@noble/post-quantum 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (47) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +300 -0
  3. package/_crystals.d.ts +34 -0
  4. package/_crystals.d.ts.map +1 -0
  5. package/_crystals.js +171 -0
  6. package/_crystals.js.map +1 -0
  7. package/esm/_crystals.js +167 -0
  8. package/esm/_crystals.js.map +1 -0
  9. package/esm/index.js +3 -0
  10. package/esm/index.js.map +1 -0
  11. package/esm/ml-dsa.js +529 -0
  12. package/esm/ml-dsa.js.map +1 -0
  13. package/esm/ml-kem.js +361 -0
  14. package/esm/ml-kem.js.map +1 -0
  15. package/esm/package.json +10 -0
  16. package/esm/slh-dsa.js +602 -0
  17. package/esm/slh-dsa.js.map +1 -0
  18. package/esm/utils.js +86 -0
  19. package/esm/utils.js.map +1 -0
  20. package/index.d.ts +1 -0
  21. package/index.d.ts.map +1 -0
  22. package/index.js +3 -0
  23. package/index.js.map +1 -0
  24. package/ml-dsa.d.ts +37 -0
  25. package/ml-dsa.d.ts.map +1 -0
  26. package/ml-dsa.js +532 -0
  27. package/ml-dsa.js.map +1 -0
  28. package/ml-kem.d.ts +134 -0
  29. package/ml-kem.d.ts.map +1 -0
  30. package/ml-kem.js +364 -0
  31. package/ml-kem.js.map +1 -0
  32. package/package.json +100 -0
  33. package/slh-dsa.d.ts +70 -0
  34. package/slh-dsa.d.ts.map +1 -0
  35. package/slh-dsa.js +605 -0
  36. package/slh-dsa.js.map +1 -0
  37. package/src/_crystals.ts +197 -0
  38. package/src/index.ts +1 -0
  39. package/src/ml-dsa.ts +569 -0
  40. package/src/ml-kem.ts +403 -0
  41. package/src/package.json +3 -0
  42. package/src/slh-dsa.ts +771 -0
  43. package/src/utils.ts +113 -0
  44. package/utils.d.ts +38 -0
  45. package/utils.d.ts.map +1 -0
  46. package/utils.js +94 -0
  47. package/utils.js.map +1 -0
package/esm/ml-dsa.js ADDED
@@ -0,0 +1,529 @@
1
+ /*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
2
+ import { shake256 } from '@noble/hashes/sha3';
3
+ import { genCrystals, XOF128, XOF256, XOF_AES } from './_crystals.js';
4
+ import { cleanBytes, ensureBytes, equalBytes, randomBytes, splitCoder, vecCoder, } from './utils.js';
5
+ /*
6
+ Lattice-based digital signature algorithm. See
7
+ [official site](https://www.pq-crystals.org/dilithium/index.shtml),
8
+ [repo](https://github.com/pq-crystals/dilithium).
9
+ Dilithium has similar internals to Kyber, but their keys and params are different.
10
+
11
+ Three versions are provided:
12
+
13
+ 1. Dilithium v3.0, v3.0 AES
14
+ 2. Dilithium v3.1, v3.1 AES
15
+ 3. ML-DSA aka [FIPS-204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf)
16
+ */
17
+ // Constants
18
+ const N = 256;
19
+ // 2**23 − 2**13 + 1, 23 bits: multiply will be 46. We have enough precision in JS to avoid bigints
20
+ const Q = 8380417;
21
+ const ROOT_OF_UNITY = 1753;
22
+ // f = 256**−1 mod q, pow(256, -1, q) = 8347681 (python3)
23
+ const F = 8347681;
24
+ const D = 13;
25
+ // Dilithium is kinda parametrized over GAMMA2, but everything will break with any other value.
26
+ const GAMMA2_1 = Math.floor((Q - 1) / 88) | 0;
27
+ const GAMMA2_2 = Math.floor((Q - 1) / 32) | 0;
28
+ // prettier-ignore
29
+ export const PARAMS = {
30
+ 2: { K: 4, L: 4, D, GAMMA1: 2 ** 17, GAMMA2: GAMMA2_1, TAU: 39, ETA: 2, OMEGA: 80 },
31
+ 3: { K: 6, L: 5, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 49, ETA: 4, OMEGA: 55 },
32
+ 5: { K: 8, L: 7, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 60, ETA: 2, OMEGA: 75 },
33
+ };
34
+ const newPoly = (n) => new Int32Array(n);
35
+ const { mod, smod, NTT, bitsCoder } = genCrystals({
36
+ N,
37
+ Q,
38
+ F,
39
+ ROOT_OF_UNITY,
40
+ newPoly,
41
+ isKyber: false,
42
+ brvBits: 8,
43
+ });
44
+ const polyCoder = (d, compress) => bitsCoder(d, {
45
+ encode: (i) => (compress ? compress(i) : i),
46
+ decode: (i) => (compress ? compress(i) : i),
47
+ });
48
+ const polyAdd = (a, b) => {
49
+ for (let i = 0; i < a.length; i++)
50
+ a[i] = mod(a[i] + b[i]);
51
+ return a;
52
+ };
53
+ const polySub = (a, b) => {
54
+ for (let i = 0; i < a.length; i++)
55
+ a[i] = mod(a[i] - b[i]);
56
+ return a;
57
+ };
58
+ const polyShiftl = (p) => {
59
+ for (let i = 0; i < N; i++)
60
+ p[i] <<= D;
61
+ return p;
62
+ };
63
+ const polyChknorm = (p, B) => {
64
+ // Not very sure about this, but FIPS204 doesn't provide any function for that :(
65
+ for (let i = 0; i < N; i++)
66
+ if (Math.abs(smod(p[i])) >= B)
67
+ return true;
68
+ return false;
69
+ };
70
+ const MultiplyNTTs = (a, b) => {
71
+ // NOTE: we don't use montgomery reduction in code, since it requires 64 bit ints,
72
+ // which is not available in JS. mod(a[i] * b[i]) is ok, since Q is 23 bit,
73
+ // which means a[i] * b[i] is 46 bit, which is safe to use in JS. (number is 53 bits).
