@atproto/crypto 0.1.1 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/const.d.ts +2 -1
- package/dist/did.d.ts +4 -3
- package/dist/index.d.ts +0 -1
- package/dist/index.js +1924 -2556
- package/dist/index.js.map +4 -4
- package/dist/multibase.d.ts +2 -0
- package/dist/p256/keypair.d.ts +9 -9
- package/dist/p256/operations.d.ts +1 -3
- package/dist/random.d.ts +3 -2
- package/dist/secp256k1/operations.d.ts +1 -0
- package/dist/sha.d.ts +0 -2
- package/dist/types.d.ts +1 -0
- package/package.json +10 -7
- package/src/const.ts +2 -1
- package/src/did.ts +27 -10
- package/src/index.ts +0 -1
- package/src/multibase.ts +27 -0
- package/src/p256/encoding.ts +5 -72
- package/src/p256/keypair.ts +25 -41
- package/src/p256/operations.ts +6 -45
- package/src/random.ts +15 -8
- package/src/secp256k1/encoding.ts +3 -5
- package/src/secp256k1/keypair.ts +7 -5
- package/src/secp256k1/operations.ts +12 -3
- package/src/sha.ts +2 -19
- package/src/types.ts +1 -0
- package/tests/did.test.ts +8 -22
- package/tests/key-compression.test.ts +3 -3
- package/tests/keypairs.test.ts +71 -0
- package/tests/random.test.ts +15 -0
- package/tests/signature-fixtures.json +34 -0
- package/tests/signatures.test.ts +161 -0
- package/tsconfig.build.tsbuildinfo +1 -1
- package/dist/p256/encoding.d.ts +0 -2
- package/dist/p256/plugin.d.ts +0 -3
- package/dist/plugins.d.ts +0 -2
- package/dist/secp256k1/encoding.d.ts +0 -2
- package/dist/secp256k1/keypair.d.ts +0 -20
- package/dist/secp256k1/plugin.d.ts +0 -3
- package/dist/verify.d.ts +0 -2
- package/src/aes.ts +0 -64
- package/tests/export.test.ts +0 -50
package/dist/index.js
CHANGED
|
@@ -5,9 +5,6 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
|
5
5
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
6
|
var __getProtoOf = Object.getPrototypeOf;
|
|
7
7
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
|
-
var __commonJS = (cb, mod2) => function __require() {
|
|
9
|
-
return mod2 || (0, cb[__getOwnPropNames(cb)[0]])((mod2 = { exports: {} }).exports, mod2), mod2.exports;
|
|
10
|
-
};
|
|
11
8
|
var __export = (target, all) => {
|
|
12
9
|
for (var name2 in all)
|
|
13
10
|
__defProp(target, name2, { get: all[name2], enumerable: true });
|
|
@@ -26,1404 +23,54 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
|
|
|
26
23
|
));
|
|
27
24
|
var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
|
|
28
25
|
|
|
29
|
-
// ../../node_modules/big-integer/BigInteger.js
|
|
30
|
-
var require_BigInteger = __commonJS({
|
|
31
|
-
"../../node_modules/big-integer/BigInteger.js"(exports, module2) {
|
|
32
|
-
var bigInt2 = function(undefined2) {
|
|
33
|
-
"use strict";
|
|
34
|
-
var BASE = 1e7, LOG_BASE = 7, MAX_INT = 9007199254740992, MAX_INT_ARR = smallToArray(MAX_INT), DEFAULT_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyz";
|
|
35
|
-
var supportsNativeBigInt = typeof BigInt === "function";
|
|
36
|
-
function Integer(v, radix, alphabet2, caseSensitive) {
|
|
37
|
-
if (typeof v === "undefined")
|
|
38
|
-
return Integer[0];
|
|
39
|
-
if (typeof radix !== "undefined")
|
|
40
|
-
return +radix === 10 && !alphabet2 ? parseValue(v) : parseBase(v, radix, alphabet2, caseSensitive);
|
|
41
|
-
return parseValue(v);
|
|
42
|
-
}
|
|
43
|
-
function BigInteger(value, sign2) {
|
|
44
|
-
this.value = value;
|
|
45
|
-
this.sign = sign2;
|
|
46
|
-
this.isSmall = false;
|
|
47
|
-
}
|
|
48
|
-
BigInteger.prototype = Object.create(Integer.prototype);
|
|
49
|
-
function SmallInteger(value) {
|
|
50
|
-
this.value = value;
|
|
51
|
-
this.sign = value < 0;
|
|
52
|
-
this.isSmall = true;
|
|
53
|
-
}
|
|
54
|
-
SmallInteger.prototype = Object.create(Integer.prototype);
|
|
55
|
-
function NativeBigInt(value) {
|
|
56
|
-
this.value = value;
|
|
57
|
-
}
|
|
58
|
-
NativeBigInt.prototype = Object.create(Integer.prototype);
|
|
59
|
-
function isPrecise(n) {
|
|
60
|
-
return -MAX_INT < n && n < MAX_INT;
|
|
61
|
-
}
|
|
62
|
-
function smallToArray(n) {
|
|
63
|
-
if (n < 1e7)
|
|
64
|
-
return [n];
|
|
65
|
-
if (n < 1e14)
|
|
66
|
-
return [n % 1e7, Math.floor(n / 1e7)];
|
|
67
|
-
return [n % 1e7, Math.floor(n / 1e7) % 1e7, Math.floor(n / 1e14)];
|
|
68
|
-
}
|
|
69
|
-
function arrayToSmall(arr) {
|
|
70
|
-
trim(arr);
|
|
71
|
-
var length2 = arr.length;
|
|
72
|
-
if (length2 < 4 && compareAbs(arr, MAX_INT_ARR) < 0) {
|
|
73
|
-
switch (length2) {
|
|
74
|
-
case 0:
|
|
75
|
-
return 0;
|
|
76
|
-
case 1:
|
|
77
|
-
return arr[0];
|
|
78
|
-
case 2:
|
|
79
|
-
return arr[0] + arr[1] * BASE;
|
|
80
|
-
default:
|
|
81
|
-
return arr[0] + (arr[1] + arr[2] * BASE) * BASE;
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
return arr;
|
|
85
|
-
}
|
|
86
|
-
function trim(v) {
|
|
87
|
-
var i2 = v.length;
|
|
88
|
-
while (v[--i2] === 0)
|
|
89
|
-
;
|
|
90
|
-
v.length = i2 + 1;
|
|
91
|
-
}
|
|
92
|
-
function createArray(length2) {
|
|
93
|
-
var x = new Array(length2);
|
|
94
|
-
var i2 = -1;
|
|
95
|
-
while (++i2 < length2) {
|
|
96
|
-
x[i2] = 0;
|
|
97
|
-
}
|
|
98
|
-
return x;
|
|
99
|
-
}
|
|
100
|
-
function truncate(n) {
|
|
101
|
-
if (n > 0)
|
|
102
|
-
return Math.floor(n);
|
|
103
|
-
return Math.ceil(n);
|
|
104
|
-
}
|
|
105
|
-
function add(a, b) {
|
|
106
|
-
var l_a = a.length, l_b = b.length, r = new Array(l_a), carry = 0, base3 = BASE, sum, i2;
|
|
107
|
-
for (i2 = 0; i2 < l_b; i2++) {
|
|
108
|
-
sum = a[i2] + b[i2] + carry;
|
|
109
|
-
carry = sum >= base3 ? 1 : 0;
|
|
110
|
-
r[i2] = sum - carry * base3;
|
|
111
|
-
}
|
|
112
|
-
while (i2 < l_a) {
|
|
113
|
-
sum = a[i2] + carry;
|
|
114
|
-
carry = sum === base3 ? 1 : 0;
|
|
115
|
-
r[i2++] = sum - carry * base3;
|
|
116
|
-
}
|
|
117
|
-
if (carry > 0)
|
|
118
|
-
r.push(carry);
|
|
119
|
-
return r;
|
|
120
|
-
}
|
|
121
|
-
function addAny(a, b) {
|
|
122
|
-
if (a.length >= b.length)
|
|
123
|
-
return add(a, b);
|
|
124
|
-
return add(b, a);
|
|
125
|
-
}
|
|
126
|
-
function addSmall(a, carry) {
|
|
127
|
-
var l = a.length, r = new Array(l), base3 = BASE, sum, i2;
|
|
128
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
129
|
-
sum = a[i2] - base3 + carry;
|
|
130
|
-
carry = Math.floor(sum / base3);
|
|
131
|
-
r[i2] = sum - carry * base3;
|
|
132
|
-
carry += 1;
|
|
133
|
-
}
|
|
134
|
-
while (carry > 0) {
|
|
135
|
-
r[i2++] = carry % base3;
|
|
136
|
-
carry = Math.floor(carry / base3);
|
|
137
|
-
}
|
|
138
|
-
return r;
|
|
139
|
-
}
|
|
140
|
-
BigInteger.prototype.add = function(v) {
|
|
141
|
-
var n = parseValue(v);
|
|
142
|
-
if (this.sign !== n.sign) {
|
|
143
|
-
return this.subtract(n.negate());
|
|
144
|
-
}
|
|
145
|
-
var a = this.value, b = n.value;
|
|
146
|
-
if (n.isSmall) {
|
|
147
|
-
return new BigInteger(addSmall(a, Math.abs(b)), this.sign);
|
|
148
|
-
}
|
|
149
|
-
return new BigInteger(addAny(a, b), this.sign);
|
|
150
|
-
};
|
|
151
|
-
BigInteger.prototype.plus = BigInteger.prototype.add;
|
|
152
|
-
SmallInteger.prototype.add = function(v) {
|
|
153
|
-
var n = parseValue(v);
|
|
154
|
-
var a = this.value;
|
|
155
|
-
if (a < 0 !== n.sign) {
|
|
156
|
-
return this.subtract(n.negate());
|
|
157
|
-
}
|
|
158
|
-
var b = n.value;
|
|
159
|
-
if (n.isSmall) {
|
|
160
|
-
if (isPrecise(a + b))
|
|
161
|
-
return new SmallInteger(a + b);
|
|
162
|
-
b = smallToArray(Math.abs(b));
|
|
163
|
-
}
|
|
164
|
-
return new BigInteger(addSmall(b, Math.abs(a)), a < 0);
|
|
165
|
-
};
|
|
166
|
-
SmallInteger.prototype.plus = SmallInteger.prototype.add;
|
|
167
|
-
NativeBigInt.prototype.add = function(v) {
|
|
168
|
-
return new NativeBigInt(this.value + parseValue(v).value);
|
|
169
|
-
};
|
|
170
|
-
NativeBigInt.prototype.plus = NativeBigInt.prototype.add;
|
|
171
|
-
function subtract(a, b) {
|
|
172
|
-
var a_l = a.length, b_l = b.length, r = new Array(a_l), borrow = 0, base3 = BASE, i2, difference;
|
|
173
|
-
for (i2 = 0; i2 < b_l; i2++) {
|
|
174
|
-
difference = a[i2] - borrow - b[i2];
|
|
175
|
-
if (difference < 0) {
|
|
176
|
-
difference += base3;
|
|
177
|
-
borrow = 1;
|
|
178
|
-
} else
|
|
179
|
-
borrow = 0;
|
|
180
|
-
r[i2] = difference;
|
|
181
|
-
}
|
|
182
|
-
for (i2 = b_l; i2 < a_l; i2++) {
|
|
183
|
-
difference = a[i2] - borrow;
|
|
184
|
-
if (difference < 0)
|
|
185
|
-
difference += base3;
|
|
186
|
-
else {
|
|
187
|
-
r[i2++] = difference;
|
|
188
|
-
break;
|
|
189
|
-
}
|
|
190
|
-
r[i2] = difference;
|
|
191
|
-
}
|
|
192
|
-
for (; i2 < a_l; i2++) {
|
|
193
|
-
r[i2] = a[i2];
|
|
194
|
-
}
|
|
195
|
-
trim(r);
|
|
196
|
-
return r;
|
|
197
|
-
}
|
|
198
|
-
function subtractAny(a, b, sign2) {
|
|
199
|
-
var value;
|
|
200
|
-
if (compareAbs(a, b) >= 0) {
|
|
201
|
-
value = subtract(a, b);
|
|
202
|
-
} else {
|
|
203
|
-
value = subtract(b, a);
|
|
204
|
-
sign2 = !sign2;
|
|
205
|
-
}
|
|
206
|
-
value = arrayToSmall(value);
|
|
207
|
-
if (typeof value === "number") {
|
|
208
|
-
if (sign2)
|
|
209
|
-
value = -value;
|
|
210
|
-
return new SmallInteger(value);
|
|
211
|
-
}
|
|
212
|
-
return new BigInteger(value, sign2);
|
|
213
|
-
}
|
|
214
|
-
function subtractSmall(a, b, sign2) {
|
|
215
|
-
var l = a.length, r = new Array(l), carry = -b, base3 = BASE, i2, difference;
|
|
216
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
217
|
-
difference = a[i2] + carry;
|
|
218
|
-
carry = Math.floor(difference / base3);
|
|
219
|
-
difference %= base3;
|
|
220
|
-
r[i2] = difference < 0 ? difference + base3 : difference;
|
|
221
|
-
}
|
|
222
|
-
r = arrayToSmall(r);
|
|
223
|
-
if (typeof r === "number") {
|
|
224
|
-
if (sign2)
|
|
225
|
-
r = -r;
|
|
226
|
-
return new SmallInteger(r);
|
|
227
|
-
}
|
|
228
|
-
return new BigInteger(r, sign2);
|
|
229
|
-
}
|
|
230
|
-
BigInteger.prototype.subtract = function(v) {
|
|
231
|
-
var n = parseValue(v);
|
|
232
|
-
if (this.sign !== n.sign) {
|
|
233
|
-
return this.add(n.negate());
|
|
234
|
-
}
|
|
235
|
-
var a = this.value, b = n.value;
|
|
236
|
-
if (n.isSmall)
|
|
237
|
-
return subtractSmall(a, Math.abs(b), this.sign);
|
|
238
|
-
return subtractAny(a, b, this.sign);
|
|
239
|
-
};
|
|
240
|
-
BigInteger.prototype.minus = BigInteger.prototype.subtract;
|
|
241
|
-
SmallInteger.prototype.subtract = function(v) {
|
|
242
|
-
var n = parseValue(v);
|
|
243
|
-
var a = this.value;
|
|
244
|
-
if (a < 0 !== n.sign) {
|
|
245
|
-
return this.add(n.negate());
|
|
246
|
-
}
|
|
247
|
-
var b = n.value;
|
|
248
|
-
if (n.isSmall) {
|
|
249
|
-
return new SmallInteger(a - b);
|
|
250
|
-
}
|
|
251
|
-
return subtractSmall(b, Math.abs(a), a >= 0);
|
|
252
|
-
};
|
|
253
|
-
SmallInteger.prototype.minus = SmallInteger.prototype.subtract;
|
|
254
|
-
NativeBigInt.prototype.subtract = function(v) {
|
|
255
|
-
return new NativeBigInt(this.value - parseValue(v).value);
|
|
256
|
-
};
|
|
257
|
-
NativeBigInt.prototype.minus = NativeBigInt.prototype.subtract;
|
|
258
|
-
BigInteger.prototype.negate = function() {
|
|
259
|
-
return new BigInteger(this.value, !this.sign);
|
|
260
|
-
};
|
|
261
|
-
SmallInteger.prototype.negate = function() {
|
|
262
|
-
var sign2 = this.sign;
|
|
263
|
-
var small = new SmallInteger(-this.value);
|
|
264
|
-
small.sign = !sign2;
|
|
265
|
-
return small;
|
|
266
|
-
};
|
|
267
|
-
NativeBigInt.prototype.negate = function() {
|
|
268
|
-
return new NativeBigInt(-this.value);
|
|
269
|
-
};
|
|
270
|
-
BigInteger.prototype.abs = function() {
|
|
271
|
-
return new BigInteger(this.value, false);
|
|
272
|
-
};
|
|
273
|
-
SmallInteger.prototype.abs = function() {
|
|
274
|
-
return new SmallInteger(Math.abs(this.value));
|
|
275
|
-
};
|
|
276
|
-
NativeBigInt.prototype.abs = function() {
|
|
277
|
-
return new NativeBigInt(this.value >= 0 ? this.value : -this.value);
|
|
278
|
-
};
|
|
279
|
-
function multiplyLong(a, b) {
|
|
280
|
-
var a_l = a.length, b_l = b.length, l = a_l + b_l, r = createArray(l), base3 = BASE, product, carry, i2, a_i, b_j;
|
|
281
|
-
for (i2 = 0; i2 < a_l; ++i2) {
|
|
282
|
-
a_i = a[i2];
|
|
283
|
-
for (var j = 0; j < b_l; ++j) {
|
|
284
|
-
b_j = b[j];
|
|
285
|
-
product = a_i * b_j + r[i2 + j];
|
|
286
|
-
carry = Math.floor(product / base3);
|
|
287
|
-
r[i2 + j] = product - carry * base3;
|
|
288
|
-
r[i2 + j + 1] += carry;
|
|
289
|
-
}
|
|
290
|
-
}
|
|
291
|
-
trim(r);
|
|
292
|
-
return r;
|
|
293
|
-
}
|
|
294
|
-
function multiplySmall(a, b) {
|
|
295
|
-
var l = a.length, r = new Array(l), base3 = BASE, carry = 0, product, i2;
|
|
296
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
297
|
-
product = a[i2] * b + carry;
|
|
298
|
-
carry = Math.floor(product / base3);
|
|
299
|
-
r[i2] = product - carry * base3;
|
|
300
|
-
}
|
|
301
|
-
while (carry > 0) {
|
|
302
|
-
r[i2++] = carry % base3;
|
|
303
|
-
carry = Math.floor(carry / base3);
|
|
304
|
-
}
|
|
305
|
-
return r;
|
|
306
|
-
}
|
|
307
|
-
function shiftLeft(x, n) {
|
|
308
|
-
var r = [];
|
|
309
|
-
while (n-- > 0)
|
|
310
|
-
r.push(0);
|
|
311
|
-
return r.concat(x);
|
|
312
|
-
}
|
|
313
|
-
function multiplyKaratsuba(x, y) {
|
|
314
|
-
var n = Math.max(x.length, y.length);
|
|
315
|
-
if (n <= 30)
|
|
316
|
-
return multiplyLong(x, y);
|
|
317
|
-
n = Math.ceil(n / 2);
|
|
318
|
-
var b = x.slice(n), a = x.slice(0, n), d = y.slice(n), c = y.slice(0, n);
|
|
319
|
-
var ac = multiplyKaratsuba(a, c), bd = multiplyKaratsuba(b, d), abcd = multiplyKaratsuba(addAny(a, b), addAny(c, d));
|
|
320
|
-
var product = addAny(addAny(ac, shiftLeft(subtract(subtract(abcd, ac), bd), n)), shiftLeft(bd, 2 * n));
|
|
321
|
-
trim(product);
|
|
322
|
-
return product;
|
|
323
|
-
}
|
|
324
|
-
function useKaratsuba(l1, l2) {
|
|
325
|
-
return -0.012 * l1 - 0.012 * l2 + 15e-6 * l1 * l2 > 0;
|
|
326
|
-
}
|
|
327
|
-
BigInteger.prototype.multiply = function(v) {
|
|
328
|
-
var n = parseValue(v), a = this.value, b = n.value, sign2 = this.sign !== n.sign, abs;
|
|
329
|
-
if (n.isSmall) {
|
|
330
|
-
if (b === 0)
|
|
331
|
-
return Integer[0];
|
|
332
|
-
if (b === 1)
|
|
333
|
-
return this;
|
|
334
|
-
if (b === -1)
|
|
335
|
-
return this.negate();
|
|
336
|
-
abs = Math.abs(b);
|
|
337
|
-
if (abs < BASE) {
|
|
338
|
-
return new BigInteger(multiplySmall(a, abs), sign2);
|
|
339
|
-
}
|
|
340
|
-
b = smallToArray(abs);
|
|
341
|
-
}
|
|
342
|
-
if (useKaratsuba(a.length, b.length))
|
|
343
|
-
return new BigInteger(multiplyKaratsuba(a, b), sign2);
|
|
344
|
-
return new BigInteger(multiplyLong(a, b), sign2);
|
|
345
|
-
};
|
|
346
|
-
BigInteger.prototype.times = BigInteger.prototype.multiply;
|
|
347
|
-
function multiplySmallAndArray(a, b, sign2) {
|
|
348
|
-
if (a < BASE) {
|
|
349
|
-
return new BigInteger(multiplySmall(b, a), sign2);
|
|
350
|
-
}
|
|
351
|
-
return new BigInteger(multiplyLong(b, smallToArray(a)), sign2);
|
|
352
|
-
}
|
|
353
|
-
SmallInteger.prototype._multiplyBySmall = function(a) {
|
|
354
|
-
if (isPrecise(a.value * this.value)) {
|
|
355
|
-
return new SmallInteger(a.value * this.value);
|
|
356
|
-
}
|
|
357
|
-
return multiplySmallAndArray(Math.abs(a.value), smallToArray(Math.abs(this.value)), this.sign !== a.sign);
|
|
358
|
-
};
|
|
359
|
-
BigInteger.prototype._multiplyBySmall = function(a) {
|
|
360
|
-
if (a.value === 0)
|
|
361
|
-
return Integer[0];
|
|
362
|
-
if (a.value === 1)
|
|
363
|
-
return this;
|
|
364
|
-
if (a.value === -1)
|
|
365
|
-
return this.negate();
|
|
366
|
-
return multiplySmallAndArray(Math.abs(a.value), this.value, this.sign !== a.sign);
|
|
367
|
-
};
|
|
368
|
-
SmallInteger.prototype.multiply = function(v) {
|
|
369
|
-
return parseValue(v)._multiplyBySmall(this);
|
|
370
|
-
};
|
|
371
|
-
SmallInteger.prototype.times = SmallInteger.prototype.multiply;
|
|
372
|
-
NativeBigInt.prototype.multiply = function(v) {
|
|
373
|
-
return new NativeBigInt(this.value * parseValue(v).value);
|
|
374
|
-
};
|
|
375
|
-
NativeBigInt.prototype.times = NativeBigInt.prototype.multiply;
|
|
376
|
-
function square(a) {
|
|
377
|
-
var l = a.length, r = createArray(l + l), base3 = BASE, product, carry, i2, a_i, a_j;
|
|
378
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
379
|
-
a_i = a[i2];
|
|
380
|
-
carry = 0 - a_i * a_i;
|
|
381
|
-
for (var j = i2; j < l; j++) {
|
|
382
|
-
a_j = a[j];
|
|
383
|
-
product = 2 * (a_i * a_j) + r[i2 + j] + carry;
|
|
384
|
-
carry = Math.floor(product / base3);
|
|
385
|
-
r[i2 + j] = product - carry * base3;
|
|
386
|
-
}
|
|
387
|
-
r[i2 + l] = carry;
|
|
388
|
-
}
|
|
389
|
-
trim(r);
|
|
390
|
-
return r;
|
|
391
|
-
}
|
|
392
|
-
BigInteger.prototype.square = function() {
|
|
393
|
-
return new BigInteger(square(this.value), false);
|
|
394
|
-
};
|
|
395
|
-
SmallInteger.prototype.square = function() {
|
|
396
|
-
var value = this.value * this.value;
|
|
397
|
-
if (isPrecise(value))
|
|
398
|
-
return new SmallInteger(value);
|
|
399
|
-
return new BigInteger(square(smallToArray(Math.abs(this.value))), false);
|
|
400
|
-
};
|
|
401
|
-
NativeBigInt.prototype.square = function(v) {
|
|
402
|
-
return new NativeBigInt(this.value * this.value);
|
|
403
|
-
};
|
|
404
|
-
function divMod1(a, b) {
|
|
405
|
-
var a_l = a.length, b_l = b.length, base3 = BASE, result = createArray(b.length), divisorMostSignificantDigit = b[b_l - 1], lambda = Math.ceil(base3 / (2 * divisorMostSignificantDigit)), remainder = multiplySmall(a, lambda), divisor = multiplySmall(b, lambda), quotientDigit, shift, carry, borrow, i2, l, q;
|
|
406
|
-
if (remainder.length <= a_l)
|
|
407
|
-
remainder.push(0);
|
|
408
|
-
divisor.push(0);
|
|
409
|
-
divisorMostSignificantDigit = divisor[b_l - 1];
|
|
410
|
-
for (shift = a_l - b_l; shift >= 0; shift--) {
|
|
411
|
-
quotientDigit = base3 - 1;
|
|
412
|
-
if (remainder[shift + b_l] !== divisorMostSignificantDigit) {
|
|
413
|
-
quotientDigit = Math.floor((remainder[shift + b_l] * base3 + remainder[shift + b_l - 1]) / divisorMostSignificantDigit);
|
|
414
|
-
}
|
|
415
|
-
carry = 0;
|
|
416
|
-
borrow = 0;
|
|
417
|
-
l = divisor.length;
|
|
418
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
419
|
-
carry += quotientDigit * divisor[i2];
|
|
420
|
-
q = Math.floor(carry / base3);
|
|
421
|
-
borrow += remainder[shift + i2] - (carry - q * base3);
|
|
422
|
-
carry = q;
|
|
423
|
-
if (borrow < 0) {
|
|
424
|
-
remainder[shift + i2] = borrow + base3;
|
|
425
|
-
borrow = -1;
|
|
426
|
-
} else {
|
|
427
|
-
remainder[shift + i2] = borrow;
|
|
428
|
-
borrow = 0;
|
|
429
|
-
}
|
|
430
|
-
}
|
|
431
|
-
while (borrow !== 0) {
|
|
432
|
-
quotientDigit -= 1;
|
|
433
|
-
carry = 0;
|
|
434
|
-
for (i2 = 0; i2 < l; i2++) {
|
|
435
|
-
carry += remainder[shift + i2] - base3 + divisor[i2];
|
|
436
|
-
if (carry < 0) {
|
|
437
|
-
remainder[shift + i2] = carry + base3;
|
|
438
|
-
carry = 0;
|
|
439
|
-
} else {
|
|
440
|
-
remainder[shift + i2] = carry;
|
|
441
|
-
carry = 1;
|
|
442
|
-
}
|
|
443
|
-
}
|
|
444
|
-
borrow += carry;
|
|
445
|
-
}
|
|
446
|
-
result[shift] = quotientDigit;
|
|
447
|
-
}
|
|
448
|
-
remainder = divModSmall(remainder, lambda)[0];
|
|
449
|
-
return [arrayToSmall(result), arrayToSmall(remainder)];
|
|
450
|
-
}
|
|
451
|
-
function divMod2(a, b) {
|
|
452
|
-
var a_l = a.length, b_l = b.length, result = [], part = [], base3 = BASE, guess, xlen, highx, highy, check;
|
|
453
|
-
while (a_l) {
|
|
454
|
-
part.unshift(a[--a_l]);
|
|
455
|
-
trim(part);
|
|
456
|
-
if (compareAbs(part, b) < 0) {
|
|
457
|
-
result.push(0);
|
|
458
|
-
continue;
|
|
459
|
-
}
|
|
460
|
-
xlen = part.length;
|
|
461
|
-
highx = part[xlen - 1] * base3 + part[xlen - 2];
|
|
462
|
-
highy = b[b_l - 1] * base3 + b[b_l - 2];
|
|
463
|
-
if (xlen > b_l) {
|
|
464
|
-
highx = (highx + 1) * base3;
|
|
465
|
-
}
|
|
466
|
-
guess = Math.ceil(highx / highy);
|
|
467
|
-
do {
|
|
468
|
-
check = multiplySmall(b, guess);
|
|
469
|
-
if (compareAbs(check, part) <= 0)
|
|
470
|
-
break;
|
|
471
|
-
guess--;
|
|
472
|
-
} while (guess);
|
|
473
|
-
result.push(guess);
|
|
474
|
-
part = subtract(part, check);
|
|
475
|
-
}
|
|
476
|
-
result.reverse();
|
|
477
|
-
return [arrayToSmall(result), arrayToSmall(part)];
|
|
478
|
-
}
|
|
479
|
-
function divModSmall(value, lambda) {
|
|
480
|
-
var length2 = value.length, quotient = createArray(length2), base3 = BASE, i2, q, remainder, divisor;
|
|
481
|
-
remainder = 0;
|
|
482
|
-
for (i2 = length2 - 1; i2 >= 0; --i2) {
|
|
483
|
-
divisor = remainder * base3 + value[i2];
|
|
484
|
-
q = truncate(divisor / lambda);
|
|
485
|
-
remainder = divisor - q * lambda;
|
|
486
|
-
quotient[i2] = q | 0;
|
|
487
|
-
}
|
|
488
|
-
return [quotient, remainder | 0];
|
|
489
|
-
}
|
|
490
|
-
function divModAny(self2, v) {
|
|
491
|
-
var value, n = parseValue(v);
|
|
492
|
-
if (supportsNativeBigInt) {
|
|
493
|
-
return [new NativeBigInt(self2.value / n.value), new NativeBigInt(self2.value % n.value)];
|
|
494
|
-
}
|
|
495
|
-
var a = self2.value, b = n.value;
|
|
496
|
-
var quotient;
|
|
497
|
-
if (b === 0)
|
|
498
|
-
throw new Error("Cannot divide by zero");
|
|
499
|
-
if (self2.isSmall) {
|
|
500
|
-
if (n.isSmall) {
|
|
501
|
-
return [new SmallInteger(truncate(a / b)), new SmallInteger(a % b)];
|
|
502
|
-
}
|
|
503
|
-
return [Integer[0], self2];
|
|
504
|
-
}
|
|
505
|
-
if (n.isSmall) {
|
|
506
|
-
if (b === 1)
|
|
507
|
-
return [self2, Integer[0]];
|
|
508
|
-
if (b == -1)
|
|
509
|
-
return [self2.negate(), Integer[0]];
|
|
510
|
-
var abs = Math.abs(b);
|
|
511
|
-
if (abs < BASE) {
|
|
512
|
-
value = divModSmall(a, abs);
|
|
513
|
-
quotient = arrayToSmall(value[0]);
|
|
514
|
-
var remainder = value[1];
|
|
515
|
-
if (self2.sign)
|
|
516
|
-
remainder = -remainder;
|
|
517
|
-
if (typeof quotient === "number") {
|
|
518
|
-
if (self2.sign !== n.sign)
|
|
519
|
-
quotient = -quotient;
|
|
520
|
-
return [new SmallInteger(quotient), new SmallInteger(remainder)];
|
|
521
|
-
}
|
|
522
|
-
return [new BigInteger(quotient, self2.sign !== n.sign), new SmallInteger(remainder)];
|
|
523
|
-
}
|
|
524
|
-
b = smallToArray(abs);
|
|
525
|
-
}
|
|
526
|
-
var comparison = compareAbs(a, b);
|
|
527
|
-
if (comparison === -1)
|
|
528
|
-
return [Integer[0], self2];
|
|
529
|
-
if (comparison === 0)
|
|
530
|
-
return [Integer[self2.sign === n.sign ? 1 : -1], Integer[0]];
|
|
531
|
-
if (a.length + b.length <= 200)
|
|
532
|
-
value = divMod1(a, b);
|
|
533
|
-
else
|
|
534
|
-
value = divMod2(a, b);
|
|
535
|
-
quotient = value[0];
|
|
536
|
-
var qSign = self2.sign !== n.sign, mod2 = value[1], mSign = self2.sign;
|
|
537
|
-
if (typeof quotient === "number") {
|
|
538
|
-
if (qSign)
|
|
539
|
-
quotient = -quotient;
|
|
540
|
-
quotient = new SmallInteger(quotient);
|
|
541
|
-
} else
|
|
542
|
-
quotient = new BigInteger(quotient, qSign);
|
|
543
|
-
if (typeof mod2 === "number") {
|
|
544
|
-
if (mSign)
|
|
545
|
-
mod2 = -mod2;
|
|
546
|
-
mod2 = new SmallInteger(mod2);
|
|
547
|
-
} else
|
|
548
|
-
mod2 = new BigInteger(mod2, mSign);
|
|
549
|
-
return [quotient, mod2];
|
|
550
|
-
}
|
|
551
|
-
BigInteger.prototype.divmod = function(v) {
|
|
552
|
-
var result = divModAny(this, v);
|
|
553
|
-
return {
|
|
554
|
-
quotient: result[0],
|
|
555
|
-
remainder: result[1]
|
|
556
