npm - @bonfida/spl-name-service - Versions diffs - 3.0.19 → 3.0.21 - Mend

@bonfida/spl-name-service 3.0.19 → 3.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (329) hide show

package/dist/esm/node_modules/@noble/curves/esm/abstract/modular.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"modular.js","sources":["../../../../../../../node_modules/@noble/curves/esm/abstract/modular.js"],"sourcesContent":["/*\n Utils for modular division and finite fields.\n * A finite field over 11 is integer number operations `mod 11`.\n * There is no division: it is replaced by modular multiplicative inverse.\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { anumber } from '@noble/hashes/utils';\nimport { bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, validateObject, } from \"./utils.js\";\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = / @__PURE__ / BigInt(2), _3n = / @__PURE__ / BigInt(3);\n// prettier-ignore\nconst _4n = / @__PURE__ / BigInt(4), _5n = / @__PURE__ / BigInt(5), _8n = / @__PURE__ / BigInt(8);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/\n Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * TODO: remove.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n /\nexport function pow(num, power, modulo) {\n return FpPow(Field(modulo), num, power);\n}\n/* Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` /\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res = res;\n res %= modulo;\n }\n return res;\n}\n/*\n Inverses number over modulo.\n * Implemented using [Euclidean GCD](https://brilliant.org/wiki/extended-euclidean-algorithm/).\n /\nexport function invert(number, modulo) {\n if (number === _0n)\n throw new Error('invert: expected non-zero number');\n if (modulo <= _0n)\n throw new Error('invert: expected positive modulus, got ' + modulo);\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\n// Not all roots are possible! Example which will throw:\n// const NUM =\n// n = 72057594037927816n;\n// Fp = Field(BigInt('0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab'));\nfunction sqrt3mod4(Fp, n) {\n const p1div4 = (Fp.ORDER + _1n) / _4n;\n const root = Fp.pow(n, p1div4);\n // Throw if root^2 != n\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n}\nfunction sqrt5mod8(Fp, n) {\n const p5div8 = (Fp.ORDER - _5n) / _8n;\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, p5div8);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n return root;\n}\n// TODO: Commented-out for now. Provide test vectors.\n// Tonelli is too slow for extension fields Fp2.\n// That means we can't use sqrt (c1, c2...) even for initialization constants.\n// if (P % _16n === _9n) return sqrt9mod16;\n// // prettier-ignore\n// function sqrt9mod16<T>(Fp: IField<T>, n: T, p7div16?: bigint) {\n// if (p7div16 === undefined) p7div16 = (Fp.ORDER + BigInt(7)) / _16n;\n// const c1 = Fp.sqrt(Fp.neg(Fp.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n// const c2 = Fp.sqrt(c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n// const c3 = Fp.sqrt(Fp.neg(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n// const c4 = p7div16; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n// let tv1 = Fp.pow(n, c4); // 1. tv1 = x^c4\n// let tv2 = Fp.mul(c1, tv1); // 2. tv2 = c1 * tv1\n// const tv3 = Fp.mul(c2, tv1); // 3. tv3 = c2 * tv1\n// let tv4 = Fp.mul(c3, tv1); // 4. tv4 = c3 * tv1\n// const e1 = Fp.eql(Fp.sqr(tv2), n); // 5. e1 = (tv2^2) == x\n// const e2 = Fp.eql(Fp.sqr(tv3), n); // 6. e2 = (tv3^2) == x\n// tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n// tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n// const e3 = Fp.eql(Fp.sqr(tv2), n); // 9. e3 = (tv2^2) == x\n// return Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select the sqrt from tv1 and tv2\n// }\n/*\n Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n /\nexport function tonelliShanks(P) {\n // Initialization (precomputation).\n if (P < BigInt(3))\n throw new Error('sqrt is not defined for small field');\n // Factor P - 1 = Q 2^S, where Q is odd\n let Q = P - _1n;\n let S = 0;\n while (Q % _2n === _0n) {\n Q /= _2n;\n S++;\n }\n // Find the first quadratic non-residue Z >= 2\n let Z = _2n;\n const _Fp = Field(P);\n while (FpLegendre(_Fp, Z) === 1) {\n // Basic primality test for P. After x iterations, chance of\n // not finding quadratic non-residue is 2^x, so 2^1000.\n if (Z++ > 1000)\n throw new Error('Cannot find square root: probably non-prime P');\n }\n // Fast-path; usually done before Z, but we do \"primality test\".\n if (S === 1)\n return sqrt3mod4;\n // Slow-path\n // TODO: test on Fp2 and others\n let cc = _Fp.pow(Z, Q); // c = z^Q\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n if (Fp.is0(n))\n return n;\n // Check if n is a quadratic residue using Legendre symbol\n if (FpLegendre(Fp, n) !== 1)\n throw new Error('Cannot find square root');\n // Initialize variables for the main loop\n let M = S;\n let c = Fp.mul(Fp.ONE, cc); // c = z^Q, move cc from field _Fp into field Fp\n let t = Fp.pow(n, Q); // t = n^Q, first guess at the fudge factor\n let R = Fp.pow(n, Q1div2); // R = n^((Q+1)/2), first guess at the square root\n // Main loop\n // while t != 1\n while (!Fp.eql(t, Fp.ONE)) {\n if (Fp.is0(t))\n return Fp.ZERO; // if t=0 return R=0\n let i = 1;\n // Find the smallest i >= 1 such that t^(2^i) ≡ 1 (mod P)\n let t_tmp = Fp.sqr(t); // t^(2^1)\n while (!Fp.eql(t_tmp, Fp.ONE)) {\n i++;\n t_tmp = Fp.sqr(t_tmp); // t^(2^2)...\n if (i === M)\n throw new Error('Cannot find square root');\n }\n // Calculate the exponent for b: 2^(M - i - 1)\n const exponent = _1n << BigInt(M - i - 1); // bigint is important\n const b = Fp.pow(c, exponent); // b = 2^(M - i - 1)\n // Update variables\n M = i;\n c = Fp.sqr(b); // c = b^2\n t = Fp.mul(t, c); // t = (t * b^2)\n R = Fp.mul(R, b); // R = Rb\n }\n return R;\n };\n}\n/\n Square root for a finite field. Will try optimized versions first:\n \n 1. P ≡ 3 (mod 4)\n * 2. P ≡ 5 (mod 8)\n * 3. Tonelli-Shanks algorithm\n \n Different algorithms can give different roots, it is up to user to decide which one they want.\n * For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n /\nexport function FpSqrt(P) {\n // P ≡ 3 (mod 4) => √n = n^((P+1)/4)\n if (P % _4n === _3n)\n return sqrt3mod4;\n // P ≡ 5 (mod 8) => Atkin algorithm, page 10 of https://eprint.iacr.org/2012/685.pdf\n if (P % _8n === _5n)\n return sqrt5mod8;\n // P ≡ 9 (mod 16) not implemented, see above\n // Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'isSafeInteger',\n BITS: 'isSafeInteger',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n return validateObject(field, opts);\n}\n// Generic field functions\n/\n Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n /\nexport function FpPow(Fp, num, power) {\n if (power < _0n)\n throw new Error('invalid exponent, negatives unsupported');\n if (power === _0n)\n return Fp.ONE;\n if (power === _1n)\n return num;\n let p = Fp.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = Fp.mul(p, d);\n d = Fp.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/\n Efficiently invert an array of Field elements.\n * Exception-free. Will return `undefined` for 0 elements.\n * @param passZero map 0 to 0 (instead of undefined)\n /\nexport function FpInvertBatch(Fp, nums, passZero = false) {\n const inverted = new Array(nums.length).fill(passZero ? Fp.ZERO : undefined);\n // Walk from first to last, multiply them by each other MOD p\n const multipliedAcc = nums.reduce((acc, num, i) => {\n if (Fp.is0(num))\n return acc;\n inverted[i] = acc;\n return Fp.mul(acc, num);\n }, Fp.ONE);\n // Invert last element\n const invertedAcc = Fp.inv(multipliedAcc);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (Fp.is0(num))\n return acc;\n inverted[i] = Fp.mul(acc, inverted[i]);\n return Fp.mul(acc, num);\n }, invertedAcc);\n return inverted;\n}\n// TODO: remove\nexport function FpDiv(Fp, lhs, rhs) {\n return Fp.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, Fp.ORDER) : Fp.inv(rhs));\n}\n/\n Legendre symbol.\n * Legendre constant is used to calculate Legendre symbol (a \| p)\n * which denotes the value of a^((p-1)/2) (mod p).\n \n * (a \| p) ≡ 1 if a is a square (mod p), quadratic residue\n * * (a \| p) ≡ -1 if a is not a square (mod p), quadratic non residue\n * * (a \| p) ≡ 0 if a ≡ 0 (mod p)\n /\nexport function FpLegendre(Fp, n) {\n // We can use 3rd argument as optional cache of this value\n // but seems unneeded for now. The operation is very fast.\n const p1mod2 = (Fp.ORDER - _1n) / _2n;\n const powered = Fp.pow(n, p1mod2);\n const yes = Fp.eql(powered, Fp.ONE);\n const zero = Fp.eql(powered, Fp.ZERO);\n const no = Fp.eql(powered, Fp.neg(Fp.ONE));\n if (!yes && !zero && !no)\n throw new Error('invalid Legendre symbol result');\n return yes ? 1 : zero ? 0 : -1;\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(Fp, n) {\n const l = FpLegendre(Fp, n);\n return l === 1;\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n if (nBitLength !== undefined)\n anumber(nBitLength);\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/\n Initializes a finite field over prime.\n * Major performance optimizations:\n * * a) denormalized operations like mulN instead of mul\n * * b) same object shape: never add or remove keys\n * * c) Object.freeze\n * Fragile: always run a benchmark on a change.\n * Security note: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you're doing.\n * @param ORDER prime positive bigint\n * @param bitLen how many bits the field consumes\n * @param isLE (def: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n /\nexport function Field(ORDER, bitLen, isLE = false, redef = {}) {\n if (ORDER <= _0n)\n throw new Error('invalid field: expected ORDER > 0, got ' + ORDER);\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);\n if (BYTES > 2048)\n throw new Error('invalid field: expected ORDER of <= 2048 bytes');\n let sqrtP; // cached sqrtP\n const f = Object.freeze({\n ORDER,\n isLE,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error('invalid field element: expected bigint, got ' + typeof num);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: redef.sqrt \|\|\n ((n) => {\n if (!sqrtP)\n sqrtP = FpSqrt(ORDER);\n return sqrtP(f, n);\n }),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes) => {\n if (bytes.length !== BYTES)\n throw new Error('Field.fromBytes: expected ' + BYTES + ' bytes, got ' + bytes.length);\n return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n },\n // TODO: we don't need it here, move out to separate fn\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // We can't move this out because Fp6, Fp12 implement it\n // and it's unclear what to return in there.\n cmov: (a, b, c) => (c ? b : a),\n });\n return Object.freeze(f);\n}\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(\"Field doesn't have isOdd\");\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(\"Field doesn't have isOdd\");\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/*\n \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use `mapKeyToField` instead\n /\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 \|\| hashLen < minLen \|\| hashLen > 1024)\n throw new Error('hashToPrivateScalar: expected ' + minLen + '-1024 bytes of input, got ' + hashLen);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/\n Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n /\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/\n Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n /\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/\n \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 \|\| len < minLen \|\| len > 1024)\n throw new Error('expected ' + minLen + '-1024 bytes of input, got ' + len);\n const num = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map"],"names":["_0n","BigInt","_1n","_2n","_3n","_4n","_5n","_8n","mod","a","b","result","pow2","x","power","modulo","res","invert","number","Error","u","r","m","sqrt3mod4","Fp","n","p1div4","ORDER","root","pow","eql","sqr","sqrt5mod8","p5div8","n2","mul","v","nv","i","sub","ONE","tonelliShanks","P","Q","S","Z","_Fp","Field","FpLegendre","cc","Q1div2","is0","M","c","t","R","ZERO","t_tmp","exponent","FpSqrt","isNegativeLE","num","FIELD_FIELDS","validateField","field","opts","reduce","map","val","MASK","BYTES","BITS","validateObject","FpPow","p","d","FpInvertBatch","nums","passZero","inverted","Array","length","fill","undefined","multipliedAcc","acc","invertedAcc","inv","reduceRight","p1mod2","powered","yes","zero","no","neg","nLength","nBitLength","anumber","_nBitLength","toString","nByteLength","Math","ceil","bitLen","isLE","redef","sqrtP","f","Object","freeze","bitMask","create","isValid","isOdd","lhs","rhs","add","div","sqrN","addN","subN","mulN","sqrt","toBytes","numberToBytesLE","numberToBytesBE","fromBytes","bytes","bytesToNumberLE","bytesToNumberBE","invertBatch","lst","cmov"],"mappings":";;AAmBA,MAAMA,EAAMC,OAAO,GAAIC,EAAMD,OAAO,GAAIE,EAAsBF,OAAO,GAAIG,EAAsBH,OAAO,GAEhGI,EAAsBJ,OAAO,GAAIK,EAAsBL,OAAO,GAAIM,EAAsBN,OAAO,GAG/F,SAAUO,EAAIC,EAAWC,GAC7B,MAAMC,EAASF,EAAIC,EACnB,OAAOC,GAAUX,EAAMW,EAASD,EAAIC,CACtC,CAaM,SAAUC,EAAKC,EAAWC,EAAeC,GAC7C,IAAIC,EAAMH,EACV,KAAOC,KAAUd,GACfgB,GAAOA,EACPA,GAAOD,EAET,OAAOC,CACT,CAMM,SAAUC,EAAOC,EAAgBH,GACrC,GAAIG,IAAWlB,EAAK,MAAM,IAAImB,MAAM,oCACpC,GAAIJ,GAAUf,EAAK,MAAM,IAAImB,MAAM,0CAA4CJ,GAE/E,IAAIN,EAAID,EAAIU,EAAQH,GAChBL,EAAIK,EAEJF,EAAIb,EAAcoB,EAAIlB,EAC1B,KAAOO,IAAMT,GAAK,CAEhB,MACMqB,EAAIX,EAAID,EACRa,EAAIT,EAAIO,GAFJV,EAAID,GAKdC,EAAID,EAAGA,EAAIY,EAAGR,EAAIO,EAAUA,EAAIE,CAClC,CAEA,GADYZ,IACAR,EAAK,MAAM,IAAIiB,MAAM,0BACjC,OAAOX,EAAIK,EAAGE,EAChB,CAMA,SAASQ,EAAaC,EAAeC,GACnC,MAAMC,GAAUF,EAAGG,MAAQzB,GAAOG,EAC5BuB,EAAOJ,EAAGK,IAAIJ,EAAGC,GAEvB,IAAKF,EAAGM,IAAIN,EAAGO,IAAIH,GAAOH,GAAI,MAAM,IAAIN,MAAM,2BAC9C,OAAOS,CACT,CAEA,SAASI,EAAaR,EAAeC,GACnC,MAAMQ,GAAUT,EAAGG,MAAQrB,GAAOC,EAC5B2B,EAAKV,EAAGW,IAAIV,EAAGtB,GACfiC,EAAIZ,EAAGK,IAAIK,EAAID,GACfI,EAAKb,EAAGW,IAAIV,EAAGW,GACfE,EAAId,EAAGW,IAAIX,EAAGW,IAAIE,EAAIlC,GAAMiC,GAC5BR,EAAOJ,EAAGW,IAAIE,EAAIb,EAAGe,IAAID,EAAGd,EAAGgB,MACrC,IAAKhB,EAAGM,IAAIN,EAAGO,IAAIH,GAAOH,GAAI,MAAM,IAAIN,MAAM,2BAC9C,OAAOS,CACT,CAgCM,SAAUa,EAAcC,GAE5B,GAAIA,EAAIzC,OAAO,GAAI,MAAM,IAAIkB,MAAM,uCAEnC,IAAIwB,EAAID,EAAIxC,EACR0C,EAAI,EACR,KAAOD,EAAIxC,IAAQH,GACjB2C,GAAKxC,EACLyC,IAIF,IAAIC,EAAI1C,EACR,MAAM2C,EAAMC,EAAML,GAClB,KAA8B,IAAvBM,EAAWF,EAAKD,IAGrB,GAAIA,IAAM,IAAM,MAAM,IAAI1B,MAAM,iDAGlC,GAAU,IAANyB,EAAS,OAAOrB,EAIpB,IAAI0B,EAAKH,EAAIjB,IAAIgB,EAAGF,GACpB,MAAMO,GAAUP,EAAIzC,GAAOC,EAC3B,OAAO,SAAwBqB,EAAeC,GAC5C,GAAID,EAAG2B,IAAI1B,GAAI,OAAOA,EAEtB,GAA0B,IAAtBuB,EAAWxB,EAAIC,GAAU,MAAM,IAAIN,MAAM,2BAG7C,IAAIiC,EAAIR,EACJS,EAAI7B,EAAGW,IAAIX,EAAGgB,IAAKS,GACnBK,EAAI9B,EAAGK,IAAIJ,EAAGkB,GACdY,EAAI/B,EAAGK,IAAIJ,EAAGyB,GAIlB,MAAQ1B,EAAGM,IAAIwB,EAAG9B,EAAGgB,MAAM,CACzB,GAAIhB,EAAG2B,IAAIG,GAAI,OAAO9B,EAAGgC,KACzB,IAAIlB,EAAI,EAGJmB,EAAQjC,EAAGO,IAAIuB,GACnB,MAAQ9B,EAAGM,IAAI2B,EAAOjC,EAAGgB,MAGvB,GAFAF,IACAmB,EAAQjC,EAAGO,IAAI0B,GACXnB,IAAMc,EAAG,MAAM,IAAIjC,MAAM,2BAI/B,MAAMuC,EAAWxD,GAAOD,OAAOmD,EAAId,EAAI,GACjC5B,EAAIc,EAAGK,IAAIwB,EAAGK,GAGpBN,EAAId,EACJe,EAAI7B,EAAGO,IAAIrB,GACX4C,EAAI9B,EAAGW,IAAImB,EAAGD,GACdE,EAAI/B,EAAGW,IAAIoB,EAAG7C,EAChB,CACA,OAAO6C,CACR,CACH,CAYM,SAAUI,EAAOjB,GAErB,OAAIA,EAAIrC,IAAQD,EAAYmB,EAExBmB,EAAInC,IAAQD,EAAY0B,EAGrBS,EAAcC,EACvB,OAGakB,EAAeA,CAACC,EAAa9C,KACvCP,EAAIqD,EAAK9C,GAAUb,KAASA,EA6CzB4D,EAAe,CACnB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAEpB,SAAUC,EAAiBC,GAC/B,MAMMC,EAAOH,EAAaI,QAAO,CAACC,EAAKC,KACrCD,EAAIC,GAAO,WACJD,IARO,CACdxC,MAAO,SACP0C,KAAM,SACNC,MAAO,gBACPC,KAAM,kBAMR,OAAOC,EAAeR,EAAOC,EAC/B,CAQM,SAAUQ,EAASjD,EAAeqC,EAAQ/C,GAC9C,GAAIA,EAAQd,EAAK,MAAM,IAAImB,MAAM,2CACjC,GAAIL,IAAUd,EAAK,OAAOwB,EAAGgB,IAC7B,GAAI1B,IAAUZ,EAAK,OAAO2D,EAC1B,IAAIa,EAAIlD,EAAGgB,IACPmC,EAAId,EACR,KAAO/C,EAAQd,GACTc,EAAQZ,IAAKwE,EAAIlD,EAAGW,IAAIuC,EAAGC,IAC/BA,EAAInD,EAAGO,IAAI4C,GACX7D,IAAUZ,EAEZ,OAAOwE,CACT,CAOM,SAAUE,EAAiBpD,EAAeqD,EAAWC,GAAW,GACpE,MAAMC,EAAW,IAAIC,MAAMH,EAAKI,QAAQC,KAAKJ,EAAWtD,EAAGgC,UAAO2B,GAE5DC,EAAgBP,EAAKX,QAAO,CAACmB,EAAKxB,EAAKvB,IACvCd,EAAG2B,IAAIU,GAAawB,GACxBN,EAASzC,GAAK+C,EACP7D,EAAGW,IAAIkD,EAAKxB,KAClBrC,EAAGgB,KAEA8C,EAAc9D,EAAG+D,IAAIH,GAO3B,OALAP,EAAKW,aAAY,CAACH,EAAKxB,EAAKvB,IACtBd,EAAG2B,IAAIU,GAAawB,GACxBN,EAASzC,GAAKd,EAAGW,IAAIkD,EAAKN,EAASzC,IAC5Bd,EAAGW,IAAIkD,EAAKxB,KAClByB,GACIP,CACT,CAgBM,SAAU/B,EAAcxB,EAAeC,GAG3C,MAAMgE,GAAUjE,EAAGG,MAAQzB,GAAOC,EAC5BuF,EAAUlE,EAAGK,IAAIJ,EAAGgE,GACpBE,EAAMnE,EAAGM,IAAI4D,EAASlE,EAAGgB,KACzBoD,EAAOpE,EAAGM,IAAI4D,EAASlE,EAAGgC,MAC1BqC,EAAKrE,EAAGM,IAAI4D,EAASlE,EAAGsE,IAAItE,EAAGgB,MACrC,IAAKmD,IAAQC,IAASC,EAAI,MAAM,IAAI1E,MAAM,kCAC1C,OAAOwE,EAAM,EAAIC,EAAO,GAAM,CAChC,CASM,SAAUG,EACdtE,EACAuE,QAMmBb,IAAfa,GAA0BC,EAAQD,GACtC,MAAME,OAA6Bf,IAAfa,EAA2BA,EAAavE,EAAE0E,SAAS,GAAGlB,OAE1E,MAAO,CAAEe,WAAYE,EAAaE,YADdC,KAAKC,KAAKJ,EAAc,GAE9C,CAkBM,SAAUnD,EACdpB,EACA4E,EACAC,GAAO,EACPC,EAAiC,IAEjC,GAAI9E,GAAS3B,EAAK,MAAM,IAAImB,MAAM,0CAA4CQ,GAC9E,MAAQqE,WAAYzB,EAAM6B,YAAa9B,GAAUyB,EAAQpE,EAAO4E,GAChE,GAAIjC,EAAQ,KAAM,MAAM,IAAInD,MAAM,kDAClC,IAAIuF,EACJ,MAAMC,EAAuBC,OAAOC,OAAO,CACzClF,QACA6E,OACAjC,OACAD,QACAD,KAAMyC,EAAQvC,GACdf,KAAMxD,EACNwC,IAAKtC,EACL6G,OAASlD,GAAQrD,EAAIqD,EAAKlC,GAC1BqF,QAAUnD,IACR,GAAmB,iBAARA,EACT,MAAM,IAAI1C,MAAM,sDAAwD0C,GAC1E,OAAO7D,GAAO6D,GAAOA,EAAMlC,CAAK,EAElCwB,IAAMU,GAAQA,IAAQ7D,EACtBiH,MAAQpD,IAASA,EAAM3D,KAASA,EAChC4F,IAAMjC,GAAQrD,GAAKqD,EAAKlC,GACxBG,IAAKA,CAACoF,EAAKC,IAAQD,IAAQC,EAE3BpF,IAAM8B,GAAQrD,EAAIqD,EAAMA,EAAKlC,GAC7ByF,IAAKA,CAACF,EAAKC,IAAQ3G,EAAI0G,EAAMC,EAAKxF,GAClCY,IAAKA,CAAC2E,EAAKC,IAAQ3G,EAAI0G,EAAMC,EAAKxF,GAClCQ,IAAKA,CAAC+E,EAAKC,IAAQ3G,EAAI0G,EAAMC,EAAKxF,GAClCE,IAAKA,CAACgC,EAAK/C,IAAU2D,EAAMkC,EAAG9C,EAAK/C,GACnCuG,IAAKA,CAACH,EAAKC,IAAQ3G,EAAI0G,EAAMjG,EAAOkG,EAAKxF,GAAQA,GAGjD2F,KAAOzD,GAAQA,EAAMA,EACrB0D,KAAMA,CAACL,EAAKC,IAAQD,EAAMC,EAC1BK,KAAMA,CAACN,EAAKC,IAAQD,EAAMC,EAC1BM,KAAMA,CAACP,EAAKC,IAAQD,EAAMC,EAE1B5B,IAAM1B,GAAQ5C,EAAO4C,EAAKlC,GAC1B+F,KACEjB,EAAMiB,MAAI,CACRjG,IACKiF,IAAOA,EAAQ/C,EAAOhC,IACpB+E,EAAMC,EAAGlF,KAEpBkG,QAAU9D,GAAS2C,EAAOoB,EAAgB/D,EAAKS,GAASuD,EAAgBhE,EAAKS,GAC7EwD,UAAYC,IACV,GAAIA,EAAM9C,SAAWX,EACnB,MAAM,IAAInD,MAAM,6BAA+BmD,EAAQ,eAAiByD,EAAM9C,QAChF,OAAOuB,EAAOwB,EAAgBD,GAASE,EAAgBF,EAAM,EAG/DG,YAAcC,GAAQvD,EAAc+B,EAAGwB,GAGvCC,KAAMA,CAAC3H,EAAGC,EAAG2C,IAAOA,EAAI3C,EAAID,IAE9B,OAAOmG,OAAOC,OAAOF,EACvB","x_google_ignoreList":[0]}