74
+ // Barrett reduction is slower than mod :(
75
+ const c = newPoly(N);
76
+ for (let i = 0; i < a.length; i++)
77
+ c[i] = mod(a[i] * b[i]);
78
+ return c;
79
+ };
80
+ // Return poly in NTT representation
81
+ function RejNTTPoly(xof) {
82
+ // Samples a polynomial ∈ Tq.
83
+ const r = newPoly(N);
84
+ // NOTE: we can represent 3xu24 as 4xu32, but it doesn't improve perf :(
85
+ for (let j = 0; j < N;) {
86
+ const b = xof();
87
+ if (b.length % 3)
88
+ throw new Error('RejNTTPoly: unaligned block');
89
+ for (let i = 0; j < N && i <= b.length - 3; i += 3) {
90
+ const t = (b[i + 0] | (b[i + 1] << 8) | (b[i + 2] << 16)) & 0x7fffff; // 3 bytes
91
+ if (t < Q)
92
+ r[j++] = t;
93
+ }
94
+ }
95
+ return r;
96
+ }
97
+ function getDilithium(opts) {
98
+ const { K, L, GAMMA1, GAMMA2, TAU, ETA, OMEGA } = opts;
99
+ const { FIPS204, V31, CRH_BYTES, TR_BYTES, C_TILDE_BYTES, XOF128, XOF256 } = opts;
100
+ if (![2, 4].includes(ETA))
101
+ throw new Error('Wrong ETA');
102
+ if (![1 << 17, 1 << 19].includes(GAMMA1))
103
+ throw new Error('Wrong GAMMA1');
104
+ if (![GAMMA2_1, GAMMA2_2].includes(GAMMA2))
105
+ throw new Error('Wrong GAMMA2');
106
+ const BETA = TAU * ETA;
107
+ const decompose = (r) => {
108
+ // Decomposes r into (r1, r0) such that r ≡ r1(2γ2) + r0 mod q.
109
+ const rPlus = mod(r);
110
+ const r0 = smod(rPlus, 2 * GAMMA2) | 0;
111
+ if (rPlus - r0 === Q - 1)
112
+ return { r1: 0 | 0, r0: (r0 - 1) | 0 };
113
+ const r1 = Math.floor((rPlus - r0) / (2 * GAMMA2)) | 0;
114
+ return { r1, r0 }; // r1 = HighBits, r0 = LowBits
115
+ };
116
+ const HighBits = (r) => decompose(r).r1;
117
+ const LowBits = (r) => decompose(r).r0;
118
+ const MakeHint = (z, r) => {
119
+ // Compute hint bit indicating whether adding z to r alters the high bits of r.
120
+ // From dilithium code
121
+ const res0 = z <= GAMMA2 || z > Q - GAMMA2 || (z === Q - GAMMA2 && r === 0) ? 0 : 1;
122
+ // from FIPS204:
123
+ // // const r1 = HighBits(r);
124
+ // // const v1 = HighBits(r + z);
125
+ // // const res1 = +(r1 !== v1);
126
+ // But they return different results! However, decompose is same.
127
+ // So, either there is a bug in Dilithium ref implementation or in FIPS204.
128
+ // For now, lets use dilithium one, so test vectors can be passed.
129
+ return res0;
130
+ };
131
+ const UseHint = (h, r) => {
132
+ // Returns the high bits of r adjusted according to hint h
133
+ const m = Math.floor((Q - 1) / (2 * GAMMA2));
134
+ const { r1, r0 } = decompose(r);
135
+ // 3: if h = 1 and r0 > 0 return (r1 + 1) mod m
136
+ // 4: if h = 1 and r0 ≤ 0 return (r1 − 1) mod m
137
+ if (h === 1)
138
+ return r0 > 0 ? mod(r1 + 1, m) | 0 : mod(r1 - 1, m) | 0;
139
+ return r1 | 0;
140
+ };
141
+ const Power2Round = (r) => {
142
+ // Decomposes r into (r1, r0) such that r ≡ r1*(2**d) + r0 mod q.
143
+ const rPlus = mod(r);
144
+ const r0 = smod(rPlus, 2 ** D) | 0;
145
+ return { r1: Math.floor((rPlus - r0) / 2 ** D) | 0, r0 };
146
+ };
147
+ const hintCoder = {
148
+ bytesLen: OMEGA + K,
149
+ encode: (h) => {
150
+ if (h === false)
151
+ throw new Error('hint.encode: hint is false'); // should never happen
152
+ const res = new Uint8Array(OMEGA + K);
153
+ for (let i = 0, k = 0; i < K; i++) {
154
+ for (let j = 0; j < N; j++)
155
+ if (h[i][j] !== 0)
156
+ res[k++] = j;
157
+ res[OMEGA + i] = k;
158
+ }
159
+ return res;
160
+ },
161
+ decode: (buf) => {
162
+ const h = [];
163
+ let k = 0;
164
+ for (let i = 0; i < K; i++) {
165
+ const hi = newPoly(N);
166
+ if (buf[OMEGA + i] < k || buf[OMEGA + i] > OMEGA)
167
+ return false;
168
+ for (let j = k; j < buf[OMEGA + i]; j++) {
169
+ if (j > k && buf[j] <= buf[j - 1])
170
+ return false;
171
+ hi[buf[j]] = 1;
172
+ }
173
+ k = buf[OMEGA + i];
174
+ h.push(hi);
175
+ }
176
+ for (let j = k; j < OMEGA; j++)
177
+ if (buf[j] !== 0)
178
+ return false;
179
+ return h;
180
+ },
181
+ };
182
+ const ETACoder = polyCoder(ETA === 2 ? 3 : 4, (i) => ETA - i);
183
+ const T0Coder = polyCoder(13, (i) => (1 << (D - 1)) - i);
184
+ const T1Coder = polyCoder(10);
185
+ // Requires smod. Need to fix!
