window.nostr.js 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/iframe.js +11 -4322
  2. package/dist/iframe.js.map +4 -4
  3. package/dist/index.html +2 -27
  4. package/dist/window.nostr.js +11 -11
  5. package/iframe/iframe.ts +19 -12
  6. package/index.html +1 -26
  7. package/justfile +0 -1
  8. package/package.json +3 -3
  9. package/src/App.svelte +69 -27
  10. package/dist/iframe.html +0 -1
  11. package/iframe/iframe.html +0 -1
  12. package/src/lib.ts +0 -7
package/dist/iframe.js CHANGED
@@ -1,4333 +1,22 @@
1
1
  "use strict";
2
2
  (() => {
3
- var __defProp = Object.defineProperty;
4
- var __export = (target, all) => {
5
- for (var name in all)
6
- __defProp(target, name, { get: all[name], enumerable: true });
7
- };
8
-
9
- // node_modules/@noble/hashes/esm/crypto.js
10
- var crypto = typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
11
-
12
- // node_modules/@noble/hashes/esm/utils.js
13
- var u8a = (a) => a instanceof Uint8Array;
14
- var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
15
- var rotr = (word, shift) => word << 32 - shift | word >>> shift;
16
- var isLE = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
17
- if (!isLE)
18
- throw new Error("Non little-endian hardware is not supported");
19
- var hexes = Array.from({ length: 256 }, (v, i2) => i2.toString(16).padStart(2, "0"));
20
- function bytesToHex(bytes4) {
21
- if (!u8a(bytes4))
22
- throw new Error("Uint8Array expected");
23
- let hex2 = "";
24
- for (let i2 = 0; i2 < bytes4.length; i2++) {
25
- hex2 += hexes[bytes4[i2]];
26
- }
27
- return hex2;
28
- }
29
- function utf8ToBytes(str) {
30
- if (typeof str !== "string")
31
- throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
32
- return new Uint8Array(new TextEncoder().encode(str));
33
- }
34
- function toBytes(data) {
35
- if (typeof data === "string")
36
- data = utf8ToBytes(data);
37
- if (!u8a(data))
38
- throw new Error(`expected Uint8Array, got ${typeof data}`);
39
- return data;
40
- }
41
- var Hash = class {
42
- // Safe version that clones internal state
43
- clone() {
44
- return this._cloneInto();
45
- }
46
- };
47
- function wrapConstructor(hashCons) {
48
- const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
49
- const tmp = hashCons();
50
- hashC.outputLen = tmp.outputLen;
51
- hashC.blockLen = tmp.blockLen;
52
- hashC.create = () => hashCons();
53
- return hashC;
54
- }
55
-
56
- // node_modules/@noble/curves/node_modules/@noble/hashes/esm/_assert.js
57
- function number(n) {
58
- if (!Number.isSafeInteger(n) || n < 0)
59
- throw new Error(`Wrong positive integer: ${n}`);
60
- }
61
- function bytes(b, ...lengths) {
62
- if (!(b instanceof Uint8Array))
63
- throw new Error("Expected Uint8Array");
64
- if (lengths.length > 0 && !lengths.includes(b.length))
65
- throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
66
- }
67
- function hash(hash3) {
68
- if (typeof hash3 !== "function" || typeof hash3.create !== "function")
69
- throw new Error("Hash should be wrapped by utils.wrapConstructor");
70
- number(hash3.outputLen);
71
- number(hash3.blockLen);
72
- }
73
- function exists(instance, checkFinished = true) {
74
- if (instance.destroyed)
75
- throw new Error("Hash instance has been destroyed");
76
- if (checkFinished && instance.finished)
77
- throw new Error("Hash#digest() has already been called");
78
- }
79
- function output(out, instance) {
80
- bytes(out);
81
- const min = instance.outputLen;
82
- if (out.length < min) {
83
- throw new Error(`digestInto() expects output buffer of length at least ${min}`);
84
- }
85
- }
86
-
87
- // node_modules/@noble/curves/node_modules/@noble/hashes/esm/crypto.js
88
- var crypto2 = typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
89
-
90
- // node_modules/@noble/curves/node_modules/@noble/hashes/esm/utils.js
91
- var u8a2 = (a) => a instanceof Uint8Array;
92
- var createView2 = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
93
- var rotr2 = (word, shift) => word << 32 - shift | word >>> shift;
94
- var isLE2 = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
95
- if (!isLE2)
96
- throw new Error("Non little-endian hardware is not supported");
97
- function utf8ToBytes2(str) {
98
- if (typeof str !== "string")
99
- throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
100
- return new Uint8Array(new TextEncoder().encode(str));
101
- }
102
- function toBytes2(data) {
103
- if (typeof data === "string")
104
- data = utf8ToBytes2(data);
105
- if (!u8a2(data))
106
- throw new Error(`expected Uint8Array, got ${typeof data}`);
107
- return data;
108
- }
109
- function concatBytes(...arrays) {
110
- const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
111
- let pad = 0;
112
- arrays.forEach((a) => {
113
- if (!u8a2(a))
114
- throw new Error("Uint8Array expected");
115
- r.set(a, pad);
116
- pad += a.length;
117
- });
118
- return r;
119
- }
120
- var Hash2 = class {
121
- // Safe version that clones internal state
122
- clone() {
123
- return this._cloneInto();
124
- }
125
- };
126
- var toStr = {}.toString;
127
- function wrapConstructor2(hashCons) {
128
- const hashC = (msg) => hashCons().update(toBytes2(msg)).digest();
129
- const tmp = hashCons();
130
- hashC.outputLen = tmp.outputLen;
131
- hashC.blockLen = tmp.blockLen;
132
- hashC.create = () => hashCons();
133
- return hashC;
134
- }
135
- function randomBytes(bytesLength = 32) {
136
- if (crypto2 && typeof crypto2.getRandomValues === "function") {
137
- return crypto2.getRandomValues(new Uint8Array(bytesLength));
138
- }
139
- throw new Error("crypto.getRandomValues must be defined");
140
- }
141
-
142
- // node_modules/@noble/curves/node_modules/@noble/hashes/esm/_sha2.js
143
- function setBigUint64(view, byteOffset, value, isLE4) {
144
- if (typeof view.setBigUint64 === "function")
145
- return view.setBigUint64(byteOffset, value, isLE4);
146
- const _32n = BigInt(32);
147
- const _u32_max = BigInt(4294967295);
148
- const wh = Number(value >> _32n & _u32_max);
149
- const wl = Number(value & _u32_max);
150
- const h = isLE4 ? 4 : 0;
151
- const l = isLE4 ? 0 : 4;
152
- view.setUint32(byteOffset + h, wh, isLE4);
153
- view.setUint32(byteOffset + l, wl, isLE4);
154
- }
155
- var SHA2 = class extends Hash2 {
156
- constructor(blockLen, outputLen, padOffset, isLE4) {
157
- super();
158
- this.blockLen = blockLen;
159
- this.outputLen = outputLen;
160
- this.padOffset = padOffset;
161
- this.isLE = isLE4;
162
- this.finished = false;
163
- this.length = 0;
164
- this.pos = 0;
165
- this.destroyed = false;
166
- this.buffer = new Uint8Array(blockLen);
167
- this.view = createView2(this.buffer);
168
- }
169
- update(data) {
170
- exists(this);
171
- const { view, buffer, blockLen } = this;
172
- data = toBytes2(data);
173
- const len = data.length;
174
- for (let pos = 0; pos < len; ) {
175
- const take = Math.min(blockLen - this.pos, len - pos);
176
- if (take === blockLen) {
177
- const dataView = createView2(data);
178
- for (; blockLen <= len - pos; pos += blockLen)
179
- this.process(dataView, pos);
180
- continue;
181
- }
182
- buffer.set(data.subarray(pos, pos + take), this.pos);
183
- this.pos += take;
184
- pos += take;
185
- if (this.pos === blockLen) {
186
- this.process(view, 0);
187
- this.pos = 0;
188
- }
189
- }
190
- this.length += data.length;
191
- this.roundClean();
192
- return this;
193
- }
194
- digestInto(out) {
195
- exists(this);
196
- output(out, this);
197
- this.finished = true;
198
- const { buffer, view, blockLen, isLE: isLE4 } = this;
199
- let { pos } = this;
200
- buffer[pos++] = 128;
201
- this.buffer.subarray(pos).fill(0);
202
- if (this.padOffset > blockLen - pos) {
203
- this.process(view, 0);
204
- pos = 0;
205
- }
206
- for (let i2 = pos; i2 < blockLen; i2++)
207
- buffer[i2] = 0;
208
- setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE4);
209
- this.process(view, 0);
210
- const oview = createView2(out);
211
- const len = this.outputLen;
212
- if (len % 4)
213
- throw new Error("_sha2: outputLen should be aligned to 32bit");
214
- const outLen = len / 4;
215
- const state = this.get();
216
- if (outLen > state.length)
217
- throw new Error("_sha2: outputLen bigger than state");
218
- for (let i2 = 0; i2 < outLen; i2++)
219
- oview.setUint32(4 * i2, state[i2], isLE4);
220
- }
221
- digest() {
222
- const { buffer, outputLen } = this;
223
- this.digestInto(buffer);
224
- const res = buffer.slice(0, outputLen);
225
- this.destroy();
226
- return res;
227
- }
228
- _cloneInto(to) {
229
- to || (to = new this.constructor());
230
- to.set(...this.get());
231
- const { blockLen, buffer, length, finished, destroyed, pos } = this;
232
- to.length = length;
233
- to.pos = pos;
234
- to.finished = finished;
235
- to.destroyed = destroyed;
236
- if (length % blockLen)
237
- to.buffer.set(buffer);
238
- return to;
239
- }
240
- };
241
-
242
- // node_modules/@noble/curves/node_modules/@noble/hashes/esm/sha256.js
243
- var Chi = (a, b, c) => a & b ^ ~a & c;
244
- var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
245
- var SHA256_K = /* @__PURE__ */ new Uint32Array([
246
- 1116352408,
247
- 1899447441,
248
- 3049323471,
249
- 3921009573,
250
- 961987163,
251
- 1508970993,
252
- 2453635748,
253
- 2870763221,
254
- 3624381080,
255
- 310598401,
256
- 607225278,
257
- 1426881987,
258
- 1925078388,
259
- 2162078206,
260
- 2614888103,
261
- 3248222580,
262
- 3835390401,
263
- 4022224774,
264
- 264347078,
265
- 604807628,
266
- 770255983,
267
- 1249150122,
268
- 1555081692,
269
- 1996064986,
270
- 2554220882,
271
- 2821834349,
272
- 2952996808,
273
- 3210313671,
274
- 3336571891,
275
- 3584528711,
276
- 113926993,
277
- 338241895,
278
- 666307205,
279
- 773529912,
280
- 1294757372,
281
- 1396182291,
282
- 1695183700,
283
- 1986661051,
284
- 2177026350,
285
- 2456956037,
286
- 2730485921,
287
- 2820302411,
288
- 3259730800,
289
- 3345764771,
290
- 3516065817,
291
- 3600352804,
292
- 4094571909,
293
- 275423344,
294
- 430227734,
295
- 506948616,
296
- 659060556,
297
- 883997877,
298
- 958139571,
299
- 1322822218,
300
- 1537002063,
301
- 1747873779,
302
- 1955562222,
303
- 2024104815,
304
- 2227730452,
305
- 2361852424,
306
- 2428436474,
307
- 2756734187,
308
- 3204031479,
309
- 3329325298
310
- ]);
311
- var IV = /* @__PURE__ */ new Uint32Array([
312
- 1779033703,
313
- 3144134277,
314
- 1013904242,
315
- 2773480762,
316
- 1359893119,
317
- 2600822924,
318
- 528734635,
319
- 1541459225
320
- ]);
321
- var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
322
- var SHA256 = class extends SHA2 {
323
- constructor() {
324
- super(64, 32, 8, false);
325
- this.A = IV[0] | 0;
326
- this.B = IV[1] | 0;
327
- this.C = IV[2] | 0;
328
- this.D = IV[3] | 0;
329
- this.E = IV[4] | 0;
330
- this.F = IV[5] | 0;
331
- this.G = IV[6] | 0;
332
- this.H = IV[7] | 0;
333
- }
334
- get() {
335
- const { A, B, C, D, E, F, G, H } = this;
336
- return [A, B, C, D, E, F, G, H];
337
- }
338
- // prettier-ignore
339
- set(A, B, C, D, E, F, G, H) {
340
- this.A = A | 0;
341
- this.B = B | 0;
342
- this.C = C | 0;
343
- this.D = D | 0;
344
- this.E = E | 0;
345
- this.F = F | 0;
346
- this.G = G | 0;
347
- this.H = H | 0;
348
- }
349
- process(view, offset) {
350
- for (let i2 = 0; i2 < 16; i2++, offset += 4)
351
- SHA256_W[i2] = view.getUint32(offset, false);
352
- for (let i2 = 16; i2 < 64; i2++) {
353
- const W15 = SHA256_W[i2 - 15];
354
- const W2 = SHA256_W[i2 - 2];
355
- const s0 = rotr2(W15, 7) ^ rotr2(W15, 18) ^ W15 >>> 3;
356
- const s1 = rotr2(W2, 17) ^ rotr2(W2, 19) ^ W2 >>> 10;
357
- SHA256_W[i2] = s1 + SHA256_W[i2 - 7] + s0 + SHA256_W[i2 - 16] | 0;
358
- }
359
- let { A, B, C, D, E, F, G, H } = this;
360
- for (let i2 = 0; i2 < 64; i2++) {
361
- const sigma1 = rotr2(E, 6) ^ rotr2(E, 11) ^ rotr2(E, 25);
362
- const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i2] + SHA256_W[i2] | 0;
363
- const sigma0 = rotr2(A, 2) ^ rotr2(A, 13) ^ rotr2(A, 22);
364
- const T2 = sigma0 + Maj(A, B, C) | 0;
365
- H = G;
366
- G = F;
367
- F = E;
368
- E = D + T1 | 0;
369
- D = C;
370
- C = B;
371
- B = A;
372
- A = T1 + T2 | 0;
373
- }
374
- A = A + this.A | 0;
375
- B = B + this.B | 0;
376
- C = C + this.C | 0;
377
- D = D + this.D | 0;
378
- E = E + this.E | 0;
379
- F = F + this.F | 0;
380
- G = G + this.G | 0;
381
- H = H + this.H | 0;
382
- this.set(A, B, C, D, E, F, G, H);
383
- }
384
- roundClean() {
385
- SHA256_W.fill(0);
386
- }
387
- destroy() {
388
- this.set(0, 0, 0, 0, 0, 0, 0, 0);
389
- this.buffer.fill(0);
390
- }
391
- };
392
- var sha256 = /* @__PURE__ */ wrapConstructor2(() => new SHA256());
393
-
394
- // node_modules/@noble/curves/esm/abstract/utils.js
395
- var utils_exports = {};
396
- __export(utils_exports, {
397
- bitGet: () => bitGet,
398
- bitLen: () => bitLen,
399
- bitMask: () => bitMask,
400
- bitSet: () => bitSet,
401
- bytesToHex: () => bytesToHex2,
402
- bytesToNumberBE: () => bytesToNumberBE,
403
- bytesToNumberLE: () => bytesToNumberLE,
404
- concatBytes: () => concatBytes2,
405
- createHmacDrbg: () => createHmacDrbg,
406
- ensureBytes: () => ensureBytes,
407
- equalBytes: () => equalBytes,
408
- hexToBytes: () => hexToBytes,
409
- hexToNumber: () => hexToNumber,
410
- numberToBytesBE: () => numberToBytesBE,
411
- numberToBytesLE: () => numberToBytesLE,
412
- numberToHexUnpadded: () => numberToHexUnpadded,
413
- numberToVarBytesBE: () => numberToVarBytesBE,
414
- utf8ToBytes: () => utf8ToBytes3,
