@noble/curves 1.9.7 → 2.0.0-beta.2

package/abstract/montgomery.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.montgomery = montgomery;
 /**
  * Montgomery curve methods. It's not really whole montgomery curve,
  * just bunch of very specific methods for X25519 / X448 from
@@ -8,25 +5,26 @@ exports.montgomery = montgomery;
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const utils_ts_1 = require("../utils.js");
-const modular_ts_1 = require("./modular.js");
+import { abytes, aInRange, bytesToNumberLE, copyBytes, numberToBytesLE, randomBytes, validateObject, } from "../utils.js";
+import { createKeygen } from "./curve.js";
+import { mod } from "./modular.js";
 const _0n = BigInt(0);
 const _1n = BigInt(1);
 const _2n = BigInt(2);
 function validateOpts(curve) {
-    (0, utils_ts_1._validateObject)(curve, {
+    validateObject(curve, {
         adjustScalarBytes: 'function',
         powPminus2: 'function',
     });
     return Object.freeze({ ...curve });
 }
-function montgomery(curveDef) {
+export function montgomery(curveDef) {
     const CURVE = validateOpts(curveDef);
     const { P, type, adjustScalarBytes, powPminus2, randomBytes: rand } = CURVE;
     const is25519 = type === 'x25519';
     if (!is25519 && type !== 'x448')
         throw new Error('invalid type');
-    const randomBytes_ = rand || utils_ts_1.randomBytes;
+    const randomBytes_ = rand || randomBytes;
     const montgomeryBits = is25519 ? 255 : 448;
     const fieldLen = is25519 ? 32 : 56;
     const Gu = is25519 ? BigInt(9) : BigInt(5);
@@ -43,13 +41,13 @@ function montgomery(curveDef) {
         ? BigInt(8) * _2n ** BigInt(251) - _1n
         : BigInt(4) * _2n ** BigInt(445) - _1n;
     const maxScalar = minScalar + maxAdded + _1n; // (inclusive)
-    const modP = (n) => (0, modular_ts_1.mod)(n, P);
+    const modP = (n) => mod(n, P);
     const GuBytes = encodeU(Gu);
     function encodeU(u) {
-        return (0, utils_ts_1.numberToBytesLE)(modP(u), fieldLen);
+        return numberToBytesLE(modP(u), fieldLen);
     }
     function decodeU(u) {
-        const _u = (0, utils_ts_1.ensureBytes)('u coordinate', u, fieldLen);
+        const _u = copyBytes(abytes(u, fieldLen, 'uCoordinate'));
         // RFC: When receiving such an array, implementations of X25519
         // (but not X448) MUST mask the most significant bit in the final byte.
         if (is25519)
@@ -58,10 +56,10 @@ function montgomery(curveDef) {
         // if they had been reduced modulo the field prime.  The non-canonical
         // values are 2^255 - 19 through 2^255 - 1 for X25519 and 2^448 - 2^224
         // - 1 through 2^448 - 1 for X448.