186
+ const ZCoder = polyCoder(GAMMA1 === 1 << 17 ? 18 : 20, (i) => smod(GAMMA1 - i));
187
+ const W1Coder = polyCoder(GAMMA2 === GAMMA2_1 ? 6 : 4);
188
+ const W1Vec = vecCoder(W1Coder, K);
189
+ // Main structures
190
+ const publicCoder = splitCoder(32, vecCoder(T1Coder, K));
191
+ const secretCoder = splitCoder(32, 32, TR_BYTES, vecCoder(ETACoder, L), vecCoder(ETACoder, K), vecCoder(T0Coder, K));
192
+ const sigCoder = splitCoder(C_TILDE_BYTES, vecCoder(ZCoder, L), hintCoder);
193
+ const CoefFromHalfByte = ETA === 2
194
+ ? (n) => (n < 15 ? 2 - (n % 5) : false)
195
+ : (n) => (n < 9 ? 4 - n : false);
196
+ // Return poly in NTT representation
197
+ function RejBoundedPoly(xof) {
198
+ // Samples an element a ∈ Rq with coeffcients in [−η, η] computed via rejection sampling from ρ.
199
+ const r = newPoly(N);
200
+ for (let j = 0; j < N;) {
201
+ const b = xof();
202
+ for (let i = 0; j < N && i < b.length; i += 1) {
203
+ // half byte. Should be superfast with vector instructions. But very slow with js :(
204
+ const d1 = CoefFromHalfByte(b[i] & 0x0f);
205
+ const d2 = CoefFromHalfByte((b[i] >> 4) & 0x0f);
206
+ if (d1 !== false)
207
+ r[j++] = d1;
208
+ if (j < N && d2 !== false)
209
+ r[j++] = d2;
210
+ }
211
+ }
212
+ return r;
213
+ }
214
+ const SampleInBall = (seed) => {
215
+ // Samples a polynomial c ∈ Rq with coeffcients from {−1, 0, 1} and Hamming weight τ
216
+ const pre = newPoly(N);
217
+ const s = shake256.create({}).update(seed.slice(0, 32));
218
+ const buf = new Uint8Array(shake256.blockLen);
219
+ s.xofInto(buf);
220
+ const masks = buf.slice(0, 8);
221
+ for (let i = N - TAU, pos = 8, maskPos = 0, maskBit = 0; i < N; i++) {
222
+ let b = i + 1;
223
+ for (; b > i;) {
224
+ b = buf[pos++];
225
+ if (pos < shake256.blockLen)
226
+ continue;
227
+ s.xofInto(buf);
228
+ pos = 0;
229
+ }
230
+ pre[i] = pre[b];
231
+ pre[b] = 1 - (((masks[maskPos] >> maskBit++) & 1) << 1);
232
+ if (maskBit >= 8) {
233
+ maskPos++;
234
+ maskBit = 0;
235
+ }
236
+ }
237
+ return pre;
238
+ };
239
+ const polyPowerRound = (p) => {
240
+ const res0 = newPoly(N);
241
+ const res1 = newPoly(N);
242
+ for (let i = 0; i < p.length; i++) {
243
+ const { r0, r1 } = Power2Round(p[i]);
244
+ res0[i] = r0;
245
+ res1[i] = r1;
246
+ }
247
+ return { r0: res0, r1: res1 };
248
+ };
249
+ const polyUseHint = (u, h) => {
250
+ for (let i = 0; i < N; i++)
251
+ u[i] = UseHint(h[i], u[i]);
252
+ return u;
253
+ };
254
+ const polyMakeHint = (a, b) => {
255
+ const v = newPoly(N);
256
+ let cnt = 0;
257
+ for (let i = 0; i < N; i++) {
258
+ const h = MakeHint(a[i], b[i]);
259
+ v[i] = h;
260
+ cnt += h;
261
+ }
262
+ return { v, cnt };
263
+ };
264
+ const signRandBytes = FIPS204 ? 32 : CRH_BYTES;
265
+ const seedCoder = splitCoder(32, V31 ? 64 : 32, 32);
266
+ const seedXOF = V31 ? XOF256 : XOF128;
267
+ // API & argument positions are exactly as in FIPS204.
268
+ return {
269
+ signRandBytes,
270
+ keygen: (seed = randomBytes(32)) => {
271
+ const [rho, rhoPrime, K_] = seedCoder.decode(shake256(seed, { dkLen: seedCoder.bytesLen }));
272
+ const xofPrime = seedXOF(rhoPrime);
273
+ const s1 = [];
274
+ for (let i = 0; i < L; i++)
275
+ s1.push(RejBoundedPoly(xofPrime.get(i & 0xff, (i >> 8) & 0xff)));
276
+ const s2 = [];
277
+ for (let i = L; i < L + K; i++)
278
+ s2.push(RejBoundedPoly(xofPrime.get(i & 0xff, (i >> 8) & 0xff)));
279
+ const s1Hat = s1.map((i) => NTT.encode(i.slice()));
280
+ const t0 = [];
281
+ const t1 = [];
282
+ const xof = XOF128(rho);
283
+ const t = newPoly(N);
284
+ for (let i = 0; i < K; i++) {
285
+ // t ← NTT−1(A*NTT(s1)) + s2
286
+ t.fill(0); // don't-reallocate
287
+ for (let j = 0; j < L; j++) {
288
+ const aij = RejNTTPoly(xof.get(j, i)); // super slow!