415
- validateObject: () => validateObject
416
- });
417
- var _0n = BigInt(0);
418
- var _1n = BigInt(1);
419
- var _2n = BigInt(2);
420
- var u8a3 = (a) => a instanceof Uint8Array;
421
- var hexes2 = /* @__PURE__ */ Array.from({ length: 256 }, (_, i2) => i2.toString(16).padStart(2, "0"));
422
- function bytesToHex2(bytes4) {
423
- if (!u8a3(bytes4))
424
- throw new Error("Uint8Array expected");
425
- let hex2 = "";
426
- for (let i2 = 0; i2 < bytes4.length; i2++) {
427
- hex2 += hexes2[bytes4[i2]];
428
- }
429
- return hex2;
430
- }
431
- function numberToHexUnpadded(num) {
432
- const hex2 = num.toString(16);
433
- return hex2.length & 1 ? `0${hex2}` : hex2;
434
- }
435
- function hexToNumber(hex2) {
436
- if (typeof hex2 !== "string")
437
- throw new Error("hex string expected, got " + typeof hex2);
438
- return BigInt(hex2 === "" ? "0" : `0x${hex2}`);
439
- }
440
- function hexToBytes(hex2) {
441
- if (typeof hex2 !== "string")
442
- throw new Error("hex string expected, got " + typeof hex2);
443
- const len = hex2.length;
444
- if (len % 2)
445
- throw new Error("padded hex string expected, got unpadded hex of length " + len);
446
- const array = new Uint8Array(len / 2);
447
- for (let i2 = 0; i2 < array.length; i2++) {
448
- const j = i2 * 2;
449
- const hexByte = hex2.slice(j, j + 2);
450
- const byte = Number.parseInt(hexByte, 16);
451
- if (Number.isNaN(byte) || byte < 0)
452
- throw new Error("Invalid byte sequence");
453
- array[i2] = byte;
454
- }
455
- return array;
456
- }
457
- function bytesToNumberBE(bytes4) {
458
- return hexToNumber(bytesToHex2(bytes4));
459
- }
460
- function bytesToNumberLE(bytes4) {
461
- if (!u8a3(bytes4))
462
- throw new Error("Uint8Array expected");
463
- return hexToNumber(bytesToHex2(Uint8Array.from(bytes4).reverse()));
464
- }
465
- function numberToBytesBE(n, len) {
466
- return hexToBytes(n.toString(16).padStart(len * 2, "0"));
467
- }
468
- function numberToBytesLE(n, len) {
469
- return numberToBytesBE(n, len).reverse();
470
- }
471
- function numberToVarBytesBE(n) {
472
- return hexToBytes(numberToHexUnpadded(n));
473
- }
474
- function ensureBytes(title, hex2, expectedLength) {
475
- let res;
476
- if (typeof hex2 === "string") {
477
- try {
478
- res = hexToBytes(hex2);
479
- } catch (e) {
480
- throw new Error(`${title} must be valid hex string, got "${hex2}". Cause: ${e}`);
481
- }
482
- } else if (u8a3(hex2)) {
483
- res = Uint8Array.from(hex2);
484
- } else {
485
- throw new Error(`${title} must be hex string or Uint8Array`);
486
- }
487
- const len = res.length;
488
- if (typeof expectedLength === "number" && len !== expectedLength)
489
- throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
490
- return res;
491
- }
492
- function concatBytes2(...arrays) {
493
- const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
494
- let pad = 0;
495
- arrays.forEach((a) => {
496
- if (!u8a3(a))
497
- throw new Error("Uint8Array expected");
498
- r.set(a, pad);
499
- pad += a.length;
500
- });
501
- return r;
502
- }
503
- function equalBytes(b1, b2) {
504
- if (b1.length !== b2.length)
505
- return false;
506
- for (let i2 = 0; i2 < b1.length; i2++)
507
- if (b1[i2] !== b2[i2])
508
- return false;
509
- return true;
510
- }
511
- function utf8ToBytes3(str) {
512
- if (typeof str !== "string")
513
- throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
514
- return new Uint8Array(new TextEncoder().encode(str));
515
- }
516
- function bitLen(n) {
517
- let len;
518
- for (len = 0; n > _0n; n >>= _1n, len += 1)
519
- ;
520
- return len;
521
- }
522
- function bitGet(n, pos) {
523
- return n >> BigInt(pos) & _1n;
524
- }
525
- var bitSet = (n, pos, value) => {
526
- return n | (value ? _1n : _0n) << BigInt(pos);
527
- };
528
- var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
529
- var u8n = (data) => new Uint8Array(data);
530
- var u8fr = (arr) => Uint8Array.from(arr);
531
- function createHmacDrbg(hashLen, qByteLen, hmacFn) {
532
- if (typeof hashLen !== "number" || hashLen < 2)
533
- throw new Error("hashLen must be a number");
534
- if (typeof qByteLen !== "number" || qByteLen < 2)
535
- throw new Error("qByteLen must be a number");
536
- if (typeof hmacFn !== "function")
537
- throw new Error("hmacFn must be a function");
538
- let v = u8n(hashLen);
539
- let k = u8n(hashLen);
540
- let i2 = 0;
541
- const reset = () => {
542
- v.fill(1);
543
- k.fill(0);
544
- i2 = 0;
545
- };
546
- const h = (...b) => hmacFn(k, v, ...b);
547
- const reseed = (seed = u8n()) => {
548
- k = h(u8fr([0]), seed);
549
- v = h();
550
- if (seed.length === 0)
551
- return;
552
- k = h(u8fr([1]), seed);
553
- v = h();
554
- };
555
- const gen = () => {
556
- if (i2++ >= 1e3)
557
- throw new Error("drbg: tried 1000 values");
558
- let len = 0;
559
- const out = [];
560
- while (len < qByteLen) {
561
- v = h();
562
- const sl = v.slice();
563
- out.push(sl);
564
- len += v.length;
565
- }
566
- return concatBytes2(...out);
567
- };
568
- const genUntil = (seed, pred) => {
569
- reset();
570
- reseed(seed);
571
- let res = void 0;
572
- while (!(res = pred(gen())))
573
- reseed();
574
- reset();
575
- return res;
576
- };
577
- return genUntil;
578
- }
579
- var validatorFns = {
580
- bigint: (val) => typeof val === "bigint",
581
- function: (val) => typeof val === "function",
582
- boolean: (val) => typeof val === "boolean",
583
- string: (val) => typeof val === "string",
584
- stringOrUint8Array: (val) => typeof val === "string" || val instanceof Uint8Array,
585
- isSafeInteger: (val) => Number.isSafeInteger(val),
586
- array: (val) => Array.isArray(val),
587
- field: (val, object) => object.Fp.isValid(val),
588
- hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
589
- };
590
- function validateObject(object, validators, optValidators = {}) {
591
- const checkField = (fieldName, type, isOptional) => {
592
- const checkVal = validatorFns[type];
593
- if (typeof checkVal !== "function")
594
- throw new Error(`Invalid validator "${type}", expected function`);
595
- const val = object[fieldName];
596
- if (isOptional && val === void 0)
597
- return;
598
- if (!checkVal(val, object)) {
599
- throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
600
- }
601
- };
602
- for (const [fieldName, type] of Object.entries(validators))
603
- checkField(fieldName, type, false);
604
- for (const [fieldName, type] of Object.entries(optValidators))
605
- checkField(fieldName, type, true);
606
- return object;
607
- }
608
-
609
- // node_modules/@noble/curves/esm/abstract/modular.js
610
- var _0n2 = BigInt(0);
611
- var _1n2 = BigInt(1);
612
- var _2n2 = BigInt(2);
613
- var _3n = BigInt(3);
614
- var _4n = BigInt(4);
615
- var _5n = BigInt(5);
616
- var _8n = BigInt(8);
617
- var _9n = BigInt(9);
618
- var _16n = BigInt(16);
619
- function mod(a, b) {
620
- const result = a % b;
621
- return result >= _0n2 ? result : b + result;
622
- }
623
- function pow(num, power, modulo) {
624
- if (modulo <= _0n2 || power < _0n2)
625
- throw new Error("Expected power/modulo > 0");
626
- if (modulo === _1n2)
627
- return _0n2;
628
- let res = _1n2;
629
- while (power > _0n2) {
630
- if (power & _1n2)
631
- res = res * num % modulo;
632
- num = num * num % modulo;
633
- power >>= _1n2;
634
- }
635
- return res;
636
- }
637
- function pow2(x, power, modulo) {
638
- let res = x;
639
- while (power-- > _0n2) {
640
- res *= res;
641
- res %= modulo;
642
- }
643
- return res;
644
- }
645
- function invert(number4, modulo) {
646
- if (number4 === _0n2 || modulo <= _0n2) {
647
- throw new Error(`invert: expected positive integers, got n=${number4} mod=${modulo}`);
648
- }
649
- let a = mod(number4, modulo);
650
- let b = modulo;
651
- let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
652
- while (a !== _0n2) {
653
- const q = b / a;
654
- const r = b % a;
655
- const m = x - u * q;
656
- const n = y - v * q;
657
- b = a, a = r, x = u, y = v, u = m, v = n;
658
- }
659
- const gcd2 = b;
660
- if (gcd2 !== _1n2)
661
- throw new Error("invert: does not exist");
662
- return mod(x, modulo);
663
- }
664
- function tonelliShanks(P) {
665
- const legendreC = (P - _1n2) / _2n2;
666
- let Q, S, Z;
667
- for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
668
- ;
669
- for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++)
670
- ;
671
- if (S === 1) {
672
- const p1div4 = (P + _1n2) / _4n;
673
- return function tonelliFast(Fp2, n) {
674
- const root = Fp2.pow(n, p1div4);
675
- if (!Fp2.eql(Fp2.sqr(root), n))
676
- throw new Error("Cannot find square root");
677
- return root;
678
- };
679
- }
680
- const Q1div2 = (Q + _1n2) / _2n2;
681
- return function tonelliSlow(Fp2, n) {
682
- if (Fp2.pow(n, legendreC) === Fp2.neg(Fp2.ONE))
683
- throw new Error("Cannot find square root");
684
- let r = S;
685
- let g = Fp2.pow(Fp2.mul(Fp2.ONE, Z), Q);
686
- let x = Fp2.pow(n, Q1div2);
687
- let b = Fp2.pow(n, Q);
688
- while (!Fp2.eql(b, Fp2.ONE)) {
689
- if (Fp2.eql(b, Fp2.ZERO))
690
- return Fp2.ZERO;
691
- let m = 1;
692
- for (let t2 = Fp2.sqr(b); m < r; m++) {
693
- if (Fp2.eql(t2, Fp2.ONE))
694
- break;
695
- t2 = Fp2.sqr(t2);
696
- }
697
- const ge2 = Fp2.pow(g, _1n2 << BigInt(r - m - 1));
698
- g = Fp2.sqr(ge2);
699
- x = Fp2.mul(x, ge2);
700
- b = Fp2.mul(b, g);
701
- r = m;
702
- }
703
- return x;
704
- };
705
- }
706
- function FpSqrt(P) {
707
- if (P % _4n === _3n) {
708
- const p1div4 = (P + _1n2) / _4n;
709
- return function sqrt3mod4(Fp2, n) {
710
- const root = Fp2.pow(n, p1div4);
711
- if (!Fp2.eql(Fp2.sqr(root), n))
712
- throw new Error("Cannot find square root");
713
- return root;
714
- };
715
- }
716
- if (P % _8n === _5n) {
717
- const c1 = (P - _5n) / _8n;
718
- return function sqrt5mod8(Fp2, n) {
719
- const n2 = Fp2.mul(n, _2n2);
720
- const v = Fp2.pow(n2, c1);
721
- const nv = Fp2.mul(n, v);
722
- const i2 = Fp2.mul(Fp2.mul(nv, _2n2), v);
723
- const root = Fp2.mul(nv, Fp2.sub(i2, Fp2.ONE));
724
- if (!Fp2.eql(Fp2.sqr(root), n))
725
- throw new Error("Cannot find square root");
726
- return root;
727
- };
728
- }
729
- if (P % _16n === _9n) {
730
- }
731
- return tonelliShanks(P);
732
- }
733
- var FIELD_FIELDS = [
734
- "create",
735
- "isValid",
736
- "is0",
737
- "neg",
738
- "inv",
739
- "sqrt",
740
- "sqr",
741
- "eql",
742
- "add",
743
- "sub",
744
- "mul",
745
- "pow",
746
- "div",
747
- "addN",
748
- "subN",
749
- "mulN",
750
- "sqrN"
751
- ];
752
- function validateField(field) {
753
- const initial = {
754
- ORDER: "bigint",
755
- MASK: "bigint",
756
- BYTES: "isSafeInteger",
757
- BITS: "isSafeInteger"
758
- };
759
- const opts = FIELD_FIELDS.reduce((map, val) => {
760
- map[val] = "function";
761
- return map;
762
- }, initial);
763
- return validateObject(field, opts);
764
- }
765
- function FpPow(f, num, power) {
766
- if (power < _0n2)
767
- throw new Error("Expected power > 0");
768
- if (power === _0n2)
769
- return f.ONE;
770
- if (power === _1n2)
771
- return num;
772
- let p = f.ONE;
773
- let d = num;
774
- while (power > _0n2) {
775
- if (power & _1n2)
776
- p = f.mul(p, d);
777
- d = f.sqr(d);
778
- power >>= _1n2;
779
- }
780
- return p;
781
- }
782
- function FpInvertBatch(f, nums) {
783
- const tmp = new Array(nums.length);
784
- const lastMultiplied = nums.reduce((acc, num, i2) => {
785
- if (f.is0(num))
786
- return acc;
787
- tmp[i2] = acc;
788
- return f.mul(acc, num);
789
- }, f.ONE);
790
- const inverted = f.inv(lastMultiplied);
791
- nums.reduceRight((acc, num, i2) => {
792
- if (f.is0(num))
793
- return acc;
794
- tmp[i2] = f.mul(acc, tmp[i2]);
795
- return f.mul(acc, num);
796
- }, inverted);
797
- return tmp;
798
- }
799
- function nLength(n, nBitLength) {
800
- const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
801
- const nByteLength = Math.ceil(_nBitLength / 8);
802
- return { nBitLength: _nBitLength, nByteLength };
803
- }
804
- function Field(ORDER, bitLen2, isLE4 = false, redef = {}) {
805
- if (ORDER <= _0n2)
806
- throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);
807
- const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
808
- if (BYTES > 2048)
809
- throw new Error("Field lengths over 2048 bytes are not supported");
810
- const sqrtP = FpSqrt(ORDER);
811
- const f = Object.freeze({
812
- ORDER,
813
- BITS,
814
- BYTES,
815
- MASK: bitMask(BITS),
816
- ZERO: _0n2,
817
- ONE: _1n2,
818
- create: (num) => mod(num, ORDER),
819
- isValid: (num) => {
820
- if (typeof num !== "bigint")
821
- throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
822
- return _0n2 <= num && num < ORDER;
823
- },
824
- is0: (num) => num === _0n2,
825
- isOdd: (num) => (num & _1n2) === _1n2,
826
- neg: (num) => mod(-num, ORDER),
827
- eql: (lhs, rhs) => lhs === rhs,
828
- sqr: (num) => mod(num * num, ORDER),
829
- add: (lhs, rhs) => mod(lhs + rhs, ORDER),
830
- sub: (lhs, rhs) => mod(lhs - rhs, ORDER),
831
- mul: (lhs, rhs) => mod(lhs * rhs, ORDER),
832
- pow: (num, power) => FpPow(f, num, power),
833
- div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),
834
- // Same as above, but doesn't normalize
835
- sqrN: (num) => num * num,
836
- addN: (lhs, rhs) => lhs + rhs,
837
- subN: (lhs, rhs) => lhs - rhs,
838
- mulN: (lhs, rhs) => lhs * rhs,
839
- inv: (num) => invert(num, ORDER),
840
- sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
841
- invertBatch: (lst) => FpInvertBatch(f, lst),
842
- // TODO: do we really need constant cmov?