1	+ {"version":3,"file":"modular.js","sources":["../../../../../../../node_modules/@noble/curves/esm/abstract/modular.js"],"sourcesContent":["/*\n Utils for modular division and fields.\n * Field over 11 is a finite (Galois) field is integer number operations `mod 11`.\n * There is no division: it is replaced by modular multiplicative inverse.\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { _validateObject, anumber, bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, } from \"../utils.js\";\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = / @__PURE__ / BigInt(2), _3n = / @__PURE__ / BigInt(3);\n// prettier-ignore\nconst _4n = / @__PURE__ / BigInt(4), _5n = / @__PURE__ / BigInt(5), _7n = / @__PURE__ / BigInt(7);\n// prettier-ignore\nconst _8n = / @__PURE__ / BigInt(8), _9n = / @__PURE__ / BigInt(9), _16n = / @__PURE__ / BigInt(16);\n// Calculates a modulo b\nexport function mod(a, b) {\n const result = a % b;\n return result >= _0n ? result : b + result;\n}\n/\n Efficiently raise num to power and do modular division.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n * @example\n * pow(2n, 6n, 11n) // 64n % 11n == 9n\n /\nexport function pow(num, power, modulo) {\n return FpPow(Field(modulo), num, power);\n}\n/* Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` /\nexport function pow2(x, power, modulo) {\n let res = x;\n while (power-- > _0n) {\n res = res;\n res %= modulo;\n }\n return res;\n}\n/*\n Inverses number over modulo.\n * Implemented using [Euclidean GCD](https://brilliant.org/wiki/extended-euclidean-algorithm/).\n /\nexport function invert(number, modulo) {\n if (number === _0n)\n throw new Error('invert: expected non-zero number');\n if (modulo <= _0n)\n throw new Error('invert: expected positive modulus, got ' + modulo);\n // Fermat's little theorem \"CT-like\" version inv(n) = n^(m-2) mod m is 30x slower.\n let a = mod(number, modulo);\n let b = modulo;\n // prettier-ignore\n let x = _0n, y = _1n, u = _1n, v = _0n;\n while (a !== _0n) {\n // JIT applies optimization if those two lines follow each other\n const q = b / a;\n const r = b % a;\n const m = x - u q;\n const n = y - v * q;\n // prettier-ignore\n b = a, a = r, x = u, y = v, u = m, v = n;\n }\n const gcd = b;\n if (gcd !== _1n)\n throw new Error('invert: does not exist');\n return mod(x, modulo);\n}\nfunction assertIsSquare(Fp, root, n) {\n if (!Fp.eql(Fp.sqr(root), n))\n throw new Error('Cannot find square root');\n}\n// Not all roots are possible! Example which will throw:\n// const NUM =\n// n = 72057594037927816n;\n// Fp = Field(BigInt('0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab'));\nfunction sqrt3mod4(Fp, n) {\n const p1div4 = (Fp.ORDER + _1n) / _4n;\n const root = Fp.pow(n, p1div4);\n assertIsSquare(Fp, root, n);\n return root;\n}\nfunction sqrt5mod8(Fp, n) {\n const p5div8 = (Fp.ORDER - _5n) / _8n;\n const n2 = Fp.mul(n, _2n);\n const v = Fp.pow(n2, p5div8);\n const nv = Fp.mul(n, v);\n const i = Fp.mul(Fp.mul(nv, _2n), v);\n const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));\n assertIsSquare(Fp, root, n);\n return root;\n}\n// Based on RFC9380, Kong algorithm\n// prettier-ignore\nfunction sqrt9mod16(P) {\n const Fp_ = Field(P);\n const tn = tonelliShanks(P);\n const c1 = tn(Fp_, Fp_.neg(Fp_.ONE)); // 1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F\n const c2 = tn(Fp_, c1); // 2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F\n const c3 = tn(Fp_, Fp_.neg(c1)); // 3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F\n const c4 = (P + _7n) / _16n; // 4. c4 = (q + 7) / 16 # Integer arithmetic\n return (Fp, n) => {\n let tv1 = Fp.pow(n, c4); // 1. tv1 = x^c4\n let tv2 = Fp.mul(tv1, c1); // 2. tv2 = c1 * tv1\n const tv3 = Fp.mul(tv1, c2); // 3. tv3 = c2 * tv1\n const tv4 = Fp.mul(tv1, c3); // 4. tv4 = c3 * tv1\n const e1 = Fp.eql(Fp.sqr(tv2), n); // 5. e1 = (tv2^2) == x\n const e2 = Fp.eql(Fp.sqr(tv3), n); // 6. e2 = (tv3^2) == x\n tv1 = Fp.cmov(tv1, tv2, e1); // 7. tv1 = CMOV(tv1, tv2, e1) # Select tv2 if (tv2^2) == x\n tv2 = Fp.cmov(tv4, tv3, e2); // 8. tv2 = CMOV(tv4, tv3, e2) # Select tv3 if (tv3^2) == x\n const e3 = Fp.eql(Fp.sqr(tv2), n); // 9. e3 = (tv2^2) == x\n const root = Fp.cmov(tv1, tv2, e3); // 10. z = CMOV(tv1, tv2, e3) # Select sqrt from tv1 & tv2\n assertIsSquare(Fp, root, n);\n return root;\n };\n}\n/*\n Tonelli-Shanks square root search algorithm.\n * 1. https://eprint.iacr.org/2012/685.pdf (page 12)\n * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks\n * @param P field order\n * @returns function that takes field Fp (created from P) and number n\n /\nexport function tonelliShanks(P) {\n // Initialization (precomputation).\n // Caching initialization could boost perf by 7%.\n if (P < _3n)\n throw new Error('sqrt is not defined for small field');\n // Factor P - 1 = Q 2^S, where Q is odd\n let Q = P - _1n;\n let S = 0;\n while (Q % _2n === _0n) {\n Q /= _2n;\n S++;\n }\n // Find the first quadratic non-residue Z >= 2\n let Z = _2n;\n const _Fp = Field(P);\n while (FpLegendre(_Fp, Z) === 1) {\n // Basic primality test for P. After x iterations, chance of\n // not finding quadratic non-residue is 2^x, so 2^1000.\n if (Z++ > 1000)\n throw new Error('Cannot find square root: probably non-prime P');\n }\n // Fast-path; usually done before Z, but we do \"primality test\".\n if (S === 1)\n return sqrt3mod4;\n // Slow-path\n // TODO: test on Fp2 and others\n let cc = _Fp.pow(Z, Q); // c = z^Q\n const Q1div2 = (Q + _1n) / _2n;\n return function tonelliSlow(Fp, n) {\n if (Fp.is0(n))\n return n;\n // Check if n is a quadratic residue using Legendre symbol\n if (FpLegendre(Fp, n) !== 1)\n throw new Error('Cannot find square root');\n // Initialize variables for the main loop\n let M = S;\n let c = Fp.mul(Fp.ONE, cc); // c = z^Q, move cc from field _Fp into field Fp\n let t = Fp.pow(n, Q); // t = n^Q, first guess at the fudge factor\n let R = Fp.pow(n, Q1div2); // R = n^((Q+1)/2), first guess at the square root\n // Main loop\n // while t != 1\n while (!Fp.eql(t, Fp.ONE)) {\n if (Fp.is0(t))\n return Fp.ZERO; // if t=0 return R=0\n let i = 1;\n // Find the smallest i >= 1 such that t^(2^i) ≡ 1 (mod P)\n let t_tmp = Fp.sqr(t); // t^(2^1)\n while (!Fp.eql(t_tmp, Fp.ONE)) {\n i++;\n t_tmp = Fp.sqr(t_tmp); // t^(2^2)...\n if (i === M)\n throw new Error('Cannot find square root');\n }\n // Calculate the exponent for b: 2^(M - i - 1)\n const exponent = _1n << BigInt(M - i - 1); // bigint is important\n const b = Fp.pow(c, exponent); // b = 2^(M - i - 1)\n // Update variables\n M = i;\n c = Fp.sqr(b); // c = b^2\n t = Fp.mul(t, c); // t = (t * b^2)\n R = Fp.mul(R, b); // R = Rb\n }\n return R;\n };\n}\n/\n Square root for a finite field. Will try optimized versions first:\n \n 1. P ≡ 3 (mod 4)\n * 2. P ≡ 5 (mod 8)\n * 3. P ≡ 9 (mod 16)\n * 4. Tonelli-Shanks algorithm\n \n Different algorithms can give different roots, it is up to user to decide which one they want.\n * For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).\n /\nexport function FpSqrt(P) {\n // P ≡ 3 (mod 4) => √n = n^((P+1)/4)\n if (P % _4n === _3n)\n return sqrt3mod4;\n // P ≡ 5 (mod 8) => Atkin algorithm, page 10 of https://eprint.iacr.org/2012/685.pdf\n if (P % _8n === _5n)\n return sqrt5mod8;\n // P ≡ 9 (mod 16) => Kong algorithm, page 11 of https://eprint.iacr.org/2012/685.pdf (algorithm 4)\n if (P % _16n === _9n)\n return sqrt9mod16(P);\n // Tonelli-Shanks algorithm\n return tonelliShanks(P);\n}\n// Little-endian check for first LE bit (last BE bit);\nexport const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;\n// prettier-ignore\nconst FIELD_FIELDS = [\n 'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',\n 'eql', 'add', 'sub', 'mul', 'pow', 'div',\n 'addN', 'subN', 'mulN', 'sqrN'\n];\nexport function validateField(field) {\n const initial = {\n ORDER: 'bigint',\n MASK: 'bigint',\n BYTES: 'number',\n BITS: 'number',\n };\n const opts = FIELD_FIELDS.reduce((map, val) => {\n map[val] = 'function';\n return map;\n }, initial);\n _validateObject(field, opts);\n // const max = 16384;\n // if (field.BYTES < 1 \|\| field.BYTES > max) throw new Error('invalid field');\n // if (field.BITS < 1 \|\| field.BITS > 8 max) throw new Error('invalid field');\n return field;\n}\n// Generic field functions\n/*\n Same as `pow` but for Fp: non-constant-time.\n * Unsafe in some contexts: uses ladder, so can expose bigint bits.\n /\nexport function FpPow(Fp, num, power) {\n if (power < _0n)\n throw new Error('invalid exponent, negatives unsupported');\n if (power === _0n)\n return Fp.ONE;\n if (power === _1n)\n return num;\n let p = Fp.ONE;\n let d = num;\n while (power > _0n) {\n if (power & _1n)\n p = Fp.mul(p, d);\n d = Fp.sqr(d);\n power >>= _1n;\n }\n return p;\n}\n/\n Efficiently invert an array of Field elements.\n * Exception-free. Will return `undefined` for 0 elements.\n * @param passZero map 0 to 0 (instead of undefined)\n /\nexport function FpInvertBatch(Fp, nums, passZero = false) {\n const inverted = new Array(nums.length).fill(passZero ? Fp.ZERO : undefined);\n // Walk from first to last, multiply them by each other MOD p\n const multipliedAcc = nums.reduce((acc, num, i) => {\n if (Fp.is0(num))\n return acc;\n inverted[i] = acc;\n return Fp.mul(acc, num);\n }, Fp.ONE);\n // Invert last element\n const invertedAcc = Fp.inv(multipliedAcc);\n // Walk from last to first, multiply them by inverted each other MOD p\n nums.reduceRight((acc, num, i) => {\n if (Fp.is0(num))\n return acc;\n inverted[i] = Fp.mul(acc, inverted[i]);\n return Fp.mul(acc, num);\n }, invertedAcc);\n return inverted;\n}\n// TODO: remove\nexport function FpDiv(Fp, lhs, rhs) {\n return Fp.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, Fp.ORDER) : Fp.inv(rhs));\n}\n/\n Legendre symbol.\n * Legendre constant is used to calculate Legendre symbol (a \| p)\n * which denotes the value of a^((p-1)/2) (mod p).\n \n * (a \| p) ≡ 1 if a is a square (mod p), quadratic residue\n * * (a \| p) ≡ -1 if a is not a square (mod p), quadratic non residue\n * * (a \| p) ≡ 0 if a ≡ 0 (mod p)\n /\nexport function FpLegendre(Fp, n) {\n // We can use 3rd argument as optional cache of this value\n // but seems unneeded for now. The operation is very fast.\n const p1mod2 = (Fp.ORDER - _1n) / _2n;\n const powered = Fp.pow(n, p1mod2);\n const yes = Fp.eql(powered, Fp.ONE);\n const zero = Fp.eql(powered, Fp.ZERO);\n const no = Fp.eql(powered, Fp.neg(Fp.ONE));\n if (!yes && !zero && !no)\n throw new Error('invalid Legendre symbol result');\n return yes ? 1 : zero ? 0 : -1;\n}\n// This function returns True whenever the value x is a square in the field F.\nexport function FpIsSquare(Fp, n) {\n const l = FpLegendre(Fp, n);\n return l === 1;\n}\n// CURVE.n lengths\nexport function nLength(n, nBitLength) {\n // Bit size, byte size of CURVE.n\n if (nBitLength !== undefined)\n anumber(nBitLength);\n const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;\n const nByteLength = Math.ceil(_nBitLength / 8);\n return { nBitLength: _nBitLength, nByteLength };\n}\n/\n Creates a finite field. Major performance optimizations:\n * * 1. Denormalized operations like mulN instead of mul.\n * * 2. Identical object shape: never add or remove keys.\n * * 3. `Object.freeze`.\n * Fragile: always run a benchmark on a change.\n * Security note: operations don't check 'isValid' for all elements for performance reasons,\n * it is caller responsibility to check this.\n * This is low-level code, please make sure you know what you're doing.\n \n Note about field properties:\n * * CHARACTERISTIC p = prime number, number of elements in main subgroup.\n * * ORDER q = similar to cofactor in curves, may be composite `q = p^m`.\n \n @param ORDER field order, probably prime, or could be composite\n * @param bitLen how many bits the field consumes\n * @param isLE (default: false) if encoding / decoding should be in little-endian\n * @param redef optional faster redefinitions of sqrt and other methods\n /\nexport function Field(ORDER, bitLenOrOpts, // TODO: use opts only in v2?\nisLE = false, opts = {}) {\n if (ORDER <= _0n)\n throw new Error('invalid field: expected ORDER > 0, got ' + ORDER);\n let _nbitLength = undefined;\n let _sqrt = undefined;\n let modFromBytes = false;\n let allowedLengths = undefined;\n if (typeof bitLenOrOpts === 'object' && bitLenOrOpts != null) {\n if (opts.sqrt \|\| isLE)\n throw new Error('cannot specify opts in two arguments');\n const _opts = bitLenOrOpts;\n if (_opts.BITS)\n _nbitLength = _opts.BITS;\n if (_opts.sqrt)\n _sqrt = _opts.sqrt;\n if (typeof _opts.isLE === 'boolean')\n isLE = _opts.isLE;\n if (typeof _opts.modFromBytes === 'boolean')\n modFromBytes = _opts.modFromBytes;\n allowedLengths = _opts.allowedLengths;\n }\n else {\n if (typeof bitLenOrOpts === 'number')\n _nbitLength = bitLenOrOpts;\n if (opts.sqrt)\n _sqrt = opts.sqrt;\n }\n const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, _nbitLength);\n if (BYTES > 2048)\n throw new Error('invalid field: expected ORDER of <= 2048 bytes');\n let sqrtP; // cached sqrtP\n const f = Object.freeze({\n ORDER,\n isLE,\n BITS,\n BYTES,\n MASK: bitMask(BITS),\n ZERO: _0n,\n ONE: _1n,\n allowedLengths: allowedLengths,\n create: (num) => mod(num, ORDER),\n isValid: (num) => {\n if (typeof num !== 'bigint')\n throw new Error('invalid field element: expected bigint, got ' + typeof num);\n return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible\n },\n is0: (num) => num === _0n,\n // is valid and invertible\n isValidNot0: (num) => !f.is0(num) && f.isValid(num),\n isOdd: (num) => (num & _1n) === _1n,\n neg: (num) => mod(-num, ORDER),\n eql: (lhs, rhs) => lhs === rhs,\n sqr: (num) => mod(num num, ORDER),\n add: (lhs, rhs) => mod(lhs + rhs, ORDER),\n sub: (lhs, rhs) => mod(lhs - rhs, ORDER),\n mul: (lhs, rhs) => mod(lhs * rhs, ORDER),\n pow: (num, power) => FpPow(f, num, power),\n div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),\n // Same as above, but doesn't normalize\n sqrN: (num) => num * num,\n addN: (lhs, rhs) => lhs + rhs,\n subN: (lhs, rhs) => lhs - rhs,\n mulN: (lhs, rhs) => lhs * rhs,\n inv: (num) => invert(num, ORDER),\n sqrt: _sqrt \|\|\n ((n) => {\n if (!sqrtP)\n sqrtP = FpSqrt(ORDER);\n return sqrtP(f, n);\n }),\n toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),\n fromBytes: (bytes, skipValidation = true) => {\n if (allowedLengths) {\n if (!allowedLengths.includes(bytes.length) \|\| bytes.length > BYTES) {\n throw new Error('Field.fromBytes: expected ' + allowedLengths + ' bytes, got ' + bytes.length);\n }\n const padded = new Uint8Array(BYTES);\n // isLE add 0 to right, !isLE to the left.\n padded.set(bytes, isLE ? 0 : padded.length - bytes.length);\n bytes = padded;\n }\n if (bytes.length !== BYTES)\n throw new Error('Field.fromBytes: expected ' + BYTES + ' bytes, got ' + bytes.length);\n let scalar = isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n if (modFromBytes)\n scalar = mod(scalar, ORDER);\n if (!skipValidation)\n if (!f.isValid(scalar))\n throw new Error('invalid field element: outside of range 0..ORDER');\n // NOTE: we don't validate scalar here, please use isValid. This done such way because some\n // protocol may allow non-reduced scalar that reduced later or changed some other way.\n return scalar;\n },\n // TODO: we don't need it here, move out to separate fn\n invertBatch: (lst) => FpInvertBatch(f, lst),\n // We can't move this out because Fp6, Fp12 implement it\n // and it's unclear what to return in there.\n cmov: (a, b, c) => (c ? b : a),\n });\n return Object.freeze(f);\n}\n// Generic random scalar, we can do same for other fields if via Fp2.mul(Fp2.ONE, Fp2.random)?\n// This allows unsafe methods like ignore bias or zero. These unsafe, but often used in different protocols (if deterministic RNG).\n// which mean we cannot force this via opts.\n// Not sure what to do with randomBytes, we can accept it inside opts if wanted.\n// Probably need to export getMinHashLength somewhere?\n// random(bytes?: Uint8Array, unsafeAllowZero = false, unsafeAllowBias = false) {\n// const LEN = !unsafeAllowBias ? getMinHashLength(ORDER) : BYTES;\n// if (bytes === undefined) bytes = randomBytes(LEN); // _opts.randomBytes?\n// const num = isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);\n// // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n// const reduced = unsafeAllowZero ? mod(num, ORDER) : mod(num, ORDER - _1n) + _1n;\n// return reduced;\n// },\nexport function FpSqrtOdd(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(\"Field doesn't have isOdd\");\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? root : Fp.neg(root);\n}\nexport function FpSqrtEven(Fp, elm) {\n if (!Fp.isOdd)\n throw new Error(\"Field doesn't have isOdd\");\n const root = Fp.sqrt(elm);\n return Fp.isOdd(root) ? Fp.neg(root) : root;\n}\n/*\n \"Constant-time\" private key generation utility.\n * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).\n * Which makes it slightly more biased, less secure.\n * @deprecated use `mapKeyToField` instead\n /\nexport function hashToPrivateScalar(hash, groupOrder, isLE = false) {\n hash = ensureBytes('privateHash', hash);\n const hashLen = hash.length;\n const minLen = nLength(groupOrder).nByteLength + 8;\n if (minLen < 24 \|\| hashLen < minLen \|\| hashLen > 1024)\n throw new Error('hashToPrivateScalar: expected ' + minLen + '-1024 bytes of input, got ' + hashLen);\n const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);\n return mod(num, groupOrder - _1n) + _1n;\n}\n/\n Returns total number of bytes consumed by the field element.\n * For example, 32 bytes for usual 256-bit weierstrass curve.