@noble/curves 0.8.1 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_shortw_utils.js +13 -8
- package/_shortw_utils.js.map +1 -1
- package/abstract/bls.js +16 -12
- package/abstract/bls.js.map +1 -1
- package/abstract/curve.js +12 -7
- package/abstract/curve.js.map +1 -1
- package/abstract/edwards.js +20 -16
- package/abstract/edwards.js.map +1 -1
- package/abstract/hash-to-curve.js +26 -18
- package/abstract/hash-to-curve.js.map +1 -1
- package/abstract/modular.js +44 -24
- package/abstract/modular.js.map +1 -1
- package/abstract/montgomery.js +15 -11
- package/abstract/montgomery.js.map +1 -1
- package/abstract/poseidon.js +12 -6
- package/abstract/poseidon.js.map +1 -1
- package/abstract/utils.js +41 -19
- package/abstract/utils.js.map +1 -1
- package/abstract/weierstrass.js +28 -21
- package/abstract/weierstrass.js.map +1 -1
- package/bls12-381.js +66 -63
- package/bls12-381.js.map +1 -1
- package/bn.js +10 -7
- package/bn.js.map +1 -1
- package/ed25519.js +78 -72
- package/ed25519.js.map +1 -1
- package/ed448.js +41 -37
- package/ed448.js.map +1 -1
- package/jubjub.js +22 -17
- package/jubjub.js.map +1 -1
- package/p256.js +17 -13
- package/p256.js.map +1 -1
- package/p384.js +17 -13
- package/p384.js.map +1 -1
- package/p521.js +17 -13
- package/p521.js.map +1 -1
- package/package.json +1 -1
- package/pasta.js +19 -16
- package/pasta.js.map +1 -1
- package/secp256k1.js +57 -53
- package/secp256k1.js.map +1 -1
package/bn.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bn.js","sourceRoot":"","sources":["src/bn.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"bn.js","sourceRoot":"","sources":["src/bn.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,8DAAwD;AACxD,yDAA6C;AAC7C,sDAA2C;AAC3C;;;;;GAKG;AACU,QAAA,KAAK,GAAG,IAAA,4BAAW,EAAC;IAC/B,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE,EAAE,IAAA,eAAE,EAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC;IACpF,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,IAAA,0BAAO,EAAC,eAAM,CAAC;CACnB,CAAC,CAAC"}
|
package/ed25519.js
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.hash_to_ristretto255 = exports.RistrettoPoint = exports.encodeToCurve = exports.hashToCurve = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0;
|
|
1
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
const sha512_1 = require("@noble/hashes/sha512");
|
|
6
|
+
const utils_1 = require("@noble/hashes/utils");
|
|
7
|
+
const edwards_js_1 = require("./abstract/edwards.js");
|
|
8
|
+
const montgomery_js_1 = require("./abstract/montgomery.js");
|
|
9
|
+
const modular_js_1 = require("./abstract/modular.js");
|
|
10
|
+
const utils_js_1 = require("./abstract/utils.js");
|
|
11
|
+
const htf = require("./abstract/hash-to-curve.js");
|
|
9
12
|
/**
|
|
10
13
|
* ed25519 Twisted Edwards curve with following addons:
|
|
11
14
|
* - X25519 ECDH
|
|
@@ -23,16 +26,16 @@ function ed25519_pow_2_252_3(x) {
|
|
|
23
26
|
const P = ED25519_P;
|
|
24
27
|
const x2 = (x * x) % P;
|
|
25
28
|
const b2 = (x2 * x) % P; // x^3, 11
|
|
26
|
-
const b4 = (pow2(b2, _2n, P) * b2) % P; // x^15, 1111
|
|
27
|
-
const b5 = (pow2(b4, _1n, P) * x) % P; // x^31
|
|
28
|
-
const b10 = (pow2(b5, _5n, P) * b5) % P;
|
|
29
|
-
const b20 = (pow2(b10, _10n, P) * b10) % P;
|
|
30
|
-
const b40 = (pow2(b20, _20n, P) * b20) % P;
|
|
31
|
-
const b80 = (pow2(b40, _40n, P) * b40) % P;
|
|
32
|
-
const b160 = (pow2(b80, _80n, P) * b80) % P;
|
|
33
|
-
const b240 = (pow2(b160, _80n, P) * b80) % P;
|
|
34
|
-
const b250 = (pow2(b240, _10n, P) * b10) % P;
|
|
35
|
-
const pow_p_5_8 = (pow2(b250, _2n, P) * x) % P;
|
|
29
|
+
const b4 = ((0, modular_js_1.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111
|
|
30
|
+
const b5 = ((0, modular_js_1.pow2)(b4, _1n, P) * x) % P; // x^31
|
|
31
|
+
const b10 = ((0, modular_js_1.pow2)(b5, _5n, P) * b5) % P;
|
|
32
|
+
const b20 = ((0, modular_js_1.pow2)(b10, _10n, P) * b10) % P;
|
|
33
|
+
const b40 = ((0, modular_js_1.pow2)(b20, _20n, P) * b20) % P;
|
|
34
|
+
const b80 = ((0, modular_js_1.pow2)(b40, _40n, P) * b40) % P;
|
|
35
|
+
const b160 = ((0, modular_js_1.pow2)(b80, _80n, P) * b80) % P;
|
|
36
|
+
const b240 = ((0, modular_js_1.pow2)(b160, _80n, P) * b80) % P;
|
|
37
|
+
const b250 = ((0, modular_js_1.pow2)(b240, _10n, P) * b10) % P;
|
|
38
|
+
const pow_p_5_8 = ((0, modular_js_1.pow2)(b250, _2n, P) * x) % P;
|
|
36
39
|
// ^ To pow to (p+3)/8, multiply it by x.
