@helios-lang/effect 0.1.15 → 0.2.0

package/dist/Crypto/Ed25519.js

@@ -0,0 +1,323 @@
+import { Either, Encoding } from "effect";
+import * as Bits from "../Codecs/Bits.js";
+import * as Bytes from "../Codecs/Bytes.js";
+import * as LittleEndian from "../Codecs/LittleEndian.js";
+import { EdDSA } from "./EdDSA.js";
+import { FieldHelper, ScalarField } from "./Field.js";
+/**
+ * @param bytes
+ * @param truncate
+ * Force `bytes` to 32 bytes long, applying special padding to first and 32nd byte
+ * @returns
+ * A DecodeException if `bytes` is empty
+ */
+export function decodeScalar(bytes, truncate = false) {
+    if (truncate) {
+        bytes = bytes.slice(0, 32);
+        bytes[0] &= 0b11111000;
+        bytes[31] &= 0b00111111;
+        bytes[31] |= 0b01000000;
+    }
+    return LittleEndian.decode(bytes);
+}
+/**
+ * @param bytes
+ * @returns
+ * A DecodeException if `bytes` is empty
+ */
+export function decodePrivateKey(bytes) {
+    return decodeScalar(bytes, true);
+}
+/**
+ * @param x
+ * @returns
+ */
+export function encodeScalar(x) {
+    return new Uint8Array(LittleEndian.encode32(x));
+}
+/**
+ * The formula for the twisted Edwards curve is:
+ *    -x^2 + y^2 = 1 - d*x^2*y^2
+ * Calculating x from this we get (only y is stored in the encoded point):
+ *    y^2 - 1 = x^2*(1 - d*y^2)
+ *    x = sqrt((y^2 - 1)/(1 - d*y^2))
+ * @param bytes
+ * @returns
+ * A DecodeException if `bytes` isn't exactly 32 long
+ */
+export const decodePoint = (bytes) => Either.gen(function* () {
+    if (bytes.length != 32) {
+        return yield* Either.left(Encoding.DecodeException(Bytes.toHex(bytes), `expected 32 bytes for encoded point, got ${bytes.length}`));
+    }
+    const tmp = bytes.slice();
+    tmp[31] = tmp[31] & 0b01111111;
+    // here we know that `tmp` isn't empty, so `decodeScalar()` can't throw an error
+    const y = Either.getOrThrow(decodeScalar(tmp));
+    const finalBit = Bits.getBit(Array.from(bytes), 255);
+    const y2 = y * y;
+    const x2 = (y2 - 1n) * F.invert(1n + D * y2);
+    // sqrt
+    let x = sqrt(x2);
+    if (!x) {
+        throw new Error("sqrt not defined on Ed25519 field, unable to recover X");
+    }
+    // if odd state not equal, make odd state same
+    if (Number(x & 1n) != finalBit) {
+        x = F.negate(x);
+    }
+    return { x, y };
+});
+/**
+ * @param point
+ * @returns
+ */
+export function encodePoint(point) {
+    const { x, y } = point;
+    const evenOdd = Number(x & 1n); // 0: even, 1: odd
+    const bytes = encodeScalar(y);
+    // last bit is determined by x
+    bytes[31] = (bytes[31] & 0b011111111) | (evenOdd * 0b10000000);
+    return bytes;
+}
+// Decimal representations of large numbers because that's most common in literature
+// Curve coordinate prime number.