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of field\n /\nexport function getFieldBytesLength(fieldOrder) {\n if (typeof fieldOrder !== 'bigint')\n throw new Error('field order must be bigint');\n const bitLength = fieldOrder.toString(2).length;\n return Math.ceil(bitLength / 8);\n}\n/\n Returns minimal amount of bytes that can be safely reduced\n * by field order.\n * Should be 2^-128 for 128-bit curve such as P256.\n * @param fieldOrder number of field elements, usually CURVE.n\n * @returns byte length of target hash\n /\nexport function getMinHashLength(fieldOrder) {\n const length = getFieldBytesLength(fieldOrder);\n return length + Math.ceil(length / 2);\n}\n/\n \"Constant-time\" private key generation utility.\n * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF\n * and convert them into private scalar, with the modulo bias being negligible.\n * Needs at least 48 bytes of input for 32-byte private key.\n * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/\n * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final\n * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5\n * @param hash hash output from SHA3 or a similar function\n * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)\n * @param isLE interpret hash bytes as LE num\n * @returns valid private scalar\n */\nexport function mapHashToField(key, fieldOrder, isLE = false) {\n const len = key.length;\n const fieldLen = getFieldBytesLength(fieldOrder);\n const minLen = getMinHashLength(fieldOrder);\n // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.\n if (len < 16 \|\| len < minLen \|\| len > 1024)\n throw new Error('expected ' + minLen + '-1024 bytes of input, got ' + len);\n const num = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);\n // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0\n const reduced = mod(num, fieldOrder - _1n) + _1n;\n return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);\n}\n//# sourceMappingURL=modular.js.map"],"names":["_0n","BigInt","_1n","_2n","_3n","_4n","_5n","_7n","_8n","_9n","_16n","mod","a","b","result","pow2","x","power","modulo","res","invert","number","Error","u","r","m","assertIsSquare","Fp","root","n","eql","sqr","sqrt3mod4","p1div4","ORDER","pow","sqrt5mod8","p5div8","n2","mul","v","nv","i","sub","ONE","tonelliShanks","P","Q","S","Z","_Fp","Field","FpLegendre","cc","Q1div2","is0","M","c","t","R","ZERO","t_tmp","exponent","FpSqrt","Fp_","tn","c1","neg","c2","c3","c4","tv1","tv2","tv3","tv4","e1","e2","cmov","e3","sqrt9mod16","isNegativeLE","num","FIELD_FIELDS","validateField","field","opts","reduce","map","val","MASK","BYTES","BITS","_validateObject","FpPow","p","d","FpInvertBatch","nums","passZero","inverted","Array","length","fill","undefined","multipliedAcc","acc","invertedAcc","inv","reduceRight","p1mod2","powered","yes","zero","no","nLength","nBitLength","anumber","_nBitLength","toString","nByteLength","Math","ceil","bitLenOrOpts","isLE","_nbitLength","_sqrt","allowedLengths","modFromBytes","sqrt","_opts","sqrtP","f","Object","freeze","bitMask","create","isValid","isValidNot0","isOdd","lhs","rhs","add","div","sqrN","addN","subN","mulN","toBytes","numberToBytesLE","numberToBytesBE","fromBytes","bytes","skipValidation","includes","padded","Uint8Array","set","scalar","bytesToNumberLE","bytesToNumberBE","invertBatch","lst"],"mappings":";;AAmBA,MAAMA,EAAMC,OAAO,GAAIC,EAAMD,OAAO,GAAIE,EAAsBF,OAAO,GAAIG,EAAsBH,OAAO,GAEhGI,EAAsBJ,OAAO,GAAIK,EAAsBL,OAAO,GAAIM,EAAsBN,OAAO,GAE/FO,EAAsBP,OAAO,GAAIQ,EAAsBR,OAAO,GAAIS,EAAuBT,OAAO,IAGhG,SAAUU,EAAIC,EAAWC,GAC7B,MAAMC,EAASF,EAAIC,EACnB,OAAOC,GAAUd,EAAMc,EAASD,EAAIC,CACtC,CAYM,SAAUC,EAAKC,EAAWC,EAAeC,GAC7C,IAAIC,EAAMH,EACV,KAAOC,KAAUjB,GACfmB,GAAOA,EACPA,GAAOD,EAET,OAAOC,CACT,CAMM,SAAUC,EAAOC,EAAgBH,GACrC,GAAIG,IAAWrB,EAAK,MAAM,IAAIsB,MAAM,oCACpC,GAAIJ,GAAUlB,EAAK,MAAM,IAAIsB,MAAM,0CAA4CJ,GAE/E,IAAIN,EAAID,EAAIU,EAAQH,GAChBL,EAAIK,EAEJF,EAAIhB,EAAcuB,EAAIrB,EAC1B,KAAOU,IAAMZ,GAAK,CAEhB,MACMwB,EAAIX,EAAID,EACRa,EAAIT,EAAIO,GAFJV,EAAID,GAKdC,EAAID,EAAGA,EAAIY,EAAGR,EAAIO,EAAUA,EAAIE,CAClC,CAEA,GADYZ,IACAX,EAAK,MAAM,IAAIoB,MAAM,0BACjC,OAAOX,EAAIK,EAAGE,EAChB,CAEA,SAASQ,EAAkBC,EAAeC,EAASC,GACjD,IAAKF,EAAGG,IAAIH,EAAGI,IAAIH,GAAOC,GAAI,MAAM,IAAIP,MAAM,0BAChD,CAMA,SAASU,EAAaL,EAAeE,GACnC,MAAMI,GAAUN,EAAGO,MAAQhC,GAAOG,EAC5BuB,EAAOD,EAAGQ,IAAIN,EAAGI,GAEvB,OADAP,EAAeC,EAAIC,EAAMC,GAClBD,CACT,CAEA,SAASQ,EAAaT,EAAeE,GACnC,MAAMQ,GAAUV,EAAGO,MAAQ5B,GAAOE,EAC5B8B,EAAKX,EAAGY,IAAIV,EAAG1B,GACfqC,EAAIb,EAAGQ,IAAIG,EAAID,GACfI,EAAKd,EAAGY,IAAIV,EAAGW,GACfE,EAAIf,EAAGY,IAAIZ,EAAGY,IAAIE,EAAItC,GAAMqC,GAC5BZ,EAAOD,EAAGY,IAAIE,EAAId,EAAGgB,IAAID,EAAGf,EAAGiB,MAErC,OADAlB,EAAeC,EAAIC,EAAMC,GAClBD,CACT,CAkCM,SAAUiB,EAAcC,GAG5B,GAAIA,EAAI1C,EAAK,MAAM,IAAIkB,MAAM,uCAE7B,IAAIyB,EAAID,EAAI5C,EACR8C,EAAI,EACR,KAAOD,EAAI5C,IAAQH,GACjB+C,GAAK5C,EACL6C,IAIF,IAAIC,EAAI9C,EACR,MAAM+C,EAAMC,EAAML,GAClB,KAA8B,IAAvBM,EAAWF,EAAKD,IAGrB,GAAIA,IAAM,IAAM,MAAM,IAAI3B,MAAM,iDAGlC,GAAU,IAAN0B,EAAS,OAAOhB,EAIpB,IAAIqB,EAAKH,EAAIf,IAAIc,EAAGF,GACpB,MAAMO,GAAUP,EAAI7C,GAAOC,EAC3B,OAAO,SAAwBwB,EAAeE,GAC5C,GAAIF,EAAG4B,IAAI1B,GAAI,OAAOA,EAEtB,GAA0B,IAAtBuB,EAAWzB,EAAIE,GAAU,MAAM,IAAIP,MAAM,2BAG7C,IAAIkC,EAAIR,EACJS,EAAI9B,EAAGY,IAAIZ,EAAGiB,IAAKS,GACnBK,EAAI/B,EAAGQ,IAAIN,EAAGkB,GACdY,EAAIhC,EAAGQ,IAAIN,EAAGyB,GAIlB,MAAQ3B,EAAGG,IAAI4B,EAAG/B,EAAGiB,MAAM,CACzB,GAAIjB,EAAG4B,IAAIG,GAAI,OAAO/B,EAAGiC,KACzB,IAAIlB,EAAI,EAGJmB,EAAQlC,EAAGI,IAAI2B,GACnB,MAAQ/B,EAAGG,IAAI+B,EAAOlC,EAAGiB,MAGvB,GAFAF,IACAmB,EAAQlC,EAAGI,IAAI8B,GACXnB,IAAMc,EAAG,MAAM,IAAIlC,MAAM,2BAI/B,MAAMwC,EAAW5D,GAAOD,OAAOuD,EAAId,EAAI,GACjC7B,EAAIc,EAAGQ,IAAIsB,EAAGK,GAGpBN,EAAId,EACJe,EAAI9B,EAAGI,IAAIlB,GACX6C,EAAI/B,EAAGY,IAAImB,EAAGD,GACdE,EAAIhC,EAAGY,IAAIoB,EAAG9C,EAChB,CACA,OAAO8C,CACT,CACF,CAaM,SAAUI,EAAOjB,GAErB,OAAIA,EAAIzC,IAAQD,EAAY4B,EAExBc,EAAItC,IAAQF,EAAY8B,EAExBU,EAAIpC,IAASD,EAjHnB,SAAoBqC,GAClB,MAAMkB,EAAMb,EAAML,GACZmB,EAAKpB,EAAcC,GACnBoB,EAAKD,EAAGD,EAAKA,EAAIG,IAAIH,EAAIpB,MACzBwB,EAAKH,EAAGD,EAAKE,GACbG,EAAKJ,EAAGD,EAAKA,EAAIG,IAAID,IACrBI,GAAMxB,EAAIvC,GAAOG,EACvB,MAAO,CAAIiB,EAAeE,KACxB,IAAI0C,EAAM5C,EAAGQ,IAAIN,EAAGyC,GAChBE,EAAM7C,EAAGY,IAAIgC,EAAKL,GACtB,MAAMO,EAAM9C,EAAGY,IAAIgC,EAAKH,GAClBM,EAAM/C,EAAGY,IAAIgC,EAAKF,GAClBM,EAAKhD,EAAGG,IAAIH,EAAGI,IAAIyC,GAAM3C,GACzB+C,EAAKjD,EAAGG,IAAIH,EAAGI,IAAI0C,GAAM5C,GAC/B0C,EAAM5C,EAAGkD,KAAKN,EAAKC,EAAKG,GACxBH,EAAM7C,EAAGkD,KAAKH,EAAKD,EAAKG,GACxB,MAAME,EAAKnD,EAAGG,IAAIH,EAAGI,IAAIyC,GAAM3C,GACzBD,EAAOD,EAAGkD,KAAKN,EAAKC,EAAKM,GAE/B,OADApD,EAAeC,EAAIC,EAAMC,GAClBD,EAEX,CA4F+BmD,CAAWjC,GAEjCD,EAAcC,EACvB,OAGakC,EAAeA,CAACC,EAAa/D,KACvCP,EAAIsE,EAAK/D,GAAUhB,KAASA,EA+CzBgF,EAAe,CACnB,SAAU,UAAW,MAAO,MAAO,MAAO,OAAQ,MAClD,MAAO,MAAO,MAAO,MAAO,MAAO,MACnC,OAAQ,OAAQ,OAAQ,QAEpB,SAAUC,EAAiBC,GAC/B,MAMMC,EAAOH,EAAaI,OAAO,CAACC,EAAKC,KACrCD,EAAIC,GAAO,WACJD,GARO,CACdrD,MAAO,SACPuD,KAAM,SACNC,MAAO,SACPC,KAAM,WAUR,OAJAC,EAAgBR,EAAOC,GAIhBD,CACT,CAQM,SAAUS,EAASlE,EAAesD,EAAQhE,GAC9C,GAAIA,EAAQjB,EAAK,MAAM,IAAIsB,MAAM,2CACjC,GAAIL,IAAUjB,EAAK,OAAO2B,EAAGiB,IAC7B,GAAI3B,IAAUf,EAAK,OAAO+E,EAC1B,IAAIa,EAAInE,EAAGiB,IACPmD,EAAId,EACR,KAAOhE,EAAQjB,GACTiB,EAAQf,IAAK4F,EAAInE,EAAGY,IAAIuD,EAAGC,IAC/BA,EAAIpE,EAAGI,IAAIgE,GACX9E,IAAUf,EAEZ,OAAO4F,CACT,CAOM,SAAUE,EAAiBrE,EAAesE,EAAWC,GAAW,GACpE,MAAMC,EAAW,IAAIC,MAAMH,EAAKI,QAAQC,KAAKJ,EAAWvE,EAAGiC,UAAO2C,GAE5DC,EAAgBP,EAAKX,OAAO,CAACmB,EAAKxB,EAAKvC,IACvCf,EAAG4B,IAAI0B,GAAawB,GACxBN,EAASzD,GAAK+D,EACP9E,EAAGY,IAAIkE,EAAKxB,IAClBtD,EAAGiB,KAEA8D,EAAc/E,EAAGgF,IAAIH,GAO3B,OALAP,EAAKW,YAAY,CAACH,EAAKxB,EAAKvC,IACtBf,EAAG4B,IAAI0B,GAAawB,GACxBN,EAASzD,GAAKf,EAAGY,IAAIkE,EAAKN,EAASzD,IAC5Bf,EAAGY,IAAIkE,EAAKxB,IAClByB,GACIP,CACT,CAgBM,SAAU/C,EAAczB,EAAeE,GAG3C,MAAMgF,GAAUlF,EAAGO,MAAQhC,GAAOC,EAC5B2G,EAAUnF,EAAGQ,IAAIN,EAAGgF,GACpBE,EAAMpF,EAAGG,IAAIgF,EAASnF,EAAGiB,KACzBoE,EAAOrF,EAAGG,IAAIgF,EAASnF,EAAGiC,MAC1BqD,EAAKtF,EAAGG,IAAIgF,EAASnF,EAAGwC,IAAIxC,EAAGiB,MACrC,IAAKmE,IAAQC,IAASC,EAAI,MAAM,IAAI3F,MAAM,kCAC1C,OAAOyF,EAAM,EAAIC,EAAO,GAAI,CAC9B,CAUM,SAAUE,EAAQrF,EAAWsF,QAEdZ,IAAfY,GAA0BC,EAAQD,GACtC,MAAME,OAA6Bd,IAAfY,EAA2BA,EAAatF,EAAEyF,SAAS,GAAGjB,OAE1E,MAAO,CAAEc,WAAYE,EAAaE,YADdC,KAAKC,KAAKJ,EAAc,GAE9C,CA8BM,SAAUlE,EACdjB,EACAwF,EACAC,GAAO,EACPtC,EAA0B,IAE1B,GAAInD,GAASlC,EAAK,MAAM,IAAIsB,MAAM,0CAA4CY,GAC9E,IAAI0F,EACAC,EAEAC,EADAC,GAAwB,EAE5B,GAA4B,iBAAjBL,GAA6C,MAAhBA,EAAsB,CAC5D,GAAIrC,EAAK2C,MAAQL,EAAM,MAAM,IAAIrG,MAAM,wCACvC,MAAM2G,EAAQP,EACVO,EAAMtC,OAAMiC,EAAcK,EAAMtC,MAChCsC,EAAMD,OAAMH,EAAQI,EAAMD,MACJ,kBAAfC,EAAMN,OAAoBA,EAAOM,EAAMN,MAChB,kBAAvBM,EAAMF,eAA4BA,EAAeE,EAAMF,cAClED,EAAiBG,EAAMH,cACzB,KAC8B,iBAAjBJ,IAA2BE,EAAcF,GAChDrC,EAAK2C,OAAMH,EAAQxC,EAAK2C,MAE9B,MAAQb,WAAYxB,EAAM4B,YAAa7B,GAAUwB,EAAQhF,EAAO0F,GAChE,GAAIlC,EAAQ,KAAM,MAAM,IAAIpE,MAAM,kDAClC,IAAI4G,EACJ,MAAMC,EAAuBC,OAAOC,OAAO,CACzCnG,QACAyF,OACAhC,OACAD,QACAD,KAAM6C,EAAQ3C,GACd/B,KAAM5D,EACN4C,IAAK1C,EACL4H,eAAgBA,EAChBS,OAAStD,GAAQtE,EAAIsE,EAAK/C,GAC1BsG,QAAUvD,IACR,GAAmB,iBAARA,EACT,MAAM,IAAI3D,MAAM,sDAAwD2D,GAC1E,OAAOjF,GAAOiF,GAAOA,EAAM/C,GAE7BqB,IAAM0B,GAAQA,IAAQjF,EAEtByI,YAAcxD,IAAiBkD,EAAE5E,IAAI0B,IAAQkD,EAAEK,QAAQvD,GACvDyD,MAAQzD,IAASA,EAAM/E,KAASA,EAChCiE,IAAMc,GAAQtE,GAAKsE,EAAK/C,GACxBJ,IAAKA,CAAC6G,EAAKC,IAAQD,IAAQC,EAE3B7G,IAAMkD,GAAQtE,EAAIsE,EAAMA,EAAK/C,GAC7B2G,IAAKA,CAACF,EAAKC,IAAQjI,EAAIgI,EAAMC,EAAK1G,GAClCS,IAAKA,CAACgG,EAAKC,IAAQjI,EAAIgI,EAAMC,EAAK1G,GAClCK,IAAKA,CAACoG,EAAKC,IAAQjI,EAAIgI,EAAMC,EAAK1G,GAClCC,IAAKA,CAAC8C,EAAKhE,IAAU4E,EAAMsC,EAAGlD,EAAKhE,GACnC6H,IAAKA,CAACH,EAAKC,IAAQjI,EAAIgI,EAAMvH,EAAOwH,EAAK1G,GAAQA,GAGjD6G,KAAO9D,GAAQA,EAAMA,EACrB+D,KAAMA,CAACL,EAAKC,IAAQD,EAAMC,EAC1BK,KAAMA,CAACN,EAAKC,IAAQD,EAAMC,EAC1BM,KAAMA,CAACP,EAAKC,IAAQD,EAAMC,EAE1BjC,IAAM1B,GAAQ7D,EAAO6D,EAAK/C,GAC1B8F,KACEH,GAAK,CACHhG,IACKqG,IAAOA,EAAQnE,EAAO7B,IACpBgG,EAAMC,EAAGtG,KAEpBsH,QAAUlE,GAAS0C,EAAOyB,EAAgBnE,EAAKS,GAAS2D,EAAgBpE,EAAKS,GAC7E4D,UAAWA,CAACC,EAAOC,GAAiB,KAClC,GAAI1B,EAAgB,CAClB,IAAKA,EAAe2B,SAASF,EAAMlD,SAAWkD,EAAMlD,OAASX,EAC3D,MAAM,IAAIpE,MACR,6BAA+BwG,EAAiB,eAAiByB,EAAMlD,QAG3E,MAAMqD,EAAS,IAAIC,WAAWjE,GAE9BgE,EAAOE,IAAIL,EAAO5B,EAAO,EAAI+B,EAAOrD,OAASkD,EAAMlD,QACnDkD,EAAQG,CACV,CACA,GAAIH,EAAMlD,SAAWX,EACnB,MAAM,IAAIpE,MAAM,6BAA+BoE,EAAQ,eAAiB6D,EAAMlD,QAChF,IAAIwD,EAASlC,EAAOmC,EAAgBP,GAASQ,EAAgBR,GAE7D,GADIxB,IAAc8B,EAASlJ,EAAIkJ,EAAQ3H,KAClCsH,IACErB,EAAEK,QAAQqB,GAAS,MAAM,IAAIvI,MAAM,oDAG1C,OAAOuI,GAGTG,YAAcC,GAAQjE,EAAcmC,EAAG8B,GAGvCpF,KAAMA,CAACjE,EAAGC,EAAG4C,IAAOA,EAAI5C,EAAID,IAE9B,OAAOwH,OAAOC,OAAOF,EACvB","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/curves/esm/ed25519.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import{sha512 as t}from"../../hashes/esm/sha2.js";import{randomBytes as n}from"../../hashes/esm/utils.js";import{twistedEdwards as i}from"./abstract/edwards.js";import{Field as s,mod as o,pow2 as r,isNegativeLE as a}from"./abstract/modular.js";
+import{sha512 as f}from"../../hashes/esm/sha2.js";import{twistedEdwards as t}from"./abstract/edwards.js";import{Field as n,mod as c,pow2 as i,isNegativeLE as a}from"./abstract/modular.js";
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const B=BigInt("57896044618658097711785492504343953926634992332820282019728792003956564819949"),g=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");BigInt(0);const I=BigInt(1),e=BigInt(2);BigInt(3);const c=BigInt(5),m=BigInt(8);function u(t){return t[0]&=248,t[31]&=127,t[31]|=64,t}function p(t,n){const i=B,s=o(n*n*n,i),m=function(t){const n=BigInt(10),i=BigInt(20),s=BigInt(40),o=BigInt(80),a=B,g=t*t%a*t%a,m=r(g,e,a)*g%a,u=r(m,I,a)*t%a,p=r(u,c,a)*u%a,d=r(p,n,a)*p%a,h=r(d,i,a)*d%a,f=r(h,s,a)*h%a,l=r(f,o,a)*f%a,_=r(l,o,a)*f%a,j=r(_,n,a)*p%a;return{pow_p_5_8:r(j,e,a)*t%a,b2:g}}(t*o(s*s*n,i)).pow_p_5_8;let u=o(t*s*m,i);const p=o(n*u*u,i),d=u,h=o(u*g,i),f=p===t,l=p===o(-t,i),_=p===o(-t*g,i);return f&&(u=d),(l||_)&&(u=h),a(u,i)&&(u=o(-u,i)),{isValid:f||l,value:u}}const d=(()=>s(B,void 0,!0))(),h=(()=>({a:d.create(BigInt(-1)),d:BigInt("37095705934669439343138083508754565189542113879843219016388785533085940283555"),Fp:d,n:BigInt("7237005577332262213973186563042994240857116359379907606001950938285454250989"),h:m,Gx:BigInt("15112221349535400772501151409588531511454012693041857206046113283949847762202"),Gy:BigInt("46316835694926478169428394003475163141307993866256225615783033603165251855960"),hash:t,randomBytes:n,adjustScalarBytes:u,uvRatio:p}))(),f=(()=>i(h))();export{f as ed25519};
+const e=BigInt(1),d=BigInt(2);BigInt(3);const s=BigInt(5),o=BigInt(8),r=BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"),B=(()=>({p:r,n:BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"),h:o,a:BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),d:BigInt("0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3"),Gx:BigInt("0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a"),Gy:BigInt("0x6666666666666666666666666666666666666666666666666666666666666658")}))();function g(f){return f[0]&=248,f[31]&=127,f[31]|=64,f}const I=BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");function p(f,t){const n=r,o=c(t*t*t,n),B=function(f){const t=BigInt(10),n=BigInt(20),c=BigInt(40),a=BigInt(80),o=r,B=f*f%o*f%o,g=i(B,d,o)*B%o,I=i(g,e,o)*f%o,p=i(I,s,o)*I%o,u=i(p,t,o)*p%o,m=i(u,n,o)*u%o,x=i(m,c,o)*m%o,b=i(x,a,o)*x%o,h=i(b,a,o)*x%o,_=i(h,t,o)*p%o;return{pow_p_5_8:i(_,d,o)*f%o,b2:B}}(f*c(o*o*t,n)).pow_p_5_8;let g=c(f*o*B,n);const p=c(t*g*g,n),u=g,m=c(g*I,n),x=p===f,b=p===c(-f,n),h=p===c(-f*I,n);return x&&(g=u),(b||h)&&(g=m),a(g,n)&&(g=c(-g,n)),{isValid:x||b,value:g}}const u=(()=>n(B.p,{isLE:!0}))(),m=(()=>({...B,Fp:u,hash:f,adjustScalarBytes:g,uvRatio:p}))(),x=(()=>t(m))();export{x as ed25519};
 //# sourceMappingURL=ed25519.js.map

package/dist/esm/node_modules/@noble/curves/esm/ed25519.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ed25519.js","sources":["../../../../../../node_modules/@noble/curves/esm/ed25519.js"],"sourcesContent":["/*\n ed25519 Twisted Edwards curve with following addons:\n * - X25519 ECDH\n * - Ristretto cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { sha512 } from '@noble/hashes/sha2';\nimport { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils';\nimport { pippenger } from \"./abstract/curve.js\";\nimport { twistedEdwards } from \"./abstract/edwards.js\";\nimport { createHasher, expand_message_xmd, } from \"./abstract/hash-to-curve.js\";\nimport { Field, FpInvertBatch, FpSqrtEven, isNegativeLE, mod, pow2 } from \"./abstract/modular.js\";\nimport { montgomery } from \"./abstract/montgomery.js\";\nimport { bytesToHex, bytesToNumberLE, ensureBytes, equalBytes, numberToBytesLE, } from \"./abstract/utils.js\";\n// 2n255n - 19n\nconst ED25519_P = BigInt('57896044618658097711785492504343953926634992332820282019728792003956564819949');\n// √(-1) aka √(a) aka 2^((p-1)/4)\n// Fp.sqrt(Fp.neg(1))\nconst ED25519_SQRT_M1 = / @__PURE__ / BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752');\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _5n = BigInt(5), _8n = BigInt(8);\nfunction ed25519_pow_2_252_3(x) {\n // prettier-ignore\n const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80);\n const P = ED25519_P;\n const x2 = (x x) % P;\n const b2 = (x2 * x) % P; // x^3, 11\n const b4 = (pow2(b2, _2n, P) * b2) % P; // x^15, 1111\n const b5 = (pow2(b4, _1n, P) * x) % P; // x^31\n const b10 = (pow2(b5, _5n, P) * b5) % P;\n const b20 = (pow2(b10, _10n, P) * b10) % P;\n const b40 = (pow2(b20, _20n, P) * b20) % P;\n const b80 = (pow2(b40, _40n, P) * b40) % P;\n const b160 = (pow2(b80, _80n, P) * b80) % P;\n const b240 = (pow2(b160, _80n, P) * b80) % P;\n const b250 = (pow2(b240, _10n, P) * b10) % P;\n const pow_p_5_8 = (pow2(b250, _2n, P) * x) % P;\n // ^ To pow to (p+3)/8, multiply it by x.\n return { pow_p_5_8, b2 };\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: For X25519, in order to decode 32 random bytes as an integer scalar,\n // set the three least significant bits of the first byte\n bytes[0] &= 248; // 0b1111_1000\n // and the most significant bit of the last to zero,\n bytes[31] &= 127; // 0b0111_1111\n // set the second most significant bit of the last byte to 1\n bytes[31] \|= 64; // 0b0100_0000\n return bytes;\n}\n// sqrt(u/v)\nfunction uvRatio(u, v) {\n const P = ED25519_P;\n const v3 = mod(v * v * v, P); // v³\n const v7 = mod(v3 * v3 * v, P); // v⁷\n // (p+3)/8 and (p-5)/8\n const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;\n let x = mod(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8\n const vx2 = mod(v * x * x, P); // vx²\n const root1 = x; // First root candidate\n const root2 = mod(x * ED25519_SQRT_M1, P); // Second root candidate\n const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root\n const useRoot2 = vx2 === mod(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)\n const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)\n if (useRoot1)\n x = root1;\n if (useRoot2 \|\| noRoot)\n x = root2; // We return root2 anyway, for const-time\n if (isNegativeLE(x, P))\n x = mod(-x, P);\n return { isValid: useRoot1 \|\| useRoot2, value: x };\n}\n/** Weird / bogus points, useful for debugging. /\nexport const ED25519_TORSION_SUBGROUP = [\n '0100000000000000000000000000000000000000000000000000000000000000',\n 'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a',\n '0000000000000000000000000000000000000000000000000000000000000080',\n '26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05',\n 'ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f',\n '26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc85',\n '0000000000000000000000000000000000000000000000000000000000000000',\n 'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa',\n];\nconst Fp = / @__PURE__ / (() => Field(ED25519_P, undefined, true))();\nconst ed25519Defaults = / @__PURE__ / (() => ({\n // Removing Fp.create() will still work, and is 10% faster on sign\n a: Fp.create(BigInt(-1)),\n // d is -121665/121666 a.k.a. Fp.neg(121665 Fp.inv(121666))\n d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'),\n // Finite field 2n255n - 19n\n Fp,\n // Subgroup order 2n252n + 27742317777372353535851937790883648493n;\n n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'),\n h: _8n,\n Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'),\n Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'),\n hash: sha512,\n randomBytes,\n adjustScalarBytes,\n // dom2\n // Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3.