@bcts/crypto 1.0.0-alpha.5

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs","names":["nobleSha256","nobleSha512","x25519","secp256k1","secp256k1","SecureRandomNumberGenerator","schnorr","ed25519"],"sources":["../src/error.ts","../src/memzero.ts","../src/hash.ts","../src/symmetric-encryption.ts","../src/public-key-encryption.ts","../src/ecdsa-keys.ts","../src/ecdsa-signing.ts","../src/schnorr-signing.ts","../src/ed25519-signing.ts","../src/scrypt.ts","../src/argon.ts"],"sourcesContent":["// Ported from bc-crypto-rust/src/error.rs\n\n/**\n * AEAD-specific error for authentication failures\n */\nexport class AeadError extends Error {\n  constructor(message = \"AEAD authentication failed\") {\n    super(message);\n    this.name = \"AeadError\";\n  }\n}\n\n/**\n * Generic crypto error type\n */\nexport class CryptoError extends Error {\n  override readonly cause?: Error | undefined;\n\n  constructor(message: string, cause?: Error) {\n    super(message);\n    this.name = \"CryptoError\";\n    this.cause = cause;\n  }\n\n  /**\n   * Create a CryptoError for AEAD authentication failures.\n   *\n   * @param error - Optional underlying AeadError\n   * @returns A CryptoError wrapping the AEAD error\n   */\n  static aead(error?: AeadError): CryptoError {\n    return new CryptoError(\"AEAD error\", error ?? new AeadError());\n  }\n\n  /**\n   * Create a CryptoError for invalid parameter values.\n   *\n   * @param message - Description of the invalid parameter\n   * @returns A CryptoError describing the invalid parameter\n   */\n  static invalidParameter(message: string): CryptoError {\n    return new CryptoError(`Invalid parameter: ${message}`);\n  }\n}\n\n/**\n * Result type for crypto operations (using standard Error)\n */\nexport type CryptoResult<T> = T;\n","// Ported from bc-crypto-rust/src/memzero.rs\n\n/**\n * Securely zero out a typed array.\n *\n * **IMPORTANT: This is a best-effort implementation.** Unlike the Rust reference\n * implementation which uses `std::ptr::write_volatile()` for guaranteed volatile\n * writes, JavaScript engines and JIT compilers can still potentially optimize\n * away these zeroing operations. The check at the end helps prevent optimization,\n * but it is not foolproof.\n *\n * For truly sensitive cryptographic operations, consider using the Web Crypto API's\n * `crypto.subtle` with non-extractable keys when possible, as it provides stronger\n * guarantees than what can be achieved with pure JavaScript.\n *\n * This function attempts to prevent the compiler from optimizing away\n * the zeroing operation by using a verification check after the zeroing loop.\n */\nexport function memzero(data: Uint8Array | Uint32Array): void {\n  const len = data.length;\n  for (let i = 0; i < len; i++) {\n    data[i] = 0;\n  }\n  // Force a side effect to prevent optimization\n  if (data.length > 0 && data[0] !== 0) {\n    throw new Error(\"memzero failed\");\n  }\n}\n\n/**\n * Securely zero out an array of Uint8Arrays.\n */\nexport function memzeroVecVecU8(arrays: Uint8Array[]): void {\n  for (const arr of arrays) {\n    memzero(arr);\n  }\n}\n","// Ported from bc-crypto-rust/src/hash.rs\n\nimport { sha256 as nobleSha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { pbkdf2 } from \"@noble/hashes/pbkdf2\";\nimport { hkdf } from \"@noble/hashes/hkdf\";\n\n// Constants\nexport const CRC32_SIZE = 4;\nexport const SHA256_SIZE = 32;\nexport const SHA512_SIZE = 64;\n\n// CRC-32 lookup table (IEEE polynomial 0xedb88320)\nconst CRC32_TABLE = new Uint32Array(256);\nfor (let i = 0; i < 256; i++) {\n  let crc = i;\n  for (let j = 0; j < 8; j++) {\n    crc = (crc & 1) !== 0 ? (crc >>> 1) ^ 0xedb88320 : crc >>> 1;\n  }\n  CRC32_TABLE[i] = crc >>> 0;\n}\n\n/**\n * Calculate CRC-32 checksum\n */\nexport function crc32(data: Uint8Array): number {\n  let crc = 0xffffffff;\n  for (const byte of data) {\n    crc = CRC32_TABLE[(crc ^ byte) & 0xff] ^ (crc >>> 8);\n  }\n  return (crc ^ 0xffffffff) >>> 0;\n}\n\n/**\n * Calculate CRC-32 checksum and return as a 4-byte big-endian array\n */\nexport function crc32Data(data: Uint8Array): Uint8Array {\n  return crc32DataOpt(data, false);\n}\n\n/**\n * Calculate CRC-32 checksum and return as a 4-byte array\n * @param data - Input data\n * @param littleEndian - If true, returns little-endian; otherwise big-endian\n */\nexport function crc32DataOpt(data: Uint8Array, littleEndian: boolean): Uint8Array {\n  const checksum = crc32(data);\n  const result = new Uint8Array(4);\n  const view = new DataView(result.buffer);\n  view.setUint32(0, checksum, littleEndian);\n  return result;\n}\n\n/**\n * Calculate SHA-256 hash\n */\nexport function sha256(data: Uint8Array): Uint8Array {\n  return nobleSha256(data);\n}\n\n/**\n * Calculate double SHA-256 hash (SHA-256 of SHA-256)\n * This is the standard Bitcoin hashing function\n */\nexport function doubleSha256(message: Uint8Array): Uint8Array {\n  return sha256(sha256(message));\n}\n\n/**\n * Calculate SHA-512 hash\n */\nexport function sha512(data: Uint8Array): Uint8Array {\n  return nobleSha512(data);\n}\n\n/**\n * Calculate HMAC-SHA-256\n */\nexport function hmacSha256(key: Uint8Array, message: Uint8Array): Uint8Array {\n  return hmac(nobleSha256, key, message);\n}\n\n/**\n * Calculate HMAC-SHA-512\n */\nexport function hmacSha512(key: Uint8Array, message: Uint8Array): Uint8Array {\n  return hmac(nobleSha512, key, message);\n}\n\n/**\n * Derive a key using PBKDF2 with HMAC-SHA-256\n */\nexport function pbkdf2HmacSha256(\n  password: Uint8Array,\n  salt: Uint8Array,\n  iterations: number,\n  keyLen: number,\n): Uint8Array {\n  return pbkdf2(nobleSha256, password, salt, { c: iterations, dkLen: keyLen });\n}\n\n/**\n * Derive a key using PBKDF2 with HMAC-SHA-512\n */\nexport function pbkdf2HmacSha512(\n  password: Uint8Array,\n  salt: Uint8Array,\n  iterations: number,\n  keyLen: number,\n): Uint8Array {\n  return pbkdf2(nobleSha512, password, salt, { c: iterations, dkLen: keyLen });\n}\n\n/**\n * Derive a key using HKDF with HMAC-SHA-256\n */\nexport function hkdfHmacSha256(\n  keyMaterial: Uint8Array,\n  salt: Uint8Array,\n  keyLen: number,\n): Uint8Array {\n  return hkdf(nobleSha256, keyMaterial, salt, undefined, keyLen);\n}\n\n/**\n * Derive a key using HKDF with HMAC-SHA-512\n */\nexport function hkdfHmacSha512(\n  keyMaterial: Uint8Array,\n  salt: Uint8Array,\n  keyLen: number,\n): Uint8Array {\n  return hkdf(nobleSha512, keyMaterial, salt, undefined, keyLen);\n}\n","// Ported from bc-crypto-rust/src/symmetric_encryption.rs\n\nimport { chacha20poly1305 } from \"@noble/ciphers/chacha\";\nimport { CryptoError, AeadError } from \"./error.js\";\n\n// Constants\nexport const SYMMETRIC_KEY_SIZE = 32;\nexport const SYMMETRIC_NONCE_SIZE = 12;\nexport const SYMMETRIC_AUTH_SIZE = 16;\n\n/**\n * Encrypt data using ChaCha20-Poly1305 AEAD cipher.\n *\n * **Security Warning**: The nonce MUST be unique for every encryption operation\n * with the same key. Reusing a nonce completely breaks the security of the\n * encryption scheme and can reveal plaintext.