@gardenfi/utils 2.5.3-beta.1 → 2.5.3-beta.3

package/dist/index243.js

@@ -1,791 +1,209 @@
-import { hmac as vt } from "./index237.js";
-import { ahash as Bt, randomBytes as yt, concatBytes as I, bytesToHex as et, hexToBytes as lt, isBytes as Rt } from "./index233.js";
-import { _validateObject as mt, bytesToNumberBE as wt, bitMask as pt, _abool2 as rt, _abytes2 as k, ensureBytes as N, memoized as dt, createHmacDrbg as St, numberToHexUnpadded as J, bitLen as xt, aInRange as Ot } from "./index244.js";
-import { _createCurveFields as Zt, wNAF as At, normalizeZ as st, mulEndoUnsafe as Ut, pippenger as Ft, negateCt as ft } from "./index245.js";
-import { nLength as Vt, Field as Yt, getMinHashLength as Kt, mapHashToField as Nt } from "./index228.js";
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const ht = (r, s) => (r + (r >= 0 ? s : -s) / gt) / s;
-function Tt(r, s, c) {
-  const [[t, m], [w, l]] = s, V = ht(l * r, c), B = ht(-m * r, c);
-  let A = r - V * t - B * w, U = -V * m - B * l;
-  const D = A < L, X = U < L;
-  D && (A = -A), X && (U = -U);
-  const E = pt(Math.ceil(xt(c) / 2)) + $;
-  if (A < L || A >= E || U < L || U >= E)
-    throw new Error("splitScalar (endomorphism): failed, k=" + r);
-  return { k1neg: D, k1: A, k2neg: X, k2: U };
+const w = /* @__PURE__ */ BigInt(0), p = /* @__PURE__ */ BigInt(1);
+function b(t) {
+  return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array";
 }
-function ct(r) {
-  if (!["compact", "recovered", "der"].includes(r))
-    throw new Error('Signature format must be "compact", "recovered", or "der"');
-  return r;
+function h(t) {
+  if (!b(t))
+    throw new Error("Uint8Array expected");
 }
-function it(r, s) {
-  const c = {};
-  for (let t of Object.keys(s))
-    c[t] = r[t] === void 0 ? s[t] : r[t];
-  return rt(c.lowS, "lowS"), rt(c.prehash, "prehash"), c.format !== void 0 && ct(c.format), c;
+function k(t, n) {
+  if (typeof n != "boolean")
+    throw new Error(t + " boolean expected, got " + n);
 }
-class Ht extends Error {
-  constructor(s = "") {
-    super(s);
-  }
+function F(t) {
+  const n = t.toString(16);
+  return n.length & 1 ? "0" + n : n;
 }
-const C = {
-  // asn.1 DER encoding utils
-  Err: Ht,
-  // Basic building block is TLV (Tag-Length-Value)
-  _tlv: {
-    encode: (r, s) => {
-      const { Err: c } = C;
-      if (r < 0 || r > 256)
-        throw new c("tlv.encode: wrong tag");
-      if (s.length & 1)
-        throw new c("tlv.encode: unpadded data");
-      const t = s.length / 2, m = J(t);
-      if (m.length / 2 & 128)
-        throw new c("tlv.encode: long form length too big");
-      const w = t > 127 ? J(m.length / 2 | 128) : "";
-      return J(r) + w + m + s;
-    },
-    // v - value, l - left bytes (unparsed)
-    decode(r, s) {
-      const { Err: c } = C;
-      let t = 0;
-      if (r < 0 || r > 256)
-        throw new c("tlv.encode: wrong tag");
-      if (s.length < 2 || s[t++] !== r)
-        throw new c("tlv.decode: wrong tlv");
-      const m = s[t++], w = !!(m & 128);
-      let l = 0;
-      if (!w)
-        l = m;
-      else {
-        const B = m & 127;
-        if (!B)
-          throw new c("tlv.decode(long): indefinite length not supported");
-        if (B > 4)
-          throw new c("tlv.decode(long): byte length is too big");
-        const A = s.subarray(t, t + B);
-        if (A.length !== B)
-          throw new c("tlv.decode: length bytes not complete");
-        if (A[0] === 0)
-          throw new c("tlv.decode(long): zero leftmost byte");
-        for (const U of A)
-          l = l << 8 | U;
-        if (t += B, l < 128)
-          throw new c("tlv.decode(long): not minimal encoding");
-      }
-      const V = s.subarray(t, t + l);
-      if (V.length !== l)
-        throw new c("tlv.decode: wrong value length");
-      return { v: V, l: s.subarray(t + l) };
-    }
-  },
-  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
-  // since we always use positive integers here. It must always be empty:
-  // - add zero byte if exists
-  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
-  _int: {
-    encode(r) {
-      const { Err: s } = C;
-      if (r < L)
-        throw new s("integer: negative integers are not allowed");
-      let c = J(r);