-        return modP((0, utils_ts_1.bytesToNumberLE)(_u));
+        return modP(bytesToNumberLE(_u));
     }
     function decodeScalar(scalar) {
-        return (0, utils_ts_1.bytesToNumberLE)(adjustScalarBytes((0, utils_ts_1.ensureBytes)('scalar', scalar, fieldLen)));
+        return bytesToNumberLE(adjustScalarBytes(copyBytes(abytes(scalar, fieldLen, 'scalar'))));
     }
     function scalarMult(scalar, u) {
         const pu = montgomeryLadder(decodeU(u), decodeScalar(scalar));
@@ -76,6 +74,8 @@ function montgomery(curveDef) {
     function scalarMultBase(scalar) {
         return scalarMult(scalar, GuBytes);
     }
+    const getPublicKey = scalarMultBase;
+    const getSharedSecret = scalarMult;
     // cswap from RFC7748 "example code"
     function cswap(swap, x_2, x_3) {
         // dummy = mask(swap) AND (x_2 XOR x_3)
@@ -93,8 +93,8 @@ function montgomery(curveDef) {
      * @returns new Point on Montgomery curve
      */
     function montgomeryLadder(u, scalar) {
-        (0, utils_ts_1.aInRange)('u', u, _0n, P);
-        (0, utils_ts_1.aInRange)('scalar', scalar, minScalar, maxScalar);
+        aInRange('u', u, _0n, P);
+        aInRange('scalar', scalar, minScalar, maxScalar);
         const k = scalar;
         const x_1 = u;
         let x_2 = _1n;
@@ -135,26 +135,19 @@ function montgomery(curveDef) {
         seed: fieldLen,
     };
     const randomSecretKey = (seed = randomBytes_(fieldLen)) => {
-        (0, utils_ts_1.abytes)(seed, lengths.seed);
+        abytes(seed, lengths.seed, 'seed');
         return seed;
     };
-    function keygen(seed) {
-        const secretKey = randomSecretKey(seed);
-        return { secretKey, publicKey: scalarMultBase(secretKey) };
-    }
-    const utils = {
-        randomSecretKey,
-        randomPrivateKey: randomSecretKey,
-    };
-    return {
-        keygen,
-        getSharedSecret: (secretKey, publicKey) => scalarMult(secretKey, publicKey),
-        getPublicKey: (secretKey) => scalarMultBase(secretKey),
+    const utils = { randomSecretKey };
+    return Object.freeze({
+        keygen: createKeygen(randomSecretKey, getPublicKey),
+        getSharedSecret,
+        getPublicKey,
         scalarMult,
         scalarMultBase,
         utils,
         GuBytes: GuBytes.slice(),
         lengths,
-    };
+    });
 }
 //# sourceMappingURL=montgomery.js.map

package/abstract/montgomery.js.map

@@ -1 +1 @@
-{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":";;AAwDA,gCAyIC;AAjMD;;;;;GAKG;AACH,sEAAsE;AACtE,0CAQqB;AAErB,6CAAmC;AAEnC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AA2BtB,SAAS,YAAY,CAAC,KAAgB;IACpC,IAAA,0BAAe,EAAC,KAAK,EAAE;QACrB,iBAAiB,EAAE,UAAU;QAC7B,UAAU,EAAE,UAAU;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAW,CAAC,CAAC;AAC9C,CAAC;AAED,SAAgB,UAAU,CAAC,QAAmB;IAC5C,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;IAC5E,MAAM,OAAO,GAAG,IAAI,KAAK,QAAQ,CAAC;IAClC,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,IAAI,IAAI,sBAAW,CAAC;IAEzC,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3C,eAAe;IACf,0EAA0E;IAC1E,6CAA6C;IAC7C,yCAAyC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrD,+DAA+D;IAC/D,2DAA2D;IAC3D,4EAA4E;IAC5E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,OAAO;QACtB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG;QACtC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACzC,MAAM,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,cAAc;IAC5D,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5B,SAAS,OAAO,CAAC,CAAS;QACxB,OAAO,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IACD,SAAS,OAAO,CAAC,CAAM;QACrB,MAAM,EAAE,GAAG,IAAA,sBAAW,EAAC,cAAc,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;QACpD,+DAA+D;QAC/D,uEAAuE;QACvE,IAAI,OAAO;YAAE,EAAE,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;QAC1C,4EAA4E;QAC5E,sEAAsE;QACtE,uEAAuE;QACvE,kCAAkC;QAClC,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC;IACD,SAAS,YAAY,CAAC,MAAW;QAC/B,OAAO,IAAA,0BAAe,EAAC,iBAAiB,CAAC,IAAA,sBAAW,EAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IACD,SAAS,UAAU,CAAC,MAAW,EAAE,CAAM;QACrC,MAAM,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