@noble/curves 0.8.0 → 0.8.1

package/esm/abstract/edwards.js

@@ -0,0 +1,409 @@
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²
+import { mod } from './modular.js';
+import * as ut from './utils.js';
+import { ensureBytes } from './utils.js';
+import { wNAF, validateBasic } from './curve.js';
+// Be friendly to bad ECMAScript parsers by not using bigint literals like 123n
+const _0n = BigInt(0);
+const _1n = BigInt(1);
+const _2n = BigInt(2);
+const _8n = BigInt(8);
+function validateOpts(curve) {
+    const opts = validateBasic(curve);
+    ut.validateObject(curve, {
+        hash: 'function',
+        a: 'bigint',
+        d: 'bigint',
+        randomBytes: 'function',
+    }, {
+        adjustScalarBytes: 'function',
+        domain: 'function',
+        uvRatio: 'function',
+        mapToCurve: 'function',
+    });
+    // Set defaults
+    return Object.freeze({ ...opts });
+}
+// It is not generic twisted curve for now, but ed25519/ed448 generic implementation
+export function twistedEdwards(curveDef) {
+    const CURVE = validateOpts(curveDef);
+    const { Fp, n: CURVE_ORDER, preHash, hash: cHash, randomBytes, nByteLength, h: cofactor } = CURVE;
+    const MASK = _2n ** BigInt(nByteLength * 8);
+    const modP = Fp.create; // Function overrides
+    // sqrt(u/v)
+    const uvRatio = CURVE.uvRatio ||
+        ((u, v) => {
+            try {
+                return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };
+            }
+            catch (e) {
+                return { isValid: false, value: _0n };
+            }
+        });
+    const adjustScalarBytes = CURVE.adjustScalarBytes || ((bytes) => bytes); // NOOP
+    const domain = CURVE.domain ||
+        ((data, ctx, phflag) => {
+            if (ctx.length || phflag)
+                throw new Error('Contexts/pre-hash are not supported');
+            return data;
+        }); // NOOP
+    const inBig = (n) => typeof n === 'bigint' && 0n < n; // n in [1..]
+    const inRange = (n, max) => inBig(n) && inBig(max) && n < max; // n in [1..max-1]
+    const in0MaskRange = (n) => n === _0n || inRange(n, MASK); // n in [0..MASK-1]
+    function assertInRange(n, max) {
+        // n in [1..max-1]
+        if (inRange(n, max))
+            return n;
+        throw new Error(`Expected valid scalar < ${max}, got ${typeof n} ${n}`);
+    }
+    function assertGE0(n) {
+        // n in [0..CURVE_ORDER-1]
+        return n === _0n ? n : assertInRange(n, CURVE_ORDER); // GE = prime subgroup, not full group
+    }
+    const pointPrecomputes = new Map();
+    function isPoint(other) {
+        if (!(other instanceof Point))
+            throw new Error('ExtendedPoint expected');
+    }
+    // Extended Point works in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z, t=xy).
+    // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates
+    class Point {
+        constructor(ex, ey, ez, et) {
+            this.ex = ex;
+            this.ey = ey;
+            this.ez = ez;
+            this.et = et;
+            if (!in0MaskRange(ex))
+                throw new Error('x required');
+            if (!in0MaskRange(ey))
+                throw new Error('y required');
+            if (!in0MaskRange(ez))
+                throw new Error('z required');
+            if (!in0MaskRange(et))
+                throw new Error('t required');
+        }
+        get x() {
+            return this.toAffine().x;
+        }
+        get y() {
+            return this.toAffine().y;
+        }
+        static fromAffine(p) {
+            if (p instanceof Point)
+                throw new Error('extended point not allowed');
+            const { x, y } = p || {};
+            if (!in0MaskRange(x) || !in0MaskRange(y))
+                throw new Error('invalid affine point');
+            return new Point(x, y, _1n, modP(x * y));
+        }
+        static normalizeZ(points) {
+            const toInv = Fp.invertBatch(points.map((p) => p.ez));
+            return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);
+        }
+        // "Private method", don't use it directly
+        _setWindowSize(windowSize) {
+            this._WINDOW_SIZE = windowSize;
+            pointPrecomputes.delete(this);
+        }
+        // Not required for fromHex(), which always creates valid points.
+        // Could be useful for fromAffine().
+        assertValidity() {
+            const { a, d } = CURVE;
+            if (this.is0())
+                throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?
+            // Equation in affine coordinates: ax² + y² = 1 + dx²y²
+            // Equation in projective coordinates (X/Z, Y/Z, Z):  (aX² + Y²)Z² = Z⁴ + dX²Y²
+            const { ex: X, ey: Y, ez: Z, et: T } = this;
+            const X2 = modP(X * X); // X²
+            const Y2 = modP(Y * Y); // Y²
+            const Z2 = modP(Z * Z); // Z²
+            const Z4 = modP(Z2 * Z2); // Z⁴
+            const aX2 = modP(X2 * a); // aX²
+            const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²
+            const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²
+            if (left !== right)
+                throw new Error('bad point: equation left != right (1)');
+            // In Extended coordinates we also have T, which is x*y=T/Z: check X*Y == Z*T
+            const XY = modP(X * Y);
+            const ZT = modP(Z * T);
+            if (XY !== ZT)
+                throw new Error('bad point: equation left != right (2)');
+        }
+        // Compare one point to another.