|
|
37
40
|
return { pow_p_5_8, b2 };
|
|
38
41
|
}
|
|
@@ -49,27 +52,27 @@ function adjustScalarBytes(bytes) {
|
|
|
49
52
|
// sqrt(u/v)
|
|
50
53
|
function uvRatio(u, v) {
|
|
51
54
|
const P = ED25519_P;
|
|
52
|
-
const v3 = mod(v * v * v, P); // v³
|
|
53
|
-
const v7 = mod(v3 * v3 * v, P); // v⁷
|
|
55
|
+
const v3 = (0, modular_js_1.mod)(v * v * v, P); // v³
|
|
56
|
+
const v7 = (0, modular_js_1.mod)(v3 * v3 * v, P); // v⁷
|
|
54
57
|
// (p+3)/8 and (p-5)/8
|
|
55
58
|
const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;
|
|
56
|
-
let x = mod(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
|
|
57
|
-
const vx2 = mod(v * x * x, P); // vx²
|
|
59
|
+
let x = (0, modular_js_1.mod)(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
|
|
60
|
+
const vx2 = (0, modular_js_1.mod)(v * x * x, P); // vx²
|
|
58
61
|
const root1 = x; // First root candidate
|
|
59
|
-
const root2 = mod(x * ED25519_SQRT_M1, P); // Second root candidate
|
|
62
|
+
const root2 = (0, modular_js_1.mod)(x * ED25519_SQRT_M1, P); // Second root candidate
|
|
60
63
|
const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root
|
|
61
|
-
const useRoot2 = vx2 === mod(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
|
|
62
|
-
const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
|
|
64
|
+
const useRoot2 = vx2 === (0, modular_js_1.mod)(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
|
|
65
|
+
const noRoot = vx2 === (0, modular_js_1.mod)(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
|
|
63
66
|
if (useRoot1)
|
|
64
67
|
x = root1;
|
|
65
68
|
if (useRoot2 || noRoot)
|
|
66
69
|
x = root2; // We return root2 anyway, for const-time
|
|
67
|
-
if (isNegativeLE(x, P))
|
|
68
|
-
x = mod(-x, P);
|
|
70
|
+
if ((0, modular_js_1.isNegativeLE)(x, P))
|
|
71
|
+
x = (0, modular_js_1.mod)(-x, P);
|
|
69
72
|
return { isValid: useRoot1 || useRoot2, value: x };
|
|
70
73
|
}
|
|
71
74
|
// Just in case
|
|
72
|
-
|
|
75
|
+
exports.ED25519_TORSION_SUBGROUP = [
|
|
73
76
|
'0100000000000000000000000000000000000000000000000000000000000000',
|
|
74
77
|
'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a',
|
|
75
78
|
'0000000000000000000000000000000000000000000000000000000000000080',
|
|
@@ -79,7 +82,7 @@ export const ED25519_TORSION_SUBGROUP = [
|
|
|
79
82
|
'0000000000000000000000000000000000000000000000000000000000000000',
|
|
80
83
|
'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa',
|
|
81
84
|
];
|
|
82
|
-
const Fp =
|
|
85
|
+
const Fp = (0, modular_js_1.Fp)(ED25519_P, undefined, true);
|
|
83
86
|
const ED25519_DEF = {
|
|
84
87
|
// Param: a
|
|
85
88
|
a: BigInt(-1),
|
|
@@ -96,27 +99,27 @@ const ED25519_DEF = {
|
|
|
96
99
|
// Base point (x, y) aka generator point
|
|
97
100
|
Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'),
|
|
98
101
|
Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'),
|
|
99
|
-
hash: sha512,
|
|
100
|
-
randomBytes,
|
|
102
|
+
hash: sha512_1.sha512,
|
|
103
|
+
randomBytes: utils_1.randomBytes,
|
|
101
104
|
adjustScalarBytes,
|
|
102
105
|
// dom2
|
|
103
106
|
// Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3.
|
|
104
107
|
// Constant-time, u/√v
|
|
105
108
|
uvRatio,
|
|
106
109
|
};
|
|
107
|
-
|
|
110
|
+
exports.ed25519 = (0, edwards_js_1.twistedEdwards)(ED25519_DEF);
|
|
108
111
|
function ed25519_domain(data, ctx, phflag) {
|
|
109
112
|
if (ctx.length > 255)
|
|
110
113
|
throw new Error('Context is too big');
|
|
111
|
-
return concatBytes(utf8ToBytes('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
|
|
114
|
+
return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
|
|
112
115
|
}
|
|
113
|
-
|
|
114
|
-
|
|
116
|
+
exports.ed25519ctx = (0, edwards_js_1.twistedEdwards)({ ...ED25519_DEF, domain: ed25519_domain });
|
|
117
|
+
exports.ed25519ph = (0, edwards_js_1.twistedEdwards)({
|
|
115
118
|
...ED25519_DEF,
|
|
116
119
|
domain: ed25519_domain,
|
|
117
|
-
preHash: sha512,
|
|
120
|
+
preHash: sha512_1.sha512,
|
|
118
121
|
});
|
|
119
|
-
|
|
122
|
+
exports.x25519 = (0, montgomery_js_1.montgomery)({
|
|
120
123
|
P: ED25519_P,
|
|
121
124
|
a: BigInt(486662),
|
|
122
125
|
montgomeryBits: 255,
|
|
@@ -126,10 +129,10 @@ export const x25519 = montgomery({
|
|
|
126
129
|
const P = ED25519_P;
|
|
127
130
|
// x^(p-2) aka x^(2^255-21)
|
|
128
131
|
const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
|
|
129
|
-
return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P);
|
|
132
|
+
return (0, modular_js_1.mod)((0, modular_js_1.pow2)(pow_p_5_8, BigInt(3), P) * b2, P);
|
|
130
133
|
},
|
|
131
134
|
adjustScalarBytes,
|
|
132
|
-
randomBytes,
|
|
135
|
+
randomBytes: utils_1.randomBytes,
|
|
133
136
|
});
|
|
134
137
|
// Hash To Curve Elligator2 Map (NOTE: different from ristretto255 elligator)
|
|
135
138
|
// NOTE: very important part is usage of FpSqrtEven for ELL2_C1_EDWARDS, since
|
|
@@ -181,7 +184,7 @@ function map_to_curve_elligator2_curve25519(u) {
|
|
|
181
184
|
y = Fp.cmov(y, Fp.neg(y), e3 !== e4); // 38. y = CMOV(y, -y, e3 XOR e4)
|
|
182
185
|
return { xMn: xn, xMd: xd, yMn: y, yMd: 1n }; // 39. return (xn, xd, y, 1)
|
|
183
186
|
}
|
|
184
|
-
const ELL2_C1_EDWARDS = FpSqrtEven(Fp, Fp.neg(BigInt(486664))); // sgn0(c1) MUST equal 0
|
|
187
|
+
const ELL2_C1_EDWARDS = (0, modular_js_1.FpSqrtEven)(Fp, Fp.neg(BigInt(486664))); // sgn0(c1) MUST equal 0
|
|
185
188
|
function map_to_curve_elligator2_edwards25519(u) {
|
|
186
189
|
const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); // 1. (xMn, xMd, yMn, yMd) = map_to_curve_elligator2_curve25519(u)
|
|
187
190
|
let xn = Fp.mul(xMn, yMd); // 2. xn = xMn * yMd
|
|
@@ -198,16 +201,17 @@ function map_to_curve_elligator2_edwards25519(u) {
|
|
|
198
201
|
const inv = Fp.invertBatch([xd, yd]); // batch division
|
|
199
202
|
return { x: Fp.mul(xn, inv[0]), y: Fp.mul(yn, inv[1]) }; // 13. return (xn, xd, yn, yd)
|
|
200
203
|
}
|
|
201
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(ed25519.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards25519(scalars[0]), {
|
|
204
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.ed25519.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards25519(scalars[0]), {
|
|
202
205
|
DST: 'edwards25519_XMD:SHA-512_ELL2_RO_',
|
|
203
206
|
encodeDST: 'edwards25519_XMD:SHA-512_ELL2_NU_',
|
|
204
207
|
p: Fp.ORDER,
|
|
205
208
|
m: 1,
|
|
206
209
|
k: 128,
|
|
207
210
|
expand: 'xmd',
|
|
208
|
-
hash: sha512,
|
|
211
|
+
hash: sha512_1.sha512,
|
|
209
212
|
});
|
|
210
|
-
|
|
213
|
+
exports.hashToCurve = hashToCurve;
|
|
214
|
+
exports.encodeToCurve = encodeToCurve;
|
|
211
215
|
function assertRstPoint(other) {
|
|
212
216
|
if (!(other instanceof RistrettoPoint))
|
|
213
217
|
throw new Error('RistrettoPoint expected');
|
|
@@ -225,20 +229,20 @@ const D_MINUS_ONE_SQ = BigInt('4044083434630853685810104246932319082624839914623
|
|
|
225
229
|
// Calculates 1/√(number)
|
|
226
230
|
const invertSqrt = (number) => uvRatio(_1n, number);
|
|
227
231
|
const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
|
|
228
|
-
const bytes255ToNumberLE = (bytes) => ed25519.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_255B);
|
|
232
|
+
const bytes255ToNumberLE = (bytes) => exports.ed25519.CURVE.Fp.create((0, utils_js_1.bytesToNumberLE)(bytes) & MAX_255B);
|
|
229
233
|
// Computes Elligator map for Ristretto
|
|
230
234
|
// https://ristretto.group/formulas/elligator.html
|
|
231
235
|
function calcElligatorRistrettoMap(r0) {
|
|
232
|
-
const { d } = ed25519.CURVE;
|
|
233
|
-
const P = ed25519.CURVE.Fp.ORDER;
|
|
234
|
-
const mod = ed25519.CURVE.Fp.create;
|
|
236
|
+
const { d } = exports.ed25519.CURVE;
|
|
237
|
+
const P = exports.ed25519.CURVE.Fp.ORDER;
|
|
238
|
+
const mod = exports.ed25519.CURVE.Fp.create;
|
|
235
239
|
const r = mod(SQRT_M1 * r0 * r0); // 1
|
|
236
240
|
const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2
|
|
237
241
|
let c = BigInt(-1); // 3
|
|
238
242
|
const D = mod((c - d * r) * mod(r + d)); // 4
|
|
239
243
|
let { isValid: Ns_D_is_sq, value: s } = uvRatio(Ns, D); // 5
|
|
240
244
|
let s_ = mod(s * r0); // 6
|
|
241
|
-
if (!isNegativeLE(s_, P))
|
|
245
|
+
if (!(0, modular_js_1.isNegativeLE)(s_, P))
|
|
242
246
|
s_ = mod(-s_);
|
|
243
247
|
if (!Ns_D_is_sq)
|
|
244
248
|
s = s_; // 7
|
|
@@ -250,7 +254,7 @@ function calcElligatorRistrettoMap(r0) {
|
|
|
250
254
|
const W1 = mod(Nt * SQRT_AD_MINUS_ONE); // 11
|
|
251
255
|
const W2 = mod(_1n - s2); // 12
|
|
252
256
|
const W3 = mod(_1n + s2); // 13
|
|
253
|
-
return new ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
|
|
257
|
+
return new exports.ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
|
|
254
258
|
}
|
|
255
259
|
/**
|
|
256
260
|
* Each ed25519/ExtendedPoint has 8 different equivalent points. This can be
|
|
@@ -259,14 +263,14 @@ function calcElligatorRistrettoMap(r0) {
|
|
|
259
263
|
* but it should work in its own namespace: do not combine those two.
