@neuraiproject/neurai-depin-msg 1.0.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -6
- package/dist/neurai-depin-msg.js +43 -59
- package/dist/neurai-depin-msg.min.js +1 -1
- package/package.json +1 -1
- package/src/index.js +89 -37
package/README.md
CHANGED
|
@@ -130,18 +130,18 @@ Notes:
|
|
|
130
130
|
|
|
131
131
|
## How it works (Core-compatible)
|
|
132
132
|
|
|
133
|
-
### Encryption (Hybrid ECIES)
|
|
133
|
+
### Encryption (Hybrid ECIES with AES-256-GCM)
|
|
134
134
|
|
|
135
|
-
This matches Neurai Core's `CECIESEncryptedMessage` format:
|
|
135
|
+
This matches Neurai Core's `CECIESEncryptedMessage` format (v2.0+):
|
|
136
136
|
|
|
137
137
|
- Ephemeral keypair is generated per message.
|
|
138
138
|
- Message encryption:
|
|
139
|
-
- AES-256-
|
|
140
|
-
- Payload is stored as `[
|
|
139
|
+
- AES-256-GCM encrypts plaintext with a derived AES key (no padding).
|
|
140
|
+
- Payload is stored as `[Nonce(12) || ciphertext || AuthTag(16)]`.
|
|
141
141
|
- Per-recipient key wrapping:
|
|
142
142
|
- ECDH derives a shared secret from ephemeral privkey + recipient pubkey.
|
|
143
|
-
- A per-recipient `encKey` is derived and used to AES-
|
|
144
|
-
- Recipient package is `[
|
|
143
|
+
- A per-recipient `encKey` is derived and used to AES-256-GCM encrypt the 32-byte AES key.
|
|
144
|
+
- Recipient package is `[Nonce(12) || encryptedAESKey(32) || AuthTag(16)]` (60 bytes).
|
|
145
145
|
|
|
146
146
|
### Serialization
|
|
147
147
|
|
package/dist/neurai-depin-msg.js
CHANGED
|
@@ -4324,16 +4324,6 @@ var neuraiDepinMsg = (() => {
|
|
|
4324
4324
|
return null;
|
|
4325
4325
|
return noPrefix;
|
|
4326
4326
|
}
|
|
4327
|
-
function timingSafeEqual(a, b) {
|
|
4328
|
-
if (!(a instanceof Uint8Array) || !(b instanceof Uint8Array))
|
|
4329
|
-
return false;
|
|
4330
|
-
if (a.length !== b.length)
|
|
4331
|
-
return false;
|
|
4332
|
-
let diff = 0;
|
|
4333
|
-
for (let i = 0; i < a.length; i++)
|
|
4334
|
-
diff |= a[i] ^ b[i];
|
|
4335
|
-
return diff === 0;
|
|
4336
|
-
}
|
|
4337
4327
|
function readCompactSize(buf, offset) {
|
|
4338
4328
|
if (offset >= buf.length)
|
|
4339
4329
|
throw new Error("CompactSize: out of bounds");
|
|
@@ -4587,46 +4577,49 @@ var neuraiDepinMsg = (() => {
|
|
|
4587
4577
|
crypto.getRandomValues(bytes);
|
|
4588
4578
|
return bytes;
|
|
4589
4579
|
}
|
|
4590
|
-
async function
|
|
4580
|
+
async function aes256GcmEncrypt(plaintext, key, nonce) {
|
|
4581
|
+
if (key.length !== 32)
|
|
4582
|
+
throw new Error("Key must be 32 bytes");
|
|
4583
|
+
if (nonce.length !== 12)
|
|
4584
|
+
throw new Error("Nonce must be 12 bytes");
|
|
4591
4585
|
const cryptoKey = await crypto.subtle.importKey(
|
|
4592
4586
|
"raw",
|
|
4593
4587
|
key,
|
|
4594
|
-
{ name: "AES-
|
|
4588
|
+
{ name: "AES-GCM" },
|
|
4595
4589
|
false,
|
|
4596
4590
|
["encrypt"]
|
|
4597
4591
|
);
|
|
4598
|
-
const
|
|
4599
|
-
{ name: "AES-
|
|
4592
|
+
const encrypted = await crypto.subtle.encrypt(
|
|
4593
|
+
{ name: "AES-GCM", iv: nonce, tagLength: 128 },
|
|
4600
4594
|
cryptoKey,
|
|
4601
4595
|
plaintext
|
|
4602
4596
|
);
|
|
4603
|
-
|
|
4597
|
+
const encryptedArray = new Uint8Array(encrypted);
|
|
4598
|
+
const ciphertext = encryptedArray.slice(0, -16);
|
|
4599
|
+
const tag = encryptedArray.slice(-16);
|
|
4600
|
+
return { ciphertext, tag };
|
|
4604
4601
|
}
|
|
4605
|
-
async function
|
|
4602
|
+
async function aes256GcmDecrypt(ciphertext, key, nonce, tag) {
|
|
4603
|
+
if (key.length !== 32)
|
|
4604
|
+
throw new Error("Key must be 32 bytes");
|
|
4605
|
+
if (nonce.length !== 12)
|
|
4606
|
+
throw new Error("Nonce must be 12 bytes");
|
|
4607
|
+
if (tag.length !== 16)
|
|
4608
|
+
throw new Error("Tag must be 16 bytes");
|
|
4606
4609
|
const cryptoKey = await crypto.subtle.importKey(
|
|
4607
4610
|
"raw",
|
|
4608
4611
|
key,
|
|
4609
|
-
{ name: "AES-
|
|
4612
|
+
{ name: "AES-GCM" },
|
|
4610
4613
|
false,
|
|
4611
4614
|
["decrypt"]
|
|
4612
4615
|
);
|
|
4613
|
-
const
|
|
4614
|
-
|
|
4616
|
+
const combined = concatBytes(ciphertext, tag);
|
|
4617
|
+
const decrypted = await crypto.subtle.decrypt(
|
|
4618
|
+
{ name: "AES-GCM", iv: nonce, tagLength: 128 },
|
|
4615
4619
|
cryptoKey,
|
|
4616
|
-
|
|
4620
|
+
combined
|
|
4617
4621
|
);
|
|
4618
|
-
return new Uint8Array(
|
|
4619
|
-
}
|
|
4620
|
-
async function hmacSha256(key, data) {
|
|
4621
|
-
const cryptoKey = await crypto.subtle.importKey(
|
|
4622
|
-
"raw",
|
|
4623
|
-
key,
|
|
4624
|
-
{ name: "HMAC", hash: { name: "SHA-256" } },
|
|
4625
|
-
false,
|
|
4626
|
-
["sign"]
|
|
4627
|
-
);
|
|
4628
|
-
const mac = await crypto.subtle.sign("HMAC", cryptoKey, data);
|
|
4629
|
-
return new Uint8Array(mac);
|
|
4622
|
+
return new Uint8Array(decrypted);
|
|
4630
4623
|
}
|
|
4631
4624
|
async function normalizePrivateKeyTo32Bytes(wifOrHex) {
|
|
4632
4625
|
if (typeof wifOrHex !== "string" || wifOrHex.length === 0) {
|
|
@@ -4663,38 +4656,31 @@ var neuraiDepinMsg = (() => {
|
|
|
4663
4656
|
const recipientPackage = msg.recipientKeys.get(keyIdHex) ?? msg.recipientKeys.get(keyIdHexReversed);
|
|
4664
4657
|
if (!recipientPackage)
|
|
4665
4658
|
return null;
|
|
4666
|
-
if (recipientPackage.length <
|
|
4659
|
+
if (recipientPackage.length < 12 + 32 + 16)
|
|
4667
4660
|
return null;
|
|
4668
|
-
const
|
|
4669
|
-
const encryptedAESKey = recipientPackage.slice(
|
|
4670
|
-
const
|
|
4661
|
+
const recipientNonce = recipientPackage.slice(0, 12);
|
|
4662
|
+
const encryptedAESKey = recipientPackage.slice(12, recipientPackage.length - 16);
|
|
4663
|
+
const recipientTag = recipientPackage.slice(recipientPackage.length - 16);
|
|
4671
4664
|
const sharedPointCompressed = secp256k1.pointMultiply(msg.ephemeralPubKey, recipientPrivKeyBytes, true);
|
|
4672
4665
|
const sharedSecret = await sha256(sharedPointCompressed);
|
|
4673
4666
|
const encKey = await kdfSha256(sharedSecret, 32);
|
|
4674
|
-
|
|
4675
|
-
if (!timingSafeEqual(expectedRecipientHmac, recipientHmac))
|
|
4676
|
-
return null;
|
|
4677
|
-
let aesKeyRaw;
|
|
4667
|
+
let aesKey;
|
|
4678
4668
|
try {
|
|
4679
|
-
|
|
4669
|
+
aesKey = await aes256GcmDecrypt(encryptedAESKey, encKey, recipientNonce, recipientTag);
|
|
4680
4670
|
} catch {
|
|
4681
4671
|
return null;
|
|
4682
4672
|
}
|
|
4683
|
-
if (
|
|
4673
|
+
if (aesKey.length !== 32)
|
|
4684
4674
|
return null;
|
|
4685
|
-
const aesKey = aesKeyRaw.slice(0, 32);
|
|
4686
4675
|
const payload = msg.encryptedPayload;
|
|
4687
|
-
if (payload.length <
|
|
4688
|
-
return null;
|
|
4689
|
-
const iv = payload.slice(0, 16);
|
|
4690
|
-
const ciphertext = payload.slice(16, payload.length - 32);
|
|
4691
|
-
const payloadHmac = payload.slice(payload.length - 32);
|
|
4692
|
-
const expectedPayloadHmac = await hmacSha256(aesKey, ciphertext);
|
|
4693
|
-
if (!timingSafeEqual(expectedPayloadHmac, payloadHmac))
|
|
4676
|
+
if (payload.length < 12 + 1 + 16)
|
|
4694
4677
|
return null;
|
|
4678
|
+
const payloadNonce = payload.slice(0, 12);
|
|
4679
|
+
const ciphertext = payload.slice(12, payload.length - 16);
|
|
4680
|
+
const payloadTag = payload.slice(payload.length - 16);
|
|
4695
4681
|
let plaintextBytes;
|
|
4696
4682
|
try {
|
|
4697
|
-
plaintextBytes = await
|
|
4683
|
+
plaintextBytes = await aes256GcmDecrypt(ciphertext, aesKey, payloadNonce, payloadTag);
|
|
4698
4684
|
} catch {
|
|
4699
4685
|
return null;
|
|
4700
4686
|
}
|
|
@@ -4708,10 +4694,9 @@ var neuraiDepinMsg = (() => {
|
|
|
4708
4694
|
throw new Error("Failed to generate ephemeral public key");
|
|
4709
4695
|
}
|
|
4710
4696
|
const aesKey = await kdfSha256(ephemeralPrivKey, 32);
|
|
4711
|
-
const
|
|
4712
|
-
const ciphertext = await
|
|
4713
|
-
const
|
|
4714
|
-
const payload = concatBytes(iv, ciphertext, payloadHmac);
|
|
4697
|
+
const nonce = randomBytes(12);
|
|
4698
|
+
const { ciphertext, tag } = await aes256GcmEncrypt(plaintext, aesKey, nonce);
|
|
4699
|
+
const payload = concatBytes(nonce, ciphertext, tag);
|
|
4715
4700
|
const recipientKeys = /* @__PURE__ */ new Map();
|
|
4716
4701
|
for (const recipientPubKey of recipientPubKeys) {
|
|
4717
4702
|
if (!(recipientPubKey instanceof Uint8Array) || recipientPubKey.length !== 33) {
|
|
@@ -4720,10 +4705,9 @@ var neuraiDepinMsg = (() => {
|
|
|
4720
4705
|
const sharedPointCompressed = secp256k1.pointMultiply(recipientPubKey, ephemeralPrivKey, true);
|
|
4721
4706
|
const sharedSecret = await sha256(sharedPointCompressed);
|
|
4722
4707
|
const encKey = await kdfSha256(sharedSecret, 32);
|
|
4723
|
-
const
|
|
4724
|
-
const encryptedAESKey = await
|
|
4725
|
-
const
|
|
4726
|
-
const recipientPackage = concatBytes(recipientIV, encryptedAESKey, recipientHmac);
|
|
4708
|
+
const recipientNonce = randomBytes(12);
|
|
4709
|
+
const { ciphertext: encryptedAESKey, tag: recipientTag } = await aes256GcmEncrypt(aesKey, encKey, recipientNonce);
|
|
4710
|
+
const recipientPackage = concatBytes(recipientNonce, encryptedAESKey, recipientTag);
|
|
4727
4711
|
const keyHash = await hash160(recipientPubKey);
|
|
4728
4712
|
const keyHashHex = bytesToHex(keyHash);
|
|
4729
4713
|
recipientKeys.set(keyHashHex, recipientPackage);
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
var neuraiDepinMsg=(()=>{var Uo=Object.create;var vt=Object.defineProperty;var Ro=Object.getOwnPropertyDescriptor;var Lo=Object.getOwnPropertyNames;var qo=Object.getPrototypeOf,Vo=Object.prototype.hasOwnProperty;var de=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),ko=(e,t)=>{for(var r in t)vt(e,r,{get:t[r],enumerable:!0})},Pn=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Lo(t))!Vo.call(e,o)&&o!==r&&vt(e,o,{get:()=>t[o],enumerable:!(n=Ro(t,o))||n.enumerable});return e};var Co=(e,t,r)=>(r=e!=null?Uo(qo(e)):{},Pn(t||!e||!e.__esModule?vt(r,"default",{value:e,enumerable:!0}):r,e)),No=e=>Pn(vt({},"__esModule",{value:!0}),e);var Mn=de(St=>{"use strict";Object.defineProperty(St,"__esModule",{value:!0});St.crypto=void 0;St.crypto=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0});var qe=de(O=>{"use strict";Object.defineProperty(O,"__esModule",{value:!0});O.wrapXOFConstructorWithOpts=O.wrapConstructorWithOpts=O.wrapConstructor=O.Hash=O.nextTick=O.swap32IfBE=O.byteSwapIfBE=O.swap8IfBE=O.isLE=void 0;O.isBytes=Dn;O.anumber=Xt;O.abytes=et;O.ahash=Po;O.aexists=Mo;O.aoutput=Ko;O.u8=Do;O.u32=jo;O.clean=Zo;O.createView=zo;O.rotr=Go;O.rotl=Wo;O.byteSwap=$t;O.byteSwap32=jn;O.bytesToHex=Yo;O.hexToBytes=$o;O.asyncLoop=Qo;O.utf8ToBytes=Ft;O.bytesToUtf8=Jo;O.toBytes=At;O.kdfInputToBytes=es;O.concatBytes=ts;O.checkOpts=ns;O.createHasher=zn;O.createOptHasher=Gn;O.createXOFer=Wn;O.randomBytes=rs;var Je=Mn();function Dn(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Xt(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function et(e,...t){if(!Dn(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function Po(e){if(typeof e!="function"||typeof e.create!="function")throw new Error("Hash should be wrapped by utils.createHasher");Xt(e.outputLen),Xt(e.blockLen)}function Mo(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Ko(e,t){et(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Do(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function jo(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Zo(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function zo(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Go(e,t){return e<<32-t|e>>>t}function Wo(e,t){return e<<t|e>>>32-t>>>0}O.isLE=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;function $t(e){return e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255}O.swap8IfBE=O.isLE?e=>e:e=>$t(e);O.byteSwapIfBE=O.swap8IfBE;function jn(e){for(let t=0;t<e.length;t++)e[t]=$t(e[t]);return e}O.swap32IfBE=O.isLE?e=>e:jn;var Zn=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",Xo=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function Yo(e){if(et(e),Zn)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=Xo[e[r]];return t}var Ie={_0:48,_9:57,A:65,F:70,a:97,f:102};function Kn(e){if(e>=Ie._0&&e<=Ie._9)return e-Ie._0;if(e>=Ie.A&&e<=Ie.F)return e-(Ie.A-10);if(e>=Ie.a&&e<=Ie.f)return e-(Ie.a-10)}function $o(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(Zn)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Kn(e.charCodeAt(s)),c=Kn(e.charCodeAt(s+1));if(i===void 0||c===void 0){let a=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+a+'" at index '+s)}n[o]=i*16+c}return n}var Fo=async()=>{};O.nextTick=Fo;async function Qo(e,t,r){let n=Date.now();for(let o=0;o<e;o++){r(o);let s=Date.now()-n;s>=0&&s<t||(await(0,O.nextTick)(),n+=s)}}function Ft(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function Jo(e){return new TextDecoder().decode(e)}function At(e){return typeof e=="string"&&(e=Ft(e)),et(e),e}function es(e){return typeof e=="string"&&(e=Ft(e)),et(e),e}function ts(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];et(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}function ns(e,t){if(t!==void 0&&{}.toString.call(t)!=="[object Object]")throw new Error("options should be object or undefined");return Object.assign(e,t)}var Yt=class{};O.Hash=Yt;function zn(e){let t=n=>e().update(At(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Gn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}function Wn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}O.wrapConstructor=zn;O.wrapConstructorWithOpts=Gn;O.wrapXOFConstructorWithOpts=Wn;function rs(e=32){if(Je.crypto&&typeof Je.crypto.getRandomValues=="function")return Je.crypto.getRandomValues(new Uint8Array(e));if(Je.crypto&&typeof Je.crypto.randomBytes=="function")return Uint8Array.from(Je.crypto.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}});var Yn=de(he=>{"use strict";Object.defineProperty(he,"__esModule",{value:!0});he.SHA512_IV=he.SHA384_IV=he.SHA224_IV=he.SHA256_IV=he.HashMD=void 0;he.setBigUint64=Xn;he.Chi=os;he.Maj=ss;var _e=qe();function Xn(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),c=Number(r&s),a=n?4:0,l=n?0:4;e.setUint32(t+a,i,n),e.setUint32(t+l,c,n)}function os(e,t,r){return e&t^~e&r}function ss(e,t,r){return e&t^e&r^t&r}var Qt=class extends _e.Hash{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=(0,_e.createView)(this.buffer)}update(t){(0,_e.aexists)(this),t=(0,_e.toBytes)(t),(0,_e.abytes)(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let c=Math.min(o-this.pos,s-i);if(c===o){let a=(0,_e.createView)(t);for(;o<=s-i;i+=o)this.process(a,i);continue}n.set(t.subarray(i,i+c),this.pos),this.pos+=c,i+=c,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){(0,_e.aexists)(this),(0,_e.aoutput)(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,(0,_e.clean)(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let h=i;h<o;h++)r[h]=0;Xn(n,o-8,BigInt(this.length*8),s),this.process(n,0);let c=(0,_e.createView)(t),a=this.outputLen;if(a%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let l=a/4,d=this.get();if(l>d.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<l;h++)c.setUint32(4*h,d[h],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:c}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=c,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}};he.HashMD=Qt;he.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);he.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);he.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]);he.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])});var gr=de(k=>{"use strict";Object.defineProperty(k,"__esModule",{value:!0});k.toBig=k.shrSL=k.shrSH=k.rotrSL=k.rotrSH=k.rotrBL=k.rotrBH=k.rotr32L=k.rotr32H=k.rotlSL=k.rotlSH=k.rotlBL=k.rotlBH=k.add5L=k.add5H=k.add4L=k.add4H=k.add3L=k.add3H=void 0;k.add=ur;k.fromBig=en;k.split=$n;var Ht=BigInt(2**32-1),Jt=BigInt(32);function en(e,t=!1){return t?{h:Number(e&Ht),l:Number(e>>Jt&Ht)}:{h:Number(e>>Jt&Ht)|0,l:Number(e&Ht)|0}}function $n(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:c}=en(e[s],t);[n[s],o[s]]=[i,c]}return[n,o]}var Fn=(e,t)=>BigInt(e>>>0)<<Jt|BigInt(t>>>0);k.toBig=Fn;var Qn=(e,t,r)=>e>>>r;k.shrSH=Qn;var Jn=(e,t,r)=>e<<32-r|t>>>r;k.shrSL=Jn;var er=(e,t,r)=>e>>>r|t<<32-r;k.rotrSH=er;var tr=(e,t,r)=>e<<32-r|t>>>r;k.rotrSL=tr;var nr=(e,t,r)=>e<<64-r|t>>>r-32;k.rotrBH=nr;var rr=(e,t,r)=>e>>>r-32|t<<64-r;k.rotrBL=rr;var or=(e,t)=>t;k.rotr32H=or;var sr=(e,t)=>e;k.rotr32L=sr;var ir=(e,t,r)=>e<<r|t>>>32-r;k.rotlSH=ir;var cr=(e,t,r)=>t<<r|e>>>32-r;k.rotlSL=cr;var ar=(e,t,r)=>t<<r-32|e>>>64-r;k.rotlBH=ar;var fr=(e,t,r)=>e<<r-32|t>>>64-r;k.rotlBL=fr;function ur(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var lr=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0);k.add3L=lr;var dr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0;k.add3H=dr;var hr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0);k.add4L=hr;var yr=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0;k.add4H=yr;var br=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0);k.add5L=br;var wr=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;k.add5H=wr;var is={fromBig:en,split:$n,toBig:Fn,shrSH:Qn,shrSL:Jn,rotrSH:er,rotrSL:tr,rotrBH:nr,rotrBL:rr,rotr32H:or,rotr32L:sr,rotlSH:ir,rotlSL:cr,rotlBH:ar,rotlBL:fr,add:ur,add3L:lr,add3H:dr,add4L:hr,add4H:yr,add5H:wr,add5L:br};k.default=is});var pr=de(z=>{"use strict";Object.defineProperty(z,"__esModule",{value:!0});z.sha512_224=z.sha512_256=z.sha384=z.sha512=z.sha224=z.sha256=z.SHA512_256=z.SHA512_224=z.SHA384=z.SHA512=z.SHA224=z.SHA256=void 0;var T=Yn(),P=gr(),J=qe(),cs=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),Ve=new Uint32Array(64),ut=class extends T.HashMD{constructor(t=32){super(64,t,8,!1),this.A=T.SHA256_IV[0]|0,this.B=T.SHA256_IV[1]|0,this.C=T.SHA256_IV[2]|0,this.D=T.SHA256_IV[3]|0,this.E=T.SHA256_IV[4]|0,this.F=T.SHA256_IV[5]|0,this.G=T.SHA256_IV[6]|0,this.H=T.SHA256_IV[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:c,H:a}=this;return[t,r,n,o,s,i,c,a]}set(t,r,n,o,s,i,c,a){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=c|0,this.H=a|0}process(t,r){for(let h=0;h<16;h++,r+=4)Ve[h]=t.getUint32(r,!1);for(let h=16;h<64;h++){let f=Ve[h-15],u=Ve[h-2],b=(0,J.rotr)(f,7)^(0,J.rotr)(f,18)^f>>>3,m=(0,J.rotr)(u,17)^(0,J.rotr)(u,19)^u>>>10;Ve[h]=m+Ve[h-7]+b+Ve[h-16]|0}let{A:n,B:o,C:s,D:i,E:c,F:a,G:l,H:d}=this;for(let h=0;h<64;h++){let f=(0,J.rotr)(c,6)^(0,J.rotr)(c,11)^(0,J.rotr)(c,25),u=d+f+(0,T.Chi)(c,a,l)+cs[h]+Ve[h]|0,m=((0,J.rotr)(n,2)^(0,J.rotr)(n,13)^(0,J.rotr)(n,22))+(0,T.Maj)(n,o,s)|0;d=l,l=a,a=c,c=i+u|0,i=s,s=o,o=n,n=u+m|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,c=c+this.E|0,a=a+this.F|0,l=l+this.G|0,d=d+this.H|0,this.set(n,o,s,i,c,a,l,d)}roundClean(){(0,J.clean)(Ve)}destroy(){this.set(0,0,0,0,0,0,0,0),(0,J.clean)(this.buffer)}};z.SHA256=ut;var It=class extends ut{constructor(){super(28),this.A=T.SHA224_IV[0]|0,this.B=T.SHA224_IV[1]|0,this.C=T.SHA224_IV[2]|0,this.D=T.SHA224_IV[3]|0,this.E=T.SHA224_IV[4]|0,this.F=T.SHA224_IV[5]|0,this.G=T.SHA224_IV[6]|0,this.H=T.SHA224_IV[7]|0}};z.SHA224=It;var mr=P.