+// 255 bits so last bit can instead be used to encode sign
+//   (i.e. 32 byte compressed format for points which is neede by publicKey and first part of signature)
+//  operations on point coordinates are modulo P
+export const P = 57896044618658097711785492504343953926634992332820282019728792003956564819949n; // ipowi(255n) - 19n, hence 25519
+// A prime number that is <= the number of unique points on the curve
+//  operations on point multiplication factors are modulo N
+export const N = 7237005577332262213973186563042994240857116359379907606001950938285454250989n; // ipow2(252n) + 27742317777372353535851937790883648493n;
+// d parameter of affine twisted Edwards curve
+//  The formula for the twisted Edwards curve is:
+//    -x^2 + y^2 = 1 - d*x^2*y^2
+// Note: the negative number is already included in this parameter
+export const D = /* @__PURE__ */ (() => -4513249062541557337682894930092624173785641285191125241628941591882900924598840740n)(); // -121665n/121666n == -121665n * invert(121666n)
+// Generator point
+export const G = {
+    x: 15112221349535400772501151409588531511454012693041857206046113283949847762202n, // recovered from Gy
+    y: 46316835694926478169428394003475163141307993866256225615783033603165251855960n // (4n*invert(5n)) % P
+};
+const F = /* @__PURE__ */ (() => new FieldHelper(new ScalarField(P)))();
+// (P + 3n)/8n
+const P38 = 7237005577332262213973186563042994240829374041602535252466099000494570602494n;
+// pow(2n, (P + 1n)/4n, P);
+const SQRT2P14 = 19681161376707505956807079304988542015446066515923890162744021073123829784752n;
+function sqrt(a) {
+    let r = F.pow(a, P38);
+    const r2 = F.multiply(r, r);
+    if (!F.equals(r2, a)) {
+        r = F.multiply(r, SQRT2P14);
+    }
+    return r;
+}
+class AffineCurve {
+    constructor() { }
+    get ZERO() {
+        return {
+            x: 0n,
+            y: 1n
+        };
+    }
+    /**
+     * @param a
+     * @param b
+     * @returns
+     */
+    equals(a, b) {
+        return F.equals(a.x, b.x) && F.equals(a.y, b.y);
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    negate(point) {
+        return {
+            x: F.negate(point.x),
+            y: point.y
+        };
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    isValidPoint(point) {
+        const { x, y } = point;
+        // TODO: can we use F.square() ?
+        const xx = x * x;
+        const yy = y * y;
+        return F.equals(-xx + yy - 1n, D * xx * yy);
+    }
+    /**
+     * @param a
+     * @param b
+     * @returns
+     */
+    add(a, b) {
+        const { x: x1, y: y1 } = a;
+        const { x: x2, y: y2 } = b;
+        const dxxyy = D * x1 * x2 * y1 * y2;
+        const x3 = F.multiply(x1 * y2 + x2 * y1, F.invert(1n + dxxyy));
+        const y3 = F.multiply(y1 * y2 + x1 * x2, F.invert(1n - dxxyy));
+        return { x: x3, y: y3 };
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    fromAffine(point) {
+        return point;
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    toAffine(point) {
+        return point;
+    }
+}
+export const affineCurve = new AffineCurve();
+class ExtendedCurve {
+    constructor() { }
+    get ZERO() {
+        return { x: 0n, y: 1n, z: 1n, t: 0n };
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    isValidPoint(point) {
+        if (this.equals(this.ZERO, point)) {
+            return true;
+        }
+        else {
+            const zInverse = F.invert(point.z);
+            const x = F.multiply(point.x, zInverse);
+            const y = F.multiply(point.y, zInverse);
+            const xx = x * x;
+            const yy = y * y;
+            return F.equals(-xx + yy - 1n, D * xx * yy);
+        }
+    }
+    /**
+     * @param a
+     * @param b
+     * @returns
+     */
+    equals(a, b) {
+        return (F.multiply(a.x, b.z) == F.multiply(b.x, a.z) &&
+            F.multiply(a.y, b.z) == F.multiply(b.y, a.z));
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    negate(point) {
+        return {
+            x: F.negate(point.x),
+            y: point.y,
+            z: point.z,
+            t: F.negate(point.t)
+        };
+    }
+    /**
+     * @param point1
+     * @param point2
+     * @returns
+     */
+    add(point1, point2) {
+        const { x: x1, y: y1, z: z1, t: t1 } = point1;
+        const { x: x2, y: y2, z: z2, t: t2 } = point2;
+        const a = F.multiply(x1, x2);