|
|
260
264
|
* https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448
|
|
261
265
|
*/
|
|
262
|
-
|
|
266
|
+
class RistrettoPoint {
|
|
263
267
|
// Private property to discourage combining ExtendedPoint + RistrettoPoint
|
|
264
268
|
// Always use Ristretto encoding/decoding instead.
|
|
265
269
|
constructor(ep) {
|
|
266
270
|
this.ep = ep;
|
|
267
271
|
}
|
|
268
272
|
static fromAffine(ap) {
|
|
269
|
-
return new RistrettoPoint(ed25519.ExtendedPoint.fromAffine(ap));
|
|
273
|
+
return new RistrettoPoint(exports.ed25519.ExtendedPoint.fromAffine(ap));
|
|
270
274
|
}
|
|
271
275
|
/**
|
|
272
276
|
* Takes uniform output of 64-bit hash function like sha512 and converts it to `RistrettoPoint`.
|
|
@@ -276,7 +280,7 @@ export class RistrettoPoint {
|
|
|
276
280
|
* @param hex 64-bit output of a hash function
|
|
277
281
|
*/
|
|
278
282
|
static hashToCurve(hex) {
|
|
279
|
-
hex = ensureBytes('ristrettoHash', hex, 64);
|
|
283
|
+
hex = (0, utils_js_1.ensureBytes)('ristrettoHash', hex, 64);
|
|
280
284
|
const r1 = bytes255ToNumberLE(hex.slice(0, 32));
|
|
281
285
|
const R1 = calcElligatorRistrettoMap(r1);
|
|
282
286
|
const r2 = bytes255ToNumberLE(hex.slice(32, 64));
|
|
@@ -289,15 +293,15 @@ export class RistrettoPoint {
|
|
|
289
293
|
* @param hex Ristretto-encoded 32 bytes. Not every 32-byte string is valid ristretto encoding
|
|
290
294
|
*/
|
|
291
295
|
static fromHex(hex) {
|
|
292
|
-
hex = ensureBytes('ristrettoHex', hex, 32);
|
|
293
|
-
const { a, d } = ed25519.CURVE;
|
|
294
|
-
const P = ed25519.CURVE.Fp.ORDER;
|
|
295
|
-
const mod = ed25519.CURVE.Fp.create;
|
|
296
|
+
hex = (0, utils_js_1.ensureBytes)('ristrettoHex', hex, 32);
|
|
297
|
+
const { a, d } = exports.ed25519.CURVE;
|
|
298
|
+
const P = exports.ed25519.CURVE.Fp.ORDER;
|
|
299
|
+
const mod = exports.ed25519.CURVE.Fp.create;
|
|
296
300
|
const emsg = 'RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint';
|
|
297
301
|
const s = bytes255ToNumberLE(hex);
|
|
298
302
|
// 1. Check that s_bytes is the canonical encoding of a field element, or else abort.
|
|
299
303
|
// 3. Check that s is non-negative, or else abort
|
|
300
|
-
if (!equalBytes(numberToBytesLE(s, 32), hex) || isNegativeLE(s, P))
|
|
304
|
+
if (!(0, utils_js_1.equalBytes)((0, utils_js_1.numberToBytesLE)(s, 32), hex) || (0, modular_js_1.isNegativeLE)(s, P))
|
|
301
305
|
throw new Error(emsg);
|
|
302
306
|
const s2 = mod(s * s);
|
|
303
307
|
const u1 = mod(_1n + a * s2); // 4 (a is -1)
|
|
@@ -309,13 +313,13 @@ export class RistrettoPoint {
|
|
|
309
313
|
const Dx = mod(I * u2); // 8
|
|
310
314
|
const Dy = mod(I * Dx * v); // 9
|
|
311
315
|
let x = mod((s + s) * Dx); // 10
|
|
312
|
-
if (isNegativeLE(x, P))
|
|
316
|
+
if ((0, modular_js_1.isNegativeLE)(x, P))
|
|
313
317
|
x = mod(-x); // 10
|
|
314
318
|
const y = mod(u1 * Dy); // 11
|
|
315
319
|
const t = mod(x * y); // 12
|
|
316
|
-
if (!isValid || isNegativeLE(t, P) || y === _0n)
|
|
320
|
+
if (!isValid || (0, modular_js_1.isNegativeLE)(t, P) || y === _0n)
|
|
317
321
|
throw new Error(emsg);
|
|
318
|
-
return new RistrettoPoint(new ed25519.ExtendedPoint(x, y, _1n, t));
|
|
322
|
+
return new RistrettoPoint(new exports.ed25519.ExtendedPoint(x, y, _1n, t));
|
|
319
323
|
}
|
|
320
324
|
/**
|
|
321
325
|
* Encodes ristretto point to Uint8Array.
