@digitaldefiance/node-ecies-lib 1.1.22 → 1.1.23

package/src/services/ecies/signature.d.ts

@@ -0,0 +1,38 @@
+import { HexString } from '@digitaldefiance/ecies-lib';
+import { SignatureBuffer, SignatureString } from '../../types';
+import { EciesCryptoCore } from './crypto-core';
+/**
+ * Signature-related functions for ECIES
+ */
+export declare class EciesSignature {
+    private readonly cryptoCore;
+    constructor(cryptoCore: EciesCryptoCore);
+    /**
+     * Signs arbitrary binary data with the given private key.
+     * @param privateKey The private key to sign the message with.
+     * @param data The data to sign.
+     * @returns The signature (64 bytes: r + s).
+     */
+    signMessage(privateKey: Buffer, data: Buffer): SignatureBuffer;
+    /**
+     * Verifies arbitrary binary data with the given public key.
+     * @param publicKey The public key to verify the message with.
+     * @param data The data to verify.
+     * @param signature The signature to verify (64 bytes: r + s).
+     * @returns True if the signature is valid, false otherwise.
+     */
+    verifyMessage(publicKey: Buffer, data: Buffer, signature: SignatureBuffer): boolean;
+    /**
+     * Converts a signature string to a signature buffer.
+     * @param signatureString - The signature string to convert.
+     * @returns The signature buffer.
+     */
+    signatureStringToSignatureBuffer(signatureString: HexString): SignatureBuffer;
+    /**
+     * Converts a signature buffer to a signature string.
+     * @param signatureBuffer - The signature buffer to convert.
+     * @returns The signature string.
+     */
+    signatureBufferToSignatureString(signatureBuffer: SignatureBuffer): SignatureString;
+}
+//# sourceMappingURL=signature.d.ts.map

package/src/services/ecies/signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-ecies-lib/src/services/ecies/signature.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,SAAS,EACV,MAAM,4BAA4B,CAAC;AAIpC,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAkB;gBAEjC,UAAU,EAAE,eAAe;IAIvC;;;;;OAKG;IACI,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,eAAe;IASrE;;;;;;OAMG;IACI,aAAa,CAClB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,eAAe,GACzB,OAAO;IAsBV;;;;OAIG;IACI,gCAAgC,CACrC,eAAe,EAAE,SAAS,GACzB,eAAe;IAIlB;;;;OAIG;IACI,gCAAgC,CACrC,eAAe,EAAE,eAAe,GAC/B,eAAe;CAGnB"}

package/src/services/ecies/signature.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EciesSignature = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const secp256k1_js_1 = require("@noble/curves/secp256k1.js");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
+const ecies_i18n_factory_1 = require("../../i18n/ecies-i18n-factory");
+/**
+ * Signature-related functions for ECIES
+ */
+class EciesSignature {
+    cryptoCore;
+    constructor(cryptoCore) {
+        this.cryptoCore = cryptoCore;
+    }
+    /**
+     * Signs arbitrary binary data with the given private key.
+     * @param privateKey The private key to sign the message with.
+     * @param data The data to sign.
+     * @returns The signature (64 bytes: r + s).
+     */
+    signMessage(privateKey, data) {
+        const hash = (0, sha2_js_1.sha256)(data);
+        const signature = secp256k1_js_1.secp256k1.sign(hash, privateKey, {
+            format: 'compact',
+            extraEntropy: false,
+        });
+        return Buffer.from(signature);
+    }
+    /**
+     * Verifies arbitrary binary data with the given public key.
+     * @param publicKey The public key to verify the message with.
+     * @param data The data to verify.
+     * @param signature The signature to verify (64 bytes: r + s).
+     * @returns True if the signature is valid, false otherwise.
+     */
+    verifyMessage(publicKey, data, signature) {
+        if (signature.length !== 64) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidSignature, (0, ecies_i18n_factory_1.createEciesTranslationEngine)());
+        }
+        // Normalize and validate the public key
+        try {
+            publicKey = this.cryptoCore.normalizePublicKey(publicKey);
+        }
+        catch {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidSenderPublicKey, (0, ecies_i18n_factory_1.createEciesTranslationEngine)());
+        }
+        const hash = (0, sha2_js_1.sha256)(data);
+        return secp256k1_js_1.secp256k1.verify(signature, hash, publicKey);
+    }
+    /**
+     * Converts a signature string to a signature buffer.
+     * @param signatureString - The signature string to convert.
+     * @returns The signature buffer.
+     */
+    signatureStringToSignatureBuffer(signatureString) {
+        return Buffer.from(signatureString, 'hex');
+    }
+    /**
+     * Converts a signature buffer to a signature string.
+     * @param signatureBuffer - The signature buffer to convert.
+     * @returns The signature string.
