
+ BYTES,
1786
+ MASK: bitMask(BITS),
1787
+ ZERO: _0n2,
1788
+ ONE: _1n2,
1789
+ create: (num) => mod(num, ORDER),
1790
+ isValid: (num) => {
1791
+ if (typeof num !== "bigint")
1792
+ throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
1793
+ return _0n2 <= num && num < ORDER;
1794
+ },
1795
+ is0: (num) => num === _0n2,
1796
+ isOdd: (num) => (num & _1n2) === _1n2,
1797
+ neg: (num) => mod(-num, ORDER),
1798
+ eql: (lhs, rhs) => lhs === rhs,
1799
+ sqr: (num) => mod(num * num, ORDER),
1800
+ add: (lhs, rhs) => mod(lhs + rhs, ORDER),
1801
+ sub: (lhs, rhs) => mod(lhs - rhs, ORDER),
1802
+ mul: (lhs, rhs) => mod(lhs * rhs, ORDER),
1803
+ pow: (num, power) => FpPow(f, num, power),
1804
+ div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),
1805
+ sqrN: (num) => num * num,
1806
+ addN: (lhs, rhs) => lhs + rhs,
1807
+ subN: (lhs, rhs) => lhs - rhs,
1808
+ mulN: (lhs, rhs) => lhs * rhs,
1809
+ inv: (num) => invert(num, ORDER),
1810
+ sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
1811
+ invertBatch: (lst) => FpInvertBatch(f, lst),
1812
+ cmov: (a, b, c) => c ? b : a,
1813
+ toBytes: (num) => isLE2 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES),
1814
+ fromBytes: (bytes2) => {
1815
+ if (bytes2.length !== BYTES)
1816
+ throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes2.length}`);
1817
+ return isLE2 ? bytesToNumberLE(bytes2) : bytesToNumberBE(bytes2);
1818
+ }
1819
+ });
1820
+ return Object.freeze(f);
3463
1821
  }
3464
- function initSigArgs(msgHash, privateKey, extraEntropy) {
3465
- if (msgHash == null)
3466
- throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
3467
- const h1 = ensureBytes(msgHash);
3468
- const d = normalizePrivateKey(privateKey);
3469
- const seedArgs = [int2octets(d), bits2octets(h1)];
3470
- if (extraEntropy != null) {
3471
- if (extraEntropy === true)
3472
- extraEntropy = utils.randomBytes(32);
3473
- const e = ensureBytes(extraEntropy);
3474
- if (e.length !== 32)
3475
- throw new Error("sign: Expected 32 bytes of extra data");
3476
- seedArgs.push(e);
3477
- }
3478
- const seed = concatBytes(...seedArgs);
3479
- const m = bits2int(h1);
3480
- return { seed, m, d };
1822
+ function hashToPrivateScalar(hash2, groupOrder, isLE2 = false) {
1823
+ hash2 = ensureBytes("privateHash", hash2);
1824
+ const hashLen = hash2.length;
1825
+ const minLen = nLength(groupOrder).nByteLength + 8;
1826
+ if (minLen < 24 || hashLen < minLen || hashLen > 1024)
1827
+ throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);
1828
+ const num = isLE2 ? bytesToNumberLE(hash2) : bytesToNumberBE(hash2);
1829
+ return mod(num, groupOrder - _1n2) + _1n2;
3481
1830
  }
3482
- function finalizeSig(recSig, opts) {
3483
- let { sig, recovery } = recSig;
3484
- const { canonical, der, recovered } = Object.assign({ canonical: true, der: true }, opts);
3485
- if (canonical && sig.hasHighS()) {
3486
- sig = sig.normalizeS();
3487
- recovery ^= 1;
3488
- }
3489
- const hashed = der ? sig.toDERRawBytes() : sig.toCompactRawBytes();
3490
- return recovered ? [hashed, recovery] : hashed;
1831
+
1832
+ // ../../node_modules/@noble/curves/esm/abstract/curve.js
1833
+ var _0n3 = BigInt(0);
1834
+ var _1n3 = BigInt(1);
1835
+ function wNAF(c, bits) {
1836
+ const constTimeNegate = (condition, item) => {
1837
+ const neg = item.negate();
1838
+ return condition ? neg : item;
1839
+ };
1840
+ const opts = (W) => {
1841
+ const windows = Math.ceil(bits / W) + 1;
1842
+ const windowSize = 2 ** (W - 1);
1843
+ return { windows, windowSize };
1844
+ };
1845
+ return {
1846
+ constTimeNegate,
1847
+ unsafeLadder(elm, n) {
1848
+ let p = c.ZERO;
1849
+ let d = elm;
1850
+ while (n > _0n3) {
1851
+ if (n & _1n3)
1852
+ p = p.add(d);
1853
+ d = d.double();
1854
+ n >>= _1n3;
1855
+ }
1856
+ return p;
1857
+ },
1858
+ precomputeWindow(elm, W) {
1859
+ const { windows, windowSize } = opts(W);
1860
+ const points = [];
1861
+ let p = elm;
1862
+ let base3 = p;
1863
+ for (let window = 0; window < windows; window++) {
1864
+ base3 = p;
1865
+ points.push(base3);
1866
+ for (let i = 1; i < windowSize; i++) {
1867
+ base3 = base3.add(p);
1868
+ points.push(base3);
1869
+ }
1870
+ p = base3.double();
1871
+ }
1872
+ return points;
1873
+ },
1874
+ wNAF(W, precomputes, n) {
1875
+ const { windows, windowSize } = opts(W);
1876
+ let p = c.ZERO;
1877
+ let f = c.BASE;
1878
+ const mask = BigInt(2 ** W - 1);
1879
+ const maxNumber = 2 ** W;
1880
+ const shiftBy = BigInt(W);
1881
+ for (let window = 0; window < windows; window++) {
1882
+ const offset = window * windowSize;
1883
+ let wbits = Number(n & mask);
1884
+ n >>= shiftBy;
1885
+ if (wbits > windowSize) {
1886
+ wbits -= maxNumber;
1887
+ n += _1n3;
1888
+ }
1889
+ const offset1 = offset;
1890
+ const offset2 = offset + Math.abs(wbits) - 1;
1891
+ const cond1 = window % 2 !== 0;
1892
+ const cond2 = wbits < 0;
1893
+ if (wbits === 0) {
1894
+ f = f.add(constTimeNegate(cond1, precomputes[offset1]));
1895
+ } else {
1896
+ p = p.add(constTimeNegate(cond2, precomputes[offset2]));
1897
+ }
1898
+ }
1899
+ return { p, f };
1900
+ },
1901
+ wNAFCached(P, precomputesMap, n, transform) {
1902
+ const W = P._WINDOW_SIZE || 1;
1903
+ let comp = precomputesMap.get(P);
1904
+ if (!comp) {
1905
+ comp = this.precomputeWindow(P, W);
1906
+ if (W !== 1) {
1907
+ precomputesMap.set(P, transform(comp));
1908
+ }
1909
+ }
1910
+ return this.wNAF(W, comp, n);
1911
+ }
1912
+ };
3491
1913
  }
3492
- async function sign(msgHash, privKey, opts = {}) {
3493
- const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
3494
- let sig;
3495
- const drbg = new HmacDrbg();
3496
- await drbg.reseed(seed);
3497
- while (!(sig = kmdToSig(await drbg.generate(), m, d)))
3498
- await drbg.reseed();
3499
- return finalizeSig(sig, opts);
1914
+ function validateBasic(curve) {
1915
+ validateField(curve.Fp);
1916
+ validateObject(curve, {
1917
+ n: "bigint",
1918
+ h: "bigint",
1919
+ Gx: "field",
1920
+ Gy: "field"
1921
+ }, {
1922
+ nBitLength: "isSafeInteger",
1923
+ nByteLength: "isSafeInteger"
1924
+ });
1925
+ return Object.freeze({
1926
+ ...nLength(curve.n, curve.nBitLength),
1927
+ ...curve,
1928
+ ...{ p: curve.Fp.ORDER }
1929
+ });
3500
1930
  }
3501
- var vopts = { strict: true };
3502
- function verify(signature, msgHash, publicKey, opts = vopts) {
3503
- let sig;
3504
- try {
3505
- sig = normalizeSignature(signature);
3506
- msgHash = ensureBytes(msgHash);
3507
- } catch (error) {
3508
- return false;
3509
- }
3510
- const { r, s } = sig;
3511
- if (opts.strict && sig.hasHighS())
3512
- return false;
3513
- const h = truncateHash(msgHash);
3514
- let P;
3515
- try {
3516
- P = normalizePublicKey(publicKey);
3517
- } catch (error) {
3518
- return false;
1931
+
1932
+ // ../../node_modules/@noble/curves/esm/abstract/weierstrass.js
1933
+ function validatePointOpts(curve) {
1934
+ const opts = validateBasic(curve);
1935
+ validateObject(opts, {
1936
+ a: "field",
1937
+ b: "field"
1938
+ }, {
1939
+ allowedPrivateKeyLengths: "array",
1940
+ wrapPrivateKey: "boolean",
1941
+ isTorsionFree: "function",
1942
+ clearCofactor: "function",
1943
+ allowInfinityPoint: "boolean",
1944
+ fromBytes: "function",
1945
+ toBytes: "function"
1946
+ });
1947
+ const { endo, Fp: Fp3, a } = opts;
1948
+ if (endo) {
1949
+ if (!Fp3.eql(a, Fp3.ZERO)) {
1950
+ throw new Error("Endomorphism can only be defined for Koblitz curves that have a=0");