,yEAAyE;QACzE,sDAAsD;QACtD,sCAAsC;QACtC,IAAI,EAAE,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC1E,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;IACrB,CAAC;IACD,kFAAkF;IAClF,SAAS,cAAc,CAAC,MAAW;QACjC,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,oCAAoC;IACpC,SAAS,KAAK,CAAC,IAAY,EAAE,GAAW,EAAE,GAAW;QACnD,uCAAuC;QACvC,wEAAwE;QACxE,qDAAqD;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QACvC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB;QAC/C,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB;QAC/C,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;;;;OAKG;IACH,SAAS,gBAAgB,CAAC,CAAS,EAAE,MAAc;QACjD,IAAA,mBAAQ,EAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACzB,IAAA,mBAAQ,EAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,GAAG,MAAM,CAAC;QACjB,MAAM,GAAG,GAAG,CAAC,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,IAAI,GAAG,GAAG,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YACvD,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;YAC3B,IAAI,IAAI,GAAG,CAAC;YACZ,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YACvC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YACjD,IAAI,GAAG,GAAG,CAAC;YAEX,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC;YACtC,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACpB,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;QACD,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACvC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAC7E,OAAO,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,6BAA6B;IACtD,CAAC;IACD,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,QAAQ;QACnB,IAAI,EAAE,QAAQ;KACf,CAAC;IACF,MAAM,eAAe,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE;QACxD,IAAA,iBAAM,EAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IACF,SAAS,MAAM,CAAC,IAAiB;QAC/B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;IAC7D,CAAC;IACD,MAAM,KAAK,GAAG;QACZ,eAAe;QACf,gBAAgB,EAAE,eAAe;KAClC,CAAC;IACF,OAAO;QACL,MAAM;QACN,eAAe,EAAE,CAAC,SAAc,EAAE,SAAc,EAAE,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,SAAS,CAAC;QACrF,YAAY,EAAE,CAAC,SAAc,EAAc,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC;QACvE,UAAU;QACV,cAAc;QACd,KAAK;QACL,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE;QACxB,OAAO;KACR,CAAC;AACJ,CAAC"}
+{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,sEAAsE;AACtE,OAAO,EACL,MAAM,EACN,QAAQ,EACR,eAAe,EACf,SAAS,EACT,eAAe,EACf,WAAW,EACX,cAAc,GAEf,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAqB,MAAM,YAAY,CAAC;AAC7D,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAEnC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAuBtB,SAAS,YAAY,CAAC,KAAqB;IACzC,cAAc,CAAC,KAAK,EAAE;QACpB,iBAAiB,EAAE,UAAU;QAC7B,UAAU,EAAE,UAAU;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAW,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,QAAwB;IACjD,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,UAAU,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;IAC5E,MAAM,OAAO,GAAG,IAAI,KAAK,QAAQ,CAAC;IAClC,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,IAAI,IAAI,WAAW,CAAC;IAEzC,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3C,eAAe;IACf,0EAA0E;IAC1E,6CAA6C;IAC7C,yCAAyC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrD,+DAA+D;IAC/D,2DAA2D;IAC3D,4EAA4E;IAC5E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,OAAO;QACtB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG;QACtC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACzC,MAAM,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,cAAc;IAC5D,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5B,SAAS,OAAO,CAAC,CAAS;QACxB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IACD,SAAS,OAAO,CAAC,CAAa;QAC5B,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;QACzD,+DAA+D;QAC/D,uEAAuE;QACvE,IAAI,OAAO;YAAE,EAAE,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;QAC1C,4EAA4E;QAC5E,sEAAsE;QACtE,uEAAuE;QACvE,kCAAkC;QAClC,OAAO,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC;IACD,SAAS,YAAY,CAAC,MAAkB;QACtC,OAAO,eAAe,CAAC,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IACD,SAAS,UAAU,CAAC,MAAkB,EAAE,