|
|
@@ -323,8 +327,8 @@ export class RistrettoPoint {
|
|
|
323
327
|
*/
|
|
324
328
|
toRawBytes() {
|
|
325
329
|
let { ex: x, ey: y, ez: z, et: t } = this.ep;
|
|
326
|
-
const P = ed25519.CURVE.Fp.ORDER;
|
|
327
|
-
const mod = ed25519.CURVE.Fp.create;
|
|
330
|
+
const P = exports.ed25519.CURVE.Fp.ORDER;
|
|
331
|
+
const mod = exports.ed25519.CURVE.Fp.create;
|
|
328
332
|
const u1 = mod(mod(z + y) * mod(z - y)); // 1
|
|
329
333
|
const u2 = mod(x * y); // 2
|
|
330
334
|
// Square root always exists
|
|
@@ -334,7 +338,7 @@ export class RistrettoPoint {
|
|
|
334
338
|
const D2 = mod(invsqrt * u2); // 5
|
|
335
339
|
const zInv = mod(D1 * D2 * t); // 6
|
|
336
340
|
let D; // 7
|
|
337
|
-
if (isNegativeLE(t * zInv, P)) {
|
|
341
|
+
if ((0, modular_js_1.isNegativeLE)(t * zInv, P)) {
|
|
338
342
|
let _x = mod(y * SQRT_M1);
|
|
339
343
|
let _y = mod(x * SQRT_M1);
|
|
340
344
|
x = _x;
|
|
@@ -344,15 +348,15 @@ export class RistrettoPoint {
|
|
|
344
348
|
else {
|
|
345
349
|
D = D2; // 8
|
|
346
350
|
}
|
|
347
|
-
if (isNegativeLE(x * zInv, P))
|
|
351
|
+
if ((0, modular_js_1.isNegativeLE)(x * zInv, P))
|
|
348
352
|
y = mod(-y); // 9
|
|
349
353
|
let s = mod((z - y) * D); // 10 (check footer's note, no sqrt(-a))
|
|
350
|
-
if (isNegativeLE(s, P))
|
|
354
|
+
if ((0, modular_js_1.isNegativeLE)(s, P))
|
|
351
355
|
s = mod(-s);
|
|
352
|
-
return numberToBytesLE(s, 32); // 11
|
|
356
|
+
return (0, utils_js_1.numberToBytesLE)(s, 32); // 11
|
|
353
357
|
}
|
|
354
358
|
toHex() {
|
|
355
|
-
return bytesToHex(this.toRawBytes());
|
|
359
|
+
return (0, utils_js_1.bytesToHex)(this.toRawBytes());
|
|
356
360
|
}
|
|
357
361
|
toString() {
|
|
358
362
|
return this.toHex();
|
|
@@ -362,7 +366,7 @@ export class RistrettoPoint {
|
|
|
362
366
|
assertRstPoint(other);
|
|
363
367
|
const { ex: X1, ey: Y1 } = this.ep;
|
|
364
368
|
const { ex: X2, ey: Y2 } = other.ep;
|
|
365
|
-
const mod = ed25519.CURVE.Fp.create;
|
|
369
|
+
const mod = exports.ed25519.CURVE.Fp.create;
|
|
366
370
|
// (x1 * y2 == y1 * x2) | (y1 * y2 == x1 * x2)
|
|
367
371
|
const one = mod(X1 * Y2) === mod(Y1 * X2);
|
|
368
372
|
const two = mod(Y1 * Y2) === mod(X1 * X2);
|
|
@@ -383,15 +387,17 @@ export class RistrettoPoint {
|
|
|
383
387
|
return new RistrettoPoint(this.ep.multiplyUnsafe(scalar));
|
|
384
388
|
}
|
|
385
389
|
}
|
|
386
|
-
RistrettoPoint
|
|
387
|
-
RistrettoPoint.
|
|
390
|
+
exports.RistrettoPoint = RistrettoPoint;
|
|
391
|
+
RistrettoPoint.BASE = new RistrettoPoint(exports.ed25519.ExtendedPoint.BASE);
|
|
392
|
+
RistrettoPoint.ZERO = new RistrettoPoint(exports.ed25519.ExtendedPoint.ZERO);
|
|
388
393
|
// https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/14/
|
|
389
394
|
// Appendix B. Hashing to ristretto255
|
|
390
|
-
|
|
395
|
+
const hash_to_ristretto255 = (msg, options) => {
|
|
391
396
|
const d = options.DST;
|
|
392
|
-
const DST = typeof d === 'string' ? utf8ToBytes(d) : d;
|
|
393
|
-
const uniform_bytes = htf.expand_message_xmd(msg, DST, 64, sha512);
|
|
397
|
+
const DST = typeof d === 'string' ? (0, utils_1.utf8ToBytes)(d) : d;
|
|
398
|
+
const uniform_bytes = htf.expand_message_xmd(msg, DST, 64, sha512_1.sha512);
|
|
394
399
|
const P = RistrettoPoint.hashToCurve(uniform_bytes);
|
|
395
400
|
return P;
|
|
396
401
|
};
|
|
402
|
+
exports.hash_to_ristretto255 = hash_to_ristretto255;
|
|
397
403
|
//# sourceMappingURL=ed25519.js.map
|
package/ed25519.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["src/ed25519.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAgB,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,IAAI,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACzF,OAAO,EACL,UAAU,EACV,UAAU,EACV,eAAe,EACf,eAAe,EAEf,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAGnD;;;;;GAKG;AAEH,MAAM,SAAS,GAAG,MAAM,CACtB,+EAA+E,CAChF,CAAC;AACF,iCAAiC;AACjC,MAAM,eAAe,GAAG,MAAM,CAC5B,+EAA+E,CAChF,CAAC;AAEF,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACzE,kBAAkB;AAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;AACjF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,CAAC,GAAG,SAAS,CAAC;IACpB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IACvB,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACnC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa;IACrD,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO;IAC9C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/C,yCAAyC;IACzC,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AAC3B,CAAC;AACD,SAAS,iBAAiB,CAAC,KAAiB;IAC1C,kFAAkF;IAClF,yDAAyD;IACzD,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;IAC/B,oDAAoD;IACpD,KAAK,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;IAChC,4DAA4D;IAC5D,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,cAAc;IAC/B,OAAO,KAAK,CAAC;AACf,CAAC;AACD,YAAY;AACZ,SAAS,OAAO,CAAC,CAAS,EAAE,CAAS;IACnC,MAAM,CAAC,GAAG,SAAS,CAAC;IACpB,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK;IACnC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK;IACrC,sBAAsB;IACtB,MAAM,GAAG,GAAG,mBAAmB,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC;IAClD,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB;IACnD,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM;IACrC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,uBAAuB;IACxC,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,wBAAwB;IACnE,MAAM,QAAQ,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,yCAAyC;IACrE,MAAM,QAAQ,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;IAC9E,MAAM,MAAM,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,wCAAwC;IAC7F,IAAI,QAAQ;QAAE,CAAC,GAAG,KAAK,CAAC;IACxB,IAAI,QAAQ,IAAI,MAAM;QAAE,CAAC,GAAG,KAAK,CAAC,CAAC,yCAAyC;IAC5E,IAAI,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;QAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,OAAO,EAAE,OAAO,EAAE,QAAQ,IAAI,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,eAAe;AACf,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;CACnE,CAAC;AAEF,MAAM,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AAE7C,MAAM,WAAW,GAAG;IAClB,WAAW;IACX,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IACb,6CAA6C;IAC7C,mEAAmE;IACnE,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC1F,sEAAsE;IACtE,EAAE;IACF,8CAA8C;IAC9C,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,8EAA8E,CAAC;IACzF,WAAW;IACX,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,IAAI,EAAE,MAAM;IACZ,WAAW;IACX,iBAAiB;IACjB,OAAO;IACP,iGAAiG;IACjG,sBAAsB;IACtB,OAAO;CACC,CAAC;AAEX,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;AACnD,SAAS,cAAc,CAAC,IAAgB,EAAE,GAAe,EAAE,MAAe;IACxE,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC5D,OAAO,WAAW,CAChB,WAAW,CAAC,kCAAkC,CAAC,EAC/C,IAAI,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,EAC5C,GAAG,EACH,IAAI,CACL,CAAC;AACJ,CAAC;AACD,MAAM,CAAC,MAAM,UAAU,GAAG,cAAc,CAAC,EAAE,GAAG,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;AACrF,MAAM,CAAC,MAAM,SAAS,GAAG,cAAc,CAAC;IACtC,GAAG,WAAW;IACd,MAAM,EAAE,cAAc;IACtB,OAAO,EAAE,MAAM;CAChB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,MAAM,GAAG,UAAU,CAAC;IAC/B,CAAC,EAAE,SAAS;IACZ,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,cAAc,EAAE,GAAG;IACnB,WAAW,EAAE,EAAE;IACf,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,UAAU,EAAE,CAAC,CAAS,EAAU,EAAE;QAChC,MAAM,CAAC,GAAG,SAAS,CAAC;QACpB,2BAA2B;QAC3B,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QACjD,OAAO,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,iBAAiB;IACjB,WAAW;CACZ,CAAC,CAAC;AAEH,6EAA6E;AAC7E,8EAA8E;AAC9E,mEAAmE;AAEnE,MAAM,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,iDAAiD;AAErG,MAAM,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe;AACrD,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB;AAC5D,MAAM,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,iDAAiD;AACrG,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAE9B,kBAAkB;AAClB,SAAS,kCAAkC,CAAC,CAAS;IACnD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAO,iBAAiB;IAC5C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,qBAAqB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,yEAAyE;IACvG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAE,kEAAkE;IAC7F,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAM,kBAAkB;IAC7C,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAI,0CAA0C;IACxE,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,4CAA4C;IAC3E,