+        equals(other) {
+            isPoint(other);
+            const { ex: X1, ey: Y1, ez: Z1 } = this;
+            const { ex: X2, ey: Y2, ez: Z2 } = other;
+            const X1Z2 = modP(X1 * Z2);
+            const X2Z1 = modP(X2 * Z1);
+            const Y1Z2 = modP(Y1 * Z2);
+            const Y2Z1 = modP(Y2 * Z1);
+            return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
+        }
+        is0() {
+            return this.equals(Point.ZERO);
+        }
+        negate() {
+            // Flips point sign to a negative one (-x, y in affine coords)
+            return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));
+        }
+        // Fast algo for doubling Extended Point.
+        // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd
+        // Cost: 4M + 4S + 1*a + 6add + 1*2.
+        double() {
+            const { a } = CURVE;
+            const { ex: X1, ey: Y1, ez: Z1 } = this;
+            const A = modP(X1 * X1); // A = X12
+            const B = modP(Y1 * Y1); // B = Y12
+            const C = modP(_2n * modP(Z1 * Z1)); // C = 2*Z12
+            const D = modP(a * A); // D = a*A
+            const x1y1 = X1 + Y1;
+            const E = modP(modP(x1y1 * x1y1) - A - B); // E = (X1+Y1)2-A-B
+            const G = D + B; // G = D+B
+            const F = G - C; // F = G-C
+            const H = D - B; // H = D-B
+            const X3 = modP(E * F); // X3 = E*F
+            const Y3 = modP(G * H); // Y3 = G*H
+            const T3 = modP(E * H); // T3 = E*H
+            const Z3 = modP(F * G); // Z3 = F*G
+            return new Point(X3, Y3, Z3, T3);
+        }
+        // Fast algo for adding 2 Extended Points.
+        // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd
+        // Cost: 9M + 1*a + 1*d + 7add.
+        add(other) {
+            isPoint(other);
+            const { a, d } = CURVE;
+            const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;
+            const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;
+            // Faster algo for adding 2 Extended Points when curve's a=-1.
+            // http://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-4
+            // Cost: 8M + 8add + 2*2.
+            // Note: It does not check whether the `other` point is valid.
+            if (a === BigInt(-1)) {
+                const A = modP((Y1 - X1) * (Y2 + X2));
+                const B = modP((Y1 + X1) * (Y2 - X2));
+                const F = modP(B - A);
+                if (F === _0n)
+                    return this.double(); // Same point. Tests say it doesn't affect timing
+                const C = modP(Z1 * _2n * T2);
+                const D = modP(T1 * _2n * Z2);
+                const E = D + C;
+                const G = B + A;
+                const H = D - C;
+                const X3 = modP(E * F);
+                const Y3 = modP(G * H);
+                const T3 = modP(E * H);
+                const Z3 = modP(F * G);
+                return new Point(X3, Y3, Z3, T3);
+            }
+            const A = modP(X1 * X2); // A = X1*X2
+            const B = modP(Y1 * Y2); // B = Y1*Y2
+            const C = modP(T1 * d * T2); // C = T1*d*T2
+            const D = modP(Z1 * Z2); // D = Z1*Z2
+            const E = modP((X1 + Y1) * (X2 + Y2) - A - B); // E = (X1+Y1)*(X2+Y2)-A-B
+            const F = D - C; // F = D-C
+            const G = D + C; // G = D+C
+            const H = modP(B - a * A); // H = B-a*A
+            const X3 = modP(E * F); // X3 = E*F
+            const Y3 = modP(G * H); // Y3 = G*H
+            const T3 = modP(E * H); // T3 = E*H
+            const Z3 = modP(F * G); // Z3 = F*G
+            return new Point(X3, Y3, Z3, T3);
+        }
+        subtract(other) {
+            return this.add(other.negate());
+        }
+        wNAF(n) {
+            return wnaf.wNAFCached(this, pointPrecomputes, n, Point.normalizeZ);
+        }
+        // Constant-time multiplication.
+        multiply(scalar) {
+            const { p, f } = this.wNAF(assertInRange(scalar, CURVE_ORDER));
+            return Point.normalizeZ([p, f])[0];
+        }
+        // Non-constant-time multiplication. Uses double-and-add algorithm.
+        // It's faster, but should only be used when you don't care about
+        // an exposed private key e.g. sig verification.
+        multiplyUnsafe(scalar) {
+            let n = assertGE0(scalar);
+            if (n === _0n)
+                return I;
+            if (this.equals(I) || n === _1n)
+                return this;
+            if (this.equals(G))
+                return this.wNAF(n).p;
+            return wnaf.unsafeLadder(this, n);
+        }
+        // Checks if point is of small order.
+        // If you add something to small order point, you will have "dirty"
+        // point with torsion component.
+        // Multiplies point by cofactor and checks if the result is 0.
+        isSmallOrder() {
+            return this.multiplyUnsafe(cofactor).is0();
+        }
+        // Multiplies point by curve order and checks if the result is 0.
