@opendatalabs/vana-sdk 0.1.0-alpha.ffe4659 → 2.0.0

package/dist/crypto/ecies/base.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/base.ts"],"sourcesContent":["import type { ECIESProvider, ECIESEncrypted } from \"./interface\";\nimport { ECIESError, isECIESEncrypted } from \"./interface\";\nimport { CURVE, CIPHER, KDF } from \"./constants\";\nimport { constantTimeEqual } from \"./utils\";\nimport { concat } from \"viem\";\n\n/**\n * Provides shared ECIES encryption logic across platforms using Uint8Array.\n *\n * @remarks\n * Platform implementations extend this class and provide crypto primitives.\n * The base class handles the ECIES protocol flow while maintaining\n * compatibility with the eccrypto data format.\n *\n * **Implementation details:**\n * - KDF: SHA-512(shared_secret) → encKey (32B) || macKey (32B)\n * - Cipher: AES-256-CBC with random 16-byte IV\n * - MAC: HMAC-SHA256(macKey, iv || ephemPublicKey || ciphertext)\n *\n * @category Cryptography\n */\nexport abstract class BaseECIESUint8 implements ECIESProvider {\n  // Cache for validated public keys to avoid repeated validation\n  private static readonly validatedKeys = new WeakMap<Uint8Array, boolean>();\n\n  /**\n   * Generates cryptographically secure random bytes.\n   *\n   * @param length - Number of random bytes to generate.\n   * @returns Random bytes array.\n   */\n  protected abstract generateRandomBytes(length: number): Uint8Array;\n\n  /**\n   * Verifies a private key is valid for secp256k1.\n   *\n   * @param privateKey - Private key to verify (32 bytes).\n   * @returns `true` if valid private key.\n   */\n  protected abstract verifyPrivateKey(privateKey: Uint8Array): boolean;\n\n  /**\n   * Creates a public key from a private key.\n   *\n   * @param privateKey - Source private key (32 bytes).\n   * @param compressed - Generate compressed (33B) or uncompressed (65B) format.\n   * @returns Public key or `null` if creation failed.\n   */\n  protected abstract createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null;\n\n  /**\n   * Validates a public key on the secp256k1 curve.\n   *\n   * @param publicKey - Public key to validate.\n   * @returns `true` if valid public key.\n   */\n  protected abstract validatePublicKey(publicKey: Uint8Array): boolean;\n\n  /**\n   * Decompresses a compressed public key.\n   *\n   * @param publicKey - Compressed public key (33 bytes).\n   * @returns Uncompressed public key (65 bytes) or `null` if decompression failed.\n   */\n  protected abstract decompressPublicKey(\n    publicKey: Uint8Array,\n  ): Uint8Array | null;\n\n  /**\n   * Performs ECDH key agreement.\n   *\n   * @param publicKey - Other party's public key.\n   * @param privateKey - Your private key.\n   * @returns Raw X coordinate of shared point (32 bytes).\n   */\n  protected abstract performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array;\n\n  /**\n   * Computes SHA-512 hash.\n   *\n   * @param data - Data to hash.\n   * @returns SHA-512 hash (64 bytes).\n   */\n  protected abstract sha512(data: Uint8Array): Uint8Array;\n\n  /**\n   * Computes HMAC-SHA256 authentication tag.\n   *\n   * @param key - HMAC key.\n   * @param data - Data to authenticate.\n   * @returns HMAC-SHA256 (32 bytes).\n   */\n  protected abstract hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using AES-256-CBC.\n   *\n   * @param key - Encryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param plaintext - Data to encrypt.\n   * @returns Ciphertext with PKCS#7 padding.\n   */\n  protected abstract aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Decrypts data using AES-256-CBC.\n   *\n   * @param key - Decryption key (32 bytes).\n   * @param iv - Initialization vector (16 bytes).\n   * @param ciphertext - Data to decrypt.\n   * @returns Plaintext with padding removed.\n   */\n  protected abstract aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array>;\n\n  /**\n   * Normalizes a public key to uncompressed format.\n   *\n   * @param publicKey - Public key in any format.\n   * @returns Uncompressed public key (65 bytes).\n   * @throws {ECIESError} If key format is invalid.\n   */\n  protected normalizePublicKey(publicKey: Uint8Array): Uint8Array {\n    // Check cache first\n    if (BaseECIESUint8.validatedKeys.has(publicKey)) {\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {\n      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid uncompressed public key prefix\",\n          \"INVALID_KEY\",\n        );\n      }\n      // Validate and cache\n      if (!this.validatePublicKey(publicKey)) {\n        throw new ECIESError(\"Invalid public key\", \"INVALID_KEY\");\n      }\n      BaseECIESUint8.validatedKeys.set(publicKey, true);\n      return publicKey;\n    }\n\n    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new ECIESError(\"Failed to decompress public key\", \"INVALID_KEY\");\n      }\n      // Cache the decompressed key\n      BaseECIESUint8.validatedKeys.set(decompressed, true);\n      return decompressed;\n    }\n\n    throw new ECIESError(\n      `Invalid public key length: ${publicKey.length}`,\n      \"INVALID_KEY\",\n    );\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Must be implemented by derived classes to handle platform-specific operations.\n   *\n   * @param publicKey - The public key to normalize\n   * @returns The normalized uncompressed public key\n   */\n  public abstract normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;\n\n  /**\n   * Encrypts data using ECIES.\n   *\n   * @param publicKey - The recipient's public key (compressed or uncompressed)\n   * @param message - The data to encrypt\n   * @returns Promise resolving to encrypted data structure\n   */\n  async encrypt(\n    publicKey: Uint8Array,\n    message: Uint8Array,\n  ): Promise<ECIESEncrypted> {\n    try {\n      // Validate inputs\n      if (!(publicKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Public key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!