\n *\n * @param plaintext - The data to encrypt\n * @param key - 32-byte encryption key\n * @param nonce - 12-byte nonce (MUST be unique per encryption with the same key)\n * @returns Tuple of [ciphertext, authTag] where authTag is 16 bytes\n * @throws {CryptoError} If key is not 32 bytes or nonce is not 12 bytes\n */\nexport function aeadChaCha20Poly1305Encrypt(\n  plaintext: Uint8Array,\n  key: Uint8Array,\n  nonce: Uint8Array,\n): [Uint8Array, Uint8Array] {\n  return aeadChaCha20Poly1305EncryptWithAad(plaintext, key, nonce, new Uint8Array(0));\n}\n\n/**\n * Encrypt data using ChaCha20-Poly1305 AEAD cipher with additional authenticated data.\n *\n * **Security Warning**: The nonce MUST be unique for every encryption operation\n * with the same key. Reusing a nonce completely breaks the security of the\n * encryption scheme and can reveal plaintext.\n *\n * @param plaintext - The data to encrypt\n * @param key - 32-byte encryption key\n * @param nonce - 12-byte nonce (MUST be unique per encryption with the same key)\n * @param aad - Additional authenticated data (not encrypted, but integrity-protected)\n * @returns Tuple of [ciphertext, authTag] where authTag is 16 bytes\n * @throws {CryptoError} If key is not 32 bytes or nonce is not 12 bytes\n */\nexport function aeadChaCha20Poly1305EncryptWithAad(\n  plaintext: Uint8Array,\n  key: Uint8Array,\n  nonce: Uint8Array,\n  aad: Uint8Array,\n): [Uint8Array, Uint8Array] {\n  if (key.length !== SYMMETRIC_KEY_SIZE) {\n    throw CryptoError.invalidParameter(`Key must be ${SYMMETRIC_KEY_SIZE} bytes`);\n  }\n  if (nonce.length !== SYMMETRIC_NONCE_SIZE) {\n    throw CryptoError.invalidParameter(`Nonce must be ${SYMMETRIC_NONCE_SIZE} bytes`);\n  }\n\n  const cipher = chacha20poly1305(key, nonce, aad);\n  const sealed = cipher.encrypt(plaintext);\n\n  // The sealed output contains ciphertext + 16-byte auth tag\n  const ciphertext = sealed.slice(0, sealed.length - SYMMETRIC_AUTH_SIZE);\n  const authTag = sealed.slice(sealed.length - SYMMETRIC_AUTH_SIZE);\n\n  return [ciphertext, authTag];\n}\n\n/**\n * Decrypt data using ChaCha20-Poly1305 AEAD cipher.\n *\n * @param ciphertext - The encrypted data\n * @param key - 32-byte encryption key (must match key used for encryption)\n * @param nonce - 12-byte nonce (must match nonce used for encryption)\n * @param authTag - 16-byte authentication tag from encryption\n * @returns Decrypted plaintext\n * @throws {CryptoError} If key/nonce/authTag sizes are invalid\n * @throws {CryptoError} If authentication fails (tampered data or wrong key/nonce)\n */\nexport function aeadChaCha20Poly1305Decrypt(\n  ciphertext: Uint8Array,\n  key: Uint8Array,\n  nonce: Uint8Array,\n  authTag: Uint8Array,\n): Uint8Array {\n  return aeadChaCha20Poly1305DecryptWithAad(ciphertext, key, nonce, new Uint8Array(0), authTag);\n}\n\n/**\n * Decrypt data using ChaCha20-Poly1305 AEAD cipher with additional authenticated data.\n *\n * @param ciphertext - The encrypted data\n * @param key - 32-byte encryption key (must match key used for encryption)\n * @param nonce - 12-byte nonce (must match nonce used for encryption)\n * @param aad - Additional authenticated data (must exactly match AAD used for encryption)\n * @param authTag - 16-byte authentication tag from encryption\n * @returns Decrypted plaintext\n * @throws {CryptoError} If key/nonce/authTag sizes are invalid\n * @throws {CryptoError} If authentication fails (tampered data, wrong key/nonce, or AAD mismatch)\n */\nexport function aeadChaCha20Poly1305DecryptWithAad(\n  ciphertext: Uint8Array,\n  key: Uint8Array,\n  nonce: Uint8Array,\n  aad: Uint8Array,\n  authTag: Uint8Array,\n): Uint8Array {\n  if (key.length !== SYMMETRIC_KEY_SIZE) {\n    throw CryptoError.invalidParameter(`Key must be ${SYMMETRIC_KEY_SIZE} bytes`);\n  }\n  if (nonce.length !== SYMMETRIC_NONCE_SIZE) {\n    throw CryptoError.invalidParameter(`Nonce must be ${SYMMETRIC_NONCE_SIZE} bytes`);\n  }\n  if (authTag.length !== SYMMETRIC_AUTH_SIZE) {\n    throw CryptoError.invalidParameter(`Auth tag must be ${SYMMETRIC_AUTH_SIZE} bytes`);\n  }\n\n  // Combine ciphertext and auth tag for decryption\n  const sealed = new Uint8Array(ciphertext.length + authTag.length);\n  sealed.set(ciphertext);\n  sealed.set(authTag, ciphertext.length);\n\n  try {\n    const cipher = chacha20poly1305(key, nonce, aad);\n    return cipher.decrypt(sealed);\n  } catch (error) {\n    // Preserve the original error for debugging while wrapping in our error type\n    const aeadError = new AeadError(\n      `Decryption failed: ${error instanceof Error ? error.message : \"authentication error\"}`,\n    );\n    throw CryptoError.aead(aeadError);\n  }\n}\n","// Ported from bc-crypto-rust/src/public_key_encryption.rs\n\nimport { x25519 } from \"@noble/curves/ed25519\";\nimport type { RandomNumberGenerator } from \"@bcts/rand\";\nimport { hkdfHmacSha256 } from \"./hash.js\";\n\n// Constants\nexport const GENERIC_PRIVATE_KEY_SIZE = 32;\nexport const GENERIC_PUBLIC_KEY_SIZE = 32;\nexport const X25519_PRIVATE_KEY_SIZE = 32;\nexport const X25519_PUBLIC_KEY_SIZE = 32;\n\n/**\n * Derive an X25519 agreement private key from key material.\n * Uses HKDF with \"agreement\" as domain separation salt.\n */\nexport function deriveAgreementPrivateKey(keyMaterial: Uint8Array): Uint8Array {\n  const salt = new TextEncoder().encode(\"agreement\");\n  return hkdfHmacSha256(keyMaterial, salt, X25519_PRIVATE_KEY_SIZE);\n}\n\n/**\n * Derive a signing private key from key material.\n * Uses HKDF with \"signing\" as domain separation salt.\n */\nexport function deriveSigningPrivateKey(keyMaterial: Uint8Array): Uint8Array {\n  const salt = new TextEncoder().encode(\"signing\");\n  return hkdfHmacSha256(keyMaterial, salt, 32);\n}\n\n/**\n * Generate a new random X25519 private key.\n */\nexport function x25519NewPrivateKeyUsing(rng: RandomNumberGenerator): Uint8Array {\n  return rng.randomData(X25519_PRIVATE_KEY_SIZE);\n}\n\n/**\n * Derive an X25519 public key from a private key.\n */\nexport function x25519PublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array {\n  if (privateKey.length !== X25519_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${X25519_PRIVATE_KEY_SIZE} bytes`);\n  }\n  return x25519.getPublicKey(privateKey);\n}\n\n/**\n * Compute a shared secret using X25519 key agreement (ECDH).\n *\n * **Security Note**: The resulting shared secret should be used with a KDF\n * (like HKDF) before using it as an encryption key. Never use the raw\n * shared secret directly for encryption.\n *\n * @param x25519Private - 32-byte X25519 private key\n * @param x25519Public - 32-byte X25519 public key from the other party\n * @returns 32-byte shared secret\n * @throws {Error} If private key is not 32 bytes or public key is not 32 bytes\n */\nexport function x25519SharedKey(x25519Private: Uint8Array, x25519Public: Uint8Array): Uint8Array {\n  if (x25519Private.length !== X25519_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${X25519_PRIVATE_KEY_SIZE} bytes`);\n  }\n  if (x25519Public.length !== X25519_PUBLIC_KEY_SIZE) {\n    throw new Error(`Public key must be ${X25519_PUBLIC_KEY_SIZE} bytes`);\n  }\n  return x25519.getSharedSecret(x25519Private, x25519Public);\n}\n","// Ported from bc-crypto-rust/src/ecdsa_keys.rs\n\nimport { secp256k1 } from \"@noble/curves/secp256k1\";\nimport type { RandomNumberGenerator } from \"@bcts/rand\";\nimport { hkdfHmacSha256 } from \"./hash.js\";\n\n// Constants\nexport const ECDSA_PRIVATE_KEY_SIZE = 32;\nexport const ECDSA_PUBLIC_KEY_SIZE = 33; // Compressed\nexport const ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE = 65;\nexport const ECDSA_MESSAGE_HASH_SIZE = 32;\nexport const ECDSA_SIGNATURE_SIZE = 64;\nexport const SCHNORR_PUBLIC_KEY_SIZE = 32; // x-only\n\n/**\n * Generate a new random ECDSA private key using secp256k1.