|
-
};
|
|
557
|
-
};
|
|
558
|
-
NativeBigInt.prototype.divmod = SmallInteger.prototype.divmod = BigInteger.prototype.divmod;
|
|
559
|
-
BigInteger.prototype.divide = function(v) {
|
|
560
|
-
return divModAny(this, v)[0];
|
|
561
|
-
};
|
|
562
|
-
NativeBigInt.prototype.over = NativeBigInt.prototype.divide = function(v) {
|
|
563
|
-
return new NativeBigInt(this.value / parseValue(v).value);
|
|
564
|
-
};
|
|
565
|
-
SmallInteger.prototype.over = SmallInteger.prototype.divide = BigInteger.prototype.over = BigInteger.prototype.divide;
|
|
566
|
-
BigInteger.prototype.mod = function(v) {
|
|
567
|
-
return divModAny(this, v)[1];
|
|
568
|
-
};
|
|
569
|
-
NativeBigInt.prototype.mod = NativeBigInt.prototype.remainder = function(v) {
|
|
570
|
-
return new NativeBigInt(this.value % parseValue(v).value);
|
|
571
|
-
};
|
|
572
|
-
SmallInteger.prototype.remainder = SmallInteger.prototype.mod = BigInteger.prototype.remainder = BigInteger.prototype.mod;
|
|
573
|
-
BigInteger.prototype.pow = function(v) {
|
|
574
|
-
var n = parseValue(v), a = this.value, b = n.value, value, x, y;
|
|
575
|
-
if (b === 0)
|
|
576
|
-
return Integer[1];
|
|
577
|
-
if (a === 0)
|
|
578
|
-
return Integer[0];
|
|
579
|
-
if (a === 1)
|
|
580
|
-
return Integer[1];
|
|
581
|
-
if (a === -1)
|
|
582
|
-
return n.isEven() ? Integer[1] : Integer[-1];
|
|
583
|
-
if (n.sign) {
|
|
584
|
-
return Integer[0];
|
|
585
|
-
}
|
|
586
|
-
if (!n.isSmall)
|
|
587
|
-
throw new Error("The exponent " + n.toString() + " is too large.");
|
|
588
|
-
if (this.isSmall) {
|
|
589
|
-
if (isPrecise(value = Math.pow(a, b)))
|
|
590
|
-
return new SmallInteger(truncate(value));
|
|
591
|
-
}
|
|
592
|
-
x = this;
|
|
593
|
-
y = Integer[1];
|
|
594
|
-
while (true) {
|
|
595
|
-
if (b & true) {
|
|
596
|
-
y = y.times(x);
|
|
597
|
-
--b;
|
|
598
|
-
}
|
|
599
|
-
if (b === 0)
|
|
600
|
-
break;
|
|
601
|
-
b /= 2;
|
|
602
|
-
x = x.square();
|
|
603
|
-
}
|
|
604
|
-
return y;
|
|
605
|
-
};
|
|
606
|
-
SmallInteger.prototype.pow = BigInteger.prototype.pow;
|
|
607
|
-
NativeBigInt.prototype.pow = function(v) {
|
|
608
|
-
var n = parseValue(v);
|
|
609
|
-
var a = this.value, b = n.value;
|
|
610
|
-
var _0 = BigInt(0), _1 = BigInt(1), _2 = BigInt(2);
|
|
611
|
-
if (b === _0)
|
|
612
|
-
return Integer[1];
|
|
613
|
-
if (a === _0)
|
|
614
|
-
return Integer[0];
|
|
615
|
-
if (a === _1)
|
|
616
|
-
return Integer[1];
|
|
617
|
-
if (a === BigInt(-1))
|
|
618
|
-
return n.isEven() ? Integer[1] : Integer[-1];
|
|
619
|
-
if (n.isNegative())
|
|
620
|
-
return new NativeBigInt(_0);
|
|
621
|
-
var x = this;
|
|
622
|
-
var y = Integer[1];
|
|
623
|
-
while (true) {
|
|
624
|
-
if ((b & _1) === _1) {
|
|
625
|
-
y = y.times(x);
|
|
626
|
-
--b;
|
|
627
|
-
}
|
|
628
|
-
if (b === _0)
|
|
629
|
-
break;
|
|
630
|
-
b /= _2;
|
|
631
|
-
x = x.square();
|
|
632
|
-
}
|
|
633
|
-
return y;
|
|
634
|
-
};
|
|
635
|
-
BigInteger.prototype.modPow = function(exp, mod2) {
|
|
636
|
-
exp = parseValue(exp);
|
|
637
|
-
mod2 = parseValue(mod2);
|
|
638
|
-
if (mod2.isZero())
|
|
639
|
-
throw new Error("Cannot take modPow with modulus 0");
|
|
640
|
-
var r = Integer[1], base3 = this.mod(mod2);
|
|
641
|
-
if (exp.isNegative()) {
|
|
642
|
-
exp = exp.multiply(Integer[-1]);
|
|
643
|
-
base3 = base3.modInv(mod2);
|
|
644
|
-
}
|
|
645
|
-
while (exp.isPositive()) {
|
|
646
|
-
if (base3.isZero())
|
|
647
|
-
return Integer[0];
|
|
648
|
-
if (exp.isOdd())
|
|
649
|
-
r = r.multiply(base3).mod(mod2);
|
|
650
|
-
exp = exp.divide(2);
|
|
651
|
-
base3 = base3.square().mod(mod2);
|
|
652
|
-
}
|
|
653
|
-
return r;
|
|
654
|
-
};
|
|
655
|
-
NativeBigInt.prototype.modPow = SmallInteger.prototype.modPow = BigInteger.prototype.modPow;
|
|
656
|
-
function compareAbs(a, b) {
|
|
657
|
-
if (a.length !== b.length) {
|
|
658
|
-
return a.length > b.length ? 1 : -1;
|
|
659
|
-
}
|
|
660
|
-
for (var i2 = a.length - 1; i2 >= 0; i2--) {
|
|
661
|
-
if (a[i2] !== b[i2])
|
|
662
|
-
return a[i2] > b[i2] ? 1 : -1;
|
|
663
|
-
}
|
|
664
|
-
return 0;
|
|
665
|
-
}
|
|
666
|
-
BigInteger.prototype.compareAbs = function(v) {
|
|
667
|
-
var n = parseValue(v), a = this.value, b = n.value;
|
|
668
|
-
if (n.isSmall)
|
|
669
|
-
return 1;
|
|
670
|
-
return compareAbs(a, b);
|
|
671
|
-
};
|
|
672
|
-
SmallInteger.prototype.compareAbs = function(v) {
|
|
673
|
-
var n = parseValue(v), a = Math.abs(this.value), b = n.value;
|
|
674
|
-
if (n.isSmall) {
|
|
675
|
-
b = Math.abs(b);
|
|
676
|
-
return a === b ? 0 : a > b ? 1 : -1;
|
|
677
|
-
}
|
|
678
|
-
return -1;
|
|
679
|
-
};
|
|
680
|
-
NativeBigInt.prototype.compareAbs = function(v) {
|
|
681
|
-
var a = this.value;
|
|
682
|
-
var b = parseValue(v).value;
|
|
683
|
-
a = a >= 0 ? a : -a;
|
|
684
|
-
b = b >= 0 ? b : -b;
|
|
685
|
-
return a === b ? 0 : a > b ? 1 : -1;
|
|
686
|
-
};
|
|
687
|
-
BigInteger.prototype.compare = function(v) {
|
|
688
|
-
if (v === Infinity) {
|
|
689
|
-
return -1;
|
|
690
|
-
}
|
|
691
|
-
if (v === -Infinity) {
|
|
692
|
-
return 1;
|
|
693
|
-
}
|
|
694
|
-
var n = parseValue(v), a = this.value, b = n.value;
|
|
695
|
-
if (this.sign !== n.sign) {
|
|
696
|
-
return n.sign ? 1 : -1;
|
|
697
|
-
}
|
|
698
|
-
if (n.isSmall) {
|
|
699
|
-
return this.sign ? -1 : 1;
|
|
700
|
-
}
|
|
701
|
-
return compareAbs(a, b) * (this.sign ? -1 : 1);
|
|
702
|
-
};
|
|
703
|
-
BigInteger.prototype.compareTo = BigInteger.prototype.compare;
|
|
704
|
-
SmallInteger.prototype.compare = function(v) {
|
|
705
|
-
if (v === Infinity) {
|
|
706
|
-
return -1;
|
|
707
|
-
}
|
|
708
|
-
if (v === -Infinity) {
|
|
709
|
-
return 1;
|
|
710
|
-
}
|
|
711
|
-
var n = parseValue(v), a = this.value, b = n.value;
|
|
712
|
-
if (n.isSmall) {
|
|
713
|
-
return a == b ? 0 : a > b ? 1 : -1;
|
|
714
|
-
}
|
|
715
|
-
if (a < 0 !== n.sign) {
|
|
716
|
-
return a < 0 ? -1 : 1;
|
|
717
|
-
}
|
|
718
|
-
return a < 0 ? 1 : -1;
|
|
719
|
-
};
|
|
720
|
-
SmallInteger.prototype.compareTo = SmallInteger.prototype.compare;
|
|
721
|
-
NativeBigInt.prototype.compare = function(v) {
|
|
722
|
-
if (v === Infinity) {
|
|
723
|
-
return -1;
|
|
724
|
-
}
|
|
725
|
-
if (v === -Infinity) {
|
|
726
|
-
return 1;
|
|
727
|
-
}
|
|
728
|
-
var a = this.value;
|
|
729
|
-
var b = parseValue(v).value;
|
|
730
|
-
return a === b ? 0 : a > b ? 1 : -1;
|
|
731
|
-
};
|
|
732
|
-
NativeBigInt.prototype.compareTo = NativeBigInt.prototype.compare;
|
|
733
|
-
BigInteger.prototype.equals = function(v) {
|
|
734
|
-
return this.compare(v) === 0;
|
|
735
|
-
};
|
|
736
|
-
NativeBigInt.prototype.eq = NativeBigInt.prototype.equals = SmallInteger.prototype.eq = SmallInteger.prototype.equals = BigInteger.prototype.eq = BigInteger.prototype.equals;
|
|
737
|
-
BigInteger.prototype.notEquals = function(v) {
|
|
738
|
-
return this.compare(v) !== 0;
|
|
739
|
-
};
|
|
740
|
-
NativeBigInt.prototype.neq = NativeBigInt.prototype.notEquals = SmallInteger.prototype.neq = SmallInteger.prototype.notEquals = BigInteger.prototype.neq = BigInteger.prototype.notEquals;
|
|
741
|
-
BigInteger.prototype.greater = function(v) {
|
|
742
|
-
return this.compare(v) > 0;
|
|
743
|
-
};
|
|
744
|
-
NativeBigInt.prototype.gt = NativeBigInt.prototype.greater = SmallInteger.prototype.gt = SmallInteger.prototype.greater = BigInteger.prototype.gt = BigInteger.prototype.greater;
|
|
745
|
-
BigInteger.prototype.lesser = function(v) {
|
|
746
|
-
return this.compare(v) < 0;
|
|
747
|
-
};
|
|
748
|
-
NativeBigInt.prototype.lt = NativeBigInt.prototype.lesser = SmallInteger.prototype.lt = SmallInteger.prototype.lesser = BigInteger.prototype.lt = BigInteger.prototype.lesser;
|
|
749
|
-
BigInteger.prototype.greaterOrEquals = function(v) {
|
|
750
|
-
return this.compare(v) >= 0;
|
|
751
|
-
};
|
|
752
|
-
NativeBigInt.prototype.geq = NativeBigInt.prototype.greaterOrEquals = SmallInteger.prototype.geq = SmallInteger.prototype.greaterOrEquals = BigInteger.prototype.geq = BigInteger.prototype.greaterOrEquals;
|
|
753
|
-
BigInteger.prototype.lesserOrEquals = function(v) {
|
|
754
|
-
return this.compare(v) <= 0;
|
|
755
|
-
};
|
|
756
|
-
NativeBigInt.prototype.leq = NativeBigInt.prototype.lesserOrEquals = SmallInteger.prototype.leq = SmallInteger.prototype.lesserOrEquals = BigInteger.prototype.leq = BigInteger.prototype.lesserOrEquals;
|
|
757
|
-
BigInteger.prototype.isEven = function() {
|
|
758
|
-
return (this.value[0] & 1) === 0;
|
|
759
|
-
};
|
|
760
|
-
SmallInteger.prototype.isEven = function() {
|
|
761
|
-
return (this.value & 1) === 0;
|
|
762
|
-
};
|
|
763
|
-
NativeBigInt.prototype.isEven = function() {
|
|
764
|
-
return (this.value & BigInt(1)) === BigInt(0);
|
|
765
|
-
};
|
|
766
|
-
BigInteger.prototype.isOdd = function() {
|
|
767
|
-
return (this.value[0] & 1) === 1;
|
|
768
|
-
};
|
|
769
|
-
SmallInteger.prototype.isOdd = function() {
|
|
770
|
-
return (this.value & 1) === 1;
|
|
771
|
-
};
|
|
772
|
-
NativeBigInt.prototype.isOdd = function() {
|
|
773
|
-
return (this.value & BigInt(1)) === BigInt(1);
|
|
774
|
-
};
|
|
775
|
-
BigInteger.prototype.isPositive = function() {
|
|
776
|
-
return !this.sign;
|
|
777
|
-
};
|
|
778
|
-
SmallInteger.prototype.isPositive = function() {
|
|
779
|
-
return this.value > 0;
|
|
780
|
-
};
|
|
781
|
-
NativeBigInt.prototype.isPositive = SmallInteger.prototype.isPositive;
|
|
782
|
-
BigInteger.prototype.isNegative = function() {
|
|
783
|
-
return this.sign;
|
|
784
|
-
};
|
|
785
|
-
SmallInteger.prototype.isNegative = function() {
|
|
786
|
-
return this.value < 0;
|
|
787
|
-
};
|
|
788
|
-
NativeBigInt.prototype.isNegative = SmallInteger.prototype.isNegative;
|
|
789
|
-
BigInteger.prototype.isUnit = function() {
|
|
790
|
-
return false;
|
|
791
|
-
};
|
|
792
|
-
SmallInteger.prototype.isUnit = function() {
|
|
793
|
-
return Math.abs(this.value) === 1;
|
|
794
|
-
};
|
|
795
|
-
NativeBigInt.prototype.isUnit = function() {
|
|
796
|
-
return this.abs().value === BigInt(1);
|
|
797
|
-
};
|
|
798
|
-
BigInteger.prototype.isZero = function() {
|
|
799
|
-
return false;
|
|
800
|
-
};
|
|
801
|
-
SmallInteger.prototype.isZero = function() {
|
|
802
|
-
return this.value === 0;
|
|
803
|
-
};
|
|
804
|
-
NativeBigInt.prototype.isZero = function() {
|
|
805
|
-
return this.value === BigInt(0);
|
|
806
|
-
};
|
|
807
|
-
BigInteger.prototype.isDivisibleBy = function(v) {
|
|
808
|
-
var n = parseValue(v);
|
|
809
|
-
if (n.isZero())
|
|
810
|
-
return false;
|
|
811
|
-
if (n.isUnit())
|
|
812
|
-
return true;
|
|
813
|
-
if (n.compareAbs(2) === 0)
|
|
814
|
-
return this.isEven();
|
|
815
|
-
return this.mod(n).isZero();
|
|
816
|
-
};
|
|
817
|
-
NativeBigInt.prototype.isDivisibleBy = SmallInteger.prototype.isDivisibleBy = BigInteger.prototype.isDivisibleBy;
|
|
818
|
-
function isBasicPrime(v) {
|
|
819
|
-
var n = v.abs();
|
|
820
|
-
if (n.isUnit())
|
|
821
|
-
return false;
|
|
822
|
-
if (n.equals(2) || n.equals(3) || n.equals(5))
|
|
823
|
-
return true;
|
|
824
|
-
if (n.isEven() || n.isDivisibleBy(3) || n.isDivisibleBy(5))
|
|
825
|
-
return false;
|
|
826
|
-
if (n.lesser(49))
|
|
827
|
-
return true;
|
|
828
|
-
}
|
|
829
|
-
function millerRabinTest(n, a) {
|
|
830
|
-
var nPrev = n.prev(), b = nPrev, r = 0, d, t, i2, x;
|
|
831
|
-
while (b.isEven())
|
|
832
|
-
b = b.divide(2), r++;
|
|
833
|
-
next:
|
|
834
|
-
for (i2 = 0; i2 < a.length; i2++) {
|
|
835
|
-
if (n.lesser(a[i2]))
|
|
836
|
-
continue;
|
|
837
|
-
x = bigInt2(a[i2]).modPow(b, n);
|
|
838
|
-
if (x.isUnit() || x.equals(nPrev))
|
|
839
|
-
continue;
|
|
840
|
-
for (d = r - 1; d != 0; d--) {
|
|
841
|
-
x = x.square().mod(n);
|
|
842
|
-
if (x.isUnit())
|
|
843
|
-
return false;
|
|
844
|
-
if (x.equals(nPrev))
|
|
845
|
-
continue next;
|
|
846
|
-
}
|
|
847
|
-
return false;
|
|
848
|
-
}
|
|
849
|
-
return true;
|
|
850
|
-
}
|
|
851
|
-
BigInteger.prototype.isPrime = function(strict) {
|
|
852
|
-
var isPrime = isBasicPrime(this);
|
|
853
|
-
if (isPrime !== undefined2)
|
|
854
|
-
return isPrime;
|
|
855
|
-
var n = this.abs();
|
|
856
|
-
var bits = n.bitLength();
|
|
857
|
-
if (bits <= 64)
|
|
858
|
-
return millerRabinTest(n, [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37]);
|
|
859
|
-
var logN = Math.log(2) * bits.toJSNumber();
|
|
860
|
-
var t = Math.ceil(strict === true ? 2 * Math.pow(logN, 2) : logN);
|
|
861
|
-
for (var a = [], i2 = 0; i2 < t; i2++) {
|
|
862
|
-
a.push(bigInt2(i2 + 2));
|
|
863
|
-
}
|
|
864
|
-
return millerRabinTest(n, a);
|
|
865
|
-
};
|
|
866
|
-
NativeBigInt.prototype.isPrime = SmallInteger.prototype.isPrime = BigInteger.prototype.isPrime;
|
|
867
|
-
BigInteger.prototype.isProbablePrime = function(iterations, rng) {
|
|
868
|
-
var isPrime = isBasicPrime(this);
|
|
869
|
-
if (isPrime !== undefined2)
|
|
870
|
-
return isPrime;
|
|
871
|
-
var n = this.abs();
|
|
872
|
-
var t = iterations === undefined2 ? 5 : iterations;
|
|
873
|
-
for (var a = [], i2 = 0; i2 < t; i2++) {
|
|
874
|
-
a.push(bigInt2.randBetween(2, n.minus(2), rng));
|
|
875
|
-
}
|
|
876
|
-
return millerRabinTest(n, a);
|
|
877
|
-
};
|
|
878
|
-
NativeBigInt.prototype.isProbablePrime = SmallInteger.prototype.isProbablePrime = BigInteger.prototype.isProbablePrime;
|
|
879
|
-
BigInteger.prototype.modInv = function(n) {
|
|
880
|
-
var t = bigInt2.zero, newT = bigInt2.one, r = parseValue(n), newR = this.abs(), q, lastT, lastR;
|
|
881
|
-
while (!newR.isZero()) {
|
|
882
|
-
q = r.divide(newR);
|
|
883
|
-
lastT = t;
|
|
884
|
-
lastR = r;
|
|
885
|
-
t = newT;
|
|
886
|
-
r = newR;
|
|
887
|
-
newT = lastT.subtract(q.multiply(newT));
|
|
888
|
-
newR = lastR.subtract(q.multiply(newR));
|
|
889
|
-
}
|
|
890
|
-
if (!r.isUnit())
|
|
891
|
-
throw new Error(this.toString() + " and " + n.toString() + " are not co-prime");
|
|
892
|
-
if (t.compare(0) === -1) {
|
|
893
|
-
t = t.add(n);
|
|
894
|
-
}
|
|
895
|
-
if (this.isNegative()) {
|
|
896
|
-
return t.negate();
|
|
897
|
-
}
|
|
898
|
-
return t;
|
|
899
|
-
};
|
|
900
|
-
NativeBigInt.prototype.modInv = SmallInteger.prototype.modInv = BigInteger.prototype.modInv;
|
|
901
|
-
BigInteger.prototype.next = function() {
|
|
902
|
-
var value = this.value;
|
|
903
|
-
if (this.sign) {
|
|
904
|
-
return subtractSmall(value, 1, this.sign);
|
|
905
|
-
}
|
|
906
|
-
return new BigInteger(addSmall(value, 1), this.sign);
|
|
907
|
-
};
|
|
908
|
-
SmallInteger.prototype.next = function() {
|
|
909
|
-
var value = this.value;
|
|
910
|
-
if (value + 1 < MAX_INT)
|
|
911
|
-
return new SmallInteger(value + 1);
|
|
912
|
-
return new BigInteger(MAX_INT_ARR, false);
|
|
913
|
-
};
|
|
914
|
-
NativeBigInt.prototype.next = function() {
|
|
915
|
-
return new NativeBigInt(this.value + BigInt(1));
|
|
916
|
-
};
|
|
917
|
-
BigInteger.prototype.prev = function() {
|
|
918
|
-
var value = this.value;
|
|
919
|
-
if (this.sign) {
|
|
920
|
-
return new BigInteger(addSmall(value, 1), true);
|
|
921
|
-
}
|
|
922
|
-
return subtractSmall(value, 1, this.sign);
|
|
923
|
-
};
|
|
924
|
-
SmallInteger.prototype.prev = function() {
|
|
925
|
-
var value = this.value;
|
|
926
|
-
if (value - 1 > -MAX_INT)
|
|
927
|
-
return new SmallInteger(value - 1);
|
|
928
|
-
return new BigInteger(MAX_INT_ARR, true);
|
|
929
|
-
};
|
|
930
|
-
NativeBigInt.prototype.prev = function() {
|
|
931
|
-
return new NativeBigInt(this.value - BigInt(1));
|
|
932
|
-
};
|
|
933
|
-
var powersOfTwo = [1];
|
|
934
|
-
while (2 * powersOfTwo[powersOfTwo.length - 1] <= BASE)
|
|
935
|
-
powersOfTwo.push(2 * powersOfTwo[powersOfTwo.length - 1]);
|
|
936
|
-
var powers2Length = powersOfTwo.length, highestPower2 = powersOfTwo[powers2Length - 1];
|
|
937
|
-
function shift_isSmall(n) {
|
|
938
|
-
return Math.abs(n) <= BASE;
|
|
939
|
-
}
|
|
940
|
-
BigInteger.prototype.shiftLeft = function(v) {
|
|
941
|
-
var n = parseValue(v).toJSNumber();
|
|
942
|
-
if (!shift_isSmall(n)) {
|
|
943
|
-
throw new Error(String(n) + " is too large for shifting.");
|
|
944
|
-
}
|
|
945
|
-
if (n < 0)
|
|
946
|
-
return this.shiftRight(-n);
|
|
947
|
-
var result = this;
|
|
948
|
-
if (result.isZero())
|
|
949
|
-
return result;
|
|
950
|
-
while (n >= powers2Length) {
|
|
951
|
-
result = result.multiply(highestPower2);
|
|
952
|
-
n -= powers2Length - 1;
|
|
953
|
-
}
|
|
954
|
-
return result.multiply(powersOfTwo[n]);
|
|
955
|
-
};
|
|
956
|
-
NativeBigInt.prototype.shiftLeft = SmallInteger.prototype.shiftLeft = BigInteger.prototype.shiftLeft;
|
|
957
|
-
BigInteger.prototype.shiftRight = function(v) {
|
|
958
|
-
var remQuo;
|
|
959
|
-
var n = parseValue(v).toJSNumber();
|
|
960
|
-
if (!shift_isSmall(n)) {
|
|
961
|
-
throw new Error(String(n) + " is too large for shifting.");
|
|
962
|
-
}
|
|
963
|
-
if (n < 0)
|
|
964
|
-
return this.shiftLeft(-n);
|
|
965
|
-
var result = this;
|
|
966
|
-
while (n >= powers2Length) {
|
|
967
|
-
if (result.isZero() || result.isNegative() && result.isUnit())
|
|
968
|
-
return result;
|
|
969
|
-
remQuo = divModAny(result, highestPower2);
|
|
970
|
-
result = remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
|
|
971
|
-
n -= powers2Length - 1;
|
|
972
|
-
}
|
|
973
|
-
remQuo = divModAny(result, powersOfTwo[n]);
|
|
974
|
-
return remQuo[1].isNegative() ? remQuo[0].prev() : remQuo[0];
|
|
975
|
-
};
|
|
976
|
-
NativeBigInt.prototype.shiftRight = SmallInteger.prototype.shiftRight = BigInteger.prototype.shiftRight;
|
|
977
|
-
function bitwise(x, y, fn) {
|
|
978
|
-
y = parseValue(y);
|
|
979
|
-
var xSign = x.isNegative(), ySign = y.isNegative();
|
|
980
|
-
var xRem = xSign ? x.not() : x, yRem = ySign ? y.not() : y;
|
|
981
|
-
var xDigit = 0, yDigit = 0;
|
|
982
|
-
var xDivMod = null, yDivMod = null;
|
|
983
|
-
var result = [];
|
|
984
|
-
while (!xRem.isZero() || !yRem.isZero()) {
|
|
985
|
-
xDivMod = divModAny(xRem, highestPower2);
|
|
986
|
-
xDigit = xDivMod[1].toJSNumber();
|
|
987
|
-
if (xSign) {
|
|
988
|
-
xDigit = highestPower2 - 1 - xDigit;
|
|
989
|
-
}
|
|
990
|
-
yDivMod = divModAny(yRem, highestPower2);
|
|
991
|
-
yDigit = yDivMod[1].toJSNumber();
|
|
992
|
-
if (ySign) {
|
|
993
|
-
yDigit = highestPower2 - 1 - yDigit;
|
|
994
|
-
}
|
|
995
|
-
xRem = xDivMod[0];
|
|
996
|
-
yRem = yDivMod[0];
|
|
997
|
-
result.push(fn(xDigit, yDigit));
|
|
998
|
-
}
|
|
999
|
-
var sum = fn(xSign ? 1 : 0, ySign ? 1 : 0) !== 0 ? bigInt2(-1) : bigInt2(0);
|
|
1000
|
-
for (var i2 = result.length - 1; i2 >= 0; i2 -= 1) {
|
|
1001
|
-
sum = sum.multiply(highestPower2).add(bigInt2(result[i2]));
|
|
1002
|
-
}
|
|
1003
|
-
return sum;
|
|
1004
|
-
}
|
|
1005
|
-
BigInteger.prototype.not = function() {
|
|
1006
|
-
return this.negate().prev();
|
|
1007
|
-
};
|
|
1008
|
-
NativeBigInt.prototype.not = SmallInteger.prototype.not = BigInteger.prototype.not;
|
|
1009
|
-
BigInteger.prototype.and = function(n) {
|
|
1010
|
-
return bitwise(this, n, function(a, b) {
|
|
1011
|
-
return a & b;
|
|
1012
|
-
});
|
|
1013
|
-
};
|
|
1014
|
-
NativeBigInt.prototype.and = SmallInteger.prototype.and = BigInteger.prototype.and;
|
|
1015
|
-
BigInteger.prototype.or = function(n) {
|
|
1016
|
-
return bitwise(this, n, function(a, b) {
|
|
1017
|
-
return a | b;
|
|
1018
|
-
});
|
|
1019
|
-
};
|
|
1020
|
-
NativeBigInt.prototype.or = SmallInteger.prototype.or = BigInteger.prototype.or;
|
|
1021
|
-
BigInteger.prototype.xor = function(n) {
|
|
1022
|
-
return bitwise(this, n, function(a, b) {
|
|
1023
|
-
return a ^ b;
|
|
1024
|
-
});
|
|
1025
|
-
};
|
|
1026
|
-
NativeBigInt.prototype.xor = SmallInteger.prototype.xor = BigInteger.prototype.xor;
|
|
1027
|
-
var LOBMASK_I = 1 << 30, LOBMASK_BI = (BASE & -BASE) * (BASE & -BASE) | LOBMASK_I;
|
|
1028
|
-
function roughLOB(n) {
|
|
1029
|
-
var v = n.value, x = typeof v === "number" ? v | LOBMASK_I : typeof v === "bigint" ? v | BigInt(LOBMASK_I) : v[0] + v[1] * BASE | LOBMASK_BI;
|
|
1030
|
-
return x & -x;
|
|
1031
|
-
}
|
|
1032
|
-
function integerLogarithm(value, base3) {
|
|
1033
|
-
if (base3.compareTo(value) <= 0) {
|
|
1034
|
-
var tmp = integerLogarithm(value, base3.square(base3));
|
|
1035
|
-
var p = tmp.p;
|
|
1036
|
-
var e = tmp.e;
|
|
1037
|
-
var t = p.multiply(base3);
|
|
1038
|
-
return t.compareTo(value) <= 0 ? { p: t, e: e * 2 + 1 } : { p, e: e * 2 };
|
|
1039
|
-
}
|
|
1040
|
-
return { p: bigInt2(1), e: 0 };
|
|
1041
|
-
}
|
|
1042
|
-
BigInteger.prototype.bitLength = function() {
|
|
1043
|
-
var n = this;
|
|
1044
|
-
if (n.compareTo(bigInt2(0)) < 0) {
|
|
1045
|
-
n = n.negate().subtract(bigInt2(1));
|
|
1046
|
-
}
|
|
1047
|
-
if (n.compareTo(bigInt2(0)) === 0) {
|
|
1048
|
-
return bigInt2(0);
|
|
1049
|
-
}
|
|
1050
|
-
return bigInt2(integerLogarithm(n, bigInt2(2)).e).add(bigInt2(1));
|
|
1051
|
-
};
|
|
1052
|
-
NativeBigInt.prototype.bitLength = SmallInteger.prototype.bitLength = BigInteger.prototype.bitLength;
|
|
1053
|
-
function max(a, b) {
|
|
1054
|
-
a = parseValue(a);
|
|
1055
|
-
b = parseValue(b);
|
|
1056
|
-
return a.greater(b) ? a : b;
|
|
1057
|
-
}
|
|
1058
|
-
function min(a, b) {
|
|
1059
|
-
a = parseValue(a);
|
|
1060
|
-
b = parseValue(b);
|
|
1061
|
-
return a.lesser(b) ? a : b;
|
|
1062
|
-
}
|
|
1063
|
-
function gcd(a, b) {
|
|
1064
|
-
a = parseValue(a).abs();
|
|
1065
|
-
b = parseValue(b).abs();
|
|
1066
|
-
if (a.equals(b))
|
|
1067
|
-
return a;
|
|
1068
|
-
if (a.isZero())
|
|
1069
|
-
return b;
|
|
1070
|
-
if (b.isZero())
|
|
1071
|
-
return a;
|
|
1072
|
-
var c = Integer[1], d, t;
|
|
1073
|
-
while (a.isEven() && b.isEven()) {
|
|
1074
|
-
d = min(roughLOB(a), roughLOB(b));
|
|
1075
|
-
a = a.divide(d);
|
|
1076
|
-
b = b.divide(d);
|
|
1077
|
-
c = c.multiply(d);
|
|
1078
|
-
}
|
|
1079
|
-
while (a.isEven()) {
|
|
1080
|
-
a = a.divide(roughLOB(a));
|
|
1081
|
-
}
|
|
1082
|
-
do {
|
|
1083
|
-
while (b.isEven()) {
|
|
1084
|
-
b = b.divide(roughLOB(b));
|
|
1085
|
-
}
|
|
1086
|
-
if (a.greater(b)) {
|
|
1087
|
-
t = b;
|
|
1088
|
-
b = a;
|
|
1089
|
-
a = t;
|
|
1090
|
-
}
|
|
1091
|
-
b = b.subtract(a);
|
|
1092
|
-
} while (!b.isZero());
|
|
1093
|
-
return c.isUnit() ? a : a.multiply(c);
|
|
1094
|
-
}
|
|
1095
|
-
function lcm(a, b) {
|
|
1096
|
-
a = parseValue(a).abs();
|
|
1097
|
-
b = parseValue(b).abs();
|
|
1098
|
-
return a.divide(gcd(a, b)).multiply(b);
|
|
1099
|
-
}
|
|
1100
|
-
function randBetween(a, b, rng) {
|
|
1101
|
-
a = parseValue(a);
|
|
1102
|
-
b = parseValue(b);
|
|
1103
|
-
var usedRNG = rng || Math.random;
|
|
1104
|
-
var low = min(a, b), high = max(a, b);
|
|
1105
|
-
var range = high.subtract(low).add(1);
|
|
1106
|
-
if (range.isSmall)
|
|
1107
|
-
return low.add(Math.floor(usedRNG() * range));
|
|
1108
|
-
var digits = toBase(range, BASE).value;
|
|
1109
|
-
var result = [], restricted = true;
|
|
1110
|
-
for (var i2 = 0; i2 < digits.length; i2++) {
|
|
1111
|
-
var top = restricted ? digits[i2] + (i2 + 1 < digits.length ? digits[i2 + 1] / BASE : 0) : BASE;
|
|
1112
|
-
var digit = truncate(usedRNG() * top);
|
|
1113
|
-
result.push(digit);
|
|
1114
|
-
if (digit < digits[i2])
|
|
1115
|
-
restricted = false;
|
|
1116
|