-      if (Number.parseInt(c[0], 16) & 8 && (c = "00" + c), c.length & 1)
-        throw new s("unexpected DER parsing assertion: unpadded hex");
-      return c;
-    },
-    decode(r) {
-      const { Err: s } = C;
-      if (r[0] & 128)
-        throw new s("invalid signature integer: negative");
-      if (r[0] === 0 && !(r[1] & 128))
-        throw new s("invalid signature integer: unnecessary leading zero");
-      return wt(r);
-    }
-  },
-  toSig(r) {
-    const { Err: s, _int: c, _tlv: t } = C, m = N("signature", r), { v: w, l } = t.decode(48, m);
-    if (l.length)
-      throw new s("invalid signature: left bytes after parsing");
-    const { v: V, l: B } = t.decode(2, w), { v: A, l: U } = t.decode(2, B);
-    if (U.length)
-      throw new s("invalid signature: left bytes after parsing");
-    return { r: c.decode(V), s: c.decode(A) };
-  },
-  hexFromSig(r) {
-    const { _tlv: s, _int: c } = C, t = s.encode(2, c.encode(r.r)), m = s.encode(2, c.encode(r.s)), w = t + m;
-    return s.encode(48, w);
-  }
-}, L = BigInt(0), $ = BigInt(1), gt = BigInt(2), tt = BigInt(3), _t = BigInt(4);
-function M(r, s) {
-  const { BYTES: c } = r;
-  let t;
-  if (typeof s == "bigint")
-    t = s;
-  else {
-    let m = N("private key", s);
-    try {
-      t = r.fromBytes(m);
-    } catch {
-      throw new Error(`invalid private key: expected ui8a of size ${c}, got ${typeof s}`);
-    }
-  }
-  if (!r.isValidNot0(t))
-    throw new Error("invalid private key: out of range [1..N-1]");
-  return t;
+function E(t) {
+  if (typeof t != "string")
+    throw new Error("hex string expected, got " + typeof t);
+  return t === "" ? w : BigInt("0x" + t);
 }
-function Ct(r, s = {}) {
-  const c = Zt("weierstrass", r, s), { Fp: t, Fn: m } = c;
-  let w = c.CURVE;
-  const { h: l, n: V } = w;
-  mt(s, {}, {
-    allowInfinityPoint: "boolean",
-    clearCofactor: "function",
-    isTorsionFree: "function",
-    fromBytes: "function",
-    toBytes: "function",
-    endo: "object",
-    wrapPrivateKey: "boolean"
-  });
-  const { endo: B } = s;
-  if (B && (!t.is0(w.a) || typeof B.beta != "bigint" || !Array.isArray(B.basises)))
-    throw new Error('invalid endo: expected "beta": bigint and "basises": array');
-  const A = bt(t, m);
-  function U() {
-    if (!t.isOdd)
-      throw new Error("compression is not supported: Field does not have .isOdd()");
-  }
-  function D(b, o, n) {
-    const { x: e, y: i } = o.toAffine(), a = t.toBytes(e);
-    if (rt(n, "isCompressed"), n) {
-      U();
-      const f = !t.isOdd(i);
-      return I(Et(f), a);
-    } else
-      return I(Uint8Array.of(4), a, t.toBytes(i));
-  }
-  function X(b) {
-    k(b, void 0, "Point");
-    const { publicKey: o, publicKeyUncompressed: n } = A, e = b.length, i = b[0], a = b.subarray(1);
-    if (e === o && (i === 2 || i === 3)) {
-      const f = t.fromBytes(a);
-      if (!t.isValid(f))
-        throw new Error("bad point: is not on curve, wrong x");
-      const d = T(f);
-      let u;
-      try {
-        u = t.sqrt(d);
-      } catch (O) {
-        const v = O instanceof Error ? ": " + O.message : "";
-        throw new Error("bad point: is not on curve, sqrt error" + v);
-      }
-      U();
-      const h = t.isOdd(u);
-      return (i & 1) === 1 !== h && (u = t.neg(u)), { x: f, y: u };
-    } else if (e === n && i === 4) {
-      const f = t.BYTES, d = t.fromBytes(a.subarray(0, f)), u = t.fromBytes(a.subarray(f, f * 2));
-      if (!H(d, u))
-        throw new Error("bad point: is not on curve");
-      return { x: d, y: u };
-    } else
-      throw new Error(`bad point: got length ${e}, expected compressed=${o} or uncompressed=${n}`);
-  }
-  const E = s.toBytes || D, x = s.fromBytes || X;
-  function T(b) {
-    const o = t.sqr(b), n = t.mul(o, b);
-    return t.add(t.add(n, t.mul(b, w.a)), w.b);
-  }
-  function H(b, o) {
-    const n = t.sqr(o), e = T(b);
-    return t.eql(n, e);
-  }
-  if (!H(w.Gx, w.Gy))
-    throw new Error("bad curve params: generator point");
-  const _ = t.mul(t.pow(w.a, tt), _t), nt = t.mul(t.sqr(w.b), BigInt(27));
-  if (t.is0(t.add(_, nt)))
-    throw new Error("bad curve params: a or b");
-  function F(b, o, n = !1) {
-    if (!t.isValid(o) || n && t.is0(o))