+        const b = F.multiply(y1, y2);
+        const c = F.multiply(D * t1, t2);
+        const d = F.multiply(z1, z2);
+        const e = F.add((x1 + y1) * (x2 + y2), -a - b);
+        const f = F.add(d, -c);
+        const g = F.add(d, c);
+        const h = F.add(a, b);
+        const x3 = F.multiply(e, f);
+        const y3 = F.multiply(g, h);
+        const z3 = F.multiply(f, g);
+        const t3 = F.multiply(e, h);
+        return { x: x3, y: y3, z: z3, t: t3 };
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    toAffine(point) {
+        if (this.equals(this.ZERO, point)) {
+            return { x: 0n, y: 1n };
+        }
+        else {
+            const zInverse = F.invert(point.z);
+            return {
+                x: F.multiply(point.x, zInverse),
+                y: F.multiply(point.y, zInverse)
+            };
+        }
+    }
+    /**
+     * @param point
+     * @returns
+     */
+    fromAffine(point) {
+        const { x, y } = point;
+        return {
+            x,
+            y,
+            z: 1n,
+            t: F.multiply(x, y)
+        };
+    }
+}
+export const extendedCurve = /* @__PURE__ */ (() => new ExtendedCurve())();
+const algorithm = /* @__PURE__ */ (() => new EdDSA(extendedCurve, G, new ScalarField(N), {
+    decodePoint,
+    encodePoint,
+    decodePrivateKey,
+    decodeScalar,
+    encodeScalar
+}))();
+/**
+ * @param privateKey
+ * Must be 64 bytes long
+ * @param hashPrivateKey
+ * Defaults to true, set to false when used in Bip32 algorithm
+ * @returns
+ * 32 byte public key, or BadPrivateKeyLength if private key isn't 64 bytes long
+ */
+export function derivePublicKey(privateKey, hashPrivateKey = true) {
+    return algorithm.derivePublicKey(privateKey, hashPrivateKey);
+}
+/**
+ * Sign the message.
+ * Even though this implementation isn't constant time, it isn't vulnerable to a timing attack (see detailed notes in EdDSA implementation)
+ * @param message
+ * @param privateKeyBytes
+ * @param hashPrivateKey
+ * Defaults to true, Bip32 passes this as false
+ * @returns
+ * 64 byte signature, or BadPrivateKeyLength if private key isn't 64 bytes long
+ */
+export function sign(message, privateKey, hashPrivateKey = true) {
+    return algorithm.sign(message, privateKey, hashPrivateKey);
+}
+/**
+ * @param signature
+ * @param message
+ * @param publicKey
+ * @returns
+ *   - `true` if the signature is correct.
+ *   - `false`:
+ *     - if the signature is incorrect
+ *     - if the signature doesn't lie on the curve,
+ *     - if the publicKey doesn't lie on the curve
+ *   - BadPublicKeyLength if publicKey isn't 32 bytes long
+ *   - BadSignatureLength if signature isn't 64 bytes long
+ */
+export function verify(signature, message, publicKey) {
+    return algorithm.verify(signature, message, publicKey);
+}
+//# sourceMappingURL=Ed25519.js.map

package/dist/Crypto/Ed25519.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Ed25519.js","sourceRoot":"","sources":["../../src/Crypto/Ed25519.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAA;AACzC,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAA;AACzC,OAAO,KAAK,KAAK,MAAM,oBAAoB,CAAA;AAC3C,OAAO,KAAK,YAAY,MAAM,2BAA2B,CAAA;AAEzD,OAAO,EAIL,KAAK,EACN,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAErD;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAC1B,KAAiB,EACjB,WAAoB,KAAK;IAEzB,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;QAE1B,KAAK,CAAC,CAAC,CAAC,IAAI,UAAU,CAAA;QACtB,KAAK,CAAC,EAAE,CAAC,IAAI,UAAU,CAAA;QACvB,KAAK,CAAC,EAAE,CAAC,IAAI,UAAU,CAAA;IACzB,CAAC;IAED,OAAO,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AACnC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAiB;IAEjB,OAAO,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,CAAS;IACpC,OAAO,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;AACjD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,KAAiB,EACiC,EAAE,CACpD,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,CAAC,MAAM,CAAC,IAAI,CACvB,QAAQ,CAAC,eAAe,CACtB,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,EAClB,4CAA4C,KAAK,CAAC,MAAM,EAAE,CAC3D,CACF,CAAA;IACH,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,EAAE,CAAA;IACzB,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAA;IAE9B,gFAAgF;IAChF,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAA;IAEpD,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAA;IAChB,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