@atproto/crypto 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -5,9 +5,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
5
  var __getOwnPropNames = Object.getOwnPropertyNames;
6
6
  var __getProtoOf = Object.getPrototypeOf;
7
7
  var __hasOwnProp = Object.prototype.hasOwnProperty;
8
- var __commonJS = (cb, mod2) => function __require() {
9
- return mod2 || (0, cb[__getOwnPropNames(cb)[0]])((mod2 = { exports: {} }).exports, mod2), mod2.exports;
10
- };
11
8
  var __export = (target, all) => {
12
9
  for (var name2 in all)
13
10
  __defProp(target, name2, { get: all[name2], enumerable: true });
@@ -26,1404 +23,54 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
26
23
  ));
27
24
  var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
28
25
 
29
- // ../../node_modules/big-integer/BigInteger.js
30
- var require_BigInteger = __commonJS({
31
- "../../node_modules/big-integer/BigInteger.js"(exports, module2) {
32
- var bigInt2 = function(undefined2) {
33
- "use strict";
34
- var BASE = 1e7, LOG_BASE = 7, MAX_INT = 9007199254740992, MAX_INT_ARR = smallToArray(MAX_INT), DEFAULT_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyz";
35
- var supportsNativeBigInt = typeof BigInt === "function";
36
- function Integer(v, radix, alphabet2, caseSensitive) {
37
- if (typeof v === "undefined")
38
- return Integer[0];
39
- if (typeof radix !== "undefined")
40
- return +radix === 10 && !alphabet2 ? parseValue(v) : parseBase(v, radix, alphabet2, caseSensitive);
41
- return parseValue(v);
42
- }
43
- function BigInteger(value, sign2) {
44
- this.value = value;
45
- this.sign = sign2;
46
- this.isSmall = false;
47
- }
48
- BigInteger.prototype = Object.create(Integer.prototype);
49
- function SmallInteger(value) {
50
- this.value = value;
51
- this.sign = value < 0;
52
- this.isSmall = true;
53
- }
54
- SmallInteger.prototype = Object.create(Integer.prototype);
55
- function NativeBigInt(value) {
56
- this.value = value;
57
- }
58
- NativeBigInt.prototype = Object.create(Integer.prototype);
59
- function isPrecise(n) {
60
- return -MAX_INT < n && n < MAX_INT;
61
- }
62
- function smallToArray(n) {
63
- if (n < 1e7)
64
- return [n];
65
- if (n < 1e14)
66
- return [n % 1e7, Math.floor(n / 1e7)];
67
- return [n % 1e7, Math.floor(n / 1e7) % 1e7, Math.floor(n / 1e14)];
68
- }
69
- function arrayToSmall(arr) {
70
- trim(arr);
71
- var length2 = arr.length;
72
- if (length2 < 4 && compareAbs(arr, MAX_INT_ARR) < 0) {
73
- switch (length2) {
74
- case 0:
75
- return 0;
76
- case 1:
77
- return arr[0];
78
- case 2:
79
- return arr[0] + arr[1] * BASE;
80
- default:
81
- return arr[0] + (arr[1] + arr[2] * BASE) * BASE;
82
- }
83
- }
84
- return arr;
85
- }
86
- function trim(v) {
87
- var i2 = v.length;
88
- while (v[--i2] === 0)
89
- ;
90
- v.length = i2 + 1;
91
- }
92
- function createArray(length2) {
93
- var x = new Array(length2);
94
- var i2 = -1;
95
- while (++i2 < length2) {
96
- x[i2] = 0;
97
- }
98
- return x;
99
- }
100
- function truncate(n) {
101
- if (n > 0)
102
- return Math.floor(n);
103
- return Math.ceil(n);
104
- }
105
- function add(a, b) {
106
- var l_a = a.length, l_b = b.length, r = new Array(l_a), carry = 0, base3 = BASE, sum, i2;
107
- for (i2 = 0; i2 < l_b; i2++) {
108
- sum = a[i2] + b[i2] + carry;
109
- carry = sum >= base3 ? 1 : 0;
110
- r[i2] = sum - carry * base3;
111
- }
112
- while (i2 < l_a) {
113
- sum = a[i2] + carry;
114
- carry = sum === base3 ? 1 : 0;
115
- r[i2++] = sum - carry * base3;
116
- }
117
- if (carry > 0)
118
- r.push(carry);
119
- return r;
120
- }
121
- function addAny(a, b) {
122
- if (a.length >= b.length)
123
- return add(a, b);
124
- return add(b, a);
125
- }
126
- function addSmall(a, carry) {
127
- var l = a.length, r = new Array(l), base3 = BASE, sum, i2;
128
- for (i2 = 0; i2 < l; i2++) {
129
- sum = a[i2] - base3 + carry;
130
- carry = Math.floor(sum / base3);
131
- r[i2] = sum - carry * base3;
132
- carry += 1;
133
- }
134
- while (carry > 0) {
135
- r[i2++] = carry % base3;
136
- carry = Math.floor(carry / base3);
137
- }
138
- return r;
139
- }
140
- BigInteger.prototype.add = function(v) {
141
- var n = parseValue(v);
142
- if (this.sign !== n.sign) {
143
- return this.subtract(n.negate());
144
- }
145
- var a = this.value, b = n.value;
146
- if (n.isSmall) {
147
- return new BigInteger(addSmall(a, Math.abs(b)), this.sign);
148
- }
149
- return new BigInteger(addAny(a, b), this.sign);
150
- };
151
- BigInteger.prototype.plus = BigInteger.prototype.add;
152
- SmallInteger.prototype.add = function(v) {
153
- var n = parseValue(v);
154
- var a = this.value;
155
- if (a < 0 !== n.sign) {
156
- return this.subtract(n.negate());
157
- }
158
- var b = n.value;
159
- if (n.isSmall) {
160
- if (isPrecise(a + b))
161
- return new SmallInteger(a + b);
162
- b = smallToArray(Math.abs(b));
163
- }
164
- return new BigInteger(addSmall(b, Math.abs(a)), a < 0);
165
- };
166
- SmallInteger.prototype.plus = SmallInteger.prototype.add;
167
- NativeBigInt.prototype.add = function(v) {
168
- return new NativeBigInt(this.value + parseValue(v).value);
169
- };
170
- NativeBigInt.prototype.plus = NativeBigInt.prototype.add;
171
- function subtract(a, b) {
172
- var a_l = a.length, b_l = b.length, r = new Array(a_l), borrow = 0, base3 = BASE, i2, difference;
173
- for (i2 = 0; i2 < b_l; i2++) {
174
- difference = a[i2] - borrow - b[i2];
175
- if (difference < 0) {
176
- difference += base3;
177
- borrow = 1;
178
- } else
179
- borrow = 0;
180
- r[i2] = difference;
181
- }
182
- for (i2 = b_l; i2 < a_l; i2++) {
183
- difference = a[i2] - borrow;
184
- if (difference < 0)
185
- difference += base3;
186
- else {
187
- r[i2++] = difference;
188
- break;
189
- }
190
- r[i2] = difference;
191
- }
192
- for (; i2 < a_l; i2++) {
193
- r[i2] = a[i2];
194
- }
195
- trim(r);
196
- return r;
197
- }
198
- function subtractAny(a, b, sign2) {
199
- var value;
200
- if (compareAbs(a, b) >= 0) {
201
- value = subtract(a, b);
202
- } else {
203
- value = subtract(b, a);
204
- sign2 = !sign2;
205
- }
206
- value = arrayToSmall(value);
207
- if (typeof value === "number") {
208
- if (sign2)
209
- value = -value;
210
- return new SmallInteger(value);
211
- }
212
- return new BigInteger(value, sign2);
213
- }
214
- function subtractSmall(a, b, sign2) {
215
- var l = a.length, r = new Array(l), carry = -b, base3 = BASE, i2, difference;
216
- for (i2 = 0; i2 < l; i2++) {
217
- difference = a[i2] + carry;
218
- carry = Math.floor(difference / base3);
219
- difference %= base3;
220
- r[i2] = difference < 0 ? difference + base3 : difference;
221
- }
222
- r = arrayToSmall(r);
223
- if (typeof r === "number") {
224
- if (sign2)
225
- r = -r;
226
- return new SmallInteger(r);
227
- }
228
- return new BigInteger(r, sign2);
229
- }
230
- BigInteger.prototype.subtract = function(v) {
231
- var n = parseValue(v);
232
- if (this.sign !== n.sign) {
233
- return this.add(n.negate());
234
- }
235
- var a = this.value, b = n.value;
236
- if (n.isSmall)
237
- return subtractSmall(a, Math.abs(b), this.sign);
238
- return subtractAny(a, b, this.sign);
239
- };
240
- BigInteger.prototype.minus = BigInteger.prototype.subtract;
241
- SmallInteger.prototype.subtract = function(v) {
242
- var n = parseValue(v);
243
- var a = this.value;
244
- if (a < 0 !== n.sign) {
245
- return this.add(n.negate());
246
- }
247
- var b = n.value;
248
- if (n.isSmall) {
249
- return new SmallInteger(a - b);
250
- }
251
- return subtractSmall(b, Math.abs(a), a >= 0);
252
- };
253
- SmallInteger.prototype.minus = SmallInteger.prototype.subtract;
254
- NativeBigInt.prototype.subtract = function(v) {
255
- return new NativeBigInt(this.value - parseValue(v).value);
256
- };
257
- NativeBigInt.prototype.minus = NativeBigInt.prototype.subtract;
258
- BigInteger.prototype.negate = function() {
259
- return new BigInteger(this.value, !this.sign);
260
- };
261
- SmallInteger.prototype.negate = function() {
262
- var sign2 = this.sign;
263
- var small = new SmallInteger(-this.value);
264
- small.sign = !sign2;
265
- return small;
266
- };
267
- NativeBigInt.prototype.negate = function() {
268
- return new NativeBigInt(-this.value);
269
- };
270
- BigInteger.prototype.abs = function() {
271
- return new BigInteger(this.value, false);
272
- };
273
- SmallInteger.prototype.abs = function() {
274
- return new SmallInteger(Math.abs(this.value));
275
- };
276
- NativeBigInt.prototype.abs = function() {
277
- return new NativeBigInt(this.value >= 0 ? this.value : -this.value);
278
- };
279
- function multiplyLong(a, b) {
280
- var a_l = a.length, b_l = b.length, l = a_l + b_l, r = createArray(l), base3 = BASE, product, carry, i2, a_i, b_j;
281
- for (i2 = 0; i2 < a_l; ++i2) {
282
- a_i = a[i2];
283
- for (var j = 0; j < b_l; ++j) {
284
- b_j = b[j];
285
- product = a_i * b_j + r[i2 + j];
286
- carry = Math.floor(product / base3);
287
- r[i2 + j] = product - carry * base3;
288
- r[i2 + j + 1] += carry;
289
- }
290
- }
291
- trim(r);
292
- return r;
293
- }
294
- function multiplySmall(a, b) {
295
- var l = a.length, r = new Array(l), base3 = BASE, carry = 0, product, i2;
296
- for (i2 = 0; i2 < l; i2++) {
297
- product = a[i2] * b + carry;
298
- carry = Math.floor(product / base3);
299
- r[i2] = product - carry * base3;
300
- }
301
- while (carry > 0) {
302
- r[i2++] = carry % base3;
303
- carry = Math.floor(carry / base3);
304
- }
305
- return r;
306
- }
307
- function shiftLeft(x, n) {
308
- var r = [];
309
- while (n-- > 0)
310
- r.push(0);
311
- return r.concat(x);
312
- }
313
- function multiplyKaratsuba(x, y) {
314
- var n = Math.max(x.length, y.length);
315
- if (n <= 30)
316
- return multiplyLong(x, y);
317
- n = Math.ceil(n / 2);
318
- var b = x.slice(n), a = x.slice(0, n), d = y.slice(n), c = y.slice(0, n);
319
- var ac = multiplyKaratsuba(a, c), bd = multiplyKaratsuba(b, d), abcd = multiplyKaratsuba(addAny(a, b), addAny(c, d));
320
- var product = addAny(addAny(ac, shiftLeft(subtract(subtract(abcd, ac), bd), n)), shiftLeft(bd, 2 * n));
321
- trim(product);
322
- return product;
323
- }
324
- function useKaratsuba(l1, l2) {
325
- return -0.012 * l1 - 0.012 * l2 + 15e-6 * l1 * l2 > 0;
326
- }
327
- BigInteger.prototype.multiply = function(v) {
328
- var n = parseValue(v), a = this.value, b = n.value, sign2 = this.sign !== n.sign, abs;
329
- if (n.isSmall) {
330
- if (b === 0)
331
- return Integer[0];
332
- if (b === 1)
333
- return this;
334
- if (b === -1)
335
- return this.negate();
336
- abs = Math.abs(b);
337
- if (abs < BASE) {
338
- return new BigInteger(multiplySmall(a, abs), sign2);
339
- }
340
- b = smallToArray(abs);
341
- }
342
- if (useKaratsuba(a.length, b.length))
343
- return new BigInteger(multiplyKaratsuba(a, b), sign2);
344
- return new BigInteger(multiplyLong(a, b), sign2);
345
- };
346
- BigInteger.prototype.times = BigInteger.prototype.multiply;
347
- function multiplySmallAndArray(a, b, sign2) {
348
- if (a < BASE) {
349
- return new BigInteger(multiplySmall(b, a), sign2);
350
- }
351
- return new BigInteger(multiplyLong(b, smallToArray(a)), sign2);
352
- }
353
- SmallInteger.prototype._multiplyBySmall = function(a) {
354
- if (isPrecise(a.value * this.value)) {
355
- return new SmallInteger(a.value * this.value);
356
- }
357
- return multiplySmallAndArray(Math.abs(a.value), smallToArray(Math.abs(this.value)), this.sign !== a.sign);
358
- };
359
- BigInteger.prototype._multiplyBySmall = function(a) {
360
- if (a.value === 0)
361
- return Integer[0];
362
- if (a.value === 1)
363
- return this;
364
- if (a.value === -1)
365
- return this.negate();
366
- return multiplySmallAndArray(Math.abs(a.value), this.value, this.sign !== a.sign);
367
- };
368
- SmallInteger.prototype.multiply = function(v) {
369
- return parseValue(v)._multiplyBySmall(this);
370
- };
371
- SmallInteger.prototype.times = SmallInteger.prototype.multiply;
372
- NativeBigInt.prototype.multiply = function(v) {
373
- return new NativeBigInt(this.value * parseValue(v).value);
374
- };
375
- NativeBigInt.prototype.times = NativeBigInt.prototype.multiply;
376
- function square(a) {
377
- var l = a.length, r = createArray(l + l), base3 = BASE, product, carry, i2, a_i, a_j;
378
- for (i2 = 0; i2 < l; i2++) {
379
- a_i = a[i2];
380
- carry = 0 - a_i * a_i;
381
- for (var j = i2; j < l; j++) {
382
- a_j = a[j];
383
- product = 2 * (a_i * a_j) + r[i2 + j] + carry;
384
- carry = Math.floor(product / base3);
385
- r[i2 + j] = product - carry * base3;
386
- }
387
- r[i2 + l] = carry;
388
- }
389
- trim(r);
390
- return r;
391
- }
392
- BigInteger.prototype.square = function() {
393
- return new BigInteger(square(this.value), false);
394
- };
395
- SmallInteger.prototype.square = function() {
396
- var value = this.value * this.value;
397
- if (isPrecise(value))
398
- return new SmallInteger(value);
399
- return new BigInteger(square(smallToArray(Math.abs(this.value))), false);
400
- };
401
- NativeBigInt.prototype.square = function(v) {
402
- return new NativeBigInt(this.value * this.value);
403
- };
404
- function divMod1(a, b) {
405
- var a_l = a.length, b_l = b.length, base3 = BASE, result = createArray(b.length), divisorMostSignificantDigit = b[b_l - 1], lambda = Math.ceil(base3 / (2 * divisorMostSignificantDigit)), remainder = multiplySmall(a, lambda), divisor = multiplySmall(b, lambda), quotientDigit, shift, carry, borrow, i2, l, q;
406
- if (remainder.length <= a_l)
407
- remainder.push(0);
408
- divisor.push(0);
409
- divisorMostSignificantDigit = divisor[b_l - 1];
410
- for (shift = a_l - b_l; shift >= 0; shift--) {
411
- quotientDigit = base3 - 1;
412
- if (remainder[shift + b_l] !== divisorMostSignificantDigit) {
413
- quotientDigit = Math.floor((remainder[shift + b_l] * base3 + remainder[shift + b_l - 1]) / divisorMostSignificantDigit);
414
- }
415
- carry = 0;
416
- borrow = 0;
417
- l = divisor.length;
418
- for (i2 = 0; i2 < l; i2++) {
419
- carry += quotientDigit * divisor[i2];
420
- q = Math.floor(carry / base3);
421
- borrow += remainder[shift + i2] - (carry - q * base3);
422
- carry = q;
423
- if (borrow < 0) {
424
- remainder[shift + i2] = borrow + base3;
425
- borrow = -1;
426
- } else {
427
- remainder[shift + i2] = borrow;
428
- borrow = 0;
429
- }
430
- }
431
- while (borrow !== 0) {
432
- quotientDigit -= 1;
433
- carry = 0;
434
- for (i2 = 0; i2 < l; i2++) {
435
- carry += remainder[shift + i2] - base3 + divisor[i2];
436
- if (carry < 0) {
437
- remainder[shift + i2] = carry + base3;
438
- carry = 0;
439
- } else {
440
- remainder[shift + i2] = carry;
441
- carry = 1;
442
- }
443
- }
444
- borrow += carry;
445
- }
446
- result[shift] = quotientDigit;
447
- }
448
- remainder = divModSmall(remainder, lambda)[0];
449
- return [arrayToSmall(result), arrayToSmall(remainder)];
450
- }
451
- function divMod2(a, b) {
452
- var a_l = a.length, b_l = b.length, result = [], part = [], base3 = BASE, guess, xlen, highx, highy, check;
453
- while (a_l) {
454
- part.unshift(a[--a_l]);
455
- trim(part);
456
- if (compareAbs(part, b) < 0) {
457
- result.push(0);
458
- continue;
459
- }
460
- xlen = part.length;
461
- highx = part[xlen - 1] * base3 + part[xlen - 2];
462
- highy = b[b_l - 1] * base3 + b[b_l - 2];
463
- if (xlen > b_l) {
464
- highx = (highx + 1) * base3;
465
- }
466
- guess = Math.ceil(highx / highy);
467
- do {
468
- check = multiplySmall(b, guess);
469
- if (compareAbs(check, part) <= 0)
470
- break;
471
- guess--;
472
- } while (guess);
473
- result.push(guess);
474
- part = subtract(part, check);
475
- }
476
- result.reverse();
477
- return [arrayToSmall(result), arrayToSmall(part)];
478
- }
479
- function divModSmall(value, lambda) {
480
- var length2 = value.length, quotient = createArray(length2), base3 = BASE, i2, q, remainder, divisor;
481
- remainder = 0;
482
- for (i2 = length2 - 1; i2 >= 0; --i2) {
483
- divisor = remainder * base3 + value[i2];
484
- q = truncate(divisor / lambda);
485
- remainder = divisor - q * lambda;
486
- quotient[i2] = q | 0;
487
- }
488
- return [quotient, remainder | 0];
489
- }
490
- function divModAny(self2, v) {
491
- var value, n = parseValue(v);
492
- if (supportsNativeBigInt) {
493
- return [new NativeBigInt(self2.value / n.value), new NativeBigInt(self2.value % n.value)];
494
- }
495
- var a = self2.value, b = n.value;
496
- var quotient;
497
- if (b === 0)
498
- throw new Error("Cannot divide by zero");
499
- if (self2.isSmall) {
500
- if (n.isSmall) {
501
- return [new SmallInteger(truncate(a / b)), new SmallInteger(a % b)];
502
- }
503
- return [Integer[0], self2];
504
- }
505
- if (n.isSmall) {
506
- if (b === 1)
507
- return [self2, Integer[0]];
508
- if (b == -1)
509
- return [self2.negate(), Integer[0]];
510
- var abs = Math.abs(b);
511
- if (abs < BASE) {
512
- value = divModSmall(a, abs);
513
- quotient = arrayToSmall(value[0]);
514
- var remainder = value[1];
515
- if (self2.sign)
516
- remainder = -remainder;
517
- if (typeof quotient === "number") {
518
- if (self2.sign !== n.sign)
519
- quotient = -quotient;
520
- return [new SmallInteger(quotient), new SmallInteger(remainder)];
521
- }
522
- return [new BigInteger(quotient, self2.sign !== n.sign), new SmallInteger(remainder)];
523
- }
524
- b = smallToArray(abs);
525
- }
526
- var comparison = compareAbs(a, b);
527
- if (comparison === -1)
528
- return [Integer[0], self2];
529
- if (comparison === 0)
530
- return [Integer[self2.sign === n.sign ? 1 : -1], Integer[0]];
531
- if (a.length + b.length <= 200)
532
- value = divMod1(a, b);
533
- else
534
- value = divMod2(a, b);
535
- quotient = value[0];
536
- var qSign = self2.sign !== n.sign, mod2 = value[1], mSign = self2.sign;
537
- if (typeof quotient === "number") {
538
- if (qSign)
539
- quotient = -quotient;
540
- quotient = new SmallInteger(quotient);
541
- } else
542
- quotient = new BigInteger(quotient, qSign);
543
- if (typeof mod2 === "number") {
544
- if (mSign)
545
- mod2 = -mod2;
546
- mod2 = new SmallInteger(mod2);
547
- } else
548
- mod2 = new BigInteger(mod2, mSign);
549
- return [quotient, mod2];
550
- }
551
- BigInteger.prototype.divmod = function(v) {
552
- var result = divModAny(this, v);
553
- return {
554
- quotient: result[0],
555
- remainder: result[1]
556
- };
557
- };
558
- NativeBigInt.prototype.divmod = SmallInteger.prototype.divmod = BigInteger.prototype.divmod;
559
- BigInteger.prototype.divide = function(v) {
560
- return divModAny(this, v)[0];
561
- };
562
- NativeBigInt.prototype.over = NativeBigInt.prototype.divide = function(v) {
563
- return new NativeBigInt(this.value / parseValue(v).value);
564
- };
565
- SmallInteger.prototype.over = SmallInteger.prototype.divide = BigInteger.prototype.over = BigInteger.prototype.divide;
566
- BigInteger.prototype.mod = function(v) {
567
- return divModAny(this, v)[1];
568
- };
569
- NativeBigInt.prototype.mod = NativeBigInt.prototype.remainder = function(v) {
570
- return new NativeBigInt(this.value % parseValue(v).value);
571
- };
572
- SmallInteger.prototype.remainder = SmallInteger.prototype.mod = BigInteger.prototype.remainder = BigInteger.prototype.mod;
573
- BigInteger.prototype.pow = function(v) {
574
- var n = parseValue(v), a = this.value, b = n.value, value, x, y;
575
- if (b === 0)
576
- return Integer[1];
577
- if (a === 0)
578
- return Integer[0];
579
- if (a === 1)
580
- return Integer[1];
581
- if (a === -1)
582
- return n.isEven() ? Integer[1] : Integer[-1];
583
- if (n.sign) {
584
- return Integer[0];
585
- }
586
- if (!n.isSmall)
587
- throw new Error("The exponent " + n.toString() + " is too large.");
588
- if (this.isSmall) {
589
- if (isPrecise(value = Math.pow(a, b)))
590
- return new SmallInteger(truncate(value));
591
- }
592
- x = this;
593
- y = Integer[1];
594
- while (true) {
595
- if (b & true) {
596
- y = y.times(x);
597
- --b;
598
- }
599
- if (b === 0)
600
- break;
601
- b /= 2;
602
- x = x.square();
603
- }
604
- return y;
605
- };
606
- SmallInteger.prototype.pow = BigInteger.prototype.pow;
607
- NativeBigInt.prototype.pow = function(v) {
608
- var n = parseValue(v);
609
- var a = this.value, b = n.value;
610
- var _0 = BigInt(0), _1 = BigInt(1), _2 = BigInt(2);
611
- if (b === _0)
612
- return Integer[1];
613
- if (a === _0)
614
- return Integer[0];
615
- if (a === _1)
616
- return Integer[1];
617
- if (a === BigInt(-1))
618
- return n.isEven() ? Integer[1] : Integer[-1];
619
- if (n.isNegative())
620
- return new NativeBigInt(_0);
621
- var x = this;
622
- var y = Integer[1];
623
- while (true) {
624
- if ((b & _1) === _1) {
625
- y = y.times(x);
626
- --b;
627
- }
628
- if (b === _0)
629
- break;
630
- b /= _2;
631
- x = x.square();
632
- }
633
- return y;
634
- };
635
- BigInteger.prototype.modPow = function(exp, mod2) {
636
- exp = parseValue(exp);
637
- mod2 = parseValue(mod2);
638
- if (mod2.isZero())
639
- throw new Error("Cannot take modPow with modulus 0");
640
- var r = Integer[1], base3 = this.mod(mod2);
641
- if (exp.isNegative()) {
642
- exp = exp.multiply(Integer[-1]);
643
- base3 = base3.modInv(mod2);
644
- }
645
- while (exp.isPositive()) {
646
- if (base3.isZero())
647
- return Integer[0];
648
- if (exp.isOdd())
649
- r = r.multiply(base3).mod(mod2);
650
- exp = exp.divide(2);
651
- base3 = base3.square().mod(mod2);
652
- }
653
- return r;
654
- };
655
- NativeBigInt.prototype.modPow = SmallInteger.prototype.modPow = BigInteger.prototype.modPow;
656
- function compareAbs(a, b) {
657
- if (a.length !== b.length) {
658
- return a.length > b.length ? 1 : -1;
659
- }
660
- for (var i2 = a.length - 1; i2 >= 0; i2--) {
661
- if (a[i2] !== b[i2])
662
- return a[i2] > b[i2] ? 1 : -1;
663
- }
664
- return 0;
665
- }
666
- BigInteger.prototype.compareAbs = function(v) {
667
- var n = parseValue(v), a = this.value, b = n.value;
668
- if (n.isSmall)
669
- return 1;
670
- return compareAbs(a, b);
671
- };
672
- SmallInteger.prototype.compareAbs = function(v) {
673
- var n = parseValue(v), a = Math.abs(this.value), b = n.value;
674
- if (n.isSmall) {
675
- b = Math.abs(b);
676
- return a === b ? 0 : a > b ? 1 : -1;
677
- }
678
- return -1;
679
- };
680
- NativeBigInt.prototype.compareAbs = function(v) {
681
- var a = this.value;
682
- var b = parseValue(v).value;
683
- a = a >= 0 ? a : -a;
684
- b = b >= 0 ? b : -b;
685
- return a === b ? 0 : a > b ? 1 : -1;
686
- };
687
- BigInteger.prototype.compare = function(v) {
688
- if (v === Infinity) {
689
- return -1;
690
- }
691
- if (v === -Infinity) {
692
- return 1;
693
- }
694
- var n = parseValue(v), a = this.value, b = n.value;
695
- if (this.sign !== n.sign) {
696
- return n.sign ? 1 : -1;
697
- }
698
- if (n.isSmall) {
699
- return this.sign ? -1 : 1;
700
- }
701
- return compareAbs(a, b) * (this.sign ? -1 : 1);
702
- };
703
- BigInteger.prototype.compareTo = BigInteger.prototype.compare;
704
- SmallInteger.prototype.compare = function(v) {
705
- if (v === Infinity) {
706
- return -1;
707
- }
708
- if (v === -Infinity) {
709
- return 1;
710
- }
711
- var n = parseValue(v), a = this.value, b = n.value;
712
- if (n.isSmall) {
713
- return a == b ? 0 : a > b ? 1 : -1;
714
- }
715
- if (a < 0 !== n.sign) {
716
- return a < 0 ? -1 : 1;
717
- }
718
- return a < 0 ? 1 : -1;
719
- };
720
- SmallInteger.prototype.compareTo = SmallInteger.prototype.compare;
721
- NativeBigInt.prototype.compare = function(v) {
722
- if (v === Infinity) {
723
- return -1;
724
- }
725
- if (v === -Infinity) {
726
- return 1;
727
- }
728
- var a = this.value;
729
- var b = parseValue(v).value;
730
- return a === b ? 0 : a > b ? 1 : -1;
731
- };
732
- NativeBigInt.prototype.compareTo = NativeBigInt.prototype.compare;
733
- BigInteger.prototype.equals = function(v) {
734
- return this.compare(v) === 0;
735
- };
736
- NativeBigInt.prototype.eq = NativeBigInt.prototype.equals = SmallInteger.prototype.eq = SmallInteger.prototype.equals = BigInteger.prototype.eq = BigInteger.prototype.equals;
737
- BigInteger.prototype.notEquals = function(v) {
738
- return this.compare(v) !== 0;
739
- };
740
- NativeBigInt.prototype.neq = NativeBigInt.prototype.notEquals = SmallInteger.prototype.neq = SmallInteger.prototype.notEquals = BigInteger.prototype.neq = BigInteger.prototype.notEquals;
741
- BigInteger.prototype.greater = function(v) {
742
- return this.compare(v) > 0;
743
- };
744
- NativeBigInt.prototype.gt = NativeBigInt.prototype.greater = SmallInteger.prototype.gt = SmallInteger.prototype.greater = BigInteger.prototype.gt = BigInteger.prototype.greater;
745
- BigInteger.prototype.lesser = function(v) {
746
- return this.compare(v) < 0;
747
- };
748
- NativeBigInt.prototype.lt = NativeBigInt.prototype.lesser = SmallInteger.prototype.lt = SmallInteger.prototype.lesser = BigInteger.prototype.lt = BigInteger.prototype.lesser;
749
- BigInteger.prototype.greaterOrEquals = function(v) {
750
- return this.compare(v) >= 0;
751
- };
752
- NativeBigInt.prototype.geq = NativeBigInt.prototype.greaterOrEquals = SmallInteger.prototype.geq = SmallInteger.prototype.greaterOrEquals = BigInteger.prototype.geq = BigInteger.prototype.greaterOrEquals;
753
- BigInteger.prototype.lesserOrEquals = function(v) {
754
- return this.compare(v) <= 0;
755
- };
756
- NativeBigInt.prototype.leq = NativeBigInt.prototype.lesserOrEquals = SmallInteger.prototype.leq = SmallInteger.prototype.lesserOrEquals = BigInteger.prototype.leq = BigInteger.prototype.lesserOrEquals;
757
- BigInteger.prototype.isEven = function() {
758
- return (this.value[0] & 1) === 0;
759
- };
760
- SmallInteger.prototype.isEven = function() {
761
- return (this.value & 1) === 0;
762
- };
763
- NativeBigInt.prototype.isEven = function() {
764
- return (this.value & BigInt(1)) === BigInt(0);
765
- };
766
- BigInteger.prototype.isOdd = function() {
767
- return (this.value[0] & 1) === 1;
768
- };
769
- SmallInteger.prototype.isOdd = function() {
770
- return (this.value & 1) === 1;
771
- };
772
- NativeBigInt.prototype.isOdd = function() {
773
- return (this.value & BigInt(1)) === BigInt(1);
774
- };
775
- BigInteger.prototype.isPositive = function() {
776
- return !this.sign;
777
- };
778
- SmallInteger.prototype.isPositive = function() {
779
- return this.value > 0;
780
- };
781
- NativeBigInt.prototype.isPositive = SmallInteger.prototype.isPositive;
782
- BigInteger.prototype.isNegative = function() {
783
- return this.sign;
784
- };
785
- SmallInteger.prototype.isNegative = function() {
786
- return this.value < 0;
787
- };
788
- NativeBigInt.prototype.isNegative = SmallInteger.prototype.isNegative;
789
- BigInteger.prototype.isUnit = function() {
790
- return false;
791
- };
792
- SmallInteger.prototype.isUnit = function() {
793
- return Math.abs(this.value) === 1;
794
- };
795
- NativeBigInt.prototype.isUnit = function() {
796
- return this.abs().value === BigInt(1);
797
- };
798
- BigInteger.prototype.isZero = function() {
799
- return false;
800
- };
801
- SmallInteger.prototype.isZero = function() {
802
- return this.value === 0;
803
- };
804
- NativeBigInt.prototype.isZero = function() {
805
- return this.value === BigInt(0);
806
- };
807
- BigInteger.prototype.isDivisibleBy = function(v) {
808
- var n = parseValue(v);
809
- if (n.isZero())
810
- return false;
811
- if (n.isUnit())
812
- return true;
813
- if (n.compareAbs(2) === 0)
814
- return this.isEven();
815
- return this.mod(n).isZero();
816
- };
817
- NativeBigInt.prototype.isDivisibleBy = SmallInteger.prototype.isDivisibleBy = BigInteger.prototype.isDivisibleBy;
818
- function isBasicPrime(v) {
819
- var n = v.abs();
820
- if (n.isUnit())
821
- return false;
822
- if (n.equals(2) || n.equals(3) || n.equals(5))
823
- return true;
824
- if (n.isEven() || n.isDivisibleBy(3) || n.isDivisibleBy(5))
825
- return false;
826
- if (n.lesser(49))
827
- return true;
828
- }
829
- function millerRabinTest(n, a) {
830
- var nPrev = n.prev(), b = nPrev, r = 0, d, t, i2, x;
831
- while (b.isEven())
832
- b = b.divide(2), r++;
833
- next:
834
- for (i2 = 0; i2 < a.length; i2++) {
835
- if (n.lesser(a[i2]))
836
- continue;
837
- x = bigInt2(a[i2]).modPow(b, n);
838
- if (x.isUnit() || x.equals(nPrev))
839
- continue;
840
- for (d = r - 1; d != 0; d--) {
841
- x = x.square().mod(n);
842
- if (x.isUnit())
843
- return false;
844
- if (x.equals(nPrev))
845
- continue next;
846
- }
847
- return false;
848
- }
849
- return true;
850
- }
851
- BigInteger.prototype.isPrime = function(strict) {
852
- var isPrime = isBasicPrime(this);
853
- if (isPrime !== undefined2)
854
- return isPrime;
855
- var n = this.abs();
856
- var bits = n.bitLength();
857
- if (bits <= 64)
858
- return millerRabinTest(n, [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37]);
859
- var logN = Math.log(2) * bits.toJSNumber();
860
- var t = Math.ceil(strict === true ? 2 * Math.pow(logN, 2) : logN);
861
- for (var a = [], i2 = 0; i2 < t; i2++) {
862
- a.push(bigInt2(i2 + 2));
863
- }
864
- return millerRabinTest(n, a);
865
- };
866
- NativeBigInt.prototype.isPrime = SmallInteger.prototype.isPrime = BigInteger.prototype.isPrime;
867
- BigInteger.prototype.isProbablePrime = function(iterations, rng) {
868
- var isPrime = isBasicPrime(this);
869
- if (isPrime !== undefined2)
870
- return isPrime;
871
- var n = this.abs();
872
- var t = iterations === undefined2 ? 5 : iterations;
873
- for (var a = [], i2 = 0; i2 < t; i2++) {
874
- a.push(bigInt2.randBetween(2, n.minus(2), rng));
875
- }
876
- return millerRabinTest(n, a);
877
- };
878
- NativeBigInt.prototype.isProbablePrime = SmallInteger.prototype.isProbablePrime = BigInteger.prototype.isProbablePrime;
879
- BigInteger.prototype.modInv = function(n) {
880
- var t = bigInt2.zero, newT = bigInt2.one, r = parseValue(n), newR = this.abs(), q, lastT, lastR;
881
- while (!newR.isZero()) {
882
- q = r.divide(newR);
883
- lastT = t;
884
- lastR = r;
885
- t = newT;
886
- r = newR;
887
- newT = lastT.subtract(q.multiply(newT));
888
- newR = lastR.subtract(q.multiply(newR));
889
- }
890
- if (!r.isUnit())
891
- throw new Error(this.toString() + " and " + n.toString() + " are not co-prime");
892
- if (t.compare(0) === -1) {
893
- t = t.add(n);
894
- }
895
- if (this.isNegative()) {
896
- return t.negate();
897
- }
898
- return t;
899
- };
900
- NativeBigInt.prototype.modInv = SmallInteger.prototype.modInv = BigInteger.prototype.modInv;
901
- BigInteger.prototype.next = function() {
902
- var value = this.value;
903
- if (this.sign) {
904
- return subtractSmall(value, 1, this.sign);
905
- }
906
- return new BigInteger(addSmall(value, 1), this.sign);
907
- };
908
- SmallInteger.prototype.next = function() {
909
- var value = this.value;
910
- if (value + 1 < MAX_INT)
911
- return new SmallInteger(value + 1);
912
- return new BigInteger(MAX_INT_ARR, false);
913
- };
914
- NativeBigInt.prototype.next = function() {
915
- return new NativeBigInt(this.value + BigInt(1));
916
- };
917
- BigInteger.prototype.prev = function() {
918
- var value = this.value;
919
- if (this.sign) {
920
- return new BigInteger(addSmall(value, 1), true);
921
- }
922
- return subtractSmall(value, 1, this.sign);
923
- };
924
- SmallInteger.prototype.prev = function() {
925
- var value = this.value;
926
- if (value - 1 > -MAX_INT)
927
- return new SmallInteger(value - 1);
928
- return new BigInteger(MAX_INT_ARR, true);
929
- };
930
- NativeBigInt.prototype.prev = function() {
931
- return new NativeBigInt(this.value - BigInt(1));
932
- };
933
- var powersOfTwo = [1];
934
- while (2 * powersOfTwo[powersOfTwo.length - 1] <= BASE)
935
- powersOfTwo.push(2 * powersOfTwo[powersOfTwo.length - 1]);
936
- var powers2Length = powersOfTwo.length, highestPower2 = powersOfTwo[powers2Length - 1];
937
- function shift_isSmall(n) {
938
- return Math.abs(n) <= BASE;
939
- }
940
- BigInteger.prototype.shiftLeft = function(v) {
941
- var n = parseValue(v).toJSNumber();
942
- if (!shift_isSmall(n)) {
943
- throw new Error(String(n) + " is too large for shifting.");
944
- }
945
- if (n < 0)
946
- return this.shiftRight(-n);
947
- var result = this;
948
- if (result.isZero())
949
- return result;
950
- while (n >= powers2Length) {
951
- result = result.multiply(highestPower2);
952
- n -= powers2Length - 1;
953
- }
954
- return result.multiply(powersOfTwo[n]);
955
- };
956
- NativeBigInt.prototype.shiftLeft = SmallInteger.prototype.shiftLeft = BigInteger.prototype.shiftLeft;
957
- BigInteger.prototype.shiftRight = function(v) {
958
- var remQuo;
959
- var n = parseValue(v).toJSNumber();
960
- if (!shift_isSmall(n)) {
961
- throw new Error(String(n) + " is too large for shifting.");
962
- }
963
- if (n < 0)
964
- return this.shiftLeft(-n);
965
- var result = this;
966
- while (n >= powers2Length) {
967
- if (result.isZero() || result.isNegative() && result.isUnit())
968
- return result;
969
- remQuo = divModAny(result, highestPower2);
970
- result = remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
971
- n -= powers2Length - 1;
972
- }
973
- remQuo = divModAny(result, powersOfTwo[n]);
974
- return remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
975
- };
976
- NativeBigInt.prototype.shiftRight = SmallInteger.prototype.shiftRight = BigInteger.prototype.shiftRight;
977
- function bitwise(x, y, fn) {
978
- y = parseValue(y);
979
- var xSign = x.isNegative(), ySign = y.isNegative();
980
- var xRem = xSign ? x.not() : x, yRem = ySign ? y.not() : y;
981
- var xDigit = 0, yDigit = 0;
982
- var xDivMod = null, yDivMod = null;
983
- var result = [];
984
- while (!xRem.isZero() || !yRem.isZero()) {
985
- xDivMod = divModAny(xRem, highestPower2);
986
- xDigit = xDivMod[1].toJSNumber();
987
- if (xSign) {
988
- xDigit = highestPower2 - 1 - xDigit;
989
- }
990
- yDivMod = divModAny(yRem, highestPower2);
991
- yDigit = yDivMod[1].toJSNumber();
992
- if (ySign) {
993
- yDigit = highestPower2 - 1 - yDigit;
994
- }
995
- xRem = xDivMod[0];
996
- yRem = yDivMod[0];
997
- result.push(fn(xDigit, yDigit));
998
- }
999
- var sum = fn(xSign ? 1 : 0, ySign ? 1 : 0) !== 0 ? bigInt2(-1) : bigInt2(0);
1000
- for (var i2 = result.length - 1; i2 >= 0; i2 -= 1) {
1001
- sum = sum.multiply(highestPower2).add(bigInt2(result[i2]));
1002
- }
1003
- return sum;
1004
- }
1005
- BigInteger.prototype.not = function() {
1006
- return this.negate().prev();
1007
- };
1008
- NativeBigInt.prototype.not = SmallInteger.prototype.not = BigInteger.prototype.not;
1009
- BigInteger.prototype.and = function(n) {
1010
- return bitwise(this, n, function(a, b) {
1011
- return a & b;
1012
- });
1013
- };
1014
- NativeBigInt.prototype.and = SmallInteger.prototype.and = BigInteger.prototype.and;
1015
- BigInteger.prototype.or = function(n) {
1016
- return bitwise(this, n, function(a, b) {
1017
- return a | b;
1018
- });
1019
- };
1020
- NativeBigInt.prototype.or = SmallInteger.prototype.or = BigInteger.prototype.or;
1021
- BigInteger.prototype.xor = function(n) {
1022
- return bitwise(this, n, function(a, b) {
1023
- return a ^ b;
1024
- });
1025
- };
1026
- NativeBigInt.prototype.xor = SmallInteger.prototype.xor = BigInteger.prototype.xor;
1027
- var LOBMASK_I = 1 << 30, LOBMASK_BI = (BASE & -BASE) * (BASE & -BASE) | LOBMASK_I;
1028
- function roughLOB(n) {
1029
- var v = n.value, x = typeof v === "number" ? v | LOBMASK_I : typeof v === "bigint" ? v | BigInt(LOBMASK_I) : v[0] + v[1] * BASE | LOBMASK_BI;
1030
- return x & -x;
1031
- }
1032
- function integerLogarithm(value, base3) {
1033
- if (base3.compareTo(value) <= 0) {
1034
- var tmp = integerLogarithm(value, base3.square(base3));
1035
- var p = tmp.p;
1036
- var e = tmp.e;
1037
- var t = p.multiply(base3);
1038
- return t.compareTo(value) <= 0 ? { p: t, e: e * 2 + 1 } : { p, e: e * 2 };
1039
- }
1040
- return { p: bigInt2(1), e: 0 };
1041
- }
1042
- BigInteger.prototype.bitLength = function() {
1043
- var n = this;
1044
- if (n.compareTo(bigInt2(0)) < 0) {
1045
- n = n.negate().subtract(bigInt2(1));
1046
- }
1047
- if (n.compareTo(bigInt2(0)) === 0) {
1048
- return bigInt2(0);
1049
- }
1050
- return bigInt2(integerLogarithm(n, bigInt2(2)).e).add(bigInt2(1));
1051
- };
1052
- NativeBigInt.prototype.bitLength = SmallInteger.prototype.bitLength = BigInteger.prototype.bitLength;
1053
- function max(a, b) {
1054
- a = parseValue(a);
1055
- b = parseValue(b);
1056
- return a.greater(b) ? a : b;
1057
- }
1058
- function min(a, b) {
1059
- a = parseValue(a);
1060
- b = parseValue(b);
1061
- return a.lesser(b) ? a : b;
1062
- }
1063
- function gcd(a, b) {
1064
- a = parseValue(a).abs();
1065
- b = parseValue(b).abs();
1066
- if (a.equals(b))
1067
- return a;
1068
- if (a.isZero())
1069
- return b;
1070
- if (b.isZero())
1071
- return a;
1072
- var c = Integer[1], d, t;
1073
- while (a.isEven() && b.isEven()) {
1074
- d = min(roughLOB(a), roughLOB(b));
1075
- a = a.divide(d);
1076
- b = b.divide(d);
1077
- c = c.multiply(d);
1078
- }
1079
- while (a.isEven()) {
1080
- a = a.divide(roughLOB(a));
1081
- }
1082
- do {
1083
- while (b.isEven()) {
1084
- b = b.divide(roughLOB(b));
1085
- }
1086
- if (a.greater(b)) {
1087
- t = b;
1088
- b = a;
1089
- a = t;
1090
- }
1091
- b = b.subtract(a);
1092
- } while (!b.isZero());
1093
- return c.isUnit() ? a : a.multiply(c);
1094
- }
1095
- function lcm(a, b) {
1096
- a = parseValue(a).abs();
1097
- b = parseValue(b).abs();
1098
- return a.divide(gcd(a, b)).multiply(b);
1099
- }
1100
- function randBetween(a, b, rng) {
1101
- a = parseValue(a);
1102
- b = parseValue(b);
1103
- var usedRNG = rng || Math.random;
1104
- var low = min(a, b), high = max(a, b);
1105
- var range = high.subtract(low).add(1);
1106
- if (range.isSmall)
1107
- return low.add(Math.floor(usedRNG() * range));
1108
- var digits = toBase(range, BASE).value;
1109
- var result = [], restricted = true;
1110
- for (var i2 = 0; i2 < digits.length; i2++) {
1111
- var top = restricted ? digits[i2] + (i2 + 1 < digits.length ? digits[i2 + 1] / BASE : 0) : BASE;
1112
- var digit = truncate(usedRNG() * top);
1113
- result.push(digit);
1114
- if (digit < digits[i2])
1115
- restricted = false;
1116
- }
1117
- return low.add(Integer.fromArray(result, BASE, false));
1118
- }
1119
- var parseBase = function(text, base3, alphabet2, caseSensitive) {
1120
- alphabet2 = alphabet2 || DEFAULT_ALPHABET;
1121
- text = String(text);
1122
- if (!caseSensitive) {
1123
- text = text.toLowerCase();
1124
- alphabet2 = alphabet2.toLowerCase();
1125
- }
1126
- var length2 = text.length;
1127
- var i2;
1128
- var absBase = Math.abs(base3);
1129
- var alphabetValues = {};
1130
- for (i2 = 0; i2 < alphabet2.length; i2++) {
1131
- alphabetValues[alphabet2[i2]] = i2;
1132
- }
1133
- for (i2 = 0; i2 < length2; i2++) {
1134
- var c = text[i2];
1135
- if (c === "-")
1136
- continue;
1137
- if (c in alphabetValues) {
1138
- if (alphabetValues[c] >= absBase) {
1139
- if (c === "1" && absBase === 1)
1140
- continue;
1141
- throw new Error(c + " is not a valid digit in base " + base3 + ".");
1142
- }
1143
- }
1144
- }
1145
- base3 = parseValue(base3);
1146
- var digits = [];
1147
- var isNegative = text[0] === "-";
1148
- for (i2 = isNegative ? 1 : 0; i2 < text.length; i2++) {
1149
- var c = text[i2];
1150
- if (c in alphabetValues)
1151
- digits.push(parseValue(alphabetValues[c]));
1152
- else if (c === "<") {
1153
- var start = i2;
1154
- do {
1155
- i2++;
1156
- } while (text[i2] !== ">" && i2 < text.length);
1157
- digits.push(parseValue(text.slice(start + 1, i2)));
1158
- } else
1159
- throw new Error(c + " is not a valid character");
1160
- }
1161
- return parseBaseFromArray(digits, base3, isNegative);
1162
- };
1163
- function parseBaseFromArray(digits, base3, isNegative) {
1164
- var val = Integer[0], pow = Integer[1], i2;
1165
- for (i2 = digits.length - 1; i2 >= 0; i2--) {
1166
- val = val.add(digits[i2].times(pow));
1167
- pow = pow.times(base3);
1168
- }
1169
- return isNegative ? val.negate() : val;
1170
- }
1171
- function stringify(digit, alphabet2) {
1172
- alphabet2 = alphabet2 || DEFAULT_ALPHABET;
1173
- if (digit < alphabet2.length) {
1174
- return alphabet2[digit];
1175
- }
1176
- return "<" + digit + ">";
1177
- }
1178
- function toBase(n, base3) {
1179
- base3 = bigInt2(base3);
1180
- if (base3.isZero()) {
1181
- if (n.isZero())
1182
- return { value: [0], isNegative: false };
1183
- throw new Error("Cannot convert nonzero numbers to base 0.");
1184
- }
1185
- if (base3.equals(-1)) {
1186
- if (n.isZero())
1187
- return { value: [0], isNegative: false };
1188
- if (n.isNegative())
1189
- return {
1190
- value: [].concat.apply(
1191
- [],
1192
- Array.apply(null, Array(-n.toJSNumber())).map(Array.prototype.valueOf, [1, 0])
1193
- ),
1194
- isNegative: false
1195
- };
1196
- var arr = Array.apply(null, Array(n.toJSNumber() - 1)).map(Array.prototype.valueOf, [0, 1]);
1197
- arr.unshift([1]);
1198
- return {
1199
- value: [].concat.apply([], arr),
1200
- isNegative: false
1201
- };
1202
- }
1203
- var neg = false;
1204
- if (n.isNegative() && base3.isPositive()) {
1205
- neg = true;
1206
- n = n.abs();
1207
- }
1208
- if (base3.isUnit()) {
1209
- if (n.isZero())
1210
- return { value: [0], isNegative: false };
1211
- return {
1212
- value: Array.apply(null, Array(n.toJSNumber())).map(Number.prototype.valueOf, 1),
1213
- isNegative: neg
1214
- };
1215
- }
1216
- var out = [];
1217
- var left = n, divmod;
1218
- while (left.isNegative() || left.compareAbs(base3) >= 0) {
1219
- divmod = left.divmod(base3);
1220
- left = divmod.quotient;
1221
- var digit = divmod.remainder;
1222
- if (digit.isNegative()) {
1223
- digit = base3.minus(digit).abs();
1224
- left = left.next();
1225
- }
1226
- out.push(digit.toJSNumber());
1227
- }
1228
- out.push(left.toJSNumber());
1229
- return { value: out.reverse(), isNegative: neg };
1230
- }
1231
- function toBaseString(n, base3, alphabet2) {
1232
- var arr = toBase(n, base3);
1233
- return (arr.isNegative ? "-" : "") + arr.value.map(function(x) {
1234
- return stringify(x, alphabet2);
1235
- }).join("");
1236
- }
1237
- BigInteger.prototype.toArray = function(radix) {
1238
- return toBase(this, radix);
1239
- };
1240
- SmallInteger.prototype.toArray = function(radix) {
1241
- return toBase(this, radix);
1242
- };
1243
- NativeBigInt.prototype.toArray = function(radix) {
1244
- return toBase(this, radix);
1245
- };
1246
- BigInteger.prototype.toString = function(radix, alphabet2) {
1247
- if (radix === undefined2)
1248
- radix = 10;
1249
- if (radix !== 10)
1250
- return toBaseString(this, radix, alphabet2);
1251
- var v = this.value, l = v.length, str = String(v[--l]), zeros = "0000000", digit;
1252
- while (--l >= 0) {
1253
- digit = String(v[l]);
1254
- str += zeros.slice(digit.length) + digit;
1255
- }
1256
- var sign2 = this.sign ? "-" : "";
1257
- return sign2 + str;
1258
- };
1259
- SmallInteger.prototype.toString = function(radix, alphabet2) {
1260
- if (radix === undefined2)
1261
- radix = 10;
1262
- if (radix != 10)
1263
- return toBaseString(this, radix, alphabet2);
1264
- return String(this.value);
1265
- };
1266
- NativeBigInt.prototype.toString = SmallInteger.prototype.toString;
1267
- NativeBigInt.prototype.toJSON = BigInteger.prototype.toJSON = SmallInteger.prototype.toJSON = function() {
1268
- return this.toString();
1269
- };
1270
- BigInteger.prototype.valueOf = function() {
1271
- return parseInt(this.toString(), 10);
1272
- };
1273
- BigInteger.prototype.toJSNumber = BigInteger.prototype.valueOf;
1274
- SmallInteger.prototype.valueOf = function() {
1275
- return this.value;
1276
- };
1277
- SmallInteger.prototype.toJSNumber = SmallInteger.prototype.valueOf;
1278
- NativeBigInt.prototype.valueOf = NativeBigInt.prototype.toJSNumber = function() {
1279
- return parseInt(this.toString(), 10);
1280
- };
1281
- function parseStringValue(v) {
1282
- if (isPrecise(+v)) {
1283
- var x = +v;
1284
- if (x === truncate(x))
1285
- return supportsNativeBigInt ? new NativeBigInt(BigInt(x)) : new SmallInteger(x);
1286
- throw new Error("Invalid integer: " + v);
1287
- }
1288
- var sign2 = v[0] === "-";
1289
- if (sign2)
1290
- v = v.slice(1);
1291
- var split = v.split(/e/i);
1292
- if (split.length > 2)
1293
- throw new Error("Invalid integer: " + split.join("e"));
1294
- if (split.length === 2) {
1295
- var exp = split[1];
1296
- if (exp[0] === "+")
1297
- exp = exp.slice(1);
1298
- exp = +exp;
1299
- if (exp !== truncate(exp) || !isPrecise(exp))
1300
- throw new Error("Invalid integer: " + exp + " is not a valid exponent.");
1301
- var text = split[0];
1302
- var decimalPlace = text.indexOf(".");
1303
- if (decimalPlace >= 0) {
1304
- exp -= text.length - decimalPlace - 1;
1305
- text = text.slice(0, decimalPlace) + text.slice(decimalPlace + 1);
1306
- }
1307
- if (exp < 0)
1308
- throw new Error("Cannot include negative exponent part for integers");
1309
- text += new Array(exp + 1).join("0");
1310
- v = text;
1311
- }
1312
- var isValid = /^([0-9][0-9]*)$/.test(v);
1313
- if (!isValid)
1314
- throw new Error("Invalid integer: " + v);
1315
- if (supportsNativeBigInt) {
1316
- return new NativeBigInt(BigInt(sign2 ? "-" + v : v));
1317
- }
1318
- var r = [], max2 = v.length, l = LOG_BASE, min2 = max2 - l;
1319
- while (max2 > 0) {
1320
- r.push(+v.slice(min2, max2));
1321
- min2 -= l;
1322
- if (min2 < 0)
1323
- min2 = 0;
1324
- max2 -= l;
1325
- }
1326
- trim(r);
1327
- return new BigInteger(r, sign2);
1328
- }
1329
- function parseNumberValue(v) {
1330
- if (supportsNativeBigInt) {
1331
- return new NativeBigInt(BigInt(v));
1332
- }
1333
- if (isPrecise(v)) {
1334
- if (v !== truncate(v))
1335
- throw new Error(v + " is not an integer.");
1336
- return new SmallInteger(v);
1337
- }
1338
- return parseStringValue(v.toString());
1339
- }
1340
- function parseValue(v) {
1341
- if (typeof v === "number") {
1342
- return parseNumberValue(v);
1343
- }
1344
- if (typeof v === "string") {
1345
- return parseStringValue(v);
1346
- }
1347
- if (typeof v === "bigint") {
1348
- return new NativeBigInt(v);
1349
- }
1350
- return v;
1351
- }
1352
- for (var i = 0; i < 1e3; i++) {
1353
- Integer[i] = parseValue(i);
1354
- if (i > 0)
1355
- Integer[-i] = parseValue(-i);
1356
- }
1357
- Integer.one = Integer[1];
1358
- Integer.zero = Integer[0];
1359
- Integer.minusOne = Integer[-1];
1360
- Integer.max = max;
1361
- Integer.min = min;
1362
- Integer.gcd = gcd;
1363
- Integer.lcm = lcm;
1364
- Integer.isInstance = function(x) {
1365
- return x instanceof BigInteger || x instanceof SmallInteger || x instanceof NativeBigInt;
1366
- };
1367
- Integer.randBetween = randBetween;
1368
- Integer.fromArray = function(digits, base3, isNegative) {
1369
- return parseBaseFromArray(digits.map(parseValue), parseValue(base3 || 10), isNegative);
1370
- };
1371
- return Integer;
1372
- }();
1373
- if (typeof module2 !== "undefined" && module2.hasOwnProperty("exports")) {
1374
- module2.exports = bigInt2;
1375
- }
1376
- if (typeof define === "function" && define.amd) {
1377
- define(function() {
1378
- return bigInt2;
1379
- });
1380
- }
1381
- }
1382
- });
1383
-
1384
26
  // src/index.ts
1385
27
  var src_exports2 = {};
1386
28
  __export(src_exports2, {
1387
- AesKey: () => AesKey,
1388
- BASE58_DID_PREFIX: () => BASE58_DID_PREFIX,
1389
- DID_KEY_BASE58_PREFIX: () => DID_KEY_BASE58_PREFIX,
1390
- EcdsaKeypair: () => EcdsaKeypair,
29
+ BASE58_MULTIBASE_PREFIX: () => BASE58_MULTIBASE_PREFIX,
30
+ DID_KEY_PREFIX: () => DID_KEY_PREFIX,
31
+ P256Keypair: () => P256Keypair,
1391
32
  P256_DID_PREFIX: () => P256_DID_PREFIX,
1392
33
  P256_JWT_ALG: () => P256_JWT_ALG,
1393
34
  SECP256K1_DID_PREFIX: () => SECP256K1_DID_PREFIX,
1394
35
  SECP256K1_JWT_ALG: () => SECP256K1_JWT_ALG,
1395
36
  Secp256k1Keypair: () => Secp256k1Keypair,
37
+ bytesToMultibase: () => bytesToMultibase,
1396
38
  formatDidKey: () => formatDidKey,
39
+ formatMultikey: () => formatMultikey,
1397
40
  multibaseToBytes: () => multibaseToBytes,
1398
41
  p256Plugin: () => p256Plugin,
1399
42
  parseDidKey: () => parseDidKey,
1400
- randomBytes: () => randomBytes,
1401
- randomIV: () => randomIV,
43
+ parseMultikey: () => parseMultikey,
44
+ randomBytes: () => randomBytes2,
45
+ randomIntFromSeed: () => randomIntFromSeed,
1402
46
  randomStr: () => randomStr,
1403
47
  secp256k1Plugin: () => secp256k1Plugin,
1404
- sha256: () => sha2562,
1405
- sha256Stream: () => sha256Stream,
48
+ sha256: () => sha2563,
1406
49
  verifySignature: () => verifySignature,
1407
50
  verifySignatureUtf8: () => verifySignatureUtf8
1408
51
  });
1409
52
  module.exports = __toCommonJS(src_exports2);
1410
53
 