1951
+ }
1952
+ if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
1953
+ throw new Error("Expected endomorphism with beta: bigint and splitScalar: function");
1954
+ }
3519
1955
  }
3520
- const { n } = CURVE;
3521
- const sinv = invert(s, n);
3522
- const u1 = mod(h * sinv, n);
3523
- const u2 = mod(r * sinv, n);
3524
- const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
3525
- if (!R)
3526
- return false;
3527
- const v = mod(R.x, n);
3528
- return v === r;
1956
+ return Object.freeze({ ...opts });
3529
1957
  }
3530
- Point.BASE._setWindowSize(8);
3531
- var crypto3 = {
3532
- node: nodeCrypto,
3533
- web: typeof self === "object" && "crypto" in self ? self.crypto : void 0
3534
- };
3535
- var TAGGED_HASH_PREFIXES = {};
3536
- var utils = {
3537
- bytesToHex,
3538
- hexToBytes,
3539
- concatBytes,
3540
- mod,
3541
- invert,
3542
- isValidPrivateKey(privateKey) {
3543
- try {
3544
- normalizePrivateKey(privateKey);
3545
- return true;
3546
- } catch (error) {
3547
- return false;
1958
+ var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
1959
+ var DER = {
1960
+ Err: class DERErr extends Error {
1961
+ constructor(m = "") {
1962
+ super(m);
3548
1963
  }
3549
1964
  },
3550
- _bigintTo32Bytes: numTo32b,
3551
- _normalizePrivateKey: normalizePrivateKey,
3552
- hashToPrivateKey: (hash) => {
3553
- hash = ensureBytes(hash);
3554
- if (hash.length < 40 || hash.length > 1024)
3555
- throw new Error("Expected 40-1024 bytes of private key as per FIPS 186");
3556
- const num = mod(bytesToNumber(hash), CURVE.n - _1n) + _1n;
3557
- return numTo32b(num);
3558
- },
3559
- randomBytes: (bytesLength = 32) => {
3560
- if (crypto3.web) {
3561
- return crypto3.web.getRandomValues(new Uint8Array(bytesLength));
3562
- } else if (crypto3.node) {
3563
- const { randomBytes: randomBytes2 } = crypto3.node;
3564
- return Uint8Array.from(randomBytes2(bytesLength));
3565
- } else {
3566
- throw new Error("The environment doesn't have randomBytes function");
3567
- }
1965
+ _parseInt(data) {
1966
+ const { Err: E } = DER;
1967
+ if (data.length < 2 || data[0] !== 2)
1968
+ throw new E("Invalid signature integer tag");
1969
+ const len = data[1];
1970
+ const res = data.subarray(2, len + 2);
1971
+ if (!len || res.length !== len)
1972
+ throw new E("Invalid signature integer: wrong length");
1973
+ if (res[0] & 128)
1974
+ throw new E("Invalid signature integer: negative");
1975
+ if (res[0] === 0 && !(res[1] & 128))
1976
+ throw new E("Invalid signature integer: unnecessary leading zero");
1977
+ return { d: b2n(res), l: data.subarray(len + 2) };
3568
1978
  },
3569
- randomPrivateKey: () => {
3570
- return utils.hashToPrivateKey(utils.randomBytes(40));
1979
+ toSig(hex) {
1980
+ const { Err: E } = DER;
1981
+ const data = typeof hex === "string" ? h2b(hex) : hex;
1982
+ if (!(data instanceof Uint8Array))
1983
+ throw new Error("ui8a expected");
1984
+ let l = data.length;
1985
+ if (l < 2 || data[0] != 48)
1986
+ throw new E("Invalid signature tag");
1987
+ if (data[1] !== l - 2)
1988
+ throw new E("Invalid signature: incorrect length");
1989
+ const { d: r, l: sBytes } = DER._parseInt(data.subarray(2));
1990
+ const { d: s, l: rBytesLeft } = DER._parseInt(sBytes);
1991
+ if (rBytesLeft.length)
1992
+ throw new E("Invalid signature: left bytes after parsing");
1993
+ return { r, s };
3571
1994
  },
3572
- sha256: async (...messages) => {
3573
- if (crypto3.web) {
3574
- const buffer = await crypto3.web.subtle.digest("SHA-256", concatBytes(...messages));
3575
- return new Uint8Array(buffer);
3576
- } else if (crypto3.node) {
3577
- const { createHash } = crypto3.node;
3578
- const hash = createHash("sha256");
3579
- messages.forEach((m) => hash.update(m));
3580
- return Uint8Array.from(hash.digest());
3581
- } else {
3582
- throw new Error("The environment doesn't have sha256 function");
1995
+ hexFromSig(sig) {
1996
+ const slice = (s2) => Number.parseInt(s2[0], 16) & 8 ? "00" + s2 : s2;
1997
+ const h = (num) => {
1998
+ const hex = num.toString(16);
1999
+ return hex.length & 1 ? `0${hex}` : hex;
2000
+ };
2001
+ const s = slice(h(sig.s));
2002
+ const r = slice(h(sig.r));
2003
+ const shl = s.length / 2;
2004
+ const rhl = r.length / 2;
2005
+ const sl = h(shl);
2006
+ const rl = h(rhl);
2007
+ return `30${h(rhl + shl + 4)}02${rl}${r}02${sl}${s}`;
2008
+ }
2009
+ };
2010
+ var _0n4 = BigInt(0);
2011
+ var _1n4 = BigInt(1);
2012
+ var _2n3 = BigInt(2);
2013
+ var _3n2 = BigInt(3);
2014
+ var _4n2 = BigInt(4);
2015
+ function weierstrassPoints(opts) {
2016
+ const CURVE = validatePointOpts(opts);
2017
+ const { Fp: Fp3 } = CURVE;
2018
+ const toBytes2 = CURVE.toBytes || ((c, point, isCompressed) => {
2019
+ const a = point.toAffine();
2020
+ return concatBytes2(Uint8Array.from([4]), Fp3.toBytes(a.x), Fp3.toBytes(a.y));
2021
+ });
2022
+ const fromBytes = CURVE.fromBytes || ((bytes2) => {
2023
+ const tail = bytes2.subarray(1);
2024
+ const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
2025
+ const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
2026
+ return { x, y };
2027
+ });
2028
+ function weierstrassEquation(x) {
2029
+ const { a, b } = CURVE;
2030
+ const x2 = Fp3.sqr(x);
2031
+ const x3 = Fp3.mul(x2, x);
2032
+ return Fp3.add(Fp3.add(x3, Fp3.mul(x, a)), b);
2033
+ }
2034
+ if (!Fp3.eql(Fp3.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
2035
+ throw new Error("bad generator point: equation left != right");
2036
+ function isWithinCurveOrder(num) {
2037
+ return typeof num === "bigint" && _0n4 < num && num < CURVE.n;
2038
+ }
2039
+ function assertGE(num) {
2040
+ if (!isWithinCurveOrder(num))
2041
+ throw new Error("Expected valid bigint: 0 < bigint < curve.n");
2042
+ }
2043
+ function normPrivateKeyToScalar(key) {
2044
+ const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
2045
+ if (lengths && typeof key !== "bigint") {
2046
+ if (key instanceof Uint8Array)
2047
+ key = bytesToHex(key);
2048
+ if (typeof key !== "string" || !lengths.includes(key.length))
2049
+ throw new Error("Invalid key");
2050
+ key = key.padStart(nByteLength * 2, "0");
2051
+ }
2052
+ let num;
2053
+ try {
2054
+ num = typeof key === "bigint" ? key : bytesToNumberBE(ensureBytes("private key", key, nByteLength));
2055
+ } catch (error) {
2056
+ throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
3583
2057
  }
3584
- },
3585
- hmacSha256: async (key, ...messages) => {
3586
- if (crypto3.web) {
3587
- const ckey = await crypto3.web.subtle.importKey("raw", key, { name: "HMAC", hash: { name: "SHA-256" } }, false, ["sign"]);
3588
- const message = concatBytes(...messages);
3589
- const buffer = await crypto3.web.subtle.sign("HMAC", ckey, message);
3590
- return new Uint8Array(buffer);
3591
- } else if (crypto3.node) {
3592
- const { createHmac } = crypto3.node;
3593
- const hash = createHmac("sha256", key);
3594
- messages.forEach((m) => hash.update(m));
3595
- return Uint8Array.from(hash.digest());
3596
- } else {
3597
- throw new Error("The environment doesn't have hmac-sha256 function");
2058
+ if (wrapPrivateKey)
2059
+ num = mod(num, n);
2060
+ assertGE(num);
2061
+ return num;
2062
+ }
2063
+ const pointPrecomputes = /* @__PURE__ */ new Map();
2064
+ function assertPrjPoint(other) {
2065
+ if (!(other instanceof Point2))
2066
+ throw new Error("ProjectivePoint expected");
2067
+ }
2068