289
+ polyAdd(t, MultiplyNTTs(aij, s1Hat[j]));
290
+ }
291
+ NTT.decode(t);
292
+ const { r0, r1 } = polyPowerRound(polyAdd(t, s2[i])); // (t1, t0) ← Power2Round(t, d)
293
+ t0.push(r0);
294
+ t1.push(r1);
295
+ }
296
+ const publicKey = publicCoder.encode([rho, t1]); // pk ← pkEncode(ρ, t1)
297
+ const tr = shake256(publicKey, { dkLen: TR_BYTES }); // tr ← H(BytesToBits(pk), 512)
298
+ const secretKey = secretCoder.encode([rho, K_, tr, s1, s2, t0]); // sk ← skEncode(ρ, K,tr, s1, s2, t0)
299
+ xof.clean();
300
+ xofPrime.clean();
301
+ // STATS
302
+ // Kyber512: { calls: 4, xofs: 12 }, Kyber768: { calls: 9, xofs: 27 }, Kyber1024: { calls: 16, xofs: 48 }
303
+ // DSA44: { calls: 24, xofs: 24 }, DSA65: { calls: 41, xofs: 41 }, DSA87: { calls: 71, xofs: 71 }
304
+ cleanBytes(rho, rhoPrime, K_, s1, s2, s1Hat, t, t0, t1, tr);
305
+ return { publicKey, secretKey };
306
+ },
307
+ // NOTE: random is optional.
308
+ sign: (secretKey, msg, random) => {
309
+ // This part can be pre-cached per secretKey, but there is only minor performance improvement,
310
+ // since we re-use a lot of variables to computation.
311
+ const [rho, _K, tr, s1, s2, t0] = secretCoder.decode(secretKey); // (ρ, K,tr, s1, s2, t0) ← skDecode(sk)
312
+ // Cache matrix to avoid re-compute later
313
+ const A = []; // A ← ExpandA(ρ)
314
+ const xof = XOF128(rho);
315
+ for (let i = 0; i < K; i++) {
316
+ const pv = [];
317
+ for (let j = 0; j < L; j++)
318
+ pv.push(RejNTTPoly(xof.get(j, i)));
319
+ A.push(pv);
320
+ }
321
+ xof.clean();
322
+ for (let i = 0; i < L; i++)
323
+ NTT.encode(s1[i]); // sˆ1 ← NTT(s1)
324
+ for (let i = 0; i < K; i++) {
325
+ NTT.encode(s2[i]); // sˆ2 ← NTT(s2)
326
+ NTT.encode(t0[i]); // tˆ0 ← NTT(t0)
327
+ }
328
+ // This part is per msg
329
+ const mu = shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest(); // 6: µ ← H(tr||M, 512) ▷ Compute message representative µ
330
+ let rhoprime; // Compute private random seed
331
+ if (FIPS204) {
332
+ const rnd = random ? random : new Uint8Array(32);
333
+ ensureBytes(rnd);
334
+ rhoprime = shake256.create({ dkLen: CRH_BYTES }).update(_K).update(rnd).update(mu).digest(); // ρ′← H(K||rnd||µ, 512)
335
+ }
336
+ else {
337
+ rhoprime = random
338
+ ? random
339
+ : shake256.create({ dkLen: CRH_BYTES }).update(_K).update(mu).digest();
340
+ }
341
+ ensureBytes(rhoprime, CRH_BYTES);
342
+ const x256 = XOF256(rhoprime, ZCoder.bytesLen);
343
+ // Rejection sampling loop
344
+ main_loop: for (let kappa = 0;;) {
345
+ const y = [];
346
+ // y ← ExpandMask(ρ , κ)
347
+ for (let i = 0; i < L; i++, kappa++)
348
+ y.push(ZCoder.decode(x256.get(kappa & 0xff, kappa >> 8)()));
349
+ const z = y.map((i) => NTT.encode(i.slice()));
350
+ const w = [];
351
+ for (let i = 0; i < K; i++) {
352
+ // w ← NTT−1(A ◦ NTT(y))
353
+ const wi = newPoly(N);
354
+ for (let j = 0; j < L; j++)
355
+ polyAdd(wi, MultiplyNTTs(A[i][j], z[j]));
356
+ NTT.decode(wi);
357
+ w.push(wi);
358
+ }
359
+ const w1 = w.map((j) => j.map(HighBits)); // w1 ← HighBits(w)
360
+ // Commitment hash: c˜ ∈{0, 1 2λ } ← H(µ||w1Encode(w1), 2λ)
361
+ const cTilde = shake256
362
+ .create({ dkLen: C_TILDE_BYTES })
363
+ .update(mu)
364
+ .update(W1Vec.encode(w1))
365
+ .digest();
366
+ // Verifer’s challenge
367
+ const cHat = NTT.encode(SampleInBall(cTilde.subarray(0, 32))); // c ← SampleInBall(c˜1); cˆ ← NTT(c)
368
+ // ⟨⟨cs1⟩⟩ ← NTT−1(cˆ◦ sˆ1)
369
+ const cs1 = s1.map((i) => MultiplyNTTs(i, cHat));
370
+ for (let i = 0; i < L; i++) {
371
+ polyAdd(NTT.decode(cs1[i]), y[i]); // z ← y + ⟨⟨cs1⟩⟩
372
+ if (polyChknorm(cs1[i], GAMMA1 - BETA))
373
+ continue main_loop; // ||z||∞ ≥ γ1 − β
374
+ }
375
+ // cs1 is now z (▷ Signer’s response)
376
+ let cnt = 0;
377
+ const h = [];
378