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,oDAAoD;IAClF,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,2DAA2D;IACzF,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,mEAAmE;IACjG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAK,mBAAmB;IAC9C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAS,qCAAqC;IAChE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,qCAAqC;IACnE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,2CAA2C;IACzE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,2CAA2C;IACzE,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,yDAAyD;IACzF,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,+DAA+D;IAC7F,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,sBAAsB;IACtD,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAS,mBAAmB;IAC9C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,uBAAuB;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,wBAAwB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,wEAAwE;IACxG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAG,kEAAkE;IAChG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAK,qBAAqB;IACnD,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAG,sBAAsB;IACpD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,sBAAsB;IACtD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAG,mEAAmE;IACjG,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAS,mBAAmB;IAC9C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,uBAAuB;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,wBAAwB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,wEAAwE;IACxG,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAU,kBAAkB;IAC7C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,uBAAuB;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,wBAAwB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,8DAA8D;IAC9F,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAE,8DAA8D;IAC5F,IAAI,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAS,iDAAiD;IAC/E,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,oCAAoC;IAC1E,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,6BAA6B;AAC7E,CAAC;AAED,MAAM,eAAe,GAAG,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;AACxF,SAAS,oCAAoC,CAAC,CAAS;IACrD,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,kCAAkC,CAAC,CAAC,CAAC,CAAC,CAAC,oEAAoE;IAC1I,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,sBAAsB;IACjD,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC,CAAC,oBAAoB;IACtD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,kDAAkD;IAC7E,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,sBAAsB;IACjD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,yEAAyE;IACpG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB;IAC9C,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,qBAAqB;IACnD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACzD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACxD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACxD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAExD,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB;IACvD,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,+BAA+B;AAC1F,CAAC;AACD,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,OAAO,CAAC,aAAa,EACrB,CAAC,OAAiB,EAAE,EAAE,CAAC,oCAAoC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACvE;IACE,GAAG,EAAE,mCAAmC;IACxC,SAAS,EAAE,mCAAmC;IAC9C,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC;AAEtC,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,CAAC,KAAK,YAAY,cAAc,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;AACrF,CAAC;AACD,iCAAiC;AACjC,MAAM,OAAO,GAAG,MAAM,CACpB,+EAA+E,CAChF,CAAC;AACF,YAAY;AACZ,MAAM,iBAAiB,GAAG,MAAM,CAC9B,+EAA+E,CAChF,CAAC;AACF,aAAa;AACb,MAAM,iBAAiB,GAAG,MAAM,CAC9B,+EAA+E,CAChF,CAAC;AACF,OAAO;AACP,MAAM,cAAc,GAAG,MAAM,CAC3B,8EAA8E,CAC/E,CAAC;AACF,SAAS;AACT,MAAM,cAAc,GAAG,MAAM,CAC3B,+EAA+E,CAChF,CAAC;AACF,yBAAyB;AACzB,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AAE5D,MAAM,QAAQ,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAC9F,MAAM,kBAAkB,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC/C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,CAAC;AAI7D,uCAAuC;AACvC,kDAAkD;AAClD,SAAS,yBAAyB,CAAC,EAAU;IAC3C,MAAM,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;IACjC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;IACpC,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;IACtC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI;IAChD,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;IACxB,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;IAC7C,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI;IAC5D,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;IAC1B,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;QAAE,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU;QAAE,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI;IAC7B,IAAI,CAAC,UAAU;QAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;IAC5B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;IACxD,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;IAClC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC,KAAK;IAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;IAC/B,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;IAC/B,OAAO,IAAI,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,cAAc;IAIzB,0EAA0E;IAC1E,kDAAkD;IAClD,YAA6B,EAAiB;QAAjB,OAAE,GAAF,EAAE,CAAe;IAAG,CAAC;IAElD,MAAM,CAAC,UAAU,CAAC,EAAuB;QACvC,OAAO,IAAI,cAAc,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAQ;QACzB,GAAG,GAAG,WAAW,CAAC,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,EAAE,GAAG,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO,IAAI,cAAc,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,GAAQ;QACrB,GAAG,GAAG,WAAW,CAAC,cAAc,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3C,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC;QAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;QACjC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;QACpC,MAAM,IAAI,GAAG,yEAAyE,CAAC;QACvF,MAAM,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAClC,qFAAqF;QACrF,iDAAiD;QACjD,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,cAAc;QAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1B,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1B,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI;QACxC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI;QAC7D,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAC5B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAChC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;QAChC,IAAI,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;QAC1C,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;QAC7B,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;QAC3B,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QACvE,OAAO,IAAI,cAAc,CAAC,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;QACjC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;QAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC3B,4BAA4B;QAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1B,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAClC,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QACnC,IAAI,CAAS,CAAC,CAAC,IAAI;QACnB,IAAI,YAAY,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,EAAE;YAC7B,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;YAC1B,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;YAC1B,CAAC,GAAG,EAAE,CAAC;YACP,CAAC,GAAG,EAAE,CAAC;YACP,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,iBAAiB,CAAC,CAAC;SACjC;aAAM;YACL,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI;SACb;QACD,IAAI,YAAY,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;QAChD,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,wCAAwC;QAClE,IAAI,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,eAAe,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK;IACtC,CAAC;IAED,KAAK;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,gCAAgC;IAChC,MAAM,CAAC,KAAqB;QAC1B,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;QACpC,8CAA8C;QAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,OAAO,GAAG,IAAI,GAAG,CAAC;IACpB,CAAC;IAED,GAAG,CAAC,KAAqB;QACvB,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,QAAQ,CAAC,KAAqB;QAC5B,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,cAAc,CAAC,MAAc;QAC3B,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,CAAC;;AA/HM,mBAAI,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;AACtD,mBAAI,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;AAiI/D,qEAAqE;AACrE,uCAAuC;AACvC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAe,EAAE,OAAyB,EAAE,EAAE;IACjF,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC;IACtB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,MAAM,aAAa,GAAG,GAAG,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;IACnE,MAAM,CAAC,GAAG,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IACpD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"ed25519.js","sourceRoot":"","sources":["src/ed25519.