\n // Constant-time, u/√v\n uvRatio,\n}))();\n/*\n ed25519 curve with EdDSA signatures.\n * @example\n * import { ed25519 } from '@noble/curves/ed25519';\n * const priv = ed25519.utils.randomPrivateKey();\n * const pub = ed25519.getPublicKey(priv);\n * const msg = new TextEncoder().encode('hello');\n * const sig = ed25519.sign(msg, priv);\n * ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215\n * ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5\n /\nexport const ed25519 = / @__PURE__ / (() => twistedEdwards(ed25519Defaults))();\nfunction ed25519_domain(data, ctx, phflag) {\n if (ctx.length > 255)\n throw new Error('Context is too big');\n return concatBytes(utf8ToBytes('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n}\nexport const ed25519ctx = / @__PURE__ / (() => twistedEdwards({\n ...ed25519Defaults,\n domain: ed25519_domain,\n}))();\nexport const ed25519ph = / @__PURE__ / (() => twistedEdwards(Object.assign({}, ed25519Defaults, {\n domain: ed25519_domain,\n prehash: sha512,\n})))();\n/\n ECDH using curve25519 aka x25519.\n * @example\n * import { x25519 } from '@noble/curves/ed25519';\n * const priv = 'a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4';\n * const pub = 'e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c';\n * x25519.getSharedSecret(priv, pub) === x25519.scalarMult(priv, pub); // aliases\n * x25519.getPublicKey(priv) === x25519.scalarMultBase(priv);\n * x25519.getPublicKey(x25519.utils.randomPrivateKey());\n /\nexport const x25519 = / @__PURE__ / (() => montgomery({\n P: ED25519_P,\n type: 'x25519',\n powPminus2: (x) => {\n const P = ED25519_P;\n // x^(p-2) aka x^(2^255-21)\n const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);\n return mod(pow2(pow_p_5_8, _3n, P) b2, P);\n },\n adjustScalarBytes,\n randomBytes,\n}))();\n/*\n Converts ed25519 public key to x25519 public key. Uses formula:\n * * `(u, v) = ((1+y)/(1-y), sqrt(-486664)u/x)`\n * `(x, y) = (sqrt(-486664)u/v, (u-1)/(u+1))`\n @example\n * const someonesPub = ed25519.getPublicKey(ed25519.utils.randomPrivateKey());\n * const aPriv = x25519.utils.randomPrivateKey();\n * x25519.getSharedSecret(aPriv, edwardsToMontgomeryPub(someonesPub))\n /\nexport function edwardsToMontgomeryPub(edwardsPub) {\n const { y } = ed25519.ExtendedPoint.fromHex(edwardsPub);\n const _1n = BigInt(1);\n return Fp.toBytes(Fp.create((_1n + y) Fp.inv(_1n - y)));\n}\nexport const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated\n/*\n Converts ed25519 secret key to x25519 secret key.\n * @example\n * const someonesPub = x25519.getPublicKey(x25519.utils.randomPrivateKey());\n * const aPriv = ed25519.utils.randomPrivateKey();\n * x25519.getSharedSecret(edwardsToMontgomeryPriv(aPriv), someonesPub)\n /\nexport function edwardsToMontgomeryPriv(edwardsPriv) {\n const hashed = ed25519Defaults.hash(edwardsPriv.subarray(0, 32));\n return ed25519Defaults.adjustScalarBytes(hashed).subarray(0, 32);\n}\n// Hash To Curve Elligator2 Map (NOTE: different from ristretto255 elligator)\n// NOTE: very important part is usage of FpSqrtEven for ELL2_C1_EDWARDS, since\n// SageMath returns different root first and everything falls apart\nconst ELL2_C1 = / @__PURE__ / (() => (Fp.ORDER + _3n) / _8n)(); // 1. c1 = (q + 3) / 8 # Integer arithmetic\nconst ELL2_C2 = / @__PURE__ / (() => Fp.pow(_2n, ELL2_C1))(); // 2. c2 = 2^c1\nconst ELL2_C3 = / @__PURE__ / (() => Fp.sqrt(Fp.neg(Fp.ONE)))(); // 3. c3 = sqrt(-1)\n// prettier-ignore\nfunction map_to_curve_elligator2_curve25519(u) {\n const ELL2_C4 = (Fp.ORDER - _5n) / _8n; // 4. c4 = (q - 5) / 8 # Integer arithmetic\n const ELL2_J = BigInt(486662);\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, _2n); // 2. tv1 = 2 tv1\n let xd = Fp.add(tv1, Fp.ONE); // 3. xd = tv1 + 1 # Nonzero: -1 is square (mod p), tv1 is not\n let x1n = Fp.neg(ELL2_J); // 4. x1n = -J # x1 = x1n / xd = -J / (1 + 2 * u^2)\n let tv2 = Fp.sqr(xd); // 5. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 6. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, ELL2_J); // 7. gx1 = J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 8. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 9. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 10. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 11. tv3 = gxd^2\n tv2 = Fp.sqr(tv3); // 12. tv2 = tv3^2 # gxd^4\n tv3 = Fp.mul(tv3, gxd); // 13. tv3 = tv3 * gxd # gxd^3\n tv3 = Fp.mul(tv3, gx1); // 14. tv3 = tv3 * gx1 # gx1 * gxd^3\n tv2 = Fp.mul(tv2, tv3); // 15. tv2 = tv2 * tv3 # gx1 * gxd^7\n let y11 = Fp.pow(tv2, ELL2_C4); // 16. y11 = tv2^c4 # (gx1 * gxd^7)^((p - 5) / 8)\n y11 = Fp.mul(y11, tv3); // 17. y11 = y11 * tv3 # gx1gxd^3(gx1gxd^7)^((p-5)/8)\n let y12 = Fp.mul(y11, ELL2_C3); // 18. y12 = y11 c3\n tv2 = Fp.sqr(y11); // 19. tv2 = y11^2\n tv2 = Fp.mul(tv2, gxd); // 20. tv2 = tv2 * gxd\n let e1 = Fp.eql(tv2, gx1); // 21. e1 = tv2 == gx1\n let y1 = Fp.cmov(y12, y11, e1); // 22. y1 = CMOV(y12, y11, e1) # If g(x1) is square, this is its sqrt\n let x2n = Fp.mul(x1n, tv1); // 23. x2n = x1n * tv1 # x2 = x2n / xd = 2 * u^2 * x1n / xd\n let y21 = Fp.mul(y11, u); // 24. y21 = y11 * u\n y21 = Fp.mul(y21, ELL2_C2); // 25. y21 = y21 * c2\n let y22 = Fp.mul(y21, ELL2_C3); // 26. y22 = y21 * c3\n let gx2 = Fp.mul(gx1, tv1); // 27. gx2 = gx1 * tv1 # g(x2) = gx2 / gxd = 2 * u^2 * g(x1)\n tv2 = Fp.sqr(y21); // 28. tv2 = y21^2\n tv2 = Fp.mul(tv2, gxd); // 29. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx2); // 30. e2 = tv2 == gx2\n let y2 = Fp.cmov(y22, y21, e2); // 31. y2 = CMOV(y22, y21, e2) # If g(x2) is square, this is its sqrt\n tv2 = Fp.sqr(y1); // 32. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 33. tv2 = tv2 * gxd\n let e3 = Fp.eql(tv2, gx1); // 34. e3 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e3); // 35. xn = CMOV(x2n, x1n, e3) # If e3, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e3); // 36. y = CMOV(y2, y1, e3) # If e3, y = y1, else y = y2\n let e4 = Fp.isOdd(y); // 37. e4 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e3 !== e4); // 38. y = CMOV(y, -y, e3 XOR e4)\n return { xMn: xn, xMd: xd, yMn: y, yMd: _1n }; // 39. return (xn, xd, y, 1)\n}\nconst ELL2_C1_EDWARDS = /* @__PURE__ / (() => FpSqrtEven(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0\nfunction map_to_curve_elligator2_edwards25519(u) {\n const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); // 1. (xMn, xMd, yMn, yMd) =\n // map_to_curve_elligator2_curve25519(u)\n let xn = Fp.mul(xMn, yMd); // 2. xn = xMn yMd\n xn = Fp.mul(xn, ELL2_C1_EDWARDS); // 3. xn = xn * c1\n let xd = Fp.mul(xMd, yMn); // 4. xd = xMd * yMn # xn / xd = c1 * xM / yM\n let yn = Fp.sub(xMn, xMd); // 5. yn = xMn - xMd\n let yd = Fp.add(xMn, xMd); // 6. yd = xMn + xMd # (n / d - 1) / (n / d + 1) = (n - d) / (n + d)\n let tv1 = Fp.mul(xd, yd); // 7. tv1 = xd * yd\n let e = Fp.eql(tv1, Fp.ZERO); // 8. e = tv1 == 0\n xn = Fp.cmov(xn, Fp.ZERO, e); // 9. xn = CMOV(xn, 0, e)\n xd = Fp.cmov(xd, Fp.ONE, e); // 10. xd = CMOV(xd, 1, e)\n yn = Fp.cmov(yn, Fp.ONE, e); // 11. yn = CMOV(yn, 1, e)\n yd = Fp.cmov(yd, Fp.ONE, e); // 12. yd = CMOV(yd, 1, e)\n const [xd_inv, yd_inv] = FpInvertBatch(Fp, [xd, yd], true); // batch division\n return { x: Fp.mul(xn, xd_inv), y: Fp.mul(yn, yd_inv) }; // 13. return (xn, xd, yn, yd)\n}\nexport const ed25519_hasher = /* @__PURE__ / (() => createHasher(ed25519.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards25519(scalars[0]), {\n DST: 'edwards25519_XMD:SHA-512_ELL2_RO_',\n encodeDST: 'edwards25519_XMD:SHA-512_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha512,\n}))();\nexport const hashToCurve = / @__PURE__ / (() => ed25519_hasher.hashToCurve)();\nexport const encodeToCurve = / @__PURE__ / (() => ed25519_hasher.encodeToCurve)();\nfunction aristp(other) {\n if (!(other instanceof RistPoint))\n throw new Error('RistrettoPoint expected');\n}\n// √(-1) aka √(a) aka 2^((p-1)/4)\nconst SQRT_M1 = ED25519_SQRT_M1;\n// √(ad - 1)\nconst SQRT_AD_MINUS_ONE = / @__PURE__ / BigInt('25063068953384623474111414158702152701244531502492656460079210482610430750235');\n// 1 / √(a-d)\nconst INVSQRT_A_MINUS_D = / @__PURE__ / BigInt('54469307008909316920995813868745141605393597292927456921205312896311721017578');\n// 1-d²\nconst ONE_MINUS_D_SQ = / @__PURE__ / BigInt('1159843021668779879193775521855586647937357759715417654439879720876111806838');\n// (d-1)²\nconst D_MINUS_ONE_SQ = / @__PURE__ / BigInt('40440834346308536858101042469323190826248399146238708352240133220865137265952');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_255B = / @__PURE__ / BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes255ToNumberLE = (bytes) => ed25519.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_255B);\n/\n Computes Elligator map for Ristretto255.\n * Described in [RFC9380](https://www.rfc-editor.org/rfc/rfc9380#appendix-B) and on\n * the [website](https://ristretto.group/formulas/elligator.html).\n /\nfunction calcElligatorRistrettoMap(r0) {\n const { d } = ed25519.CURVE;\n const P = ed25519.CURVE.Fp.ORDER;\n const mod = ed25519.CURVE.Fp.create;\n const r = mod(SQRT_M1 r0 * r0); // 1\n const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2\n let c = BigInt(-1); // 3\n const D = mod((c - d * r) * mod(r + d)); // 4\n let { isValid: Ns_D_is_sq, value: s } = uvRatio(Ns, D); // 5\n let s_ = mod(s * r0); // 6\n if (!isNegativeLE(s_, P))\n s_ = mod(-s_);\n if (!Ns_D_is_sq)\n s = s_; // 7\n if (!Ns_D_is_sq)\n c = r; // 8\n const Nt = mod(c * (r - _1n) * D_MINUS_ONE_SQ - D); // 9\n const s2 = s * s;\n const W0 = mod((s + s) * D); // 10\n const W1 = mod(Nt * SQRT_AD_MINUS_ONE); // 11\n const W2 = mod(_1n - s2); // 12\n const W3 = mod(_1n + s2); // 13\n return new ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\n/*\n Each ed25519/ExtendedPoint has 8 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Ristretto was created to solve this.\n * Ristretto point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * See [RFC9496](https://www.rfc-editor.org/rfc/rfc9496).\n /\nclass RistPoint {\n // Private property to discourage combining ExtendedPoint + RistrettoPoint\n // Always use Ristretto encoding/decoding instead.\n constructor(ep) {\n this.ep = ep;\n }\n static fromAffine(ap) {\n return new RistPoint(ed25519.ExtendedPoint.fromAffine(ap));\n }\n /\n Takes uniform output of 64-byte hash function like sha512 and converts it to `RistrettoPoint`.\n * The hash-to-group operation applies Elligator twice and adds the results.\n * Note: this is one-way map, there is no conversion from point to hash.\n * Described in [RFC9380](https://www.rfc-editor.org/rfc/rfc9380#appendix-B) and on\n * the [website](https://ristretto.group/formulas/elligator.html).\n * @param hex 64-byte output of a hash function\n /\n static hashToCurve(hex) {\n hex = ensureBytes('ristrettoHash', hex, 64);\n const r1 = bytes255ToNumberLE(hex.slice(0, 32));\n const R1 = calcElligatorRistrettoMap(r1);\n const r2 = bytes255ToNumberLE(hex.slice(32, 64));\n const R2 = calcElligatorRistrettoMap(r2);\n return new RistPoint(R1.add(R2));\n }\n /\n Converts ristretto-encoded string to ristretto point.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-decode).\n * @param hex Ristretto-encoded 32 bytes. Not every 32-byte string is valid ristretto encoding\n /\n static fromHex(hex) {\n hex = ensureBytes('ristrettoHex', hex, 32);\n const { a, d } = ed25519.CURVE;\n const P = ed25519.CURVE.Fp.ORDER;\n const mod = ed25519.CURVE.Fp.create;\n const emsg = 'RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint';\n const s = bytes255ToNumberLE(hex);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 3. Check that s is non-negative, or else abort\n if (!equalBytes(numberToBytesLE(s, 32), hex) \|\| isNegativeLE(s, P))\n throw new Error(emsg);\n const s2 = mod(s s);\n const u1 = mod(_1n + a * s2); // 4 (a is -1)\n const u2 = mod(_1n - a * s2); // 5\n const u1_2 = mod(u1 * u1);\n const u2_2 = mod(u2 * u2);\n const v = mod(a * d * u1_2 - u2_2); // 6\n const { isValid, value: I } = invertSqrt(mod(v * u2_2)); // 7\n const Dx = mod(I * u2); // 8\n const Dy = mod(I * Dx * v); // 9\n let x = mod((s + s) * Dx); // 10\n if (isNegativeLE(x, P))\n x = mod(-x); // 10\n const y = mod(u1 * Dy); // 11\n const t = mod(x * y); // 12\n if (!isValid \|\| isNegativeLE(t, P) \|\| y === _0n)\n throw new Error(emsg);\n return new RistPoint(new ed25519.ExtendedPoint(x, y, _1n, t));\n }\n static msm(points, scalars) {\n const Fn = Field(ed25519.CURVE.n, ed25519.CURVE.nBitLength);\n return pippenger(RistPoint, Fn, points, scalars);\n }\n /*\n Encodes ristretto point to Uint8Array.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-encode).\n /\n toRawBytes() {\n let { ex: x, ey: y, ez: z, et: t } = this.ep;\n const P = ed25519.CURVE.Fp.ORDER;\n const mod = ed25519.CURVE.Fp.create;\n const u1 = mod(mod(z + y) mod(z - y)); // 1\n const u2 = mod(x * y); // 2\n // Square root always exists\n const u2sq = mod(u2 * u2);\n const { value: invsqrt } = invertSqrt(mod(u1 * u2sq)); // 3\n const D1 = mod(invsqrt * u1); // 4\n const D2 = mod(invsqrt * u2); // 5\n const zInv = mod(D1 * D2 * t); // 6\n let D; // 7\n if (isNegativeLE(t * zInv, P)) {\n let _x = mod(y * SQRT_M1);\n let _y = mod(x * SQRT_M1);\n x = _x;\n y = _y;\n D = mod(D1 * INVSQRT_A_MINUS_D);\n }\n else {\n D = D2; // 8\n }\n if (isNegativeLE(x * zInv, P))\n y = mod(-y); // 9\n let s = mod((z - y) * D); // 10 (check footer's note, no sqrt(-a))\n if (isNegativeLE(s, P))\n s = mod(-s);\n return numberToBytesLE(s, 32); // 11\n }\n toHex() {\n return bytesToHex(this.toRawBytes());\n }\n toString() {\n return this.toHex();\n }\n /*\n Compares two Ristretto points.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-equals).\n /\n equals(other) {\n aristp(other);\n const { ex: X1, ey: Y1 } = this.ep;\n const { ex: X2, ey: Y2 } = other.ep;\n const mod = ed25519.CURVE.Fp.create;\n // (x1 y2 == y1 * x2) \| (y1 * y2 == x1 * x2)\n const one = mod(X1 * Y2) === mod(Y1 * X2);\n const two = mod(Y1 * Y2) === mod(X1 * X2);\n return one \|\| two;\n }\n add(other) {\n aristp(other);\n return new RistPoint(this.ep.add(other.ep));\n }\n subtract(other) {\n aristp(other);\n return new RistPoint(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return new RistPoint(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return new RistPoint(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return new RistPoint(this.ep.double());\n }\n negate() {\n return new RistPoint(this.ep.negate());\n }\n}\n/*\n Wrapper over Edwards Point for ristretto255 from\n * [RFC9496](https://www.rfc-editor.org/rfc/rfc9496).\n /\nexport const RistrettoPoint = / @__PURE__ / (() => {\n if (!RistPoint.BASE)\n RistPoint.BASE = new RistPoint(ed25519.ExtendedPoint.BASE);\n if (!RistPoint.ZERO)\n RistPoint.ZERO = new RistPoint(ed25519.ExtendedPoint.ZERO);\n return RistPoint;\n})();\n/\n hash-to-curve for ristretto255.\n * Described in [RFC9380](https://www.rfc-editor.org/rfc/rfc9380#appendix-B).\n /\nexport const hashToRistretto255 = (msg, options) => {\n const d = options.DST;\n const DST = typeof d === 'string' ? utf8ToBytes(d) : d;\n const uniform_bytes = expand_message_xmd(msg, DST, 64, sha512);\n const P = RistPoint.hashToCurve(uniform_bytes);\n return P;\n};\n/* @deprecated */\nexport const hash_to_ristretto255 = hashToRistretto255; // legacy\n//# sourceMappingURL=ed25519.js.map"],"names":["ED25519_P","BigInt","ED25519_SQRT_M1","_1n","_2n","_5n","_8n","adjustScalarBytes","bytes","uvRatio","u","v","P","v3","mod","pow","x","_10n","_20n","_40n","_80n","b2","b4","pow2","b5","b10","b20","b40","b80","b160","b240","b250","pow_p_5_8","ed25519_pow_2_252_3","vx2","root1","root2","useRoot1","useRoot2","noRoot","isNegativeLE","isValid","value","Fp","Field","undefined","ed25519Defaults","a","create","d","n","h","Gx","Gy","hash","sha512","randomBytes","ed25519","twistedEdwards"],"mappings":";;AA+BA,MAAMA,EAAYC,OAChB,iFAIIC,EAAkCD,OACtC,iFAIUA,OAAO,GAAIE,MAAAA,EAAMF,OAAO,GAAIG,EAAMH,OAAO,GAAUA,OAAO,GAEtE,MAAMI,EAAMJ,OAAO,GAAIK,EAAML,OAAO,GAsBpC,SAASM,EAAkBC,GAQzB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,KAAO,GACNA,CACT,CAGA,SAASC,EAAQC,EAAWC,GAC1B,MAAMC,EAAIZ,EACJa,EAAKC,EAAIH,EAAIA,EAAIA,EAAGC,GAGpBG,EArCR,SAA6BC,GAE3B,MAAMC,EAAOhB,OAAO,IAAKiB,EAAOjB,OAAO,IAAKkB,EAAOlB,OAAO,IAAKmB,EAAOnB,OAAO,IACvEW,EAAIZ,EAEJqB,EADML,EAAIA,EAAKJ,EACJI,EAAKJ,EAChBU,EAAMC,EAAKF,EAAIjB,EAAKQ,GAAKS,EAAMT,EAC/BY,EAAMD,EAAKD,EAAInB,EAAKS,GAAKI,EAAKJ,EAC9Ba,EAAOF,EAAKC,EAAInB,EAAKO,GAAKY,EAAMZ,EAChCc,EAAOH,EAAKE,EAAKR,EAAML,GAAKa,EAAOb,EACnCe,EAAOJ,EAAKG,EAAKR,EAAMN,GAAKc,EAAOd,EACnCgB,EAAOL,EAAKI,EAAKR,EAAMP,GAAKe,EAAOf,EACnCiB,EAAQN,EAAKK,EAAKR,EAAMR,GAAKgB,EAAOhB,EACpCkB,EAAQP,EAAKM,EAAMT,EAAMR,GAAKgB,EAAOhB,EACrCmB,EAAQR,EAAKO,EAAMb,EAAML,GAAKa,EAAOb,EAG3C,MAAO,CAAEoB,UAFUT,EAAKQ,EAAM3B,EAAKQ,GAAKI,EAAKJ,EAEzBS,KACtB,CAmBcY,CAAoBvB,EAFrBI,EAAID,EAAKA,EAAKF,EAAGC,IAEYoB,UACxC,IAAIhB,EAAIF,EAAIJ,EAAIG,EAAKE,EAAKH,GAC1B,MAAMsB,EAAMpB,EAAIH,EAAIK,EAAIA,EAAGJ,GACrBuB,EAAQnB,EACRoB,EAAQtB,EAAIE,EAAId,EAAiBU,GACjCyB,EAAWH,IAAQxB,EACnB4B,EAAWJ,IAAQpB,GAAKJ,EAAGE,GAC3B2B,EAASL,IAAQpB,GAAKJ,EAAIR,EAAiBU,GAIjD,OAHIyB,IAAUrB,EAAImB,IACdG,GAAYC,KAAQvB,EAAIoB,GACxBI,EAAaxB,EAAGJ,KAAII,EAAIF,GAAKE,EAAGJ,IAC7B,CAAE6B,QAASJ,GAAYC,EAAUI,MAAO1B,EACjD,CAcA,MAAM2B,EAAqB,KAAOC,EAAM5C,OAAW6C,GAAW,GAAnC,GAErBC,EAAkC,MACrC,CAECC,EAAGJ,EAAGK,OAAO/C,QAAS,IAEtBgD,EAAGhD,OAAO,iFAEV0C,KAEAO,EAAGjD,OAAO,gFACVkD,EAAG7C,EACH8C,GAAInD,OAAO,iFACXoD,GAAIpD,OAAO,iFACXqD,KAAMC,EACNC,cACAjD,oBAIAE,YAnBoC,GAiC3BgD,EAAmC,KAAOC,EAAeZ,GAAtB","x_google_ignoreList":[0]}