\n *\n * Note: Unlike some implementations, this directly returns the random bytes\n * without validation. The secp256k1 library will handle any edge cases when\n * the key is used.\n */\nexport function ecdsaNewPrivateKeyUsing(rng: RandomNumberGenerator): Uint8Array {\n  return rng.randomData(ECDSA_PRIVATE_KEY_SIZE);\n}\n\n/**\n * Derive a compressed ECDSA public key from a private key.\n */\nexport function ecdsaPublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array {\n  if (privateKey.length !== ECDSA_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${ECDSA_PRIVATE_KEY_SIZE} bytes`);\n  }\n  return secp256k1.getPublicKey(privateKey, true); // true = compressed\n}\n\n/**\n * Decompress a compressed public key to uncompressed format.\n */\nexport function ecdsaDecompressPublicKey(compressed: Uint8Array): Uint8Array {\n  if (compressed.length !== ECDSA_PUBLIC_KEY_SIZE) {\n    throw new Error(`Compressed public key must be ${ECDSA_PUBLIC_KEY_SIZE} bytes`);\n  }\n  const point = secp256k1.ProjectivePoint.fromHex(compressed);\n  return point.toRawBytes(false); // false = uncompressed\n}\n\n/**\n * Compress an uncompressed public key.\n */\nexport function ecdsaCompressPublicKey(uncompressed: Uint8Array): Uint8Array {\n  if (uncompressed.length !== ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE) {\n    throw new Error(`Uncompressed public key must be ${ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE} bytes`);\n  }\n  const point = secp256k1.ProjectivePoint.fromHex(uncompressed);\n  return point.toRawBytes(true); // true = compressed\n}\n\n/**\n * Derive an ECDSA private key from key material using HKDF.\n *\n * Note: This directly returns the HKDF output without validation,\n * matching the Rust reference implementation behavior.\n */\nexport function ecdsaDerivePrivateKey(keyMaterial: Uint8Array): Uint8Array {\n  const salt = new TextEncoder().encode(\"signing\");\n  return hkdfHmacSha256(keyMaterial, salt, ECDSA_PRIVATE_KEY_SIZE);\n}\n\n/**\n * Extract the x-only (Schnorr) public key from a private key.\n * This is used for BIP-340 Schnorr signatures.\n */\nexport function schnorrPublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array {\n  if (privateKey.length !== ECDSA_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${ECDSA_PRIVATE_KEY_SIZE} bytes`);\n  }\n  // Get the full public key and extract just the x-coordinate\n  const fullPubKey = secp256k1.getPublicKey(privateKey, false); // uncompressed\n  // Skip the 0x04 prefix and take only x-coordinate (first 32 bytes after prefix)\n  return fullPubKey.slice(1, 33);\n}\n","// Ported from bc-crypto-rust/src/ecdsa_signing.rs\n\nimport { secp256k1 } from \"@noble/curves/secp256k1\";\nimport { doubleSha256 } from \"./hash.js\";\nimport {\n  ECDSA_PRIVATE_KEY_SIZE,\n  ECDSA_PUBLIC_KEY_SIZE,\n  ECDSA_SIGNATURE_SIZE,\n} from \"./ecdsa-keys.js\";\n\n/**\n * Sign a message using ECDSA with secp256k1.\n *\n * The message is hashed with double SHA-256 before signing (Bitcoin standard).\n *\n * **Security Note**: The private key must be kept secret. ECDSA requires\n * cryptographically secure random nonces internally; this is handled by\n * the underlying library using RFC 6979 deterministic nonces.\n *\n * @param privateKey - 32-byte secp256k1 private key\n * @param message - Message to sign (any length, will be double-SHA256 hashed)\n * @returns 64-byte compact signature (r || s format)\n * @throws {Error} If private key is not 32 bytes\n */\nexport function ecdsaSign(privateKey: Uint8Array, message: Uint8Array): Uint8Array {\n  if (privateKey.length !== ECDSA_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${ECDSA_PRIVATE_KEY_SIZE} bytes`);\n  }\n\n  const messageHash = doubleSha256(message);\n  const signature = secp256k1.sign(messageHash, privateKey);\n\n  // Return compact signature (r || s)\n  return signature.toCompactRawBytes();\n}\n\n/**\n * Verify an ECDSA signature with secp256k1.\n *\n * The message is hashed with double SHA-256 before verification (Bitcoin standard).\n *\n * @param publicKey - 33-byte compressed secp256k1 public key\n * @param signature - 64-byte compact signature (r || s format)\n * @param message - Original message that was signed\n * @returns `true` if signature is valid, `false` if signature verification fails\n * @throws {Error} If public key is not 33 bytes or signature is not 64 bytes\n */\nexport function ecdsaVerify(\n  publicKey: Uint8Array,\n  signature: Uint8Array,\n  message: Uint8Array,\n): boolean {\n  if (publicKey.length !== ECDSA_PUBLIC_KEY_SIZE) {\n    throw new Error(`Public key must be ${ECDSA_PUBLIC_KEY_SIZE} bytes`);\n  }\n  if (signature.length !== ECDSA_SIGNATURE_SIZE) {\n    throw new Error(`Signature must be ${ECDSA_SIGNATURE_SIZE} bytes`);\n  }\n\n  try {\n    const messageHash = doubleSha256(message);\n    return secp256k1.verify(signature, messageHash, publicKey);\n  } catch {\n    return false;\n  }\n}\n","// Ported from bc-crypto-rust/src/schnorr_signing.rs\n\nimport { schnorr } from \"@noble/curves/secp256k1\";\nimport type { RandomNumberGenerator } from \"@bcts/rand\";\nimport { SecureRandomNumberGenerator } from \"@bcts/rand\";\nimport { ECDSA_PRIVATE_KEY_SIZE, SCHNORR_PUBLIC_KEY_SIZE } from \"./ecdsa-keys.js\";\n\n// Constants\nexport const SCHNORR_SIGNATURE_SIZE = 64;\n\n/**\n * Sign a message using Schnorr signature (BIP-340).\n * Uses secure random auxiliary randomness.\n *\n * @param ecdsaPrivateKey - 32-byte private key\n * @param message - Message to sign (not pre-hashed, per BIP-340)\n * @returns 64-byte Schnorr signature\n */\nexport function schnorrSign(ecdsaPrivateKey: Uint8Array, message: Uint8Array): Uint8Array {\n  const rng = new SecureRandomNumberGenerator();\n  return schnorrSignUsing(ecdsaPrivateKey, message, rng);\n}\n\n/**\n * Sign a message using Schnorr signature with a custom RNG.\n *\n * @param ecdsaPrivateKey - 32-byte private key\n * @param message - Message to sign\n * @param rng - Random number generator for auxiliary randomness\n * @returns 64-byte Schnorr signature\n */\nexport function schnorrSignUsing(\n  ecdsaPrivateKey: Uint8Array,\n  message: Uint8Array,\n  rng: RandomNumberGenerator,\n): Uint8Array {\n  const auxRand = rng.randomData(32);\n  return schnorrSignWithAuxRand(ecdsaPrivateKey, message, auxRand);\n}\n\n/**\n * Sign a message using Schnorr signature with specific auxiliary randomness.\n * This is useful for deterministic signing in tests.\n *\n * @param ecdsaPrivateKey - 32-byte private key\n * @param message - Message to sign\n * @param auxRand - 32-byte auxiliary randomness (per BIP-340)\n * @returns 64-byte Schnorr signature\n */\nexport function schnorrSignWithAuxRand(\n  ecdsaPrivateKey: Uint8Array,\n  message: Uint8Array,\n  auxRand: Uint8Array,\n): Uint8Array {\n  if (ecdsaPrivateKey.length !== ECDSA_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${ECDSA_PRIVATE_KEY_SIZE} bytes`);\n  }\n  if (auxRand.length !