shogun-core 5.2.0 → 5.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (186) hide show
  1. package/README.md +145 -1143
  2. package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js +1220 -0
  3. package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js.map +1 -0
  4. package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js +844 -0
  5. package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js.map +1 -0
  6. package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js +2335 -0
  7. package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js.map +1 -0
  8. package/dist/browser/defaultVendors-node_modules_noble_ciphers_chacha_js.shogun-core.js +999 -0
  9. package/dist/browser/defaultVendors-node_modules_noble_ciphers_chacha_js.shogun-core.js.map +1 -0
  10. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_curve_js-node_modules_noble_curves_esm_-1ce4ed.shogun-core.js +1651 -0
  11. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_curve_js-node_modules_noble_curves_esm_-1ce4ed.shogun-core.js.map +1 -0
  12. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_edwards_js-node_modules_noble_curves_es-a82056.shogun-core.js +825 -0
  13. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_edwards_js-node_modules_noble_curves_es-a82056.shogun-core.js.map +1 -0
  14. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed25519_js.shogun-core.js +508 -0
  15. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed25519_js.shogun-core.js.map +1 -0
  16. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js +747 -0
  17. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js.map +1 -0
  18. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_nist_js.shogun-core.js +1608 -0
  19. package/dist/browser/defaultVendors-node_modules_noble_curves_esm_nist_js.shogun-core.js.map +1 -0
  20. package/dist/browser/defaultVendors-node_modules_noble_post-quantum_ml-dsa_js.shogun-core.js +2117 -0
  21. package/dist/browser/defaultVendors-node_modules_noble_post-quantum_ml-dsa_js.shogun-core.js.map +1 -0
  22. package/dist/browser/defaultVendors-node_modules_openpgp_dist_openpgp_min_mjs.shogun-core.js +86 -0
  23. package/dist/browser/defaultVendors-node_modules_openpgp_dist_openpgp_min_mjs.shogun-core.js.map +1 -0
  24. package/dist/browser/node_modules_hpke_ml-kem_esm_mod_js.shogun-core.js +539 -0
  25. package/dist/browser/node_modules_hpke_ml-kem_esm_mod_js.shogun-core.js.map +1 -0
  26. package/dist/browser/shogun-core.js +160386 -0
  27. package/dist/browser/shogun-core.js.map +1 -0
  28. package/dist/config/simplified-config.js +236 -0
  29. package/dist/core.js +329 -0
  30. package/dist/crypto/asymmetric.js +99 -0
  31. package/dist/crypto/double-ratchet.js +370 -0
  32. package/dist/crypto/file-encryption.js +213 -0
  33. package/dist/crypto/hashing.js +87 -0
  34. package/dist/crypto/index.js +34 -0
  35. package/dist/crypto/mls-codec.js +202 -0
  36. package/dist/crypto/mls.js +550 -0
  37. package/dist/crypto/pgp.js +390 -0
  38. package/dist/crypto/random-generation.js +341 -0
  39. package/dist/crypto/sframe.js +350 -0
  40. package/dist/crypto/signal-protocol.js +376 -0
  41. package/dist/crypto/symmetric.js +91 -0
  42. package/dist/crypto/types.js +2 -0
  43. package/dist/crypto/utils.js +140 -0
  44. package/dist/examples/auth-test.js +253 -0
  45. package/dist/examples/crypto-identity-example.js +151 -0
  46. package/dist/examples/crypto-working-test.js +83 -0
  47. package/dist/examples/double-ratchet-test.js +155 -0
  48. package/dist/examples/mls-advanced-example.js +294 -0
  49. package/dist/examples/mls-sframe-test.js +304 -0
  50. package/dist/examples/pgp-example.js +200 -0
  51. package/dist/examples/quick-auth-test.js +61 -0
  52. package/dist/examples/random-generation-test.js +151 -0
  53. package/dist/examples/signal-protocol-test.js +38 -0
  54. package/dist/examples/simple-api-test.js +114 -0
  55. package/dist/examples/simple-crypto-identity-example.js +84 -0
  56. package/dist/examples/timeout-test.js +227 -0
  57. package/dist/examples/zkproof-credentials-example.js +212 -0
  58. package/dist/examples/zkproof-example.js +201 -0
  59. package/dist/gundb/api.js +435 -0
  60. package/dist/gundb/crypto.js +283 -0
  61. package/dist/gundb/db.js +1946 -0
  62. package/dist/gundb/derive.js +232 -0
  63. package/dist/gundb/errors.js +76 -0
  64. package/dist/gundb/index.js +22 -0
  65. package/dist/gundb/rxjs.js +447 -0
  66. package/dist/gundb/types.js +5 -0
  67. package/dist/index.js +58 -0
  68. package/dist/interfaces/common.js +2 -0
  69. package/dist/interfaces/events.js +40 -0
  70. package/dist/interfaces/plugin.js +2 -0
  71. package/dist/interfaces/shogun.js +37 -0
  72. package/dist/managers/AuthManager.js +226 -0
  73. package/dist/managers/CoreInitializer.js +228 -0
  74. package/dist/managers/CryptoIdentityManager.js +366 -0
  75. package/dist/managers/EventManager.js +70 -0
  76. package/dist/managers/PluginManager.js +299 -0
  77. package/dist/plugins/base.js +50 -0
  78. package/dist/plugins/index.js +32 -0
  79. package/dist/plugins/nostr/index.js +20 -0
  80. package/dist/plugins/nostr/nostrConnector.js +419 -0
  81. package/dist/plugins/nostr/nostrConnectorPlugin.js +453 -0
  82. package/dist/plugins/nostr/nostrSigner.js +319 -0