-
}
|
|
1117
|
-
return low.add(Integer.fromArray(result, BASE, false));
|
|
1118
|
-
}
|
|
1119
|
-
var parseBase = function(text, base3, alphabet2, caseSensitive) {
|
|
1120
|
-
alphabet2 = alphabet2 || DEFAULT_ALPHABET;
|
|
1121
|
-
text = String(text);
|
|
1122
|
-
if (!caseSensitive) {
|
|
1123
|
-
text = text.toLowerCase();
|
|
1124
|
-
alphabet2 = alphabet2.toLowerCase();
|
|
1125
|
-
}
|
|
1126
|
-
var length2 = text.length;
|
|
1127
|
-
var i2;
|
|
1128
|
-
var absBase = Math.abs(base3);
|
|
1129
|
-
var alphabetValues = {};
|
|
1130
|
-
for (i2 = 0; i2 < alphabet2.length; i2++) {
|
|
1131
|
-
alphabetValues[alphabet2[i2]] = i2;
|
|
1132
|
-
}
|
|
1133
|
-
for (i2 = 0; i2 < length2; i2++) {
|
|
1134
|
-
var c = text[i2];
|
|
1135
|
-
if (c === "-")
|
|
1136
|
-
continue;
|
|
1137
|
-
if (c in alphabetValues) {
|
|
1138
|
-
if (alphabetValues[c] >= absBase) {
|
|
1139
|
-
if (c === "1" && absBase === 1)
|
|
1140
|
-
continue;
|
|
1141
|
-
throw new Error(c + " is not a valid digit in base " + base3 + ".");
|
|
1142
|
-
}
|
|
1143
|
-
}
|
|
1144
|
-
}
|
|
1145
|
-
base3 = parseValue(base3);
|
|
1146
|
-
var digits = [];
|
|
1147
|
-
var isNegative = text[0] === "-";
|
|
1148
|
-
for (i2 = isNegative ? 1 : 0; i2 < text.length; i2++) {
|
|
1149
|
-
var c = text[i2];
|
|
1150
|
-
if (c in alphabetValues)
|
|
1151
|
-
digits.push(parseValue(alphabetValues[c]));
|
|
1152
|
-
else if (c === "<") {
|
|
1153
|
-
var start = i2;
|
|
1154
|
-
do {
|
|
1155
|
-
i2++;
|
|
1156
|
-
} while (text[i2] !== ">" && i2 < text.length);
|
|
1157
|
-
digits.push(parseValue(text.slice(start + 1, i2)));
|
|
1158
|
-
} else
|
|
1159
|
-
throw new Error(c + " is not a valid character");
|
|
1160
|
-
}
|
|
1161
|
-
return parseBaseFromArray(digits, base3, isNegative);
|
|
1162
|
-
};
|
|
1163
|
-
function parseBaseFromArray(digits, base3, isNegative) {
|
|
1164
|
-
var val = Integer[0], pow = Integer[1], i2;
|
|
1165
|
-
for (i2 = digits.length - 1; i2 >= 0; i2--) {
|
|
1166
|
-
val = val.add(digits[i2].times(pow));
|
|
1167
|
-
pow = pow.times(base3);
|
|
1168
|
-
}
|
|
1169
|
-
return isNegative ? val.negate() : val;
|
|
1170
|
-
}
|
|
1171
|
-
function stringify(digit, alphabet2) {
|
|
1172
|
-
alphabet2 = alphabet2 || DEFAULT_ALPHABET;
|
|
1173
|
-
if (digit < alphabet2.length) {
|
|
1174
|
-
return alphabet2[digit];
|
|
1175
|
-
}
|
|
1176
|
-
return "<" + digit + ">";
|
|
1177
|
-
}
|
|
1178
|
-
function toBase(n, base3) {
|
|
1179
|
-
base3 = bigInt2(base3);
|
|
1180
|
-
if (base3.isZero()) {
|
|
1181
|
-
if (n.isZero())
|
|
1182
|
-
return { value: [0], isNegative: false };
|
|
1183
|
-
throw new Error("Cannot convert nonzero numbers to base 0.");
|
|
1184
|
-
}
|
|
1185
|
-
if (base3.equals(-1)) {
|
|
1186
|
-
if (n.isZero())
|
|
1187
|
-
return { value: [0], isNegative: false };
|
|
1188
|
-
if (n.isNegative())
|
|
1189
|
-
return {
|
|
1190
|
-
value: [].concat.apply(
|
|
1191
|
-
[],
|
|
1192
|
-
Array.apply(null, Array(-n.toJSNumber())).map(Array.prototype.valueOf, [1, 0])
|
|
1193
|
-
),
|
|
1194
|
-
isNegative: false
|
|
1195
|
-
};
|
|
1196
|
-
var arr = Array.apply(null, Array(n.toJSNumber() - 1)).map(Array.prototype.valueOf, [0, 1]);
|
|
1197
|
-
arr.unshift([1]);
|
|
1198
|
-
return {
|
|
1199
|
-
value: [].concat.apply([], arr),
|
|
1200
|
-
isNegative: false
|
|
1201
|
-
};
|
|
1202
|
-
}
|
|
1203
|
-
var neg = false;
|
|
1204
|
-
if (n.isNegative() && base3.isPositive()) {
|
|
1205
|
-
neg = true;
|
|
1206
|
-
n = n.abs();
|
|
1207
|
-
}
|
|
1208
|
-
if (base3.isUnit()) {
|
|
1209
|
-
if (n.isZero())
|
|
1210
|
-
return { value: [0], isNegative: false };
|
|
1211
|
-
return {
|
|
1212
|
-
value: Array.apply(null, Array(n.toJSNumber())).map(Number.prototype.valueOf, 1),
|
|
1213
|
-
isNegative: neg
|
|
1214
|
-
};
|
|
1215
|
-
}
|
|
1216
|
-
var out = [];
|
|
1217
|
-
var left = n, divmod;
|
|
1218
|
-
while (left.isNegative() || left.compareAbs(base3) >= 0) {
|
|
1219
|
-
divmod = left.divmod(base3);
|
|
1220
|
-
left = divmod.quotient;
|
|
1221
|
-
var digit = divmod.remainder;
|
|
1222
|
-
if (digit.isNegative()) {
|
|
1223
|
-
digit = base3.minus(digit).abs();
|
|
1224
|
-
left = left.next();
|
|
1225
|
-
}
|
|
1226
|
-
out.push(digit.toJSNumber());
|
|
1227
|
-
}
|
|
1228
|
-
out.push(left.toJSNumber());
|
|
1229
|
-
return { value: out.reverse(), isNegative: neg };
|
|
1230
|
-
}
|
|
1231
|
-
function toBaseString(n, base3, alphabet2) {
|
|
1232
|
-
var arr = toBase(n, base3);
|
|
1233
|
-
return (arr.isNegative ? "-" : "") + arr.value.map(function(x) {
|
|
1234
|
-
return stringify(x, alphabet2);
|
|
1235
|
-
}).join("");
|
|
1236
|
-
}
|
|
1237
|
-
BigInteger.prototype.toArray = function(radix) {
|
|
1238
|
-
return toBase(this, radix);
|
|
1239
|
-
};
|
|
1240
|
-
SmallInteger.prototype.toArray = function(radix) {
|
|
1241
|
-
return toBase(this, radix);
|
|
1242
|
-
};
|
|
1243
|
-
NativeBigInt.prototype.toArray = function(radix) {
|
|
1244
|
-
return toBase(this, radix);
|
|
1245
|
-
};
|
|
1246
|
-
BigInteger.prototype.toString = function(radix, alphabet2) {
|
|
1247
|
-
if (radix === undefined2)
|
|
1248
|
-
radix = 10;
|
|
1249
|
-
if (radix !== 10)
|
|
1250
|
-
return toBaseString(this, radix, alphabet2);
|
|
1251
|
-
var v = this.value, l = v.length, str = String(v[--l]), zeros = "0000000", digit;
|
|
1252
|
-
while (--l >= 0) {
|
|
1253
|
-
digit = String(v[l]);
|
|
1254
|
-
str += zeros.slice(digit.length) + digit;
|
|
1255
|
-
}
|
|
1256
|
-
var sign2 = this.sign ? "-" : "";
|
|
1257
|
-
return sign2 + str;
|
|
1258
|
-
};
|
|
1259
|
-
SmallInteger.prototype.toString = function(radix, alphabet2) {
|
|
1260
|
-
if (radix === undefined2)
|
|
1261
|
-
radix = 10;
|
|
1262
|
-
if (radix != 10)
|
|
1263
|
-
return toBaseString(this, radix, alphabet2);
|
|
1264
|
-
return String(this.value);
|
|
1265
|
-
};
|
|
1266
|
-
NativeBigInt.prototype.toString = SmallInteger.prototype.toString;
|
|
1267
|
-
NativeBigInt.prototype.toJSON = BigInteger.prototype.toJSON = SmallInteger.prototype.toJSON = function() {
|
|
1268
|
-
return this.toString();
|
|
1269
|
-
};
|
|
1270
|
-
BigInteger.prototype.valueOf = function() {
|
|
1271
|
-
return parseInt(this.toString(), 10);
|
|
1272
|
-
};
|
|
1273
|
-
BigInteger.prototype.toJSNumber = BigInteger.prototype.valueOf;
|
|
1274
|
-
SmallInteger.prototype.valueOf = function() {
|
|
1275
|
-
return this.value;
|
|
1276
|
-
};
|
|
1277
|
-
SmallInteger.prototype.toJSNumber = SmallInteger.prototype.valueOf;
|
|
1278
|
-
NativeBigInt.prototype.valueOf = NativeBigInt.prototype.toJSNumber = function() {
|
|
1279
|
-
return parseInt(this.toString(), 10);
|
|
1280
|
-
};
|
|
1281
|
-
function parseStringValue(v) {
|
|
1282
|
-
if (isPrecise(+v)) {
|
|
1283
|
-
var x = +v;
|
|
1284
|
-
if (x === truncate(x))
|
|
1285
|
-
return supportsNativeBigInt ? new NativeBigInt(BigInt(x)) : new SmallInteger(x);
|
|
1286
|
-
throw new Error("Invalid integer: " + v);
|
|
1287
|
-
}
|
|
1288
|
-
var sign2 = v[0] === "-";
|
|
1289
|
-
if (sign2)
|
|
1290
|
-
v = v.slice(1);
|
|
1291
|
-
var split = v.split(/e/i);
|
|
1292
|
-
if (split.length > 2)
|
|
1293
|
-
throw new Error("Invalid integer: " + split.join("e"));
|
|
1294
|
-
if (split.length === 2) {
|
|
1295
|
-
var exp = split[1];
|
|
1296
|
-
if (exp[0] === "+")
|
|
1297
|
-
exp = exp.slice(1);
|
|
1298
|
-
exp = +exp;
|
|
1299
|
-
if (exp !== truncate(exp) || !isPrecise(exp))
|
|
1300
|
-
throw new Error("Invalid integer: " + exp + " is not a valid exponent.");
|
|
1301
|
-
var text = split[0];
|
|
1302
|
-
var decimalPlace = text.indexOf(".");
|
|
1303
|
-
if (decimalPlace >= 0) {
|
|
1304
|
-
exp -= text.length - decimalPlace - 1;
|
|
1305
|
-
text = text.slice(0, decimalPlace) + text.slice(decimalPlace + 1);
|
|
1306
|
-
}
|
|
1307
|
-
if (exp < 0)
|
|
1308
|
-
throw new Error("Cannot include negative exponent part for integers");
|
|
1309
|
-
text += new Array(exp + 1).join("0");
|
|
1310
|
-
v = text;
|
|
1311
|
-
}
|
|
1312
|
-
var isValid = /^([0-9][0-9]*)$/.test(v);
|
|
1313
|
-
if (!isValid)
|
|
1314
|
-
throw new Error("Invalid integer: " + v);
|
|
1315
|
-
if (supportsNativeBigInt) {
|
|
1316
|
-
return new NativeBigInt(BigInt(sign2 ? "-" + v : v));
|
|
1317
|
-
}
|
|
1318
|
-
var r = [], max2 = v.length, l = LOG_BASE, min2 = max2 - l;
|
|
1319
|
-
while (max2 > 0) {
|
|
1320
|
-
r.push(+v.slice(min2, max2));
|
|
1321
|
-
min2 -= l;
|
|
1322
|
-
if (min2 < 0)
|
|
1323
|
-
min2 = 0;
|
|
1324
|
-
max2 -= l;
|
|
1325
|
-
}
|
|
1326
|
-
trim(r);
|
|
1327
|
-
return new BigInteger(r, sign2);
|
|
1328
|
-
}
|
|
1329
|
-
function parseNumberValue(v) {
|
|
1330
|
-
if (supportsNativeBigInt) {
|
|
1331
|
-
return new NativeBigInt(BigInt(v));
|
|
1332
|
-
}
|
|
1333
|
-
if (isPrecise(v)) {
|
|
1334
|
-
if (v !== truncate(v))
|
|
1335
|
-
throw new Error(v + " is not an integer.");
|
|
1336
|
-
return new SmallInteger(v);
|
|
1337
|
-
}
|
|
1338
|
-
return parseStringValue(v.toString());
|
|
1339
|
-
}
|
|
1340
|
-
function parseValue(v) {
|
|
1341
|
-
if (typeof v === "number") {
|
|
1342
|
-
return parseNumberValue(v);
|
|
1343
|
-
}
|
|
1344
|
-
if (typeof v === "string") {
|
|
1345
|
-
return parseStringValue(v);
|
|
1346
|
-
}
|
|
1347
|
-
if (typeof v === "bigint") {
|
|
1348
|
-
return new NativeBigInt(v);
|
|
1349
|
-
}
|
|
1350
|
-
return v;
|
|
1351
|
-
}
|
|
1352
|
-
for (var i = 0; i < 1e3; i++) {
|
|
1353
|
-
Integer[i] = parseValue(i);
|
|
1354
|
-
if (i > 0)
|
|
1355
|
-
Integer[-i] = parseValue(-i);
|
|
1356
|
-
}
|
|
1357
|
-
Integer.one = Integer[1];
|
|
1358
|
-
Integer.zero = Integer[0];
|
|
1359
|
-
Integer.minusOne = Integer[-1];
|
|
1360
|
-
Integer.max = max;
|
|
1361
|
-
Integer.min = min;
|
|
1362
|
-
Integer.gcd = gcd;
|
|
1363
|
-
Integer.lcm = lcm;
|
|
1364
|
-
Integer.isInstance = function(x) {
|
|
1365
|
-
return x instanceof BigInteger || x instanceof SmallInteger || x instanceof NativeBigInt;
|
|
1366
|
-
};
|
|
1367
|
-
Integer.randBetween = randBetween;
|
|
1368
|
-
Integer.fromArray = function(digits, base3, isNegative) {
|
|
1369
|
-
return parseBaseFromArray(digits.map(parseValue), parseValue(base3 || 10), isNegative);
|
|
1370
|
-
};
|
|
1371
|
-
return Integer;
|
|
1372
|
-
}();
|
|
1373
|
-
if (typeof module2 !== "undefined" && module2.hasOwnProperty("exports")) {
|
|
1374
|
-
module2.exports = bigInt2;
|
|
1375
|
-
}
|
|
1376
|
-
if (typeof define === "function" && define.amd) {
|
|
1377
|
-
define(function() {
|
|
1378
|
-
return bigInt2;
|
|
1379
|
-
});
|
|
1380
|
-
}
|
|
1381
|
-
}
|
|
1382
|
-
});
|
|
1383
|
-
|
|
1384
26
|
// src/index.ts
|
|
1385
27
|
var src_exports2 = {};
|
|
1386
28
|
__export(src_exports2, {
|
|
1387
|
-
|
|
1388
|
-
|
|
1389
|
-
|
|
1390
|
-
EcdsaKeypair: () => EcdsaKeypair,
|
|
29
|
+
BASE58_MULTIBASE_PREFIX: () => BASE58_MULTIBASE_PREFIX,
|
|
30
|
+
DID_KEY_PREFIX: () => DID_KEY_PREFIX,
|
|
31
|
+
P256Keypair: () => P256Keypair,
|
|
1391
32
|
P256_DID_PREFIX: () => P256_DID_PREFIX,
|
|
1392
33
|
P256_JWT_ALG: () => P256_JWT_ALG,
|
|
1393
34
|
SECP256K1_DID_PREFIX: () => SECP256K1_DID_PREFIX,
|
|
1394
35
|
SECP256K1_JWT_ALG: () => SECP256K1_JWT_ALG,
|
|
1395
36
|
Secp256k1Keypair: () => Secp256k1Keypair,
|
|
37
|
+
bytesToMultibase: () => bytesToMultibase,
|
|
1396
38
|
formatDidKey: () => formatDidKey,
|
|
39
|
+
formatMultikey: () => formatMultikey,
|
|
1397
40
|
multibaseToBytes: () => multibaseToBytes,
|
|
1398
41
|
p256Plugin: () => p256Plugin,
|
|
1399
42
|
parseDidKey: () => parseDidKey,
|
|
1400
|
-
|
|
1401
|
-
|
|
43
|
+
parseMultikey: () => parseMultikey,
|
|
44
|
+
randomBytes: () => randomBytes2,
|
|
45
|
+
randomIntFromSeed: () => randomIntFromSeed,
|
|
1402
46
|
randomStr: () => randomStr,
|
|
1403
47
|
secp256k1Plugin: () => secp256k1Plugin,
|
|
1404
|
-
sha256: () =>
|
|
1405
|
-
sha256Stream: () => sha256Stream,
|
|
48
|
+
sha256: () => sha2563,
|
|
1406
49
|
verifySignature: () => verifySignature,
|
|
1407
50
|
verifySignatureUtf8: () => verifySignatureUtf8
|
|
1408
51
|
});
|
|
1409
52
|
module.exports = __toCommonJS(src_exports2);
|
|
1410
53
|
|
|
1411
|
-
//
|
|
1412
|
-
var
|
|
1413
|
-
var
|
|
54
|
+
// src/const.ts
|
|
55
|
+
var P256_DID_PREFIX = new Uint8Array([128, 36]);
|
|
56
|
+
var SECP256K1_DID_PREFIX = new Uint8Array([231, 1]);
|
|
57
|
+
var BASE58_MULTIBASE_PREFIX = "z";
|
|
58
|
+
var DID_KEY_PREFIX = "did:key:";
|
|
59
|
+
var P256_JWT_ALG = "ES256";
|
|
60
|
+
var SECP256K1_JWT_ALG = "ES256K";
|
|
1414
61
|
|
|
1415
62
|
// ../../node_modules/uint8arrays/esm/src/concat.js
|
|
1416
63
|
function concat(arrays, length2) {
|
|
1417
64
|
if (!length2) {
|
|
1418
65
|
length2 = arrays.reduce((acc, curr) => acc + curr.length, 0);
|
|
1419
66
|
}
|
|
1420
|
-
const
|
|
67
|
+
const output2 = new Uint8Array(length2);
|
|
1421
68
|
let offset = 0;
|
|
1422
69
|
for (const arr of arrays) {
|
|
1423
|
-
|
|
70
|
+
output2.set(arr, offset);
|
|
1424
71
|
offset += arr.length;
|
|
1425
72
|
}
|
|
1426
|
-
return
|
|
73
|
+
return output2;
|
|
1427
74
|
}
|
|
1428
75
|
|
|
1429
76
|
// ../../node_modules/uint8arrays/esm/src/equals.js
|
|
@@ -1619,9 +266,9 @@ var Encoder = class {
|
|
|
1619
266
|
this.prefix = prefix;
|
|
1620
267
|
this.baseEncode = baseEncode;
|
|
1621
268
|
}
|
|
1622
|
-
encode(
|
|
1623
|
-
if (
|
|
1624
|
-
return `${this.prefix}${this.baseEncode(
|
|
269
|
+
encode(bytes2) {
|
|
270
|
+
if (bytes2 instanceof Uint8Array) {
|
|
271
|
+
return `${this.prefix}${this.baseEncode(bytes2)}`;
|
|
1625
272
|
} else {
|
|
1626
273
|
throw Error("Unknown type, must be binary type");
|
|
1627
274
|
}
|
|
@@ -2006,7 +653,7 @@ __export(sha2_exports, {
|
|
|
2006
653
|
sha256: () => sha256,
|
|
2007
654
|
sha512: () => sha512
|
|
2008
655
|
});
|
|
2009
|
-
var
|
|
656
|
+
var import_crypto = __toESM(require("crypto"), 1);
|
|
2010
657
|
|
|
2011
658
|
// ../../node_modules/multiformats/esm/vendor/varint.js
|
|
2012
659
|
var encode_1 = encode3;
|
|
@@ -2088,21 +735,21 @@ var create = (code2, digest2) => {
|
|
|
2088
735
|
const size = digest2.byteLength;
|
|
2089
736
|
const sizeOffset = encodingLength(code2);
|
|
2090
737
|
const digestOffset = sizeOffset + encodingLength(size);
|
|
2091
|
-
const
|
|
2092
|
-
encodeTo(code2,
|
|
2093
|
-
encodeTo(size,
|
|
2094
|
-
|
|
2095
|
-
return new Digest(code2, size, digest2,
|
|
738
|
+
const bytes2 = new Uint8Array(digestOffset + size);
|
|
739
|
+
encodeTo(code2, bytes2, 0);
|
|
740
|
+
encodeTo(size, bytes2, sizeOffset);
|
|
741
|
+
bytes2.set(digest2, digestOffset);
|
|
742
|
+
return new Digest(code2, size, digest2, bytes2);
|
|
2096
743
|
};
|
|
2097
744
|
var decode5 = (multihash) => {
|
|
2098
|
-
const
|
|
2099
|
-
const [code2, sizeOffset] = decode4(
|
|
2100
|
-
const [size, digestOffset] = decode4(
|
|
2101
|
-
const digest2 =
|
|
745
|
+
const bytes2 = coerce(multihash);
|
|
746
|
+
const [code2, sizeOffset] = decode4(bytes2);
|
|
747
|
+
const [size, digestOffset] = decode4(bytes2.subarray(sizeOffset));
|
|
748
|
+
const digest2 = bytes2.subarray(sizeOffset + digestOffset);
|
|
2102
749
|
if (digest2.byteLength !== size) {
|
|
2103
750
|
throw new Error("Incorrect length");
|
|
2104
751
|
}
|
|
2105
|
-
return new Digest(code2, size, digest2,
|
|
752
|
+
return new Digest(code2, size, digest2, bytes2);
|
|
2106
753
|
};
|
|
2107
754
|
var equals3 = (a, b) => {
|
|
2108
755
|
if (a === b) {
|
|
@@ -2112,11 +759,11 @@ var equals3 = (a, b) => {
|
|
|
2112
759
|
}
|
|
2113
760
|
};
|
|
2114
761
|
var Digest = class {
|
|
2115
|
-
constructor(code2, size, digest2,
|
|
762
|
+
constructor(code2, size, digest2, bytes2) {
|
|
2116
763
|
this.code = code2;
|
|
2117
764
|
this.size = size;
|
|
2118
765
|
this.digest = digest2;
|
|
2119
|
-
this.bytes =
|
|
766
|
+
this.bytes = bytes2;
|
|
2120
767
|
}
|
|
2121
768
|
};
|
|
2122
769
|
|
|
@@ -2142,12 +789,12 @@ var Hasher = class {
|
|
|
2142
789
|
var sha256 = from2({
|
|
2143
790
|
name: "sha2-256",
|
|
2144
791
|
code: 18,
|
|
2145
|
-
encode: (input) => coerce(
|
|
792
|
+
encode: (input) => coerce(import_crypto.default.createHash("sha256").update(input).digest())
|
|
2146
793
|
});
|
|
2147
794
|
var sha512 = from2({
|
|
2148
795
|
name: "sha2-512",
|
|
2149
796
|
code: 19,
|
|
2150
|
-
encode: (input) => coerce(
|
|
797
|
+
encode: (input) => coerce(import_crypto.default.createHash("sha512").update(input).digest())
|
|
2151
798
|
});
|
|
2152
799
|
|
|
2153
800
|
// ../../node_modules/multiformats/esm/src/hashes/identity.js
|
|
@@ -2172,13 +819,13 @@ var textDecoder = new TextDecoder();
|
|
|
2172
819
|
|
|
2173
820
|
// ../../node_modules/multiformats/esm/src/cid.js
|
|
2174
821
|
var CID = class {
|
|
2175
|
-
constructor(version2, code2, multihash,
|
|
822
|
+
constructor(version2, code2, multihash, bytes2) {
|
|
2176
823
|
this.code = code2;
|
|
2177
824
|
this.version = version2;
|
|
2178
825
|
this.multihash = multihash;
|
|
2179
|
-
this.bytes =
|
|
2180
|
-
this.byteOffset =
|
|
2181
|
-
this.byteLength =
|
|
826
|
+
this.bytes = bytes2;
|
|
827
|
+
this.byteOffset = bytes2.byteOffset;
|
|
828
|
+
this.byteLength = bytes2.byteLength;
|
|
2182
829
|
this.asCID = this;
|
|
2183
830
|
this._baseCache = /* @__PURE__ */ new Map();
|
|
2184
831
|
Object.defineProperties(this, {
|
|
@@ -2228,12 +875,12 @@ var CID = class {
|
|
|
2228
875
|
return other && this.code === other.code && this.version === other.version && equals3(this.multihash, other.multihash);
|
|
2229
876
|
}
|
|
2230
877
|
toString(base3) {
|
|
2231
|
-
const { bytes, version: version2, _baseCache } = this;
|
|
878
|
+
const { bytes: bytes2, version: version2, _baseCache } = this;
|
|
2232
879
|
switch (version2) {
|
|
2233
880
|
case 0:
|
|
2234
|
-
return toStringV0(
|
|
881
|
+
return toStringV0(bytes2, _baseCache, base3 || base58btc.encoder);
|
|
2235
882
|
default:
|
|
2236
|
-
return toStringV1(
|
|
883
|
+
return toStringV1(bytes2, _baseCache, base3 || base32.encoder);
|
|
2237
884
|
}
|
|
2238
885
|
}
|
|
2239
886
|
toJSON() {
|
|
@@ -2272,8 +919,8 @@ var CID = class {
|
|
|
2272
919
|
if (value instanceof CID) {
|
|
2273
920
|
return value;
|
|
2274
921
|
} else if (value != null && value.asCID === value) {
|
|
2275
|
-
const { version: version2, code: code2, multihash, bytes } = value;
|
|
2276
|
-
return new CID(version2, code2, multihash,
|
|
922
|
+
const { version: version2, code: code2, multihash, bytes: bytes2 } = value;
|
|
923
|
+
return new CID(version2, code2, multihash, bytes2 || encodeCID(version2, code2, multihash.bytes));
|
|
2277
924
|
} else if (value != null && value[cidSymbol] === true) {
|
|
2278
925
|
const { version: version2, multihash, code: code2 } = value;
|
|
2279
926
|
const digest2 = decode5(multihash);
|
|
@@ -2295,8 +942,8 @@ var CID = class {
|
|
|
2295
942
|
}
|
|
2296
943
|
}
|
|
2297
944
|
case 1: {
|
|
2298
|
-
const
|
|
2299
|
-
return new CID(version2, code2, digest2,
|
|
945
|
+
const bytes2 = encodeCID(version2, code2, digest2.bytes);
|
|
946
|
+
return new CID(version2, code2, digest2, bytes2);
|
|
2300
947
|
}
|
|
2301
948
|
default: {
|
|
2302
949
|
throw new Error("Invalid version");
|
|
@@ -2309,17 +956,17 @@ var CID = class {
|
|
|
2309
956
|
static createV1(code2, digest2) {
|
|
2310
957
|
return CID.create(1, code2, digest2);
|
|
2311
958
|
}
|
|
2312
|
-
static decode(
|
|
2313
|
-
const [cid, remainder] = CID.decodeFirst(
|
|
959
|
+
static decode(bytes2) {
|
|
960
|
+
const [cid, remainder] = CID.decodeFirst(bytes2);
|
|
2314
961
|
if (remainder.length) {
|
|
2315
962
|
throw new Error("Incorrect length");
|
|
2316
963
|
}
|
|
2317
964
|
return cid;
|
|
2318
965
|
}
|
|
2319
|
-
static decodeFirst(
|
|
2320
|
-
const specs = CID.inspectBytes(
|
|
966
|
+
static decodeFirst(bytes2) {
|
|
967
|
+
const specs = CID.inspectBytes(bytes2);
|
|
2321
968
|
const prefixSize = specs.size - specs.multihashSize;
|
|
2322
|
-
const multihashBytes = coerce(
|
|
969
|
+
const multihashBytes = coerce(bytes2.subarray(prefixSize, prefixSize + specs.multihashSize));
|
|
2323
970
|
if (multihashBytes.byteLength !== specs.multihashSize) {
|
|
2324
971
|
throw new Error("Incorrect length");
|
|
2325
972
|
}
|
|
@@ -2328,7 +975,7 @@ var CID = class {
|
|
|
2328
975
|
const cid = specs.version === 0 ? CID.createV0(digest2) : CID.createV1(specs.codec, digest2);
|
|
2329
976
|
return [
|
|
2330
977
|
cid,
|
|
2331
|
-
|
|
978
|
+
bytes2.subarray(specs.size)
|
|
2332
979
|
];
|
|
2333
980
|
}
|
|
2334
981
|
static inspectBytes(initialBytes) {
|
|
@@ -2364,8 +1011,8 @@ var CID = class {
|
|
|
2364
1011
|
};
|
|
2365
1012
|
}
|
|
2366
1013
|
static parse(source, base3) {
|
|
2367
|
-
const [prefix,
|
|
2368
|
-
const cid = CID.decode(
|
|
1014
|
+
const [prefix, bytes2] = parseCIDtoBytes(source, base3);
|
|
1015
|
+
const cid = CID.decode(bytes2);
|
|
2369
1016
|
cid._baseCache.set(prefix, source);
|
|
2370
1017
|
return cid;
|
|
2371
1018
|
}
|
|
@@ -2404,25 +1051,25 @@ var parseCIDtoBytes = (source, base3) => {
|
|
|
2404
1051
|
}
|
|
2405
1052
|
}
|
|
2406
1053
|
};
|
|
2407
|
-
var toStringV0 = (
|
|
1054
|
+
var toStringV0 = (bytes2, cache, base3) => {
|
|
2408
1055
|
const { prefix } = base3;
|
|
2409
1056
|
if (prefix !== base58btc.prefix) {
|
|
2410
1057
|
throw Error(`Cannot string encode V0 in ${base3.name} encoding`);
|
|
2411
1058
|
}
|
|
2412
1059
|
const cid = cache.get(prefix);
|
|
2413
1060
|
if (cid == null) {
|
|
2414
|
-
const cid2 = base3.encode(
|
|
1061
|
+
const cid2 = base3.encode(bytes2).slice(1);
|
|
2415
1062
|
cache.set(prefix, cid2);
|
|
2416
1063
|
return cid2;
|
|
2417
1064
|
} else {
|
|
2418
1065
|
return cid;
|
|
2419
1066
|
}
|
|
2420
1067
|
};
|
|
2421
|
-
var toStringV1 = (
|
|
1068
|
+
var toStringV1 = (bytes2, cache, base3) => {
|
|
2422
1069
|
const { prefix } = base3;
|
|
2423
1070
|
const cid = cache.get(prefix);
|
|
2424
1071
|
if (cid == null) {
|
|
2425
|
-
const cid2 = base3.encode(
|
|
1072
|
+
const cid2 = base3.encode(bytes2);
|
|
2426
1073
|
cache.set(prefix, cid2);
|
|
2427
1074
|
return cid2;
|
|
2428
1075
|
} else {
|
|
@@ -2434,11 +1081,11 @@ var SHA_256_CODE = 18;
|
|
|
2434
1081
|
var encodeCID = (version2, code2, multihash) => {
|
|
2435
1082
|
const codeOffset = encodingLength(version2);
|
|
2436
1083
|
const hashOffset = codeOffset + encodingLength(code2);
|
|
2437
|
-
const
|
|
2438
|
-
encodeTo(version2,
|
|
2439
|
-
encodeTo(code2,
|
|
2440
|
-
|
|
2441
|
-
return
|
|
1084
|
+
const bytes2 = new Uint8Array(hashOffset + multihash.byteLength);
|
|
1085
|
+
encodeTo(version2, bytes2, 0);
|
|
1086
|
+
encodeTo(code2, bytes2, codeOffset);
|
|
1087
|
+
bytes2.set(multihash, hashOffset);
|
|
1088
|
+
return bytes2;
|
|
2442
1089
|
};
|
|
2443
1090
|
var cidSymbol = Symbol.for("@ipld/js-cid/CID");
|
|
2444
1091
|
var readonly = {
|
|
@@ -2556,717 +1203,428 @@ function toString2(array, encoding = "utf8") {
|
|
|
2556
1203
|
return base3.encoder.encode(array).substring(1);
|
|
2557
1204
|
}
|
|
2558
1205
|
|
|
2559
|
-
//
|
|
2560
|
-
|
|
2561
|
-
|
|
2562
|
-
};
|
|
2563
|
-
|
|
2564
|
-
|
|
2565
|
-
|
|
2566
|
-
|
|
2567
|
-
|
|
2568
|
-
|
|