+ class Point2 {
2069
+ constructor(px, py, pz) {
2070
+ this.px = px;
2071
+ this.py = py;
2072
+ this.pz = pz;
2073
+ if (px == null || !Fp3.isValid(px))
2074
+ throw new Error("x required");
2075
+ if (py == null || !Fp3.isValid(py))
2076
+ throw new Error("y required");
2077
+ if (pz == null || !Fp3.isValid(pz))
2078
+ throw new Error("z required");
2079
+ }
2080
+ static fromAffine(p) {
2081
+ const { x, y } = p || {};
2082
+ if (!p || !Fp3.isValid(x) || !Fp3.isValid(y))
2083
+ throw new Error("invalid affine point");
2084
+ if (p instanceof Point2)
2085
+ throw new Error("projective point not allowed");
2086
+ const is0 = (i) => Fp3.eql(i, Fp3.ZERO);
2087
+ if (is0(x) && is0(y))
2088
+ return Point2.ZERO;
2089
+ return new Point2(x, y, Fp3.ONE);
2090
+ }
2091
+ get x() {
2092
+ return this.toAffine().x;
2093
+ }
2094
+ get y() {
2095
+ return this.toAffine().y;
2096
+ }
2097
+ static normalizeZ(points) {
2098
+ const toInv = Fp3.invertBatch(points.map((p) => p.pz));
2099
+ return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
2100
+ }
2101
+ static fromHex(hex) {
2102
+ const P = Point2.fromAffine(fromBytes(ensureBytes("pointHex", hex)));
2103
+ P.assertValidity();
2104
+ return P;
2105
+ }
2106
+ static fromPrivateKey(privateKey) {
2107
+ return Point2.BASE.multiply(normPrivateKeyToScalar(privateKey));
2108
+ }
2109
+ _setWindowSize(windowSize) {
2110
+ this._WINDOW_SIZE = windowSize;
2111
+ pointPrecomputes.delete(this);
2112
+ }
2113
+ assertValidity() {
2114
+ if (this.is0()) {
2115
+ if (CURVE.allowInfinityPoint)
2116
+ return;
2117
+ throw new Error("bad point: ZERO");
2118
+ }
2119
+ const { x, y } = this.toAffine();
2120
+ if (!Fp3.isValid(x) || !Fp3.isValid(y))
2121
+ throw new Error("bad point: x or y not FE");
2122
+ const left = Fp3.sqr(y);
2123
+ const right = weierstrassEquation(x);
2124
+ if (!Fp3.eql(left, right))
2125
+ throw new Error("bad point: equation left != right");
2126
+ if (!this.isTorsionFree())
2127
+ throw new Error("bad point: not in prime-order subgroup");
2128
+ }
2129
+ hasEvenY() {
2130
+ const { y } = this.toAffine();
2131
+ if (Fp3.isOdd)
2132
+ return !Fp3.isOdd(y);
2133
+ throw new Error("Field doesn't support isOdd");
2134
+ }
2135
+ equals(other) {
2136
+ assertPrjPoint(other);
2137
+ const { px: X1, py: Y1, pz: Z1 } = this;
2138
+ const { px: X2, py: Y2, pz: Z2 } = other;
2139
+ const U1 = Fp3.eql(Fp3.mul(X1, Z2), Fp3.mul(X2, Z1));
2140
+ const U2 = Fp3.eql(Fp3.mul(Y1, Z2), Fp3.mul(Y2, Z1));
2141
+ return U1 && U2;
2142
+ }
2143
+ negate() {
2144
+ return new Point2(this.px, Fp3.neg(this.py), this.pz);
2145
+ }
2146
+ double() {
2147
+ const { a, b } = CURVE;
2148
+ const b3 = Fp3.mul(b, _3n2);
2149
+ const { px: X1, py: Y1, pz: Z1 } = this;
2150
+ let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
2151
+ let t0 = Fp3.mul(X1, X1);
2152
+ let t1 = Fp3.mul(Y1, Y1);
2153
+ let t2 = Fp3.mul(Z1, Z1);
2154
+ let t3 = Fp3.mul(X1, Y1);
2155
+ t3 = Fp3.add(t3, t3);
2156
+ Z3 = Fp3.mul(X1, Z1);
2157
+ Z3 = Fp3.add(Z3, Z3);
2158
+ X3 = Fp3.mul(a, Z3);
2159
+ Y3 = Fp3.mul(b3, t2);
2160
+ Y3 = Fp3.add(X3, Y3);
2161
+ X3 = Fp3.sub(t1, Y3);
2162
+ Y3 = Fp3.add(t1, Y3);
2163
+ Y3 = Fp3.mul(X3, Y3);
2164
+ X3 = Fp3.mul(t3, X3);
2165
+ Z3 = Fp3.mul(b3, Z3);
2166
+ t2 = Fp3.mul(a, t2);
2167
+ t3 = Fp3.sub(t0, t2);
2168
+ t3 = Fp3.mul(a, t3);
2169
+ t3 = Fp3.add(t3, Z3);
2170
+ Z3 = Fp3.add(t0, t0);
2171
+ t0 = Fp3.add(Z3, t0);
2172
+ t0 = Fp3.add(t0, t2);
2173
+ t0 = Fp3.mul(t0, t3);
2174
+ Y3 = Fp3.add(Y3, t0);
2175
+ t2 = Fp3.mul(Y1, Z1);
2176
+ t2 = Fp3.add(t2, t2);
2177
+ t0 = Fp3.mul(t2, t3);
2178
+ X3 = Fp3.sub(X3, t0);
2179
+ Z3 = Fp3.mul(t2, t1);
2180
+ Z3 = Fp3.add(Z3, Z3);
2181
+ Z3 = Fp3.add(Z3, Z3);
2182
+ return new Point2(X3, Y3, Z3);
2183
+ }
2184
+ add(other) {
2185
+ assertPrjPoint(other);
2186
+ const { px: X1, py: Y1, pz: Z1 } = this;
2187
+ const { px: X2, py: Y2, pz: Z2 } = other;
2188
+ let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
2189
+ const a = CURVE.a;
2190
+ const b3 = Fp3.mul(CURVE.b, _3n2);
2191
+ let t0 = Fp3.mul(X1, X2);
2192
+ let t1 = Fp3.mul(Y1, Y2);
2193
+ let t2 = Fp3.mul(Z1, Z2);
2194
+ let t3 = Fp3.add(X1, Y1);
2195
+ let t4 = Fp3.add(X2, Y2);
2196
+ t3 = Fp3.mul(t3, t4);
2197
+ t4 = Fp3.add(t0, t1);
2198
+ t3 = Fp3.sub(t3, t4);
2199
+ t4 = Fp3.add(X1, Z1);
2200
+ let t5 = Fp3.add(X2, Z2);
2201
+ t4 = Fp3.mul(t4, t5);
2202
+ t5 = Fp3.add(t0, t2);
2203
+ t4 = Fp3.sub(t4, t5);
2204
+ t5 = Fp3.add(Y1, Z1);
2205
+ X3 = Fp3.add(Y2, Z2);
2206
+ t5 = Fp3.mul(t5, X3);
2207
+ X3 = Fp3.add(t1, t2);
2208
+ t5 = Fp3.sub(t5, X3);
2209
+ Z3 = Fp3.mul(a, t4);
2210
+ X3 = Fp3.mul(b3, t2);
2211
+ Z3 = Fp3.add(X3, Z3);
2212
+ X3 = Fp3.sub(t1, Z3);
2213
+ Z3 = Fp3.add(t1, Z3);
2214
+ Y3 = Fp3.mul(X3, Z3);
2215
+ t1 = Fp3.add(t0, t0);
2216
+ t1 = Fp3.add(t1, t0);
2217
+ t2 = Fp3.mul(a, t2);
2218
+ t4 = Fp3.mul(b3, t4);
2219
+ t1 = Fp3.add(t1, t2);
2220
+ t2 = Fp3.sub(t0, t2);
2221
+ t2 = Fp3.mul(a, t2);
2222
+ t4 = Fp3.add(t4, t2);
2223
+ t0 = Fp3.mul(t1, t4);
2224
+ Y3 = Fp3.add(Y3, t0);
2225
+ t0 = Fp3.mul(t5, t4);
2226
+ X3 = Fp3.mul(t3, X3);
2227
+ X3 = Fp3.sub(X3, t0);
2228
+ t0 = Fp3.mul(t3, t1);
2229
+ Z3 = Fp3.mul(t5, Z3);
2230
+ Z3 = Fp3.add(Z3, t0);
2231
+ return new Point2(X3, Y3, Z3);
2232
+ }
2233
+ subtract(other) {
2234
+ return this.add(other.negate());
2235
+ }
2236
+ is0() {
2237
+ return this.equals(Point2.ZERO);
2238
+ }
2239
+ wNAF(n) {
2240
+ return wnaf.wNAFCached(this, pointPrecomputes, n, (comp) => {
2241
+ const toInv = Fp3.invertBatch(comp.map((p) => p.pz));
2242
+ return comp.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
2243
+ });
3598
2244
  }
3599
- },
3600
- sha256Sync: void 0,
3601
- hmacSha256Sync: void 0,
3602
- taggedHash: async (tag, ...messages) => {
3603
- let tagP = TAGGED_HASH_PREFIXES[tag];
3604
- if (tagP === void 0) {
3605
- const tagH = await utils.sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
3606
- tagP = concatBytes(tagH, tagH);
3607
- TAGGED_HASH_PREFIXES[tag] = tagP;
3608
- }
3609
- return utils.sha256(tagP, ...messages);
3610
- },
3611
- taggedHashSync: (tag, ...messages) => {
3612
- if (typeof _sha256Sync !== "function")
3613
- throw new ShaError("sha256Sync is undefined, you need to set it");
3614
- let tagP = TAGGED_HASH_PREFIXES[tag];
3615
- if (tagP === void 0) {
3616
- const tagH = _sha256Sync(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
3617
- tagP = concatBytes(tagH, tagH);
3618
- TAGGED_HASH_PREFIXES[tag] = tagP;
3619
- }
3620
- return _sha256Sync(tagP, ...messages);
3621
- },
3622
- precompute(windowSize = 8, point = Point.BASE) {
3623
- const cached = point === Point.BASE ? point : new Point(point.x, point.y);
3624
- cached._setWindowSize(windowSize);
3625
- cached.multiply(_3n);
3626
- return cached;
3627
- }
3628
- };
3629
- Object.defineProperties(utils, {
3630
- sha256Sync: {
3631
- configurable: false,
3632
- get() {
3633
- return _sha256Sync;
2245
+ multiplyUnsafe(n) {
2246
+ const I = Point2.ZERO;
2247
+ if (n === _0n4)
2248
+ return I;
2249
+ assertGE(n);
2250
+ if (n === _1n4)
2251
+ return this;
2252
+ const { endo } = CURVE;
2253
+ if (!endo)
2254
+ return wnaf.unsafeLadder(this, n);
2255
+ let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
2256
+ let k1p = I;
2257
+ let k2p = I;
2258
+ let d = this;
2259
+ while (k1 > _0n4 || k2 > _0n4) {
2260
+ if (k1 & _1n4)