;IAE5C,OAAO;IACP,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC,CAAA;IAEhB,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAA;IAC3E,CAAC;IAED,8CAA8C;IAC9C,IAAI,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,QAAQ,EAAE,CAAC;QAC/B,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IAED,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACjB,CAAC,CAAC,CAAA;AAEJ;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAA;IACtB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAAA,CAAC,kBAAkB;IAEjD,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,CAAA;IAE7B,8BAA8B;IAC9B,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,GAAG,UAAU,CAAC,CAAA;IAE9D,OAAO,KAAK,CAAA;AACd,CAAC;AAED,oFAAoF;AAEpF,iCAAiC;AACjC,0DAA0D;AAC1D,wGAAwG;AACxG,gDAAgD;AAChD,MAAM,CAAC,MAAM,CAAC,GACZ,8EAA8E,CAAA,CAAC,iCAAiC;AAElH,qEAAqE;AACrE,2DAA2D;AAC3D,MAAM,CAAC,MAAM,CAAC,GACZ,6EAA6E,CAAA,CAAC,yDAAyD;AAEzI,8CAA8C;AAC9C,iDAAiD;AACjD,gCAAgC;AAChC,kEAAkE;AAClE,MAAM,CAAC,MAAM,CAAC,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACrC,CAAC,mFAAmF,CAAC,EAAE,CAAA,CAAC,iDAAiD;AAE3I,kBAAkB;AAClB,MAAM,CAAC,MAAM,CAAC,GAAG;IACf,CAAC,EAAE,8EAA8E,EAAE,oBAAoB;IACvG,CAAC,EAAE,8EAA8E,CAAC,sBAAsB;CACzG,CAAA;AAED,MAAM,CAAC,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,WAAW,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;AAEvE,cAAc;AACd,MAAM,GAAG,GACP,6EAA6E,CAAA;AAE/E,2BAA2B;AAC3B,MAAM,QAAQ,GACZ,8EAA8E,CAAA;AAEhF,SAAS,IAAI,CAAC,CAAS;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAErB,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAE3B,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;QACrB,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO,CAAC,CAAA;AACV,CAAC;AAED,MAAM,WAAW;IACf,gBAAe,CAAC;IAEhB,IAAI,IAAI;QACN,OAAO;YACL,CAAC,EAAE,EAAE;YACL,CAAC,EAAE,EAAE;SACN,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,CAAU,EAAE,CAAU;QAC3B,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IACjD,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAc;QACnB,OAAO;YACL,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACpB,CAAC,EAAE,KAAK,CAAC,CAAC;SACX,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,KAAc;QACzB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAA;QAEtB,gCAAgC;QAChC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAA;QAChB,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAA;QAEhB,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,CAAU,EAAE,CAAU;QACxB,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QAC1B,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QAE1B,MAAM,KAAK,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;QAEnC,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAA;QAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,CAAA;QAE9D,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAA;IACzB,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,KAAc;QACvB,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,KAAc;QACrB,OAAO,KAAK,CAAA;IACd,CAAC;CACF;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAA;AAE5C,MAAM,aAAa;IACjB,gBAAe,CAAC;IAEhB,IAAI,IAAI;QACN,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAA;IACvC,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,KAAqB;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAA;QACb,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAElC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;YACvC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;YAEvC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAA;YAChB,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAA;YAEhB,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,CAAiB,EAAE,CAAiB;QACzC,OAAO,CACL,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAC7C,CAAA;IACH,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,KAAqB;QAC1B,OAAO;YACL,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACpB,CAAC,EAAE,KAAK,CAAC,CAAC;YACV,CAAC,EAAE,KAAK,CAAC,CAAC;YACV,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;SACrB,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,MAAsB,EAAE,MAAsB;QAChD,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,MAAM,CAAA;QAC7C,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,MAAM,CAAA;QAE7C,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAA;QAChC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;QAC9C,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACtB,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QACrB,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QACrB,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC3B,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC3B,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC3B,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAE3B,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAA;IACvC,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,KAAqB;QAC5B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAA;QACzB,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAElC,OAAO;gBACL,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;gBAChC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;aACjC,CAAA;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,KAAc;QACvB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAA;QAEtB,OAAO;YACL,CAAC;YACD,CAAC;YACD,CAAC,EAAE,EAAE;YACL,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;SACpB,CAAA;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC,EAAE,CAAA;AAE1E,MAAM,SAAS,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACtC,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC,EAAE,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE;IAC9C,WAAW;IACX,WAAW;IACX,gBAAgB;IAChB,YAAY;IACZ,YAAY;CACb,CAAC,CAAC,EAAE,CAAA;AAEP;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAsB,EACtB,iBAA0B,IAAI;IAE9B,OAAO,SAAS,CAAC,eAAe,CAAC,UAAU,EAAE,cAAc,CAAC,CAAA;AAC9D,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,IAAI,CAClB,OAAmB,EACnB,UAAsB,EACtB,iBAA0B,IAAI;IAE9B,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,cAAc,CAAC,CAAA;AAC5D,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,MAAM,CACpB,SAAqB,EACrB,OAAmB,EACnB,SAAqB;IAErB,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;AACxD,CAAC"}

package/dist/Crypto/EdDSA.js

@@ -0,0 +1,222 @@
+import { Data, Either } from "effect";
+import { CurveHelper } from "./Curve.js";
+import * as Sha2_512 from "./Sha2_512.js";
+export class BadPrivateKeyLength extends Data.TaggedError("Crypto.EdDSA.BadPrivateKeyLength") {
+    constructor(privateKey) {
+        super({
+            message: `expected extended privateKey with a length of 64 bytes, this privateKey is ${privateKey.length} bytes long (hint: pass hashPrivateKey = true)`
+        });
+    }
+}
+export class BadSignatureLength extends Data.TaggedError("Crypto.EdDSA.BadSignatureLength") {
+    constructor(signature) {
+        super({ message: `unexpected signature length ${signature.length}` });
+    }
+}
+export class BadPublicKeyLength extends Data.TaggedError("Crypto.EdDSA.BadPublicKeyLength") {
+    constructor(publicKey) {
+        super({ message: `unexpected publicKey length ${publicKey.length}` });
+    }
+}
+/**
+ *  Edwards Digital Signing Algorithm
+ *
+ * Symbols based on the book "Elliptic Curves in Cryptography" by I.F. Blake, G. Seroussi and N.P. Smart
+ * See page 4 for an overview of the DSA algorithm.
+ * This book along with the first few sections of "Cryptography: An Introduction" by N.P. Smart are
+ *   recommended reads in order to understand better the concepts of "scalars" and "CurvePoint" and
+ *   their arithmatic over finite fields.
+ *
+ * Notation:
+ *   privateKey: 64 bytes, first 32 bytes form the scalar integer `x`, the latter bytes are used for private nonce generation
+ *   publicKey: 32 bytes
+ *   x: bigint scalar representation of privateKey
+ *   g: generator BASE point
+ *   h: CurvePoint representation of publicKey
+ *   m: (hashed) message, kept as bytes
+ *   k: a practically random number, created by applying a one-way function to the message and part of the private key
+ *   a: first part of signature
+ *   b: second part of signature
+ *   `*`: group multiplication of a CurvePoint by a scalar integer, or multiplication of 2 scalars (depending on context)
+ *   `+`: CurvePoint addition or scalar addition depending on context
+ *   `.`: byte concatenation
+ *   `[n:N]`: slice bytes
+ *   `f(a,h,m)`: a one-way function for publicy known information
+ *   `mod()`: take modulo of a scalar wrt. the order of the Curve
+ *   `hash()`: Sha512 hash function
+ *   `encodeScalar`: turn a scalar integer into bytes
+ *   `decodeScalar`: turn bytes into a scalar integer
+ *   `encodePoint`: turn a CurvePoint into bytes
+ *   `decodePoint`: turn bytes into a CurvePoint
+ *
+ * The algorithm below is approached from an additive perspective.