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,+CAA4E;AAC5E,sDAAqE;AACrE,4DAAsD;AACtD,sDAAyF;AACzF,kDAO6B;AAC7B,mDAAmD;AAGnD;;;;;GAKG;AAEH,MAAM,SAAS,GAAG,MAAM,CACtB,+EAA+E,CAChF,CAAC;AACF,iCAAiC;AACjC,MAAM,eAAe,GAAG,MAAM,CAC5B,+EAA+E,CAChF,CAAC;AAEF,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACzE,kBAAkB;AAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;AACjF,SAAS,mBAAmB,CAAC,CAAS;IACpC,MAAM,CAAC,GAAG,SAAS,CAAC;IACpB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IACvB,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACnC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa;IACrD,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO;IAC9C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/C,yCAAyC;IACzC,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AAC3B,CAAC;AACD,SAAS,iBAAiB,CAAC,KAAiB;IAC1C,kFAAkF;IAClF,yDAAyD;IACzD,KAAK,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;IAC/B,oDAAoD;IACpD,KAAK,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;IAChC,4DAA4D;IAC5D,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,cAAc;IAC/B,OAAO,KAAK,CAAC;AACf,CAAC;AACD,YAAY;AACZ,SAAS,OAAO,CAAC,CAAS,EAAE,CAAS;IACnC,MAAM,CAAC,GAAG,SAAS,CAAC;IACpB,MAAM,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK;IACnC,MAAM,EAAE,GAAG,IAAA,gBAAG,EAAC,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK;IACrC,sBAAsB;IACtB,MAAM,GAAG,GAAG,mBAAmB,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC;IAClD,IAAI,CAAC,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,qBAAqB;IACnD,MAAM,GAAG,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM;IACrC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,uBAAuB;IACxC,MAAM,KAAK,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,wBAAwB;IACnE,MAAM,QAAQ,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,yCAAyC;IACrE,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAA,gBAAG,EAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;IAC9E,MAAM,MAAM,GAAG,GAAG,KAAK,IAAA,gBAAG,EAAC,CAAC,CAAC,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,wCAAwC;IAC7F,IAAI,QAAQ;QAAE,CAAC,GAAG,KAAK,CAAC;IACxB,IAAI,QAAQ,IAAI,MAAM;QAAE,CAAC,GAAG,KAAK,CAAC,CAAC,yCAAyC;IAC5E,IAAI,IAAA,yBAAY,EAAC,CAAC,EAAE,CAAC,CAAC;QAAE,CAAC,GAAG,IAAA,gBAAG,EAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,OAAO,EAAE,OAAO,EAAE,QAAQ,IAAI,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,eAAe;AACF,QAAA,wBAAwB,GAAG;IACtC,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;CACnE,CAAC;AAEF,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;AAE7C,MAAM,WAAW,GAAG;IAClB,WAAW;IACX,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IACb,6CAA6C;IAC7C,mEAAmE;IACnE,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC1F,sEAAsE;IACtE,EAAE;IACF,8CAA8C;IAC9C,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,8EAA8E,CAAC;IACzF,WAAW;IACX,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,IAAI,EAAE,eAAM;IACZ,WAAW,EAAX,mBAAW;IACX,iBAAiB;IACjB,OAAO;IACP,iGAAiG;IACjG,sBAAsB;IACtB,OAAO;CACC,CAAC;AAEE,QAAA,OAAO,GAAG,IAAA,2BAAc,EAAC,WAAW,CAAC,CAAC;AACnD,SAAS,cAAc,CAAC,IAAgB,EAAE,GAAe,EAAE,MAAe;IACxE,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC5D,OAAO,IAAA,mBAAW,EAChB,IAAA,mBAAW,EAAC,kCAAkC,CAAC,EAC/C,IAAI,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,EAC5C,GAAG,EACH,IAAI,CACL,CAAC;AACJ,CAAC;AACY,QAAA,UAAU,GAAG,IAAA,2BAAc,EAAC,EAAE,GAAG,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;AACxE,QAAA,SAAS,GAAG,IAAA,2BAAc,EAAC;IACtC,GAAG,WAAW;IACd,MAAM,EAAE,cAAc;IACtB,OAAO,EAAE,eAAM;CAChB,CAAC,CAAC;AAEU,QAAA,MAAM,GAAG,IAAA,0BAAU,EAAC;IAC/B,CAAC,EAAE,SAAS;IACZ,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,cAAc,EAAE,GAAG;IACnB,WAAW,EAAE,EAAE;IACf,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,UAAU,EAAE,CAAC,CAAS,EAAU,EAAE;QAChC,MAAM,CAAC,GAAG,SAAS,CAAC;QACpB,2BAA2B;QAC3B,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QACjD,OAAO,IAAA,gBAAG,EAAC,IAAA,iBAAI,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,iBAAiB;IACjB,WAAW,EAAX,mBAAW;CACZ,CAAC,CAAC;AAEH,6EAA6E;AAC7E,8EAA8E;AAC9E,mEAAmE;AAEnE,MAAM,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,iDAAiD;AAErG,MAAM,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,eAAe;AACrD,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,mBAAmB;AAC5D,MAAM,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,iDAAiD;AACrG,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAE9B,kBAAkB;AAClB,SAAS,kCAAkC,CAAC,CAAS;IACnD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAO,iBAAiB;IAC5C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,qBAAqB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,yEAAyE;IACvG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAE,kEAAkE;IAC7F,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAM,kBAAkB;IAC7C,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAI,0CAA0C;IACxE,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,4CAA4C;IAC3E,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,oDAAoD;IAClF,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,2DAA2D;IACzF,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,mEAAmE;IACjG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAK,mBAAmB;IAC9C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAS,qCAAqC;IAChE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,qCAAqC;IACnE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,2CAA2C;IACzE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,2CAA2C;IACzE,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,yDAAyD;IACzF,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,+DAA+D;IAC7F,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,sBAAsB;IACtD,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAS,mBAAmB;IAC9C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,uBAAuB;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,wBAAwB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,wEAAwE;IACxG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAG,kEAAkE;IAChG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAK,qBAAqB;IACnD,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAG,sBAAsB;IACpD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,sBAAsB;IACtD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAG,mEAAmE;IACjG,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAS,mBAAmB;IAC9C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,uBAAuB;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,wBAAwB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,wEAAwE;IACxG,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAU,kBAAkB;IAC7C,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAO,uBAAuB;IACrD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,wBAAwB;IACnD,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,8DAA8D;IAC9F,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAE,8DAA8D;IAC5F,IAAI,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAS,iDAAiD;IAC/E,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,oCAAoC;IAC1E,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,6BAA6B;AAC7E,CAAC;AAED,MAAM,eAAe,GAAG,IAAA,uBAAU,EAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;AACxF,SAAS,oCAAoC,CAAC,CAAS;IACrD,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,kCAAkC,CAAC,CAAC,CAAC,CAAC,CAAC,oEAAoE;IAC1I,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,sBAAsB;IACjD,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC,CAAC,oBAAoB;IACtD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,kDAAkD;IAC7E,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,sBAAsB;IACjD,IAAI,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,yEAAyE;IACpG,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB;IAC9C,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,qBAAqB;IACnD