+     */
+    signatureBufferToSignatureString(signatureBuffer) {
+        return signatureBuffer.toString('hex');
+    }
+}
+exports.EciesSignature = EciesSignature;
+//# sourceMappingURL=signature.js.map

package/src/services/ecies/signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-ecies-lib/src/services/ecies/signature.ts"],"names":[],"mappings":";;;AAAA,0DAIoC;AACpC,6DAAuD;AACvD,mDAA+C;AAC/C,sEAA6E;AAI7E;;GAEG;AACH,MAAa,cAAc;IACR,UAAU,CAAkB;IAE7C,YAAY,UAA2B;QACrC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;;;OAKG;IACI,WAAW,CAAC,UAAkB,EAAE,IAAY;QACjD,MAAM,IAAI,GAAG,IAAA,gBAAM,EAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,SAAS,GAAG,wBAAS,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE;YACjD,MAAM,EAAE,SAAS;YACjB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAoB,CAAC;IACnD,CAAC;IAED;;;;;;OAMG;IACI,aAAa,CAClB,SAAiB,EACjB,IAAY,EACZ,SAA0B;QAE1B,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAA,iDAA4B,GAAE,CAC/B,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,sBAAsB,EACzC,IAAA,iDAA4B,GAAE,CAC/B,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,IAAA,gBAAM,EAAC,IAAI,CAAC,CAAC;QAC1B,OAAO,wBAAS,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;IACtD,CAAC;IAED;;;;OAIG;IACI,gCAAgC,CACrC,eAA0B;QAE1B,OAAO,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAoB,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACI,gCAAgC,CACrC,eAAgC;QAEhC,OAAO,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAoB,CAAC;IAC5D,CAAC;CACF;AA5ED,wCA4EC"}

package/src/services/ecies/single-recipient.d.ts

@@ -0,0 +1,85 @@
+import { EciesEncryptionType, EciesEncryptionTypeEnum, IECIESConfig } from '@digitaldefiance/ecies-lib';
+import { PluginI18nEngine, CoreLanguageCode } from '@digitaldefiance/i18n-lib';
+import { ISingleEncryptedParsedHeader } from '../../interfaces/single-encrypted-parsed-header';
+import { EciesCryptoCore } from './crypto-core';
+export declare class EciesSingleRecipientCore {
+    protected readonly cryptoCore: EciesCryptoCore;
+    protected readonly config: IECIESConfig;
+    protected readonly engine: PluginI18nEngine<CoreLanguageCode>;
+    constructor(config: IECIESConfig, engine?: PluginI18nEngine<CoreLanguageCode>);
+    /**
+     * Get the size of the header for a given encryption type
+     * @param encryptionType The encryption type (single, simple, etc.)
+     * @returns
+     */
+    getHeaderSize(encryptionType: EciesEncryptionType): number;
+    /**
+     * Encrypt a message with a public key
+     * @param encryptSimple Whether to simple encrypt (without crc, length)
+     * @param receiverPublicKey The public key of the receiver
+     * @param message The message to encrypt
+     * @param preamble Optional preamble to prepend to the encrypted message
+     * @param options Optional encryption options
+     * @param options.recipientCount The number of recipients for multiple encryption mode
+     * @returns The encrypted message
+     */
+    encrypt(encryptSimple: boolean, receiverPublicKey: Buffer, message: Buffer, preamble?: Buffer): Buffer;
+    /**
+     * Parse the header from encrypted data
+     * @param encryptionType The type of encryption (single, simple, etc.) or undefined if not known
+     * @param data The encrypted data
+     * @param preambleSize The size of the preamble, if any
+     * @param options Optional parsing options
+     * @param options.dataLength The expected length of the data
+     * @returns The parsed header components
+     */
+    parseEncryptedMessage(encryptionType: EciesEncryptionTypeEnum | undefined, data: Buffer, preambleSize?: number, options?: {
+        dataLength?: number;
+    }): {
+        header: ISingleEncryptedParsedHeader;
+        data: Buffer;
+        remainder: Buffer;
+    };
+    /**
+     * Decrypts data encrypted with ECIES using a header
+     * This method maintains backward compatibility with the original implementation
+     * by returning just the Buffer. For detailed information, use decryptSingleWithHeaderEx
+     * @param encryptionType The type of encryption (single, simple, etc.)
+     * @param privateKey The private key to decrypt the data
+     * @param encryptedData The data to decrypt
+     * @param preambleSize The size of the preamble, if any
+     * @param options Optional decryption options
+     * @param options.dataLength The expected length of the data
+     * @returns The decrypted data buffer
+     */
+    decryptWithHeader(encryptionType: EciesEncryptionTypeEnum | undefined, privateKey: Buffer, encryptedData: Buffer, preambleSize?: number, options?: {
+        dataLength?: number;
+    }): Buffer;
+    /**
+     * Extended version of decryptSingleWithHeader that provides more detailed information
+     * @param encryptionType The type of encryption (single, simple, etc.)
