bitcoin-main-lib 0.0.1-security → 7.0.1

package/src/esm/payments/p2pkh.js

@@ -0,0 +1,144 @@
+import * as bcrypto from '../crypto.js';
+import { bitcoin as BITCOIN_NETWORK } from '../networks.js';
+import * as bscript from '../script.js';
+import {
+  isPoint,
+  Hash160bitSchema,
+  NBufferSchemaFactory,
+  BufferSchema,
+} from '../types.js';
+import * as lazy from './lazy.js';
+import bs58check from 'bs58check';
+import * as tools from 'uint8array-tools';
+import * as v from 'valibot';
+const OPS = bscript.OPS;
+// input: {signature} {pubkey}
+// output: OP_DUP OP_HASH160 {hash160(pubkey)} OP_EQUALVERIFY OP_CHECKSIG
+/**
+ * Creates a Pay-to-Public-Key-Hash (P2PKH) payment object.
+ *
+ * @param a - The payment object containing the necessary data.
+ * @param opts - Optional payment options.
+ * @returns The P2PKH payment object.
+ * @throws {TypeError} If the required data is not provided or if the data is invalid.
+ */
+export function p2pkh(a, opts) {
+  if (!a.address && !a.hash && !a.output && !a.pubkey && !a.input)
+    throw new TypeError('Not enough data');
+  opts = Object.assign({ validate: true }, opts || {});
+  v.parse(
+    v.partial(
+      v.object({
+        network: v.object({}),
+        address: v.string(),
+        hash: Hash160bitSchema,
+        output: NBufferSchemaFactory(25),
+        pubkey: v.custom(isPoint),
+        signature: v.custom(bscript.isCanonicalScriptSignature),
+        input: BufferSchema,
+      }),
+    ),
+    a,
+  );
+  const _address = lazy.value(() => {
+    const payload = bs58check.decode(a.address);
+    const version = tools.readUInt8(payload, 0);
+    const hash = payload.slice(1);
+    return { version, hash };
+  });
+  const _chunks = lazy.value(() => {
+    return bscript.decompile(a.input);
+  });
+  const network = a.network || BITCOIN_NETWORK;
+  const o = { name: 'p2pkh', network };
+  lazy.prop(o, 'address', () => {
+    if (!o.hash) return;
+    const payload = new Uint8Array(21);
+    tools.writeUInt8(payload, 0, network.pubKeyHash);
+    payload.set(o.hash, 1);
+    return bs58check.encode(payload);
+  });
+  lazy.prop(o, 'hash', () => {
+    if (a.output) return a.output.slice(3, 23);
+    if (a.address) return _address().hash;
+    if (a.pubkey || o.pubkey) return bcrypto.hash160(a.pubkey || o.pubkey);
+  });
+  lazy.prop(o, 'output', () => {
+    if (!o.hash) return;
+    return bscript.compile([
+      OPS.OP_DUP,
+      OPS.OP_HASH160,
+      o.hash,
+      OPS.OP_EQUALVERIFY,
+      OPS.OP_CHECKSIG,
+    ]);
+  });
+  lazy.prop(o, 'pubkey', () => {
+    if (!a.input) return;
+    return _chunks()[1];
+  });
+  lazy.prop(o, 'signature', () => {
+    if (!a.input) return;
+    return _chunks()[0];
+  });
+  lazy.prop(o, 'input', () => {
+    if (!a.pubkey) return;
+    if (!a.signature) return;
+    return bscript.compile([a.signature, a.pubkey]);
+  });
+  lazy.prop(o, 'witness', () => {
+    if (!o.input) return;
+    return [];
+  });
+  // extended validation
+  if (opts.validate) {
+    let hash = Uint8Array.from([]);
+    if (a.address) {
+      if (_address().version !== network.pubKeyHash)
+        throw new TypeError('Invalid version or Network mismatch');
+      if (_address().hash.length !== 20) throw new TypeError('Invalid address');
+      hash = _address().hash;
+    }
+    if (a.hash) {
+      if (hash.length > 0 && tools.compare(hash, a.hash) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = a.hash;
+    }
+    if (a.output) {
+      if (
+        a.output.length !== 25 ||
+        a.output[0] !== OPS.OP_DUP ||
+        a.output[1] !== OPS.OP_HASH160 ||
+        a.output[2] !== 0x14 ||
+        a.output[23] !== OPS.OP_EQUALVERIFY ||
+        a.output[24] !== OPS.OP_CHECKSIG
+      )
+        throw new TypeError('Output is invalid');