843
- // We don't have const-time bigints anyway, so probably will be not very useful
844
- cmov: (a, b, c) => c ? b : a,
845
- toBytes: (num) => isLE4 ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES),
846
- fromBytes: (bytes4) => {
847
- if (bytes4.length !== BYTES)
848
- throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes4.length}`);
849
- return isLE4 ? bytesToNumberLE(bytes4) : bytesToNumberBE(bytes4);
850
- }
851
- });
852
- return Object.freeze(f);
853
- }
854
- function getFieldBytesLength(fieldOrder) {
855
- if (typeof fieldOrder !== "bigint")
856
- throw new Error("field order must be bigint");
857
- const bitLength = fieldOrder.toString(2).length;
858
- return Math.ceil(bitLength / 8);
859
- }
860
- function getMinHashLength(fieldOrder) {
861
- const length = getFieldBytesLength(fieldOrder);
862
- return length + Math.ceil(length / 2);
863
- }
864
- function mapHashToField(key, fieldOrder, isLE4 = false) {
865
- const len = key.length;
866
- const fieldLen = getFieldBytesLength(fieldOrder);
867
- const minLen = getMinHashLength(fieldOrder);
868
- if (len < 16 || len < minLen || len > 1024)
869
- throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);
870
- const num = isLE4 ? bytesToNumberBE(key) : bytesToNumberLE(key);
871
- const reduced = mod(num, fieldOrder - _1n2) + _1n2;
872
- return isLE4 ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
873
- }
874
-
875
- // node_modules/@noble/curves/esm/abstract/curve.js
876
- var _0n3 = BigInt(0);
877
- var _1n3 = BigInt(1);
878
- function wNAF(c, bits) {
879
- const constTimeNegate = (condition, item) => {
880
- const neg = item.negate();
881
- return condition ? neg : item;
882
- };
883
- const opts = (W) => {
884
- const windows = Math.ceil(bits / W) + 1;
885
- const windowSize = 2 ** (W - 1);
886
- return { windows, windowSize };
887
- };
888
- return {
889
- constTimeNegate,
890
- // non-const time multiplication ladder
891
- unsafeLadder(elm, n) {
892
- let p = c.ZERO;
893
- let d = elm;
894
- while (n > _0n3) {
895
- if (n & _1n3)
896
- p = p.add(d);
897
- d = d.double();
898
- n >>= _1n3;
899
- }
900
- return p;
901
- },
902
- /**
903
- * Creates a wNAF precomputation window. Used for caching.
904
- * Default window size is set by `utils.precompute()` and is equal to 8.
905
- * Number of precomputed points depends on the curve size:
906
- * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
907
- * - 𝑊 is the window size
908
- * - 𝑛 is the bitlength of the curve order.
909
- * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
910
- * @returns precomputed point tables flattened to a single array
911
- */
912
- precomputeWindow(elm, W) {
913
- const { windows, windowSize } = opts(W);
914
- const points = [];
915
- let p = elm;
916
- let base = p;
917
- for (let window2 = 0; window2 < windows; window2++) {
918
- base = p;
919
- points.push(base);
920
- for (let i2 = 1; i2 < windowSize; i2++) {
921
- base = base.add(p);
922
- points.push(base);
923
- }
924
- p = base.double();
925
- }
926
- return points;
927
- },
928
- /**
929
- * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
930
- * @param W window size
931
- * @param precomputes precomputed tables
932
- * @param n scalar (we don't check here, but should be less than curve order)
933
- * @returns real and fake (for const-time) points
934
- */
935
- wNAF(W, precomputes, n) {
936
- const { windows, windowSize } = opts(W);
937
- let p = c.ZERO;
938
- let f = c.BASE;
939
- const mask = BigInt(2 ** W - 1);
940
- const maxNumber = 2 ** W;
941
- const shiftBy = BigInt(W);
942
- for (let window2 = 0; window2 < windows; window2++) {
943
- const offset = window2 * windowSize;
944
- let wbits = Number(n & mask);
945
- n >>= shiftBy;
946
- if (wbits > windowSize) {
947
- wbits -= maxNumber;
948
- n += _1n3;
949
- }
950
- const offset1 = offset;
951
- const offset2 = offset + Math.abs(wbits) - 1;
952
- const cond1 = window2 % 2 !== 0;
953
- const cond2 = wbits < 0;
954
- if (wbits === 0) {
955
- f = f.add(constTimeNegate(cond1, precomputes[offset1]));
956
- } else {
957
- p = p.add(constTimeNegate(cond2, precomputes[offset2]));
958
- }
959
- }
960
- return { p, f };
961
- },
962
- wNAFCached(P, precomputesMap, n, transform) {
963
- const W = P._WINDOW_SIZE || 1;
964
- let comp = precomputesMap.get(P);
965
- if (!comp) {
966
- comp = this.precomputeWindow(P, W);
967
- if (W !== 1) {
968
- precomputesMap.set(P, transform(comp));
969
- }
970
- }
971
- return this.wNAF(W, comp, n);
972
- }
973
- };
974
- }
975
- function validateBasic(curve) {
976
- validateField(curve.Fp);
977
- validateObject(curve, {
978
- n: "bigint",
979
- h: "bigint",
980
- Gx: "field",
981
- Gy: "field"
982
- }, {
983
- nBitLength: "isSafeInteger",
984
- nByteLength: "isSafeInteger"
985
- });
986
- return Object.freeze({
987
- ...nLength(curve.n, curve.nBitLength),
988
- ...curve,
989
- ...{ p: curve.Fp.ORDER }
990
- });
991
- }
992
-
993
- // node_modules/@noble/curves/esm/abstract/weierstrass.js
994
- function validatePointOpts(curve) {
995
- const opts = validateBasic(curve);
996
- validateObject(opts, {
997
- a: "field",
998
- b: "field"
999
- }, {
1000
- allowedPrivateKeyLengths: "array",
1001
- wrapPrivateKey: "boolean",
1002
- isTorsionFree: "function",
1003
- clearCofactor: "function",
1004
- allowInfinityPoint: "boolean",
1005
- fromBytes: "function",
1006
- toBytes: "function"
1007
- });
1008
- const { endo, Fp: Fp2, a } = opts;
1009
- if (endo) {
1010
- if (!Fp2.eql(a, Fp2.ZERO)) {
1011
- throw new Error("Endomorphism can only be defined for Koblitz curves that have a=0");
1012
- }
1013
- if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
1014
- throw new Error("Expected endomorphism with beta: bigint and splitScalar: function");
1015
- }
1016
- }
1017
- return Object.freeze({ ...opts });
1018
- }
1019
- var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
1020
- var DER = {
1021
- // asn.1 DER encoding utils
1022
- Err: class DERErr extends Error {
1023
- constructor(m = "") {
1024
- super(m);
1025
- }
1026
- },
1027
- _parseInt(data) {
1028
- const { Err: E } = DER;
1029
- if (data.length < 2 || data[0] !== 2)
1030
- throw new E("Invalid signature integer tag");
1031
- const len = data[1];
1032
- const res = data.subarray(2, len + 2);
1033
- if (!len || res.length !== len)
1034
- throw new E("Invalid signature integer: wrong length");
1035
- if (res[0] & 128)
1036
- throw new E("Invalid signature integer: negative");
1037
- if (res[0] === 0 && !(res[1] & 128))
1038
- throw new E("Invalid signature integer: unnecessary leading zero");
1039
- return { d: b2n(res), l: data.subarray(len + 2) };
1040
- },
1041
- toSig(hex2) {
1042
- const { Err: E } = DER;
1043
- const data = typeof hex2 === "string" ? h2b(hex2) : hex2;
1044
- if (!(data instanceof Uint8Array))
1045
- throw new Error("ui8a expected");
1046
- let l = data.length;
1047
- if (l < 2 || data[0] != 48)
1048
- throw new E("Invalid signature tag");
1049
- if (data[1] !== l - 2)
1050
- throw new E("Invalid signature: incorrect length");
1051
- const { d: r, l: sBytes } = DER._parseInt(data.subarray(2));
1052
- const { d: s, l: rBytesLeft } = DER._parseInt(sBytes);
1053
- if (rBytesLeft.length)
1054
- throw new E("Invalid signature: left bytes after parsing");
1055
- return { r, s };
1056
- },
1057
- hexFromSig(sig) {
1058
- const slice = (s2) => Number.parseInt(s2[0], 16) & 8 ? "00" + s2 : s2;
1059
- const h = (num) => {
1060
- const hex2 = num.toString(16);
1061
- return hex2.length & 1 ? `0${hex2}` : hex2;
1062
- };
1063
- const s = slice(h(sig.s));
1064
- const r = slice(h(sig.r));
1065
- const shl = s.length / 2;
1066
- const rhl = r.length / 2;
1067
- const sl = h(shl);
1068
- const rl = h(rhl);
1069
- return `30${h(rhl + shl + 4)}02${rl}${r}02${sl}${s}`;
1070
- }
1071
- };
1072
- var _0n4 = BigInt(0);
1073
- var _1n4 = BigInt(1);
1074
- var _2n3 = BigInt(2);
1075
- var _3n2 = BigInt(3);
1076
- var _4n2 = BigInt(4);
1077
- function weierstrassPoints(opts) {
1078
- const CURVE = validatePointOpts(opts);
1079
- const { Fp: Fp2 } = CURVE;
1080
- const toBytes4 = CURVE.toBytes || ((_c, point, _isCompressed) => {
1081
- const a = point.toAffine();
1082
- return concatBytes2(Uint8Array.from([4]), Fp2.toBytes(a.x), Fp2.toBytes(a.y));
1083
- });
1084
- const fromBytes = CURVE.fromBytes || ((bytes4) => {
1085
- const tail = bytes4.subarray(1);
1086
- const x = Fp2.fromBytes(tail.subarray(0, Fp2.BYTES));
1087
- const y = Fp2.fromBytes(tail.subarray(Fp2.BYTES, 2 * Fp2.BYTES));
1088
- return { x, y };
1089
- });
1090
- function weierstrassEquation(x) {
1091
- const { a, b } = CURVE;
1092
- const x2 = Fp2.sqr(x);
1093
- const x3 = Fp2.mul(x2, x);
1094
- return Fp2.add(Fp2.add(x3, Fp2.mul(x, a)), b);
1095
- }
1096
- if (!Fp2.eql(Fp2.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
1097
- throw new Error("bad generator point: equation left != right");
1098
- function isWithinCurveOrder(num) {
1099
- return typeof num === "bigint" && _0n4 < num && num < CURVE.n;
1100
- }
1101
- function assertGE(num) {
1102
- if (!isWithinCurveOrder(num))
1103
- throw new Error("Expected valid bigint: 0 < bigint < curve.n");
1104
- }
1105
- function normPrivateKeyToScalar(key) {
1106
- const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
1107
- if (lengths && typeof key !== "bigint") {
1108
- if (key instanceof Uint8Array)
1109
- key = bytesToHex2(key);
1110
- if (typeof key !== "string" || !lengths.includes(key.length))
1111
- throw new Error("Invalid key");
1112
- key = key.padStart(nByteLength * 2, "0");
1113
- }
1114
- let num;
1115
- try {
1116
- num = typeof key === "bigint" ? key : bytesToNumberBE(ensureBytes("private key", key, nByteLength));
1117
- } catch (error) {
1118
- throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
1119
- }
1120
- if (wrapPrivateKey)
1121
- num = mod(num, n);
1122
- assertGE(num);
1123
- return num;
1124
- }
1125
- const pointPrecomputes = /* @__PURE__ */ new Map();
1126
- function assertPrjPoint(other) {
1127
- if (!(other instanceof Point2))
1128
- throw new Error("ProjectivePoint expected");
1129
- }
1130
- class Point2 {
1131
- constructor(px, py, pz) {
1132
- this.px = px;
1133
- this.py = py;
1134
- this.pz = pz;
1135
- if (px == null || !Fp2.isValid(px))
1136
- throw new Error("x required");
1137
- if (py == null || !Fp2.isValid(py))
1138
- throw new Error("y required");
1139
- if (pz == null || !Fp2.isValid(pz))
1140
- throw new Error("z required");
1141
- }
1142
- // Does not validate if the point is on-curve.
1143
- // Use fromHex instead, or call assertValidity() later.
1144
- static fromAffine(p) {
1145
- const { x, y } = p || {};
1146
- if (!p || !Fp2.isValid(x) || !Fp2.isValid(y))
1147
- throw new Error("invalid affine point");
1148
- if (p instanceof Point2)
1149
- throw new Error("projective point not allowed");
1150
- const is0 = (i2) => Fp2.eql(i2, Fp2.ZERO);
1151
- if (is0(x) && is0(y))
1152
- return Point2.ZERO;
1153
- return new Point2(x, y, Fp2.ONE);
1154
- }
1155
- get x() {
1156
- return this.toAffine().x;
1157
- }
1158
- get y() {
1159
- return this.toAffine().y;
1160
- }
1161
- /**
1162
- * Takes a bunch of Projective Points but executes only one
1163
- * inversion on all of them. Inversion is very slow operation,
1164
- * so this improves performance massively.
1165
- * Optimization: converts a list of projective points to a list of identical points with Z=1.
1166
- */
1167
- static normalizeZ(points) {
1168
- const toInv = Fp2.invertBatch(points.map((p) => p.pz));
1169
- return points.map((p, i2) => p.toAffine(toInv[i2])).map(Point2.fromAffine);
1170
- }
1171
- /**
1172
- * Converts hash string or Uint8Array to Point.
1173
- * @param hex short/long ECDSA hex
1174
- */
1175
- static fromHex(hex2) {
1176
- const P = Point2.fromAffine(fromBytes(ensureBytes("pointHex", hex2)));
1177
- P.assertValidity();
1178
- return P;
1179
- }
1180
- // Multiplies generator point by privateKey.
1181
- static fromPrivateKey(privateKey) {
1182
- return Point2.BASE.multiply(normPrivateKeyToScalar(privateKey));
1183
- }
1184
- // "Private method", don't use it directly
1185
- _setWindowSize(windowSize) {
1186
- this._WINDOW_SIZE = windowSize;
1187
- pointPrecomputes.delete(this);
1188
- }
1189
- // A point on curve is valid if it conforms to equation.