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),as=mr[0],fs=mr[1],ke=new Uint32Array(80),Ce=new Uint32Array(80),Ge=class extends T.HashMD{constructor(t=64){super(128,t,16,!1),this.Ah=T.SHA512_IV[0]|0,this.Al=T.SHA512_IV[1]|0,this.Bh=T.SHA512_IV[2]|0,this.Bl=T.SHA512_IV[3]|0,this.Ch=T.SHA512_IV[4]|0,this.Cl=T.SHA512_IV[5]|0,this.Dh=T.SHA512_IV[6]|0,this.Dl=T.SHA512_IV[7]|0,this.Eh=T.SHA512_IV[8]|0,this.El=T.SHA512_IV[9]|0,this.Fh=T.SHA512_IV[10]|0,this.Fl=T.SHA512_IV[11]|0,this.Gh=T.SHA512_IV[12]|0,this.Gl=T.SHA512_IV[13]|0,this.Hh=T.SHA512_IV[14]|0,this.Hl=T.SHA512_IV[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:c,Dl:a,Eh:l,El:d,Fh:h,Fl:f,Gh:u,Gl:b,Hh:m,Hl:B}=this;return[t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,B]}set(t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,B){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=c|0,this.Dl=a|0,this.Eh=l|0,this.El=d|0,this.Fh=h|0,this.Fl=f|0,this.Gh=u|0,this.Gl=b|0,this.Hh=m|0,this.Hl=B|0}process(t,r){for(let x=0;x<16;x++,r+=4)ke[x]=t.getUint32(r),Ce[x]=t.getUint32(r+=4);for(let x=16;x<80;x++){let q=ke[x-15]|0,K=Ce[x-15]|0,Y=P.rotrSH(q,K,1)^P.rotrSH(q,K,8)^P.shrSH(q,K,7),Z=P.rotrSL(q,K,1)^P.rotrSL(q,K,8)^P.shrSL(q,K,7),M=ke[x-2]|0,v=Ce[x-2]|0,ue=P.rotrSH(M,v,19)^P.rotrBH(M,v,61)^P.shrSH(M,v,6),le=P.rotrSL(M,v,19)^P.rotrBL(M,v,61)^P.shrSL(M,v,6),V=P.add4L(Z,le,Ce[x-7],Ce[x-16]),g=P.add4H(V,Y,ue,ke[x-7],ke[x-16]);ke[x]=g|0,Ce[x]=V|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:c,Cl:a,Dh:l,Dl:d,Eh:h,El:f,Fh:u,Fl:b,Gh:m,Gl:B,Hh:U,Hl:C}=this;for(let x=0;x<80;x++){let q=P.rotrSH(h,f,14)^P.rotrSH(h,f,18)^P.rotrBH(h,f,41),K=P.rotrSL(h,f,14)^P.rotrSL(h,f,18)^P.rotrBL(h,f,41),Y=h&u^~h&m,Z=f&b^~f&B,M=P.add5L(C,K,Z,fs[x],Ce[x]),v=P.add5H(M,U,q,Y,as[x],ke[x]),ue=M|0,le=P.rotrSH(n,o,28)^P.rotrBH(n,o,34)^P.rotrBH(n,o,39),V=P.rotrSL(n,o,28)^P.rotrBL(n,o,34)^P.rotrBL(n,o,39),g=n&s^n&c^s&c,w=o&i^o&a^i&a;U=m|0,C=B|0,m=u|0,B=b|0,u=h|0,b=f|0,{h,l:f}=P.add(l|0,d|0,v|0,ue|0),l=c|0,d=a|0,c=s|0,a=i|0,s=n|0,i=o|0;let y=P.add3L(ue,V,w);n=P.add3H(y,v,le,g),o=y|0}({h:n,l:o}=P.add(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=P.add(this.Bh|0,this.Bl|0,s|0,i|0),{h:c,l:a}=P.add(this.Ch|0,this.Cl|0,c|0,a|0),{h:l,l:d}=P.add(this.Dh|0,this.Dl|0,l|0,d|0),{h,l:f}=P.add(this.Eh|0,this.El|0,h|0,f|0),{h:u,l:b}=P.add(this.Fh|0,this.Fl|0,u|0,b|0),{h:m,l:B}=P.add(this.Gh|0,this.Gl|0,m|0,B|0),{h:U,l:C}=P.add(this.Hh|0,this.Hl|0,U|0,C|0),this.set(n,o,s,i,c,a,l,d,h,f,u,b,m,B,U,C)}roundClean(){(0,J.clean)(ke,Ce)}destroy(){(0,J.clean)(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};z.SHA512=Ge;var Tt=class extends Ge{constructor(){super(48),this.Ah=T.SHA384_IV[0]|0,this.Al=T.SHA384_IV[1]|0,this.Bh=T.SHA384_IV[2]|0,this.Bl=T.SHA384_IV[3]|0,this.Ch=T.SHA384_IV[4]|0,this.Cl=T.SHA384_IV[5]|0,this.Dh=T.SHA384_IV[6]|0,this.Dl=T.SHA384_IV[7]|0,this.Eh=T.SHA384_IV[8]|0,this.El=T.SHA384_IV[9]|0,this.Fh=T.SHA384_IV[10]|0,this.Fl=T.SHA384_IV[11]|0,this.Gh=T.SHA384_IV[12]|0,this.Gl=T.SHA384_IV[13]|0,this.Hh=T.SHA384_IV[14]|0,this.Hl=T.SHA384_IV[15]|0}};z.SHA384=Tt;var ae=Uint32Array.from([2352822216,424955298,1944164710,2312950998,502970286,855612546,1738396948,1479516111,258812777,2077511080,2011393907,79989058,1067287976,1780299464,286451373,2446758561]),fe=Uint32Array.from([573645204,4230739756,2673172387,3360449730,596883563,1867755857,2520282905,1497426621,2519219938,2827943907,3193839141,1401305490,721525244,746961066,246885852,2177182882]),Ot=class extends Ge{constructor(){super(28),this.Ah=ae[0]|0,this.Al=ae[1]|0,this.Bh=ae[2]|0,this.Bl=ae[3]|0,this.Ch=ae[4]|0,this.Cl=ae[5]|0,this.Dh=ae[6]|0,this.Dl=ae[7]|0,this.Eh=ae[8]|0,this.El=ae[9]|0,this.Fh=ae[10]|0,this.Fl=ae[11]|0,this.Gh=ae[12]|0,this.Gl=ae[13]|0,this.Hh=ae[14]|0,this.Hl=ae[15]|0}};z.SHA512_224=Ot;var Ut=class extends Ge{constructor(){super(32),this.Ah=fe[0]|0,this.Al=fe[1]|0,this.Bh=fe[2]|0,this.Bl=fe[3]|0,this.Ch=fe[4]|0,this.Cl=fe[5]|0,this.Dh=fe[6]|0,this.Dl=fe[7]|0,this.Eh=fe[8]|0,this.El=fe[9]|0,this.Fh=fe[10]|0,this.Fl=fe[11]|0,this.Gh=fe[12]|0,this.Gl=fe[13]|0,this.Hh=fe[14]|0,this.Hl=fe[15]|0}};z.SHA512_256=Ut;z.sha256=(0,J.createHasher)(()=>new ut);z.sha224=(0,J.createHasher)(()=>new It);z.sha512=(0,J.createHasher)(()=>new Ge);z.sha384=(0,J.createHasher)(()=>new Tt);z.sha512_256=(0,J.createHasher)(()=>new Ut);z.sha512_224=(0,J.createHasher)(()=>new Ot)});var xr=de(Xe=>{"use strict";Object.defineProperty(Xe,"__esModule",{value:!0});Xe.hmac=Xe.HMAC=void 0;var We=qe(),lt=class extends We.Hash{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,(0,We.ahash)(t);let n=(0,We.toBytes)(r);if(this.iHash=t.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?t.create().update(n).digest():n);for(let i=0;i<s.length;i++)s[i]^=54;this.iHash.update(s),this.oHash=t.create();for(let i=0;i<s.length;i++)s[i]^=106;this.oHash.update(s),(0,We.clean)(s)}update(t){return(0,We.aexists)(this),this.iHash.update(t),this}digestInto(t){(0,We.aexists)(this),(0,We.abytes)(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));let{oHash:r,iHash:n,finished:o,destroyed:s,blockLen:i,outputLen:c}=this;return t=t,t.finished=o,t.destroyed=s,t.blockLen=i,t.outputLen=c,t.oHash=r._cloneInto(t.oHash),t.iHash=n._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}};Xe.HMAC=lt;var us=(e,t,r)=>new lt(e,t).update(r).digest();Xe.hmac=us;Xe.hmac.create=(e,t)=>new lt(e,t)});var Ye=de(R=>{"use strict";Object.defineProperty(R,"__esModule",{value:!0});R.notImplemented=R.bitMask=R.utf8ToBytes=R.randomBytes=R.isBytes=R.hexToBytes=R.concatBytes=R.bytesToUtf8=R.bytesToHex=R.anumber=R.abytes=void 0;R.abool=ls;R._abool2=ds;R._abytes2=hs;R.numberToHexUnpadded=Er;R.hexToNumber=nn;R.bytesToNumberBE=ys;R.bytesToNumberLE=bs;R.numberToBytesBE=Br;R.numberToBytesLE=ws;R.numberToVarBytesBE=gs;R.ensureBytes=ms;R.equalBytes=ps;R.copyBytes=xs;R.asciiToBytes=Es;R.inRange=_r;R.aInRange=Bs;R.bitLen=_s;R.bitGet=vs;R.bitSet=Ss;R.createHmacDrbg=Hs;R.validateObject=Ts;R.isHash=Os;R._validateObject=Us;R.memoized=Ls;var ve=qe(),Te=qe();Object.defineProperty(R,"abytes",{enumerable:!0,get:function(){return Te.abytes}});Object.defineProperty(R,"anumber",{enumerable:!0,get:function(){return Te.anumber}});Object.defineProperty(R,"bytesToHex",{enumerable:!0,get:function(){return Te.bytesToHex}});Object.defineProperty(R,"bytesToUtf8",{enumerable:!0,get:function(){return Te.bytesToUtf8}});Object.defineProperty(R,"concatBytes",{enumerable:!0,get:function(){return Te.concatBytes}});Object.defineProperty(R,"hexToBytes",{enumerable:!0,get:function(){return Te.hexToBytes}});Object.defineProperty(R,"isBytes",{enumerable:!0,get:function(){return Te.isBytes}});Object.defineProperty(R,"randomBytes",{enumerable:!0,get:function(){return Te.randomBytes}});Object.defineProperty(R,"utf8ToBytes",{enumerable:!0,get:function(){return Te.utf8ToBytes}});var Rt=BigInt(0),dt=BigInt(1);function ls(e,t){if(typeof t!="boolean")throw new Error(e+" boolean expected, got "+t)}function ds(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function hs(e,t,r=""){let n=(0,ve.isBytes)(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,c=s?` of length ${t}`:"",a=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+c+", got "+a)}return e}function Er(e){let t=e.toString(16);return t.length&1?"0"+t:t}function nn(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?Rt:BigInt("0x"+e)}function ys(e){return nn((0,ve.bytesToHex)(e))}function bs(e){return(0,ve.abytes)(e),nn((0,ve.bytesToHex)(Uint8Array.from(e).reverse()))}function Br(e,t){return(0,ve.hexToBytes)(e.toString(16).padStart(t*2,"0"))}function ws(e,t){return Br(e,t).reverse()}function gs(e){return(0,ve.hexToBytes)(Er(e))}function ms(e,t,r){let n;if(typeof t=="string")try{n=(0,ve.hexToBytes)(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if((0,ve.isBytes)(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function ps(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function xs(e){return Uint8Array.from(e)}function Es(e){return Uint8Array.from(e,(t,r)=>{let n=t.charCodeAt(0);if(t.length!==1||n>127)throw new Error(`string contains non-ASCII character "${e[r]}" with code ${n} at position ${r}`);return n})}var tn=e=>typeof e=="bigint"&&Rt<=e;function _r(e,t,r){return tn(e)&&tn(t)&&tn(r)&&t<=e&&e<r}function Bs(e,t,r,n){if(!_r(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function _s(e){let t;for(t=0;e>Rt;e>>=dt,t+=1);return t}function vs(e,t){return e>>BigInt(t)&dt}function Ss(e,t,r){return e|(r?dt:Rt)<<BigInt(t)}var As=e=>(dt<<BigInt(e))-dt;R.bitMask=As;function Hs(e,t,r){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof t!="number"||t<2)throw new Error("qByteLen must be a number");if(typeof r!="function")throw new Error("hmacFn must be a function");let n=u=>new Uint8Array(u),o=u=>Uint8Array.of(u),s=n(e),i=n(e),c=0,a=()=>{s.fill(1),i.fill(0),c=0},l=(...u)=>r(i,s,...u),d=(u=n(0))=>{i=l(o(0),u),s=l(),u.length!==0&&(i=l(o(1),u),s=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let u=0,b=[];for(;u<t;){s=l();let m=s.slice();b.push(m),u+=s.length}return(0,ve.concatBytes)(...b)};return(u,b)=>{a(),d(u);let m;for(;!(m=b(h()));)d();return a(),m}}var Is={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||(0,ve.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function Ts(e,t,r={}){let n=(o,s,i)=>{let c=Is[s];if(typeof c!="function")throw new Error("invalid validator function");let a=e[o];if(!(i&&a===void 0)&&!c(a,e))throw new Error("param "+String(o)+" is invalid. Expected "+s+", got "+a)};for(let[o,s]of Object.entries(t))n(o,s,!1);for(let[o,s]of Object.entries(r))n(o,s,!0);return e}function Os(e){return typeof e=="function"&&Number.isSafeInteger(e.outputLen)}function Us(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let c=e[o];if(i&&c===void 0)return;let a=typeof c;if(a!==s||c===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${a}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var Rs=()=>{throw new Error("not implemented")};R.notImplemented=Rs;function Ls(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}});var tt=de(X=>{"use strict";Object.defineProperty(X,"__esModule",{value:!0});X.isNegativeLE=void 0;X.mod=ge;X.pow=ks;X.pow2=Cs;X.invert=Lt;X.tonelliShanks=on;X.FpSqrt=Or;X.validateField=Ds;X.FpPow=sn;X.FpInvertBatch=Ur;X.FpDiv=js;X.FpLegendre=qt;X.FpIsSquare=Zs;X.nLength=cn;X.Field=Vt;X.FpSqrtOdd=zs;X.FpSqrtEven=Gs;X.hashToPrivateScalar=Ws;X.getFieldBytesLength=an;X.getMinHashLength=Rr;X.mapHashToField=Xs;var me=Ye(),ye=BigInt(0),ee=BigInt(1),$e=BigInt(2),vr=BigInt(3),Sr=BigInt(4),Ar=BigInt(5),qs=BigInt(7),Hr=BigInt(8),Vs=BigInt(9),Ir=BigInt(16);function ge(e,t){let r=e%t;return r>=ye?r:t+r}function ks(e,t,r){return sn(Vt(r),e,t)}function Cs(e,t,r){let n=e;for(;t-- >ye;)n*=n,n%=r;return n}function Lt(e,t){if(e===ye)throw new Error("invert: expected non-zero number");if(t<=ye)throw new Error("invert: expected positive modulus, got "+t);let r=ge(e,t),n=t,o=ye,s=ee,i=ee,c=ye;for(;r!==ye;){let l=n/r,d=n%r,h=o-i*l,f=s-c*l;n=r,r=d,o=i,s=c,i=h,c=f}if(n!==ee)throw new Error("invert: does not exist");return ge(o,t)}function rn(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function Tr(e,t){let r=(e.ORDER+ee)/Sr,n=e.pow(t,r);return rn(e,n,t),n}function Ns(e,t){let r=(e.ORDER-Ar)/Hr,n=e.mul(t,$e),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,$e),o),c=e.mul(s,e.sub(i,e.ONE));return rn(e,c,t),c}function Ps(e){let t=Vt(e),r=on(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+qs)/Ir;return(c,a)=>{let l=c.pow(a,i),d=c.mul(l,n),h=c.mul(l,o),f=c.mul(l,s),u=c.eql(c.sqr(d),a),b=c.eql(c.sqr(h),a);l=c.cmov(l,d,u),d=c.cmov(f,h,b);let m=c.eql(c.sqr(d),a),B=c.cmov(l,d,m);return rn(c,B,a),B}}function on(e){if(e<vr)throw new Error("sqrt is not defined for small field");let t=e-ee,r=0;for(;t%$e===ye;)t/=$e,r++;let n=$e,o=Vt(e);for(;qt(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return Tr;let s=o.pow(n,t),i=(t+ee)/$e;return function(a,l){if(a.is0(l))return l;if(qt(a,l)!==1)throw new Error("Cannot find square root");let d=r,h=a.mul(a.ONE,s),f=a.pow(l,t),u=a.pow(l,i);for(;!a.eql(f,a.ONE);){if(a.is0(f))return a.ZERO;let b=1,m=a.sqr(f);for(;!a.eql(m,a.ONE);)if(b++,m=a.sqr(m),b===d)throw new Error("Cannot find square root");let B=ee<<BigInt(d-b-1),U=a.pow(h,B);d=b,h=a.sqr(U),f=a.mul(f,h),u=a.mul(u,U)}return u}}function Or(e){return e%Sr===vr?Tr:e%Hr===Ar?Ns:e%Ir===Vs?Ps(e):on(e)}var Ms=(e,t)=>(ge(e,t)&ee)===ee;X.isNegativeLE=Ms;var Ks=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function Ds(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=Ks.reduce((n,o)=>(n[o]="function",n),t);return(0,me._validateObject)(e,r),e}function sn(e,t,r){if(r<ye)throw new Error("invalid exponent, negatives unsupported");if(r===ye)return e.ONE;if(r===ee)return t;let n=e.ONE,o=t;for(;r>ye;)r&ee&&(n=e.mul(n,o)),o=e.sqr(o),r>>=ee;return n}function Ur(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,c,a)=>e.is0(c)?i:(n[a]=i,e.mul(i,c)),e.ONE),s=e.inv(o);return t.reduceRight((i,c,a)=>e.is0(c)?i:(n[a]=e.mul(i,n[a]),e.mul(i,c)),s),n}function js(e,t,r){return e.mul(t,typeof r=="bigint"?Lt(r,e.ORDER):e.inv(r))}function qt(e,t){let r=(e.ORDER-ee)/$e,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Zs(e,t){return qt(e,t)===1}function cn(e,t){t!==void 0&&(0,me.anumber)(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function Vt(e,t,r=!1,n={}){if(e<=ye)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,c;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),c=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:a,nByteLength:l}=cn(e,o);if(l>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d,h=Object.freeze({ORDER:e,isLE:r,BITS:a,BYTES:l,MASK:(0,me.bitMask)(a),ZERO:ye,ONE:ee,allowedLengths:c,create:f=>ge(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return ye<=f&&f<e},is0:f=>f===ye,isValidNot0:f=>!h.is0(f)&&h.isValid(f),isOdd:f=>(f&ee)===ee,neg:f=>ge(-f,e),eql:(f,u)=>f===u,sqr:f=>ge(f*f,e),add:(f,u)=>ge(f+u,e),sub:(f,u)=>ge(f-u,e),mul:(f,u)=>ge(f*u,e),pow:(f,u)=>sn(h,f,u),div:(f,u)=>ge(f*Lt(u,e),e),sqrN:f=>f*f,addN:(f,u)=>f+u,subN:(f,u)=>f-u,mulN:(f,u)=>f*u,inv:f=>Lt(f,e),sqrt:s||(f=>(d||(d=Or(e)),d(h,f))),toBytes:f=>r?(0,me.numberToBytesLE)(f,l):(0,me.numberToBytesBE)(f,l),fromBytes:(f,u=!0)=>{if(c){if(!c.includes(f.length)||f.length>l)throw new Error("Field.fromBytes: expected "+c+" bytes, got "+f.length);let m=new Uint8Array(l);m.set(f,r?0:m.length-f.length),f=m}if(f.length!==l)throw new Error("Field.fromBytes: expected "+l+" bytes, got "+f.length);let b=r?(0,me.bytesToNumberLE)(f):(0,me.bytesToNumberBE)(f);if(i&&(b=ge(b,e)),!u&&!h.isValid(b))throw new Error("invalid field element: outside of range 0..ORDER");return b},invertBatch:f=>Ur(h,f),cmov:(f,u,b)=>b?u:f});return Object.freeze(h)}function zs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?r:e.neg(r)}function Gs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?e.neg(r):r}function Ws(e,t,r=!1){e=(0,me.ensureBytes)("privateHash",e);let n=e.length,o=cn(t).nByteLength+8;if(o<24||n<o||n>1024)throw new Error("hashToPrivateScalar: expected "+o+"-1024 bytes of input, got "+n);let s=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e);return ge(s,t-ee)+ee}function an(e){if(typeof e!="bigint")throw new Error("field order must be bigint");let t=e.toString(2).length;return Math.ceil(t/8)}function Rr(e){let t=an(e);return t+Math.ceil(t/2)}function Xs(e,t,r=!1){let n=e.length,o=an(t),s=Rr(t);if(n<16||n<s||n>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+n);let i=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e),c=ge(i,t-ee)+ee;return r?(0,me.numberToBytesLE)(c,o):(0,me.numberToBytesBE)(c,o)}});var Pr=de(xe=>{"use strict";Object.defineProperty(xe,"__esModule",{value:!0});xe.wNAF=void 0;xe.negateCt=dn;xe.normalizeZ=Ys;xe.mulEndoUnsafe=$s;xe.pippenger=Fs;xe.precomputeMSMUnsafe=Qs;xe.validateBasic=Js;xe._createCurveFields=ei;var ht=Ye(),yt=tt(),nt=BigInt(0),Fe=BigInt(1);function dn(e,t){let r=t.negate();return e?r:t}function Ys(e,t){let r=(0,yt.FpInvertBatch)(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function yn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function fn(e,t){yn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=(0,ht.bitMask)(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Lr(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,c=Number(e&o),a=e>>i;c>n&&(c-=s,a+=Fe);let l=t*n,d=l+Math.abs(c)-1,h=c===0,f=c<0,u=t%2!==0;return{nextN:a,offset:d,isZero:h,isNeg:f,isNegF:u,offsetF:l}}function kr(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function Cr(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var un=new WeakMap,Nr=new WeakMap;function ln(e){return Nr.get(e)||1}function qr(e){if(e!==nt)throw new Error("invalid wNAF")}var hn=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>nt;)r&Fe&&(n=n.add(o)),o=o.double(),r>>=Fe;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=fn(r,this.bits),s=[],i=t,c=i;for(let a=0;a<n;a++){c=i,s.push(c);for(let l=1;l<o;l++)c=c.add(i),s.push(c);i=c.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=fn(t,this.bits);for(let c=0;c<i.windows;c++){let{nextN:a,offset:l,isZero:d,isNeg:h,isNegF:f,offsetF:u}=Lr(n,c,i);n=a,d?s=s.add(dn(f,r[u])):o=o.add(dn(h,r[l]))}return qr(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=fn(t,this.bits);for(let i=0;i<s.windows&&n!==nt;i++){let{nextN:c,offset:a,isZero:l,isNeg:d}=Lr(n,i,s);if(n=c,!l){let h=r[a];o=o.add(d?h.negate():h)}}return qr(n),o}getPrecomputes(t,r,n){let o=un.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),un.set(r,o))),o}cached(t,r,n){let o=ln(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=ln(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){yn(r,this.bits),Nr.set(t,r),un.delete(t)}hasCache(t){return ln(t)!==1}};xe.wNAF=hn;function $s(e,t,r,n){let o=t,s=e.ZERO,i=e.ZERO;for(;r>nt||n>nt;)r&Fe&&(s=s.add(o)),n&Fe&&(i=i.add(o)),o=o.double(),r>>=Fe,n>>=Fe;return{p1:s,p2:i}}function Fs(e,t,r,n){kr(r,e),Cr(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,c=(0,ht.bitLen)(BigInt(o)),a=1;c>12?a=c-3:c>4?a=c-2:c>0&&(a=2);let l=(0,ht.bitMask)(a),d=new Array(Number(l)+1).fill(i),h=Math.floor((t.BITS-1)/a)*a,f=i;for(let u=h;u>=0;u-=a){d.fill(i);for(let m=0;m<s;m++){let B=n[m],U=Number(B>>BigInt(u)&l);d[U]=d[U].add(r[m])}let b=i;for(let m=d.length-1,B=i;m>0;m--)B=B.add(d[m]),b=b.add(B);if(f=f.add(b),u!==0)for(let m=0;m<a;m++)f=f.double()}return f}function Qs(e,t,r,n){yn(n,t.BITS),kr(r,e);let o=e.ZERO,s=2**n-1,i=Math.ceil(t.BITS/n),c=(0,ht.bitMask)(n),a=r.map(l=>{let d=[];for(let h=0,f=l;h<s;h++)d.push(f),f=f.add(l);return d});return l=>{if(Cr(l,t),l.length>r.length)throw new Error("array of scalars must be smaller than array of points");let d=o;for(let h=0;h<i;h++){if(d!==o)for(let u=0;u<n;u++)d=d.double();let f=BigInt(i*n-(h+1)*n);for(let u=0;u<l.length;u++){let b=l[u],m=Number(b>>f&c);m&&(d=d.add(a[u][m-1]))}}return d}}function Js(e){return(0,yt.validateField)(e.Fp),(0,ht.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,yt.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}function Vr(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,yt.validateField)(t),t}else return(0,yt.Field)(e,{isLE:r})}function ei(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let a of["p","n","h"]){let l=t[a];if(!(typeof l=="bigint"&&l>nt))throw new Error(`CURVE.${a} must be positive bigint`)}let o=Vr(t.p,r.Fp,n),s=Vr(t.n,r.Fn,n),c=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let a of c)if(!o.isValid(t[a]))throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}});var pn=de(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.DER=W.DERErr=void 0;W._splitEndoScalar=Kr;W._normFnElement=Ne;W.weierstrassN=mn;W.SWUFpSqrtRatio=jr;W.mapToCurveSimpleSWU=ri;W.ecdh=zr;W.ecdsa=Gr;W.weierstrassPoints=oi;W._legacyHelperEquat=Xr;W.weierstrass=ai;var ti=xr(),ni=qe(),H=Ye(),Oe=Pr(),ot=tt(),Mr=(e,t)=>(e+(e>=0?t:-t)/Se)/t;function Kr(e,t,r){let[[n,o],[s,i]]=t,c=Mr(i*e,r),a=Mr(-o*e,r),l=e-c*n-a*s,d=-c*o-a*i,h=l<Ee,f=d<Ee;h&&(l=-l),f&&(d=-d);let u=(0,H.bitMask)(Math.ceil((0,H.bitLen)(r)/2))+re;if(l<Ee||l>=u||d<Ee||d>=u)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:h,k1:l,k2neg:f,k2:d}}function wn(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function bn(e,t){let r={};for(let n of Object.keys(t))r[n]=e[n]===void 0?t[n]:e[n];return(0,H._abool2)(r.lowS,"lowS"),(0,H._abool2)(r.prehash,"prehash"),r.format!==void 0&&wn(r.format),r}var kt=class extends Error{constructor(t=""){super(t)}};W.DERErr=kt;W.DER={Err:kt,_tlv:{encode:(e,t)=>{let{Err:r}=W.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length&1)throw new r("tlv.encode: unpadded data");let n=t.length/2,o=(0,H.numberToHexUnpadded)(n);if(o.length/2&128)throw new r("tlv.encode: long form length too big");let s=n>127?(0,H.numberToHexUnpadded)(o.length/2|128):"";return(0,H.numberToHexUnpadded)(e)+s+o+t},decode(e,t){let{Err:r}=W.DER,n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");let o=t[n++],s=!!(o&128),i=0;if(!s)i=o;else{let a=o&127;if(!a)throw new r("tlv.decode(long): indefinite length not supported");if(a>4)throw new r("tlv.decode(long): byte length is too big");let l=t.subarray(n,n+a);if(l.length!==a)throw new r("tlv.decode: length bytes not complete");if(l[0]===0)throw new r("tlv.decode(long): zero leftmost byte");for(let d of l)i=i<<8|d;if(n+=a,i<128)throw new r("tlv.decode(long): not minimal encoding")}let c=t.subarray(n,n+i);if(c.length!==i)throw new r("tlv.decode: wrong value length");return{v:c,l:t.subarray(n+i)}}},_int:{encode(e){let{Err:t}=W.DER;if(e<Ee)throw new t("integer: negative integers are not allowed");let r=(0,H.numberToHexUnpadded)(e);if(Number.parseInt(r[0],16)&8&&(r="00"+r),r.length&1)throw new t("unexpected DER parsing assertion: unpadded hex");return r},decode(e){let{Err:t}=W.DER;if(e[0]&128)throw new t("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new t("invalid signature integer: unnecessary leading zero");return(0,H.bytesToNumberBE)(e)}},toSig(e){let{Err:t,_int:r,_tlv:n}=W.DER,o=(0,H.ensureBytes)("signature",e),{v:s,l:i}=n.decode(48,o);if(i.length)throw new t("invalid signature: left bytes after parsing");let{v:c,l:a}=n.decode(2,s),{v:l,l:d}=n.decode(2,a);if(d.length)throw new t("invalid signature: left bytes after parsing");return{r:r.decode(c),s:r.decode(l)}},hexFromSig(e){let{_tlv:t,_int:r}=W.DER,n=t.encode(2,r.encode(e.r)),o=t.encode(2,r.encode(e.s)),s=n+o;return t.encode(48,s)}};var Ee=BigInt(0),re=BigInt(1),Se=BigInt(2),rt=BigInt(3),gn=BigInt(4);function Ne(e,t){let{BYTES:r}=e,n;if(typeof t=="bigint")n=t;else{let o=(0,H.ensureBytes)("private key",t);try{n=e.fromBytes(o)}catch{throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof t}`)}}if(!e.isValidNot0(n))throw new Error("invalid private key: out of range [1..N-1]");return n}function mn(e,t={}){let r=(0,Oe._createCurveFields)("weierstrass",e,t),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i,n:c}=s;(0,H._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});let{endo:a}=t;if(a&&(!n.is0(s.a)||typeof a.beta!