1	+ {"version":3,"file":"ed25519.js","sources":["../../../../../../node_modules/@noble/curves/esm/ed25519.js"],"sourcesContent":["/*\n ed25519 Twisted Edwards curve with following addons:\n * - X25519 ECDH\n * - Ristretto cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { sha512 } from '@noble/hashes/sha2.js';\nimport { abytes, concatBytes, utf8ToBytes } from '@noble/hashes/utils.js';\nimport { pippenger } from \"./abstract/curve.js\";\nimport { PrimeEdwardsPoint, twistedEdwards, } from \"./abstract/edwards.js\";\nimport { _DST_scalar, createHasher, expand_message_xmd, } from \"./abstract/hash-to-curve.js\";\nimport { Field, FpInvertBatch, FpSqrtEven, isNegativeLE, mod, pow2, } from \"./abstract/modular.js\";\nimport { montgomery } from \"./abstract/montgomery.js\";\nimport { bytesToNumberLE, ensureBytes, equalBytes } from \"./utils.js\";\n// prettier-ignore\nconst _0n = / @__PURE__ / BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);\n// prettier-ignore\nconst _5n = BigInt(5), _8n = BigInt(8);\n// P = 2n255n-19n\nconst ed25519_CURVE_p = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed');\n// N = 2n252n + 27742317777372353535851937790883648493n\n// a = Fp.create(BigInt(-1))\n// d = -121665/121666 a.k.a. Fp.neg(121665 Fp.inv(121666))\nconst ed25519_CURVE = /* @__PURE__ / (() => ({\n p: ed25519_CURVE_p,\n n: BigInt('0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed'),\n h: _8n,\n a: BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec'),\n d: BigInt('0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3'),\n Gx: BigInt('0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a'),\n Gy: BigInt('0x6666666666666666666666666666666666666666666666666666666666666658'),\n}))();\nfunction ed25519_pow_2_252_3(x) {\n // prettier-ignore\n const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80);\n const P = ed25519_CURVE_p;\n const x2 = (x x) % P;\n const b2 = (x2 * x) % P; // x^3, 11\n const b4 = (pow2(b2, _2n, P) * b2) % P; // x^15, 1111\n const b5 = (pow2(b4, _1n, P) * x) % P; // x^31\n const b10 = (pow2(b5, _5n, P) * b5) % P;\n const b20 = (pow2(b10, _10n, P) * b10) % P;\n const b40 = (pow2(b20, _20n, P) * b20) % P;\n const b80 = (pow2(b40, _40n, P) * b40) % P;\n const b160 = (pow2(b80, _80n, P) * b80) % P;\n const b240 = (pow2(b160, _80n, P) * b80) % P;\n const b250 = (pow2(b240, _10n, P) * b10) % P;\n const pow_p_5_8 = (pow2(b250, _2n, P) * x) % P;\n // ^ To pow to (p+3)/8, multiply it by x.\n return { pow_p_5_8, b2 };\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: For X25519, in order to decode 32 random bytes as an integer scalar,\n // set the three least significant bits of the first byte\n bytes[0] &= 248; // 0b1111_1000\n // and the most significant bit of the last to zero,\n bytes[31] &= 127; // 0b0111_1111\n // set the second most significant bit of the last byte to 1\n bytes[31] \|= 64; // 0b0100_0000\n return bytes;\n}\n// √(-1) aka √(a) aka 2^((p-1)/4)\n// Fp.sqrt(Fp.neg(1))\nconst ED25519_SQRT_M1 = /* @__PURE__ / BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752');\n// sqrt(u/v)\nfunction uvRatio(u, v) {\n const P = ed25519_CURVE_p;\n const v3 = mod(v v * v, P); // v³\n const v7 = mod(v3 * v3 * v, P); // v⁷\n // (p+3)/8 and (p-5)/8\n const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;\n let x = mod(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8\n const vx2 = mod(v * x * x, P); // vx²\n const root1 = x; // First root candidate\n const root2 = mod(x * ED25519_SQRT_M1, P); // Second root candidate\n const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root\n const useRoot2 = vx2 === mod(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)\n const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)\n if (useRoot1)\n x = root1;\n if (useRoot2 \|\| noRoot)\n x = root2; // We return root2 anyway, for const-time\n if (isNegativeLE(x, P))\n x = mod(-x, P);\n return { isValid: useRoot1 \|\| useRoot2, value: x };\n}\nconst Fp = /* @__PURE__ / (() => Field(ed25519_CURVE.p, { isLE: true }))();\nconst Fn = / @__PURE__ / (() => Field(ed25519_CURVE.n, { isLE: true }))();\nconst ed25519Defaults = / @__PURE__ / (() => ({\n ...ed25519_CURVE,\n Fp,\n hash: sha512,\n adjustScalarBytes,\n // dom2\n // Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3.\n // Constant-time, u/√v\n uvRatio,\n}))();\n/\n ed25519 curve with EdDSA signatures.\n * @example\n * import { ed25519 } from '@noble/curves/ed25519';\n * const { secretKey, publicKey } = ed25519.keygen();\n * const msg = new TextEncoder().encode('hello');\n * const sig = ed25519.sign(msg, priv);\n * ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215\n * ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5\n /\nexport const ed25519 = / @__PURE__ / (() => twistedEdwards(ed25519Defaults))();\nfunction ed25519_domain(data, ctx, phflag) {\n if (ctx.length > 255)\n throw new Error('Context is too big');\n return concatBytes(utf8ToBytes('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n}\n/* Context of ed25519. Uses context for domain separation. /\nexport const ed25519ctx = / @__PURE__ / (() => twistedEdwards({\n ...ed25519Defaults,\n domain: ed25519_domain,\n}))();\n/* Prehashed version of ed25519. Accepts already-hashed messages in sign() and verify(). /\nexport const ed25519ph = / @__PURE__ / (() => twistedEdwards(Object.assign({}, ed25519Defaults, {\n domain: ed25519_domain,\n prehash: sha512,\n})))();\n/\n ECDH using curve25519 aka x25519.\n * @example\n * import { x25519 } from '@noble/curves/ed25519';\n * const priv = 'a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4';\n * const pub = 'e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c';\n * x25519.getSharedSecret(priv, pub) === x25519.scalarMult(priv, pub); // aliases\n * x25519.getPublicKey(priv) === x25519.scalarMultBase(priv);\n * x25519.getPublicKey(x25519.utils.randomSecretKey());\n /\nexport const x25519 = / @__PURE__ / (() => {\n const P = Fp.ORDER;\n return montgomery({\n P,\n type: 'x25519',\n powPminus2: (x) => {\n // x^(p-2) aka x^(2^255-21)\n const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);\n return mod(pow2(pow_p_5_8, _3n, P) b2, P);\n },\n adjustScalarBytes,\n });\n})();\n// Hash To Curve Elligator2 Map (NOTE: different from ristretto255 elligator)\n// NOTE: very important part is usage of FpSqrtEven for ELL2_C1_EDWARDS, since\n// SageMath returns different root first and everything falls apart\nconst ELL2_C1 = /* @__PURE__ / (() => (ed25519_CURVE_p + _3n) / _8n)(); // 1. c1 = (q + 3) / 8 # Integer arithmetic\nconst ELL2_C2 = / @__PURE__ / (() => Fp.pow(_2n, ELL2_C1))(); // 2. c2 = 2^c1\nconst ELL2_C3 = / @__PURE__ / (() => Fp.sqrt(Fp.neg(Fp.ONE)))(); // 3. c3 = sqrt(-1)\n// prettier-ignore\nfunction map_to_curve_elligator2_curve25519(u) {\n const ELL2_C4 = (ed25519_CURVE_p - _5n) / _8n; // 4. c4 = (q - 5) / 8 # Integer arithmetic\n const ELL2_J = BigInt(486662);\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n tv1 = Fp.mul(tv1, _2n); // 2. tv1 = 2 tv1\n let xd = Fp.add(tv1, Fp.ONE); // 3. xd = tv1 + 1 # Nonzero: -1 is square (mod p), tv1 is not\n let x1n = Fp.neg(ELL2_J); // 4. x1n = -J # x1 = x1n / xd = -J / (1 + 2 * u^2)\n let tv2 = Fp.sqr(xd); // 5. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 6. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, ELL2_J); // 7. gx1 = J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 8. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 9. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 10. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 11. tv3 = gxd^2\n tv2 = Fp.sqr(tv3); // 12. tv2 = tv3^2 # gxd^4\n tv3 = Fp.mul(tv3, gxd); // 13. tv3 = tv3 * gxd # gxd^3\n tv3 = Fp.mul(tv3, gx1); // 14. tv3 = tv3 * gx1 # gx1 * gxd^3\n tv2 = Fp.mul(tv2, tv3); // 15. tv2 = tv2 * tv3 # gx1 * gxd^7\n let y11 = Fp.pow(tv2, ELL2_C4); // 16. y11 = tv2^c4 # (gx1 * gxd^7)^((p - 5) / 8)\n y11 = Fp.mul(y11, tv3); // 17. y11 = y11 * tv3 # gx1gxd^3(gx1gxd^7)^((p-5)/8)\n let y12 = Fp.mul(y11, ELL2_C3); // 18. y12 = y11 c3\n tv2 = Fp.sqr(y11); // 19. tv2 = y11^2\n tv2 = Fp.mul(tv2, gxd); // 20. tv2 = tv2 * gxd\n let e1 = Fp.eql(tv2, gx1); // 21. e1 = tv2 == gx1\n let y1 = Fp.cmov(y12, y11, e1); // 22. y1 = CMOV(y12, y11, e1) # If g(x1) is square, this is its sqrt\n let x2n = Fp.mul(x1n, tv1); // 23. x2n = x1n * tv1 # x2 = x2n / xd = 2 * u^2 * x1n / xd\n let y21 = Fp.mul(y11, u); // 24. y21 = y11 * u\n y21 = Fp.mul(y21, ELL2_C2); // 25. y21 = y21 * c2\n let y22 = Fp.mul(y21, ELL2_C3); // 26. y22 = y21 * c3\n let gx2 = Fp.mul(gx1, tv1); // 27. gx2 = gx1 * tv1 # g(x2) = gx2 / gxd = 2 * u^2 * g(x1)\n tv2 = Fp.sqr(y21); // 28. tv2 = y21^2\n tv2 = Fp.mul(tv2, gxd); // 29. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx2); // 30. e2 = tv2 == gx2\n let y2 = Fp.cmov(y22, y21, e2); // 31. y2 = CMOV(y22, y21, e2) # If g(x2) is square, this is its sqrt\n tv2 = Fp.sqr(y1); // 32. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 33. tv2 = tv2 * gxd\n let e3 = Fp.eql(tv2, gx1); // 34. e3 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e3); // 35. xn = CMOV(x2n, x1n, e3) # If e3, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e3); // 36. y = CMOV(y2, y1, e3) # If e3, y = y1, else y = y2\n let e4 = Fp.isOdd(y); // 37. e4 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e3 !== e4); // 38. y = CMOV(y, -y, e3 XOR e4)\n return { xMn: xn, xMd: xd, yMn: y, yMd: _1n }; // 39. return (xn, xd, y, 1)\n}\nconst ELL2_C1_EDWARDS = /* @__PURE__ / (() => FpSqrtEven(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0\nfunction map_to_curve_elligator2_edwards25519(u) {\n const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); // 1. (xMn, xMd, yMn, yMd) =\n // map_to_curve_elligator2_curve25519(u)\n let xn = Fp.mul(xMn, yMd); // 2. xn = xMn yMd\n xn = Fp.mul(xn, ELL2_C1_EDWARDS); // 3. xn = xn * c1\n let xd = Fp.mul(xMd, yMn); // 4. xd = xMd * yMn # xn / xd = c1 * xM / yM\n let yn = Fp.sub(xMn, xMd); // 5. yn = xMn - xMd\n let yd = Fp.add(xMn, xMd); // 6. yd = xMn + xMd # (n / d - 1) / (n / d + 1) = (n - d) / (n + d)\n let tv1 = Fp.mul(xd, yd); // 7. tv1 = xd * yd\n let e = Fp.eql(tv1, Fp.ZERO); // 8. e = tv1 == 0\n xn = Fp.cmov(xn, Fp.ZERO, e); // 9. xn = CMOV(xn, 0, e)\n xd = Fp.cmov(xd, Fp.ONE, e); // 10. xd = CMOV(xd, 1, e)\n yn = Fp.cmov(yn, Fp.ONE, e); // 11. yn = CMOV(yn, 1, e)\n yd = Fp.cmov(yd, Fp.ONE, e); // 12. yd = CMOV(yd, 1, e)\n const [xd_inv, yd_inv] = FpInvertBatch(Fp, [xd, yd], true); // batch division\n return { x: Fp.mul(xn, xd_inv), y: Fp.mul(yn, yd_inv) }; // 13. return (xn, xd, yn, yd)\n}\n/** Hashing to ed25519 points / field. RFC 9380 methods. /\nexport const ed25519_hasher = / @__PURE__ / (() => createHasher(ed25519.Point, (scalars) => map_to_curve_elligator2_edwards25519(scalars[0]), {\n DST: 'edwards25519_XMD:SHA-512_ELL2_RO_',\n encodeDST: 'edwards25519_XMD:SHA-512_ELL2_NU_',\n p: ed25519_CURVE_p,\n m: 1,\n k: 128,\n expand: 'xmd',\n hash: sha512,\n}))();\n// √(-1) aka √(a) aka 2^((p-1)/4)\nconst SQRT_M1 = ED25519_SQRT_M1;\n// √(ad - 1)\nconst SQRT_AD_MINUS_ONE = / @__PURE__ / BigInt('25063068953384623474111414158702152701244531502492656460079210482610430750235');\n// 1 / √(a-d)\nconst INVSQRT_A_MINUS_D = / @__PURE__ / BigInt('54469307008909316920995813868745141605393597292927456921205312896311721017578');\n// 1-d²\nconst ONE_MINUS_D_SQ = / @__PURE__ / BigInt('1159843021668779879193775521855586647937357759715417654439879720876111806838');\n// (d-1)²\nconst D_MINUS_ONE_SQ = / @__PURE__ / BigInt('40440834346308536858101042469323190826248399146238708352240133220865137265952');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\nconst MAX_255B = / @__PURE__ / BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');\nconst bytes255ToNumberLE = (bytes) => ed25519.Point.Fp.create(bytesToNumberLE(bytes) & MAX_255B);\n/\n Computes Elligator map for Ristretto255.\n * Described in [RFC9380](https://www.rfc-editor.org/rfc/rfc9380#appendix-B) and on\n * the [website](https://ristretto.group/formulas/elligator.html).\n /\nfunction calcElligatorRistrettoMap(r0) {\n const { d } = ed25519_CURVE;\n const P = ed25519_CURVE_p;\n const mod = (n) => Fp.create(n);\n const r = mod(SQRT_M1 r0 * r0); // 1\n const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2\n let c = BigInt(-1); // 3\n const D = mod((c - d * r) * mod(r + d)); // 4\n let { isValid: Ns_D_is_sq, value: s } = uvRatio(Ns, D); // 5\n let s_ = mod(s * r0); // 6\n if (!isNegativeLE(s_, P))\n s_ = mod(-s_);\n if (!Ns_D_is_sq)\n s = s_; // 7\n if (!Ns_D_is_sq)\n c = r; // 8\n const Nt = mod(c * (r - _1n) * D_MINUS_ONE_SQ - D); // 9\n const s2 = s * s;\n const W0 = mod((s + s) * D); // 10\n const W1 = mod(Nt * SQRT_AD_MINUS_ONE); // 11\n const W2 = mod(_1n - s2); // 12\n const W3 = mod(_1n + s2); // 13\n return new ed25519.Point(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\nfunction ristretto255_map(bytes) {\n abytes(bytes, 64);\n const r1 = bytes255ToNumberLE(bytes.subarray(0, 32));\n const R1 = calcElligatorRistrettoMap(r1);\n const r2 = bytes255ToNumberLE(bytes.subarray(32, 64));\n const R2 = calcElligatorRistrettoMap(r2);\n return new _RistrettoPoint(R1.add(R2));\n}\n/*\n Wrapper over Edwards Point for ristretto255.\n \n Each ed25519/ExtendedPoint has 8 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Ristretto was created to solve this.\n * Ristretto point operates in X:Y:Z:T extended coordinates like ExtendedPoint,\n * but it should work in its own namespace: do not combine those two.\n * See [RFC9496](https://www.rfc-editor.org/rfc/rfc9496).\n /\nclass _RistrettoPoint extends PrimeEdwardsPoint {\n constructor(ep) {\n super(ep);\n }\n static fromAffine(ap) {\n return new _RistrettoPoint(ed25519.Point.fromAffine(ap));\n }\n assertSame(other) {\n if (!(other instanceof _RistrettoPoint))\n throw new Error('RistrettoPoint expected');\n }\n init(ep) {\n return new _RistrettoPoint(ep);\n }\n /* @deprecated use `import { ristretto255_hasher } from '@noble/curves/ed25519.js';` /\n static hashToCurve(hex) {\n return ristretto255_map(ensureBytes('ristrettoHash', hex, 64));\n }\n static fromBytes(bytes) {\n abytes(bytes, 32);\n const { a, d } = ed25519_CURVE;\n const P = ed25519_CURVE_p;\n const mod = (n) => Fp.create(n);\n const s = bytes255ToNumberLE(bytes);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 3. Check that s is non-negative, or else abort\n if (!equalBytes(Fp.toBytes(s), bytes) \|\| isNegativeLE(s, P))\n throw new Error('invalid ristretto255 encoding 1');\n const s2 = mod(s s);\n const u1 = mod(_1n + a * s2); // 4 (a is -1)\n const u2 = mod(_1n - a * s2); // 5\n const u1_2 = mod(u1 * u1);\n const u2_2 = mod(u2 * u2);\n const v = mod(a * d * u1_2 - u2_2); // 6\n const { isValid, value: I } = invertSqrt(mod(v * u2_2)); // 7\n const Dx = mod(I * u2); // 8\n const Dy = mod(I * Dx * v); // 9\n let x = mod((s + s) * Dx); // 10\n if (isNegativeLE(x, P))\n x = mod(-x); // 10\n const y = mod(u1 * Dy); // 11\n const t = mod(x * y); // 12\n if (!isValid \|\| isNegativeLE(t, P) \|\| y === _0n)\n throw new Error('invalid ristretto255 encoding 2');\n return new _RistrettoPoint(new ed25519.Point(x, y, _1n, t));\n }\n /*\n Converts ristretto-encoded string to ristretto point.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-decode).\n * @param hex Ristretto-encoded 32 bytes. Not every 32-byte string is valid ristretto encoding\n /\n static fromHex(hex) {\n return _RistrettoPoint.fromBytes(ensureBytes('ristrettoHex', hex, 32));\n }\n static msm(points, scalars) {\n return pippenger(_RistrettoPoint, ed25519.Point.Fn, points, scalars);\n }\n /\n Encodes ristretto point to Uint8Array.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-encode).\n /\n toBytes() {\n let { X, Y, Z, T } = this.ep;\n const P = ed25519_CURVE_p;\n const mod = (n) => Fp.create(n);\n const u1 = mod(mod(Z + Y) mod(Z - Y)); // 1\n const u2 = mod(X * Y); // 2\n // Square root always exists\n const u2sq = mod(u2 * u2);\n const { value: invsqrt } = invertSqrt(mod(u1 * u2sq)); // 3\n const D1 = mod(invsqrt * u1); // 4\n const D2 = mod(invsqrt * u2); // 5\n const zInv = mod(D1 * D2 * T); // 6\n let D; // 7\n if (isNegativeLE(T * zInv, P)) {\n let _x = mod(Y * SQRT_M1);\n let _y = mod(X * SQRT_M1);\n X = _x;\n Y = _y;\n D = mod(D1 * INVSQRT_A_MINUS_D);\n }\n else {\n D = D2; // 8\n }\n if (isNegativeLE(X * zInv, P))\n Y = mod(-Y); // 9\n let s = mod((Z - Y) * D); // 10 (check footer's note, no sqrt(-a))\n if (isNegativeLE(s, P))\n s = mod(-s);\n return Fp.toBytes(s); // 11\n }\n /*\n Compares two Ristretto points.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-equals).\n /\n equals(other) {\n this.assertSame(other);\n const { X: X1, Y: Y1 } = this.ep;\n const { X: X2, Y: Y2 } = other.ep;\n const mod = (n) => Fp.create(n);\n // (x1 y2 == y1 * x2) \| (y1 * y2 == x1 * x2)\n const one = mod(X1 * Y2) === mod(Y1 * X2);\n const two = mod(Y1 * Y2) === mod(X1 * X2);\n return one \|\| two;\n }\n is0() {\n return this.equals(_RistrettoPoint.ZERO);\n }\n}\n// Do NOT change syntax: the following gymnastics is done,\n// because typescript strips comments, which makes bundlers disable tree-shaking.\n// prettier-ignore\n_RistrettoPoint.BASE = \n/* @__PURE__ / (() => new _RistrettoPoint(ed25519.Point.BASE))();\n// prettier-ignore\n_RistrettoPoint.ZERO = \n/ @__PURE__ / (() => new _RistrettoPoint(ed25519.Point.ZERO))();\n// prettier-ignore\n_RistrettoPoint.Fp = \n/ @__PURE__ / (() => Fp)();\n// prettier-ignore\n_RistrettoPoint.Fn = \n/ @__PURE__ / (() => Fn)();\nexport const ristretto255 = { Point: _RistrettoPoint };\n/* Hashing to ristretto255 points / field. RFC 9380 methods. /\nexport const ristretto255_hasher = {\n hashToCurve(msg, options) {\n const DST = options?.DST \|\| 'ristretto255_XMD:SHA-512_R255MAP_RO_';\n const xmd = expand_message_xmd(msg, DST, 64, sha512);\n return ristretto255_map(xmd);\n },\n hashToScalar(msg, options = { DST: _DST_scalar }) {\n const xmd = expand_message_xmd(msg, options.DST, 64, sha512);\n return Fn.create(bytesToNumberLE(xmd));\n },\n};\n// export const ristretto255_oprf: OPRF = createORPF({\n// name: 'ristretto255-SHA512',\n// Point: RistrettoPoint,\n// hash: sha512,\n// hashToGroup: ristretto255_hasher.hashToCurve,\n// hashToScalar: ristretto255_hasher.hashToScalar,\n// });\n/\n Weird / bogus points, useful for debugging.