== 32) {\n    throw new Error(\"Auxiliary randomness must be 32 bytes\");\n  }\n\n  return schnorr.sign(message, ecdsaPrivateKey, auxRand);\n}\n\n/**\n * Verify a Schnorr signature (BIP-340).\n *\n * @param schnorrPublicKey - 32-byte x-only public key\n * @param signature - 64-byte Schnorr signature\n * @param message - Original message\n * @returns true if signature is valid\n */\nexport function schnorrVerify(\n  schnorrPublicKey: Uint8Array,\n  signature: Uint8Array,\n  message: Uint8Array,\n): boolean {\n  if (schnorrPublicKey.length !== SCHNORR_PUBLIC_KEY_SIZE) {\n    throw new Error(`Public key must be ${SCHNORR_PUBLIC_KEY_SIZE} bytes`);\n  }\n  if (signature.length !== SCHNORR_SIGNATURE_SIZE) {\n    throw new Error(`Signature must be ${SCHNORR_SIGNATURE_SIZE} bytes`);\n  }\n\n  try {\n    return schnorr.verify(signature, message, schnorrPublicKey);\n  } catch {\n    return false;\n  }\n}\n","// Ported from bc-crypto-rust/src/ed25519_signing.rs\n\nimport { ed25519 } from \"@noble/curves/ed25519\";\nimport type { RandomNumberGenerator } from \"@bcts/rand\";\n\n// Constants\nexport const ED25519_PUBLIC_KEY_SIZE = 32;\nexport const ED25519_PRIVATE_KEY_SIZE = 32;\nexport const ED25519_SIGNATURE_SIZE = 64;\n\n/**\n * Generate a new random Ed25519 private key.\n */\nexport function ed25519NewPrivateKeyUsing(rng: RandomNumberGenerator): Uint8Array {\n  return rng.randomData(ED25519_PRIVATE_KEY_SIZE);\n}\n\n/**\n * Derive an Ed25519 public key from a private key.\n */\nexport function ed25519PublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array {\n  if (privateKey.length !== ED25519_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${ED25519_PRIVATE_KEY_SIZE} bytes`);\n  }\n  return ed25519.getPublicKey(privateKey);\n}\n\n/**\n * Sign a message using Ed25519.\n *\n * **Security Note**: The private key must be kept secret. The same private key\n * can safely sign multiple messages.\n *\n * @param privateKey - 32-byte Ed25519 private key\n * @param message - Message to sign (any length)\n * @returns 64-byte Ed25519 signature\n * @throws {Error} If private key is not 32 bytes\n */\nexport function ed25519Sign(privateKey: Uint8Array, message: Uint8Array): Uint8Array {\n  if (privateKey.length !== ED25519_PRIVATE_KEY_SIZE) {\n    throw new Error(`Private key must be ${ED25519_PRIVATE_KEY_SIZE} bytes`);\n  }\n  return ed25519.sign(message, privateKey);\n}\n\n/**\n * Verify an Ed25519 signature.\n *\n * @param publicKey - 32-byte Ed25519 public key\n * @param message - Original message that was signed\n * @param signature - 64-byte Ed25519 signature\n * @returns `true` if signature is valid, `false` if signature verification fails\n * @throws {Error} If public key is not 32 bytes or signature is not 64 bytes\n */\nexport function ed25519Verify(\n  publicKey: Uint8Array,\n  message: Uint8Array,\n  signature: Uint8Array,\n): boolean {\n  if (publicKey.length !== ED25519_PUBLIC_KEY_SIZE) {\n    throw new Error(`Public key must be ${ED25519_PUBLIC_KEY_SIZE} bytes`);\n  }\n  if (signature.length !== ED25519_SIGNATURE_SIZE) {\n    throw new Error(`Signature must be ${ED25519_SIGNATURE_SIZE} bytes`);\n  }\n\n  try {\n    return ed25519.verify(signature, message, publicKey);\n  } catch {\n    return false;\n  }\n}\n","// Ported from bc-crypto-rust/src/scrypt.rs\n\nimport { scrypt as nobleScrypt } from \"@noble/hashes/scrypt\";\n\n/**\n * Derive a key using Scrypt with recommended parameters.\n * Uses N=2^15 (32768), r=8, p=1 as recommended defaults.\n *\n * @param password - Password or passphrase\n * @param salt - Salt value\n * @param outputLen - Desired output length\n * @returns Derived key\n */\nexport function scrypt(password: Uint8Array, salt: Uint8Array, outputLen: number): Uint8Array {\n  return scryptOpt(password, salt, outputLen, 15, 8, 1);\n}\n\n/**\n * Derive a key using Scrypt with custom parameters.\n *\n * @param password - Password or passphrase\n * @param salt - Salt value\n * @param outputLen - Desired output length\n * @param logN - Log2 of the CPU/memory cost parameter N (must be <64)\n * @param r - Block size parameter (must be >0)\n * @param p - Parallelization parameter (must be >0)\n * @returns Derived key\n */\nexport function scryptOpt(\n  password: Uint8Array,\n  salt: Uint8Array,\n  outputLen: number,\n  logN: number,\n  r: number,\n  p: number,\n): Uint8Array {\n  if (logN >= 64) {\n    throw new Error(\"logN must be <64\");\n  }\n  if (r === 0) {\n    throw new Error(\"r must be >0\");\n  }\n  if (p === 0) {\n    throw new Error(\"p must be >0\");\n  }\n\n  const N = 1 << logN; // 2^logN\n\n  return nobleScrypt(password, salt, { N, r, p, dkLen: outputLen });\n}\n","// Ported from bc-crypto-rust/src/argon.rs\n\nimport { argon2id } from \"@noble/hashes/argon2\";\n\n/**\n * Derive a key using Argon2id with default parameters.\n *\n * @param password - Password or passphrase\n * @param salt - Salt value (must be at least 8 bytes)\n * @param outputLen - Desired output length\n * @returns Derived key\n */\nexport function argon2idHash(\n  password: Uint8Array,\n  salt: Uint8Array,\n  outputLen: number,\n): Uint8Array {\n  // Use default parameters similar to the Rust implementation\n  return argon2idHashOpt(password, salt, outputLen, 3, 65536, 4);\n}\n\n/**\n * Derive a key using Argon2id with custom parameters.\n *\n * @param password - Password or passphrase\n * @param salt - Salt value (must be at least 8 bytes)\n * @param outputLen - Desired output length\n * @param iterations - Number of iterations (t)\n * @param memory - Memory in KiB (m)\n * @param parallelism - Degree of parallelism (p)\n * @returns Derived key\n */\nexport function argon2idHashOpt(\n  password: Uint8Array,\n  salt: Uint8Array,\n  outputLen: number,\n  iterations: number,\n  memory: number,\n  parallelism: number,\n): Uint8Array {\n  return argon2id(password, salt, {\n    t: iterations,\n    m: memory,\n    p: parallelism,\n    dkLen: outputLen,\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;AAKA,IAAa,YAAb,cAA+B,MAAM;CACnC,YAAY,UAAU,8BAA8B;AAClD,QAAM,QAAQ;AACd,OAAK,OAAO;;;;;;AAOhB,IAAa,cAAb,MAAa,oBAAoB,MAAM;CACrC,AAAkB;CAElB,YAAY,SAAiB,OAAe;AAC1C,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,QAAQ;;;;;;;;CASf,OAAO,KAAK,OAAgC;AAC1C,SAAO,IAAI,YAAY,cAAc,SAAS,IAAI,WAAW,CAAC;;;;;;;;CAShE,OAAO,iBAAiB,SAA8B;AACpD,SAAO,IAAI,YAAY,sBAAsB,UAAU;;;;;;;;;;;;;;;;;;;;;;ACvB3D,SAAgB,QAAQ,MAAsC;CAC5D,MAAM,MAAM,KAAK;AACjB,MAAK,IAAI,IAAI,GAAG,IAAI,KAAK,IACvB,MAAK,KAAK;AAGZ,KAAI,KAAK,SAAS,KAAK,KAAK,OAAO,EACjC,OAAM,IAAI,MAAM,iBAAiB;;;;;AAOrC,SAAgB,gBAAgB,QAA4B;AAC1D,MAAK,MAAM,OAAO,OAChB,SAAQ,IAAI;;;;;AC1BhB,MAAa,aAAa;AAC1B,MAAa,cAAc;AAC3B,MAAa,cAAc;AAG3B,MAAM,cAAc,IAAI,YAAY,IAAI;AACxC,KAAK,IAAI,IAAI,GAAG,IAAI,KAAK,KAAK;CAC5B,IAAI,MAAM;AACV,MAAK,IAAI,IAAI,GAAG,IAAI,GAAG,IACrB,QAAO,MAAM,OAAO,IAAK,QAAQ,IAAK,aAAa,QAAQ;AAE7D,aAAY,KAAK,QAAQ;;;;;AAM3B,SAAgB,MAAM,MAA0B;CAC9C,IAAI,MAAM;AACV,MAAK,MAAM,QAAQ,KACjB,OAAM,aAAa,MAAM,QAAQ,OAAS,QAAQ;AAEpD,SAAQ,MAAM,gBAAgB;;;;;AAMhC,SAAgB,UAAU,MAA8B;AACtD,QAAO,aAAa,MAAM,MAAM;;;;;;;AAQlC,SAAgB,aAAa,MAAkB,cAAmC;CAChF,MAAM,WAAW,MAAM,KAAK;CAC5B,MAAM,SAAS,IAAI,WAAW,EAAE;AAEhC,CADa,IAAI,SAAS,OAAO,OAAO,CACnC,UAAU,GAAG,UAAU,aAAa;AACzC,QAAO;;;;;AAMT,SAAgB,OAAO,MAA8B;AACnD,wCAAmB,KAAK;;;;;;AAO1B,SAAgB,aAAa,SAAiC;AAC5D,QAAO,OAAO,OAAO,QAAQ,CAAC;;;;;AAMhC,SAAgB,OAAO,MAA8B;AACnD,wCAAmB,KAAK;;;;;AAM1B,SAAgB,WAAW,KAAiB,SAAiC;AAC3E,sCAAYA,4BAAa,KAAK,QAAQ;;;;;AAMxC,SAAgB,WAAW,KAAiB,SAAiC;AAC3E,sCAAYC,4BAAa,KAAK,QAAQ;;;;;AAMxC,SAAgB,iBACd,UACA,MACA,YACA,QACY;AACZ,0CAAcD,4BAAa,UAAU,MAAM;EAAE,GAAG;EAAY,OAAO;EAAQ,CAAC;;;;;AAM9E,SAAgB,iBACd,UACA,MACA,YACA,QACY;AACZ,0CAAcC,4BAAa,UAAU,MAAM;EAAE,GAAG;EAAY,OAAO;EAAQ,CAAC;;;;;AAM9E,SAAgB,eACd,aACA,MACA,QACY;AACZ,sCAAYD,4BAAa,aAAa,MAAM,QAAW,OAAO;;;;;AAMhE,SAAgB,eACd,aACA,MACA,QACY;AACZ,sCAAYC,4BAAa,aAAa,MAAM,QAAW,OAAO;;;;;AC9HhE,MAAa,qBAAqB;AAClC,MAAa,uBAAuB;AACpC,MAAa,sBAAsB;;;;;;;;;;;;;;AAenC,SAAgB,4BACd,WACA,KACA,OAC0B;AAC1B,QAAO,mCAAmC,WAAW,KAAK,OAAO,IAAI,WAAW,EAAE,CAAC;;;;;;;;;;;;;;;;AAiBrF,SAAgB,mCACd,WACA,KACA,OACA,KAC0B;AAC1B,KAAI,IAAI,WAAW,mBACjB,OAAM,YAAY,iBAAiB,eAAe,mBAAmB,QAAQ;AAE/E,KAAI,MAAM,WAAW,qBACnB,OAAM,YAAY,iBAAiB,iBAAiB,qBAAqB,QAAQ;CAInF,MAAM,sDAD0B,KAAK,OAAO,IAAI,CAC1B,QAAQ,UAAU;AAMxC,QAAO,CAHY,OAAO,MAAM,GAAG,OAAO,SAAS,oBAAoB,EACvD,OAAO,MAAM,OAAO,SAAS,oBAAoB,CAErC;;;;;;;;;;;;;AAc9B,SAAgB,4BACd,YACA,KACA,OACA,SACY;AACZ,QAAO,mCAAmC,YAAY,KAAK,OAAO,IAAI,WAAW,EAAE,EAAE,QAAQ;;;;;;;;;;;;;;AAe/F,SAAgB,mCACd,YACA,KACA,OACA,KACA,SACY;AACZ,KAAI,IAAI,WAAW,mBACjB,OAAM,YAAY,iBAAiB,eAAe,mBAAmB,QAAQ;AAE/E,KAAI,MAAM,WAAW,qBACnB,OAAM,YAAY,iBAAiB,iBAAiB,qBAAqB,QAAQ;AAEnF,KAAI,QAAQ,WAAW,oBACrB,OAAM,YAAY,iBAAiB,oBAAoB,oBAAoB,QAAQ;CAIrF,MAAM,SAAS,IAAI,WAAW,WAAW,SAAS,QAAQ,OAAO;AACjE,QAAO,IAAI,WAAW;AACtB,QAAO,IAAI,SAAS,WAAW,OAAO;AAEtC,KAAI;AAEF,sDADgC,KAAK,OAAO,IAAI,CAClC,QAAQ,OAAO;UACtB,OAAO;EAEd,MAAM,YAAY,IAAI,UACpB,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,yBAChE;AACD,QAAM,YAAY,KAAK,UAAU;;;;;;AC3HrC,MAAa,2BAA2B;AACxC,MAAa,0BAA0B;AACvC,MAAa,0BAA0B;AACvC,MAAa,yBAAyB;;;;;AAMtC,SAAgB,0BAA0B,aAAqC;AAE7E,QAAO,eAAe,aADT,IAAI,aAAa,CAAC,OAAO,YAAY,EACT,wBAAwB;;;;;;AAOnE,SAAgB,wBAAwB,aAAqC;AAE3E,QAAO,eAAe,aADT,IAAI,aAAa,CAAC,OAAO,UAAU,EACP,GAAG;;;;;AAM9C,SAAgB,yBAAyB,KAAwC;AAC/E,QAAO,IAAI,WAAW,wBAAwB;;;;;AAMhD,SAAgB,8BAA8B,YAAoC;AAChF,KAAI,WAAW,WAAW,wBACxB,OAAM,IAAI,MAAM,uBAAuB,wBAAwB,QAAQ;AAEzE,QAAOC,8BAAO,aAAa,WAAW;;;;;;;;;;;;;;AAexC,SAAgB,gBAAgB,eAA2B,cAAsC;AAC/F,KAAI,cAAc,WAAW,wBAC3B,OAAM,IAAI,MAAM,uBAAuB,wBAAwB,QAAQ;AAEzE,KAAI,aAAa,WAAW,uBAC1B,OAAM,IAAI,MAAM,sBAAsB,uBAAuB,QAAQ;AAEvE,QAAOA,8BAAO,gBAAgB,eAAe,aAAa;;;;;AC3D5D,MAAa,yBAAyB;AACtC,MAAa,wBAAwB;AACrC,MAAa,qCAAqC;AAClD,MAAa,0BAA0B;AACvC,MAAa,uBAAuB;AACpC,MAAa,0BAA0B;;;;;;;;AASvC,SAAgB,wBAAwB,KAAwC;AAC9E,QAAO,IAAI,WAAW,uBAAuB;;;;;AAM/C,SAAgB,6BAA6B,YAAoC;AAC/E,KAAI,WAAW,WAAW,uBACxB,OAAM,IAAI,MAAM,uBAAuB,uBAAuB,QAAQ;AAExE,QAAOC,mCAAU,aAAa,YAAY,KAAK;;;;;AAMjD,SAAgB,yBAAyB,YAAoC;AAC3E,KAAI,WAAW,WAAW,sBACxB,OAAM,IAAI,MAAM,iCAAiC,sBAAsB,QAAQ;AAGjF,QADcA,mCAAU,gBAAgB,QAAQ,WAAW,CAC9C,WAAW,MAAM;;;;;AAMhC,SAAgB,uBAAuB,cAAsC;AAC3E,KAAI,aAAa,WAAW,mCAC1B,OAAM,IAAI,MAAM,mCAAmC,mCAAmC,QAAQ;AAGhG,QADcA,mCAAU,gBAAgB,QAAQ,aAAa,CAChD,WAAW,KAAK;;;;;;;;AAS/B,SAAgB,sBAAsB,aAAqC;AAEzE,QAAO,eAAe,aADT,IAAI,aAAa,CAAC,OAAO,UAAU,EACP,uBAAuB;;;;;;AAOlE,SAAgB,+BAA+B,YAAoC;AACjF,KAAI,WAAW,WAAW,uBACxB,OAAM,IAAI,MAAM,uBAAuB,uBAAuB,QAAQ;AAKxE,QAFmBA,mCAAU,aAAa,YAAY,MAAM,CAE1C,MAAM,GAAG,GAAG;;;;;;;;;;;;;;;;;;;ACvDhC,SAAgB,UAAU,YAAwB,SAAiC;AACjF,KAAI,WAAW,WAAW,uBACxB,OAAM,IAAI,MAAM,uBAAuB,uBAAuB,QAAQ;CAGxE,MAAM,cAAc,aAAa,QAAQ;AAIzC,QAHkBC,mCAAU,KAAK,aAAa,WAAW,CAGxC,mBAAmB;;;;;;;;;;;;;AActC,SAAgB,YACd,WACA,WACA,SACS;AACT,KAAI,UAAU,WAAW,sBACvB,OAAM,IAAI,MAAM,sBAAsB,sBAAsB,QAAQ;AAEtE,KAAI,UAAU,WAAW,qBACvB,OAAM,IAAI,MAAM,qBAAqB,qBAAqB,QAAQ;AAGpE,KAAI;EACF,MAAM,cAAc,aAAa,QAAQ;AACzC,SAAOA,mCAAU,OAAO,WAAW,aAAa,UAAU;SACpD;AACN,SAAO;;;;;;ACvDX,MAAa,yBAAyB;;;;;;;;;AAUtC,SAAgB,YAAY,iBAA6B,SAAiC;AAExF,QAAO,iBAAiB,iBAAiB,SAD7B,IAAIC,yCAA6B,CACS;;;;;;;;;;AAWxD,SAAgB,iBACd,iBACA,SACA,KACY;AAEZ,QAAO,uBAAuB,iBAAiB,SAD/B,IAAI,WAAW,GAAG,CAC8B;;;;;;;;;;;AAYlE,SAAgB,uBACd,iBACA,SACA,SACY;AACZ,KAAI,gBAAgB,WAAW,uBAC7B,OAAM,IAAI,MAAM,uBAAuB,uBAAuB,QAAQ;AAExE,KAAI,QAAQ,WAAW,GACrB,OAAM,IAAI,MAAM,wCAAwC;AAG1D,QAAOC,iCAAQ,KAAK,SAAS,iBAAiB,QAAQ;;;;;;;;;;AAWxD,SAAgB,cACd,kBACA,WACA,SACS;AACT,KAAI,iBAAiB,WAAW,wBAC9B,OAAM,IAAI,MAAM,sBAAsB,wBAAwB,QAAQ;AAExE,KAAI,UAAU,WAAW,uBACvB,OAAM,IAAI,MAAM,qBAAqB,uBAAuB,QAAQ;AAGtE,KAAI;AACF,SAAOA,iCAAQ,OAAO,WAAW,SAAS,iBAAiB;SACrD;AACN,SAAO;;;;;;ACjFX,MAAa,0BAA0B;AACvC,MAAa,2BAA2B;AACxC,MAAa,yBAAyB;;;;AAKtC,SAAgB,0BAA0B,KAAwC;AAChF,QAAO,IAAI,WAAW,yBAAyB;;;;;AAMjD,SAAgB,+BAA+B,YAAoC;AACjF,KAAI,WAAW,WAAW,yBACxB,OAAM,IAAI,MAAM,uBAAuB,yBAAyB,QAAQ;AAE1E,QAAOC,+BAAQ,aAAa,WAAW;;;;;;;;;;;;;AAczC,SAAgB,YAAY,YAAwB,SAAiC;AACnF,KAAI,WAAW,WAAW,yBACxB,OAAM,IAAI,MAAM,uBAAuB,yBAAyB,QAAQ;AAE1E,QAAOA,+BAAQ,KAAK,SAAS,WAAW;;;;;;;;;;;AAY1C,SAAgB,cACd,WACA,SACA,WACS;AACT,KAAI,UAAU,WAAW,wBACvB,OAAM,IAAI,MAAM,sBAAsB,wBAAwB,QAAQ;AAExE,KAAI,UAAU,WAAW,uBACvB,OAAM,IAAI,MAAM,qBAAqB,uBAAuB,QAAQ;AAGtE,KAAI;AACF,SAAOA,+BAAQ,OAAO,WAAW,SAAS,UAAU;SAC9C;AACN,SAAO;;;;;;;;;;;;;;;ACxDX,SAAgB,OAAO,UAAsB,MAAkB,WAA+B;AAC5F,QAAO,UAAU,UAAU,MAAM,WAAW,IAAI,GAAG,EAAE;;;;;;;;;;;;;AAcvD,SAAgB,UACd,UACA,MACA,WACA,MACA,GACA,GACY;AACZ,KAAI,QAAQ,GACV,OAAM,IAAI,MAAM,mBAAmB;AAErC,KAAI,MAAM,EACR,OAAM,IAAI,MAAM,eAAe;AAEjC,KAAI,MAAM,EACR,OAAM,IAAI,MAAM,eAAe;AAKjC,0CAAmB,UAAU,MAAM;EAAE,GAF3B,KAAK;EAEyB;EAAG;EAAG,OAAO;EAAW,CAAC;;;;;;;;;;;;;ACpCnE,SAAgB,aACd,UACA,MACA,WACY;AAEZ,QAAO,gBAAgB,UAAU,MAAM,WAAW,GAAG,OAAO,EAAE;;;;;;;;;;;;;AAchE,SAAgB,gBACd,UACA,MACA,WACA,YACA,QACA,aACY;AACZ,4CAAgB,UAAU,MAAM;EAC9B,GAAG;EACH,GAAG;EACH,GAAG;EACH,OAAO;EACR,CAAC"}

package/dist/index.d.cts

@@ -0,0 +1,403 @@
+import { RandomNumberGenerator } from "@bcts/rand";
+
+//#region src/error.d.ts
+/**
+ * AEAD-specific error for authentication failures
+ */
+declare class AeadError extends Error {
+  constructor(message?: string);
+}
+/**
+ * Generic crypto error type
+ */
+declare class CryptoError extends Error {
+  readonly cause?: Error | undefined;
+  constructor(message: string, cause?: Error);
+  /**
+   * Create a CryptoError for AEAD authentication failures.
+   *
+   * @param error - Optional underlying AeadError
+   * @returns A CryptoError wrapping the AEAD error
+   */
+  static aead(error?: AeadError): CryptoError;
+  /**
+   * Create a CryptoError for invalid parameter values.
+   *
+   * @param message - Description of the invalid parameter
+   * @returns A CryptoError describing the invalid parameter
+   */
+  static invalidParameter(message: string): CryptoError;
+}
+/**
+ * Result type for crypto operations (using standard Error)
+ */
+type CryptoResult<T> = T;
+//#endregion
+//#region src/memzero.d.ts
+/**
+ * Securely zero out a typed array.
+ *
+ * **IMPORTANT: This is a best-effort implementation.** Unlike the Rust reference
+ * implementation which uses `std::ptr::write_volatile()` for guaranteed volatile
+ * writes, JavaScript engines and JIT compilers can still potentially optimize
+ * away these zeroing operations. The check at the end helps prevent optimization,
+ * but it is not foolproof.
+ *
+ * For truly sensitive cryptographic operations, consider using the Web Crypto API's
+ * `crypto.subtle` with non-extractable keys when possible, as it provides stronger
+ * guarantees than what can be achieved with pure JavaScript.
+ *
+ * This function attempts to prevent the compiler from optimizing away
+ * the zeroing operation by using a verification check after the zeroing loop.
+ */
+declare function memzero(data: Uint8Array | Uint32Array): void;
+/**
+ * Securely zero out an array of Uint8Arrays.