2569
|
-
|
|
2570
|
-
|
|
2571
|
-
|
|
2572
|
-
|
|
2573
|
-
|
|
2574
|
-
|
|
2575
|
-
|
|
2576
|
-
|
|
2577
|
-
|
|
2578
|
-
|
|
2579
|
-
|
|
2580
|
-
|
|
2581
|
-
|
|
2582
|
-
|
|
2583
|
-
|
|
2584
|
-
);
|
|
2585
|
-
|
|
2586
|
-
|
|
2587
|
-
|
|
2588
|
-
|
|
2589
|
-
|
|
2590
|
-
|
|
2591
|
-
{
|
|
2592
|
-
name: "AES-GCM",
|
|
2593
|
-
iv
|
|
2594
|
-
},
|
|
2595
|
-
this.key,
|
|
2596
|
-
dataBytes
|
|
2597
|
-
);
|
|
2598
|
-
const encryptedBytes = new Uint8Array(buf);
|
|
2599
|
-
const encrypted = toString2(
|
|
2600
|
-
concat([iv, encryptedBytes]),
|
|
2601
|
-
"base64pad"
|
|
2602
|
-
);
|
|
2603
|
-
return encrypted;
|
|
2604
|
-
}
|
|
2605
|
-
async decrypt(data) {
|
|
2606
|
-
const dataBytes = fromString2(data, "base64pad");
|
|
2607
|
-
const iv = dataBytes.slice(0, 12);
|
|
2608
|
-
const encrypted = dataBytes.slice(12);
|
|
2609
|
-
const buf = await webcrypto.subtle.decrypt(
|
|
2610
|
-
{
|
|
2611
|
-
name: "AES-GCM",
|
|
2612
|
-
iv
|
|
2613
|
-
},
|
|
2614
|
-
this.key,
|
|
2615
|
-
encrypted
|
|
2616
|
-
);
|
|
2617
|
-
const decryptedBytes = new Uint8Array(buf);
|
|
2618
|
-
return toString2(decryptedBytes, "utf8");
|
|
1206
|
+
// ../../node_modules/@noble/hashes/esm/_assert.js
|
|
1207
|
+
function number(n) {
|
|
1208
|
+
if (!Number.isSafeInteger(n) || n < 0)
|
|
1209
|
+
throw new Error(`Wrong positive integer: ${n}`);
|
|
1210
|
+
}
|
|
1211
|
+
function bool(b) {
|
|
1212
|
+
if (typeof b !== "boolean")
|
|
1213
|
+
throw new Error(`Expected boolean, not ${b}`);
|
|
1214
|
+
}
|
|
1215
|
+
function bytes(b, ...lengths) {
|
|
1216
|
+
if (!(b instanceof Uint8Array))
|
|
1217
|
+
throw new Error("Expected Uint8Array");
|
|
1218
|
+
if (lengths.length > 0 && !lengths.includes(b.length))
|
|
1219
|
+
throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
|
|
1220
|
+
}
|
|
1221
|
+
function hash(hash2) {
|
|
1222
|
+
if (typeof hash2 !== "function" || typeof hash2.create !== "function")
|
|
1223
|
+
throw new Error("Hash should be wrapped by utils.wrapConstructor");
|
|
1224
|
+
number(hash2.outputLen);
|
|
1225
|
+
number(hash2.blockLen);
|
|
1226
|
+
}
|
|
1227
|
+
function exists(instance, checkFinished = true) {
|
|
1228
|
+
if (instance.destroyed)
|
|
1229
|
+
throw new Error("Hash instance has been destroyed");
|
|
1230
|
+
if (checkFinished && instance.finished)
|
|
1231
|
+
throw new Error("Hash#digest() has already been called");
|
|
1232
|
+
}
|
|
1233
|
+
function output(out, instance) {
|
|
1234
|
+
bytes(out);
|
|
1235
|
+
const min = instance.outputLen;
|
|
1236
|
+
if (out.length < min) {
|
|
1237
|
+
throw new Error(`digestInto() expects output buffer of length at least ${min}`);
|
|
2619
1238
|
}
|
|
2620
|
-
}
|
|
1239
|
+
}
|
|
1240
|
+
var assert = {
|
|
1241
|
+
number,
|
|
1242
|
+
bool,
|
|
1243
|
+
bytes,
|
|
1244
|
+
hash,
|
|
1245
|
+
exists,
|
|
1246
|
+
output
|
|
1247
|
+
};
|
|
1248
|
+
var assert_default = assert;
|
|
2621
1249
|
|
|
2622
|
-
//
|
|
2623
|
-
var
|
|
2624
|
-
var
|
|
2625
|
-
var BASE58_DID_PREFIX = "did:key:z";
|
|
2626
|
-
var P256_JWT_ALG = "ES256";
|
|
2627
|
-
var SECP256K1_JWT_ALG = "ES256K";
|
|
1250
|
+
// ../../node_modules/@noble/hashes/esm/cryptoNode.js
|
|
1251
|
+
var nc = __toESM(require("node:crypto"), 1);
|
|
1252
|
+
var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : void 0;
|
|
2628
1253
|
|
|
2629
|
-
//
|
|
2630
|
-
var
|
|
2631
|
-
var
|
|
2632
|
-
|
|
2633
|
-
|
|
2634
|
-
|
|
2635
|
-
|
|
2636
|
-
|
|
2637
|
-
|
|
2638
|
-
|
|
2639
|
-
|
|
2640
|
-
|
|
2641
|
-
|
|
2642
|
-
|
|
2643
|
-
|
|
2644
|
-
|
|
2645
|
-
if (
|
|
2646
|
-
throw new Error(
|
|
2647
|
-
|
|
2648
|
-
|
|
2649
|
-
|
|
2650
|
-
const
|
|
2651
|
-
|
|
2652
|
-
|
|
2653
|
-
|
|
2654
|
-
|
|
2655
|
-
|
|
2656
|
-
|
|
2657
|
-
|
|
2658
|
-
|
|
2659
|
-
|
|
2660
|
-
|
|
2661
|
-
|
|
2662
|
-
|
|
2663
|
-
}
|
|
2664
|
-
|
|
1254
|
+
// ../../node_modules/@noble/hashes/esm/utils.js
|
|
1255
|
+
var u8a = (a) => a instanceof Uint8Array;
|
|
1256
|
+
var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
|
|
1257
|
+
var rotr = (word, shift) => word << 32 - shift | word >>> shift;
|
|
1258
|
+
var isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
|
|
1259
|
+
if (!isLE)
|
|
1260
|
+
throw new Error("Non little-endian hardware is not supported");
|
|
1261
|
+
var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
|
|
1262
|
+
function utf8ToBytes(str) {
|
|
1263
|
+
if (typeof str !== "string")
|
|
1264
|
+
throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
|
|
1265
|
+
return new Uint8Array(new TextEncoder().encode(str));
|
|
1266
|
+
}
|
|
1267
|
+
function toBytes(data) {
|
|
1268
|
+
if (typeof data === "string")
|
|
1269
|
+
data = utf8ToBytes(data);
|
|
1270
|
+
if (!u8a(data))
|
|
1271
|
+
throw new Error(`expected Uint8Array, got ${typeof data}`);
|
|
1272
|
+
return data;
|
|
1273
|
+
}
|
|
1274
|
+
function concatBytes(...arrays) {
|
|
1275
|
+
const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
|
|
1276
|
+
let pad = 0;
|
|
1277
|
+
arrays.forEach((a) => {
|
|
1278
|
+
if (!u8a(a))
|
|
1279
|
+
throw new Error("Uint8Array expected");
|
|
1280
|
+
r.set(a, pad);
|
|
1281
|
+
pad += a.length;
|
|
1282
|
+
});
|
|
1283
|
+
return r;
|
|
1284
|
+
}
|
|
1285
|
+
var Hash = class {
|
|
1286
|
+
clone() {
|
|
1287
|
+
return this._cloneInto();
|
|
1288
|
+
}
|
|
1289
|
+
};
|
|
1290
|
+
function wrapConstructor(hashCons) {
|
|
1291
|
+
const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
|
|
1292
|
+
const tmp = hashCons();
|
|
1293
|
+
hashC.outputLen = tmp.outputLen;
|
|
1294
|
+
hashC.blockLen = tmp.blockLen;
|
|
1295
|
+
hashC.create = () => hashCons();
|
|
1296
|
+
return hashC;
|
|
1297
|
+
}
|
|
1298
|
+
function randomBytes(bytesLength = 32) {
|
|
1299
|
+
if (crypto2 && typeof crypto2.getRandomValues === "function") {
|
|
1300
|
+
return crypto2.getRandomValues(new Uint8Array(bytesLength));
|
|
2665
1301
|
}
|
|
2666
|
-
|
|
2667
|
-
|
|
2668
|
-
const yPadded = new Uint8Array(32);
|
|
2669
|
-
yPadded.set(y, offset);
|
|
2670
|
-
const publicKey = concat([[4], x, yPadded]);
|
|
2671
|
-
return publicKey;
|
|
2672
|
-
};
|
|
1302
|
+
throw new Error("crypto.getRandomValues must be defined");
|
|
1303
|
+
}
|
|
2673
1304
|
|
|
2674
|
-
// ../../node_modules/@noble/
|
|
2675
|
-
var
|
|
1305
|
+
// ../../node_modules/@noble/hashes/esm/hmac.js
|
|
1306
|
+
var HMAC = class extends Hash {
|
|
1307
|
+
constructor(hash2, _key) {
|
|
1308
|
+
super();
|
|
1309
|
+
this.finished = false;
|
|
1310
|
+
this.destroyed = false;
|
|
1311
|
+
assert_default.hash(hash2);
|
|
1312
|
+
const key = toBytes(_key);
|
|
1313
|
+
this.iHash = hash2.create();
|
|
1314
|
+
if (typeof this.iHash.update !== "function")
|
|
1315
|
+
throw new Error("Expected instance of class which extends utils.Hash");
|
|
1316
|
+
this.blockLen = this.iHash.blockLen;
|
|
1317
|
+
this.outputLen = this.iHash.outputLen;
|
|
1318
|
+
const blockLen = this.blockLen;
|
|
1319
|
+
const pad = new Uint8Array(blockLen);
|
|
1320
|
+
pad.set(key.length > blockLen ? hash2.create().update(key).digest() : key);
|
|
1321
|
+
for (let i = 0; i < pad.length; i++)
|
|
1322
|
+
pad[i] ^= 54;
|
|
1323
|
+
this.iHash.update(pad);
|
|
1324
|
+
this.oHash = hash2.create();
|
|
1325
|
+
for (let i = 0; i < pad.length; i++)
|
|
1326
|
+
pad[i] ^= 54 ^ 92;
|
|
1327
|
+
this.oHash.update(pad);
|
|
1328
|
+
pad.fill(0);
|
|
1329
|
+
}
|
|
1330
|
+
update(buf) {
|
|
1331
|
+
assert_default.exists(this);
|
|
1332
|
+
this.iHash.update(buf);
|
|
1333
|
+
return this;
|
|
1334
|
+
}
|
|
1335
|
+
digestInto(out) {
|
|
1336
|
+
assert_default.exists(this);
|
|
1337
|
+
assert_default.bytes(out, this.outputLen);
|
|
1338
|
+
this.finished = true;
|
|
1339
|
+
this.iHash.digestInto(out);
|
|
1340
|
+
this.oHash.update(out);
|
|
1341
|
+
this.oHash.digestInto(out);
|
|
1342
|
+
this.destroy();
|
|
1343
|
+
}
|
|
1344
|
+
digest() {
|
|
1345
|
+
const out = new Uint8Array(this.oHash.outputLen);
|
|
1346
|
+
this.digestInto(out);
|
|
1347
|
+
return out;
|
|
1348
|
+
}
|
|
1349
|
+
_cloneInto(to) {
|
|
1350
|
+
to || (to = Object.create(Object.getPrototypeOf(this), {}));
|
|
1351
|
+
const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
|
|
1352
|
+
to = to;
|
|
1353
|
+
to.finished = finished;
|
|
1354
|
+
to.destroyed = destroyed;
|
|
1355
|
+
to.blockLen = blockLen;
|
|
1356
|
+
to.outputLen = outputLen;
|
|
1357
|
+
to.oHash = oHash._cloneInto(to.oHash);
|
|
1358
|
+
to.iHash = iHash._cloneInto(to.iHash);
|
|
1359
|
+
return to;
|
|
1360
|
+
}
|
|
1361
|
+
destroy() {
|
|
1362
|
+
this.destroyed = true;
|
|
1363
|
+
this.oHash.destroy();
|
|
1364
|
+
this.iHash.destroy();
|
|
1365
|
+
}
|
|
1366
|
+
};
|
|
1367
|
+
var hmac = (hash2, key, message) => new HMAC(hash2, key).update(message).digest();
|
|
1368
|
+
hmac.create = (hash2, key) => new HMAC(hash2, key);
|
|
1369
|
+
|
|
1370
|
+
// ../../node_modules/@noble/curves/esm/abstract/utils.js
|
|
1371
|
+
var utils_exports = {};
|
|
1372
|
+
__export(utils_exports, {
|
|
1373
|
+
bitGet: () => bitGet,
|
|
1374
|
+
bitLen: () => bitLen,
|
|
1375
|
+
bitMask: () => bitMask,
|
|
1376
|
+
bitSet: () => bitSet,
|
|
1377
|
+
bytesToHex: () => bytesToHex,
|
|
1378
|
+
bytesToNumberBE: () => bytesToNumberBE,
|
|
1379
|
+
bytesToNumberLE: () => bytesToNumberLE,
|
|
1380
|
+
concatBytes: () => concatBytes2,
|
|
1381
|
+
createHmacDrbg: () => createHmacDrbg,
|
|
1382
|
+
ensureBytes: () => ensureBytes,
|
|
1383
|
+
equalBytes: () => equalBytes,
|
|
1384
|
+
hexToBytes: () => hexToBytes,
|
|
1385
|
+
hexToNumber: () => hexToNumber,
|
|
1386
|
+
numberToBytesBE: () => numberToBytesBE,
|
|
1387
|
+
numberToBytesLE: () => numberToBytesLE,
|
|
1388
|
+
numberToHexUnpadded: () => numberToHexUnpadded,
|
|
1389
|
+
numberToVarBytesBE: () => numberToVarBytesBE,
|
|
1390
|
+
utf8ToBytes: () => utf8ToBytes2,
|
|
1391
|
+
validateObject: () => validateObject
|
|
1392
|
+
});
|
|
2676
1393
|
var _0n = BigInt(0);
|
|
2677
1394
|
var _1n = BigInt(1);
|
|
2678
1395
|
var _2n = BigInt(2);
|
|
2679
|
-
var
|
|
2680
|
-
var
|
|
2681
|
-
|
|
2682
|
-
|
|
2683
|
-
|
|
2684
|
-
|
|
2685
|
-
|
|
2686
|
-
|
|
2687
|
-
Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
|
|
2688
|
-
Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
|
|
2689
|
-
beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee")
|
|
2690
|
-
});
|
|
2691
|
-
function weistrass(x) {
|
|
2692
|
-
const { a, b } = CURVE;
|
|
2693
|
-
const x2 = mod(x * x);
|
|
2694
|
-
const x3 = mod(x2 * x);
|
|
2695
|
-
return mod(x3 + a * x + b);
|
|
2696
|
-
}
|
|
2697
|
-
var USE_ENDOMORPHISM = CURVE.a === _0n;
|
|
2698
|
-
var ShaError = class extends Error {
|
|
2699
|
-
constructor(message) {
|
|
2700
|
-
super(message);
|
|
1396
|
+
var u8a2 = (a) => a instanceof Uint8Array;
|
|
1397
|
+
var hexes2 = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
|
|
1398
|
+
function bytesToHex(bytes2) {
|
|
1399
|
+
if (!u8a2(bytes2))
|
|
1400
|
+
throw new Error("Uint8Array expected");
|
|
1401
|
+
let hex = "";
|
|
1402
|
+
for (let i = 0; i < bytes2.length; i++) {
|
|
1403
|
+
hex += hexes2[bytes2[i]];
|
|
2701
1404
|
}
|
|
2702
|
-
|
|
2703
|
-
|
|
2704
|
-
|
|
2705
|
-
|
|
2706
|
-
|
|
2707
|
-
|
|
1405
|
+
return hex;
|
|
1406
|
+
}
|
|
1407
|
+
function numberToHexUnpadded(num) {
|
|
1408
|
+
const hex = num.toString(16);
|
|
1409
|
+
return hex.length & 1 ? `0${hex}` : hex;
|
|
1410
|
+
}
|
|
1411
|
+
function hexToNumber(hex) {
|
|
1412
|
+
if (typeof hex !== "string")
|
|
1413
|
+
throw new Error("hex string expected, got " + typeof hex);
|
|
1414
|
+
return BigInt(hex === "" ? "0" : `0x${hex}`);
|
|
1415
|
+
}
|
|
1416
|
+
function hexToBytes(hex) {
|
|
1417
|
+
if (typeof hex !== "string")
|
|
1418
|
+
throw new Error("hex string expected, got " + typeof hex);
|
|
1419
|
+
const len = hex.length;
|
|
1420
|
+
if (len % 2)
|
|
1421
|
+
throw new Error("padded hex string expected, got unpadded hex of length " + len);
|
|
1422
|
+
const array = new Uint8Array(len / 2);
|
|
1423
|
+
for (let i = 0; i < array.length; i++) {
|
|
1424
|
+
const j = i * 2;
|
|
1425
|
+
const hexByte = hex.slice(j, j + 2);
|
|
1426
|
+
const byte = Number.parseInt(hexByte, 16);
|
|
1427
|
+
if (Number.isNaN(byte) || byte < 0)
|
|
1428
|
+
throw new Error("Invalid byte sequence");
|
|
1429
|
+
array[i] = byte;
|
|
2708
1430
|
}
|
|
2709
|
-
|
|
2710
|
-
|
|
2711
|
-
|
|
1431
|
+
return array;
|
|
1432
|
+
}
|
|
1433
|
+
function bytesToNumberBE(bytes2) {
|
|
1434
|
+
return hexToNumber(bytesToHex(bytes2));
|
|
1435
|
+
}
|
|
1436
|
+
function bytesToNumberLE(bytes2) {
|
|
1437
|
+
if (!u8a2(bytes2))
|
|
1438
|
+
throw new Error("Uint8Array expected");
|
|
1439
|
+
return hexToNumber(bytesToHex(Uint8Array.from(bytes2).reverse()));
|
|
1440
|
+
}
|
|
1441
|
+
function numberToBytesBE(n, len) {
|
|
1442
|
+
return hexToBytes(n.toString(16).padStart(len * 2, "0"));
|
|
1443
|
+
}
|
|
1444
|
+
function numberToBytesLE(n, len) {
|
|
1445
|
+
return numberToBytesBE(n, len).reverse();
|
|
1446
|
+
}
|
|
1447
|
+
function numberToVarBytesBE(n) {
|
|
1448
|
+
return hexToBytes(numberToHexUnpadded(n));
|
|
1449
|
+
}
|
|
1450
|
+
function ensureBytes(title, hex, expectedLength) {
|
|
1451
|
+
let res;
|
|
1452
|
+
if (typeof hex === "string") {
|
|
1453
|
+
try {
|
|
1454
|
+
res = hexToBytes(hex);
|
|
1455
|
+
} catch (e) {
|
|
1456
|
+
throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
|
|
2712
1457
|
}
|
|
2713
|
-
|
|
2714
|
-
|
|
2715
|
-
|
|
2716
|
-
|
|
2717
|
-
return points.map((p, i) => p.toAffine(toInv[i]));
|
|
2718
|
-
}
|
|
2719
|
-
static normalizeZ(points) {
|
|
2720
|
-
return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
|
|
1458
|
+
} else if (u8a2(hex)) {
|
|
1459
|
+
res = Uint8Array.from(hex);
|
|
1460
|
+
} else {
|
|
1461
|
+
throw new Error(`${title} must be hex string or Uint8Array`);
|
|
2721
1462
|
}
|
|
2722
|
-
|
|
2723
|
-
|
|
2724
|
-
|
|
2725
|
-
|
|
2726
|
-
|
|
2727
|
-
|
|
2728
|
-
|
|
2729
|
-
|
|
2730
|
-
|
|
2731
|
-
|
|
2732
|
-
|
|
2733
|
-
|
|
2734
|
-
|
|
2735
|
-
|
|
2736
|
-
|
|
2737
|
-
|
|
2738
|
-
|
|
2739
|
-
|
|
2740
|
-
|
|
2741
|
-
|
|
2742
|
-
|
|
2743
|
-
|
|
2744
|
-
|
|
2745
|
-
|
|
2746
|
-
|
|
2747
|
-
|
|
2748
|
-
|
|
2749
|
-
|
|
2750
|
-
|
|
2751
|
-
|
|
2752
|
-
|
|
2753
|
-
|
|
2754
|
-
|
|
2755
|
-
|
|
2756
|
-
|
|
2757
|
-
|
|
2758
|
-
|
|
2759
|
-
|
|
2760
|
-
|
|
2761
|
-
|
|
2762
|
-
|
|
2763
|
-
|
|
2764
|
-
|
|
2765
|
-
|
|
2766
|
-
|
|
2767
|
-
|
|
2768
|
-
|
|
2769
|
-
|
|
2770
|
-
|
|
2771
|
-
|
|
2772
|
-
|
|
2773
|
-
|
|
2774
|
-
|
|
1463
|
+
const len = res.length;
|
|
1464
|
+
if (typeof expectedLength === "number" && len !== expectedLength)
|
|
1465
|
+
throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
|
|
1466
|
+
return res;
|
|
1467
|
+
}
|
|
1468
|
+
function concatBytes2(...arrays) {
|
|
1469
|
+
const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
|
|
1470
|
+
let pad = 0;
|
|
1471
|
+
arrays.forEach((a) => {
|
|
1472
|
+
if (!u8a2(a))
|
|
1473
|
+
throw new Error("Uint8Array expected");
|
|
1474
|
+
r.set(a, pad);
|
|
1475
|
+
pad += a.length;
|
|
1476
|
+
});
|
|
1477
|
+
return r;
|
|
1478
|
+
}
|
|
1479
|
+
function equalBytes(b1, b2) {
|
|
1480
|
+
if (b1.length !== b2.length)
|
|
1481
|
+
return false;
|
|
1482
|
+
for (let i = 0; i < b1.length; i++)
|
|
1483
|
+
if (b1[i] !== b2[i])
|
|
1484
|
+
return false;
|
|
1485
|
+
return true;
|
|
1486
|
+
}
|
|
1487
|
+
function utf8ToBytes2(str) {
|
|
1488
|
+
if (typeof str !== "string")
|
|
1489
|
+
throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
|
|
1490
|
+
return new Uint8Array(new TextEncoder().encode(str));
|
|
1491
|
+
}
|
|
1492
|
+
function bitLen(n) {
|
|
1493
|
+
let len;
|
|
1494
|
+
for (len = 0; n > _0n; n >>= _1n, len += 1)
|
|
1495
|
+
;
|
|
1496
|
+
return len;
|
|
1497
|
+
}
|
|
1498
|
+
function bitGet(n, pos) {
|
|
1499
|
+
return n >> BigInt(pos) & _1n;
|
|
1500
|
+
}
|
|
1501
|
+
var bitSet = (n, pos, value) => {
|
|
1502
|
+
return n | (value ? _1n : _0n) << BigInt(pos);
|
|
1503
|
+
};
|
|
1504
|
+
var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
|
|
1505
|
+
var u8n = (data) => new Uint8Array(data);
|
|
1506
|
+
var u8fr = (arr) => Uint8Array.from(arr);
|
|
1507
|
+
function createHmacDrbg(hashLen, qByteLen, hmacFn) {
|
|
1508
|
+
if (typeof hashLen !== "number" || hashLen < 2)
|
|
1509
|
+
throw new Error("hashLen must be a number");
|
|
1510
|
+
if (typeof qByteLen !== "number" || qByteLen < 2)
|
|
1511
|
+
throw new Error("qByteLen must be a number");
|
|
1512
|
+
if (typeof hmacFn !== "function")
|
|
1513
|
+
throw new Error("hmacFn must be a function");
|
|
1514
|
+
let v = u8n(hashLen);
|
|
1515
|
+
let k = u8n(hashLen);
|
|
1516
|
+
let i = 0;
|
|
1517
|
+
const reset = () => {
|
|
1518
|
+
v.fill(1);
|
|
1519
|
+
k.fill(0);
|
|
1520
|
+
i = 0;
|
|
1521
|
+
};
|
|
1522
|
+
const h = (...b) => hmacFn(k, v, ...b);
|
|
1523
|
+
const reseed = (seed = u8n()) => {
|
|
1524
|
+
k = h(u8fr([0]), seed);
|
|
1525
|
+
v = h();
|
|
1526
|
+
if (seed.length === 0)
|
|
1527
|
+
return;
|
|
1528
|
+
k = h(u8fr([1]), seed);
|
|
1529
|
+
v = h();
|
|
1530
|
+
};
|
|
1531
|
+
const gen = () => {
|
|
1532
|
+
if (i++ >= 1e3)
|
|
1533
|
+
throw new Error("drbg: tried 1000 values");
|
|
1534
|
+
let len = 0;
|
|
1535
|
+
const out = [];
|
|
1536
|
+
while (len < qByteLen) {
|
|
1537
|
+
v = h();
|
|
1538
|
+
const sl = v.slice();
|
|
1539
|
+
out.push(sl);
|
|
1540
|
+
len += v.length;
|
|
1541
|
+
}
|
|
1542
|
+
return concatBytes2(...out);
|
|
1543
|
+
};
|
|
1544
|
+
const genUntil = (seed, pred) => {
|
|
1545
|
+
reset();
|
|
1546
|
+
reseed(seed);
|
|
1547
|
+
let res = void 0;
|
|
1548
|
+
while (!(res = pred(gen())))
|
|
1549
|
+
reseed();
|
|
1550
|
+
reset();
|
|
1551
|
+
return res;
|
|
1552
|
+
};
|
|
1553
|
+
return genUntil;
|
|
1554
|
+
}
|
|
1555
|
+
var validatorFns = {
|
|
1556
|
+
bigint: (val) => typeof val === "bigint",
|
|
1557
|
+
function: (val) => typeof val === "function",
|
|
1558
|
+
boolean: (val) => typeof val === "boolean",
|
|
1559
|
+
string: (val) => typeof val === "string",
|
|
1560
|
+
isSafeInteger: (val) => Number.isSafeInteger(val),
|
|
1561
|
+
array: (val) => Array.isArray(val),
|
|
1562
|
+
field: (val, object) => object.Fp.isValid(val),
|
|
1563
|
+
hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
|
|
1564
|
+
};
|
|
1565
|
+
function validateObject(object, validators, optValidators = {}) {
|
|
1566
|
+
const checkField = (fieldName, type, isOptional) => {
|
|
1567
|
+
const checkVal = validatorFns[type];
|
|
1568
|
+
if (typeof checkVal !== "function")
|
|
1569
|
+
throw new Error(`Invalid validator "${type}", expected function`);
|
|
1570
|
+
const val = object[fieldName];
|
|
1571
|
+
if (isOptional && val === void 0)
|
|
1572
|
+
return;
|
|
1573
|
+
if (!checkVal(val, object)) {
|
|
1574
|
+
throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
|
|
2775
1575
|
}
|
|
2776
|
-
|
|
2777
|
-
|
|
2778
|
-
|
|
2779
|
-
|
|
2780
|
-
|
|
2781
|
-
|
|
2782
|
-
return new JacobianPoint(X3, Y3, Z3);
|
|
2783
|
-
}
|
|
2784
|
-
subtract(other) {
|
|
2785
|
-
return this.add(other.negate());
|
|
2786
|
-
}
|
|
2787
|
-
multiplyUnsafe(scalar) {
|
|
2788
|
-
const P0 = JacobianPoint.ZERO;
|
|
2789
|
-
if (typeof scalar === "bigint" && scalar === _0n)
|
|
2790
|
-
return P0;
|
|
2791
|
-
let n = normalizeScalar(scalar);
|
|
2792
|
-
if (n === _1n)
|
|
2793
|
-
return this;
|
|
2794
|
-
if (!USE_ENDOMORPHISM) {
|
|
2795
|
-
let p = P0;
|
|
2796
|
-
let d2 = this;
|
|
2797
|
-
while (n > _0n) {
|
|
2798
|
-
if (n & _1n)
|
|
2799
|
-
p = p.add(d2);
|
|
2800
|
-
d2 = d2.double();
|
|
2801
|
-
n >>= _1n;
|
|
2802
|
-
}
|
|
2803
|
-
return p;
|
|
2804
|
-
}
|
|
2805
|
-
let { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
|
|
2806
|
-
let k1p = P0;
|
|
2807
|
-
let k2p = P0;
|
|
2808
|
-
let d = this;
|
|
2809
|
-
while (k1 > _0n || k2 > _0n) {
|
|
2810
|
-
if (k1 & _1n)
|
|
2811
|
-
k1p = k1p.add(d);
|
|
2812
|
-
if (k2 & _1n)
|
|
2813
|
-
k2p = k2p.add(d);
|
|
2814
|
-
d = d.double();
|
|
2815
|
-
k1 >>= _1n;
|
|
2816
|
-
k2 >>= _1n;
|
|
2817
|
-
}
|
|
2818
|
-
if (k1neg)
|
|
2819
|
-
k1p = k1p.negate();
|
|
2820
|
-
if (k2neg)
|
|
2821
|
-
k2p = k2p.negate();
|
|
2822
|
-
k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
|
|
2823
|
-
return k1p.add(k2p);
|
|
2824
|
-
}
|
|
2825
|
-
precomputeWindow(W) {
|
|
2826
|
-
const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
|
|
2827
|
-
const points = [];
|
|
2828
|
-
let p = this;
|
|
2829
|
-
let base3 = p;
|
|
2830
|
-
for (let window = 0; window < windows; window++) {
|
|
2831
|
-
base3 = p;
|
|
2832
|
-
points.push(base3);
|
|
2833
|
-
for (let i = 1; i < 2 ** (W - 1); i++) {
|
|
2834
|
-
base3 = base3.add(p);
|
|
2835
|
-
points.push(base3);
|
|
2836
|
-
}
|
|
2837
|
-
p = base3.double();
|
|
2838
|
-
}
|
|
2839
|
-
return points;
|
|
2840
|
-
}
|
|
2841
|
-
wNAF(n, affinePoint) {
|
|
2842
|
-
if (!affinePoint && this.equals(JacobianPoint.BASE))
|
|
2843
|
-
affinePoint = Point.BASE;
|
|
2844
|
-
const W = affinePoint && affinePoint._WINDOW_SIZE || 1;
|
|
2845
|
-
if (256 % W) {
|
|
2846
|
-
throw new Error("Point#wNAF: Invalid precomputation window, must be power of 2");
|
|
2847
|
-
}
|
|
2848
|
-
let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
|
|
2849
|
-
if (!precomputes) {
|
|
2850
|
-
precomputes = this.precomputeWindow(W);
|
|
2851
|
-
if (affinePoint && W !== 1) {
|
|
2852
|
-
precomputes = JacobianPoint.normalizeZ(precomputes);
|
|
2853
|
-
pointPrecomputes.set(affinePoint, precomputes);
|
|
2854
|
-
}
|
|
2855
|
-
}
|
|
2856
|
-
let p = JacobianPoint.ZERO;
|
|
2857
|
-
let f = JacobianPoint.ZERO;
|
|
2858
|
-
const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
|
|
2859
|
-
const windowSize = 2 ** (W - 1);
|
|
2860
|
-
const mask = BigInt(2 ** W - 1);
|
|
2861
|
-
const maxNumber = 2 ** W;
|
|
2862
|
-
const shiftBy = BigInt(W);
|
|
2863
|
-
for (let window = 0; window < windows; window++) {
|
|
2864
|
-
const offset = window * windowSize;
|
|
2865
|
-
let wbits = Number(n & mask);
|
|
2866
|
-
n >>= shiftBy;
|
|
2867
|
-
if (wbits > windowSize) {
|
|
2868
|
-
wbits -= maxNumber;
|
|
2869
|
-
n += _1n;
|
|
2870
|
-
}
|
|
2871
|
-
if (wbits === 0) {
|
|
2872
|
-
let pr = precomputes[offset];
|
|
2873
|
-
if (window % 2)
|
|
2874
|
-
pr = pr.negate();
|
|
2875
|
-
f = f.add(pr);
|
|
2876
|
-
} else {
|
|
2877
|
-
let cached = precomputes[offset + Math.abs(wbits) - 1];
|
|
2878
|
-
if (wbits < 0)
|
|
2879
|
-
cached = cached.negate();
|
|
2880
|
-
p = p.add(cached);
|
|
2881
|
-
}
|
|
2882
|
-
}
|
|
2883
|
-
return { p, f };
|
|
2884
|
-
}
|
|
2885
|
-
multiply(scalar, affinePoint) {
|
|
2886
|
-
let n = normalizeScalar(scalar);
|
|
2887
|
-
let point;
|
|
2888
|
-
let fake;
|
|
2889
|
-
if (USE_ENDOMORPHISM) {
|
|
2890
|
-
const { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
|
|
2891
|
-
let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
|
|
2892
|
-