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACzD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACxD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACxD,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAExD,MAAM,GAAG,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB;IACvD,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,+BAA+B;AAC1F,CAAC;AACD,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,eAAO,CAAC,aAAa,EACrB,CAAC,OAAiB,EAAE,EAAE,CAAC,oCAAoC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACvE;IACE,GAAG,EAAE,mCAAmC;IACxC,SAAS,EAAE,mCAAmC;IAC9C,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa;AAEnC,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,CAAC,KAAK,YAAY,cAAc,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;AACrF,CAAC;AACD,iCAAiC;AACjC,MAAM,OAAO,GAAG,MAAM,CACpB,+EAA+E,CAChF,CAAC;AACF,YAAY;AACZ,MAAM,iBAAiB,GAAG,MAAM,CAC9B,+EAA+E,CAChF,CAAC;AACF,aAAa;AACb,MAAM,iBAAiB,GAAG,MAAM,CAC9B,+EAA+E,CAChF,CAAC;AACF,OAAO;AACP,MAAM,cAAc,GAAG,MAAM,CAC3B,8EAA8E,CAC/E,CAAC;AACF,SAAS;AACT,MAAM,cAAc,GAAG,MAAM,CAC3B,+EAA+E,CAChF,CAAC;AACF,yBAAyB;AACzB,MAAM,UAAU,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AAE5D,MAAM,QAAQ,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAC9F,MAAM,kBAAkB,GAAG,CAAC,KAAiB,EAAE,EAAE,CAC/C,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,IAAA,0BAAe,EAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,CAAC;AAI7D,uCAAuC;AACvC,kDAAkD;AAClD,SAAS,yBAAyB,CAAC,EAAU;IAC3C,MAAM,EAAE,CAAC,EAAE,GAAG,eAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,CAAC,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;IACjC,MAAM,GAAG,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;IACpC,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;IACtC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI;IAChD,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;IACxB,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;IAC7C,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI;IAC5D,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;IAC1B,IAAI,CAAC,IAAA,yBAAY,EAAC,EAAE,EAAE,CAAC,CAAC;QAAE,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU;QAAE,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI;IAC7B,IAAI,CAAC,UAAU;QAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI;IAC5B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;IACxD,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;IACjB,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;IAClC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC,KAAK;IAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;IAC/B,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;IAC/B,OAAO,IAAI,eAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED;;;;;;GAMG;AACH,MAAa,cAAc;IAIzB,0EAA0E;IAC1E,kDAAkD;IAClD,YAA6B,EAAiB;QAAjB,OAAE,GAAF,EAAE,CAAe;IAAG,CAAC;IAElD,MAAM,CAAC,UAAU,CAAC,EAAuB;QACvC,OAAO,IAAI,cAAc,CAAC,eAAO,CAAC,aAAa,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAQ;QACzB,GAAG,GAAG,IAAA,sBAAW,EAAC,eAAe,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,EAAE,GAAG,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO,IAAI,cAAc,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,GAAQ;QACrB,GAAG,GAAG,IAAA,sBAAW,EAAC,cAAc,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3C,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,eAAO,CAAC,KAAK,CAAC;QAC/B,MAAM,CAAC,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;QACjC,MAAM,GAAG,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;QACpC,MAAM,IAAI,GAAG,yEAAyE,CAAC;QACvF,MAAM,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAClC,qFAAqF;QACrF,iDAAiD;QACjD,IAAI,CAAC,IAAA,qBAAU,EAAC,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,IAAA,yBAAY,EAAC,CAAC,EAAE,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,cAAc;QAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1B,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1B,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI;QACxC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI;QAC7D,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAC5B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAChC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;QAChC,IAAI,IAAA,yBAAY,EAAC,CAAC,EAAE,CAAC,CAAC;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK;QAC1C,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK;QAC7B,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK;QAC3B,IAAI,CAAC,OAAO,IAAI,IAAA,yBAAY,EAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC;QACvE,OAAO,IAAI,cAAc,CAAC,IAAI,eAAO,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,CAAC,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC;QACjC,MAAM,GAAG,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;QAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC3B,4BAA4B;QAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1B,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAClC,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QACnC,IAAI,CAAS,CAAC,CAAC,IAAI;QACnB,IAAI,IAAA,yBAAY,EAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,EAAE;YAC7B,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;YAC1B,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;YAC1B,CAAC,GAAG,EAAE,CAAC;YACP,CAAC,GAAG,EAAE,CAAC;YACP,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,iBAAiB,CAAC,CAAC;SACjC;aAAM;YACL,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI;SACb;QACD,IAAI,IAAA,yBAAY,EAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;QAChD,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,wCAAwC;QAClE,IAAI,IAAA,yBAAY,EAAC,CAAC,EAAE,CAAC,CAAC;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK;IACtC,CAAC;IAED,KAAK;QACH,OAAO,IAAA,qBAAU,EAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,gCAAgC;IAChC,MAAM,CAAC,KAAqB;QAC1B,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,GAAG,GAAG,eAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC;QACpC,8CAA8C;QAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,OAAO,GAAG,IAAI,GAAG,CAAC;IACpB,CAAC;IAED,GAAG,CAAC,KAAqB;QACvB,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,QAAQ,CAAC,KAAqB;QAC5B,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,QAAQ,CAAC,MAAc;QACrB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAED,cAAc,CAAC,MAAc;QAC3B,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IAC5D,CAAC;;AAhIH,wCAiIC;AAhIQ,mBAAI,GAAG,IAAI,cAAc,CAAC,eAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;AACtD,mBAAI,GAAG,IAAI,cAAc,CAAC,eAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;AAiI/D,qEAAqE;AACrE,uCAAuC;AAChC,MAAM,oBAAoB,GAAG,CAAC,GAAe,EAAE,OAAyB,EAAE,EAAE;IACjF,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC;IACtB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAA,mBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,MAAM,aAAa,GAAG,GAAG,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,eAAM,CAAC,CAAC;IACnE,MAAM,CAAC,GAAG,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IACpD,OAAO,CAAC,CAAC;AACX,CAAC,CAAC;AANW,QAAA,oBAAoB,wBAM/B"}
|
package/ed448.js
CHANGED
|
@@ -1,17 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.encodeToCurve = exports.hashToCurve = exports.x448 = exports.ed448ph = exports.ed448 = void 0;
|
|
1
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
const sha3_1 = require("@noble/hashes/sha3");
|
|
6
|
+
const utils_1 = require("@noble/hashes/utils");
|
|
7
|
+
const edwards_js_1 = require("./abstract/edwards.js");
|
|
8
|
+
const modular_js_1 = require("./abstract/modular.js");
|
|
9
|
+
const montgomery_js_1 = require("./abstract/montgomery.js");
|
|
10
|
+
const htf = require("./abstract/hash-to-curve.js");
|
|
8
11
|
/**
|
|
9
12
|
* Edwards448 (not Ed448-Goldilocks) curve with following addons:
|
|
10
13
|
* * X448 ECDH
|
|
11
14
|
* Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2
|
|
12
15
|
*/
|
|
13
|
-
const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));
|
|
14
|
-
const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));
|
|
16
|
+
const shake256_114 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 114 }));
|
|
17
|
+
const shake256_64 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 64 }));
|
|
15
18
|
const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');
|
|
16
19
|
// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.
|
|
17
20
|
// Used for efficient square root calculation.