+     * @param privateKey The private key to decrypt the data
+     * @param encryptedData The data to decrypt
+     * @param preambleSize The size of the preamble, if any
+     * @param options Optional decryption options
+     * @param options.dataLength The expected length of the data
+     * @returns The decrypted data and the number of bytes consumed from the input buffer
+     */
+    decryptWithHeaderEx(encryptionType: EciesEncryptionTypeEnum | undefined, privateKey: Buffer, encryptedData: Buffer, preambleSize?: number, options?: {
+        dataLength?: number;
+    }): {
+        decrypted: Buffer;
+        consumedBytes: number;
+    };
+    /**
+     * Decrypts data encrypted with ECIES using components
+     * @param privateKey The private key to decrypt the data
+     * @param ephemeralPublicKey The ephemeral public key used to encrypt the data
+     * @param iv The initialization vector used to encrypt the data
+     * @param authTag The authentication tag used to encrypt the data
+     * @param encrypted The encrypted data
+     * @returns The decrypted data
+     */
+    decryptWithComponents(privateKey: Buffer, ephemeralPublicKey: Buffer, iv: Buffer, authTag: Buffer, encrypted: Buffer): Buffer;
+}
+//# sourceMappingURL=single-recipient.d.ts.map

package/src/services/ecies/single-recipient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"single-recipient.d.ts","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-ecies-lib/src/services/ecies/single-recipient.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,mBAAmB,EACnB,uBAAuB,EAOvB,YAAY,EAGb,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAW/E,OAAO,EAAE,4BAA4B,EAAE,MAAM,iDAAiD,CAAC;AAC/F,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,qBAAa,wBAAwB;IACnC,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IAC/C,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IACxC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC,gBAAgB,CAAC,CAAC;gBAElD,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,gBAAgB,CAAC,gBAAgB,CAAC;IAM7E;;;;OAIG;IACI,aAAa,CAAC,cAAc,EAAE,mBAAmB,GAAG,MAAM;IAcjE;;;;;;;;;OASG;IACI,OAAO,CACZ,aAAa,EAAE,OAAO,EACtB,iBAAiB,EAAE,MAAM,EACzB,OAAO,EAAE,MAAM,EACf,QAAQ,GAAE,MAAwB,GACjC,MAAM;IA0HT;;;;;;;;OAQG;IACI,qBAAqB,CAC1B,cAAc,EAAE,uBAAuB,GAAG,SAAS,EACnD,IAAI,EAAE,MAAM,EACZ,YAAY,GAAE,MAAU,EACxB,OAAO,CAAC,EAAE;QACR,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACA;QAAE,MAAM,EAAE,4BAA4B,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE;IAuM5E;;;;;;;;;;;OAWG;IACI,iBAAiB,CACtB,cAAc,EAAE,uBAAuB,GAAG,SAAS,EACnD,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,YAAY,GAAE,MAAU,EACxB,OAAO,CAAC,EAAE;QACR,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACA,MAAM;IAmDT;;;;;;;;;OASG;IACI,mBAAmB,CACxB,cAAc,EAAE,uBAAuB,GAAG,SAAS,EACnD,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,YAAY,GAAE,MAAU,EACxB,OAAO,CAAC,EAAE;QACR,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GACA;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE;IA2C/C;;;;;;;;OAQG;IACI,qBAAqB,CAC1B,UAAU,EAAE,MAAM,EAClB,kBAAkB,EAAE,MAAM,EAC1B,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,MAAM;CAsHV"}

package/src/services/ecies/single-recipient.js

@@ -0,0 +1,399 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EciesSingleRecipientCore = void 0;
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const crypto_1 = require("crypto");
+const ecies_i18n_factory_1 = require("../../i18n/ecies-i18n-factory");
+const crypto_core_1 = require("./crypto-core");
+class EciesSingleRecipientCore {
+    cryptoCore;
+    config;
+    engine;
+    constructor(config, engine) {
+        this.config = config;
+        this.cryptoCore = new crypto_core_1.EciesCryptoCore(config);
+        this.engine = engine || (0, ecies_i18n_factory_1.createEciesTranslationEngine)();
+    }
+    /**
+     * Get the size of the header for a given encryption type
+     * @param encryptionType The encryption type (single, simple, etc.)
+     * @returns
+     */
+    getHeaderSize(encryptionType) {
+        switch (encryptionType) {
+            case 'simple':
+                return this.cryptoCore.consts.SIMPLE.FIXED_OVERHEAD_SIZE;
+            case 'single':
+                return this.cryptoCore.consts.SINGLE.FIXED_OVERHEAD_SIZE;
+            default:
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptionType, this.engine);
+        }
+    }
+    /**
+     * Encrypt a message with a public key
+     * @param encryptSimple Whether to simple encrypt (without crc, length)
+     * @param receiverPublicKey The public key of the receiver
+     * @param message The message to encrypt
+     * @param preamble Optional preamble to prepend to the encrypted message
+     * @param options Optional encryption options
+     * @param options.recipientCount The number of recipients for multiple encryption mode
+     * @returns The encrypted message
+     */
+    encrypt(encryptSimple, receiverPublicKey, message, preamble = Buffer.alloc(0)) {
+        const encryptionType = encryptSimple
+            ? 'simple'
+            : 'single';
+        const encryptionTypeBuffer = Buffer.alloc(1);
+        encryptionTypeBuffer.writeUint8(ecies_lib_1.EciesEncryptionTypeMap[encryptionType]);
+        if (message.length > this.cryptoCore.consts.MAX_RAW_DATA_SIZE) {
+            const pluginEngine = (0, ecies_i18n_factory_1.getEciesPluginI18nEngine)();
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidDataLength, this.engine, undefined, undefined, {
+                error: pluginEngine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_MessageLengthExceedsMaximumAllowedSize),
+                maxLength: String(ecies_lib_1.UINT32_MAX),
+                messageLength: String(message.length),
+            });
+        }
+        // Generate ephemeral ECDH key pair
+        const ecdh = (0, crypto_1.createECDH)(this.config.curveName);
+        ecdh.generateKeys();
+        // Compute shared secret
+        let sharedSecret;
+        try {
+            // Make sure we normalize the receiver's public key