let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
|
|
2893
|
-
if (k1neg)
|
|
2894
|
-
k1p = k1p.negate();
|
|
2895
|
-
if (k2neg)
|
|
2896
|
-
k2p = k2p.negate();
|
|
2897
|
-
k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
|
|
2898
|
-
point = k1p.add(k2p);
|
|
2899
|
-
fake = f1p.add(f2p);
|
|
2900
|
-
} else {
|
|
2901
|
-
const { p, f } = this.wNAF(n, affinePoint);
|
|
2902
|
-
point = p;
|
|
2903
|
-
fake = f;
|
|
2904
|
-
}
|
|
2905
|
-
return JacobianPoint.normalizeZ([point, fake])[0];
|
|
2906
|
-
}
|
|
2907
|
-
toAffine(invZ = invert(this.z)) {
|
|
2908
|
-
const { x, y, z } = this;
|
|
2909
|
-
const iz1 = invZ;
|
|
2910
|
-
const iz2 = mod(iz1 * iz1);
|
|
2911
|
-
const iz3 = mod(iz2 * iz1);
|
|
2912
|
-
const ax = mod(x * iz2);
|
|
2913
|
-
const ay = mod(y * iz3);
|
|
2914
|
-
const zz = mod(z * iz1);
|
|
2915
|
-
if (zz !== _1n)
|
|
2916
|
-
throw new Error("invZ was invalid");
|
|
2917
|
-
return new Point(ax, ay);
|
|
2918
|
-
}
|
|
2919
|
-
};
|
|
2920
|
-
JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
|
|
2921
|
-
JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
|
|
2922
|
-
var pointPrecomputes = /* @__PURE__ */ new WeakMap();
|
|
2923
|
-
var Point = class {
|
|
2924
|
-
constructor(x, y) {
|
|
2925
|
-
this.x = x;
|
|
2926
|
-
this.y = y;
|
|
2927
|
-
}
|
|
2928
|
-
_setWindowSize(windowSize) {
|
|
2929
|
-
this._WINDOW_SIZE = windowSize;
|
|
2930
|
-
pointPrecomputes.delete(this);
|
|
2931
|
-
}
|
|
2932
|
-
hasEvenY() {
|
|
2933
|
-
return this.y % _2n === _0n;
|
|
2934
|
-
}
|
|
2935
|
-
static fromCompressedHex(bytes) {
|
|
2936
|
-
const isShort = bytes.length === 32;
|
|
2937
|
-
const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
|
|
2938
|
-
if (!isValidFieldElement(x))
|
|
2939
|
-
throw new Error("Point is not on curve");
|
|
2940
|
-
const y2 = weistrass(x);
|
|
2941
|
-
let y = sqrtMod(y2);
|
|
2942
|
-
const isYOdd = (y & _1n) === _1n;
|
|
2943
|
-
if (isShort) {
|
|
2944
|
-
if (isYOdd)
|
|
2945
|
-
y = mod(-y);
|
|
2946
|
-
} else {
|
|
2947
|
-
const isFirstByteOdd = (bytes[0] & 1) === 1;
|
|
2948
|
-
if (isFirstByteOdd !== isYOdd)
|
|
2949
|
-
y = mod(-y);
|
|
2950
|
-
}
|
|
2951
|
-
const point = new Point(x, y);
|
|
2952
|
-
point.assertValidity();
|
|
2953
|
-
return point;
|
|
2954
|
-
}
|
|
2955
|
-
static fromUncompressedHex(bytes) {
|
|
2956
|
-
const x = bytesToNumber(bytes.subarray(1, 33));
|
|
2957
|
-
const y = bytesToNumber(bytes.subarray(33, 65));
|
|
2958
|
-
const point = new Point(x, y);
|
|
2959
|
-
point.assertValidity();
|
|
2960
|
-
return point;
|
|
2961
|
-
}
|
|
2962
|
-
static fromHex(hex) {
|
|
2963
|
-
const bytes = ensureBytes(hex);
|
|
2964
|
-
const len = bytes.length;
|
|
2965
|
-
const header = bytes[0];
|
|
2966
|
-
if (len === 32 || len === 33 && (header === 2 || header === 3)) {
|
|
2967
|
-
return this.fromCompressedHex(bytes);
|
|
2968
|
-
}
|
|
2969
|
-
if (len === 65 && header === 4)
|
|
2970
|
-
return this.fromUncompressedHex(bytes);
|
|
2971
|
-
throw new Error(`Point.fromHex: received invalid point. Expected 32-33 compressed bytes or 65 uncompressed bytes, not ${len}`);
|
|
2972
|
-
}
|
|
2973
|
-
static fromPrivateKey(privateKey) {
|
|
2974
|
-
return Point.BASE.multiply(normalizePrivateKey(privateKey));
|
|
2975
|
-
}
|
|
2976
|
-
static fromSignature(msgHash, signature, recovery) {
|
|
2977
|
-
msgHash = ensureBytes(msgHash);
|
|
2978
|
-
const h = truncateHash(msgHash);
|
|
2979
|
-
const { r, s } = normalizeSignature(signature);
|
|
2980
|
-
if (recovery !== 0 && recovery !== 1) {
|
|
2981
|
-
throw new Error("Cannot recover signature: invalid recovery bit");
|
|
2982
|
-
}
|
|
2983
|
-
const prefix = recovery & 1 ? "03" : "02";
|
|
2984
|
-
const R = Point.fromHex(prefix + numTo32bStr(r));
|
|
2985
|
-
const { n } = CURVE;
|
|
2986
|
-
const rinv = invert(r, n);
|
|
2987
|
-
const u1 = mod(-h * rinv, n);
|
|
2988
|
-
const u2 = mod(s * rinv, n);
|
|
2989
|
-
const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
|
|
2990
|
-
if (!Q)
|
|
2991
|
-
throw new Error("Cannot recover signature: point at infinify");
|
|
2992
|
-
Q.assertValidity();
|
|
2993
|
-
return Q;
|
|
2994
|
-
}
|
|
2995
|
-
toRawBytes(isCompressed = false) {
|
|
2996
|
-
return hexToBytes(this.toHex(isCompressed));
|
|
2997
|
-
}
|
|
2998
|
-
toHex(isCompressed = false) {
|
|
2999
|
-
const x = numTo32bStr(this.x);
|
|
3000
|
-
if (isCompressed) {
|
|
3001
|
-
const prefix = this.hasEvenY() ? "02" : "03";
|
|
3002
|
-
return `${prefix}${x}`;
|
|
3003
|
-
} else {
|
|
3004
|
-
return `04${x}${numTo32bStr(this.y)}`;
|
|
3005
|
-
}
|
|
3006
|
-
}
|
|
3007
|
-
toHexX() {
|
|
3008
|
-
return this.toHex(true).slice(2);
|
|
3009
|
-
}
|
|
3010
|
-
toRawX() {
|
|
3011
|
-
return this.toRawBytes(true).slice(1);
|
|
3012
|
-
}
|
|
3013
|
-
assertValidity() {
|
|
3014
|
-
const msg = "Point is not on elliptic curve";
|
|
3015
|
-
const { x, y } = this;
|
|
3016
|
-
if (!isValidFieldElement(x) || !isValidFieldElement(y))
|
|
3017
|
-
throw new Error(msg);
|
|
3018
|
-
const left = mod(y * y);
|
|
3019
|
-
const right = weistrass(x);
|
|
3020
|
-
if (mod(left - right) !== _0n)
|
|
3021
|
-
throw new Error(msg);
|
|
3022
|
-
}
|
|
3023
|
-
equals(other) {
|
|
3024
|
-
return this.x === other.x && this.y === other.y;
|
|
3025
|
-
}
|
|
3026
|
-
negate() {
|
|
3027
|
-
return new Point(this.x, mod(-this.y));
|
|
3028
|
-
}
|
|
3029
|
-
double() {
|
|
3030
|
-
return JacobianPoint.fromAffine(this).double().toAffine();
|
|
3031
|
-
}
|
|
3032
|
-
add(other) {
|
|
3033
|
-
return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
|
|
3034
|
-
}
|
|
3035
|
-
subtract(other) {
|
|
3036
|
-
return this.add(other.negate());
|
|
3037
|
-
}
|
|
3038
|
-
multiply(scalar) {
|
|
3039
|
-
return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
|
|
3040
|
-
}
|
|
3041
|
-
multiplyAndAddUnsafe(Q, a, b) {
|
|
3042
|
-
const P = JacobianPoint.fromAffine(this);
|
|
3043
|
-
const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
|
|
3044
|
-
const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
|
|
3045
|
-
const sum = aP.add(bQ);
|
|
3046
|
-
return sum.equals(JacobianPoint.ZERO) ? void 0 : sum.toAffine();
|
|
3047
|
-
}
|
|
3048
|
-
};
|
|
3049
|
-
Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
|
|
3050
|
-
Point.ZERO = new Point(_0n, _0n);
|
|
3051
|
-
function sliceDER(s) {
|
|
3052
|
-
return Number.parseInt(s[0], 16) >= 8 ? "00" + s : s;
|
|
3053
|
-
}
|
|
3054
|
-
function parseDERInt(data) {
|
|
3055
|
-
if (data.length < 2 || data[0] !== 2) {
|
|
3056
|
-
throw new Error(`Invalid signature integer tag: ${bytesToHex(data)}`);
|
|
3057
|
-
}
|
|
3058
|
-
const len = data[1];
|
|
3059
|
-
const res = data.subarray(2, len + 2);
|
|
3060
|
-
if (!len || res.length !== len) {
|
|
3061
|
-
throw new Error(`Invalid signature integer: wrong length`);
|
|
3062
|
-
}
|
|
3063
|
-
if (res[0] === 0 && res[1] <= 127) {
|
|
3064
|
-
throw new Error("Invalid signature integer: trailing length");
|
|
3065
|
-
}
|
|
3066
|
-
return { data: bytesToNumber(res), left: data.subarray(len + 2) };
|
|
3067
|
-
}
|
|
3068
|
-
function parseDERSignature(data) {
|
|
3069
|
-
if (data.length < 2 || data[0] != 48) {
|
|
3070
|
-
throw new Error(`Invalid signature tag: ${bytesToHex(data)}`);
|
|
3071
|
-
}
|
|
3072
|
-
if (data[1] !== data.length - 2) {
|
|
3073
|
-
throw new Error("Invalid signature: incorrect length");
|
|
3074
|
-
}
|
|
3075
|
-
const { data: r, left: sBytes } = parseDERInt(data.subarray(2));
|
|
3076
|
-
const { data: s, left: rBytesLeft } = parseDERInt(sBytes);
|
|
3077
|
-
if (rBytesLeft.length) {
|
|
3078
|
-
throw new Error(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
|
|
3079
|
-
}
|
|
3080
|
-
return { r, s };
|
|
3081
|
-
}
|
|
3082
|
-
var Signature = class {
|
|
3083
|
-
constructor(r, s) {
|
|
3084
|
-
this.r = r;
|
|
3085
|
-
this.s = s;
|
|
3086
|
-
this.assertValidity();
|
|
3087
|
-
}
|
|
3088
|
-
static fromCompact(hex) {
|
|
3089
|
-
const arr = hex instanceof Uint8Array;
|
|
3090
|
-
const name2 = "Signature.fromCompact";
|
|
3091
|
-
if (typeof hex !== "string" && !arr)
|
|
3092
|
-
throw new TypeError(`${name2}: Expected string or Uint8Array`);
|
|
3093
|
-
const str = arr ? bytesToHex(hex) : hex;
|
|
3094
|
-
if (str.length !== 128)
|
|
3095
|
-
throw new Error(`${name2}: Expected 64-byte hex`);
|
|
3096
|
-
return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
|
|
3097
|
-
}
|
|
3098
|
-
static fromDER(hex) {
|
|
3099
|
-
const arr = hex instanceof Uint8Array;
|
|
3100
|
-
if (typeof hex !== "string" && !arr)
|
|
3101
|
-
throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
|
|
3102
|
-
const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
|
|
3103
|
-
return new Signature(r, s);
|
|
3104
|
-
}
|
|
3105
|
-
static fromHex(hex) {
|
|
3106
|
-
return this.fromDER(hex);
|
|
3107
|
-
}
|
|
3108
|
-
assertValidity() {
|
|
3109
|
-
const { r, s } = this;
|
|
3110
|
-
if (!isWithinCurveOrder(r))
|
|
3111
|
-
throw new Error("Invalid Signature: r must be 0 < r < n");
|
|
3112
|
-
if (!isWithinCurveOrder(s))
|
|
3113
|
-
throw new Error("Invalid Signature: s must be 0 < s < n");
|
|
3114
|
-
}
|
|
3115
|
-
hasHighS() {
|
|
3116
|
-
const HALF = CURVE.n >> _1n;
|
|
3117
|
-
return this.s > HALF;
|
|
3118
|
-
}
|
|
3119
|
-
normalizeS() {
|
|
3120
|
-
return this.hasHighS() ? new Signature(this.r, CURVE.n - this.s) : this;
|
|
3121
|
-
}
|
|
3122
|
-
toDERRawBytes(isCompressed = false) {
|
|
3123
|
-
return hexToBytes(this.toDERHex(isCompressed));
|
|
3124
|
-
}
|
|
3125
|
-
toDERHex(isCompressed = false) {
|
|
3126
|
-
const sHex = sliceDER(numberToHexUnpadded(this.s));
|
|
3127
|
-
if (isCompressed)
|
|
3128
|
-
return sHex;
|
|
3129
|
-
const rHex = sliceDER(numberToHexUnpadded(this.r));
|
|
3130
|
-
const rLen = numberToHexUnpadded(rHex.length / 2);
|
|
3131
|
-
const sLen = numberToHexUnpadded(sHex.length / 2);
|
|
3132
|
-
const length2 = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
|
|
3133
|
-
return `30${length2}02${rLen}${rHex}02${sLen}${sHex}`;
|
|
3134
|
-
}
|
|
3135
|
-
toRawBytes() {
|
|
3136
|
-
return this.toDERRawBytes();
|
|
3137
|
-
}
|
|
3138
|
-
toHex() {
|
|
3139
|
-
return this.toDERHex();
|
|
3140
|
-
}
|
|
3141
|
-
toCompactRawBytes() {
|
|
3142
|
-
return hexToBytes(this.toCompactHex());
|
|
3143
|
-
}
|
|
3144
|
-
toCompactHex() {
|
|
3145
|
-
return numTo32bStr(this.r) + numTo32bStr(this.s);
|
|
3146
|
-
}
|
|
3147
|
-
};
|
|
3148
|
-
function concatBytes(...arrays) {
|
|
3149
|
-
if (!arrays.every((b) => b instanceof Uint8Array))
|
|
3150
|
-
throw new Error("Uint8Array list expected");
|
|
3151
|
-
if (arrays.length === 1)
|
|
3152
|
-
return arrays[0];
|
|
3153
|
-
const length2 = arrays.reduce((a, arr) => a + arr.length, 0);
|
|
3154
|
-
const result = new Uint8Array(length2);
|
|
3155
|
-
for (let i = 0, pad = 0; i < arrays.length; i++) {
|
|
3156
|
-
const arr = arrays[i];
|
|
3157
|
-
result.set(arr, pad);
|
|
3158
|
-
pad += arr.length;
|
|
3159
|
-
}
|
|
3160
|
-
return result;
|
|
3161
|
-
}
|
|
3162
|
-
var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, "0"));
|
|
3163
|
-
function bytesToHex(uint8a) {
|
|
3164
|
-
if (!(uint8a instanceof Uint8Array))
|
|
3165
|
-
throw new Error("Expected Uint8Array");
|
|
3166
|
-
let hex = "";
|
|
3167
|
-
for (let i = 0; i < uint8a.length; i++) {
|
|
3168
|
-
hex += hexes[uint8a[i]];
|
|
3169
|
-
}
|
|
3170
|
-
return hex;
|
|
3171
|
-
}
|
|
3172
|
-
var POW_2_256 = BigInt("0x10000000000000000000000000000000000000000000000000000000000000000");
|
|
3173
|
-
function numTo32bStr(num) {
|
|
3174
|
-
if (typeof num !== "bigint")
|
|
3175
|
-
throw new Error("Expected bigint");
|
|
3176
|
-
if (!(_0n <= num && num < POW_2_256))
|
|
3177
|
-
throw new Error("Expected number < 2^256");
|
|
3178
|
-
return num.toString(16).padStart(64, "0");
|
|
3179
|
-
}
|
|
3180
|
-
function numTo32b(num) {
|
|
3181
|
-
const b = hexToBytes(numTo32bStr(num));
|
|
3182
|
-
if (b.length !== 32)
|
|
3183
|
-
throw new Error("Error: expected 32 bytes");
|
|
3184
|
-
return b;
|
|
3185
|
-
}
|
|
3186
|
-
function numberToHexUnpadded(num) {
|
|
3187
|
-
const hex = num.toString(16);
|
|
3188
|
-
return hex.length & 1 ? `0${hex}` : hex;
|
|
1576
|
+
};
|
|
1577
|
+
for (const [fieldName, type] of Object.entries(validators))
|
|
1578
|
+
checkField(fieldName, type, false);
|
|
1579
|
+
for (const [fieldName, type] of Object.entries(optValidators))
|
|
1580
|
+
checkField(fieldName, type, true);
|
|
1581
|
+
return object;
|
|
3189
1582
|
}
|
|
3190
|
-
|
|
3191
|
-
|
|
3192
|
-
|
|
3193
|
-
|
|
3194
|
-
|
|
1583
|
+
|
|
1584
|
+
// ../../node_modules/@noble/curves/esm/abstract/modular.js
|
|
1585
|
+
var _0n2 = BigInt(0);
|
|
1586
|
+
var _1n2 = BigInt(1);
|
|
1587
|
+
var _2n2 = BigInt(2);
|
|
1588
|
+
var _3n = BigInt(3);
|
|
1589
|
+
var _4n = BigInt(4);
|
|
1590
|
+
var _5n = BigInt(5);
|
|
1591
|
+
var _8n = BigInt(8);
|
|
1592
|
+
var _9n = BigInt(9);
|
|
1593
|
+
var _16n = BigInt(16);
|
|
1594
|
+
function mod(a, b) {
|
|
1595
|
+
const result = a % b;
|
|
1596
|
+
return result >= _0n2 ? result : b + result;
|
|
3195
1597
|
}
|
|
3196
|
-
function
|
|
3197
|
-
if (
|
|
3198
|
-
throw new
|
|
3199
|
-
|
|
3200
|
-
|
|
3201
|
-
|
|
3202
|
-
|
|
3203
|
-
|
|
3204
|
-
|
|
3205
|
-
|
|
3206
|
-
|
|
3207
|
-
if (Number.isNaN(byte) || byte < 0)
|
|
3208
|
-
throw new Error("Invalid byte sequence");
|
|
3209
|
-
array[i] = byte;
|
|
1598
|
+
function pow(num, power, modulo) {
|
|
1599
|
+
if (modulo <= _0n2 || power < _0n2)
|
|
1600
|
+
throw new Error("Expected power/modulo > 0");
|
|
1601
|
+
if (modulo === _1n2)
|
|
1602
|
+
return _0n2;
|
|
1603
|
+
let res = _1n2;
|
|
1604
|
+
while (power > _0n2) {
|
|
1605
|
+
if (power & _1n2)
|
|
1606
|
+
res = res * num % modulo;
|
|
1607
|
+
num = num * num % modulo;
|
|
1608
|
+
power >>= _1n2;
|
|
3210
1609
|
}
|
|
3211
|
-
return
|
|
3212
|
-
}
|
|
3213
|
-
function bytesToNumber(bytes) {
|
|
3214
|
-
return hexToNumber(bytesToHex(bytes));
|
|
3215
|
-
}
|
|
3216
|
-
function ensureBytes(hex) {
|
|
3217
|
-
return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
|
|
3218
|
-
}
|
|
3219
|
-
function normalizeScalar(num) {
|
|
3220
|
-
if (typeof num === "number" && Number.isSafeInteger(num) && num > 0)
|
|
3221
|
-
return BigInt(num);
|
|
3222
|
-
if (typeof num === "bigint" && isWithinCurveOrder(num))
|
|
3223
|
-
return num;
|
|
3224
|
-
throw new TypeError("Expected valid private scalar: 0 < scalar < curve.n");
|
|
3225
|
-
}
|
|
3226
|
-
function mod(a, b = CURVE.P) {
|
|
3227
|
-
const result = a % b;
|
|
3228
|
-
return result >= _0n ? result : b + result;
|
|
1610
|
+
return res;
|
|
3229
1611
|
}
|
|
3230
|
-
function pow2(x, power) {
|
|
3231
|
-
const { P } = CURVE;
|
|
1612
|
+
function pow2(x, power, modulo) {
|
|
3232
1613
|
let res = x;
|
|
3233
|
-
while (power-- >
|
|
1614
|
+
while (power-- > _0n2) {
|
|
3234
1615
|
res *= res;
|
|
3235
|
-
res %=
|
|
1616
|
+
res %= modulo;
|
|
3236
1617
|
}
|
|
3237
1618
|
return res;
|
|
3238
1619
|
}
|
|
3239
|
-
function
|
|
3240
|
-
|
|
3241
|
-
|
|
3242
|
-
const _11n = BigInt(11);
|
|
3243
|
-
const _22n = BigInt(22);
|
|
3244
|
-
const _23n = BigInt(23);
|
|
3245
|
-
const _44n = BigInt(44);
|
|
3246
|
-
const _88n = BigInt(88);
|
|
3247
|
-
const b2 = x * x * x % P;
|
|
3248
|
-
const b3 = b2 * b2 * x % P;
|
|
3249
|
-
const b6 = pow2(b3, _3n) * b3 % P;
|
|
3250
|
-
const b9 = pow2(b6, _3n) * b3 % P;
|
|
3251
|
-
const b11 = pow2(b9, _2n) * b2 % P;
|
|
3252
|
-
const b22 = pow2(b11, _11n) * b11 % P;
|
|
3253
|
-
const b44 = pow2(b22, _22n) * b22 % P;
|
|
3254
|
-
const b88 = pow2(b44, _44n) * b44 % P;
|
|
3255
|
-
const b176 = pow2(b88, _88n) * b88 % P;
|
|
3256
|
-
const b220 = pow2(b176, _44n) * b44 % P;
|
|
3257
|
-
const b223 = pow2(b220, _3n) * b3 % P;
|
|
3258
|
-
const t1 = pow2(b223, _23n) * b22 % P;
|
|
3259
|
-
const t2 = pow2(t1, _6n) * b2 % P;
|
|
3260
|
-
return pow2(t2, _2n);
|
|
3261
|
-
}
|
|
3262
|
-
function invert(number, modulo = CURVE.P) {
|
|
3263
|
-
if (number === _0n || modulo <= _0n) {
|
|
3264
|
-
throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
|
|
1620
|
+
function invert(number2, modulo) {
|
|
1621
|
+
if (number2 === _0n2 || modulo <= _0n2) {
|
|
1622
|
+
throw new Error(`invert: expected positive integers, got n=${number2} mod=${modulo}`);
|
|
3265
1623
|
}
|
|
3266
|
-
let a = mod(
|
|
1624
|
+
let a = mod(number2, modulo);
|
|
3267
1625
|
let b = modulo;
|
|
3268
|
-
let x =
|
|
3269
|
-
while (a !==
|
|
1626
|
+
let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
|
|
1627
|
+
while (a !== _0n2) {
|
|
3270
1628
|
const q = b / a;
|
|
3271
1629
|
const r = b % a;
|
|
3272
1630
|
const m = x - u * q;
|
|
@@ -3274,440 +1632,1427 @@ function invert(number, modulo = CURVE.P) {
|
|
|
3274
1632
|
b = a, a = r, x = u, y = v, u = m, v = n;
|
|
3275
1633
|
}
|
|
3276
1634
|
const gcd = b;
|
|
3277
|
-
if (gcd !==
|
|
1635
|
+
if (gcd !== _1n2)
|
|
3278
1636
|
throw new Error("invert: does not exist");
|
|
3279
1637
|
return mod(x, modulo);
|
|
3280
1638
|
}
|
|
3281
|
-
function
|
|
3282
|
-
const
|
|
3283
|
-
|
|
3284
|
-
|
|
3285
|
-
|
|
3286
|
-
|
|
3287
|
-
|
|
3288
|
-
|
|
3289
|
-
|
|
3290
|
-
|
|
3291
|
-
|
|
3292
|
-
|
|
3293
|
-
|
|
3294
|
-
|
|
3295
|
-
|
|
3296
|
-
return scratch;
|
|
3297
|
-
}
|
|
3298
|
-
var divNearest = (a, b) => (a + b / _2n) / b;
|
|
3299
|
-
var ENDO = {
|
|
3300
|
-
a1: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
|
|
3301
|
-
b1: -_1n * BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),
|
|
3302
|
-
a2: BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),
|
|
3303
|
-
b2: BigInt("0x3086d221a7d46bcde86c90e49284eb15"),
|
|
3304
|
-
POW_2_128: BigInt("0x100000000000000000000000000000000")
|
|
3305
|
-
};
|
|
3306
|
-
function splitScalarEndo(k) {
|
|
3307
|
-
const { n } = CURVE;
|
|
3308
|
-
const { a1, b1, a2, b2, POW_2_128 } = ENDO;
|
|
3309
|
-
const c1 = divNearest(b2 * k, n);
|
|
3310
|
-
const c2 = divNearest(-b1 * k, n);
|
|
3311
|
-
let k1 = mod(k - c1 * a1 - c2 * a2, n);
|
|
3312
|
-
let k2 = mod(-c1 * b1 - c2 * b2, n);
|
|
3313
|
-
const k1neg = k1 > POW_2_128;
|
|
3314
|
-
const k2neg = k2 > POW_2_128;
|
|
3315
|
-
if (k1neg)
|
|
3316
|
-
k1 = n - k1;
|
|
3317
|
-
if (k2neg)
|
|
3318
|
-
k2 = n - k2;
|
|
3319
|
-
if (k1 > POW_2_128 || k2 > POW_2_128) {
|
|
3320
|
-
throw new Error("splitScalarEndo: Endomorphism failed, k=" + k);
|
|
3321
|
-
}
|
|
3322
|
-
return { k1neg, k1, k2neg, k2 };
|
|
3323
|
-
}
|
|
3324
|
-
function truncateHash(hash) {
|
|
3325
|
-
const { n } = CURVE;
|
|
3326
|
-
const byteLength = hash.length;
|
|
3327
|
-
const delta = byteLength * 8 - 256;
|
|
3328
|
-
let h = bytesToNumber(hash);
|
|
3329
|
-
if (delta > 0)
|
|
3330
|
-
h = h >> BigInt(delta);
|
|
3331
|
-
if (h >= n)
|
|
3332
|
-
h -= n;
|
|
3333
|
-
return h;
|
|
3334
|
-
}
|
|
3335
|
-
var _sha256Sync;
|
|
3336
|
-
var _hmacSha256Sync;
|
|
3337
|
-
var HmacDrbg = class {
|
|
3338
|
-
constructor() {
|
|
3339
|
-
this.v = new Uint8Array(32).fill(1);
|
|
3340
|
-
this.k = new Uint8Array(32).fill(0);
|
|
3341
|
-
this.counter = 0;
|
|
3342
|
-
}
|
|
3343
|
-
hmac(...values) {
|
|
3344
|
-
return utils.hmacSha256(this.k, ...values);
|
|
3345
|
-
}
|
|
3346
|
-
hmacSync(...values) {
|
|
3347
|
-
return _hmacSha256Sync(this.k, ...values);
|
|
3348
|
-
}
|
|
3349
|
-
checkSync() {
|
|
3350
|
-
if (typeof _hmacSha256Sync !== "function")
|
|
3351
|
-
throw new ShaError("hmacSha256Sync needs to be set");
|
|
3352
|
-
}
|
|
3353
|
-
incr() {
|
|
3354
|
-
if (this.counter >= 1e3)
|
|
3355
|
-
throw new Error("Tried 1,000 k values for sign(), all were invalid");
|
|
3356
|
-
this.counter += 1;
|
|
3357
|
-
}
|
|
3358
|
-
async reseed(seed = new Uint8Array()) {
|
|
3359
|
-
this.k = await this.hmac(this.v, Uint8Array.from([0]), seed);
|
|
3360
|
-
this.v = await this.hmac(this.v);
|
|
3361
|
-
if (seed.length === 0)
|
|
3362
|
-
return;
|
|
3363
|
-
this.k = await this.hmac(this.v, Uint8Array.from([1]), seed);
|
|
3364
|
-
this.v = await this.hmac(this.v);
|
|
3365
|
-
}
|
|
3366
|
-
reseedSync(seed = new Uint8Array()) {
|
|
3367
|
-
this.checkSync();
|
|
3368
|
-
this.k = this.hmacSync(this.v, Uint8Array.from([0]), seed);
|
|
3369
|
-
this.v = this.hmacSync(this.v);
|
|
3370
|
-
if (seed.length === 0)
|
|
3371
|
-
return;
|
|
3372
|
-
this.k = this.hmacSync(this.v, Uint8Array.from([1]), seed);
|
|
3373
|
-
this.v = this.hmacSync(this.v);
|
|
1639
|
+
function tonelliShanks(P) {
|
|
1640
|
+
const legendreC = (P - _1n2) / _2n2;
|
|
1641
|
+
let Q, S, Z;
|
|
1642
|
+
for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
|
|
1643
|
+
;
|
|
1644
|
+
for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++)
|
|
1645
|
+
;
|
|
1646
|
+
if (S === 1) {
|
|
1647
|
+
const p1div4 = (P + _1n2) / _4n;
|
|
1648
|
+
return function tonelliFast(Fp3, n) {
|
|
1649
|
+
const root = Fp3.pow(n, p1div4);
|
|
1650
|
+
if (!Fp3.eql(Fp3.sqr(root), n))
|
|
1651
|
+
throw new Error("Cannot find square root");
|
|
1652
|
+
return root;
|
|
1653
|
+
};
|
|
3374
1654
|
}
|
|
3375
|
-
|
|
3376
|
-
|
|
3377
|
-
|
|
3378
|
-
|
|
1655
|
+
const Q1div2 = (Q + _1n2) / _2n2;
|
|
1656
|
+
return function tonelliSlow(Fp3, n) {
|
|
1657
|
+
if (Fp3.pow(n, legendreC) === Fp3.neg(Fp3.ONE))
|
|
1658
|
+
throw new Error("Cannot find square root");
|
|
1659
|
+
let r = S;
|
|
1660
|
+
let g = Fp3.pow(Fp3.mul(Fp3.ONE, Z), Q);
|
|
1661
|
+
let x = Fp3.pow(n, Q1div2);
|
|
1662
|
+
let b = Fp3.pow(n, Q);
|
|
1663
|
+
while (!Fp3.eql(b, Fp3.ONE)) {
|
|
1664
|
+
if (Fp3.eql(b, Fp3.ZERO))
|
|
1665
|
+
return Fp3.ZERO;
|
|
1666
|
+
let m = 1;
|
|
1667
|
+
for (let t2 = Fp3.sqr(b); m < r; m++) {
|
|
1668
|
+
if (Fp3.eql(t2, Fp3.ONE))
|
|
1669
|
+
break;
|
|
1670
|
+
t2 = Fp3.sqr(t2);
|
|
1671
|
+
}
|
|
1672
|
+
const ge = Fp3.pow(g, _1n2 << BigInt(r - m - 1));
|
|
1673
|
+
g = Fp3.sqr(ge);
|
|
1674
|
+
x = Fp3.mul(x, ge);
|
|
1675
|
+
b = Fp3.mul(b, g);
|
|
1676
|
+
r = m;
|
|
1677
|
+
}
|
|
1678
|
+
return x;
|
|
1679
|
+
};
|
|
1680
|
+
}
|
|
1681
|
+
function FpSqrt(P) {
|
|
1682
|
+
if (P % _4n === _3n) {
|
|
1683
|
+
const p1div4 = (P + _1n2) / _4n;
|
|
1684
|
+
return function sqrt3mod4(Fp3, n) {
|
|
1685
|
+
const root = Fp3.pow(n, p1div4);
|
|
1686
|
+
if (!Fp3.eql(Fp3.sqr(root), n))
|
|
1687
|
+
throw new Error("Cannot find square root");
|
|
1688
|
+
return root;
|
|
1689
|
+
};
|
|
3379
1690
|
}
|
|
3380
|
-
|
|
3381
|
-
|
|
3382
|
-
|
|
3383
|
-
|
|
3384
|
-
|
|
1691
|
+
if (P % _8n === _5n) {
|
|
1692
|
+
const c1 = (P - _5n) / _8n;
|
|
1693
|
+
return function sqrt5mod8(Fp3, n) {
|
|
1694
|
+
const n2 = Fp3.mul(n, _2n2);
|
|
1695
|
+
const v = Fp3.pow(n2, c1);
|
|
1696
|
+
const nv = Fp3.mul(n, v);
|
|
1697
|
+
const i = Fp3.mul(Fp3.mul(nv, _2n2), v);
|
|
1698
|
+
const root = Fp3.mul(nv, Fp3.sub(i, Fp3.ONE));
|
|
1699
|
+
if (!Fp3.eql(Fp3.sqr(root), n))
|
|
1700
|
+
throw new Error("Cannot find square root");
|
|
1701
|
+
return root;
|
|
1702
|
+
};
|
|
3385
1703