="bigint"||!Array.isArray(a.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');let l=Zr(n,o);function d(){if(!n.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}function h(V,g,w){let{x:y,y:p}=g.toAffine(),E=n.toBytes(y);if((0,H._abool2)(w,"isCompressed"),w){d();let A=!n.isOdd(p);return(0,H.concatBytes)(Dr(A),E)}else return(0,H.concatBytes)(Uint8Array.of(4),E,n.toBytes(p))}function f(V){(0,H._abytes2)(V,void 0,"Point");let{publicKey:g,publicKeyUncompressed:w}=l,y=V.length,p=V[0],E=V.subarray(1);if(y===g&&(p===2||p===3)){let A=n.fromBytes(E);if(!n.isValid(A))throw new Error("bad point: is not on curve, wrong x");let I=m(A),S;try{S=n.sqrt(I)}catch(te){let G=te instanceof Error?": "+te.message:"";throw new Error("bad point: is not on curve, sqrt error"+G)}d();let L=n.isOdd(S);return(p&1)===1!==L&&(S=n.neg(S)),{x:A,y:S}}else if(y===w&&p===4){let A=n.BYTES,I=n.fromBytes(E.subarray(0,A)),S=n.fromBytes(E.subarray(A,A*2));if(!B(I,S))throw new Error("bad point: is not on curve");return{x:I,y:S}}else throw new Error(`bad point: got length ${y}, expected compressed=${g} or uncompressed=${w}`)}let u=t.toBytes||h,b=t.fromBytes||f;function m(V){let g=n.sqr(V),w=n.mul(g,V);return n.add(n.add(w,n.mul(V,s.a)),s.b)}function B(V,g){let w=n.sqr(g),y=m(V);return n.eql(w,y)}if(!B(s.Gx,s.Gy))throw new Error("bad curve params: generator point");let U=n.mul(n.pow(s.a,rt),gn),C=n.mul(n.sqr(s.b),BigInt(27));if(n.is0(n.add(U,C)))throw new Error("bad curve params: a or b");function x(V,g,w=!1){if(!n.isValid(g)||w&&n.is0(g))throw new Error(`bad point coordinate ${V}`);return g}function q(V){if(!(V instanceof v))throw new Error("ProjectivePoint expected")}function K(V){if(!a||!a.basises)throw new Error("no endo");return Kr(V,a.basises,o.ORDER)}let Y=(0,H.memoized)((V,g)=>{let{X:w,Y:y,Z:p}=V;if(n.eql(p,n.ONE))return{x:w,y};let E=V.is0();g==null&&(g=E?n.ONE:n.inv(p));let A=n.mul(w,g),I=n.mul(y,g),S=n.mul(p,g);if(E)return{x:n.ZERO,y:n.ZERO};if(!n.eql(S,n.ONE))throw new Error("invZ was invalid");return{x:A,y:I}}),Z=(0,H.memoized)(V=>{if(V.is0()){if(t.allowInfinityPoint&&!n.is0(V.Y))return;throw new Error("bad point: ZERO")}let{x:g,y:w}=V.toAffine();if(!n.isValid(g)||!n.isValid(w))throw new Error("bad point: x or y not field elements");if(!B(g,w))throw new Error("bad point: equation left != right");if(!V.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function M(V,g,w,y,p){return w=new v(n.mul(w.X,V),w.Y,w.Z),g=(0,Oe.negateCt)(y,g),w=(0,Oe.negateCt)(p,w),g.add(w)}class v{constructor(g,w,y){this.X=x("x",g),this.Y=x("y",w,!0),this.Z=x("z",y),Object.freeze(this)}static CURVE(){return s}static fromAffine(g){let{x:w,y}=g||{};if(!g||!n.isValid(w)||!n.isValid(y))throw new Error("invalid affine point");if(g instanceof v)throw new Error("projective point not allowed");return n.is0(w)&&n.is0(y)?v.ZERO:new v(w,y,n.ONE)}static fromBytes(g){let w=v.fromAffine(b((0,H._abytes2)(g,void 0,"point")));return w.assertValidity(),w}static fromHex(g){return v.fromBytes((0,H.ensureBytes)("pointHex",g))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(g=8,w=!0){return le.createCache(this,g),w||this.multiply(rt),this}assertValidity(){Z(this)}hasEvenY(){let{y:g}=this.toAffine();if(!n.isOdd)throw new Error("Field doesn't support isOdd");return!n.isOdd(g)}equals(g){q(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:A,Z:I}=g,S=n.eql(n.mul(w,I),n.mul(E,p)),L=n.eql(n.mul(y,I),n.mul(A,p));return S&&L}negate(){return new v(this.X,n.neg(this.Y),this.Z)}double(){let{a:g,b:w}=s,y=n.mul(w,rt),{X:p,Y:E,Z:A}=this,I=n.ZERO,S=n.ZERO,L=n.ZERO,N=n.mul(p,p),te=n.mul(E,E),G=n.mul(A,A),D=n.mul(p,E);return D=n.add(D,D),L=n.mul(p,A),L=n.add(L,L),I=n.mul(g,L),S=n.mul(y,G),S=n.add(I,S),I=n.sub(te,S),S=n.add(te,S),S=n.mul(I,S),I=n.mul(D,I),L=n.mul(y,L),G=n.mul(g,G),D=n.sub(N,G),D=n.mul(g,D),D=n.add(D,L),L=n.add(N,N),N=n.add(L,N),N=n.add(N,G),N=n.mul(N,D),S=n.add(S,N),G=n.mul(E,A),G=n.add(G,G),N=n.mul(G,D),I=n.sub(I,N),L=n.mul(G,te),L=n.add(L,L),L=n.add(L,L),new v(I,S,L)}add(g){q(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:A,Z:I}=g,S=n.ZERO,L=n.ZERO,N=n.ZERO,te=s.a,G=n.mul(s.b,rt),D=n.mul(w,E),$=n.mul(y,A),ne=n.mul(p,I),we=n.add(w,y),F=n.add(E,A);we=n.mul(we,F),F=n.add(D,$),we=n.sub(we,F),F=n.add(w,p);let ce=n.add(E,I);return F=n.mul(F,ce),ce=n.add(D,ne),F=n.sub(F,ce),ce=n.add(y,p),S=n.add(A,I),ce=n.mul(ce,S),S=n.add($,ne),ce=n.sub(ce,S),N=n.mul(te,F),S=n.mul(G,ne),N=n.add(S,N),S=n.sub($,N),N=n.add($,N),L=n.mul(S,N),$=n.add(D,D),$=n.add($,D),ne=n.mul(te,ne),F=n.mul(G,F),$=n.add($,ne),ne=n.sub(D,ne),ne=n.mul(te,ne),F=n.add(F,ne),D=n.mul($,F),L=n.add(L,D),D=n.mul(ce,F),S=n.mul(we,S),S=n.sub(S,D),D=n.mul(we,$),N=n.mul(ce,N),N=n.add(N,D),new v(S,L,N)}subtract(g){return this.add(g.negate())}is0(){return this.equals(v.ZERO)}multiply(g){let{endo:w}=t;if(!o.isValidNot0(g))throw new Error("invalid scalar: out of range");let y,p,E=A=>le.cached(this,A,I=>(0,Oe.normalizeZ)(v,I));if(w){let{k1neg:A,k1:I,k2neg:S,k2:L}=K(g),{p:N,f:te}=E(I),{p:G,f:D}=E(L);p=te.add(D),y=M(w.beta,N,G,A,S)}else{let{p:A,f:I}=E(g);y=A,p=I}return(0,Oe.normalizeZ)(v,[y,p])[0]}multiplyUnsafe(g){let{endo:w}=t,y=this;if(!o.isValid(g))throw new Error("invalid scalar: out of range");if(g===Ee||y.is0())return v.ZERO;if(g===re)return y;if(le.hasCache(this))return this.multiply(g);if(w){let{k1neg:p,k1:E,k2neg:A,k2:I}=K(g),{p1:S,p2:L}=(0,Oe.mulEndoUnsafe)(v,y,E,I);return M(w.beta,S,L,p,A)}else return le.unsafe(y,g)}multiplyAndAddUnsafe(g,w,y){let p=this.multiplyUnsafe(w).add(g.multiplyUnsafe(y));return p.is0()?void 0:p}toAffine(g){return Y(this,g)}isTorsionFree(){let{isTorsionFree:g}=t;return i===re?!0:g?g(v,this):le.unsafe(this,c).is0()}clearCofactor(){let{clearCofactor:g}=t;return i===re?this:g?g(v,this):this.multiplyUnsafe(i)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}toBytes(g=!0){return(0,H._abool2)(g,"isCompressed"),this.assertValidity(),u(v,this,g)}toHex(g=!0){return(0,H.bytesToHex)(this.toBytes(g))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(g=!0){return this.toBytes(g)}_setWindowSize(g){this.precompute(g)}static normalizeZ(g){return(0,Oe.normalizeZ)(v,g)}static msm(g,w){return(0,Oe.pippenger)(v,o,g,w)}static fromPrivateKey(g){return v.BASE.multiply(Ne(o,g))}}v.BASE=new v(s.Gx,s.Gy,n.ONE),v.ZERO=new v(n.ZERO,n.ONE,n.ZERO),v.Fp=n,v.Fn=o;let ue=o.BITS,le=new Oe.wNAF(v,t.endo?Math.ceil(ue/2):ue);return v.BASE.precompute(8),v}function Dr(e){return Uint8Array.of(e?2:3)}function jr(e,t){let r=e.ORDER,n=Ee;for(let b=r-re;b%Se===Ee;b/=Se)n+=re;let o=n,s=Se<<o-re-re,i=s*Se,c=(r-re)/i,a=(c-re)/Se,l=i-re,d=s,h=e.pow(t,c),f=e.pow(t,(c+re)/Se),u=(b,m)=>{let B=h,U=e.pow(m,l),C=e.sqr(U);C=e.mul(C,m);let x=e.mul(b,C);x=e.pow(x,a),x=e.mul(x,U),U=e.mul(x,m),C=e.mul(x,b);let q=e.mul(C,U);x=e.pow(q,d);let K=e.eql(x,e.ONE);U=e.mul(C,f),x=e.mul(q,B),C=e.cmov(U,C,K),q=e.cmov(x,q,K);for(let Y=o;Y>re;Y--){let Z=Y-Se;Z=Se<<Z-re;let M=e.pow(q,Z),v=e.eql(M,e.ONE);U=e.mul(C,B),B=e.mul(B,B),M=e.mul(q,B),C=e.cmov(U,C,v),q=e.cmov(M,q,v)}return{isValid:K,value:C}};if(e.ORDER%gn===rt){let b=(e.ORDER-rt)/gn,m=e.sqrt(e.neg(t));u=(B,U)=>{let C=e.sqr(U),x=e.mul(B,U);C=e.mul(C,x);let q=e.pow(C,b);q=e.mul(q,x);let K=e.mul(q,m),Y=e.mul(e.sqr(q),U),Z=e.eql(Y,B),M=e.cmov(K,q,Z);return{isValid:Z,value:M}}}return u}function ri(e,t){(0,ot.validateField)(e);let{A:r,B:n,Z:o}=t;if(!e.isValid(r)||!e.isValid(n)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");let s=jr(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return i=>{let c,a,l,d,h,f,u,b;c=e.sqr(i),c=e.mul(c,o),a=e.sqr(c),a=e.add(a,c),l=e.add(a,e.ONE),l=e.mul(l,n),d=e.cmov(o,e.neg(a),!e.eql(a,e.ZERO)),d=e.mul(d,r),a=e.sqr(l),f=e.sqr(d),h=e.mul(f,r),a=e.add(a,h),a=e.mul(a,l),f=e.mul(f,d),h=e.mul(f,n),a=e.add(a,h),u=e.mul(c,l);let{isValid:m,value:B}=s(a,f);b=e.mul(c,i),b=e.mul(b,B),u=e.cmov(u,l,m),b=e.cmov(b,B,m);let U=e.isOdd(i)===e.isOdd(b);b=e.cmov(e.neg(b),b,U);let C=(0,ot.FpInvertBatch)(e,[d],!0)[0];return u=e.mul(u,C),{x:u,y:b}}}function Zr(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function zr(e,t={}){let{Fn:r}=e,n=t.randomBytes||H.randomBytes,o=Object.assign(Zr(e.Fp,r),{seed:(0,ot.getMinHashLength)(r.ORDER)});function s(u){try{return!!Ne(r,u)}catch{return!1}}function i(u,b){let{publicKey:m,publicKeyUncompressed:B}=o;try{let U=u.length;return b===!0&&U!==m||b===!1&&U!==B?!1:!!e.fromBytes(u)}catch{return!1}}function c(u=n(o.seed)){return(0,ot.mapHashToField)((0,H._abytes2)(u,o.seed,"seed"),r.ORDER)}function a(u,b=!0){return e.BASE.multiply(Ne(r,u)).toBytes(b)}function l(u){let b=c(u);return{secretKey:b,publicKey:a(b)}}function d(u){if(typeof u=="bigint")return!1;if(u instanceof e)return!0;let{secretKey:b,publicKey:m,publicKeyUncompressed:B}=o;if(r.allowedLengths||b===m)return;let U=(0,H.ensureBytes)("key",u).length;return U===m||U===B}function h(u,b,m=!0){if(d(u)===!0)throw new Error("first arg must be private key");if(d(b)===!1)throw new Error("second arg must be public key");let B=Ne(r,u);return e.fromHex(b).multiply(B).toBytes(m)}return Object.freeze({getPublicKey:a,getSharedSecret:h,keygen:l,Point:e,utils:{isValidSecretKey:s,isValidPublicKey:i,randomSecretKey:c,isValidPrivateKey:s,randomPrivateKey:c,normPrivateKeyToScalar:u=>Ne(r,u),precompute(u=8,b=e.BASE){return b.precompute(u,!1)}},lengths:o})}function Gr(e,t,r={}){(0,ni.ahash)(t),(0,H._validateObject)(r,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});let n=r.randomBytes||H.randomBytes,o=r.hmac||((w,...y)=>(0,ti.hmac)(t,w,(0,H.concatBytes)(...y))),{Fp:s,Fn:i}=e,{ORDER:c,BITS:a}=i,{keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u}=zr(e,r),b={prehash:!1,lowS:typeof r.lowS=="boolean"?r.lowS:!1,format:void 0,extraEntropy:!1},m="compact";function B(w){let y=c>>re;return w>y}function U(w,y){if(!i.isValidNot0(y))throw new Error(`invalid signature ${w}: out of range 1..Point.Fn.ORDER`);return y}function C(w,y){wn(y);let p=u.signature,E=y==="compact"?p:y==="recovered"?p+1:void 0;return(0,H._abytes2)(w,E,`${y} signature`)}class x{constructor(y,p,E){this.r=U("r",y),this.s=U("s",p),E!=null&&(this.recovery=E),Object.freeze(this)}static fromBytes(y,p=m){C(y,p);let E;if(p==="der"){let{r:L,s:N}=W.DER.toSig((0,H._abytes2)(y));return new x(L,N)}p==="recovered"&&(E=y[0],p="compact",y=y.subarray(1));let A=i.BYTES,I=y.subarray(0,A),S=y.subarray(A,A*2);return new x(i.fromBytes(I),i.fromBytes(S),E)}static fromHex(y,p){return this.fromBytes((0,H.hexToBytes)(y),p)}addRecoveryBit(y){return new x(this.r,this.s,y)}recoverPublicKey(y){let p=s.ORDER,{r:E,s:A,recovery:I}=this;if(I==null||![0,1,2,3].includes(I))throw new Error("recovery id invalid");if(c*Se<p&&I>1)throw new Error("recovery id is ambiguous for h>1 curve");let L=I===2||I===3?E+c:E;if(!s.isValid(L))throw new Error("recovery id 2 or 3 invalid");let N=s.toBytes(L),te=e.fromBytes((0,H.concatBytes)(Dr((I&1)===0),N)),G=i.inv(L),D=K((0,H.ensureBytes)("msgHash",y)),$=i.create(-D*G),ne=i.create(A*G),we=e.BASE.multiplyUnsafe($).add(te.multiplyUnsafe(ne));if(we.is0())throw new Error("point at infinify");return we.assertValidity(),we}hasHighS(){return B(this.s)}toBytes(y=m){if(wn(y),y==="der")return(0,H.hexToBytes)(W.DER.hexFromSig(this));let p=i.toBytes(this.r),E=i.toBytes(this.s);if(y==="recovered"){if(this.recovery==null)throw new Error("recovery bit must be present");return(0,H.concatBytes)(Uint8Array.of(this.recovery),p,E)}return(0,H.concatBytes)(p,E)}toHex(y){return(0,H.bytesToHex)(this.toBytes(y))}assertValidity(){}static fromCompact(y){return x.fromBytes((0,H.ensureBytes)("sig",y),"compact")}static fromDER(y){return x.fromBytes((0,H.ensureBytes)("sig",y),"der")}normalizeS(){return this.hasHighS()?new x(this.r,i.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,H.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,H.bytesToHex)(this.toBytes("compact"))}}let q=r.bits2int||function(y){if(y.length>8192)throw new Error("input is too large");let p=(0,H.bytesToNumberBE)(y),E=y.length*8-a;return E>0?p>>BigInt(E):p},K=r.bits2int_modN||function(y){return i.create(q(y))},Y=(0,H.bitMask)(a);function Z(w){return(0,H.aInRange)("num < 2^"+a,w,Ee,Y),i.toBytes(w)}function M(w,y){return(0,H._abytes2)(w,void 0,"message"),y?(0,H._abytes2)(t(w),void 0,"prehashed message"):w}function v(w,y,p){if(["recovered","canonical"].some($=>$ in p))throw new Error("sign() legacy options not supported");let{lowS:E,prehash:A,extraEntropy:I}=bn(p,b);w=M(w,A);let S=K(w),L=Ne(i,y),N=[Z(L),Z(S)];if(I!=null&&I!==!1){let $=I===!0?n(u.secretKey):I;N.push((0,H.ensureBytes)("extraEntropy",$))}let te=(0,H.concatBytes)(...N),G=S;function D($){let ne=q($);if(!i.isValidNot0(ne))return;let we=i.inv(ne),F=e.BASE.multiply(ne).toAffine(),ce=i.create(F.x);if(ce===Ee)return;let _t=i.create(we*i.create(G+ce*L));if(_t===Ee)return;let Cn=(F.x===ce?0:2)|Number(F.y&re),Nn=_t;return E&&B(_t)&&(Nn=i.neg(_t),Cn^=1),new x(ce,Nn,Cn)}return{seed:te,k2sig:D}}function ue(w,y,p={}){w=(0,H.ensureBytes)("message",w);let{seed:E,k2sig:A}=v(w,y,p);return(0,H.createHmacDrbg)(t.outputLen,i.BYTES,o)(E,A)}function le(w){let y,p=typeof w=="string"||(0,H.isBytes)(w),E=!p&&w!==null&&typeof w=="object"&&typeof w.r=="bigint"&&typeof w.s=="bigint";if(!p&&!E)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(E)y=new x(w.r,w.s);else if(p){try{y=x.fromBytes((0,H.ensureBytes)("sig",w),"der")}catch(A){if(!(A instanceof W.DER.Err))throw A}if(!y)try{y=x.fromBytes((0,H.ensureBytes)("sig",w),"compact")}catch{return!1}}return y||!1}function V(w,y,p,E={}){let{lowS:A,prehash:I,format:S}=bn(E,b);if(p=(0,H.ensureBytes)("publicKey",p),y=M((0,H.ensureBytes)("message",y),I),"strict"in E)throw new Error("options.strict was renamed to lowS");let L=S===void 0?le(w):x.fromBytes((0,H.ensureBytes)("sig",w),S);if(L===!1)return!1;try{let N=e.fromBytes(p);if(A&&L.hasHighS())return!1;let{r:te,s:G}=L,D=K(y),$=i.inv(G),ne=i.create(D*$),we=i.create(te*$),F=e.BASE.multiplyUnsafe(ne).add(N.multiplyUnsafe(we));return F.is0()?!1:i.create(F.x)===te}catch{return!1}}function g(w,y,p={}){let{prehash:E}=bn(p,b);return y=M(y,E),x.fromBytes(w,"recovered").recoverPublicKey(y).toBytes()}return Object.freeze({keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u,Point:e,sign:ue,verify:V,recoverPublicKey:g,Signature:x,hash:t})}function oi(e){let{CURVE:t,curveOpts:r}=Wr(e),n=mn(t,r);return ii(e,n)}function Wr(e){let t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(i=>Math.ceil(i/2)))):void 0,o=(0,ot.Field)(t.n,{BITS:e.nBitLength,allowedLengths:n,modFromBytes:e.wrapPrivateKey}),s={Fp:r,Fn:o,allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes};return{CURVE:t,curveOpts:s}}function si(e){let{CURVE:t,curveOpts:r}=Wr(e),n={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:r,hash:e.hash,ecdsaOpts:n}}function Xr(e,t,r){function n(o){let s=e.sqr(o),i=e.mul(s,o);return e.add(e.add(i,e.mul(o,t)),r)}return n}function ii(e,t){let{Fp:r,Fn:n}=t;function o(i){return(0,H.inRange)(i,re,n.ORDER)}let s=Xr(r,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:i=>Ne(n,i),weierstrassEquation:s,isWithinCurveOrder:o})}function ci(e,t){let r=t.Point;return Object.assign({},t,{ProjectivePoint:r,CURVE:Object.assign({},e,(0,ot.nLength)(r.Fn.ORDER,r.Fn.BITS))})}function ai(e){let{CURVE:t,curveOpts:r,hash:n,ecdsaOpts:o}=si(e),s=mn(t,r),i=Gr(s,n,o);return ci(e,i)}});var Yr=de(Ct=>{"use strict";Object.defineProperty(Ct,"__esModule",{value:!0});Ct.getHash=ui;Ct.createCurve=li;var fi=pn();function ui(e){return{hash:e}}function li(e,t){let r=n=>(0,fi.weierstrass)({...e,hash:n});return{...r(t),create:r}}});var eo=de(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae._DST_scalar=void 0;Ae.expand_message_xmd=Qr;Ae.expand_message_xof=Jr;Ae.hash_to_field=Nt;Ae.isogenyMap=yi;Ae.createHasher=bi;var oe=Ye(),$r=tt(),di=oe.bytesToNumberBE;function Pe(e,t){if(bt(e),bt(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);let r=Array.from({length:t}).fill(0);for(let n=t-1;n>=0;n--)r[n]=e&255,e>>>=8;return new Uint8Array(r)}function hi(e,t){let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e[n]^t[n];return r}function bt(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function Fr(e){if(!(0,oe.isBytes)(e)&&typeof e!="string")throw new Error("DST must be Uint8Array or string");return typeof e=="string"?(0,oe.utf8ToBytes)(e):e}function Qr(e,t,r,n){(0,oe.abytes)(e),bt(r),t=Fr(t),t.length>255&&(t=n((0,oe.concatBytes)((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));let{outputLen:o,blockLen:s}=n,i=Math.ceil(r/o);if(r>65535||i>255)throw new Error("expand_message_xmd: invalid lenInBytes");let c=(0,oe.concatBytes)(t,Pe(t.length,1)),a=Pe(0,s),l=Pe(r,2),d=new Array(i),h=n((0,oe.concatBytes)(a,e,l,Pe(0,1),c));d[0]=n((0,oe.concatBytes)(h,Pe(1,1),c));for(let u=1;u<=i;u++){let b=[hi(h,d[u-1]),Pe(u+1,1),c];d[u]=n((0,oe.concatBytes)(...b))}return(0,oe.concatBytes)(...d).slice(0,r)}function Jr(e,t,r,n,o){if((0,oe.abytes)(e),bt(r),t=Fr(t),t.length>255){let s=Math.ceil(2*n/8);t=o.create({dkLen:s}).update((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(r>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return o.create({dkLen:r}).update(e).update(Pe(r,2)).update(t).update(Pe(t.length,1)).digest()}function Nt(e,t,r){(0,oe._validateObject)(r,{p:"bigint",m:"number",k:"number",hash:"function"});let{p:n,k:o,m:s,hash:i,expand:c,DST:a}=r;if(!(0,oe.isHash)(r.hash))throw new Error("expected valid hash");(0,oe.abytes)(e),bt(t);let l=n.toString(2).length,d=Math.ceil((l+o)/8),h=t*s*d,f;if(c==="xmd")f=Qr(e,a,h,i);else if(c==="xof")f=Jr(e,a,h,o,i);else if(c==="_internal_pass")f=e;else throw new Error('expand must be "xmd" or "xof"');let u=new Array(t);for(let b=0;b<t;b++){let m=new Array(s);for(let B=0;B<s;B++){let U=d*(B+b*s),C=f.subarray(U,U+d);m[B]=(0,$r.mod)(di(C),n)}u[b]=m}return u}function yi(e,t){let r=t.map(n=>Array.from(n).reverse());return(n,o)=>{let[s,i,c,a]=r.map(h=>h.reduce((f,u)=>e.add(e.mul(f,n),u))),[l,d]=(0,$r.FpInvertBatch)(e,[i,a],!0);return n=e.mul(s,l),o=e.mul(o,e.mul(c,d)),{x:n,y:o}}}Ae._DST_scalar=(0,oe.utf8ToBytes)("HashToScalar-");function bi(e,t,r){if(typeof t!="function")throw new Error("mapToCurve() must be defined");function n(s){return e.fromAffine(t(s))}function o(s){let i=s.clearCofactor();return i.equals(e.ZERO)?e.ZERO:(i.assertValidity(),i)}return{defaults:r,hashToCurve(s,i){let c=Object.assign({},r,i),a=Nt(s,2,c),l=n(a[0]),d=n(a[1]);return o(l.add(d))},encodeToCurve(s,i){let c=r.encodeDST?{DST:r.encodeDST}:{},a=Object.assign({},r,c,i),l=Nt(s,1,a),d=n(l[0]);return o(d)},mapToCurve(s){if(!Array.isArray(s))throw new Error("expected array of bigints");for(let i of s)if(typeof i!="bigint")throw new Error("expected array of bigints");return o(n(s))},hashToScalar(s,i){let c=e.Fn.ORDER,a=Object.assign({},r,{p:c,m:1,DST:Ae._DST_scalar},i);return Nt(s,1,a)[0][0]}}}});var uo=de(se=>{"use strict";Object.defineProperty(se,"__esModule",{value:!0});se.encodeToCurve=se.hashToCurve=se.secp256k1_hasher=se.schnorr=se.secp256k1=void 0;var Pt=pr(),oo=qe(),wi=Yr(),so=eo(),be=tt(),io=pn(),pe=Ye(),st={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},gi={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},mi=BigInt(0),to=BigInt(1),xn=BigInt(2);function pi(e){let t=st.p,r=BigInt(3),n=BigInt(6),o=BigInt(11),s=BigInt(22),i=BigInt(23),c=BigInt(44),a=BigInt(88),l=e*e*e%t,d=l*l*e%t,h=(0,be.pow2)(d,r,t)*d%t,f=(0,be.pow2)(h,r,t)*d%t,u=(0,be.pow2)(f,xn,t)*l%t,b=(0,be.pow2)(u,o,t)*u%t,m=(0,be.pow2)(b,s,t)*b%t,B=(0,be.pow2)(m,c,t)*m%t,U=(0,be.pow2)(B,a,t)*B%t,C=(0,be.pow2)(U,c,t)*m%t,x=(0,be.pow2)(C,r,t)*d%t,q=(0,be.pow2)(x,i,t)*b%t,K=(0,be.pow2)(q,n,t)*l%t,Y=(0,be.pow2)(K,xn,t);if(!Ue.eql(Ue.sqr(Y),e))throw new Error("Cannot find square root");return Y}var Ue=(0,be.Field)(st.p,{sqrt:pi});se.secp256k1=(0,wi.createCurve)({...st,Fp:Ue,lowS:!0,endo:gi},Pt.sha256);var no={};function Mt(e,...t){let r=no[e];if(r===void 0){let n=(0,Pt.sha256)((0,pe.utf8ToBytes)(e));r=(0,pe.concatBytes)(n,n),no[e]=r}return(0,Pt.sha256)((0,pe.concatBytes)(r,...t))}var Bn=e=>e.toBytes(!0).slice(1),it=se.secp256k1.Point,_n=e=>e%xn===mi;function En(e){let{Fn:t,BASE:r}=it,n=(0,io._normFnElement)(t,e),o=r.multiply(n);return{scalar:_n(o.y)?n:t.neg(n),bytes:Bn(o)}}function co(e){let t=Ue;if(!t.isValidNot0(e))throw new Error("invalid x: Fail if x \u2265 p");let r=t.create(e*e),n=t.create(r*e+BigInt(7)),o=t.sqrt(n);_n(o)||(o=t.neg(o));let s=it.fromAffine({x:e,y:o});return s.assertValidity(),s}var wt=pe.bytesToNumberBE;function ao(...e){return it.Fn.create(wt(Mt("BIP0340/challenge",...e)))}function ro(e){return En(e).bytes}function xi(e,t,r=(0,oo.randomBytes)(32)){let{Fn:n}=it,o=(0,pe.ensureBytes)("message",e),{bytes:s,scalar:i}=En(t),c=(0,pe.ensureBytes)("auxRand",r,32),a=n.toBytes(i^wt(Mt("BIP0340/aux",c))),l=Mt("BIP0340/nonce",a,s,o),{bytes:d,scalar:h}=En(l),f=ao(d,s,o),u=new Uint8Array(64);if(u.set(d,0),u.set(n.toBytes(n.create(h+f*i)),32),!fo(u,o,s))throw new Error("sign: Invalid signature produced");return u}function fo(e,t,r){let{Fn:n,BASE:o}=it,s=(0,pe.ensureBytes)("signature",e,64),i=(0,pe.ensureBytes)("message",t),c=(0,pe.ensureBytes)("publicKey",r,32);try{let a=co(wt(c)),l=wt(s.subarray(0,32));if(!