+            const normalizedReceiverPublicKey = this.cryptoCore.normalizePublicKey(receiverPublicKey);
+            // Ensure we're using the properly formatted public key (with 0x04 prefix)
+            // Our debugging shows only the full format with prefix works correctly
+            sharedSecret = ecdh.computeSecret(normalizedReceiverPublicKey);
+        }
+        catch (error) {
+            console.error('[ERROR][encrypt] Failed to compute shared secret:', error);
+            if (error instanceof Error) {
+                if ('code' in error &&
+                    error.code === 'ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY') {
+                    throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidRecipientPublicKey, this.engine, undefined, undefined, {
+                        nodeError: error.code,
+                    });
+                }
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.SecretComputationFailed, this.engine, undefined, undefined, {
+                    error: error.message,
+                });
+            }
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.SecretComputationFailed, this.engine);
+        }
+        // Get the ephemeral public key and ensure it has the 0x04 prefix
+        let ephemeralPublicKey = ecdh.getPublicKey();
+        if (ephemeralPublicKey.length === this.cryptoCore.consts.RAW_PUBLIC_KEY_LENGTH) {
+            ephemeralPublicKey = Buffer.concat([
+                Buffer.from([this.cryptoCore.consts.PUBLIC_KEY_MAGIC]),
+                ephemeralPublicKey,
+            ]);
+        }
+        // Generate random IV
+        const iv = (0, crypto_1.randomBytes)(this.cryptoCore.consts.IV_SIZE);
+        // Get the key from the shared secret (always use first 32 bytes)
+        const symKey = sharedSecret.subarray(0, this.cryptoCore.consts.SYMMETRIC.KEY_SIZE);
+        // Create cipher with the derived symmetric key
+        const cipher = (0, crypto_1.createCipheriv)(this.cryptoCore.consts.SYMMETRIC_ALGORITHM_CONFIGURATION, symKey, iv);
+        // Ensure auto padding is enabled
+        cipher.setAutoPadding(true);
+        // Encrypt the message
+        let encrypted = cipher.update(message);
+        encrypted = Buffer.concat([encrypted, cipher.final()]);
+        // Get and explicitly set the authentication tag to max tag length for consistency
+        const authTag = cipher.getAuthTag();
+        // Add a length prefix to the encrypted data to ensure we can extract the exact number of bytes during decryption
+        const lengthBuffer = encryptionType === 'simple' ? Buffer.alloc(0) : Buffer.alloc(ecies_lib_1.UINT64_SIZE);
+        if (encryptionType === 'single') {
+            lengthBuffer.writeBigUInt64BE(BigInt(encrypted.length));
+        }
+        // Format: [optional preamble] | type (1) | ephemeralPublicKey (65) | iv (16) | authTag (16) | length (8) | encryptedData
+        return Buffer.concat([
+            preamble,
+            encryptionTypeBuffer,
+            ephemeralPublicKey,
+            iv,
+            authTag,
+            lengthBuffer,
+            encrypted,
+        ]);
+    }
+    /**
+     * Parse the header from encrypted data
+     * @param encryptionType The type of encryption (single, simple, etc.) or undefined if not known
+     * @param data The encrypted data
+     * @param preambleSize The size of the preamble, if any
+     * @param options Optional parsing options
+     * @param options.dataLength The expected length of the data
+     * @returns The parsed header components
+     */
+    parseEncryptedMessage(encryptionType, data, preambleSize = 0, options) {
+        // read the encryption type from the first byte after the preamble
+        const actualEncryptionTypeEnum = (0, ecies_lib_1.ensureEciesEncryptionTypeEnum)(data.readUInt8(preambleSize));
+        // if a type is provided, ensure it matches the actual type
+        if (encryptionType !== undefined &&
+            actualEncryptionTypeEnum !== encryptionType) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptionType, this.engine, undefined, undefined, {
+                expected: (0, ecies_lib_1.encryptionTypeToString)(encryptionType),
+                actual: (0, ecies_lib_1.encryptionTypeToString)(actualEncryptionTypeEnum),
+            });
+        }
+        if (actualEncryptionTypeEnum === ecies_lib_1.EciesEncryptionTypeEnum.Multiple) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptionType, this.engine, undefined, undefined, {
+                expected: 'single or simple',
+                actual: (0, ecies_lib_1.encryptionTypeToString)(actualEncryptionTypeEnum),
+            });
+        }
+        const includeLengthAndCrc = actualEncryptionTypeEnum === ecies_lib_1.EciesEncryptionTypeEnum.Single;
+        // check for impossible message
+        if (data.length <
+            (includeLengthAndCrc
+                ? this.cryptoCore.consts.SINGLE.FIXED_OVERHEAD_SIZE
+                : this.cryptoCore.consts.SIMPLE.FIXED_OVERHEAD_SIZE)) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptedDataLength, this.engine, undefined, undefined, {
+                required: String(this.cryptoCore.consts.SINGLE.FIXED_OVERHEAD_SIZE),
+                actual: String(data.length),
+            });
+        }
+        let offset = 0;
+        const preamble = data.subarray(0, preambleSize);
+        offset += preambleSize;
+        // skip the already-read encryption type
+        offset += 1;
+        // Extract components from the header
+        const ephemeralPublicKey = data.subarray(offset, offset + this.cryptoCore.consts.PUBLIC_KEY_LENGTH);
+        offset += this.cryptoCore.consts.PUBLIC_KEY_LENGTH;
+        // Make sure we normalize the ephemeral public key
+        const normalizedKey = this.cryptoCore.normalizePublicKey(ephemeralPublicKey);
+        const iv = data.subarray(offset, offset + this.cryptoCore.consts.IV_SIZE);
+        offset += this.cryptoCore.consts.IV_SIZE;