1411
- // ../../node_modules/one-webcrypto/node.mjs
1412
- var import_crypto = __toESM(require("crypto"), 1);
1413
- var webcrypto = import_crypto.default.webcrypto;
54
+ // src/const.ts
55
+ var P256_DID_PREFIX = new Uint8Array([128, 36]);
56
+ var SECP256K1_DID_PREFIX = new Uint8Array([231, 1]);
57
+ var BASE58_MULTIBASE_PREFIX = "z";
58
+ var DID_KEY_PREFIX = "did:key:";
59
+ var P256_JWT_ALG = "ES256";
60
+ var SECP256K1_JWT_ALG = "ES256K";
1414
61
 
1415
62
  // ../../node_modules/uint8arrays/esm/src/concat.js
1416
63
  function concat(arrays, length2) {
1417
64
  if (!length2) {
1418
65
  length2 = arrays.reduce((acc, curr) => acc + curr.length, 0);
1419
66
  }
1420
- const output = new Uint8Array(length2);
67
+ const output2 = new Uint8Array(length2);
1421
68
  let offset = 0;
1422
69
  for (const arr of arrays) {
1423
- output.set(arr, offset);
70
+ output2.set(arr, offset);
1424
71
  offset += arr.length;
1425
72
  }
1426
- return output;
73
+ return output2;
1427
74
  }
1428
75
 
1429
76
  // ../../node_modules/uint8arrays/esm/src/equals.js
@@ -1619,9 +266,9 @@ var Encoder = class {
1619
266
  this.prefix = prefix;
1620
267
  this.baseEncode = baseEncode;
1621
268
  }
1622
- encode(bytes) {
1623
- if (bytes instanceof Uint8Array) {
1624
- return `${this.prefix}${this.baseEncode(bytes)}`;
269
+ encode(bytes2) {
270
+ if (bytes2 instanceof Uint8Array) {
271
+ return `${this.prefix}${this.baseEncode(bytes2)}`;
1625
272
  } else {
1626
273
  throw Error("Unknown type, must be binary type");
1627
274
  }
@@ -2006,7 +653,7 @@ __export(sha2_exports, {
2006
653
  sha256: () => sha256,
2007
654
  sha512: () => sha512
2008
655
  });
2009
- var import_crypto2 = __toESM(require("crypto"), 1);
656
+ var import_crypto = __toESM(require("crypto"), 1);
2010
657
 
2011
658
  // ../../node_modules/multiformats/esm/vendor/varint.js
2012
659
  var encode_1 = encode3;
@@ -2088,21 +735,21 @@ var create = (code2, digest2) => {
2088
735
  const size = digest2.byteLength;
2089
736
  const sizeOffset = encodingLength(code2);
2090
737
  const digestOffset = sizeOffset + encodingLength(size);
2091
- const bytes = new Uint8Array(digestOffset + size);
2092
- encodeTo(code2, bytes, 0);
2093
- encodeTo(size, bytes, sizeOffset);
2094
- bytes.set(digest2, digestOffset);
2095
- return new Digest(code2, size, digest2, bytes);
738
+ const bytes2 = new Uint8Array(digestOffset + size);
739
+ encodeTo(code2, bytes2, 0);
740
+ encodeTo(size, bytes2, sizeOffset);
741
+ bytes2.set(digest2, digestOffset);
742
+ return new Digest(code2, size, digest2, bytes2);
2096
743
  };
2097
744
  var decode5 = (multihash) => {
2098
- const bytes = coerce(multihash);
2099
- const [code2, sizeOffset] = decode4(bytes);
2100
- const [size, digestOffset] = decode4(bytes.subarray(sizeOffset));
2101
- const digest2 = bytes.subarray(sizeOffset + digestOffset);
745
+ const bytes2 = coerce(multihash);
746
+ const [code2, sizeOffset] = decode4(bytes2);
747
+ const [size, digestOffset] = decode4(bytes2.subarray(sizeOffset));
748
+ const digest2 = bytes2.subarray(sizeOffset + digestOffset);
2102
749
  if (digest2.byteLength !== size) {
2103
750
  throw new Error("Incorrect length");
2104
751
  }
2105
- return new Digest(code2, size, digest2, bytes);
752
+ return new Digest(code2, size, digest2, bytes2);
2106
753
  };
2107
754
  var equals3 = (a, b) => {
2108
755
  if (a === b) {
@@ -2112,11 +759,11 @@ var equals3 = (a, b) => {
2112
759
  }
2113
760
  };
2114
761
  var Digest = class {
2115
- constructor(code2, size, digest2, bytes) {
762
+ constructor(code2, size, digest2, bytes2) {
2116
763
  this.code = code2;
2117
764
  this.size = size;
2118
765
  this.digest = digest2;
2119
- this.bytes = bytes;
766
+ this.bytes = bytes2;
2120
767
  }
2121
768
  };
2122
769
 
@@ -2142,12 +789,12 @@ var Hasher = class {
2142
789
  var sha256 = from2({
2143
790
  name: "sha2-256",
2144
791
  code: 18,
2145
- encode: (input) => coerce(import_crypto2.default.createHash("sha256").update(input).digest())
792
+ encode: (input) => coerce(import_crypto.default.createHash("sha256").update(input).digest())
2146
793
  });
2147
794
  var sha512 = from2({
2148
795
  name: "sha2-512",
2149
796
  code: 19,
2150
- encode: (input) => coerce(import_crypto2.default.createHash("sha512").update(input).digest())
797
+ encode: (input) => coerce(import_crypto.default.createHash("sha512").update(input).digest())
2151
798
  });
2152
799
 
2153
800
  // ../../node_modules/multiformats/esm/src/hashes/identity.js
@@ -2172,13 +819,13 @@ var textDecoder = new TextDecoder();
2172
819
 
2173
820
  // ../../node_modules/multiformats/esm/src/cid.js
2174
821
  var CID = class {
2175
- constructor(version2, code2, multihash, bytes) {
822
+ constructor(version2, code2, multihash, bytes2) {
2176
823
  this.code = code2;
2177
824
  this.version = version2;
2178
825
  this.multihash = multihash;
2179
- this.bytes = bytes;
2180
- this.byteOffset = bytes.byteOffset;
2181
- this.byteLength = bytes.byteLength;
826
+ this.bytes = bytes2;
827
+ this.byteOffset = bytes2.byteOffset;
828
+ this.byteLength = bytes2.byteLength;
2182
829
  this.asCID = this;
2183
830
  this._baseCache = /* @__PURE__ */ new Map();
2184
831
  Object.defineProperties(this, {
@@ -2228,12 +875,12 @@ var CID = class {
2228
875
  return other && this.code === other.code && this.version === other.version && equals3(this.multihash, other.multihash);
2229
876
  }
2230
877
  toString(base3) {
2231
- const { bytes, version: version2, _baseCache } = this;
878
+ const { bytes: bytes2, version: version2, _baseCache } = this;
2232
879
  switch (version2) {
2233
880
  case 0:
2234
- return toStringV0(bytes, _baseCache, base3 || base58btc.encoder);
881
+ return toStringV0(bytes2, _baseCache, base3 || base58btc.encoder);
2235
882
  default:
2236
- return toStringV1(bytes, _baseCache, base3 || base32.encoder);
883
+ return toStringV1(bytes2, _baseCache, base3 || base32.encoder);
2237
884
  }
2238
885
  }
2239
886
  toJSON() {
@@ -2272,8 +919,8 @@ var CID = class {
2272
919
  if (value instanceof CID) {
2273
920
  return value;
2274
921
  } else if (value != null && value.asCID === value) {
2275
- const { version: version2, code: code2, multihash, bytes } = value;
2276
- return new CID(version2, code2, multihash, bytes || encodeCID(version2, code2, multihash.bytes));
922
+ const { version: version2, code: code2, multihash, bytes: bytes2 } = value;
923
+ return new CID(version2, code2, multihash, bytes2 || encodeCID(version2, code2, multihash.bytes));
2277
924
  } else if (value != null && value[cidSymbol] === true) {
2278
925
  const { version: version2, multihash, code: code2 } = value;
2279
926
  const digest2 = decode5(multihash);
@@ -2295,8 +942,8 @@ var CID = class {
2295
942
  }
2296
943
  }
2297
944
  case 1: {
2298
- const bytes = encodeCID(version2, code2, digest2.bytes);
2299
- return new CID(version2, code2, digest2, bytes);
945
+ const bytes2 = encodeCID(version2, code2, digest2.bytes);
946
+ return new CID(version2, code2, digest2, bytes2);
2300
947
  }
2301
948
  default: {
2302
949
  throw new Error("Invalid version");
@@ -2309,17 +956,17 @@ var CID = class {
2309
956
  static createV1(code2, digest2) {
2310
957
  return CID.create(1, code2, digest2);
2311
958
  }
2312
- static decode(bytes) {
2313
- const [cid, remainder] = CID.decodeFirst(bytes);
959
+ static decode(bytes2) {
960
+ const [cid, remainder] = CID.decodeFirst(bytes2);
2314
961
  if (remainder.length) {
2315
962
  throw new Error("Incorrect length");
2316
963
  }
2317
964
  return cid;
2318
965
  }
2319
- static decodeFirst(bytes) {
2320
- const specs = CID.inspectBytes(bytes);
966
+ static decodeFirst(bytes2) {
967
+ const specs = CID.inspectBytes(bytes2);
2321
968
  const prefixSize = specs.size - specs.multihashSize;
2322
- const multihashBytes = coerce(bytes.subarray(prefixSize, prefixSize + specs.multihashSize));
969
+ const multihashBytes = coerce(bytes2.subarray(prefixSize, prefixSize + specs.multihashSize));
2323
970
  if (multihashBytes.byteLength !== specs.multihashSize) {
2324
971
  throw new Error("Incorrect length");
2325
972
  }
@@ -2328,7 +975,7 @@ var CID = class {
2328
975
  const cid = specs.version === 0 ? CID.createV0(digest2) : CID.createV1(specs.codec, digest2);
2329
976
  return [
2330
977
  cid,
2331
- bytes.subarray(specs.size)
978
+ bytes2.subarray(specs.size)
2332
979
  ];
2333
980
  }
2334
981
  static inspectBytes(initialBytes) {
@@ -2364,8 +1011,8 @@ var CID = class {
2364
1011
  };
2365
1012
  }
2366
1013
  static parse(source, base3) {
2367
- const [prefix, bytes] = parseCIDtoBytes(source, base3);
2368
- const cid = CID.decode(bytes);
1014
+ const [prefix, bytes2] = parseCIDtoBytes(source, base3);
1015
+ const cid = CID.decode(bytes2);
2369
1016
  cid._baseCache.set(prefix, source);
2370
1017
  return cid;
2371
1018
  }
@@ -2404,25 +1051,25 @@ var parseCIDtoBytes = (source, base3) => {
2404
1051
  }
2405
1052
  }
2406
1053
  };
2407
- var toStringV0 = (bytes, cache, base3) => {
1054
+ var toStringV0 = (bytes2, cache, base3) => {
2408
1055
  const { prefix } = base3;
2409
1056
  if (prefix !== base58btc.prefix) {
2410
1057
  throw Error(`Cannot string encode V0 in ${base3.name} encoding`);
2411
1058
  }
2412
1059
  const cid = cache.get(prefix);
2413
1060
  if (cid == null) {
2414
- const cid2 = base3.encode(bytes).slice(1);
1061
+ const cid2 = base3.encode(bytes2).slice(1);
2415
1062
  cache.set(prefix, cid2);
2416
1063
  return cid2;
2417
1064
  } else {
2418
1065
  return cid;
2419
1066
  }
2420
1067
  };
2421
- var toStringV1 = (bytes, cache, base3) => {
1068
+ var toStringV1 = (bytes2, cache, base3) => {
2422
1069
  const { prefix } = base3;
2423
1070
  const cid = cache.get(prefix);
2424
1071
  if (cid == null) {
2425
- const cid2 = base3.encode(bytes);
1072
+ const cid2 = base3.encode(bytes2);
2426
1073
  cache.set(prefix, cid2);
2427
1074
  return cid2;
2428
1075
  } else {
@@ -2434,11 +1081,11 @@ var SHA_256_CODE = 18;
2434
1081
  var encodeCID = (version2, code2, multihash) => {
2435
1082
  const codeOffset = encodingLength(version2);
2436
1083
  const hashOffset = codeOffset + encodingLength(code2);
2437
- const bytes = new Uint8Array(hashOffset + multihash.byteLength);
2438
- encodeTo(version2, bytes, 0);
2439
- encodeTo(code2, bytes, codeOffset);
2440
- bytes.set(multihash, hashOffset);
2441
- return bytes;
1084
+ const bytes2 = new Uint8Array(hashOffset + multihash.byteLength);
1085
+ encodeTo(version2, bytes2, 0);
1086
+ encodeTo(code2, bytes2, codeOffset);
1087
+ bytes2.set(multihash, hashOffset);
1088
+ return bytes2;
2442
1089
  };
2443
1090
  var cidSymbol = Symbol.for("@ipld/js-cid/CID");
2444
1091
  var readonly = {
@@ -2556,717 +1203,428 @@ function toString2(array, encoding = "utf8") {
2556
1203
  return base3.encoder.encode(array).substring(1);
2557
1204
  }
2558
1205
 
2559
- // src/random.ts
2560
- var randomBytes = (length2) => {
2561
- return webcrypto.getRandomValues(new Uint8Array(length2));
2562
- };
2563
- var randomIV = () => {
2564
- return randomBytes(12);
2565
- };
2566
- var randomStr = (byteLength, encoding) => {
2567
- const bytes = randomBytes(byteLength);
2568
- return toString2(bytes, encoding);
2569
- };
2570
-
2571
- // src/aes.ts
2572
- var AesKey = class {
2573
- constructor(key) {
2574
- this.key = key;
2575
- }
2576
- static async create() {
2577
- const key = await webcrypto.subtle.generateKey(
2578
- {
2579
- name: "AES-GCM",
2580
- length: 256
2581
- },
2582
- true,
2583
- ["encrypt", "decrypt"]
2584
- );
2585
- return new AesKey(key);
2586
- }
2587
- async encrypt(data) {
2588
- const iv = randomIV();
2589
- const dataBytes = fromString2(data, "utf8");
2590
- const buf = await webcrypto.subtle.encrypt(
2591
- {
2592
- name: "AES-GCM",
2593
- iv
2594
- },
2595
- this.key,
2596
- dataBytes
2597
- );
2598
- const encryptedBytes = new Uint8Array(buf);
2599
- const encrypted = toString2(
2600
- concat([iv, encryptedBytes]),
2601
- "base64pad"
2602
- );
2603
- return encrypted;
2604
- }
2605
- async decrypt(data) {
2606
- const dataBytes = fromString2(data, "base64pad");
2607
- const iv = dataBytes.slice(0, 12);
2608
- const encrypted = dataBytes.slice(12);
2609
- const buf = await webcrypto.subtle.decrypt(
2610
- {
2611
- name: "AES-GCM",
2612
- iv
2613
- },
2614
- this.key,
2615
- encrypted
2616
- );
2617
- const decryptedBytes = new Uint8Array(buf);
2618
- return toString2(decryptedBytes, "utf8");
1206
+ // ../../node_modules/@noble/hashes/esm/_assert.js
1207
+ function number(n) {
1208
+ if (!Number.isSafeInteger(n) || n < 0)
1209
+ throw new Error(`Wrong positive integer: ${n}`);
1210
+ }
1211
+ function bool(b) {
1212
+ if (typeof b !== "boolean")
1213
+ throw new Error(`Expected boolean, not ${b}`);
1214
+ }
1215
+ function bytes(b, ...lengths) {
1216
+ if (!(b instanceof Uint8Array))
1217
+ throw new Error("Expected Uint8Array");
1218
+ if (lengths.length > 0 && !lengths.includes(b.length))
1219
+ throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
1220
+ }
1221
+ function hash(hash2) {
1222
+ if (typeof hash2 !== "function" || typeof hash2.create !== "function")
1223
+ throw new Error("Hash should be wrapped by utils.wrapConstructor");
1224
+ number(hash2.outputLen);
1225
+ number(hash2.blockLen);
1226
+ }
1227
+ function exists(instance, checkFinished = true) {
1228
+ if (instance.destroyed)
1229
+ throw new Error("Hash instance has been destroyed");
1230
+ if (checkFinished && instance.finished)
1231
+ throw new Error("Hash#digest() has already been called");
1232
+ }
1233
+ function output(out, instance) {
1234
+ bytes(out);
1235
+ const min = instance.outputLen;
1236
+ if (out.length < min) {
1237
+ throw new Error(`digestInto() expects output buffer of length at least ${min}`);
2619
1238
  }
2620
- };
1239
+ }
1240
+ var assert = {
1241
+ number,
1242
+ bool,
1243
+ bytes,
1244
+ hash,
1245
+ exists,
1246
+ output
1247
+ };
1248
+ var assert_default = assert;
2621
1249
 
2622
- // src/const.ts
2623
- var P256_DID_PREFIX = new Uint8Array([128, 36]);
2624
- var SECP256K1_DID_PREFIX = new Uint8Array([231, 1]);
2625
- var BASE58_DID_PREFIX = "did:key:z";
2626
- var P256_JWT_ALG = "ES256";
2627
- var SECP256K1_JWT_ALG = "ES256K";
1250
+ // ../../node_modules/@noble/hashes/esm/cryptoNode.js
1251
+ var nc = __toESM(require("node:crypto"), 1);
1252
+ var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : void 0;
2628
1253
 