+ for (let i = 0; i < K; i++) {
379
+ const cs2 = NTT.decode(MultiplyNTTs(s2[i], cHat)); // ⟨⟨cs2⟩⟩ ← NTT−1(cˆ◦ sˆ2)
380
+ const r0 = polySub(w[i], cs2).map(LowBits); // r0 ← LowBits(w − ⟨⟨cs2⟩⟩)
381
+ if (polyChknorm(r0, GAMMA2 - BETA))
382
+ continue main_loop; // ||r0||∞ ≥ γ2 − β
383
+ const ct0 = NTT.decode(MultiplyNTTs(t0[i], cHat)); // ⟨⟨ct0⟩⟩ ← NTT−1(cˆ◦ tˆ0)
384
+ if (polyChknorm(ct0, GAMMA2))
385
+ continue main_loop;
386
+ polyAdd(r0, ct0);
387
+ // ▷ Signer’s hint
388
+ const hint = polyMakeHint(r0, w1[i]); // h ← MakeHint(−⟨⟨ct0⟩⟩, w− ⟨⟨cs2⟩⟩ + ⟨⟨ct0⟩⟩)
389
+ h.push(hint.v);
390
+ cnt += hint.cnt;
391
+ }
392
+ if (cnt > OMEGA)
393
+ continue; // the number of 1’s in h is greater than ω
394
+ x256.clean();
395
+ const res = sigCoder.encode([cTilde, cs1, h]); // σ ← sigEncode(c˜, z mod±q, h)
396
+ // rho, _K, tr is subarray of secretKey, cannot clean.
397
+ cleanBytes(cTilde, cs1, h, cHat, w1, w, z, y, rhoprime, mu, s1, s2, t0, ...A);
398
+ return res;
399
+ }
400
+ // @ts-ignore
401
+ throw new Error('Unreachable code path reached, report this error');
402
+ },
403
+ verify: (publicKey, msg, sig) => {
404
+ // ML-DSA.Verify(pk, M, σ): Verifes a signature σ for a message M.
405
+ const [rho, t1] = publicCoder.decode(publicKey); // (ρ, t1) ← pkDecode(pk)
406
+ const tr = shake256(publicKey, { dkLen: TR_BYTES }); // 6: tr ← H(BytesToBits(pk), 512)
407
+ if (sig.length !== sigCoder.bytesLen)
408
+ return false; // return false instead of exception
409
+ const [cTilde, z, h] = sigCoder.decode(sig); // (c˜, z, h) ← sigDecode(σ), ▷ Signer’s commitment hash c ˜, response z and hint
410
+ if (h === false)
411
+ return false; // if h = ⊥ then return false
412
+ for (let i = 0; i < L; i++)
413
+ if (polyChknorm(z[i], GAMMA1 - BETA))
414
+ return false;
415
+ const mu = shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest(); // 7: µ ← H(tr||M, 512)
416
+ // Compute verifer’s challenge from c˜
417
+ const c = NTT.encode(SampleInBall(cTilde.subarray(0, 32))); // c ← SampleInBall(c˜1)
418
+ const zNtt = z.map((i) => i.slice()); // zNtt = NTT(z)
419
+ for (let i = 0; i < L; i++)
420
+ NTT.encode(zNtt[i]);
421
+ const wTick1 = [];
422
+ const xof = XOF128(rho);
423
+ for (let i = 0; i < K; i++) {
424
+ const ct12d = MultiplyNTTs(NTT.encode(polyShiftl(t1[i])), c); //c * t1 * (2**d)
425
+ const Az = newPoly(N); // // A * z
426
+ for (let j = 0; j < L; j++) {
427
+ const aij = RejNTTPoly(xof.get(j, i)); // A[i][j] inplace
428
+ polyAdd(Az, MultiplyNTTs(aij, zNtt[j]));
429
+ }
430
+ // wApprox = A*z - c*t1 * (2**d)
431
+ const wApprox = NTT.decode(polySub(Az, ct12d));
432
+ // Reconstruction of signer’s commitment
433
+ wTick1.push(polyUseHint(wApprox, h[i])); // w ′ ← UseHint(h, w'approx )
434
+ }
435
+ xof.clean();
436
+ // c˜′← H (µ||w1Encode(w′1), 2λ), Hash it; this should match c˜
437
+ const c2 = shake256
438
+ .create({ dkLen: C_TILDE_BYTES })
439
+ .update(mu)
440
+ .update(W1Vec.encode(wTick1))
441
+ .digest();
442
+ if (FIPS204) {
443
+ // Additional checks in FIPS-204:
444
+ // [[ ||z||∞ < γ1 − β ]] and [[c ˜ = c˜′]] and [[number of 1’s in h is ≤ ω]]
445
+ for (const t of h) {
446
+ const sum = t.reduce((acc, i) => acc + i, 0);
447
+ if (!(sum <= OMEGA))
448
+ return false;
449
+ }
450
+ for (const t of z)
451
+ if (polyChknorm(t, GAMMA1 - BETA))
452
+ return false;
453
+ }
454
+ return equalBytes(cTilde, c2);
455
+ },
456
+ };
457
+ }
458
+ function getDilithiumVersions(cfg) {
459
+ return {
460
+ dilithium2: getDilithium({ ...PARAMS[2], ...cfg }),
461
+ dilithium3: getDilithium({ ...PARAMS[3], ...cfg }),
462
+ dilithium5: getDilithium({ ...PARAMS[5], ...cfg }),
463
+ };
464
+ }
465
+ // v30 is NIST round 3 submission, for original vectors and benchmarking.