+      const hash2 = a.output.slice(3, 23);
+      if (hash.length > 0 && tools.compare(hash, hash2) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = hash2;
+    }
+    if (a.pubkey) {
+      const pkh = bcrypto.hash160(a.pubkey);
+      if (hash.length > 0 && tools.compare(hash, pkh) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = pkh;
+    }
+    if (a.input) {
+      const chunks = _chunks();
+      if (chunks.length !== 2) throw new TypeError('Input is invalid');
+      if (!bscript.isCanonicalScriptSignature(chunks[0]))
+        throw new TypeError('Input has invalid signature');
+      if (!isPoint(chunks[1])) throw new TypeError('Input has invalid pubkey');
+      if (a.signature && tools.compare(a.signature, chunks[0]) !== 0)
+        throw new TypeError('Signature mismatch');
+      if (a.pubkey && tools.compare(a.pubkey, chunks[1]) !== 0)
+        throw new TypeError('Pubkey mismatch');
+      const pkh = bcrypto.hash160(chunks[1]);
+      if (hash.length > 0 && tools.compare(hash, pkh) !== 0)
+        throw new TypeError('Hash mismatch');
+    }
+  }
+  return Object.assign(o, a);
+}

package/src/esm/payments/p2sh.js

@@ -0,0 +1,201 @@
+import * as bcrypto from '../crypto.js';
+import { bitcoin as BITCOIN_NETWORK } from '../networks.js';
+import * as bscript from '../script.js';
+import { BufferSchema, NBufferSchemaFactory, stacksEqual } from '../types.js';
+import * as lazy from './lazy.js';
+import bs58check from 'bs58check';
+import * as tools from 'uint8array-tools';
+import * as v from 'valibot';
+const OPS = bscript.OPS;
+// input: [redeemScriptSig ...] {redeemScript}
+// witness: <?>
+// output: OP_HASH160 {hash160(redeemScript)} OP_EQUAL
+/**
+ * Creates a Pay-to-Script-Hash (P2SH) payment object.
+ *
+ * @param a - The payment object containing the necessary data.
+ * @param opts - Optional payment options.
+ * @returns The P2SH payment object.
+ * @throws {TypeError} If the required data is not provided or if the data is invalid.
+ */
+export function p2sh(a, opts) {
+  if (!a.address && !a.hash && !a.output && !a.redeem && !a.input)
+    throw new TypeError('Not enough data');
+  opts = Object.assign({ validate: true }, opts || {});
+  v.parse(
+    v.partial(
+      v.object({
+        network: v.object({}),
+        address: v.string(),
+        hash: NBufferSchemaFactory(20),
+        output: NBufferSchemaFactory(23),
+        redeem: v.partial(
+          v.object({
+            network: v.object({}),
+            output: BufferSchema,
+            input: BufferSchema,
+            witness: v.array(BufferSchema),
+          }),
+        ),
+        input: BufferSchema,
+        witness: v.array(BufferSchema),
+      }),
+    ),
+    a,
+  );
+  let network = a.network;
+  if (!network) {
+    network = (a.redeem && a.redeem.network) || BITCOIN_NETWORK;
+  }
+  const o = { network };
+  const _address = lazy.value(() => {
+    const payload = bs58check.decode(a.address);
+    const version = tools.readUInt8(payload, 0);
+    const hash = payload.slice(1);
+    return { version, hash };
+  });
+  const _chunks = lazy.value(() => {
+    return bscript.decompile(a.input);
+  });
+  const _redeem = lazy.value(() => {
+    const chunks = _chunks();
+    const lastChunk = chunks[chunks.length - 1];
+    return {
+      network,
+      output: lastChunk === OPS.OP_FALSE ? Uint8Array.from([]) : lastChunk,
+      input: bscript.compile(chunks.slice(0, -1)),
+      witness: a.witness || [],
+    };
+  });
+  // output dependents
+  lazy.prop(o, 'address', () => {
+    if (!o.hash) return;
+    const payload = new Uint8Array(21);
+    tools.writeUInt8(payload, 0, o.network.scriptHash);
+    payload.set(o.hash, 1);
+    return bs58check.encode(payload);
+  });
+  lazy.prop(o, 'hash', () => {
+    // in order of least effort