|
}
|
|
3386
|
-
|
|
3387
|
-
function isWithinCurveOrder(num) {
|
|
3388
|
-
return _0n < num && num < CURVE.n;
|
|
3389
|
-
}
|
|
3390
|
-
function isValidFieldElement(num) {
|
|
3391
|
-
return _0n < num && num < CURVE.P;
|
|
3392
|
-
}
|
|
3393
|
-
function kmdToSig(kBytes, m, d) {
|
|
3394
|
-
const k = bytesToNumber(kBytes);
|
|
3395
|
-
if (!isWithinCurveOrder(k))
|
|
3396
|
-
return;
|
|
3397
|
-
const { n } = CURVE;
|
|
3398
|
-
const q = Point.BASE.multiply(k);
|
|
3399
|
-
const r = mod(q.x, n);
|
|
3400
|
-
if (r === _0n)
|
|
3401
|
-
return;
|
|
3402
|
-
const s = mod(invert(k, n) * mod(m + d * r, n), n);
|
|
3403
|
-
if (s === _0n)
|
|
3404
|
-
return;
|
|
3405
|
-
const sig = new Signature(r, s);
|
|
3406
|
-
const recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
|
|
3407
|
-
return { sig, recovery };
|
|
3408
|
-
}
|
|
3409
|
-
function normalizePrivateKey(key) {
|
|
3410
|
-
let num;
|
|
3411
|
-
if (typeof key === "bigint") {
|
|
3412
|
-
num = key;
|
|
3413
|
-
} else if (typeof key === "number" && Number.isSafeInteger(key) && key > 0) {
|
|
3414
|
-
num = BigInt(key);
|
|
3415
|
-
} else if (typeof key === "string") {
|
|
3416
|
-
if (key.length !== 64)
|
|
3417
|
-
throw new Error("Expected 32 bytes of private key");
|
|
3418
|
-
num = hexToNumber(key);
|
|
3419
|
-
} else if (key instanceof Uint8Array) {
|
|
3420
|
-
if (key.length !== 32)
|
|
3421
|
-
throw new Error("Expected 32 bytes of private key");
|
|
3422
|
-
num = bytesToNumber(key);
|
|
3423
|
-
} else {
|
|
3424
|
-
throw new TypeError("Expected valid private key");
|
|
1704
|
+
if (P % _16n === _9n) {
|
|
3425
1705
|
}
|
|
3426
|
-
|
|
3427
|
-
throw new Error("Expected private key: 0 < key < n");
|
|
3428
|
-
return num;
|
|
1706
|
+
return tonelliShanks(P);
|
|
3429
1707
|
}
|
|
3430
|
-
|
|
3431
|
-
|
|
3432
|
-
|
|
3433
|
-
|
|
3434
|
-
|
|
3435
|
-
|
|
3436
|
-
|
|
1708
|
+
var FIELD_FIELDS = [
|
|
1709
|
+
"create",
|
|
1710
|
+
"isValid",
|
|
1711
|
+
"is0",
|
|
1712
|
+
"neg",
|
|
1713
|
+
"inv",
|
|
1714
|
+
"sqrt",
|
|
1715
|
+
"sqr",
|
|
1716
|
+
"eql",
|
|
1717
|
+
"add",
|
|
1718
|
+
"sub",
|
|
1719
|
+
"mul",
|
|
1720
|
+
"pow",
|
|
1721
|
+
"div",
|
|
1722
|
+
"addN",
|
|
1723
|
+
"subN",
|
|
1724
|
+
"mulN",
|
|
1725
|
+
"sqrN"
|
|
1726
|
+
];
|
|
1727
|
+
function validateField(field) {
|
|
1728
|
+
const initial = {
|
|
1729
|
+
ORDER: "bigint",
|
|
1730
|
+
MASK: "bigint",
|
|
1731
|
+
BYTES: "isSafeInteger",
|
|
1732
|
+
BITS: "isSafeInteger"
|
|
1733
|
+
};
|
|
1734
|
+
const opts = FIELD_FIELDS.reduce((map, val) => {
|
|
1735
|
+
map[val] = "function";
|
|
1736
|
+
return map;
|
|
1737
|
+
}, initial);
|
|
1738
|
+
return validateObject(field, opts);
|
|
3437
1739
|
}
|
|
3438
|
-
function
|
|
3439
|
-
if (
|
|
3440
|
-
|
|
3441
|
-
|
|
3442
|
-
|
|
3443
|
-
|
|
3444
|
-
return
|
|
3445
|
-
|
|
3446
|
-
|
|
1740
|
+
function FpPow(f, num, power) {
|
|
1741
|
+
if (power < _0n2)
|
|
1742
|
+
throw new Error("Expected power > 0");
|
|
1743
|
+
if (power === _0n2)
|
|
1744
|
+
return f.ONE;
|
|
1745
|
+
if (power === _1n2)
|
|
1746
|
+
return num;
|
|
1747
|
+
let p = f.ONE;
|
|
1748
|
+
let d = num;
|
|
1749
|
+
while (power > _0n2) {
|
|
1750
|
+
if (power & _1n2)
|
|
1751
|
+
p = f.mul(p, d);
|
|
1752
|
+
d = f.sqr(d);
|
|
1753
|
+
power >>= _1n2;
|
|
3447
1754
|
}
|
|
1755
|
+
return p;
|
|
3448
1756
|
}
|
|
3449
|
-
function
|
|
3450
|
-
|
|
3451
|
-
|
|
3452
|
-
|
|
3453
|
-
|
|
3454
|
-
|
|
1757
|
+
function FpInvertBatch(f, nums) {
|
|
1758
|
+
const tmp = new Array(nums.length);
|
|
1759
|
+
const lastMultiplied = nums.reduce((acc, num, i) => {
|
|
1760
|
+
if (f.is0(num))
|
|
1761
|
+
return acc;
|
|
1762
|
+
tmp[i] = acc;
|
|
1763
|
+
return f.mul(acc, num);
|
|
1764
|
+
}, f.ONE);
|
|
1765
|
+
const inverted = f.inv(lastMultiplied);
|
|
1766
|
+
nums.reduceRight((acc, num, i) => {
|
|
1767
|
+
if (f.is0(num))
|
|
1768
|
+
return acc;
|
|
1769
|
+
tmp[i] = f.mul(acc, tmp[i]);
|
|
1770
|
+
return f.mul(acc, num);
|
|
1771
|
+
}, inverted);
|
|
1772
|
+
return tmp;
|
|
3455
1773
|
}
|
|
3456
|
-
function
|
|
3457
|
-
const
|
|
3458
|
-
const
|
|
3459
|
-
return
|
|
1774
|
+
function nLength(n, nBitLength) {
|
|
1775
|
+
const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
|
|
1776
|
+
const nByteLength = Math.ceil(_nBitLength / 8);
|
|
1777
|
+
return { nBitLength: _nBitLength, nByteLength };
|
|
3460
1778
|
}
|
|
3461
|
-
function
|
|
3462
|
-
|
|
1779
|
+
function Field(ORDER, bitLen2, isLE2 = false, redef = {}) {
|
|
1780
|
+
if (ORDER <= _0n2)
|
|
1781
|
+
throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);
|
|
1782
|
+
const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
|
|
1783
|
+
if (BYTES > 2048)
|
|
1784
|
+
throw new Error("Field lengths over 2048 bytes are not supported");
|
|
1785
|
+
const sqrtP = FpSqrt(ORDER);
|
|
1786
|
+
const f = Object.freeze({
|
|
1787
|
+
ORDER,
|
|
1788
|
+
BITS,
|
|
1789
|
+
BYTES,
|
|
1790
|
+
MASK: bitMask(BITS),
|
|
1791
|
+
ZERO: _0n2,
|
|
1792
|
+
ONE: _1n2,
|
|
1793
|
+
create: (num) => mod(num, ORDER),
|
|
1794
|
+
isValid: (num) => {
|
|
1795
|
+
if (typeof num !== "bigint")
|
|
1796
|
+
throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
|
|
1797
|
+
return _0n2 <= num && num < ORDER;
|
|
1798
|
+
},
|
|
1799
|
+
is0: (num) => num === _0n2,
|
|
1800
|
+
isOdd: (num) => (num & _1n2) === _1n2,
|
|
1801
|
+
neg: (num) => mod(-num, ORDER),
|
|
1802
|
+
eql: (lhs, rhs) => lhs === rhs,
|
|
1803
|
+
sqr: (num) => mod(num * num, ORDER),
|
|
1804
|
+
add: (lhs, rhs) => mod(lhs + rhs, ORDER),
|
|
1805
|
+
sub: (lhs, rhs) => mod(lhs - rhs, ORDER),
|
|
1806
|
+
mul: (lhs, rhs) => mod(lhs * rhs, ORDER),
|
|
1807
|
+
pow: (num, power) => FpPow(f, num, power),
|
|
1808
|
+
div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),
|
|
1809
|
+
sqrN: (num) => num * num,
|
|
1810
|
+
addN: (lhs, rhs) => lhs + rhs,
|
|
1811
|
+
subN: (lhs, rhs) => lhs - rhs,
|
|
1812
|
+
mulN: (lhs, rhs) => lhs * rhs,
|
|
1813
|
+
inv: (num) => invert(num, ORDER),
|
|
1814
|
+
sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
|
|
1815
|
+
invertBatch: (lst) => FpInvertBatch(f, lst),
|
|
1816
|
+
cmov: (a, b, c) => c ? b : a,
|
|
1817
|
+
toBytes: (num) => isLE2 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES),
|
|
1818
|
+
fromBytes: (bytes2) => {
|
|
1819
|
+
if (bytes2.length !== BYTES)
|
|
1820
|
+
throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes2.length}`);
|
|
1821
|
+
return isLE2 ? bytesToNumberLE(bytes2) : bytesToNumberBE(bytes2);
|
|
1822
|
+
}
|
|
1823
|
+
});
|
|
1824
|
+
return Object.freeze(f);
|
|
3463
1825
|
}
|
|
3464
|
-
function
|
|
3465
|
-
|
|
3466
|
-
|
|
3467
|
-
const
|
|
3468
|
-
|
|
3469
|
-
|
|
3470
|
-
|
|
3471
|
-
|
|
3472
|
-
extraEntropy = utils.randomBytes(32);
|
|
3473
|
-
const e = ensureBytes(extraEntropy);
|
|
3474
|
-
if (e.length !== 32)
|
|
3475
|
-
throw new Error("sign: Expected 32 bytes of extra data");
|
|
3476
|
-
seedArgs.push(e);
|
|
3477
|
-
}
|
|
3478
|
-
const seed = concatBytes(...seedArgs);
|
|
3479
|
-
const m = bits2int(h1);
|
|
3480
|
-
return { seed, m, d };
|
|
1826
|
+
function hashToPrivateScalar(hash2, groupOrder, isLE2 = false) {
|
|
1827
|
+
hash2 = ensureBytes("privateHash", hash2);
|
|
1828
|
+
const hashLen = hash2.length;
|
|
1829
|
+
const minLen = nLength(groupOrder).nByteLength + 8;
|
|
1830
|
+
if (minLen < 24 || hashLen < minLen || hashLen > 1024)
|
|
1831
|
+
throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);
|
|
1832
|
+
const num = isLE2 ? bytesToNumberLE(hash2) : bytesToNumberBE(hash2);
|
|
1833
|
+
return mod(num, groupOrder - _1n2) + _1n2;
|
|
3481
1834
|
}
|
|
3482
|
-
|
|
3483
|
-
|
|
3484
|
-
|
|
3485
|
-
|
|
3486
|
-
|
|
3487
|
-
|
|
3488
|
-
|
|
3489
|
-
|
|
3490
|
-
|
|
1835
|
+
|
|
1836
|
+
// ../../node_modules/@noble/curves/esm/abstract/curve.js
|
|
1837
|
+
var _0n3 = BigInt(0);
|
|
1838
|
+
var _1n3 = BigInt(1);
|
|
1839
|
+
function wNAF(c, bits) {
|
|
1840
|
+
const constTimeNegate = (condition, item) => {
|
|
1841
|
+
const neg = item.negate();
|
|
1842
|
+
return condition ? neg : item;
|
|
1843
|
+
};
|
|
1844
|
+
const opts = (W) => {
|
|
1845
|
+
const windows = Math.ceil(bits / W) + 1;
|
|
1846
|
+
const windowSize = 2 ** (W - 1);
|
|
1847
|
+
return { windows, windowSize };
|
|
1848
|
+
};
|
|
1849
|
+
return {
|
|
1850
|
+
constTimeNegate,
|
|
1851
|
+
unsafeLadder(elm, n) {
|
|
1852
|
+
let p = c.ZERO;
|
|
1853
|
+
let d = elm;
|
|
1854
|
+
while (n > _0n3) {
|
|
1855
|
+
if (n & _1n3)
|
|
1856
|
+
p = p.add(d);
|
|
1857
|
+
d = d.double();
|
|
1858
|
+
n >>= _1n3;
|
|
1859
|
+
}
|
|
1860
|
+
return p;
|
|
1861
|
+
},
|
|
1862
|
+
precomputeWindow(elm, W) {
|
|
1863
|
+
const { windows, windowSize } = opts(W);
|
|
1864
|
+
const points = [];
|
|
1865
|
+
let p = elm;
|
|
1866
|
+
let base3 = p;
|
|
1867
|
+
for (let window = 0; window < windows; window++) {
|
|
1868
|
+
base3 = p;
|
|
1869
|
+
points.push(base3);
|
|
1870
|
+
for (let i = 1; i < windowSize; i++) {
|
|
1871
|
+
base3 = base3.add(p);
|
|
1872
|
+
points.push(base3);
|
|
1873
|
+
}
|
|
1874
|
+
p = base3.double();
|
|
1875
|
+
}
|
|
1876
|
+
return points;
|
|
1877
|
+
},
|
|
1878
|
+
wNAF(W, precomputes, n) {
|
|
1879
|
+
const { windows, windowSize } = opts(W);
|
|
1880
|
+
let p = c.ZERO;
|
|
1881
|
+
let f = c.BASE;
|
|
1882
|
+
const mask = BigInt(2 ** W - 1);
|
|
1883
|
+
const maxNumber = 2 ** W;
|
|
1884
|
+
const shiftBy = BigInt(W);
|
|
1885
|
+
for (let window = 0; window < windows; window++) {
|
|
1886
|
+
const offset = window * windowSize;
|
|
1887
|
+
let wbits = Number(n & mask);
|
|
1888
|
+
n >>= shiftBy;
|
|
1889
|
+
if (wbits > windowSize) {
|
|
1890
|
+
wbits -= maxNumber;
|
|
1891
|
+
n += _1n3;
|
|
1892
|
+
}
|
|
1893
|
+
const offset1 = offset;
|
|
1894
|
+
const offset2 = offset + Math.abs(wbits) - 1;
|
|
1895
|
+
const cond1 = window % 2 !== 0;
|
|
1896
|
+
const cond2 = wbits < 0;
|
|
1897
|
+
if (wbits === 0) {
|
|
1898
|
+
f = f.add(constTimeNegate(cond1, precomputes[offset1]));
|
|
1899
|
+
} else {
|
|
1900
|
+
p = p.add(constTimeNegate(cond2, precomputes[offset2]));
|
|
1901
|
+
}
|
|
1902
|
+
}
|
|
1903
|
+
return { p, f };
|
|
1904
|
+
},
|
|
1905
|
+
wNAFCached(P, precomputesMap, n, transform) {
|
|
1906
|
+
const W = P._WINDOW_SIZE || 1;
|
|
1907
|
+
let comp = precomputesMap.get(P);
|
|
1908
|
+
if (!comp) {
|
|
1909
|
+
comp = this.precomputeWindow(P, W);
|
|
1910
|
+
if (W !== 1) {
|
|
1911
|
+
precomputesMap.set(P, transform(comp));
|
|
1912
|
+
}
|
|
1913
|
+
}
|
|
1914
|
+
return this.wNAF(W, comp, n);
|
|
1915
|
+
}
|
|
1916
|
+
};
|
|
3491
1917
|
}
|
|
3492
|
-
|
|
3493
|
-
|
|
3494
|
-
|
|
3495
|
-
|
|
3496
|
-
|
|
3497
|
-
|
|
3498
|
-
|
|
3499
|
-
|
|
1918
|
+
function validateBasic(curve) {
|
|
1919
|
+
validateField(curve.Fp);
|
|
1920
|
+
validateObject(curve, {
|
|
1921
|
+
n: "bigint",
|
|
1922
|
+
h: "bigint",
|
|
1923
|
+
Gx: "field",
|
|
1924
|
+
Gy: "field"
|
|
1925
|
+
}, {
|
|
1926
|
+
nBitLength: "isSafeInteger",
|
|
1927
|
+
nByteLength: "isSafeInteger"
|
|
1928
|
+
});
|
|
1929
|
+
return Object.freeze({
|
|
1930
|
+
...nLength(curve.n, curve.nBitLength),
|
|
1931
|
+
...curve,
|
|
1932
|
+
...{ p: curve.Fp.ORDER }
|
|
1933
|
+
});
|
|
3500
1934
|
}
|
|
3501
|
-
|
|
3502
|
-
|
|
3503
|
-
|
|
3504
|
-
|
|
3505
|
-
|
|
3506
|
-
|
|
3507
|
-
|
|
3508
|
-
|
|
3509
|
-
|
|
3510
|
-
|
|
3511
|
-
|
|
3512
|
-
|
|
3513
|
-
|
|
3514
|
-
|
|
3515
|
-
|
|
3516
|
-
|
|
3517
|
-
}
|
|
3518
|
-
|
|
1935
|
+
|
|
1936
|
+
// ../../node_modules/@noble/curves/esm/abstract/weierstrass.js
|
|
1937
|
+
function validatePointOpts(curve) {
|
|
1938
|
+
const opts = validateBasic(curve);
|
|
1939
|
+
validateObject(opts, {
|
|
1940
|
+
a: "field",
|
|
1941
|
+
b: "field"
|
|
1942
|
+
}, {
|
|
1943
|
+
allowedPrivateKeyLengths: "array",
|
|
1944
|
+
wrapPrivateKey: "boolean",
|
|
1945
|
+
isTorsionFree: "function",
|
|
1946
|
+
clearCofactor: "function",
|
|
1947
|
+
allowInfinityPoint: "boolean",
|
|
1948
|
+
fromBytes: "function",
|
|
1949
|
+
toBytes: "function"
|
|
1950
|
+
});
|
|
1951
|
+
const { endo, Fp: Fp3, a } = opts;
|
|
1952
|
+
if (endo) {
|
|
1953
|
+
if (!Fp3.eql(a, Fp3.ZERO)) {
|
|
1954
|
+
throw new Error("Endomorphism can only be defined for Koblitz curves that have a=0");
|
|
1955
|
+
}
|
|
1956
|
+
if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
|
|
1957
|
+
throw new Error("Expected endomorphism with beta: bigint and splitScalar: function");
|
|
1958
|
+
}
|
|
3519
1959
|
}
|
|
3520
|
-
|
|
3521
|
-
const sinv = invert(s, n);
|
|
3522
|
-
const u1 = mod(h * sinv, n);
|
|
3523
|
-
const u2 = mod(r * sinv, n);
|
|
3524
|
-
const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
|
|
3525
|
-
if (!R)
|
|
3526
|
-
return false;
|
|
3527
|
-
const v = mod(R.x, n);
|
|
3528
|
-
return v === r;
|
|
1960
|
+
return Object.freeze({ ...opts });
|
|
3529
1961
|
}
|
|
3530
|
-
|
|
3531
|
-
var
|
|
3532
|
-
|
|
3533
|
-
|
|
3534
|
-
|
|
3535
|
-
var TAGGED_HASH_PREFIXES = {};
|
|
3536
|
-
var utils = {
|
|
3537
|
-
bytesToHex,
|
|
3538
|
-
hexToBytes,
|
|
3539
|
-
concatBytes,
|
|
3540
|
-
mod,
|
|
3541
|
-
invert,
|
|
3542
|
-
isValidPrivateKey(privateKey) {
|
|
3543
|
-
try {
|
|
3544
|
-
normalizePrivateKey(privateKey);
|
|
3545
|
-
return true;
|
|
3546
|
-
} catch (error) {
|
|
3547
|
-
return false;
|
|
1962
|
+
var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
|
|
1963
|
+
var DER = {
|
|
1964
|
+
Err: class DERErr extends Error {
|
|
1965
|
+
constructor(m = "") {
|
|
1966
|
+
super(m);
|
|
3548
1967
|
}
|
|
3549
1968
|
},
|
|
3550
|
-
|
|
3551
|
-
|
|
3552
|
-
|
|
3553
|
-
|
|
3554
|
-
|
|
3555
|
-
|
|
3556
|
-
|
|
3557
|
-
|
|
3558
|
-
|
|
3559
|
-
|
|
3560
|
-
if (
|
|
3561
|
-
|
|
3562
|
-
|
|
3563
|
-
const { randomBytes: randomBytes2 } = crypto3.node;
|
|
3564
|
-
return Uint8Array.from(randomBytes2(bytesLength));
|
|
3565
|
-
} else {
|
|
3566
|
-
throw new Error("The environment doesn't have randomBytes function");
|
|
3567
|
-
}
|
|
1969
|
+
_parseInt(data) {
|
|
1970
|
+
const { Err: E } = DER;
|
|
1971
|
+
if (data.length < 2 || data[0] !== 2)
|
|
1972
|
+
throw new E("Invalid signature integer tag");
|
|
1973
|
+
const len = data[1];
|
|
1974
|
+
const res = data.subarray(2, len + 2);
|
|
1975
|
+
if (!len || res.length !== len)
|
|
1976
|
+
throw new E("Invalid signature integer: wrong length");
|
|
1977
|
+
if (res[0] & 128)
|
|
1978
|
+
throw new E("Invalid signature integer: negative");
|
|
1979
|
+
if (res[0] === 0 && !(res[1] & 128))
|
|
1980
|
+
throw new E("Invalid signature integer: unnecessary leading zero");
|
|
1981
|
+
return { d: b2n(res), l: data.subarray(len + 2) };
|
|
3568
1982
|
},
|
|
3569
|
-
|
|
3570
|
-
|
|
1983
|
+
toSig(hex) {
|
|
1984
|
+
const { Err: E } = DER;
|
|
1985
|
+
const data = typeof hex === "string" ? h2b(hex) : hex;
|
|
1986
|
+
if (!(data instanceof Uint8Array))
|
|
1987
|
+
throw new Error("ui8a expected");
|
|
1988
|
+
let l = data.length;
|
|
1989
|
+
if (l < 2 || data[0] != 48)
|
|
1990
|
+
throw new E("Invalid signature tag");
|
|
1991
|
+
if (data[1] !== l - 2)
|
|
1992
|
+
throw new E("Invalid signature: incorrect length");
|
|
1993
|
+
const { d: r, l: sBytes } = DER._parseInt(data.subarray(2));
|
|
1994
|
+
const { d: s, l: rBytesLeft } = DER._parseInt(sBytes);
|
|
1995
|
+
if (rBytesLeft.length)
|
|
1996
|
+
throw new E("Invalid signature: left bytes after parsing");
|
|
1997
|
+
return { r, s };
|
|
3571
1998
|
},
|
|
3572
|
-
|
|
3573
|
-
|
|
3574
|
-
|
|
3575
|
-
|
|
3576
|
-
|
|
3577
|
-
|
|
3578
|
-
|
|
3579
|
-
|
|
3580
|
-
|
|
3581
|
-
|
|
3582
|
-
|
|
1999
|
+
hexFromSig(sig) {
|
|
2000
|
+
const slice = (s2) => Number.parseInt(s2[0], 16) & 8 ? "00" + s2 : s2;
|
|
2001
|
+
const h = (num) => {
|
|
2002
|
+
const hex = num.toString(16);
|
|
2003
|
+
return hex.length & 1 ? `0${hex}` : hex;
|
|
2004
|
+
};
|
|
2005
|
+
const s = slice(h(sig.s));
|
|
2006
|
+
const r = slice(h(sig.r));
|
|
2007
|
+
const shl = s.length / 2;
|
|
2008
|
+
const rhl = r.length / 2;
|
|
2009
|
+
const sl = h(shl);
|
|
2010
|
+
const rl = h(rhl);
|
|
2011
|
+
return `30${h(rhl + shl + 4)}02${rl}${r}02${sl}${s}`;
|
|
2012
|
+
}
|
|
2013
|
+
};
|
|
2014
|
+
var _0n4 = BigInt(0);
|
|
2015
|
+
var _1n4 = BigInt(1);
|
|
2016
|
+
var _2n3 = BigInt(2);
|
|
2017
|
+
var _3n2 = BigInt(3);
|
|
2018
|
+
var _4n2 = BigInt(4);
|
|
2019
|
+
function weierstrassPoints(opts) {
|
|
2020
|
+
const CURVE = validatePointOpts(opts);
|
|
2021
|
+
const { Fp: Fp3 } = CURVE;
|
|
2022
|
+
const toBytes2 = CURVE.toBytes || ((c, point, isCompressed) => {
|
|
2023
|
+
const a = point.toAffine();
|
|
2024
|
+
return concatBytes2(Uint8Array.from([4]), Fp3.toBytes(a.x), Fp3.toBytes(a.y));
|
|
2025
|
+
});
|
|
2026
|
+
const fromBytes = CURVE.fromBytes || ((bytes2) => {
|
|
2027
|
+
const tail = bytes2.subarray(1);
|
|
2028
|
+
const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
|
|
2029
|
+
const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
|
|
2030
|
+
return { x, y };
|
|
2031
|
+
});
|
|
2032
|
+
function weierstrassEquation(x) {
|
|
2033
|
+
const { a, b } = CURVE;
|
|
2034
|
+
const x2 = Fp3.sqr(x);
|
|
2035
|
+
const x3 = Fp3.mul(x2, x);
|
|
2036
|
+
return Fp3.add(Fp3.add(x3, Fp3.mul(x, a)), b);
|
|
2037
|
+
}
|
|
2038
|
+
if (!Fp3.eql(Fp3.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
|
|
2039
|
+
throw new Error("bad generator point: equation left != right");
|
|
2040
|
+
function isWithinCurveOrder(num) {
|
|
2041
|
+
return typeof num === "bigint" && _0n4 < num && num < CURVE.n;
|
|
2042
|
+
}
|
|
2043
|
+
function assertGE(num) {
|
|
2044
|
+
if (!isWithinCurveOrder(num))
|
|
2045
|
+
throw new Error("Expected valid bigint: 0 < bigint < curve.n");
|
|
2046
|
+
}
|
|
2047
|
+
function normPrivateKeyToScalar(key) {
|
|
2048
|
+
const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
|
|
2049
|
+
if (lengths && typeof key !== "bigint") {
|
|
2050
|
+
if (key instanceof Uint8Array)
|
|
2051
|
+
key = bytesToHex(key);
|
|
2052
|
+
if (typeof key !== "string" || !lengths.includes(key.length))
|
|
2053
|
+
throw new Error("Invalid key");
|
|
2054
|
+
key = key.padStart(nByteLength * 2, "0");
|
|
2055
|
+
}
|
|
2056
|
+
let num;
|
|
2057
|
+
try {
|
|
2058
|
+
num = typeof key === "bigint" ? key : bytesToNumberBE(ensureBytes("private key", key, nByteLength));
|
|
2059
|
+
} catch (error) {
|
|
2060
|
+
throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
|
|
3583
2061
|
}
|
|
3584
|
-
|
|
3585
|
-
|
|
3586
|
-
|
|
3587
|
-
|
|
3588
|
-
|
|
3589
|
-
|
|
3590
|
-
|
|
3591
|
-
|
|
3592
|
-
|
|
3593
|
-
|
|
3594
|
-
|
|
3595
|
-
|
|
3596
|
-
|
|
3597
|
-
|
|
2062
|
+
if (wrapPrivateKey)
|
|
2063
|
+
num = mod(num, n);
|
|
2064
|
+
assertGE(num);
|
|
2065
|
+
return num;
|
|
2066
|
+
}
|
|
2067
|
+
const pointPrecomputes = /* @__PURE__ */ new Map();
|
|
2068
|
+
function assertPrjPoint(other) {
|
|
2069
|
+
if (!(other instanceof Point2))
|
|
2070
|
+
throw new Error("ProjectivePoint expected");
|
|
2071
|
+
}
|
|
2072
|
+
class Point2 {
|
|
2073
|
+
constructor(px, py, pz) {
|
|
2074
|
+
this.px = px;
|
|
2075
|
+
this.py = py;
|
|
2076
|
+
this.pz = pz;
|
|
2077
|
+
if (px == null || !Fp3.isValid(px))
|
|
2078
|
+
throw new Error("x required");
|
|
2079
|
+
if (py == null || !Fp3.isValid(py))
|
|
2080
|
+
throw new Error("y required");
|
|
2081
|
+
if (pz == null || !Fp3.isValid(pz))
|
|
2082
|
+
throw new Error("z required");
|
|
2083
|
+
}
|
|
2084
|
+
static fromAffine(p) {
|
|
2085
|
+
const { x, y } = p || {};
|
|
2086
|
+
if (!p || !Fp3.isValid(x) || !Fp3.isValid(y))
|
|
2087
|
+
throw new Error("invalid affine point");
|
|
2088
|
+
if (p instanceof Point2)
|
|
2089
|
+
throw new Error("projective point not allowed");
|
|
2090
|
+
const is0 = (i) => Fp3.eql(i, Fp3.ZERO);
|
|
2091
|
+
if (is0(x) && is0(y))
|
|
2092
|
+
return Point2.ZERO;
|
|
2093
|
+
return new Point2(x, y, Fp3.ONE);
|
|
2094
|
+
}
|
|
2095
|
+
get x() {
|
|
2096
|
+
return this.toAffine().x;
|
|
2097
|
+
}
|
|
2098
|
+
get y() {
|
|
2099
|
+
return this.toAffine().y;
|
|
2100
|
+
}
|
|
2101
|
+
static normalizeZ(points) {
|
|
2102
|
+
const toInv = Fp3.invertBatch(points.map((p) => p.pz));
|
|
2103
|
+
return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
|
|
2104
|
+
}
|
|
2105
|
+
static fromHex(hex) {
|
|
2106
|
+
const P = Point2.fromAffine(fromBytes(ensureBytes("pointHex", hex)));
|
|
2107
|
+
P.assertValidity();
|
|
2108
|
+
return P;
|
|
2109
|
+
}
|
|
2110
|
+
static fromPrivateKey(privateKey) {
|
|
2111
|
+
return Point2.BASE.multiply(normPrivateKeyToScalar(privateKey));
|
|
2112
|
+
}
|
|
2113
|
+
_setWindowSize(windowSize) {
|
|
2114
|
+
this._WINDOW_SIZE = windowSize;
|
|
2115
|
+
pointPrecomputes.delete(this);
|
|
2116
|
+
}
|
|
2117
|
+
assertValidity() {
|
|
2118
|
+
if (this.is0()) {
|
|
2119
|
+
if (CURVE.allowInfinityPoint)
|
|
2120
|
+
return;
|
|
2121
|
+
throw new Error("bad point: ZERO");
|
|
2122
|
+
}
|
|
2123
|
+
const { x, y } = this.toAffine();
|
|
2124
|
+
if (!Fp3.isValid(x) || !Fp3.isValid(y))
|
|
2125
|
+
throw new Error("bad point: x or y not FE");
|
|
2126
|
+
const left = Fp3.sqr(y);
|
|
2127
|
+
const right = weierstrassEquation(x);
|
|
2128
|
+
if (!Fp3.eql(left, right))
|
|
2129
|
+
throw new Error("bad point: equation left != right");
|
|
2130
|
+
if (!this.isTorsionFree())
|
|
2131
|
+
throw new Error("bad point: not in prime-order subgroup");
|
|
2132
|
+
}
|
|
2133
|
+
hasEvenY() {
|
|
2134
|
+
const { y } = this.toAffine();
|
|
2135
|
+
if (Fp3.isOdd)
|
|
2136
|
+
return !Fp3.isOdd(y);
|
|
2137
|
+
throw new Error("Field doesn't support isOdd");
|
|
2138
|
+
}
|
|
2139
|
+
equals(other) {
|
|
2140
|
+
assertPrjPoint(other);
|
|
2141
|
+
const { px: X1, py: Y1, pz: Z1 } = this;
|
|
2142
|
+
const { px: X2, py: Y2, pz: Z2 } = other;
|
|
2143
|
+
const U1 = Fp3.eql(Fp3.mul(X1, Z2), Fp3.mul(X2, Z1));
|
|
2144
|
+
const U2 = Fp3.eql(Fp3.mul(Y1, Z2), Fp3.mul(Y2, Z1));
|
|
2145
|
+
return U1 && U2;
|
|
2146
|
+
}
|
|
2147
|
+
negate() {
|
|
2148
|
+
return new Point2(this.px, Fp3.neg(this.py), this.pz);
|
|
2149
|
+
}
|
|
2150
|
+
double() {
|
|
2151
|
+
const { a, b } = CURVE;
|
|
2152
|
+
const b3 = Fp3.mul(b, _3n2);
|
|
2153
|
+
const { px: X1, py: Y1, pz: Z1 } = this;
|
|
2154
|
+
let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
|
|
2155
|
+
let t0 = Fp3.mul(X1, X1);
|
|
2156
|
+
let t1 = Fp3.mul(Y1, Y1);
|
|
2157
|
+
let t2 = Fp3.mul(Z1, Z1);
|
|
2158
|
+
let t3 = Fp3.mul(X1, Y1);
|
|
2159
|
+
t3 = Fp3.add(t3, t3);
|
|
2160
|
+
Z3 = Fp3.mul(X1, Z1);
|
|
2161
|
+
Z3 = Fp3.add(Z3, Z3);
|
|
2162
|
+
X3 = Fp3.mul(a, Z3);
|
|
2163
|
+
Y3 = Fp3.mul(b3, t2);
|
|
2164
|
+
Y3 = Fp3.add(X3, Y3);
|
|
2165
|
+
X3 = Fp3.sub(t1, Y3);
|
|
2166
|
+
Y3 = Fp3.add(t1, Y3);
|
|
2167
|
+
Y3 = Fp3.mul(X3, Y3);
|
|
2168
|
+
X3 = Fp3.mul(t3, X3);
|
|
2169
|
+
Z3 = Fp3.mul(b3, Z3);
|
|
2170
|
+
t2 = Fp3.mul(a, t2);
|
|
2171
|
+
t3 = Fp3.sub(t0, t2);
|
|
2172
|
+
t3 = Fp3.mul(a, t3);
|
|
2173
|
+
t3 = Fp3.add(t3, Z3);