2261
+ k1p = k1p.add(d);
2262
+ if (k2 & _1n4)
2263
+ k2p = k2p.add(d);
2264
+ d = d.double();
2265
+ k1 >>= _1n4;
2266
+ k2 >>= _1n4;
2267
+ }
2268
+ if (k1neg)
2269
+ k1p = k1p.negate();
2270
+ if (k2neg)
2271
+ k2p = k2p.negate();
2272
+ k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
2273
+ return k1p.add(k2p);
2274
+ }
2275
+ multiply(scalar) {
2276
+ assertGE(scalar);
2277
+ let n = scalar;
2278
+ let point, fake;
2279
+ const { endo } = CURVE;
2280
+ if (endo) {
2281
+ const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
2282
+ let { p: k1p, f: f1p } = this.wNAF(k1);
2283
+ let { p: k2p, f: f2p } = this.wNAF(k2);
2284
+ k1p = wnaf.constTimeNegate(k1neg, k1p);
2285
+ k2p = wnaf.constTimeNegate(k2neg, k2p);
2286
+ k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
2287
+ point = k1p.add(k2p);
2288
+ fake = f1p.add(f2p);
2289
+ } else {
2290
+ const { p, f } = this.wNAF(n);
2291
+ point = p;
2292
+ fake = f;
2293
+ }
2294
+ return Point2.normalizeZ([point, fake])[0];
2295
+ }
2296
+ multiplyAndAddUnsafe(Q, a, b) {
2297
+ const G = Point2.BASE;
2298
+ const mul = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
2299
+ const sum = mul(this, a).add(mul(Q, b));
2300
+ return sum.is0() ? void 0 : sum;
2301
+ }
2302
+ toAffine(iz) {
2303
+ const { px: x, py: y, pz: z } = this;
2304
+ const is0 = this.is0();
2305
+ if (iz == null)
2306
+ iz = is0 ? Fp3.ONE : Fp3.inv(z);
2307
+ const ax = Fp3.mul(x, iz);
2308
+ const ay = Fp3.mul(y, iz);
2309
+ const zz = Fp3.mul(z, iz);
2310
+ if (is0)
2311
+ return { x: Fp3.ZERO, y: Fp3.ZERO };
2312
+ if (!Fp3.eql(zz, Fp3.ONE))
2313
+ throw new Error("invZ was invalid");
2314
+ return { x: ax, y: ay };
2315
+ }
2316
+ isTorsionFree() {
2317
+ const { h: cofactor, isTorsionFree } = CURVE;
2318
+ if (cofactor === _1n4)
2319
+ return true;
2320
+ if (isTorsionFree)
2321
+ return isTorsionFree(Point2, this);
2322
+ throw new Error("isTorsionFree() has not been declared for the elliptic curve");
2323
+ }
2324
+ clearCofactor() {
2325
+ const { h: cofactor, clearCofactor } = CURVE;
2326
+ if (cofactor === _1n4)
2327
+ return this;
2328
+ if (clearCofactor)
2329
+ return clearCofactor(Point2, this);
2330
+ return this.multiplyUnsafe(CURVE.h);
2331
+ }
2332
+ toRawBytes(isCompressed = true) {
2333
+ this.assertValidity();
2334
+ return toBytes2(Point2, this, isCompressed);
2335
+ }
2336
+ toHex(isCompressed = true) {
2337
+ return bytesToHex(this.toRawBytes(isCompressed));
2338
+ }
2339
+ }
2340
+ Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp3.ONE);
2341
+ Point2.ZERO = new Point2(Fp3.ZERO, Fp3.ONE, Fp3.ZERO);
2342
+ const _bits = CURVE.nBitLength;
2343
+ const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
2344
+ return {
2345
+ CURVE,
2346
+ ProjectivePoint: Point2,
2347
+ normPrivateKeyToScalar,
2348
+ weierstrassEquation,
2349
+ isWithinCurveOrder
2350
+ };
2351
+ }
2352
+ function validateOpts(curve) {
2353
+ const opts = validateBasic(curve);
2354
+ validateObject(opts, {
2355
+ hash: "hash",
2356
+ hmac: "function",
2357
+ randomBytes: "function"
2358
+ }, {
2359
+ bits2int: "function",
2360
+ bits2int_modN: "function",
2361
+ lowS: "boolean"
2362
+ });
2363
+ return Object.freeze({ lowS: true, ...opts });
2364
+ }
2365
+ function weierstrass(curveDef) {
2366
+ const CURVE = validateOpts(curveDef);
2367
+ const { Fp: Fp3, n: CURVE_ORDER } = CURVE;
2368
+ const compressedLen = Fp3.BYTES + 1;
2369
+ const uncompressedLen = 2 * Fp3.BYTES + 1;
2370
+ function isValidFieldElement(num) {
2371
+ return _0n4 < num && num < Fp3.ORDER;
2372
+ }
2373
+ function modN(a) {
2374
+ return mod(a, CURVE_ORDER);
2375
+ }
2376
+ function invN(a) {
2377
+ return invert(a, CURVE_ORDER);
2378
+ }
2379
+ const { ProjectivePoint: Point2, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder } = weierstrassPoints({
2380
+ ...CURVE,
2381
+ toBytes(c, point, isCompressed) {
2382
+ const a = point.toAffine();
2383
+ const x = Fp3.toBytes(a.x);
2384
+ const cat = concatBytes2;
2385
+ if (isCompressed) {
2386
+ return cat(Uint8Array.from([point.hasEvenY() ? 2 : 3]), x);
2387
+ } else {
2388
+ return cat(Uint8Array.from([4]), x, Fp3.toBytes(a.y));
2389
+ }
3634
2390
  },
3635
- set(val) {
3636
- if (!_sha256Sync)
3637
- _sha256Sync = val;
2391
+ fromBytes(bytes2) {
2392
+ const len = bytes2.length;
2393
+ const head = bytes2[0];
2394
+ const tail = bytes2.subarray(1);
2395
+ if (len === compressedLen && (head === 2 || head === 3)) {
2396
+ const x = bytesToNumberBE(tail);
2397
+ if (!isValidFieldElement(x))
2398
+ throw new Error("Point is not on curve");
2399
+ const y2 = weierstrassEquation(x);
2400
+ let y = Fp3.sqrt(y2);
2401
+ const isYOdd = (y & _1n4) === _1n4;
2402
+ const isHeadOdd = (head & 1) === 1;
2403
+ if (isHeadOdd !== isYOdd)
2404
+ y = Fp3.neg(y);
2405
+ return { x, y };
2406
+ } else if (len === uncompressedLen && head === 4) {
2407
+ const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
2408
+ const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
2409
+ return { x, y };
2410
+ } else {
2411
+ throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
2412
+ }
3638
2413
  }
3639
- },
3640
- hmacSha256Sync: {
3641
- configurable: false,
3642
- get() {
3643
- return _hmacSha256Sync;
2414
+ });
2415
+ const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength));
2416
+ function isBiggerThanHalfOrder(number2) {
2417
+ const HALF = CURVE_ORDER >> _1n4;
2418
+ return number2 > HALF;
2419
+ }
2420
+ function normalizeS(s) {
2421
+ return isBiggerThanHalfOrder(s) ? modN(-s) : s;
2422
+ }
2423
+ const slcNum = (b, from3, to) => bytesToNumberBE(b.slice(from3, to));
2424
+ class Signature {
2425
+ constructor(r, s, recovery) {
2426
+ this.r = r;
2427
+ this.s = s;
2428
+ this.recovery = recovery;
2429
+ this.assertValidity();
2430
+ }
2431
+ static fromCompact(hex) {
2432
+ const l = CURVE.nByteLength;
2433
+ hex = ensureBytes("compactSignature", hex, l * 2);
2434
+ return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
2435
+ }
2436
+ static fromDER(hex) {
2437
+ const { r, s } = DER.toSig(ensureBytes("DER", hex));
2438
+ return new Signature(r, s);
2439
+ }
2440
+ assertValidity() {
2441
+ if (!isWithinCurveOrder(this.r))
2442
+ throw new Error("r must be 0 < r < CURVE.n");
2443
+ if (!isWithinCurveOrder(this.s))
2444
+ throw new Error("s must be 0 < s < CURVE.n");
2445
+ }
2446
+ addRecoveryBit(recovery) {
2447
+ return new Signature(this.r, this.s, recovery);
2448
+ }
2449
+ recoverPublicKey(msgHash) {
2450
+ const { r, s, recovery: rec } = this;
2451
+ const h = bits2int_modN(ensureBytes("msgHash", msgHash));
2452
+ if (rec == null || ![0, 1, 2, 3].includes(rec))
2453
+ throw new Error("recovery id invalid");
2454
+ const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
2455
+ if (radj >= Fp3.ORDER)
2456
+ throw new Error("recovery id 2 or 3 invalid");
2457
+ const prefix = (rec & 1) === 0 ? "02" : "03";
2458
+ const R = Point2.fromHex(prefix + numToNByteStr(radj));
2459
+ const ir = invN(radj);
2460
+ const u1 = modN(-h * ir);
2461
+ const u2 = modN(s * ir);
2462
+ const Q = Point2.BASE.multiplyAndAddUnsafe(R, u1, u2);
2463
+ if (!Q)
2464
+ throw new Error("point at infinify");
2465
+ Q.assertValidity();
2466
+ return Q;
2467
+ }
2468
+ hasHighS() {
2469
+ return isBiggerThanHalfOrder(this.s);
2470
+ }
2471
+ normalizeS() {
2472
+ return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;