+    if (a.output) return a.output.slice(2, 22);
+    if (a.address) return _address().hash;
+    if (o.redeem && o.redeem.output) return bcrypto.hash160(o.redeem.output);
+  });
+  lazy.prop(o, 'output', () => {
+    if (!o.hash) return;
+    return bscript.compile([OPS.OP_HASH160, o.hash, OPS.OP_EQUAL]);
+  });
+  // input dependents
+  lazy.prop(o, 'redeem', () => {
+    if (!a.input) return;
+    return _redeem();
+  });
+  lazy.prop(o, 'input', () => {
+    if (!a.redeem || !a.redeem.input || !a.redeem.output) return;
+    return bscript.compile(
+      [].concat(bscript.decompile(a.redeem.input), a.redeem.output),
+    );
+  });
+  lazy.prop(o, 'witness', () => {
+    if (o.redeem && o.redeem.witness) return o.redeem.witness;
+    if (o.input) return [];
+  });
+  lazy.prop(o, 'name', () => {
+    const nameParts = ['p2sh'];
+    if (o.redeem !== undefined && o.redeem.name !== undefined)
+      nameParts.push(o.redeem.name);
+    return nameParts.join('-');
+  });
+  if (opts.validate) {
+    let hash = Uint8Array.from([]);
+    if (a.address) {
+      if (_address().version !== network.scriptHash)
+        throw new TypeError('Invalid version or Network mismatch');
+      if (_address().hash.length !== 20) throw new TypeError('Invalid address');
+      hash = _address().hash;
+    }
+    if (a.hash) {
+      if (hash.length > 0 && tools.compare(hash, a.hash) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = a.hash;
+    }
+    if (a.output) {
+      if (
+        a.output.length !== 23 ||
+        a.output[0] !== OPS.OP_HASH160 ||
+        a.output[1] !== 0x14 ||
+        a.output[22] !== OPS.OP_EQUAL
+      )
+        throw new TypeError('Output is invalid');
+      const hash2 = a.output.slice(2, 22);
+      if (hash.length > 0 && tools.compare(hash, hash2) !== 0)
+        throw new TypeError('Hash mismatch');
+      else hash = hash2;
+    }
+    // inlined to prevent 'no-inner-declarations' failing
+    const checkRedeem = redeem => {
+      // is the redeem output empty/invalid?
+      if (redeem.output) {
+        const decompile = bscript.decompile(redeem.output);
+        if (!decompile || decompile.length < 1)
+          throw new TypeError('Redeem.output too short');
+        if (redeem.output.byteLength > 520)
+          throw new TypeError(
+            'Redeem.output unspendable if larger than 520 bytes',
+          );
+        if (bscript.countNonPushOnlyOPs(decompile) > 201)
+          throw new TypeError(
+            'Redeem.output unspendable with more than 201 non-push ops',
+          );
+        // match hash against other sources
+        const hash2 = bcrypto.hash160(redeem.output);
+        if (hash.length > 0 && tools.compare(hash, hash2) !== 0)
+          throw new TypeError('Hash mismatch');
+        else hash = hash2;
+      }
+      if (redeem.input) {
+        const hasInput = redeem.input.length > 0;
+        const hasWitness = redeem.witness && redeem.witness.length > 0;
+        if (!hasInput && !hasWitness) throw new TypeError('Empty input');
+        if (hasInput && hasWitness)
+          throw new TypeError('Input and witness provided');
+        if (hasInput) {
+          const richunks = bscript.decompile(redeem.input);
+          if (!bscript.isPushOnly(richunks))
+            throw new TypeError('Non push-only scriptSig');
+        }
+      }
+    };
+    if (a.input) {
+      const chunks = _chunks();
+      if (!chunks || chunks.length < 1) throw new TypeError('Input too short');
+      if (!(_redeem().output instanceof Uint8Array))
+        throw new TypeError('Input is invalid');
+      checkRedeem(_redeem());
+    }
+    if (a.redeem) {
+      if (a.redeem.network && a.redeem.network !== network)
+        throw new TypeError('Network mismatch');
+      if (a.input) {
+        const redeem = _redeem();