(message instanceof Uint8Array)) {\n        throw new ECIESError(\n          \"Message must be a Uint8Array\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n      if (publicKey.length === 0) {\n        throw new ECIESError(\"Public key cannot be empty\", \"INVALID_KEY\");\n      }\n\n      // Normalize public key to uncompressed format\n      const pubKey = this.normalizePublicKey(publicKey);\n\n      // Generate ephemeral key pair\n      let ephemeralPrivateKey: Uint8Array;\n      do {\n        ephemeralPrivateKey = this.generateRandomBytes(\n          CURVE.PRIVATE_KEY_LENGTH,\n        );\n      } while (!this.verifyPrivateKey(ephemeralPrivateKey));\n\n      const ephemeralPublicKey = this.createPublicKey(\n        ephemeralPrivateKey,\n        false,\n      );\n      if (!ephemeralPublicKey) {\n        throw new ECIESError(\n          \"Failed to generate ephemeral public key\",\n          \"ENCRYPTION_FAILED\",\n        );\n      }\n\n      // Perform ECDH to get shared secret (raw X coordinate)\n      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Generate random IV and encrypt\n      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);\n      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);\n\n      // Calculate MAC (Encrypt-then-MAC)\n      const macData = concat([iv, ephemeralPublicKey, ciphertext]);\n      const mac = this.hmacSha256(macKey, macData);\n\n      // Clear sensitive data\n      this.clearBuffer(ephemeralPrivateKey);\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return {\n        iv,\n        ephemPublicKey: ephemeralPublicKey,\n        ciphertext,\n        mac,\n      };\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Encryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"ENCRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Decrypts ECIES encrypted data.\n   *\n   * @param privateKey - The recipient's private key (32 bytes)\n   * @param encrypted - The encrypted data structure from encrypt()\n   * @returns Promise resolving to the original plaintext\n   */\n  async decrypt(\n    privateKey: Uint8Array,\n    encrypted: ECIESEncrypted,\n  ): Promise<Uint8Array> {\n    try {\n      // Validate inputs\n      if (!(privateKey instanceof Uint8Array)) {\n        throw new ECIESError(\"Private key must be a Uint8Array\", \"INVALID_KEY\");\n      }\n      if (!isECIESEncrypted(encrypted)) {\n        throw new ECIESError(\n          \"Invalid encrypted data structure\",\n          \"DECRYPTION_FAILED\",\n        );\n      }\n      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {\n        throw new ECIESError(\n          `Invalid private key length: ${privateKey.length}`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.verifyPrivateKey(privateKey)) {\n        throw new ECIESError(\"Invalid private key\", \"INVALID_KEY\");\n      }\n\n      // Strict validation: ephemeral keys must be 65-byte uncompressed (eccrypto standard)\n      if (\n        encrypted.ephemPublicKey.length !== CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH\n      ) {\n        throw new ECIESError(\n          `Invalid ephemeral public key: expected ${CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH} bytes (uncompressed), got ${encrypted.ephemPublicKey.length} bytes`,\n          \"INVALID_KEY\",\n        );\n      }\n      if (encrypted.ephemPublicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {\n        throw new ECIESError(\n          \"Invalid ephemeral public key: must be uncompressed format with 0x04 prefix (eccrypto standard)\",\n          \"INVALID_KEY\",\n        );\n      }\n      if (!this.validatePublicKey(encrypted.ephemPublicKey)) {\n        throw new ECIESError(\"Invalid ephemeral public key\", \"INVALID_KEY\");\n      }\n      const ephemeralPublicKey = encrypted.ephemPublicKey;\n\n      // Perform ECDH to recover shared secret\n      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);\n\n      // Derive keys using SHA-512 (eccrypto-compatible KDF)\n      const kdf = this.sha512(sharedSecret);\n      const encryptionKey = kdf.slice(\n        KDF.ENCRYPTION_KEY_OFFSET,\n        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH,\n      );\n      const macKey = kdf.slice(\n        KDF.MAC_KEY_OFFSET,\n        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH,\n      );\n\n      // Verify MAC before decryption (Encrypt-then-MAC)\n      const macData = concat([\n        encrypted.iv,\n        encrypted.ephemPublicKey,\n        encrypted.ciphertext,\n      ]);\n      const expectedMac = this.hmacSha256(macKey, macData);\n\n      if (!constantTimeEqual(encrypted.mac, expectedMac)) {\n        throw new ECIESError(\"MAC verification failed\", \"MAC_MISMATCH\");\n      }\n\n      // Decrypt the ciphertext\n      const decrypted = await this.aesDecrypt(\n        encryptionKey,\n        encrypted.iv,\n        encrypted.ciphertext,\n      );\n\n      // Clear sensitive data\n      this.clearBuffer(sharedSecret);\n      this.clearBuffer(kdf);\n\n      return decrypted;\n    } catch (error) {\n      if (error instanceof ECIESError) throw error;\n      throw new ECIESError(\n        `Decryption failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n        \"DECRYPTION_FAILED\",\n        error instanceof Error ? error : undefined,\n      );\n    }\n  }\n\n  /**\n   * Clears sensitive data from memory using multi-pass overwrite.\n   *\n   * @remarks\n   * Uses multiple passes with different patterns to make it harder\n   * for JIT compilers to optimize away the operation. While not\n   * guaranteed in JavaScript, this is a best-effort approach to\n   * clear sensitive data from memory.