2629
- // src/p256/encoding.ts
2630
- var import_big_integer = __toESM(require_BigInteger());
2631
- var compressPubkey = (pubkeyBytes) => {
2632
- if (pubkeyBytes.length !== 65) {
2633
- throw new Error("Expected 65 byte pubkey");
2634
- } else if (pubkeyBytes[0] !== 4) {
2635
- throw new Error("Expected first byte to be 0x04");
2636
- }
2637
- const x = pubkeyBytes.slice(1, 33);
2638
- const y = pubkeyBytes.slice(33, 65);
2639
- const out = new Uint8Array(x.length + 1);
2640
- out[0] = 2 + (y[y.length - 1] & 1);
2641
- out.set(x, 1);
2642
- return out;
2643
- };
2644
- var decompressPubkey = (compressed) => {
2645
- if (compressed.length !== 33) {
2646
- throw new Error("Expected 33 byte compress pubkey");
2647
- } else if (compressed[0] !== 2 && compressed[0] !== 3) {
2648
- throw new Error("Expected first byte to be 0x02 or 0x03");
2649
- }
2650
- const two = (0, import_big_integer.default)(2);
2651
- const prime = two.pow(256).subtract(two.pow(224)).add(two.pow(192)).add(two.pow(96)).subtract(1);
2652
- const b = (0, import_big_integer.default)(
2653
- "41058363725152142129326129780047268409114441015993725554835256314039467401291"
2654
- );
2655
- const pIdent = prime.add(1).divide(4);
2656
- const signY = (0, import_big_integer.default)(compressed[0] - 2);
2657
- const x = compressed.slice(1);
2658
- const xBig = (0, import_big_integer.default)(toString2(x, "base10"));
2659
- const maybeY = xBig.pow(3).subtract(xBig.multiply(3)).add(b).modPow(pIdent, prime);
2660
- let yBig;
2661
- if (maybeY.mod(2).equals(signY)) {
2662
- yBig = maybeY;
2663
- } else {
2664
- yBig = prime.subtract(maybeY);
1254
+ // ../../node_modules/@noble/hashes/esm/utils.js
1255
+ var u8a = (a) => a instanceof Uint8Array;
1256
+ var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
1257
+ var rotr = (word, shift) => word << 32 - shift | word >>> shift;
1258
+ var isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
1259
+ if (!isLE)
1260
+ throw new Error("Non little-endian hardware is not supported");
1261
+ var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
1262
+ function utf8ToBytes(str) {
1263
+ if (typeof str !== "string")
1264
+ throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
1265
+ return new Uint8Array(new TextEncoder().encode(str));
1266
+ }
1267
+ function toBytes(data) {
1268
+ if (typeof data === "string")
1269
+ data = utf8ToBytes(data);
1270
+ if (!u8a(data))
1271
+ throw new Error(`expected Uint8Array, got ${typeof data}`);
1272
+ return data;
1273
+ }
1274
+ function concatBytes(...arrays) {
1275
+ const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
1276
+ let pad = 0;
1277
+ arrays.forEach((a) => {
1278
+ if (!u8a(a))
1279
+ throw new Error("Uint8Array expected");
1280
+ r.set(a, pad);
1281
+ pad += a.length;
1282
+ });
1283
+ return r;
1284
+ }
1285
+ var Hash = class {
1286
+ clone() {
1287
+ return this._cloneInto();
1288
+ }
1289
+ };
1290
+ function wrapConstructor(hashCons) {
1291
+ const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
1292
+ const tmp = hashCons();
1293
+ hashC.outputLen = tmp.outputLen;
1294
+ hashC.blockLen = tmp.blockLen;
1295
+ hashC.create = () => hashCons();
1296
+ return hashC;
1297
+ }
1298
+ function randomBytes(bytesLength = 32) {
1299
+ if (crypto2 && typeof crypto2.getRandomValues === "function") {
1300
+ return crypto2.getRandomValues(new Uint8Array(bytesLength));
2665
1301
  }
2666
- const y = fromString2(yBig.toString(10), "base10");
2667
- const offset = 32 - y.length;
2668
- const yPadded = new Uint8Array(32);
2669
- yPadded.set(y, offset);
2670
- const publicKey = concat([[4], x, yPadded]);
2671
- return publicKey;
2672
- };
1302
+ throw new Error("crypto.getRandomValues must be defined");
1303
+ }
2673
1304
 