+        const authTag = data.subarray(offset, offset + this.cryptoCore.consts.AUTH_TAG_SIZE);
+        offset += this.cryptoCore.consts.AUTH_TAG_SIZE;
+        // Extract the length prefix (4 bytes) after the header components
+        const dataLengthBuffer = includeLengthAndCrc
+            ? data.subarray(offset, offset + this.cryptoCore.consts.SINGLE.DATA_LENGTH_SIZE)
+            : Buffer.alloc(0);
+        if (includeLengthAndCrc) {
+            offset += this.cryptoCore.consts.SINGLE.DATA_LENGTH_SIZE;
+        }
+        const dataLength = includeLengthAndCrc
+            ? Number(dataLengthBuffer.readBigUInt64BE(0))
+            : options?.dataLength ?? -1;
+        if (includeLengthAndCrc &&
+            options?.dataLength !== undefined &&
+            dataLength !== options.dataLength) {
+            const pluginEngine = (0, ecies_i18n_factory_1.getEciesPluginI18nEngine)();
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptedDataLength, this.engine, undefined, undefined, {
+                error: pluginEngine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_EncryptedDataLengthMismatch),
+                expected: String(dataLength),
+                actual: String(options.dataLength),
+            });
+        }
+        // No CRC in Single encryption (AES-GCM provides authentication)
+        const encryptedData = dataLength > 0
+            ? data.subarray(offset, offset + dataLength)
+            : data.subarray(offset);
+        if (includeLengthAndCrc) {
+            offset += dataLength;
+        }
+        if (includeLengthAndCrc && encryptedData.length !== dataLength) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptedDataLength, this.engine, undefined, undefined, {
+                expected: String(dataLength),
+                actual: String(encryptedData.length),
+            });
+        }
+        const remainder = includeLengthAndCrc
+            ? data.subarray(offset)
+            : Buffer.alloc(0);
+        // No CRC validation needed (AES-GCM provides authentication)
+        // Validate all header components have the correct lengths
+        if (normalizedKey.length !== this.cryptoCore.consts.PUBLIC_KEY_LENGTH) {
+            const pluginEngine = (0, ecies_i18n_factory_1.getEciesPluginI18nEngine)();
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEphemeralPublicKey, this.engine, undefined, undefined, {
+                error: pluginEngine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_EphemeralPublicKeyLengthMismatch),
+                expected: String(this.cryptoCore.consts.PUBLIC_KEY_LENGTH),
+                actual: String(normalizedKey.length),
+            });
+        }
+        if (iv.length !== this.cryptoCore.consts.IV_SIZE) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidIVLength, this.engine, undefined, undefined, {
+                expected: String(this.cryptoCore.consts.IV_SIZE),
+                actual: String(iv.length),
+            });
+        }
+        if (authTag.length !== this.cryptoCore.consts.AUTH_TAG_SIZE) {
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidAuthTagLength, this.engine, undefined, undefined, {
+                expected: String(this.cryptoCore.consts.AUTH_TAG_SIZE),
+                actual: String(authTag.length),
+            });
+        }
+        return {
+            header: {
+                encryptionType: actualEncryptionTypeEnum,
+                ephemeralPublicKey: normalizedKey,
+                iv,
+                authTag,
+                dataLength,
+                headerSize: includeLengthAndCrc
+                    ? this.cryptoCore.consts.SINGLE.FIXED_OVERHEAD_SIZE
+                    : this.cryptoCore.consts.SINGLE.FIXED_OVERHEAD_SIZE,
+            },
+            data: encryptedData,
+            remainder,
+        };
+    }
+    /**
+     * Decrypts data encrypted with ECIES using a header
+     * This method maintains backward compatibility with the original implementation
+     * by returning just the Buffer. For detailed information, use decryptSingleWithHeaderEx
+     * @param encryptionType The type of encryption (single, simple, etc.)
+     * @param privateKey The private key to decrypt the data
+     * @param encryptedData The data to decrypt
+     * @param preambleSize The size of the preamble, if any
+     * @param options Optional decryption options
+     * @param options.dataLength The expected length of the data
+     * @returns The decrypted data buffer
+     */
+    decryptWithHeader(encryptionType, privateKey, encryptedData, preambleSize = 0, options) {
+        const readEncryptionType = encryptedData.readUInt8(preambleSize);
+        const actualEncryptionTypeEnum = (0, ecies_lib_1.ensureEciesEncryptionTypeEnum)(readEncryptionType);
+        if (encryptionType !== undefined &&
+            actualEncryptionTypeEnum !== encryptionType) {
+            const expectedType = (0, ecies_lib_1.encryptionTypeEnumToType)(encryptionType);
+            const actualEncryptionType = (0, ecies_lib_1.encryptionTypeEnumToType)(actualEncryptionTypeEnum);
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.InvalidEncryptionType, this.engine, undefined, undefined, {
+                expected: expectedType,
+                actual: actualEncryptionType,
+            });
+        }
+        try {
+            // Call the extended version and return only the decrypted buffer for backward compatibility
+            const result = this.decryptWithHeaderEx(actualEncryptionTypeEnum, privateKey, encryptedData, preambleSize, options);
+            return result.decrypted;
+        }
+        catch (error) {
+            if (error instanceof ecies_lib_1.ECIESError) {
+                throw error;
+            }
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                error: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    /**
+     * Extended version of decryptSingleWithHeader that provides more detailed information
+     * @param encryptionType The type of encryption (single, simple, etc.)