\n   *\n   * @param buffer - The buffer to clear\n   */\n  protected clearBuffer(buffer: Uint8Array): void {\n    if (buffer && buffer.length > 0) {\n      // Multi-pass overwrite to resist compiler optimization\n      buffer.fill(0x00); // Fill with zeros\n      buffer.fill(0xff); // Fill with ones\n      buffer.fill(0xaa); // Fill with alternating pattern\n      buffer.fill(0x00); // Final zero fill\n\n      // Additional pattern write to further discourage optimization\n      for (let i = 0; i < buffer.length; i++) {\n        buffer[i] = (i & 0xff) ^ 0x5a; // XOR with pattern\n      }\n      buffer.fill(0x00); // Final clear\n    }\n  }\n}\n"],"mappings":"AACA,SAAS,YAAY,wBAAwB;AAC7C,SAAS,OAAO,QAAQ,WAAW;AACnC,SAAS,yBAAyB;AAClC,SAAS,cAAc;AAiBhB,MAAe,eAAwC;AAAA;AAAA,EAE5D,OAAwB,gBAAgB,oBAAI,QAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgH/D,mBAAmB,WAAmC;AAE9D,QAAI,eAAe,cAAc,IAAI,SAAS,GAAG;AAC/C,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,gCAAgC;AAC7D,UAAI,UAAU,CAAC,MAAM,MAAM,OAAO,cAAc;AAC9C,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,kBAAkB,SAAS,GAAG;AACtC,cAAM,IAAI,WAAW,sBAAsB,aAAa;AAAA,MAC1D;AACA,qBAAe,cAAc,IAAI,WAAW,IAAI;AAChD,aAAO;AAAA,IACT;AAEA,QAAI,UAAU,WAAW,MAAM,8BAA8B;AAC3D,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AAEA,qBAAe,cAAc,IAAI,cAAc,IAAI;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACR,8BAA8B,UAAU,MAAM;AAAA,MAC9C;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,QACJ,WACA,SACyB;AACzB,QAAI;AAEF,UAAI,EAAE,qBAAqB,aAAa;AACtC,cAAM,IAAI,WAAW,mCAAmC,aAAa;AAAA,MACvE;AACA,UAAI,EAAE,mBAAmB,aAAa;AACpC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,WAAW,GAAG;AAC1B,cAAM,IAAI,WAAW,8BAA8B,aAAa;AAAA,MAClE;AAGA,YAAM,SAAS,KAAK,mBAAmB,SAAS;AAGhD,UAAI;AACJ,SAAG;AACD,8BAAsB,KAAK;AAAA,UACzB,MAAM;AAAA,QACR;AAAA,MACF,SAAS,CAAC,KAAK,iBAAiB,mBAAmB;AAEnD,YAAM,qBAAqB,KAAK;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AACA,UAAI,CAAC,oBAAoB;AACvB,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAGA,YAAM,eAAe,KAAK,YAAY,QAAQ,mBAAmB;AAGjE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,KAAK,KAAK,oBAAoB,OAAO,SAAS;AACpD,YAAM,aAAa,MAAM,KAAK,WAAW,eAAe,IAAI,OAAO;AAGnE,YAAM,UAAU,OAAO,CAAC,IAAI,oBAAoB,UAAU,CAAC;AAC3D,YAAM,MAAM,KAAK,WAAW,QAAQ,OAAO;AAG3C,WAAK,YAAY,mBAAmB;AACpC,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,QACL;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,QACA;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,YACA,WACqB;AACrB,QAAI;AAEF,UAAI,EAAE,sBAAsB,aAAa;AACvC,cAAM,IAAI,WAAW,oCAAoC,aAAa;AAAA,MACxE;AACA,UAAI,CAAC,iBAAiB,SAAS,GAAG;AAChC,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,WAAW,WAAW,MAAM,oBAAoB;AAClD,cAAM,IAAI;AAAA,UACR,+BAA+B,WAAW,MAAM;AAAA,UAChD;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,iBAAiB,UAAU,GAAG;AACtC,cAAM,IAAI,WAAW,uBAAuB,aAAa;AAAA,MAC3D;AAGA,UACE,UAAU,eAAe,WAAW,MAAM,gCAC1C;AACA,cAAM,IAAI;AAAA,UACR,0CAA0C,MAAM,8BAA8B,8BAA8B,UAAU,eAAe,MAAM;AAAA,UAC3I;AAAA,QACF;AAAA,MACF;AACA,UAAI,UAAU,eAAe,CAAC,MAAM,MAAM,OAAO,cAAc;AAC7D,cAAM,IAAI;AAAA,UACR;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,KAAK,kBAAkB,UAAU,cAAc,GAAG;AACrD,cAAM,IAAI,WAAW,gCAAgC,aAAa;AAAA,MACpE;AACA,YAAM,qBAAqB,UAAU;AAGrC,YAAM,eAAe,KAAK,YAAY,oBAAoB,UAAU;AAGpE,YAAM,MAAM,KAAK,OAAO,YAAY;AACpC,YAAM,gBAAgB,IAAI;AAAA,QACxB,IAAI;AAAA,QACJ,IAAI,wBAAwB,IAAI;AAAA,MAClC;AACA,YAAM,SAAS,IAAI;AAAA,QACjB,IAAI;AAAA,QACJ,IAAI,iBAAiB,IAAI;AAAA,MAC3B;AAGA,YAAM,UAAU,OAAO;AAAA,QACrB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,UAAU;AAAA,MACZ,CAAC;AACD,YAAM,cAAc,KAAK,WAAW,QAAQ,OAAO;AAEnD,UAAI,CAAC,kBAAkB,UAAU,KAAK,WAAW,GAAG;AAClD,cAAM,IAAI,WAAW,2BAA2B,cAAc;AAAA,MAChE;AAGA,YAAM,YAAY,MAAM,KAAK;AAAA,QAC3B;AAAA,QACA,UAAU;AAAA,QACV,UAAU;AAAA,MACZ;AAGA,WAAK,YAAY,YAAY;AAC7B,WAAK,YAAY,GAAG;AAEpB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,WAAY,OAAM;AACvC,YAAM,IAAI;AAAA,QACR,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,QAC9E;AAAA,QACA,iBAAiB,QAAQ,QAAQ;AAAA,MACnC;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaU,YAAY,QAA0B;AAC9C,QAAI,UAAU,OAAO,SAAS,GAAG;AAE/B,aAAO,KAAK,CAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,GAAI;AAChB,aAAO,KAAK,CAAI;AAGhB,eAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAO,CAAC,IAAK,IAAI,MAAQ;AAAA,MAC3B;AACA,aAAO,KAAK,CAAI;AAAA,IAClB;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/browser.cjs

@@ -0,0 +1,165 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var browser_exports = {};
+__export(browser_exports, {
+  BrowserECIESUint8Provider: () => BrowserECIESUint8Provider
+});
+module.exports = __toCommonJS(browser_exports);
+var secp256k1 = __toESM(require("@noble/secp256k1"), 1);
+var import_base = require("./base");
+var import_viem = require("viem");
+var import_hmac = require("@noble/hashes/hmac");
+var import_sha2 = require("@noble/hashes/sha2");
+class BrowserECIESUint8Provider extends import_base.BaseECIESUint8 {
+  generateRandomBytes(length) {
+    const bytes = new Uint8Array(length);
+    crypto.getRandomValues(bytes);
+    return bytes;
+  }
+  verifyPrivateKey(privateKey) {
+    try {
+      return secp256k1.utils.isValidPrivateKey(privateKey);
+    } catch {
+      return false;
+    }
+  }
+  createPublicKey(privateKey, compressed) {
+    try {
+      return secp256k1.getPublicKey(privateKey, compressed);
+    } catch {
+      return null;
+    }
+  }
+  validatePublicKey(publicKey) {
+    try {
+      secp256k1.Point.fromHex(publicKey);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  decompressPublicKey(publicKey) {
+    try {
+      const point = secp256k1.Point.fromHex(publicKey);
+      return point.toRawBytes(false);
+    } catch {
+      return null;
+    }
+  }
+  performECDH(publicKey, privateKey) {
+    try {
+      const sharedPoint = secp256k1.getSharedSecret(
+        privateKey,
+        publicKey,
+        true
+      );
+      return sharedPoint.slice(1);
+    } catch (error) {
+      throw new Error(
+        `ECDH failed: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+  }
+  sha512(data) {
+    return (0, import_sha2.sha512)(data);
+  }
+  hmacSha256(key, data) {
+    return (0, import_hmac.hmac)(import_sha2.sha256, key, data);
+  }
+  async aesEncrypt(key, iv, plaintext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["encrypt"]
+    );
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      plaintext
+    );
+    return new Uint8Array(encrypted);
+  }
+  async aesDecrypt(key, iv, ciphertext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      ciphertext
+    );
+    return new Uint8Array(decrypted);
+  }
+  /**
+   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).
+   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.
+   *
+   * @remarks
+   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking
+   * malformed data. Callers must provide properly formatted keys.