2674
- // ../../node_modules/@noble/secp256k1/lib/esm/index.js
2675
- var nodeCrypto = __toESM(require("crypto"), 1);
1305
+ // ../../node_modules/@noble/hashes/esm/hmac.js
1306
+ var HMAC = class extends Hash {
1307
+ constructor(hash2, _key) {
1308
+ super();
1309
+ this.finished = false;
1310
+ this.destroyed = false;
1311
+ assert_default.hash(hash2);
1312
+ const key = toBytes(_key);
1313
+ this.iHash = hash2.create();
1314
+ if (typeof this.iHash.update !== "function")
1315
+ throw new Error("Expected instance of class which extends utils.Hash");
1316
+ this.blockLen = this.iHash.blockLen;
1317
+ this.outputLen = this.iHash.outputLen;
1318
+ const blockLen = this.blockLen;
1319
+ const pad = new Uint8Array(blockLen);
1320
+ pad.set(key.length > blockLen ? hash2.create().update(key).digest() : key);
1321
+ for (let i = 0; i < pad.length; i++)
1322
+ pad[i] ^= 54;
1323
+ this.iHash.update(pad);
1324
+ this.oHash = hash2.create();
1325
+ for (let i = 0; i < pad.length; i++)
1326
+ pad[i] ^= 54 ^ 92;
1327
+ this.oHash.update(pad);
1328
+ pad.fill(0);
1329
+ }
1330
+ update(buf) {
1331
+ assert_default.exists(this);
1332
+ this.iHash.update(buf);
1333
+ return this;
1334
+ }
1335
+ digestInto(out) {
1336
+ assert_default.exists(this);
1337
+ assert_default.bytes(out, this.outputLen);
1338
+ this.finished = true;
1339
+ this.iHash.digestInto(out);
1340
+ this.oHash.update(out);
1341
+ this.oHash.digestInto(out);
1342
+ this.destroy();
1343
+ }
1344
+ digest() {
1345
+ const out = new Uint8Array(this.oHash.outputLen);
1346
+ this.digestInto(out);
1347
+ return out;
1348
+ }
1349
+ _cloneInto(to) {
1350
+ to || (to = Object.create(Object.getPrototypeOf(this), {}));
1351
+ const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
1352
+ to = to;
1353
+ to.finished = finished;
1354
+ to.destroyed = destroyed;
1355
+ to.blockLen = blockLen;
1356
+ to.outputLen = outputLen;
1357
+ to.oHash = oHash._cloneInto(to.oHash);
1358
+ to.iHash = iHash._cloneInto(to.iHash);
1359
+ return to;
1360
+ }
1361
+ destroy() {
1362
+ this.destroyed = true;
1363
+ this.oHash.destroy();
1364
+ this.iHash.destroy();
1365
+ }
1366
+ };
1367
+ var hmac = (hash2, key, message) => new HMAC(hash2, key).update(message).digest();
1368
+ hmac.create = (hash2, key) => new HMAC(hash2, key);
1369
+
1370
+ // ../../node_modules/@noble/curves/esm/abstract/utils.js
1371
+ var utils_exports = {};
1372
+ __export(utils_exports, {
1373
+ bitGet: () => bitGet,
1374
+ bitLen: () => bitLen,
1375
+ bitMask: () => bitMask,
1376
+ bitSet: () => bitSet,
1377
+ bytesToHex: () => bytesToHex,
1378
+ bytesToNumberBE: () => bytesToNumberBE,
1379
+ bytesToNumberLE: () => bytesToNumberLE,
1380
+ concatBytes: () => concatBytes2,
1381
+ createHmacDrbg: () => createHmacDrbg,
1382
+ ensureBytes: () => ensureBytes,
1383
+ equalBytes: () => equalBytes,
1384
+ hexToBytes: () => hexToBytes,
1385
+ hexToNumber: () => hexToNumber,
1386
+ numberToBytesBE: () => numberToBytesBE,
1387
+ numberToBytesLE: () => numberToBytesLE,
1388
+ numberToHexUnpadded: () => numberToHexUnpadded,
1389
+ numberToVarBytesBE: () => numberToVarBytesBE,
1390
+ utf8ToBytes: () => utf8ToBytes2,
1391
+ validateObject: () => validateObject
1392
+ });
2676
1393
  var _0n = BigInt(0);
2677
1394
  var _1n = BigInt(1);
2678
1395
  var _2n = BigInt(2);
2679
- var _3n = BigInt(3);
2680
- var _8n = BigInt(8);
2681
- var CURVE = Object.freeze({
2682
- a: _0n,
2683
- b: BigInt(7),
2684
- P: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
2685
- n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
2686
- h: _1n,
2687
- Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
2688
- Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
2689
- beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee")
2690
- });
2691
- function weistrass(x) {
2692
- const { a, b } = CURVE;
2693
- const x2 = mod(x * x);
2694
- const x3 = mod(x2 * x);
2695
- return mod(x3 + a * x + b);
2696
- }
2697
- var USE_ENDOMORPHISM = CURVE.a === _0n;
2698
- var ShaError = class extends Error {
2699
- constructor(message) {
2700
- super(message);
1396
+ var u8a2 = (a) => a instanceof Uint8Array;
1397
+ var hexes2 = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
1398
+ function bytesToHex(bytes2) {
1399
+ if (!u8a2(bytes2))
1400
+ throw new Error("Uint8Array expected");
1401
+ let hex = "";
1402
+ for (let i = 0; i < bytes2.length; i++) {
1403
+ hex += hexes2[bytes2[i]];
2701
1404
  }
2702
- };
2703
- var JacobianPoint = class {
2704
- constructor(x, y, z) {
2705
- this.x = x;
2706
- this.y = y;
2707
- this.z = z;
1405
+ return hex;
1406
+ }
1407
+ function numberToHexUnpadded(num) {
1408
+ const hex = num.toString(16);
1409
+ return hex.length & 1 ? `0${hex}` : hex;
1410
+ }
1411
+ function hexToNumber(hex) {
1412
+ if (typeof hex !== "string")
1413
+ throw new Error("hex string expected, got " + typeof hex);
1414
+ return BigInt(hex === "" ? "0" : `0x${hex}`);
1415
+ }
1416
+ function hexToBytes(hex) {
1417
+ if (typeof hex !== "string")
1418
+ throw new Error("hex string expected, got " + typeof hex);
1419
+ const len = hex.length;
1420
+ if (len % 2)
1421
+ throw new Error("padded hex string expected, got unpadded hex of length " + len);
1422
+ const array = new Uint8Array(len / 2);
1423
+ for (let i = 0; i < array.length; i++) {
1424
+ const j = i * 2;
1425
+ const hexByte = hex.slice(j, j + 2);
1426
+ const byte = Number.parseInt(hexByte, 16);
1427
+ if (Number.isNaN(byte) || byte < 0)
1428
+ throw new Error("Invalid byte sequence");
1429
+ array[i] = byte;
2708
1430
  }
2709
- static fromAffine(p) {
2710
- if (!(p instanceof Point)) {
2711
- throw new TypeError("JacobianPoint#fromAffine: expected Point");
1431
+ return array;
1432
+ }
1433
+ function bytesToNumberBE(bytes2) {
1434
+ return hexToNumber(bytesToHex(bytes2));
1435
+ }
1436
+ function bytesToNumberLE(bytes2) {
1437
+ if (!u8a2(bytes2))
1438
+ throw new Error("Uint8Array expected");
1439
+ return hexToNumber(bytesToHex(Uint8Array.from(bytes2).reverse()));
1440
+ }
1441
+ function numberToBytesBE(n, len) {
1442
+ return hexToBytes(n.toString(16).padStart(len * 2, "0"));
1443
+ }
1444
+ function numberToBytesLE(n, len) {
1445
+ return numberToBytesBE(n, len).reverse();
1446
+ }
1447
+ function numberToVarBytesBE(n) {
1448
+ return hexToBytes(numberToHexUnpadded(n));
1449
+ }
1450
+ function ensureBytes(title, hex, expectedLength) {
1451
+ let res;
1452
+ if (typeof hex === "string") {
1453
+ try {
1454
+ res = hexToBytes(hex);
1455
+ } catch (e) {
1456
+ throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
2712
1457
  }
2713
- return new JacobianPoint(p.x, p.y, _1n);
2714
- }
2715
- static toAffineBatch(points) {
2716
- const toInv = invertBatch(points.map((p) => p.z));
2717
- return points.map((p, i) => p.toAffine(toInv[i]));
2718
- }
2719
- static normalizeZ(points) {
2720
- return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
1458
+ } else if (u8a2(hex)) {
1459
+ res = Uint8Array.from(hex);
1460
+ } else {
1461
+ throw new Error(`${title} must be hex string or Uint8Array`);
2721
1462
  }
2722
- equals(other) {
2723
- if (!(other instanceof JacobianPoint))
2724
- throw new TypeError("JacobianPoint expected");
2725
- const { x: X1, y: Y1, z: Z1 } = this;
2726
- const { x: X2, y: Y2, z: Z2 } = other;
2727
- const Z1Z1 = mod(Z1 * Z1);
2728
- const Z2Z2 = mod(Z2 * Z2);
2729
- const U1 = mod(X1 * Z2Z2);
2730
- const U2 = mod(X2 * Z1Z1);
2731
- const S1 = mod(mod(Y1 * Z2) * Z2Z2);
2732
- const S2 = mod(mod(Y2 * Z1) * Z1Z1);
2733
- return U1 === U2 && S1 === S2;
2734
- }
2735
- negate() {
2736
- return new JacobianPoint(this.x, mod(-this.y), this.z);
2737
- }
2738
- double() {
2739
- const { x: X1, y: Y1, z: Z1 } = this;
2740
- const A = mod(X1 * X1);
2741
- const B = mod(Y1 * Y1);
2742
- const C = mod(B * B);
2743
- const x1b = X1 + B;
2744
- const D = mod(_2n * (mod(x1b * x1b) - A - C));
2745
- const E = mod(_3n * A);
2746
- const F = mod(E * E);
2747
- const X3 = mod(F - _2n * D);
2748
- const Y3 = mod(E * (D - X3) - _8n * C);
2749
- const Z3 = mod(_2n * Y1 * Z1);
2750
- return new JacobianPoint(X3, Y3, Z3);
2751
- }
2752
- add(other) {
2753
- if (!(other instanceof JacobianPoint))
2754
- throw new TypeError("JacobianPoint expected");
2755
- const { x: X1, y: Y1, z: Z1 } = this;
2756
- const { x: X2, y: Y2, z: Z2 } = other;
2757
- if (X2 === _0n || Y2 === _0n)
2758
- return this;
2759
- if (X1 === _0n || Y1 === _0n)
2760
- return other;
2761
- const Z1Z1 = mod(Z1 * Z1);
2762
- const Z2Z2 = mod(Z2 * Z2);
2763
- const U1 = mod(X1 * Z2Z2);
2764
- const U2 = mod(X2 * Z1Z1);
2765
- const S1 = mod(mod(Y1 * Z2) * Z2Z2);
2766
- const S2 = mod(mod(Y2 * Z1) * Z1Z1);
2767
- const H = mod(U2 - U1);
2768
- const r = mod(S2 - S1);
2769
- if (H === _0n) {
2770
- if (r === _0n) {
2771
- return this.double();
2772
- } else {
2773
- return JacobianPoint.ZERO;
2774
- }
1463
+ const len = res.length;
1464
+ if (typeof expectedLength === "number" && len !== expectedLength)
1465
+ throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
1466
+ return res;
1467
+ }
1468
+ function concatBytes2(...arrays) {
1469
+ const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
1470
+ let pad = 0;
1471
+ arrays.forEach((a) => {
1472
+ if (!u8a2(a))
1473
+ throw new Error("Uint8Array expected");
1474
+ r.set(a, pad);
1475
+ pad += a.length;
1476
+ });
1477
+ return r;
1478
+ }
1479
+ function equalBytes(b1, b2) {
1480
+ if (b1.length !== b2.length)
1481
+ return false;
1482
+ for (let i = 0; i < b1.length; i++)
1483
+ if (b1[i] !== b2[i])
1484
+ return false;
1485
+ return true;
1486
+ }
1487
+ function utf8ToBytes2(str) {
1488
+ if (typeof str !== "string")
1489
+ throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
1490
+ return new Uint8Array(new TextEncoder().encode(str));
1491
+ }
1492
+ function bitLen(n) {
1493
+ let len;
1494
+ for (len = 0; n > _0n; n >>= _1n, len += 1)
1495
+ ;
1496
+ return len;
1497
+ }
1498
+ function bitGet(n, pos) {
1499
+ return n >> BigInt(pos) & _1n;
1500
+ }
1501
+ var bitSet = (n, pos, value) => {
1502
+ return n | (value ? _1n : _0n) << BigInt(pos);
1503
+ };
1504
+ var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
1505
+ var u8n = (data) => new Uint8Array(data);
1506
+ var u8fr = (arr) => Uint8Array.from(arr);
1507
+ function createHmacDrbg(hashLen, qByteLen, hmacFn) {
1508
+ if (typeof hashLen !== "number" || hashLen < 2)
1509
+ throw new Error("hashLen must be a number");
1510
+ if (typeof qByteLen !== "number" || qByteLen < 2)
1511
+ throw new Error("qByteLen must be a number");
1512
+ if (typeof hmacFn !== "function")
1513
+ throw new Error("hmacFn must be a function");
1514
+ let v = u8n(hashLen);
1515
+ let k = u8n(hashLen);
1516
+ let i = 0;
1517
+ const reset = () => {
1518
+ v.fill(1);
1519
+ k.fill(0);
1520
+ i = 0;
1521
+ };
1522
+ const h = (...b) => hmacFn(k, v, ...b);
1523
+ const reseed = (seed = u8n()) => {
1524
+ k = h(u8fr([0]), seed);
1525
+ v = h();
1526
+ if (seed.length === 0)
1527
+ return;
1528
+ k = h(u8fr([1]), seed);
1529
+ v = h();
1530
+ };
1531
+ const gen = () => {
1532
+ if (i++ >= 1e3)
1533
+ throw new Error("drbg: tried 1000 values");
1534
+ let len = 0;
1535
+ const out = [];
1536
+ while (len < qByteLen) {
1537
+ v = h();
1538
+ const sl = v.slice();
1539
+ out.push(sl);
1540
+ len += v.length;
1541
+ }
1542
+ return concatBytes2(...out);
1543
+ };
1544
+ const genUntil = (seed, pred) => {
1545
+ reset();
1546
+ reseed(seed);
1547
+ let res = void 0;
1548
+ while (!(res = pred(gen())))
1549
+ reseed();
1550
+ reset();
1551
+ return res;
1552
+ };
1553
+ return genUntil;
1554
+ }
1555
+ var validatorFns = {
1556
+ bigint: (val) => typeof val === "bigint",
1557
+ function: (val) => typeof val === "function",
1558
+ boolean: (val) => typeof val === "boolean",
1559
+ string: (val) => typeof val === "string",
1560
+ isSafeInteger: (val) => Number.isSafeInteger(val),
1561
+ array: (val) => Array.isArray(val),
1562
+ field: (val, object) => object.Fp.isValid(val),
1563
+ hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
1564
+ };
1565
+ function validateObject(object, validators, optValidators = {}) {
1566
+ const checkField = (fieldName, type, isOptional) => {
1567
+ const checkVal = validatorFns[type];
1568
+ if (typeof checkVal !== "function")
1569
+ throw new Error(`Invalid validator "${type}", expected function`);
1570
+ const val = object[fieldName];
1571
+ if (isOptional && val === void 0)
1572
+ return;
1573
+ if (!checkVal(val, object)) {
1574
+ throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
2775
1575
  }
2776
- const HH = mod(H * H);
2777
- const HHH = mod(H * HH);
2778
- const V = mod(U1 * HH);
2779
- const X3 = mod(r * r - HHH - _2n * V);
2780
- const Y3 = mod(r * (V - X3) - S1 * HHH);
2781
- const Z3 = mod(Z1 * Z2 * H);
2782
- return new JacobianPoint(X3, Y3, Z3);
2783
- }
2784
- subtract(other) {
2785
- return this.add(other.negate());
2786
- }
2787
- multiplyUnsafe(scalar) {
2788
- const P0 = JacobianPoint.ZERO;
2789
- if (typeof scalar === "bigint" && scalar === _0n)
2790
- return P0;
2791
- let n = normalizeScalar(scalar);
2792
- if (n === _1n)
2793
- return this;
2794
- if (!USE_ENDOMORPHISM) {
2795
- let p = P0;
2796
- let d2 = this;
2797
- while (n > _0n) {
2798
- if (n & _1n)
2799
- p = p.add(d2);
2800
- d2 = d2.double();
2801
- n >>= _1n;
2802
- }
2803
- return p;
2804
- }
2805
- let { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
2806
- let k1p = P0;
2807
- let k2p = P0;
2808
- let d = this;
2809
- while (k1 > _0n || k2 > _0n) {
2810
- if (k1 & _1n)
2811
- k1p = k1p.add(d);
2812
- if (k2 & _1n)
2813
- k2p = k2p.add(d);
2814
- d = d.double();
2815
- k1 >>= _1n;
2816
- k2 >>= _1n;
2817
- }
2818
- if (k1neg)
2819
- k1p = k1p.negate();
2820
- if (k2neg)
2821
- k2p = k2p.negate();
2822
- k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
2823
- return k1p.add(k2p);
2824
- }
2825
- precomputeWindow(W) {
2826
- const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
2827
- const points = [];
2828
- let p = this;
2829
- let base3 = p;
2830
- for (let window = 0; window < windows; window++) {
2831
- base3 = p;
2832
- points.push(base3);
2833
- for (let i = 1; i < 2 ** (W - 1); i++) {
2834
- base3 = base3.add(p);
2835
- points.push(base3);
2836
- }
2837
- p = base3.double();
2838
- }
2839
- return points;
2840
- }
2841
- wNAF(n, affinePoint) {
2842
- if (!affinePoint && this.equals(JacobianPoint.BASE))
2843
- affinePoint = Point.BASE;
2844
- const W = affinePoint && affinePoint._WINDOW_SIZE || 1;
2845
- if (256 % W) {
2846
- throw new Error("Point#wNAF: Invalid precomputation window, must be power of 2");
2847
- }
2848
- let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
2849
- if (!precomputes) {
2850
- precomputes = this.precomputeWindow(W);
2851
- if (affinePoint && W !== 1) {
2852
- precomputes = JacobianPoint.normalizeZ(precomputes);
2853
- pointPrecomputes.set(affinePoint, precomputes);
2854
- }
2855
- }
2856
- let p = JacobianPoint.ZERO;
2857
- let f = JacobianPoint.ZERO;
2858
- const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
2859
- const windowSize = 2 ** (W - 1);
2860
- const mask = BigInt(2 ** W - 1);
2861
- const maxNumber = 2 ** W;
2862
- const shiftBy = BigInt(W);
2863
- for (let window = 0; window < windows; window++) {
2864
- const offset = window * windowSize;
2865
- let wbits = Number(n & mask);
2866
- n >>= shiftBy;
2867
- if (wbits > windowSize) {
2868
- wbits -= maxNumber;
2869
- n += _1n;
2870
- }
2871
- if (wbits === 0) {
2872
- let pr = precomputes[offset];
2873
- if (window % 2)
2874
- pr = pr.negate();
2875
- f = f.add(pr);
2876
- } else {
2877
- let cached = precomputes[offset + Math.abs(wbits) - 1];
2878
- if (wbits < 0)
2879
- cached = cached.negate();
2880
- p = p.add(cached);
2881
- }
2882
- }
2883
- return { p, f };
2884
- }
2885
- multiply(scalar, affinePoint) {
2886
- let n = normalizeScalar(scalar);
2887
- let point;
2888
- let fake;
2889
- if (USE_ENDOMORPHISM) {
2890
- const { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
2891
- let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
2892
- let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
2893
- if (k1neg)
2894
- k1p = k1p.negate();
2895
- if (k2neg)
2896
- k2p = k2p.negate();
2897
- k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
2898
- point = k1p.add(k2p);
2899
- fake = f1p.add(f2p);
2900
- } else {
2901
- const { p, f } = this.wNAF(n, affinePoint);
2902
- point = p;
2903
- fake = f;
2904
- }
2905
- return JacobianPoint.normalizeZ([point, fake])[0];
2906
- }
2907
- toAffine(invZ = invert(this.z)) {
2908
- const { x, y, z } = this;
2909
- const iz1 = invZ;
2910
- const iz2 = mod(iz1 * iz1);
2911
- const iz3 = mod(iz2 * iz1);
2912
- const ax = mod(x * iz2);
2913
- const ay = mod(y * iz3);
2914
- const zz = mod(z * iz1);
2915
- if (zz !== _1n)
2916
- throw new Error("invZ was invalid");
2917
- return new Point(ax, ay);
2918
- }
2919
- };
2920
- JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
2921
- JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
2922
- var pointPrecomputes = /* @__PURE__ */ new WeakMap();
2923
- var Point = class {
2924
- constructor(x, y) {
2925
- this.x = x;
2926
- this.y = y;
2927
- }
2928
- _setWindowSize(windowSize) {
2929
- this._WINDOW_SIZE = windowSize;
2930
- pointPrecomputes.delete(this);
2931
- }
2932
- hasEvenY() {
2933
- return this.y % _2n === _0n;
2934
- }
2935
- static fromCompressedHex(bytes) {
2936
- const isShort = bytes.length === 32;
2937
- const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
2938
- if (!isValidFieldElement(x))
2939
- throw new Error("Point is not on curve");
2940
- const y2 = weistrass(x);
2941
- let y = sqrtMod(y2);
2942
- const isYOdd = (y & _1n) === _1n;
2943
- if (isShort) {
2944
- if (isYOdd)
2945
- y = mod(-y);
2946
- } else {
2947
- const isFirstByteOdd = (bytes[0] & 1) === 1;
2948
- if (isFirstByteOdd !== isYOdd)
2949
- y = mod(-y);
2950
- }
2951
- const point = new Point(x, y);
2952
- point.assertValidity();
2953
- return point;
2954
- }
2955
- static fromUncompressedHex(bytes) {
2956
- const x = bytesToNumber(bytes.subarray(1, 33));
2957
- const y = bytesToNumber(bytes.subarray(33, 65));
2958
- const point = new Point(x, y);
2959
- point.assertValidity();
2960
- return point;
2961
- }
2962
- static fromHex(hex) {
2963
- const bytes = ensureBytes(hex);
2964
- const len = bytes.length;
2965
- const header = bytes[0];
2966
- if (len === 32 || len === 33 && (header === 2 || header === 3)) {
2967
- return this.fromCompressedHex(bytes);
2968
- }
2969
- if (len === 65 && header === 4)
2970
- return this.fromUncompressedHex(bytes);
2971
- throw new Error(`Point.fromHex: received invalid point. Expected 32-33 compressed bytes or 65 uncompressed bytes, not ${len}`);
2972
- }
2973
- static fromPrivateKey(privateKey) {
2974
- return Point.BASE.multiply(normalizePrivateKey(privateKey));
2975
- }
2976
- static fromSignature(msgHash, signature, recovery) {
2977
- msgHash = ensureBytes(msgHash);
2978
- const h = truncateHash(msgHash);
2979
- const { r, s } = normalizeSignature(signature);
2980
- if (recovery !== 0 && recovery !== 1) {
2981
- throw new Error("Cannot recover signature: invalid recovery bit");
2982
- }
2983
- const prefix = recovery & 1 ? "03" : "02";
2984
- const R = Point.fromHex(prefix + numTo32bStr(r));
2985
- const { n } = CURVE;
2986
- const rinv = invert(r, n);
2987
- const u1 = mod(-h * rinv, n);
2988
- const u2 = mod(s * rinv, n);
2989
- const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
2990
- if (!Q)
2991
- throw new Error("Cannot recover signature: point at infinify");
2992
- Q.assertValidity();
2993
- return Q;
2994
- }
2995
- toRawBytes(isCompressed = false) {
2996
- return hexToBytes(this.toHex(isCompressed));
2997
- }
2998
- toHex(isCompressed = false) {
2999
- const x = numTo32bStr(this.x);
3000
- if (isCompressed) {
3001
- const prefix = this.hasEvenY() ? "02" : "03";
3002
- return `${prefix}${x}`;
3003
- } else {
3004
- return `04${x}${numTo32bStr(this.y)}`;
3005
- }
3006
- }
3007
- toHexX() {
3008
- return this.toHex(true).slice(2);
3009
- }
3010
- toRawX() {
3011
- return this.toRawBytes(true).slice(1);
3012
- }
3013
- assertValidity() {
3014
- const msg = "Point is not on elliptic curve";
3015
- const { x, y } = this;
3016
- if (!isValidFieldElement(x) || !isValidFieldElement(y))
3017
- throw new Error(msg);
3018
- const left = mod(y * y);
3019
- const right = weistrass(x);
3020
- if (mod(left - right) !== _0n)
3021
- throw new Error(msg);
3022
- }
3023
- equals(other) {
3024
- return this.x === other.x && this.y === other.y;
3025
- }
3026
- negate() {
3027
- return new Point(this.x, mod(-this.y));
3028
- }
3029
- double() {
3030
- return JacobianPoint.fromAffine(this).double().toAffine();
3031
- }
3032
- add(other) {
3033
- return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
3034
- }
3035
- subtract(other) {
3036
- return this.add(other.negate());
3037
- }
3038
- multiply(scalar) {
3039
- return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
3040
- }
3041
- multiplyAndAddUnsafe(Q, a, b) {
3042
- const P = JacobianPoint.fromAffine(this);
3043
- const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
3044
- const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
3045
- const sum = aP.add(bQ);
3046
- return sum.equals(JacobianPoint.ZERO) ? void 0 : sum.toAffine();
3047
- }
3048
- };
3049
- Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
3050
- Point.ZERO = new Point(_0n, _0n);
3051
- function sliceDER(s) {
3052
- return Number.parseInt(s[0], 16) >= 8 ? "00" + s : s;
3053
- }
3054
- function parseDERInt(data) {
3055
- if (data.length < 2 || data[0] !== 2) {
3056
- throw new Error(`Invalid signature integer tag: ${bytesToHex(data)}`);
3057
- }
3058
- const len = data[1];
3059
- const res = data.subarray(2, len + 2);
3060
- if (!len || res.length !== len) {
3061
- throw new Error(`Invalid signature integer: wrong length`);
3062
- }
3063
- if (res[0] === 0 && res[1] <= 127) {
3064
- throw new Error("Invalid signature integer: trailing length");
3065
- }
3066
- return { data: bytesToNumber(res), left: data.subarray(len + 2) };
3067
- }
3068
- function parseDERSignature(data) {
3069
- if (data.length < 2 || data[0] != 48) {
3070
- throw new Error(`Invalid signature tag: ${bytesToHex(data)}`);
3071
- }
3072
- if (data[1] !== data.length - 2) {
3073
- throw new Error("Invalid signature: incorrect length");
3074
- }
3075
- const { data: r, left: sBytes } = parseDERInt(data.subarray(2));
3076
- const { data: s, left: rBytesLeft } = parseDERInt(sBytes);
3077
- if (rBytesLeft.length) {
3078
- throw new Error(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
3079
- }
3080
- return { r, s };
3081
- }
3082
- var Signature = class {
3083
- constructor(r, s) {
3084
- this.r = r;
3085
- this.s = s;
3086
- this.assertValidity();
3087
- }
3088
- static fromCompact(hex) {
3089
- const arr = hex instanceof Uint8Array;
3090
- const name2 = "Signature.fromCompact";
3091
- if (typeof hex !== "string" && !arr)
3092
- throw new TypeError(`${name2}: Expected string or Uint8Array`);
3093
- const str = arr ? bytesToHex(hex) : hex;
3094
- if (str.length !== 128)
3095
- throw new Error(`${name2}: Expected 64-byte hex`);
3096
- return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
3097
- }
3098
- static fromDER(hex) {
3099
- const arr = hex instanceof Uint8Array;
3100
- if (typeof hex !== "string" && !arr)
3101
- throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
3102
- const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
3103
- return new Signature(r, s);
3104
- }
3105
- static fromHex(hex) {
3106
- return this.fromDER(hex);
3107
- }
3108
- assertValidity() {
3109
- const { r, s } = this;
3110
- if (!isWithinCurveOrder(r))
3111
- throw new Error("Invalid Signature: r must be 0 < r < n");
3112
- if (!isWithinCurveOrder(s))
3113
- throw new Error("Invalid Signature: s must be 0 < s < n");
3114
- }
3115
- hasHighS() {
3116
- const HALF = CURVE.n >> _1n;
3117
- return this.s > HALF;
3118
- }
3119
- normalizeS() {
3120
- return this.hasHighS() ? new Signature(this.r, CURVE.n - this.s) : this;
3121
- }
3122
- toDERRawBytes(isCompressed = false) {
3123
- return hexToBytes(this.toDERHex(isCompressed));
3124
- }
3125
- toDERHex(isCompressed = false) {
3126
- const sHex = sliceDER(numberToHexUnpadded(this.s));
3127
- if (isCompressed)
3128
- return sHex;
3129
- const rHex = sliceDER(numberToHexUnpadded(this.r));
3130
- const rLen = numberToHexUnpadded(rHex.length / 2);
3131
- const sLen = numberToHexUnpadded(sHex.length / 2);
3132
- const length2 = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
3133
- return `30${length2}02${rLen}${rHex}02${sLen}${sHex}`;
3134
- }
3135
- toRawBytes() {
3136
- return this.toDERRawBytes();
3137
- }
3138
- toHex() {
3139
- return this.toDERHex();
3140
- }
3141
- toCompactRawBytes() {
3142
- return hexToBytes(this.toCompactHex());
3143
- }
3144
- toCompactHex() {
3145
- return numTo32bStr(this.r) + numTo32bStr(this.s);
3146
- }
3147
- };
3148
- function concatBytes(...arrays) {
3149
- if (!arrays.every((b) => b instanceof Uint8Array))
3150
- throw new Error("Uint8Array list expected");
3151
- if (arrays.length === 1)
3152
- return arrays[0];
3153
- const length2 = arrays.reduce((a, arr) => a + arr.length, 0);
3154
- const result = new Uint8Array(length2);
3155
- for (let i = 0, pad = 0; i < arrays.length; i++) {
3156
- const arr = arrays[i];
3157
- result.set(arr, pad);
3158
- pad += arr.length;
3159
- }
3160
- return result;
3161
- }
3162
- var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
3163
- function bytesToHex(uint8a) {
3164
- if (!(uint8a instanceof Uint8Array))
3165
- throw new Error("Expected Uint8Array");
3166
- let hex = "";
3167
- for (let i = 0; i < uint8a.length; i++) {
3168
- hex += hexes[uint8a[i]];
3169
- }
3170
- return hex;
3171
- }
3172
- var POW_2_256 = BigInt("0x10000000000000000000000000000000000000000000000000000000000000000");
3173
- function numTo32bStr(num) {
3174
- if (typeof num !== "bigint")
3175
- throw new Error("Expected bigint");
3176
- if (!(_0n <= num && num < POW_2_256))
3177
- throw new Error("Expected number < 2^256");
3178
- return num.toString(16).padStart(64, "0");
3179
- }
3180
- function numTo32b(num) {
3181
- const b = hexToBytes(numTo32bStr(num));
3182
- if (b.length !== 32)
3183
- throw new Error("Error: expected 32 bytes");
3184
- return b;
3185
- }
3186
- function numberToHexUnpadded(num) {
3187
- const hex = num.toString(16);
3188
- return hex.length & 1 ? `0${hex}` : hex;
1576
+ };
1577
+ for (const [fieldName, type] of Object.entries(validators))
1578
+ checkField(fieldName, type, false);
1579
+ for (const [fieldName, type] of Object.entries(optValidators))
1580
+ checkField(fieldName, type, true);
1581
+ return object;
3189
1582
  }
3190
- function hexToNumber(hex) {
3191
- if (typeof hex !== "string") {
3192
- throw new TypeError("hexToNumber: expected string, got " + typeof hex);
3193
- }
3194
- return BigInt(`0x${hex}`);
1583
+
1584
+ // ../../node_modules/@noble/curves/esm/abstract/modular.js
1585
+ var _0n2 = BigInt(0);
1586
+ var _1n2 = BigInt(1);
1587
+ var _2n2 = BigInt(2);
1588
+ var _3n = BigInt(3);
1589
+ var _4n = BigInt(4);
1590
+ var _5n = BigInt(5);
1591
+ var _8n = BigInt(8);
1592
+ var _9n = BigInt(9);
1593
+ var _16n = BigInt(16);
1594
+ function mod(a, b) {
1595
+ const result = a % b;
1596
+ return result >= _0n2 ? result : b + result;
3195
1597
  }
3196
- function hexToBytes(hex) {
3197
- if (typeof hex !== "string") {
3198
- throw new TypeError("hexToBytes: expected string, got " + typeof hex);
3199
- }
3200
- if (hex.length % 2)
3201
- throw new Error("hexToBytes: received invalid unpadded hex" + hex.length);
3202
- const array = new Uint8Array(hex.length / 2);
3203
- for (let i = 0; i < array.length; i++) {
3204
- const j = i * 2;
3205
- const hexByte = hex.slice(j, j + 2);
3206
- const byte = Number.parseInt(hexByte, 16);
3207
- if (Number.isNaN(byte) || byte < 0)
3208
- throw new Error("Invalid byte sequence");
3209
- array[i] = byte;
1598
+ function pow(num, power, modulo) {
1599
+ if (modulo <= _0n2 || power < _0n2)
1600
+ throw new Error("Expected power/modulo > 0");
1601
+ if (modulo === _1n2)
1602
+ return _0n2;
1603
+ let res = _1n2;
1604
+ while (power > _0n2) {
1605
+ if (power & _1n2)
1606
+ res = res * num % modulo;
1607
+ num = num * num % modulo;
1608
+ power >>= _1n2;
3210
1609
  }
3211
- return array;
3212
- }
3213
- function bytesToNumber(bytes) {
3214
- return hexToNumber(bytesToHex(bytes));
3215
- }
3216
- function ensureBytes(hex) {
3217
- return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
3218
- }
3219
- function normalizeScalar(num) {
3220
- if (typeof num === "number" && Number.isSafeInteger(num) && num > 0)
3221
- return BigInt(num);
3222
- if (typeof num === "bigint" && isWithinCurveOrder(num))
3223
- return num;
3224
- throw new TypeError("Expected valid private scalar: 0 < scalar < curve.n");
3225
- }
3226
- function mod(a, b = CURVE.P) {
3227
- const result = a % b;
3228
- return result >= _0n ? result : b + result;
1610
+ return res;
3229
1611
  }
3230
- function pow2(x, power) {
3231
- const { P } = CURVE;
1612
+ function pow2(x, power, modulo) {
3232
1613
  let res = x;
3233
- while (power-- > _0n) {
1614
+ while (power-- > _0n2) {
3234
1615
  res *= res;
3235
- res %= P;
1616
+ res %= modulo;
3236
1617
  }
3237
1618
  return res;
3238
1619
  }
3239
- function sqrtMod(x) {
3240
- const { P } = CURVE;
3241
- const _6n = BigInt(6);
3242
- const _11n = BigInt(11);
3243
- const _22n = BigInt(22);
3244
- const _23n = BigInt(23);
3245
- const _44n = BigInt(44);
3246
- const _88n = BigInt(88);
3247
- const b2 = x * x * x % P;
3248