+ *
+ * 1. Generate 64 random private key bytes
+ *      privateKey = random(64)
+ * 2. Generate the associated scalar `x`:
+ *      x = decodeScalar(privateKey[0:32])
+ * 3. Generate public key CurvePoint:
+ *      h = g*x
+ * 4. Encode public key:
+ *      publicKey = encodePoint(h)
+ * 5. Create first part of a signature:
+ *      k = decodeScalar(hash(privateKey[32:64] . m))
+ *      a = g*k
+ *      signature[0:32] = encodePoint(a)
+ * 6. Create second part of a signature:
+ *      f(a,h,m) = decodeScalar(hash(signature[0:32] . publicKey . m))
+ *      b = mod(k + f(a,h,m)*x)
+ *      signature[32:64] = encodeScalar(b)
+ * 7. Verify a signature:
+ *      a = decodePoint(signature[0:32])
+ *      b = decodeScalar(signature[32:64])
+ *      h = decodePoint(publicKey)
+ *      f(a,h,m) = decodeScalar(hash(signature[0:32] . publicKey . m))
+ *      g*b === a + h*f(a,h,m)
+ *
+ * We can show that this works by substituting the private calculations done upon signing (the arithmatic takes care of the mod() operator):
+ *      g*(k + f(a,h,m)*x) === g*k + h*f(a,h,m)
+ *      g*k + g*x*f(a,h,m) === g*k + h*f(a,h,m)
+ *
+ * We know that `g*x == h`, QED.
+ *
+ * The arithmatic details are handled by the CurvePoint class
+ */
+export class EdDSA {
+    curve;
+    G;
+    Z;
+    codec;
+    /**
+     * @param curve
+     */
+    constructor(curve, G, Z, pointCodec) {
+        this.curve = curve;
+        this.G = G;
+        this.Z = Z;
+        this.codec = pointCodec;
+    }
+    /**
+     * Combination hash and decodeCurveInt
+     * @param bytes
+     * @returns
+     */
+    oneWay(...chunks) {
+        const l = chunks.reduce((prev, chunk) => chunk.length + prev, 0);
+        const bytes = new Uint8Array(l);
+        let offset = 0;
+        chunks.forEach((chunk) => {
+            bytes.set(chunk, offset);
+            offset += chunk.length;
+        });
+        return Either.getOrThrow(this.codec.decodeScalar(Sha2_512.hashSync(bytes)));
+    }
+    /**
+     * @param privateKeyBytes
+     * @param hashPrivateKey
+     * Defaults to true, set to false
+     * when used in Bip32 algorithm
+     * @returns 32 byte public key.
+     */
+    derivePublicKey(privateKeyBytes, hashPrivateKey = true) {
+        if (hashPrivateKey) {
+            privateKeyBytes = Sha2_512.hashSync(privateKeyBytes);
+        }
+        else {
+            if (privateKeyBytes.length != 64) {
+                return Either.left(new BadPrivateKeyLength(privateKeyBytes));
+            }
+        }
+        // we know that `privateKeyBytes` isn't empty, so `decodePrivateKey()` should never throw an error
+        const privateKey = Either.getOrThrow(this.codec.decodePrivateKey(privateKeyBytes));
+        const curveHelper = new CurveHelper(this.curve);
+        const publicKey = curveHelper.scale(this.curve.fromAffine(this.G), privateKey);
+        const publicKeyBytes = this.codec.encodePoint(this.curve.toAffine(publicKey));
+        return Either.right(publicKeyBytes);
+    }
+    /**
+     * Sign the message.
+     * Even though this implementation isn't constant time, it isn't vulnerable to a timing attack (see detailed notes in implementation below)
+     * @param message
+     * @param privateKeyBytes
+     * @param hashPrivateKey
+     * Defaults to true, Bip32 passes this as false
+     * @returns
+     * 64 byte signature.