+ */
+declare function memzeroVecVecU8(arrays: Uint8Array[]): void;
+//#endregion
+//#region src/hash.d.ts
+declare const CRC32_SIZE = 4;
+declare const SHA256_SIZE = 32;
+declare const SHA512_SIZE = 64;
+/**
+ * Calculate CRC-32 checksum
+ */
+declare function crc32(data: Uint8Array): number;
+/**
+ * Calculate CRC-32 checksum and return as a 4-byte big-endian array
+ */
+declare function crc32Data(data: Uint8Array): Uint8Array;
+/**
+ * Calculate CRC-32 checksum and return as a 4-byte array
+ * @param data - Input data
+ * @param littleEndian - If true, returns little-endian; otherwise big-endian
+ */
+declare function crc32DataOpt(data: Uint8Array, littleEndian: boolean): Uint8Array;
+/**
+ * Calculate SHA-256 hash
+ */
+declare function sha256(data: Uint8Array): Uint8Array;
+/**
+ * Calculate double SHA-256 hash (SHA-256 of SHA-256)
+ * This is the standard Bitcoin hashing function
+ */
+declare function doubleSha256(message: Uint8Array): Uint8Array;
+/**
+ * Calculate SHA-512 hash
+ */
+declare function sha512(data: Uint8Array): Uint8Array;
+/**
+ * Calculate HMAC-SHA-256
+ */
+declare function hmacSha256(key: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Calculate HMAC-SHA-512
+ */
+declare function hmacSha512(key: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Derive a key using PBKDF2 with HMAC-SHA-256
+ */
+declare function pbkdf2HmacSha256(password: Uint8Array, salt: Uint8Array, iterations: number, keyLen: number): Uint8Array;
+/**
+ * Derive a key using PBKDF2 with HMAC-SHA-512
+ */
+declare function pbkdf2HmacSha512(password: Uint8Array, salt: Uint8Array, iterations: number, keyLen: number): Uint8Array;
+/**
+ * Derive a key using HKDF with HMAC-SHA-256
+ */
+declare function hkdfHmacSha256(keyMaterial: Uint8Array, salt: Uint8Array, keyLen: number): Uint8Array;
+/**
+ * Derive a key using HKDF with HMAC-SHA-512
+ */
+declare function hkdfHmacSha512(keyMaterial: Uint8Array, salt: Uint8Array, keyLen: number): Uint8Array;
+//#endregion
+//#region src/symmetric-encryption.d.ts
+declare const SYMMETRIC_KEY_SIZE = 32;
+declare const SYMMETRIC_NONCE_SIZE = 12;
+declare const SYMMETRIC_AUTH_SIZE = 16;
+/**
+ * Encrypt data using ChaCha20-Poly1305 AEAD cipher.
+ *
+ * **Security Warning**: The nonce MUST be unique for every encryption operation
+ * with the same key. Reusing a nonce completely breaks the security of the
+ * encryption scheme and can reveal plaintext.
+ *
+ * @param plaintext - The data to encrypt
+ * @param key - 32-byte encryption key
+ * @param nonce - 12-byte nonce (MUST be unique per encryption with the same key)
+ * @returns Tuple of [ciphertext, authTag] where authTag is 16 bytes
+ * @throws {CryptoError} If key is not 32 bytes or nonce is not 12 bytes
+ */
+declare function aeadChaCha20Poly1305Encrypt(plaintext: Uint8Array, key: Uint8Array, nonce: Uint8Array): [Uint8Array, Uint8Array];
+/**
+ * Encrypt data using ChaCha20-Poly1305 AEAD cipher with additional authenticated data.
+ *
+ * **Security Warning**: The nonce MUST be unique for every encryption operation
+ * with the same key. Reusing a nonce completely breaks the security of the
+ * encryption scheme and can reveal plaintext.
+ *
+ * @param plaintext - The data to encrypt
+ * @param key - 32-byte encryption key
+ * @param nonce - 12-byte nonce (MUST be unique per encryption with the same key)
+ * @param aad - Additional authenticated data (not encrypted, but integrity-protected)
+ * @returns Tuple of [ciphertext, authTag] where authTag is 16 bytes
+ * @throws {CryptoError} If key is not 32 bytes or nonce is not 12 bytes
+ */
+declare function aeadChaCha20Poly1305EncryptWithAad(plaintext: Uint8Array, key: Uint8Array, nonce: Uint8Array, aad: Uint8Array): [Uint8Array, Uint8Array];
+/**
+ * Decrypt data using ChaCha20-Poly1305 AEAD cipher.
+ *
+ * @param ciphertext - The encrypted data
+ * @param key - 32-byte encryption key (must match key used for encryption)
+ * @param nonce - 12-byte nonce (must match nonce used for encryption)
+ * @param authTag - 16-byte authentication tag from encryption
+ * @returns Decrypted plaintext
+ * @throws {CryptoError} If key/nonce/authTag sizes are invalid
+ * @throws {CryptoError} If authentication fails (tampered data or wrong key/nonce)
+ */
+declare function aeadChaCha20Poly1305Decrypt(ciphertext: Uint8Array, key: Uint8Array, nonce: Uint8Array, authTag: Uint8Array): Uint8Array;
+/**
+ * Decrypt data using ChaCha20-Poly1305 AEAD cipher with additional authenticated data.
+ *
+ * @param ciphertext - The encrypted data
+ * @param key - 32-byte encryption key (must match key used for encryption)
+ * @param nonce - 12-byte nonce (must match nonce used for encryption)
+ * @param aad - Additional authenticated data (must exactly match AAD used for encryption)
+ * @param authTag - 16-byte authentication tag from encryption
+ * @returns Decrypted plaintext
+ * @throws {CryptoError} If key/nonce/authTag sizes are invalid
+ * @throws {CryptoError} If authentication fails (tampered data, wrong key/nonce, or AAD mismatch)
+ */
+declare function aeadChaCha20Poly1305DecryptWithAad(ciphertext: Uint8Array, key: Uint8Array, nonce: Uint8Array, aad: Uint8Array, authTag: Uint8Array): Uint8Array;
+//#endregion
+//#region src/public-key-encryption.d.ts
+declare const GENERIC_PRIVATE_KEY_SIZE = 32;
+declare const GENERIC_PUBLIC_KEY_SIZE = 32;
+declare const X25519_PRIVATE_KEY_SIZE = 32;
+declare const X25519_PUBLIC_KEY_SIZE = 32;
+/**
+ * Derive an X25519 agreement private key from key material.
+ * Uses HKDF with "agreement" as domain separation salt.
+ */
+declare function deriveAgreementPrivateKey(keyMaterial: Uint8Array): Uint8Array;
+/**
+ * Derive a signing private key from key material.
+ * Uses HKDF with "signing" as domain separation salt.
+ */
+declare function deriveSigningPrivateKey(keyMaterial: Uint8Array): Uint8Array;
+/**
+ * Generate a new random X25519 private key.
+ */
+declare function x25519NewPrivateKeyUsing(rng: RandomNumberGenerator): Uint8Array;
+/**
+ * Derive an X25519 public key from a private key.
+ */
+declare function x25519PublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array;
+/**
+ * Compute a shared secret using X25519 key agreement (ECDH).
+ *
+ * **Security Note**: The resulting shared secret should be used with a KDF
+ * (like HKDF) before using it as an encryption key. Never use the raw
+ * shared secret directly for encryption.
+ *
+ * @param x25519Private - 32-byte X25519 private key
+ * @param x25519Public - 32-byte X25519 public key from the other party
+ * @returns 32-byte shared secret
+ * @throws {Error} If private key is not 32 bytes or public key is not 32 bytes
+ */
+declare function x25519SharedKey(x25519Private: Uint8Array, x25519Public: Uint8Array): Uint8Array;
+//#endregion
+//#region src/ecdsa-keys.d.ts
+declare const ECDSA_PRIVATE_KEY_SIZE = 32;
+declare const ECDSA_PUBLIC_KEY_SIZE = 33;
+declare const ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE = 65;
+declare const ECDSA_MESSAGE_HASH_SIZE = 32;
+declare const ECDSA_SIGNATURE_SIZE = 64;
+declare const SCHNORR_PUBLIC_KEY_SIZE = 32;
+/**
+ * Generate a new random ECDSA private key using secp256k1.
+ *
+ * Note: Unlike some implementations, this directly returns the random bytes
+ * without validation. The secp256k1 library will handle any edge cases when
+ * the key is used.
+ */
+declare function ecdsaNewPrivateKeyUsing(rng: RandomNumberGenerator): Uint8Array;
+/**
+ * Derive a compressed ECDSA public key from a private key.
+ */
+declare function ecdsaPublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array;
+/**
+ * Decompress a compressed public key to uncompressed format.
+ */
+declare function ecdsaDecompressPublicKey(compressed: Uint8Array): Uint8Array;
+/**
+ * Compress an uncompressed public key.
+ */
+declare function ecdsaCompressPublicKey(uncompressed: Uint8Array): Uint8Array;
+/**
+ * Derive an ECDSA private key from key material using HKDF.
+ *
+ * Note: This directly returns the HKDF output without validation,
+ * matching the Rust reference implementation behavior.
+ */
+declare function ecdsaDerivePrivateKey(keyMaterial: Uint8Array): Uint8Array;
+/**
+ * Extract the x-only (Schnorr) public key from a private key.
+ * This is used for BIP-340 Schnorr signatures.
+ */
+declare function schnorrPublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array;
+//#endregion
+//#region src/ecdsa-signing.d.ts
+/**
+ * Sign a message using ECDSA with secp256k1.
+ *
+ * The message is hashed with double SHA-256 before signing (Bitcoin standard).
+ *
+ * **Security Note**: The private key must be kept secret. ECDSA requires
+ * cryptographically secure random nonces internally; this is handled by
+ * the underlying library using RFC 6979 deterministic nonces.
+ *
+ * @param privateKey - 32-byte secp256k1 private key
+ * @param message - Message to sign (any length, will be double-SHA256 hashed)
+ * @returns 64-byte compact signature (r || s format)
+ * @throws {Error} If private key is not 32 bytes
+ */
+declare function ecdsaSign(privateKey: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Verify an ECDSA signature with secp256k1.