+        // Returns `false` is the point is dirty.
+        isTorsionFree() {
+            return wnaf.unsafeLadder(this, CURVE_ORDER).is0();
+        }
+        // Converts Extended point to default (x, y) coordinates.
+        // Can accept precomputed Z^-1 - for example, from invertBatch.
+        toAffine(iz) {
+            const { ex: x, ey: y, ez: z } = this;
+            const is0 = this.is0();
+            if (iz == null)
+                iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily
+            const ax = modP(x * iz);
+            const ay = modP(y * iz);
+            const zz = modP(z * iz);
+            if (is0)
+                return { x: _0n, y: _1n };
+            if (zz !== _1n)
+                throw new Error('invZ was invalid');
+            return { x: ax, y: ay };
+        }
+        clearCofactor() {
+            const { h: cofactor } = CURVE;
+            if (cofactor === _1n)
+                return this;
+            return this.multiplyUnsafe(cofactor);
+        }
+        // Converts hash string or Uint8Array to Point.
+        // Uses algo from RFC8032 5.1.3.
+        static fromHex(hex, strict = true) {
+            const { d, a } = CURVE;
+            const len = Fp.BYTES;
+            hex = ensureBytes('pointHex', hex, len); // copy hex to a new array
+            const normed = hex.slice(); // copy again, we'll manipulate it
+            const lastByte = hex[len - 1]; // select last byte
+            normed[len - 1] = lastByte & ~0x80; // clear last bit
+            const y = ut.bytesToNumberLE(normed);
+            if (y === _0n) {
+                // y=0 is allowed
+            }
+            else {
+                // RFC8032 prohibits >= p, but ZIP215 doesn't
+                if (strict)
+                    assertInRange(y, Fp.ORDER); // strict=true [1..P-1] (2^255-19-1 for ed25519)
+                else
+                    assertInRange(y, MASK); // strict=false [1..MASK-1] (2^256-1 for ed25519)
+            }
+            // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:
+            // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)
+            const y2 = modP(y * y); // denominator is always non-0 mod p.
+            const u = modP(y2 - _1n); // u = y² - 1
+            const v = modP(d * y2 - a); // v = d y² + 1.
+            let { isValid, value: x } = uvRatio(u, v); // √(u/v)
+            if (!isValid)
+                throw new Error('Point.fromHex: invalid y coordinate');
+            const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper
+            const isLastByteOdd = (lastByte & 0x80) !== 0; // if x=0 and x_0 = 1, fail
+            if (isLastByteOdd !== isXOdd)
+                x = modP(-x); // if x_0 != x mod 2, set x = p-x
+            return Point.fromAffine({ x, y });
+        }
+        static fromPrivateKey(privKey) {
+            return getExtendedPublicKey(privKey).point;
+        }
+        toRawBytes() {
+            const { x, y } = this.toAffine();
+            const bytes = ut.numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)
+            bytes[bytes.length - 1] |= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y
+            return bytes; // and use the last byte to encode sign of x
+        }
+        toHex() {
+            return ut.bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.
+        }
+    }
+    Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));
+    Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0
+    const { BASE: G, ZERO: I } = Point;
+    const wnaf = wNAF(Point, nByteLength * 8);
+    function modN(a) {
+        return mod(a, CURVE_ORDER);
+    }
+    // Little-endian SHA512 with modulo n
+    function modN_LE(hash) {
+        return modN(ut.bytesToNumberLE(hash));
+    }
+    /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */
+    function getExtendedPublicKey(key) {
+        const len = nByteLength;
+        key = ensureBytes('private key', key, len);
+        // Hash private key with curve's hash function to produce uniformingly random input
+        // Check byte lengths: ensure(64, h(ensure(32, key)))
+        const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);
+        const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE
+        const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)
+        const scalar = modN_LE(head); // The actual private scalar
+        const point = G.multiply(scalar); // Point on Edwards curve aka public key
+        const pointBytes = point.toRawBytes(); // Uint8Array representation
+        return { head, prefix, scalar, point, pointBytes };
+    }
+    // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared
+    function getPublicKey(privKey) {
+        return getExtendedPublicKey(privKey).pointBytes;
+    }
+    // int('LE', SHA512(dom2(F, C) || msgs)) mod N
+    function hashDomainToScalar(context = new Uint8Array(), ...msgs) {
+        const msg = ut.concatBytes(...msgs);
+        return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!preHash)));
+    }
+    /** Signs message with privateKey. RFC8032 5.1.6 */
+    function sign(msg, privKey, context) {
+        msg = ensureBytes('message', msg);
+        if (preHash)
+            msg = preHash(msg); // for ed25519ph etc.
+        const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);
+        const r = hashDomainToScalar(context, prefix, msg); // r = dom2(F, C) || prefix || PH(M)
+        const R = G.multiply(r).toRawBytes(); // R = rG
+        const k = hashDomainToScalar(context, R, pointBytes, msg); // R || A || PH(M)
+        const s = modN(r + k * scalar); // S = (r + k * s) mod L
+        assertGE0(s); // 0 <= s < l
+        const res = ut.concatBytes(R, ut.numberToBytesLE(s, Fp.BYTES));
+        return ensureBytes('result', res, nByteLength * 2); // 64-byte signature
+    }
+    function verify(sig, msg, publicKey, context) {
+        const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.