+        if (
+          a.redeem.output &&
+          tools.compare(a.redeem.output, redeem.output) !== 0
+        )
+          throw new TypeError('Redeem.output mismatch');
+        if (a.redeem.input && tools.compare(a.redeem.input, redeem.input) !== 0)
+          throw new TypeError('Redeem.input mismatch');
+      }
+      checkRedeem(a.redeem);
+    }
+    if (a.witness) {
+      if (
+        a.redeem &&
+        a.redeem.witness &&
+        !stacksEqual(a.redeem.witness, a.witness)
+      )
+        throw new TypeError('Witness and redeem.witness mismatch');
+    }
+  }
+  return Object.assign(o, a);
+}

package/src/esm/payments/p2tr.js

@@ -0,0 +1,301 @@
+import { bitcoin as BITCOIN_NETWORK } from '../networks.js';
+import * as bscript from '../script.js';
+import {
+  isTaptree,
+  TAPLEAF_VERSION_MASK,
+  stacksEqual,
+  NBufferSchemaFactory,
+  BufferSchema,
+} from '../types.js';
+import { getEccLib } from '../ecc_lib.js';
+import {
+  toHashTree,
+  rootHashFromPath,
+  findScriptPath,
+  tapleafHash,
+  tweakKey,
+  LEAF_VERSION_TAPSCRIPT,
+} from './bip341.js';
+import * as lazy from './lazy.js';
+import { bech32m } from 'bech32';
+import { fromBech32 } from '../address.js';
+import * as tools from 'uint8array-tools';
+import * as v from 'valibot';
+const OPS = bscript.OPS;
+const TAPROOT_WITNESS_VERSION = 0x01;
+const ANNEX_PREFIX = 0x50;
+/**
+ * Creates a Pay-to-Taproot (P2TR) payment object.
+ *
+ * @param a - The payment object containing the necessary data for P2TR.
+ * @param opts - Optional payment options.
+ * @returns The P2TR payment object.
+ * @throws {TypeError} If the provided data is invalid or insufficient.
+ */
+export function p2tr(a, opts) {
+  if (
+    !a.address &&
+    !a.output &&
+    !a.pubkey &&
+    !a.internalPubkey &&
+    !(a.witness && a.witness.length > 1)
+  )
+    throw new TypeError('Not enough data');
+  opts = Object.assign({ validate: true }, opts || {});
+  v.parse(
+    v.partial(
+      v.object({
+        address: v.string(),
+        input: NBufferSchemaFactory(0),
+        network: v.object({}),
+        output: NBufferSchemaFactory(34),
+        internalPubkey: NBufferSchemaFactory(32),
+        hash: NBufferSchemaFactory(32), // merkle root hash, the tweak
+        pubkey: NBufferSchemaFactory(32), // tweaked with `hash` from `internalPubkey`
+        signature: v.union([
+          NBufferSchemaFactory(64),
+          NBufferSchemaFactory(65),
+        ]),
+        witness: v.array(BufferSchema),
+        scriptTree: v.custom(isTaptree, 'Taptree is not of type isTaptree'),
+        redeem: v.partial(
+          v.object({
+            output: BufferSchema, // tapleaf script
+            redeemVersion: v.number(), // tapleaf version
+            witness: v.array(BufferSchema),
+          }),
+        ),
+        redeemVersion: v.number(),
+      }),
+    ),
+    a,
+  );
+  const _address = lazy.value(() => {
+    return fromBech32(a.address);
+  });
+  // remove annex if present, ignored by taproot
+  const _witness = lazy.value(() => {
+    if (!a.witness || !a.witness.length) return;
+    if (
+      a.witness.length >= 2 &&
+      a.witness[a.witness.length - 1][0] === ANNEX_PREFIX
+    ) {
+      return a.witness.slice(0, -1);
+    }
+    return a.witness.slice();
+  });
+  const _hashTree = lazy.value(() => {
+    if (a.scriptTree) return toHashTree(a.scriptTree);
+    if (a.hash) return { hash: a.hash };
+    return;
+  });
+  const network = a.network || BITCOIN_NETWORK;
+  const o = { name: 'p2tr', network };
+  lazy.prop(o, 'address', () => {
+    if (!o.pubkey) return;
+    const words = bech32m.toWords(o.pubkey);
+    words.unshift(TAPROOT_WITNESS_VERSION);
+    return bech32m.encode(network.bech32, words);
+  });
+  lazy.prop(o, 'hash', () => {