+ *
+ * The message is hashed with double SHA-256 before verification (Bitcoin standard).
+ *
+ * @param publicKey - 33-byte compressed secp256k1 public key
+ * @param signature - 64-byte compact signature (r || s format)
+ * @param message - Original message that was signed
+ * @returns `true` if signature is valid, `false` if signature verification fails
+ * @throws {Error} If public key is not 33 bytes or signature is not 64 bytes
+ */
+declare function ecdsaVerify(publicKey: Uint8Array, signature: Uint8Array, message: Uint8Array): boolean;
+//#endregion
+//#region src/schnorr-signing.d.ts
+declare const SCHNORR_SIGNATURE_SIZE = 64;
+/**
+ * Sign a message using Schnorr signature (BIP-340).
+ * Uses secure random auxiliary randomness.
+ *
+ * @param ecdsaPrivateKey - 32-byte private key
+ * @param message - Message to sign (not pre-hashed, per BIP-340)
+ * @returns 64-byte Schnorr signature
+ */
+declare function schnorrSign(ecdsaPrivateKey: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Sign a message using Schnorr signature with a custom RNG.
+ *
+ * @param ecdsaPrivateKey - 32-byte private key
+ * @param message - Message to sign
+ * @param rng - Random number generator for auxiliary randomness
+ * @returns 64-byte Schnorr signature
+ */
+declare function schnorrSignUsing(ecdsaPrivateKey: Uint8Array, message: Uint8Array, rng: RandomNumberGenerator): Uint8Array;
+/**
+ * Sign a message using Schnorr signature with specific auxiliary randomness.
+ * This is useful for deterministic signing in tests.
+ *
+ * @param ecdsaPrivateKey - 32-byte private key
+ * @param message - Message to sign
+ * @param auxRand - 32-byte auxiliary randomness (per BIP-340)
+ * @returns 64-byte Schnorr signature
+ */
+declare function schnorrSignWithAuxRand(ecdsaPrivateKey: Uint8Array, message: Uint8Array, auxRand: Uint8Array): Uint8Array;
+/**
+ * Verify a Schnorr signature (BIP-340).
+ *
+ * @param schnorrPublicKey - 32-byte x-only public key
+ * @param signature - 64-byte Schnorr signature
+ * @param message - Original message
+ * @returns true if signature is valid
+ */
+declare function schnorrVerify(schnorrPublicKey: Uint8Array, signature: Uint8Array, message: Uint8Array): boolean;
+//#endregion
+//#region src/ed25519-signing.d.ts
+declare const ED25519_PUBLIC_KEY_SIZE = 32;
+declare const ED25519_PRIVATE_KEY_SIZE = 32;
+declare const ED25519_SIGNATURE_SIZE = 64;
+/**
+ * Generate a new random Ed25519 private key.
+ */
+declare function ed25519NewPrivateKeyUsing(rng: RandomNumberGenerator): Uint8Array;
+/**
+ * Derive an Ed25519 public key from a private key.
+ */
+declare function ed25519PublicKeyFromPrivateKey(privateKey: Uint8Array): Uint8Array;
+/**
+ * Sign a message using Ed25519.
+ *
+ * **Security Note**: The private key must be kept secret. The same private key
+ * can safely sign multiple messages.
+ *
+ * @param privateKey - 32-byte Ed25519 private key
+ * @param message - Message to sign (any length)
+ * @returns 64-byte Ed25519 signature
+ * @throws {Error} If private key is not 32 bytes
+ */
+declare function ed25519Sign(privateKey: Uint8Array, message: Uint8Array): Uint8Array;
+/**
+ * Verify an Ed25519 signature.
+ *
+ * @param publicKey - 32-byte Ed25519 public key
+ * @param message - Original message that was signed
+ * @param signature - 64-byte Ed25519 signature
+ * @returns `true` if signature is valid, `false` if signature verification fails
+ * @throws {Error} If public key is not 32 bytes or signature is not 64 bytes
+ */
+declare function ed25519Verify(publicKey: Uint8Array, message: Uint8Array, signature: Uint8Array): boolean;
+//#endregion
+//#region src/scrypt.d.ts
+/**
+ * Derive a key using Scrypt with recommended parameters.
+ * Uses N=2^15 (32768), r=8, p=1 as recommended defaults.
+ *
+ * @param password - Password or passphrase
+ * @param salt - Salt value
+ * @param outputLen - Desired output length
+ * @returns Derived key
+ */
+declare function scrypt(password: Uint8Array, salt: Uint8Array, outputLen: number): Uint8Array;
+/**
+ * Derive a key using Scrypt with custom parameters.
+ *
+ * @param password - Password or passphrase
+ * @param salt - Salt value
+ * @param outputLen - Desired output length
+ * @param logN - Log2 of the CPU/memory cost parameter N (must be <64)
+ * @param r - Block size parameter (must be >0)
+ * @param p - Parallelization parameter (must be >0)
+ * @returns Derived key
+ */
+declare function scryptOpt(password: Uint8Array, salt: Uint8Array, outputLen: number, logN: number, r: number, p: number): Uint8Array;
+//#endregion
+//#region src/argon.d.ts
+/**
+ * Derive a key using Argon2id with default parameters.
+ *
+ * @param password - Password or passphrase
+ * @param salt - Salt value (must be at least 8 bytes)
+ * @param outputLen - Desired output length
+ * @returns Derived key
+ */
+declare function argon2idHash(password: Uint8Array, salt: Uint8Array, outputLen: number): Uint8Array;
+/**
+ * Derive a key using Argon2id with custom parameters.
+ *
+ * @param password - Password or passphrase
+ * @param salt - Salt value (must be at least 8 bytes)
+ * @param outputLen - Desired output length
+ * @param iterations - Number of iterations (t)
+ * @param memory - Memory in KiB (m)
+ * @param parallelism - Degree of parallelism (p)
+ * @returns Derived key
+ */
+declare function argon2idHashOpt(password: Uint8Array, salt: Uint8Array, outputLen: number, iterations: number, memory: number, parallelism: number): Uint8Array;
+//#endregion