+        sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.
+        msg = ensureBytes('message', msg); // ZIP215 compliant, which means not fully RFC8032 compliant.
+        if (preHash)
+            msg = preHash(msg); // for ed25519ph, etc
+        const A = Point.fromHex(publicKey, false); // Check for s bounds, hex validity
+        const R = Point.fromHex(sig.slice(0, len), false); // 0 <= R < 2^256: ZIP215 R can be >= P
+        const s = ut.bytesToNumberLE(sig.slice(len, 2 * len)); // 0 <= s < l
+        const SB = G.multiplyUnsafe(s);
+        const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);
+        const RkA = R.add(A.multiplyUnsafe(k));
+        // [8][S]B = [8]R + [8][k]A'
+        return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);
+    }
+    G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.
+    const utils = {
+        getExtendedPublicKey,
+        // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.
+        randomPrivateKey: () => randomBytes(Fp.BYTES),
+        /**
+         * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT
+         * values. This slows down first getPublicKey() by milliseconds (see Speed section),
+         * but allows to speed-up subsequent getPublicKey() calls up to 20x.
+         * @param windowSize 2, 4, 8, 16
+         */
+        precompute(windowSize = 8, point = Point.BASE) {
+            point._setWindowSize(windowSize);
+            point.multiply(BigInt(3));
+            return point;
+        },
+    };
+    return {
+        CURVE,
+        getPublicKey,
+        sign,
+        verify,
+        ExtendedPoint: Point,
+        utils,
+    };
+}
+//# sourceMappingURL=edwards.js.map

package/esm/abstract/edwards.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"edwards.js","sourceRoot":"","sources":["../../src/abstract/edwards.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,8DAA8D;AAC9D,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACnC,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,WAAW,EAAc,MAAM,YAAY,CAAC;AACrD,OAAO,EAA2B,IAAI,EAAc,aAAa,EAAe,MAAM,YAAY,CAAC;AAEnG,+EAA+E;AAC/E,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAetB,SAAS,YAAY,CAAC,KAAgB;IACpC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAClC,EAAE,CAAC,cAAc,CACf,KAAK,EACL;QACE,IAAI,EAAE,UAAU;QAChB,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,QAAQ;QACX,WAAW,EAAE,UAAU;KACxB,EACD;QACE,iBAAiB,EAAE,UAAU;QAC7B,MAAM,EAAE,UAAU;QAClB,OAAO,EAAE,UAAU;QACnB,UAAU,EAAE,UAAU;KACvB,CACF,CAAC;IACF,eAAe;IACf,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAW,CAAC,CAAC;AAC7C,CAAC;AA0CD,oFAAoF;AACpF,MAAM,UAAU,cAAc,CAAC,QAAmB;IAChD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAoC,CAAC;IACxE,MAAM,EAAE,EAAE,EAAE,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAClG,MAAM,IAAI,GAAG,GAAG,IAAI,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,qBAAqB;IAE7C,YAAY;IACZ,MAAM,OAAO,GACX,KAAK,CAAC,OAAO;QACb,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YACxB,IAAI;gBACF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACzD;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;aACvC;QACH,CAAC,CAAC,CAAC;IACL,MAAM,iBAAiB,GAAG,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAC,KAAiB,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO;IAC5F,MAAM,MAAM,GACV,KAAK,CAAC,MAAM;QACZ,CAAC,CAAC,IAAgB,EAAE,GAAe,EAAE,MAAe,EAAE,EAAE;YACtD,IAAI,GAAG,CAAC,MAAM,IAAI,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACjF,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC,CAAC,OAAO;IACb,MAAM,KAAK,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,aAAa;IAC3E,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,kBAAkB;IACjG,MAAM,YAAY,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,IAAI,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,mBAAmB;IACtF,SAAS,aAAa,CAAC,CAAS,EAAE,GAAW;QAC3C,kBAAkB;QAClB,IAAI,OAAO,CAAC,CAAC,EAAE,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,SAAS,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,SAAS,SAAS,CAAC,CAAS;QAC1B,0BAA0B;QAC1B,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,sCAAsC;IAC9F,CAAC;IACD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAkB,CAAC;IACnD,SAAS,OAAO,CAAC,KAAc;QAC7B,IAAI,CAAC,CAAC,KAAK,YAAY,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC3E,CAAC;IACD,qFAAqF;IACrF,2EAA2E;IAC3E,MAAM,KAAK;QAIT,YACW,EAAU,EACV,EAAU,EACV,EAAU,EACV,EAAU;YAHV,OAAE,GAAF,EAAE,CAAQ;YACV,OAAE,GAAF,EAAE,CAAQ;YACV,OAAE,GAAF,EAAE,CAAQ;YACV,OAAE,GAAF,EAAE,CAAQ;YAEnB,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;YACrD,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;YACrD,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;YACrD,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,CAAC,UAAU,CAAC,CAAsB;YACtC,IAAI,CAAC,YAAY,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YACtE,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;YAClF,OAAO,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,CAAC,UAAU,CAAC,MAAe;YAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACtD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC1E,CAAC;QAOD,0CAA0C;QAC1C,cAAc,CAAC,UAAkB;YAC/B,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC;YAC/B,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD,iEAAiE;QACjE,oCAAoC;QACpC,cAAc;YACZ,