(0,pe.inRange)(l,to,st.p))return!1;let d=wt(s.subarray(32,64));if(!(0,pe.inRange)(d,to,st.n))return!1;let h=ao(n.toBytes(l),Bn(a),i),f=o.multiplyUnsafe(d).add(a.multiplyUnsafe(n.neg(h))),{x:u,y:b}=f.toAffine();return!(f.is0()||!_n(b)||u!==l)}catch{return!1}}se.schnorr=(()=>{let r=(o=(0,oo.randomBytes)(48))=>(0,be.mapHashToField)(o,st.n);se.secp256k1.utils.randomSecretKey;function n(o){let s=r(o);return{secretKey:s,publicKey:ro(s)}}return{keygen:n,getPublicKey:ro,sign:xi,verify:fo,Point:it,utils:{randomSecretKey:r,randomPrivateKey:r,taggedHash:Mt,lift_x:co,pointToBytes:Bn,numberToBytesBE:pe.numberToBytesBE,bytesToNumberBE:pe.bytesToNumberBE,mod:be.mod},lengths:{secretKey:32,publicKey:32,publicKeyHasPrefix:!1,signature:32*2,seed:48}}})();var Ei=(0,so.isogenyMap)(Ue,[["0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7","0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581","0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262","0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"],["0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b","0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14","0x0000000000000000000000000000000000000000000000000000000000000001"],["0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c","0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3","0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931","0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"],["0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b","0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573","0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f","0x0000000000000000000000000000000000000000000000000000000000000001"]].map(e=>e.map(t=>BigInt(t)))),Bi=(0,io.mapToCurveSimpleSWU)(Ue,{A:BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),B:BigInt("1771"),Z:Ue.create(BigInt("-11"))});se.secp256k1_hasher=(0,so.createHasher)(se.secp256k1.Point,e=>{let{x:t,y:r}=Bi(Ue.create(e[0]));return Ei(t,r)},{DST:"secp256k1_XMD:SHA-256_SSWU_RO_",encodeDST:"secp256k1_XMD:SHA-256_SSWU_NU_",p:Ue.ORDER,m:1,k:128,expand:"xmd",hash:Pt.sha256});se.hashToCurve=se.secp256k1_hasher.hashToCurve;se.encodeToCurve=se.secp256k1_hasher.encodeToCurve});var lo=de(_=>{"use strict";Object.defineProperty(_,"__esModule",{value:!0});_.isHash=_.validateObject=_.memoized=_.notImplemented=_.createHmacDrbg=_.bitMask=_.bitSet=_.bitGet=_.bitLen=_.aInRange=_.inRange=_.asciiToBytes=_.copyBytes=_.equalBytes=_.ensureBytes=_.numberToVarBytesBE=_.numberToBytesLE=_.numberToBytesBE=_.bytesToNumberLE=_.bytesToNumberBE=_.hexToNumber=_.numberToHexUnpadded=_.abool=_.utf8ToBytes=_.randomBytes=_.isBytes=_.hexToBytes=_.concatBytes=_.bytesToUtf8=_.bytesToHex=_.anumber=_.abytes=void 0;var j=Ye();_.abytes=j.abytes;_.anumber=j.anumber;_.bytesToHex=j.bytesToHex;_.bytesToUtf8=j.bytesToUtf8;_.concatBytes=j.concatBytes;_.hexToBytes=j.hexToBytes;_.isBytes=j.isBytes;_.randomBytes=j.randomBytes;_.utf8ToBytes=j.utf8ToBytes;_.abool=j.abool;_.numberToHexUnpadded=j.numberToHexUnpadded;_.hexToNumber=j.hexToNumber;_.bytesToNumberBE=j.bytesToNumberBE;_.bytesToNumberLE=j.bytesToNumberLE;_.numberToBytesBE=j.numberToBytesBE;_.numberToBytesLE=j.numberToBytesLE;_.numberToVarBytesBE=j.numberToVarBytesBE;_.ensureBytes=j.ensureBytes;_.equalBytes=j.equalBytes;_.copyBytes=j.copyBytes;_.asciiToBytes=j.asciiToBytes;_.inRange=j.inRange;_.aInRange=j.aInRange;_.bitLen=j.bitLen;_.bitGet=j.bitGet;_.bitSet=j.bitSet;_.bitMask=j.bitMask;_.createHmacDrbg=j.createHmacDrbg;_.notImplemented=j.notImplemented;_.memoized=j.memoized;_.validateObject=j.validateObject;_.isHash=j.isHash});var Eo=de(Q=>{"use strict";var ie=uo(),_i=tt(),vi=lo();function yo(e){var t=Object.create(null);return e&&Object.keys(e).forEach(function(r){if(r!=="default"){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}}),t.default=e,Object.freeze(t)}var bo=yo(_i),Me=yo(vi),Sn=ie.secp256k1.ProjectivePoint,De="Expected Private",je="Expected Point",xt="Expected Tweak",Si="Expected Hash",gt="Expected Signature",An="Expected Extra Data (32 bytes)",Et="Expected Scalar",Ai="Bad Recovery Id",Hi=32,Ii=32,vn=new Uint8Array([255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254,186,174,220,230,175,72,160,59,191,210,94,140,208,54,65,65]),Ti=32,Oi=new Uint8Array(32),Ui=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,69,81,35,25,80,183,95,196,64,45,161,114,47,201,186,238]),Ri=BigInt(1);function Li(e){return e instanceof Uint8Array}function mt(e,t){for(let r=0;r<32;++r)if(e[r]!==t[r])return e[r]<t[r]?-1:1;return 0}function ho(e){return mt(e,Oi)===0}function Bt(e){return!(!(e instanceof Uint8Array)||e.length!==Ii||mt(e,vn)>=0)}function Hn(e){return e instanceof Uint8Array&&e.length===64&&mt(e.subarray(0,32),vn)<0&&mt(e.subarray(32,64),vn)<0}function qi(e){return Li(e)&&e.length===64&&mt(e.subarray(0,32),Ui)<0}function Vi(e){return!(ho(e.subarray(0,32))||ho(e.subarray(32,64)))}function ct(e){return e instanceof Uint8Array&&e.length===Hi}function In(e){return e===void 0||e instanceof Uint8Array&&e.length===Ti}function Tn(e){let t;if(typeof e=="bigint")t=e;else if(typeof e=="number"&&Number.isSafeInteger(e)&&e>=0)t=BigInt(e);else if(typeof e=="string"){if(e.length!==64)throw new Error("Expected 32 bytes of private scalar");t=Me.hexToNumber(e)}else if(e instanceof Uint8Array){if(e.length!==32)throw new Error("Expected 32 bytes of private scalar");t=Me.bytesToNumberBE(e)}else throw new TypeError("Expected valid private scalar");if(t<0)throw new Error("Expected private scalar >= 0");return t}function On(e){return ie.secp256k1.utils.normPrivateKeyToScalar(e)}function ki(e,t){let r=On(e),n=Tn(t),o=Me.numberToBytesBE(bo.mod(r+n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ci(e,t){let r=On(e),n=Tn(t),o=Me.numberToBytesBE(bo.mod(r-n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ni(e){let t=On(e),r=Me.numberToBytesBE(ie.secp256k1.CURVE.n-t,32);return ie.secp256k1.utils.isValidPrivateKey(r)?r:null}function wo(e,t,r){let n=pt(e),o=Tn(t),s=Sn.BASE.multiplyAndAddUnsafe(n,o,Ri);if(!s)throw new Error("Tweaked point at infinity");return s.toRawBytes(r)}function Pi(e,t,r){let n=pt(e),o=typeof t=="string"?t:Me.bytesToHex(t),s=Me.hexToNumber(o);return n.multiply(s).toRawBytes(r)}function at(e,t){return e===void 0?t!==void 0?mo(t):!0:!!e}function Qe(e){try{return e()}catch{return null}}function go(e){return ie.schnorr.utils.lift_x(Me.bytesToNumberBE(e))}function pt(e){return e.length===32?go(e):Sn.fromHex(e)}function Un(e,t){if(e.length===32!==t)return!1;try{return t?!!go(e):!!Sn.fromHex(e)}catch{return!1}}function Ke(e){return Un(e,!1)}function mo(e){return Un(e,!1)&&e.length===33}function Re(e){return ie.secp256k1.utils.isValidPrivateKey(e)}function Kt(e){return Un(e,!0)}function Mi(e,t){if(!Kt(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>{let r=wo(e,t,!0);return{parity:r[0]%2===1?1:0,xOnlyPubkey:r.slice(1)}})}function po(e){if(!Ke(e))throw new Error(je);return e.slice(1,33)}function xo(e,t){if(!Re(e))throw new Error(De);return Qe(()=>ie.secp256k1.getPublicKey(e,at(t)))}function Ki(e){if(!Re(e))throw new Error(De);return po(xo(e))}function Di(e,t){if(!Ke(e))throw new Error(je);return pt(e).toRawBytes(at(t,e))}function ji(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>Pi(e,t,at(r,e)))}function Zi(e,t,r){if(!Ke(e)||!Ke(t))throw new Error(je);return Qe(()=>{let n=pt(e),o=pt(t);return n.equals(o.negate())?null:n.add(o).toRawBytes(at(r,e))})}function zi(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>wo(e,t,at(r,e)))}function Gi(e,t){if(!Re(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>ki(e,t))}function Wi(e,t){if(!Re(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>Ci(e,t))}function Xi(e){if(!Re(e))throw new Error(De);return Ni(e)}function Yi(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);return ie.secp256k1.sign(e,t,{extraEntropy:r}).toCompactRawBytes()}function $i(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);let n=ie.secp256k1.sign(e,t,{extraEntropy:r});return{signature:n.toCompactRawBytes(),recoveryId:n.recovery}}function Fi(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);return ie.schnorr.sign(e,t,r)}function Qi(e,t,r,n){if(!ct(e))throw new Error(Si);if(!Hn(t)||!Vi(t))throw new Error(gt);if(r&2&&!qi(t))throw new Error(Ai);if(!Kt(t.subarray(0,32)))throw new Error(gt);let s=ie.secp256k1.Signature.fromCompact(t).addRecoveryBit(r).recoverPublicKey(e);if(!s)throw new Error(gt);return s.toRawBytes(at(n))}function Ji(e,t,r,n){if(!Ke(t))throw new Error(je);if(!Hn(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.secp256k1.verify(r,e,t,{lowS:n})}function ec(e,t,r){if(!Kt(t))throw new Error(je);if(!Hn(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.schnorr.verify(r,e,t)}Q.isPoint=Ke;Q.isPointCompressed=mo;Q.isPrivate=Re;Q.isXOnlyPoint=Kt;Q.pointAdd=Zi;Q.pointAddScalar=zi;Q.pointCompress=Di;Q.pointFromScalar=xo;Q.pointMultiply=ji;Q.privateAdd=Gi;Q.privateNegate=Xi;Q.privateSub=Wi;Q.recover=Qi;Q.sign=Yi;Q.signRecoverable=$i;Q.signSchnorr=Fi;Q.verify=Ji;Q.verifySchnorr=ec;Q.xOnlyPointAddTweak=Mi;Q.xOnlyPointFromPoint=po;Q.xOnlyPointFromScalar=Ki});var cc={};ko(cc,{base58Decode:()=>kn,buildDepinMessage:()=>Oo,bytesToHex:()=>He,decryptDepinReceiveEncryptedPayload:()=>To,doubleSha256:()=>Gt,hash160:()=>Wt,hexToBytes:()=>Le,isWIF:()=>zt,sha256:()=>Ze,wifToHex:()=>Zt});var ze=Co(Eo());function Vn(e){if(e<0)throw new Error("CompactSize cannot be negative");if(e<253)return new Uint8Array([e]);if(e<=65535){let t=new Uint8Array(3);return t[0]=253,t[1]=e&255,t[2]=e>>8&255,t}else if(e<=4294967295){let t=new Uint8Array(5);return t[0]=254,t[1]=e&255,t[2]=e>>8&255,t[3]=e>>16&255,t[4]=e>>24&255,t}else{let t=new Uint8Array(9);t[0]=255;let r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[1]=r&255,t[2]=r>>8&255,t[3]=r>>16&255,t[4]=r>>24&255,t[5]=n&255,t[6]=n>>8&255,t[7]=n>>16&255,t[8]=n>>24&255,t}}function Dt(e){let r=new TextEncoder().encode(e);return Be(Vn(r.length),r)}function ft(e){return Be(Vn(e.length),e)}function Bo(e){let t=new Uint8Array(8),r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[0]=r&255,t[1]=r>>8&255,t[2]=r>>16&255,t[3]=r>>24&255,t[4]=n&255,t[5]=n>>8&255,t[6]=n>>16&255,t[7]=n>>24&255,t}function Be(...e){let t=e.reduce((o,s)=>o+s.length,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Le(e){if(e.length%2!==0)throw new Error("Hex must have even length");let t=new Uint8Array(e.length/2);for(let r=0;r<e.length;r+=2)t[r/2]=parseInt(e.substr(r,2),16);return t}function He(e){return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function Ho(e){if(typeof e!="string")return null;let t=e.trim().toLowerCase(),r=t.startsWith("0x")?t.slice(2):t;return r.length===0||!/^[0-9a-f]+$/.test(r)||r.length%2!==0?null:r}function _o(e,t){if(!(e instanceof Uint8Array)||!(t instanceof Uint8Array)||e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function Io(e,t){if(t>=e.length)throw new Error("CompactSize: out of bounds");let r=e[t];if(r<253)return{value:r,offset:t+1};if(r===253){if(t+3>e.length)throw new Error("CompactSize: truncated uint16");return{value:e[t+1]|e[t+2]<<8,offset:t+3}}if(r===254){if(t+5>e.length)throw new Error("CompactSize: truncated uint32");return{value:(e[t+1]|e[t+2]<<8|e[t+3]<<16|e[t+4]<<24)>>>0,offset:t+5}}if(t+9>e.length)throw new Error("CompactSize: truncated uint64");let n=0n;for(let o=0;o<8;o++)n|=BigInt(e[t+1+o])<<8n*BigInt(o);if(n>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("CompactSize: value too large");return{value:Number(n),offset:t+9}}function Rn(e,t){let{value:r,offset:n}=Io(e,t);if(n+r>e.length)throw new Error("Vector: truncated");return{data:e.slice(n,n+r),offset:n+r}}function tc(e){if(!(e instanceof Uint8Array))throw new Error("deserializeEciesMessage: invalid input");let t=0,r=Rn(e,t),n=r.data;if(t=r.offset,n.length!==33&&n.length!==65)throw new Error("Invalid ephemeral pubkey length: "+n.length);let o=Rn(e,t),s=o.data;t=o.offset;let i=Io(e,t),c=i.value;t=i.offset;let a=new Map;for(let l=0;l<c;l++){if(t+20>e.length)throw new Error("recipientKeys: truncated keyid");let d=e.slice(t,t+20);t+=20;let h=Rn(e,t);t=h.offset,a.set(He(d),h.data)}return{ephemeralPubKey:n,encryptedPayload:s,recipientKeys:a}}function vo(e){if(e.length!==64)throw new Error("Raw signature must be 64 bytes");let t=e.slice(0,32),r=e.slice(32,64);function n(c){let a=0;for(;a<c.length-1&&c[a]===0&&!(c[a+1]&128);)a++;let l=c.slice(a),h=(l[0]&128)!==0?Be(new Uint8Array([0]),l):l;return Be(new Uint8Array([2,h.length]),h)}let o=n(t),s=n(r),i=o.length+s.length;return Be(new Uint8Array([48,i]),o,s)}var nc="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";function kn(e){let t=[];for(let r=0;r<e.length;r++){let n=nc.indexOf(e[r]);if(n===-1)throw new Error("Invalid Base58 character: "+e[r]);let o=n;for(let s=0;s<t.length;s++)o+=t[s]*58,t[s]=o&255,o>>=8;for(;o>0;)t.push(o&255),o>>=8}for(let r=0;r<e.length&&e[r]==="1";r++)t.push(0);return new Uint8Array(t.reverse())}async function Zt(e){let t=kn(e);if(t.length<37)throw new Error("Invalid WIF: too short");let r=t.slice(0,-4),n=t.slice(-4),o=await Gt(r);for(let i=0;i<4;i++)if(n[i]!==o[i])throw new Error("Invalid WIF: checksum mismatch");let s;if(r.length===34)s=r.slice(1,33);else if(r.length===33)s=r.slice(1,33);else throw new Error("Invalid WIF: unexpected length "+r.length);return He(s)}function zt(e){return/^[5KLcT][1-9A-HJ-NP-Za-km-z]{50,51}$/.test(e)}async function Ze(e){let t=await crypto.subtle.digest("SHA-256",e);return new Uint8Array(t)}async function Gt(e){let t=await Ze(e);return Ze(t)}function rc(e){let t=1732584193,r=4023233417,n=2562383102,o=271733878,s=3285377520,i=[0,1518500249,1859775393,2400959708,2840853838],c=[1352829926,1548603684,1836072691,2053994217,0],a=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],l=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],d=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],h=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function f(q,K){return(q<<K|q>>>32-K)>>>0}let u=e.length*8,b=(64-(e.length+9)%64)%64,m=new Uint8Array(e.length+1+b+8);m.set(e),m[e.length]=128,new DataView(m.buffer).setUint32(m.length-8,u,!0);let U=m.length/64;for(let q=0;q<U;q++){let K=new Uint32Array(16);for(let E=0;E<16;E++){let A=q*64+E*4;K[E]=m[A]|m[A+1]<<8|m[A+2]<<16|m[A+3]<<24}let Y=t,Z=r,M=n,v=o,ue=s,le=t,V=r,g=n,w=o,y=s;for(let E=0;E<80;E++){let A=Math.floor(E/16),I,S;A===0?(I=Z^M^v,S=V^(g|~w)):A===1?(I=Z&M|~Z&v,S=V&w|g&~w):A===2?(I=(Z|~M)^v,S=(V|~g)^w):A===3?(I=Z&v|M&~v,S=V&g|~V&w):(I=Z^(M|~v),S=V^g^w);let L=f(Y+I+K[a[E]]+i[A]>>>0,d[E])+ue>>>0;Y=ue,ue=v,v=f(M,10),M=Z,Z=L;let N=f(le+S+K[l[E]]+c[A]>>>0,h[E])+y>>>0;le=y,y=w,w=f(g,10),g=V,V=N}let p=r+M+w>>>0;r=n+v+y>>>0,n=o+ue+le>>>0,o=s+Y+V>>>0,s=t+Z+g>>>0,t=p}let C=new Uint8Array(20),x=new DataView(C.buffer);return x.setUint32(0,t,!0),x.setUint32(4,r,!0),x.setUint32(8,n,!0),x.setUint32(12,o,!0),x.setUint32(16,s,!0),C}async function Wt(e){let t=await Ze(e);return rc(t)}async function qn(e,t){let r=new Uint8Array(t),n=0,o=1;for(;n<t;){let s=new Uint8Array(4);s[0]=o>>24&255,s[1]=o>>16&255,s[2]=o>>8&255,s[3]=o&255;let i=Be(e,s),c=await Ze(i),a=t-n,l=Math.min(a,32);r.set(c.slice(0,l),n),n+=l,o++}return r}function Ln(e){let t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function So(e,t,r){let n=await crypto.subtle.importKey("raw",t,{name:"AES-CBC"},!1,["encrypt"]),o=await crypto.subtle.encrypt({name:"AES-CBC",iv:r},n,e);return new Uint8Array(o)}async function Ao(e,t,r){let n=await crypto.subtle.importKey("raw",t,{name:"AES-CBC"},!1,["decrypt"]),o=await crypto.subtle.decrypt({name:"AES-CBC",iv:r},n,e);return new Uint8Array(o)}async function jt(e,t){let r=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),n=await crypto.subtle.sign("HMAC",r,t);return new Uint8Array(n)}async function oc(e){if(typeof e!="string"||e.length===0)throw new Error("Private key is required");if(zt(e)){let r=await Zt(e);return Le(r)}let t=Ho(e);if(!t)throw new Error("Private key must be WIF or 64-hex");if(t.length!==64)throw new Error("Private key must be 32 bytes (64 hex chars)");return Le(t)}async function To(e,t){if(!globalThis.crypto?.subtle)throw new Error("WebCrypto (crypto.subtle) is required for decrypt");let r=Ho(e);if(!r)throw new Error("Invalid encryptedPayloadHex");let n=Le(r),o=tc(n),s=await oc(t),i=ze.pointFromScalar(s,!0);if(!(i instanceof Uint8Array)||i.length!==33)throw new Error("Failed to derive recipient public key");let c=await Wt(i),a=He(c),l=He(c.slice().reverse()),d=o.recipientKeys.get(a)??o.recipientKeys.get(l);if(!d||d.length<80)return null;let h=d.slice(0,16),f=d.slice(16,d.length-32),u=d.slice(d.length-32),b=ze.pointMultiply(o.ephemeralPubKey,s,!0),m=await Ze(b),B=await qn(m,32),U=await jt(B,f);if(!_o(U,u))return null;let C;try{C=await Ao(f,B,h)}catch{return null}if(C.length<32)return null;let x=C.slice(0,32),q=o.encryptedPayload;if(q.length<49)return null;let K=q.slice(0,16),Y=q.slice(16,q.length-32),Z=q.slice(q.length-32),M=await jt(x,Y);if(!_o(M,Z))return null;let v;try{v=await Ao(Y,x,K)}catch{return null}return new TextDecoder().decode(v)}async function sc(e,t){let r=Ln(32),n=ze.pointFromScalar(r,!0);if(!(n instanceof Uint8Array)||n.length!==33)throw new Error("Failed to generate ephemeral public key");let o=await qn(r,32),s=Ln(16),i=await So(e,o,s),c=await jt(o,i),a=Be(s,i,c),l=new Map;for(let d of t){if(!(d instanceof Uint8Array)||d.length!==33)throw new Error("Recipient pubkey must be 33 bytes compressed");let h=ze.pointMultiply(d,r,!0),f=await Ze(h),u=await qn(f,32),b=Ln(16),m=await So(o,u,b),B=await jt(u,m),U=Be(b,m,B),C=await Wt(d),x=He(C);l.set(x,U)}return{ephemeralPubKey:n,encryptedPayload:a,recipientKeys:l}}function ic(e){let t=[];t.push(ft(e.ephemeralPubKey)),t.push(ft(e.encryptedPayload));let r=Array.from(e.recipientKeys.entries()).map(([n,o])=>{let s=Le(n);if(s.length!==20)throw new Error("recipient key hash160 must be 20 bytes");return{keyBytes:s,recipientPackage:o}});r.sort((n,o)=>{for(let s=0;s<20;s++)if(n.keyBytes[s]!==o.keyBytes[s])return n.keyBytes[s]-o.keyBytes[s];return 0}),t.push(Vn(r.length));for(let{keyBytes:n,recipientPackage:o}of r)t.push(n),t.push(ft(o));return Be(...t)}async function Oo(e){if(!e.token)throw new Error("Token is required");if(!e.senderAddress)throw new Error("Sender address is required");if(!e.senderPubKey||e.senderPubKey.length!==66)throw new Error("Sender public key must be 66 hex characters");let t=e.privateKey;if(!t)throw new Error("Private key is required");if(zt(t)&&(console.log("Detected WIF format, converting to hex..."),t=await Zt(t),console.log("Private key converted successfully")),t.length!==64)throw new Error("Private key must be 64 hex characters (or WIF format)");if(!e.message)throw new Error("Message is required");if(!e.recipientPubKeys||e.recipientPubKeys.length===0)throw new Error("At least one recipient is required");if(!e.timestamp||e.timestamp<=0)throw new Error("Timestamp must be positive");let r=Le(t),n=Le(e.senderPubKey),o=e.recipientPubKeys.map(B=>{if(B.length!==66)throw new Error("Recipient pubkey must be 66 hex chars");return Le(B)}),s=e.senderPubKey.toLowerCase();e.recipientPubKeys.some(B=>B.toLowerCase()===s)||o.push(n);let c=new TextEncoder().encode(e.message),a=await sc(c,o),l=ic(a),d=Be(Dt(e.token),Dt(e.senderAddress),Bo(e.timestamp),ft(l)),h=await Gt(d),f=He(h.slice().reverse()),u=ze.sign(h,r),b;if(u instanceof Uint8Array)u.length===64?b=vo(u):b=u;else if(typeof u=="object"&&u.toDER)b=u.toDER();else if(typeof u=="object"&&u.signature)u.signature.length===64?b=vo(u.signature):b=u.signature;else throw new Error("Unknown signature format from secp256k1.sign()");let m=Be(Dt(e.token),Dt(e.senderAddress),Bo(e.timestamp),ft(b),ft(l));return{hex:He(m),messageHash:f,messageHashBytes:He(h),encryptedSize:l.length,recipientCount:o.length}}typeof globalThis<"u"&&(globalThis.neuraiDepinMsg={buildDepinMessage:Oo,decryptDepinReceiveEncryptedPayload:To,wifToHex:Zt,isWIF:zt,utils:{hexToBytes:Le,bytesToHex:He,sha256:Ze,doubleSha256:Gt,hash160:Wt,base58Decode:kn}});return No(cc);})();