- const b3 = b2 * b2 * x % P;
3249
- const b6 = pow2(b3, _3n) * b3 % P;
3250
- const b9 = pow2(b6, _3n) * b3 % P;
3251
- const b11 = pow2(b9, _2n) * b2 % P;
3252
- const b22 = pow2(b11, _11n) * b11 % P;
3253
- const b44 = pow2(b22, _22n) * b22 % P;
3254
- const b88 = pow2(b44, _44n) * b44 % P;
3255
- const b176 = pow2(b88, _88n) * b88 % P;
3256
- const b220 = pow2(b176, _44n) * b44 % P;
3257
- const b223 = pow2(b220, _3n) * b3 % P;
3258
- const t1 = pow2(b223, _23n) * b22 % P;
3259
- const t2 = pow2(t1, _6n) * b2 % P;
3260
- return pow2(t2, _2n);
3261
- }
3262
- function invert(number, modulo = CURVE.P) {
3263
- if (number === _0n || modulo <= _0n) {
3264
- throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
1620
+ function invert(number2, modulo) {
1621
+ if (number2 === _0n2 || modulo <= _0n2) {
1622
+ throw new Error(`invert: expected positive integers, got n=${number2} mod=${modulo}`);
3265
1623
  }
3266
- let a = mod(number, modulo);
1624
+ let a = mod(number2, modulo);
3267
1625
  let b = modulo;
3268
- let x = _0n, y = _1n, u = _1n, v = _0n;
3269
- while (a !== _0n) {
1626
+ let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
1627
+ while (a !== _0n2) {
3270
1628
  const q = b / a;
3271
1629
  const r = b % a;
3272
1630
  const m = x - u * q;
@@ -3274,440 +1632,1427 @@ function invert(number, modulo = CURVE.P) {
3274
1632
  b = a, a = r, x = u, y = v, u = m, v = n;
3275
1633
  }
3276
1634
  const gcd = b;
3277
- if (gcd !== _1n)
1635
+ if (gcd !== _1n2)
3278
1636
  throw new Error("invert: does not exist");
3279
1637
  return mod(x, modulo);
3280
1638
  }
3281
- function invertBatch(nums, p = CURVE.P) {
3282
- const scratch = new Array(nums.length);
3283
- const lastMultiplied = nums.reduce((acc, num, i) => {
3284
- if (num === _0n)
3285
- return acc;
3286
- scratch[i] = acc;
3287
- return mod(acc * num, p);
3288
- }, _1n);
3289
- const inverted = invert(lastMultiplied, p);
3290
- nums.reduceRight((acc, num, i) => {
3291
- if (num === _0n)
3292
- return acc;
3293
- scratch[i] = mod(acc * scratch[i], p);
3294
- return mod(acc * num, p);
3295
- }, inverted);
3296
- return scratch;
3297
- }
3298
- var divNearest = (a, b) => (a + b / _2n) / b;
3299
- var ENDO = {
3300
- a1: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
3301
- b1: -_1n * BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),
3302
- a2: BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),
3303
- b2: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
3304
- POW_2_128: BigInt("0x100000000000000000000000000000000")
3305
- };
3306
- function splitScalarEndo(k) {
3307
- const { n } = CURVE;
3308
- const { a1, b1, a2, b2, POW_2_128 } = ENDO;
3309
- const c1 = divNearest(b2 * k, n);
3310
- const c2 = divNearest(-b1 * k, n);
3311
- let k1 = mod(k - c1 * a1 - c2 * a2, n);
3312
- let k2 = mod(-c1 * b1 - c2 * b2, n);
3313
- const k1neg = k1 > POW_2_128;
3314
- const k2neg = k2 > POW_2_128;
3315
- if (k1neg)
3316
- k1 = n - k1;
3317
- if (k2neg)
3318
- k2 = n - k2;
3319
- if (k1 > POW_2_128 || k2 > POW_2_128) {
3320
- throw new Error("splitScalarEndo: Endomorphism failed, k=" + k);
3321
- }
3322
- return { k1neg, k1, k2neg, k2 };
3323
- }
3324
- function truncateHash(hash) {
3325
- const { n } = CURVE;
3326
- const byteLength = hash.length;
3327
- const delta = byteLength * 8 - 256;
3328
- let h = bytesToNumber(hash);
3329
- if (delta > 0)
3330
- h = h >> BigInt(delta);
3331
- if (h >= n)
3332
- h -= n;
3333
- return h;
3334
- }
3335
- var _sha256Sync;
3336
- var _hmacSha256Sync;
3337
- var HmacDrbg = class {
3338
- constructor() {
3339
- this.v = new Uint8Array(32).fill(1);
3340
- this.k = new Uint8Array(32).fill(0);
3341
- this.counter = 0;
3342
- }
3343
- hmac(...values) {
3344
- return utils.hmacSha256(this.k, ...values);
3345
- }
3346
- hmacSync(...values) {
3347
- return _hmacSha256Sync(this.k, ...values);
3348
- }
3349
- checkSync() {
3350
- if (typeof _hmacSha256Sync !== "function")
3351
- throw new ShaError("hmacSha256Sync needs to be set");
3352
- }
3353
- incr() {
3354
- if (this.counter >= 1e3)
3355
- throw new Error("Tried 1,000 k values for sign(), all were invalid");
3356
- this.counter += 1;
3357
- }
3358
- async reseed(seed = new Uint8Array()) {
3359
- this.k = await this.hmac(this.v, Uint8Array.from([0]), seed);
3360
- this.v = await this.hmac(this.v);
3361
- if (seed.length === 0)
3362
- return;
3363
- this.k = await this.hmac(this.v, Uint8Array.from([1]), seed);
3364
- this.v = await this.hmac(this.v);
3365
- }
3366
- reseedSync(seed = new Uint8Array()) {
3367
- this.checkSync();
3368
- this.k = this.hmacSync(this.v, Uint8Array.from([0]), seed);
3369
- this.v = this.hmacSync(this.v);
3370
- if (seed.length === 0)
3371
- return;
3372
- this.k = this.hmacSync(this.v, Uint8Array.from([1]), seed);
3373
- this.v = this.hmacSync(this.v);
1639
+ function tonelliShanks(P) {
1640
+ const legendreC = (P - _1n2) / _2n2;
1641
+ let Q, S, Z;
1642
+ for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
1643
+ ;
1644
+ for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++)
1645
+ ;
1646
+ if (S === 1) {
1647
+ const p1div4 = (P + _1n2) / _4n;
1648
+ return function tonelliFast(Fp3, n) {
1649
+ const root = Fp3.pow(n, p1div4);
1650
+ if (!Fp3.eql(Fp3.sqr(root), n))
1651
+ throw new Error("Cannot find square root");
1652
+ return root;
1653
+ };
3374
1654
  }
3375
- async generate() {
3376
- this.incr();
3377
- this.v = await this.hmac(this.v);
3378
- return this.v;
1655
+ const Q1div2 = (Q + _1n2) / _2n2;
1656
+ return function tonelliSlow(Fp3, n) {
1657
+ if (Fp3.pow(n, legendreC) === Fp3.neg(Fp3.ONE))
1658
+ throw new Error("Cannot find square root");
1659
+ let r = S;
1660
+ let g = Fp3.pow(Fp3.mul(Fp3.ONE, Z), Q);
1661
+ let x = Fp3.pow(n, Q1div2);
1662
+ let b = Fp3.pow(n, Q);
1663
+ while (!Fp3.eql(b, Fp3.ONE)) {
1664
+ if (Fp3.eql(b, Fp3.ZERO))
1665
+ return Fp3.ZERO;
1666
+ let m = 1;
1667
+ for (let t2 = Fp3.sqr(b); m < r; m++) {
1668
+ if (Fp3.eql(t2, Fp3.ONE))
1669
+ break;
1670
+ t2 = Fp3.sqr(t2);
1671
+ }
1672
+ const ge = Fp3.pow(g, _1n2 << BigInt(r - m - 1));
1673
+ g = Fp3.sqr(ge);
1674
+ x = Fp3.mul(x, ge);
1675
+ b = Fp3.mul(b, g);
1676
+ r = m;
1677
+ }
1678
+ return x;
1679
+ };
1680
+ }
1681
+ function FpSqrt(P) {
1682
+ if (P % _4n === _3n) {
1683
+ const p1div4 = (P + _1n2) / _4n;
1684
+ return function sqrt3mod4(Fp3, n) {
1685
+ const root = Fp3.pow(n, p1div4);
1686
+ if (!Fp3.eql(Fp3.sqr(root), n))
1687
+ throw new Error("Cannot find square root");
1688
+ return root;
1689
+ };
3379
1690
  }
3380
- generateSync() {
3381
- this.checkSync();
3382
- this.incr();
3383
- this.v = this.hmacSync(this.v);
3384
- return this.v;
1691
+ if (P % _8n === _5n) {
1692
+ const c1 = (P - _5n) / _8n;
1693
+ return function sqrt5mod8(Fp3, n) {
1694
+ const n2 = Fp3.mul(n, _2n2);
1695
+ const v = Fp3.pow(n2, c1);
1696
+ const nv = Fp3.mul(n, v);
1697
+ const i = Fp3.mul(Fp3.mul(nv, _2n2), v);
1698
+ const root = Fp3.mul(nv, Fp3.sub(i, Fp3.ONE));
1699
+ if (!Fp3.eql(Fp3.sqr(root), n))
1700
+ throw new Error("Cannot find square root");
1701
+ return root;
1702
+ };
3385
1703
  }
3386
- };
3387
- function isWithinCurveOrder(num) {
3388
- return _0n < num && num < CURVE.n;
3389
- }
3390
- function isValidFieldElement(num) {
3391
- return _0n < num && num < CURVE.P;
3392
- }
3393
- function kmdToSig(kBytes, m, d) {
3394
- const k = bytesToNumber(kBytes);
3395
- if (!isWithinCurveOrder(k))
3396
- return;
3397
- const { n } = CURVE;
3398
- const q = Point.BASE.multiply(k);
3399
- const r = mod(q.x, n);
3400
- if (r === _0n)
3401
- return;
3402
- const s = mod(invert(k, n) * mod(m + d * r, n), n);
3403
- if (s === _0n)
3404
- return;
3405
- const sig = new Signature(r, s);
3406
- const recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
3407
- return { sig, recovery };
3408
- }
3409
- function normalizePrivateKey(key) {
3410
- let num;
3411
- if (typeof key === "bigint") {
3412
- num = key;
3413
- } else if (typeof key === "number" && Number.isSafeInteger(key) && key > 0) {
3414
- num = BigInt(key);
3415
- } else if (typeof key === "string") {
3416
- if (key.length !== 64)
3417
- throw new Error("Expected 32 bytes of private key");
3418
- num = hexToNumber(key);
3419
- } else if (key instanceof Uint8Array) {
3420
- if (key.length !== 32)
3421
- throw new Error("Expected 32 bytes of private key");
3422
- num = bytesToNumber(key);
3423
- } else {
3424
- throw new TypeError("Expected valid private key");
1704
+ if (P % _16n === _9n) {
3425
1705
  }
3426
- if (!isWithinCurveOrder(num))
3427
- throw new Error("Expected private key: 0 < key < n");
3428
- return num;
1706
+ return tonelliShanks(P);
3429
1707
  }
3430
- function normalizePublicKey(publicKey) {
3431
- if (publicKey instanceof Point) {
3432
- publicKey.assertValidity();
3433
- return publicKey;
3434
- } else {
3435
- return Point.fromHex(publicKey);
3436
- }
1708
+ var FIELD_FIELDS = [
1709
+ "create",
1710
+ "isValid",
1711
+ "is0",
1712
+ "neg",
1713
+ "inv",
1714
+ "sqrt",
1715
+ "sqr",
1716
+ "eql",
1717
+ "add",
1718
+ "sub",
1719
+ "mul",
1720
+ "pow",
1721
+ "div",
1722
+ "addN",
1723
+ "subN",
1724
+ "mulN",
1725
+ "sqrN"
1726
+ ];
1727
+ function validateField(field) {
1728
+ const initial = {
1729
+ ORDER: "bigint",
1730
+ MASK: "bigint",
1731
+ BYTES: "isSafeInteger",
1732
+ BITS: "isSafeInteger"
1733
+ };
1734
+ const opts = FIELD_FIELDS.reduce((map, val) => {
1735
+ map[val] = "function";
1736
+ return map;
1737
+ }, initial);
1738
+ return validateObject(field, opts);
3437
1739
  }
3438
- function normalizeSignature(signature) {
3439
- if (signature instanceof Signature) {
3440
- signature.assertValidity();
3441
- return signature;
3442
- }
3443
- try {
3444
- return Signature.fromDER(signature);
3445
- } catch (error) {
3446
- return Signature.fromCompact(signature);
1740
+ function FpPow(f, num, power) {
1741
+ if (power < _0n2)
1742
+ throw new Error("Expected power > 0");
1743
+ if (power === _0n2)
1744
+ return f.ONE;
1745
+ if (power === _1n2)
1746
+ return num;
1747
+ let p = f.ONE;
1748
+ let d = num;
1749
+ while (power > _0n2) {
1750
+ if (power & _1n2)
1751
+ p = f.mul(p, d);
1752
+ d = f.sqr(d);
1753
+ power >>= _1n2;
3447
1754
  }
1755
+ return p;
3448
1756
  }
3449
- function getPublicKey(privateKey, isCompressed = false) {
3450
- return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);
3451
- }
3452
- function bits2int(bytes) {
3453
- const slice = bytes.length > 32 ? bytes.slice(0, 32) : bytes;
3454
- return bytesToNumber(slice);
1757
+ function FpInvertBatch(f, nums) {
1758
+ const tmp = new Array(nums.length);
1759
+ const lastMultiplied = nums.reduce((acc, num, i) => {
1760
+ if (f.is0(num))
1761
+ return acc;
1762
+ tmp[i] = acc;
1763
+ return f.mul(acc, num);
1764
+ }, f.ONE);
1765
+ const inverted = f.inv(lastMultiplied);
1766
+ nums.reduceRight((acc, num, i) => {
1767
+ if (f.is0(num))
1768
+ return acc;
1769
+ tmp[i] = f.mul(acc, tmp[i]);
1770
+ return f.mul(acc, num);
1771
+ }, inverted);
1772
+ return tmp;
3455
1773
  }
3456
- function bits2octets(bytes) {
3457
- const z1 = bits2int(bytes);
3458
- const z2 = mod(z1, CURVE.n);
3459
- return int2octets(z2 < _0n ? z1 : z2);
1774
+ function nLength(n, nBitLength) {
1775
+ const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
1776
+ const nByteLength = Math.ceil(_nBitLength / 8);
1777
+ return { nBitLength: _nBitLength, nByteLength };
3460
1778
  }
3461
- function int2octets(num) {
3462
- return numTo32b(num);
1779
+ function Field(ORDER, bitLen2, isLE2 = false, redef = {}) {
1780
+ if (ORDER <= _0n2)
1781
+ throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);
1782
+ const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
1783
+ if (BYTES > 2048)
1784
+ throw new Error("Field lengths over 2048 bytes are not supported");
1785
+ const sqrtP = FpSqrt(ORDER);
1786
+ const f = Object.freeze({
1787
+ ORDER,
1788
+ BITS,
1789
+ BYTES,
1790
+ MASK: bitMask(BITS),
1791
+ ZERO: _0n2,
1792
+ ONE: _1n2,
1793
+ create: (num) => mod(num, ORDER),
1794
+ isValid: (num) => {
1795
+ if (typeof num !== "bigint")
1796
+ throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
1797
+ return _0n2 <= num && num < ORDER;
1798
+ },
1799
+ is0: (num) => num === _0n2,
1800
+ isOdd: (num) => (num & _1n2) === _1n2,
1801
+ neg: (num) => mod(-num, ORDER),
1802
+ eql: (lhs, rhs) => lhs === rhs,
1803
+ sqr: (num) => mod(num * num, ORDER),
1804
+ add: (lhs, rhs) => mod(lhs + rhs, ORDER),
1805
+ sub: (lhs, rhs) => mod(lhs - rhs, ORDER),
1806
+ mul: (lhs, rhs) => mod(lhs * rhs, ORDER),
1807
+ pow: (num, power) => FpPow(f, num, power),
1808
+ div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),
1809
+ sqrN: (num) => num * num,
1810
+ addN: (lhs, rhs) => lhs + rhs,
1811
+ subN: (lhs, rhs) => lhs - rhs,
1812
+ mulN: (lhs, rhs) => lhs * rhs,
1813
+ inv: (num) => invert(num, ORDER),
1814
+ sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
1815
+ invertBatch: (lst) => FpInvertBatch(f, lst),
1816
+ cmov: (a, b, c) => c ? b : a,
1817
+ toBytes: (num) => isLE2 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES),
1818
+ fromBytes: (bytes2) => {
1819
+ if (bytes2.length !== BYTES)
1820
+ throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes2.length}`);
1821
+ return isLE2 ? bytesToNumberLE(bytes2) : bytesToNumberBE(bytes2);
1822
+ }
1823
+ });
1824
+ return Object.freeze(f);
3463
1825
  }
3464
- function initSigArgs(msgHash, privateKey, extraEntropy) {
3465
- if (msgHash == null)
3466
- throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
3467
- const h1 = ensureBytes(msgHash);
3468
- const d = normalizePrivateKey(privateKey);
3469
- const seedArgs = [int2octets(d), bits2octets(h1)];
3470
- if (extraEntropy != null) {
3471
- if (extraEntropy === true)
3472
- extraEntropy = utils.randomBytes(32);
3473
- const e = ensureBytes(extraEntropy);
3474
- if (e.length !== 32)
3475
- throw new Error("sign: Expected 32 bytes of extra data");
3476
- seedArgs.push(e);
3477
- }
3478
- const seed = concatBytes(...seedArgs);
3479
- const m = bits2int(h1);
3480
- return { seed, m, d };
1826
+ function hashToPrivateScalar(hash2, groupOrder, isLE2 = false) {
1827
+ hash2 = ensureBytes("privateHash", hash2);
1828
+ const hashLen = hash2.length;
1829
+ const minLen = nLength(groupOrder).nByteLength + 8;
1830
+ if (minLen < 24 || hashLen < minLen || hashLen > 1024)
1831
+ throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);
1832
+ const num = isLE2 ? bytesToNumberLE(hash2) : bytesToNumberBE(hash2);
1833
+ return mod(num, groupOrder - _1n2) + _1n2;
3481
1834
  }
3482
- function finalizeSig(recSig, opts) {
3483
- let { sig, recovery } = recSig;
3484
- const { canonical, der, recovered } = Object.assign({ canonical: true, der: true }, opts);
3485
- if (canonical && sig.hasHighS()) {
3486
- sig = sig.normalizeS();
3487
- recovery ^= 1;
3488
- }
3489
- const hashed = der ? sig.toDERRawBytes() : sig.toCompactRawBytes();
3490
- return recovered ? [hashed, recovery] : hashed;
1835
+
1836
+ // ../../node_modules/@noble/curves/esm/abstract/curve.js
1837
+ var _0n3 = BigInt(0);
1838
+ var _1n3 = BigInt(1);
1839
+ function wNAF(c, bits) {
1840
+ const constTimeNegate = (condition, item) => {
1841
+ const neg = item.negate();
1842
+ return condition ? neg : item;
1843
+ };
1844
+ const opts = (W) => {
1845
+ const windows = Math.ceil(bits / W) + 1;
1846
+ const windowSize = 2 ** (W - 1);
1847
+ return { windows, windowSize };
1848
+ };
1849
+ return {
1850
+ constTimeNegate,
1851
+ unsafeLadder(elm, n) {
1852
+ let p = c.ZERO;
1853
+ let d = elm;
1854
+ while (n > _0n3) {
1855
+ if (n & _1n3)
1856
+ p = p.add(d);
1857
+ d = d.double();
1858
+ n >>= _1n3;
1859
+ }
1860
+ return p;
1861
+ },
1862
+ precomputeWindow(elm, W) {
1863
+ const { windows, windowSize } = opts(W);
1864
+ const points = [];
1865
+ let p = elm;
1866
+ let base3 = p;
1867
+ for (let window = 0; window < windows; window++) {
1868
+ base3 = p;
1869
+ points.push(base3);
1870
+ for (let i = 1; i < windowSize; i++) {
1871
+ base3 = base3.add(p);
1872
+ points.push(base3);
1873
+ }
1874
+ p = base3.double();
1875
+ }
1876
+ return points;
1877
+ },
1878
+ wNAF(W, precomputes, n) {
1879
+ const { windows, windowSize } = opts(W);
1880
+ let p = c.ZERO;
1881
+ let f = c.BASE;
1882
+ const mask = BigInt(2 ** W - 1);
1883
+ const maxNumber = 2 ** W;
1884
+ const shiftBy = BigInt(W);
1885
+ for (let window = 0; window < windows; window++) {
1886
+ const offset = window * windowSize;
1887
+ let wbits = Number(n & mask);
1888
+ n >>= shiftBy;
1889
+ if (wbits > windowSize) {
1890
+ wbits -= maxNumber;
1891
+ n += _1n3;
1892
+ }
1893
+ const offset1 = offset;
1894
+ const offset2 = offset + Math.abs(wbits) - 1;
1895
+ const cond1 = window % 2 !== 0;
1896
+ const cond2 = wbits < 0;
1897
+ if (wbits === 0) {
1898
+ f = f.add(constTimeNegate(cond1, precomputes[offset1]));
1899
+ } else {
1900
+ p = p.add(constTimeNegate(cond2, precomputes[offset2]));
1901
+ }
1902
+ }
1903
+ return { p, f };
1904
+ },
1905
+ wNAFCached(P, precomputesMap, n, transform) {
1906
+ const W = P._WINDOW_SIZE || 1;
1907
+ let comp = precomputesMap.get(P);
1908
+ if (!comp) {
1909
+ comp = this.precomputeWindow(P, W);
1910
+ if (W !== 1) {
1911
+ precomputesMap.set(P, transform(comp));
1912
+ }
1913
+ }
1914
+ return this.wNAF(W, comp, n);
1915
+ }
1916
+ };
3491
1917
  }
3492
- async function sign(msgHash, privKey, opts = {}) {
3493
- const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
3494
- let sig;
3495
- const drbg = new HmacDrbg();
3496
- await drbg.reseed(seed);
3497
- while (!(sig = kmdToSig(await drbg.generate(), m, d)))
3498
- await drbg.reseed();
3499
- return finalizeSig(sig, opts);
1918
+ function validateBasic(curve) {
1919
+ validateField(curve.Fp);
1920
+ validateObject(curve, {
1921
+ n: "bigint",
1922
+ h: "bigint",
1923
+ Gx: "field",
1924
+ Gy: "field"
1925
+ }, {
1926
+ nBitLength: "isSafeInteger",
1927
+ nByteLength: "isSafeInteger"
1928
+ });
1929
+ return Object.freeze({
1930
+ ...nLength(curve.n, curve.nBitLength),
1931
+ ...curve,
1932
+ ...{ p: curve.Fp.ORDER }
1933
+ });
3500
1934
  }
3501
- var vopts = { strict: true };
3502
- function verify(signature, msgHash, publicKey, opts = vopts) {
3503
- let sig;
3504
- try {
3505
- sig = normalizeSignature(signature);
3506
- msgHash = ensureBytes(msgHash);
3507
- } catch (error) {
3508
- return false;
3509
- }
3510
- const { r, s } = sig;
3511
- if (opts.strict && sig.hasHighS())
3512
- return false;
3513
- const h = truncateHash(msgHash);
3514
- let P;
3515
- try {
3516
- P = normalizePublicKey(publicKey);
3517
- } catch (error) {
3518
- return false;
1935
+
1936
+ // ../../node_modules/@noble/curves/esm/abstract/weierstrass.js
1937
+ function validatePointOpts(curve) {
1938
+ const opts = validateBasic(curve);
1939
+ validateObject(opts, {
1940
+ a: "field",
1941
+ b: "field"
1942
+ }, {
1943
+ allowedPrivateKeyLengths: "array",
1944
+ wrapPrivateKey: "boolean",
1945
+ isTorsionFree: "function",
1946
+ clearCofactor: "function",
1947
+ allowInfinityPoint: "boolean",
1948
+ fromBytes: "function",
1949
+ toBytes: "function"
1950
+ });
1951
+ const { endo, Fp: Fp3, a } = opts;
1952
+ if (endo) {
1953
+ if (!Fp3.eql(a, Fp3.ZERO)) {
1954
+ throw new Error("Endomorphism can only be defined for Koblitz curves that have a=0");
1955
+ }
1956
+ if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
1957
+ throw new Error("Expected endomorphism with beta: bigint and splitScalar: function");
1958
+ }
3519
1959
  }
3520
- const { n } = CURVE;
3521
- const sinv = invert(s, n);
3522
- const u1 = mod(h * sinv, n);
3523
- const u2 = mod(r * sinv, n);
3524
- const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
3525
- if (!R)
3526
- return false;
3527
- const v = mod(R.x, n);
3528
- return v === r;
1960
+ return Object.freeze({ ...opts });
3529
1961
  }
3530
- Point.BASE._setWindowSize(8);
3531
- var crypto3 = {
3532
- node: nodeCrypto,
3533
- web: typeof self === "object" && "crypto" in self ? self.crypto : void 0
3534
- };
3535
- var TAGGED_HASH_PREFIXES = {};
3536
- var utils = {
3537
- bytesToHex,
3538
- hexToBytes,
3539
- concatBytes,
3540
- mod,
3541
- invert,
3542
- isValidPrivateKey(privateKey) {
3543
- try {
3544
- normalizePrivateKey(privateKey);
3545
- return true;
3546
- } catch (error) {
3547
- return false;
1962
+ var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
1963
+ var DER = {
1964
+ Err: class DERErr extends Error {
1965
+ constructor(m = "") {
1966
+ super(m);
3548
1967
  }
3549
1968
  },
3550
- _bigintTo32Bytes: numTo32b,
3551
- _normalizePrivateKey: normalizePrivateKey,
3552
- hashToPrivateKey: (hash) => {
3553
- hash = ensureBytes(hash);
3554
- if (hash.length < 40 || hash.length > 1024)
3555
- throw new Error("Expected 40-1024 bytes of private key as per FIPS 186");
3556
- const num = mod(bytesToNumber(hash), CURVE.n - _1n) + _1n;
3557
- return numTo32b(num);
3558
- },
3559
- randomBytes: (bytesLength = 32) => {
3560
- if (crypto3.web) {
3561
- return crypto3.web.getRandomValues(new Uint8Array(bytesLength));
3562
- } else if (crypto3.node) {
3563
- const { randomBytes: randomBytes2 } = crypto3.node;
3564
- return Uint8Array.from(randomBytes2(bytesLength));
3565
- } else {
3566
- throw new Error("The environment doesn't have randomBytes function");
3567
- }
1969
+ _parseInt(data) {
1970
+ const { Err: E } = DER;
1971
+ if (data.length < 2 || data[0] !== 2)
1972
+ throw new E("Invalid signature integer tag");
1973
+ const len = data[1];
1974
+ const res = data.subarray(2, len + 2);
1975
+ if (!len || res.length !== len)
1976
+ throw new E("Invalid signature integer: wrong length");
1977
+ if (res[0] & 128)
1978
+ throw new E("Invalid signature integer: negative");
1979
+ if (res[0] === 0 && !(res[1] & 128))
1980
+ throw new E("Invalid signature integer: unnecessary leading zero");
1981
+ return { d: b2n(res), l: data.subarray(len + 2) };
3568
1982
  },
3569
- randomPrivateKey: () => {
3570
- return utils.hashToPrivateKey(utils.randomBytes(40));
1983
+ toSig(hex) {
1984
+ const { Err: E } = DER;
1985
+ const data = typeof hex === "string" ? h2b(hex) : hex;
1986
+ if (!(data instanceof Uint8Array))
1987
+ throw new Error("ui8a expected");
1988
+ let l = data.length;
1989
+ if (l < 2 || data[0] != 48)
1990
+ throw new E("Invalid signature tag");
1991
+ if (data[1] !== l - 2)
1992
+ throw new E("Invalid signature: incorrect length");
1993
+ const { d: r, l: sBytes } = DER._parseInt(data.subarray(2));
1994
+ const { d: s, l: rBytesLeft } = DER._parseInt(sBytes);
1995
+ if (rBytesLeft.length)
1996
+ throw new E("Invalid signature: left bytes after parsing");
1997
+ return { r, s };
3571
1998
  },
3572
- sha256: async (...messages) => {
3573
- if (crypto3.web) {
3574
- const buffer = await crypto3.web.subtle.digest("SHA-256", concatBytes(...messages));
3575
- return new Uint8Array(buffer);
3576
- } else if (crypto3.node) {
3577
- const { createHash } = crypto3.node;
3578
- const hash = createHash("sha256");
3579
- messages.forEach((m) => hash.update(m));
3580
- return Uint8Array.from(hash.digest());
3581
- } else {
3582
- throw new Error("The environment doesn't have sha256 function");
1999
+ hexFromSig(sig) {
2000
+ const slice = (s2) => Number.parseInt(s2[0], 16) & 8 ? "00" + s2 : s2;
2001
+ const h = (num) => {
2002
+ const hex = num.toString(16);
2003
+ return hex.length & 1 ? `0${hex}` : hex;
2004
+ };
2005
+ const s = slice(h(sig.s));
2006
+ const r = slice(h(sig.r));
2007
+ const shl = s.length / 2;
2008
+ const rhl = r.length / 2;
2009
+ const sl = h(shl);
2010
+ const rl = h(rhl);
2011
+ return `30${h(rhl + shl + 4)}02${rl}${r}02${sl}${s}`;
2012
+ }
2013
+ };
2014
+ var _0n4 = BigInt(0);
2015
+ var _1n4 = BigInt(1);
2016
+ var _2n3 = BigInt(2);
2017
+ var _3n2 = BigInt(3);
2018
+ var _4n2 = BigInt(4);
2019
+ function weierstrassPoints(opts) {
2020
+ const CURVE = validatePointOpts(opts);
2021
+ const { Fp: Fp3 } = CURVE;
2022
+ const toBytes2 = CURVE.toBytes || ((c, point, isCompressed) => {
2023
+ const a = point.toAffine();
2024
+ return concatBytes2(Uint8Array.from([4]), Fp3.toBytes(a.x), Fp3.toBytes(a.y));
2025
+ });
2026
+ const fromBytes = CURVE.fromBytes || ((bytes2) => {
2027
+ const tail = bytes2.subarray(1);
2028
+ const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
2029
+ const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
2030
+ return { x, y };
2031
+ });
2032
+ function weierstrassEquation(x) {
2033
+ const { a, b } = CURVE;
2034
+ const x2 = Fp3.sqr(x);
2035
+ const x3 = Fp3.mul(x2, x);
2036
+ return Fp3.add(Fp3.add(x3, Fp3.mul(x, a)), b);
2037
+ }
2038
+ if (!Fp3.eql(Fp3.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
2039
+ throw new Error("bad generator point: equation left != right");
2040
+ function isWithinCurveOrder(num) {
2041
+ return typeof num === "bigint" && _0n4 < num && num < CURVE.n;
2042
+ }
2043
+ function assertGE(num) {
2044
+ if (!isWithinCurveOrder(num))
2045
+ throw new Error("Expected valid bigint: 0 < bigint < curve.n");
2046
+ }
2047
+ function normPrivateKeyToScalar(key) {
2048
+ const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
2049
+ if (lengths && typeof key !== "bigint") {
2050
+ if (key instanceof Uint8Array)
2051
+ key = bytesToHex(key);
2052
+ if (typeof key !== "string" || !lengths.includes(key.length))
2053
+ throw new Error("Invalid key");
2054
+ key = key.padStart(nByteLength * 2, "0");
2055
+ }
2056
+ let num;
2057
+ try {
2058
+ num = typeof key === "bigint" ? key : bytesToNumberBE(ensureBytes("private key", key, nByteLength));
2059
+ } catch (error) {
2060
+ throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
3583
2061
  }
3584
- },
3585
- hmacSha256: async (key, ...messages) => {
3586
- if (crypto3.web) {
3587
- const ckey = await crypto3.web.subtle.importKey("raw", key, { name: "HMAC", hash: { name: "SHA-256" } }, false, ["sign"]);
3588
- const message = concatBytes(...messages);
3589
- const buffer = await crypto3.web.subtle.sign("HMAC", ckey, message);
3590
- return new Uint8Array(buffer);
3591
- } else if (crypto3.node) {
3592
- const { createHmac } = crypto3.node;
3593
- const hash = createHmac("sha256", key);
3594
- messages.forEach((m) => hash.update(m));
3595
- return Uint8Array.from(hash.digest());
3596
- } else {
3597
- throw new Error("The environment doesn't have hmac-sha256 function");
2062
+ if (wrapPrivateKey)
2063
+ num = mod(num, n);
2064
+ assertGE(num);
2065
+ return num;
2066
+ }
2067
+ const pointPrecomputes = /* @__PURE__ */ new Map();
2068
+ function assertPrjPoint(other) {
2069
+ if (!(other instanceof Point2))
2070
+ throw new Error("ProjectivePoint expected");
2071
+ }
2072
+ class Point2 {
2073
+ constructor(px, py, pz) {
2074
+ this.px = px;
2075
+ this.py = py;
2076
+ this.pz = pz;
2077
+ if (px == null || !Fp3.isValid(px))
2078
+ throw new Error("x required");
2079
+ if (py == null || !Fp3.isValid(py))
2080
+ throw new Error("y required");
2081
+ if (pz == null || !Fp3.isValid(pz))
2082
+ throw new Error("z required");
2083
+ }
2084
+ static fromAffine(p) {
2085
+ const { x, y } = p || {};
2086
+ if (!p || !Fp3.isValid(x) || !Fp3.isValid(y))
2087
+ throw new Error("invalid affine point");
2088
+ if (p instanceof Point2)
2089
+ throw new Error("projective point not allowed");
2090
+ const is0 = (i) => Fp3.eql(i, Fp3.ZERO);
2091
+ if (is0(x) && is0(y))
2092
+ return Point2.ZERO;
2093
+ return new Point2(x, y, Fp3.ONE);
2094
+ }
2095
+ get x() {
2096
+ return this.toAffine().x;
2097
+ }
2098
+ get y() {
2099
+ return this.toAffine().y;
2100
+ }
2101
+ static normalizeZ(points) {
2102
+ const toInv = Fp3.invertBatch(points.map((p) => p.pz));
2103
+ return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
2104
+ }
2105
+ static fromHex(hex) {
2106
+ const P = Point2.fromAffine(fromBytes(ensureBytes("pointHex", hex)));
2107
+ P.assertValidity();
2108
+ return P;
2109
+ }
2110
+ static fromPrivateKey(privateKey) {
2111
+ return Point2.BASE.multiply(normPrivateKeyToScalar(privateKey));
2112
+ }
2113
+ _setWindowSize(windowSize) {
2114
+ this._WINDOW_SIZE = windowSize;
2115
+ pointPrecomputes.delete(this);
2116
+ }
2117
+ assertValidity() {
2118
+ if (this.is0()) {
2119
+ if (CURVE.allowInfinityPoint)
2120
+ return;
2121
+ throw new Error("bad point: ZERO");
2122
+ }
2123
+ const { x, y } = this.toAffine();
2124
+ if (!Fp3.isValid(x) || !Fp3.isValid(y))
2125
+ throw new Error("bad point: x or y not FE");
2126
+ const left = Fp3.sqr(y);
2127
+ const right = weierstrassEquation(x);
2128
+ if (!Fp3.eql(left, right))
2129
+ throw new Error("bad point: equation left != right");
2130
+ if (!this.isTorsionFree())
2131
+ throw new Error("bad point: not in prime-order subgroup");
2132
+ }
2133
+ hasEvenY() {
2134
+ const { y } = this.toAffine();
2135
+ if (Fp3.isOdd)
2136
+ return !Fp3.isOdd(y);
2137
+ throw new Error("Field doesn't support isOdd");
2138
+ }
2139
+ equals(other) {
2140
+ assertPrjPoint(other);
2141
+ const { px: X1, py: Y1, pz: Z1 } = this;
2142
+ const { px: X2, py: Y2, pz: Z2 } = other;
2143
+ const U1 = Fp3.eql(Fp3.mul(X1, Z2), Fp3.mul(X2, Z1));
2144
+ const U2 = Fp3.eql(Fp3.mul(Y1, Z2), Fp3.mul(Y2, Z1));
2145
+ return U1 && U2;
2146
+ }
2147
+ negate() {
2148
+ return new Point2(this.px, Fp3.neg(this.py), this.pz);
2149
+ }
2150
+ double() {
2151
+ const { a, b } = CURVE;
2152
+ const b3 = Fp3.mul(b, _3n2);
2153
+ const { px: X1, py: Y1, pz: Z1 } = this;
2154
+ let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
2155
+ let t0 = Fp3.mul(X1, X1);
2156
+ let t1 = Fp3.mul(Y1, Y1);
2157
+ let t2 = Fp3.mul(Z1, Z1);
2158
+ let t3 = Fp3.mul(X1, Y1);
2159
+ t3 = Fp3.add(t3, t3);
2160
+ Z3 = Fp3.mul(X1, Z1);
2161
+ Z3 = Fp3.add(Z3, Z3);
2162
+ X3 = Fp3.mul(a, Z3);
2163
+ Y3 = Fp3.mul(b3, t2);
2164
+ Y3 = Fp3.add(X3, Y3);