|
|
2174
|
+
Z3 = Fp3.add(t0, t0);
|
|
2175
|
+
t0 = Fp3.add(Z3, t0);
|
|
2176
|
+
t0 = Fp3.add(t0, t2);
|
|
2177
|
+
t0 = Fp3.mul(t0, t3);
|
|
2178
|
+
Y3 = Fp3.add(Y3, t0);
|
|
2179
|
+
t2 = Fp3.mul(Y1, Z1);
|
|
2180
|
+
t2 = Fp3.add(t2, t2);
|
|
2181
|
+
t0 = Fp3.mul(t2, t3);
|
|
2182
|
+
X3 = Fp3.sub(X3, t0);
|
|
2183
|
+
Z3 = Fp3.mul(t2, t1);
|
|
2184
|
+
Z3 = Fp3.add(Z3, Z3);
|
|
2185
|
+
Z3 = Fp3.add(Z3, Z3);
|
|
2186
|
+
return new Point2(X3, Y3, Z3);
|
|
2187
|
+
}
|
|
2188
|
+
add(other) {
|
|
2189
|
+
assertPrjPoint(other);
|
|
2190
|
+
const { px: X1, py: Y1, pz: Z1 } = this;
|
|
2191
|
+
const { px: X2, py: Y2, pz: Z2 } = other;
|
|
2192
|
+
let X3 = Fp3.ZERO, Y3 = Fp3.ZERO, Z3 = Fp3.ZERO;
|
|
2193
|
+
const a = CURVE.a;
|
|
2194
|
+
const b3 = Fp3.mul(CURVE.b, _3n2);
|
|
2195
|
+
let t0 = Fp3.mul(X1, X2);
|
|
2196
|
+
let t1 = Fp3.mul(Y1, Y2);
|
|
2197
|
+
let t2 = Fp3.mul(Z1, Z2);
|
|
2198
|
+
let t3 = Fp3.add(X1, Y1);
|
|
2199
|
+
let t4 = Fp3.add(X2, Y2);
|
|
2200
|
+
t3 = Fp3.mul(t3, t4);
|
|
2201
|
+
t4 = Fp3.add(t0, t1);
|
|
2202
|
+
t3 = Fp3.sub(t3, t4);
|
|
2203
|
+
t4 = Fp3.add(X1, Z1);
|
|
2204
|
+
let t5 = Fp3.add(X2, Z2);
|
|
2205
|
+
t4 = Fp3.mul(t4, t5);
|
|
2206
|
+
t5 = Fp3.add(t0, t2);
|
|
2207
|
+
t4 = Fp3.sub(t4, t5);
|
|
2208
|
+
t5 = Fp3.add(Y1, Z1);
|
|
2209
|
+
X3 = Fp3.add(Y2, Z2);
|
|
2210
|
+
t5 = Fp3.mul(t5, X3);
|
|
2211
|
+
X3 = Fp3.add(t1, t2);
|
|
2212
|
+
t5 = Fp3.sub(t5, X3);
|
|
2213
|
+
Z3 = Fp3.mul(a, t4);
|
|
2214
|
+
X3 = Fp3.mul(b3, t2);
|
|
2215
|
+
Z3 = Fp3.add(X3, Z3);
|
|
2216
|
+
X3 = Fp3.sub(t1, Z3);
|
|
2217
|
+
Z3 = Fp3.add(t1, Z3);
|
|
2218
|
+
Y3 = Fp3.mul(X3, Z3);
|
|
2219
|
+
t1 = Fp3.add(t0, t0);
|
|
2220
|
+
t1 = Fp3.add(t1, t0);
|
|
2221
|
+
t2 = Fp3.mul(a, t2);
|
|
2222
|
+
t4 = Fp3.mul(b3, t4);
|
|
2223
|
+
t1 = Fp3.add(t1, t2);
|
|
2224
|
+
t2 = Fp3.sub(t0, t2);
|
|
2225
|
+
t2 = Fp3.mul(a, t2);
|
|
2226
|
+
t4 = Fp3.add(t4, t2);
|
|
2227
|
+
t0 = Fp3.mul(t1, t4);
|
|
2228
|
+
Y3 = Fp3.add(Y3, t0);
|
|
2229
|
+
t0 = Fp3.mul(t5, t4);
|
|
2230
|
+
X3 = Fp3.mul(t3, X3);
|
|
2231
|
+
X3 = Fp3.sub(X3, t0);
|
|
2232
|
+
t0 = Fp3.mul(t3, t1);
|
|
2233
|
+
Z3 = Fp3.mul(t5, Z3);
|
|
2234
|
+
Z3 = Fp3.add(Z3, t0);
|
|
2235
|
+
return new Point2(X3, Y3, Z3);
|
|
2236
|
+
}
|
|
2237
|
+
subtract(other) {
|
|
2238
|
+
return this.add(other.negate());
|
|
2239
|
+
}
|
|
2240
|
+
is0() {
|
|
2241
|
+
return this.equals(Point2.ZERO);
|
|
2242
|
+
}
|
|
2243
|
+
wNAF(n) {
|
|
2244
|
+
return wnaf.wNAFCached(this, pointPrecomputes, n, (comp) => {
|
|
2245
|
+
const toInv = Fp3.invertBatch(comp.map((p) => p.pz));
|
|
2246
|
+
return comp.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
|
|
2247
|
+
});
|
|
3598
2248
|
}
|
|
3599
|
-
|
|
3600
|
-
|
|
3601
|
-
|
|
3602
|
-
|
|
3603
|
-
|
|
3604
|
-
|
|
3605
|
-
|
|
3606
|
-
|
|
3607
|
-
|
|
3608
|
-
|
|
3609
|
-
|
|
3610
|
-
|
|
3611
|
-
|
|
3612
|
-
|
|
3613
|
-
|
|
3614
|
-
|
|
3615
|
-
|
|
3616
|
-
|
|
3617
|
-
|
|
3618
|
-
|
|
3619
|
-
|
|
3620
|
-
|
|
3621
|
-
|
|
3622
|
-
|
|
3623
|
-
|
|
3624
|
-
|
|
3625
|
-
|
|
3626
|
-
|
|
3627
|
-
|
|
3628
|
-
}
|
|
3629
|
-
|
|
3630
|
-
|
|
3631
|
-
|
|
3632
|
-
|
|
3633
|
-
|
|
2249
|
+
multiplyUnsafe(n) {
|
|
2250
|
+
const I = Point2.ZERO;
|
|
2251
|
+
if (n === _0n4)
|
|
2252
|
+
return I;
|
|
2253
|
+
assertGE(n);
|
|
2254
|
+
if (n === _1n4)
|
|
2255
|
+
return this;
|
|
2256
|
+
const { endo } = CURVE;
|
|
2257
|
+
if (!endo)
|
|
2258
|
+
return wnaf.unsafeLadder(this, n);
|
|
2259
|
+
let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
|
|
2260
|
+
let k1p = I;
|
|
2261
|
+
let k2p = I;
|
|
2262
|
+
let d = this;
|
|
2263
|
+
while (k1 > _0n4 || k2 > _0n4) {
|
|
2264
|
+
if (k1 & _1n4)
|
|
2265
|
+
k1p = k1p.add(d);
|
|
2266
|
+
if (k2 & _1n4)
|
|
2267
|
+
k2p = k2p.add(d);
|
|
2268
|
+
d = d.double();
|
|
2269
|
+
k1 >>= _1n4;
|
|
2270
|
+
k2 >>= _1n4;
|
|
2271
|
+
}
|
|
2272
|
+
if (k1neg)
|
|
2273
|
+
k1p = k1p.negate();
|
|
2274
|
+
if (k2neg)
|
|
2275
|
+
k2p = k2p.negate();
|
|
2276
|
+
k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
|
|
2277
|
+
return k1p.add(k2p);
|
|
2278
|
+
}
|
|
2279
|
+
multiply(scalar) {
|
|
2280
|
+
assertGE(scalar);
|
|
2281
|
+
let n = scalar;
|
|
2282
|
+
let point, fake;
|
|
2283
|
+
const { endo } = CURVE;
|
|
2284
|
+
if (endo) {
|
|
2285
|
+
const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
|
|
2286
|
+
let { p: k1p, f: f1p } = this.wNAF(k1);
|
|
2287
|
+
let { p: k2p, f: f2p } = this.wNAF(k2);
|
|
2288
|
+
k1p = wnaf.constTimeNegate(k1neg, k1p);
|
|
2289
|
+
k2p = wnaf.constTimeNegate(k2neg, k2p);
|
|
2290
|
+
k2p = new Point2(Fp3.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
|
|
2291
|
+
point = k1p.add(k2p);
|
|
2292
|
+
fake = f1p.add(f2p);
|
|
2293
|
+
} else {
|
|
2294
|
+
const { p, f } = this.wNAF(n);
|
|
2295
|
+
point = p;
|
|
2296
|
+
fake = f;
|
|
2297
|
+
}
|
|
2298
|
+
return Point2.normalizeZ([point, fake])[0];
|
|
2299
|
+
}
|
|
2300
|
+
multiplyAndAddUnsafe(Q, a, b) {
|
|
2301
|
+
const G = Point2.BASE;
|
|
2302
|
+
const mul = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
|
|
2303
|
+
const sum = mul(this, a).add(mul(Q, b));
|
|
2304
|
+
return sum.is0() ? void 0 : sum;
|
|
2305
|
+
}
|
|
2306
|
+
toAffine(iz) {
|
|
2307
|
+
const { px: x, py: y, pz: z } = this;
|
|
2308
|
+
const is0 = this.is0();
|
|
2309
|
+
if (iz == null)
|
|
2310
|
+
iz = is0 ? Fp3.ONE : Fp3.inv(z);
|
|
2311
|
+
const ax = Fp3.mul(x, iz);
|
|
2312
|
+
const ay = Fp3.mul(y, iz);
|
|
2313
|
+
const zz = Fp3.mul(z, iz);
|
|
2314
|
+
if (is0)
|
|
2315
|
+
return { x: Fp3.ZERO, y: Fp3.ZERO };
|
|
2316
|
+
if (!Fp3.eql(zz, Fp3.ONE))
|
|
2317
|
+
throw new Error("invZ was invalid");
|
|
2318
|
+
return { x: ax, y: ay };
|
|
2319
|
+
}
|
|
2320
|
+
isTorsionFree() {
|
|
2321
|
+
const { h: cofactor, isTorsionFree } = CURVE;
|
|
2322
|
+
if (cofactor === _1n4)
|
|
2323
|
+
return true;
|
|
2324
|
+
if (isTorsionFree)
|
|
2325
|
+
return isTorsionFree(Point2, this);
|
|
2326
|
+
throw new Error("isTorsionFree() has not been declared for the elliptic curve");
|
|
2327
|
+
}
|
|
2328
|
+
clearCofactor() {
|
|
2329
|
+
const { h: cofactor, clearCofactor } = CURVE;
|
|
2330
|
+
if (cofactor === _1n4)
|
|
2331
|
+
return this;
|
|
2332
|
+
if (clearCofactor)
|
|
2333
|
+
return clearCofactor(Point2, this);
|
|
2334
|
+
return this.multiplyUnsafe(CURVE.h);
|
|
2335
|
+
}
|
|
2336
|
+
toRawBytes(isCompressed = true) {
|
|
2337
|
+
this.assertValidity();
|
|
2338
|
+
return toBytes2(Point2, this, isCompressed);
|
|
2339
|
+
}
|
|
2340
|
+
toHex(isCompressed = true) {
|
|
2341
|
+
return bytesToHex(this.toRawBytes(isCompressed));
|
|
2342
|
+
}
|
|
2343
|
+
}
|
|
2344
|
+
Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp3.ONE);
|
|
2345
|
+
Point2.ZERO = new Point2(Fp3.ZERO, Fp3.ONE, Fp3.ZERO);
|
|
2346
|
+
const _bits = CURVE.nBitLength;
|
|
2347
|
+
const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
|
|
2348
|
+
return {
|
|
2349
|
+
CURVE,
|
|
2350
|
+
ProjectivePoint: Point2,
|
|
2351
|
+
normPrivateKeyToScalar,
|
|
2352
|
+
weierstrassEquation,
|
|
2353
|
+
isWithinCurveOrder
|
|
2354
|
+
};
|
|
2355
|
+
}
|
|
2356
|
+
function validateOpts(curve) {
|
|
2357
|
+
const opts = validateBasic(curve);
|
|
2358
|
+
validateObject(opts, {
|
|
2359
|
+
hash: "hash",
|
|
2360
|
+
hmac: "function",
|
|
2361
|
+
randomBytes: "function"
|
|
2362
|
+
}, {
|
|
2363
|
+
bits2int: "function",
|
|
2364
|
+
bits2int_modN: "function",
|
|
2365
|
+
lowS: "boolean"
|
|
2366
|
+
});
|
|
2367
|
+
return Object.freeze({ lowS: true, ...opts });
|
|
2368
|
+
}
|
|
2369
|
+
function weierstrass(curveDef) {
|
|
2370
|
+
const CURVE = validateOpts(curveDef);
|
|
2371
|
+
const { Fp: Fp3, n: CURVE_ORDER } = CURVE;
|
|
2372
|
+
const compressedLen = Fp3.BYTES + 1;
|
|
2373
|
+
const uncompressedLen = 2 * Fp3.BYTES + 1;
|
|
2374
|
+
function isValidFieldElement(num) {
|
|
2375
|
+
return _0n4 < num && num < Fp3.ORDER;
|
|
2376
|
+
}
|
|
2377
|
+
function modN(a) {
|
|
2378
|
+
return mod(a, CURVE_ORDER);
|
|
2379
|
+
}
|
|
2380
|
+
function invN(a) {
|
|
2381
|
+
return invert(a, CURVE_ORDER);
|
|
2382
|
+
}
|
|
2383
|
+
const { ProjectivePoint: Point2, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder } = weierstrassPoints({
|
|
2384
|
+
...CURVE,
|
|
2385
|
+
toBytes(c, point, isCompressed) {
|
|
2386
|
+
const a = point.toAffine();
|
|
2387
|
+
const x = Fp3.toBytes(a.x);
|
|
2388
|
+
const cat = concatBytes2;
|
|
2389
|
+
if (isCompressed) {
|
|
2390
|
+
return cat(Uint8Array.from([point.hasEvenY() ? 2 : 3]), x);
|
|
2391
|
+
} else {
|
|
2392
|
+
return cat(Uint8Array.from([4]), x, Fp3.toBytes(a.y));
|
|
2393
|
+
}
|
|
3634
2394
|
},
|
|
3635
|
-
|
|
3636
|
-
|
|
3637
|
-
|
|
2395
|
+
fromBytes(bytes2) {
|
|
2396
|
+
const len = bytes2.length;
|
|
2397
|
+
const head = bytes2[0];
|
|
2398
|
+
const tail = bytes2.subarray(1);
|
|
2399
|
+
if (len === compressedLen && (head === 2 || head === 3)) {
|
|
2400
|
+
const x = bytesToNumberBE(tail);
|
|
2401
|
+
if (!isValidFieldElement(x))
|
|
2402
|
+
throw new Error("Point is not on curve");
|
|
2403
|
+
const y2 = weierstrassEquation(x);
|
|
2404
|
+
let y = Fp3.sqrt(y2);
|
|
2405
|
+
const isYOdd = (y & _1n4) === _1n4;
|
|
2406
|
+
const isHeadOdd = (head & 1) === 1;
|
|
2407
|
+
if (isHeadOdd !== isYOdd)
|
|
2408
|
+
y = Fp3.neg(y);
|
|
2409
|
+
return { x, y };
|
|
2410
|
+
} else if (len === uncompressedLen && head === 4) {
|
|
2411
|
+
const x = Fp3.fromBytes(tail.subarray(0, Fp3.BYTES));
|
|
2412
|
+
const y = Fp3.fromBytes(tail.subarray(Fp3.BYTES, 2 * Fp3.BYTES));
|
|
2413
|
+
return { x, y };
|
|
2414
|
+
} else {
|
|
2415
|
+
throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
|
|
2416
|
+
}
|
|
3638
2417
|
}
|
|
3639
|
-
}
|
|
3640
|
-
|
|
3641
|
-
|
|
3642
|
-
|
|
3643
|
-
|
|
2418
|
+
});
|
|
2419
|
+
const numToNByteStr = (num) => bytesToHex(numberToBytesBE(num, CURVE.nByteLength));
|
|
2420
|
+
function isBiggerThanHalfOrder(number2) {
|
|
2421
|
+
const HALF = CURVE_ORDER >> _1n4;
|
|
2422
|
+
return number2 > HALF;
|
|
2423
|
+
}
|
|
2424
|
+
function normalizeS(s) {
|
|
2425
|
+
return isBiggerThanHalfOrder(s) ? modN(-s) : s;
|
|
2426
|
+
}
|
|
2427
|
+
const slcNum = (b, from3, to) => bytesToNumberBE(b.slice(from3, to));
|
|
2428
|
+
class Signature {
|
|
2429
|
+
constructor(r, s, recovery) {
|
|
2430
|
+
this.r = r;
|
|
2431
|
+
this.s = s;
|
|
2432
|
+
this.recovery = recovery;
|
|
2433
|
+
this.assertValidity();
|
|
2434
|
+
}
|
|
2435
|
+
static fromCompact(hex) {
|
|
2436
|
+
const l = CURVE.nByteLength;
|
|
2437
|
+
hex = ensureBytes("compactSignature", hex, l * 2);
|
|
2438
|
+
return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
|
|
2439
|
+
}
|
|
2440
|
+
static fromDER(hex) {
|
|
2441
|
+
const { r, s } = DER.toSig(ensureBytes("DER", hex));
|
|
2442
|
+
return new Signature(r, s);
|
|
2443
|
+
}
|
|
2444
|
+
assertValidity() {
|
|
2445
|
+
if (!isWithinCurveOrder(this.r))
|
|
2446
|
+
throw new Error("r must be 0 < r < CURVE.n");
|
|
2447
|
+
if (!isWithinCurveOrder(this.s))
|
|
2448
|
+
throw new Error("s must be 0 < s < CURVE.n");
|
|
2449
|
+
}
|
|
2450
|
+
addRecoveryBit(recovery) {
|
|
2451
|
+
return new Signature(this.r, this.s, recovery);
|
|
2452
|
+
}
|
|
2453
|
+
recoverPublicKey(msgHash) {
|
|
2454
|
+
const { r, s, recovery: rec } = this;
|
|
2455
|
+
const h = bits2int_modN(ensureBytes("msgHash", msgHash));
|
|
2456
|
+
if (rec == null || ![0, 1, 2, 3].includes(rec))
|
|
2457
|
+
throw new Error("recovery id invalid");
|
|
2458
|
+
const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
|
|
2459
|
+
if (radj >= Fp3.ORDER)
|
|
2460
|
+
throw new Error("recovery id 2 or 3 invalid");
|
|
2461
|
+
const prefix = (rec & 1) === 0 ? "02" : "03";
|
|
2462
|
+
const R = Point2.fromHex(prefix + numToNByteStr(radj));
|
|
2463
|
+
const ir = invN(radj);
|
|
2464
|
+
const u1 = modN(-h * ir);
|
|
2465
|
+
const u2 = modN(s * ir);
|
|
2466
|
+
const Q = Point2.BASE.multiplyAndAddUnsafe(R, u1, u2);
|
|
2467
|
+
if (!Q)
|
|
2468
|
+
throw new Error("point at infinify");
|
|
2469
|
+
Q.assertValidity();
|
|
2470
|
+
return Q;
|
|
2471
|
+
}
|
|
2472
|
+
hasHighS() {
|
|
2473
|
+
return isBiggerThanHalfOrder(this.s);
|
|
2474
|
+
}
|
|
2475
|
+
normalizeS() {
|
|
2476
|
+
return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;
|
|
2477
|
+
}
|
|
2478
|
+
toDERRawBytes() {
|
|
2479
|
+
return hexToBytes(this.toDERHex());
|
|
2480
|
+
}
|
|
2481
|
+
toDERHex() {
|
|
2482
|
+
return DER.hexFromSig({ r: this.r, s: this.s });
|
|
2483
|
+
}
|
|
2484
|
+
toCompactRawBytes() {
|
|
2485
|
+
return hexToBytes(this.toCompactHex());
|
|
2486
|
+
}
|
|
2487
|
+
toCompactHex() {
|
|
2488
|
+
return numToNByteStr(this.r) + numToNByteStr(this.s);
|
|
2489
|
+
}
|
|
2490
|
+
}
|
|
2491
|
+
const utils = {
|
|
2492
|
+
isValidPrivateKey(privateKey) {
|
|
2493
|
+
try {
|
|
2494
|
+
normPrivateKeyToScalar(privateKey);
|
|
2495
|
+
return true;
|
|
2496
|
+
} catch (error) {
|
|
2497
|
+
return false;
|
|
2498
|
+
}
|
|
2499
|
+
},
|
|
2500
|
+
normPrivateKeyToScalar,
|
|
2501
|
+
randomPrivateKey: () => {
|
|
2502
|
+
const rand = CURVE.randomBytes(Fp3.BYTES + 8);
|
|
2503
|
+
const num = hashToPrivateScalar(rand, CURVE_ORDER);
|
|
2504
|
+
return numberToBytesBE(num, CURVE.nByteLength);
|
|
3644
2505
|
},
|
|
3645
|
-
|
|
3646
|
-
|
|
3647
|
-
|
|
2506
|
+
precompute(windowSize = 8, point = Point2.BASE) {
|
|
2507
|
+
point._setWindowSize(windowSize);
|
|
2508
|
+
point.multiply(BigInt(3));
|
|
2509
|
+
return point;
|
|
3648
2510
|
}
|
|
2511
|
+
};
|
|
2512
|
+
function getPublicKey(privateKey, isCompressed = true) {
|
|
2513
|
+
return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
|
|
2514
|
+
}
|
|
2515
|
+
function isProbPub(item) {
|
|
2516
|
+
const arr = item instanceof Uint8Array;
|
|
2517
|
+
const str = typeof item === "string";
|
|
2518
|
+
const len = (arr || str) && item.length;
|
|
2519
|
+
if (arr)
|
|
2520
|
+
return len === compressedLen || len === uncompressedLen;
|
|
2521
|
+
if (str)
|
|
2522
|
+
return len === 2 * compressedLen || len === 2 * uncompressedLen;
|
|
2523
|
+
if (item instanceof Point2)
|
|
2524
|
+
return true;
|
|
2525
|
+
return false;
|
|
3649
2526
|
}
|
|
3650
|
-
|
|
2527
|
+
function getSharedSecret(privateA, publicB, isCompressed = true) {
|
|
2528
|
+
if (isProbPub(privateA))
|
|
2529
|
+
throw new Error("first arg must be private key");
|
|
2530
|
+
if (!isProbPub(publicB))
|
|
2531
|
+
throw new Error("second arg must be public key");
|
|
2532
|
+
const b = Point2.fromHex(publicB);
|
|
2533
|
+
return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
|
|
2534
|
+
}
|
|
2535
|
+
const bits2int = CURVE.bits2int || function(bytes2) {
|
|
2536
|
+
const num = bytesToNumberBE(bytes2);
|
|
2537
|
+
const delta = bytes2.length * 8 - CURVE.nBitLength;
|
|
2538
|
+
return delta > 0 ? num >> BigInt(delta) : num;
|
|
2539
|
+
};
|
|
2540
|
+
const bits2int_modN = CURVE.bits2int_modN || function(bytes2) {
|
|
2541
|
+
return modN(bits2int(bytes2));
|
|
2542
|
+
};
|
|
2543
|
+
const ORDER_MASK = bitMask(CURVE.nBitLength);
|
|
2544
|
+
function int2octets(num) {
|
|
2545
|
+
if (typeof num !== "bigint")
|
|
2546
|
+
throw new Error("bigint expected");
|
|
2547
|
+
if (!(_0n4 <= num && num < ORDER_MASK))
|
|
2548
|
+
throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
|
|
2549
|
+
return numberToBytesBE(num, CURVE.nByteLength);
|
|
2550
|
+
}
|
|
2551
|
+
function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
|
|
2552
|
+
if (["recovered", "canonical"].some((k) => k in opts))
|
|
2553
|
+
throw new Error("sign() legacy options not supported");
|
|
2554
|
+
const { hash: hash2, randomBytes: randomBytes3 } = CURVE;
|
|
2555
|
+
let { lowS, prehash, extraEntropy: ent } = opts;
|
|
2556
|
+
if (lowS == null)
|
|
2557
|
+
lowS = true;
|
|
2558
|
+
msgHash = ensureBytes("msgHash", msgHash);
|
|
2559
|
+
if (prehash)
|
|
2560
|
+
msgHash = ensureBytes("prehashed msgHash", hash2(msgHash));
|
|
2561
|
+
const h1int = bits2int_modN(msgHash);
|
|
2562
|
+
const d = normPrivateKeyToScalar(privateKey);
|
|
2563
|
+
const seedArgs = [int2octets(d), int2octets(h1int)];
|
|
2564
|
+
if (ent != null) {
|
|
2565
|
+
const e = ent === true ? randomBytes3(Fp3.BYTES) : ent;
|
|
2566
|
+
seedArgs.push(ensureBytes("extraEntropy", e, Fp3.BYTES));
|
|
2567
|
+
}
|
|
2568
|
+
const seed = concatBytes2(...seedArgs);
|
|
2569
|
+
const m = h1int;
|
|
2570
|
+
function k2sig(kBytes) {
|
|
2571
|
+
const k = bits2int(kBytes);
|
|
2572
|
+
if (!isWithinCurveOrder(k))
|
|
2573
|
+
return;
|
|
2574
|
+
const ik = invN(k);
|
|
2575
|
+
const q = Point2.BASE.multiply(k).toAffine();
|
|
2576
|
+
const r = modN(q.x);
|
|
2577
|
+
if (r === _0n4)
|
|
2578
|
+
return;
|
|
2579
|
+
const s = modN(ik * modN(m + r * d));
|
|
2580
|
+
if (s === _0n4)
|
|
2581
|
+
return;
|
|
2582
|
+
let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
|
|
2583
|
+
let normS = s;
|
|
2584
|
+
if (lowS && isBiggerThanHalfOrder(s)) {
|
|
2585
|
+
normS = normalizeS(s);
|
|
2586
|
+
recovery ^= 1;
|
|
2587
|
+
}
|
|
2588
|
+
return new Signature(r, normS, recovery);
|
|
2589
|
+
}
|
|
2590
|
+
return { seed, k2sig };
|
|
2591
|
+
}
|
|
2592
|
+
const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
|
|
2593
|
+
const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
|
|
2594
|
+
function sign(msgHash, privKey, opts = defaultSigOpts) {
|
|
2595
|
+
const { seed, k2sig } = prepSig(msgHash, privKey, opts);
|
|
2596
|
+
const C = CURVE;
|
|
2597
|
+
const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);
|
|
2598
|
+
return drbg(seed, k2sig);
|
|
2599
|
+
}
|
|
2600
|
+
Point2.BASE._setWindowSize(8);
|
|
2601
|
+
function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
|
|
2602
|
+
const sg = signature;
|
|
2603
|
+
msgHash = ensureBytes("msgHash", msgHash);
|
|
2604
|
+
publicKey = ensureBytes("publicKey", publicKey);
|
|
2605
|
+
if ("strict" in opts)
|
|
2606
|
+
throw new Error("options.strict was renamed to lowS");
|
|
2607
|
+
const { lowS, prehash } = opts;
|
|
2608
|
+
let _sig = void 0;
|
|
2609
|
+
let P;
|
|
2610
|
+
try {
|
|
2611
|
+
if (typeof sg === "string" || sg instanceof Uint8Array) {
|
|
2612
|
+
try {
|
|
2613
|
+
_sig = Signature.fromDER(sg);
|
|
2614
|
+
} catch (derError) {
|
|
2615
|
+
if (!(derError instanceof DER.Err))
|
|
2616
|
+
throw derError;
|
|
2617
|
+
_sig = Signature.fromCompact(sg);
|
|
2618
|
+
}
|
|
2619
|
+
} else if (typeof sg === "object" && typeof sg.r === "bigint" && typeof sg.s === "bigint") {
|
|
2620
|
+
const { r: r2, s: s2 } = sg;
|
|
2621
|
+
_sig = new Signature(r2, s2);
|
|
2622
|
+
} else {
|
|
2623
|
+
throw new Error("PARSE");
|
|
2624
|
+
}
|
|
2625
|
+
P = Point2.fromHex(publicKey);
|
|
2626
|
+
} catch (error) {
|
|
2627
|
+
if (error.message === "PARSE")
|
|
2628
|
+
throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
|
|
2629
|
+
return false;
|
|
2630
|
+
}
|
|
2631
|
+
if (lowS && _sig.hasHighS())
|
|
2632
|
+
return false;
|
|
2633
|
+
if (prehash)
|
|
2634
|
+
msgHash = CURVE.hash(msgHash);
|
|
2635
|
+
const { r, s } = _sig;
|
|
2636
|
+
const h = bits2int_modN(msgHash);
|
|
2637
|
+
const is = invN(s);
|
|
2638
|
+
const u1 = modN(h * is);
|
|
2639
|
+
const u2 = modN(r * is);
|
|
2640
|
+
const R = Point2.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine();
|
|
2641
|
+
if (!R)
|
|
2642
|
+
return false;
|
|
2643
|
+
const v = modN(R.x);
|
|
2644
|
+
return v === r;
|
|
2645
|
+
}
|
|
2646
|
+
return {
|
|
2647
|
+
CURVE,
|
|
2648
|
+
getPublicKey,
|
|
2649
|
+
getSharedSecret,
|
|
2650
|
+
sign,
|
|
2651
|
+
verify,
|
|
2652
|
+
ProjectivePoint: Point2,
|
|
2653
|
+
Signature,
|
|
2654
|
+
utils
|
|
2655
|
+
};
|
|
2656
|
+
}
|
|
2657
|
+
|
|
2658
|
+
// ../../node_modules/@noble/curves/esm/_shortw_utils.js
|
|
2659
|
+
function getHash(hash2) {
|
|
2660
|
+
return {
|
|
2661
|
+
hash: hash2,
|
|
2662
|
+
hmac: (key, ...msgs) => hmac(hash2, key, concatBytes(...msgs)),
|
|
2663
|
+
randomBytes
|
|
2664
|
+
};
|
|
2665
|
+
}
|
|
2666
|
+
function createCurve(curveDef, defHash) {
|
|
2667
|
+
const create2 = (hash2) => weierstrass({ ...curveDef, ...getHash(hash2) });
|
|
2668
|
+
return Object.freeze({ ...create2(defHash), create: create2 });
|
|
2669
|
+
}
|
|
2670
|
+
|
|
2671
|
+
// ../../node_modules/@noble/hashes/esm/_sha2.js
|
|
2672
|
+
function setBigUint64(view, byteOffset, value, isLE2) {
|
|
2673
|
+
if (typeof view.setBigUint64 === "function")
|
|
2674
|
+
return view.setBigUint64(byteOffset, value, isLE2);
|
|
2675
|
+
const _32n = BigInt(32);
|
|
2676
|
+
const _u32_max = BigInt(4294967295);
|
|
2677
|
+
const wh = Number(value >> _32n & _u32_max);
|
|
2678
|
+
const wl = Number(value & _u32_max);
|
|
2679
|
+
const h = isLE2 ? 4 : 0;
|
|
2680
|
+
const l = isLE2 ? 0 : 4;
|
|
2681
|
+
view.setUint32(byteOffset + h, wh, isLE2);
|
|
2682
|
+
view.setUint32(byteOffset + l, wl, isLE2);
|
|
2683
|
+
}
|
|
2684
|
+
var SHA2 = class extends Hash {
|
|
2685
|
+
constructor(blockLen, outputLen, padOffset, isLE2) {
|
|
2686
|
+
super();
|
|
2687
|
+
this.blockLen = blockLen;
|
|
2688
|
+
this.outputLen = outputLen;
|
|
2689
|
+
this.padOffset = padOffset;
|
|
2690
|
+
this.isLE = isLE2;
|
|
2691
|
+
this.finished = false;
|
|
2692
|
+
this.length = 0;
|
|
2693
|
+
this.pos = 0;
|
|
2694
|
+
this.destroyed = false;
|
|
2695
|
+
this.buffer = new Uint8Array(blockLen);
|
|
2696
|
+
this.view = createView(this.buffer);
|
|
2697
|
+
}
|
|
2698
|
+
update(data) {
|
|
2699
|
+
assert_default.exists(this);
|
|
2700
|
+
const { view, buffer, blockLen } = this;
|
|
2701
|
+
data = toBytes(data);
|
|
2702
|
+
const len = data.length;
|
|
2703
|
+
for (let pos = 0; pos < len; ) {
|
|
2704
|
+
const take = Math.min(blockLen - this.pos, len - pos);
|
|
2705
|
+
if (take === blockLen) {
|
|
2706
|
+
const dataView = createView(data);
|
|
2707
|
+
for (; blockLen <= len - pos; pos += blockLen)
|
|
2708
|
+
this.process(dataView, pos);
|
|
2709
|
+
continue;
|
|
2710
|
+
}
|
|
2711
|
+
buffer.set(data.subarray(pos, pos + take), this.pos);
|
|
2712
|
+
this.pos += take;
|
|
2713
|
+
pos += take;
|
|
2714
|
+
if (this.pos === blockLen) {
|
|
2715
|
+
this.process(view, 0);
|
|
2716
|
+
this.pos = 0;
|
|
2717
|
+
}
|
|
2718
|
+
}
|
|
2719
|
+
this.length += data.length;
|
|
2720
|
+
this.roundClean();
|
|
2721
|
+
return this;
|
|
2722
|
+
}
|
|
2723
|
+
digestInto(out) {
|
|
2724
|
+
assert_default.exists(this);
|
|
2725
|
+
assert_default.output(out, this);
|
|
2726
|
+
this.finished = true;
|
|
2727
|
+
const { buffer, view, blockLen, isLE: isLE2 } = this;
|
|
2728
|
+
let { pos } = this;
|
|
2729
|
+
buffer[pos++] = 128;
|
|
2730
|
+
this.buffer.subarray(pos).fill(0);
|
|
2731
|
+
if (this.padOffset > blockLen - pos) {
|
|
2732
|
+
this.process(view, 0);
|
|
2733
|
+
pos = 0;
|
|
2734
|
+
}
|
|
2735
|
+
for (let i = pos; i < blockLen; i++)
|
|
2736
|
+
buffer[i] = 0;
|
|
2737
|
+
setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