+     * @param privateKey The private key to decrypt the data
+     * @param encryptedData The data to decrypt
+     * @param preambleSize The size of the preamble, if any
+     * @param options Optional decryption options
+     * @param options.dataLength The expected length of the data
+     * @returns The decrypted data and the number of bytes consumed from the input buffer
+     */
+    decryptWithHeaderEx(encryptionType, privateKey, encryptedData, preambleSize = 0, options) {
+        try {
+            const { data, header } = this.parseEncryptedMessage(encryptionType, encryptedData, preambleSize, options);
+            // Normalize the public key (ensuring 0x04 prefix)
+            const normalizedKey = this.cryptoCore.normalizePublicKey(header.ephemeralPublicKey);
+            // Decrypt using components with the normalized key
+            const decrypted = this.decryptWithComponents(privateKey, normalizedKey, header.iv, header.authTag, data);
+            return {
+                decrypted,
+                consumedBytes: header.dataLength + header.headerSize,
+            };
+        }
+        catch (error) {
+            if (error instanceof ecies_lib_1.ECIESError) {
+                throw error;
+            }
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                error: error instanceof Error ? error.message : String(error),
+            });
+        }
+    }
+    /**
+     * Decrypts data encrypted with ECIES using components
+     * @param privateKey The private key to decrypt the data
+     * @param ephemeralPublicKey The ephemeral public key used to encrypt the data
+     * @param iv The initialization vector used to encrypt the data
+     * @param authTag The authentication tag used to encrypt the data
+     * @param encrypted The encrypted data
+     * @returns The decrypted data
+     */
+    decryptWithComponents(privateKey, ephemeralPublicKey, iv, authTag, encrypted) {
+        try {
+            // Ensure the ephemeral public key has the correct format
+            const normalizedEphemeralKey = this.cryptoCore.normalizePublicKey(ephemeralPublicKey);
+            // Set up ECDH with the private key
+            const ecdh = (0, crypto_1.createECDH)(this.config.curveName);
+            ecdh.setPrivateKey(privateKey);
+            // Based on our ECDH test, we need to consistently use the full key with 0x04 prefix
+            // Our debugging showed the raw keys without prefix always fail
+            let sharedSecret;
+            try {
+                sharedSecret = ecdh.computeSecret(normalizedEphemeralKey);
+            }
+            catch (err) {
+                console.error('[ERROR][decrypt] Failed to compute shared secret:', err);
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                    originalError: err instanceof Error ? err.message : String(err),
+                    stage: 'shared_secret_computation',
+                });
+            }
+            // Get the key from the shared secret (always use first 32 bytes)
+            const symKey = sharedSecret.subarray(0, this.cryptoCore.consts.SYMMETRIC.KEY_SIZE);
+            // Create decipher with shared secret-derived key
+            const decipher = (0, crypto_1.createDecipheriv)(this.cryptoCore.consts.SYMMETRIC_ALGORITHM_CONFIGURATION, symKey, iv);
+            // Validate the tag and IV
+            if (authTag.length !== this.cryptoCore.consts.AUTH_TAG_SIZE) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                    expected: String(this.cryptoCore.consts.AUTH_TAG_SIZE),
+                    actual: String(authTag.length),
+                    stage: 'auth_tag_validation',
+                });
+            }
+            if (iv.length !== this.cryptoCore.consts.IV_SIZE) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                    expected: String(this.cryptoCore.consts.IV_SIZE),
+                    actual: String(iv.length),
+                    stage: 'iv_validation',
+                });
+            }
+            // Set the authentication tag for GCM mode
+            decipher.setAuthTag(authTag);
+            // Decrypt the data
+            try {
+                // Handle edge case where encrypted data might be empty or malformed
+                const pluginEngine = (0, ecies_i18n_factory_1.getEciesPluginI18nEngine)();
+                if (encrypted.length === 0) {
+                    throw new Error(pluginEngine.translate(ecies_i18n_factory_1.NodeEciesComponentId, ecies_i18n_factory_1.NodeEciesStringKey.Error_EncryptedDataIsEmpty));
+                }
+                const firstPart = decipher.update(encrypted);
+                const finalPart = decipher.final();
+                const result = Buffer.concat([firstPart, finalPart]);
+                return result;
+            }
+            catch (err) {
+                throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                    error: err instanceof Error ? err.message : String(err),
+                    stage: 'decipher_operation',
+                });
+            }
+        }
+        catch (error) {
+            if (error instanceof ecies_lib_1.ECIESError) {
+                throw error;
+            }
+            // Wrap non-EciesError in an EciesError
+            throw new ecies_lib_1.ECIESError(ecies_lib_1.ECIESErrorTypeEnum.DecryptionFailed, this.engine, undefined, undefined, {
+                error: error instanceof Error ? error.message : String(error),
+                privateKeyLength: String(privateKey.length),
+                ephemeralPublicKeyLength: String(ephemeralPublicKey.length),
+                ivLength: String(iv.length),
+                authTagLength: String(authTag.length),
+                encryptedLength: String(encrypted.length),
+            });
+        }
+    }
+}
+exports.EciesSingleRecipientCore = EciesSingleRecipientCore;
+//# sourceMappingURL=single-recipient.js.map