466
+ // v31 is kyber: more secure than v30.
467
+ // ml-dsa is NIST FIPS 204, but it is still a draft and may change.
468
+ export const dilithium_v30 = /* @__PURE__ */ getDilithiumVersions({
469
+ CRH_BYTES: 48,
470
+ TR_BYTES: 48,
471
+ C_TILDE_BYTES: 32,
472
+ XOF128,
473
+ XOF256,
474
+ });
475
+ export const dilithium_v31 = /* @__PURE__ */ getDilithiumVersions({
476
+ CRH_BYTES: 64,
477
+ TR_BYTES: 32,
478
+ C_TILDE_BYTES: 32,
479
+ XOF128,
480
+ XOF256,
481
+ V31: true,
482
+ });
483
+ export const dilithium_v30_aes = /* @__PURE__ */ getDilithiumVersions({
484
+ CRH_BYTES: 48,
485
+ TR_BYTES: 48,
486
+ C_TILDE_BYTES: 32,
487
+ XOF128: XOF_AES,
488
+ XOF256: XOF_AES,
489
+ });
490
+ export const dilithium_v31_aes = /* @__PURE__ */ getDilithiumVersions({
491
+ CRH_BYTES: 64,
492
+ TR_BYTES: 32,
493
+ C_TILDE_BYTES: 32,
494
+ XOF128: XOF_AES,
495
+ XOF256: XOF_AES,
496
+ V31: true,
497
+ });
498
+ // ML-DSA
499
+ export const ml_dsa44 = /* @__PURE__ */ getDilithium({
500
+ ...PARAMS[2],
501
+ CRH_BYTES: 64,
502
+ TR_BYTES: 64,
503
+ C_TILDE_BYTES: 32,
504
+ XOF128,
505
+ XOF256,
506
+ V31: true,
507
+ FIPS204: true,
508
+ });
509
+ export const ml_dsa65 = /* @__PURE__ */ getDilithium({
510
+ ...PARAMS[3],
511
+ CRH_BYTES: 64,
512
+ TR_BYTES: 64,
513
+ C_TILDE_BYTES: 48,
514
+ XOF128,
515
+ XOF256,
516
+ V31: true,
517
+ FIPS204: true,
518
+ });
519
+ export const ml_dsa87 = /* @__PURE__ */ getDilithium({
520
+ ...PARAMS[5],
521
+ CRH_BYTES: 64,
522
+ TR_BYTES: 64,
523
+ C_TILDE_BYTES: 64,
524
+ XOF128,
525
+ XOF256,
526
+ V31: true,
527
+ FIPS204: true,
528
+ });
529
+ //# sourceMappingURL=ml-dsa.js.map
package/esm/ml-dsa.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ml-dsa.js","sourceRoot":"","sources":["../src/ml-dsa.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAO,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAGL,UAAU,EACV,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,QAAQ,GACT,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;EAWE;AAEF,YAAY;AACZ,MAAM,CAAC,GAAG,GAAG,CAAC;AACd,mGAAmG;AACnG,MAAM,CAAC,GAAG,OAAO,CAAC;AAClB,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,yDAAyD;AACzD,MAAM,CAAC,GAAG,OAAO,CAAC;AAClB,MAAM,CAAC,GAAG,EAAE,CAAC;AACb,+FAA+F;AAC/F,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;AAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;AAc9C,kBAAkB;AAClB,MAAM,CAAC,MAAM,MAAM,GAA0B;IAC3C,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;IACnF,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;IACnF,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;CAC3E,CAAC;AAIX,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAEjD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC;IAChD,CAAC;IACD,CAAC;IACD,CAAC;IACD,aAAa;IACb,OAAO;IACP,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,CAAC;CACX,CAAC,CAAC;AAEH,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,QAAgC,EAAE,EAAE,CAChE,SAAS,CAAC,CAAC,EAAE;IACX,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CACpD,CAAC,CAAC;AAEL,MAAM,OAAO,GAAG,CAAC,CAAO,EAAE,CAAO,EAAE,EAAE;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,CAAC;AACX,CAAC,CAAC;AACF,MAAM,OAAO,GAAG,CAAC,CAAO,EAAE,CAAO,EAAQ,EAAE;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,CAAO,EAAQ,EAAE;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAAC,CAAO,EAAE,CAAS,EAAW,EAAE;IAClD,iFAAiF;IACjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IACvE,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,YAAY,GAAG,CAAC,CAAO,EAAE,CAAO,EAAQ,EAAE;IAC9C,kFAAkF;IAClF,2EAA2E;IAC3E,sFAAsF;IACtF,0CAA0C;IAC1C,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,CAAC;AACX,CAAC,CAAC;AAEF,oCAAoC;AACpC,SAAS,UAAU,CAAC,GAAW;IAC7B,6BAA6B;IAC7B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACrB,wEAAwE;IACxE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAI,CAAC;QACxB,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,UAAU;YAChF,IAAI,CAAC,GAAG,CAAC;gBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAmBD,SAAS,YAAY,CAAC,IAAmB;IACvC,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;IACvD,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAElF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAC1E,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC;IAEvB,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,EAAE;QAC9B,+DAA+D;QAC/D,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,KAAK,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QACjE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC;QACvD,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,8BAA8B;IACnD,CAAC,CAAC;IAEF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;QACxC,+EAA+E;QAE/E,sBAAsB;QACtB,MAAM,IAAI,GAAG,CAAC,IAAI,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpF,gBAAgB;QAChB,6BAA6B;QAC7B,iCAAiC;QACjC,gCAAgC;QAChC,iEAAiE;QACjE,2EAA2E;QAC3E,kEAAkE;QAClE,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;QACvC,0DAA0D;QAC1D,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;QAC7C,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAChC,+CAA+C;QAC/C,+CAA+C;QAC/C,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;QACrE,OAAO,EAAE,GAAG,CAAC,CAAC;IAChB,CAAC,CAAC;IACF,MAAM,WAAW,GAAG,CAAC,CAAS,EAAE,EAAE;QAChC,iEAAiE;QACjE,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC;IAC3D,CAAC,CAAC;IAEF,MAAM,SAAS,GAAkC;QAC/C,QAAQ,EAAE,KAAK,GAAG,CAAC;QACnB,MAAM,EAAE,CAAC,CAAiB,EAAE,EAAE;YAC5B,IAAI,CAAC,KAAK,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC,sBAAsB;YACtF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;oBAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;wBAAE,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;gBAC5D,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,EAAE,CAAC,GAAe,EAAE,EAAE;YAC1B,MAAM,CAAC,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAC;YACV,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