+   *
+   * @param publicKey - The public key to normalize (33 or 65 bytes)
+   * @returns The normalized uncompressed public key (65 bytes)
+   * @throws {Error} When public key format is invalid or decompression fails
+   */
+  normalizeToUncompressed(publicKey) {
+    const len = publicKey.length;
+    if (len === 65 && publicKey[0] === 4) {
+      return publicKey;
+    }
+    if (len === 33 && (publicKey[0] === 2 || publicKey[0] === 3)) {
+      const decompressed = this.decompressPublicKey(publicKey);
+      if (!decompressed) {
+        throw new Error(
+          `Failed to decompress public key with prefix ${(0, import_viem.toHex)(publicKey[0])}`
+        );
+      }
+      return decompressed;
+    }
+    if (len === 64) {
+      throw new Error(
+        "Raw public key coordinates (64 bytes) are not accepted. Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key."
+      );
+    }
+    throw new Error(
+      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`
+    );
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BrowserECIESUint8Provider
+});
+//# sourceMappingURL=browser.cjs.map

package/dist/crypto/ecies/browser.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/browser.ts"],"sourcesContent":["/**\n * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array\n *\n * @remarks\n * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.\n * This implementation is polyfill-free and works in all modern browsers.\n */\n\nimport * as secp256k1 from \"@noble/secp256k1\";\nimport { BaseECIESUint8 } from \"./base\";\nimport { toHex } from \"viem\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\n\n/**\n * Browser-specific ECIES provider using @noble/secp256k1\n *\n * @remarks\n * This implementation uses:\n * - Web Crypto API for AES operations\n * - @noble/secp256k1 for elliptic curve operations\n * - @noble/hashes for SHA and HMAC operations\n * - No Buffer or Node.js dependencies\n */\nexport class BrowserECIESUint8Provider extends BaseECIESUint8 {\n  protected generateRandomBytes(length: number): Uint8Array {\n    const bytes = new Uint8Array(length);\n    crypto.getRandomValues(bytes);\n    return bytes;\n  }\n\n  protected verifyPrivateKey(privateKey: Uint8Array): boolean {\n    try {\n      return secp256k1.utils.isValidPrivateKey(privateKey);\n    } catch {\n      return false;\n    }\n  }\n\n  protected createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null {\n    try {\n      return secp256k1.getPublicKey(privateKey, compressed);\n    } catch {\n      return null;\n    }\n  }\n\n  protected validatePublicKey(publicKey: Uint8Array): boolean {\n    try {\n      // @noble/secp256k1 will throw if the point is not on the curve\n      secp256k1.Point.fromHex(publicKey);\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null {\n    try {\n      // @noble/secp256k1 handles both compressed and uncompressed\n      const point = secp256k1.Point.fromHex(publicKey);\n      return point.toRawBytes(false); // false = uncompressed\n    } catch {\n      return null;\n    }\n  }\n\n  protected performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array {\n    try {\n      // Use @noble/secp256k1's getSharedSecret which is optimized and secure\n      // The 'true' parameter returns the raw x-coordinate (32 bytes)\n      // This matches eccrypto's behavior\n      const sharedPoint = secp256k1.getSharedSecret(\n        privateKey,\n        publicKey,\n        true,\n      );\n\n      // getSharedSecret returns compressed point (33 bytes) when true\n      // We need just the x-coordinate (32 bytes) for eccrypto compatibility\n      // Remove the prefix byte\n      return sharedPoint.slice(1);\n    } catch (error) {\n      throw new Error(\n        `ECDH failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      );\n    }\n  }\n\n  protected sha512(data: Uint8Array): Uint8Array {\n    return nobleSha512(data);\n  }\n\n  protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {\n    return hmac(sha256, key, data);\n  }\n\n  protected async aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"encrypt\"],\n    );\n\n    // Encrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding for AES-CBC\n    const encrypted = await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      plaintext as BufferSource,\n    );\n\n    return new Uint8Array(encrypted);\n  }\n\n  protected async aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"decrypt\"],\n    );\n\n    // Decrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding removal\n    const decrypted = await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      ciphertext as BufferSource,\n    );\n\n    return new Uint8Array(decrypted);\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.\n   *\n   * @remarks\n   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking\n   * malformed data. Callers must provide properly formatted keys.\n   *\n   * @param publicKey - The public key to normalize (33 or 65 bytes)\n   * @returns The normalized uncompressed public key (65 bytes)\n   * @throws {Error} When public key format is invalid or decompression fails\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array {\n    const len = publicKey.length;\n\n    // Already uncompressed\n    if (len === 65 && publicKey[0] === 0x04) {\n      return publicKey;\n    }\n\n    // Compressed - decompress using @noble/secp256k1\n    if (len === 33 && (publicKey[0] === 0x02 || publicKey[0] === 0x03)) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new Error(\n          `Failed to decompress public key with prefix ${toHex(publicKey[0])}`,\n        );\n      }\n      return decompressed;\n    }\n\n    // Reject raw coordinates (64 bytes) - require proper formatting\n    if (len === 64) {\n      throw new Error(\n        \"Raw public key coordinates (64 bytes) are not accepted. \" +\n          \"Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key.\",\n      );\n    }\n\n    throw new Error(\n      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`,\n    );\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,gBAA2B;AAC3B,kBAA+B;AAC/B,kBAAsB;AACtB,kBAAqB;AACrB,kBAA8C;AAYvC,MAAM,kCAAkC,2BAAe;AAAA,EAClD,oBAAoB,QAA4B;AACxD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,WAAO,gBAAgB,KAAK;AAC5B,WAAO;AAAA,EACT;AAAA,EAEU,iBAAiB,YAAiC;AAC1D,QAAI;AACF,aAAO,UAAU,MAAM,kBAAkB,UAAU;AAAA,IACrD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,gBACR,YACA,YACmB;AACnB,QAAI;AACF,aAAO,UAAU,aAAa,YAAY,UAAU;AAAA,IACtD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,kBAAkB,WAAgC;AAC1D,QAAI;AAEF,gBAAU,MAAM,QAAQ,SAAS;AACjC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,oBAAoB,WAA0C;AACtE,QAAI;AAEF,YAAM,QAAQ,UAAU,MAAM,QAAQ,SAAS;AAC/C,aAAO,MAAM,WAAW,KAAK;AAAA,IAC/B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,YACR,WACA,YACY;AACZ,QAAI;AAIF,YAAM,cAAc,UAAU;AAAA,QAC5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAKA,aAAO,YAAY,MAAM,CAAC;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gBAAgB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAAA,EAEU,OAAO,MAA8B;AAC7C,eAAO,YAAAA,QAAY,IAAI;AAAA,EACzB;AAAA,EAEU,WAAW,KAAiB,MAA8B;AAClE,eAAO,kBAAK,oBAAQ,KAAK,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAgB,WACd,KACA,IACA,WACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA,EAEA,MAAgB,WACd,KACA,IACA,YACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,wBAAwB,WAAmC;AACzD,UAAM,MAAM,UAAU;AAGtB,QAAI,QAAQ,MAAM,UAAU,CAAC,MAAM,GAAM;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,OAAO,UAAU,CAAC,MAAM,KAAQ,UAAU,CAAC,MAAM,IAAO;AAClE,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI;AAAA,UACR,mDAA+C,mBAAM,UAAU,CAAC,CAAC,CAAC;AAAA,QACpE;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,6FAA6F,GAAG;AAAA,IAClG;AAAA,EACF;AACF;","names":["nobleSha512"]}

package/dist/crypto/ecies/browser.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array
+ *
+ * @remarks
+ * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.