2165
+ X3 = Fp3.sub(t1, Y3);
2166
+ Y3 = Fp3.add(t1, Y3);
2167
+ Y3 = Fp3.mul(X3, Y3);
2168
+ X3 = Fp3.mul(t3, X3);
2169
+ Z3 = Fp3.mul(b3, Z3);
2170
+ t2 = Fp3.mul(a, t2);
2171
+ t3 = Fp3.sub(t0, t2);
2172
+ t3 = Fp3.mul(a, t3);
2173
+ t3 = Fp3.add(t3, Z3);
2174
+ Z3 = Fp3.add(t0, t0);
2175
+ t0 = Fp3.add(Z3, t0);
2176
+ t0 = Fp3.add(t0, t2);
2177
+ t0 = Fp3.mul(t0, t3);
2178
+ Y3 = Fp3.add(Y3, t0);
2179
+ t2 = Fp3.mul(Y1, Z1);
2180
+ t2 = Fp3.add(t2, t2);
2181
+ t0 = Fp3.mul(t2, t3);
2182
+ X3 = Fp3.sub(X3, t0);
2183
+ Z3 = Fp3.mul(t2, t1);
2184
+ Z3 = Fp3.add(Z3, Z3);
2185
+ Z3 = Fp3.add(Z3, Z3);
2186
+ return new Point2(X3, Y3, Z3);
2187
+ }
2188
+ add(other) {
2189
+ assertPrjPoint(other);
2190
+ const { px: X1, py: Y1, pz: Z1 } = this;
2191
+ const { px: X2, py: Y2, pz: Z2 } = other;
2192
+ let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
2193
+ const a = CURVE.a;
2194
+ const b3 = Fp3.mul(CURVE.b, _3n2);
2195
+ let t0 = Fp3.mul(X1, X2);
2196
+ let t1 = Fp3.mul(Y1, Y2);
2197
+ let t2 = Fp3.mul(Z1, Z2);
2198
+ let t3 = Fp3.add(X1, Y1);
2199
+ let t4 = Fp3.add(X2, Y2);
2200
+ t3 = Fp3.mul(t3, t4);
2201
+ t4 = Fp3.add(t0, t1);
2202
+ t3 = Fp3.sub(t3, t4);
2203
+ t4 = Fp3.add(X1, Z1);
2204
+ let t5 = Fp3.add(X2, Z2);
2205
+ t4 = Fp3.mul(t4, t5);
2206
+ t5 = Fp3.add(t0, t2);
2207
+ t4 = Fp3.sub(t4, t5);
2208
+ t5 = Fp3.add(Y1, Z1);
2209
+ X3 = Fp3.add(Y2, Z2);
2210
+ t5 = Fp3.mul(t5, X3);
2211
+ X3 = Fp3.add(t1, t2);
2212
+ t5 = Fp3.sub(t5, X3);
2213
+ Z3 = Fp3.mul(a, t4);
2214
+ X3 = Fp3.mul(b3, t2);
2215
+ Z3 = Fp3.add(X3, Z3);
2216
+ X3 = Fp3.sub(t1, Z3);
2217
+ Z3 = Fp3.add(t1, Z3);
2218
+ Y3 = Fp3.mul(X3, Z3);
2219
+ t1 = Fp3.add(t0, t0);
2220
+ t1 = Fp3.add(t1, t0);
2221
+ t2 = Fp3.mul(a, t2);
2222
+ t4 = Fp3.mul(b3, t4);
2223
+ t1 = Fp3.add(t1, t2);
2224
+ t2 = Fp3.sub(t0, t2);
2225
+ t2 = Fp3.mul(a, t2);
2226
+ t4 = Fp3.add(t4, t2);
2227
+ t0 = Fp3.mul(t1, t4);
2228
+ Y3 = Fp3.add(Y3, t0);
2229
+ t0 = Fp3.mul(t5, t4);
2230
+ X3 = Fp3.mul(t3, X3);
2231
+ X3 = Fp3.sub(X3, t0);
2232
+ t0 = Fp3.mul(t3, t1);
2233
+ Z3 = Fp3.mul(t5, Z3);
2234
+ Z3 = Fp3.add(Z3, t0);
2235
+ return new Point2(X3, Y3, Z3);
2236
+ }
2237
+ subtract(other) {
2238
+ return this.add(other.negate());
2239
+ }
2240
+ is0() {
2241
+ return this.equals(Point2.ZERO);
2242
+ }
2243
+ wNAF(n) {
2244
+ return wnaf.wNAFCached(this, pointPrecomputes, n, (comp) => {
2245
+ const toInv = Fp3.invertBatch(comp.map((p) => p.pz));
2246
+ return comp.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
2247
+ });
3598
2248
  }
3599
- },
3600
- sha256Sync: void 0,
3601
- hmacSha256Sync: void 0,
3602
- taggedHash: async (tag, ...messages) => {
3603
- let tagP = TAGGED_HASH_PREFIXES[tag];
3604
- if (tagP === void 0) {
3605
- const tagH = await utils.sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
3606
- tagP = concatBytes(tagH, tagH);
3607
- TAGGED_HASH_PREFIXES[tag] = tagP;
3608
- }
3609
- return utils.sha256(tagP, ...messages);
3610
- },
3611
- taggedHashSync: (tag, ...messages) => {
3612
- if (typeof _sha256Sync !== "function")
3613
- throw new ShaError("sha256Sync is undefined, you need to set it");
3614
- let tagP = TAGGED_HASH_PREFIXES[tag];
3615
- if (tagP === void 0) {
3616
- const tagH = _sha256Sync(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
3617
- tagP = concatBytes(tagH, tagH);
3618
- TAGGED_HASH_PREFIXES[tag] = tagP;
3619
- }
3620
- return _sha256Sync(tagP, ...messages);
3621
- },
3622
- precompute(windowSize = 8, point = Point.BASE) {
3623
- const cached = point === Point.BASE ? point : new Point(point.x, point.y);
3624
- cached._setWindowSize(windowSize);
3625
- cached.multiply(_3n);
3626
- return cached;
3627
- }
3628
- };
3629
- Object.defineProperties(utils, {
3630
- sha256Sync: {
3631
- configurable: false,
3632
- get() {
3633
- return _sha256Sync;
2249
+ multiplyUnsafe(n) {
2250
+ const I = Point2.ZERO;
2251
+ if (n === _0n4)
2252
+ return I;
2253
+ assertGE(n);
2254
+ if (n === _1n4)
2255
+ return this;
2256
+ const { endo } = CURVE;
2257
+ if (!endo)
2258
+ return wnaf.unsafeLadder(this, n);
2259
+ let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
2260
+ let k1p = I;
2261
+ let k2p = I;
2262
+ let d = this;
2263
+ while (k1 > _0n4 || k2 > _0n4) {
2264
+ if (k1 & _1n4)
2265
+ k1p = k1p.add(d);
2266
+ if (k2 & _1n4)
2267
+ k2p = k2p.add(d);
2268
+ d = d.double();
2269
+ k1 >>= _1n4;
2270
+ k2 >>= _1n4;
2271
+ }
2272
+ if (k1neg)
2273
+ k1p = k1p.negate();
2274
+ if (k2neg)
2275
+ k2p = k2p.negate();
2276
+ k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
2277
+ return k1p.add(k2p);
2278
+ }
2279
+ multiply(scalar) {
2280
+ assertGE(scalar);
2281
+ let n = scalar;
2282
+ let point, fake;
2283
+ const { endo } = CURVE;
2284
+ if (endo) {
2285
+ const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
2286
+ let { p: k1p, f: f1p } = this.wNAF(k1);
2287
+ let { p: k2p, f: f2p } = this.wNAF(k2);
2288
+ k1p = wnaf.constTimeNegate(k1neg, k1p);
2289
+ k2p = wnaf.constTimeNegate(k2neg, k2p);
2290
+ k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
2291
+ point = k1p.add(k2p);
2292
+ fake = f1p.add(f2p);
2293
+ } else {
2294
+ const { p, f } = this.wNAF(n);
2295
+ point = p;
2296
+ fake = f;
2297
+ }
2298
+ return Point2.normalizeZ([point, fake])[0];
2299
+ }
2300
+ multiplyAndAddUnsafe(Q, a, b) {
2301
+ const G = Point2.BASE;
2302
+ const mul = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
2303
+ const sum = mul(this, a).add(mul(Q, b));
2304
+ return sum.is0() ? void 0 : sum;
2305
+ }
2306
+ toAffine(iz) {
2307
+ const { px: x, py: y, pz: z } = this;
2308
+ const is0 = this.is0();
2309
+ if (iz == null)
2310
+ iz = is0 ? Fp3.ONE : Fp3.inv(z);
2311
+ const ax = Fp3.mul(x, iz);
2312
+ const ay = Fp3.mul(y, iz);
2313
+ const zz = Fp3.mul(z, iz);
2314
+ if (is0)
2315
+ return { x: Fp3.ZERO, y: Fp3.ZERO };
2316
+ if (!Fp3.eql(zz, Fp3.ONE))
2317
+ throw new Error("invZ was invalid");
2318
+ return { x: ax, y: ay };
2319
+ }
2320
+ isTorsionFree() {
2321
+ const { h: cofactor, isTorsionFree } = CURVE;
2322
+ if (cofactor === _1n4)
2323
+ return true;
2324
+ if (isTorsionFree)
2325
+ return isTorsionFree(Point2, this);
2326
+ throw new Error("isTorsionFree() has not been declared for the elliptic curve");
2327
+ }
2328
+ clearCofactor() {
2329
+ const { h: cofactor, clearCofactor } = CURVE;
2330
+ if (cofactor === _1n4)
2331
+ return this;
2332
+ if (clearCofactor)
2333
+ return clearCofactor(Point2, this);
2334
+ return this.multiplyUnsafe(CURVE.h);
2335
+ }
2336
+ toRawBytes(isCompressed = true) {
2337
+ this.assertValidity();
2338
+ return toBytes2(Point2, this, isCompressed);
2339
+ }
2340
+ toHex(isCompressed = true) {
2341
+ return bytesToHex(this.toRawBytes(isCompressed));
2342
+ }
2343
+ }
2344
+ Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp3.ONE);
2345
+ Point2.ZERO = new Point2(Fp3.ZERO, Fp3.ONE, Fp3.ZERO);
2346
+ const _bits = CURVE.nBitLength;
2347
+ const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
2348
+ return {
2349
+ CURVE,
2350
+ ProjectivePoint: Point2,
2351
+ normPrivateKeyToScalar,
2352
+ weierstrassEquation,
2353
+ isWithinCurveOrder
2354
+ };
2355
+ }
2356
+ function validateOpts(curve) {
2357
+ const opts = validateBasic(curve);
2358
+ validateObject(opts, {
2359
+ hash: "hash",
2360
+ hmac: "function",
2361
+ randomBytes: "function"
2362
+ }, {
2363
+ bits2int: "function",
2364
+ bits2int_modN: "function",
2365
+ lowS: "boolean"
2366
+ });
2367
+ return Object.freeze({ lowS: true, ...opts });
2368
+ }
2369
+ function weierstrass(curveDef) {
2370
+ const CURVE = validateOpts(curveDef);
2371
+ const { Fp: Fp3, n: CURVE_ORDER } = CURVE;
2372
+ const compressedLen = Fp3.BYTES + 1;
2373
+ const uncompressedLen = 2 * Fp3.BYTES + 1;
2374
+ function isValidFieldElement(num) {
2375
+ return _0n4 < num && num < Fp3.ORDER;
2376
+ }
2377
+ function modN(a) {
2378
+ return mod(a, CURVE_ORDER);
2379
+ }
2380
+ function invN(a) {
2381
+ return invert(a, CURVE_ORDER);
2382
+ }
2383
+ const { ProjectivePoint: Point2, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder } = weierstrassPoints({
2384
+ ...CURVE,
2385
+ toBytes(c, point, isCompressed) {
2386
+ const a = point.toAffine();
2387
+ const x = Fp3.toBytes(a.x);
2388
+ const cat = concatBytes2;
2389
+ if (isCompressed) {
2390
+ return cat(Uint8Array.from([point.hasEvenY() ? 2 : 3]), x);
2391
+ } else {
2392
+ return cat(Uint8Array.from([4]), x, Fp3.toBytes(a.y));
2393
+ }
3634
2394
  },
3635
- set(val) {
3636
- if (!_sha256Sync)
3637
- _sha256Sync = val;
2395
+ fromBytes(bytes2) {
2396
+ const len = bytes2.length;
2397
+ const head = bytes2[0];
2398
+ const tail = bytes2.subarray(1);
2399
+ if (len === compressedLen && (head === 2 || head === 3)) {
2400
+ const x = bytesToNumberBE(tail);
2401
+ if (!isValidFieldElement(x))
2402
+ throw new Error("Point is not on curve");
2403
+ const y2 = weierstrassEquation(x);
2404
+ let y = Fp3.sqrt(y2);
2405
+ const isYOdd = (y & _1n4) === _1n4;
2406
+ const isHeadOdd = (head & 1) === 1;
2407
+ if (isHeadOdd !== isYOdd)
2408
+ y = Fp3.neg(y);
2409
+ return { x, y };
2410
+ } else if (len === uncompressedLen && head === 4) {
2411
+ const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
2412
+ const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
2413
+ return { x, y };
2414
+ } else {
2415
+ throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
2416
+ }
3638
2417
  }
3639
- },
3640
- hmacSha256Sync: {
3641
- configurable: false,
3642
- get() {
3643
- return _hmacSha256Sync;
2418
+ });
2419
+ const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength));
2420
+ function isBiggerThanHalfOrder(number2) {
2421
+ const HALF = CURVE_ORDER >> _1n4;
2422
+ return number2 > HALF;
2423
+ }
2424
+ function normalizeS(s) {
2425
+ return isBiggerThanHalfOrder(s) ? modN(-s) : s;
2426
+ }
2427
+ const slcNum = (b, from3, to) => bytesToNumberBE(b.slice(from3, to));
2428
+ class Signature {
2429
+ constructor(r, s, recovery) {
2430
+ this.r = r;
2431
+ this.s = s;
2432
+ this.recovery = recovery;
2433
+ this.assertValidity();
2434
+ }
2435
+ static fromCompact(hex) {
2436
+ const l = CURVE.nByteLength;
2437
+ hex = ensureBytes("compactSignature", hex, l * 2);
2438
+ return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
2439
+ }
2440
+ static fromDER(hex) {
2441
+ const { r, s } = DER.toSig(ensureBytes("DER", hex));
2442
+ return new Signature(r, s);
2443
+ }
2444
+ assertValidity() {
2445
+ if (!isWithinCurveOrder(this.r))
2446
+ throw new Error("r must be 0 < r < CURVE.n");
2447
+ if (!isWithinCurveOrder(this.s))
2448
+ throw new Error("s must be 0 < s < CURVE.n");
2449
+ }
2450
+ addRecoveryBit(recovery) {
2451
+ return new Signature(this.r, this.s, recovery);
2452
+ }
2453
+ recoverPublicKey(msgHash) {
2454
+ const { r, s, recovery: rec } = this;
2455
+ const h = bits2int_modN(ensureBytes("msgHash", msgHash));
2456
+ if (rec == null || ![0, 1, 2, 3].includes(rec))
2457
+ throw new Error("recovery id invalid");
2458
+ const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
2459
+ if (radj >= Fp3.ORDER)
2460
+ throw new Error("recovery id 2 or 3 invalid");
2461
+ const prefix = (rec & 1) === 0 ? "02" : "03";
2462
+ const R = Point2.fromHex(prefix + numToNByteStr(radj));
2463
+ const ir = invN(radj);
2464
+ const u1 = modN(-h * ir);
2465
+ const u2 = modN(s * ir);
2466
+ const Q = Point2.BASE.multiplyAndAddUnsafe(R, u1, u2);
2467
+ if (!Q)
2468
+ throw new Error("point at infinify");
2469
+ Q.assertValidity();
2470
+ return Q;
2471
+ }
2472
+ hasHighS() {
2473
+ return isBiggerThanHalfOrder(this.s);
2474
+ }
2475
+ normalizeS() {
2476
+ return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;
2477
+ }
2478
+ toDERRawBytes() {
2479
+ return hexToBytes(this.toDERHex());
2480
+ }
2481
+ toDERHex() {
2482
+ return DER.hexFromSig({ r: this.r, s: this.s });
2483
+ }
2484
+ toCompactRawBytes() {
2485
+ return hexToBytes(this.toCompactHex());
2486
+ }
2487
+ toCompactHex() {
2488
+ return numToNByteStr(this.r) + numToNByteStr(this.s);
2489
+ }
2490
+ }
2491
+ const utils = {
2492
+ isValidPrivateKey(privateKey) {
2493
+ try {
2494
+ normPrivateKeyToScalar(privateKey);
2495
+ return true;
2496
+ } catch (error) {
2497
+ return false;
2498
+ }
2499
+ },
2500
+ normPrivateKeyToScalar,
2501
+ randomPrivateKey: () => {
2502
+ const rand = CURVE.randomBytes(Fp3.BYTES + 8);
2503
+ const num = hashToPrivateScalar(rand, CURVE_ORDER);
2504
+ return numberToBytesBE(num, CURVE.nByteLength);
3644
2505
  },
3645
- set(val) {
3646
- if (!_hmacSha256Sync)
3647
- _hmacSha256Sync = val;
2506
+ precompute(windowSize = 8, point = Point2.BASE) {
2507
+ point._setWindowSize(windowSize);
2508
+ point.multiply(BigInt(3));
2509
+ return point;
3648
2510
  }
2511
+ };
2512
+ function getPublicKey(privateKey, isCompressed = true) {
2513
+ return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
2514
+ }
2515
+ function isProbPub(item) {
2516
+ const arr = item instanceof Uint8Array;
2517
+ const str = typeof item === "string";
2518
+ const len = (arr || str) && item.length;
2519
+ if (arr)
2520
+ return len === compressedLen || len === uncompressedLen;
2521
+ if (str)
2522
+ return len === 2 * compressedLen || len === 2 * uncompressedLen;
2523
+ if (item instanceof Point2)
2524
+ return true;
2525
+ return false;
3649
2526
  }
3650
- });
2527
+ function getSharedSecret(privateA, publicB, isCompressed = true) {
2528
+ if (isProbPub(privateA))
2529
+ throw new Error("first arg must be private key");
2530
+ if (!isProbPub(publicB))
2531
+ throw new Error("second arg must be public key");
2532
+ const b = Point2.fromHex(publicB);
2533
+ return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
2534
+ }
2535
+ const bits2int = CURVE.bits2int || function(bytes2) {
2536
+ const num = bytesToNumberBE(bytes2);
2537
+ const delta = bytes2.length * 8 - CURVE.nBitLength;
2538
+ return delta > 0 ? num >> BigInt(delta) : num;
2539
+ };
2540
+ const bits2int_modN = CURVE.bits2int_modN || function(bytes2) {
2541
+ return modN(bits2int(bytes2));
2542
+ };
2543
+ const ORDER_MASK = bitMask(CURVE.nBitLength);
2544
+ function int2octets(num) {
2545
+ if (typeof num !== "bigint")
2546
+ throw new Error("bigint expected");
2547
+ if (!(_0n4 <= num && num < ORDER_MASK))
2548
+ throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
2549
+ return numberToBytesBE(num, CURVE.nByteLength);
2550
+ }
2551
+ function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
2552
+ if (["recovered", "canonical"].some((k) => k in opts))
2553
+ throw new Error("sign() legacy options not supported");
2554
+ const { hash: hash2, randomBytes: randomBytes3 } = CURVE;
2555
+ let { lowS, prehash, extraEntropy: ent } = opts;
2556
+ if (lowS == null)
2557
+ lowS = true;
2558
+ msgHash = ensureBytes("msgHash", msgHash);
2559
+ if (prehash)
2560
+ msgHash = ensureBytes("prehashed msgHash", hash2(msgHash));
2561
+ const h1int = bits2int_modN(msgHash);
2562
+ const d = normPrivateKeyToScalar(privateKey);
2563
+ const seedArgs = [int2octets(d), int2octets(h1int)];
2564
+ if (ent != null) {
2565
+ const e = ent === true ? randomBytes3(Fp3.BYTES) : ent;
2566
+ seedArgs.push(ensureBytes("extraEntropy", e, Fp3.BYTES));
2567
+ }
2568
+ const seed = concatBytes2(...seedArgs);
2569
+ const m = h1int;
2570
+ function k2sig(kBytes) {
2571
+ const k = bits2int(kBytes);
2572
+ if (!isWithinCurveOrder(k))
2573
+ return;
2574
+ const ik = invN(k);
2575
+ const q = Point2.BASE.multiply(k).toAffine();
2576
+ const r = modN(q.x);
2577
+ if (r === _0n4)
2578
+ return;
2579
+ const s = modN(ik * modN(m + r * d));
2580
+ if (s === _0n4)
2581
+ return;
2582
+ let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
2583
+ let normS = s;
2584
+ if (lowS && isBiggerThanHalfOrder(s)) {
2585
+ normS = normalizeS(s);
2586
+ recovery ^= 1;
2587
+ }
2588
+ return new Signature(r, normS, recovery);
2589
+ }
2590
+ return { seed, k2sig };
2591
+ }
2592
+ const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
2593
+ const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
2594
+ function sign(msgHash, privKey, opts = defaultSigOpts) {
2595
+ const { seed, k2sig } = prepSig(msgHash, privKey, opts);
2596
+ const C = CURVE;
2597
+ const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);
2598
+ return drbg(seed, k2sig);
2599
+ }
2600
+ Point2.BASE._setWindowSize(8);
2601
+ function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
2602
+ const sg = signature;
2603
+ msgHash = ensureBytes("msgHash", msgHash);
2604
+ publicKey = ensureBytes("publicKey", publicKey);
2605
+ if ("strict" in opts)
2606
+ throw new Error("options.strict was renamed to lowS");
2607
+ const { lowS, prehash } = opts;
2608
+ let _sig = void 0;
2609
+ let P;
2610
+ try {
2611
+ if (typeof sg === "string" || sg instanceof Uint8Array) {
2612
+ try {
2613
+ _sig = Signature.fromDER(sg);
2614
+ } catch (derError) {
2615
+ if (!(derError instanceof DER.Err))
2616
+ throw derError;
2617
+ _sig = Signature.fromCompact(sg);
2618
+ }
2619
+ } else if (typeof sg === "object" && typeof sg.r === "bigint" && typeof sg.s === "bigint") {
2620
+ const { r: r2, s: s2 } = sg;
2621
+ _sig = new Signature(r2, s2);
2622
+ } else {
2623
+ throw new Error("PARSE");
2624
+ }
2625
+ P = Point2.fromHex(publicKey);
2626
+ } catch (error) {
2627
+ if (error.message === "PARSE")
2628
+ throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
2629
+ return false;
2630
+ }
2631
+ if (lowS && _sig.hasHighS())
2632
+ return false;
2633
+ if (prehash)
2634
+ msgHash = CURVE.hash(msgHash);
2635
+ const { r, s } = _sig;
2636
+ const h = bits2int_modN(msgHash);
2637
+ const is = invN(s);
2638
+ const u1 = modN(h * is);
2639
+ const u2 = modN(r * is);
2640
+ const R = Point2.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine();
2641
+ if (!R)
2642
+ return false;
2643
+ const v = modN(R.x);
2644
+ return v === r;
2645
+ }
2646
+ return {
2647
+ CURVE,
2648
+ getPublicKey,
2649
+ getSharedSecret,
2650
+ sign,
2651
+ verify,
2652
+ ProjectivePoint: Point2,
2653
+ Signature,
2654
+ utils
2655
+ };
2656
+ }
2657
+
2658
+ // ../../node_modules/@noble/curves/esm/_shortw_utils.js
2659
+ function getHash(hash2) {
2660
+ return {
2661
+ hash: hash2,
2662
+ hmac: (key, ...msgs) => hmac(hash2, key, concatBytes(...msgs)),
2663
+ randomBytes
2664
+ };
2665
+ }
2666
+ function createCurve(curveDef, defHash) {
2667
+ const create2 = (hash2) => weierstrass({ ...curveDef, ...getHash(hash2) });
2668
+ return Object.freeze({ ...create2(defHash), create: create2 });
2669
+ }
2670
+
2671
+ // ../../node_modules/@noble/hashes/esm/_sha2.js
2672
+ function setBigUint64(view, byteOffset, value, isLE2) {
2673
+ if (typeof view.setBigUint64 === "function")
2674
+ return view.setBigUint64(byteOffset, value, isLE2);
2675
+ const _32n = BigInt(32);
2676
+ const _u32_max = BigInt(4294967295);
2677
+ const wh = Number(value >> _32n & _u32_max);
2678
+ const wl = Number(value & _u32_max);
2679
+ const h = isLE2 ? 4 : 0;
2680
+ const l = isLE2 ? 0 : 4;
2681
+ view.setUint32(byteOffset + h, wh, isLE2);
2682
+ view.setUint32(byteOffset + l, wl, isLE2);
2683
+ }
2684
+ var SHA2 = class extends Hash {
2685
+ constructor(blockLen, outputLen, padOffset, isLE2) {
2686
+ super();
2687
+ this.blockLen = blockLen;
2688
+ this.outputLen = outputLen;
2689
+ this.padOffset = padOffset;
2690
+ this.isLE = isLE2;
2691
+ this.finished = false;
2692
+ this.length = 0;
2693
+ this.pos = 0;
2694
+ this.destroyed = false;
2695
+ this.buffer = new Uint8Array(blockLen);
2696
+ this.view = createView(this.buffer);
2697
+ }
2698
+ update(data) {
2699
+ assert_default.exists(this);
2700
+ const { view, buffer, blockLen } = this;
2701
+ data = toBytes(data);
2702
+ const len = data.length;
2703
+ for (let pos = 0; pos < len; ) {
2704
+ const take = Math.min(blockLen - this.pos, len - pos);
2705
+ if (take === blockLen) {
2706
+ const dataView = createView(data);
2707
+ for (; blockLen <= len - pos; pos += blockLen)
2708
+ this.process(dataView, pos);
2709
+ continue;
2710
+ }
2711
+ buffer.set(data.subarray(pos, pos + take), this.pos);
2712
+ this.pos += take;
2713
+ pos += take;
2714
+ if (this.pos === blockLen) {
2715
+ this.process(view, 0);
2716
+ this.pos = 0;
2717
+ }
2718
+ }
2719
+ this.length += data.length;
2720
+ this.roundClean();
2721
+ return this;
2722
+ }
2723
+ digestInto(out) {
2724
+ assert_default.exists(this);
2725
+ assert_default.output(out, this);
2726
+ this.finished = true;
2727
+ const { buffer, view, blockLen, isLE: isLE2 } = this;
2728
+ let { pos } = this;
2729
+ buffer[pos++] = 128;
2730
+ this.buffer.subarray(pos).fill(0);
2731
+ if (this.padOffset > blockLen - pos) {
2732
+ this.process(view, 0);
2733
+ pos = 0;
2734
+ }
2735
+ for (let i = pos; i < blockLen; i++)
2736
+ buffer[i] = 0;
2737
+ setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
2738
+ this.process(view, 0);
2739
+ const oview = createView(out);
2740
+ const len = this.outputLen;
2741
+ if (len % 4)
2742
+ throw new Error("_sha2: outputLen should be aligned to 32bit");
2743
+ const outLen = len / 4;
2744
+ const state = this.get();
2745
+ if (outLen > state.length)
2746
+ throw new Error("_sha2: outputLen bigger than state");
2747
+ for (let i = 0; i < outLen; i++)
2748
+ oview.setUint32(4 * i, state[i], isLE2);
2749
+ }
2750
+ digest() {
2751
+ const { buffer, outputLen } = this;
2752
+ this.digestInto(buffer);
2753
+ const res = buffer.slice(0, outputLen);
2754
+ this.destroy();
2755
+ return res;
2756
+ }
2757
+ _cloneInto(to) {
2758
+ to || (to = new this.constructor());
2759
+ to.set(...this.get());
2760
+ const { blockLen, buffer, length: length2, finished, destroyed, pos } = this;
2761
+ to.length = length2;
2762
+ to.pos = pos;
2763
+ to.finished = finished;
2764
+ to.destroyed = destroyed;
2765
+ if (length2 % blockLen)
2766
+ to.buffer.set(buffer);
2767
+ return to;
2768
+ }
2769
+ };
2770
+
2771
+ // ../../node_modules/@noble/hashes/esm/sha256.js
2772
+ var Chi = (a, b, c) => a & b ^ ~a & c;
2773
+ var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
2774
+ var SHA256_K = new Uint32Array([
2775
+ 1116352408,
2776
+ 1899447441,
2777
+ 3049323471,
2778
+ 3921009573,
2779
+ 961987163,
2780
+ 1508970993,
2781
+ 2453635748,
2782
+ 2870763221,
2783
+ 3624381080,
2784
+ 310598401,
2785
+ 607225278,
2786
+ 1426881987,
2787
+ 1925078388,
2788
+ 2162078206,
2789
+ 2614888103,
2790
+ 3248222580,
2791
+ 3835390401,
2792
+ 4022224774,
2793
+ 264347078,
2794
+ 604807628,
2795
+ 770255983,
2796
+ 1249150122,
2797
+ 1555081692,
2798
+ 1996064986,
2799
+ 2554220882,
2800
+ 2821834349,
2801
+ 2952996808,
2802
+ 3210313671,
2803
+ 3336571891,
2804
+ 3584528711,
2805
+ 113926993,
2806
+ 338241895,
2807
+ 666307205,
2808
+ 773529912,
2809
+ 1294757372,
2810
+ 1396182291,
2811
+ 1695183700,
2812
+ 1986661051,
2813
+ 2177026350,
2814
+ 2456956037,
2815
+ 2730485921,
2816
+ 2820302411,
2817
+ 3259730800,
2818
+ 3345764771,
2819
+ 3516065817,
2820
+ 3600352804,
2821
+ 4094571909,
2822
+ 275423344,
2823
+ 430227734,
2824
+ 506948616,
2825
+ 659060556,
2826
+ 883997877,
2827
+ 958139571,
2828
+ 1322822218,
2829
+ 1537002063,
2830
+ 1747873779,
2831
+ 1955562222,
2832
+ 2024104815,
2833
+ 2227730452,
2834
+ 2361852424,
2835
+ 2428436474,
2836
+ 2756734187,
2837
+ 3204031479,
2838
+ 3329325298
2839
+ ]);
2840
+ var IV = new Uint32Array([
2841
+ 1779033703,
2842
+ 3144134277,
2843
+ 1013904242,
2844
+ 2773480762,
2845
+ 1359893119,
2846
+ 2600822924,
2847
+ 528734635,
2848
+ 1541459225
2849
+ ]);
2850
+ var SHA256_W = new Uint32Array(64);
2851
+ var SHA256 = class extends SHA2 {
2852
+ constructor() {
2853
+ super(64, 32, 8, false);
2854
+ this.A = IV[0] | 0;
2855
+ this.B = IV[1] | 0;
2856
+ this.C = IV[2] | 0;
2857
+ this.D = IV[3] | 0;
2858
+ this.E = IV[4] | 0;
2859
+ this.F = IV[5] | 0;
2860
+ this.G = IV[6] | 0;
2861
+ this.H = IV[7] | 0;
2862
+ }
2863
+ get() {
2864
+ const { A, B, C, D, E, F, G, H } = this;
2865
+ return [A, B, C, D, E, F, G, H];
2866
+ }
2867
+ set(A, B, C, D, E, F, G, H) {
2868
+ this.A = A | 0;
2869
+ this.B = B | 0;
2870
+ this.C = C | 0;
2871
+ this.D = D | 0;
2872
+ this.E = E | 0;
2873
+ this.F = F | 0;
2874
+ this.G = G | 0;
2875
+ this.H = H | 0;
2876
+ }
2877
+ process(view, offset) {
2878
+ for (let i = 0; i < 16; i++, offset += 4)
2879
+ SHA256_W[i] = view.getUint32(offset, false);
2880
+ for (let i = 16; i < 64; i++) {
2881
+ const W15 = SHA256_W[i - 15];
2882
+ const W2 = SHA256_W[i - 2];
2883
+ const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
2884
+ const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
2885
+ SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
2886
+ }
2887
+ let { A, B, C, D, E, F, G, H } = this;
2888
+ for (let i = 0; i < 64; i++) {
2889
+ const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
2890
+ const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i] | 0;
2891
+ const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
2892
+ const T2 = sigma0 + Maj(A, B, C) | 0;
2893
+ H = G;
2894
+ G = F;
2895
+ F = E;
2896
+ E = D + T1 | 0;
2897
+ D = C;
2898
+ C = B;
2899
+ B = A;
2900
+ A = T1 + T2 | 0;
2901
+ }
2902
+ A = A + this.A | 0;
2903
+ B = B + this.B | 0;
2904
+ C = C + this.C | 0;
2905
+ D = D + this.D | 0;
2906
+ E = E + this.E | 0;
2907
+ F = F + this.F | 0;
2908
+ G = G + this.G | 0;
2909
+ H = H + this.H | 0;
2910
+ this.set(A, B, C, D, E, F, G, H);
2911
+ }
2912
+ roundClean() {
2913
+ SHA256_W.fill(0);
2914
+ }
2915
+ destroy() {
2916
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
2917
+ this.buffer.fill(0);
2918
+ }
2919
+ };
2920
+ var SHA224 = class extends SHA256 {
2921
+ constructor() {
2922
+ super();
2923
+ this.A = 3238371032 | 0;
2924
+ this.B = 914150663 | 0;
2925
+ this.C = 812702999 | 0;
2926
+ this.D = 4144912697 | 0;
2927
+ this.E = 4290775857 | 0;
2928
+ this.F = 1750603025 | 0;
2929
+ this.G = 1694076839 | 0;
2930
+ this.H = 3204075428 | 0;
2931
+ this.outputLen = 28;
2932
+ }
2933
+ };
2934
+ var sha2562 = wrapConstructor(() => new SHA256());
2935
+ var sha224 = wrapConstructor(() => new SHA224());
2936
+
2937
+ // ../../node_modules/@noble/curves/esm/p256.js
2938
+ var Fp = Field(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"));
2939
+ var CURVE_A = Fp.create(BigInt("-3"));
2940
+ var CURVE_B = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
2941
+ var p256 = createCurve({
2942
+ a: CURVE_A,
2943
+ b: CURVE_B,
2944
+ Fp,
2945
+ n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
2946
+ Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
2947
+ Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),
2948
+ h: BigInt(1),
2949
+ lowS: false
2950
+ }, sha2562);
2951
+
2952
+ // src/p256/encoding.ts
2953
+ var compressPubkey = (pubkeyBytes) => {
2954
+ const point = p256.ProjectivePoint.fromHex(pubkeyBytes);
2955
+ return point.toRawBytes(true);
2956
+ };
2957
+ var decompressPubkey = (compressed) => {
2958
+ if (compressed.length !== 33) {
2959
+ throw new Error("Expected 33 byte compress pubkey");
2960
+ }
2961
+ const point = p256.ProjectivePoint.fromHex(compressed);
2962
+ return point.toRawBytes(false);
2963
+ };
2964
+
2965
+ // ../../node_modules/@noble/curves/esm/secp256k1.js
2966
+ var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
2967
+ var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
2968
+ var _1n5 = BigInt(1);
2969
+ var _2n4 = BigInt(2);
2970
+ var divNearest = (a, b) => (a + b / _2n4) / b;
2971
+ function sqrtMod(y) {
2972
+ const P = secp256k1P;
2973
+ const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
2974
+ const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);
2975
+ const b2 = y * y * y % P;
2976
+ const b3 = b2 * b2 * y % P;
2977
+ const b6 = pow2(b3, _3n3, P) * b3 % P;
2978
+ const b9 = pow2(b6, _3n3, P) * b3 % P;
2979
+ const b11 = pow2(b9, _2n4, P) * b2 % P;
2980
+ const b22 = pow2(b11, _11n, P) * b11 % P;
2981
+ const b44 = pow2(b22, _22n, P) * b22 % P;
2982
+ const b88 = pow2(b44, _44n, P) * b44 % P;
2983
+ const b176 = pow2(b88, _88n, P) * b88 % P;
2984
+ const b220 = pow2(b176, _44n, P) * b44 % P;
2985
+ const b223 = pow2(b220, _3n3, P) * b3 % P;
2986
+ const t1 = pow2(b223, _23n, P) * b22 % P;
2987
+ const t2 = pow2(t1, _6n, P) * b2 % P;
2988
+ const root = pow2(t2, _2n4, P);
2989
+ if (!Fp2.eql(Fp2.sqr(root), y))
2990
+ throw new Error("Cannot find square root");
2991
+ return root;
2992
+ }
2993
+ var Fp2 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
2994
+ var secp256k1 = createCurve({
2995
+ a: BigInt(0),
2996
+ b: BigInt(7),
2997
+ Fp: Fp2,
2998
+ n: secp256k1N,
2999
+ Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
3000
+ Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
3001
+ h: BigInt(1),
3002
+ lowS: true,
3003
+ endo: {
3004
+ beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
3005
+ splitScalar: (k) => {
3006
+ const n = secp256k1N;
3007
+ const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
3008
+ const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
3009
+ const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
3010
+ const b2 = a1;
3011
+ const POW_2_128 = BigInt("0x100000000000000000000000000000000");
3012
+ const c1 = divNearest(b2 * k, n);
3013
+ const c2 = divNearest(-b1 * k, n);
3014
+ let k1 = mod(k - c1 * a1 - c2 * a2, n);
3015
+ let k2 = mod(-c1 * b1 - c2 * b2, n);
3016
+ const k1neg = k1 > POW_2_128;
3017
+ const k2neg = k2 > POW_2_128;
3018
+ if (k1neg)
3019
+ k1 = n - k1;
3020
+ if (k2neg)
3021
+ k2 = n - k2;
3022
+ if (k1 > POW_2_128 || k2 > POW_2_128) {
3023
+ throw new Error("splitScalar: Endomorphism failed, k=" + k);
3024
+ }
3025
+ return { k1neg, k1, k2neg, k2 };
3026
+ }
3027
+ }
3028
+ }, sha2562);
3029
+ var _0n5 = BigInt(0);
3030
+ var Point = secp256k1.ProjectivePoint;
3651
3031
 