,KAAK;oBAAE,OAAO,KAAK,CAAC;gBAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBACxC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;wBAAE,OAAO,KAAK,CAAC;oBAChD,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACjB,CAAC;gBACD,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;gBACnB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACb,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE;gBAAE,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;oBAAE,OAAO,KAAK,CAAC;YAC/D,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;IAEF,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,SAAS,CAAC,EAAE,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC9B,8BAA8B;IAC9B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IACxF,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACnC,kBAAkB;IAClB,MAAM,WAAW,GAAG,UAAU,CAAC,EAAE,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,UAAU,CAC5B,EAAE,EACF,EAAE,EACF,QAAQ,EACR,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,EACrB,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,EACrB,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,CACrB,CAAC;IACF,MAAM,QAAQ,GAAG,UAAU,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GACpB,GAAG,KAAK,CAAC;QACP,CAAC,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC/C,CAAC,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE7C,oCAAoC;IACpC,SAAS,cAAc,CAAC,GAAW;QACjC,gGAAgG;QAChG,MAAM,CAAC,GAAS,OAAO,CAAC,CAAC,CAAC,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAI,CAAC;YACxB,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9C,oFAAoF;gBACpF,MAAM,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;gBACzC,MAAM,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;gBAChD,IAAI,EAAE,KAAK,KAAK;oBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;gBAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,KAAK;oBAAE,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC;YACzC,CAAC;QACH,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,YAAY,GAAG,CAAC,IAAgB,EAAE,EAAE;QACxC,oFAAoF;QACpF,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACxD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACf,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,GAAG,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACpE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,GAAI,CAAC;gBACf,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,IAAI,GAAG,GAAG,QAAQ,CAAC,QAAQ;oBAAE,SAAS;gBACtC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACf,GAAG,GAAG,CAAC,CAAC;YACV,CAAC;YACD,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YAChB,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACxD,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;gBACjB,OAAO,EAAE,CAAC;gBACV,OAAO,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,CAAC,CAAO,EAAE,EAAE;QACjC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACrC,IAAI,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QACf,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IAChC,CAAC,CAAC;IACF,MAAM,WAAW,GAAG,CAAC,CAAO,EAAE,CAAO,EAAQ,EAAE;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;YAAE,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;IACF,MAAM,YAAY,GAAG,CAAC,CAAO,EAAE,CAAO,EAAE,EAAE;QACxC,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACrB,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACT,GAAG,IAAI,CAAC,CAAC;QACX,CAAC;QACD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC;IACpB,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;IACtC,sDAAsD;IACtD,OAAO;QACL,aAAa;QACb,MAAM,EAAE,CAAC,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YAC5F,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC7F,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAC5B,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACnE,MAAM,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YACnD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,4BAA4B;gBAC5B,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;gBAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc;oBACrD,OAAO,CAAC,CAAC,EAAE,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBACD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACd,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,+BAA+B;gBACrF,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACZ,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACd,CAAC;YACD,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,uBAAuB;YACxE,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,+BAA+B;YACpF,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,qCAAqC;YACtG,GAAG,CAAC,KAAK,EAAE,CAAC;YACZ,QAAQ,CAAC,KAAK,EAAE,CAAC;YACjB,QAAQ;YACR,0GAA0G;YAC1G,0GAA0G;YAC1G,UAAU,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;YAC5D,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAClC,CAAC;QACD,4BAA4B;QAC5B,IAAI,EAAE,CAAC,SAAqB,EAAE,GAAe,EAAE,MAAmB,EAAE,EAAE;YACpE,8FAA8F;YAC9F,qDAAqD;YACrD,MAAM,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,uCAAuC;YACxG,yCAAyC;YACzC,MAAM,CAAC,GAAa,EAAE,CAAC,CAAC,iBAAiB;YACzC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,EAAE,GAAG,EAAE,CAAC;gBACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;oBAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACb,CAAC;YACD,GAAG,CAAC,KAAK,EAAE,CAAC;YACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;gBACnC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;YACrC,CAAC;YACD,uBAAuB;YACvB,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,0DAA0D;YAC5I,IAAI,QAAQ,CAAC,CAAC,8BAA8B;YAC5C,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;gBACjD,WAAW,CAAC,GAAG,CAAC,CAAC;gBACjB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,wBAAwB;YACvH,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,MAAM;oBACf,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3E,CAAC;YACD,WAAW,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACjC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC/C,2BAA2B;YAC3B,SAAS,EAAE,KAAK,IAAI,KAAK,GAAG,CAAC,IAAM,CAAC;gBAClC,MAAM,CAAC,GAAG,EAAE,CAAC;gBACb,wBAAwB;gBACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE;oBACjC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC9D,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC9C,MAAM,CAAC,GAAG,EAAE,CAAC;gBACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,wBAAwB;oBACxB,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;oBACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;wBAAE,OAAO,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBACrE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACf,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACb,CAAC;gBACD,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,mBAAmB;gBAC7D,2DAA2D;gBAC3D,MAAM,MAAM,GAAG,QAAQ;qBACpB,MAAM,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;qBAChC,MAAM,CAAC,EAAE,CAAC;qBACV,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;qBACxB,MAAM,EAAE,CAAC;gBACZ,sBAAsB;gBACtB,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,qCAAqC;gBACpG,2BAA2B;gBAC3B,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;oBACrD,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;wBAAE,SAAS,SAAS,CAAC,CAAC,kBAAkB;gBAChF,CAAC;gBACD,qCAAqC;gBACrC,IAAI,GAAG,GAAG,CAAC,CAAC;gBACZ,MAAM,CAAC,GAAG,EAAE,CAAC;gBACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;oBAC9E,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B;oBACxE,IAAI,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;wBAAE,SAAS,SAAS,CAAC,CAAC,mBAAmB;oBAC3E,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;oBAC9E,IAAI,WAAW,CAAC,GAAG,EAAE,MAAM,CAAC;wBAAE,SAAS,SAAS,CAAC;oBACjD,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;oBACjB,kBAAkB;oBAClB,MAAM,IAAI,GAAG,YAAY,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,+CAA+C;oBACrF,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACf,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;gBAClB,CAAC;gBACD,IAAI,GAAG,GAAG,KAAK;oBAAE,SAAS,CAAC,2CAA2C;gBACtE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,gCAAgC;gBAC/E,sDAAsD;gBACtD,UAAU,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC9E,OAAO,GAAG,CAAC;YACb,CAAC;YACD,aAAa;YACb,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,EAAE,CAAC,SAAqB,EAAE,GAAe,EAAE,GAAe,EAAE,EAAE;YAClE,kEAAkE;YAClE,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,yBAAyB;YAC1E,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,kCAAkC;YAEvF,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC,CAAC,oCAAoC;YACxF,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,iFAAiF;YAC9H,IAAI,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC,CAAC,6BAA6B;YAC5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;oBAAE,OAAO,KAAK,CAAC;YAC/E,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,uBAAuB;YACzG,sCAAsC;YACtC,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;YACpF,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,gBAAgB;YACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAChD,MAAM,MAAM,GAAG,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,iBAAiB;gBAC/E,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW;gBAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;oBACzD,OAAO,CAAC,EAAE,EAAE,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1C,CAAC;gBACD,gCAAgC;gBAChC,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC/C,wCAAwC;gBACxC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,8BAA8B;YACzE,CAAC;YACD,GAAG,CAAC,KAAK,EAAE,CAAC;YACZ,gEAAgE;YAChE,MAAM,EAAE,GAAG,QAAQ;iBAChB,MAAM,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;iBAChC,MAAM,CAAC,EAAE,CAAC;iBACV,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;iBAC5B,MAAM,EAAE,CAAC;YACZ,IAAI,OAAO,EAAE,CAAC;gBACZ,iCAAiC;gBACjC,4EAA4E;gBAC5E,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClB,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC7C,IAAI,CAAC,CAAC,GAAG,IAAI,KAAK,CAAC;wBAAE,OAAO,KAAK,CAAC;gBACpC,CAAC;gBACD,KAAK,MAAM,CAAC,IAAI,CAAC;oBAAE,IAAI,WAAW,CAAC,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;wBAAE,OAAO,KAAK,CAAC;YACrE,CAAC;YACD,OAAO,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAChC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,GAA2B;IACvD,OAAO;QACL,UAAU,EAAE,YAAY,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,EAAmB,CAAC;QACnE,UAAU,EAAE,YAAY,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,EAAmB,CAAC;QACnE,UAAU,EAAE,YAAY,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,EAAmB,CAAC;KACpE,CAAC;AACJ,CAAC;AAED,yEAAyE;AACzE,sCAAsC;AACtC,mEAAmE;AAEnE,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC,oBAAoB,CAAC;IAChE,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC,oBAAoB,CAAC;IAChE,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM;IACN,MAAM;IACN,GAAG,EAAE,IAAI;CACV,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC,oBAAoB,CAAC;IACpE,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM,EAAE,OAAO;IACf,MAAM,EAAE,OAAO;CAChB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,eAAe,CAAC,oBAAoB,CAAC;IACpE,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM,EAAE,OAAO;IACf,MAAM,EAAE,OAAO;IACf,GAAG,EAAE,IAAI;CACV,CAAC,CAAC;AAEH,SAAS;AACT,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC;IACnD,GAAG,MAAM,CAAC,CAAC,CAAC;IACZ,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM;IACN,MAAM;IACN,GAAG,EAAE,IAAI;IACT,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC;IACnD,GAAG,MAAM,CAAC,CAAC,CAAC;IACZ,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM;IACN,MAAM;IACN,GAAG,EAAE,IAAI;IACT,OAAO,EAAE,IAAI;CACd,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,YAAY,CAAC;IACnD,GAAG,MAAM,CAAC,CAAC,CAAC;IACZ,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,aAAa,EAAE,EAAE;IACjB,MAAM;IACN,MAAM;IACN,GAAG,EAAE,IAAI;IACT,OAAO,EAAE,IAAI;CACd,CAAC,CAAC"}