+ * This implementation is polyfill-free and works in all modern browsers.
+ */
+import { BaseECIESUint8 } from "./base";
+/**
+ * Browser-specific ECIES provider using @noble/secp256k1
+ *
+ * @remarks
+ * This implementation uses:
+ * - Web Crypto API for AES operations
+ * - @noble/secp256k1 for elliptic curve operations
+ * - @noble/hashes for SHA and HMAC operations
+ * - No Buffer or Node.js dependencies
+ */
+export declare class BrowserECIESUint8Provider extends BaseECIESUint8 {
+    protected generateRandomBytes(length: number): Uint8Array;
+    protected verifyPrivateKey(privateKey: Uint8Array): boolean;
+    protected createPublicKey(privateKey: Uint8Array, compressed: boolean): Uint8Array | null;
+    protected validatePublicKey(publicKey: Uint8Array): boolean;
+    protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null;
+    protected performECDH(publicKey: Uint8Array, privateKey: Uint8Array): Uint8Array;
+    protected sha512(data: Uint8Array): Uint8Array;
+    protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array;
+    protected aesEncrypt(key: Uint8Array, iv: Uint8Array, plaintext: Uint8Array): Promise<Uint8Array>;
+    protected aesDecrypt(key: Uint8Array, iv: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+    /**
+     * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).
+     * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.
+     *
+     * @remarks
+     * Strict policy: Does not accept 64-byte raw coordinates to avoid masking
+     * malformed data. Callers must provide properly formatted keys.
+     *
+     * @param publicKey - The public key to normalize (33 or 65 bytes)
+     * @returns The normalized uncompressed public key (65 bytes)
+     * @throws {Error} When public key format is invalid or decompression fails
+     */
+    normalizeToUncompressed(publicKey: Uint8Array): Uint8Array;
+}

package/dist/crypto/ecies/browser.js

@@ -0,0 +1,131 @@
+import * as secp256k1 from "@noble/secp256k1";
+import { BaseECIESUint8 } from "./base";
+import { toHex } from "viem";
+import { hmac } from "@noble/hashes/hmac";
+import { sha256, sha512 as nobleSha512 } from "@noble/hashes/sha2";
+class BrowserECIESUint8Provider extends BaseECIESUint8 {
+  generateRandomBytes(length) {
+    const bytes = new Uint8Array(length);
+    crypto.getRandomValues(bytes);
+    return bytes;
+  }
+  verifyPrivateKey(privateKey) {
+    try {
+      return secp256k1.utils.isValidPrivateKey(privateKey);
+    } catch {
+      return false;
+    }
+  }
+  createPublicKey(privateKey, compressed) {
+    try {
+      return secp256k1.getPublicKey(privateKey, compressed);
+    } catch {
+      return null;
+    }
+  }
+  validatePublicKey(publicKey) {
+    try {
+      secp256k1.Point.fromHex(publicKey);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  decompressPublicKey(publicKey) {
+    try {
+      const point = secp256k1.Point.fromHex(publicKey);
+      return point.toRawBytes(false);
+    } catch {
+      return null;
+    }
+  }
+  performECDH(publicKey, privateKey) {
+    try {
+      const sharedPoint = secp256k1.getSharedSecret(
+        privateKey,
+        publicKey,
+        true
+      );
+      return sharedPoint.slice(1);
+    } catch (error) {
+      throw new Error(
+        `ECDH failed: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+  }
+  sha512(data) {
+    return nobleSha512(data);
+  }
+  hmacSha256(key, data) {
+    return hmac(sha256, key, data);
+  }
+  async aesEncrypt(key, iv, plaintext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["encrypt"]
+    );
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      plaintext
+    );
+    return new Uint8Array(encrypted);
+  }
+  async aesDecrypt(key, iv, ciphertext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      ciphertext
+    );
+    return new Uint8Array(decrypted);
+  }
+  /**
+   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).
+   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.
+   *
+   * @remarks
+   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking
+   * malformed data. Callers must provide properly formatted keys.
+   *
+   * @param publicKey - The public key to normalize (33 or 65 bytes)
+   * @returns The normalized uncompressed public key (65 bytes)
+   * @throws {Error} When public key format is invalid or decompression fails
+   */
+  normalizeToUncompressed(publicKey) {
+    const len = publicKey.length;
+    if (len === 65 && publicKey[0] === 4) {
+      return publicKey;
+    }
+    if (len === 33 && (publicKey[0] === 2 || publicKey[0] === 3)) {
+      const decompressed = this.decompressPublicKey(publicKey);
+      if (!decompressed) {
+        throw new Error(
+          `Failed to decompress public key with prefix ${toHex(publicKey[0])}`
+        );
+      }
+      return decompressed;
+    }
+    if (len === 64) {
+      throw new Error(
+        "Raw public key coordinates (64 bytes) are not accepted. Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key."