-      throw new Error(`bad point coordinate ${b}`);
-    return o;
-  }
-  function G(b) {
-    if (!(b instanceof p))
-      throw new Error("ProjectivePoint expected");
-  }
-  function j(b) {
-    if (!B || !B.basises)
-      throw new Error("no endo");
-    return Tt(b, B.basises, m.ORDER);
-  }
-  const ot = dt((b, o) => {
-    const { X: n, Y: e, Z: i } = b;
-    if (t.eql(i, t.ONE))
-      return { x: n, y: e };
-    const a = b.is0();
-    o == null && (o = a ? t.ONE : t.inv(i));
-    const f = t.mul(n, o), d = t.mul(e, o), u = t.mul(i, o);
-    if (a)
-      return { x: t.ZERO, y: t.ZERO };
-    if (!t.eql(u, t.ONE))
-      throw new Error("invZ was invalid");
-    return { x: f, y: d };
-  }), P = dt((b) => {
-    if (b.is0()) {
-      if (s.allowInfinityPoint && !t.is0(b.Y))
-        return;
-      throw new Error("bad point: ZERO");
-    }
-    const { x: o, y: n } = b.toAffine();
-    if (!t.isValid(o) || !t.isValid(n))
-      throw new Error("bad point: x or y not field elements");
-    if (!H(o, n))
-      throw new Error("bad point: equation left != right");
-    if (!b.isTorsionFree())
-      throw new Error("bad point: not in prime-order subgroup");
-    return !0;
-  });
-  function z(b, o, n, e, i) {
-    return n = new p(t.mul(n.X, b), n.Y, n.Z), o = ft(e, o), n = ft(i, n), o.add(n);
-  }
-  class p {
-    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    constructor(o, n, e) {
-      this.X = F("x", o), this.Y = F("y", n, !0), this.Z = F("z", e), Object.freeze(this);
-    }
-    static CURVE() {
-      return w;
-    }
-    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    static fromAffine(o) {
-      const { x: n, y: e } = o || {};
-      if (!o || !t.isValid(n) || !t.isValid(e))
-        throw new Error("invalid affine point");
-      if (o instanceof p)
-        throw new Error("projective point not allowed");
-      return t.is0(n) && t.is0(e) ? p.ZERO : new p(n, e, t.ONE);
-    }
-    static fromBytes(o) {
-      const n = p.fromAffine(x(k(o, void 0, "point")));
-      return n.assertValidity(), n;
-    }
-    static fromHex(o) {
-      return p.fromBytes(N("pointHex", o));
-    }
-    get x() {
-      return this.toAffine().x;
-    }
-    get y() {
-      return this.toAffine().y;
-    }
-    /**
-     *
-     * @param windowSize
-     * @param isLazy true will defer table computation until the first multiplication
-     * @returns
-     */
-    precompute(o = 8, n = !0) {
-      return q.createCache(this, o), n || this.multiply(tt), this;
-    }
-    // TODO: return `this`
-    /** A point on curve is valid if it conforms to equation. */
-    assertValidity() {
-      P(this);
-    }
-    hasEvenY() {
-      const { y: o } = this.toAffine();
-      if (!t.isOdd)
-        throw new Error("Field doesn't support isOdd");
-      return !t.isOdd(o);
-    }
-    /** Compare one point to another. */
-    equals(o) {
-      G(o);
-      const { X: n, Y: e, Z: i } = this, { X: a, Y: f, Z: d } = o, u = t.eql(t.mul(n, d), t.mul(a, i)), h = t.eql(t.mul(e, d), t.mul(f, i));
-      return u && h;
-    }
-    /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
-    negate() {
-      return new p(this.X, t.neg(this.Y), this.Z);
-    }
-    // Renes-Costello-Batina exception-free doubling formula.
-    // There is 30% faster Jacobian formula, but it is not complete.
-    // https://eprint.iacr.org/2015/1060, algorithm 3
-    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
-    double() {
-      const { a: o, b: n } = w, e = t.mul(n, tt), { X: i, Y: a, Z: f } = this;
-      let d = t.ZERO, u = t.ZERO, h = t.ZERO, y = t.mul(i, i), O = t.mul(a, a), v = t.mul(f, f), g = t.mul(i, a);
-      return g = t.add(g, g), h = t.mul(i, f), h = t.add(h, h), d = t.mul(o, h), u = t.mul(e, v), u = t.add(d, u), d = t.sub(O, u), u = t.add(O, u), u = t.mul(d, u), d = t.mul(g, d), h = t.mul(e, h), v = t.mul(o, v), g = t.sub(y, v), g = t.mul(o, g), g = t.add(g, h), h = t.add(y, y), y = t.add(h, y), y = t.add(y, v), y = t.mul(y, g), u = t.add(u, y), v = t.mul(a, f), v = t.add(v, v), y = t.mul(v, g), d = t.sub(d, y), h = t.mul(v, O), h = t.add(h, h), h = t.add(h, h), new p(d, u, h);
-    }
-    // Renes-Costello-Batina exception-free addition formula.