|
|
1
|
+
var neuraiDepinMsg=(()=>{var To=Object.create;var vt=Object.defineProperty;var Uo=Object.getOwnPropertyDescriptor;var Oo=Object.getOwnPropertyNames;var Lo=Object.getPrototypeOf,Ro=Object.prototype.hasOwnProperty;var le=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),qo=(e,t)=>{for(var r in t)vt(e,r,{get:t[r],enumerable:!0})},kn=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Oo(t))!Ro.call(e,o)&&o!==r&&vt(e,o,{get:()=>t[o],enumerable:!(n=Uo(t,o))||n.enumerable});return e};var Co=(e,t,r)=>(r=e!=null?To(Lo(e)):{},kn(t||!e||!e.__esModule?vt(r,"default",{value:e,enumerable:!0}):r,e)),Vo=e=>kn(vt({},"__esModule",{value:!0}),e);var Pn=le(St=>{"use strict";Object.defineProperty(St,"__esModule",{value:!0});St.crypto=void 0;St.crypto=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0});var qe=le(O=>{"use strict";Object.defineProperty(O,"__esModule",{value:!0});O.wrapXOFConstructorWithOpts=O.wrapConstructorWithOpts=O.wrapConstructor=O.Hash=O.nextTick=O.swap32IfBE=O.byteSwapIfBE=O.swap8IfBE=O.isLE=void 0;O.isBytes=Kn;O.anumber=Wt;O.abytes=et;O.ahash=No;O.aexists=ko;O.aoutput=Po;O.u8=Mo;O.u32=Ko;O.clean=Do;O.createView=jo;O.rotr=Zo;O.rotl=zo;O.byteSwap=Yt;O.byteSwap32=Dn;O.bytesToHex=Wo;O.hexToBytes=Xo;O.asyncLoop=$o;O.utf8ToBytes=$t;O.bytesToUtf8=Fo;O.toBytes=At;O.kdfInputToBytes=Qo;O.concatBytes=Jo;O.checkOpts=es;O.createHasher=Zn;O.createOptHasher=zn;O.createXOFer=Gn;O.randomBytes=ts;var Je=Pn();function Kn(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Wt(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function et(e,...t){if(!Kn(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function No(e){if(typeof e!="function"||typeof e.create!="function")throw new Error("Hash should be wrapped by utils.createHasher");Wt(e.outputLen),Wt(e.blockLen)}function ko(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Po(e,t){et(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Mo(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function Ko(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Do(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function jo(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Zo(e,t){return e<<32-t|e>>>t}function zo(e,t){return e<<t|e>>>32-t>>>0}O.isLE=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;function Yt(e){return e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255}O.swap8IfBE=O.isLE?e=>e:e=>Yt(e);O.byteSwapIfBE=O.swap8IfBE;function Dn(e){for(let t=0;t<e.length;t++)e[t]=Yt(e[t]);return e}O.swap32IfBE=O.isLE?e=>e:Dn;var jn=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",Go=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function Wo(e){if(et(e),jn)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=Go[e[r]];return t}var Ie={_0:48,_9:57,A:65,F:70,a:97,f:102};function Mn(e){if(e>=Ie._0&&e<=Ie._9)return e-Ie._0;if(e>=Ie.A&&e<=Ie.F)return e-(Ie.A-10);if(e>=Ie.a&&e<=Ie.f)return e-(Ie.a-10)}function Xo(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(jn)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Mn(e.charCodeAt(s)),c=Mn(e.charCodeAt(s+1));if(i===void 0||c===void 0){let a=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+a+'" at index '+s)}n[o]=i*16+c}return n}var Yo=async()=>{};O.nextTick=Yo;async function $o(e,t,r){let n=Date.now();for(let o=0;o<e;o++){r(o);let s=Date.now()-n;s>=0&&s<t||(await(0,O.nextTick)(),n+=s)}}function $t(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function Fo(e){return new TextDecoder().decode(e)}function At(e){return typeof e=="string"&&(e=$t(e)),et(e),e}function Qo(e){return typeof e=="string"&&(e=$t(e)),et(e),e}function Jo(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];et(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}function es(e,t){if(t!==void 0&&{}.toString.call(t)!=="[object Object]")throw new Error("options should be object or undefined");return Object.assign(e,t)}var Xt=class{};O.Hash=Xt;function Zn(e){let t=n=>e().update(At(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function zn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}function Gn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}O.wrapConstructor=Zn;O.wrapConstructorWithOpts=zn;O.wrapXOFConstructorWithOpts=Gn;function ts(e=32){if(Je.crypto&&typeof Je.crypto.getRandomValues=="function")return Je.crypto.getRandomValues(new Uint8Array(e));if(Je.crypto&&typeof Je.crypto.randomBytes=="function")return Uint8Array.from(Je.crypto.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}});var Xn=le(de=>{"use strict";Object.defineProperty(de,"__esModule",{value:!0});de.SHA512_IV=de.SHA384_IV=de.SHA224_IV=de.SHA256_IV=de.HashMD=void 0;de.setBigUint64=Wn;de.Chi=ns;de.Maj=rs;var _e=qe();function Wn(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),c=Number(r&s),a=n?4:0,l=n?0:4;e.setUint32(t+a,i,n),e.setUint32(t+l,c,n)}function ns(e,t,r){return e&t^~e&r}function rs(e,t,r){return e&t^e&r^t&r}var Ft=class extends _e.Hash{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=(0,_e.createView)(this.buffer)}update(t){(0,_e.aexists)(this),t=(0,_e.toBytes)(t),(0,_e.abytes)(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let c=Math.min(o-this.pos,s-i);if(c===o){let a=(0,_e.createView)(t);for(;o<=s-i;i+=o)this.process(a,i);continue}n.set(t.subarray(i,i+c),this.pos),this.pos+=c,i+=c,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){(0,_e.aexists)(this),(0,_e.aoutput)(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,(0,_e.clean)(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let h=i;h<o;h++)r[h]=0;Wn(n,o-8,BigInt(this.length*8),s),this.process(n,0);let c=(0,_e.createView)(t),a=this.outputLen;if(a%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let l=a/4,d=this.get();if(l>d.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<l;h++)c.setUint32(4*h,d[h],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:c}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=c,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}};de.HashMD=Ft;de.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);de.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);de.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]);de.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])});var wr=le(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.toBig=V.shrSL=V.shrSH=V.rotrSL=V.rotrSH=V.rotrBL=V.rotrBH=V.rotr32L=V.rotr32H=V.rotlSL=V.rotlSH=V.rotlBL=V.rotlBH=V.add5L=V.add5H=V.add4L=V.add4H=V.add3L=V.add3H=void 0;V.add=fr;V.fromBig=Jt;V.split=Yn;var Ht=BigInt(2**32-1),Qt=BigInt(32);function Jt(e,t=!1){return t?{h:Number(e&Ht),l:Number(e>>Qt&Ht)}:{h:Number(e>>Qt&Ht)|0,l:Number(e&Ht)|0}}function Yn(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:c}=Jt(e[s],t);[n[s],o[s]]=[i,c]}return[n,o]}var $n=(e,t)=>BigInt(e>>>0)<<Qt|BigInt(t>>>0);V.toBig=$n;var Fn=(e,t,r)=>e>>>r;V.shrSH=Fn;var Qn=(e,t,r)=>e<<32-r|t>>>r;V.shrSL=Qn;var Jn=(e,t,r)=>e>>>r|t<<32-r;V.rotrSH=Jn;var er=(e,t,r)=>e<<32-r|t>>>r;V.rotrSL=er;var tr=(e,t,r)=>e<<64-r|t>>>r-32;V.rotrBH=tr;var nr=(e,t,r)=>e>>>r-32|t<<64-r;V.rotrBL=nr;var rr=(e,t)=>t;V.rotr32H=rr;var or=(e,t)=>e;V.rotr32L=or;var sr=(e,t,r)=>e<<r|t>>>32-r;V.rotlSH=sr;var ir=(e,t,r)=>t<<r|e>>>32-r;V.rotlSL=ir;var cr=(e,t,r)=>t<<r-32|e>>>64-r;V.rotlBH=cr;var ar=(e,t,r)=>e<<r-32|t>>>64-r;V.rotlBL=ar;function fr(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var ur=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0);V.add3L=ur;var lr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0;V.add3H=lr;var dr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0);V.add4L=dr;var hr=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0;V.add4H=hr;var yr=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0);V.add5L=yr;var br=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;V.add5H=br;var os={fromBig:Jt,split:Yn,toBig:$n,shrSH:Fn,shrSL:Qn,rotrSH:Jn,rotrSL:er,rotrBH:tr,rotrBL:nr,rotr32H:rr,rotr32L:or,rotlSH:sr,rotlSL:ir,rotlBH:cr,rotlBL:ar,add:fr,add3L:ur,add3H:lr,add4L:dr,add4H:hr,add5H:br,add5L:yr};V.default=os});var mr=le(z=>{"use strict";Object.defineProperty(z,"__esModule",{value:!0});z.sha512_224=z.sha512_256=z.sha384=z.sha512=z.sha224=z.sha256=z.SHA512_256=z.SHA512_224=z.SHA384=z.SHA512=z.SHA224=z.SHA256=void 0;var U=Xn(),P=wr(),J=qe(),ss=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),Ce=new Uint32Array(64),ut=class extends U.HashMD{constructor(t=32){super(64,t,8,!1),this.A=U.SHA256_IV[0]|0,this.B=U.SHA256_IV[1]|0,this.C=U.SHA256_IV[2]|0,this.D=U.SHA256_IV[3]|0,this.E=U.SHA256_IV[4]|0,this.F=U.SHA256_IV[5]|0,this.G=U.SHA256_IV[6]|0,this.H=U.SHA256_IV[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:c,H:a}=this;return[t,r,n,o,s,i,c,a]}set(t,r,n,o,s,i,c,a){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=c|0,this.H=a|0}process(t,r){for(let h=0;h<16;h++,r+=4)Ce[h]=t.getUint32(r,!1);for(let h=16;h<64;h++){let f=Ce[h-15],u=Ce[h-2],b=(0,J.rotr)(f,7)^(0,J.rotr)(f,18)^f>>>3,m=(0,J.rotr)(u,17)^(0,J.rotr)(u,19)^u>>>10;Ce[h]=m+Ce[h-7]+b+Ce[h-16]|0}let{A:n,B:o,C:s,D:i,E:c,F:a,G:l,H:d}=this;for(let h=0;h<64;h++){let f=(0,J.rotr)(c,6)^(0,J.rotr)(c,11)^(0,J.rotr)(c,25),u=d+f+(0,U.Chi)(c,a,l)+ss[h]+Ce[h]|0,m=((0,J.rotr)(n,2)^(0,J.rotr)(n,13)^(0,J.rotr)(n,22))+(0,U.Maj)(n,o,s)|0;d=l,l=a,a=c,c=i+u|0,i=s,s=o,o=n,n=u+m|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,c=c+this.E|0,a=a+this.F|0,l=l+this.G|0,d=d+this.H|0,this.set(n,o,s,i,c,a,l,d)}roundClean(){(0,J.clean)(Ce)}destroy(){this.set(0,0,0,0,0,0,0,0),(0,J.clean)(this.buffer)}};z.SHA256=ut;var It=class extends ut{constructor(){super(28),this.A=U.SHA224_IV[0]|0,this.B=U.SHA224_IV[1]|0,this.C=U.SHA224_IV[2]|0,this.D=U.SHA224_IV[3]|0,this.E=U.SHA224_IV[4]|0,this.F=U.SHA224_IV[5]|0,this.G=U.SHA224_IV[6]|0,this.H=U.SHA224_IV[7]|0}};z.SHA224=It;var gr=P.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),is=gr[0],cs=gr[1],Ve=new Uint32Array(80),Ne=new Uint32Array(80),Ge=class extends U.HashMD{constructor(t=64){super(128,t,16,!1),this.Ah=U.SHA512_IV[0]|0,this.Al=U.SHA512_IV[1]|0,this.Bh=U.SHA512_IV[2]|0,this.Bl=U.SHA512_IV[3]|0,this.Ch=U.SHA512_IV[4]|0,this.Cl=U.SHA512_IV[5]|0,this.Dh=U.SHA512_IV[6]|0,this.Dl=U.SHA512_IV[7]|0,this.Eh=U.SHA512_IV[8]|0,this.El=U.SHA512_IV[9]|0,this.Fh=U.SHA512_IV[10]|0,this.Fl=U.SHA512_IV[11]|0,this.Gh=U.SHA512_IV[12]|0,this.Gl=U.SHA512_IV[13]|0,this.Hh=U.SHA512_IV[14]|0,this.Hl=U.SHA512_IV[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:c,Dl:a,Eh:l,El:d,Fh:h,Fl:f,Gh:u,Gl:b,Hh:m,Hl:_}=this;return[t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,_]}set(t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,_){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=c|0,this.Dl=a|0,this.Eh=l|0,this.El=d|0,this.Fh=h|0,this.Fl=f|0,this.Gh=u|0,this.Gl=b|0,this.Hh=m|0,this.Hl=_|0}process(t,r){for(let x=0;x<16;x++,r+=4)Ve[x]=t.getUint32(r),Ne[x]=t.getUint32(r+=4);for(let x=16;x<80;x++){let N=Ve[x-15]|0,M=Ne[x-15]|0,Y=P.rotrSH(N,M,1)^P.rotrSH(N,M,8)^P.shrSH(N,M,7),Z=P.rotrSL(N,M,1)^P.rotrSL(N,M,8)^P.shrSL(N,M,7),j=Ve[x-2]|0,H=Ne[x-2]|0,be=P.rotrSH(j,H,19)^P.rotrBH(j,H,61)^P.shrSH(j,H,6),ue=P.rotrSL(j,H,19)^P.rotrBL(j,H,61)^P.shrSL(j,H,6),C=P.add4L(Z,ue,Ne[x-7],Ne[x-16]),g=P.add4H(C,Y,be,Ve[x-7],Ve[x-16]);Ve[x]=g|0,Ne[x]=C|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:c,Cl:a,Dh:l,Dl:d,Eh:h,El:f,Fh:u,Fl:b,Gh:m,Gl:_,Hh:T,Hl:q}=this;for(let x=0;x<80;x++){let N=P.rotrSH(h,f,14)^P.rotrSH(h,f,18)^P.rotrBH(h,f,41),M=P.rotrSL(h,f,14)^P.rotrSL(h,f,18)^P.rotrBL(h,f,41),Y=h&u^~h&m,Z=f&b^~f&_,j=P.add5L(q,M,Z,cs[x],Ne[x]),H=P.add5H(j,T,N,Y,is[x],Ve[x]),be=j|0,ue=P.rotrSH(n,o,28)^P.rotrBH(n,o,34)^P.rotrBH(n,o,39),C=P.rotrSL(n,o,28)^P.rotrBL(n,o,34)^P.rotrBL(n,o,39),g=n&s^n&c^s&c,w=o&i^o&a^i&a;T=m|0,q=_|0,m=u|0,_=b|0,u=h|0,b=f|0,{h,l:f}=P.add(l|0,d|0,H|0,be|0),l=c|0,d=a|0,c=s|0,a=i|0,s=n|0,i=o|0;let y=P.add3L(be,C,w);n=P.add3H(y,H,ue,g),o=y|0}({h:n,l:o}=P.add(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=P.add(this.Bh|0,this.Bl|0,s|0,i|0),{h:c,l:a}=P.add(this.Ch|0,this.Cl|0,c|0,a|0),{h:l,l:d}=P.add(this.Dh|0,this.Dl|0,l|0,d|0),{h,l:f}=P.add(this.Eh|0,this.El|0,h|0,f|0),{h:u,l:b}=P.add(this.Fh|0,this.Fl|0,u|0,b|0),{h:m,l:_}=P.add(this.Gh|0,this.Gl|0,m|0,_|0),{h:T,l:q}=P.add(this.Hh|0,this.Hl|0,T|0,q|0),this.set(n,o,s,i,c,a,l,d,h,f,u,b,m,_,T,q)}roundClean(){(0,J.clean)(Ve,Ne)}destroy(){(0,J.clean)(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};z.SHA512=Ge;var Tt=class extends Ge{constructor(){super(48),this.Ah=U.SHA384_IV[0]|0,this.Al=U.SHA384_IV[1]|0,this.Bh=U.SHA384_IV[2]|0,this.Bl=U.SHA384_IV[3]|0,this.Ch=U.SHA384_IV[4]|0,this.Cl=U.SHA384_IV[5]|0,this.Dh=U.SHA384_IV[6]|0,this.Dl=U.SHA384_IV[7]|0,this.Eh=U.SHA384_IV[8]|0,this.El=U.SHA384_IV[9]|0,this.Fh=U.SHA384_IV[10]|0,this.Fl=U.SHA384_IV[11]|0,this.Gh=U.SHA384_IV[12]|0,this.Gl=U.SHA384_IV[13]|0,this.Hh=U.SHA384_IV[14]|0,this.Hl=U.SHA384_IV[15]|0}};z.SHA384=Tt;var ae=Uint32Array.from([2352822216,424955298,1944164710,2312950998,502970286,855612546,1738396948,1479516111,258812777,2077511080,2011393907,79989058,1067287976,1780299464,286451373,2446758561]),fe=Uint32Array.from([573645204,4230739756,2673172387,3360449730,596883563,1867755857,2520282905,1497426621,2519219938,2827943907,3193839141,1401305490,721525244,746961066,246885852,2177182882]),Ut=class extends Ge{constructor(){super(28),this.Ah=ae[0]|0,this.Al=ae[1]|0,this.Bh=ae[2]|0,this.Bl=ae[3]|0,this.Ch=ae[4]|0,this.Cl=ae[5]|0,this.Dh=ae[6]|0,this.Dl=ae[7]|0,this.Eh=ae[8]|0,this.El=ae[9]|0,this.Fh=ae[10]|0,this.Fl=ae[11]|0,this.Gh=ae[12]|0,this.Gl=ae[13]|0,this.Hh=ae[14]|0,this.Hl=ae[15]|0}};z.SHA512_224=Ut;var Ot=class extends Ge{constructor(){super(32),this.Ah=fe[0]|0,this.Al=fe[1]|0,this.Bh=fe[2]|0,this.Bl=fe[3]|0,this.Ch=fe[4]|0,this.Cl=fe[5]|0,this.Dh=fe[6]|0,this.Dl=fe[7]|0,this.Eh=fe[8]|0,this.El=fe[9]|0,this.Fh=fe[10]|0,this.Fl=fe[11]|0,this.Gh=fe[12]|0,this.Gl=fe[13]|0,this.Hh=fe[14]|0,this.Hl=fe[15]|0}};z.SHA512_256=Ot;z.sha256=(0,J.createHasher)(()=>new ut);z.sha224=(0,J.createHasher)(()=>new It);z.sha512=(0,J.createHasher)(()=>new Ge);z.sha384=(0,J.createHasher)(()=>new Tt);z.sha512_256=(0,J.createHasher)(()=>new Ot);z.sha512_224=(0,J.createHasher)(()=>new Ut)});var pr=le(Xe=>{"use strict";Object.defineProperty(Xe,"__esModule",{value:!0});Xe.hmac=Xe.HMAC=void 0;var We=qe(),lt=class extends We.Hash{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,(0,We.ahash)(t);let n=(0,We.toBytes)(r);if(this.iHash=t.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?t.create().update(n).digest():n);for(let i=0;i<s.length;i++)s[i]^=54;this.iHash.update(s),this.oHash=t.create();for(let i=0;i<s.length;i++)s[i]^=106;this.oHash.update(s),(0,We.clean)(s)}update(t){return(0,We.aexists)(this),this.iHash.update(t),this}digestInto(t){(0,We.aexists)(this),(0,We.abytes)(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));let{oHash:r,iHash:n,finished:o,destroyed:s,blockLen:i,outputLen:c}=this;return t=t,t.finished=o,t.destroyed=s,t.blockLen=i,t.outputLen=c,t.oHash=r._cloneInto(t.oHash),t.iHash=n._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}};Xe.HMAC=lt;var as=(e,t,r)=>new lt(e,t).update(r).digest();Xe.hmac=as;Xe.hmac.create=(e,t)=>new lt(e,t)});var Ye=le(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.notImplemented=L.bitMask=L.utf8ToBytes=L.randomBytes=L.isBytes=L.hexToBytes=L.concatBytes=L.bytesToUtf8=L.bytesToHex=L.anumber=L.abytes=void 0;L.abool=fs;L._abool2=us;L._abytes2=ls;L.numberToHexUnpadded=xr;L.hexToNumber=tn;L.bytesToNumberBE=ds;L.bytesToNumberLE=hs;L.numberToBytesBE=Er;L.numberToBytesLE=ys;L.numberToVarBytesBE=bs;L.ensureBytes=ws;L.equalBytes=gs;L.copyBytes=ms;L.asciiToBytes=ps;L.inRange=Br;L.aInRange=xs;L.bitLen=Es;L.bitGet=Bs;L.bitSet=_s;L.createHmacDrbg=Ss;L.validateObject=Hs;L.isHash=Is;L._validateObject=Ts;L.memoized=Os;var ve=qe(),Te=qe();Object.defineProperty(L,"abytes",{enumerable:!0,get:function(){return Te.abytes}});Object.defineProperty(L,"anumber",{enumerable:!0,get:function(){return Te.anumber}});Object.defineProperty(L,"bytesToHex",{enumerable:!0,get:function(){return Te.bytesToHex}});Object.defineProperty(L,"bytesToUtf8",{enumerable:!0,get:function(){return Te.bytesToUtf8}});Object.defineProperty(L,"concatBytes",{enumerable:!0,get:function(){return Te.concatBytes}});Object.defineProperty(L,"hexToBytes",{enumerable:!0,get:function(){return Te.hexToBytes}});Object.defineProperty(L,"isBytes",{enumerable:!0,get:function(){return Te.isBytes}});Object.defineProperty(L,"randomBytes",{enumerable:!0,get:function(){return Te.randomBytes}});Object.defineProperty(L,"utf8ToBytes",{enumerable:!0,get:function(){return Te.utf8ToBytes}});var Lt=BigInt(0),dt=BigInt(1);function fs(e,t){if(typeof t!="boolean")throw new Error(e+" boolean expected, got "+t)}function us(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function ls(e,t,r=""){let n=(0,ve.isBytes)(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,c=s?` of length ${t}`:"",a=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+c+", got "+a)}return e}function xr(e){let t=e.toString(16);return t.length&1?"0"+t:t}function tn(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?Lt:BigInt("0x"+e)}function ds(e){return tn((0,ve.bytesToHex)(e))}function hs(e){return(0,ve.abytes)(e),tn((0,ve.bytesToHex)(Uint8Array.from(e).reverse()))}function Er(e,t){return(0,ve.hexToBytes)(e.toString(16).padStart(t*2,"0"))}function ys(e,t){return Er(e,t).reverse()}function bs(e){return(0,ve.hexToBytes)(xr(e))}function ws(e,t,r){let n;if(typeof t=="string")try{n=(0,ve.hexToBytes)(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if((0,ve.isBytes)(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function gs(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function ms(e){return Uint8Array.from(e)}function ps(e){return Uint8Array.from(e,(t,r)=>{let n=t.charCodeAt(0);if(t.length!==1||n>127)throw new Error(`string contains non-ASCII character "${e[r]}" with code ${n} at position ${r}`);return n})}var en=e=>typeof e=="bigint"&&Lt<=e;function Br(e,t,r){return en(e)&&en(t)&&en(r)&&t<=e&&e<r}function xs(e,t,r,n){if(!Br(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function Es(e){let t;for(t=0;e>Lt;e>>=dt,t+=1);return t}function Bs(e,t){return e>>BigInt(t)&dt}function _s(e,t,r){return e|(r?dt:Lt)<<BigInt(t)}var vs=e=>(dt<<BigInt(e))-dt;L.bitMask=vs;function Ss(e,t,r){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof t!="number"||t<2)throw new Error("qByteLen must be a number");if(typeof r!="function")throw new Error("hmacFn must be a function");let n=u=>new Uint8Array(u),o=u=>Uint8Array.of(u),s=n(e),i=n(e),c=0,a=()=>{s.fill(1),i.fill(0),c=0},l=(...u)=>r(i,s,...u),d=(u=n(0))=>{i=l(o(0),u),s=l(),u.length!==0&&(i=l(o(1),u),s=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let u=0,b=[];for(;u<t;){s=l();let m=s.slice();b.push(m),u+=s.length}return(0,ve.concatBytes)(...b)};return(u,b)=>{a(),d(u);let m;for(;!(m=b(h()));)d();return a(),m}}var As={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||(0,ve.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function Hs(e,t,r={}){let n=(o,s,i)=>{let c=As[s];if(typeof c!="function")throw new Error("invalid validator function");let a=e[o];if(!(i&&a===void 0)&&!c(a,e))throw new Error("param "+String(o)+" is invalid. Expected "+s+", got "+a)};for(let[o,s]of Object.entries(t))n(o,s,!1);for(let[o,s]of Object.entries(r))n(o,s,!0);return e}function Is(e){return typeof e=="function"&&Number.isSafeInteger(e.outputLen)}function Ts(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let c=e[o];if(i&&c===void 0)return;let a=typeof c;if(a!==s||c===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${a}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var Us=()=>{throw new Error("not implemented")};L.notImplemented=Us;function Os(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}});var tt=le(X=>{"use strict";Object.defineProperty(X,"__esModule",{value:!0});X.isNegativeLE=void 0;X.mod=ge;X.pow=qs;X.pow2=Cs;X.invert=Rt;X.tonelliShanks=rn;X.FpSqrt=Tr;X.validateField=Ms;X.FpPow=on;X.FpInvertBatch=Ur;X.FpDiv=Ks;X.FpLegendre=qt;X.FpIsSquare=Ds;X.nLength=sn;X.Field=Ct;X.FpSqrtOdd=js;X.FpSqrtEven=Zs;X.hashToPrivateScalar=zs;X.getFieldBytesLength=cn;X.getMinHashLength=Or;X.mapHashToField=Gs;var me=Ye(),he=BigInt(0),ee=BigInt(1),$e=BigInt(2),_r=BigInt(3),vr=BigInt(4),Sr=BigInt(5),Ls=BigInt(7),Ar=BigInt(8),Rs=BigInt(9),Hr=BigInt(16);function ge(e,t){let r=e%t;return r>=he?r:t+r}function qs(e,t,r){return on(Ct(r),e,t)}function Cs(e,t,r){let n=e;for(;t-- >he;)n*=n,n%=r;return n}function Rt(e,t){if(e===he)throw new Error("invert: expected non-zero number");if(t<=he)throw new Error("invert: expected positive modulus, got "+t);let r=ge(e,t),n=t,o=he,s=ee,i=ee,c=he;for(;r!