\n * All 8 ed25519 points of 8-torsion subgroup can be generated from the point\n * T = `26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05`.\n * ⟨T⟩ = { O, T, 2T, 3T, 4T, 5T, 6T, 7T }\n /\nexport const ED25519_TORSION_SUBGROUP = [\n '0100000000000000000000000000000000000000000000000000000000000000',\n 'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a',\n '0000000000000000000000000000000000000000000000000000000000000080',\n '26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05',\n 'ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f',\n '26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc85',\n '0000000000000000000000000000000000000000000000000000000000000000',\n 'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa',\n];\n/* @deprecated use `ed25519.utils.toMontgomery` /\nexport function edwardsToMontgomeryPub(edwardsPub) {\n return ed25519.utils.toMontgomery(ensureBytes('pub', edwardsPub));\n}\n/* @deprecated use `ed25519.utils.toMontgomery` /\nexport const edwardsToMontgomery = edwardsToMontgomeryPub;\n/* @deprecated use `ed25519.utils.toMontgomerySecret` /\nexport function edwardsToMontgomeryPriv(edwardsPriv) {\n return ed25519.utils.toMontgomerySecret(ensureBytes('pub', edwardsPriv));\n}\n/* @deprecated use `ristretto255.Point` /\nexport const RistrettoPoint = _RistrettoPoint;\n/* @deprecated use `import { ed25519_hasher } from '@noble/curves/ed25519.js';` /\nexport const hashToCurve = / @__PURE__ / (() => ed25519_hasher.hashToCurve)();\n/* @deprecated use `import { ed25519_hasher } from '@noble/curves/ed25519.js';` /\nexport const encodeToCurve = / @__PURE__ / (() => ed25519_hasher.encodeToCurve)();\n/* @deprecated use `import { ristretto255_hasher } from '@noble/curves/ed25519.js';` /\nexport const hashToRistretto255 = / @__PURE__ / (() => ristretto255_hasher.hashToCurve)();\n/* @deprecated use `import { ristretto255_hasher } from '@noble/curves/ed25519.js';` /\nexport const hash_to_ristretto255 = / @__PURE__ */ (() => ristretto255_hasher.hashToCurve)();\n//# sourceMappingURL=ed25519.js.map"],"names":["_1n","BigInt","_2n","_5n","_8n","ed25519_CURVE_p","ed25519_CURVE","p","n","h","a","d","Gx","Gy","adjustScalarBytes","bytes","ED25519_SQRT_M1","uvRatio","u","v","P","v3","mod","pow","x","_10n","_20n","_40n","_80n","b2","b4","pow2","b5","b10","b20","b40","b80","b160","b240","b250","pow_p_5_8","ed25519_pow_2_252_3","vx2","root1","root2","useRoot1","useRoot2","noRoot","isNegativeLE","isValid","value","Fp","Field","isLE","ed25519Defaults","hash","sha512","ed25519","twistedEdwards"],"mappings":";;AAwCA,MAAuCA,EAAMC,OAAO,GAAIC,EAAMD,OAAO,GAAUA,OAAO,GAEtF,MAAME,EAAMF,OAAO,GAAIG,EAAMH,OAAO,GAG9BI,EAAkBJ,OACtB,sEAMIK,EAA6C,MAAC,CAClDC,EAAGF,EACHG,EAAGP,OAAO,sEACVQ,EAAGL,EACHM,EAAGT,OAAO,sEACVU,EAAGV,OAAO,sEACVW,GAAIX,OAAO,sEACXY,GAAIZ,OAAO,wEAPsC,GA8BnD,SAASa,EAAkBC,GAQzB,OALAA,EAAM,IAAM,IAEZA,EAAM,KAAO,IAEbA,EAAM,KAAO,GACNA,CACT,CAIA,MAAMC,EAAkCf,OACtC,iFAGF,SAASgB,EAAQC,EAAWC,GAC1B,MAAMC,EAAIf,EACJgB,EAAKC,EAAIH,EAAIA,EAAIA,EAAGC,GAGpBG,EA1CR,SAA6BC,GAE3B,MAAMC,EAAOxB,OAAO,IAAKyB,EAAOzB,OAAO,IAAK0B,EAAO1B,OAAO,IAAK2B,EAAO3B,OAAO,IACvEmB,EAAIf,EAEJwB,EADML,EAAIA,EAAKJ,EACJI,EAAKJ,EAChBU,EAAMC,EAAKF,EAAI3B,EAAKkB,GAAKS,EAAMT,EAC/BY,EAAMD,EAAKD,EAAI9B,EAAKoB,GAAKI,EAAKJ,EAC9Ba,EAAOF,EAAKC,EAAI7B,EAAKiB,GAAKY,EAAMZ,EAChCc,EAAOH,EAAKE,EAAKR,EAAML,GAAKa,EAAOb,EACnCe,EAAOJ,EAAKG,EAAKR,EAAMN,GAAKc,EAAOd,EACnCgB,EAAOL,EAAKI,EAAKR,EAAMP,GAAKe,EAAOf,EACnCiB,EAAQN,EAAKK,EAAKR,EAAMR,GAAKgB,EAAOhB,EACpCkB,EAAQP,EAAKM,EAAMT,EAAMR,GAAKgB,EAAOhB,EACrCmB,EAAQR,EAAKO,EAAMb,EAAML,GAAKa,EAAOb,EAG3C,MAAO,CAAEoB,UAFUT,EAAKQ,EAAMrC,EAAKkB,GAAKI,EAAKJ,EAEzBS,KACtB,CAwBcY,CAAoBvB,EAFrBI,EAAID,EAAKA,EAAKF,EAAGC,IAEYoB,UACxC,IAAIhB,EAAIF,EAAIJ,EAAIG,EAAKE,EAAKH,GAC1B,MAAMsB,EAAMpB,EAAIH,EAAIK,EAAIA,EAAGJ,GACrBuB,EAAQnB,EACRoB,EAAQtB,EAAIE,EAAIR,EAAiBI,GACjCyB,EAAWH,IAAQxB,EACnB4B,EAAWJ,IAAQpB,GAAKJ,EAAGE,GAC3B2B,EAASL,IAAQpB,GAAKJ,EAAIF,EAAiBI,GAIjD,OAHIyB,IAAUrB,EAAImB,IACdG,GAAYC,KAAQvB,EAAIoB,GACxBI,EAAaxB,EAAGJ,KAAII,EAAIF,GAAKE,EAAGJ,IAC7B,CAAE6B,QAASJ,GAAYC,EAAUI,MAAO1B,EACjD,CAEA,MAAM2B,EAAqB,KAAOC,EAAM9C,EAAcC,EAAG,CAAE8C,MAAM,IAAtC,GAGrBC,EAAkC,MAAC,IACpChD,EACH6C,KACAI,KAAMC,EACN1C,oBAIAG,YARsC,GAqB3BwC,EAAmC,KAAOC,EAAeJ,GAAtB","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/curves/esm/utils.js ADDED Viewed

@@ -0,0 +1,3 @@
+import{abytes as t,bytesToHex as r,hexToBytes as e,isBytes as n}from"../../hashes/esm/utils.js";export{anumber,concatBytes,randomBytes,utf8ToBytes}from"../../hashes/esm/utils.js";
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const o=BigInt(0),i=BigInt(1);function f(t,r=""){if("boolean"!=typeof t){throw new Error((r&&`"${r}"`)+"expected boolean, got type="+typeof t)}return t}function c(t,r,e=""){const o=n(t),i=t?.length,f=void 0!==r;if(!o||f&&i!==r){throw new Error((e&&`"${e}" `)+"expected Uint8Array"+(f?` of length ${r}`:"")+", got "+(o?`length=${i}`:"type="+typeof t))}return t}function s(t){if("string"!=typeof t)throw new Error("hex string expected, got "+typeof t);return""===t?o:BigInt("0x"+t)}function u(t){return s(r(t))}function a(e){return t(e),s(r(Uint8Array.from(e).reverse()))}function p(t,r){return e(t.toString(16).padStart(2*r,"0"))}function h(t,r){return p(t,r).reverse()}function g(t,r,o){let i;if("string"==typeof r)try{i=e(r)}catch(r){throw new Error(t+" must be hex string or Uint8Array, cause: "+r)}else{if(!n(r))throw new Error(t+" must be hex string or Uint8Array");i=Uint8Array.from(r)}const f=i.length;if("number"==typeof o&&f!==o)throw new Error(t+" of length "+o+" expected, got "+f);return i}function y(t){return Uint8Array.from(t)}const w=t=>"bigint"==typeof t&&o<=t;function l(t,r,e){return w(t)&&w(r)&&w(e)&&r<=t&&t<e}function d(t,r,e,n){if(!l(r,e,n))throw new Error("expected valid "+t+": "+e+" <= n < "+n+", got "+r)}function m(t){let r;for(r=0;t>o;t>>=i,r+=1);return r}const x=t=>(i<<BigInt(t))-i;function b(t,r,e={}){if(!t||"object"!=typeof t)throw new Error("expected valid options object");function n(r,e,n){const o=t[r];if(n&&void 0===o)return;const i=typeof o;if(i!==e||null===o)throw new Error(`param "${r}" is invalid: expected ${e}, got ${i}`)}Object.entries(r).forEach(([t,r])=>n(t,r,!1)),Object.entries(e).forEach(([t,r])=>n(t,r,!0))}function E(t){const r=new WeakMap;return(e,...n)=>{const o=r.get(e);if(void 0!==o)return o;const i=t(e,...n);return r.set(e,i),i}}export{f as _abool2,c as _abytes2,b as _validateObject,d as aInRange,t as abytes,m as bitLen,x as bitMask,r as bytesToHex,u as bytesToNumberBE,a as bytesToNumberLE,y as copyBytes,g as ensureBytes,e as hexToBytes,s as hexToNumber,l as inRange,n as isBytes,E as memoized,p as numberToBytesBE,h as numberToBytesLE};
+//# sourceMappingURL=utils.js.map

package/dist/esm/node_modules/@noble/curves/esm/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.js","sources":["../../../../../../node_modules/@noble/curves/esm/utils.js"],"sourcesContent":["/**\n * Hex, bytes and number utilities.\n * @module\n */\n/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { abytes as abytes_, bytesToHex as bytesToHex_, concatBytes as concatBytes_, hexToBytes as hexToBytes_, isBytes as isBytes_, } from '@noble/hashes/utils.js';\nexport { abytes, anumber, bytesToHex, bytesToUtf8, concatBytes, hexToBytes, isBytes, randomBytes, utf8ToBytes, } from '@noble/hashes/utils.js';\nconst _0n = /* @__PURE__ */ BigInt(0);\nconst _1n = /* @__PURE__ */ BigInt(1);\nexport function abool(title, value) {\n if (typeof value !== 'boolean')\n throw new Error(title + ' boolean expected, got ' + value);\n}\n// tmp name until v2\nexport function _abool2(value, title = '') {\n if (typeof value !== 'boolean') {\n const prefix = title && `\"${title}\"`;\n throw new Error(prefix + 'expected boolean, got type=' + typeof value);\n }\n return value;\n}\n// tmp name until v2\n/** Asserts something is Uint8Array. */\nexport function _abytes2(value, length, title = '') {\n const bytes = isBytes_(value);\n const len = value?.length;\n const needsLen = length !== undefined;\n if (!bytes || (needsLen && len !== length)) {\n const prefix = title && `\"${title}\" `;\n const ofLen = needsLen ? ` of length ${length}` : '';\n const got = bytes ? `length=${len}` : `type=${typeof value}`;\n throw new Error(prefix + 'expected Uint8Array' + ofLen + ', got ' + got);\n }\n return value;\n}\n// Used in weierstrass, der\nexport function numberToHexUnpadded(num) {\n const hex = num.toString(16);\n return hex.length & 1 ? '0' + hex : hex;\n}\nexport function hexToNumber(hex) {\n if (typeof hex !== 'string')\n throw new Error('hex string expected, got ' + typeof hex);\n return hex === '' ? _0n : BigInt('0x' + hex); // Big Endian\n}\n// BE: Big Endian, LE: Little Endian\nexport function bytesToNumberBE(bytes) {\n return hexToNumber(bytesToHex_(bytes));\n}\nexport function bytesToNumberLE(bytes) {\n abytes_(bytes);\n return hexToNumber(bytesToHex_(Uint8Array.from(bytes).reverse()));\n}\nexport function numberToBytesBE(n, len) {\n return hexToBytes_(n.toString(16).padStart(len * 2, '0'));\n}\nexport function numberToBytesLE(n, len) {\n return numberToBytesBE(n, len).reverse();\n}\n// Unpadded, rarely used\nexport function numberToVarBytesBE(n) {\n return hexToBytes_(numberToHexUnpadded(n));\n}\n/**\n * Takes hex string or Uint8Array, converts to Uint8Array.\n * Validates output length.\n * Will throw error for other types.\n * @param title descriptive title for an error e.g. 'secret key'\n * @param hex hex string or Uint8Array\n * @param expectedLength optional, will compare to result array's length\n * @returns\n */\nexport function ensureBytes(title, hex, expectedLength) {\n let res;\n if (typeof hex === 'string') {\n try {\n res = hexToBytes_(hex);\n }\n catch (e) {\n throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);\n }\n }\n else if (isBytes_(hex)) {\n // Uint8Array.from() instead of hash.slice() because node.js Buffer\n // is instance of Uint8Array, and its slice() creates **mutable** copy\n res = Uint8Array.from(hex);\n }\n else {\n throw new Error(title + ' must be hex string or Uint8Array');\n }\n const len = res.length;\n if (typeof expectedLength === 'number' && len !== expectedLength)\n throw new Error(title + ' of length ' + expectedLength + ' expected, got ' + len);\n return res;\n}\n// Compares 2 u8a-s in kinda constant time\nexport function equalBytes(a, b) {\n if (a.length !== b.length)\n return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++)\n diff |= a[i] ^ b[i];\n return diff === 0;\n}\n/**\n * Copies Uint8Array. We can't use u8a.slice(), because u8a can be Buffer,\n * and Buffer#slice creates mutable copy. Never use Buffers!\n */\nexport function copyBytes(bytes) {\n return Uint8Array.from(bytes);\n}\n/**\n * Decodes 7-bit ASCII string to Uint8Array, throws on non-ascii symbols\n * Should be safe to use for things expected to be ASCII.\n * Returns exact same result as utf8ToBytes for ASCII or throws.\n */\nexport function asciiToBytes(ascii) {\n return Uint8Array.from(ascii, (c, i) => {\n const charCode = c.charCodeAt(0);\n if (c.length !== 1 || charCode > 127) {\n throw new Error(`string contains non-ASCII character \"${ascii[i]}\" with code ${charCode} at position ${i}`);\n }\n return charCode;\n });\n}\n/**\n * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])\n */\n// export const utf8ToBytes: typeof utf8ToBytes_ = utf8ToBytes_;\n/**\n * Converts bytes to string using UTF8 encoding.\n * @example bytesToUtf8(Uint8Array.from([97, 98, 99])) // 'abc'\n */\n// export const bytesToUtf8: typeof bytesToUtf8_ = bytesToUtf8_;\n// Is positive bigint\nconst isPosBig = (n) => typeof n === 'bigint' && _0n <= n;\nexport function inRange(n, min, max) {\n return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;\n}\n/**\n * Asserts min <= n < max. NOTE: It's < max and not <= max.\n * @example\n * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)\n */\nexport function aInRange(title, n, min, max) {\n // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?\n // consider P=256n, min=0n, max=P\n // - a for min=0 would require -1: `inRange('x', x, -1n, P)`\n // - b would commonly require subtraction: `inRange('x', x, 0n, P - 1n)`\n // - our way is the cleanest: `inRange('x', x, 0n, P)\n if (!inRange(n, min, max))\n throw new Error('expected valid ' + title + ': ' + min + ' <= n < ' + max + ', got ' + n);\n}\n// Bit operations\n/**\n * Calculates amount of bits in a bigint.\n * Same as `n.toString(2).length`\n * TODO: merge with nLength in modular\n */\nexport function bitLen(n) {\n let len;\n for (len = 0; n > _0n; n >>= _1n, len += 1)\n ;\n return len;\n}\n/**\n * Gets single bit at position.\n * NOTE: first bit position is 0 (same as arrays)\n * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`\n */\nexport function bitGet(n, pos) {\n return (n >> BigInt(pos)) & _1n;\n}\n/**\n * Sets single bit at position.\n */\nexport function bitSet(n, pos, value) {\n return n | ((value ? _1n : _0n) << BigInt(pos));\n}\n/**\n * Calculate mask for N bits. Not using ** operator with bigints because of old engines.\n * Same as BigInt(`0b${Array(i).fill('1').join('')}`)\n */\nexport const bitMask = (n) => (_1n << BigInt(n)) - _1n;\n/**\n * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n * @returns function that will call DRBG until 2nd arg returns something meaningful\n * @example\n * const drbg = createHmacDRBG<Key>(32, 32, hmac);\n * drbg(seed, bytesToKey); // bytesToKey must return Key or undefined\n */\nexport function createHmacDrbg(hashLen, qByteLen, hmacFn) {\n if (typeof hashLen !== 'number' || hashLen < 2)\n throw new Error('hashLen must be a number');\n if (typeof qByteLen !== 'number' || qByteLen < 2)\n throw new Error('qByteLen must be a number');\n if (typeof hmacFn !== 'function')\n throw new Error('hmacFn must be a function');\n // Step B, Step C: set hashLen to 8*ceil(hlen/8)\n const u8n = (len) => new Uint8Array(len); // creates Uint8Array\n const u8of = (byte) => Uint8Array.of(byte); // another shortcut\n let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.\n let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same\n let i = 0; // Iterations counter, will throw when over 1000\n const reset = () => {\n v.fill(1);\n k.fill(0);\n i = 0;\n };\n const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)\n const reseed = (seed = u8n(0)) => {\n // HMAC-DRBG reseed() function. Steps D-G\n k = h(u8of(0x00), seed); // k = hmac(k || v || 0x00 || seed)\n v = h(); // v = hmac(k || v)\n if (seed.length === 0)\n return;\n k = h(u8of(0x01), seed); // k = hmac(k || v || 0x01 || seed)\n v = h(); // v = hmac(k || v)\n };\n const gen = () => {\n // HMAC-DRBG generate() function\n if (i++ >= 1000)\n throw new Error('drbg: tried 1000 values');\n let len = 0;\n const out = [];\n while (len < qByteLen) {\n v = h();\n const sl = v.slice();\n out.push(sl);\n len += v.length;\n }\n return concatBytes_(...out);\n };\n const genUntil = (seed, pred) => {\n reset();\n reseed(seed); // Steps D-G\n let res = undefined; // Step H: grind until k is in [1..n-1]\n while (!(res = pred(gen())))\n reseed();\n reset();\n return res;\n };\n return genUntil;\n}\n// Validating curves and fields\nconst validatorFns = {\n bigint: (val) => typeof val === 'bigint',\n function: (val) => typeof val === 'function',\n boolean: (val) => typeof val === 'boolean',\n string: (val) => typeof val === 'string',\n stringOrUint8Array: (val) => typeof val === 'string' || isBytes_(val),\n isSafeInteger: (val) => Number.isSafeInteger(val),\n array: (val) => Array.isArray(val),\n field: (val, object) => object.Fp.isValid(val),\n hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),\n};\n// type Record<K extends string | number | symbol, T> = { [P in K]: T; }\nexport function validateObject(object, validators, optValidators = {}) {\n const checkField = (fieldName, type, isOptional) => {\n const checkVal = validatorFns[type];\n if (typeof checkVal !== 'function')\n throw new Error('invalid validator function');\n const val = object[fieldName];\n if (isOptional && val === undefined)\n return;\n if (!checkVal(val, object)) {\n throw new Error('param ' + String(fieldName) + ' is invalid. Expected ' + type + ', got ' + val);\n }\n };\n for (const [fieldName, type] of Object.entries(validators))\n checkField(fieldName, type, false);\n for (const [fieldName, type] of Object.entries(optValidators))\n checkField(fieldName, type, true);\n return object;\n}\n// validate type tests\n// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };\n// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!\n// // Should fail type-check\n// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });\n// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });\n// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });\n// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });\nexport function isHash(val) {\n return typeof val === 'function' && Number.isSafeInteger(val.outputLen);\n}\nexport function _validateObject(object, fields, optFields = {}) {\n if (!object || typeof object !== 'object')\n throw new Error('expected valid options object');\n function checkField(fieldName, expectedType, isOpt) {\n const val = object[fieldName];\n if (isOpt && val === undefined)\n return;\n const current = typeof val;\n if (current !== expectedType || val === null)\n throw new Error(`param \"${fieldName}\" is invalid: expected ${expectedType}, got ${current}`);\n }\n Object.entries(fields).forEach(([k, v]) => checkField(k, v, false));\n Object.entries(optFields).forEach(([k, v]) => checkField(k, v, true));\n}\n/**\n * throws not implemented error\n */\nexport const notImplemented = () => {\n throw new Error('not implemented');\n};\n/**\n * Memoizes (caches) computation result.\n * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.\n */\nexport function memoized(fn) {\n const map = new WeakMap();\n return (arg, ...args) => {\n const val = map.get(arg);\n if (val !