-    // There is 30% faster Jacobian formula, but it is not complete.
-    // https://eprint.iacr.org/2015/1060, algorithm 1
-    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
-    add(o) {
-      G(o);
-      const { X: n, Y: e, Z: i } = this, { X: a, Y: f, Z: d } = o;
-      let u = t.ZERO, h = t.ZERO, y = t.ZERO;
-      const O = w.a, v = t.mul(w.b, tt);
-      let g = t.mul(n, a), R = t.mul(e, f), Z = t.mul(i, d), K = t.add(n, e), S = t.add(a, f);
-      K = t.mul(K, S), S = t.add(g, R), K = t.sub(K, S), S = t.add(n, i);
-      let Y = t.add(a, d);
-      return S = t.mul(S, Y), Y = t.add(g, Z), S = t.sub(S, Y), Y = t.add(e, i), u = t.add(f, d), Y = t.mul(Y, u), u = t.add(R, Z), Y = t.sub(Y, u), y = t.mul(O, S), u = t.mul(v, Z), y = t.add(u, y), u = t.sub(R, y), y = t.add(R, y), h = t.mul(u, y), R = t.add(g, g), R = t.add(R, g), Z = t.mul(O, Z), S = t.mul(v, S), R = t.add(R, Z), Z = t.sub(g, Z), Z = t.mul(O, Z), S = t.add(S, Z), g = t.mul(R, S), h = t.add(h, g), g = t.mul(Y, S), u = t.mul(K, u), u = t.sub(u, g), g = t.mul(K, R), y = t.mul(Y, y), y = t.add(y, g), new p(u, h, y);
-    }
-    subtract(o) {
-      return this.add(o.negate());
-    }
-    is0() {
-      return this.equals(p.ZERO);
-    }
-    /**
-     * Constant time multiplication.
-     * Uses wNAF method. Windowed method may be 10% faster,
-     * but takes 2x longer to generate and consumes 2x memory.
-     * Uses precomputes when available.
-     * Uses endomorphism for Koblitz curves.
-     * @param scalar by which the point would be multiplied
-     * @returns New point
-     */
-    multiply(o) {
-      const { endo: n } = s;
-      if (!m.isValidNot0(o))
-        throw new Error("invalid scalar: out of range");
-      let e, i;
-      const a = (f) => q.cached(this, f, (d) => st(p, d));
-      if (n) {
-        const { k1neg: f, k1: d, k2neg: u, k2: h } = j(o), { p: y, f: O } = a(d), { p: v, f: g } = a(h);
-        i = O.add(g), e = z(n.beta, y, v, f, u);
-      } else {
-        const { p: f, f: d } = a(o);
-        e = f, i = d;
-      }
-      return st(p, [e, i])[0];
-    }
-    /**
-     * Non-constant-time multiplication. Uses double-and-add algorithm.
-     * It's faster, but should only be used when you don't care about
-     * an exposed secret key e.g. sig verification, which works over *public* keys.
-     */
-    multiplyUnsafe(o) {
-      const { endo: n } = s, e = this;
-      if (!m.isValid(o))
-        throw new Error("invalid scalar: out of range");
-      if (o === L || e.is0())
-        return p.ZERO;
-      if (o === $)
-        return e;
-      if (q.hasCache(this))
-        return this.multiply(o);
-      if (n) {
-        const { k1neg: i, k1: a, k2neg: f, k2: d } = j(o), { p1: u, p2: h } = Ut(p, e, a, d);
-        return z(n.beta, u, h, i, f);
-      } else
-        return q.unsafe(e, o);
-    }
-    multiplyAndAddUnsafe(o, n, e) {
-      const i = this.multiplyUnsafe(n).add(o.multiplyUnsafe(e));
-      return i.is0() ? void 0 : i;
-    }
-    /**
-     * Converts Projective point to affine (x, y) coordinates.
-     * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
-     */
-    toAffine(o) {
-      return ot(this, o);
-    }
-    /**
-     * Checks whether Point is free of torsion elements (is in prime subgroup).
-     * Always torsion-free for cofactor=1 curves.