  83. package/dist/plugins/nostr/types.js +2 -0
  84. package/dist/plugins/smartwallet/index.js +18 -0
  85. package/dist/plugins/smartwallet/smartWalletPlugin.js +511 -0
  86. package/dist/plugins/smartwallet/types.js +2 -0
  87. package/dist/plugins/web3/index.js +20 -0
  88. package/dist/plugins/web3/types.js +2 -0
  89. package/dist/plugins/web3/web3Connector.js +533 -0
  90. package/dist/plugins/web3/web3ConnectorPlugin.js +455 -0
  91. package/dist/plugins/web3/web3Signer.js +314 -0
  92. package/dist/plugins/webauthn/index.js +19 -0
  93. package/dist/plugins/webauthn/types.js +14 -0
  94. package/dist/plugins/webauthn/webauthn.js +496 -0
  95. package/dist/plugins/webauthn/webauthnPlugin.js +489 -0
  96. package/dist/plugins/webauthn/webauthnSigner.js +310 -0
  97. package/dist/plugins/zkproof/index.js +53 -0
  98. package/dist/plugins/zkproof/types.js +2 -0
  99. package/dist/plugins/zkproof/zkCredentials.js +213 -0
  100. package/dist/plugins/zkproof/zkProofConnector.js +198 -0
  101. package/dist/plugins/zkproof/zkProofPlugin.js +272 -0
  102. package/dist/storage/storage.js +145 -0
  103. package/dist/types/config/simplified-config.d.ts +114 -0
  104. package/dist/types/core.d.ts +305 -0
  105. package/dist/types/crypto/asymmetric.d.ts +6 -0
  106. package/dist/types/crypto/double-ratchet.d.ts +22 -0
  107. package/dist/types/crypto/file-encryption.d.ts +19 -0
  108. package/dist/types/crypto/hashing.d.ts +9 -0
  109. package/dist/types/crypto/index.d.ts +13 -0
  110. package/dist/types/crypto/mls-codec.d.ts +39 -0
  111. package/dist/types/crypto/mls.d.ts +130 -0
  112. package/dist/types/crypto/pgp.d.ts +95 -0
  113. package/dist/types/crypto/random-generation.d.ts +35 -0
  114. package/dist/types/crypto/sframe.d.ts +102 -0
  115. package/dist/types/crypto/signal-protocol.d.ts +26 -0
  116. package/dist/types/crypto/symmetric.d.ts +9 -0
  117. package/dist/types/crypto/types.d.ts +144 -0
  118. package/dist/types/crypto/utils.d.ts +22 -0
  119. package/dist/types/examples/auth-test.d.ts +8 -0
  120. package/dist/types/examples/crypto-identity-example.d.ts +5 -0
  121. package/dist/types/examples/crypto-working-test.d.ts +1 -0
  122. package/dist/types/examples/double-ratchet-test.d.ts +1 -0
  123. package/dist/types/examples/mls-advanced-example.d.ts +53 -0
  124. package/dist/types/examples/mls-sframe-test.d.ts +1 -0
  125. package/dist/types/examples/pgp-example.d.ts +75 -0
  126. package/dist/types/examples/quick-auth-test.d.ts +8 -0
  127. package/dist/types/examples/random-generation-test.d.ts +1 -0
  128. package/dist/types/examples/signal-protocol-test.d.ts +1 -0
  129. package/dist/types/examples/simple-api-test.d.ts +10 -0
  130. package/dist/types/examples/simple-crypto-identity-example.d.ts +6 -0
  131. package/dist/types/examples/timeout-test.d.ts +8 -0
  132. package/dist/types/examples/zkproof-credentials-example.d.ts +12 -0
  133. package/dist/types/examples/zkproof-example.d.ts +11 -0
  134. package/dist/types/gundb/api.d.ts +185 -0
  135. package/dist/types/gundb/crypto.d.ts +95 -0
  136. package/dist/types/gundb/db.d.ts +397 -0
  137. package/dist/types/gundb/derive.d.ts +21 -0
  138. package/dist/types/gundb/errors.d.ts +42 -0
  139. package/dist/types/gundb/index.d.ts +3 -0
  140. package/dist/types/gundb/rxjs.d.ts +110 -0
  141. package/dist/types/gundb/types.d.ts +255 -0
  142. package/dist/types/index.d.ts +16 -0
  143. package/dist/types/interfaces/common.d.ts +85 -0
  144. package/dist/types/interfaces/events.d.ts +131 -0
  145. package/dist/types/interfaces/plugin.d.ts +162 -0
  146. package/dist/types/interfaces/shogun.d.ts +208 -0
  147. package/dist/types/managers/AuthManager.d.ts +72 -0
  148. package/dist/types/managers/CoreInitializer.d.ts +40 -0
  149. package/dist/types/managers/CryptoIdentityManager.d.ts +102 -0
  150. package/dist/types/managers/EventManager.d.ts +49 -0
  151. package/dist/types/managers/PluginManager.d.ts +145 -0
  152. package/dist/types/plugins/base.d.ts +35 -0
  153. package/dist/types/plugins/index.d.ts +18 -0
  154. package/dist/types/plugins/nostr/index.d.ts +4 -0
  155. package/dist/types/plugins/nostr/nostrConnector.d.ts +119 -0
  156. package/dist/types/plugins/nostr/nostrConnectorPlugin.d.ts +163 -0
  157. package/dist/types/plugins/nostr/nostrSigner.d.ts +105 -0
  158. package/dist/types/plugins/nostr/types.d.ts +122 -0
  159. package/dist/types/plugins/smartwallet/index.d.ts +2 -0
  160. package/dist/types/plugins/smartwallet/smartWalletPlugin.d.ts +67 -0
  161. package/dist/types/plugins/smartwallet/types.d.ts +80 -0
  162. package/dist/types/plugins/web3/index.d.ts +4 -0
  163. package/dist/types/plugins/web3/types.d.ts +107 -0
  164. package/dist/types/plugins/web3/web3Connector.d.ts +129 -0
  165. package/dist/types/plugins/web3/web3ConnectorPlugin.d.ts +160 -0
  166. package/dist/types/plugins/web3/web3Signer.d.ts +114 -0
  167. package/dist/types/plugins/webauthn/index.d.ts +3 -0
  168. package/dist/types/plugins/webauthn/types.d.ts +183 -0
  169. package/dist/types/plugins/webauthn/webauthn.d.ts +129 -0
  170. package/dist/types/plugins/webauthn/webauthnPlugin.d.ts +179 -0
  171. package/dist/types/plugins/webauthn/webauthnSigner.d.ts +91 -0