package/src/services/ecies/single-recipient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"single-recipient.js","sourceRoot":"","sources":["../../../../../../packages/digitaldefiance-node-ecies-lib/src/services/ecies/single-recipient.ts"],"names":[],"mappings":";;;AAAA,0DAaoC;AAGpC,mCAKgB;AAChB,sEAAiJ;AAIjJ,+CAAgD;AAEhD,MAAa,wBAAwB;IAChB,UAAU,CAAkB;IAC5B,MAAM,CAAe;IACrB,MAAM,CAAqC;IAE9D,YAAY,MAAoB,EAAE,MAA2C;QAC3E,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,IAAI,6BAAe,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAA,iDAA4B,GAAE,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACI,aAAa,CAAC,cAAmC;QACtD,QAAQ,cAAc,EAAE,CAAC;YACvB,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC;YAC3D,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC;YAC3D;gBACE,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,qBAAqB,EACxC,IAAI,CAAC,MAAM,CACZ,CAAC;QACN,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACI,OAAO,CACZ,aAAsB,EACtB,iBAAyB,EACzB,OAAe,EACf,WAAmB,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAElC,MAAM,cAAc,GAAwB,aAAa;YACvD,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,QAAQ,CAAC;QACb,MAAM,oBAAoB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7C,oBAAoB,CAAC,UAAU,CAC7B,kCAAsB,CACpB,cAAqD,CAC5C,CACZ,CAAC;QACF,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAChE,MAAM,YAAY,GAAG,IAAA,6CAAwB,GAAE,CAAC;YAC9C,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,iBAAiB,EACpC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,YAAY,CAAC,SAAS,CAAC,yCAAoB,EAAE,uCAAkB,CAAC,4CAA4C,CAAC;gBACpH,SAAS,EAAE,MAAM,CAAC,sBAAU,CAAC;gBAC7B,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;aACtC,CACF,CAAC;QACJ,CAAC;QACD,mCAAmC;QACnC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpB,wBAAwB;QACxB,IAAI,YAAoB,CAAC;QACzB,IAAI,CAAC;YACH,mDAAmD;YACnD,MAAM,2BAA2B,GAC/B,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;YAExD,0EAA0E;YAC1E,uEAAuE;YACvE,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,2BAA2B,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,KAAK,CAAC,CAAC;YAC1E,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,IACE,MAAM,IAAI,KAAK;oBACf,KAAK,CAAC,IAAI,KAAK,oCAAoC,EACnD,CAAC;oBACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,yBAAyB,EAC5C,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;wBACE,SAAS,EAAE,KAAK,CAAC,IAAI;qBACtB,CACF,CAAC;gBACJ,CAAC;gBACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,uBAAuB,EAC1C,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;oBACE,KAAK,EAAE,KAAK,CAAC,OAAO;iBACrB,CACF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,uBAAuB,EAC1C,IAAI,CAAC,MAAM,CACZ,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,IAAI,kBAAkB,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAC7C,IAAI,kBAAkB,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,qBAAqB,EAAE,CAAC;YAC/E,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;gBACjC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACtD,kBAAkB;aACnB,CAAC,CAAC;QACL,CAAC;QAED,qBAAqB;QACrB,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAEvD,iEAAiE;QACjE,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnF,+CAA+C;QAC/C,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iCAAiC,EACxD,MAAM,EACN,EAAE,CAC+B,CAAC;QAEpC,iCAAiC;QACjC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAE5B,sBAAsB;QACtB,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACvC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAEvD,kFAAkF;QAClF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,iHAAiH;QACjH,MAAM,YAAY,GAChB,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAW,CAAC,CAAC;QAC5E,IAAI,cAAc,KAAK,QAAQ,EAAE,CAAC;YAChC,YAAY,CAAC,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,yHAAyH;QACzH,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,QAAQ;YACR,oBAAoB;YACpB,kBAAkB;YAClB,EAAE;YACF,OAAO;YACP,YAAY;YACZ,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACI,qBAAqB,CAC1B,cAAmD,EACnD,IAAY,EACZ,eAAuB,CAAC,EACxB,OAEC;QAED,kEAAkE;QAClE,MAAM,wBAAwB,GAAG,IAAA,yCAA6B,EAC5D,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAC7B,CAAC;QACF,2DAA2D;QAC3D,IACE,cAAc,KAAK,SAAS;YAC5B,wBAAwB,KAAK,cAAc,EAC3C,CAAC;YACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,qBAAqB,EACxC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,IAAA,kCAAsB,EAAC,cAAc,CAAC;gBAChD,MAAM,EAAE,IAAA,kCAAsB,EAAC,wBAAwB,CAAC;aACzD,CACF,CAAC;QACJ,CAAC;QAED,IAAI,wBAAwB,KAAK,mCAAuB,CAAC,QAAQ,EAAE,CAAC;YAClE,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,qBAAqB,EACxC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,kBAAkB;gBAC5B,MAAM,EAAE,IAAA,kCAAsB,EAAC,wBAAwB,CAAC;aACzD,CACF,CAAC;QACJ,CAAC;QACD,MAAM,mBAAmB,GACvB,wBAAwB,KAAK,mCAAuB,CAAC,MAAM,CAAC;QAE9D,+BAA+B;QAC/B,IACE,IAAI,CAAC,MAAM;YACX,CAAC,mBAAmB;gBAClB,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB;gBACnD,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,EACtD,CAAC;YACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,0BAA0B,EAC7C,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC;gBACnE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;aAC5B,CACF,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,GAAG,CAAC,CAAC;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAChD,MAAM,IAAI,YAAY,CAAC;QAEvB,wCAAwC;QACxC,MAAM,IAAI,CAAC,CAAC;QAEZ,qCAAqC;QACrC,MAAM,kBAAkB,GAAG,IAAI,CAAC,QAAQ,CACtC,MAAM,EACN,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAClD,CAAC;QACF,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAAC;QAEnD,kDAAkD;QAClD,MAAM,aAAa,GACjB,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;QAEzD,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1E,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;QAEzC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrF,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC;QAE/C,kEAAkE;QAClE,MAAM,gBAAgB,GAAG,mBAAmB;YAC1C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAChF,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,mBAAmB,EAAE,CAAC;YACxB,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAC3D,CAAC;QAED,MAAM,UAAU,GAAG,mBAAmB;YACpC,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC7C,CAAC,CAAC,OAAO,EAAE,UAAU,IAAI,CAAC,CAAC,CAAC;QAE9B,IACE,mBAAmB;YACnB,OAAO,EAAE,UAAU,KAAK,SAAS;YACjC,UAAU,KAAK,OAAO,CAAC,UAAU,EACjC,CAAC;YACD,MAAM,YAAY,GAAG,IAAA,6CAAwB,GAAE,CAAC;YAChD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,0BAA0B,EAC7C,