CAAa;QACnD,MAAM,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,yEAAyE;QACzE,sDAAsD;QACtD,sCAAsC;QACtC,IAAI,EAAE,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC1E,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;IACrB,CAAC;IACD,kFAAkF;IAClF,SAAS,cAAc,CAAC,MAAkB;QACxC,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,YAAY,GAAG,cAAc,CAAC;IACpC,MAAM,eAAe,GAAG,UAAU,CAAC;IAEnC,oCAAoC;IACpC,SAAS,KAAK,CAAC,IAAY,EAAE,GAAW,EAAE,GAAW;QACnD,uCAAuC;QACvC,wEAAwE;QACxE,qDAAqD;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QACvC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB;QAC/C,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB;QAC/C,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;;;;OAKG;IACH,SAAS,gBAAgB,CAAC,CAAS,EAAE,MAAc;QACjD,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,GAAG,MAAM,CAAC;QACjB,MAAM,GAAG,GAAG,CAAC,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,IAAI,GAAG,GAAG,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YACvD,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;YAC3B,IAAI,IAAI,GAAG,CAAC;YACZ,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YACvC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YACjD,IAAI,GAAG,GAAG,CAAC;YAEX,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC;YACtC,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACpB,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;QACD,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACvC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAC7E,OAAO,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,6BAA6B;IACtD,CAAC;IACD,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,QAAQ;QACnB,IAAI,EAAE,QAAQ;KACf,CAAC;IACF,MAAM,eAAe,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE;QACxD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IACF,MAAM,KAAK,GAAG,EAAE,eAAe,EAAE,CAAC;IAElC,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM,EAAE,YAAY,CAAC,eAAe,EAAE,YAAY,CAAC;QACnD,eAAe;QACf,YAAY;QACZ,UAAU;QACV,cAAc;QACd,KAAK;QACL,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE;QACxB,OAAO;KACR,CAAsB,CAAC;AAC1B,CAAC"}

package/abstract/oprf.d.ts

@@ -0,0 +1,282 @@
+/**
+ * RFC 9497: Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups.
+ * https://www.rfc-editor.org/rfc/rfc9497
+ *
+
+OPRF allows to interactively create an `Output = PRF(Input, serverSecretKey)`:
+
+- Server cannot calculate Output by itself: it doesn't know Input
+- Client cannot calculate Output by itself: it doesn't know server secretKey
+- An attacker interception the communication can't restore Input/Output/serverSecretKey and can't
+  link Input to some value.
+
+## Issues
+
+- Low-entropy inputs (e.g. password '123') enable brute-forced dictionary attacks by the server
+  (solveable by domain separation in POPRF)
+- High-level protocol needs to be constructed on top, because OPRF is low-level
+
+## Use cases
+
+1. **Password-Authenticated Key Exchange (PAKE):** Enables secure password login (e.g., OPAQUE)
+   without revealing the password to the server.
+2. **Private Set Intersection (PSI):** Allows two parties to compute the intersection of their
+   private sets without revealing non-intersecting elements.
+3. **Anonymous Credential Systems:** Supports issuance of anonymous, unlinkable credentials
+   (e.g., Privacy Pass) using blind OPRF evaluation.
+4. **Private Information Retrieval (PIR):** Helps users query databases without revealing which
+   item they accessed.
+5. **Encrypted Search / Secure Indexing:** Enables keyword search over encrypted data while keeping
+   queries private.
+6. **Spam Prevention and Rate-Limiting:** Issues anonymous tokens to prevent abuse
+   (e.g., CAPTCHA bypass) without compromising user privacy.
+
+## Modes
+
+- OPRF: simple mode, client doesn't need to know server public key
+- VOPRF: verifable mode, allows client to verify that server used secret key corresponding to known public key
+- POPRF: partially oblivious mode, VOPRF + domain separation
+
+There is also non-interactive mode (Evaluate) that supports creating Output in non-interactive mode with knowledge of secret key.