1190
- assertValidity() {
1191
- if (this.is0()) {
1192
- if (CURVE.allowInfinityPoint && !Fp2.is0(this.py))
1193
- return;
1194
- throw new Error("bad point: ZERO");
1195
- }
1196
- const { x, y } = this.toAffine();
1197
- if (!Fp2.isValid(x) || !Fp2.isValid(y))
1198
- throw new Error("bad point: x or y not FE");
1199
- const left = Fp2.sqr(y);
1200
- const right = weierstrassEquation(x);
1201
- if (!Fp2.eql(left, right))
1202
- throw new Error("bad point: equation left != right");
1203
- if (!this.isTorsionFree())
1204
- throw new Error("bad point: not in prime-order subgroup");
1205
- }
1206
- hasEvenY() {
1207
- const { y } = this.toAffine();
1208
- if (Fp2.isOdd)
1209
- return !Fp2.isOdd(y);
1210
- throw new Error("Field doesn't support isOdd");
1211
- }
1212
- /**
1213
- * Compare one point to another.
1214
- */
1215
- equals(other) {
1216
- assertPrjPoint(other);
1217
- const { px: X1, py: Y1, pz: Z1 } = this;
1218
- const { px: X2, py: Y2, pz: Z2 } = other;
1219
- const U1 = Fp2.eql(Fp2.mul(X1, Z2), Fp2.mul(X2, Z1));
1220
- const U2 = Fp2.eql(Fp2.mul(Y1, Z2), Fp2.mul(Y2, Z1));
1221
- return U1 && U2;
1222
- }
1223
- /**
1224
- * Flips point to one corresponding to (x, -y) in Affine coordinates.
1225
- */
1226
- negate() {
1227
- return new Point2(this.px, Fp2.neg(this.py), this.pz);
1228
- }
1229
- // Renes-Costello-Batina exception-free doubling formula.
1230
- // There is 30% faster Jacobian formula, but it is not complete.
1231
- // https://eprint.iacr.org/2015/1060, algorithm 3
1232
- // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
1233
- double() {
1234
- const { a, b } = CURVE;
1235
- const b3 = Fp2.mul(b, _3n2);
1236
- const { px: X1, py: Y1, pz: Z1 } = this;
1237
- let X3 = Fp2.ZERO, Y3 = Fp2.ZERO, Z3 = Fp2.ZERO;
1238
- let t0 = Fp2.mul(X1, X1);
1239
- let t1 = Fp2.mul(Y1, Y1);
1240
- let t2 = Fp2.mul(Z1, Z1);
1241
- let t3 = Fp2.mul(X1, Y1);
1242
- t3 = Fp2.add(t3, t3);
1243
- Z3 = Fp2.mul(X1, Z1);
1244
- Z3 = Fp2.add(Z3, Z3);
1245
- X3 = Fp2.mul(a, Z3);
1246
- Y3 = Fp2.mul(b3, t2);
1247
- Y3 = Fp2.add(X3, Y3);
1248
- X3 = Fp2.sub(t1, Y3);
1249
- Y3 = Fp2.add(t1, Y3);
1250
- Y3 = Fp2.mul(X3, Y3);
1251
- X3 = Fp2.mul(t3, X3);
1252
- Z3 = Fp2.mul(b3, Z3);
1253
- t2 = Fp2.mul(a, t2);
1254
- t3 = Fp2.sub(t0, t2);
1255
- t3 = Fp2.mul(a, t3);
1256
- t3 = Fp2.add(t3, Z3);
1257
- Z3 = Fp2.add(t0, t0);
1258
- t0 = Fp2.add(Z3, t0);
1259
- t0 = Fp2.add(t0, t2);
1260
- t0 = Fp2.mul(t0, t3);
1261
- Y3 = Fp2.add(Y3, t0);
1262
- t2 = Fp2.mul(Y1, Z1);
1263
- t2 = Fp2.add(t2, t2);
1264
- t0 = Fp2.mul(t2, t3);
1265
- X3 = Fp2.sub(X3, t0);
1266
- Z3 = Fp2.mul(t2, t1);
1267
- Z3 = Fp2.add(Z3, Z3);
1268
- Z3 = Fp2.add(Z3, Z3);
1269
- return new Point2(X3, Y3, Z3);
1270
- }
1271
- // Renes-Costello-Batina exception-free addition formula.
1272
- // There is 30% faster Jacobian formula, but it is not complete.
1273
- // https://eprint.iacr.org/2015/1060, algorithm 1
1274
- // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
1275
- add(other) {
1276
- assertPrjPoint(other);
1277
- const { px: X1, py: Y1, pz: Z1 } = this;
1278
- const { px: X2, py: Y2, pz: Z2 } = other;
1279
- let X3 = Fp2.ZERO, Y3 = Fp2.ZERO, Z3 = Fp2.ZERO;
1280
- const a = CURVE.a;
1281
- const b3 = Fp2.mul(CURVE.b, _3n2);
1282
- let t0 = Fp2.mul(X1, X2);
1283
- let t1 = Fp2.mul(Y1, Y2);
1284
- let t2 = Fp2.mul(Z1, Z2);
1285
- let t3 = Fp2.add(X1, Y1);
1286
- let t4 = Fp2.add(X2, Y2);
1287
- t3 = Fp2.mul(t3, t4);
1288
- t4 = Fp2.add(t0, t1);
1289
- t3 = Fp2.sub(t3, t4);
1290
- t4 = Fp2.add(X1, Z1);
1291
- let t5 = Fp2.add(X2, Z2);
1292
- t4 = Fp2.mul(t4, t5);
1293
- t5 = Fp2.add(t0, t2);
1294
- t4 = Fp2.sub(t4, t5);
1295
- t5 = Fp2.add(Y1, Z1);
1296
- X3 = Fp2.add(Y2, Z2);
1297
- t5 = Fp2.mul(t5, X3);
1298
- X3 = Fp2.add(t1, t2);
1299
- t5 = Fp2.sub(t5, X3);
1300
- Z3 = Fp2.mul(a, t4);
1301
- X3 = Fp2.mul(b3, t2);
1302
- Z3 = Fp2.add(X3, Z3);
1303
- X3 = Fp2.sub(t1, Z3);
1304
- Z3 = Fp2.add(t1, Z3);
1305
- Y3 = Fp2.mul(X3, Z3);
1306
- t1 = Fp2.add(t0, t0);
1307
- t1 = Fp2.add(t1, t0);
1308
- t2 = Fp2.mul(a, t2);
1309
- t4 = Fp2.mul(b3, t4);
1310
- t1 = Fp2.add(t1, t2);
1311
- t2 = Fp2.sub(t0, t2);
1312
- t2 = Fp2.mul(a, t2);
1313
- t4 = Fp2.add(t4, t2);
1314
- t0 = Fp2.mul(t1, t4);
1315
- Y3 = Fp2.add(Y3, t0);
1316
- t0 = Fp2.mul(t5, t4);
1317
- X3 = Fp2.mul(t3, X3);
1318
- X3 = Fp2.sub(X3, t0);
1319
- t0 = Fp2.mul(t3, t1);
1320
- Z3 = Fp2.mul(t5, Z3);
1321
- Z3 = Fp2.add(Z3, t0);
1322
- return new Point2(X3, Y3, Z3);
1323
- }
1324
- subtract(other) {
1325
- return this.add(other.negate());
1326
- }
1327
- is0() {
1328
- return this.equals(Point2.ZERO);
1329
- }
1330
- wNAF(n) {
1331
- return wnaf.wNAFCached(this, pointPrecomputes, n, (comp) => {
1332
- const toInv = Fp2.invertBatch(comp.map((p) => p.pz));
1333
- return comp.map((p, i2) => p.toAffine(toInv[i2])).map(Point2.fromAffine);
1334
- });
1335
- }
1336
- /**
1337
- * Non-constant-time multiplication. Uses double-and-add algorithm.
1338
- * It's faster, but should only be used when you don't care about
1339
- * an exposed private key e.g. sig verification, which works over *public* keys.
1340
- */
1341
- multiplyUnsafe(n) {
1342
- const I = Point2.ZERO;
1343
- if (n === _0n4)
1344
- return I;
1345
- assertGE(n);
1346
- if (n === _1n4)
1347
- return this;
1348
- const { endo } = CURVE;
1349
- if (!endo)
1350
- return wnaf.unsafeLadder(this, n);
1351
- let { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
1352
- let k1p = I;
1353
- let k2p = I;
1354
- let d = this;
1355
- while (k1 > _0n4 || k2 > _0n4) {
1356
- if (k1 & _1n4)
1357
- k1p = k1p.add(d);
1358
- if (k2 & _1n4)
1359
- k2p = k2p.add(d);
1360
- d = d.double();
1361
- k1 >>= _1n4;
1362
- k2 >>= _1n4;
1363
- }
1364
- if (k1neg)
1365
- k1p = k1p.negate();
1366
- if (k2neg)
1367
- k2p = k2p.negate();
1368
- k2p = new Point2(Fp2.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
1369
- return k1p.add(k2p);
1370
- }
1371
- /**
1372
- * Constant time multiplication.
1373
- * Uses wNAF method. Windowed method may be 10% faster,
1374
- * but takes 2x longer to generate and consumes 2x memory.
1375
- * Uses precomputes when available.
1376
- * Uses endomorphism for Koblitz curves.
1377
- * @param scalar by which the point would be multiplied
1378
- * @returns New point
1379
- */
1380
- multiply(scalar) {
1381
- assertGE(scalar);
1382
- let n = scalar;
1383
- let point, fake;
1384
- const { endo } = CURVE;
1385
- if (endo) {
1386
- const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
1387
- let { p: k1p, f: f1p } = this.wNAF(k1);
1388
- let { p: k2p, f: f2p } = this.wNAF(k2);
1389
- k1p = wnaf.constTimeNegate(k1neg, k1p);
1390
- k2p = wnaf.constTimeNegate(k2neg, k2p);
1391
- k2p = new Point2(Fp2.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
1392
- point = k1p.add(k2p);
1393
- fake = f1p.add(f2p);
1394
- } else {
1395
- const { p, f } = this.wNAF(n);
1396
- point = p;
1397
- fake = f;
1398
- }
1399
- return Point2.normalizeZ([point, fake])[0];
1400
- }
1401
- /**
1402
- * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.
1403
- * Not using Strauss-Shamir trick: precomputation tables are faster.
1404
- * The trick could be useful if both P and Q are not G (not in our case).
1405
- * @returns non-zero affine point
1406
- */
1407
- multiplyAndAddUnsafe(Q, a, b) {
1408
- const G = Point2.BASE;
1409
- const mul3 = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
1410
- const sum = mul3(this, a).add(mul3(Q, b));
1411
- return sum.is0() ? void 0 : sum;
1412
- }
1413
- // Converts Projective point to affine (x, y) coordinates.
1414
- // Can accept precomputed Z^-1 - for example, from invertBatch.
1415
- // (x, y, z) ∋ (x=x/z, y=y/z)
1416
- toAffine(iz) {
1417
- const { px: x, py: y, pz: z } = this;
1418
- const is0 = this.is0();
1419
- if (iz == null)
1420
- iz = is0 ? Fp2.ONE : Fp2.inv(z);
1421
- const ax = Fp2.mul(x, iz);
1422
- const ay = Fp2.mul(y, iz);
1423
- const zz = Fp2.mul(z, iz);
1424
- if (is0)
1425
- return { x: Fp2.ZERO, y: Fp2.ZERO };
1426
- if (!Fp2.eql(zz, Fp2.ONE))
1427
- throw new Error("invZ was invalid");
1428
- return { x: ax, y: ay };
1429
- }
1430
- isTorsionFree() {
1431
- const { h: cofactor, isTorsionFree } = CURVE;
1432
- if (cofactor === _1n4)
1433
- return true;
1434
- if (isTorsionFree)
1435
- return isTorsionFree(Point2, this);
1436
- throw new Error("isTorsionFree() has not been declared for the elliptic curve");
1437
- }
1438
- clearCofactor() {
1439
- const { h: cofactor, clearCofactor } = CURVE;
1440
- if (cofactor === _1n4)
1441
- return this;
1442
- if (clearCofactor)
1443
- return clearCofactor(Point2, this);
1444
- return this.multiplyUnsafe(CURVE.h);
1445
- }
1446
- toRawBytes(isCompressed = true) {
1447
- this.assertValidity();
1448
- return toBytes4(Point2, this, isCompressed);
1449
- }
1450
- toHex(isCompressed = true) {
1451
- return bytesToHex2(this.toRawBytes(isCompressed));
1452
- }
1453
- }
1454
- Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp2.ONE);
1455
- Point2.ZERO = new Point2(Fp2.ZERO, Fp2.ONE, Fp2.ZERO);
1456
- const _bits = CURVE.nBitLength;
1457
- const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
1458
- return {
1459
- CURVE,
1460
- ProjectivePoint: Point2,
1461
- normPrivateKeyToScalar,
1462
- weierstrassEquation,
1463
- isWithinCurveOrder
1464
- };
1465
- }
1466
- function validateOpts(curve) {
1467
- const opts = validateBasic(curve);
1468
- validateObject(opts, {
1469
- hash: "hash",
1470
- hmac: "function",
1471
- randomBytes: "function"
1472
- }, {
1473
- bits2int: "function",
1474
- bits2int_modN: "function",
1475
- lowS: "boolean"
1476
- });
1477
- return Object.freeze({ lowS: true, ...opts });
1478
- }
1479
- function weierstrass(curveDef) {
1480
- const CURVE = validateOpts(curveDef);
1481
- const { Fp: Fp2, n: CURVE_ORDER } = CURVE;
1482
- const compressedLen = Fp2.BYTES + 1;
1483
- const uncompressedLen = 2 * Fp2.BYTES + 1;
1484
- function isValidFieldElement(num) {
1485
- return _0n4 < num && num < Fp2.ORDER;
1486
- }
1487
- function modN2(a) {
1488
- return mod(a, CURVE_ORDER);
1489
- }
1490
- function invN(a) {
1491
- return invert(a, CURVE_ORDER);
1492
- }
1493
- const { ProjectivePoint: Point2, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder } = weierstrassPoints({
1494
- ...CURVE,
1495
- toBytes(_c, point, isCompressed) {
1496
- const a = point.toAffine();
1497
- const x = Fp2.toBytes(a.x);
1498
- const cat = concatBytes2;
1499
- if (isCompressed) {
1500
- return cat(Uint8Array.from([point.hasEvenY() ? 2 : 3]), x);
1501
- } else {
1502
- return cat(Uint8Array.from([4]), x, Fp2.toBytes(a.y));
1503
- }
1504
- },
1505
- fromBytes(bytes4) {
1506
- const len = bytes4.length;
1507
- const head = bytes4[0];
1508
- const tail = bytes4.subarray(1);
1509
- if (len === compressedLen && (head === 2 || head === 3)) {
1510
- const x = bytesToNumberBE(tail);
1511
- if (!isValidFieldElement(x))
1512
- throw new Error("Point is not on curve");
1513
- const y2 = weierstrassEquation(x);
1514
- let y = Fp2.sqrt(y2);
1515
- const isYOdd = (y & _1n4) === _1n4;
1516
- const isHeadOdd = (head & 1) === 1;
1517
- if (isHeadOdd !== isYOdd)
1518
- y = Fp2.neg(y);
1519
- return { x, y };
1520
- } else if (len === uncompressedLen && head === 4) {
1521
- const x = Fp2.fromBytes(tail.subarray(0, Fp2.BYTES));
1522
- const y = Fp2.fromBytes(tail.subarray(Fp2.BYTES, 2 * Fp2.BYTES));
1523
- return { x, y };
1524
- } else {
1525
- throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
1526
- }
1527
- }
1528
- });
1529
- const numToNByteStr = (num) => bytesToHex2(numberToBytesBE(num, CURVE.nByteLength));
1530
- function isBiggerThanHalfOrder(number4) {
1531
- const HALF = CURVE_ORDER >> _1n4;
1532
- return number4 > HALF;
1533
- }
1534
- function normalizeS(s) {
1535
- return isBiggerThanHalfOrder(s) ? modN2(-s) : s;
1536
- }
1537
- const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to));
1538
- class Signature {
1539
- constructor(r, s, recovery) {
1540
- this.r = r;
1541
- this.s = s;
1542
- this.recovery = recovery;
1543
- this.assertValidity();
1544
- }
1545
- // pair (bytes of r, bytes of s)
1546
- static fromCompact(hex2) {
1547
- const l = CURVE.nByteLength;
1548
- hex2 = ensureBytes("compactSignature", hex2, l * 2);
1549
- return new Signature(slcNum(hex2, 0, l), slcNum(hex2, l, 2 * l));
1550
- }
1551
- // DER encoded ECDSA signature
1552
- // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
1553
- static fromDER(hex2) {
1554
- const { r, s } = DER.toSig(ensureBytes("DER", hex2));
1555
- return new Signature(r, s);
1556
- }
1557
- assertValidity() {
1558
- if (!isWithinCurveOrder(this.r))
1559
- throw new Error("r must be 0 < r < CURVE.n");
1560
- if (!isWithinCurveOrder(this.s))
1561
- throw new Error("s must be 0 < s < CURVE.n");
1562
- }
1563
- addRecoveryBit(recovery) {
1564
- return new Signature(this.r, this.s, recovery);
1565
- }
1566
- recoverPublicKey(msgHash) {
1567
- const { r, s, recovery: rec } = this;
1568
- const h = bits2int_modN(ensureBytes("msgHash", msgHash));
1569
- if (rec == null || ![0, 1, 2, 3].includes(rec))
1570
- throw new Error("recovery id invalid");
1571
- const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
1572
- if (radj >= Fp2.ORDER)
1573
- throw new Error("recovery id 2 or 3 invalid");
1574
- const prefix = (rec & 1) === 0 ? "02" : "03";
1575
- const R = Point2.fromHex(prefix + numToNByteStr(radj));
1576
- const ir = invN(radj);
1577
- const u1 = modN2(-h * ir);
1578
- const u2 = modN2(s * ir);
1579
- const Q = Point2.BASE.multiplyAndAddUnsafe(R, u1, u2);
1580
- if (!Q)
1581
- throw new Error("point at infinify");
1582
- Q.assertValidity();
1583
- return Q;
1584
- }
1585
- // Signatures should be low-s, to prevent malleability.