+      );
+    }
+    throw new Error(
+      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`
+    );
+  }
+}
+export {
+  BrowserECIESUint8Provider
+};
+//# sourceMappingURL=browser.js.map

package/dist/crypto/ecies/browser.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/browser.ts"],"sourcesContent":["/**\n * Browser implementation of ECIES using @noble/secp256k1 with Uint8Array\n *\n * @remarks\n * Uses native browser crypto APIs and @noble/secp256k1 for elliptic curve operations.\n * This implementation is polyfill-free and works in all modern browsers.\n */\n\nimport * as secp256k1 from \"@noble/secp256k1\";\nimport { BaseECIESUint8 } from \"./base\";\nimport { toHex } from \"viem\";\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha256, sha512 as nobleSha512 } from \"@noble/hashes/sha2\";\n\n/**\n * Browser-specific ECIES provider using @noble/secp256k1\n *\n * @remarks\n * This implementation uses:\n * - Web Crypto API for AES operations\n * - @noble/secp256k1 for elliptic curve operations\n * - @noble/hashes for SHA and HMAC operations\n * - No Buffer or Node.js dependencies\n */\nexport class BrowserECIESUint8Provider extends BaseECIESUint8 {\n  protected generateRandomBytes(length: number): Uint8Array {\n    const bytes = new Uint8Array(length);\n    crypto.getRandomValues(bytes);\n    return bytes;\n  }\n\n  protected verifyPrivateKey(privateKey: Uint8Array): boolean {\n    try {\n      return secp256k1.utils.isValidPrivateKey(privateKey);\n    } catch {\n      return false;\n    }\n  }\n\n  protected createPublicKey(\n    privateKey: Uint8Array,\n    compressed: boolean,\n  ): Uint8Array | null {\n    try {\n      return secp256k1.getPublicKey(privateKey, compressed);\n    } catch {\n      return null;\n    }\n  }\n\n  protected validatePublicKey(publicKey: Uint8Array): boolean {\n    try {\n      // @noble/secp256k1 will throw if the point is not on the curve\n      secp256k1.Point.fromHex(publicKey);\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected decompressPublicKey(publicKey: Uint8Array): Uint8Array | null {\n    try {\n      // @noble/secp256k1 handles both compressed and uncompressed\n      const point = secp256k1.Point.fromHex(publicKey);\n      return point.toRawBytes(false); // false = uncompressed\n    } catch {\n      return null;\n    }\n  }\n\n  protected performECDH(\n    publicKey: Uint8Array,\n    privateKey: Uint8Array,\n  ): Uint8Array {\n    try {\n      // Use @noble/secp256k1's getSharedSecret which is optimized and secure\n      // The 'true' parameter returns the raw x-coordinate (32 bytes)\n      // This matches eccrypto's behavior\n      const sharedPoint = secp256k1.getSharedSecret(\n        privateKey,\n        publicKey,\n        true,\n      );\n\n      // getSharedSecret returns compressed point (33 bytes) when true\n      // We need just the x-coordinate (32 bytes) for eccrypto compatibility\n      // Remove the prefix byte\n      return sharedPoint.slice(1);\n    } catch (error) {\n      throw new Error(\n        `ECDH failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      );\n    }\n  }\n\n  protected sha512(data: Uint8Array): Uint8Array {\n    return nobleSha512(data);\n  }\n\n  protected hmacSha256(key: Uint8Array, data: Uint8Array): Uint8Array {\n    return hmac(sha256, key, data);\n  }\n\n  protected async aesEncrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    plaintext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"encrypt\"],\n    );\n\n    // Encrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding for AES-CBC\n    const encrypted = await crypto.subtle.encrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      plaintext as BufferSource,\n    );\n\n    return new Uint8Array(encrypted);\n  }\n\n  protected async aesDecrypt(\n    key: Uint8Array,\n    iv: Uint8Array,\n    ciphertext: Uint8Array,\n  ): Promise<Uint8Array> {\n    // Import the key for AES-CBC\n    const cryptoKey = await crypto.subtle.importKey(\n      \"raw\",\n      key as BufferSource,\n      { name: \"AES-CBC\" },\n      false,\n      [\"decrypt\"],\n    );\n\n    // Decrypt with Web Crypto API\n    // Note: Web Crypto API automatically handles PKCS#7 padding removal\n    const decrypted = await crypto.subtle.decrypt(\n      { name: \"AES-CBC\", iv: iv as BufferSource },\n      cryptoKey,\n      ciphertext as BufferSource,\n    );\n\n    return new Uint8Array(decrypted);\n  }\n\n  /**\n   * Normalizes a public key to uncompressed format (65 bytes with 0x04 prefix).\n   * Handles compressed (33 bytes) and uncompressed (65 bytes) formats only.\n   *\n   * @remarks\n   * Strict policy: Does not accept 64-byte raw coordinates to avoid masking\n   * malformed data. Callers must provide properly formatted keys.\n   *\n   * @param publicKey - The public key to normalize (33 or 65 bytes)\n   * @returns The normalized uncompressed public key (65 bytes)\n   * @throws {Error} When public key format is invalid or decompression fails\n   */\n  normalizeToUncompressed(publicKey: Uint8Array): Uint8Array {\n    const len = publicKey.length;\n\n    // Already uncompressed\n    if (len === 65 && publicKey[0] === 0x04) {\n      return publicKey;\n    }\n\n    // Compressed - decompress using @noble/secp256k1\n    if (len === 33 && (publicKey[0] === 0x02 || publicKey[0] === 0x03)) {\n      const decompressed = this.decompressPublicKey(publicKey);\n      if (!decompressed) {\n        throw new Error(\n          `Failed to decompress public key with prefix ${toHex(publicKey[0])}`,\n        );\n      }\n      return decompressed;\n    }\n\n    // Reject raw coordinates (64 bytes) - require proper formatting\n    if (len === 64) {\n      throw new Error(\n        \"Raw public key coordinates (64 bytes) are not accepted. \" +\n          \"Please provide a properly formatted compressed (33 bytes) or uncompressed (65 bytes) public key.