+export { AeadError, CRC32_SIZE, CryptoError, type CryptoResult, ECDSA_MESSAGE_HASH_SIZE, ECDSA_PRIVATE_KEY_SIZE, ECDSA_PUBLIC_KEY_SIZE, ECDSA_SIGNATURE_SIZE, ECDSA_UNCOMPRESSED_PUBLIC_KEY_SIZE, ED25519_PRIVATE_KEY_SIZE, ED25519_PUBLIC_KEY_SIZE, ED25519_SIGNATURE_SIZE, GENERIC_PRIVATE_KEY_SIZE, GENERIC_PUBLIC_KEY_SIZE, SCHNORR_PUBLIC_KEY_SIZE, SCHNORR_SIGNATURE_SIZE, SHA256_SIZE, SHA512_SIZE, SYMMETRIC_AUTH_SIZE, SYMMETRIC_KEY_SIZE, SYMMETRIC_NONCE_SIZE, X25519_PRIVATE_KEY_SIZE, X25519_PUBLIC_KEY_SIZE, aeadChaCha20Poly1305Decrypt, aeadChaCha20Poly1305DecryptWithAad, aeadChaCha20Poly1305Encrypt, aeadChaCha20Poly1305EncryptWithAad, argon2idHash, argon2idHashOpt, crc32, crc32Data, crc32DataOpt, deriveAgreementPrivateKey, deriveSigningPrivateKey, doubleSha256, ecdsaCompressPublicKey, ecdsaDecompressPublicKey, ecdsaDerivePrivateKey, ecdsaNewPrivateKeyUsing, ecdsaPublicKeyFromPrivateKey, ecdsaSign, ecdsaVerify, ed25519NewPrivateKeyUsing, ed25519PublicKeyFromPrivateKey, ed25519Sign, ed25519Verify, hkdfHmacSha256, hkdfHmacSha512, hmacSha256, hmacSha512, memzero, memzeroVecVecU8, pbkdf2HmacSha256, pbkdf2HmacSha512, schnorrPublicKeyFromPrivateKey, schnorrSign, schnorrSignUsing, schnorrSignWithAuxRand, schnorrVerify, scrypt, scryptOpt, sha256, sha512, x25519NewPrivateKeyUsing, x25519PublicKeyFromPrivateKey, x25519SharedKey };
+//# sourceMappingURL=index.d.cts.map

package/dist/index.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.cts","names":[],"sources":["../src/error.ts","../src/memzero.ts","../src/hash.ts","../src/symmetric-encryption.ts","../src/public-key-encryption.ts","../src/ecdsa-keys.ts","../src/ecdsa-signing.ts","../src/schnorr-signing.ts","../src/ed25519-signing.ts","../src/scrypt.ts","../src/argon.ts"],"sourcesContent":[],"mappings":";;;;;;AAKa,cAAA,SAAA,SAAkB,KAAA,CAAK;EAUvB,WAAA,CAAA,OAAY,CAAA,EAAA,MAAA;;;;;AAyBmB,cAzB/B,WAAA,SAAoB,KAAA,CAyBW;EAzBX,SAAA,KAAA,CAAA,EACL,KADK,GAAA,SAAA;EAAK,WAAA,CAAA,OAAA,EAAA,MAAA,EAAA,KAAA,CAAA,EAGC,KAHD;EAiC1B;;;;AC9BZ;AAcA;sBDFsB,YAAY;;;AEtBlC;AACA;AACA;AAeA;EAWgB,OAAA,gBAAS,CAAO,OAAA,EAAA,MAAa,CAAA,EFID,WEJW;AASvD;AAWA;AAQA;AAOA;AAOgB,KF9BJ,YE8Bc,CAAA,CAAA,CAAA,GF9BI,CE8BJ;;;;;;AFzE1B;AAUA;;;;;;;;AAiCA;;;;AC9BgB,iBAAA,OAAA,CAAc,IAAA,EAAA,UAAa,GAAA,WAAW,CAAA,EAAA,IAAA;AActD;;;iBAAgB,eAAA,SAAwB;;;cCxB3B,UAAA;cACA,WAAA;cACA,WAAA;AFLb;AAUA;;AAGuC,iBEOvB,KAAA,CFPuB,IAAA,EEOX,UFPW,CAAA,EAAA,MAAA;;;;AAHN,iBEqBjB,SAAA,CFrBiB,IAAA,EEqBD,UFrBC,CAAA,EEqBY,UFrBZ;;AAiCjC;;;;AC9BgB,iBC2BA,YAAA,CD3B2B,IAAA,EC2BR,UD3BmB,EAAA,YAAA,EAAA,OAAA,CAAA,EC2BiB,UD3BjB;AActD;;;iBCwBgB,MAAA,OAAa,aAAa;AAhD1C;AACA;AACA;AAeA;AAWgB,iBA4BA,YAAA,CA5BgB,OAAa,EA4BP,UA5BiB,CAAA,EA4BJ,UA5BI;AASvD;AAWA;AAQA;AAOgB,iBAAA,MAAA,CAAa,IAAA,EAAA,UAAa,CAAU,EAAV,UAAU;AAOpD;;;AAAkE,iBAAlD,UAAA,CAAkD,GAAA,EAAlC,UAAkC,EAAA,OAAA,EAAb,UAAa,CAAA,EAAA,UAAA;;AAOlE;;AAAqD,iBAArC,UAAA,CAAqC,GAAA,EAArB,UAAqB,EAAA,OAAA,EAAA,UAAA,CAAA,EAAa,UAAb;;;AAOrD;AACY,iBADI,gBAAA,CACJ,QAAA,EAAA,UAAA,EAAA,IAAA,EACJ,UADI,EAAA,UAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAIT,UAJS;;;;AAWI,iBAAA,gBAAA,CAAgB,QAAA,EACpB,UADoB,EAAA,IAAA,EAExB,UAFwB,EAAA,UAAA,EAAA,MAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAK7B,UAL6B;;;;AAKnB,iBAOG,cAAA,CAPH,WAAA,EAQE,UARF,EAAA,IAAA,EASL,UATK,EAAA,MAAA,EAAA,MAAA,CAAA,EAWV,UAXU;AAOb;;;AAIG,iBAOa,cAAA,CAPb,WAAA,EAQY,UARZ,EAAA,IAAA,EASK,UATL,EAAA,MAAA,EAAA,MAAA,CAAA,EAWA,UAXA;;;cClHU,kBAAA;cACA,oBAAA;cACA,mBAAA;AHHb;AAUA;;;;;;;;AAiCA;;;;AC9BgB,iBEKA,2BAAA,CFLsC,SAAA,EEMzC,UFNyC,EAAA,GAAA,EEO/C,UFP+C,EAAA,KAAA,EEQ7C,UFR6C,CAAA,EAAA,CESlD,UFTkD,EEStC,UFTsC,CAAA;AActD;;;;ACxBA;AACA;AACA;AAeA;AAWA;AASA;AAWA;AAQA;AAOA;AAOA;AAAgC,iBCjChB,kCAAA,CDiCgB,SAAA,EChCnB,UDgCmB,EAAA,GAAA,EC/BzB,UD+ByB,EAAA,KAAA,EC9BvB,UD8BuB,EAAA,GAAA,EC7BzB,UD6ByB,CAAA,EAAA,CC5B5B,UD4B4B,EC5BhB,UD4BgB,CAAA;;;;AAOhC;;;;;AAOA;;;AAKG,iBClBa,2BAAA,CDkBb,UAAA,ECjBW,UDiBX,EAAA,GAAA,EChBI,UDgBJ,EAAA,KAAA,ECfM,UDeN,EAAA,OAAA,ECdQ,UDcR,CAAA,ECbA,UDaA;;AAOH;;;;;AAYA;;;;;AAWA;AACe,iBC5BC,kCAAA,CD4BD,UAAA,EC3BD,UD2BC,EAAA,GAAA,EC1BR,UD0BQ,EAAA,KAAA,ECzBN,UDyBM,EAAA,GAAA,ECxBR,UDwBQ,EAAA,OAAA,ECvBJ,UDuBI,CAAA,ECtBZ,UDsBY;;;cEzHF,wBAAA;cACA,uBAAA;AJHA,cIIA,uBAAA,GJJuB,EAAA;AAUvB,cILA,sBAAA,GJKY,EAAA;;;;;AAyBmB,iBIxB5B,yBAAA,CJwB4B,WAAA,EIxBW,UJwBX,CAAA,EIxBwB,UJwBxB;;;AAQ5C;;iBIvBgB,uBAAA,cAAqC,aAAa;;AHPlE;AAcA;iBGCgB,wBAAA,MAA8B,wBAAwB;;;AFzBtE;AACa,iBE+BG,6BAAA,CF/BQ,UAAA,EE+BkC,UF/BlC,CAAA,EE+B+C,UF/B/C;AACxB;AAeA;AAWA;AASA;AAWA;AAQA;AAOA;AAOA;;;;;AAOgB,iBE1BA,eAAA,CF0BU,aAAA,EE1BqB,UF0BrB,EAAA,YAAA,EE1B+C,UF0B/C,CAAA,EE1B4D,UF0B5D;;;cG9Eb,sBAAA;cACA,qBAAA;ALHA,cKIA,kCAAA,GLJuB,EAAA;AAUvB,cKLA,uBAAA,GLKY,EAAA;AACG,cKLf,oBAAA,GLKe,EAAA;AAEW,cKN1B,uBAAA,GLM0B,EAAA;;;;;;AA8BvC;;iBK3BgB,uBAAA,MAA6B,wBAAwB;;AJHrE;AAcA;iBIJgB,4BAAA,aAAyC,aAAa;;;AHpBtE;AACa,iBG6BG,wBAAA,CH7BQ,UAAA,EG6B6B,UH7B7B,CAAA,EG6B0C,UH7B1C;AACxB;AAeA;AAWA;AASgB,iBGIA,sBAAA,CHJuD,YAAU,EGI5B,UHJ4B,CAAA,EGIf,UHJe;AAWjF;AAQA;AAOA;AAOA;;;AAAkE,iBGflD,qBAAA,CHekD,WAAA,EGff,UHee,CAAA,EGfF,UHeE;;AAOlE;;;AAAkE,iBGblD,8BAAA,CHakD,UAAA,EGbP,UHaO,CAAA,EGbM,UHaN;;;;;;AFhFlE;AAUA;;;;;;;;AAiCA;;iBMxBgB,SAAA,aAAsB,qBAAqB,aAAa;;ALNxE;AAcA;;;;ACxBA;AACA;AACA;AAeA;AAWA;AASgB,iBIEA,WAAA,CJFmB,SAAoC,EIG1D,UJHoE,EAAA,SAAA,EIIpE,UJJoE,EAAA,OAAA,EIKtE,UJLsE,CAAA,EAAA,OAAA;;;cKrCpE,sBAAA;;APHb;AAUA;;;;;;AAAiC,iBOGjB,WAAA,CPHiB,eAAA,EOGY,UPHZ,EAAA,OAAA,EOGiC,UPHjC,CAAA,EOG8C,UPH9C;;AAiCjC;;;;AC9BA;AAcA;;iBMDgB,gBAAA,kBACG,qBACR,iBACJ,wBACJ;;AL3BH;AACA;AACA;AAeA;AAWA;AASA;AAWA;AAQA;AAOgB,iBKtBA,sBAAA,CLsB0B,eAAU,EKrBjC,ULqBiC,EAAA,OAAA,EKpBzC,ULoByC,EAAA,OAAA,EKnBzC,ULmByC,CAAA,EKlBjD,ULkBiD;AAOpD;;;;;AAOA;;;AAAkE,iBKblD,aAAA,CLakD,gBAAA,EKZ9C,ULY8C,EAAA,SAAA,EKXrD,ULWqD,EAAA,OAAA,EKVvD,ULUuD,CAAA,EAAA,OAAA;;;cM/ErD,uBAAA;cACA,wBAAA;ARFA,cQGA,sBAAA,GRHuB,EAAA;AAUpC;;;AAesB,iBQjBN,yBAAA,CRiBM,GAAA,EQjByB,qBRiBzB,CAAA,EQjBiD,URiBjD;;;;AAfgB,iBQKtB,8BAAA,CRLsB,UAAA,EQKqB,URLrB,CAAA,EQKkC,URLlC;AAiCtC;;;;AC9BA;AAcA;;;;ACxBA;AACA;AACa,iBM4BG,WAAA,CN5BQ,UAAA,EM4BgB,UN5BhB,EAAA,OAAA,EM4BqC,UN5BrC,CAAA,EM4BkD,UN5BlD;AAexB;AAWA;AASA;AAWA;AAQA;AAOA;AAOA;;;AAAkE,iBMxBlD,aAAA,CNwBkD,SAAA,EMvBrD,UNuBqD,EAAA,OAAA,EMtBvD,UNsBuD,EAAA,SAAA,EMrBrD,UNqBqD,CAAA,EAAA,OAAA;;;;;;AFzElE;AAUA;;;;;AAyB4C,iBS3B5B,MAAA,CT2B4B,QAAA,ES3BX,UT2BW,EAAA,IAAA,ES3BO,UT2BP,EAAA,SAAA,EAAA,MAAA,CAAA,ES3BuC,UT2BvC;;;AAQ5C;;;;AC9BA;AAcA;;;;ACxBa,iBOoBG,SAAA,CPpBO,QAAA,EOqBX,UPrBW,EAAA,IAAA,EOsBf,UPtBe,EAAA,SAAA,EAAA,MAAA,EAAA,IAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,CAAA,EO2BpB,UP3BoB;;;;;;AFHvB;AAUA;;;;AAekC,iBUlBlB,YAAA,CVkBkB,QAAA,EUjBtB,UViBsB,EAAA,IAAA,EUhB1B,UVgB0B,EAAA,SAAA,EAAA,MAAA,CAAA,EUd/B,UVc+B;;;;AAkBlC;;;;AC9BA;AAcA;;;iBSAgB,eAAA,WACJ,kBACJ,yFAKL"}