1586
- hasHighS() {
1587
- return isBiggerThanHalfOrder(this.s);
1588
- }
1589
- normalizeS() {
1590
- return this.hasHighS() ? new Signature(this.r, modN2(-this.s), this.recovery) : this;
1591
- }
1592
- // DER-encoded
1593
- toDERRawBytes() {
1594
- return hexToBytes(this.toDERHex());
1595
- }
1596
- toDERHex() {
1597
- return DER.hexFromSig({ r: this.r, s: this.s });
1598
- }
1599
- // padded bytes of r, then padded bytes of s
1600
- toCompactRawBytes() {
1601
- return hexToBytes(this.toCompactHex());
1602
- }
1603
- toCompactHex() {
1604
- return numToNByteStr(this.r) + numToNByteStr(this.s);
1605
- }
1606
- }
1607
- const utils = {
1608
- isValidPrivateKey(privateKey) {
1609
- try {
1610
- normPrivateKeyToScalar(privateKey);
1611
- return true;
1612
- } catch (error) {
1613
- return false;
1614
- }
1615
- },
1616
- normPrivateKeyToScalar,
1617
- /**
1618
- * Produces cryptographically secure private key from random of size
1619
- * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
1620
- */
1621
- randomPrivateKey: () => {
1622
- const length = getMinHashLength(CURVE.n);
1623
- return mapHashToField(CURVE.randomBytes(length), CURVE.n);
1624
- },
1625
- /**
1626
- * Creates precompute table for an arbitrary EC point. Makes point "cached".
1627
- * Allows to massively speed-up `point.multiply(scalar)`.
1628
- * @returns cached point
1629
- * @example
1630
- * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));
1631
- * fast.multiply(privKey); // much faster ECDH now
1632
- */
1633
- precompute(windowSize = 8, point = Point2.BASE) {
1634
- point._setWindowSize(windowSize);
1635
- point.multiply(BigInt(3));
1636
- return point;
1637
- }
1638
- };
1639
- function getPublicKey2(privateKey, isCompressed = true) {
1640
- return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
1641
- }
1642
- function isProbPub(item) {
1643
- const arr = item instanceof Uint8Array;
1644
- const str = typeof item === "string";
1645
- const len = (arr || str) && item.length;
1646
- if (arr)
1647
- return len === compressedLen || len === uncompressedLen;
1648
- if (str)
1649
- return len === 2 * compressedLen || len === 2 * uncompressedLen;
1650
- if (item instanceof Point2)
1651
- return true;
1652
- return false;
1653
- }
1654
- function getSharedSecret(privateA, publicB, isCompressed = true) {
1655
- if (isProbPub(privateA))
1656
- throw new Error("first arg must be private key");
1657
- if (!isProbPub(publicB))
1658
- throw new Error("second arg must be public key");
1659
- const b = Point2.fromHex(publicB);
1660
- return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
1661
- }
1662
- const bits2int = CURVE.bits2int || function(bytes4) {
1663
- const num = bytesToNumberBE(bytes4);
1664
- const delta = bytes4.length * 8 - CURVE.nBitLength;
1665
- return delta > 0 ? num >> BigInt(delta) : num;
1666
- };
1667
- const bits2int_modN = CURVE.bits2int_modN || function(bytes4) {
1668
- return modN2(bits2int(bytes4));
1669
- };
1670
- const ORDER_MASK = bitMask(CURVE.nBitLength);
1671
- function int2octets(num) {
1672
- if (typeof num !== "bigint")
1673
- throw new Error("bigint expected");
1674
- if (!(_0n4 <= num && num < ORDER_MASK))
1675
- throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
1676
- return numberToBytesBE(num, CURVE.nByteLength);
1677
- }
1678
- function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
1679
- if (["recovered", "canonical"].some((k) => k in opts))
1680
- throw new Error("sign() legacy options not supported");
1681
- const { hash: hash3, randomBytes: randomBytes3 } = CURVE;
1682
- let { lowS, prehash, extraEntropy: ent } = opts;
1683
- if (lowS == null)
1684
- lowS = true;
1685
- msgHash = ensureBytes("msgHash", msgHash);
1686
- if (prehash)
1687
- msgHash = ensureBytes("prehashed msgHash", hash3(msgHash));
1688
- const h1int = bits2int_modN(msgHash);
1689
- const d = normPrivateKeyToScalar(privateKey);
1690
- const seedArgs = [int2octets(d), int2octets(h1int)];
1691
- if (ent != null) {
1692
- const e = ent === true ? randomBytes3(Fp2.BYTES) : ent;
1693
- seedArgs.push(ensureBytes("extraEntropy", e));
1694
- }
1695
- const seed = concatBytes2(...seedArgs);
1696
- const m = h1int;
1697
- function k2sig(kBytes) {
1698
- const k = bits2int(kBytes);
1699
- if (!isWithinCurveOrder(k))
1700
- return;
1701
- const ik = invN(k);
1702
- const q = Point2.BASE.multiply(k).toAffine();
1703
- const r = modN2(q.x);
1704
- if (r === _0n4)
1705
- return;
1706
- const s = modN2(ik * modN2(m + r * d));
1707
- if (s === _0n4)
1708
- return;
1709
- let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
1710
- let normS = s;
1711
- if (lowS && isBiggerThanHalfOrder(s)) {
1712
- normS = normalizeS(s);
1713
- recovery ^= 1;
1714
- }
1715
- return new Signature(r, normS, recovery);
1716
- }
1717
- return { seed, k2sig };
1718
- }
1719
- const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
1720
- const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
1721
- function sign(msgHash, privKey, opts = defaultSigOpts) {
1722
- const { seed, k2sig } = prepSig(msgHash, privKey, opts);
1723
- const C = CURVE;
1724
- const drbg = createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);
1725
- return drbg(seed, k2sig);
1726
- }
1727
- Point2.BASE._setWindowSize(8);
1728
- function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
1729
- const sg = signature;
1730
- msgHash = ensureBytes("msgHash", msgHash);
1731
- publicKey = ensureBytes("publicKey", publicKey);
1732
- if ("strict" in opts)
1733
- throw new Error("options.strict was renamed to lowS");
1734
- const { lowS, prehash } = opts;
1735
- let _sig = void 0;
1736
- let P;
1737
- try {
1738
- if (typeof sg === "string" || sg instanceof Uint8Array) {
1739
- try {
1740
- _sig = Signature.fromDER(sg);
1741
- } catch (derError) {
1742
- if (!(derError instanceof DER.Err))
1743
- throw derError;
1744
- _sig = Signature.fromCompact(sg);
1745
- }
1746
- } else if (typeof sg === "object" && typeof sg.r === "bigint" && typeof sg.s === "bigint") {
1747
- const { r: r2, s: s2 } = sg;
1748
- _sig = new Signature(r2, s2);
1749
- } else {
1750
- throw new Error("PARSE");
1751
- }
1752
- P = Point2.fromHex(publicKey);
1753
- } catch (error) {
1754
- if (error.message === "PARSE")
1755
- throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
1756
- return false;
1757
- }
1758
- if (lowS && _sig.hasHighS())
1759
- return false;
1760
- if (prehash)
1761
- msgHash = CURVE.hash(msgHash);
1762
- const { r, s } = _sig;
1763
- const h = bits2int_modN(msgHash);
1764
- const is = invN(s);
1765
- const u1 = modN2(h * is);
1766
- const u2 = modN2(r * is);
1767
- const R = Point2.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine();
1768
- if (!R)
1769
- return false;
1770
- const v = modN2(R.x);
1771
- return v === r;
1772
- }
1773
- return {
1774
- CURVE,
1775
- getPublicKey: getPublicKey2,
1776
- getSharedSecret,
1777
- sign,
1778
- verify,
1779
- ProjectivePoint: Point2,
1780
- Signature,
1781
- utils
1782
- };
1783
- }
1784
-
1785
- // node_modules/@noble/curves/node_modules/@noble/hashes/esm/hmac.js
1786
- var HMAC = class extends Hash2 {
1787
- constructor(hash3, _key) {
1788
- super();
1789
- this.finished = false;
1790
- this.destroyed = false;
1791
- hash(hash3);
1792
- const key = toBytes2(_key);
1793
- this.iHash = hash3.create();
1794
- if (typeof this.iHash.update !== "function")
1795
- throw new Error("Expected instance of class which extends utils.Hash");
1796
- this.blockLen = this.iHash.blockLen;
1797
- this.outputLen = this.iHash.outputLen;
1798
- const blockLen = this.blockLen;
1799
- const pad = new Uint8Array(blockLen);
1800
- pad.set(key.length > blockLen ? hash3.create().update(key).digest() : key);
1801
- for (let i2 = 0; i2 < pad.length; i2++)
1802
- pad[i2] ^= 54;
1803
- this.iHash.update(pad);
1804
- this.oHash = hash3.create();
1805
- for (let i2 = 0; i2 < pad.length; i2++)
1806
- pad[i2] ^= 54 ^ 92;
1807
- this.oHash.update(pad);
1808
- pad.fill(0);
1809
- }
1810
- update(buf) {
1811
- exists(this);
1812
- this.iHash.update(buf);
1813
- return this;
1814
- }
1815
- digestInto(out) {
1816
- exists(this);
1817
- bytes(out, this.outputLen);
1818
- this.finished = true;
1819
- this.iHash.digestInto(out);
1820
- this.oHash.update(out);
1821
- this.oHash.digestInto(out);
1822
- this.destroy();
1823
- }
1824
- digest() {
1825
- const out = new Uint8Array(this.oHash.outputLen);
1826
- this.digestInto(out);
1827
- return out;
1828
- }
1829
- _cloneInto(to) {
1830
- to || (to = Object.create(Object.getPrototypeOf(this), {}));
1831
- const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
1832
- to = to;
1833
- to.finished = finished;
1834
- to.destroyed = destroyed;
1835
- to.blockLen = blockLen;
1836
- to.outputLen = outputLen;
1837
- to.oHash = oHash._cloneInto(to.oHash);
1838
- to.iHash = iHash._cloneInto(to.iHash);
1839
- return to;
1840
- }
1841
- destroy() {
1842
- this.destroyed = true;
1843
- this.oHash.destroy();
1844
- this.iHash.destroy();
1845
- }
1846
- };
1847
- var hmac = (hash3, key, message) => new HMAC(hash3, key).update(message).digest();
1848
- hmac.create = (hash3, key) => new HMAC(hash3, key);
1849
-
1850
- // node_modules/@noble/curves/esm/_shortw_utils.js
1851
- function getHash(hash3) {
1852
- return {
1853
- hash: hash3,
1854
- hmac: (key, ...msgs) => hmac(hash3, key, concatBytes(...msgs)),
1855
- randomBytes
1856
- };
1857
- }
1858
- function createCurve(curveDef, defHash) {
1859
- const create = (hash3) => weierstrass({ ...curveDef, ...getHash(hash3) });
1860
- return Object.freeze({ ...create(defHash), create });
1861
- }
1862
-
1863
- // node_modules/@noble/curves/esm/secp256k1.js
1864
- var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
1865
- var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
1866
- var _1n5 = BigInt(1);
1867
- var _2n4 = BigInt(2);
1868
- var divNearest = (a, b) => (a + b / _2n4) / b;
1869
- function sqrtMod(y) {
1870
- const P = secp256k1P;
1871
- const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
1872
- const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);
1873
- const b2 = y * y * y % P;
1874
- const b3 = b2 * b2 * y % P;
1875
- const b6 = pow2(b3, _3n3, P) * b3 % P;
1876
- const b9 = pow2(b6, _3n3, P) * b3 % P;
1877
- const b11 = pow2(b9, _2n4, P) * b2 % P;
1878
- const b22 = pow2(b11, _11n, P) * b11 % P;
1879
- const b44 = pow2(b22, _22n, P) * b22 % P;
1880
- const b88 = pow2(b44, _44n, P) * b44 % P;
1881
- const b176 = pow2(b88, _88n, P) * b88 % P;
1882
- const b220 = pow2(b176, _44n, P) * b44 % P;
1883
- const b223 = pow2(b220, _3n3, P) * b3 % P;
1884
- const t1 = pow2(b223, _23n, P) * b22 % P;
1885
- const t2 = pow2(t1, _6n, P) * b2 % P;
1886
- const root = pow2(t2, _2n4, P);
1887
- if (!Fp.eql(Fp.sqr(root), y))
1888
- throw new Error("Cannot find square root");
1889
- return root;
1890
- }
1891
- var Fp = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
1892
- var secp256k1 = createCurve({
1893
- a: BigInt(0),
1894
- b: BigInt(7),
1895
- Fp,
1896
- n: secp256k1N,
1897
- // Base point (x, y) aka generator point
1898
- Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
1899
- Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
1900
- h: BigInt(1),
1901
- lowS: true,
1902
- /**
1903
- * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
1904
- * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
1905
- * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