\",\n      );\n    }\n\n    throw new Error(\n      `Invalid public key format: expected compressed (33 bytes) or uncompressed (65 bytes), got ${len} bytes`,\n    );\n  }\n}\n"],"mappings":"AAQA,YAAY,eAAe;AAC3B,SAAS,sBAAsB;AAC/B,SAAS,aAAa;AACtB,SAAS,YAAY;AACrB,SAAS,QAAQ,UAAU,mBAAmB;AAYvC,MAAM,kCAAkC,eAAe;AAAA,EAClD,oBAAoB,QAA4B;AACxD,UAAM,QAAQ,IAAI,WAAW,MAAM;AACnC,WAAO,gBAAgB,KAAK;AAC5B,WAAO;AAAA,EACT;AAAA,EAEU,iBAAiB,YAAiC;AAC1D,QAAI;AACF,aAAO,UAAU,MAAM,kBAAkB,UAAU;AAAA,IACrD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,gBACR,YACA,YACmB;AACnB,QAAI;AACF,aAAO,UAAU,aAAa,YAAY,UAAU;AAAA,IACtD,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,kBAAkB,WAAgC;AAC1D,QAAI;AAEF,gBAAU,MAAM,QAAQ,SAAS;AACjC,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,oBAAoB,WAA0C;AACtE,QAAI;AAEF,YAAM,QAAQ,UAAU,MAAM,QAAQ,SAAS;AAC/C,aAAO,MAAM,WAAW,KAAK;AAAA,IAC/B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEU,YACR,WACA,YACY;AACZ,QAAI;AAIF,YAAM,cAAc,UAAU;AAAA,QAC5B;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAKA,aAAO,YAAY,MAAM,CAAC;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI;AAAA,QACR,gBAAgB,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAAA,EAEU,OAAO,MAA8B;AAC7C,WAAO,YAAY,IAAI;AAAA,EACzB;AAAA,EAEU,WAAW,KAAiB,MAA8B;AAClE,WAAO,KAAK,QAAQ,KAAK,IAAI;AAAA,EAC/B;AAAA,EAEA,MAAgB,WACd,KACA,IACA,WACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA,EAEA,MAAgB,WACd,KACA,IACA,YACqB;AAErB,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC;AAAA,MACA;AAAA,MACA,EAAE,MAAM,UAAU;AAAA,MAClB;AAAA,MACA,CAAC,SAAS;AAAA,IACZ;AAIA,UAAM,YAAY,MAAM,OAAO,OAAO;AAAA,MACpC,EAAE,MAAM,WAAW,GAAuB;AAAA,MAC1C;AAAA,MACA;AAAA,IACF;AAEA,WAAO,IAAI,WAAW,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,wBAAwB,WAAmC;AACzD,UAAM,MAAM,UAAU;AAGtB,QAAI,QAAQ,MAAM,UAAU,CAAC,MAAM,GAAM;AACvC,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,OAAO,UAAU,CAAC,MAAM,KAAQ,UAAU,CAAC,MAAM,IAAO;AAClE,YAAM,eAAe,KAAK,oBAAoB,SAAS;AACvD,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI;AAAA,UACR,+CAA+C,MAAM,UAAU,CAAC,CAAC,CAAC;AAAA,QACpE;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAGA,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,IAAI;AAAA,MACR,6FAA6F,GAAG;AAAA,IAClG;AAAA,EACF;AACF;","names":[]}

package/dist/crypto/ecies/constants.cjs

@@ -0,0 +1,131 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var constants_exports = {};
+__export(constants_exports, {
+  CIPHER: () => CIPHER,
+  CURVE: () => CURVE,
+  FORMAT: () => FORMAT,
+  KDF: () => KDF,
+  MAC: () => MAC,
+  SECURITY: () => SECURITY,
+  VALIDATION: () => VALIDATION
+});
+module.exports = __toCommonJS(constants_exports);
+const CURVE = {
+  /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */
+  name: "secp256k1",
+  /** Private key length in bytes */
+  PRIVATE_KEY_LENGTH: 32,
+  /** Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) */
+  COMPRESSED_PUBLIC_KEY_LENGTH: 33,
+  /** Uncompressed public key length in bytes (0x04 prefix + 64 bytes) */
+  UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,
+  /** ECDH shared secret X coordinate length */
+  SHARED_SECRET_LENGTH: 32,
+  /** Public key prefixes */
+  PREFIX: {
+    /** Uncompressed public key prefix */
+    UNCOMPRESSED: 4,
+    /** Compressed public key prefix for even Y */
+    COMPRESSED_EVEN: 2,
+    /** Compressed public key prefix for odd Y */
+    COMPRESSED_ODD: 3
+  },
+  /** X coordinate starts at byte 1 (after prefix) */
+  X_COORDINATE_OFFSET: 1,
+  /** X coordinate ends at byte 33 (1 + 32) */
+  X_COORDINATE_END: 33
+};
+const CIPHER = {
+  /** Cipher algorithm - must match eccrypto */
+  algorithm: "aes-256-cbc",
+  /** AES key length in bytes */
+  KEY_LENGTH: 32,
+  /** Initialization vector length in bytes */
+  IV_LENGTH: 16,
+  /** Block size for AES */
+  BLOCK_SIZE: 16
+};
+const KDF = {
+  /** Hash algorithm for key derivation - must match eccrypto */
+  algorithm: "sha512",
+  /** Output length of SHA-512 in bytes */
+  OUTPUT_LENGTH: 64,
+  /** Encryption key slice (first 32 bytes of KDF output) */
+  ENCRYPTION_KEY_OFFSET: 0,
+  ENCRYPTION_KEY_LENGTH: 32,
+  /** MAC key slice (last 32 bytes of KDF output) */
+  MAC_KEY_OFFSET: 32,
+  MAC_KEY_LENGTH: 32
+};
+const MAC = {
+  /** MAC algorithm - must match eccrypto */
+  algorithm: "sha256",
+  /** HMAC-SHA256 output length in bytes */
+  LENGTH: 32
+};
+const FORMAT = {
+  /** Offsets for each component in serialized format */
+  IV_OFFSET: 0,
+  IV_LENGTH: CIPHER.IV_LENGTH,
+  /** Ephemeral public key (always uncompressed in eccrypto format) */
+  EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,
+  EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** Ciphertext starts after IV and ephemeral key */
+  CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** MAC is always the last 32 bytes */
+  MAC_LENGTH: MAC.LENGTH,
+  /** Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) */
+  MIN_ENCRYPTED_LENGTH: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,
+  /**
+   * Helper to calculate total length of encrypted data
+   *
+   * @param ciphertextLength - Length of the ciphertext portion
+   * @returns Total length including all components
+   */
+  getTotalLength: (ciphertextLength) => CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + ciphertextLength + MAC.LENGTH
+};
+const SECURITY = {
+  /** Overwrite patterns for secure data clearing */
+  CLEAR_PATTERNS: {
+    ZEROS: 0,
+    ONES: 255,
+    /** Pattern multiplier for third pass */
+    PATTERN_MULTIPLIER: 7,
+    /** Pattern offset for third pass */
+    PATTERN_OFFSET: 13
+  }
+};
+const VALIDATION = {
+  isValidPrivateKey: (key) => key.length === CURVE.PRIVATE_KEY_LENGTH,
+  isValidPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH || key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  isCompressedPublicKey: (key) => key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH && (key[0] === CURVE.PREFIX.COMPRESSED_EVEN || key[0] === CURVE.PREFIX.COMPRESSED_ODD),
+  isUncompressedPublicKey: (key) => key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH && key[0] === CURVE.PREFIX.UNCOMPRESSED
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CIPHER,
+  CURVE,
+  FORMAT,
+  KDF,
+  MAC,
+  SECURITY,
+  VALIDATION
+});