  172. package/dist/types/plugins/zkproof/index.d.ts +48 -0
  173. package/dist/types/plugins/zkproof/types.d.ts +123 -0
  174. package/dist/types/plugins/zkproof/zkCredentials.d.ts +112 -0
  175. package/dist/types/plugins/zkproof/zkProofConnector.d.ts +46 -0
  176. package/dist/types/plugins/zkproof/zkProofPlugin.d.ts +76 -0
  177. package/dist/types/storage/storage.d.ts +51 -0
  178. package/dist/types/utils/errorHandler.d.ts +119 -0
  179. package/dist/types/utils/eventEmitter.d.ts +39 -0
  180. package/dist/types/utils/seedPhrase.d.ts +50 -0
  181. package/dist/types/utils/validation.d.ts +27 -0
  182. package/dist/utils/errorHandler.js +246 -0
  183. package/dist/utils/eventEmitter.js +79 -0
  184. package/dist/utils/seedPhrase.js +97 -0
  185. package/dist/utils/validation.js +81 -0
  186. package/package.json +10 -57
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js","mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACkE;AAClE;AACiI;AACjI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,YAAY;AACvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,OAAO;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,cAAK;AACnB;AACA;AACA;AACA,qCAAqC,eAAM,YAAY,eAAM;AAC7D,qCAAqC,eAAM,YAAY,eAAM;AAC7D;AACO;AACP;AACA;AACA,kCAAkC,YAAY;AAC9C;AACA,wBAAwB,QAAQ;AAChC;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,QAAQ;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC,4BAA4B,QAAQ;AACpC;AACA,4BAA4B,QAAQ;AACpC;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAK;AACT;AACA;AACO,qBAAqB,UAAI;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,iBAAO;AACf;AACA;AACA;AACA;AACA;AACA,uBAAuB,aAAG;AAC1B;AACA;AACA;AACA;AACA;AACA,QAAQ,oBAAU;AAClB;AACA,QAAQ,oBAAU;AAClB;AACA;AACA;AACA;AACA,QAAQ,iBAAO;AACf,eAAe,iBAAO;AACtB,QAAQ,gBAAM;AACd,gBAAgB,kBAAkB;AAClC;AACA,0BAA0B,UAAU;AACpC;AACA,4BAA4B,UAAU;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,+BAA+B;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,iBAAO;AACf,QAAQ,gBAAM;AACd;AACA;AACA,gBAAgB,WAAW;AAC3B,4CAA4C,UAAU;AACtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,iBAAO;AACf;AACA;AACA;AACA,QAAQ,iBAAO;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,eAAK;AACb;AACA;AACA,gBAAgB,iDAAiD;AACjE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6CAA6C,sBAAY;AACzD;AACO;AACP;AACO;AACP;AACO;AACP;AACO;AACP;AACO;AACP;AACO;AACP;AACO;AACP;AACO;AACP,kDAAkD,qBAAW,WAAW;AACxE;AACO;AACP;AACO;AACP,gC;;;;;;;;;;;;;;ACzOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACiD;AAC6C;AAC9C;AACoC;AACS;AACP;AAChC;AAC8B;AACpF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mCAAmC;AACnC;AACA;AACA;AACA,CAAC;AACD,qCAAqC,sBAAe,OAAO,QAAQ,UAAU,YAAY;AACzF,oCAAoC,sBAAe,OAAO,QAAQ,UAAU,WAAW;AACvF;AACA,MAAM,QAAG,cAAc,QAAG;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,gBAAI;AACpB,gBAAgB,gBAAI;AACpB,iBAAiB,gBAAI,KAAK,QAAG;AAC7B,iBAAiB,gBAAI;AACrB,iBAAiB,gBAAI;AACrB,iBAAiB,gBAAI;AACrB,kBAAkB,gBAAI;AACtB,kBAAkB,gBAAI;AACtB,kBAAkB,gBAAI,OAAO,QAAG;AAChC,kBAAkB,gBAAI,OAAO,QAAG;AAChC,YAAY,gBAAI;AAChB;AACA;AACA;AACA,qBAAqB;AACrB;AACA,sBAAsB;AACtB;AACA,mBAAmB;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,eAAG,gBAAgB;AACnC,gBAAgB,eAAG,cAAc;AACjC,iBAAiB,eAAG,oBAAoB;AACxC;AACA,cAAc,eAAG;AACjB;AACA,eAAe,eAAG,YAAY;AAC9B;AACA;AACA,aAAa,SAAS,eAAG;AACzB;AACA;AACA;AACA;AACA;AACA,kCAAkC,iBAAK,kBAAkB,uBAAuB;AAChF,kCAAkC,iBAAK,kBAAkB,uBAAuB;AAChF;AACA,qCAAqC,iBAAK,kBAAkB,uBAAuB;AACnF,qCAAqC,iBAAK,kBAAkB,uBAAuB;AACnF;AACA;AACA;AACA;AACA,WAAW,qBAAW,CAAC,0BAAY;AACnC;AACA,8BAA8B;AAC9B,8CAA8C,iBAAiB;AAC/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AACD;AACA;AACA;AACA,YAAY,QAAQ;AACpB,WAAW,uBAAuB;AAClC;AACA;AACA;AACA;AACO,cAAc,0BAAc;AACnC;AACA;AACO,uCAAuC,0BAAc;AAC5D;AACA;AACA,CAAC;AACD;AACA;AACA;AACA;AACA;AACO,aAAa,mBAAO;AAC3B;AACA;AACA;AACA;AACA;AACO;AACP;AACA,WAAW,yBAAU;AACrB;AACA;AACA;AACA;AACA,4BAA4B,gBAAI,cAAc,QAAG;AACjD,mBAAmB,eAAG,kBAAkB;AACxC,SAAS;AACT;AACA,KAAK;AACL,CAAC;AACD;AACA,8EAA8E;AAC9E;AACA;AACA,yBAAyB;AACzB,kCAAkC;AAClC,qCAAqC;AACrC,kCAAkC;AAClC,8BAA8B;AAC9B,0BAA0B;AAC1B,+BAA+B;AAC/B,2CAA2C;AAC3C,4BAA4B;AAC5B,4BAA4B;AAC5B,4BAA4B;AAC5B,2BAA2B;AAC3B,4BAA4B;AAC5B,4BAA4B;AAC5B,mCAAmC;AACnC,0BAA0B;AAC1B,wCAAwC;AACxC,4BAA4B;AAC5B,mCAAmC;AACnC,sBAAsB;AACtB,4BAA4B;AAC5B,+BAA+B;AAC/B,oCAAoC;AACpC,iCAAiC;AACjC,0BAA0B;AAC1B,0CAA0C;AAC1C,aAAa,6BAA6B;AAC1C;AACA;AACA,UAAU,iBAAiB,uCAAuC;AAClE,0BAA0B;AAC1B,0BAA0B;AAC1B,2BAA2B;AAC3B,0BAA0B;AAC1B,0BAA0B;AAC1B,gCAAgC;AAChC,gCAAgC;AAChC,4BAA4B;AAC5B,2BAA2B;AAC3B,2BAA2B;AAC3B,4BAA4B;AAC5B,4BAA4B;AAC5B,4BAA4B;AAC5B,gCAAgC;AAChC,gCAAgC;AAChC,4BAA4B;AAC5B,gCAAgC;AAChC,2BAA2B;AAC3B,+BAA+B;AAC/B,gCAAgC;AAChC,4BAA4B;AAC5B,4BAA4B;AAC5B,4BAA4B;AAC5B,4BAA4B;AAC5B,2BAA2B;AAC3B,4BAA4B;AAC5B,mCAAmC;AACnC,gCAAgC;AAChC,4BAA4B;AAC5B,4BAA4B;AAC5B,4BAA4B;AAC5B,kCAAkC;AAClC,oCAAoC;AACpC,mCAAmC;AACnC,mCAAmC;AACnC,mCAAmC;AACnC,gBAAgB,yBAAa,wBAAwB;AACrD,aAAa,kDAAkD;AAC/D;AACA;AACO,4CAA4C,8BAAY;AAC/D;AACA;AACA;AACA;AACA;AACA;AACA,UAAU,QAAQ;AAClB,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uCAAuC,QAAG;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,IAAI;AAChB;AACA;AACA,+BAA+B;AAC/B,4BAA4B,QAAG,IAAI;AACnC,yBAAyB,QAAG,eAAe;AAC3C,YAAY,gCAAgC,oCAAoC,QAAG,UAAU;AAC7F,qBAAqB;AACrB;AACA;AACA,cAAc,QAAG,EAAE;AACnB;AACA,mBAAmB,QAAG;AACtB,iCAAiC,QAAG,IAAI;AACxC;AACA,QAAQ,wBAAY;AACpB;AACA;AACA,2BAA2B,QAAG,GAAG;AACjC,wBAAwB,QAAG,GAAG;AAC9B,wBAAwB,QAAG,GAAG;AAC9B,sCAAsC,QAAG,4BAA4B;AACrE;AACA;AACA;AACA,IAAI,gBAAM;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B,yBAAiB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC,kBAAkB,8BAA8B;AAClF;AACA,4BAA4B,yBAAW;AACvC;AACA;AACA,QAAQ,gBAAM;AACd,gBAAgB,IAAI;AACpB;AACA;AACA;AACA;AACA;AACA,aAAa,wBAAU,6BAA6B,wBAAY;AAChE;AACA,+BAA+B;AAC/B,uBAAuB,QAAG,QAAQ;AAClC;AACA,6CAA6C;AAC7C,gBAAgB,0BAA0B,8BAA8B;AACxE,6DAA6D;AAC7D,YAAY,wBAAY;AACxB;AACA,4DAA4D;AAC5D,uBAAuB,QAAG,wBAAwB;AAClD,8BAA8B;AAC9B;AACA;AACA,qDAAqD,QAAG;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,yBAAW;AAChD;AACA,kCAAkC,YAAY,uCAAuC;AACrF;AACA,eAAe,mBAAS;AACxB;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,UAAU;AAC1B;AACA;AACA,iDAAiD;AACjD;AACA,gBAAgB,iBAAiB,0CAA0C;AAC3E,sDAAsD;AACtD,YAAY,wBAAY;AACxB;AACA,yDAAyD;AACzD,qDAAqD;AACrD,YAAY,wBAAY;AACxB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,eAAe;AAC/B,gBAAgB,eAAe;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wEAAwE,QAAG;AAC3E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,mBAAmB;AAC1B;AACO;AACP;AACA;AACA,4BAA4B,oCAAkB,qBAAqB,QAAQ;AAC3E,KAAK;AACL;AACA;AACA;AACA,kCAAkC,KAAK,yBAAW,EAAE;AACpD;AACA,oBAAoB,oCAAkB,4BAA4B,QAAQ;AAC1E,4BAA4B,6BAAe;AAC3C,KAAK;AACL;AACA;AACA;AACA;AACA,gDAAgD,WAAW;AAC3D;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP,8BAA8B,eAAe,8BAA8B;AACpE;AACP,8BAA8B,eAAe,8BAA8B;AACpE;AACP,8BAA8B,kBAAkB,8BAA8B;AACvE;AACP,8BAA8B,kBAAkB,8BAA8B;AACvE;AACP;AACO;AACP,oCAAoC,yBAAW;AAC/C;AACA;AACO;AACP,iC","sources":["webpack://ShogunCore/./node_modules/@noble/hashes/esm/sha3.js","webpack://ShogunCore/./node_modules/@noble/curves/esm/ed448.js"],"sourcesContent":["/**\n * SHA3 (keccak) hash function, based on a new \"Sponge function\" design.\n * Different from older hashes, the internal state is bigger than output size.\n *\n * Check out [FIPS-202](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf),\n * [Website](https://keccak.team/keccak.html),\n * [the differences between SHA-3 and Keccak](https://crypto.stackexchange.com/questions/15727/what-are-the-key-differences-between-the-draft-sha-3-standard-and-the-keccak-sub).\n *\n * Check out `sha3-addons` module for cSHAKE, k12, and others.\n * @module\n */\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from \"./_u64.js\";\n// prettier-ignore\nimport { abytes, aexists, anumber, aoutput, clean, createHasher, createXOFer, Hash, swap32IfBE, toBytes, u32 } from \"./utils.js\";\n// No __PURE__ annotations in sha3 header:\n// EVERYTHING is in fact used on every export.\n// Various per round constants calculations\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst _7n = BigInt(7);\nconst _256n = BigInt(256);\nconst _0x71n = BigInt(0x71);\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = [];\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst IOTAS = split(_SHA3_IOTA, true);\nconst SHA3_IOTA_H = IOTAS[0];\nconst SHA3_IOTA_L = IOTAS[1];\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n/** `keccakf1600` internal function, additionally allows to adjust round count. */\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++)\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++)\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n clean(B);\n}\n/** Keccak sponge function. */\nexport class Keccak extends Hash {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n super();\n this.pos = 0;\n this.posOut = 0;\n this.finished = false;\n this.destroyed = false;\n this.enableXOF = false;\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n // Can be passed from user as dkLen\n anumber(outputLen);\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n // 0 < blockLen < 200\n if (!(0 < blockLen && blockLen < 200))\n throw new Error('only keccak-f1600 function is supported');\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n clone() {\n return this._cloneInto();\n }\n keccak() {\n swap32IfBE(this.state32);\n keccakP(this.state32, this.rounds);\n swap32IfBE(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n aexists(this);\n data = toBytes(data);\n abytes(data);\n const { blockLen, state } = this;\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n aexists(this, false);\n abytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF)\n throw new Error('XOF is not possible for this instance');\n return this.writeInto(out);\n }\n xof(bytes) {\n anumber(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n aoutput(out, this);\n if (this.finished)\n throw new Error('digest() was already called');\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n clean(this.state);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst gen = (suffix, blockLen, outputLen) => createHasher(() => new Keccak(blockLen, suffix, outputLen));\n/** SHA3-224 hash function. */\nexport const sha3_224 = /* @__PURE__ */ (() => gen(0x06, 144, 224 / 8))();\n/** SHA3-256 hash function. Different from keccak-256. */\nexport const sha3_256 = /* @__PURE__ */ (() => gen(0x06, 136, 256 / 8))();\n/** SHA3-384 hash function. */\nexport const sha3_384 = /* @__PURE__ */ (() => gen(0x06, 104, 384 / 8))();\n/** SHA3-512 hash function. */\nexport const sha3_512 = /* @__PURE__ */ (() => gen(0x06, 72, 512 / 8))();\n/** keccak-224 hash function. */\nexport