+
+Flow:
+- (once) Server generates secret and public keys, distributes public keys to clients
+  - deterministically: `deriveKeyPair` or just random: `generateKeyPair`
+- Client blinds input: `blind(secretInput)`
+- Server evaluates blinded input: `blindEvaluate` generated by client, sends result to client
+- Client creates output using result of evaluation via 'finalize'
+
+ * @module
+ */
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+import { randomBytes } from '../utils.ts';
+import { type CurvePoint, type CurvePointCons } from './curve.ts';
+import { type H2CDSTOpts } from './hash-to-curve.ts';
+export type PointBytes = Uint8Array;
+export type ScalarBytes = Uint8Array;
+export type Bytes = Uint8Array;
+export type RNG = typeof randomBytes;
+export type OPRFOpts<P extends CurvePoint<any, P>> = {
+    name: string;
+    Point: CurvePointCons<P>;
+    hash(msg: Bytes): Bytes;
+    hashToScalar(msg: Uint8Array, options: H2CDSTOpts): bigint;
+    hashToGroup(msg: Uint8Array, options: H2CDSTOpts): P;
+};
+export type OPRFKeys = {
+    secretKey: ScalarBytes;
+    publicKey: PointBytes;
+};
+export type OPRFBlind = {
+    blind: Uint8Array;
+    blinded: Uint8Array;
+};
+export type OPRFBlindEval = {
+    evaluated: PointBytes;
+    proof: Bytes;
+};
+export type OPRFBlindEvalBatch = {
+    evaluated: PointBytes[];
+    proof: Bytes;
+};
+export type OPRFFinalizeItem = {
+    input: Bytes;
+    blind: ScalarBytes;
+    evaluated: PointBytes;
+    blinded: PointBytes;
+};
+/**
+ * Represents a full OPRF ciphersuite implementation according to RFC 9497.
+ * This object bundles the three protocol variants (OPRF, VOPRF, POPRF) for a specific
+ * prime-order group and hash function combination.
+ *
+ * @see https://www.rfc-editor.org/rfc/rfc9497.html
+ */
+export type OPRF = {
+    /**
+     * The unique identifier for the ciphersuite, e.g., "ristretto255-SHA512".
+     * This name is used for domain separation to prevent cross-protocol attacks.
+     */
+    readonly name: string;
+    /**
+     * The base Oblivious Pseudorandom Function (OPRF) mode (mode 0x00).
+     * This is a two-party protocol between a client and a server to compute F(k, x)
+     * where 'k' is the server's key and 'x' is the client's input.
+     *
+     * The client learns the output F(k, x) but nothing about 'k'.
+     * The server learns nothing about 'x' or F(k, x).
+     * This mode is NOT verifiable; the client cannot prove the server used a specific key.
+     */
+    readonly oprf: {
+        /**
+         * (Server-side) Generates a new random private/public key pair for the server.
+         * @returns A new key pair.
+         */
+        generateKeyPair(): OPRFKeys;
+        /**
+         * (Server-side) Deterministically derives a private/public key pair from a seed.
+         * @param seed A 32-byte cryptographically secure random seed.
+         * @param keyInfo An optional byte string for domain separation.
+         * @returns The derived key pair.
+         */
+        deriveKeyPair(seed: Bytes, keyInfo: Bytes): OPRFKeys;
+        /**
+         * (Client-side) The first step of the protocol. The client blinds its private input.
+         * @param input The client's private input bytes.
+         * @param rng An optional cryptographically secure random number generator.
+         * @returns An object containing the `blind` scalar (which the client MUST keep secret)
+         * and the `blinded` element (which the client sends to the server).
+         */
+        blind(input: Bytes, rng?: RNG): OPRFBlind;
+        /**
+         * (Server-side) The second step. The server evaluates the client's blinded element
+         * using its secret key.
+         * @param secretKey The server's private key.
+         * @param blinded The blinded group element received from the client.
+         * @returns The evaluated group element, to be sent back to the client.
+         */
+        blindEvaluate(secretKey: ScalarBytes, blinded: PointBytes): PointBytes;
+        /**
+         * (Client-side) The final step. The client unblinds the server's response to
+         * compute the final OPRF output.
+         * @param input The original private input from the `blind` step.
+         * @param blind The secret scalar from the `blind` step.
+         * @param evaluated The evaluated group element received from the server.
+         * @returns The final OPRF output, `Hash(len(input)||input||len(unblinded)||unblinded||"Finalize")`.
+         */
+        finalize(input: Bytes, blind: ScalarBytes, evaluated: PointBytes): Bytes;
+    };
+    /**
+     * The Verifiable Oblivious Pseudorandom Function (VOPRF) mode (mode 0x01).