==he;){let l=n/r,d=n%r,h=o-i*l,f=s-c*l;n=r,r=d,o=i,s=c,i=h,c=f}if(n!==ee)throw new Error("invert: does not exist");return ge(o,t)}function nn(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function Ir(e,t){let r=(e.ORDER+ee)/vr,n=e.pow(t,r);return nn(e,n,t),n}function Vs(e,t){let r=(e.ORDER-Sr)/Ar,n=e.mul(t,$e),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,$e),o),c=e.mul(s,e.sub(i,e.ONE));return nn(e,c,t),c}function Ns(e){let t=Ct(e),r=rn(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+Ls)/Hr;return(c,a)=>{let l=c.pow(a,i),d=c.mul(l,n),h=c.mul(l,o),f=c.mul(l,s),u=c.eql(c.sqr(d),a),b=c.eql(c.sqr(h),a);l=c.cmov(l,d,u),d=c.cmov(f,h,b);let m=c.eql(c.sqr(d),a),_=c.cmov(l,d,m);return nn(c,_,a),_}}function rn(e){if(e<_r)throw new Error("sqrt is not defined for small field");let t=e-ee,r=0;for(;t%$e===he;)t/=$e,r++;let n=$e,o=Ct(e);for(;qt(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return Ir;let s=o.pow(n,t),i=(t+ee)/$e;return function(a,l){if(a.is0(l))return l;if(qt(a,l)!==1)throw new Error("Cannot find square root");let d=r,h=a.mul(a.ONE,s),f=a.pow(l,t),u=a.pow(l,i);for(;!a.eql(f,a.ONE);){if(a.is0(f))return a.ZERO;let b=1,m=a.sqr(f);for(;!a.eql(m,a.ONE);)if(b++,m=a.sqr(m),b===d)throw new Error("Cannot find square root");let _=ee<<BigInt(d-b-1),T=a.pow(h,_);d=b,h=a.sqr(T),f=a.mul(f,h),u=a.mul(u,T)}return u}}function Tr(e){return e%vr===_r?Ir:e%Ar===Sr?Vs:e%Hr===Rs?Ns(e):rn(e)}var ks=(e,t)=>(ge(e,t)&ee)===ee;X.isNegativeLE=ks;var Ps=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function Ms(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=Ps.reduce((n,o)=>(n[o]="function",n),t);return(0,me._validateObject)(e,r),e}function on(e,t,r){if(r<he)throw new Error("invalid exponent, negatives unsupported");if(r===he)return e.ONE;if(r===ee)return t;let n=e.ONE,o=t;for(;r>he;)r&ee&&(n=e.mul(n,o)),o=e.sqr(o),r>>=ee;return n}function Ur(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,c,a)=>e.is0(c)?i:(n[a]=i,e.mul(i,c)),e.ONE),s=e.inv(o);return t.reduceRight((i,c,a)=>e.is0(c)?i:(n[a]=e.mul(i,n[a]),e.mul(i,c)),s),n}function Ks(e,t,r){return e.mul(t,typeof r=="bigint"?Rt(r,e.ORDER):e.inv(r))}function qt(e,t){let r=(e.ORDER-ee)/$e,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Ds(e,t){return qt(e,t)===1}function sn(e,t){t!==void 0&&(0,me.anumber)(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function Ct(e,t,r=!1,n={}){if(e<=he)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,c;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),c=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:a,nByteLength:l}=sn(e,o);if(l>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d,h=Object.freeze({ORDER:e,isLE:r,BITS:a,BYTES:l,MASK:(0,me.bitMask)(a),ZERO:he,ONE:ee,allowedLengths:c,create:f=>ge(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return he<=f&&f<e},is0:f=>f===he,isValidNot0:f=>!h.is0(f)&&h.isValid(f),isOdd:f=>(f&ee)===ee,neg:f=>ge(-f,e),eql:(f,u)=>f===u,sqr:f=>ge(f*f,e),add:(f,u)=>ge(f+u,e),sub:(f,u)=>ge(f-u,e),mul:(f,u)=>ge(f*u,e),pow:(f,u)=>on(h,f,u),div:(f,u)=>ge(f*Rt(u,e),e),sqrN:f=>f*f,addN:(f,u)=>f+u,subN:(f,u)=>f-u,mulN:(f,u)=>f*u,inv:f=>Rt(f,e),sqrt:s||(f=>(d||(d=Tr(e)),d(h,f))),toBytes:f=>r?(0,me.numberToBytesLE)(f,l):(0,me.numberToBytesBE)(f,l),fromBytes:(f,u=!0)=>{if(c){if(!c.includes(f.length)||f.length>l)throw new Error("Field.fromBytes: expected "+c+" bytes, got "+f.length);let m=new Uint8Array(l);m.set(f,r?0:m.length-f.length),f=m}if(f.length!==l)throw new Error("Field.fromBytes: expected "+l+" bytes, got "+f.length);let b=r?(0,me.bytesToNumberLE)(f):(0,me.bytesToNumberBE)(f);if(i&&(b=ge(b,e)),!u&&!h.isValid(b))throw new Error("invalid field element: outside of range 0..ORDER");return b},invertBatch:f=>Ur(h,f),cmov:(f,u,b)=>b?u:f});return Object.freeze(h)}function js(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?r:e.neg(r)}function Zs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?e.neg(r):r}function zs(e,t,r=!1){e=(0,me.ensureBytes)("privateHash",e);let n=e.length,o=sn(t).nByteLength+8;if(o<24||n<o||n>1024)throw new Error("hashToPrivateScalar: expected "+o+"-1024 bytes of input, got "+n);let s=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e);return ge(s,t-ee)+ee}function cn(e){if(typeof e!="bigint")throw new Error("field order must be bigint");let t=e.toString(2).length;return Math.ceil(t/8)}function Or(e){let t=cn(e);return t+Math.ceil(t/2)}function Gs(e,t,r=!1){let n=e.length,o=cn(t),s=Or(t);if(n<16||n<s||n>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+n);let i=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e),c=ge(i,t-ee)+ee;return r?(0,me.numberToBytesLE)(c,o):(0,me.numberToBytesBE)(c,o)}});var kr=le(Ee=>{"use strict";Object.defineProperty(Ee,"__esModule",{value:!0});Ee.wNAF=void 0;Ee.negateCt=ln;Ee.normalizeZ=Ws;Ee.mulEndoUnsafe=Xs;Ee.pippenger=Ys;Ee.precomputeMSMUnsafe=$s;Ee.validateBasic=Fs;Ee._createCurveFields=Qs;var ht=Ye(),yt=tt(),nt=BigInt(0),Fe=BigInt(1);function ln(e,t){let r=t.negate();return e?r:t}function Ws(e,t){let r=(0,yt.FpInvertBatch)(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function hn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function an(e,t){hn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=(0,ht.bitMask)(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Lr(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,c=Number(e&o),a=e>>i;c>n&&(c-=s,a+=Fe);let l=t*n,d=l+Math.abs(c)-1,h=c===0,f=c<0,u=t%2!==0;return{nextN:a,offset:d,isZero:h,isNeg:f,isNegF:u,offsetF:l}}function Cr(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function Vr(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var fn=new WeakMap,Nr=new WeakMap;function un(e){return Nr.get(e)||1}function Rr(e){if(e!==nt)throw new Error("invalid wNAF")}var dn=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>nt;)r&Fe&&(n=n.add(o)),o=o.double(),r>>=Fe;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=an(r,this.bits),s=[],i=t,c=i;for(let a=0;a<n;a++){c=i,s.push(c);for(let l=1;l<o;l++)c=c.add(i),s.push(c);i=c.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=an(t,this.bits);for(let c=0;c<i.windows;c++){let{nextN:a,offset:l,isZero:d,isNeg:h,isNegF:f,offsetF:u}=Lr(n,c,i);n=a,d?s=s.add(ln(f,r[u])):o=o.add(ln(h,r[l]))}return Rr(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=an(t,this.bits);for(let i=0;i<s.windows&&n!==nt;i++){let{nextN:c,offset:a,isZero:l,isNeg:d}=Lr(n,i,s);if(n=c,!l){let h=r[a];o=o.add(d?h.negate():h)}}return Rr(n),o}getPrecomputes(t,r,n){let o=fn.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),fn.set(r,o))),o}cached(t,r,n){let o=un(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=un(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){hn(r,this.bits),Nr.set(t,r),fn.delete(t)}hasCache(t){return un(t)!==1}};Ee.wNAF=dn;function Xs(e,t,r,n){let o=t,s=e.ZERO,i=e.ZERO;for(;r>nt||n>nt;)r&Fe&&(s=s.add(o)),n&Fe&&(i=i.add(o)),o=o.double(),r>>=Fe,n>>=Fe;return{p1:s,p2:i}}function Ys(e,t,r,n){Cr(r,e),Vr(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,c=(0,ht.bitLen)(BigInt(o)),a=1;c>12?a=c-3:c>4?a=c-2:c>0&&(a=2);let l=(0,ht.bitMask)(a),d=new Array(Number(l)+1).fill(i),h=Math.floor((t.BITS-1)/a)*a,f=i;for(let u=h;u>=0;u-=a){d.fill(i);for(let m=0;m<s;m++){let _=n[m],T=Number(_>>BigInt(u)&l);d[T]=d[T].add(r[m])}let b=i;for(let m=d.length-1,_=i;m>0;m--)_=_.add(d[m]),b=b.add(_);if(f=f.add(b),u!==0)for(let m=0;m<a;m++)f=f.double()}return f}function $s(e,t,r,n){hn(n,t.BITS),Cr(r,e);let o=e.ZERO,s=2**n-1,i=Math.ceil(t.BITS/n),c=(0,ht.bitMask)(n),a=r.map(l=>{let d=[];for(let h=0,f=l;h<s;h++)d.push(f),f=f.add(l);return d});return l=>{if(Vr(l,t),l.length>r.length)throw new Error("array of scalars must be smaller than array of points");let d=o;for(let h=0;h<i;h++){if(d!==o)for(let u=0;u<n;u++)d=d.double();let f=BigInt(i*n-(h+1)*n);for(let u=0;u<l.length;u++){let b=l[u],m=Number(b>>f&c);m&&(d=d.add(a[u][m-1]))}}return d}}function Fs(e){return(0,yt.validateField)(e.Fp),(0,ht.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,yt.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}function qr(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,yt.validateField)(t),t}else return(0,yt.Field)(e,{isLE:r})}function Qs(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let a of["p","n","h"]){let l=t[a];if(!(typeof l=="bigint"&&l>nt))throw new Error(`CURVE.${a} must be positive bigint`)}let o=qr(t.p,r.Fp,n),s=qr(t.n,r.Fn,n),c=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let a of c)if(!o.isValid(t[a]))throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}});var mn=le(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.DER=W.DERErr=void 0;W._splitEndoScalar=Mr;W._normFnElement=ke;W.weierstrassN=gn;W.SWUFpSqrtRatio=Dr;W.mapToCurveSimpleSWU=ti;W.ecdh=Zr;W.ecdsa=zr;W.weierstrassPoints=ni;W._legacyHelperEquat=Wr;W.weierstrass=ii;var Js=pr(),ei=qe(),A=Ye(),Ue=kr(),ot=tt(),Pr=(e,t)=>(e+(e>=0?t:-t)/Se)/t;function Mr(e,t,r){let[[n,o],[s,i]]=t,c=Pr(i*e,r),a=Pr(-o*e,r),l=e-c*n-a*s,d=-c*o-a*i,h=l<Be,f=d<Be;h&&(l=-l),f&&(d=-d);let u=(0,A.bitMask)(Math.ceil((0,A.bitLen)(r)/2))+re;if(l<Be||l>=u||d<Be||d>=u)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:h,k1:l,k2neg:f,k2:d}}function bn(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function yn(e,t){let r={};for(let n of Object.keys(t))r[n]=e[n]===void 0?t[n]:e[n];return(0,A._abool2)(r.lowS,"lowS"),(0,A._abool2)(r.prehash,"prehash"),r.format!==void 0&&bn(r.format),r}var Vt=class extends Error{constructor(t=""){super(t)}};W.DERErr=Vt;W.DER={Err:Vt,_tlv:{encode:(e,t)=>{let{Err:r}=W.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length&1)throw new r("tlv.encode: unpadded data");let n=t.length/2,o=(0,A.numberToHexUnpadded)(n);if(o.length/2&128)throw new r("tlv.encode: long form length too big");let s=n>127?(0,A.numberToHexUnpadded)(o.length/2|128):"";return(0,A.numberToHexUnpadded)(e)+s+o+t},decode(e,t){let{Err:r}=W.DER,n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");let o=t[n++],s=!!(o&128),i=0;if(!s)i=o;else{let a=o&127;if(!a)throw new r("tlv.decode(long): indefinite length not supported");if(a>4)throw new r("tlv.decode(long): byte length is too big");let l=t.subarray(n,n+a);if(l.length!==a)throw new r("tlv.decode: length bytes not complete");if(l[0]===0)throw new r("tlv.decode(long): zero leftmost byte");for(let d of l)i=i<<8|d;if(n+=a,i<128)throw new r("tlv.decode(long): not minimal encoding")}let c=t.subarray(n,n+i);if(c.length!==i)throw new r("tlv.decode: wrong value length");return{v:c,l:t.subarray(n+i)}}},_int:{encode(e){let{Err:t}=W.DER;if(e<Be)throw new t("integer: negative integers are not allowed");let r=(0,A.numberToHexUnpadded)(e);if(Number.parseInt(r[0],16)&8&&(r="00"+r),r.length&1)throw new t("unexpected DER parsing assertion: unpadded hex");return r},decode(e){let{Err:t}=W.DER;if(e[0]&128)throw new t("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new t("invalid signature integer: unnecessary leading zero");return(0,A.bytesToNumberBE)(e)}},toSig(e){let{Err:t,_int:r,_tlv:n}=W.DER,o=(0,A.ensureBytes)("signature",e),{v:s,l:i}=n.decode(48,o);if(i.length)throw new t("invalid signature: left bytes after parsing");let{v:c,l:a}=n.decode(2,s),{v:l,l:d}=n.decode(2,a);if(d.length)throw new t("invalid signature: left bytes after parsing");return{r:r.decode(c),s:r.decode(l)}},hexFromSig(e){let{_tlv:t,_int:r}=W.DER,n=t.encode(2,r.encode(e.r)),o=t.encode(2,r.encode(e.s)),s=n+o;return t.encode(48,s)}};var Be=BigInt(0),re=BigInt(1),Se=BigInt(2),rt=BigInt(3),wn=BigInt(4);function ke(e,t){let{BYTES:r}=e,n;if(typeof t=="bigint")n=t;else{let o=(0,A.ensureBytes)("private key",t);try{n=e.fromBytes(o)}catch{throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof t}`)}}if(!e.isValidNot0(n))throw new Error("invalid private key: out of range [1..N-1]");return n}function gn(e,t={}){let r=(0,Ue._createCurveFields)("weierstrass",e,t),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i,n:c}=s;(0,A._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});let{endo:a}=t;if(a&&(!n.is0(s.a)||typeof a.beta!="bigint"||!Array.isArray(a.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');let l=jr(n,o);function d(){if(!n.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}function h(C,g,w){let{x:y,y:p}=g.toAffine(),E=n.toBytes(y);if((0,A._abool2)(w,"isCompressed"),w){d();let S=!n.isOdd(p);return(0,A.concatBytes)(Kr(S),E)}else return(0,A.concatBytes)(Uint8Array.of(4),E,n.toBytes(p))}function f(C){(0,A._abytes2)(C,void 0,"Point");let{publicKey:g,publicKeyUncompressed:w}=l,y=C.length,p=C[0],E=C.subarray(1);if(y===g&&(p===2||p===3)){let S=n.fromBytes(E);if(!n.isValid(S))throw new Error("bad point: is not on curve, wrong x");let I=m(S),v;try{v=n.sqrt(I)}catch(te){let G=te instanceof Error?": "+te.message:"";throw new Error("bad point: is not on curve, sqrt error"+G)}d();let R=n.isOdd(v);return(p&1)===1!==R&&(v=n.neg(v)),{x:S,y:v}}else if(y===w&&p===4){let S=n.BYTES,I=n.fromBytes(E.subarray(0,S)),v=n.fromBytes(E.subarray(S,S*2));if(!_(I,v))throw new Error("bad point: is not on curve");return{x:I,y:v}}else throw new Error(`bad point: got length ${y}, expected compressed=${g} or uncompressed=${w}`)}let u=t.toBytes||h,b=t.fromBytes||f;function m(C){let g=n.sqr(C),w=n.mul(g,C);return n.add(n.add(w,n.mul(C,s.a)),s.b)}function _(C,g){let w=n.sqr(g),y=m(C);return n.eql(w,y)}if(!_(s.Gx,s.Gy))throw new Error("bad curve params: generator point");let T=n.mul(n.pow(s.a,rt),wn),q=n.mul(n.sqr(s.b),BigInt(27));if(n.is0(n.add(T,q)))throw new Error("bad curve params: a or b");function x(C,g,w=!1){if(!n.isValid(g)||w&&n.is0(g))throw new Error(`bad point coordinate ${C}`);return g}function N(C){if(!(C instanceof H))throw new Error("ProjectivePoint expected")}function M(C){if(!a||!a.basises)throw new Error("no endo");return Mr(C,a.basises,o.ORDER)}let Y=(0,A.memoized)((C,g)=>{let{X:w,Y:y,Z:p}=C;if(n.eql(p,n.ONE))return{x:w,y};let E=C.is0();g==null&&(g=E?n.ONE:n.inv(p));let S=n.mul(w,g),I=n.mul(y,g),v=n.mul(p,g);if(E)return{x:n.ZERO,y:n.ZERO};if(!n.eql(v,n.ONE))throw new Error("invZ was invalid");return{x:S,y:I}}),Z=(0,A.memoized)(C=>{if(C.is0()){if(t.allowInfinityPoint&&!n.is0(C.Y))return;throw new Error("bad point: ZERO")}let{x:g,y:w}=C.toAffine();if(!n.isValid(g)||!n.isValid(w))throw new Error("bad point: x or y not field elements");if(!_(g,w))throw new Error("bad point: equation left != right");if(!C.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function j(C,g,w,y,p){return w=new H(n.mul(w.X,C),w.Y,w.Z),g=(0,Ue.negateCt)(y,g),w=(0,Ue.negateCt)(p,w),g.add(w)}class H{constructor(g,w,y){this.X=x("x",g),this.Y=x("y",w,!0),this.Z=x("z",y),Object.freeze(this)}static CURVE(){return s}static fromAffine(g){let{x:w,y}=g||{};if(!g||!n.isValid(w)||!n.isValid(y))throw new Error("invalid affine point");if(g instanceof H)throw new Error("projective point not allowed");return n.is0(w)&&n.is0(y)?H.ZERO:new H(w,y,n.ONE)}static fromBytes(g){let w=H.fromAffine(b((0,A._abytes2)(g,void 0,"point")));return w.assertValidity(),w}static fromHex(g){return H.fromBytes((0,A.ensureBytes)("pointHex",g))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(g=8,w=!0){return ue.createCache(this,g),w||this.multiply(rt),this}assertValidity(){Z(this)}hasEvenY(){let{y:g}=this.toAffine();if(!n.isOdd)throw new Error("Field doesn't support isOdd");return!n.isOdd(g)}equals(g){N(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:S,Z:I}=g,v=n.eql(n.mul(w,I),n.mul(E,p)),R=n.eql(n.mul(y,I),n.mul(S,p));return v&&R}negate(){return new H(this.X,n.neg(this.Y),this.Z)}double(){let{a:g,b:w}=s,y=n.mul(w,rt),{X:p,Y:E,Z:S}=this,I=n.ZERO,v=n.ZERO,R=n.ZERO,k=n.mul(p,p),te=n.mul(E,E),G=n.mul(S,S),K=n.mul(p,E);return K=n.add(K,K),R=n.mul(p,S),R=n.add(R,R),I=n.mul(g,R),v=n.mul(y,G),v=n.add(I,v),I=n.sub(te,v),v=n.add(te,v),v=n.mul(I,v),I=n.mul(K,I),R=n.mul(y,R),G=n.mul(g,G),K=n.sub(k,G),K=n.mul(g,K),K=n.add(K,R),R=n.add(k,k),k=n.add(R,k),k=n.add(k,G),k=n.mul(k,K),v=n.add(v,k),G=n.mul(E,S),G=n.add(G,G),k=n.mul(G,K),I=n.sub(I,k),R=n.mul(G,te),R=n.add(R,R),R=n.add(R,R),new H(I,v,R)}add(g){N(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:S,Z:I}=g,v=n.ZERO,R=n.ZERO,k=n.ZERO,te=s.a,G=n.mul(s.b,rt),K=n.mul(w,E),$=n.mul(y,S),ne=n.mul(p,I),we=n.add(w,y),F=n.add(E,S);we=n.mul(we,F),F=n.add(K,$),we=n.sub(we,F),F=n.add(w,p);let ce=n.add(E,I);return F=n.mul(F,ce),ce=n.add(K,ne),F=n.sub(F,ce),ce=n.add(y,p),v=n.add(S,I),ce=n.mul(ce,v),v=n.add($,ne),ce=n.sub(ce,v),k=n.mul(te,F),v=n.mul(G,ne),k=n.add(v,k),v=n.sub($,k),k=n.add($,k),R=n.mul(v,k),$=n.add(K,K),$=n.add($,K),ne=n.mul(te,ne),F=n.mul(G,F),$=n.add($,ne),ne=n.sub(K,ne),ne=n.mul(te,ne),F=n.add(F,ne),K=n.mul($,F),R=n.add(R,K),K=n.mul(ce,F),v=n.mul(we,v),v=n.sub(v,K),K=n.mul(we,$),k=n.mul(ce,k),k=n.add(k,K),new H(v,R,k)}subtract(g){return this.add(g.negate())}is0(){return this.equals(H.ZERO)}multiply(g){let{endo:w}=t;if(!o.isValidNot0(g))throw new Error("invalid scalar: out of range");let y,p,E=S=>ue.cached(this,S,I=>(0,Ue.normalizeZ)(H,I));if(w){let{k1neg:S,k1:I,k2neg:v,k2:R}=M(g),{p:k,f:te}=E(I),{p:G,f:K}=E(R);p=te.add(K),y=j(w.beta,k,G,S,v)}else{let{p:S,f:I}=E(g);y=S,p=I}return(0,Ue.normalizeZ)(H,[y,p])[0]}multiplyUnsafe(g){let{endo:w}=t,y=this;if(!o.isValid(g))throw new Error("invalid scalar: out of range");if(g===Be||y.is0())return H.ZERO;if(g===re)return y;if(ue.hasCache(this))return this.multiply(g);if(w){let{k1neg:p,k1:E,k2neg:S,k2:I}=M(g),{p1:v,p2:R}=(0,Ue.mulEndoUnsafe)(H,y,E,I);return j(w.beta,v,R,p,S)}else return ue.unsafe(y,g)}multiplyAndAddUnsafe(g,w,y){let p=this.multiplyUnsafe(w).add(g.multiplyUnsafe(y));return p.is0()?void 0:p}toAffine(g){return Y(this,g)}isTorsionFree(){let{isTorsionFree:g}=t;return i===re?!0:g?g(H,this):ue.unsafe(this,c).is0()}clearCofactor(){let{clearCofactor:g}=t;return i===re?this:g?g(H,this):this.multiplyUnsafe(i)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}toBytes(g=!0){return(0,A._abool2)(g,"isCompressed"),this.assertValidity(),u(H,this,g)}toHex(g=!0){return(0,A.bytesToHex)(this.toBytes(g))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(g=!0){return this.toBytes(g)}_setWindowSize(g){this.precompute(g)}static normalizeZ(g){return(0,Ue.normalizeZ)(H,g)}static msm(g,w){return(0,Ue.pippenger)(H,o,g,w)}static fromPrivateKey(g){return H.BASE.multiply(ke(o,g))}}H.BASE=new H(s.Gx,s.Gy,n.ONE),H.ZERO=new H(n.ZERO,n.ONE,n.ZERO),H.Fp=n,H.Fn=o;let be=o.BITS,ue=new Ue.wNAF(H,t.endo?Math.ceil(be/2):be);return H.BASE.precompute(8),H}function Kr(e){return Uint8Array.of(e?2:3)}function Dr(e,t){let r=e.ORDER,n=Be;for(let b=r-re;b%Se===Be;b/=Se)n+=re;let o=n,s=Se<<o-re-re,i=s*Se,c=(r-re)/i,a=(c-re)/Se,l=i-re,d=s,h=e.pow(t,c),f=e.pow(t,(c+re)/Se),u=(b,m)=>{let _=h,T=e.pow(m,l),q=e.sqr(T);q=e.mul(q,m);let x=e.mul(b,q);x=e.pow(x,a),x=e.mul(x,T),T=e.mul(x,m),q=e.mul(x,b);let N=e.mul(q,T);x=e.pow(N,d);let M=e.eql(x,e.ONE);T=e.mul(q,f),x=e.mul(N,_),q=e.cmov(T,q,M),N=e.cmov(x,N,M);for(let Y=o;Y>re;Y--){let Z=Y-Se;Z=Se<<Z-re;let j=e.pow(N,Z),H=e.eql(j,e.ONE);T=e.mul(q,_),_=e.mul(_,_),j=e.mul(N,_),q=e.cmov(T,q,H),N=e.cmov(j,N,H)}return{isValid:M,value:q}};if(e.ORDER%wn===rt){let b=(e.ORDER-rt)/wn,m=e.sqrt(e.neg(t));u=(_,T)=>{let q=e.sqr(T),x=e.mul(_,T);q=e.mul(q,x);let N=e.pow(q,b);N=e.mul(N,x);let M=e.mul(N,m),Y=e.mul(e.sqr(N),T),Z=e.eql(Y,_),j=e.cmov(M,N,Z);return{isValid:Z,value:j}}}return u}function ti(e,t){(0,ot.validateField)(e);let{A:r,B:n,Z:o}=t;if(!e.isValid(r)||!e.isValid(n)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");let s=Dr(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return i=>{let c,a,l,d,h,f,u,b;c=e.sqr(i),c=e.mul(c,o),a=e.sqr(c),a=e.add(a,c),l=e.add(a,e.ONE),l=e.mul(l,n),d=e.cmov(o,e.neg(a),!e.eql(a,e.ZERO)),d=e.mul(d,r),a=e.sqr(l),f=e.sqr(d),h=e.mul(f,r),a=e.add(a,h),a=e.mul(a,l),f=e.mul(f,d),h=e.mul(f,n),a=e.add(a,h),u=e.mul(c,l);let{isValid:m,value:_}=s(a,f);b=e.mul(c,i),b=e.mul(b,_),u=e.cmov(u,l,m),b=e.cmov(b,_,m);let T=e.isOdd(i)===e.isOdd(b);b=e.cmov(e.neg(b),b,T);let q=(0,ot.FpInvertBatch)(e,[d],!0)[0];return u=e.mul(u,q),{x:u,y:b}}}function jr(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function Zr(e,t={}){let{Fn:r}=e,n=t.randomBytes||A.randomBytes,o=Object.assign(jr(e.Fp,r),{seed:(0,ot.getMinHashLength)(r.ORDER)});function s(u){try{return!!ke(r,u)}catch{return!1}}function i(u,b){let{publicKey:m,publicKeyUncompressed:_}=o;try{let T=u.length;return b===!0&&T!==m||b===!1&&T!