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;YACvB,IAAI,IAAI,CAAC,GAAG,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,mCAAmC;YACvF,uDAAuD;YACvD,+EAA+E;YAC/E,MAAM,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC;YAC5C,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;YAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;YAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;YAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe;YACvD,MAAM,KAAK,GAAG,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;YAC/D,IAAI,IAAI,KAAK,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC7E,6EAA6E;YAC7E,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,IAAI,EAAE,KAAK,EAAE;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC1E,CAAC;QAED,gCAAgC;QAChC,MAAM,CAAC,KAAY;YACjB,OAAO,CAAC,KAAK,CAAC,CAAC;YACf,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;YACxC,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,KAAK,CAAC;YACzC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC;QACxC,CAAC;QAES,GAAG;YACX,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,MAAM;YACJ,8DAA8D;YAC9D,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,yCAAyC;QACzC,sFAAsF;QACtF,oCAAoC;QACpC,MAAM;YACJ,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;YACpB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;YACxC,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU;YACnC,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,UAAU;YACnC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY;YACjD,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU;YACjC,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;YACrB,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB;YAC9D,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YAC3B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YAC3B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YAC3B,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,OAAO,IAAI,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,0CAA0C;QAC1C,sFAAsF;QACtF,+BAA+B;QAC/B,GAAG,CAAC,KAAY;YACd,OAAO,CAAC,KAAK,CAAC,CAAC;YACf,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;YACvB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;YAChD,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,KAAK,CAAC;YACjD,8DAA8D;YAC9D,yFAAyF;YACzF,yBAAyB;YACzB,8DAA8D;YAC9D,IAAI,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;gBACpB,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;gBACtC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;gBACtC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,KAAK,GAAG;oBAAE,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,iDAAiD;gBACtF,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,CAAC,CAAC;gBAC9B,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,CAAC,CAAC;gBAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,OAAO,IAAI,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;aAClC;YACD,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,YAAY;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,YAAY;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,cAAc;YAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,YAAY;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0BAA0B;YACzE,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YAC3B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY;YACvC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW;YAEnC,OAAO,IAAI,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,QAAQ,CAAC,KAAY;YACnB,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAClC,CAAC;QAEO,IAAI,CAAC,CAAS;YACpB,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC;QAED,gCAAgC;QAChC,QAAQ,CAAC,MAAc;YACrB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,mEAAmE;QACnE,iEAAiE;QACjE,gDAAgD;QAChD,cAAc,CAAC,MAAc;YAC3B,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,CAAC,CAAC;YACxB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACpC,CAAC;QAED,qCAAqC;QACrC,mEAAmE;QACnE,gCAAgC;QAChC,8DAA8D;QAC9D,YAAY;YACV,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,CAAC;QAC7C,CAAC;QAED,iEAAiE;QACjE,yCAAyC;QACzC,aAAa;YACX,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,GAAG,EAAE,CAAC;QACpD,CAAC;QAED,yDAAyD;QACzD,+DAA+D;QAC/D,QAAQ,CAAC,EAAW;YAClB,MAAM,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,IAAI,IAAI;gBAAE,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAY,CAAC,CAAC,2BAA2B;YACnF,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACxB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACxB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACxB,IAAI,GAAG;gBAAE,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC;YACnC,IAAI,EAAE,KAAK,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;YACpD,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;QAC1B,CAAC;QAED,aAAa;YACX,MAAM,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;YAC9B,IAAI,QAAQ,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YAClC,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,+CAA+C;QAC/C,gCAAgC;QAChC,MAAM,CAAC,OAAO,CAAC,GAAQ,EAAE,MAAM,GAAG,IAAI;YACpC,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;YACvB,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC;YACrB,GAAG,GAAG,WAAW,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,0BAA0B;YACnE,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,kCAAkC;YAC9D,