+     * This mode extends the base OPRF by providing a proof that the server used the
+     * secret key corresponding to its known public key.
+     */
+    readonly voprf: {
+        /** (Server-side) Generates a key pair for the VOPRF mode. */
+        generateKeyPair(): OPRFKeys;
+        /** (Server-side) Deterministically derives a key pair for the VOPRF mode. */
+        deriveKeyPair(seed: Bytes, keyInfo: Bytes): OPRFKeys;
+        /** (Client-side) Blinds the client's private input for the VOPRF protocol. */
+        blind(input: Bytes, rng?: RNG): OPRFBlind;
+        /**
+         * (Server-side) Evaluates the client's blinded element and generates a DLEQ proof
+         * of correctness.
+         * @param secretKey The server's private key.
+         * @param publicKey The server's public key, used in proof generation.
+         * @param blinded The blinded group element received from the client.
+         * @param rng An optional cryptographically secure random number generator for the proof.
+         * @returns The evaluated element and a proof of correct computation.
+         */
+        blindEvaluate(secretKey: ScalarBytes, publicKey: PointBytes, blinded: PointBytes, rng?: RNG): OPRFBlindEval;
+        /**
+         * (Server-side) An optimized batch version of `blindEvaluate`. It evaluates multiple
+         * blinded elements and produces a single, constant-size proof for the entire batch,
+         * amortizing the cost of proof generation.
+         * @param secretKey The server's private key.
+         * @param publicKey The server's public key.
+         * @param blinded An array of blinded group elements from one or more clients.
+         * @param rng An optional cryptographically secure random number generator for the proof.
+         * @returns An array of evaluated elements and a single proof for the batch.
+         */
+        blindEvaluateBatch(secretKey: ScalarBytes, publicKey: PointBytes, blinded: PointBytes[], rng?: RNG): OPRFBlindEvalBatch;
+        /**
+         * (Client-side) The final step. The client verifies the server's proof, and if valid,
+         * unblinds the result to compute the final VOPRF output.
+         * @param input The original private input.
+         * @param blind The secret scalar from the `blind` step.
+         * @param evaluated The evaluated element from the server.
+         * @param blinded The blinded element sent to the server (needed for proof verification).
+         * @param publicKey The server's public key against which the proof is verified.
+         * @param proof The DLEQ proof from the server.
+         * @returns The final VOPRF output.
+         * @throws If the proof verification fails.
+         */
+        finalize(input: Bytes, blind: ScalarBytes, evaluated: PointBytes, blinded: PointBytes, publicKey: PointBytes, proof: Bytes): Bytes;
+        /**
+         * (Client-side) The batch-aware version of `finalize`. It verifies a single batch proof
+         * against a list of corresponding inputs and outputs.
+         * @param items An array of objects, each containing the parameters for a single finalization.
+         * @param publicKey The server's public key.
+         * @param proof The single DLEQ proof for the entire batch.
+         * @returns An array of final VOPRF outputs, one for each item in the input.
+         * @throws If the proof verification fails.
+         */
+        finalizeBatch(items: OPRFFinalizeItem[], publicKey: PointBytes, proof: Bytes): Bytes[];
+    };
+    /**
+     * A factory for the Partially Oblivious Pseudorandom Function (POPRF) mode (mode 0x02).
+     * This mode extends VOPRF to include a public `info` parameter, known to both client and
+     * server, which is cryptographically bound to the final output.
+     * This is useful for domain separation at the application level.
+     * @param info A public byte string to be mixed into the computation.
+     * @returns An object with the POPRF protocol functions.
+     */
+    readonly poprf: (info: Bytes) => {
+        /** (Server-side) Generates a key pair for the POPRF mode. */
+        generateKeyPair(): OPRFKeys;
+        /** (Server-side) Deterministically derives a key pair for the POPRF mode. */
+        deriveKeyPair(seed: Bytes, keyInfo: Bytes): OPRFKeys;
+        /**
+         * (Client-side) Blinds the client's private input and computes the "tweaked key".
+         * The tweaked key is a public value derived from the server's public key and the public `info`.