|
|
2738
|
+
this.process(view, 0);
|
|
2739
|
+
const oview = createView(out);
|
|
2740
|
+
const len = this.outputLen;
|
|
2741
|
+
if (len % 4)
|
|
2742
|
+
throw new Error("_sha2: outputLen should be aligned to 32bit");
|
|
2743
|
+
const outLen = len / 4;
|
|
2744
|
+
const state = this.get();
|
|
2745
|
+
if (outLen > state.length)
|
|
2746
|
+
throw new Error("_sha2: outputLen bigger than state");
|
|
2747
|
+
for (let i = 0; i < outLen; i++)
|
|
2748
|
+
oview.setUint32(4 * i, state[i], isLE2);
|
|
2749
|
+
}
|
|
2750
|
+
digest() {
|
|
2751
|
+
const { buffer, outputLen } = this;
|
|
2752
|
+
this.digestInto(buffer);
|
|
2753
|
+
const res = buffer.slice(0, outputLen);
|
|
2754
|
+
this.destroy();
|
|
2755
|
+
return res;
|
|
2756
|
+
}
|
|
2757
|
+
_cloneInto(to) {
|
|
2758
|
+
to || (to = new this.constructor());
|
|
2759
|
+
to.set(...this.get());
|
|
2760
|
+
const { blockLen, buffer, length: length2, finished, destroyed, pos } = this;
|
|
2761
|
+
to.length = length2;
|
|
2762
|
+
to.pos = pos;
|
|
2763
|
+
to.finished = finished;
|
|
2764
|
+
to.destroyed = destroyed;
|
|
2765
|
+
if (length2 % blockLen)
|
|
2766
|
+
to.buffer.set(buffer);
|
|
2767
|
+
return to;
|
|
2768
|
+
}
|
|
2769
|
+
};
|
|
2770
|
+
|
|
2771
|
+
// ../../node_modules/@noble/hashes/esm/sha256.js
|
|
2772
|
+
var Chi = (a, b, c) => a & b ^ ~a & c;
|
|
2773
|
+
var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
|
|
2774
|
+
var SHA256_K = new Uint32Array([
|
|
2775
|
+
1116352408,
|
|
2776
|
+
1899447441,
|
|
2777
|
+
3049323471,
|
|
2778
|
+
3921009573,
|
|
2779
|
+
961987163,
|
|
2780
|
+
1508970993,
|
|
2781
|
+
2453635748,
|
|
2782
|
+
2870763221,
|
|
2783
|
+
3624381080,
|
|
2784
|
+
310598401,
|
|
2785
|
+
607225278,
|
|
2786
|
+
1426881987,
|
|
2787
|
+
1925078388,
|
|
2788
|
+
2162078206,
|
|
2789
|
+
2614888103,
|
|
2790
|
+
3248222580,
|
|
2791
|
+
3835390401,
|
|
2792
|
+
4022224774,
|
|
2793
|
+
264347078,
|
|
2794
|
+
604807628,
|
|
2795
|
+
770255983,
|
|
2796
|
+
1249150122,
|
|
2797
|
+
1555081692,
|
|
2798
|
+
1996064986,
|
|
2799
|
+
2554220882,
|
|
2800
|
+
2821834349,
|
|
2801
|
+
2952996808,
|
|
2802
|
+
3210313671,
|
|
2803
|
+
3336571891,
|
|
2804
|
+
3584528711,
|
|
2805
|
+
113926993,
|
|
2806
|
+
338241895,
|
|
2807
|
+
666307205,
|
|
2808
|
+
773529912,
|
|
2809
|
+
1294757372,
|
|
2810
|
+
1396182291,
|
|
2811
|
+
1695183700,
|
|
2812
|
+
1986661051,
|
|
2813
|
+
2177026350,
|
|
2814
|
+
2456956037,
|
|
2815
|
+
2730485921,
|
|
2816
|
+
2820302411,
|
|
2817
|
+
3259730800,
|
|
2818
|
+
3345764771,
|
|
2819
|
+
3516065817,
|
|
2820
|
+
3600352804,
|
|
2821
|
+
4094571909,
|
|
2822
|
+
275423344,
|
|
2823
|
+
430227734,
|
|
2824
|
+
506948616,
|
|
2825
|
+
659060556,
|
|
2826
|
+
883997877,
|
|
2827
|
+
958139571,
|
|
2828
|
+
1322822218,
|
|
2829
|
+
1537002063,
|
|
2830
|
+
1747873779,
|
|
2831
|
+
1955562222,
|
|
2832
|
+
2024104815,
|
|
2833
|
+
2227730452,
|
|
2834
|
+
2361852424,
|
|
2835
|
+
2428436474,
|
|
2836
|
+
2756734187,
|
|
2837
|
+
3204031479,
|
|
2838
|
+
3329325298
|
|
2839
|
+
]);
|
|
2840
|
+
var IV = new Uint32Array([
|
|
2841
|
+
1779033703,
|
|
2842
|
+
3144134277,
|
|
2843
|
+
1013904242,
|
|
2844
|
+
2773480762,
|
|
2845
|
+
1359893119,
|
|
2846
|
+
2600822924,
|
|
2847
|
+
528734635,
|
|
2848
|
+
1541459225
|
|
2849
|
+
]);
|
|
2850
|
+
var SHA256_W = new Uint32Array(64);
|
|
2851
|
+
var SHA256 = class extends SHA2 {
|
|
2852
|
+
constructor() {
|
|
2853
|
+
super(64, 32, 8, false);
|
|
2854
|
+
this.A = IV[0] | 0;
|
|
2855
|
+
this.B = IV[1] | 0;
|
|
2856
|
+
this.C = IV[2] | 0;
|
|
2857
|
+
this.D = IV[3] | 0;
|
|
2858
|
+
this.E = IV[4] | 0;
|
|
2859
|
+
this.F = IV[5] | 0;
|
|
2860
|
+
this.G = IV[6] | 0;
|
|
2861
|
+
this.H = IV[7] | 0;
|
|
2862
|
+
}
|
|
2863
|
+
get() {
|
|
2864
|
+
const { A, B, C, D, E, F, G, H } = this;
|
|
2865
|
+
return [A, B, C, D, E, F, G, H];
|
|
2866
|
+
}
|
|
2867
|
+
set(A, B, C, D, E, F, G, H) {
|
|
2868
|
+
this.A = A | 0;
|
|
2869
|
+
this.B = B | 0;
|
|
2870
|
+
this.C = C | 0;
|
|
2871
|
+
this.D = D | 0;
|
|
2872
|
+
this.E = E | 0;
|
|
2873
|
+
this.F = F | 0;
|
|
2874
|
+
this.G = G | 0;
|
|
2875
|
+
this.H = H | 0;
|
|
2876
|
+
}
|
|
2877
|
+
process(view, offset) {
|
|
2878
|
+
for (let i = 0; i < 16; i++, offset += 4)
|
|
2879
|
+
SHA256_W[i] = view.getUint32(offset, false);
|
|
2880
|
+
for (let i = 16; i < 64; i++) {
|
|
2881
|
+
const W15 = SHA256_W[i - 15];
|
|
2882
|
+
const W2 = SHA256_W[i - 2];
|
|
2883
|
+
const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
|
|
2884
|
+
const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
|
|
2885
|
+
SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
|
|
2886
|
+
}
|
|
2887
|
+
let { A, B, C, D, E, F, G, H } = this;
|
|
2888
|
+
for (let i = 0; i < 64; i++) {
|
|
2889
|
+
const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
|
|
2890
|
+
const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i] | 0;
|
|
2891
|
+
const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
|
|
2892
|
+
const T2 = sigma0 + Maj(A, B, C) | 0;
|
|
2893
|
+
H = G;
|
|
2894
|
+
G = F;
|
|
2895
|
+
F = E;
|
|
2896
|
+
E = D + T1 | 0;
|
|
2897
|
+
D = C;
|
|
2898
|
+
C = B;
|
|
2899
|
+
B = A;
|
|
2900
|
+
A = T1 + T2 | 0;
|
|
2901
|
+
}
|
|
2902
|
+
A = A + this.A | 0;
|
|
2903
|
+
B = B + this.B | 0;
|
|
2904
|
+
C = C + this.C | 0;
|
|
2905
|
+
D = D + this.D | 0;
|
|
2906
|
+
E = E + this.E | 0;
|
|
2907
|
+
F = F + this.F | 0;
|
|
2908
|
+
G = G + this.G | 0;
|
|
2909
|
+
H = H + this.H | 0;
|
|
2910
|
+
this.set(A, B, C, D, E, F, G, H);
|
|
2911
|
+
}
|
|
2912
|
+
roundClean() {
|
|
2913
|
+
SHA256_W.fill(0);
|
|
2914
|
+
}
|
|
2915
|
+
destroy() {
|
|
2916
|
+
this.set(0, 0, 0, 0, 0, 0, 0, 0);
|
|
2917
|
+
this.buffer.fill(0);
|
|
2918
|
+
}
|
|
2919
|
+
};
|
|
2920
|
+
var SHA224 = class extends SHA256 {
|
|
2921
|
+
constructor() {
|
|
2922
|
+
super();
|
|
2923
|
+
this.A = 3238371032 | 0;
|
|
2924
|
+
this.B = 914150663 | 0;
|
|
2925
|
+
this.C = 812702999 | 0;
|
|
2926
|
+
this.D = 4144912697 | 0;
|
|
2927
|
+
this.E = 4290775857 | 0;
|
|
2928
|
+
this.F = 1750603025 | 0;
|
|
2929
|
+
this.G = 1694076839 | 0;
|
|
2930
|
+
this.H = 3204075428 | 0;
|
|
2931
|
+
this.outputLen = 28;
|
|
2932
|
+
}
|
|
2933
|
+
};
|
|
2934
|
+
var sha2562 = wrapConstructor(() => new SHA256());
|
|
2935
|
+
var sha224 = wrapConstructor(() => new SHA224());
|
|
2936
|
+
|
|
2937
|
+
// ../../node_modules/@noble/curves/esm/p256.js
|
|
2938
|
+
var Fp = Field(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"));
|
|
2939
|
+
var CURVE_A = Fp.create(BigInt("-3"));
|
|
2940
|
+
var CURVE_B = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
|
|
2941
|
+
var p256 = createCurve({
|
|
2942
|
+
a: CURVE_A,
|
|
2943
|
+
b: CURVE_B,
|
|
2944
|
+
Fp,
|
|
2945
|
+
n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
|
|
2946
|
+
Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
|
|
2947
|
+
Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),
|
|
2948
|
+
h: BigInt(1),
|
|
2949
|
+
lowS: false
|
|
2950
|
+
}, sha2562);
|
|
2951
|
+
|
|
2952
|
+
// src/p256/encoding.ts
|
|
2953
|
+
var compressPubkey = (pubkeyBytes) => {
|
|
2954
|
+
const point = p256.ProjectivePoint.fromHex(pubkeyBytes);
|
|
2955
|
+
return point.toRawBytes(true);
|
|
2956
|
+
};
|
|
2957
|
+
var decompressPubkey = (compressed) => {
|
|
2958
|
+
if (compressed.length !== 33) {
|
|
2959
|
+
throw new Error("Expected 33 byte compress pubkey");
|
|
2960
|
+
}
|
|
2961
|
+
const point = p256.ProjectivePoint.fromHex(compressed);
|
|
2962
|
+
return point.toRawBytes(false);
|
|
2963
|
+
};
|
|
2964
|
+
|
|
2965
|
+
// ../../node_modules/@noble/curves/esm/secp256k1.js
|
|
2966
|
+
var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
|
|
2967
|
+
var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
|
|
2968
|
+
var _1n5 = BigInt(1);
|
|
2969
|
+
var _2n4 = BigInt(2);
|
|
2970
|
+
var divNearest = (a, b) => (a + b / _2n4) / b;
|
|
2971
|
+
function sqrtMod(y) {
|
|
2972
|
+
const P = secp256k1P;
|
|
2973
|
+
const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
|
|
2974
|
+
const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);
|
|
2975
|
+
const b2 = y * y * y % P;
|
|
2976
|
+
const b3 = b2 * b2 * y % P;
|
|
2977
|
+
const b6 = pow2(b3, _3n3, P) * b3 % P;
|
|
2978
|
+
const b9 = pow2(b6, _3n3, P) * b3 % P;
|
|
2979
|
+
const b11 = pow2(b9, _2n4, P) * b2 % P;
|
|
2980
|
+
const b22 = pow2(b11, _11n, P) * b11 % P;
|
|
2981
|
+
const b44 = pow2(b22, _22n, P) * b22 % P;
|
|
2982
|
+
const b88 = pow2(b44, _44n, P) * b44 % P;
|
|
2983
|
+
const b176 = pow2(b88, _88n, P) * b88 % P;
|
|
2984
|
+
const b220 = pow2(b176, _44n, P) * b44 % P;
|
|
2985
|
+
const b223 = pow2(b220, _3n3, P) * b3 % P;
|
|
2986
|
+
const t1 = pow2(b223, _23n, P) * b22 % P;
|
|
2987
|
+
const t2 = pow2(t1, _6n, P) * b2 % P;
|
|
2988
|
+
const root = pow2(t2, _2n4, P);
|
|
2989
|
+
if (!Fp2.eql(Fp2.sqr(root), y))
|
|
2990
|
+
throw new Error("Cannot find square root");
|
|
2991
|
+
return root;
|
|
2992
|
+
}
|
|
2993
|
+
var Fp2 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
|
|
2994
|
+
var secp256k1 = createCurve({
|
|
2995
|
+
a: BigInt(0),
|
|
2996
|
+
b: BigInt(7),
|
|
2997
|
+
Fp: Fp2,
|
|
2998
|
+
n: secp256k1N,
|
|
2999
|
+
Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
|
|
3000
|
+
Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
|
|
3001
|
+
h: BigInt(1),
|
|
3002
|
+
lowS: true,
|
|
3003
|
+
endo: {
|
|
3004
|
+
beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
|
|
3005
|
+
splitScalar: (k) => {
|
|
3006
|
+
const n = secp256k1N;
|
|
3007
|
+
const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
|
|
3008
|
+
const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
|
|
3009
|
+
const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
|
|
3010
|
+
const b2 = a1;
|
|
3011
|
+
const POW_2_128 = BigInt("0x100000000000000000000000000000000");
|
|
3012
|
+
const c1 = divNearest(b2 * k, n);
|
|
3013
|
+
const c2 = divNearest(-b1 * k, n);
|
|
3014
|
+
let k1 = mod(k - c1 * a1 - c2 * a2, n);
|
|
3015
|
+
let k2 = mod(-c1 * b1 - c2 * b2, n);
|
|
3016
|
+
const k1neg = k1 > POW_2_128;
|
|
3017
|
+
const k2neg = k2 > POW_2_128;
|
|
3018
|
+
if (k1neg)
|
|
3019
|
+
k1 = n - k1;
|
|
3020
|
+
if (k2neg)
|
|
3021
|
+
k2 = n - k2;
|
|
3022
|
+
if (k1 > POW_2_128 || k2 > POW_2_128) {
|
|
3023
|
+
throw new Error("splitScalar: Endomorphism failed, k=" + k);
|
|
3024
|
+
}
|
|
3025
|
+
return { k1neg, k1, k2neg, k2 };
|
|
3026
|
+
}
|
|
3027
|
+
}
|
|
3028
|
+
}, sha2562);
|
|
3029
|
+
var _0n5 = BigInt(0);
|
|
3030
|
+
var Point = secp256k1.ProjectivePoint;
|
|
3651
3031
|
|
|
3652
3032
|
// src/secp256k1/encoding.ts
|
|
3653
3033
|
var compressPubkey2 = (pubkeyBytes) => {
|
|
3654
|
-
const
|
|
3655
|
-
const point = Point.fromHex(hex);
|
|
3034
|
+
const point = secp256k1.ProjectivePoint.fromHex(pubkeyBytes);
|
|
3656
3035
|
return point.toRawBytes(true);
|
|
3657
3036
|
};
|
|
3658
3037
|
var decompressPubkey2 = (compressed) => {
|
|
3659
3038
|
if (compressed.length !== 33) {
|
|
3660
3039
|
throw new Error("Expected 33 byte compress pubkey");
|
|
3661
3040
|
}
|
|
3662
|
-
const
|
|
3663
|
-
const point = Point.fromHex(hex);
|
|
3041
|
+
const point = secp256k1.ProjectivePoint.fromHex(compressed);
|
|
3664
3042
|
return point.toRawBytes(false);
|
|
3665
3043
|
};
|
|
3666
3044
|
|
|
3667
3045
|
// src/p256/operations.ts
|
|
3668
|
-
var importKeypairJwk = async (jwk, exportable = false) => {
|
|
3669
|
-
const privateKey = await webcrypto.subtle.importKey(
|
|
3670
|
-
"jwk",
|
|
3671
|
-
jwk,
|
|
3672
|
-
{ name: "ECDSA", namedCurve: "P-256" },
|
|
3673
|
-
exportable,
|
|
3674
|
-
["sign"]
|
|
3675
|
-
);
|
|
3676
|
-
const { kty, crv, x, y } = jwk;
|
|
3677
|
-
const pubKeyJwk = { kty, crv, x, y };
|
|
3678
|
-
const publicKey = await webcrypto.subtle.importKey(
|
|
3679
|
-
"jwk",
|
|
3680
|
-
pubKeyJwk,
|
|
3681
|
-
{ name: "ECDSA", namedCurve: "P-256" },
|
|
3682
|
-
true,
|
|
3683
|
-
["verify"]
|
|
3684
|
-
);
|
|
3685
|
-
return { privateKey, publicKey };
|
|
3686
|
-
};
|
|
3687
3046
|
var verifyDidSig = async (did, data, sig) => {
|
|
3688
3047
|
const { jwtAlg, keyBytes } = parseDidKey(did);
|
|
3689
3048
|
if (jwtAlg !== P256_JWT_ALG) {
|
|
3690
3049
|
throw new Error(`Not a P-256 did:key: ${did}`);
|
|
3691
3050
|
}
|
|
3692
|
-
return
|
|
3051
|
+
return verifySig(keyBytes, data, sig);
|
|
3693
3052
|
};
|
|
3694
|
-
var
|
|
3695
|
-
const
|
|
3696
|
-
return
|
|
3697
|
-
{ name: "ECDSA", hash: { name: "SHA-256" } },
|
|
3698
|
-
importedKey,
|
|
3699
|
-
sig,
|
|
3700
|
-
data
|
|
3701
|
-
);
|
|
3702
|
-
};
|
|
3703
|
-
var importEcdsaPublicKey = async (keyBytes) => {
|
|
3704
|
-
return webcrypto.subtle.importKey(
|
|
3705
|
-
"raw",
|
|
3706
|
-
keyBytes,
|
|
3707
|
-
{ name: "ECDSA", namedCurve: "P-256" },
|
|
3708
|
-
true,
|
|
3709
|
-
["verify"]
|
|
3710
|
-
);
|
|
3053
|
+
var verifySig = async (publicKey, data, sig) => {
|
|
3054
|
+
const msgHash = await sha2562(data);
|
|
3055
|
+
return p256.verify(sig, msgHash, publicKey, { lowS: true });
|
|
3711
3056
|
};
|
|
3712
3057
|
|
|
3713
3058
|
// src/p256/plugin.ts
|
|
@@ -3724,8 +3069,11 @@ var verifyDidSig2 = async (did, data, sig) => {
|
|
|
3724
3069
|
if (jwtAlg !== SECP256K1_JWT_ALG) {
|
|
3725
3070
|
throw new Error(`Not a secp256k1 did:key: ${did}`);
|
|
3726
3071
|
}
|
|
3727
|
-
|
|
3728
|
-
|
|
3072
|
+
return verifySig2(keyBytes, data, sig);
|
|
3073
|
+
};
|
|
3074
|
+
var verifySig2 = async (publicKey, data, sig) => {
|
|
3075
|
+
const msgHash = await sha2562(data);
|
|
3076
|
+
return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
|
|
3729
3077
|
};
|
|
3730
3078
|
|
|
3731
3079
|
// src/secp256k1/plugin.ts
|
|
@@ -3741,13 +3089,12 @@ var plugins = [plugin_default, plugin_default2];
|
|
|
3741
3089
|
var plugins_default = plugins;
|
|
3742
3090
|
|
|
3743
3091
|
// src/did.ts
|
|
3744
|
-
var
|
|
3745
|
-
|
|
3746
|
-
|
|
3747
|
-
throw new Error(`Incorrect prefix for did:key: ${did}`);
|
|
3092
|
+
var parseMultikey = (multikey) => {
|
|
3093
|
+
if (!multikey.startsWith(BASE58_MULTIBASE_PREFIX)) {
|
|
3094
|
+
throw new Error(`Incorrect prefix for multikey: ${multikey}`);
|
|
3748
3095
|
}
|
|
3749
3096
|
const prefixedBytes = fromString2(
|
|
3750
|
-
|
|
3097
|
+
multikey.slice(BASE58_MULTIBASE_PREFIX.length),
|
|
3751
3098
|
"base58btc"
|
|
3752
3099
|
);
|
|
3753
3100
|
const plugin = plugins_default.find((p) => hasPrefix(prefixedBytes, p.prefix));
|
|
@@ -3765,7 +3112,7 @@ var parseDidKey = (did) => {
|
|
|
3765
3112
|
keyBytes
|
|
3766
3113
|
};
|
|
3767
3114
|
};
|
|
3768
|
-
var
|
|
3115
|
+
var formatMultikey = (jwtAlg, keyBytes) => {
|
|
3769
3116
|
const plugin = plugins_default.find((p) => p.jwtAlg === jwtAlg);
|
|
3770
3117
|
if (!plugin) {
|
|
3771
3118
|
throw new Error("Unsupported key type");
|
|
@@ -3776,10 +3123,19 @@ var formatDidKey = (jwtAlg, keyBytes) => {
|
|
|
3776
3123
|
keyBytes = compressPubkey2(keyBytes);
|
|
3777
3124
|
}
|
|
3778
3125
|
const prefixedBytes = concat([plugin.prefix, keyBytes]);
|
|
3779
|
-
return
|
|
3126
|
+
return BASE58_MULTIBASE_PREFIX + toString2(prefixedBytes, "base58btc");
|
|
3127
|
+
};
|
|
3128
|
+
var parseDidKey = (did) => {
|
|
3129
|
+
if (!did.startsWith(DID_KEY_PREFIX)) {
|
|
3130
|
+
throw new Error(`Incorrect prefix for did:key: ${did}`);
|
|
3131
|
+
}
|
|
3132
|
+
return parseMultikey(did.slice(DID_KEY_PREFIX.length));
|
|
3133
|
+
};
|
|
3134
|
+
var formatDidKey = (jwtAlg, keyBytes) => {
|
|
3135
|
+
return DID_KEY_PREFIX + formatMultikey(jwtAlg, keyBytes);
|
|
3780
3136
|
};
|
|
3781
|
-
var hasPrefix = (
|
|
3782
|
-
return equals(prefix,
|
|
3137
|
+
var hasPrefix = (bytes2, prefix) => {
|
|
3138
|
+
return equals(prefix, bytes2.subarray(0, prefix.byteLength));
|
|
3783
3139
|
};
|
|
3784
3140
|
|
|
3785
3141
|
// src/multibase.ts
|
|
@@ -3807,26 +3163,47 @@ var multibaseToBytes = (mb) => {
|
|
|
3807
3163
|
throw new Error(`Unsupported multibase: :${mb}`);
|
|
3808
3164
|
}
|
|
3809
3165
|
};
|
|
3166
|
+
var bytesToMultibase = (mb, encoding) => {
|
|
3167
|
+
switch (encoding) {
|
|
3168
|
+
case "base16":
|
|
3169
|
+
return "f" + toString2(mb, encoding);
|
|
3170
|
+
case "base16upper":
|
|
3171
|
+
return "F" + toString2(mb, encoding);
|
|
3172
|
+
case "base32":
|
|
3173
|
+
return "b" + toString2(mb, encoding);
|
|
3174
|
+
case "base32upper":
|
|
3175
|
+
return "B" + toString2(mb, encoding);
|
|
3176
|
+
case "base58btc":
|
|
3177
|
+
return "z" + toString2(mb, encoding);
|
|
3178
|
+
case "base64":
|
|
3179
|
+
return "m" + toString2(mb, encoding);
|
|
3180
|
+
case "base64url":
|
|
3181
|
+
return "u" + toString2(mb, encoding);
|
|
3182
|
+
case "base64urlpad":
|
|
3183
|
+
return "U" + toString2(mb, encoding);
|
|
3184
|
+
default:
|
|
3185
|
+
throw new Error(`Unsupported multibase: :${mb}`);
|
|
3186
|
+
}
|
|
3187
|
+
};
|
|
3810
3188
|
|
|
3811
3189
|
// src/sha.ts
|
|
3812
|
-
var
|
|
3813
|
-
|
|
3814
|
-
|
|
3815
|
-
const hash = await sha256.digest(bytes);
|
|
3816
|
-
return hash.digest;
|
|
3190
|
+
var sha2563 = async (input) => {
|
|
3191
|
+
const bytes2 = typeof input === "string" ? fromString2(input, "utf8") : input;
|
|
3192
|
+
return sha2562(bytes2);
|
|
3817
3193
|
};
|
|
3818
|
-
|
|
3819
|
-
|
|
3820
|
-
|
|
3821
|
-
|
|
3822
|
-
|
|
3823
|
-
|
|
3824
|
-
|
|
3825
|
-
|
|
3826
|
-
|
|
3827
|
-
|
|
3828
|
-
|
|
3829
|
-
|
|
3194
|
+
|
|
3195
|
+
// src/random.ts
|
|
3196
|
+
var randomBytes2 = randomBytes;
|
|
3197
|
+
var randomStr = (byteLength, encoding) => {
|
|
3198
|
+
const bytes2 = randomBytes2(byteLength);
|
|
3199
|
+
return toString2(bytes2, encoding);
|
|
3200
|
+
};
|
|
3201
|
+
var randomIntFromSeed = async (seed, high, low = 0) => {
|
|
3202
|
+
const hash2 = await sha2563(seed);
|
|
3203
|
+
const number2 = Buffer.from(hash2).readUintBE(0, 6);
|
|
3204
|
+
const range = high - low;
|
|
3205
|
+
const normalized = number2 % range;
|
|
3206
|
+
return normalized + low;
|
|
3830
3207
|
};
|
|
3831
3208
|
|
|
3832
3209
|
// src/verify.ts
|
|
@@ -3845,30 +3222,22 @@ var verifySignatureUtf8 = async (didKey, data, sig) => {
|
|
|
3845
3222
|
};
|
|
3846
3223
|
|
|
3847
3224
|
// src/p256/keypair.ts
|
|
3848
|
-
var
|
|
3849
|
-
constructor(
|
|
3850
|
-
this.
|
|
3851
|
-
this.keypair = keypair;
|
|
3852
|
-
this.publicKey = publicKey;
|
|
3225
|
+
var P256Keypair = class {
|
|
3226
|
+
constructor(privateKey, exportable) {
|
|
3227
|
+
this.privateKey = privateKey;
|
|
3853
3228
|
this.exportable = exportable;
|
|
3229
|
+
this.jwtAlg = P256_JWT_ALG;
|
|
3230
|
+
this.publicKey = p256.getPublicKey(privateKey);
|
|
3854
3231
|
}
|
|
3855
3232
|
static async create(opts) {
|
|
3856
3233
|
const { exportable = false } = opts || {};
|
|
3857
|
-
const
|
|
3858
|
-
|
|
3859
|
-
|
|
3860
|
-
|
|
3861
|
-
);
|
|
3862
|
-
const pubkeyBuf = await webcrypto.subtle.exportKey("raw", keypair.publicKey);
|
|
3863
|
-
const pubkeyBytes = new Uint8Array(pubkeyBuf);
|
|
3864
|
-
return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
|
|
3865
|
-
}
|
|
3866
|
-
static async import(jwk, opts) {
|
|
3234
|
+
const privKey = p256.utils.randomPrivateKey();
|
|
3235
|
+
return new P256Keypair(privKey, exportable);
|
|
3236
|
+
}
|
|
3237
|
+
static async import(privKey, opts) {
|
|
3867
3238
|
const { exportable = false } = opts || {};
|
|
3868
|
-
const
|
|
3869
|
-
|
|
3870
|
-
const pubkeyBytes = new Uint8Array(pubkeyBuf);
|
|
3871
|
-
return new EcdsaKeypair(keypair, pubkeyBytes, exportable);
|
|
3239
|
+
const privKeyBytes = typeof privKey === "string" ? fromString2(privKey, "hex") : privKey;
|
|
3240
|
+
return new P256Keypair(privKeyBytes, exportable);
|
|
3872
3241
|
}
|
|
3873
3242
|
publicKeyBytes() {
|
|
3874
3243
|
return this.publicKey;
|
|
@@ -3880,19 +3249,15 @@ var EcdsaKeypair = class {
|
|
|
3880
3249
|
return formatDidKey(this.jwtAlg, this.publicKey);
|
|
3881
3250
|
}
|
|
3882
3251
|
async sign(msg) {
|
|
3883
|
-
const
|
|
3884
|
-
|
|
3885
|
-
|
|
3886
|
-
msg.buffer
|
|
3887
|
-
);
|
|
3888
|
-
return new Uint8Array(buf);
|
|
3252
|
+
const msgHash = await sha2562(msg);
|
|
3253
|
+
const sig = await p256.sign(msgHash, this.privateKey, { lowS: true });
|
|
3254
|
+
return sig.toCompactRawBytes();
|
|
3889
3255
|
}
|
|
3890
3256
|
async export() {
|
|
3891
3257
|
if (!this.exportable) {
|
|
3892
3258
|
throw new Error("Private key is not exportable");
|
|
3893
3259
|
}
|
|
3894
|
-
|
|
3895
|
-
return jwk;
|
|
3260
|
+
return this.privateKey;
|
|
3896
3261
|
}
|
|
3897
3262
|
};
|
|
3898
3263
|
|
|
@@ -3902,11 +3267,11 @@ var Secp256k1Keypair = class {
|
|
|
3902
3267
|
this.privateKey = privateKey;
|
|
3903
3268
|
this.exportable = exportable;
|
|
3904
3269
|
this.jwtAlg = SECP256K1_JWT_ALG;
|
|
3905
|
-
this.publicKey = getPublicKey(privateKey);
|
|
3270
|
+
this.publicKey = secp256k1.getPublicKey(privateKey);
|
|
3906
3271
|
}
|
|
3907
3272
|
static async create(opts) {
|
|
3908
3273
|
const { exportable = false } = opts || {};
|
|
3909
|
-
const privKey = utils.randomPrivateKey();
|
|
3274
|
+
const privKey = secp256k1.utils.randomPrivateKey();
|
|
3910
3275
|
return new Secp256k1Keypair(privKey, exportable);
|
|
3911
3276
|
}
|
|
3912
3277
|
static async import(privKey, opts) {
|
|
@@ -3924,8 +3289,9 @@ var Secp256k1Keypair = class {
|
|
|
3924
3289
|
return formatDidKey(this.jwtAlg, this.publicKey);
|
|
3925
3290
|
}
|
|
3926
3291
|
async sign(msg) {
|
|
3927
|
-
const msgHash = await
|
|
3928
|
-
|
|
3292
|
+
const msgHash = await sha2562(msg);
|
|
3293
|
+
const sig = await secp256k1.sign(msgHash, this.privateKey, { lowS: true });
|
|
3294
|
+
return sig.toCompactRawBytes();
|
|
3929
3295
|
}
|
|
3930
3296
|
async export() {
|
|
3931
3297
|
if (!this.exportable) {
|
|
@@ -3936,27 +3302,29 @@ var Secp256k1Keypair = class {
|
|
|
3936
3302
|
};
|
|
3937
3303
|
// Annotate the CommonJS export names for ESM import in node:
|
|
3938
3304
|
0 && (module.exports = {
|
|
3939
|
-
|
|
3940
|
-
|
|
3941
|
-
|
|
3942
|
-
EcdsaKeypair,
|
|
3305
|
+
BASE58_MULTIBASE_PREFIX,
|
|
3306
|
+
DID_KEY_PREFIX,
|
|
3307
|
+
P256Keypair,
|
|
3943
3308
|
P256_DID_PREFIX,
|
|
3944
3309
|
P256_JWT_ALG,
|
|
3945
3310
|
SECP256K1_DID_PREFIX,
|
|
3946
3311
|
SECP256K1_JWT_ALG,
|
|
3947
3312
|
Secp256k1Keypair,
|
|
3313
|
+
bytesToMultibase,
|
|
3948
3314
|
formatDidKey,
|
|
3315
|
+
formatMultikey,
|
|
3949
3316
|
multibaseToBytes,
|
|
3950
3317
|
p256Plugin,
|
|
3951
3318
|
parseDidKey,
|
|
3319
|
+
parseMultikey,
|
|
3952
3320
|
randomBytes,
|
|
3953
|
-
|
|
3321
|
+
randomIntFromSeed,
|
|
3954
3322
|
randomStr,
|
|
3955
3323
|
secp256k1Plugin,
|
|
3956
3324
|
sha256,
|
|
3957
|
-
sha256Stream,
|
|
3958
3325
|
verifySignature,
|
|
3959
3326
|
verifySignatureUtf8
|
|
3960
3327
|
});
|
|
3961
|
-
/*! noble-
|
|
3328
|
+
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
3329
|
+
/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
3962
3330
|
//# sourceMappingURL=index.js.map
|