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB;YAClD,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC,iBAAiB;YACrD,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACrC,IAAI,CAAC,KAAK,GAAG,EAAE;gBACb,iBAAiB;aAClB;iBAAM;gBACL,6CAA6C;gBAC7C,IAAI,MAAM;oBAAE,aAAa,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,gDAAgD;;oBACnF,aAAa,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iDAAiD;aAC/E;YAED,sFAAsF;YACtF,0EAA0E;YAC1E,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,qCAAqC;YAC7D,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa;YACvC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAC5C,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;YACpD,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;YACrE,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,yDAAyD;YAC3F,MAAM,aAAa,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,2BAA2B;YAC1E,IAAI,aAAa,KAAK,MAAM;gBAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,iCAAiC;YAC7E,OAAO,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC,cAAc,CAAC,OAAY;YAChC,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC;QAC7C,CAAC;QACD,UAAU;YACR,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,gCAAgC;YAC/E,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,2CAA2C;YAC1F,OAAO,KAAK,CAAC,CAAC,4CAA4C;QAC5D,CAAC;QACD,KAAK;YACH,OAAO,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,0CAA0C;QACrF,CAAC;;IA5Pe,UAAI,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,UAAI,GAAG,IAAI,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,aAAa;IA6PrE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;IACnC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC;IAE1C,SAAS,IAAI,CAAC,CAAS;QACrB,OAAO,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAC7B,CAAC;IACD,qCAAqC;IACrC,SAAS,OAAO,CAAC,IAAgB;QAC/B,OAAO,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,gFAAgF;IAChF,SAAS,oBAAoB,CAAC,GAAQ;QACpC,MAAM,GAAG,GAAG,WAAW,CAAC;QACxB,GAAG,GAAG,WAAW,CAAC,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,mFAAmF;QACnF,qDAAqD;QACrD,MAAM,MAAM,GAAG,WAAW,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC;QACtE,MAAM,IAAI,GAAG,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,oCAAoC;QAC1F,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,2CAA2C;QACtF,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC1D,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,wCAAwC;QAC1E,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,4BAA4B;QACnE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrD,CAAC;IAED,iGAAiG;IACjG,SAAS,YAAY,CAAC,OAAY;QAChC,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC,UAAU,CAAC;IAClD,CAAC;IAED,8CAA8C;IAC9C,SAAS,kBAAkB,CAAC,UAAe,IAAI,UAAU,EAAE,EAAE,GAAG,IAAkB;QAChF,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,mDAAmD;IACnD,SAAS,IAAI,CAAC,GAAQ,EAAE,OAAY,EAAE,OAAa;QACjD,GAAG,GAAG,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAClC,IAAI,OAAO;YAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;QACtD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,oCAAoC;QACxF,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,SAAS;QAC/C,MAAM,CAAC,GAAG,kBAAkB,CAAC,OAAO,EAAE,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,kBAAkB;QAC7E,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,wBAAwB;QACxD,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa;QAC3B,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/D,OAAO,WAAW,CAAC,QAAQ,EAAE,GAAG,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,oBAAoB;IAC1E,CAAC;IAED,SAAS,MAAM,CAAC,GAAQ,EAAE,GAAQ,EAAE,SAAc,EAAE,OAAa;QAC/D,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,0EAA0E;QAChG,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,yCAAyC;QACvF,GAAG,GAAG,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,6DAA6D;QAChG,IAAI,OAAO;YAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;QACtD,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,mCAAmC;QAC9E,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,uCAAuC;QAC1F,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa;QACpE,MAAM,EAAE,GAAG,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,kBAAkB,CAAC,OAAO,EAAE,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,EAAE,GAAG,CAAC,CAAC;QAC3E,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,4BAA4B;QAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;IAED,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,sEAAsE;IAE3F,MAAM,KAAK,GAAG;QACZ,oBAAoB;QACpB,6FAA6F;QAC7F,gBAAgB,EAAE,GAAe,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,KAAK,CAAC;QAEzD;;;;;WAKG;QACH,UAAU,CAAC,UAAU,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,IAAI;YAC3C,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YACjC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;IAEF,OAAO;QACL,KAAK;QACL,YAAY;QACZ,IAAI;QACJ,MAAM;QACN,aAAa,EAAE,KAAK;QACpB,KAAK;KACN,CAAC;AACJ,CAAC"}

package/esm/abstract/hash-to-curve.js

@@ -0,0 +1,166 @@
+import { mod } from './modular.js';
+import { bytesToNumberBE, concatBytes, utf8ToBytes, validateObject } from './utils.js';
+function validateDST(dst) {
+    if (dst instanceof Uint8Array)
+        return dst;
+    if (typeof dst === 'string')
+        return utf8ToBytes(dst);
+    throw new Error('DST must be Uint8Array or string');
+}
+// Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE.