2473
+ }
2474
+ toDERRawBytes() {
2475
+ return hexToBytes(this.toDERHex());
2476
+ }
2477
+ toDERHex() {
2478
+ return DER.hexFromSig({ r: this.r, s: this.s });
2479
+ }
2480
+ toCompactRawBytes() {
2481
+ return hexToBytes(this.toCompactHex());
2482
+ }
2483
+ toCompactHex() {
2484
+ return numToNByteStr(this.r) + numToNByteStr(this.s);
2485
+ }
2486
+ }
2487
+ const utils = {
2488
+ isValidPrivateKey(privateKey) {
2489
+ try {
2490
+ normPrivateKeyToScalar(privateKey);
2491
+ return true;
2492
+ } catch (error) {
2493
+ return false;
2494
+ }
3644
2495
  },
3645
- set(val) {
3646
- if (!_hmacSha256Sync)
3647
- _hmacSha256Sync = val;
2496
+ normPrivateKeyToScalar,
2497
+ randomPrivateKey: () => {
2498
+ const rand = CURVE.randomBytes(Fp3.BYTES + 8);
2499
+ const num = hashToPrivateScalar(rand, CURVE_ORDER);
2500
+ return numberToBytesBE(num, CURVE.nByteLength);
2501
+ },
2502
+ precompute(windowSize = 8, point = Point2.BASE) {
2503
+ point._setWindowSize(windowSize);
2504
+ point.multiply(BigInt(3));
2505
+ return point;
3648
2506
  }
2507
+ };
2508
+ function getPublicKey(privateKey, isCompressed = true) {
2509
+ return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
2510
+ }
2511
+ function isProbPub(item) {
2512
+ const arr = item instanceof Uint8Array;
2513
+ const str = typeof item === "string";
2514
+ const len = (arr || str) && item.length;
2515
+ if (arr)
2516
+ return len === compressedLen || len === uncompressedLen;
2517
+ if (str)
2518
+ return len === 2 * compressedLen || len === 2 * uncompressedLen;
2519
+ if (item instanceof Point2)
2520
+ return true;
2521
+ return false;
3649
2522
  }
3650
- });
2523
+ function getSharedSecret(privateA, publicB, isCompressed = true) {
2524
+ if (isProbPub(privateA))
2525
+ throw new Error("first arg must be private key");
2526
+ if (!isProbPub(publicB))
2527
+ throw new Error("second arg must be public key");
2528
+ const b = Point2.fromHex(publicB);
2529
+ return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
2530
+ }
2531
+ const bits2int = CURVE.bits2int || function(bytes2) {
2532
+ const num = bytesToNumberBE(bytes2);
2533
+ const delta = bytes2.length * 8 - CURVE.nBitLength;
2534
+ return delta > 0 ? num >> BigInt(delta) : num;
2535
+ };
2536
+ const bits2int_modN = CURVE.bits2int_modN || function(bytes2) {
2537
+ return modN(bits2int(bytes2));
2538
+ };
2539
+ const ORDER_MASK = bitMask(CURVE.nBitLength);
2540
+ function int2octets(num) {
2541
+ if (typeof num !== "bigint")
2542
+ throw new Error("bigint expected");
2543
+ if (!(_0n4 <= num && num < ORDER_MASK))
2544
+ throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
2545
+ return numberToBytesBE(num, CURVE.nByteLength);
2546
+ }
2547
+ function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
2548
+ if (["recovered", "canonical"].some((k) => k in opts))
2549
+ throw new Error("sign() legacy options not supported");
2550
+ const { hash: hash2, randomBytes: randomBytes3 } = CURVE;
2551
+ let { lowS, prehash, extraEntropy: ent } = opts;
2552
+ if (lowS == null)
2553
+ lowS = true;
2554
+ msgHash = ensureBytes("msgHash", msgHash);
2555
+ if (prehash)
2556
+ msgHash = ensureBytes("prehashed msgHash", hash2(msgHash));
2557
+ const h1int = bits2int_modN(msgHash);
2558
+ const d = normPrivateKeyToScalar(privateKey);
2559
+ const seedArgs = [int2octets(d), int2octets(h1int)];
2560
+ if (ent != null) {
2561
+ const e = ent === true ? randomBytes3(Fp3.BYTES) : ent;
2562
+ seedArgs.push(ensureBytes("extraEntropy", e, Fp3.BYTES));
2563
+ }
2564
+ const seed = concatBytes2(...seedArgs);
2565
+ const m = h1int;
2566
+ function k2sig(kBytes) {
2567
+ const k = bits2int(kBytes);
2568
+ if (!isWithinCurveOrder(k))
2569
+ return;
2570
+ const ik = invN(k);
2571
+ const q = Point2.BASE.multiply(k).toAffine();
2572
+ const r = modN(q.x);
2573
+ if (r === _0n4)
2574
+ return;
2575
+ const s = modN(ik * modN(m + r * d));
2576
+ if (s === _0n4)
2577
+ return;
2578
+ let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
2579
+ let normS = s;
2580
+ if (lowS && isBiggerThanHalfOrder(s)) {
2581
+ normS = normalizeS(s);
2582
+ recovery ^= 1;
2583
+ }
2584
+ return new Signature(r, normS, recovery);
2585
+ }
2586
+ return { seed, k2sig };
2587
+ }
2588
+ const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
2589
+ const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
2590
+ function sign(msgHash, privKey, opts = defaultSigOpts) {
2591
+ const { seed, k2sig } = prepSig(msgHash, privKey, opts);
2592
+ const C = CURVE;
2593
+ const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);
2594
+ return drbg(seed, k2sig);
2595
+ }
2596
+ Point2.BASE._setWindowSize(8);
2597
+ function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
2598
+ const sg = signature;
2599
+ msgHash = ensureBytes("msgHash", msgHash);
2600
+ publicKey = ensureBytes("publicKey", publicKey);
2601
+ if ("strict" in opts)
2602
+ throw new Error("options.strict was renamed to lowS");
2603
+ const { lowS, prehash } = opts;
2604
+ let _sig = void 0;
2605
+ let P;
2606
+ try {
2607
+ if (typeof sg === "string" || sg instanceof Uint8Array) {
2608
+ try {
2609
+ _sig = Signature.fromDER(sg);
2610
+ } catch (derError) {
2611
+ if (!(derError instanceof DER.Err))
2612
+ throw derError;
2613
+ _sig = Signature.fromCompact(sg);
2614
+ }
2615
+ } else if (typeof sg === "object" && typeof sg.r === "bigint" && typeof sg.s === "bigint") {
2616
+ const { r: r2, s: s2 } = sg;
2617
+ _sig = new Signature(r2, s2);
2618
+ } else {
2619
+ throw new Error("PARSE");
2620
+ }
2621
+ P = Point2.fromHex(publicKey);
2622
+ } catch (error) {
2623
+ if (error.message === "PARSE")
2624
+ throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
2625
+ return false;
2626
+ }
2627
+ if (lowS && _sig.hasHighS())
2628
+ return false;
2629
+ if (prehash)
2630
+ msgHash = CURVE.hash(msgHash);
2631
+ const { r, s } = _sig;
2632
+ const h = bits2int_modN(msgHash);
2633
+ const is = invN(s);
2634
+ const u1 = modN(h * is);
2635
+ const u2 = modN(r * is);
2636
+ const R = Point2.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine();
2637
+ if (!R)
2638
+ return false;
2639
+ const v = modN(R.x);
2640
+ return v === r;
2641
+ }
2642
+ return {
2643
+ CURVE,
2644
+ getPublicKey,
2645
+ getSharedSecret,
2646
+ sign,
2647
+ verify,
2648
+ ProjectivePoint: Point2,
2649
+ Signature,
2650
+ utils
2651
+ };
2652
+ }
2653
+
2654
+ // ../../node_modules/@noble/curves/esm/_shortw_utils.js
2655
+ function getHash(hash2) {
2656
+ return {
2657
+ hash: hash2,
2658
+ hmac: (key, ...msgs) => hmac(hash2, key, concatBytes(...msgs)),
2659
+ randomBytes
2660
+ };
2661
+ }
2662
+ function createCurve(curveDef, defHash) {
2663
+ const create2 = (hash2) => weierstrass({ ...curveDef, ...getHash(hash2) });
2664
+ return Object.freeze({ ...create2(defHash), create: create2 });
2665
+ }
2666
+
2667
+ // ../../node_modules/@noble/hashes/esm/_sha2.js
2668
+ function setBigUint64(view, byteOffset, value, isLE2) {
2669
+ if (typeof view.setBigUint64 === "function")
2670
+ return view.setBigUint64(byteOffset, value, isLE2);
2671
+ const _32n = BigInt(32);
2672
+ const _u32_max = BigInt(4294967295);
2673
+ const wh = Number(value >> _32n & _u32_max);
2674
+ const wl = Number(value & _u32_max);
2675
+ const h = isLE2 ? 4 : 0;
2676
+ const l = isLE2 ? 0 : 4;
2677