const keccak_224 = /* @__PURE__ */ (() => gen(0x01, 144, 224 / 8))();\n/** keccak-256 hash function. Different from SHA3-256. */\nexport const keccak_256 = /* @__PURE__ */ (() => gen(0x01, 136, 256 / 8))();\n/** keccak-384 hash function. */\nexport const keccak_384 = /* @__PURE__ */ (() => gen(0x01, 104, 384 / 8))();\n/** keccak-512 hash function. */\nexport const keccak_512 = /* @__PURE__ */ (() => gen(0x01, 72, 512 / 8))();\nconst genShake = (suffix, blockLen, outputLen) => createXOFer((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));\n/** SHAKE128 XOF with 128-bit security. */\nexport const shake128 = /* @__PURE__ */ (() => genShake(0x1f, 168, 128 / 8))();\n/** SHAKE256 XOF with 256-bit security. */\nexport const shake256 = /* @__PURE__ */ (() => genShake(0x1f, 136, 256 / 8))();\n//# sourceMappingURL=sha3.js.map","/**\n * Edwards448 (not Ed448-Goldilocks) curve with following addons:\n * - X448 ECDH\n * - Decaf cofactor elimination\n * - Elligator hash-to-group / point indistinguishability\n * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2\n * @module\n */\n/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */\nimport { shake256 } from '@noble/hashes/sha3.js';\nimport { abytes, concatBytes, createHasher as wrapConstructor } from '@noble/hashes/utils.js';\nimport { pippenger } from \"./abstract/curve.js\";\nimport { edwards, PrimeEdwardsPoint, twistedEdwards, } from \"./abstract/edwards.js\";\nimport { _DST_scalar, createHasher, expand_message_xof, } from \"./abstract/hash-to-curve.js\";\nimport { Field, FpInvertBatch, isNegativeLE, mod, pow2 } from \"./abstract/modular.js\";\nimport { montgomery } from \"./abstract/montgomery.js\";\nimport { asciiToBytes, bytesToNumberLE, ensureBytes, equalBytes } from \"./utils.js\";\n// edwards448 curve\n// a = 1n\n// d = Fp.neg(39081n)\n// Finite field 2n**448n - 2n**224n - 1n\n// Subgroup order\n// 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n\nconst ed448_CURVE = {\n p: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff'),\n n: BigInt('0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3'),\n h: BigInt(4),\n a: BigInt(1),\n d: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff6756'),\n Gx: BigInt('0x4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e'),\n Gy: BigInt('0x693f46716eb6bc248876203756c9c7624bea73736ca3984087789c1e05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14'),\n};\n// E448 NIST curve is identical to edwards448, except for:\n// d = 39082/39081\n// Gx = 3/2\nconst E448_CURVE = Object.assign({}, ed448_CURVE, {\n d: BigInt('0xd78b4bdc7f0daf19f24f38c29373a2ccad46157242a50f37809b1da3412a12e79ccc9c81264cfe9ad080997058fb61c4243cc32dbaa156b9'),\n Gx: BigInt('0x79a70b2b70400553ae7c9df416c792c61128751ac92969240c25a07d728bdc93e21f7787ed6972249de732f38496cd11698713093e9c04fc'),\n Gy: BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000000000000000000000000000000000000000000000000001'),\n});\nconst shake256_114 = /* @__PURE__ */ wrapConstructor(() => shake256.create({ dkLen: 114 }));\nconst shake256_64 = /* @__PURE__ */ wrapConstructor(() => shake256.create({ dkLen: 64 }));\n// prettier-ignore\nconst _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);\n// prettier-ignore\nconst _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);\n// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.\n// Used for efficient square root calculation.\n// ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]\nfunction ed448_pow_Pminus3div4(x) {\n const P = ed448_CURVE.p;\n const b2 = (x * x * x) % P;\n const b3 = (b2 * b2 * x) % P;\n const b6 = (pow2(b3, _3n, P) * b3) % P;\n const b9 = (pow2(b6, _3n, P) * b3) % P;\n const b11 = (pow2(b9, _2n, P) * b2) % P;\n const b22 = (pow2(b11, _11n, P) * b11) % P;\n const b44 = (pow2(b22, _22n, P) * b22) % P;\n const b88 = (pow2(b44, _44n, P) * b44) % P;\n const b176 = (pow2(b88, _88n, P) * b88) % P;\n const b220 = (pow2(b176, _44n, P) * b44) % P;\n const b222 = (pow2(b220, _2n, P) * b2) % P;\n const b223 = (pow2(b222, _1n, P) * x) % P;\n return (pow2(b223, _223n, P) * b222) % P;\n}\nfunction adjustScalarBytes(bytes) {\n // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0,\n bytes[0] &= 252; // 0b11111100\n // and the most significant bit of the last byte to 1.\n bytes[55] |= 128; // 0b10000000\n // NOTE: is NOOP for 56 bytes scalars (X25519/X448)\n bytes[56] = 0; // Byte outside of group (456 buts vs 448 bits)\n return bytes;\n}\n// Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.\n// Uses algo from RFC8032 5.1.3.\nfunction uvRatio(u, v) {\n const P = ed448_CURVE.p;\n // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3\n // To compute the square root of (u/v), the first step is to compute the\n // candidate root x = (u/v)^((p+1)/4). This can be done using the\n // following trick, to use a single modular powering for both the\n // inversion of v and the square root:\n // x = (u/v)^((p+1)/4) = u³v(u⁵v³)^((p-3)/4) (mod p)\n const u2v = mod(u * u * v, P); // u²v\n const u3v = mod(u2v * u, P); // u³v\n const u5v3 = mod(u3v * u2v * v, P); // u⁵v³\n const root = ed448_pow_Pminus3div4(u5v3);\n const x = mod(u3v * root, P);\n // Verify that root is exists\n const x2 = mod(x * x, P); // x²\n // If vx² = u, the recovered x-coordinate is x. Otherwise, no\n // square root exists, and the decoding fails.