+const os2ip = bytesToNumberBE;
+// Integer to Octet Stream (numberToBytesBE)
+function i2osp(value, length) {
+    if (value < 0 || value >= 1 << (8 * length)) {
+        throw new Error(`bad I2OSP call: value=${value} length=${length}`);
+    }
+    const res = Array.from({ length }).fill(0);
+    for (let i = length - 1; i >= 0; i--) {
+        res[i] = value & 0xff;
+        value >>>= 8;
+    }
+    return new Uint8Array(res);
+}
+function strxor(a, b) {
+    const arr = new Uint8Array(a.length);
+    for (let i = 0; i < a.length; i++) {
+        arr[i] = a[i] ^ b[i];
+    }
+    return arr;
+}
+function isBytes(item) {
+    if (!(item instanceof Uint8Array))
+        throw new Error('Uint8Array expected');
+}
+function isNum(item) {
+    if (!Number.isSafeInteger(item))
+        throw new Error('number expected');
+}
+// Produces a uniformly random byte string using a cryptographic hash function H that outputs b bits
+// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.4.1
+export function expand_message_xmd(msg, DST, lenInBytes, H) {
+    isBytes(msg);
+    isBytes(DST);
+    isNum(lenInBytes);
+    // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-5.3.3
+    if (DST.length > 255)
+        DST = H(concatBytes(utf8ToBytes('H2C-OVERSIZE-DST-'), DST));
+    const { outputLen: b_in_bytes, blockLen: r_in_bytes } = H;
+    const ell = Math.ceil(lenInBytes / b_in_bytes);
+    if (ell > 255)
+        throw new Error('Invalid xmd length');
+    const DST_prime = concatBytes(DST, i2osp(DST.length, 1));
+    const Z_pad = i2osp(0, r_in_bytes);
+    const l_i_b_str = i2osp(lenInBytes, 2); // len_in_bytes_str
+    const b = new Array(ell);
+    const b_0 = H(concatBytes(Z_pad, msg, l_i_b_str, i2osp(0, 1), DST_prime));
+    b[0] = H(concatBytes(b_0, i2osp(1, 1), DST_prime));
+    for (let i = 1; i <= ell; i++) {
+        const args = [strxor(b_0, b[i - 1]), i2osp(i + 1, 1), DST_prime];
+        b[i] = H(concatBytes(...args));
+    }
+    const pseudo_random_bytes = concatBytes(...b);
+    return pseudo_random_bytes.slice(0, lenInBytes);
+}
+export function expand_message_xof(msg, DST, lenInBytes, k, H) {
+    isBytes(msg);
+    isBytes(DST);
+    isNum(lenInBytes);
+    // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-5.3.3
+    // DST = H('H2C-OVERSIZE-DST-' || a_very_long_DST, Math.ceil((lenInBytes * k) / 8));
+    if (DST.length > 255) {
+        const dkLen = Math.ceil((2 * k) / 8);
+        DST = H.create({ dkLen }).update(utf8ToBytes('H2C-OVERSIZE-DST-')).update(DST).digest();
+    }
+    if (lenInBytes > 65535 || DST.length > 255)
+        throw new Error('expand_message_xof: invalid lenInBytes');
+    return (H.create({ dkLen: lenInBytes })
+        .update(msg)
+        .update(i2osp(lenInBytes, 2))
+        // 2. DST_prime = DST || I2OSP(len(DST), 1)
+        .update(DST)
+        .update(i2osp(DST.length, 1))
+        .digest());
+}
+/**
+ * Hashes arbitrary-length byte strings to a list of one or more elements of a finite field F
+ * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.3
+ * @param msg a byte string containing the message to hash
+ * @param count the number of elements of F to output
+ * @param options `{DST: string, p: bigint, m: number, k: number, expand: 'xmd' | 'xof', hash: H}`, see above
+ * @returns [u_0, ..., u_(count - 1)], a list of field elements.
+ */
+export function hash_to_field(msg, count, options) {
+    validateObject(options, {
+        DST: 'string',
+        p: 'bigint',
+        m: 'isSafeInteger',
+        k: 'isSafeInteger',
+        hash: 'hash',
+    });
+    const { p, k, m, hash, expand, DST: _DST } = options;
+    isBytes(msg);
+    isNum(count);
+    const DST = validateDST(_DST);
+    const log2p = p.toString(2).length;
+    const L = Math.ceil((log2p + k) / 8); // section 5.1 of ietf draft link above
+    const len_in_bytes = count * m * L;
+    let prb; // pseudo_random_bytes
+    if (expand === 'xmd') {
+        prb = expand_message_xmd(msg, DST, len_in_bytes, hash);
+    }
+    else if (expand === 'xof') {
+        prb = expand_message_xof(msg, DST, len_in_bytes, k, hash);
+    }
+    else if (expand === undefined) {
+        prb = msg;
+    }
+    else {
+        throw new Error('expand must be "xmd", "xof" or undefined');
+    }
+    const u = new Array(count);
+    for (let i = 0; i < count; i++) {
+        const e = new Array(m);
+        for (let j = 0; j < m; j++) {
+            const elm_offset = L * (j + i * m);
+            const tv = prb.subarray(elm_offset, elm_offset + L);
+            e[j] = mod(os2ip(tv), p);
+        }
+        u[i] = e;
+    }
+    return u;
+}
+export function isogenyMap(field, map) {
+    // Make same order as in spec
+    const COEFF = map.map((i) => Array.from(i).reverse());
+    return (x, y) => {
+        const [xNum, xDen, yNum, yDen] = COEFF.map((val) => val.reduce((acc, i) => field.add(field.mul(acc, x), i)));
+        x = field.div(xNum, xDen); // xNum / xDen
+        y = field.mul(y, field.div(yNum, yDen)); // y * (yNum / yDev)
+        return { x, y };
+    };
+}
+export function createHasher(Point, mapToCurve, def) {
+    if (typeof mapToCurve !== 'function')
+        throw new Error('mapToCurve() must be defined');
+    return {
+        // Encodes byte string to elliptic curve
+        // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-3
+        hashToCurve(msg, options) {
+            const u = hash_to_field(msg, 2, { ...def, DST: def.DST, ...options });
+            const u0 = Point.fromAffine(mapToCurve(u[0]));
+            const u1 = Point.fromAffine(mapToCurve(u[1]));
+            const P = u0.add(u1).clearCofactor();