+ view.setUint32(byteOffset + h, wh, isLE2);
2678
+ view.setUint32(byteOffset + l, wl, isLE2);
2679
+ }
2680
+ var SHA2 = class extends Hash {
2681
+ constructor(blockLen, outputLen, padOffset, isLE2) {
2682
+ super();
2683
+ this.blockLen = blockLen;
2684
+ this.outputLen = outputLen;
2685
+ this.padOffset = padOffset;
2686
+ this.isLE = isLE2;
2687
+ this.finished = false;
2688
+ this.length = 0;
2689
+ this.pos = 0;
2690
+ this.destroyed = false;
2691
+ this.buffer = new Uint8Array(blockLen);
2692
+ this.view = createView(this.buffer);
2693
+ }
2694
+ update(data) {
2695
+ assert_default.exists(this);
2696
+ const { view, buffer, blockLen } = this;
2697
+ data = toBytes(data);
2698
+ const len = data.length;
2699
+ for (let pos = 0; pos < len; ) {
2700
+ const take = Math.min(blockLen - this.pos, len - pos);
2701
+ if (take === blockLen) {
2702
+ const dataView = createView(data);
2703
+ for (; blockLen <= len - pos; pos += blockLen)
2704
+ this.process(dataView, pos);
2705
+ continue;
2706
+ }
2707
+ buffer.set(data.subarray(pos, pos + take), this.pos);
2708
+ this.pos += take;
2709
+ pos += take;
2710
+ if (this.pos === blockLen) {
2711
+ this.process(view, 0);
2712
+ this.pos = 0;
2713
+ }
2714
+ }
2715
+ this.length += data.length;
2716
+ this.roundClean();
2717
+ return this;
2718
+ }
2719
+ digestInto(out) {
2720
+ assert_default.exists(this);
2721
+ assert_default.output(out, this);
2722
+ this.finished = true;
2723
+ const { buffer, view, blockLen, isLE: isLE2 } = this;
2724
+ let { pos } = this;
2725
+ buffer[pos++] = 128;
2726
+ this.buffer.subarray(pos).fill(0);
2727
+ if (this.padOffset > blockLen - pos) {
2728
+ this.process(view, 0);
2729
+ pos = 0;
2730
+ }
2731
+ for (let i = pos; i < blockLen; i++)
2732
+ buffer[i] = 0;
2733
+ setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
2734
+ this.process(view, 0);
2735
+ const oview = createView(out);
2736
+ const len = this.outputLen;
2737
+ if (len % 4)
2738
+ throw new Error("_sha2: outputLen should be aligned to 32bit");
2739
+ const outLen = len / 4;
2740
+ const state = this.get();
2741
+ if (outLen > state.length)
2742
+ throw new Error("_sha2: outputLen bigger than state");
2743
+ for (let i = 0; i < outLen; i++)
2744
+ oview.setUint32(4 * i, state[i], isLE2);
2745
+ }
2746
+ digest() {
2747
+ const { buffer, outputLen } = this;
2748
+ this.digestInto(buffer);
2749
+ const res = buffer.slice(0, outputLen);
2750
+ this.destroy();
2751
+ return res;
2752
+ }
2753
+ _cloneInto(to) {
2754
+ to || (to = new this.constructor());
2755
+ to.set(...this.get());
2756
+ const { blockLen, buffer, length: length2, finished, destroyed, pos } = this;
2757
+ to.length = length2;
2758
+ to.pos = pos;
2759
+ to.finished = finished;
2760
+ to.destroyed = destroyed;
2761
+ if (length2 % blockLen)
2762
+ to.buffer.set(buffer);
2763
+ return to;
2764
+ }
2765
+ };
2766
+
2767
+ // ../../node_modules/@noble/hashes/esm/sha256.js
2768
+ var Chi = (a, b, c) => a & b ^ ~a & c;
2769
+ var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
2770
+ var SHA256_K = new Uint32Array([
2771
+ 1116352408,
2772
+ 1899447441,
2773
+ 3049323471,
2774
+ 3921009573,
2775
+ 961987163,
2776
+ 1508970993,
2777
+ 2453635748,
2778
+ 2870763221,
2779
+ 3624381080,
2780
+ 310598401,
2781
+ 607225278,
2782
+ 1426881987,
2783
+ 1925078388,
2784
+ 2162078206,
2785
+ 2614888103,
2786
+ 3248222580,
2787
+ 3835390401,
2788
+ 4022224774,
2789
+ 264347078,
2790
+ 604807628,
2791
+ 770255983,
2792
+ 1249150122,
2793
+ 1555081692,
2794
+ 1996064986,
2795
+ 2554220882,
2796
+ 2821834349,
2797
+ 2952996808,
2798
+ 3210313671,
2799
+ 3336571891,
2800
+ 3584528711,
2801
+ 113926993,
2802
+ 338241895,
2803
+ 666307205,
2804
+ 773529912,
2805
+ 1294757372,
2806
+ 1396182291,
2807
+ 1695183700,
2808
+ 1986661051,
2809
+ 2177026350,
2810
+ 2456956037,
2811
+ 2730485921,
2812
+ 2820302411,
2813
+ 3259730800,
2814
+ 3345764771,
2815
+ 3516065817,
2816
+ 3600352804,
2817
+ 4094571909,
2818
+ 275423344,
2819
+ 430227734,
2820
+ 506948616,
2821
+ 659060556,
2822
+ 883997877,
2823
+ 958139571,
2824
+ 1322822218,
2825
+ 1537002063,
2826
+ 1747873779,
2827
+ 1955562222,
2828
+ 2024104815,
2829
+ 2227730452,
2830
+ 2361852424,
2831
+ 2428436474,
2832
+ 2756734187,
2833
+ 3204031479,
2834
+ 3329325298
2835
+ ]);
2836
+ var IV = new Uint32Array([
2837
+ 1779033703,
2838
+ 3144134277,
2839
+ 1013904242,
2840
+ 2773480762,
2841
+ 1359893119,
2842
+ 2600822924,
2843
+ 528734635,
2844
+ 1541459225
2845
+ ]);
2846
+ var SHA256_W = new Uint32Array(64);
2847
+ var SHA256 = class extends SHA2 {
2848
+ constructor() {
2849
+ super(64, 32, 8, false);
2850
+ this.A = IV[0] | 0;
2851
+ this.B = IV[1] | 0;
2852
+ this.C = IV[2] | 0;
2853
+ this.D = IV[3] | 0;
2854
+ this.E = IV[4] | 0;
2855
+ this.F = IV[5] | 0;
2856
+ this.G = IV[6] | 0;
2857
+ this.H = IV[7] | 0;
2858
+ }
2859
+ get() {
2860
+ const { A, B, C, D, E, F, G, H } = this;
2861
+ return [A, B, C, D, E, F, G, H];
2862
+ }
2863
+ set(A, B, C, D, E, F, G, H) {
2864
+ this.A = A | 0;
2865
+ this.B = B | 0;
2866
+ this.C = C | 0;
2867
+ this.D = D | 0;
2868
+ this.E = E | 0;
2869
+ this.F = F | 0;
2870
+ this.G = G | 0;
2871
+ this.H = H | 0;
2872
+ }
2873
+ process(view, offset) {
2874
+ for (let i = 0; i < 16; i++, offset += 4)
2875
+ SHA256_W[i] = view.getUint32(offset, false);
2876
+ for (let i = 16; i < 64; i++) {
2877
+ const W15 = SHA256_W[i - 15];
2878
+ const W2 = SHA256_W[i - 2];
2879
+ const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
2880
+ const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
2881
+ SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
2882
+ }
2883
+ let { A, B, C, D, E, F, G, H } = this;
2884
+ for (let i = 0; i < 64; i++) {
2885
+ const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
2886
+ const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i] | 0;
2887
+ const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
2888
+ const T2 = sigma0 + Maj(A, B, C) | 0;
2889
+ H = G;
2890
+ G = F;
2891
+ F = E;
2892
+ E = D + T1 | 0;
2893
+ D = C;
2894
+ C = B;
2895
+ B = A;
2896
+ A = T1 + T2 | 0;
2897
+ }
2898
+ A = A + this.A | 0;
2899
+ B = B + this.B | 0;
2900
+ C = C + this.C | 0;
2901
+ D = D + this.D | 0;
2902
+ E = E + this.E | 0;
2903
+ F = F + this.F | 0;
2904
+ G = G + this.G | 0;
2905
+ H = H + this.H | 0;
2906
+ this.set(A, B, C, D, E, F, G, H);
2907
+ }
2908
+ roundClean() {
2909
+ SHA256_W.fill(0);
2910
+ }
2911
+ destroy() {
2912
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
2913
+ this.buffer.fill(0);
2914
+ }
2915
+ };
2916
+ var SHA224 = class extends SHA256 {
2917
+ constructor() {
2918
+ super();
2919
+ this.A = 3238371032 | 0;
2920
+ this.B = 914150663 | 0;
2921
+ this.C = 812702999 | 0;
2922
+ this.D = 4144912697 | 0;
2923
+ this.E = 4290775857 | 0;
2924
+ this.F = 1750603025 | 0;
2925
+ this.G = 1694076839 | 0;
2926
+ this.H = 3204075428 | 0;
2927
+ this.outputLen = 28;
2928
+ }
2929
+ };
2930
+ var sha2562 = wrapConstructor(() => new SHA256());
2931
+ var sha224 = wrapConstructor(() => new SHA224());
2932
+
2933
+ // ../../node_modules/@noble/curves/esm/p256.js
2934
+ var Fp = Field(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"));
2935
+ var CURVE_A = Fp.create(BigInt("-3"));
2936
+ var CURVE_B = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
2937
+ var p256 = createCurve({
2938
+ a: CURVE_A,
2939
+ b: CURVE_B,