\n return { isValid: mod(x2 * v, P) === u, value: x };\n}\n// Finite field 2n**448n - 2n**224n - 1n\n// The value fits in 448 bits, but we use 456-bit (57-byte) elements because of bitflags.\n// - ed25519 fits in 255 bits, allowing using last 1 byte for specifying bit flag of point negation.\n// - ed448 fits in 448 bits. We can't use last 1 byte: we can only use a bit 224 in the middle.\nconst Fp = /* @__PURE__ */ (() => Field(ed448_CURVE.p, { BITS: 456, isLE: true }))();\nconst Fn = /* @__PURE__ */ (() => Field(ed448_CURVE.n, { BITS: 456, isLE: true }))();\n// decaf448 uses 448-bit (56-byte) keys\nconst Fp448 = /* @__PURE__ */ (() => Field(ed448_CURVE.p, { BITS: 448, isLE: true }))();\nconst Fn448 = /* @__PURE__ */ (() => Field(ed448_CURVE.n, { BITS: 448, isLE: true }))();\n// SHAKE256(dom4(phflag,context)||x, 114)\nfunction dom4(data, ctx, phflag) {\n if (ctx.length > 255)\n throw new Error('context must be smaller than 255, got: ' + ctx.length);\n return concatBytes(asciiToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);\n}\n// const ed448_eddsa_opts = { adjustScalarBytes, domain: dom4 };\n// const ed448_Point = edwards(ed448_CURVE, { Fp, Fn, uvRatio });\nconst ED448_DEF = /* @__PURE__ */ (() => ({\n ...ed448_CURVE,\n Fp,\n Fn,\n nBitLength: Fn.BITS,\n hash: shake256_114,\n adjustScalarBytes,\n domain: dom4,\n uvRatio,\n}))();\n/**\n * ed448 EdDSA curve and methods.\n * @example\n * import { ed448 } from '@noble/curves/ed448';\n * const { secretKey, publicKey } = ed448.keygen();\n * const msg = new TextEncoder().encode('hello');\n * const sig = ed448.sign(msg, secretKey);\n * const isValid = ed448.verify(sig, msg, publicKey);\n */\nexport const ed448 = twistedEdwards(ED448_DEF);\n// There is no ed448ctx, since ed448 supports ctx by default\n/** Prehashed version of ed448. Accepts already-hashed messages in sign() and verify(). */\nexport const ed448ph = /* @__PURE__ */ (() => twistedEdwards({\n ...ED448_DEF,\n prehash: shake256_64,\n}))();\n/**\n * E448 curve, defined by NIST.\n * E448 != edwards448 used in ed448.\n * E448 is birationally equivalent to edwards448.\n */\nexport const E448 = edwards(E448_CURVE);\n/**\n * ECDH using curve448 aka x448.\n * x448 has 56-byte keys as per RFC 7748, while\n * ed448 has 57-byte keys as per RFC 8032.\n */\nexport const x448 = /* @__PURE__ */ (() => {\n const P = ed448_CURVE.p;\n return montgomery({\n P,\n type: 'x448',\n powPminus2: (x) => {\n const Pminus3div4 = ed448_pow_Pminus3div4(x);\n const Pminus3 = pow2(Pminus3div4, _2n, P);\n return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2\n },\n adjustScalarBytes,\n });\n})();\n// Hash To Curve Elligator2 Map\nconst ELL2_C1 = /* @__PURE__ */ (() => (Fp.ORDER - BigInt(3)) / BigInt(4))(); // 1. c1 = (q - 3) / 4 # Integer arithmetic\nconst ELL2_J = /* @__PURE__ */ BigInt(156326);\nfunction map_to_curve_elligator2_curve448(u) {\n let tv1 = Fp.sqr(u); // 1. tv1 = u^2\n let e1 = Fp.eql(tv1, Fp.ONE); // 2. e1 = tv1 == 1\n tv1 = Fp.cmov(tv1, Fp.ZERO, e1); // 3. tv1 = CMOV(tv1, 0, e1) # If Z * u^2 == -1, set tv1 = 0\n let xd = Fp.sub(Fp.ONE, tv1); // 4. xd = 1 - tv1\n let x1n = Fp.neg(ELL2_J); // 5. x1n = -J\n let tv2 = Fp.sqr(xd); // 6. tv2 = xd^2\n let gxd = Fp.mul(tv2, xd); // 7. gxd = tv2 * xd # gxd = xd^3\n let gx1 = Fp.mul(tv1, Fp.neg(ELL2_J)); // 8. gx1 = -J * tv1 # x1n + J * xd\n gx1 = Fp.mul(gx1, x1n); // 9. gx1 = gx1 * x1n # x1n^2 + J * x1n * xd\n gx1 = Fp.add(gx1, tv2); // 10. gx1 = gx1 + tv2 # x1n^2 + J * x1n * xd + xd^2\n gx1 = Fp.mul(gx1, x1n); // 11. gx1 = gx1 * x1n # x1n^3 + J * x1n^2 * xd + x1n * xd^2\n let tv3 = Fp.sqr(gxd); // 12. tv3 = gxd^2\n tv2 = Fp.mul(gx1, gxd); // 13. tv2 = gx1 * gxd # gx1 * gxd\n tv3 = Fp.mul(tv3, tv2); // 14. tv3 = tv3 * tv2 # gx1 * gxd^3\n let y1 = Fp.pow(tv3, ELL2_C1); // 15. y1 = tv3^c1 # (gx1 * gxd^3)^((p - 3) / 4)\n y1 = Fp.mul(y1, tv2); // 16. y1 = y1 * tv2 # gx1 * gxd * (gx1 * gxd^3)^((p - 3) / 4)\n let x2n = Fp.mul(x1n, Fp.neg(tv1)); // 17. x2n = -tv1 * x1n # x2 = x2n / xd = -1 * u^2 * x1n / xd\n let y2 = Fp.mul(y1, u); // 18. y2 = y1 * u\n y2 = Fp.cmov(y2, Fp.ZERO, e1); // 19. y2 = CMOV(y2, 0, e1)\n tv2 = Fp.sqr(y1); // 20. tv2 = y1^2\n tv2 = Fp.mul(tv2, gxd); // 21. tv2 = tv2 * gxd\n let e2 = Fp.eql(tv2, gx1); // 22. e2 = tv2 == gx1\n let xn = Fp.cmov(x2n, x1n, e2); // 23. xn = CMOV(x2n, x1n, e2) # If e2, x = x1, else x = x2\n let y = Fp.cmov(y2, y1, e2); // 24. y = CMOV(y2, y1, e2) # If e2, y = y1, else y = y2\n let e3 = Fp.isOdd(y); // 25. e3 = sgn0(y) == 1 # Fix sign of y\n y = Fp.cmov(y, Fp.neg(y), e2 !