+         * @param input The client's private input.
+         * @param publicKey The server's public key.
+         * @param rng An optional cryptographically secure random number generator.
+         * @returns The `blind`, `blinded` element, and the `tweakedKey` which the client uses for verification.
+         */
+        blind(input: Bytes, publicKey: PointBytes, rng?: RNG): OPRFBlind & {
+            tweakedKey: PointBytes;
+        };
+        /**
+         * (Server-side) Evaluates the blinded element using a key derived from its secret key and the public `info`.
+         * It generates a DLEQ proof against the tweaked key.
+         * @param secretKey The server's private key.
+         * @param blinded The blinded element from the client.
+         * @param rng An optional RNG for the proof.
+         * @returns The evaluated element and a proof of correct computation.
+         */
+        blindEvaluate(secretKey: ScalarBytes, blinded: PointBytes, rng?: RNG): OPRFBlindEval;
+        /**
+         * (Server-side) A batch-aware version of `blindEvaluate` for the POPRF mode.
+         * @param secretKey The server's private key.
+         * @param blinded An array of blinded elements.
+         * @param rng An optional RNG for the proof.
+         * @returns An array of evaluated elements and a single proof for the batch.
+         */
+        blindEvaluateBatch(secretKey: ScalarBytes, blinded: PointBytes[], rng: RNG): OPRFBlindEvalBatch;
+        /**
+         * (Client-side) A batch-aware version of `finalize` for the POPRF mode.
+         * It verifies the proof against the tweaked key.
+         * @param items An array containing the parameters for each finalization.
+         * @param proof The single DLEQ proof for the batch.
+         * @param tweakedKey The tweaked key corresponding to the proof (all items must share the same `info` and `publicKey`).
+         * @returns An array of final POPRF outputs.
+         * @throws If proof verification fails.
+         */
+        finalizeBatch(items: OPRFFinalizeItem[], proof: Bytes, tweakedKey: PointBytes): Bytes[];
+        /**
+         * (Client-side) Finalizes the POPRF protocol. It verifies the server's proof against the
+         * `tweakedKey` computed in the `blind` step. The final output is bound to the public `info`.
+         * @param input The original private input.
+         * @param blind The secret scalar.
+         * @param evaluated The evaluated element from the server.
+         * @param blinded The blinded element sent to the server.
+         * @param proof The DLEQ proof from the server.
+         * @param tweakedKey The public tweaked key computed by the client during the `blind` step.
+         * @returns The final POPRF output.
+         * @throws If proof verification fails.
+         */
+        finalize(input: Bytes, blind: ScalarBytes, evaluated: PointBytes, blinded: PointBytes, proof: Bytes, tweakedKey: PointBytes): Bytes;
+        /**
+         * A non-interactive evaluation function for an entity that knows all inputs.
+         * Computes the final POPRF output directly. Useful for testing or specific applications
+         * where the server needs to compute the output for a known input.
+         * @param secretKey The server's private key.
+         * @param input The client's private input.
+         * @returns The final POPRF output.