== undefined)\n return val;\n const computed = fn(arg, ...args);\n map.set(arg, computed);\n return computed;\n };\n}\n//# sourceMappingURL=utils.js.map"],"names":["_0n","BigInt","_1n","_abool2","value","title","Error","_abytes2","length","bytes","isBytes_","len","needsLen","undefined","hexToNumber","hex","bytesToNumberBE","bytesToHex_","bytesToNumberLE","abytes_","Uint8Array","from","reverse","numberToBytesBE","n","hexToBytes_","toString","padStart","numberToBytesLE","ensureBytes","expectedLength","res","e","copyBytes","isPosBig","inRange","min","max","aInRange","bitLen","bitMask"],"mappings":";sEAuBA,MAAMA,EAAsBC,OAAO,GAC7BC,EAAsBD,OAAK,GAgB3B,SAAUE,EAAQC,EAASC,EAAA,IAC/B,GAAqB,kBAAVD,EAAkB,CAE3B,MAAM,IAAIE,OADKD,GAAS,IAAIA,MACH,qCAAiCD,EAC9D,CACE,OAAOA,CACT,CAIM,SAAUG,EAAEH,EAAAI,EAAAH,EAAA,IAChB,MAAMI,EAAQC,EAASN,GACzBO,EAAAP,GAAAI,OACQI,OAAsBC,IAAXL,EACjB,IAAKC,GAAUG,GAAYD,IAAQH,EAAS,CAI9C,MAAA,IAAAF,OAHAD,GAAA,IAAAA,OAGA,uBAFkBO,EAAW,cAAWJ,IAAA,IAExC,UADgBC,EAAQ,UAAUE,IAAQ,eAAEP,GAE1C,CACA,OAAOA,CACT,CAQM,SAAUU,EAAYC,GAC1B,GAAQ,iBAAAA,EAAA,MAAA,IAAAT,MAAA,mCAAAS,GACR,MAAA,KAAAA,EAAAf,EAAAC,OAAA,KAAAc,EACF,CAGM,SAAMC,EAAAP,GACV,OAAOK,EAAYG,EAAYR,GACjC,CACM,SAAUS,EAAET,GAEhB,OADAU,EAAQV,GACFK,EAAAG,EAAAG,WAAAC,KAAAZ,GAAAa,WACR,CAEM,SAAUC,EAAgBC,EAAoBb,GAClD,OAAOc,EAAYD,EAAEE,SAAS,IAAIC,SAAe,EAANhB,EAAS,KACtD,CACI,SAAAiB,EAAAJ,EAAAb,GACF,OAAOY,EAAAC,EAAAb,GAAAW,SACT,CAeA,SAAAO,EAAAxB,EAAAU,EAAAe,GACE,IAAAC,EACA,GAAmB,iBAARhB,EACT,IACFgB,EAAAN,EAAAV,EACE,CAAE,MAAOiB,GACP,MAAM,IAAI1B,MAAMD,EAAQ,6CAAG2B,EACjC,KACE,KAAAtB,EAAAK,GAKE,MAAM,IAAIT,MAAMD,EAAQ,qCAFxB0B,EAAMX,WAAWC,KAAKN,EAGxB,CACA,MAAMJ,EAAMoB,EAAIvB,OAChB,GAA8B,iBAAnBsB,GAA+BnB,IAAEmB,EAC1C,MAAM,IAAIxB,MAAMD,EAAQ,cAAgByB,EAAiB,kBAAoBnB,GAC/E,OAAMoB,CACR,CAaM,SAAUE,EAAUxB,GACxB,OAAOW,WAAWC,KAAKZ,EACzB,CA8BA,MAAMyB,EAAYV,GAA2B,iBAANA,GAASxB,GAAAwB,EAE9C,SAAAW,EAAAX,EAAAY,EAAAC,GACA,OAAOH,EAASV,IAAMU,EAAOE,IAAAF,EAAAG,IAAAD,GAAAZ,GAAAA,EAAAa,CAC/B,CAOA,SAAAC,EAAAjC,EAAAmB,EAAAY,EAAAC,GAME,IAAAF,EAAAX,EAAAY,EAAAC,GACE,MAAM,IAAI/B,MAAM,kBAAoBD,EAAQ,KAAM+B,EAAA,WAAAC,EAAA,SAAAb,EACtD,CASM,SAAUe,EAAOf,GACrB,IAAIb,EACJ,IAAKA,EAAM,EAAGa,EAAIxB,EAAKwB,IAAMtB,EAAKS,GAAO,GACzC,OAAOA,CACT,CAsBO,MAAM6B,EAAUhB,IAAAtB,GAAAD,OAAAuB,IAAAtB","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/hashes/esm/_md.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{Hash as t,createView as s,aexists as e,toBytes as i,abytes as n,aoutput as o,clean as r}from"./utils.js";function h(t,s,e,i){if("function"==typeof t.setBigUint64)return t.setBigUint64(s,e,i);const n=BigInt(32),o=BigInt(4294967295),r=Number(e>>n&o),h=Number(e&o),f=i?4:0,u=i?0:4;t.setUint32(s+f,r,i),t.setUint32(s+u,h,i)}function f(t,s,e){return t&s^~t&e}function u(t,s,e){return t&s^t&e^s&e}class c extends t{constructor(t,e,i,n){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=e,this.padOffset=i,this.isLE=n,this.buffer=new Uint8Array(t),this.view=s(this.buffer)}update(t){e(this),t=i(t),n(t);const{view:o,buffer:r,blockLen:h}=this,f=t.length;for(let e=0;e<f;){const i=Math.min(h-this.pos,f-e);if(i!==h)r.set(t.subarray(e,e+i),this.pos),this.pos+=i,e+=i,this.pos===h&&(this.process(o,0),this.pos=0);else{const i=s(t);for(;h<=f-e;e+=h)this.process(i,e)}}return this.length+=t.length,this.roundClean(),this}digestInto(t){e(this),o(t,this),this.finished=!0;const{buffer:i,view:n,blockLen:f,isLE:u}=this;let{pos:c}=this;i[c++]=128,r(this.buffer.subarray(c)),this.padOffset>f-c&&(this.process(n,0),c=0);for(let t=c;t<f;t++)i[t]=0;h(n,f-8,BigInt(8*this.length),u),this.process(n,0);const l=s(t),p=this.outputLen;if(p%4)throw new Error("_sha2: outputLen should be aligned to 32bit");const d=p/4,g=this.get();if(d>g.length)throw new Error("_sha2: outputLen bigger than state");for(let t=0;t<d;t++)l.setUint32(4*t,g[t],u)}digest(){const{buffer:t,outputLen:s}=this;this.digestInto(t);const e=t.slice(0,s);return this.destroy(),e}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());const{blockLen:s,buffer:e,length:i,finished:n,destroyed:o,pos:r}=this;return t.destroyed=o,t.finished=n,t.length=i,t.pos=r,i%s&&t.buffer.set(e),t}clone(){return this._cloneInto()}}const l=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),p=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]);export{f as Chi,c as HashMD,u as Maj,l as SHA256_IV,p as SHA512_IV,h as setBigUint64};
+import{Hash as t,createView as s,aexists as e,toBytes as i,abytes as n,aoutput as o,clean as r}from"./utils.js";function h(t,s,e,i){if("function"==typeof t.setBigUint64)return t.setBigUint64(s,e,i);const n=BigInt(32),o=BigInt(4294967295),r=Number(e>>n&o),h=Number(e&o),u=i?4:0,f=i?0:4;t.setUint32(s+u,r,i),t.setUint32(s+f,h,i)}function u(t,s,e){return t&s^~t&e}function f(t,s,e){return t&s^t&e^s&e}class c extends t{constructor(t,e,i,n){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=e,this.padOffset=i,this.isLE=n,this.buffer=new Uint8Array(t),this.view=s(this.buffer)}update(t){e(this),t=i(t),n(t);const{view:o,buffer:r,blockLen:h}=this,u=t.length;for(let e=0;e<u;){const i=Math.min(h-this.pos,u-e);if(i===h){const i=s(t);for(;h<=u-e;e+=h)this.process(i,e);continue}r.set(t.subarray(e,e+i),this.pos),this.pos+=i,e+=i,this.pos===h&&(this.process(o,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){e(this),o(t,this),this.finished=!0;const{buffer:i,view:n,blockLen:u,isLE:f}=this;let{pos:c}=this;i[c++]=128,r(this.buffer.subarray(c)),this.padOffset>u-c&&(this.process(n,0),c=0);for(let t=c;t<u;t++)i[t]=0;h(n,u-8,BigInt(8*this.length),f),this.process(n,0);const l=s(t),p=this.outputLen;if(p%4)throw new Error("_sha2: outputLen should be aligned to 32bit");const d=p/4,g=this.get();if(d>g.length)throw new Error("_sha2: outputLen bigger than state");for(let t=0;t<d;t++)l.setUint32(4*t,g[t],f)}digest(){const{buffer:t,outputLen:s}=this;this.digestInto(t);const e=t.slice(0,s);return this.destroy(),e}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());const{blockLen:s,buffer:e,length:i,finished:n,destroyed:o,pos:r}=this;return t.destroyed=o,t.finished=n,t.length=i,t.pos=r,i%s&&t.buffer.set(e),t}clone(){return this._cloneInto()}}const l=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]),p=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209]);export{u as Chi,c as HashMD,f as Maj,l as SHA256_IV,p as SHA512_IV,h as setBigUint64};
 //# sourceMappingURL=_md.js.map

package/dist/esm/node_modules/@noble/hashes/esm/_md.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"_md.js","sources":["../../../../../../node_modules/@noble/hashes/esm/_md.js"],"sourcesContent":["/*\n Internal Merkle-Damgard hash utils.\n * @module\n /\nimport { Hash, abytes, aexists, aoutput, clean, createView, toBytes } from \"./utils.js\";\n/* Polyfill for Safari 14. https://caniuse.com/mdn-javascript_builtins_dataview_setbiguint64 /\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/* Choice: a ? b : c /\nexport function Chi(a, b, c) {\n return (a & b) ^ (~a & c);\n}\n/* Majority function, true if any two inputs is true. /\nexport function Maj(a, b, c) {\n return (a & b) ^ (a & c) ^ (b & c);\n}\n/\n Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n /\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n aexists(this);\n data = toBytes(data);\n abytes(data);\n const { view, buffer, blockLen } = this;\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n clean(this.buffer.subarray(pos));\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (10246)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to \|\| (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.destroyed = destroyed;\n to.finished = finished;\n to.length = length;\n to.pos = pos;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n clone() {\n return this._cloneInto();\n }\n}\n/*\n Initial SHA-2 state: fractional parts of square roots of first 16 primes 2..53.\n * Check out `test/misc/sha2-gen-iv.js` for recomputation guide.\n /\n/* Initial SHA256 state. Bits 0..32 of frac part of sqrt of primes 2..19 /\nexport const SHA256_IV = / @__PURE__ / Uint32Array.from([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,\n]);\n/* Initial SHA224 state. Bits 32..64 of frac part of sqrt of primes 23..53 /\nexport const SHA224_IV = / @__PURE__ / Uint32Array.from([\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4,\n]);\n/* Initial SHA384 state. Bits 0..64 of frac part of sqrt of primes 23..53 /\nexport const SHA384_IV = / @__PURE__ / Uint32Array.from([\n 0xcbbb9d5d, 0xc1059ed8, 0x629a292a, 0x367cd507, 0x9159015a, 0x3070dd17, 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31, 0x8eb44a87, 0x68581511, 0xdb0c2e0d, 0x64f98fa7, 0x47b5481d, 0xbefa4fa4,\n]);\n/* Initial SHA512 state. Bits 0..64 of frac part of sqrt of primes 2..19 /\nexport const SHA512_IV = / @__PURE__ */ Uint32Array.from([\n 0x6a09e667, 0xf3bcc908, 0xbb67ae85, 0x84caa73b, 0x3c6ef372, 0xfe94f82b, 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1, 0x9b05688c, 0x2b3e6c1f, 0x1f83d9ab, 0xfb41bd6b, 0x5be0cd19, 0x137e2179,\n]);\n//# sourceMappingURL=_md.js.map"],"names":["setBigUint64","view","byteOffset","value","isLE","_32n","BigInt","_u32_max","wh","Number","wl","h","l","setUint32","Chi","a","b","c","Maj","HashMD","Hash","constructor","blockLen","outputLen","padOffset","super","this","finished","length","pos","destroyed","buffer","Uint8Array","createView","update","data","aexists","toBytes","abytes","len","take","Math","min","~~set~~","~~subarray~~","~~process~~","~~dataView~~","roundClean","digestInto","out","aoutput","clean","i","oview","Error","outLen","state","get","digest","res","slice","destroy","_cloneInto","to","clone","SHA256_IV","Uint32Array","from","SHA512_IV"],"mappings":"gHAOM,SAAUA,EACdC,EACAC,EACAC,EACAC,GAEA,GAAiC,mBAAtBH,EAAKD,aAA6B,OAAOC,EAAKD,aAAaE,EAAYC,EAAOC,GACzF,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQN,GAASE,EAAQE,GAC9BG,EAAKD,OAAON,EAAQI,GACpBI,EAAIP,EAAO,EAAI,EACfQ,EAAIR,EAAO,EAAI,EACrBH,EAAKY,UAAUX,EAAaS,EAAGH,EAAIJ,GACnCH,EAAKY,UAAUX,EAAaU,EAAGF,EAAIN,EACrC,CAGM,SAAUU,EAAIC,EAAWC,EAAWC,GACxC,OAAQF,EAAIC,GAAOD,EAAIE,CACzB,CAGM,SAAUC,EAAIH,EAAWC,EAAWC,GACxC,OAAQF,EAAIC,EAAMD,EAAIE,EAAMD,EAAIC,CAClC,CAMM,MAAgBE,UAAoCC,EAoBxDC,WAAAA,CAAYC,EAAkBC,EAAmBC,EAAmBpB,GAClEqB,QANQC,KAAAC,UAAW,EACXD,KAAAE,OAAS,EACTF,KAAAG,IAAM,EACNH,KAAAI,WAAY,EAIpBJ,KAAKJ,SAAWA,EAChBI,KAAKH,UAAYA,EACjBG,KAAKF,UAAYA,EACjBE,KAAKtB,KAAOA,EACZsB,KAAKK,OAAS,IAAIC,WAAWV,GAC7BI,KAAKzB,KAAOgC,EAAWP,KAAKK,OAC9B,CACAG,MAAAA,CAAOC,GACLC,EAAQV,MACRS,EAAOE,EAAQF,GACfG,EAAOH,GACP,MAAMlC,KAAEA,EAAI8B,OAAEA,EAAMT,SAAEA,GAAaI,KAC7Ba,EAAMJ,EAAKP,OACjB,IAAK,IAAIC,EAAM,EAAGA,EAAMU,GAAO,CAC7B,MAAMC,EAAOC,KAAKC,IAAIpB,EAAWI,KAAKG,IAAKU,EAAMV,GAEjD,GAAIW,IAASlB,~~EAKbS~~,~~EAAOY~~,~~IAAIR~~,~~EAAKS~~,~~SAASf~~,EAAKA,EAAMW,GAAOd,KAAKG,KAChDH,KAAKG,KAAOW,EACZX,GAAOW,EACHd,KAAKG,MAAQP,IACfI,~~KAAKmB~~,~~QAAQ5C~~,EAAM,GACnByB,KAAKG,IAAM,~~OAVb~~,~~CACE,MAAMiB,EAAWb,EAAWE,GAC5B,KAAOb,GAAYiB,EAAMV,EAAKA,GAAOP,EAAUI,KAAKmB,QAAQC,EAAUjB,EAExE,CAQF,~~CAGA,OAFAH,KAAKE,QAAUO,EAAKP,OACpBF,KAAKqB,aACErB,IACT,CACAsB,UAAAA,CAAWC,GACTb,EAAQV,MACRwB,EAAQD,EAAKvB,MACbA,KAAKC,UAAW,EAIhB,MAAMI,OAAEA,EAAM9B,KAAEA,EAAIqB,SAAEA,EAAQlB,KAAEA,GAASsB,KACzC,IAAIG,IAAEA,GAAQH,KAEdK,EAAOF,KAAS,IAChBsB,EAAMzB,KAAKK,~~OAAOa~~,~~SAASf~~,IAGvBH,KAAKF,UAAYF,EAAWO,IAC9BH,~~KAAKmB~~,~~QAAQ5C~~,EAAM,GACnB4B,EAAM,GAGR,IAAK,IAAIuB,EAAIvB,EAAKuB,EAAI9B,EAAU8B,IAAKrB,EAAOqB,GAAK,EAIjDpD,EAAaC,EAAMqB,EAAW,EAAGhB,OAAqB,EAAdoB,KAAKE,QAAaxB,GAC1DsB,~~KAAKmB~~,~~QAAQ5C~~,EAAM,GACnB,MAAMoD,EAAQpB,EAAWgB,GACnBV,EAAMb,KAAKH,UAEjB,GAAIgB,EAAM,EAAG,MAAM,IAAIe,MAAM,+CAC7B,MAAMC,EAAShB,EAAM,EACfiB,EAAQ9B,KAAK+B,MACnB,GAAIF,EAASC,EAAM5B,OAAQ,MAAM,IAAI0B,MAAM,sCAC3C,IAAK,IAAIF,EAAI,EAAGA,EAAIG,EAAQH,IAAKC,EAAMxC,UAAU,EAAIuC,EAAGI,EAAMJ,GAAIhD,EACpE,CACAsD,MAAAA,GACE,MAAM3B,OAAEA,EAAMR,UAAEA,GAAcG,KAC9BA,KAAKsB,WAAWjB,GAChB,MAAM4B,EAAM5B,EAAO6B,MAAM,EAAGrC,GAE5B,OADAG,KAAKmC,UACEF,CACT,CACAG,UAAAA,CAAWC,GACTA,IAAAA,EAAO,IAAKrC,KAAKL,aACjB0C,~~EAAGpB~~,~~OAAOjB~~,KAAK+B,OACf,MAAMnC,SAAEA,EAAQS,OAAEA,EAAMH,OAAEA,EAAMD,SAAEA,EAAQG,UAAEA,EAASD,IAAEA,GAAQH,KAM/D,OALAqC,EAAGjC,UAAYA,EACfiC,EAAGpC,SAAWA,EACdoC,EAAGnC,OAASA,EACZmC,EAAGlC,IAAMA,EACLD,EAASN,GAAUyC,EAAGhC,~~OAAOY~~,~~IAAIZ~~,GAC9BgC,CACT,CACAC,KAAAA,GACE,OAAOtC,KAAKoC,YACd,EASK,MAAMG,EAAyCC,YAAYC,KAAK,CACrE,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAezEC,EAAyCF,YAAYC,KAAK,CACrE,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY","x_google_ignoreList":[0]}
1	+ {"version":3,"file":"_md.js","sources":["../../../../../../node_modules/@noble/hashes/esm/_md.js"],"sourcesContent":["/*\n Internal Merkle-Damgard hash utils.\n * @module\n /\nimport { Hash, abytes, aexists, aoutput, clean, createView, toBytes } from \"./utils.js\";\n/* Polyfill for Safari 14. https://caniuse.com/mdn-javascript_builtins_dataview_setbiguint64 /\nexport function setBigUint64(view, byteOffset, value, isLE) {\n if (typeof view.setBigUint64 === 'function')\n return view.setBigUint64(byteOffset, value, isLE);\n const _32n = BigInt(32);\n const _u32_max = BigInt(0xffffffff);\n const wh = Number((value >> _32n) & _u32_max);\n const wl = Number(value & _u32_max);\n const h = isLE ? 4 : 0;\n const l = isLE ? 0 : 4;\n view.setUint32(byteOffset + h, wh, isLE);\n view.setUint32(byteOffset + l, wl, isLE);\n}\n/* Choice: a ? b : c /\nexport function Chi(a, b, c) {\n return (a & b) ^ (~a & c);\n}\n/* Majority function, true if any two inputs is true. /\nexport function Maj(a, b, c) {\n return (a & b) ^ (a & c) ^ (b & c);\n}\n/\n Merkle-Damgard hash construction base class.\n * Could be used to create MD5, RIPEMD, SHA1, SHA2.\n /\nexport class HashMD extends Hash {\n constructor(blockLen, outputLen, padOffset, isLE) {\n super();\n this.finished = false;\n this.length = 0;\n this.pos = 0;\n this.destroyed = false;\n this.blockLen = blockLen;\n this.outputLen = outputLen;\n this.padOffset = padOffset;\n this.isLE = isLE;\n this.buffer = new Uint8Array(blockLen);\n this.view = createView(this.buffer);\n }\n update(data) {\n aexists(this);\n data = toBytes(data);\n abytes(data);\n const { view, buffer, blockLen } = this;\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n // Fast path: we have at least one block in input, cast it to view and process\n if (take === blockLen) {\n const dataView = createView(data);\n for (; blockLen <= len - pos; pos += blockLen)\n this.process(dataView, pos);\n continue;\n }\n buffer.set(data.subarray(pos, pos + take), this.pos);\n this.pos += take;\n pos += take;\n if (this.pos === blockLen) {\n this.process(view, 0);\n this.pos = 0;\n }\n }\n this.length += data.length;\n this.roundClean();\n return this;\n }\n digestInto(out) {\n aexists(this);\n aoutput(out, this);\n this.finished = true;\n // Padding\n // We can avoid allocation of buffer for padding completely if it\n // was previously not allocated here. But it won't change performance.\n const { buffer, view, blockLen, isLE } = this;\n let { pos } = this;\n // append the bit '1' to the message\n buffer[pos++] = 0b10000000;\n clean(this.buffer.subarray(pos));\n // we have less than padOffset left in buffer, so we cannot put length in\n // current block, need process it and pad again\n if (this.padOffset > blockLen - pos) {\n this.process(view, 0);\n pos = 0;\n }\n // Pad until full block byte with zeros\n for (let i = pos; i < blockLen; i++)\n buffer[i] = 0;\n // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that\n // You need to write around 2 exabytes (u64_max / 8 / (10246)) for this to happen.\n // So we just write lowest 64 bits of that value.\n setBigUint64(view, blockLen - 8, BigInt(this.length 8), isLE);\n this.process(view, 0);\n const oview = createView(out);\n const len = this.outputLen;\n // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT\n if (len % 4)\n throw new Error('_sha2: outputLen should be aligned to 32bit');\n const outLen = len / 4;\n const state = this.get();\n if (outLen > state.length)\n throw new Error('_sha2: outputLen bigger than state');\n for (let i = 0; i < outLen; i++)\n oview.setUint32(4 * i, state[i], isLE);\n }\n digest() {\n const { buffer, outputLen } = this;\n this.digestInto(buffer);\n const res = buffer.slice(0, outputLen);\n this.destroy();\n return res;\n }\n _cloneInto(to) {\n to \|\| (to = new this.constructor());\n to.set(...this.get());\n const { blockLen, buffer, length, finished, destroyed, pos } = this;\n to.destroyed = destroyed;\n to.finished = finished;\n to.length = length;\n to.pos = pos;\n if (length % blockLen)\n to.buffer.set(buffer);\n return to;\n }\n clone() {\n return this._cloneInto();\n }\n}\n/*\n Initial SHA-2 state: fractional parts of square roots of first 16 primes 2..53.\n * Check out `test/misc/sha2-gen-iv.js` for recomputation guide.