==_?!1:!!e.fromBytes(u)}catch{return!1}}function c(u=n(o.seed)){return(0,ot.mapHashToField)((0,A._abytes2)(u,o.seed,"seed"),r.ORDER)}function a(u,b=!0){return e.BASE.multiply(ke(r,u)).toBytes(b)}function l(u){let b=c(u);return{secretKey:b,publicKey:a(b)}}function d(u){if(typeof u=="bigint")return!1;if(u instanceof e)return!0;let{secretKey:b,publicKey:m,publicKeyUncompressed:_}=o;if(r.allowedLengths||b===m)return;let T=(0,A.ensureBytes)("key",u).length;return T===m||T===_}function h(u,b,m=!0){if(d(u)===!0)throw new Error("first arg must be private key");if(d(b)===!1)throw new Error("second arg must be public key");let _=ke(r,u);return e.fromHex(b).multiply(_).toBytes(m)}return Object.freeze({getPublicKey:a,getSharedSecret:h,keygen:l,Point:e,utils:{isValidSecretKey:s,isValidPublicKey:i,randomSecretKey:c,isValidPrivateKey:s,randomPrivateKey:c,normPrivateKeyToScalar:u=>ke(r,u),precompute(u=8,b=e.BASE){return b.precompute(u,!1)}},lengths:o})}function zr(e,t,r={}){(0,ei.ahash)(t),(0,A._validateObject)(r,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});let n=r.randomBytes||A.randomBytes,o=r.hmac||((w,...y)=>(0,Js.hmac)(t,w,(0,A.concatBytes)(...y))),{Fp:s,Fn:i}=e,{ORDER:c,BITS:a}=i,{keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u}=Zr(e,r),b={prehash:!1,lowS:typeof r.lowS=="boolean"?r.lowS:!1,format:void 0,extraEntropy:!1},m="compact";function _(w){let y=c>>re;return w>y}function T(w,y){if(!i.isValidNot0(y))throw new Error(`invalid signature ${w}: out of range 1..Point.Fn.ORDER`);return y}function q(w,y){bn(y);let p=u.signature,E=y==="compact"?p:y==="recovered"?p+1:void 0;return(0,A._abytes2)(w,E,`${y} signature`)}class x{constructor(y,p,E){this.r=T("r",y),this.s=T("s",p),E!=null&&(this.recovery=E),Object.freeze(this)}static fromBytes(y,p=m){q(y,p);let E;if(p==="der"){let{r:R,s:k}=W.DER.toSig((0,A._abytes2)(y));return new x(R,k)}p==="recovered"&&(E=y[0],p="compact",y=y.subarray(1));let S=i.BYTES,I=y.subarray(0,S),v=y.subarray(S,S*2);return new x(i.fromBytes(I),i.fromBytes(v),E)}static fromHex(y,p){return this.fromBytes((0,A.hexToBytes)(y),p)}addRecoveryBit(y){return new x(this.r,this.s,y)}recoverPublicKey(y){let p=s.ORDER,{r:E,s:S,recovery:I}=this;if(I==null||![0,1,2,3].includes(I))throw new Error("recovery id invalid");if(c*Se<p&&I>1)throw new Error("recovery id is ambiguous for h>1 curve");let R=I===2||I===3?E+c:E;if(!s.isValid(R))throw new Error("recovery id 2 or 3 invalid");let k=s.toBytes(R),te=e.fromBytes((0,A.concatBytes)(Kr((I&1)===0),k)),G=i.inv(R),K=M((0,A.ensureBytes)("msgHash",y)),$=i.create(-K*G),ne=i.create(S*G),we=e.BASE.multiplyUnsafe($).add(te.multiplyUnsafe(ne));if(we.is0())throw new Error("point at infinify");return we.assertValidity(),we}hasHighS(){return _(this.s)}toBytes(y=m){if(bn(y),y==="der")return(0,A.hexToBytes)(W.DER.hexFromSig(this));let p=i.toBytes(this.r),E=i.toBytes(this.s);if(y==="recovered"){if(this.recovery==null)throw new Error("recovery bit must be present");return(0,A.concatBytes)(Uint8Array.of(this.recovery),p,E)}return(0,A.concatBytes)(p,E)}toHex(y){return(0,A.bytesToHex)(this.toBytes(y))}assertValidity(){}static fromCompact(y){return x.fromBytes((0,A.ensureBytes)("sig",y),"compact")}static fromDER(y){return x.fromBytes((0,A.ensureBytes)("sig",y),"der")}normalizeS(){return this.hasHighS()?new x(this.r,i.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,A.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,A.bytesToHex)(this.toBytes("compact"))}}let N=r.bits2int||function(y){if(y.length>8192)throw new Error("input is too large");let p=(0,A.bytesToNumberBE)(y),E=y.length*8-a;return E>0?p>>BigInt(E):p},M=r.bits2int_modN||function(y){return i.create(N(y))},Y=(0,A.bitMask)(a);function Z(w){return(0,A.aInRange)("num < 2^"+a,w,Be,Y),i.toBytes(w)}function j(w,y){return(0,A._abytes2)(w,void 0,"message"),y?(0,A._abytes2)(t(w),void 0,"prehashed message"):w}function H(w,y,p){if(["recovered","canonical"].some($=>$ in p))throw new Error("sign() legacy options not supported");let{lowS:E,prehash:S,extraEntropy:I}=yn(p,b);w=j(w,S);let v=M(w),R=ke(i,y),k=[Z(R),Z(v)];if(I!=null&&I!==!1){let $=I===!0?n(u.secretKey):I;k.push((0,A.ensureBytes)("extraEntropy",$))}let te=(0,A.concatBytes)(...k),G=v;function K($){let ne=N($);if(!i.isValidNot0(ne))return;let we=i.inv(ne),F=e.BASE.multiply(ne).toAffine(),ce=i.create(F.x);if(ce===Be)return;let _t=i.create(we*i.create(G+ce*R));if(_t===Be)return;let Vn=(F.x===ce?0:2)|Number(F.y&re),Nn=_t;return E&&_(_t)&&(Nn=i.neg(_t),Vn^=1),new x(ce,Nn,Vn)}return{seed:te,k2sig:K}}function be(w,y,p={}){w=(0,A.ensureBytes)("message",w);let{seed:E,k2sig:S}=H(w,y,p);return(0,A.createHmacDrbg)(t.outputLen,i.BYTES,o)(E,S)}function ue(w){let y,p=typeof w=="string"||(0,A.isBytes)(w),E=!p&&w!==null&&typeof w=="object"&&typeof w.r=="bigint"&&typeof w.s=="bigint";if(!p&&!E)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(E)y=new x(w.r,w.s);else if(p){try{y=x.fromBytes((0,A.ensureBytes)("sig",w),"der")}catch(S){if(!(S instanceof W.DER.Err))throw S}if(!y)try{y=x.fromBytes((0,A.ensureBytes)("sig",w),"compact")}catch{return!1}}return y||!1}function C(w,y,p,E={}){let{lowS:S,prehash:I,format:v}=yn(E,b);if(p=(0,A.ensureBytes)("publicKey",p),y=j((0,A.ensureBytes)("message",y),I),"strict"in E)throw new Error("options.strict was renamed to lowS");let R=v===void 0?ue(w):x.fromBytes((0,A.ensureBytes)("sig",w),v);if(R===!1)return!1;try{let k=e.fromBytes(p);if(S&&R.hasHighS())return!1;let{r:te,s:G}=R,K=M(y),$=i.inv(G),ne=i.create(K*$),we=i.create(te*$),F=e.BASE.multiplyUnsafe(ne).add(k.multiplyUnsafe(we));return F.is0()?!1:i.create(F.x)===te}catch{return!1}}function g(w,y,p={}){let{prehash:E}=yn(p,b);return y=j(y,E),x.fromBytes(w,"recovered").recoverPublicKey(y).toBytes()}return Object.freeze({keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u,Point:e,sign:be,verify:C,recoverPublicKey:g,Signature:x,hash:t})}function ni(e){let{CURVE:t,curveOpts:r}=Gr(e),n=gn(t,r);return oi(e,n)}function Gr(e){let t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(i=>Math.ceil(i/2)))):void 0,o=(0,ot.Field)(t.n,{BITS:e.nBitLength,allowedLengths:n,modFromBytes:e.wrapPrivateKey}),s={Fp:r,Fn:o,allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes};return{CURVE:t,curveOpts:s}}function ri(e){let{CURVE:t,curveOpts:r}=Gr(e),n={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:r,hash:e.hash,ecdsaOpts:n}}function Wr(e,t,r){function n(o){let s=e.sqr(o),i=e.mul(s,o);return e.add(e.add(i,e.mul(o,t)),r)}return n}function oi(e,t){let{Fp:r,Fn:n}=t;function o(i){return(0,A.inRange)(i,re,n.ORDER)}let s=Wr(r,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:i=>ke(n,i),weierstrassEquation:s,isWithinCurveOrder:o})}function si(e,t){let r=t.Point;return Object.assign({},t,{ProjectivePoint:r,CURVE:Object.assign({},e,(0,ot.nLength)(r.Fn.ORDER,r.Fn.BITS))})}function ii(e){let{CURVE:t,curveOpts:r,hash:n,ecdsaOpts:o}=ri(e),s=gn(t,r),i=zr(s,n,o);return si(e,i)}});var Xr=le(Nt=>{"use strict";Object.defineProperty(Nt,"__esModule",{value:!0});Nt.getHash=ai;Nt.createCurve=fi;var ci=mn();function ai(e){return{hash:e}}function fi(e,t){let r=n=>(0,ci.weierstrass)({...e,hash:n});return{...r(t),create:r}}});var Jr=le(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae._DST_scalar=void 0;Ae.expand_message_xmd=Fr;Ae.expand_message_xof=Qr;Ae.hash_to_field=kt;Ae.isogenyMap=di;Ae.createHasher=hi;var oe=Ye(),Yr=tt(),ui=oe.bytesToNumberBE;function Pe(e,t){if(bt(e),bt(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);let r=Array.from({length:t}).fill(0);for(let n=t-1;n>=0;n--)r[n]=e&255,e>>>=8;return new Uint8Array(r)}function li(e,t){let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e[n]^t[n];return r}function bt(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function $r(e){if(!(0,oe.isBytes)(e)&&typeof e!="string")throw new Error("DST must be Uint8Array or string");return typeof e=="string"?(0,oe.utf8ToBytes)(e):e}function Fr(e,t,r,n){(0,oe.abytes)(e),bt(r),t=$r(t),t.length>255&&(t=n((0,oe.concatBytes)((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));let{outputLen:o,blockLen:s}=n,i=Math.ceil(r/o);if(r>65535||i>255)throw new Error("expand_message_xmd: invalid lenInBytes");let c=(0,oe.concatBytes)(t,Pe(t.length,1)),a=Pe(0,s),l=Pe(r,2),d=new Array(i),h=n((0,oe.concatBytes)(a,e,l,Pe(0,1),c));d[0]=n((0,oe.concatBytes)(h,Pe(1,1),c));for(let u=1;u<=i;u++){let b=[li(h,d[u-1]),Pe(u+1,1),c];d[u]=n((0,oe.concatBytes)(...b))}return(0,oe.concatBytes)(...d).slice(0,r)}function Qr(e,t,r,n,o){if((0,oe.abytes)(e),bt(r),t=$r(t),t.length>255){let s=Math.ceil(2*n/8);t=o.create({dkLen:s}).update((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(r>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return o.create({dkLen:r}).update(e).update(Pe(r,2)).update(t).update(Pe(t.length,1)).digest()}function kt(e,t,r){(0,oe._validateObject)(r,{p:"bigint",m:"number",k:"number",hash:"function"});let{p:n,k:o,m:s,hash:i,expand:c,DST:a}=r;if(!(0,oe.isHash)(r.hash))throw new Error("expected valid hash");(0,oe.abytes)(e),bt(t);let l=n.toString(2).length,d=Math.ceil((l+o)/8),h=t*s*d,f;if(c==="xmd")f=Fr(e,a,h,i);else if(c==="xof")f=Qr(e,a,h,o,i);else if(c==="_internal_pass")f=e;else throw new Error('expand must be "xmd" or "xof"');let u=new Array(t);for(let b=0;b<t;b++){let m=new Array(s);for(let _=0;_<s;_++){let T=d*(_+b*s),q=f.subarray(T,T+d);m[_]=(0,Yr.mod)(ui(q),n)}u[b]=m}return u}function di(e,t){let r=t.map(n=>Array.from(n).reverse());return(n,o)=>{let[s,i,c,a]=r.map(h=>h.reduce((f,u)=>e.add(e.mul(f,n),u))),[l,d]=(0,Yr.FpInvertBatch)(e,[i,a],!0);return n=e.mul(s,l),o=e.mul(o,e.mul(c,d)),{x:n,y:o}}}Ae._DST_scalar=(0,oe.utf8ToBytes)("HashToScalar-");function hi(e,t,r){if(typeof t!="function")throw new Error("mapToCurve() must be defined");function n(s){return e.fromAffine(t(s))}function o(s){let i=s.clearCofactor();return i.equals(e.ZERO)?e.ZERO:(i.assertValidity(),i)}return{defaults:r,hashToCurve(s,i){let c=Object.assign({},r,i),a=kt(s,2,c),l=n(a[0]),d=n(a[1]);return o(l.add(d))},encodeToCurve(s,i){let c=r.encodeDST?{DST:r.encodeDST}:{},a=Object.assign({},r,c,i),l=kt(s,1,a),d=n(l[0]);return o(d)},mapToCurve(s){if(!Array.isArray(s))throw new Error("expected array of bigints");for(let i of s)if(typeof i!="bigint")throw new Error("expected array of bigints");return o(n(s))},hashToScalar(s,i){let c=e.Fn.ORDER,a=Object.assign({},r,{p:c,m:1,DST:Ae._DST_scalar},i);return kt(s,1,a)[0][0]}}}});var fo=le(se=>{"use strict";Object.defineProperty(se,"__esModule",{value:!0});se.encodeToCurve=se.hashToCurve=se.secp256k1_hasher=se.schnorr=se.secp256k1=void 0;var Pt=mr(),ro=qe(),yi=Xr(),oo=Jr(),ye=tt(),so=mn(),pe=Ye(),st={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},bi={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},wi=BigInt(0),eo=BigInt(1),pn=BigInt(2);function gi(e){let t=st.p,r=BigInt(3),n=BigInt(6),o=BigInt(11),s=BigInt(22),i=BigInt(23),c=BigInt(44),a=BigInt(88),l=e*e*e%t,d=l*l*e%t,h=(0,ye.pow2)(d,r,t)*d%t,f=(0,ye.pow2)(h,r,t)*d%t,u=(0,ye.pow2)(f,pn,t)*l%t,b=(0,ye.pow2)(u,o,t)*u%t,m=(0,ye.pow2)(b,s,t)*b%t,_=(0,ye.pow2)(m,c,t)*m%t,T=(0,ye.pow2)(_,a,t)*_%t,q=(0,ye.pow2)(T,c,t)*m%t,x=(0,ye.pow2)(q,r,t)*d%t,N=(0,ye.pow2)(x,i,t)*b%t,M=(0,ye.pow2)(N,n,t)*l%t,Y=(0,ye.pow2)(M,pn,t);if(!Oe.eql(Oe.sqr(Y),e))throw new Error("Cannot find square root");return Y}var Oe=(0,ye.Field)(st.p,{sqrt:gi});se.secp256k1=(0,yi.createCurve)({...st,Fp:Oe,lowS:!0,endo:bi},Pt.sha256);var to={};function Mt(e,...t){let r=to[e];if(r===void 0){let n=(0,Pt.sha256)((0,pe.utf8ToBytes)(e));r=(0,pe.concatBytes)(n,n),to[e]=r}return(0,Pt.sha256)((0,pe.concatBytes)(r,...t))}var En=e=>e.toBytes(!0).slice(1),it=se.secp256k1.Point,Bn=e=>e%pn===wi;function xn(e){let{Fn:t,BASE:r}=it,n=(0,so._normFnElement)(t,e),o=r.multiply(n);return{scalar:Bn(o.y)?n:t.neg(n),bytes:En(o)}}function io(e){let t=Oe;if(!t.isValidNot0(e))throw new Error("invalid x: Fail if x \u2265 p");let r=t.create(e*e),n=t.create(r*e+BigInt(7)),o=t.sqrt(n);Bn(o)||(o=t.neg(o));let s=it.fromAffine({x:e,y:o});return s.assertValidity(),s}var wt=pe.bytesToNumberBE;function co(...e){return it.Fn.create(wt(Mt("BIP0340/challenge",...e)))}function no(e){return xn(e).bytes}function mi(e,t,r=(0,ro.randomBytes)(32)){let{Fn:n}=it,o=(0,pe.ensureBytes)("message",e),{bytes:s,scalar:i}=xn(t),c=(0,pe.ensureBytes)("auxRand",r,32),a=n.toBytes(i^wt(Mt("BIP0340/aux",c))),l=Mt("BIP0340/nonce",a,s,o),{bytes:d,scalar:h}=xn(l),f=co(d,s,o),u=new Uint8Array(64);if(u.set(d,0),u.set(n.toBytes(n.create(h+f*i)),32),!ao(u,o,s))throw new Error("sign: Invalid signature produced");return u}function ao(e,t,r){let{Fn:n,BASE:o}=it,s=(0,pe.ensureBytes)("signature",e,64),i=(0,pe.ensureBytes)("message",t),c=(0,pe.ensureBytes)("publicKey",r,32);try{let a=io(wt(c)),l=wt(s.subarray(0,32));if(!(0,pe.inRange)(l,eo,st.p))return!1;let d=wt(s.subarray(32,64));if(!(0,pe.inRange)(d,eo,st.n))return!1;let h=co(n.toBytes(l),En(a),i),f=o.multiplyUnsafe(d).add(a.multiplyUnsafe(n.neg(h))),{x:u,y:b}=f.toAffine();return!(f.is0()||!Bn(b)||u!==l)}catch{return!1}}se.schnorr=(()=>{let r=(o=(0,ro.randomBytes)(48))=>(0,ye.mapHashToField)(o,st.n);se.secp256k1.utils.randomSecretKey;function n(o){let s=r(o);return{secretKey:s,publicKey:no(s)}}return{keygen:n,getPublicKey:no,sign:mi,verify:ao,Point:it,utils:{randomSecretKey:r,randomPrivateKey:r,taggedHash:Mt,lift_x:io,pointToBytes:En,numberToBytesBE:pe.numberToBytesBE,bytesToNumberBE:pe.bytesToNumberBE,mod:ye.mod},lengths:{secretKey:32,publicKey:32,publicKeyHasPrefix:!1,signature:32*2,seed:48}}})();var pi=(0,oo.isogenyMap)(Oe,[["0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7","0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581","0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262","0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"],["0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b","0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14","0x0000000000000000000000000000000000000000000000000000000000000001"],["0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c","0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3","0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931","0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"],["0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b","0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573","0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f","0x0000000000000000000000000000000000000000000000000000000000000001"]].map(e=>e.map(t=>BigInt(t)))),xi=(0,so.mapToCurveSimpleSWU)(Oe,{A:BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),B:BigInt("1771"),Z:Oe.create(BigInt("-11"))});se.secp256k1_hasher=(0,oo.createHasher)(se.secp256k1.Point,e=>{let{x:t,y:r}=xi(Oe.create(e[0]));return pi(t,r)},{DST:"secp256k1_XMD:SHA-256_SSWU_RO_",encodeDST:"secp256k1_XMD:SHA-256_SSWU_NU_",p:Oe.ORDER,m:1,k:128,expand:"xmd",hash:Pt.sha256});se.hashToCurve=se.secp256k1_hasher.hashToCurve;se.encodeToCurve=se.secp256k1_hasher.encodeToCurve});var uo=le(B=>{"use strict";Object.defineProperty(B,"__esModule",{value:!0});B.isHash=B.validateObject=B.memoized=B.notImplemented=B.createHmacDrbg=B.bitMask=B.bitSet=B.bitGet=B.bitLen=B.aInRange=B.inRange=B.asciiToBytes=B.copyBytes=B.equalBytes=B.ensureBytes=B.numberToVarBytesBE=B.numberToBytesLE=B.numberToBytesBE=B.bytesToNumberLE=B.bytesToNumberBE=B.hexToNumber=B.numberToHexUnpadded=B.abool=B.utf8ToBytes=B.randomBytes=B.isBytes=B.hexToBytes=B.concatBytes=B.bytesToUtf8=B.bytesToHex=B.anumber=B.abytes=void 0;var D=Ye();B.abytes=D.abytes;B.anumber=D.anumber;B.bytesToHex=D.bytesToHex;B.bytesToUtf8=D.bytesToUtf8;B.concatBytes=D.concatBytes;B.hexToBytes=D.hexToBytes;B.isBytes=D.isBytes;B.randomBytes=D.randomBytes;B.utf8ToBytes=D.utf8ToBytes;B.abool=D.abool;B.numberToHexUnpadded=D.numberToHexUnpadded;B.hexToNumber=D.hexToNumber;B.bytesToNumberBE=D.bytesToNumberBE;B.bytesToNumberLE=D.bytesToNumberLE;B.numberToBytesBE=D.numberToBytesBE;B.numberToBytesLE=D.numberToBytesLE;B.numberToVarBytesBE=D.numberToVarBytesBE;B.ensureBytes=D.ensureBytes;B.equalBytes=D.equalBytes;B.copyBytes=D.copyBytes;B.asciiToBytes=D.asciiToBytes;B.inRange=D.inRange;B.aInRange=D.aInRange;B.bitLen=D.bitLen;B.bitGet=D.bitGet;B.bitSet=D.bitSet;B.bitMask=D.bitMask;B.createHmacDrbg=D.createHmacDrbg;B.notImplemented=D.notImplemented;B.memoized=D.memoized;B.validateObject=D.validateObject;B.isHash=D.isHash});var xo=le(Q=>{"use strict";var ie=fo(),Ei=tt(),Bi=uo();function ho(e){var t=Object.create(null);return e&&Object.keys(e).forEach(function(r){if(r!=="default"){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}}),t.default=e,Object.freeze(t)}var yo=ho(Ei),Me=ho(Bi),vn=ie.secp256k1.ProjectivePoint,De="Expected Private",je="Expected Point",xt="Expected Tweak",_i="Expected Hash",gt="Expected Signature",Sn="Expected Extra Data (32 bytes)",Et="Expected Scalar",vi="Bad Recovery Id",Si=32,Ai=32,_n=new Uint8Array([255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254,186,174,220,230,175,72,160,59,191,210,94,140,208,54,65,65]),Hi=32,Ii=new Uint8Array(32),Ti=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,69,81,35,25,80,183,95,196,64,45,161,114,47,201,186,238]),Ui=BigInt(1);function Oi(e){return e instanceof Uint8Array}function mt(e,t){for(let r=0;r<32;++r)if(e[r]!==t[r])return e[r]<t[r]?-1:1;return 0}function lo(e){return mt(e,Ii)===0}function Bt(e){return!(!(e instanceof Uint8Array)||e.length!==Ai||mt(e,_n)>=0)}function An(e){return e instanceof Uint8Array&&e.length===64&&mt(e.subarray(0,32),_n)<0&&mt(e.subarray(32,64),_n)<0}function Li(e){return Oi(e)&&e.length===64&&mt(e.subarray(0,32),Ti)<0}function Ri(e){return!(lo(e.subarray(0,32))||lo(e.subarray(32,64)))}function ct(e){return e instanceof Uint8Array&&e.length===Si}function Hn(e){return e===void 0||e instanceof Uint8Array&&e.length===Hi}function In(e){let t;if(typeof e=="bigint")t=e;else if(typeof e=="number"&&Number.isSafeInteger(e)&&e>=0)t=BigInt(e);else if(typeof e=="string"){if(e.length!==64)throw new Error("Expected 32 bytes of private scalar");t=Me.hexToNumber(e)}else if(e instanceof Uint8Array){if(e.length!==32)throw new Error("Expected 32 bytes of private scalar");t=Me.bytesToNumberBE(e)}else throw new TypeError("Expected valid private scalar");if(t<0)throw new Error("Expected private scalar >= 0");return t}function Tn(e){return ie.secp256k1.utils.normPrivateKeyToScalar(e)}function qi(e,t){let r=Tn(e),n=In(t),o=Me.numberToBytesBE(yo.mod(r+n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ci(e,t){let r=Tn(e),n=In(t),o=Me.numberToBytesBE(yo.mod(r-n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Vi(e){let t=Tn(e),r=Me.numberToBytesBE(ie.secp256k1.CURVE.n-t,32);return ie.secp256k1.utils.isValidPrivateKey(r)?r:null}function bo(e,t,r){let n=pt(e),o=In(t),s=vn.BASE.multiplyAndAddUnsafe(n,o,Ui);if(!s)throw new Error("Tweaked point at infinity");return s.toRawBytes(r)}function Ni(e,t,r){let n=pt(e),o=typeof t=="string"?t:Me.bytesToHex(t),s=Me.hexToNumber(o);return n.multiply(s).toRawBytes(r)}function at(e,t){return e===void 0?t!==void 0?go(t):!0:!!e}function Qe(e){try{return e()}catch{return null}}function wo(e){return ie.schnorr.utils.lift_x(Me.bytesToNumberBE(e))}function pt(e){return e.length===32?wo(e):vn.fromHex(e)}function Un(e,t){if(e.length===32!