1906
- * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
1907
- */
1908
- endo: {
1909
- beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
1910
- splitScalar: (k) => {
1911
- const n = secp256k1N;
1912
- const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
1913
- const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
1914
- const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
1915
- const b2 = a1;
1916
- const POW_2_128 = BigInt("0x100000000000000000000000000000000");
1917
- const c1 = divNearest(b2 * k, n);
1918
- const c2 = divNearest(-b1 * k, n);
1919
- let k1 = mod(k - c1 * a1 - c2 * a2, n);
1920
- let k2 = mod(-c1 * b1 - c2 * b2, n);
1921
- const k1neg = k1 > POW_2_128;
1922
- const k2neg = k2 > POW_2_128;
1923
- if (k1neg)
1924
- k1 = n - k1;
1925
- if (k2neg)
1926
- k2 = n - k2;
1927
- if (k1 > POW_2_128 || k2 > POW_2_128) {
1928
- throw new Error("splitScalar: Endomorphism failed, k=" + k);
1929
- }
1930
- return { k1neg, k1, k2neg, k2 };
1931
- }
1932
- }
1933
- }, sha256);
1934
- var _0n5 = BigInt(0);
1935
- var fe = (x) => typeof x === "bigint" && _0n5 < x && x < secp256k1P;
1936
- var ge = (x) => typeof x === "bigint" && _0n5 < x && x < secp256k1N;
1937
- var TAGGED_HASH_PREFIXES = {};
1938
- function taggedHash(tag, ...messages) {
1939
- let tagP = TAGGED_HASH_PREFIXES[tag];
1940
- if (tagP === void 0) {
1941
- const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
1942
- tagP = concatBytes2(tagH, tagH);
1943
- TAGGED_HASH_PREFIXES[tag] = tagP;
1944
- }
1945
- return sha256(concatBytes2(tagP, ...messages));
1946
- }
1947
- var pointToBytes = (point) => point.toRawBytes(true).slice(1);
1948
- var numTo32b = (n) => numberToBytesBE(n, 32);
1949
- var modP = (x) => mod(x, secp256k1P);
1950
- var modN = (x) => mod(x, secp256k1N);
1951
- var Point = secp256k1.ProjectivePoint;
1952
- var GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
1953
- function schnorrGetExtPubKey(priv) {
1954
- let d_ = secp256k1.utils.normPrivateKeyToScalar(priv);
1955
- let p = Point.fromPrivateKey(d_);
1956
- const scalar = p.hasEvenY() ? d_ : modN(-d_);
1957
- return { scalar, bytes: pointToBytes(p) };
1958
- }
1959
- function lift_x(x) {
1960
- if (!fe(x))
1961
- throw new Error("bad x: need 0 < x < p");
1962
- const xx = modP(x * x);
1963
- const c = modP(xx * x + BigInt(7));
1964
- let y = sqrtMod(c);
1965
- if (y % _2n4 !== _0n5)
1966
- y = modP(-y);
1967
- const p = new Point(x, y, _1n5);
1968
- p.assertValidity();
1969
- return p;
1970
- }
1971
- function challenge(...args) {
1972
- return modN(bytesToNumberBE(taggedHash("BIP0340/challenge", ...args)));
1973
- }
1974
- function schnorrGetPublicKey(privateKey) {
1975
- return schnorrGetExtPubKey(privateKey).bytes;
1976
- }
1977
- function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
1978
- const m = ensureBytes("message", message);
1979
- const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey);
1980
- const a = ensureBytes("auxRand", auxRand, 32);
1981
- const t = numTo32b(d ^ bytesToNumberBE(taggedHash("BIP0340/aux", a)));
1982
- const rand = taggedHash("BIP0340/nonce", t, px, m);
1983
- const k_ = modN(bytesToNumberBE(rand));
1984
- if (k_ === _0n5)
1985
- throw new Error("sign failed: k is zero");
1986
- const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_);
1987
- const e = challenge(rx, px, m);
1988
- const sig = new Uint8Array(64);
1989
- sig.set(rx, 0);
1990
- sig.set(numTo32b(modN(k + e * d)), 32);
1991
- if (!schnorrVerify(sig, m, px))
1992
- throw new Error("sign: Invalid signature produced");
1993
- return sig;
1994
- }
1995
- function schnorrVerify(signature, message, publicKey) {
1996
- const sig = ensureBytes("signature", signature, 64);
1997
- const m = ensureBytes("message", message);
1998
- const pub = ensureBytes("publicKey", publicKey, 32);
1999
- try {
2000
- const P = lift_x(bytesToNumberBE(pub));
2001
- const r = bytesToNumberBE(sig.subarray(0, 32));
2002
- if (!fe(r))
2003
- return false;
2004
- const s = bytesToNumberBE(sig.subarray(32, 64));
2005
- if (!ge(s))
2006
- return false;
2007
- const e = challenge(numTo32b(r), pointToBytes(P), m);
2008
- const R = GmulAdd(P, s, modN(-e));
2009
- if (!R || !R.hasEvenY() || R.toAffine().x !== r)
2010
- return false;
2011
- return true;
2012
- } catch (error) {
2013
- return false;
2014
- }
2015
- }
2016
- var schnorr = /* @__PURE__ */ (() => ({
2017
- getPublicKey: schnorrGetPublicKey,
2018
- sign: schnorrSign,
2019
- verify: schnorrVerify,
2020
- utils: {
2021
- randomPrivateKey: secp256k1.utils.randomPrivateKey,
2022
- lift_x,
2023
- pointToBytes,
2024
- numberToBytesBE,
2025
- bytesToNumberBE,
2026
- taggedHash,
2027
- mod
2028
- }
2029
- }))();
2030
-
2031
- // node_modules/@noble/hashes/esm/_assert.js
2032
- function number2(n) {
2033
- if (!Number.isSafeInteger(n) || n < 0)
2034
- throw new Error(`Wrong positive integer: ${n}`);
2035
- }
2036
- function bool(b) {
2037
- if (typeof b !== "boolean")
2038
- throw new Error(`Expected boolean, not ${b}`);
2039
- }
2040
- function bytes2(b, ...lengths) {
2041
- if (!(b instanceof Uint8Array))
2042
- throw new Error("Expected Uint8Array");
2043
- if (lengths.length > 0 && !lengths.includes(b.length))
2044
- throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
2045
- }
2046
- function hash2(hash3) {
2047
- if (typeof hash3 !== "function" || typeof hash3.create !== "function")
2048
- throw new Error("Hash should be wrapped by utils.wrapConstructor");
2049
- number2(hash3.outputLen);
2050
- number2(hash3.blockLen);
2051
- }
2052
- function exists2(instance, checkFinished = true) {
2053
- if (instance.destroyed)
2054
- throw new Error("Hash instance has been destroyed");
2055
- if (checkFinished && instance.finished)
2056
- throw new Error("Hash#digest() has already been called");
2057
- }
2058
- function output2(out, instance) {
2059
- bytes2(out);
2060
- const min = instance.outputLen;
2061
- if (out.length < min) {
2062
- throw new Error(`digestInto() expects output buffer of length at least ${min}`);
2063
- }
2064
- }
2065
- var assert = {
2066
- number: number2,
2067
- bool,
2068
- bytes: bytes2,
2069
- hash: hash2,
2070
- exists: exists2,
2071
- output: output2
2072
- };
2073
- var assert_default = assert;
2074
-
2075
- // node_modules/@noble/hashes/esm/_sha2.js
2076
- function setBigUint642(view, byteOffset, value, isLE4) {
2077
- if (typeof view.setBigUint64 === "function")
2078
- return view.setBigUint64(byteOffset, value, isLE4);
2079
- const _32n = BigInt(32);
2080
- const _u32_max = BigInt(4294967295);
2081
- const wh = Number(value >> _32n & _u32_max);
2082
- const wl = Number(value & _u32_max);
2083
- const h = isLE4 ? 4 : 0;
2084
- const l = isLE4 ? 0 : 4;
2085
- view.setUint32(byteOffset + h, wh, isLE4);
2086
- view.setUint32(byteOffset + l, wl, isLE4);
2087
- }
2088
- var SHA22 = class extends Hash {
2089
- constructor(blockLen, outputLen, padOffset, isLE4) {
2090
- super();
2091
- this.blockLen = blockLen;
2092
- this.outputLen = outputLen;
2093
- this.padOffset = padOffset;
2094
- this.isLE = isLE4;
2095
- this.finished = false;
2096
- this.length = 0;
2097
- this.pos = 0;
2098
- this.destroyed = false;
2099
- this.buffer = new Uint8Array(blockLen);
2100
- this.view = createView(this.buffer);
2101
- }
2102
- update(data) {
2103
- assert_default.exists(this);
2104
- const { view, buffer, blockLen } = this;
2105
- data = toBytes(data);
2106
- const len = data.length;
2107
- for (let pos = 0; pos < len; ) {
2108
- const take = Math.min(blockLen - this.pos, len - pos);
2109
- if (take === blockLen) {
2110
- const dataView = createView(data);
2111
- for (; blockLen <= len - pos; pos += blockLen)
2112
- this.process(dataView, pos);
2113
- continue;
2114
- }
2115
- buffer.set(data.subarray(pos, pos + take), this.pos);
2116
- this.pos += take;
2117
- pos += take;
2118
- if (this.pos === blockLen) {
2119
- this.process(view, 0);
2120
- this.pos = 0;
2121
- }
2122
- }
2123
- this.length += data.length;
2124
- this.roundClean();
2125
- return this;
2126
- }
2127
- digestInto(out) {
2128
- assert_default.exists(this);
2129
- assert_default.output(out, this);
2130
- this.finished = true;
2131
- const { buffer, view, blockLen, isLE: isLE4 } = this;
2132
- let { pos } = this;
2133
- buffer[pos++] = 128;
2134
- this.buffer.subarray(pos).fill(0);
2135
- if (this.padOffset > blockLen - pos) {
2136
- this.process(view, 0);
2137
- pos = 0;
2138
- }
2139
- for (let i2 = pos; i2 < blockLen; i2++)
2140
- buffer[i2] = 0;
2141
- setBigUint642(view, blockLen - 8, BigInt(this.length * 8), isLE4);
2142
- this.process(view, 0);
2143
- const oview = createView(out);
2144
- const len = this.outputLen;
2145
- if (len % 4)
2146
- throw new Error("_sha2: outputLen should be aligned to 32bit");
2147
- const outLen = len / 4;
2148
- const state = this.get();
2149
- if (outLen > state.length)
2150
- throw new Error("_sha2: outputLen bigger than state");
2151
- for (let i2 = 0; i2 < outLen; i2++)
2152
- oview.setUint32(4 * i2, state[i2], isLE4);
2153
- }
2154
- digest() {
2155
- const { buffer, outputLen } = this;
2156
- this.digestInto(buffer);
2157
- const res = buffer.slice(0, outputLen);
2158
- this.destroy();
2159
- return res;
2160
- }
2161
- _cloneInto(to) {
2162
- to || (to = new this.constructor());
2163
- to.set(...this.get());
2164
- const { blockLen, buffer, length, finished, destroyed, pos } = this;
2165
- to.length = length;
2166
- to.pos = pos;
2167
- to.finished = finished;
2168
- to.destroyed = destroyed;
2169
- if (length % blockLen)
2170
- to.buffer.set(buffer);
2171
- return to;
2172
- }
2173
- };
2174
-
2175
- // node_modules/@noble/hashes/esm/sha256.js
2176
- var Chi2 = (a, b, c) => a & b ^ ~a & c;
2177
- var Maj2 = (a, b, c) => a & b ^ a & c ^ b & c;
2178
- var SHA256_K2 = new Uint32Array([
2179
- 1116352408,
2180
- 1899447441,
2181
- 3049323471,
2182
- 3921009573,
2183
- 961987163,
2184
- 1508970993,
2185
- 2453635748,
2186
- 2870763221,
2187
- 3624381080,
2188
- 310598401,
2189
- 607225278,
2190
- 1426881987,
2191
- 1925078388,
2192
- 2162078206,
2193
- 2614888103,
2194
- 3248222580,
2195
- 3835390401,
2196
- 4022224774,
2197
- 264347078,
2198
- 604807628,
2199
- 770255983,
2200
- 1249150122,
2201
- 1555081692,
2202
- 1996064986,
2203
- 2554220882,
2204
- 2821834349,
2205
- 2952996808,
2206
- 3210313671,
2207
- 3336571891,
2208
- 3584528711,
2209
- 113926993,
2210
- 338241895,
2211
- 666307205,
2212
- 773529912,
2213
- 1294757372,
2214
- 1396182291,
2215
- 1695183700,
2216
- 1986661051,
2217
- 2177026350,
2218
- 2456956037,
2219
- 2730485921,
2220
- 2820302411,
2221
- 3259730800,
2222
- 3345764771,
2223
- 3516065817,
2224
- 3600352804,
2225
- 4094571909,
2226
- 275423344,
2227
- 430227734,
2228
- 506948616,
2229
- 659060556,
2230
- 883997877,
2231
- 958139571,
2232
- 1322822218,
2233
- 1537002063,
2234
- 1747873779,
2235
- 1955562222,
2236
- 2024104815,
2237
- 2227730452,
2238
- 2361852424,
2239
- 2428436474,
2240
- 2756734187,
2241
- 3204031479,
2242
- 3329325298
2243
- ]);
2244
- var IV2 = new Uint32Array([
2245
- 1779033703,
2246
- 3144134277,
2247
- 1013904242,
2248
- 2773480762,
2249
- 1359893119,
2250
- 2600822924,
2251
- 528734635,
2252
- 1541459225
2253
- ]);
2254
- var SHA256_W2 = new Uint32Array(64);
2255
- var SHA2562 = class extends SHA22 {
2256
- constructor() {
2257
- super(64, 32, 8, false);
2258
- this.A = IV2[0] | 0;
2259
- this.B = IV2[1] | 0;
2260
- this.C = IV2[2] | 0;
2261
- this.D = IV2[3] | 0;