\n /\n/* Initial SHA256 state. Bits 0..32 of frac part of sqrt of primes 2..19 /\nexport const SHA256_IV = / @__PURE__ / Uint32Array.from([\n 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,\n]);\n/* Initial SHA224 state. Bits 32..64 of frac part of sqrt of primes 23..53 /\nexport const SHA224_IV = / @__PURE__ / Uint32Array.from([\n 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4,\n]);\n/* Initial SHA384 state. Bits 0..64 of frac part of sqrt of primes 23..53 /\nexport const SHA384_IV = / @__PURE__ / Uint32Array.from([\n 0xcbbb9d5d, 0xc1059ed8, 0x629a292a, 0x367cd507, 0x9159015a, 0x3070dd17, 0x152fecd8, 0xf70e5939,\n 0x67332667, 0xffc00b31, 0x8eb44a87, 0x68581511, 0xdb0c2e0d, 0x64f98fa7, 0x47b5481d, 0xbefa4fa4,\n]);\n/* Initial SHA512 state. Bits 0..64 of frac part of sqrt of primes 2..19 /\nexport const SHA512_IV = / @__PURE__ */ Uint32Array.from([\n 0x6a09e667, 0xf3bcc908, 0xbb67ae85, 0x84caa73b, 0x3c6ef372, 0xfe94f82b, 0xa54ff53a, 0x5f1d36f1,\n 0x510e527f, 0xade682d1, 0x9b05688c, 0x2b3e6c1f, 0x1f83d9ab, 0xfb41bd6b, 0x5be0cd19, 0x137e2179,\n]);\n//# sourceMappingURL=_md.js.map"],"names":["setBigUint64","view","byteOffset","value","isLE","_32n","BigInt","_u32_max","wh","Number","wl","h","l","setUint32","Chi","a","b","c","Maj","HashMD","Hash","constructor","blockLen","outputLen","padOffset","super","this","finished","length","pos","destroyed","buffer","Uint8Array","createView","update","data","aexists","toBytes","abytes","len","take","Math","min","dataView","process","set","subarray","roundClean","digestInto","out","aoutput","clean","i","oview","Error","outLen","state","get","digest","res","slice","destroy","_cloneInto","to","clone","SHA256_IV","Uint32Array","from","SHA512_IV"],"mappings":"gHAOM,SAAUA,EACdC,EACAC,EACAC,EACAC,GAEA,GAAiC,mBAAtBH,EAAKD,aAA6B,OAAOC,EAAKD,aAAaE,EAAYC,EAAOC,GACzF,MAAMC,EAAOC,OAAO,IACdC,EAAWD,OAAO,YAClBE,EAAKC,OAAQN,GAASE,EAAQE,GAC9BG,EAAKD,OAAON,EAAQI,GACpBI,EAAIP,EAAO,EAAI,EACfQ,EAAIR,EAAO,EAAI,EACrBH,EAAKY,UAAUX,EAAaS,EAAGH,EAAIJ,GACnCH,EAAKY,UAAUX,EAAaU,EAAGF,EAAIN,EACrC,CAGM,SAAUU,EAAIC,EAAWC,EAAWC,GACxC,OAAQF,EAAIC,GAAOD,EAAIE,CACzB,CAGM,SAAUC,EAAIH,EAAWC,EAAWC,GACxC,OAAQF,EAAIC,EAAMD,EAAIE,EAAMD,EAAIC,CAClC,CAMM,MAAgBE,UAAoCC,EAoBxDC,WAAAA,CAAYC,EAAkBC,EAAmBC,EAAmBpB,GAClEqB,QANQC,KAAAC,UAAW,EACXD,KAAAE,OAAS,EACTF,KAAAG,IAAM,EACNH,KAAAI,WAAY,EAIpBJ,KAAKJ,SAAWA,EAChBI,KAAKH,UAAYA,EACjBG,KAAKF,UAAYA,EACjBE,KAAKtB,KAAOA,EACZsB,KAAKK,OAAS,IAAIC,WAAWV,GAC7BI,KAAKzB,KAAOgC,EAAWP,KAAKK,OAC9B,CACAG,MAAAA,CAAOC,GACLC,EAAQV,MACRS,EAAOE,EAAQF,GACfG,EAAOH,GACP,MAAMlC,KAAEA,EAAI8B,OAAEA,EAAMT,SAAEA,GAAaI,KAC7Ba,EAAMJ,EAAKP,OACjB,IAAK,IAAIC,EAAM,EAAGA,EAAMU,GAAO,CAC7B,MAAMC,EAAOC,KAAKC,IAAIpB,EAAWI,KAAKG,IAAKU,EAAMV,GAEjD,GAAIW,IAASlB,EAAU,CACrB,MAAMqB,EAAWV,EAAWE,GAC5B,KAAOb,GAAYiB,EAAMV,EAAKA,GAAOP,EAAUI,KAAKkB,QAAQD,EAAUd,GACtE,QACF,CACAE,EAAOc,IAAIV,EAAKW,SAASjB,EAAKA,EAAMW,GAAOd,KAAKG,KAChDH,KAAKG,KAAOW,EACZX,GAAOW,EACHd,KAAKG,MAAQP,IACfI,KAAKkB,QAAQ3C,EAAM,GACnByB,KAAKG,IAAM,EAEf,CAGA,OAFAH,KAAKE,QAAUO,EAAKP,OACpBF,KAAKqB,aACErB,IACT,CACAsB,UAAAA,CAAWC,GACTb,EAAQV,MACRwB,EAAQD,EAAKvB,MACbA,KAAKC,UAAW,EAIhB,MAAMI,OAAEA,EAAM9B,KAAEA,EAAIqB,SAAEA,EAAQlB,KAAEA,GAASsB,KACzC,IAAIG,IAAEA,GAAQH,KAEdK,EAAOF,KAAS,IAChBsB,EAAMzB,KAAKK,OAAOe,SAASjB,IAGvBH,KAAKF,UAAYF,EAAWO,IAC9BH,KAAKkB,QAAQ3C,EAAM,GACnB4B,EAAM,GAGR,IAAK,IAAIuB,EAAIvB,EAAKuB,EAAI9B,EAAU8B,IAAKrB,EAAOqB,GAAK,EAIjDpD,EAAaC,EAAMqB,EAAW,EAAGhB,OAAqB,EAAdoB,KAAKE,QAAaxB,GAC1DsB,KAAKkB,QAAQ3C,EAAM,GACnB,MAAMoD,EAAQpB,EAAWgB,GACnBV,EAAMb,KAAKH,UAEjB,GAAIgB,EAAM,EAAG,MAAM,IAAIe,MAAM,+CAC7B,MAAMC,EAAShB,EAAM,EACfiB,EAAQ9B,KAAK+B,MACnB,GAAIF,EAASC,EAAM5B,OAAQ,MAAM,IAAI0B,MAAM,sCAC3C,IAAK,IAAIF,EAAI,EAAGA,EAAIG,EAAQH,IAAKC,EAAMxC,UAAU,EAAIuC,EAAGI,EAAMJ,GAAIhD,EACpE,CACAsD,MAAAA,GACE,MAAM3B,OAAEA,EAAMR,UAAEA,GAAcG,KAC9BA,KAAKsB,WAAWjB,GAChB,MAAM4B,EAAM5B,EAAO6B,MAAM,EAAGrC,GAE5B,OADAG,KAAKmC,UACEF,CACT,CACAG,UAAAA,CAAWC,GACTA,IAAAA,EAAO,IAAKrC,KAAKL,aACjB0C,EAAGlB,OAAOnB,KAAK+B,OACf,MAAMnC,SAAEA,EAAQS,OAAEA,EAAMH,OAAEA,EAAMD,SAAEA,EAAQG,UAAEA,EAASD,IAAEA,GAAQH,KAM/D,OALAqC,EAAGjC,UAAYA,EACfiC,EAAGpC,SAAWA,EACdoC,EAAGnC,OAASA,EACZmC,EAAGlC,IAAMA,EACLD,EAASN,GAAUyC,EAAGhC,OAAOc,IAAId,GAC9BgC,CACT,CACAC,KAAAA,GACE,OAAOtC,KAAKoC,YACd,EASK,MAAMG,EAAyCC,YAAYC,KAAK,CACrE,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,UAAY,aAezEC,EAAyCF,YAAYC,KAAK,CACrE,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WAAY,WACpF,WAAY,WAAY,WAAY,UAAY,UAAY,WAAY,WAAY","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/hashes/esm/_u64.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"_u64.js","sources":["../../../../../../node_modules/@noble/hashes/esm/_u64.js"],"sourcesContent":["/*\n Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.\n * @todo re-check https://issues.chromium.org/issues/42212588\n * @module\n /\nconst U32_MASK64 = / @__PURE__ / BigInt(2 * 32 - 1);\nconst _32n = /* @__PURE__ / BigInt(32);\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) \| 0, l: Number(n & U32_MASK64) \| 0 };\n}\nfunction split(lst, le = false) {\n const len = lst.length;\n let Ah = new Uint32Array(len);\n let Al = new Uint32Array(len);\n for (let i = 0; i < len; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) \| BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) \| (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) \| (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) \| (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) \| (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) \| (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) \| (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) \| (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) \| (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) \| (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 * 32) \| 0)) \| 0, l: l \| 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 32) \| 0)) \| 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 32) \| 0)) \| 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) \| 0)) \| 0;\n// prettier-ignore\nexport { add, add3H, add3L, add4H, add4L, add5H, add5L, fromBig, rotlBH, rotlBL, rotlSH, rotlSL, rotr32H, rotr32L, rotrBH, rotrBL, rotrSH, rotrSL, shrSH, shrSL, split, toBig };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map"],"names":["U32_MASK64","BigInt","_32n","fromBig","n","le","h","Number","l","split","lst","len","length","Ah","Uint32Array","Al","i","shrSH","_l","s","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","add","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5L","El","add5H","Eh"],"mappings":"AAKA,MAAMA,EAA6BC,OAAO,GAAK,GAAK,GAC9CC,EAAuBD,OAAO,IAEpC,SAASE,EACPC,EACAC,GAAK,GAKL,OAAIA,EAAW,CAAEC,EAAGC,OAAOH,EAAIJ,GAAaQ,EAAGD,OAAQH,GAAKF,EAAQF,IAC7D,CAAEM,EAAsC,EAAnCC,OAAQH,GAAKF,EAAQF,GAAiBQ,EAA4B,EAAzBD,OAAOH,EAAIJ,GAClE,CAEA,SAASS,EAAMC,EAAeL,GAAK,GACjC,MAAMM,EAAMD,EAAIE,OAChB,IAAIC,EAAK,IAAIC,YAAYH,GACrBI,EAAK,IAAID,YAAYH,GACzB,IAAK,IAAIK,EAAI,EAAGA,EAAIL,EAAKK,IAAK,CAC5B,MAAMV,EAAEA,EAACE,EAAEA,GAAML,EAAQO,EAAIM,GAAIX,IAChCQ,EAAGG,GAAID,EAAGC,IAAM,CAACV,EAAGE,EACvB,CACA,MAAO,CAACK,EAAIE,EACd,~~CAIME~~,~~MAAAA~~,EAAQA,CAACX,EAAWY,EAAYC,IAAsBb,IAAMa,EAC5DC,EAAQA,CAACd,EAAWE,EAAWW,IAAuBb,GAAM,GAAKa,EAAOX,IAAMW,EAE9EE,EAASA,CAACf,EAAWE,EAAWW,IAAuBb,IAAMa,EAAMX,GAAM,GAAKW,EAC9EG,EAASA,CAAChB,EAAWE,EAAWW,IAAuBb,GAAM,GAAKa,EAAOX,IAAMW,EAE/EI,EAASA,CAACjB,EAAWE,EAAWW,IAAuBb,GAAM,GAAKa,EAAOX,IAAOW,EAAI,GACpFK,EAASA,CAAClB,EAAWE,EAAWW,IAAuBb,IAAOa,EAAI,GAAQX,GAAM,GAAKW,EAa3F,SAASM,EACPZ,EACAE,EACAW,EACAC,GAKA,MAAMnB,GAAKO,IAAO,IAAMY,IAAO,GAC/B,MAAO,CAAErB,EAAIO,EAAKa,GAAOlB,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACtD,~~CAEMoB~~,~~MAAAA~~,EAAQA,CAACb,EAAYY,EAAYE,KAAwBd,IAAO,IAAMY,IAAO,IAAME,IAAO,GAC1FC,EAAQA,CAACC,EAAalB,EAAYa,EAAYM,IACjDnB,EAAKa,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EACrCE,EAAQA,CAAClB,EAAYY,EAAYE,EAAYK,KAChDnB,IAAO,IAAMY,IAAO,IAAME,IAAO,IAAMK,IAAO,GAC3CC,EAAQA,CAACJ,EAAalB,EAAYa,EAAYM,EAAYI,IAC7DvB,EAAKa,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAC1CM,EAAQA,CAACtB,EAAYY,EAAYE,EAAYK,EAAYI,KAC5DvB,IAAO,IAAMY,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMI,IAAO,GACxDC,EAAQA,CAACR,EAAalB,EAAYa,EAAYM,EAAYI,EAAYI,IACzE3B,EAAKa,EAAKM,EAAKI,EAAKI,GAAOT,EAAM,GAAK,GAAM,GAAM","x_google_ignoreList":[0]}
1	+ {"version":3,"file":"_u64.js","sources":["../../../../../../node_modules/@noble/hashes/esm/_u64.js"],"sourcesContent":["/*\n Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.\n * @todo re-check https://issues.chromium.org/issues/42212588\n * @module\n /\nconst U32_MASK64 = / @__PURE__ / BigInt(2 * 32 - 1);\nconst _32n = /* @__PURE__ / BigInt(32);\nfunction fromBig(n, le = false) {\n if (le)\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n return { h: Number((n >> _32n) & U32_MASK64) \| 0, l: Number(n & U32_MASK64) \| 0 };\n}\nfunction split(lst, le = false) {\n const len = lst.length;\n let Ah = new Uint32Array(len);\n let Al = new Uint32Array(len);\n for (let i = 0; i < len; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) \| BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) \| (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) \| (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) \| (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) \| (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) \| (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) \| (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) \| (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) \| (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) \| (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 * 32) \| 0)) \| 0, l: l \| 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 32) \| 0)) \| 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 32) \| 0)) \| 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) \| 0)) \| 0;\n// prettier-ignore\nexport { add, add3H, add3L, add4H, add4L, add5H, add5L, fromBig, rotlBH, rotlBL, rotlSH, rotlSL, rotr32H, rotr32L, rotrBH, rotrBL, rotrSH, rotrSL, shrSH, shrSL, split, toBig };\n// prettier-ignore\nconst u64 = {\n fromBig, split, toBig,\n shrSH, shrSL,\n rotrSH, rotrSL, rotrBH, rotrBL,\n rotr32H, rotr32L,\n rotlSH, rotlSL, rotlBH, rotlBL,\n add, add3L, add3H, add4L, add4H, add5H, add5L,\n};\nexport default u64;\n//# sourceMappingURL=_u64.js.map"],"names":["U32_MASK64","BigInt","_32n","fromBig","n","le","h","Number","l","split","lst","len","length","Ah","Uint32Array","Al","i","shrSH","_l","s","shrSL","rotrSH","rotrSL","rotrBH","rotrBL","add","Bh","Bl","add3L","Cl","add3H","low","Ch","add4L","Dl","add4H","Dh","add5L","El","add5H","Eh"],"mappings":"AAKA,MAAMA,EAA6BC,OAAO,GAAK,GAAK,GAC9CC,EAAuBD,OAAO,IAEpC,SAASE,EACPC,EACAC,GAAK,GAKL,OAAIA,EAAW,CAAEC,EAAGC,OAAOH,EAAIJ,GAAaQ,EAAGD,OAAQH,GAAKF,EAAQF,IAC7D,CAAEM,EAAsC,EAAnCC,OAAQH,GAAKF,EAAQF,GAAiBQ,EAA4B,EAAzBD,OAAOH,EAAIJ,GAClE,CAEA,SAASS,EAAMC,EAAeL,GAAK,GACjC,MAAMM,EAAMD,EAAIE,OAChB,IAAIC,EAAK,IAAIC,YAAYH,GACrBI,EAAK,IAAID,YAAYH,GACzB,IAAK,IAAIK,EAAI,EAAGA,EAAIL,EAAKK,IAAK,CAC5B,MAAMV,EAAEA,EAACE,EAAEA,GAAML,EAAQO,EAAIM,GAAIX,IAChCQ,EAAGG,GAAID,EAAGC,IAAM,CAACV,EAAGE,EACvB,CACA,MAAO,CAACK,EAAIE,EACd,CAIA,MAAME,EAAQA,CAACX,EAAWY,EAAYC,IAAsBb,IAAMa,EAC5DC,EAAQA,CAACd,EAAWE,EAAWW,IAAuBb,GAAM,GAAKa,EAAOX,IAAMW,EAE9EE,EAASA,CAACf,EAAWE,EAAWW,IAAuBb,IAAMa,EAAMX,GAAM,GAAKW,EAC9EG,EAASA,CAAChB,EAAWE,EAAWW,IAAuBb,GAAM,GAAKa,EAAOX,IAAMW,EAE/EI,EAASA,CAACjB,EAAWE,EAAWW,IAAuBb,GAAM,GAAKa,EAAOX,IAAOW,EAAI,GACpFK,EAASA,CAAClB,EAAWE,EAAWW,IAAuBb,IAAOa,EAAI,GAAQX,GAAM,GAAKW,EAa3F,SAASM,EACPZ,EACAE,EACAW,EACAC,GAKA,MAAMnB,GAAKO,IAAO,IAAMY,IAAO,GAC/B,MAAO,CAAErB,EAAIO,EAAKa,GAAOlB,EAAI,GAAK,GAAM,GAAM,EAAGA,EAAO,EAAJA,EACtD,CAEA,MAAMoB,EAAQA,CAACb,EAAYY,EAAYE,KAAwBd,IAAO,IAAMY,IAAO,IAAME,IAAO,GAC1FC,EAAQA,CAACC,EAAalB,EAAYa,EAAYM,IACjDnB,EAAKa,EAAKM,GAAOD,EAAM,GAAK,GAAM,GAAM,EACrCE,EAAQA,CAAClB,EAAYY,EAAYE,EAAYK,KAChDnB,IAAO,IAAMY,IAAO,IAAME,IAAO,IAAMK,IAAO,GAC3CC,EAAQA,CAACJ,EAAalB,EAAYa,EAAYM,EAAYI,IAC7DvB,EAAKa,EAAKM,EAAKI,GAAOL,EAAM,GAAK,GAAM,GAAM,EAC1CM,EAAQA,CAACtB,EAAYY,EAAYE,EAAYK,EAAYI,KAC5DvB,IAAO,IAAMY,IAAO,IAAME,IAAO,IAAMK,IAAO,IAAMI,IAAO,GACxDC,EAAQA,CAACR,EAAalB,EAAYa,EAAYM,EAAYI,EAAYI,IACzE3B,EAAKa,EAAKM,EAAKI,EAAKI,GAAOT,EAAM,GAAK,GAAM,GAAM","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/hashes/esm/sha2.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{HashMD as t,SHA256_IV as h,Chi as e,Maj as s,SHA512_IV as c}from"./_md.js";import{add4L as b,add4H as i,add as a,add3H as f,add3L as x,rotrSL as d,rotrBL as l,shrSL as r,rotrSH as o,rotrBH as n,shrSH as A,add5H as C,add5L as B,split as D}from"./_u64.js";import{createHasher as E,clean as F,rotr as G}from"./utils.js";const H=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),u=new Uint32Array(64);class m extends t{constructor(t=32){super(64,t,8,!1),this.A=0|h[0],this.B=0|h[1],this.C=0|h[2],this.D=0|h[3],this.E=0|h[4],this.F=0|h[5],this.G=0|h[6],this.H=0|h[7]}get(){const{A:t,B:h,C:e,D:s,E:c,F:b,G:i,H:a}=this;return[t,h,e,s,c,b,i,a]}set(t,h,e,s,c,b,i,a){this.A=0|t,this.B=0|h,this.C=0|e,this.D=0|s,this.E=0|c,this.F=0|b,this.G=0|i,this.H=0|a}process(t,h){for(let e=0;e<16;e++,h+=4)u[e]=t.getUint32(h,!1);for(let t=16;t<64;t++){const h=u[t-15],e=u[t-2],s=G(h,7)^G(h,18)^h>>>3,c=G(e,17)^G(e,19)^e>>>10;u[t]=c+u[t-7]+s+u[t-16]|0}let{A:c,B:b,C:i,D:a,E:f,F:x,G:d,H:l}=this;for(let t=0;t<64;t++){const h=l+(G(f,6)^G(f,11)^G(f,25))+e(f,x,d)+H[t]+u[t]|0,r=(G(c,2)^G(c,13)^G(c,22))+s(c,b,i)|0;l=d,d=x,x=f,f=a+h|0,a=i,i=b,b=c,c=h+r|0}c=c+this.A|0,b=b+this.B|0,i=i+this.C|0,a=a+this.D|0,f=f+this.E|0,x=x+this.F|0,d=d+this.G|0,l=l+this.H|0,this.set(c,b,i,a,f,x,d,l)}roundClean(){F(u)}destroy(){this.set(0,0,0,0,0,0,0,0),F(this.buffer)}}const p=(()=>D(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map((t=>BigInt(t)))))(),U=(()=>p[0])(),g=(()=>p[1])(),y=new Uint32Array(80),w=new Uint32Array(80);class j extends t{constructor(t=64){super(128,t,16,!1),this.Ah=0|c[0],this.Al=0|c[1],this.Bh=0|c[2],this.Bl=0|c[3],this.Ch=0|c[4],this.Cl=0|c[5],this.Dh=0|c[6],this.Dl=0|c[7],this.Eh=0|c[8],this.El=0|c[9],this.Fh=0|c[10],this.Fl=0|c[11],this.Gh=0|c[12],this.Gl=0|c[13],this.Hh=0|c[14],this.Hl=0|c[15]}get(){const{Ah:t,Al:h,Bh:e,Bl:s,Ch:c,Cl:b,Dh:i,Dl:a,Eh:f,El:x,Fh:d,Fl:l,Gh:r,Gl:o,Hh:n,Hl:A}=this;return[t,h,e,s,c,b,i,a,f,x,d,l,r,o,n,A]}set(t,h,e,s,c,b,i,a,f,x,d,l,r,o,n,A){this.Ah=0|t,this.Al=0|h,this.Bh=0|e,this.Bl=0|s,this.Ch=0|c,this.Cl=0|b,this.Dh=0|i,this.Dl=0|a,this.Eh=0|f,this.El=0|x,this.Fh=0|d,this.Fl=0|l,this.Gh=0|r,this.Gl=0|o,this.Hh=0|n,this.Hl=0|A}process(t,h){for(let e=0;e<16;e++,h+=4)y[e]=t.getUint32(h),w[e]=t.getUint32(h+=4);for(let t=16;t<80;t++){const h=0|y[t-15],e=0|w[t-15],s=o(h,e,1)^o(h,e,8)^A(h,e,7),c=d(h,e,1)^d(h,e,8)^r(h,e,7),a=0|y[t-2],f=0|w[t-2],x=o(a,f,19)^n(a,f,61)^A(a,f,6),C=d(a,f,19)^l(a,f,61)^r(a,f,6),B=b(c,C,w[t-7],w[t-16]),D=i(B,s,x,y[t-7],y[t-16]);y[t]=0|D,w[t]=0|B}let{Ah:e,Al:s,Bh:c,Bl:D,Ch:E,Cl:F,Dh:G,Dl:H,Eh:u,El:m,Fh:p,Fl:j,Gh:_,Gl:I,Hh:k,Hl:q}=this;for(let t=0;t<80;t++){const h=o(u,m,14)^o(u,m,18)^n(u,m,41),b=d(u,m,14)^d(u,m,18)^l(u,m,41),i=u&p^~u&_,r=B(q,b,m&j^~m&I,g[t],w[t]),A=C(r,k,h,i,U[t],y[t]),v=0|r,z=o(e,s,28)^n(e,s,34)^n(e,s,39),J=d(e,s,28)^l(e,s,34)^l(e,s,39),K=e&c^e&E^c&E,L=s&D^s&F^D&F;k=0|_,q=0|I,_=0|p,I=0|j,p=0|u,j=0|m,({h:u,l:m}=a(0|G,0|H,0|A,0|v)),G=0|E,H=0|F,E=0|c,F=0|D,c=0|e,D=0|s;const M=x(v,J,L);e=f(M,A,z,K),s=0|M}({h:e,l:s}=a(0|this.Ah,0|this.Al,0|e,0|s)),({h:c,l:D}=a(0|this.Bh,0|this.Bl,0|c,0|D)),({h:E,l:F}=a(0|this.Ch,0|this.Cl,0|E,0|F)),({h:G,l:H}=a(0|this.Dh,0|this.Dl,0|G,0|H)),({h:u,l:m}=a(0|this.Eh,0|this.El,0|u,0|m)),({h:p,l:j}=a(0|this.Fh,0|this.Fl,0|p,0|j)),({h:_,l:I}=a(0|this.Gh,0|this.Gl,0|_,0|I)),({h:k,l:q}=a(0|this.Hh,0|this.Hl,0|k,0|q)),this.set(e,s,c,D,E,F,G,H,u,m,p,j,_,I,k,q)}roundClean(){F(y,w)}destroy(){F(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}const _=E((()=>new m)),I=E((()=>new j));export{m as SHA256,j as SHA512,_ as sha256,I as sha512};
+import{HashMD as t,SHA256_IV as h,Chi as e,Maj as s,SHA512_IV as c}from"./_md.js";import{add4L as b,add4H as i,add as a,add3H as f,add3L as x,rotrSL as d,rotrBL as l,shrSL as r,rotrSH as o,rotrBH as n,shrSH as A,add5H as C,add5L as B,split as D}from"./_u64.js";import{createHasher as E,clean as F,rotr as G}from"./utils.js";const H=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),u=new Uint32Array(64);class m extends t{constructor(t=32){super(64,t,8,!1),this.A=0|h[0],this.B=0|h[1],this.C=0|h[2],this.D=0|h[3],this.E=0|h[4],this.F=0|h[5],this.G=0|h[6],this.H=0|h[7]}get(){const{A:t,B:h,C:e,D:s,E:c,F:b,G:i,H:a}=this;return[t,h,e,s,c,b,i,a]}set(t,h,e,s,c,b,i,a){this.A=0|t,this.B=0|h,this.C=0|e,this.D=0|s,this.E=0|c,this.F=0|b,this.G=0|i,this.H=0|a}process(t,h){for(let e=0;e<16;e++,h+=4)u[e]=t.getUint32(h,!1);for(let t=16;t<64;t++){const h=u[t-15],e=u[t-2],s=G(h,7)^G(h,18)^h>>>3,c=G(e,17)^G(e,19)^e>>>10;u[t]=c+u[t-7]+s+u[t-16]|0}let{A:c,B:b,C:i,D:a,E:f,F:x,G:d,H:l}=this;for(let t=0;t<64;t++){const h=l+(G(f,6)^G(f,11)^G(f,25))+e(f,x,d)+H[t]+u[t]|0,r=(G(c,2)^G(c,13)^G(c,22))+s(c,b,i)|0;l=d,d=x,x=f,f=a+h|0,a=i,i=b,b=c,c=h+r|0}c=c+this.A|0,b=b+this.B|0,i=i+this.C|0,a=a+this.D|0,f=f+this.E|0,x=x+this.F|0,d=d+this.G|0,l=l+this.H|0,this.set(c,b,i,a,f,x,d,l)}roundClean(){F(u)}destroy(){this.set(0,0,0,0,0,0,0,0),F(this.buffer)}}const p=(()=>D(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(t=>BigInt(t))))(),U=(()=>p[0])(),g=(()=>p[1])(),y=new Uint32Array(80),w=new Uint32Array(80);class j extends t{constructor(t=64){super(128,t,16,!1),this.Ah=0|c[0],this.Al=0|c[1],this.Bh=0|c[2],this.Bl=0|c[3],this.Ch=0|c[4],this.Cl=0|c[5],this.Dh=0|c[6],this.Dl=0|c[7],this.Eh=0|c[8],this.El=0|c[9],this.Fh=0|c[10],this.Fl=0|c[11],this.Gh=0|c[12],this.Gl=0|c[13],this.Hh=0|c[14],this.Hl=0|c[15]}get(){const{Ah:t,Al:h,Bh:e,Bl:s,Ch:c,Cl:b,Dh:i,Dl:a,Eh:f,El:x,Fh:d,Fl:l,Gh:r,Gl:o,Hh:n,Hl:A}=this;return[t,h,e,s,c,b,i,a,f,x,d,l,r,o,n,A]}set(t,h,e,s,c,b,i,a,f,x,d,l,r,o,n,A){this.Ah=0|t,this.Al=0|h,this.Bh=0|e,this.Bl=0|s,this.Ch=0|c,this.Cl=0|b,this.Dh=0|i,this.Dl=0|a,this.Eh=0|f,this.El=0|x,this.Fh=0|d,this.Fl=0|l,this.Gh=0|r,this.Gl=0|o,this.Hh=0|n,this.Hl=0|A}process(t,h){for(let e=0;e<16;e++,h+=4)y[e]=t.getUint32(h),w[e]=t.getUint32(h+=4);for(let t=16;t<80;t++){const h=0|y[t-15],e=0|w[t-15],s=o(h,e,1)^o(h,e,8)^A(h,e,7),c=d(h,e,1)^d(h,e,8)^r(h,e,7),a=0|y[t-2],f=0|w[t-2],x=o(a,f,19)^n(a,f,61)^A(a,f,6),C=d(a,f,19)^l(a,f,61)^r(a,f,6),B=b(c,C,w[t-7],w[t-16]),D=i(B,s,x,y[t-7],y[t-16]);y[t]=0|D,w[t]=0|B}let{Ah:e,Al:s,Bh:c,Bl:D,Ch:E,Cl:F,Dh:G,Dl:H,Eh:u,El:m,Fh:p,Fl:j,Gh:_,Gl:I,Hh:k,Hl:q}=this;for(let t=0;t<80;t++){const h=o(u,m,14)^o(u,m,18)^n(u,m,41),b=d(u,m,14)^d(u,m,18)^l(u,m,41),i=u&p^~u&_,r=B(q,b,m&j^~m&I,g[t],w[t]),A=C(r,k,h,i,U[t],y[t]),v=0|r,z=o(e,s,28)^n(e,s,34)^n(e,s,39),J=d(e,s,28)^l(e,s,34)^l(e,s,39),K=e&c^e&E^c&E,L=s&D^s&F^D&F;k=0|_,q=0|I,_=0|p,I=0|j,p=0|u,j=0|m,({h:u,l:m}=a(0|G,0|H,0|A,0|v)),G=0|E,H=0|F,E=0|c,F=0|D,c=0|e,D=0|s;const M=x(v,J,L);e=f(M,A,z,K),s=0|M}({h:e,l:s}=a(0|this.Ah,0|this.Al,0|e,0|s)),({h:c,l:D}=a(0|this.Bh,0|this.Bl,0|c,0|D)),({h:E,l:F}=a(0|this.Ch,0|this.Cl,0|E,0|F)),({h:G,l:H}=a(0|this.Dh,0|this.Dl,0|G,0|H)),({h:u,l:m}=a(0|this.Eh,0|this.El,0|u,0|m)),({h:p,l:j}=a(0|this.Fh,0|this.Fl,0|p,0|j)),({h:_,l:I}=a(0|this.Gh,0|this.Gl,0|_,0|I)),({h:k,l:q}=a(0|this.Hh,0|this.Hl,0|k,0|q)),this.set(e,s,c,D,E,F,G,H,u,m,p,j,_,I,k,q)}roundClean(){F(y,w)}destroy(){F(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}}const _=E(()=>new m),I=E(()=>new j);export{m as SHA256,j as SHA512,_ as sha256,I as sha512};
 //# sourceMappingURL=sha2.js.map