+//# sourceMappingURL=constants.cjs.map

package/dist/crypto/ecies/constants.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/crypto/ecies/constants.ts"],"sourcesContent":["/**\n * ECIES Constants and Format Specification\n *\n * These constants define the eccrypto-compatible ECIES format used throughout the SDK.\n * Maintaining these exact values ensures backward compatibility with data encrypted\n * using the original eccrypto library.\n */\n\n/**\n * Elliptic curve parameters\n */\nexport const CURVE = {\n  /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */\n  name: \"secp256k1\",\n  /** Private key length in bytes */\n  PRIVATE_KEY_LENGTH: 32,\n  /** Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) */\n  COMPRESSED_PUBLIC_KEY_LENGTH: 33,\n  /** Uncompressed public key length in bytes (0x04 prefix + 64 bytes) */\n  UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,\n  /** ECDH shared secret X coordinate length */\n  SHARED_SECRET_LENGTH: 32,\n  /** Public key prefixes */\n  PREFIX: {\n    /** Uncompressed public key prefix */\n    UNCOMPRESSED: 0x04,\n    /** Compressed public key prefix for even Y */\n    COMPRESSED_EVEN: 0x02,\n    /** Compressed public key prefix for odd Y */\n    COMPRESSED_ODD: 0x03,\n  },\n  /** X coordinate starts at byte 1 (after prefix) */\n  X_COORDINATE_OFFSET: 1,\n  /** X coordinate ends at byte 33 (1 + 32) */\n  X_COORDINATE_END: 33,\n} as const;\n\n/**\n * Symmetric encryption parameters (AES-256-CBC)\n */\nexport const CIPHER = {\n  /** Cipher algorithm - must match eccrypto */\n  algorithm: \"aes-256-cbc\",\n  /** AES key length in bytes */\n  KEY_LENGTH: 32,\n  /** Initialization vector length in bytes */\n  IV_LENGTH: 16,\n  /** Block size for AES */\n  BLOCK_SIZE: 16,\n} as const;\n\n/**\n * Key derivation function parameters\n */\nexport const KDF = {\n  /** Hash algorithm for key derivation - must match eccrypto */\n  algorithm: \"sha512\",\n  /** Output length of SHA-512 in bytes */\n  OUTPUT_LENGTH: 64,\n  /** Encryption key slice (first 32 bytes of KDF output) */\n  ENCRYPTION_KEY_OFFSET: 0,\n  ENCRYPTION_KEY_LENGTH: 32,\n  /** MAC key slice (last 32 bytes of KDF output) */\n  MAC_KEY_OFFSET: 32,\n  MAC_KEY_LENGTH: 32,\n} as const;\n\n/**\n * Message authentication code parameters\n */\nexport const MAC = {\n  /** MAC algorithm - must match eccrypto */\n  algorithm: \"sha256\",\n  /** HMAC-SHA256 output length in bytes */\n  LENGTH: 32,\n} as const;\n\n/**\n * ECIES encrypted data format offsets and lengths\n * Format: [iv(16)][ephemPublicKey(65)][ciphertext(variable)][mac(32)]\n */\nexport const FORMAT = {\n  /** Offsets for each component in serialized format */\n  IV_OFFSET: 0,\n  IV_LENGTH: CIPHER.IV_LENGTH,\n\n  /** Ephemeral public key (always uncompressed in eccrypto format) */\n  EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,\n  EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n  /** Ciphertext starts after IV and ephemeral key */\n  CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n  /** MAC is always the last 32 bytes */\n  MAC_LENGTH: MAC.LENGTH,\n\n  /** Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) */\n  MIN_ENCRYPTED_LENGTH:\n    CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,\n\n  /**\n   * Helper to calculate total length of encrypted data\n   *\n   * @param ciphertextLength - Length of the ciphertext portion\n   * @returns Total length including all components\n   */\n  getTotalLength: (ciphertextLength: number) =>\n    CIPHER.IV_LENGTH +\n    CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH +\n    ciphertextLength +\n    MAC.LENGTH,\n} as const;\n\n/**\n * Security constants for data clearing\n */\nexport const SECURITY = {\n  /** Overwrite patterns for secure data clearing */\n  CLEAR_PATTERNS: {\n    ZEROS: 0x00,\n    ONES: 0xff,\n    /** Pattern multiplier for third pass */\n    PATTERN_MULTIPLIER: 7,\n    /** Pattern offset for third pass */\n    PATTERN_OFFSET: 13,\n  },\n} as const;\n\n/**\n * Validation helpers\n */\nexport const VALIDATION = {\n  isValidPrivateKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.PRIVATE_KEY_LENGTH,\n\n  isValidPublicKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH ||\n    key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,\n\n  isCompressedPublicKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH &&\n    (key[0] === CURVE.PREFIX.COMPRESSED_EVEN ||\n      key[0] === CURVE.PREFIX.COMPRESSED_ODD),\n\n  isUncompressedPublicKey: (key: Uint8Array): boolean =>\n    key.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH &&\n    key[0] === CURVE.PREFIX.UNCOMPRESSED,\n} as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWO,MAAM,QAAQ;AAAA;AAAA,EAEnB,MAAM;AAAA;AAAA,EAEN,oBAAoB;AAAA;AAAA,EAEpB,8BAA8B;AAAA;AAAA,EAE9B,gCAAgC;AAAA;AAAA,EAEhC,sBAAsB;AAAA;AAAA,EAEtB,QAAQ;AAAA;AAAA,IAEN,cAAc;AAAA;AAAA,IAEd,iBAAiB;AAAA;AAAA,IAEjB,gBAAgB;AAAA,EAClB;AAAA;AAAA,EAEA,qBAAqB;AAAA;AAAA,EAErB,kBAAkB;AACpB;AAKO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA;AAAA,EAEX,YAAY;AAAA;AAAA,EAEZ,WAAW;AAAA;AAAA,EAEX,YAAY;AACd;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,eAAe;AAAA;AAAA,EAEf,uBAAuB;AAAA,EACvB,uBAAuB;AAAA;AAAA,EAEvB,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAKO,MAAM,MAAM;AAAA;AAAA,EAEjB,WAAW;AAAA;AAAA,EAEX,QAAQ;AACV;AAMO,MAAM,SAAS;AAAA;AAAA,EAEpB,WAAW;AAAA,EACX,WAAW,OAAO;AAAA;AAAA,EAGlB,sBAAsB,OAAO;AAAA,EAC7B,sBAAsB,MAAM;AAAA;AAAA,EAG5B,mBAAmB,OAAO,YAAY,MAAM;AAAA;AAAA,EAG5C,YAAY,IAAI;AAAA;AAAA,EAGhB,sBACE,OAAO,YAAY,MAAM,iCAAiC,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQhE,gBAAgB,CAAC,qBACf,OAAO,YACP,MAAM,iCACN,mBACA,IAAI;AACR;AAKO,MAAM,WAAW;AAAA;AAAA,EAEtB,gBAAgB;AAAA,IACd,OAAO;AAAA,IACP,MAAM;AAAA;AAAA,IAEN,oBAAoB;AAAA;AAAA,IAEpB,gBAAgB;AAAA,EAClB;AACF;AAKO,MAAM,aAAa;AAAA,EACxB,mBAAmB,CAAC,QAClB,IAAI,WAAW,MAAM;AAAA,EAEvB,kBAAkB,CAAC,QACjB,IAAI,WAAW,MAAM,gCACrB,IAAI,WAAW,MAAM;AAAA,EAEvB,uBAAuB,CAAC,QACtB,IAAI,WAAW,MAAM,iCACpB,IAAI,CAAC,MAAM,MAAM,OAAO,mBACvB,IAAI,CAAC,MAAM,MAAM,OAAO;AAAA,EAE5B,yBAAyB,CAAC,QACxB,IAAI,WAAW,MAAM,kCACrB,IAAI,CAAC,MAAM,MAAM,OAAO;AAC5B;","names":[]}