-     */
-    isTorsionFree() {
-      const { isTorsionFree: o } = s;
-      return l === $ ? !0 : o ? o(p, this) : q.unsafe(this, V).is0();
-    }
-    clearCofactor() {
-      const { clearCofactor: o } = s;
-      return l === $ ? this : o ? o(p, this) : this.multiplyUnsafe(l);
-    }
-    isSmallOrder() {
-      return this.multiplyUnsafe(l).is0();
-    }
-    toBytes(o = !0) {
-      return rt(o, "isCompressed"), this.assertValidity(), E(p, this, o);
-    }
-    toHex(o = !0) {
-      return et(this.toBytes(o));
-    }
-    toString() {
-      return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
-    }
-    // TODO: remove
-    get px() {
-      return this.X;
-    }
-    get py() {
-      return this.X;
-    }
-    get pz() {
-      return this.Z;
-    }
-    toRawBytes(o = !0) {
-      return this.toBytes(o);
-    }
-    _setWindowSize(o) {
-      this.precompute(o);
-    }
-    static normalizeZ(o) {
-      return st(p, o);
-    }
-    static msm(o, n) {
-      return Ft(p, m, o, n);
-    }
-    static fromPrivateKey(o) {
-      return p.BASE.multiply(M(m, o));
-    }
+const U = (
+  // @ts-ignore
+  typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function"
+), S = /* @__PURE__ */ Array.from({ length: 256 }, (t, n) => n.toString(16).padStart(2, "0"));
+function x(t) {
+  if (h(t), U)
+    return t.toHex();
+  let n = "";
+  for (let e = 0; e < t.length; e++)
+    n += S[t[e]];
+  return n;
+}
+const u = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function m(t) {
+  if (t >= u._0 && t <= u._9)
+    return t - u._0;
+  if (t >= u.A && t <= u.F)
+    return t - (u.A - 10);
+  if (t >= u.a && t <= u.f)
+    return t - (u.a - 10);
+}
+function B(t) {
+  if (typeof t != "string")
+    throw new Error("hex string expected, got " + typeof t);
+  if (U)
+    return Uint8Array.fromHex(t);
+  const n = t.length, e = n / 2;
+  if (n % 2)
+    throw new Error("hex string expected, got unpadded hex of length " + n);
+  const r = new Uint8Array(e);
+  for (let o = 0, i = 0; o < e; o++, i += 2) {
+    const a = m(t.charCodeAt(i)), f = m(t.charCodeAt(i + 1));
+    if (a === void 0 || f === void 0) {
+      const c = t[i] + t[i + 1];
+      throw new Error('hex string expected, got non-hex character "' + c + '" at index ' + i);
+    }
+    r[o] = a * 16 + f;
   }
-  p.BASE = new p(w.Gx, w.Gy, t.ONE), p.ZERO = new p(t.ZERO, t.ONE, t.ZERO), p.Fp = t, p.Fn = m;
-  const W = m.BITS, q = new At(p, s.endo ? Math.ceil(W / 2) : W);
-  return p.BASE.precompute(8), p;
+  return r;
 }
-function Et(r) {
-  return Uint8Array.of(r ? 2 : 3);
+function O(t) {
+  return E(x(t));
 }
-function bt(r, s) {
-  return {
-    secretKey: s.BYTES,
-    publicKey: 1 + r.BYTES,
-    publicKeyUncompressed: 1 + 2 * r.BYTES,
-    publicKeyHasPrefix: !0,
-    signature: 2 * s.BYTES
-  };
+function V(t) {
+  return h(t), E(x(Uint8Array.from(t).reverse()));
 }
-function Lt(r, s = {}) {
-  const { Fn: c } = r, t = s.randomBytes || yt, m = Object.assign(bt(r.Fp, c), { seed: Kt(c.ORDER) });
-  function w(E) {
-    try {
-      return !!M(c, E);
-    } catch {
-      return !1;
-    }
-  }
-  function l(E, x) {
-    const { publicKey: T, publicKeyUncompressed: H } = m;
-    try {
-      const _ = E.length;
-      return x === !0 && _ !== T || x === !1 && _ !== H ? !1 : !!r.fromBytes(E);
-    } catch {
-      return !1;
-    }
-  }
-  function V(E = t(m.seed)) {
-    return Nt(k(E, m.seed, "seed"), c.ORDER);
-  }
-  function B(E, x = !0) {
-    return r.BASE.multiply(M(c, E)).toBytes(x);
-  }
-  function A(E) {
-    const x = V(E);
-    return { secretKey: x, publicKey: B(x) };
-  }
-  function U(E) {
-    if (typeof E == "bigint")
-      return !1;
-    if (E instanceof r)
-      return !0;
-    const { secretKey: x, publicKey: T, publicKeyUncompressed: H } = m;
-    if (c.allowedLengths || x === T)
-      return;
-    const _ = N("key", E).length;
-    return _ === T || _ === H;
-  }
-  function D(E, x, T = !0) {
-    if (U(E) === !0)
-      throw new Error("first arg must be private key");
-    if (U(x) === !1)
-      throw new Error("second arg must be public key");