|
|
@@ -24,17 +27,17 @@ function ed448_pow_Pminus3div4(x) {
|
|
|
24
27
|
const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);
|
|
25
28
|
const b2 = (x * x * x) % P;
|
|
26
29
|
const b3 = (b2 * b2 * x) % P;
|
|
27
|
-
const b6 = (pow2(b3, _3n, P) * b3) % P;
|
|
28
|
-
const b9 = (pow2(b6, _3n, P) * b3) % P;
|
|
29
|
-
const b11 = (pow2(b9, _2n, P) * b2) % P;
|
|
30
|
-
const b22 = (pow2(b11, _11n, P) * b11) % P;
|
|
31
|
-
const b44 = (pow2(b22, _22n, P) * b22) % P;
|
|
32
|
-
const b88 = (pow2(b44, _44n, P) * b44) % P;
|
|
33
|
-
const b176 = (pow2(b88, _88n, P) * b88) % P;
|
|
34
|
-
const b220 = (pow2(b176, _44n, P) * b44) % P;
|
|
35
|
-
const b222 = (pow2(b220, _2n, P) * b2) % P;
|
|
36
|
-
const b223 = (pow2(b222, _1n, P) * x) % P;
|
|
37
|
-
return (pow2(b223, _223n, P) * b222) % P;
|
|
30
|
+
const b6 = ((0, modular_js_1.pow2)(b3, _3n, P) * b3) % P;
|
|
31
|
+
const b9 = ((0, modular_js_1.pow2)(b6, _3n, P) * b3) % P;
|
|
32
|
+
const b11 = ((0, modular_js_1.pow2)(b9, _2n, P) * b2) % P;
|
|
33
|
+
const b22 = ((0, modular_js_1.pow2)(b11, _11n, P) * b11) % P;
|
|
34
|
+
const b44 = ((0, modular_js_1.pow2)(b22, _22n, P) * b22) % P;
|
|
35
|
+
const b88 = ((0, modular_js_1.pow2)(b44, _44n, P) * b44) % P;
|
|
36
|
+
const b176 = ((0, modular_js_1.pow2)(b88, _88n, P) * b88) % P;
|
|
37
|
+
const b220 = ((0, modular_js_1.pow2)(b176, _44n, P) * b44) % P;
|
|
38
|
+
const b222 = ((0, modular_js_1.pow2)(b220, _2n, P) * b2) % P;
|
|
39
|
+
const b223 = ((0, modular_js_1.pow2)(b222, _1n, P) * x) % P;
|
|
40
|
+
return ((0, modular_js_1.pow2)(b223, _223n, P) * b222) % P;
|
|
38
41
|
}
|
|
39
42
|
function adjustScalarBytes(bytes) {
|
|
40
43
|
// Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most
|
|
@@ -46,7 +49,7 @@ function adjustScalarBytes(bytes) {
|
|
|
46
49
|
bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)
|
|
47
50
|
return bytes;
|
|
48
51
|
}
|
|
49
|
-
const Fp =
|
|
52
|
+
const Fp = (0, modular_js_1.Fp)(ed448P, 456, true);
|
|
50
53
|
const ED448_DEF = {
|
|
51
54
|
// Param: a
|
|
52
55
|
a: BigInt(1),
|
|
@@ -65,13 +68,13 @@ const ED448_DEF = {
|
|
|
65
68
|
Gy: BigInt('298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'),
|
|
66
69
|
// SHAKE256(dom4(phflag,context)||x, 114)
|
|
67
70
|
hash: shake256_114,
|
|
68
|
-
randomBytes,
|
|
71
|
+
randomBytes: utils_1.randomBytes,
|
|
69
72
|
adjustScalarBytes,
|
|
70
73
|
// dom4
|
|
71
74
|
domain: (data, ctx, phflag) => {
|
|
72
75
|
if (ctx.length > 255)
|
|
73
76
|
throw new Error(`Context is too big: ${ctx.length}`);
|
|
74
|
-
return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
|
|
77
|
+
return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
|
|
75
78
|
},
|
|
76
79
|
// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.
|
|
77
80
|
// Uses algo from RFC8032 5.1.3.
|
|
@@ -83,22 +86,22 @@ const ED448_DEF = {
|
|
|
83
86
|
// following trick, to use a single modular powering for both the
|
|
84
87
|
// inversion of v and the square root:
|
|
85
88
|
// x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)
|
|
86
|
-
const u2v = mod(u * u * v, P); // u²v
|
|
87
|
-
const u3v = mod(u2v * u, P); // u³v
|
|
88
|
-
const u5v3 = mod(u3v * u2v * v, P); // u⁵v³
|
|
89
|
+
const u2v = (0, modular_js_1.mod)(u * u * v, P); // u²v
|
|
90
|
+
const u3v = (0, modular_js_1.mod)(u2v * u, P); // u³v
|
|
91
|
+
const u5v3 = (0, modular_js_1.mod)(u3v * u2v * v, P); // u⁵v³
|
|
89
92
|
const root = ed448_pow_Pminus3div4(u5v3);
|
|
90
|
-
const x = mod(u3v * root, P);
|
|
93
|
+
const x = (0, modular_js_1.mod)(u3v * root, P);
|
|
91
94
|
// Verify that root is exists
|
|
92
|
-
const x2 = mod(x * x, P); // x²
|
|
95
|
+
const x2 = (0, modular_js_1.mod)(x * x, P); // x²
|
|
93
96
|
// If vx² = u, the recovered x-coordinate is x. Otherwise, no
|
|
94
97
|
// square root exists, and the decoding fails.
|
|
95
|
-
return { isValid: mod(x2 * v, P) === u, value: x };
|
|
98
|
+
return { isValid: (0, modular_js_1.mod)(x2 * v, P) === u, value: x };
|
|
96
99
|
},
|
|
97
100
|
};
|
|
98
|
-
|
|
101
|
+
exports.ed448 = (0, edwards_js_1.twistedEdwards)(ED448_DEF);
|
|
99
102
|
// NOTE: there is no ed448ctx, since ed448 supports ctx by default
|
|
100
|
-
|
|
101
|
-
|
|
103
|
+
exports.ed448ph = (0, edwards_js_1.twistedEdwards)({ ...ED448_DEF, preHash: shake256_64 });
|
|
104
|
+
exports.x448 = (0, montgomery_js_1.montgomery)({
|
|
102
105
|
a: BigInt(156326),
|
|
103
106
|
montgomeryBits: 448,
|
|
104
107
|
nByteLength: 57,
|
|
@@ -107,11 +110,11 @@ export const x448 = montgomery({
|
|
|
107
110
|
powPminus2: (x) => {
|
|
108
111
|
const P = ed448P;
|
|
109
112
|
const Pminus3div4 = ed448_pow_Pminus3div4(x);
|
|
110
|
-
const Pminus3 = pow2(Pminus3div4, BigInt(2), P);
|
|
111
|
-
return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2
|
|
113
|
+
const Pminus3 = (0, modular_js_1.pow2)(Pminus3div4, BigInt(2), P);
|
|
114
|
+
return (0, modular_js_1.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2
|
|
112
115
|
},
|
|
113
116
|
adjustScalarBytes,
|
|
114
|
-
randomBytes,
|
|
117
|
+
randomBytes: utils_1.randomBytes,
|
|
115
118
|
// The 4-isogeny maps between the Montgomery curve and this Edwards
|
|
116
119
|
// curve are:
|
|
117
120
|
// (u, v) = (y^2/x^2, (2 - x^2 - y^2)*y/x^3)
|
|
@@ -200,14 +203,15 @@ function map_to_curve_elligator2_edwards448(u) {
|
|
|
200
203
|
const inv = Fp.invertBatch([xEd, yEd]); // batch division
|
|
201
204
|
return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)
|
|
202
205
|
}
|
|
203
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {
|
|
206
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.ed448.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {
|
|
204
207
|
DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',
|
|
205
208
|
encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',
|
|
206
209
|
p: Fp.ORDER,
|
|
207
210
|
m: 1,
|
|
208
211
|
k: 224,
|
|
209
212
|
expand: 'xof',
|
|
210
|
-
hash: shake256,
|
|
213
|
+
hash: sha3_1.shake256,
|
|
211
214
|
});
|
|
212
|
-
|
|
215
|
+
exports.hashToCurve = hashToCurve;
|
|
216
|
+
exports.encodeToCurve = encodeToCurve;
|
|
213
217
|
//# sourceMappingURL=ed448.js.map
|