+     */
+    sign(message, privateKeyBytes, hashPrivateKey = true) {
+        if (hashPrivateKey) {
+            privateKeyBytes = Sha2_512.hashSync(privateKeyBytes);
+        }
+        else {
+            if (privateKeyBytes.length != 64) {
+                return Either.left(new BadPrivateKeyLength(privateKeyBytes));
+            }
+        }
+        // Extract privateKey as integer
+        //   (Not vulnerable to timing attack because there is no mixing with the message,
+        //      so always takes the same amount of time for the same privateKey)
+        const privateKey = Either.getOrThrow(this.codec.decodePrivateKey(privateKeyBytes));
+        const curveHelper = new CurveHelper(this.curve);
+        // For convenience calculate publicKey here
+        //   (Not vulnerable to timing attack because there is no mixing with the message,
+        //      so always takes the same amount of time for the same privateKey)
+        const publicKey = curveHelper.scale(this.curve.fromAffine(this.G), privateKey);
+        const publicKeyBytes = this.codec.encodePoint(this.curve.toAffine(publicKey));
+        // Generate a practically random number
+        //   (Not vulnerable to timing attack because sha2_512 runtime only depends on message length,
+        //     so timing doesn't expose any bytes of the privateKey)
+        const k = this.oneWay(privateKeyBytes.slice(32, 64), message);
+        // First part of the signature
+        //   (Not vulnerable to timing attack because variations in the message create huge random variations in k)
+        const a = curveHelper.scale(this.curve.fromAffine(this.G), k);
+        const aEncoded = this.codec.encodePoint(this.curve.toAffine(a));
+        // Second part of the signature
+        //   (Not vulnerable to timing attack.
+        //      Even though f is known publicly and changes with each message,
+        //      and the f * x operation isn't constant time (bigint ops in JS aren't constant time),
+        //      k also changes with each message, and the [k]BASE operation above
+        //      is much more expensive than multiplying two big ints)
+        const f = this.oneWay(aEncoded, publicKeyBytes, message);
+        const b = this.Z.add(k, f * privateKey);
+        const bEncoded = this.codec.encodeScalar(b);
+        return Either.right(new Uint8Array(Array.from(aEncoded).concat(Array.from(bEncoded))));
+    }
+    /**
+     * Returns `true` if the signature is correct.
+     * Returns `false`:
+     *   * if the signature is incorrect
+     *   * if the signature doesn't lie on the curve,
+     *   * if the publicKey doesn't lie on the curve
+     * Throw an error:
+     *   * signature isn't 64 bytes long
+     *   * publickey isn't 32 bytes long (asserted inside `decodePoint()`)
+     * @param signature
+     * @param message
+     * @param publicKey
+     * @returns
+     */
+    verify(signature, message, publicKey) {
+        if (signature.length != 64) {
+            return Either.left(new BadSignatureLength(signature));
+        }
+        const a = this.curve.fromAffine(Either.getOrThrow(this.codec.decodePoint(signature.slice(0, 32))));
+        if (!this.curve.isValidPoint(a)) {
+            return Either.right(false);
+        }
+        const b = Either.getOrThrow(this.codec.decodeScalar(signature.slice(32, 64)));
+        if (publicKey.length != 32) {
+            return Either.left(new BadPublicKeyLength(publicKey));
+        }
+        const h = this.curve.fromAffine(Either.getOrThrow(this.codec.decodePoint(publicKey)));
+        if (!this.curve.isValidPoint(h)) {
+            return Either.right(false);
+        }
+        const f = this.oneWay(signature.slice(0, 32), publicKey, message);
+        const curveHelper = new CurveHelper(this.curve);
+        const left = curveHelper.scale(this.curve.fromAffine(this.G), b);
+        const right = this.curve.add(a, curveHelper.scale(h, f));
+        return Either.right(this.curve.equals(left, right));
+    }
+}
+//# sourceMappingURL=EdDSA.js.map