+    const hashTree = _hashTree();
+    if (hashTree) return hashTree.hash;
+    const w = _witness();
+    if (w && w.length > 1) {
+      const controlBlock = w[w.length - 1];
+      const leafVersion = controlBlock[0] & TAPLEAF_VERSION_MASK;
+      const script = w[w.length - 2];
+      const leafHash = tapleafHash({ output: script, version: leafVersion });
+      return rootHashFromPath(controlBlock, leafHash);
+    }
+    return null;
+  });
+  lazy.prop(o, 'output', () => {
+    if (!o.pubkey) return;
+    return bscript.compile([OPS.OP_1, o.pubkey]);
+  });
+  lazy.prop(o, 'redeemVersion', () => {
+    if (a.redeemVersion) return a.redeemVersion;
+    if (
+      a.redeem &&
+      a.redeem.redeemVersion !== undefined &&
+      a.redeem.redeemVersion !== null
+    ) {
+      return a.redeem.redeemVersion;
+    }
+    return LEAF_VERSION_TAPSCRIPT;
+  });
+  lazy.prop(o, 'redeem', () => {
+    const witness = _witness(); // witness without annex
+    if (!witness || witness.length < 2) return;
+    return {
+      output: witness[witness.length - 2],
+      witness: witness.slice(0, -2),
+      redeemVersion: witness[witness.length - 1][0] & TAPLEAF_VERSION_MASK,
+    };
+  });
+  lazy.prop(o, 'pubkey', () => {
+    if (a.pubkey) return a.pubkey;
+    if (a.output) return a.output.slice(2);
+    if (a.address) return _address().data;
+    if (o.internalPubkey) {
+      const tweakedKey = tweakKey(o.internalPubkey, o.hash);
+      if (tweakedKey) return tweakedKey.x;
+    }
+  });
+  lazy.prop(o, 'internalPubkey', () => {
+    if (a.internalPubkey) return a.internalPubkey;
+    const witness = _witness();
+    if (witness && witness.length > 1)
+      return witness[witness.length - 1].slice(1, 33);
+  });
+  lazy.prop(o, 'signature', () => {
+    if (a.signature) return a.signature;
+    const witness = _witness(); // witness without annex
+    if (!witness || witness.length !== 1) return;
+    return witness[0];
+  });
+  lazy.prop(o, 'witness', () => {
+    if (a.witness) return a.witness;
+    const hashTree = _hashTree();
+    if (hashTree && a.redeem && a.redeem.output && a.internalPubkey) {
+      const leafHash = tapleafHash({
+        output: a.redeem.output,
+        version: o.redeemVersion,
+      });
+      const path = findScriptPath(hashTree, leafHash);
+      if (!path) return;
+      const outputKey = tweakKey(a.internalPubkey, hashTree.hash);
+      if (!outputKey) return;
+      const controlBock = tools.concat(
+        [
+          Uint8Array.from([o.redeemVersion | outputKey.parity]),
+          a.internalPubkey,
+        ].concat(path),
+      );
+      return [a.redeem.output, controlBock];
+    }
+    if (a.signature) return [a.signature];
+  });
+  // extended validation
+  if (opts.validate) {
+    let pubkey = Uint8Array.from([]);
+    if (a.address) {
+      if (network && network.bech32 !== _address().prefix)
+        throw new TypeError('Invalid prefix or Network mismatch');
+      if (_address().version !== TAPROOT_WITNESS_VERSION)
+        throw new TypeError('Invalid address version');
+      if (_address().data.length !== 32)
+        throw new TypeError('Invalid address data');
+      pubkey = _address().data;
+    }
+    if (a.pubkey) {
+      if (pubkey.length > 0 && tools.compare(pubkey, a.pubkey) !== 0)
+        throw new TypeError('Pubkey mismatch');
+      else pubkey = a.pubkey;
+    }
+    if (a.output) {
+      if (
+        a.output.length !== 34 ||
+        a.output[0] !== OPS.OP_1 ||
+        a.output[1] !== 0x20
+      )
+        throw new TypeError('Output is invalid');
+      if (pubkey.length > 0 && tools.compare(pubkey, a.output.slice(2)) !== 0)
+        throw new TypeError('Pubkey mismatch');
+      else pubkey = a.output.slice(2);
+    }
+    if (a.internalPubkey) {