-    const H = M(c, E);
-    return r.fromHex(x).multiply(H).toBytes(T);
-  }
-  return Object.freeze({ getPublicKey: B, getSharedSecret: D, keygen: A, Point: r, utils: {
-    isValidSecretKey: w,
-    isValidPublicKey: l,
-    randomSecretKey: V,
-    // TODO: remove
-    isValidPrivateKey: w,
-    randomPrivateKey: V,
-    normPrivateKeyToScalar: (E) => M(c, E),
-    precompute(E = 8, x = r.BASE) {
-      return x.precompute(E, !1);
-    }
-  }, lengths: m });
+function T(t, n) {
+  return B(t.toString(16).padStart(n * 2, "0"));
 }
-function Dt(r, s, c = {}) {
-  Bt(s), mt(c, {}, {
-    hmac: "function",
-    lowS: "boolean",
-    randomBytes: "function",
-    bits2int: "function",
-    bits2int_modN: "function"
-  });
-  const t = c.randomBytes || yt, m = c.hmac || ((n, ...e) => vt(s, n, I(...e))), { Fp: w, Fn: l } = r, { ORDER: V, BITS: B } = l, { keygen: A, getPublicKey: U, getSharedSecret: D, utils: X, lengths: E } = Lt(r, c), x = {
-    prehash: !1,
-    lowS: typeof c.lowS == "boolean" ? c.lowS : !1,
-    format: void 0,
-    //'compact' as ECDSASigFormat,
-    extraEntropy: !1
-  }, T = "compact";
-  function H(n) {
-    const e = V >> $;
-    return n > e;
-  }
-  function _(n, e) {
-    if (!l.isValidNot0(e))
-      throw new Error(`invalid signature ${n}: out of range 1..Point.Fn.ORDER`);
-    return e;
-  }
-  function nt(n, e) {
-    ct(e);
-    const i = E.signature, a = e === "compact" ? i : e === "recovered" ? i + 1 : void 0;
-    return k(n, a, `${e} signature`);
-  }
-  class F {
-    constructor(e, i, a) {
-      this.r = _("r", e), this.s = _("s", i), a != null && (this.recovery = a), Object.freeze(this);
-    }
-    static fromBytes(e, i = T) {
-      nt(e, i);
-      let a;
-      if (i === "der") {
-        const { r: h, s: y } = C.toSig(k(e));
-        return new F(h, y);
-      }
-      i === "recovered" && (a = e[0], i = "compact", e = e.subarray(1));
-      const f = l.BYTES, d = e.subarray(0, f), u = e.subarray(f, f * 2);
-      return new F(l.fromBytes(d), l.fromBytes(u), a);
-    }
-    static fromHex(e, i) {
-      return this.fromBytes(lt(e), i);
-    }
-    addRecoveryBit(e) {
-      return new F(this.r, this.s, e);
-    }
-    recoverPublicKey(e) {
-      const i = w.ORDER, { r: a, s: f, recovery: d } = this;
-      if (d == null || ![0, 1, 2, 3].includes(d))
-        throw new Error("recovery id invalid");
-      if (V * gt < i && d > 1)
-        throw new Error("recovery id is ambiguous for h>1 curve");
-      const h = d === 2 || d === 3 ? a + V : a;
-      if (!w.isValid(h))
-        throw new Error("recovery id 2 or 3 invalid");
-      const y = w.toBytes(h), O = r.fromBytes(I(Et((d & 1) === 0), y)), v = l.inv(h), g = j(N("msgHash", e)), R = l.create(-g * v), Z = l.create(f * v), K = r.BASE.multiplyUnsafe(R).add(O.multiplyUnsafe(Z));
-      if (K.is0())
-        throw new Error("point at infinify");
-      return K.assertValidity(), K;
-    }
-    // Signatures should be low-s, to prevent malleability.
-    hasHighS() {
-      return H(this.s);
-    }
-    toBytes(e = T) {
-      if (ct(e), e === "der")
-        return lt(C.hexFromSig(this));
-      const i = l.toBytes(this.r), a = l.toBytes(this.s);
-      if (e === "recovered") {
-        if (this.recovery == null)
-          throw new Error("recovery bit must be present");
-        return I(Uint8Array.of(this.recovery), i, a);
-      }
-      return I(i, a);
-    }
-    toHex(e) {
-      return et(this.toBytes(e));
-    }
-    // TODO: remove
-    assertValidity() {
-    }
-    static fromCompact(e) {
-      return F.fromBytes(N("sig", e), "compact");
-    }
-    static fromDER(e) {
-      return F.fromBytes(N("sig", e), "der");
-    }
-    normalizeS() {
-      return this.hasHighS() ? new F(this.r, l.neg(this.s), this.recovery) : this;
-    }
-    toDERRawBytes() {
-      return this.toBytes("der");
-    }
-    toDERHex() {
-      return et(this.toBytes("der"));
-    }
-    toCompactRawBytes() {
-      return this.toBytes("compact");
-    }
-    toCompactHex() {
-      return et(this.toBytes("compact"));
-    }
-  }
-  const G = c.bits2int || function(e) {