==t)return!1;try{return t?!!wo(e):!!vn.fromHex(e)}catch{return!1}}function Ke(e){return Un(e,!1)}function go(e){return Un(e,!1)&&e.length===33}function Le(e){return ie.secp256k1.utils.isValidPrivateKey(e)}function Kt(e){return Un(e,!0)}function ki(e,t){if(!Kt(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>{let r=bo(e,t,!0);return{parity:r[0]%2===1?1:0,xOnlyPubkey:r.slice(1)}})}function mo(e){if(!Ke(e))throw new Error(je);return e.slice(1,33)}function po(e,t){if(!Le(e))throw new Error(De);return Qe(()=>ie.secp256k1.getPublicKey(e,at(t)))}function Pi(e){if(!Le(e))throw new Error(De);return mo(po(e))}function Mi(e,t){if(!Ke(e))throw new Error(je);return pt(e).toRawBytes(at(t,e))}function Ki(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>Ni(e,t,at(r,e)))}function Di(e,t,r){if(!Ke(e)||!Ke(t))throw new Error(je);return Qe(()=>{let n=pt(e),o=pt(t);return n.equals(o.negate())?null:n.add(o).toRawBytes(at(r,e))})}function ji(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>bo(e,t,at(r,e)))}function Zi(e,t){if(!Le(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>qi(e,t))}function zi(e,t){if(!Le(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>Ci(e,t))}function Gi(e){if(!Le(e))throw new Error(De);return Vi(e)}function Wi(e,t,r){if(!Le(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!Hn(r))throw new Error(Sn);return ie.secp256k1.sign(e,t,{extraEntropy:r}).toCompactRawBytes()}function Xi(e,t,r){if(!Le(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!Hn(r))throw new Error(Sn);let n=ie.secp256k1.sign(e,t,{extraEntropy:r});return{signature:n.toCompactRawBytes(),recoveryId:n.recovery}}function Yi(e,t,r){if(!Le(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!Hn(r))throw new Error(Sn);return ie.schnorr.sign(e,t,r)}function $i(e,t,r,n){if(!ct(e))throw new Error(_i);if(!An(t)||!Ri(t))throw new Error(gt);if(r&2&&!Li(t))throw new Error(vi);if(!Kt(t.subarray(0,32)))throw new Error(gt);let s=ie.secp256k1.Signature.fromCompact(t).addRecoveryBit(r).recoverPublicKey(e);if(!s)throw new Error(gt);return s.toRawBytes(at(n))}function Fi(e,t,r,n){if(!Ke(t))throw new Error(je);if(!An(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.secp256k1.verify(r,e,t,{lowS:n})}function Qi(e,t,r){if(!Kt(t))throw new Error(je);if(!An(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.schnorr.verify(r,e,t)}Q.isPoint=Ke;Q.isPointCompressed=go;Q.isPrivate=Le;Q.isXOnlyPoint=Kt;Q.pointAdd=Di;Q.pointAddScalar=ji;Q.pointCompress=Mi;Q.pointFromScalar=po;Q.pointMultiply=Ki;Q.privateAdd=Zi;Q.privateNegate=Gi;Q.privateSub=zi;Q.recover=$i;Q.sign=Wi;Q.signRecoverable=Xi;Q.signSchnorr=Yi;Q.verify=Fi;Q.verifySchnorr=Qi;Q.xOnlyPointAddTweak=ki;Q.xOnlyPointFromPoint=mo;Q.xOnlyPointFromScalar=Pi});var sc={};qo(sc,{base58Decode:()=>Cn,buildDepinMessage:()=>Io,bytesToHex:()=>He,decryptDepinReceiveEncryptedPayload:()=>Ho,doubleSha256:()=>zt,hash160:()=>Gt,hexToBytes:()=>Re,isWIF:()=>Zt,sha256:()=>Ze,wifToHex:()=>jt});var ze=Co(xo());function qn(e){if(e<0)throw new Error("CompactSize cannot be negative");if(e<253)return new Uint8Array([e]);if(e<=65535){let t=new Uint8Array(3);return t[0]=253,t[1]=e&255,t[2]=e>>8&255,t}else if(e<=4294967295){let t=new Uint8Array(5);return t[0]=254,t[1]=e&255,t[2]=e>>8&255,t[3]=e>>16&255,t[4]=e>>24&255,t}else{let t=new Uint8Array(9);t[0]=255;let r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[1]=r&255,t[2]=r>>8&255,t[3]=r>>16&255,t[4]=r>>24&255,t[5]=n&255,t[6]=n>>8&255,t[7]=n>>16&255,t[8]=n>>24&255,t}}function Dt(e){let r=new TextEncoder().encode(e);return xe(qn(r.length),r)}function ft(e){return xe(qn(e.length),e)}function Eo(e){let t=new Uint8Array(8),r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[0]=r&255,t[1]=r>>8&255,t[2]=r>>16&255,t[3]=r>>24&255,t[4]=n&255,t[5]=n>>8&255,t[6]=n>>16&255,t[7]=n>>24&255,t}function xe(...e){let t=e.reduce((o,s)=>o+s.length,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Re(e){if(e.length%2!==0)throw new Error("Hex must have even length");let t=new Uint8Array(e.length/2);for(let r=0;r<e.length;r+=2)t[r/2]=parseInt(e.substr(r,2),16);return t}function He(e){return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function So(e){if(typeof e!="string")return null;let t=e.trim().toLowerCase(),r=t.startsWith("0x")?t.slice(2):t;return r.length===0||!/^[0-9a-f]+$/.test(r)||r.length%2!==0?null:r}function Ao(e,t){if(t>=e.length)throw new Error("CompactSize: out of bounds");let r=e[t];if(r<253)return{value:r,offset:t+1};if(r===253){if(t+3>e.length)throw new Error("CompactSize: truncated uint16");return{value:e[t+1]|e[t+2]<<8,offset:t+3}}if(r===254){if(t+5>e.length)throw new Error("CompactSize: truncated uint32");return{value:(e[t+1]|e[t+2]<<8|e[t+3]<<16|e[t+4]<<24)>>>0,offset:t+5}}if(t+9>e.length)throw new Error("CompactSize: truncated uint64");let n=0n;for(let o=0;o<8;o++)n|=BigInt(e[t+1+o])<<8n*BigInt(o);if(n>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("CompactSize: value too large");return{value:Number(n),offset:t+9}}function On(e,t){let{value:r,offset:n}=Ao(e,t);if(n+r>e.length)throw new Error("Vector: truncated");return{data:e.slice(n,n+r),offset:n+r}}function Ji(e){if(!(e instanceof Uint8Array))throw new Error("deserializeEciesMessage: invalid input");let t=0,r=On(e,t),n=r.data;if(t=r.offset,n.length!==33&&n.length!==65)throw new Error("Invalid ephemeral pubkey length: "+n.length);let o=On(e,t),s=o.data;t=o.offset;let i=Ao(e,t),c=i.value;t=i.offset;let a=new Map;for(let l=0;l<c;l++){if(t+20>e.length)throw new Error("recipientKeys: truncated keyid");let d=e.slice(t,t+20);t+=20;let h=On(e,t);t=h.offset,a.set(He(d),h.data)}return{ephemeralPubKey:n,encryptedPayload:s,recipientKeys:a}}function Bo(e){if(e.length!==64)throw new Error("Raw signature must be 64 bytes");let t=e.slice(0,32),r=e.slice(32,64);function n(c){let a=0;for(;a<c.length-1&&c[a]===0&&!(c[a+1]&128);)a++;let l=c.slice(a),h=(l[0]&128)!==0?xe(new Uint8Array([0]),l):l;return xe(new Uint8Array([2,h.length]),h)}let o=n(t),s=n(r),i=o.length+s.length;return xe(new Uint8Array([48,i]),o,s)}var ec="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";function Cn(e){let t=[];for(let r=0;r<e.length;r++){let n=ec.indexOf(e[r]);if(n===-1)throw new Error("Invalid Base58 character: "+e[r]);let o=n;for(let s=0;s<t.length;s++)o+=t[s]*58,t[s]=o&255,o>>=8;for(;o>0;)t.push(o&255),o>>=8}for(let r=0;r<e.length&&e[r]==="1";r++)t.push(0);return new Uint8Array(t.reverse())}async function jt(e){let t=Cn(e);if(t.length<37)throw new Error("Invalid WIF: too short");let r=t.slice(0,-4),n=t.slice(-4),o=await zt(r);for(let i=0;i<4;i++)if(n[i]!==o[i])throw new Error("Invalid WIF: checksum mismatch");let s;if(r.length===34)s=r.slice(1,33);else if(r.length===33)s=r.slice(1,33);else throw new Error("Invalid WIF: unexpected length "+r.length);return He(s)}function Zt(e){return/^[5KLcT][1-9A-HJ-NP-Za-km-z]{50,51}$/.test(e)}async function Ze(e){let t=await crypto.subtle.digest("SHA-256",e);return new Uint8Array(t)}async function zt(e){let t=await Ze(e);return Ze(t)}function tc(e){let t=1732584193,r=4023233417,n=2562383102,o=271733878,s=3285377520,i=[0,1518500249,1859775393,2400959708,2840853838],c=[1352829926,1548603684,1836072691,2053994217,0],a=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],l=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],d=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],h=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function f(N,M){return(N<<M|N>>>32-M)>>>0}let u=e.length*8,b=(64-(e.length+9)%64)%64,m=new Uint8Array(e.length+1+b+8);m.set(e),m[e.length]=128,new DataView(m.buffer).setUint32(m.length-8,u,!0);let T=m.length/64;for(let N=0;N<T;N++){let M=new Uint32Array(16);for(let E=0;E<16;E++){let S=N*64+E*4;M[E]=m[S]|m[S+1]<<8|m[S+2]<<16|m[S+3]<<24}let Y=t,Z=r,j=n,H=o,be=s,ue=t,C=r,g=n,w=o,y=s;for(let E=0;E<80;E++){let S=Math.floor(E/16),I,v;S===0?(I=Z^j^H,v=C^(g|~w)):S===1?(I=Z&j|~Z&H,v=C&w|g&~w):S===2?(I=(Z|~j)^H,v=(C|~g)^w):S===3?(I=Z&H|j&~H,v=C&g|~C&w):(I=Z^(j|~H),v=C^g^w);let R=f(Y+I+M[a[E]]+i[S]>>>0,d[E])+be>>>0;Y=be,be=H,H=f(j,10),j=Z,Z=R;let k=f(ue+v+M[l[E]]+c[S]>>>0,h[E])+y>>>0;ue=y,y=w,w=f(g,10),g=C,C=k}let p=r+j+w>>>0;r=n+H+y>>>0,n=o+be+ue>>>0,o=s+Y+C>>>0,s=t+Z+g>>>0,t=p}let q=new Uint8Array(20),x=new DataView(q.buffer);return x.setUint32(0,t,!0),x.setUint32(4,r,!0),x.setUint32(8,n,!0),x.setUint32(12,o,!0),x.setUint32(16,s,!0),q}async function Gt(e){let t=await Ze(e);return tc(t)}async function Rn(e,t){let r=new Uint8Array(t),n=0,o=1;for(;n<t;){let s=new Uint8Array(4);s[0]=o>>24&255,s[1]=o>>16&255,s[2]=o>>8&255,s[3]=o&255;let i=xe(e,s),c=await Ze(i),a=t-n,l=Math.min(a,32);r.set(c.slice(0,l),n),n+=l,o++}return r}function Ln(e){let t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function _o(e,t,r){if(t.length!==32)throw new Error("Key must be 32 bytes");if(r.length!==12)throw new Error("Nonce must be 12 bytes");let n=await crypto.subtle.importKey("raw",t,{name:"AES-GCM"},!1,["encrypt"]),o=await crypto.subtle.encrypt({name:"AES-GCM",iv:r,tagLength:128},n,e),s=new Uint8Array(o),i=s.slice(0,-16),c=s.slice(-16);return{ciphertext:i,tag:c}}async function vo(e,t,r,n){if(t.length!==32)throw new Error("Key must be 32 bytes");if(r.length!==12)throw new Error("Nonce must be 12 bytes");if(n.length!==16)throw new Error("Tag must be 16 bytes");let o=await crypto.subtle.importKey("raw",t,{name:"AES-GCM"},!1,["decrypt"]),s=xe(e,n),i=await crypto.subtle.decrypt({name:"AES-GCM",iv:r,tagLength:128},o,s);return new Uint8Array(i)}async function nc(e){if(typeof e!="string"||e.length===0)throw new Error("Private key is required");if(Zt(e)){let r=await jt(e);return Re(r)}let t=So(e);if(!t)throw new Error("Private key must be WIF or 64-hex");if(t.length!==64)throw new Error("Private key must be 32 bytes (64 hex chars)");return Re(t)}async function Ho(e,t){if(!globalThis.crypto?.subtle)throw new Error("WebCrypto (crypto.subtle) is required for decrypt");let r=So(e);if(!r)throw new Error("Invalid encryptedPayloadHex");let n=Re(r),o=Ji(n),s=await nc(t),i=ze.pointFromScalar(s,!0);if(!(i instanceof Uint8Array)||i.length!==33)throw new Error("Failed to derive recipient public key");let c=await Gt(i),a=He(c),l=He(c.slice().reverse()),d=o.recipientKeys.get(a)??o.recipientKeys.get(l);if(!d||d.length<60)return null;let h=d.slice(0,12),f=d.slice(12,d.length-16),u=d.slice(d.length-16),b=ze.pointMultiply(o.ephemeralPubKey,s,!0),m=await Ze(b),_=await Rn(m,32),T;try{T=await vo(f,_,h,u)}catch{return null}if(T.length!==32)return null;let q=o.encryptedPayload;if(q.length<29)return null;let x=q.slice(0,12),N=q.slice(12,q.length-16),M=q.slice(q.length-16),Y;try{Y=await vo(N,T,x,M)}catch{return null}return new TextDecoder().decode(Y)}async function rc(e,t){let r=Ln(32),n=ze.pointFromScalar(r,!0);if(!(n instanceof Uint8Array)||n.length!==33)throw new Error("Failed to generate ephemeral public key");let o=await Rn(r,32),s=Ln(12),{ciphertext:i,tag:c}=await _o(e,o,s),a=xe(s,i,c),l=new Map;for(let d of t){if(!(d instanceof Uint8Array)||d.length!==33)throw new Error("Recipient pubkey must be 33 bytes compressed");let h=ze.pointMultiply(d,r,!0),f=await Ze(h),u=await Rn(f,32),b=Ln(12),{ciphertext:m,tag:_}=await _o(o,u,b),T=xe(b,m,_),q=await Gt(d),x=He(q);l.set(x,T)}return{ephemeralPubKey:n,encryptedPayload:a,recipientKeys:l}}function oc(e){let t=[];t.push(ft(e.ephemeralPubKey)),t.push(ft(e.encryptedPayload));let r=Array.from(e.recipientKeys.entries()).map(([n,o])=>{let s=Re(n);if(s.length!==20)throw new Error("recipient key hash160 must be 20 bytes");return{keyBytes:s,recipientPackage:o}});r.sort((n,o)=>{for(let s=0;s<20;s++)if(n.keyBytes[s]!==o.keyBytes[s])return n.keyBytes[s]-o.keyBytes[s];return 0}),t.push(qn(r.length));for(let{keyBytes:n,recipientPackage:o}of r)t.push(n),t.push(ft(o));return xe(...t)}async function Io(e){if(!e.token)throw new Error("Token is required");if(!e.senderAddress)throw new Error("Sender address is required");if(!e.senderPubKey||e.senderPubKey.length!==66)throw new Error("Sender public key must be 66 hex characters");let t=e.privateKey;if(!t)throw new Error("Private key is required");if(Zt(t)&&(console.log("Detected WIF format, converting to hex..."),t=await jt(t),console.log("Private key converted successfully")),t.length!==64)throw new Error("Private key must be 64 hex characters (or WIF format)");if(!e.message)throw new Error("Message is required");if(!e.recipientPubKeys||e.recipientPubKeys.length===0)throw new Error("At least one recipient is required");if(!e.timestamp||e.timestamp<=0)throw new Error("Timestamp must be positive");let r=Re(t),n=Re(e.senderPubKey),o=e.recipientPubKeys.map(_=>{if(_.length!==66)throw new Error("Recipient pubkey must be 66 hex chars");return Re(_)}),s=e.senderPubKey.toLowerCase();e.recipientPubKeys.some(_=>_.toLowerCase()===s)||o.push(n);let c=new TextEncoder().encode(e.message),a=await rc(c,o),l=oc(a),d=xe(Dt(e.token),Dt(e.senderAddress),Eo(e.timestamp),ft(l)),h=await zt(d),f=He(h.slice().reverse()),u=ze.sign(h,r),b;if(u instanceof Uint8Array)u.length===64?b=Bo(u):b=u;else if(typeof u=="object"&&u.toDER)b=u.toDER();else if(typeof u=="object"&&u.signature)u.signature.length===64?b=Bo(u.signature):b=u.signature;else throw new Error("Unknown signature format from secp256k1.sign()");let m=xe(Dt(e.token),Dt(e.senderAddress),Eo(e.timestamp),ft(b),ft(l));return{hex:He(m),messageHash:f,messageHashBytes:He(h),encryptedSize:l.length,recipientCount:o.length}}typeof globalThis<"u"&&(globalThis.neuraiDepinMsg={buildDepinMessage:Io,decryptDepinReceiveEncryptedPayload:Ho,wifToHex:jt,isWIF:Zt,utils:{hexToBytes:Re,bytesToHex:He,sha256:Ze,doubleSha256:zt,hash160:Gt,base58Decode:Cn}});return Vo(sc);})();
|
|
2
2
|
/*! Bundled license information:
|
|
3
3
|
|
|
4
4
|
@noble/hashes/utils.js:
|
package/package.json
CHANGED
package/src/index.js
CHANGED
|
@@ -428,6 +428,64 @@ async function aes256CbcDecrypt(ciphertext, key, iv) {
|
|
|
428
428
|
return new Uint8Array(plaintext);
|
|
429
429
|
}
|
|
430
430
|
|
|
431
|
+
/**
|
|
432
|
+
* AES-256-GCM encryption
|
|
433
|
+
* @param {Uint8Array} plaintext
|
|
434
|
+
* @param {Uint8Array} key - 32 bytes
|
|
435
|
+
* @param {Uint8Array} nonce - 12 bytes
|
|
436
|
+
* @returns {Promise<{ciphertext: Uint8Array, tag: Uint8Array}>}
|
|
437
|
+
*/
|
|
438
|
+
async function aes256GcmEncrypt(plaintext, key, nonce) {
|
|
439
|
+
if (key.length !== 32) throw new Error('Key must be 32 bytes');
|
|
440
|
+
if (nonce.length !== 12) throw new Error('Nonce must be 12 bytes');
|
|
441
|
+
|
|
442
|
+
const cryptoKey = await crypto.subtle.importKey(
|
|
443
|
+
'raw', key, { name: 'AES-GCM' }, false, ['encrypt']
|
|
444
|
+
);
|
|
445
|
+
|
|
446
|
+
const encrypted = await crypto.subtle.encrypt(
|
|
447
|
+
{ name: 'AES-GCM', iv: nonce, tagLength: 128 },
|
|
448
|
+
cryptoKey,
|
|
449
|
+
plaintext
|
|
450
|
+
);
|
|
451
|
+
|
|
452
|
+
const encryptedArray = new Uint8Array(encrypted);
|
|
453
|
+
// WebCrypto appends the 16-byte auth tag at the end
|
|
454
|
+
const ciphertext = encryptedArray.slice(0, -16);
|
|
455
|
+
const tag = encryptedArray.slice(-16);
|
|
456
|
+
|
|
457
|
+
return { ciphertext, tag };
|
|
458
|
+
}
|
|
459
|
+
|
|
460
|
+
/**
|
|
461
|
+
* AES-256-GCM decryption
|
|
462
|
+
* @param {Uint8Array} ciphertext
|
|
463
|
+
* @param {Uint8Array} key - 32 bytes
|
|
464
|
+
* @param {Uint8Array} nonce - 12 bytes
|
|
465
|
+
* @param {Uint8Array} tag - 16 bytes
|
|
466
|
+
* @returns {Promise<Uint8Array>}
|
|
467
|
+
*/
|
|
468
|
+
async function aes256GcmDecrypt(ciphertext, key, nonce, tag) {
|
|
469
|
+
if (key.length !== 32) throw new Error('Key must be 32 bytes');
|
|
470
|
+
if (nonce.length !== 12) throw new Error('Nonce must be 12 bytes');
|
|
471
|
+
if (tag.length !== 16) throw new Error('Tag must be 16 bytes');
|
|
472
|
+
|
|
473
|
+
const cryptoKey = await crypto.subtle.importKey(
|
|
474
|
+
'raw', key, { name: 'AES-GCM' }, false, ['decrypt']
|
|
475
|
+
);
|
|
476
|
+
|
|
477
|
+
// Concatenate ciphertext and tag for WebCrypto
|
|
478
|
+
const combined = concatBytes(ciphertext, tag);
|
|
479
|
+
|
|
480
|
+
const decrypted = await crypto.subtle.decrypt(
|
|
481
|
+
{ name: 'AES-GCM', iv: nonce, tagLength: 128 },
|
|
482
|
+
cryptoKey,
|
|
483
|
+
combined
|
|
484
|
+
);
|
|
485
|
+
|
|
486
|
+
return new Uint8Array(decrypted);
|
|
487
|
+
}
|
|
488
|
+
|
|
431
489
|
async function hmacSha256(key, data) {
|
|
432
490
|
const cryptoKey = await crypto.subtle.importKey(
|
|
433
491
|
'raw',
|
|
@@ -485,43 +543,40 @@ async function decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipien
|
|
|
485
543
|
|
|
486
544
|
const recipientPackage = msg.recipientKeys.get(keyIdHex) ?? msg.recipientKeys.get(keyIdHexReversed);
|
|
487
545
|
if (!recipientPackage) return null;
|
|
488
|
-
|
|
546
|
+
// GCM format: Nonce(12) + encrypted_key(32) + Tag(16) = 60 bytes minimum
|
|
547
|
+
if (recipientPackage.length < 12 + 32 + 16) return null;
|
|
489
548
|
|
|
490
|
-
const
|
|
491
|
-
const encryptedAESKey = recipientPackage.slice(
|
|
492
|
-
const
|
|
549
|
+
const recipientNonce = recipientPackage.slice(0, 12);
|
|
550
|
+
const encryptedAESKey = recipientPackage.slice(12, recipientPackage.length - 16);
|
|
551
|
+
const recipientTag = recipientPackage.slice(recipientPackage.length - 16);
|
|
493
552
|
|
|
494
553
|
// ECDH secret must match Core's ecdh module: SHA256(compressed(shared_point))
|
|
495
554
|
const sharedPointCompressed = secp256k1.pointMultiply(msg.ephemeralPubKey, recipientPrivKeyBytes, true);
|
|
496
555
|
const sharedSecret = await sha256(sharedPointCompressed);
|
|
497
556
|
const encKey = await kdfSha256(sharedSecret, 32);
|
|
498
557
|
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
let aesKeyRaw;
|
|
558
|
+
// Decrypt AES key with GCM (tag verified automatically)
|
|
559
|
+
let aesKey;
|
|
503
560
|
try {
|
|
504
|
-
|
|
561
|
+
aesKey = await aes256GcmDecrypt(encryptedAESKey, encKey, recipientNonce, recipientTag);
|
|
505
562
|
} catch {
|
|
506
|
-
return null;
|
|
563
|
+
return null; // Authentication failed
|
|
507
564
|
}
|
|
508
|
-
if (
|
|
509
|
-
const aesKey = aesKeyRaw.slice(0, 32);
|
|
565
|
+
if (aesKey.length !== 32) return null;
|
|
510
566
|
|
|
511
567
|
const payload = msg.encryptedPayload;
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
const
|
|
515
|
-
const
|
|
516
|
-
|
|
517
|
-
const expectedPayloadHmac = await hmacSha256(aesKey, ciphertext);
|
|
518
|
-
if (!timingSafeEqual(expectedPayloadHmac, payloadHmac)) return null;
|
|
568
|
+
// GCM format: Nonce(12) + ciphertext + Tag(16) = 28 bytes minimum
|
|
569
|
+
if (payload.length < 12 + 1 + 16) return null;
|
|
570
|
+
const payloadNonce = payload.slice(0, 12);
|
|
571
|
+
const ciphertext = payload.slice(12, payload.length - 16);
|
|
572
|
+
const payloadTag = payload.slice(payload.length - 16);
|
|
519
573
|
|
|
574
|
+
// Decrypt payload with GCM (tag verified automatically)
|
|
520
575
|
let plaintextBytes;
|
|
521
576
|
try {
|
|
522
|
-
plaintextBytes = await
|
|
577
|
+
plaintextBytes = await aes256GcmDecrypt(ciphertext, aesKey, payloadNonce, payloadTag);
|
|
523
578
|
} catch {
|
|
524
|
-
return null;
|
|
579
|
+
return null; // Authentication failed
|
|
525
580
|
}
|
|
526
581
|
|
|
527
582
|
const decoder = new TextDecoder();
|
|
@@ -533,11 +588,11 @@ async function decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipien
|
|
|
533
588
|
// ============================================
|
|
534
589
|
|
|
535
590
|
async function eciesEncrypt(plaintext, recipientPubKeys) {
|
|
536
|
-
// Neurai Core-compatible hybrid ECIES (see src/depinecies.cpp)
|
|
591
|
+
// Neurai Core-compatible hybrid ECIES with AES-256-GCM (see src/depinecies.cpp)
|
|
537
592
|
// - Ephemeral keypair per message
|
|
538
593
|
// - AES key derived from ephemeral privkey via KDF_SHA256
|
|
539
|
-
// - Payload: [
|
|
540
|
-
// - Per-recipient package: [
|
|
594
|
+
// - Payload: [Nonce(12) || ciphertext || Tag(16)]
|
|
595
|
+
// - Per-recipient package: [Nonce(12) || AES256_GCM(encKey, aesKey) || Tag(16)]
|
|
541
596
|
// - encKey derived from ECDH secret (secp256k1_ecdh default), then KDF_SHA256
|
|
542
597
|
|
|
543
598
|
// Generate ephemeral key pair
|
|
@@ -550,13 +605,12 @@ async function eciesEncrypt(plaintext, recipientPubKeys) {
|
|
|
550
605
|
// Derive AES key from ephemeral private key (matches KDF_SHA256 in C++)
|
|
551
606
|
const aesKey = await kdfSha256(ephemeralPrivKey, 32);
|
|
552
607
|
|
|
553
|
-
// Encrypt message with AES-256-
|
|
554
|
-
const
|
|
555
|
-
const ciphertext = await
|
|
608
|
+
// Encrypt message with AES-256-GCM (no padding needed)
|
|
609
|
+
const nonce = randomBytes(12);
|
|
610
|
+
const { ciphertext, tag } = await aes256GcmEncrypt(plaintext, aesKey, nonce);
|
|
556
611
|
|
|
557
|
-
//
|
|
558
|
-
const
|
|
559
|
-
const payload = concatBytes(iv, ciphertext, payloadHmac);
|
|
612
|
+
// Payload format: [Nonce(12) || ciphertext || Tag(16)]
|
|
613
|
+
const payload = concatBytes(nonce, ciphertext, tag);
|
|
560
614
|
|
|
561
615
|
// For each recipient, encrypt the AES key
|
|
562
616
|
const recipientKeys = new Map();
|
|
@@ -574,14 +628,12 @@ async function eciesEncrypt(plaintext, recipientPubKeys) {
|
|
|
574
628
|
// Derive per-recipient encryption key
|
|
575
629
|
const encKey = await kdfSha256(sharedSecret, 32);
|
|
576
630
|
|
|
577
|
-
// Encrypt the AES key using AES-256-
|
|
578
|
-
const
|
|
579
|
-
const encryptedAESKey = await
|
|
580
|
-
|
|
581
|
-
// HMAC over encrypted AES key
|
|
582
|
-
const recipientHmac = await hmacSha256(encKey, encryptedAESKey);
|
|
631
|
+
// Encrypt the AES key using AES-256-GCM with random per-recipient nonce
|
|
632
|
+
const recipientNonce = randomBytes(12);
|
|
633
|
+
const { ciphertext: encryptedAESKey, tag: recipientTag } = await aes256GcmEncrypt(aesKey, encKey, recipientNonce);
|
|
583
634
|
|
|
584
|
-
|
|
635
|
+
// Recipient package format: [Nonce(12) || encrypted_aes_key(32) || Tag(16)]
|
|
636
|
+
const recipientPackage = concatBytes(recipientNonce, encryptedAESKey, recipientTag);
|
|
585
637
|
|
|
586
638
|
// Map key is address hash160 (CKeyID): Hash160(serialized pubkey)
|
|
587
639
|
const keyHash = await hash160(recipientPubKey);
|