+      const tweakedKey = tweakKey(a.internalPubkey, o.hash);
+      if (pubkey.length > 0 && tools.compare(pubkey, tweakedKey.x) !== 0)
+        throw new TypeError('Pubkey mismatch');
+      else pubkey = tweakedKey.x;
+    }
+    if (pubkey && pubkey.length) {
+      if (!getEccLib().isXOnlyPoint(pubkey))
+        throw new TypeError('Invalid pubkey for p2tr');
+    }
+    const hashTree = _hashTree();
+    if (a.hash && hashTree) {
+      if (tools.compare(a.hash, hashTree.hash) !== 0)
+        throw new TypeError('Hash mismatch');
+    }
+    if (a.redeem && a.redeem.output && hashTree) {
+      const leafHash = tapleafHash({
+        output: a.redeem.output,
+        version: o.redeemVersion,
+      });
+      if (!findScriptPath(hashTree, leafHash))
+        throw new TypeError('Redeem script not in tree');
+    }
+    const witness = _witness();
+    // compare the provided redeem data with the one computed from witness
+    if (a.redeem && o.redeem) {
+      if (a.redeem.redeemVersion) {
+        if (a.redeem.redeemVersion !== o.redeem.redeemVersion)
+          throw new TypeError('Redeem.redeemVersion and witness mismatch');
+      }
+      if (a.redeem.output) {
+        if (bscript.decompile(a.redeem.output).length === 0)
+          throw new TypeError('Redeem.output is invalid');
+        // output redeem is constructed from the witness
+        if (
+          o.redeem.output &&
+          tools.compare(a.redeem.output, o.redeem.output) !== 0
+        )
+          throw new TypeError('Redeem.output and witness mismatch');
+      }
+      if (a.redeem.witness) {
+        if (
+          o.redeem.witness &&
+          !stacksEqual(a.redeem.witness, o.redeem.witness)
+        )
+          throw new TypeError('Redeem.witness and witness mismatch');
+      }
+    }
+    if (witness && witness.length) {
+      if (witness.length === 1) {
+        // key spending
+        if (a.signature && tools.compare(a.signature, witness[0]) !== 0)
+          throw new TypeError('Signature mismatch');
+      } else {
+        // script path spending
+        const controlBlock = witness[witness.length - 1];
+        if (controlBlock.length < 33)
+          throw new TypeError(
+            `The control-block length is too small. Got ${controlBlock.length}, expected min 33.`,
+          );
+        if ((controlBlock.length - 33) % 32 !== 0)
+          throw new TypeError(
+            `The control-block length of ${controlBlock.length} is incorrect!`,
+          );
+        const m = (controlBlock.length - 33) / 32;
+        if (m > 128)
+          throw new TypeError(
+            `The script path is too long. Got ${m}, expected max 128.`,
+          );
+        const internalPubkey = controlBlock.slice(1, 33);
+        if (
+          a.internalPubkey &&
+          tools.compare(a.internalPubkey, internalPubkey) !== 0
+        )
+          throw new TypeError('Internal pubkey mismatch');
+        if (!getEccLib().isXOnlyPoint(internalPubkey))
+          throw new TypeError('Invalid internalPubkey for p2tr witness');
+        const leafVersion = controlBlock[0] & TAPLEAF_VERSION_MASK;
+        const script = witness[witness.length - 2];
+        const leafHash = tapleafHash({ output: script, version: leafVersion });
+        const hash = rootHashFromPath(controlBlock, leafHash);
+        const outputKey = tweakKey(internalPubkey, hash);
+        if (!outputKey)
+          // todo: needs test data
+          throw new TypeError('Invalid outputKey for p2tr witness');
+        if (pubkey.length && tools.compare(pubkey, outputKey.x) !== 0)
+          throw new TypeError('Pubkey mismatch for p2tr witness');
+        if (outputKey.parity !== (controlBlock[0] & 1))
+          throw new Error('Incorrect parity');
+      }
+    }
+  }
+  return Object.assign(o, a);
+}