-    if (e.length > 8192)
-      throw new Error("input is too large");
-    const i = wt(e), a = e.length * 8 - B;
-    return a > 0 ? i >> BigInt(a) : i;
-  }, j = c.bits2int_modN || function(e) {
-    return l.create(G(e));
-  }, ot = pt(B);
-  function P(n) {
-    return Ot("num < 2^" + B, n, L, ot), l.toBytes(n);
-  }
-  function z(n, e) {
-    return k(n, void 0, "message"), e ? k(s(n), void 0, "prehashed message") : n;
-  }
-  function p(n, e, i) {
-    if (["recovered", "canonical"].some((R) => R in i))
-      throw new Error("sign() legacy options not supported");
-    const { lowS: a, prehash: f, extraEntropy: d } = it(i, x);
-    n = z(n, f);
-    const u = j(n), h = M(l, e), y = [P(h), P(u)];
-    if (d != null && d !== !1) {
-      const R = d === !0 ? t(E.secretKey) : d;
-      y.push(N("extraEntropy", R));
-    }
-    const O = I(...y), v = u;
-    function g(R) {
-      const Z = G(R);
-      if (!l.isValidNot0(Z))
-        return;
-      const K = l.inv(Z), S = r.BASE.multiply(Z).toAffine(), Y = l.create(S.x);
-      if (Y === L)
-        return;
-      const Q = l.create(K * l.create(v + Y * h));
-      if (Q === L)
-        return;
-      let at = (S.x === Y ? 0 : 2) | Number(S.y & $), ut = Q;
-      return a && H(Q) && (ut = l.neg(Q), at ^= 1), new F(Y, ut, at);
-    }
-    return { seed: O, k2sig: g };
-  }
-  function W(n, e, i = {}) {
-    n = N("message", n);
-    const { seed: a, k2sig: f } = p(n, e, i);
-    return St(s.outputLen, l.BYTES, m)(a, f);
-  }
-  function q(n) {
-    let e;
-    const i = typeof n == "string" || Rt(n), a = !i && n !== null && typeof n == "object" && typeof n.r == "bigint" && typeof n.s == "bigint";
-    if (!i && !a)
-      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
-    if (a)
-      e = new F(n.r, n.s);
-    else if (i) {
-      try {
-        e = F.fromBytes(N("sig", n), "der");
-      } catch (f) {
-        if (!(f instanceof C.Err))
-          throw f;
-      }
-      if (!e)
-        try {
-          e = F.fromBytes(N("sig", n), "compact");
-        } catch {
-          return !1;
-        }
-    }
-    return e || !1;
-  }
-  function b(n, e, i, a = {}) {
-    const { lowS: f, prehash: d, format: u } = it(a, x);
-    if (i = N("publicKey", i), e = z(N("message", e), d), "strict" in a)
-      throw new Error("options.strict was renamed to lowS");
-    const h = u === void 0 ? q(n) : F.fromBytes(N("sig", n), u);
-    if (h === !1)
-      return !1;
+function C(t, n) {
+  return T(t, n).reverse();
+}
+function M(t, n, e) {
+  let r;
+  if (typeof n == "string")
     try {
-      const y = r.fromBytes(i);
-      if (f && h.hasHighS())
-        return !1;
-      const { r: O, s: v } = h, g = j(e), R = l.inv(v), Z = l.create(g * R), K = l.create(O * R), S = r.BASE.multiplyUnsafe(Z).add(y.multiplyUnsafe(K));
-      return S.is0() ? !1 : l.create(S.x) === O;
-    } catch {
-      return !1;
-    }
-  }
-  function o(n, e, i = {}) {
-    const { prehash: a } = it(i, x);
-    return e = z(e, a), F.fromBytes(n, "recovered").recoverPublicKey(e).toBytes();
-  }
-  return Object.freeze({
-    keygen: A,
-    getPublicKey: U,
-    getSharedSecret: D,
-    utils: X,
-    lengths: E,
-    Point: r,
-    sign: W,
-    verify: b,
-    recoverPublicKey: o,
-    Signature: F,
-    hash: s
-  });
+      r = B(n);
+    } catch (i) {
+      throw new Error(t + " must be hex string or Uint8Array, cause: " + i);
+    }
+  else if (b(n))
+    r = Uint8Array.from(n);
+  else
+    throw new Error(t + " must be hex string or Uint8Array");
+  const o = r.length;
+  if (typeof e == "number" && o !== e)
+    throw new Error(t + " of length " + e + " expected, got " + o);
+  return r;
 }
-function Xt(r) {
-  const s = {
-    a: r.a,
-    b: r.b,
-    p: r.Fp.ORDER,
-    n: r.n,
-    h: r.h,
-    Gx: r.Gx,
-    Gy: r.Gy
-  }, c = r.Fp;
-  let t = r.allowedPrivateKeyLengths ? Array.from(new Set(r.allowedPrivateKeyLengths.map((l) => Math.ceil(l / 2)))) : void 0;
-  const m = Yt(s.n, {
-    BITS: r.nBitLength,
-    allowedLengths: t,
-    modFromBytes: r.wrapPrivateKey
-  }), w = {
-    Fp: c,
-    Fn: m,