2940
+ Fp,
2941
+ n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
2942
+ Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
2943
+ Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),
2944
+ h: BigInt(1),
2945
+ lowS: false
2946
+ }, sha2562);
2947
+
2948
+ // src/p256/encoding.ts
2949
+ var compressPubkey = (pubkeyBytes) => {
2950
+ const point = p256.ProjectivePoint.fromHex(pubkeyBytes);
2951
+ return point.toRawBytes(true);
2952
+ };
2953
+ var decompressPubkey = (compressed) => {
2954
+ if (compressed.length !== 33) {
2955
+ throw new Error("Expected 33 byte compress pubkey");
2956
+ }
2957
+ const point = p256.ProjectivePoint.fromHex(compressed);
2958
+ return point.toRawBytes(false);
2959
+ };
2960
+
2961
+ // ../../node_modules/@noble/curves/esm/secp256k1.js
2962
+ var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
2963
+ var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
2964
+ var _1n5 = BigInt(1);
2965
+ var _2n4 = BigInt(2);
2966
+ var divNearest = (a, b) => (a + b / _2n4) / b;
2967
+ function sqrtMod(y) {
2968
+ const P = secp256k1P;
2969
+ const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
2970
+ const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);
2971
+ const b2 = y * y * y % P;
2972
+ const b3 = b2 * b2 * y % P;
2973
+ const b6 = pow2(b3, _3n3, P) * b3 % P;
2974
+ const b9 = pow2(b6, _3n3, P) * b3 % P;
2975
+ const b11 = pow2(b9, _2n4, P) * b2 % P;
2976
+ const b22 = pow2(b11, _11n, P) * b11 % P;
2977
+ const b44 = pow2(b22, _22n, P) * b22 % P;
2978
+ const b88 = pow2(b44, _44n, P) * b44 % P;
2979
+ const b176 = pow2(b88, _88n, P) * b88 % P;
2980
+ const b220 = pow2(b176, _44n, P) * b44 % P;
2981
+ const b223 = pow2(b220, _3n3, P) * b3 % P;
2982
+ const t1 = pow2(b223, _23n, P) * b22 % P;
2983
+ const t2 = pow2(t1, _6n, P) * b2 % P;
2984
+ const root = pow2(t2, _2n4, P);
2985
+ if (!Fp2.eql(Fp2.sqr(root), y))
2986
+ throw new Error("Cannot find square root");
2987
+ return root;
2988
+ }
2989
+ var Fp2 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
2990
+ var secp256k1 = createCurve({
2991
+ a: BigInt(0),
2992
+ b: BigInt(7),
2993
+ Fp: Fp2,
2994
+ n: secp256k1N,
2995
+ Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
2996
+ Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
2997
+ h: BigInt(1),
2998
+ lowS: true,
2999
+ endo: {
3000
+ beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
3001
+ splitScalar: (k) => {
3002
+ const n = secp256k1N;
3003
+ const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
3004
+ const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
3005
+ const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
3006
+ const b2 = a1;
3007
+ const POW_2_128 = BigInt("0x100000000000000000000000000000000");
3008
+ const c1 = divNearest(b2 * k, n);
3009
+ const c2 = divNearest(-b1 * k, n);
3010
+ let k1 = mod(k - c1 * a1 - c2 * a2, n);
3011
+ let k2 = mod(-c1 * b1 - c2 * b2, n);
3012
+ const k1neg = k1 > POW_2_128;
3013
+ const k2neg = k2 > POW_2_128;
3014
+ if (k1neg)
3015
+ k1 = n - k1;
3016
+ if (k2neg)
3017
+ k2 = n - k2;
3018
+ if (k1 > POW_2_128 || k2 > POW_2_128) {
3019
+ throw new Error("splitScalar: Endomorphism failed, k=" + k);
3020
+ }
3021
+ return { k1neg, k1, k2neg, k2 };
3022
+ }
3023
+ }
3024
+ }, sha2562);
3025
+ var _0n5 = BigInt(0);
3026
+ var Point = secp256k1.ProjectivePoint;
3651
3027
 
3652
3028
  // src/secp256k1/encoding.ts
3653
3029
  var compressPubkey2 = (pubkeyBytes) => {
3654
- const hex = utils.bytesToHex(pubkeyBytes);
3655
- const point = Point.fromHex(hex);
3030
+ const point = secp256k1.ProjectivePoint.fromHex(pubkeyBytes);
3656
3031
  return point.toRawBytes(true);
3657
3032
  };
3658
3033
  var decompressPubkey2 = (compressed) => {
3659
3034
  if (compressed.length !== 33) {
3660
3035
  throw new Error("Expected 33 byte compress pubkey");
3661
3036
  }
3662
- const hex = utils.bytesToHex(compressed);
3663
- const point = Point.fromHex(hex);
3037
+ const point = secp256k1.ProjectivePoint.fromHex(compressed);
3664
3038
  return point.toRawBytes(false);
3665
3039
  };
3666
3040
 
3667
3041
  // src/p256/operations.ts
3668
- var importKeypairJwk = async (jwk, exportable = false) => {
3669
- const privateKey = await webcrypto.subtle.importKey(
3670
- "jwk",
3671
- jwk,
3672
- { name: "ECDSA", namedCurve: "P-256" },
3673
- exportable,
3674
- ["sign"]
3675
- );
3676
- const { kty, crv, x, y } = jwk;
3677
- const pubKeyJwk = { kty, crv, x, y };
3678
- const publicKey = await webcrypto.subtle.importKey(
3679
- "jwk",
3680
- pubKeyJwk,
3681
- { name: "ECDSA", namedCurve: "P-256" },
3682
- true,
3683
- ["verify"]
3684
- );
3685
- return { privateKey, publicKey };
3686
- };
3687
3042
  var verifyDidSig = async (did, data, sig) => {
3688
3043
  const { jwtAlg, keyBytes } = parseDidKey(did);
3689
3044
  if (jwtAlg !== P256_JWT_ALG) {
3690
3045
  throw new Error(`Not a P-256 did:key: ${did}`);
3691
3046
  }
3692
- return verify2(keyBytes, data, sig);
3693
- };
3694
- var verify2 = async (publicKey, data, sig) => {
3695
- const importedKey = await importEcdsaPublicKey(publicKey);
3696
- return webcrypto.subtle.verify(
3697
- { name: "ECDSA", hash: { name: "SHA-256" } },
3698
- importedKey,
3699
- sig,
3700
- data
3701
- );
3047
+ return verifySig(keyBytes, data, sig);
3702
3048
  };
3703
- var importEcdsaPublicKey = async (keyBytes) => {
3704
- return webcrypto.subtle.importKey(
3705
- "raw",
3706
- keyBytes,
3707
- { name: "ECDSA", namedCurve: "P-256" },
3708
- true,
3709
- ["verify"]
3710
- );
3049
+ var verifySig = async (publicKey, data, sig) => {
3050
+ const msgHash = await sha2562(data);
3051
+ return p256.verify(sig, msgHash, publicKey, { lowS: true });
3711
3052
  };
3712
3053
 
3713
3054
  // src/p256/plugin.ts
@@ -3724,8 +3065,11 @@ var verifyDidSig2 = async (did, data, sig) => {
3724
3065
  if (jwtAlg !== SECP256K1_JWT_ALG) {
3725
3066
  throw new Error(`Not a secp256k1 did:key: ${did}`);
3726
3067
  }
3727
- const msgHash = await utils.sha256(data);
3728
- return verify(sig, msgHash, keyBytes);
3068
+ return verifySig2(keyBytes, data, sig);
3069
+ };
3070
+ var verifySig2 = async (publicKey, data, sig) => {
3071
+ const msgHash = await sha2562(data);
3072
+ return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
3729
3073
  };
3730
3074
 
3731
3075
  // src/secp256k1/plugin.ts
@@ -3741,13 +3085,12 @@ var plugins = [plugin_default, plugin_default2];
3741
3085
  var plugins_default = plugins;
3742
3086
 
3743
3087
  // src/did.ts
3744
- var DID_KEY_BASE58_PREFIX = "did:key:z";
3745
3088
  var parseDidKey = (did) => {
3746
- if (!did.startsWith(DID_KEY_BASE58_PREFIX)) {
3089
+ if (!did.startsWith(BASE58_DID_PREFIX)) {
3747
3090
  throw new Error(`Incorrect prefix for did:key: ${did}`);
3748
3091
  }
3749
3092
  const prefixedBytes = fromString2(
3750
- did.slice(DID_KEY_BASE58_PREFIX.length),
3093
+ did.slice(BASE58_DID_PREFIX.length),
3751
3094
  "base58btc"
3752
3095
  );
3753
3096
  const plugin = plugins_default.find((p) => hasPrefix(prefixedBytes, p.prefix));
@@ -3776,10 +3119,10 @@ var formatDidKey = (jwtAlg, keyBytes) => {
3776
3119
  keyBytes = compressPubkey2(keyBytes);
3777
3120
  }
3778
3121
  const prefixedBytes = concat([plugin.prefix, keyBytes]);
3779
- return DID_KEY_BASE58_PREFIX + toString2(prefixedBytes, "base58btc");
3122
+ return BASE58_DID_PREFIX + toString2(prefixedBytes, "base58btc");