2262
- this.E = IV2[4] | 0;
2263
- this.F = IV2[5] | 0;
2264
- this.G = IV2[6] | 0;
2265
- this.H = IV2[7] | 0;
2266
- }
2267
- get() {
2268
- const { A, B, C, D, E, F, G, H } = this;
2269
- return [A, B, C, D, E, F, G, H];
2270
- }
2271
- // prettier-ignore
2272
- set(A, B, C, D, E, F, G, H) {
2273
- this.A = A | 0;
2274
- this.B = B | 0;
2275
- this.C = C | 0;
2276
- this.D = D | 0;
2277
- this.E = E | 0;
2278
- this.F = F | 0;
2279
- this.G = G | 0;
2280
- this.H = H | 0;
2281
- }
2282
- process(view, offset) {
2283
- for (let i2 = 0; i2 < 16; i2++, offset += 4)
2284
- SHA256_W2[i2] = view.getUint32(offset, false);
2285
- for (let i2 = 16; i2 < 64; i2++) {
2286
- const W15 = SHA256_W2[i2 - 15];
2287
- const W2 = SHA256_W2[i2 - 2];
2288
- const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
2289
- const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
2290
- SHA256_W2[i2] = s1 + SHA256_W2[i2 - 7] + s0 + SHA256_W2[i2 - 16] | 0;
2291
- }
2292
- let { A, B, C, D, E, F, G, H } = this;
2293
- for (let i2 = 0; i2 < 64; i2++) {
2294
- const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
2295
- const T1 = H + sigma1 + Chi2(E, F, G) + SHA256_K2[i2] + SHA256_W2[i2] | 0;
2296
- const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
2297
- const T2 = sigma0 + Maj2(A, B, C) | 0;
2298
- H = G;
2299
- G = F;
2300
- F = E;
2301
- E = D + T1 | 0;
2302
- D = C;
2303
- C = B;
2304
- B = A;
2305
- A = T1 + T2 | 0;
2306
- }
2307
- A = A + this.A | 0;
2308
- B = B + this.B | 0;
2309
- C = C + this.C | 0;
2310
- D = D + this.D | 0;
2311
- E = E + this.E | 0;
2312
- F = F + this.F | 0;
2313
- G = G + this.G | 0;
2314
- H = H + this.H | 0;
2315
- this.set(A, B, C, D, E, F, G, H);
2316
- }
2317
- roundClean() {
2318
- SHA256_W2.fill(0);
2319
- }
2320
- destroy() {
2321
- this.set(0, 0, 0, 0, 0, 0, 0, 0);
2322
- this.buffer.fill(0);
2323
- }
2324
- };
2325
- var SHA224 = class extends SHA2562 {
2326
- constructor() {
2327
- super();
2328
- this.A = 3238371032 | 0;
2329
- this.B = 914150663 | 0;
2330
- this.C = 812702999 | 0;
2331
- this.D = 4144912697 | 0;
2332
- this.E = 4290775857 | 0;
2333
- this.F = 1750603025 | 0;
2334
- this.G = 1694076839 | 0;
2335
- this.H = 3204075428 | 0;
2336
- this.outputLen = 28;
2337
- }
2338
- };
2339
- var sha2562 = wrapConstructor(() => new SHA2562());
2340
- var sha224 = wrapConstructor(() => new SHA224());
2341
-
2342
- // node_modules/@noble/ciphers/esm/_assert.js
2343
- function number3(n) {
2344
- if (!Number.isSafeInteger(n) || n < 0)
2345
- throw new Error(`positive integer expected, not ${n}`);
2346
- }
2347
- function bool2(b) {
2348
- if (typeof b !== "boolean")
2349
- throw new Error(`boolean expected, not ${b}`);
2350
- }
2351
- function isBytes(a) {
2352
- return a instanceof Uint8Array || a != null && typeof a === "object" && a.constructor.name === "Uint8Array";
2353
- }
2354
- function bytes3(b, ...lengths) {
2355
- if (!isBytes(b))
2356
- throw new Error("Uint8Array expected");
2357
- if (lengths.length > 0 && !lengths.includes(b.length))
2358
- throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);
2359
- }
2360
- function exists3(instance, checkFinished = true) {
2361
- if (instance.destroyed)
2362
- throw new Error("Hash instance has been destroyed");
2363
- if (checkFinished && instance.finished)
2364
- throw new Error("Hash#digest() has already been called");
2365
- }
2366
- function output3(out, instance) {
2367
- bytes3(out);
2368
- const min = instance.outputLen;
2369
- if (out.length < min) {
2370
- throw new Error(`digestInto() expects output buffer of length at least ${min}`);
2371
- }
2372
- }
2373
-
2374
- // node_modules/@noble/ciphers/esm/utils.js
2375
- var u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
2376
- var u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
2377
- var createView3 = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
2378
- var isLE3 = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68;
2379
- if (!isLE3)
2380
- throw new Error("Non little-endian hardware is not supported");
2381
- function utf8ToBytes4(str) {
2382
- if (typeof str !== "string")
2383
- throw new Error(`string expected, got ${typeof str}`);
2384
- return new Uint8Array(new TextEncoder().encode(str));
2385
- }
2386
- function toBytes3(data) {
2387
- if (typeof data === "string")
2388
- data = utf8ToBytes4(data);
2389
- else if (isBytes(data))
2390
- data = data.slice();
2391
- else
2392
- throw new Error(`Uint8Array expected, got ${typeof data}`);
2393
- return data;
2394
- }
2395
- function checkOpts(defaults, opts) {
2396
- if (opts == null || typeof opts !== "object")
2397
- throw new Error("options must be defined");
2398
- const merged = Object.assign(defaults, opts);
2399
- return merged;
2400
- }
2401
- function equalBytes2(a, b) {
2402
- if (a.length !== b.length)
2403
- return false;
2404
- let diff = 0;
2405
- for (let i2 = 0; i2 < a.length; i2++)
2406
- diff |= a[i2] ^ b[i2];
2407
- return diff === 0;
2408
- }
2409
- var wrapCipher = /* @__NO_SIDE_EFFECTS__ */ (params, c) => {
2410
- Object.assign(c, params);
2411
- return c;
2412
- };
2413
- function setBigUint643(view, byteOffset, value, isLE4) {
2414
- if (typeof view.setBigUint64 === "function")
2415
- return view.setBigUint64(byteOffset, value, isLE4);
2416
- const _32n = BigInt(32);
2417
- const _u32_max = BigInt(4294967295);
2418
- const wh = Number(value >> _32n & _u32_max);
2419
- const wl = Number(value & _u32_max);
2420
- const h = isLE4 ? 4 : 0;
2421
- const l = isLE4 ? 0 : 4;
2422
- view.setUint32(byteOffset + h, wh, isLE4);
2423
- view.setUint32(byteOffset + l, wl, isLE4);
2424
- }
2425
-
2426
- // node_modules/@noble/ciphers/esm/_polyval.js
2427
- var BLOCK_SIZE = 16;
2428
- var ZEROS16 = /* @__PURE__ */ new Uint8Array(16);
2429
- var ZEROS32 = u32(ZEROS16);
2430
- var POLY = 225;
2431
- var mul2 = (s0, s1, s2, s3) => {
2432
- const hiBit = s3 & 1;
2433
- return {
2434
- s3: s2 << 31 | s3 >>> 1,
2435
- s2: s1 << 31 | s2 >>> 1,
2436
- s1: s0 << 31 | s1 >>> 1,
2437
- s0: s0 >>> 1 ^ POLY << 24 & -(hiBit & 1)
2438
- // reduce % poly
2439
- };
2440
- };
2441
- var swapLE = (n) => (n >>> 0 & 255) << 24 | (n >>> 8 & 255) << 16 | (n >>> 16 & 255) << 8 | n >>> 24 & 255 | 0;
2442
- function _toGHASHKey(k) {
2443
- k.reverse();
2444
- const hiBit = k[15] & 1;
2445
- let carry = 0;
2446
- for (let i2 = 0; i2 < k.length; i2++) {
2447
- const t = k[i2];
2448
- k[i2] = t >>> 1 | carry;
2449
- carry = (t & 1) << 7;
2450
- }
2451
- k[0] ^= -hiBit & 225;
2452
- return k;
2453
- }
2454
- var estimateWindow = (bytes4) => {
2455
- if (bytes4 > 64 * 1024)
2456
- return 8;
2457
- if (bytes4 > 1024)
2458
- return 4;
2459
- return 2;
2460
- };
2461
- var GHASH = class {
2462
- // We select bits per window adaptively based on expectedLength
2463
- constructor(key, expectedLength) {
2464
- this.blockLen = BLOCK_SIZE;
2465
- this.outputLen = BLOCK_SIZE;
2466
- this.s0 = 0;
2467
- this.s1 = 0;
2468
- this.s2 = 0;
2469
- this.s3 = 0;
2470
- this.finished = false;
2471
- key = toBytes3(key);
2472
- bytes3(key, 16);
2473
- const kView = createView3(key);
2474
- let k0 = kView.getUint32(0, false);
2475
- let k1 = kView.getUint32(4, false);
2476
- let k2 = kView.getUint32(8, false);
2477
- let k3 = kView.getUint32(12, false);
2478
- const doubles = [];
2479
- for (let i2 = 0; i2 < 128; i2++) {
2480
- doubles.push({ s0: swapLE(k0), s1: swapLE(k1), s2: swapLE(k2), s3: swapLE(k3) });
2481
- ({ s0: k0, s1: k1, s2: k2, s3: k3 } = mul2(k0, k1, k2, k3));
2482
- }
2483
- const W = estimateWindow(expectedLength || 1024);
2484
- if (![1, 2, 4, 8].includes(W))
2485
- throw new Error(`ghash: wrong window size=${W}, should be 2, 4 or 8`);
2486
- this.W = W;
2487
- const bits = 128;
2488
- const windows = bits / W;
2489
- const windowSize = this.windowSize = 2 ** W;
2490
- const items = [];
2491
- for (let w = 0; w < windows; w++) {
2492
- for (let byte = 0; byte < windowSize; byte++) {
2493
- let s0 = 0, s1 = 0, s2 = 0, s3 = 0;
2494
- for (let j = 0; j < W; j++) {
2495
- const bit = byte >>> W - j - 1 & 1;
2496
- if (!bit)
2497
- continue;
2498
- const { s0: d0, s1: d1, s2: d2, s3: d3 } = doubles[W * w + j];
2499
- s0 ^= d0, s1 ^= d1, s2 ^= d2, s3 ^= d3;
2500
- }
2501
- items.push({ s0, s1, s2, s3 });
2502
- }
2503
- }
2504
- this.t = items;
2505
- }
2506
- _updateBlock(s0, s1, s2, s3) {
2507
- s0 ^= this.s0, s1 ^= this.s1, s2 ^= this.s2, s3 ^= this.s3;
2508
- const { W, t, windowSize } = this;
2509
- let o0 = 0, o1 = 0, o2 = 0, o3 = 0;
2510
- const mask = (1 << W) - 1;
2511
- let w = 0;
2512
- for (const num of [s0, s1, s2, s3]) {
2513
- for (let bytePos = 0; bytePos < 4; bytePos++) {
2514
- const byte = num >>> 8 * bytePos & 255;
2515
- for (let bitPos = 8 / W - 1; bitPos >= 0; bitPos--) {
2516
- const bit = byte >>> W * bitPos & mask;
2517
- const { s0: e0, s1: e1, s2: e2, s3: e3 } = t[w * windowSize + bit];
2518
- o0 ^= e0, o1 ^= e1, o2 ^= e2, o3 ^= e3;
2519
- w += 1;
2520
- }
2521
- }
2522
- }
2523
- this.s0 = o0;
2524
- this.s1 = o1;
2525
- this.s2 = o2;
2526
- this.s3 = o3;
2527
- }
2528
- update(data) {
2529
- data = toBytes3(data);
2530
- exists3(this);
2531
- const b32 = u32(data);
2532
- const blocks = Math.floor(data.length / BLOCK_SIZE);
2533
- const left = data.length % BLOCK_SIZE;
2534
- for (let i2 = 0; i2 < blocks; i2++) {
2535
- this._updateBlock(b32[i2 * 4 + 0], b32[i2 * 4 + 1], b32[i2 * 4 + 2], b32[i2 * 4 + 3]);
2536
- }
2537
- if (left) {
2538
- ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));
2539
- this._updateBlock(ZEROS32[0], ZEROS32[1], ZEROS32[2], ZEROS32[3]);
2540
- ZEROS32.fill(0);
2541
- }
2542
- return this;
2543
- }
2544
- destroy() {
2545
- const { t } = this;
2546
- for (const elm of t) {
2547
- elm.s0 = 0, elm.s1 = 0, elm.s2 = 0, elm.s3 = 0;
2548
- }
2549
- }
2550
- digestInto(out) {
2551
- exists3(this);
2552
- output3(out, this);
2553
- this.finished = true;
2554
- const { s0, s1, s2, s3 } = this;
2555
- const o32 = u32(out);
2556
- o32[0] = s0;
2557
- o32[1] = s1;
2558
- o32[2] = s2;
2559
- o32[3] = s3;
2560
- return out;
2561
- }
2562
- digest() {
2563
- const res = new Uint8Array(BLOCK_SIZE);
2564
- this.digestInto(res);
2565
- this.destroy();
2566
- return res;
2567
- }
2568
- };
2569
- var Polyval = class extends GHASH {
2570
- constructor(key, expectedLength) {
2571
- key = toBytes3(key);
2572
- const ghKey = _toGHASHKey(key.slice());
2573
- super(ghKey, expectedLength);
2574
- ghKey.fill(0);
2575
- }
2576
- update(data) {
2577
- data = toBytes3(data);
2578
- exists3(this);
2579
- const b32 = u32(data);
2580
- const left = data.length % BLOCK_SIZE;
2581
- const blocks = Math.floor(data.length / BLOCK_SIZE);
2582
- for (let i2 = 0; i2 < blocks; i2++) {
2583
- this._updateBlock(swapLE(b32[i2 * 4 + 3]), swapLE(b32[i2 * 4 + 2]), swapLE(b32[i2 * 4 + 1]), swapLE(b32[i2 * 4 + 0]));
2584
- }
2585
- if (left) {
2586
- ZEROS16.set(data.subarray(blocks * BLOCK_SIZE));
2587
- this._updateBlock(swapLE(ZEROS32[3]), swapLE(ZEROS32[2]), swapLE(ZEROS32[1]), swapLE(ZEROS32[0]));
2588
- ZEROS32.fill(0);
2589
- }
2590
- return this;
2591
- }
2592
- digestInto(out) {
2593
- exists3(this);
2594
- output3(out, this);
2595
- this.finished = true;
2596
- const { s0, s1, s2, s3 } = this;
2597
- const o32 = u32(out);
2598
- o32[0] = s0;
2599
- o32[1] = s1;
2600
- o32[2] = s2;
2601
- o32[3] = s3;
2602
- return out.reverse();
2603
- }
2604
- };
2605
- function wrapConstructorWithKey(hashCons) {
2606