+            P.assertValidity();
+            return P;
+        },
+        // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-3
+        encodeToCurve(msg, options) {
+            const u = hash_to_field(msg, 1, { ...def, DST: def.encodeDST, ...options });
+            const P = Point.fromAffine(mapToCurve(u[0])).clearCofactor();
+            P.assertValidity();
+            return P;
+        },
+    };
+}
+//# sourceMappingURL=hash-to-curve.js.map

package/esm/abstract/hash-to-curve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash-to-curve.js","sourceRoot":"","sources":["../../src/abstract/hash-to-curve.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAS,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAS,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAoB9F,SAAS,WAAW,CAAC,GAAmB;IACtC,IAAI,GAAG,YAAY,UAAU;QAAE,OAAO,GAAG,CAAC;IAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;AACtD,CAAC;AAED,6FAA6F;AAC7F,MAAM,KAAK,GAAG,eAAe,CAAC;AAE9B,4CAA4C;AAC5C,SAAS,KAAK,CAAC,KAAa,EAAE,MAAc;IAC1C,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,EAAE;QAC3C,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,WAAW,MAAM,EAAE,CAAC,CAAC;KACpE;IACD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAa,CAAC;IACvD,KAAK,IAAI,CAAC,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC;QACtB,KAAK,MAAM,CAAC,CAAC;KACd;IACD,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACjC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KACtB;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,OAAO,CAAC,IAAa;IAC5B,IAAI,CAAC,CAAC,IAAI,YAAY,UAAU,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;AAC5E,CAAC;AACD,SAAS,KAAK,CAAC,IAAa;IAC1B,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;AACtE,CAAC;AAED,oGAAoG;AACpG,uFAAuF;AACvF,MAAM,UAAU,kBAAkB,CAChC,GAAe,EACf,GAAe,EACf,UAAkB,EAClB,CAAQ;IAER,OAAO,CAAC,GAAG,CAAC,CAAC;IACb,OAAO,CAAC,GAAG,CAAC,CAAC;IACb,KAAK,CAAC,UAAU,CAAC,CAAC;IAClB,uFAAuF;IACvF,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QAAE,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,mBAAmB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAClF,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC,CAAC;IAC/C,IAAI,GAAG,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,mBAAmB;IAC3D,MAAM,CAAC,GAAG,IAAI,KAAK,CAAa,GAAG,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IACnD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;KAChC;IACD,MAAM,mBAAmB,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,GAAe,EACf,GAAe,EACf,UAAkB,EAClB,CAAS,EACT,CAAQ;IAER,OAAO,CAAC,GAAG,CAAC,CAAC;IACb,OAAO,CAAC,GAAG,CAAC,CAAC;IACb,KAAK,CAAC,UAAU,CAAC,CAAC;IAClB,uFAAuF;IACvF,oFAAoF;IACpF,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG,EAAE;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACrC,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,mBAAmB,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;KACzF;IACD,IAAI,UAAU,GAAG,KAAK,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QACxC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;SAC5B,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC7B,2CAA2C;SAC1C,MAAM,CAAC,GAAG,CAAC;SACX,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;SAC5B,MAAM,EAAE,CACZ,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,GAAe,EAAE,KAAa,EAAE,OAAa;IACzE,cAAc,CAAC,OAAO,EAAE;QACtB,GAAG,EAAE,QAAQ;QACb,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,eAAe;QAClB,CAAC,EAAE,eAAe;QAClB,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,CAAC;IACb,KAAK,CAAC,KAAK,CAAC,CAAC;IACb,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACnC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAC7E,MAAM,YAAY,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,GAAG,CAAC,CAAC,sBAAsB;IAC/B,IAAI,MAAM,KAAK,KAAK,EAAE;QACpB,GAAG,GAAG,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;KACxD;SAAM,IAAI,MAAM,KAAK,KAAK,EAAE;QAC3B,GAAG,GAAG,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;KAC3D;SAAM,IAAI,MAAM,KAAK,SAAS,EAAE;QAC/B,GAAG,GAAG,GAAG,CAAC;KACX;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IACD,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9B,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE;YAC1B,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;YACnC,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YACpD,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;SAC1B;QACD,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;KACV;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,UAAU,CAAwB,KAAQ,EAAE,GAAyB;IACnF,6BAA6B;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,CAAI,EAAE,CAAI,EAAE,EAAE;QACpB,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACjD,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CACxD,CAAC;QACF,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,cAAc;QACzC,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,oBAAoB;QAC7D,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC;AAmBD,MAAM,UAAU,YAAY,CAC1B,KAA6B,EAC7B,UAAyB,EACzB,GAA0C;IAE1C,IAAI,OAAO,UAAU,KAAK,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACtF,OAAO;QACL,wCAAwC;QACxC,mFAAmF;QACnF,WAAW,CAAC,GAAe,EAAE,OAAsB;YACjD,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,OAAO,EAAU,CAAC,CAAC;YAC9E,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;YACrC,CAAC,CAAC,cAAc,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC;QACX,CAAC;QAED,mFAAmF;QACnF,aAAa,CAAC,GAAe,EAAE,OAAsB;YACnD,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,OAAO,EAAU,CAAC,CAAC;YACpF,MAAM,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;YAC7D,CAAC,CAAC,cAAc,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;AACJ,CAAC"}