3780
3123
  };
3781
- var hasPrefix = (bytes, prefix) => {
3782
- return equals(prefix, bytes.subarray(0, prefix.byteLength));
3124
+ var hasPrefix = (bytes2, prefix) => {
3125
+ return equals(prefix, bytes2.subarray(0, prefix.byteLength));
3783
3126
  };
3784
3127
 
3785
3128
  // src/multibase.ts
@@ -3807,26 +3150,47 @@ var multibaseToBytes = (mb) => {
3807
3150
  throw new Error(`Unsupported multibase: :${mb}`);
3808
3151
  }
3809
3152
  };
3153
+ var bytesToMultibase = (mb, encoding) => {
3154
+ switch (encoding) {
3155
+ case "base16":
3156
+ return "f" + toString2(mb, encoding);
3157
+ case "base16upper":
3158
+ return "F" + toString2(mb, encoding);
3159
+ case "base32":
3160
+ return "b" + toString2(mb, encoding);
3161
+ case "base32upper":
3162
+ return "B" + toString2(mb, encoding);
3163
+ case "base58btc":
3164
+ return "z" + toString2(mb, encoding);
3165
+ case "base64":
3166
+ return "m" + toString2(mb, encoding);
3167
+ case "base64url":
3168
+ return "u" + toString2(mb, encoding);
3169
+ case "base64urlpad":
3170
+ return "U" + toString2(mb, encoding);
3171
+ default:
3172
+ throw new Error(`Unsupported multibase: :${mb}`);
3173
+ }
3174
+ };
3810
3175
 
3811
3176
  // src/sha.ts
3812
- var import_crypto3 = __toESM(require("crypto"));
3813
- var sha2562 = async (input) => {
3814
- const bytes = typeof input === "string" ? fromString2(input, "utf8") : input;
3815
- const hash = await sha256.digest(bytes);
3816
- return hash.digest;
3177
+ var sha2563 = async (input) => {
3178
+ const bytes2 = typeof input === "string" ? fromString2(input, "utf8") : input;
3179
+ return sha2562(bytes2);
3817
3180
  };
3818
- var sha256Stream = async (stream) => {
3819
- const hash = import_crypto3.default.createHash("sha256");
3820
- try {
3821
- for await (const chunk of stream) {
3822
- hash.write(chunk);
3823
- }
3824
- } catch (err) {
3825
- hash.end();
3826
- throw err;
3827
- }
3828
- hash.end();
3829
- return hash.read();
3181
+
3182
+ // src/random.ts
3183
+ var randomBytes2 = randomBytes;
3184
+ var randomStr = (byteLength, encoding) => {
3185
+ const bytes2 = randomBytes2(byteLength);
3186
+ return toString2(bytes2, encoding);
3187
+ };
3188
+ var randomIntFromSeed = async (seed, high, low = 0) => {
3189
+ const hash2 = await sha2563(seed);
3190
+ const number2 = Buffer.from(hash2).readUintBE(0, 6);
3191
+ const range = high - low;
3192
+ const normalized = number2 % range;
3193
+ return normalized + low;
3830
3194
  };
3831
3195
 
3832
3196
  // src/verify.ts
@@ -3845,30 +3209,22 @@ var verifySignatureUtf8 = async (didKey, data, sig) => {
3845
3209
  };
3846
3210
 
3847
3211
  // src/p256/keypair.ts
3848
- var EcdsaKeypair = class {
3849
- constructor(keypair, publicKey, exportable) {
3850
- this.jwtAlg = P256_JWT_ALG;
3851
- this.keypair = keypair;
3852
- this.publicKey = publicKey;
3212
+ var P256Keypair = class {
3213
+ constructor(privateKey, exportable) {
3214
+ this.privateKey = privateKey;
3853
3215
  this.exportable = exportable;
3216
+ this.jwtAlg = P256_JWT_ALG;
3217
+ this.publicKey = p256.getPublicKey(privateKey);
3854
3218
  }
3855
3219
  static async create(opts) {
3856
3220
  const { exportable = false } = opts || {};
3857
- const keypair = await webcrypto.subtle.generateKey(
3858
- { name: "ECDSA", namedCurve: "P-256" },
3859
- exportable,
3860
- ["sign", "verify"]
3861
- );
3862
- const pubkeyBuf = await webcrypto.subtle.exportKey("raw", keypair.publicKey);
3863
- const pubkeyBytes = new Uint8Array(pubkeyBuf);
3864
- return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
3865
- }
3866
- static async import(jwk, opts) {
3221
+ const privKey = p256.utils.randomPrivateKey();
3222
+ return new P256Keypair(privKey, exportable);
3223
+ }
3224
+ static async import(privKey, opts) {
3867
3225
  const { exportable = false } = opts || {};
3868
- const keypair = await importKeypairJwk(jwk, exportable);
3869
- const pubkeyBuf = await webcrypto.subtle.exportKey("raw", keypair.publicKey);
3870
- const pubkeyBytes = new Uint8Array(pubkeyBuf);
3871
- return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
3226
+ const privKeyBytes = typeof privKey === "string" ? fromString2(privKey, "hex") : privKey;
3227
+ return new P256Keypair(privKeyBytes, exportable);
3872
3228
  }
3873
3229
  publicKeyBytes() {
3874
3230
  return this.publicKey;
@@ -3880,19 +3236,15 @@ var EcdsaKeypair = class {
3880
3236
  return formatDidKey(this.jwtAlg, this.publicKey);
3881
3237
  }
3882
3238
  async sign(msg) {
3883
- const buf = await webcrypto.subtle.sign(
3884
- { name: "ECDSA", hash: { name: "SHA-256" } },
3885
- this.keypair.privateKey,
3886
- msg.buffer
3887
- );
3888
- return new Uint8Array(buf);
3239
+ const msgHash = await sha2562(msg);
3240
+ const sig = await p256.sign(msgHash, this.privateKey, { lowS: true });
3241
+ return sig.toCompactRawBytes();
3889
3242
  }
3890
3243
  async export() {
3891
3244
  if (!this.exportable) {
3892
3245
  throw new Error("Private key is not exportable");
3893
3246
  }
3894
- const jwk = await webcrypto.subtle.exportKey("jwk", this.keypair.privateKey);
3895
- return jwk;
3247
+ return this.privateKey;
3896
3248
  }
3897
3249
  };
3898
3250
 
@@ -3902,11 +3254,11 @@ var Secp256k1Keypair = class {
3902
3254
  this.privateKey = privateKey;
3903
3255
  this.exportable = exportable;
3904
3256
  this.jwtAlg = SECP256K1_JWT_ALG;
3905
- this.publicKey = getPublicKey(privateKey);
3257
+ this.publicKey = secp256k1.getPublicKey(privateKey);
3906
3258
  }
3907
3259
  static async create(opts) {
3908
3260
  const { exportable = false } = opts || {};
3909
- const privKey = utils.randomPrivateKey();
3261
+ const privKey = secp256k1.utils.randomPrivateKey();
3910
3262
  return new Secp256k1Keypair(privKey, exportable);
3911
3263
  }
3912
3264
  static async import(privKey, opts) {
@@ -3924,8 +3276,9 @@ var Secp256k1Keypair = class {
3924
3276
  return formatDidKey(this.jwtAlg, this.publicKey);
3925
3277
  }
3926
3278
  async sign(msg) {
3927
- const msgHash = await utils.sha256(msg);
3928
- return sign(msgHash, this.privateKey, { der: false });
3279
+ const msgHash = await sha2562(msg);
3280
+ const sig = await secp256k1.sign(msgHash, this.privateKey, { lowS: true });
3281
+ return sig.toCompactRawBytes();
3929
3282
  }
3930
3283
  async export() {
3931
3284
  if (!this.exportable) {
@@ -3936,27 +3289,26 @@ var Secp256k1Keypair = class {
3936
3289
  };
3937
3290
  // Annotate the CommonJS export names for ESM import in node:
3938
3291
  0 && (module.exports = {
3939
- AesKey,
3940
3292
  BASE58_DID_PREFIX,
3941
- DID_KEY_BASE58_PREFIX,
3942
- EcdsaKeypair,
3293
+ P256Keypair,
3943
3294
  P256_DID_PREFIX,
3944
3295
  P256_JWT_ALG,
3945
3296
  SECP256K1_DID_PREFIX,
3946
3297
  SECP256K1_JWT_ALG,
3947
3298
  Secp256k1Keypair,
3299
+ bytesToMultibase,
3948
3300
  formatDidKey,
3949
3301
  multibaseToBytes,
3950
3302
  p256Plugin,
3951
3303
  parseDidKey,
3952
3304
  randomBytes,
3953
- randomIV,
3305
+ randomIntFromSeed,
3954
3306
  randomStr,
3955
3307
  secp256k1Plugin,
3956
3308
  sha256,
3957
- sha256Stream,
3958
3309
  verifySignature,
3959
3310
  verifySignatureUtf8
3960
3311
  });
3961
- /*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
3312
+ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
3313
+ /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
3962
3314
  //# sourceMappingURL=index.js.map