package/dist/Crypto/EdDSA.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EdDSA.js","sourceRoot":"","sources":["../../src/Crypto/EdDSA.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAY,MAAM,QAAQ,CAAA;AAC/C,OAAO,EAAc,WAAW,EAAgB,MAAM,YAAY,CAAA;AAClE,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAA;AAGzC,MAAM,OAAO,mBAAoB,SAAQ,IAAI,CAAC,WAAW,CACvD,kCAAkC,CAGlC;IACA,YAAY,UAAsB;QAChC,KAAK,CAAC;YACJ,OAAO,EAAE,8EAA8E,UAAU,CAAC,MAAM,gDAAgD;SACzJ,CAAC,CAAA;IACJ,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,IAAI,CAAC,WAAW,CACtD,iCAAiC,CAGjC;IACA,YAAY,SAAqB;QAC/B,KAAK,CAAC,EAAE,OAAO,EAAE,+BAA+B,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IACvE,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,IAAI,CAAC,WAAW,CACtD,iCAAiC,CAGjC;IACA,YAAY,SAAqB;QAC/B,KAAK,CAAC,EAAE,OAAO,EAAE,+BAA+B,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;IACvE,CAAC;CACF;AAmBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+DG;AACH,MAAM,OAAO,KAAK;IACP,KAAK,CAAkB;IACvB,CAAC,CAA0B;IAC3B,CAAC,CAAe;IAChB,KAAK,CAAO;IAErB;;OAEG;IACH,YACE,KAAuB,EACvB,CAA2B,EAC3B,CAAgB,EAChB,UAAiB;QAEjB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QACV,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QACV,IAAI,CAAC,KAAK,GAAG,UAAU,CAAA;IACzB,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,GAAG,MAAoB;QACpC,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC,CAAA;QAEhE,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;QAE/B,IAAI,MAAM,GAAG,CAAC,CAAA;QACd,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YACvB,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;YACxB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAA;QACxB,CAAC,CAAC,CAAA;QAEF,OAAO,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC7E,CAAC;IAED;;;;;;OAMG;IACH,eAAe,CACb,eAA2B,EAC3B,iBAA0B,IAAI;QAE9B,IAAI,cAAc,EAAE,CAAC;YACnB,eAAe,GAAG,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;QACtD,CAAC;aAAM,CAAC;YACN,IAAI,eAAe,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACjC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,eAAe,CAAC,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAED,kGAAkG;QAClG,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAClC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC7C,CAAA;QAED,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAE/C,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CACjC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAC7B,UAAU,CACX,CAAA;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAC3C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC/B,CAAA;QAED,OAAO,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;IACrC,CAAC;IAED;;;;;;;;;OASG;IACH,IAAI,CACF,OAAmB,EACnB,eAA2B,EAC3B,iBAA0B,IAAI;QAE9B,IAAI,cAAc,EAAE,CAAC;YACnB,eAAe,GAAG,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAA;QACtD,CAAC;aAAM,CAAC;YACN,IAAI,eAAe,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACjC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,eAAe,CAAC,CAAC,CAAA;YAC9D,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,kFAAkF;QAClF,wEAAwE;QACxE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAClC,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC7C,CAAA;QAED,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAE/C,2CAA2C;QAC3C,kFAAkF;QAClF,wEAAwE;QACxE,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CACjC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAC7B,UAAU,CACX,CAAA;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAC3C,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC/B,CAAA;QAED,uCAAuC;QACvC,8FAA8F;QAC9F,4DAA4D;QAC5D,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAA;QAE7D,8BAA8B;QAC9B,2GAA2G;QAC3G,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;QAE/D,+BAA+B;QAC/B,sCAAsC;QACtC,sEAAsE;QACtE,4FAA4F;QAC5F,yEAAyE;QACzE,6DAA6D;QAC7D,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,cAAc,EAAE,OAAO,CAAC,CAAA;QACxD,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,CAAA;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QAE3C,OAAO,MAAM,CAAC,KAAK,CACjB,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAClE,CAAA;IACH,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,MAAM,CACJ,SAAqB,EACrB,OAAmB,EACnB,SAAqB;QAErB,IAAI,SAAS,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAC7B,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAClE,CAAA;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QAC5B,CAAC;QAED,MAAM,CAAC,GAAG,MAAM,CAAC,UAAU,CACzB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CACjD,CAAA;QAED,IAAI,SAAS,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAC7B,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CACrD,CAAA;QAED,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;YAChC,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QAC5B,CAAC;QAED,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,CAAA;QAEjE,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAE/C,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAChE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QAExD,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAA;IACrD,CAAC;CACF"}