3652
3032
  // src/secp256k1/encoding.ts
3653
3033
  var compressPubkey2 = (pubkeyBytes) => {
3654
- const hex = utils.bytesToHex(pubkeyBytes);
3655
- const point = Point.fromHex(hex);
3034
+ const point = secp256k1.ProjectivePoint.fromHex(pubkeyBytes);
3656
3035
  return point.toRawBytes(true);
3657
3036
  };
3658
3037
  var decompressPubkey2 = (compressed) => {
3659
3038
  if (compressed.length !== 33) {
3660
3039
  throw new Error("Expected 33 byte compress pubkey");
3661
3040
  }
3662
- const hex = utils.bytesToHex(compressed);
3663
- const point = Point.fromHex(hex);
3041
+ const point = secp256k1.ProjectivePoint.fromHex(compressed);
3664
3042
  return point.toRawBytes(false);
3665
3043
  };
3666
3044
 
3667
3045
  // src/p256/operations.ts
3668
- var importKeypairJwk = async (jwk, exportable = false) => {
3669
- const privateKey = await webcrypto.subtle.importKey(
3670
- "jwk",
3671
- jwk,
3672
- { name: "ECDSA", namedCurve: "P-256" },
3673
- exportable,
3674
- ["sign"]
3675
- );
3676
- const { kty, crv, x, y } = jwk;
3677
- const pubKeyJwk = { kty, crv, x, y };
3678
- const publicKey = await webcrypto.subtle.importKey(
3679
- "jwk",
3680
- pubKeyJwk,
3681
- { name: "ECDSA", namedCurve: "P-256" },
3682
- true,
3683
- ["verify"]
3684
- );
3685
- return { privateKey, publicKey };
3686
- };
3687
3046
  var verifyDidSig = async (did, data, sig) => {
3688
3047
  const { jwtAlg, keyBytes } = parseDidKey(did);
3689
3048
  if (jwtAlg !== P256_JWT_ALG) {
3690
3049
  throw new Error(`Not a P-256 did:key: ${did}`);
3691
3050
  }
3692
- return verify2(keyBytes, data, sig);
3051
+ return verifySig(keyBytes, data, sig);
3693
3052
  };
3694
- var verify2 = async (publicKey, data, sig) => {
3695
- const importedKey = await importEcdsaPublicKey(publicKey);
3696
- return webcrypto.subtle.verify(
3697
- { name: "ECDSA", hash: { name: "SHA-256" } },
3698
- importedKey,
3699
- sig,
3700
- data
3701
- );
3702
- };
3703
- var importEcdsaPublicKey = async (keyBytes) => {
3704
- return webcrypto.subtle.importKey(
3705
- "raw",
3706
- keyBytes,
3707
- { name: "ECDSA", namedCurve: "P-256" },
3708
- true,
3709
- ["verify"]
3710
- );
3053
+ var verifySig = async (publicKey, data, sig) => {
3054
+ const msgHash = await sha2562(data);
3055
+ return p256.verify(sig, msgHash, publicKey, { lowS: true });
3711
3056
  };
3712
3057
 