-    allowInfinityPoint: r.allowInfinityPoint,
-    endo: r.endo,
-    isTorsionFree: r.isTorsionFree,
-    clearCofactor: r.clearCofactor,
-    fromBytes: r.fromBytes,
-    toBytes: r.toBytes
-  };
-  return { CURVE: s, curveOpts: w };
+function H(...t) {
+  let n = 0;
+  for (let r = 0; r < t.length; r++) {
+    const o = t[r];
+    h(o), n += o.length;
+  }
+  const e = new Uint8Array(n);
+  for (let r = 0, o = 0; r < t.length; r++) {
+    const i = t[r];
+    e.set(i, o), o += i.length;
+  }
+  return e;
+}
+const y = (t) => typeof t == "bigint" && w <= t;
+function I(t, n, e) {
+  return y(t) && y(n) && y(e) && n <= t && t < e;
+}
+function R(t, n, e, r) {
+  if (!I(n, e, r))
+    throw new Error("expected valid " + t + ": " + e + " <= n < " + r + ", got " + n);
 }
-function qt(r) {
-  const { CURVE: s, curveOpts: c } = Xt(r), t = {
-    hmac: r.hmac,
-    randomBytes: r.randomBytes,
-    lowS: r.lowS,
-    bits2int: r.bits2int,
-    bits2int_modN: r.bits2int_modN
+function j(t) {
+  let n;
+  for (n = 0; t > w; t >>= p, n += 1)
+    ;
+  return n;
+}
+const z = (t) => (p << BigInt(t)) - p, d = (t) => new Uint8Array(t), A = (t) => Uint8Array.from(t);
+function D(t, n, e) {
+  if (typeof t != "number" || t < 2)
+    throw new Error("hashLen must be a number");
+  if (typeof n != "number" || n < 2)
+    throw new Error("qByteLen must be a number");
+  if (typeof e != "function")
+    throw new Error("hmacFn must be a function");
+  let r = d(t), o = d(t), i = 0;
+  const a = () => {
+    r.fill(1), o.fill(0), i = 0;
+  }, f = (...s) => e(o, r, ...s), c = (s = d(0)) => {
+    o = f(A([0]), s), r = f(), s.length !== 0 && (o = f(A([1]), s), r = f());
+  }, v = () => {
+    if (i++ >= 1e3)
+      throw new Error("drbg: tried 1000 values");
+    let s = 0;
+    const l = [];
+    for (; s < n; ) {
+      r = f();
+      const g = r.slice();
+      l.push(g), s += r.length;
+    }
+    return H(...l);
+  };
+  return (s, l) => {
+    a(), c(s);
+    let g;
+    for (; !(g = l(v())); )
+      c();
+    return a(), g;
   };
-  return { CURVE: s, curveOpts: c, hash: r.hash, ecdsaOpts: t };
 }
-function It(r, s) {
-  const c = s.Point;
-  return Object.assign({}, s, {
-    ProjectivePoint: c,
-    CURVE: Object.assign({}, r, Vt(c.Fn.ORDER, c.Fn.BITS))
-  });
+const _ = {
+  bigint: (t) => typeof t == "bigint",
+  function: (t) => typeof t == "function",
+  boolean: (t) => typeof t == "boolean",
+  string: (t) => typeof t == "string",
+  stringOrUint8Array: (t) => typeof t == "string" || b(t),
+  isSafeInteger: (t) => Number.isSafeInteger(t),
+  array: (t) => Array.isArray(t),
+  field: (t, n) => n.Fp.isValid(t),
+  hash: (t) => typeof t == "function" && Number.isSafeInteger(t.outputLen)
+};
+function P(t, n, e = {}) {
+  const r = (o, i, a) => {
+    const f = _[i];
+    if (typeof f != "function")
+      throw new Error("invalid validator function");
+    const c = t[o];
+    if (!(a && c === void 0) && !f(c, t))
+      throw new Error("param " + String(o) + " is invalid. Expected " + i + ", got " + c);
+  };
+  for (const [o, i] of Object.entries(n))
+    r(o, i, !1);
+  for (const [o, i] of Object.entries(e))
+    r(o, i, !0);
+  return t;
 }
-function Gt(r) {
-  const { CURVE: s, curveOpts: c, hash: t, ecdsaOpts: m } = qt(r), w = Ct(s, c), l = Dt(w, t, m);
-  return It(r, l);
+function W(t) {
+  const n = /* @__PURE__ */ new WeakMap();
+  return (e, ...r) => {
+    const o = n.get(e);
+    if (o !== void 0)
+      return o;
+    const i = t(e, ...r);
+    return n.set(e, i), i;
+  };
 }
 export {
-  C as DER,
-  Ht as DERErr,
-  M as _normFnElement,
-  Tt as _splitEndoScalar,
-  Lt as ecdh,
-  Dt as ecdsa,
-  Gt as weierstrass,
-  Ct as weierstrassN
+  R as aInRange,
+  k as abool,
+  h as abytes,
+  j as bitLen,
+  z as bitMask,
+  x as bytesToHex,
+  O as bytesToNumberBE,
+  V as bytesToNumberLE,
+  H as concatBytes,
+  D as createHmacDrbg,
+  M as ensureBytes,
+  B as hexToBytes,
+  E as hexToNumber,
+  I as inRange,
+  b as isBytes,
+  W as memoized,
+  T as numberToBytesBE,
+  C as numberToBytesLE,
+  F as numberToHexUnpadded,
+  P as validateObject
 };