== e3); // 26. y = CMOV(y, -y, e2 XOR e3)\n return { xn, xd, yn: y, yd: Fp.ONE }; // 27. return (xn, xd, y, 1)\n}\nfunction map_to_curve_elligator2_edwards448(u) {\n let { xn, xd, yn, yd } = map_to_curve_elligator2_curve448(u); // 1. (xn, xd, yn, yd) = map_to_curve_elligator2_curve448(u)\n let xn2 = Fp.sqr(xn); // 2. xn2 = xn^2\n let xd2 = Fp.sqr(xd); // 3. xd2 = xd^2\n let xd4 = Fp.sqr(xd2); // 4. xd4 = xd2^2\n let yn2 = Fp.sqr(yn); // 5. yn2 = yn^2\n let yd2 = Fp.sqr(yd); // 6. yd2 = yd^2\n let xEn = Fp.sub(xn2, xd2); // 7. xEn = xn2 - xd2\n let tv2 = Fp.sub(xEn, xd2); // 8. tv2 = xEn - xd2\n xEn = Fp.mul(xEn, xd2); // 9. xEn = xEn * xd2\n xEn = Fp.mul(xEn, yd); // 10. xEn = xEn * yd\n xEn = Fp.mul(xEn, yn); // 11. xEn = xEn * yn\n xEn = Fp.mul(xEn, _4n); // 12. xEn = xEn * 4\n tv2 = Fp.mul(tv2, xn2); // 13. tv2 = tv2 * xn2\n tv2 = Fp.mul(tv2, yd2); // 14. tv2 = tv2 * yd2\n let tv3 = Fp.mul(yn2, _4n); // 15. tv3 = 4 * yn2\n let tv1 = Fp.add(tv3, yd2); // 16. tv1 = tv3 + yd2\n tv1 = Fp.mul(tv1, xd4); // 17. tv1 = tv1 * xd4\n let xEd = Fp.add(tv1, tv2); // 18. xEd = tv1 + tv2\n tv2 = Fp.mul(tv2, xn); // 19. tv2 = tv2 * xn\n let tv4 = Fp.mul(xn, xd4); // 20. tv4 = xn * xd4\n let yEn = Fp.sub(tv3, yd2); // 21. yEn = tv3 - yd2\n yEn = Fp.mul(yEn, tv4); // 22. yEn = yEn * tv4\n yEn = Fp.sub(yEn, tv2); // 23. yEn = yEn - tv2\n tv1 = Fp.add(xn2, xd2); // 24. tv1 = xn2 + xd2\n tv1 = Fp.mul(tv1, xd2); // 25. tv1 = tv1 * xd2\n tv1 = Fp.mul(tv1, xd); // 26. tv1 = tv1 * xd\n tv1 = Fp.mul(tv1, yn2); // 27. tv1 = tv1 * yn2\n tv1 = Fp.mul(tv1, BigInt(-2)); // 28. tv1 = -2 * tv1\n let yEd = Fp.add(tv2, tv1); // 29. yEd = tv2 + tv1\n tv4 = Fp.mul(tv4, yd2); // 30. tv4 = tv4 * yd2\n yEd = Fp.add(yEd, tv4); // 31. yEd = yEd + tv4\n tv1 = Fp.mul(xEd, yEd); // 32. tv1 = xEd * yEd\n let e = Fp.eql(tv1, Fp.ZERO); // 33. e = tv1 == 0\n xEn = Fp.cmov(xEn, Fp.ZERO, e); // 34. xEn = CMOV(xEn, 0, e)\n xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)\n yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)\n yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)\n const inv = FpInvertBatch(Fp, [xEd, yEd], true); // batch division\n return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)\n}\n/** Hashing / encoding to ed448 points / field. RFC 9380 methods. */\nexport const ed448_hasher = /* @__PURE__ */ (() => createHasher(ed448.Point, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {\n DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',\n encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',\n p: Fp.ORDER,\n m: 1,\n k: 224,\n expand: 'xof',\n hash: shake256,\n}))();\n// 1-d\nconst ONE_MINUS_D = /* @__PURE__ */ BigInt('39082');\n// 1-2d\nconst ONE_MINUS_TWO_D = /* @__PURE__ */ BigInt('78163');\n// √(-d)\nconst SQRT_MINUS_D = /* @__PURE__ */ BigInt('98944233647732219769177004876929019128417576295529901074099889598043702116001257856802131563896515373927712232092845883226922417596214');\n// 1 / √(-d)\nconst INVSQRT_MINUS_D = /* @__PURE__ */ BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');\n// Calculates 1/√(number)\nconst invertSqrt = (number) => uvRatio(_1n, number);\n/**\n * Elligator map for hash-to-curve of decaf448.\n * Described in [RFC9380](https://www.rfc-editor.org/rfc/rfc9380#appendix-C)\n * and [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-element-derivation-2).\n */\nfunction calcElligatorDecafMap(r0) {\n const { d } = ed448_CURVE;\n const P = Fp.ORDER;\n const mod = (n) => Fp.create(n);\n const r = mod(-(r0 * r0)); // 1\n const u0 = mod(d * (r - _1n)); // 2\n const u1 = mod((u0 + _1n) * (u0 - r)); // 3\n const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4\n let v_prime = v; // 5\n if (!was_square)\n v_prime = mod(r0 * v);\n let sgn = _1n; // 6\n if (!was_square)\n sgn = mod(-_1n);\n const s = mod(v_prime * (r + _1n)); // 7\n let s_abs = s;\n if (isNegativeLE(s, P))\n s_abs = mod(-s);\n const s2 = s * s;\n const W0 = mod(s_abs * _2n); // 8\n const W1 = mod(s2 + _1n); // 9\n const W2 = mod(s2 - _1n); // 10\n const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11\n return new ed448.Point(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));\n}\nfunction decaf448_map(bytes) {\n abytes(bytes, 112);\n const skipValidation = true;\n // Note: Similar to the field element decoding described in\n // [RFC7748], and unlike the field element decoding described in\n // Section 5.3.1, non-canonical values are accepted.\n const r1 = Fp448.create(Fp448.fromBytes(bytes.subarray(0, 56), skipValidation));\n const R1 = calcElligatorDecafMap(r1);\n const r2 = Fp448.create(Fp448.fromBytes(bytes.subarray(56, 112), skipValidation));\n const R2 = calcElligatorDecafMap(r2);\n return new _DecafPoint(R1.add(R2));\n}\n/**\n * Each ed448/EdwardsPoint has 4 different equivalent points. This can be\n * a source of bugs for protocols like ring signatures. Decaf was created to solve this.\n * Decaf point operates in X:Y:Z:T extended coordinates like EdwardsPoint,\n * but it should work in its own namespace: do not combine those two.\n * See [RFC9496](https://www.rfc-editor.org/rfc/rfc9496).\n */\nclass _DecafPoint extends PrimeEdwardsPoint {\n constructor(ep) {\n super(ep);\n }\n static fromAffine(ap) {\n return new _DecafPoint(ed448.Point.fromAffine(ap));\n }\n assertSame(other) {\n if (!(other instanceof _DecafPoint))\n throw new Error('DecafPoint expected');\n }\n init(ep) {\n return new _DecafPoint(ep);\n }\n /** @deprecated use `import { decaf448_hasher } from '@noble/curves/ed448.js';` */\n static hashToCurve(hex) {\n return decaf448_map(ensureBytes('decafHash', hex, 112));\n }\n static fromBytes(bytes) {\n abytes(bytes, 56);\n const { d } = ed448_CURVE;\n const P = Fp.ORDER;\n const mod = (n) => Fp448.create(n);\n const s = Fp448.fromBytes(bytes);\n // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.