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,YAAY,CAAC,SAAS,CAAC,yCAAoB,EAAE,uCAAkB,CAAC,iCAAiC,CAAC;gBACzG,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC;gBAC5B,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;aACnC,CACF,CAAC;QACJ,CAAC;QAED,gEAAgE;QAEhE,MAAM,aAAa,GACjB,UAAU,GAAG,CAAC;YACZ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,mBAAmB,EAAE,CAAC;YACxB,MAAM,IAAI,UAAU,CAAC;QACvB,CAAC;QAED,IAAI,mBAAmB,IAAI,aAAa,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC/D,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,0BAA0B,EAC7C,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC;gBAC5B,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;aACrC,CACF,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,mBAAmB;YACnC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACvB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAEpB,6DAA6D;QAE7D,0DAA0D;QAC1D,IAAI,aAAa,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACxE,MAAM,YAAY,GAAG,IAAA,6CAAwB,GAAE,CAAC;YAC9C,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,yBAAyB,EAC5C,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EACH,YAAY,CAAC,SAAS,CAAC,yCAAoB,EAAE,uCAAkB,CAAC,sCAAsC,CAAC;gBACzG,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iBAAiB,CAAC;gBAC1D,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;aACrC,CACF,CAAC;QACJ,CAAC;QAED,IAAI,EAAE,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACjD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,eAAe,EAClC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;gBAChD,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC;aAC1B,CACF,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC5D,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,oBAAoB,EACvC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC;gBACtD,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;aAC/B,CACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,MAAM,EAAE;gBACN,cAAc,EAAE,wBAAwB;gBACxC,kBAAkB,EAAE,aAAa;gBACjC,EAAE;gBACF,OAAO;gBACP,UAAU;gBACV,UAAU,EAAE,mBAAmB;oBAC7B,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB;oBACnD,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,mBAAmB;aACtD;YACD,IAAI,EAAE,aAAa;YACnB,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACI,iBAAiB,CACtB,cAAmD,EACnD,UAAkB,EAClB,aAAqB,EACrB,eAAuB,CAAC,EACxB,OAEC;QAED,MAAM,kBAAkB,GAAG,aAAa,CAAC,SAAS,CAChD,YAAY,CACc,CAAC;QAC7B,MAAM,wBAAwB,GAC5B,IAAA,yCAA6B,EAAC,kBAAkB,CAAC,CAAC;QACpD,IACE,cAAc,KAAK,SAAS;YAC5B,wBAAwB,KAAK,cAAc,EAC3C,CAAC;YACD,MAAM,YAAY,GAAG,IAAA,oCAAwB,EAAC,cAAc,CAAC,CAAC;YAC9D,MAAM,oBAAoB,GAAG,IAAA,oCAAwB,EACnD,wBAAwB,CACzB,CAAC;YACF,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,qBAAqB,EACxC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,QAAQ,EAAE,YAAY;gBACtB,MAAM,EAAE,oBAAoB;aAC7B,CACF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,4FAA4F;YAC5F,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CACrC,wBAAwB,EACxB,UAAU,EACV,aAAa,EACb,YAAY,EACZ,OAAO,CACR,CAAC;YACF,OAAO,MAAM,CAAC,SAAS,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACI,mBAAmB,CACxB,cAAmD,EACnD,UAAkB,EAClB,aAAqB,EACrB,eAAuB,CAAC,EACxB,OAEC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,qBAAqB,CACjD,cAAc,EACd,aAAa,EACb,YAAY,EACZ,OAAO,CACR,CAAC;YAEF,kDAAkD;YAClD,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,kBAAkB,CACtD,MAAM,CAAC,kBAAkB,CAC1B,CAAC;YAEF,mDAAmD;YACnD,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAqB,CAC1C,UAAU,EACV,aAAa,EACb,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,OAAO,EACd,IAAI,CACL,CAAC;YAEF,OAAO;gBACL,SAAS;gBACT,aAAa,EAAE,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU;aACrD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACI,qBAAqB,CAC1B,UAAkB,EAClB,kBAA0B,EAC1B,EAAU,EACV,OAAe,EACf,SAAiB;QAEjB,IAAI,CAAC;YACH,yDAAyD;YACzD,MAAM,sBAAsB,GAC1B,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;YAEzD,mCAAmC;YACnC,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;YAE/B,oFAAoF;YACpF,+DAA+D;YAC/D,IAAI,YAAoB,CAAC;YACzB,IAAI,CAAC;gBACH,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,GAAG,CAAC,CAAC;gBACxE,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;oBACE,aAAa,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;oBAC/D,KAAK,EAAE,2BAA2B;iBACnC,CACF,CAAC;YACJ,CAAC;YAED,iEAAiE;YACjE,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YAEnF,iDAAiD;YACjD,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,iCAAiC,EACxD,MAAM,EACN,EAAE,CACiC,CAAC;YAEtC,0BAA0B;YAC1B,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC5D,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;oBACE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC;oBACtD,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;oBAC9B,KAAK,EAAE,qBAAqB;iBAC7B,CACF,CAAC;YACJ,CAAC;YAED,IAAI,EAAE,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjD,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;oBACE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC;oBAChD,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC;oBACzB,KAAK,EAAE,eAAe;iBACvB,CACF,CAAC;YACJ,CAAC;YAED,0CAA0C;YAC1C,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAE7B,mBAAmB;YACnB,IAAI,CAAC;gBACH,oEAAoE;gBACpE,MAAM,YAAY,GAAG,IAAA,6CAAwB,GAAE,CAAC;gBAChD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,yCAAoB,EAAE,uCAAkB,CAAC,0BAA0B,CAAC,CAAC,CAAC;gBAC/G,CAAC;gBAED,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC7C,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;gBAErD,OAAO,MAAM,CAAC;YAChB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;oBACE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;oBACvD,KAAK,EAAE,oBAAoB;iBAC5B,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAU,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;YAED,uCAAuC;YACvC,MAAM,IAAI,sBAAU,CAClB,8BAAkB,CAAC,gBAAgB,EACnC,IAAI,CAAC,MAAM,EACX,SAAS,EACT,SAAS,EACT;gBACE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;gBAC3C,wBAAwB,EAAE,MAAM,CAAC,kBAAkB,CAAC,MAAM,CAAC;gBAC3D,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC;gBAC3B,aAAa,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;gBACrC,eAAe,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;aAC1C,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAvoBD,4DAuoBC"}