3713
3058
  // src/p256/plugin.ts
@@ -3724,8 +3069,11 @@ var verifyDidSig2 = async (did, data, sig) => {
3724
3069
  if (jwtAlg !== SECP256K1_JWT_ALG) {
3725
3070
  throw new Error(`Not a secp256k1 did:key: ${did}`);
3726
3071
  }
3727
- const msgHash = await utils.sha256(data);
3728
- return verify(sig, msgHash, keyBytes);
3072
+ return verifySig2(keyBytes, data, sig);
3073
+ };
3074
+ var verifySig2 = async (publicKey, data, sig) => {
3075
+ const msgHash = await sha2562(data);
3076
+ return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
3729
3077
  };
3730
3078
 
3731
3079
  // src/secp256k1/plugin.ts
@@ -3741,13 +3089,12 @@ var plugins = [plugin_default, plugin_default2];
3741
3089
  var plugins_default = plugins;
3742
3090
 
3743
3091
  // src/did.ts
3744
- var DID_KEY_BASE58_PREFIX = "did:key:z";
3745
- var parseDidKey = (did) => {
3746
- if (!did.startsWith(DID_KEY_BASE58_PREFIX)) {
3747
- throw new Error(`Incorrect prefix for did:key: ${did}`);
3092
+ var parseMultikey = (multikey) => {
3093
+ if (!multikey.startsWith(BASE58_MULTIBASE_PREFIX)) {
3094
+ throw new Error(`Incorrect prefix for multikey: ${multikey}`);
3748
3095
  }
3749
3096
  const prefixedBytes = fromString2(
3750
- did.slice(DID_KEY_BASE58_PREFIX.length),
3097
+ multikey.slice(BASE58_MULTIBASE_PREFIX.length),
3751
3098
  "base58btc"
3752
3099
  );
3753
3100
  const plugin = plugins_default.find((p) => hasPrefix(prefixedBytes, p.prefix));
@@ -3765,7 +3112,7 @@ var parseDidKey = (did) => {
3765
3112
  keyBytes
3766
3113
  };
3767
3114
  };
3768
- var formatDidKey = (jwtAlg, keyBytes) => {
3115
+ var formatMultikey = (jwtAlg, keyBytes) => {
3769
3116
  const plugin = plugins_default.find((p) => p.jwtAlg === jwtAlg);
3770
3117
  if (!plugin) {
3771
3118
  throw new Error("Unsupported key type");
@@ -3776,10 +3123,19 @@ var formatDidKey = (jwtAlg, keyBytes) => {
3776
3123
  keyBytes = compressPubkey2(keyBytes);
3777
3124
  }
3778
3125
  const prefixedBytes = concat([plugin.prefix, keyBytes]);
3779
- return DID_KEY_BASE58_PREFIX + toString2(prefixedBytes, "base58btc");
3126
+ return BASE58_MULTIBASE_PREFIX + toString2(prefixedBytes, "base58btc");
3127
+ };
3128
+ var parseDidKey = (did) => {
3129
+ if (!did.startsWith(DID_KEY_PREFIX)) {
3130
+ throw new Error(`Incorrect prefix for did:key: ${did}`);
3131
+ }
3132
+ return parseMultikey(did.slice(DID_KEY_PREFIX.length));
3133
+ };
3134
+ var formatDidKey = (jwtAlg, keyBytes) => {
3135
+ return DID_KEY_PREFIX + formatMultikey(jwtAlg, keyBytes);
3780
3136
  };
3781
- var hasPrefix = (bytes, prefix) => {
3782
- return equals(prefix, bytes.subarray(0, prefix.byteLength));
3137
+ var hasPrefix = (bytes2, prefix) => {
3138
+ return equals(prefix, bytes2.subarray(0, prefix.byteLength));
3783
3139
  };
3784
3140
 
3785
3141
  // src/multibase.ts
@@ -3807,26 +3163,47 @@ var multibaseToBytes = (mb) => {
3807
3163
  throw new Error(`Unsupported multibase: :${mb}`);
3808
3164
  }
3809
3165
  };
3166
+ var bytesToMultibase = (mb, encoding) => {
3167
+ switch (encoding) {
3168
+ case "base16":
3169
+ return "f" + toString2(mb, encoding);
3170
+ case "base16upper":
3171
+ return "F" + toString2(mb, encoding);
3172
+ case "base32":
3173
+ return "b" + toString2(mb, encoding);
3174
+ case "base32upper":
3175
+ return "B" + toString2(mb, encoding);
3176
+ case "base58btc":
3177
+ return "z" + toString2(mb, encoding);
3178
+ case "base64":
3179
+ return "m" + toString2(mb, encoding);
3180
+ case "base64url":
3181
+ return "u" + toString2(mb, encoding);
3182
+ case "base64urlpad":
3183
+ return "U" + toString2(mb, encoding);
3184
+ default:
3185
+ throw new Error(`Unsupported multibase: :${mb}`);
3186
+ }
3187
+ };
3810
3188
 
3811
3189
  // src/sha.ts
3812
- var import_crypto3 = __toESM(require("crypto"));
3813
- var sha2562 = async (input) => {
3814
- const bytes = typeof input === "string" ? fromString2(input, "utf8") : input;
3815
- const hash = await sha256.digest(bytes);
3816
- return hash.digest;
3190
+ var sha2563 = async (input) => {
3191
+ const bytes2 = typeof input === "string" ? fromString2(input, "utf8") : input;
3192
+ return sha2562(bytes2);
3817
3193
  };
3818
- var sha256Stream = async (stream) => {
3819
- const hash = import_crypto3.default.createHash("sha256");
3820
- try {
3821
- for await (const chunk of stream) {
3822
- hash.write(chunk);
3823
- }
3824
- } catch (err) {
3825
- hash.end();
3826
- throw err;
3827
- }
3828
- hash.end();
3829
- return hash.read();
3194
+
3195
+ // src/random.ts
3196
+ var randomBytes2 = randomBytes;
3197
+ var randomStr = (byteLength, encoding) => {
3198
+ const bytes2 = randomBytes2(byteLength);
3199
+ return toString2(bytes2, encoding);
3200
+ };
3201
+ var randomIntFromSeed = async (seed, high, low = 0) => {
3202
+ const hash2 = await sha2563(seed);
3203
+ const number2 = Buffer.from(hash2).readUintBE(0, 6);
3204
+ const range = high - low;
3205
+ const normalized = number2 % range;
3206
+ return normalized + low;
3830
3207
  };
3831
3208
 
3832
3209
  // src/verify.ts
@@ -3845,30 +3222,22 @@ var verifySignatureUtf8 = async (didKey, data, sig) => {
3845
3222
  };
3846
3223
 
3847
3224
  // src/p256/keypair.ts
3848
- var EcdsaKeypair = class {
3849
- constructor(keypair, publicKey, exportable) {
3850
- this.jwtAlg = P256_JWT_ALG;
3851
- this.keypair = keypair;
3852
- this.publicKey = publicKey;
3225
+ var P256Keypair = class {
3226
+ constructor(privateKey, exportable) {
3227
+ this.privateKey = privateKey;
3853
3228
  this.exportable = exportable;
3229
+ this.jwtAlg = P256_JWT_ALG;
3230
+ this.publicKey = p256.getPublicKey(privateKey);
3854
3231
  }
3855
3232
  static async create(opts) {
3856
3233
  const { exportable = false } = opts || {};
3857
- const keypair = await webcrypto.subtle.generateKey(
3858
- { name: "ECDSA", namedCurve: "P-256" },
3859
- exportable,
3860
- ["sign", "verify"]
3861
- );
3862
- const pubkeyBuf = await webcrypto.subtle.exportKey("raw", keypair.publicKey);
3863
- const pubkeyBytes = new Uint8Array(pubkeyBuf);
3864
- return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
3865
- }
3866
- static async import(jwk, opts) {
3234
+ const privKey = p256.utils.randomPrivateKey();
3235
+ return new P256Keypair(privKey, exportable);
3236
+ }
3237
+ static async import(privKey, opts) {
3867
3238
  const { exportable = false } = opts || {};
3868
- const keypair = await importKeypairJwk(jwk, exportable);
3869
- const pubkeyBuf = await webcrypto.subtle.exportKey("raw", keypair.publicKey);
3870
- const pubkeyBytes = new Uint8Array(pubkeyBuf);
3871
- return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
3239
+ const privKeyBytes = typeof privKey === "string" ? fromString2(privKey, "hex") : privKey;
3240
+ return new P256Keypair(privKeyBytes, exportable);
3872
3241
  }
3873
3242
  publicKeyBytes() {
3874
3243
  return this.publicKey;
@@ -3880,19 +3249,15 @@ var EcdsaKeypair = class {
3880
3249
  return formatDidKey(this.jwtAlg, this.publicKey);
3881
3250
  }
3882
3251
  async sign(msg) {
3883
- const buf = await webcrypto.subtle.sign(
3884
- { name: "ECDSA", hash: { name: "SHA-256" } },
3885
- this.keypair.privateKey,
3886
- msg.buffer
3887
- );
3888
- return new Uint8Array(buf);
3252
+ const msgHash = await sha2562(msg);
3253
+ const sig = await p256.sign(msgHash, this.privateKey, { lowS: true });
3254
+ return sig.toCompactRawBytes();
3889
3255
  }
3890
3256
  async export() {
3891
3257
  if (!this.exportable) {
3892
3258
  throw new Error("Private key is not exportable");
3893
3259
  }
3894
- const jwk = await webcrypto.subtle.exportKey("jwk", this.keypair.privateKey);
3895
- return jwk;
3260
+ return this.privateKey;
3896
3261
  }
3897
3262
  };
3898
3263
 
@@ -3902,11 +3267,11 @@ var Secp256k1Keypair = class {
3902
3267
  this.privateKey = privateKey;
3903
3268
  this.exportable = exportable;
3904
3269
  this.jwtAlg = SECP256K1_JWT_ALG;
3905
- this.publicKey = getPublicKey(privateKey);
3270
+ this.publicKey = secp256k1.getPublicKey(privateKey);
3906
3271
  }
3907
3272
  static async create(opts) {
3908
3273
  const { exportable = false } = opts || {};
3909
- const privKey = utils.randomPrivateKey();
3274
+ const privKey = secp256k1.utils.randomPrivateKey();
3910
3275
  return new Secp256k1Keypair(privKey, exportable);
3911
3276
  }
3912
3277
  static async import(privKey, opts) {
@@ -3924,8 +3289,9 @@ var Secp256k1Keypair = class {
3924
3289
  return formatDidKey(this.jwtAlg, this.publicKey);
3925
3290
  }
3926
3291
  async sign(msg) {
3927
- const msgHash = await utils.sha256(msg);
3928
- return sign(msgHash, this.privateKey, { der: false });
3292
+ const msgHash = await sha2562(msg);
3293
+ const sig = await secp256k1.sign(msgHash, this.privateKey, { lowS: true });
3294
+ return sig.toCompactRawBytes();
3929
3295
  }
3930
3296
  async export() {
3931
3297
  if (!this.exportable) {
@@ -3936,27 +3302,29 @@ var Secp256k1Keypair = class {
3936
3302
  };
3937
3303
  // Annotate the CommonJS export names for ESM import in node:
3938
3304
  0 && (module.exports = {
3939
- AesKey,
3940
- BASE58_DID_PREFIX,
3941
- DID_KEY_BASE58_PREFIX,
3942
- EcdsaKeypair,
3305
+ BASE58_MULTIBASE_PREFIX,
3306
+ DID_KEY_PREFIX,
3307
+ P256Keypair,
3943
3308
  P256_DID_PREFIX,
3944
3309
  P256_JWT_ALG,
3945
3310
  SECP256K1_DID_PREFIX,
3946
3311
  SECP256K1_JWT_ALG,
3947
3312
  Secp256k1Keypair,
3313
+ bytesToMultibase,
3948
3314
  formatDidKey,
3315
+ formatMultikey,
3949
3316
  multibaseToBytes,
3950
3317
  p256Plugin,
3951
3318
  parseDidKey,
3319
+ parseMultikey,
3952
3320
  randomBytes,
3953
- randomIV,
3321
+ randomIntFromSeed,
3954
3322
  randomStr,
3955
3323
  secp256k1Plugin,
3956
3324
  sha256,
3957
- sha256Stream,
3958
3325
  verifySignature,
3959
3326
  verifySignatureUtf8
3960
3327
  });
3961
- /*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
3328
+ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
3329
+ /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
3962
3330
  //# sourceMappingURL=index.js.map