+         */
+        evaluate(secretKey: ScalarBytes, input: Bytes): Bytes;
+    };
+};
+export declare function createORPF<P extends CurvePoint<any, P>>(opts: OPRFOpts<P>): OPRF;
+//# sourceMappingURL=oprf.d.ts.map

package/abstract/oprf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oprf.d.ts","sourceRoot":"","sources":["../src/abstract/oprf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,sEAAsE;AACtE,OAAO,EAOL,WAAW,EAEZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAa,KAAK,UAAU,EAAE,KAAK,cAAc,EAAE,MAAM,YAAY,CAAC;AAC7E,OAAO,EAAe,KAAK,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAIlE,MAAM,MAAM,UAAU,GAAG,UAAU,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,UAAU,CAAC;AACrC,MAAM,MAAM,KAAK,GAAG,UAAU,CAAC;AAC/B,MAAM,MAAM,GAAG,GAAG,OAAO,WAAW,CAAC;AAErC,MAAM,MAAM,QAAQ,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;IAEzB,IAAI,CAAC,GAAG,EAAE,KAAK,GAAG,KAAK,CAAC;IACxB,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,GAAG,MAAM,CAAC;IAC3D,WAAW,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,GAAG,CAAC,CAAC;CACtD,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IAAE,SAAS,EAAE,WAAW,CAAC;IAAC,SAAS,EAAE,UAAU,CAAA;CAAE,CAAC;AACzE,MAAM,MAAM,SAAS,GAAG;IAAE,KAAK,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC;AACnE,MAAM,MAAM,aAAa,GAAG;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAE,CAAC;AACpE,MAAM,MAAM,kBAAkB,GAAG;IAAE,SAAS,EAAE,UAAU,EAAE,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAE,CAAC;AAC3E,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,KAAK,CAAC;IACb,KAAK,EAAE,WAAW,CAAC;IACnB,SAAS,EAAE,UAAU,CAAC;IACtB,OAAO,EAAE,UAAU,CAAC;CACrB,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,IAAI,GAAG;IACjB;;;OAGG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;;;;;OAQG;IACH,QAAQ,CAAC,IAAI,EAAE;QACb;;;WAGG;QACH,eAAe,IAAI,QAAQ,CAAC;QAE5B;;;;;WAKG;QACH,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,QAAQ,CAAC;QAErD;;;;;;WAMG;QACH,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC;QAE1C;;;;;;WAMG;QACH,aAAa,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,GAAG,UAAU,CAAC;QAEvE;;;;;;;WAOG;QACH,QAAQ,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,GAAG,KAAK,CAAC;KAC1E,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE;QACd,6DAA6D;QAC7D,eAAe,IAAI,QAAQ,CAAC;QAC5B,6EAA6E;QAC7E,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,QAAQ,CAAC;QACrD,8EAA8E;QAC9E,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC;QAE1C;;;;;;;;WAQG;QACH,aAAa,CACX,SAAS,EAAE,WAAW,EACtB,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,GAAG,CAAC,EAAE,GAAG,GACR,aAAa,CAAC;QAEjB;;;;;;;;;WASG;QACH,kBAAkB,CAChB,SAAS,EAAE,WAAW,EACtB,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EAAE,EACrB,GAAG,CAAC,EAAE,GAAG,GACR,kBAAkB,CAAC;QAEtB;;;;;;;;;;;WAWG;QACH,QAAQ,CACN,KAAK,EAAE,KAAK,EACZ,KAAK,EAAE,WAAW,EAClB,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,EACrB,KAAK,EAAE,KAAK,GACX,KAAK,CAAC;QAET;;;;;;;;WAQG;QACH,aAAa,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,GAAG,KAAK,EAAE,CAAC;KACxF,CAAC;IAEF;;;;;;;OAOG;IACH,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK;QAC/B,6DAA6D;QAC7D,eAAe,IAAI,QAAQ,CAAC;QAC5B,6EAA6E;QAC7E,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,GAAG,QAAQ,CAAC;QAErD;;;;;;;WAOG;QACH,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,SAAS,GAAG;YAAE,UAAU,EAAE,UAAU,CAAA;SAAE,CAAC;QAE9F;;;;;;;WAOG;QACH,aAAa,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,aAAa,CAAC;QAErF;;;;;;WAMG;QACH,kBAAkB,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,GAAG,kBAAkB,CAAC;QAEhG;;;;;;;;WAQG;QACH,aAAa,CAAC,KAAK,EAAE,gBAAgB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,GAAG,KAAK,EAAE,CAAC;QAExF;;;;;;;;;;;WAWG;QACH,QAAQ,CACN,KAAK,EAAE,KAAK,EACZ,KAAK,EAAE,WAAW,EAClB,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,KAAK,EAAE,KAAK,EACZ,UAAU,EAAE,UAAU,GACrB,KAAK,CAAC;QAET;;;;;;;WAOG;QACH,QAAQ,CAAC,SAAS,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,GAAG,KAAK,CAAC;KACvD,CAAC;CACH,CAAC;AAGF,wBAAgB,UAAU,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAkRhF"}