\n // 2. Check that s is non-negative, or else abort\n if (!equalBytes(Fn448.toBytes(s), bytes) || isNegativeLE(s, P))\n throw new Error('invalid decaf448 encoding 1');\n const s2 = mod(s * s); // 1\n const u1 = mod(_1n + s2); // 2\n const u1sq = mod(u1 * u1);\n const u2 = mod(u1sq - _4n * d * s2); // 3\n const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4\n let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5\n if (isNegativeLE(u3, P))\n u3 = mod(-u3);\n const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6\n const y = mod((_1n - s2) * invsqrt * u1); // 7\n const t = mod(x * y); // 8\n if (!isValid)\n throw new Error('invalid decaf448 encoding 2');\n return new _DecafPoint(new ed448.Point(x, y, _1n, t));\n }\n /**\n * Converts decaf-encoded string to decaf point.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-decode-2).\n * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding\n */\n static fromHex(hex) {\n return _DecafPoint.fromBytes(ensureBytes('decafHex', hex, 56));\n }\n /** @deprecated use `import { pippenger } from '@noble/curves/abstract/curve.js';` */\n static msm(points, scalars) {\n return pippenger(_DecafPoint, Fn, points, scalars);\n }\n /**\n * Encodes decaf point to Uint8Array.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-encode-2).\n */\n toBytes() {\n const { X, Z, T } = this.ep;\n const P = Fp.ORDER;\n const mod = (n) => Fp.create(n);\n const u1 = mod(mod(X + T) * mod(X - T)); // 1\n const x2 = mod(X * X);\n const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2\n let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3\n if (isNegativeLE(ratio, P))\n ratio = mod(-ratio);\n const u2 = mod(INVSQRT_MINUS_D * ratio * Z - T); // 4\n let s = mod(ONE_MINUS_D * invsqrt * X * u2); // 5\n if (isNegativeLE(s, P))\n s = mod(-s);\n return Fn448.toBytes(s);\n }\n /**\n * Compare one point to another.\n * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-equals-2).\n */\n equals(other) {\n this.assertSame(other);\n const { X: X1, Y: Y1 } = this.ep;\n const { X: X2, Y: Y2 } = other.ep;\n // (x1 * y2 == y1 * x2)\n return Fp.create(X1 * Y2) === Fp.create(Y1 * X2);\n }\n is0() {\n return this.equals(_DecafPoint.ZERO);\n }\n}\n// The following gymnastics is done because typescript strips comments otherwise\n// prettier-ignore\n_DecafPoint.BASE = \n/* @__PURE__ */ (() => new _DecafPoint(ed448.Point.BASE).multiplyUnsafe(_2n))();\n// prettier-ignore\n_DecafPoint.ZERO = \n/* @__PURE__ */ (() => new _DecafPoint(ed448.Point.ZERO))();\n// prettier-ignore\n_DecafPoint.Fp = \n/* @__PURE__ */ (() => Fp448)();\n// prettier-ignore\n_DecafPoint.Fn = \n/* @__PURE__ */ (() => Fn448)();\nexport const decaf448 = { Point: _DecafPoint };\n/** Hashing to decaf448 points / field. RFC 9380 methods. */\nexport const decaf448_hasher = {\n hashToCurve(msg, options) {\n const DST = options?.DST || 'decaf448_XOF:SHAKE256_D448MAP_RO_';\n return decaf448_map(expand_message_xof(msg, DST, 112, 224, shake256));\n },\n // Warning: has big modulo bias of 2^-64.\n // RFC is invalid. RFC says \"use 64-byte xof\", while for 2^-112 bias\n // it must use 84-byte xof (56+56/2), not 64.\n hashToScalar(msg, options = { DST: _DST_scalar }) {\n // Can't use `Fn448.fromBytes()`. 64-byte input => 56-byte field element\n const xof = expand_message_xof(msg, options.DST, 64, 256, shake256);\n return Fn448.create(bytesToNumberLE(xof));\n },\n};\n// export const decaf448_oprf: OPRF = createORPF({\n// name: 'decaf448-SHAKE256',\n// Point: DecafPoint,\n// hash: (msg: Uint8Array) => shake256(msg, { dkLen: 64 }),\n// hashToGroup: decaf448_hasher.hashToCurve,\n// hashToScalar: decaf448_hasher.hashToScalar,\n// });\n/**\n * Weird / bogus points, useful for debugging.\n * Unlike ed25519, there is no ed448 generator point which can produce full T subgroup.\n * Instead, there is a Klein four-group, which spans over 2 independent 2-torsion points:\n * (0, 1), (0, -1), (-1, 0), (1, 0).\n */\nexport const ED448_TORSION_SUBGROUP = [\n '010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000',\n 'fefffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffff00',\n '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000',\n '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080',\n];\n/** @deprecated use `decaf448.Point` */\nexport const DecafPoint = _DecafPoint;\n/** @deprecated use `import { ed448_hasher } from '@noble/curves/ed448.js';` */\nexport const hashToCurve = /* @__PURE__ */ (() => ed448_hasher.hashToCurve)();\n/** @deprecated use `import { ed448_hasher } from '@noble/curves/ed448.js';` */\nexport const encodeToCurve = /* @__PURE__ */ (() => ed448_hasher.encodeToCurve)();\n/** @deprecated use `import { decaf448_hasher } from '@noble/curves/ed448.js';` */\nexport const hashToDecaf448 = /* @__PURE__ */ (() => decaf448_hasher.hashToCurve)();\n/** @deprecated use `import { decaf448_hasher } from '@noble/curves/ed448.js';` */\nexport const hash_to_decaf448 = /* @__PURE__ */ (() => decaf448_hasher.hashToCurve)();\n/** @deprecated use `ed448.utils.toMontgomery` */\nexport function edwardsToMontgomeryPub(edwardsPub) {\n return ed448.utils.toMontgomery(ensureBytes('pub', edwardsPub));\n}\n/** @deprecated use `ed448.utils.toMontgomery` */\nexport const edwardsToMontgomery = edwardsToMontgomeryPub;\n//# sourceMappingURL=ed448.js.map"],"names":[],"sourceRoot":""}