- const hashC = (msg, key) => hashCons(key, msg.length).update(toBytes3(msg)).digest();
2607
- const tmp = hashCons(new Uint8Array(16), 0);
2608
- hashC.outputLen = tmp.outputLen;
2609
- hashC.blockLen = tmp.blockLen;
2610
- hashC.create = (key, expectedLength) => hashCons(key, expectedLength);
2611
- return hashC;
2612
- }
2613
- var ghash = wrapConstructorWithKey((key, expectedLength) => new GHASH(key, expectedLength));
2614
- var polyval = wrapConstructorWithKey((key, expectedLength) => new Polyval(key, expectedLength));
2615
-
2616
- // node_modules/@noble/ciphers/esm/aes.js
2617
- var BLOCK_SIZE2 = 16;
2618
- var BLOCK_SIZE32 = 4;
2619
- var EMPTY_BLOCK = new Uint8Array(BLOCK_SIZE2);
2620
- var POLY2 = 283;
2621
- function mul22(n) {
2622
- return n << 1 ^ POLY2 & -(n >> 7);
2623
- }
2624
- function mul(a, b) {
2625
- let res = 0;
2626
- for (; b > 0; b >>= 1) {
2627
- res ^= a & -(b & 1);
2628
- a = mul22(a);
2629
- }
2630
- return res;
2631
- }
2632
- var sbox = /* @__PURE__ */ (() => {
2633
- let t = new Uint8Array(256);
2634
- for (let i2 = 0, x = 1; i2 < 256; i2++, x ^= mul22(x))
2635
- t[i2] = x;
2636
- const box = new Uint8Array(256);
2637
- box[0] = 99;
2638
- for (let i2 = 0; i2 < 255; i2++) {
2639
- let x = t[255 - i2];
2640
- x |= x << 8;
2641
- box[t[i2]] = (x ^ x >> 4 ^ x >> 5 ^ x >> 6 ^ x >> 7 ^ 99) & 255;
2642
- }
2643
- return box;
2644
- })();
2645
- var invSbox = /* @__PURE__ */ sbox.map((_, j) => sbox.indexOf(j));
2646
- var rotr32_8 = (n) => n << 24 | n >>> 8;
2647
- var rotl32_8 = (n) => n << 8 | n >>> 24;
2648
- function genTtable(sbox2, fn) {
2649
- if (sbox2.length !== 256)
2650
- throw new Error("Wrong sbox length");
2651
- const T0 = new Uint32Array(256).map((_, j) => fn(sbox2[j]));
2652
- const T1 = T0.map(rotl32_8);
2653
- const T2 = T1.map(rotl32_8);
2654
- const T3 = T2.map(rotl32_8);
2655
- const T01 = new Uint32Array(256 * 256);
2656
- const T23 = new Uint32Array(256 * 256);
2657
- const sbox22 = new Uint16Array(256 * 256);
2658
- for (let i2 = 0; i2 < 256; i2++) {
2659
- for (let j = 0; j < 256; j++) {
2660
- const idx = i2 * 256 + j;
2661
- T01[idx] = T0[i2] ^ T1[j];
2662
- T23[idx] = T2[i2] ^ T3[j];
2663
- sbox22[idx] = sbox2[i2] << 8 | sbox2[j];
2664
- }
2665
- }
2666
- return { sbox: sbox2, sbox2: sbox22, T0, T1, T2, T3, T01, T23 };
2667
- }
2668
- var tableEncoding = /* @__PURE__ */ genTtable(sbox, (s) => mul(s, 3) << 24 | s << 16 | s << 8 | mul(s, 2));
2669
- var tableDecoding = /* @__PURE__ */ genTtable(invSbox, (s) => mul(s, 11) << 24 | mul(s, 13) << 16 | mul(s, 9) << 8 | mul(s, 14));
2670
- var xPowers = /* @__PURE__ */ (() => {
2671
- const p = new Uint8Array(16);
2672
- for (let i2 = 0, x = 1; i2 < 16; i2++, x = mul22(x))
2673
- p[i2] = x;
2674
- return p;
2675
- })();
2676
- function expandKeyLE(key) {
2677
- bytes3(key);
2678
- const len = key.length;
2679
- if (![16, 24, 32].includes(len))
2680
- throw new Error(`aes: wrong key size: should be 16, 24 or 32, got: ${len}`);
2681
- const { sbox2 } = tableEncoding;
2682
- const k32 = u32(key);
2683
- const Nk = k32.length;
2684
- const subByte = (n) => applySbox(sbox2, n, n, n, n);
2685
- const xk = new Uint32Array(len + 28);
2686
- xk.set(k32);
2687
- for (let i2 = Nk; i2 < xk.length; i2++) {
2688
- let t = xk[i2 - 1];
2689
- if (i2 % Nk === 0)
2690
- t = subByte(rotr32_8(t)) ^ xPowers[i2 / Nk - 1];
2691
- else if (Nk > 6 && i2 % Nk === 4)
2692
- t = subByte(t);
2693
- xk[i2] = xk[i2 - Nk] ^ t;
2694
- }
2695
- return xk;
2696
- }
2697
- function expandKeyDecLE(key) {
2698
- const encKey = expandKeyLE(key);
2699
- const xk = encKey.slice();
2700
- const Nk = encKey.length;
2701
- const { sbox2 } = tableEncoding;
2702
- const { T0, T1, T2, T3 } = tableDecoding;
2703
- for (let i2 = 0; i2 < Nk; i2 += 4) {
2704
- for (let j = 0; j < 4; j++)
2705
- xk[i2 + j] = encKey[Nk - i2 - 4 + j];
2706
- }
2707
- encKey.fill(0);
2708
- for (let i2 = 4; i2 < Nk - 4; i2++) {
2709
- const x = xk[i2];
2710
- const w = applySbox(sbox2, x, x, x, x);
2711
- xk[i2] = T0[w & 255] ^ T1[w >>> 8 & 255] ^ T2[w >>> 16 & 255] ^ T3[w >>> 24];
2712
- }
2713
- return xk;
2714
- }
2715
- function apply0123(T01, T23, s0, s1, s2, s3) {
2716
- return T01[s0 << 8 & 65280 | s1 >>> 8 & 255] ^ T23[s2 >>> 8 & 65280 | s3 >>> 24 & 255];
2717
- }
2718
- function applySbox(sbox2, s0, s1, s2, s3) {
2719
- return sbox2[s0 & 255 | s1 & 65280] | sbox2[s2 >>> 16 & 255 | s3 >>> 16 & 65280] << 16;
2720
- }
2721
- function encrypt(xk, s0, s1, s2, s3) {
2722
- const { sbox2, T01, T23 } = tableEncoding;
2723
- let k = 0;
2724
- s0 ^= xk[k++], s1 ^= xk[k++], s2 ^= xk[k++], s3 ^= xk[k++];
2725
- const rounds = xk.length / 4 - 2;
2726
- for (let i2 = 0; i2 < rounds; i2++) {
2727
- const t02 = xk[k++] ^ apply0123(T01, T23, s0, s1, s2, s3);
2728
- const t12 = xk[k++] ^ apply0123(T01, T23, s1, s2, s3, s0);
2729
- const t22 = xk[k++] ^ apply0123(T01, T23, s2, s3, s0, s1);
2730
- const t32 = xk[k++] ^ apply0123(T01, T23, s3, s0, s1, s2);
2731
- s0 = t02, s1 = t12, s2 = t22, s3 = t32;
2732
- }
2733
- const t0 = xk[k++] ^ applySbox(sbox2, s0, s1, s2, s3);
2734
- const t1 = xk[k++] ^ applySbox(sbox2, s1, s2, s3, s0);
2735
- const t2 = xk[k++] ^ applySbox(sbox2, s2, s3, s0, s1);
2736
- const t3 = xk[k++] ^ applySbox(sbox2, s3, s0, s1, s2);
2737
- return { s0: t0, s1: t1, s2: t2, s3: t3 };
2738
- }
2739
- function decrypt(xk, s0, s1, s2, s3) {
2740
- const { sbox2, T01, T23 } = tableDecoding;
2741
- let k = 0;
2742
- s0 ^= xk[k++], s1 ^= xk[k++], s2 ^= xk[k++], s3 ^= xk[k++];
2743
- const rounds = xk.length / 4 - 2;
2744
- for (let i2 = 0; i2 < rounds; i2++) {
2745
- const t02 = xk[k++] ^ apply0123(T01, T23, s0, s3, s2, s1);
2746
- const t12 = xk[k++] ^ apply0123(T01, T23, s1, s0, s3, s2);
2747
- const t22 = xk[k++] ^ apply0123(T01, T23, s2, s1, s0, s3);
2748
- const t32 = xk[k++] ^ apply0123(T01, T23, s3, s2, s1, s0);
2749
- s0 = t02, s1 = t12, s2 = t22, s3 = t32;
2750
- }
2751
- const t0 = xk[k++] ^ applySbox(sbox2, s0, s3, s2, s1);
2752
- const t1 = xk[k++] ^ applySbox(sbox2, s1, s0, s3, s2);
2753
- const t2 = xk[k++] ^ applySbox(sbox2, s2, s1, s0, s3);
2754
- const t3 = xk[k++] ^ applySbox(sbox2, s3, s2, s1, s0);
2755
- return { s0: t0, s1: t1, s2: t2, s3: t3 };
2756
- }
2757
- function getDst(len, dst) {
2758
- if (!dst)
2759
- return new Uint8Array(len);
2760
- bytes3(dst);
2761
- if (dst.length < len)
2762
- throw new Error(`aes: wrong destination length, expected at least ${len}, got: ${dst.length}`);
2763
- return dst;
2764
- }
2765
- function ctrCounter(xk, nonce, src, dst) {
2766
- bytes3(nonce, BLOCK_SIZE2);
2767
- bytes3(src);
2768
- const srcLen = src.length;
2769
- dst = getDst(srcLen, dst);
2770
- const ctr3 = nonce;
2771
- const c32 = u32(ctr3);
2772
- let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);
2773
- const src32 = u32(src);
2774
- const dst32 = u32(dst);
2775
- for (let i2 = 0; i2 + 4 <= src32.length; i2 += 4) {
2776
- dst32[i2 + 0] = src32[i2 + 0] ^ s0;
2777
- dst32[i2 + 1] = src32[i2 + 1] ^ s1;
2778
- dst32[i2 + 2] = src32[i2 + 2] ^ s2;
2779
- dst32[i2 + 3] = src32[i2 + 3] ^ s3;
2780
- let carry = 1;
2781
- for (let i3 = ctr3.length - 1; i3 >= 0; i3--) {
2782
- carry = carry + (ctr3[i3] & 255) | 0;
2783
- ctr3[i3] = carry & 255;
2784
- carry >>>= 8;
2785
- }
2786
- ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));
2787
- }
2788
- const start = BLOCK_SIZE2 * Math.floor(src32.length / BLOCK_SIZE32);
2789
- if (start < srcLen) {
2790
- const b32 = new Uint32Array([s0, s1, s2, s3]);
2791
- const buf = u8(b32);
2792
- for (let i2 = start, pos = 0; i2 < srcLen; i2++, pos++)
2793
- dst[i2] = src[i2] ^ buf[pos];
2794
- }
2795
- return dst;
2796
- }
2797
- function ctr32(xk, isLE4, nonce, src, dst) {
2798
- bytes3(nonce, BLOCK_SIZE2);
2799
- bytes3(src);
2800
- dst = getDst(src.length, dst);
2801
- const ctr3 = nonce;
2802
- const c32 = u32(ctr3);
2803
- const view = createView3(ctr3);
2804
- const src32 = u32(src);
2805
- const dst32 = u32(dst);
2806
- const ctrPos = isLE4 ? 0 : 12;
2807
- const srcLen = src.length;
2808
- let ctrNum = view.getUint32(ctrPos, isLE4);
2809
- let { s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]);
2810
- for (let i2 = 0; i2 + 4 <= src32.length; i2 += 4) {
2811
- dst32[i2 + 0] = src32[i2 + 0] ^ s0;
2812
- dst32[i2 + 1] = src32[i2 + 1] ^ s1;
2813
- dst32[i2 + 2] = src32[i2 + 2] ^ s2;
2814
- dst32[i2 + 3] = src32[i2 + 3] ^ s3;
2815
- ctrNum = ctrNum + 1 >>> 0;
2816
- view.setUint32(ctrPos, ctrNum, isLE4);
2817
- ({ s0, s1, s2, s3 } = encrypt(xk, c32[0], c32[1], c32[2], c32[3]));
2818
- }
2819
- const start = BLOCK_SIZE2 * Math.floor(src32.length / BLOCK_SIZE32);
2820
- if (start < srcLen) {
2821
- const b32 = new Uint32Array([s0, s1, s2, s3]);
2822
- const buf = u8(b32);
2823
- for (let i2 = start, pos = 0; i2 < srcLen; i2++, pos++)
2824
- dst[i2] = src[i2] ^ buf[pos];
2825
- }
2826
- return dst;
2827
- }
2828
- var ctr = wrapCipher({ blockSize: 16, nonceLength: 16 }, function ctr2(key, nonce) {
2829
- bytes3(key);
2830
- bytes3(nonce, BLOCK_SIZE2);
2831
- function processCtr(buf, dst) {
2832
- const xk = expandKeyLE(key);
2833
- const n = nonce.slice();
2834
- const out = ctrCounter(xk, n, buf, dst);
2835
- xk.fill(0);
2836
- n.fill(0);
2837
- return out;
2838
- }
2839
- return {
2840
- encrypt: (plaintext, dst) => processCtr(plaintext, dst),
2841
- decrypt: (ciphertext, dst) => processCtr(ciphertext, dst)
2842
- };
2843
- });
2844
- function validateBlockDecrypt(data) {
2845
- bytes3(data);
2846
- if (data.length % BLOCK_SIZE2 !== 0) {
2847
- throw new Error(`aes/(cbc-ecb).decrypt ciphertext should consist of blocks with size ${BLOCK_SIZE2}`);
2848
- }
2849
- }
2850
- function validateBlockEncrypt(plaintext, pcks5, dst) {
2851
- let outLen = plaintext.length;
2852
- const remaining = outLen % BLOCK_SIZE2;
2853
- if (!pcks5 && remaining !== 0)
2854
- throw new Error("aec/(cbc-ecb): unpadded plaintext with disabled padding");
2855
- const b = u32(plaintext);
2856
- if (pcks5) {
2857
- let left = BLOCK_SIZE2 - remaining;
2858
- if (!left)
2859
- left = BLOCK_SIZE2;
2860
- outLen = outLen + left;
2861
- }
2862
- const out = getDst(outLen, dst);
2863
- const o = u32(out);
2864
- return { b, o, out };
2865
- }
2866
- function validatePCKS(data, pcks5) {
2867
- if (!pcks5)
2868
- return data;
2869
- const len = data.length;
2870
- if (!len)
2871
- throw new Error(`aes/pcks5: empty ciphertext not allowed`);
2872
- const lastByte = data[len - 1];
2873
- if (lastByte <= 0 || lastByte > 16)
2874
- throw new Error(`aes/pcks5: wrong padding byte: ${lastByte}`);
2875
- const out = data.subarray(0, -lastByte);
2876
- for (let i2 = 0; i2 < lastByte; i2++)
2877
- if (data[len - i2 - 1] !== lastByte)
2878
- throw new Error(`aes/pcks5: wrong padding`);
2879
- return out;
2880
- }
2881
- function padPCKS(left) {
2882
- const tmp = new Uint8Array(16);
2883
- const tmp32 = u32(tmp);
2884
- tmp.set(left);
2885
- const paddingByte = BLOCK_SIZE2 - left.length;
2886
- for (let i2 = BLOCK_SIZE2 - paddingByte; i2 < BLOCK_SIZE2; i2++)
2887
- tmp[i2] = paddingByte;
2888
- return tmp32;
2889
- }
2890
- var ecb = wrapCipher({ blockSize: 16 }, function ecb2(key, opts = {}) {
2891
- bytes3(key);
2892
- const pcks5 = !opts.disablePadding;
2893
- return {
2894
- encrypt: (plaintext, dst) => {
2895
- bytes3(plaintext);
2896
- const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);
2897
- const xk = expandKeyLE(key);
2898
- let i2 = 0;
2899
- for (; i2 + 4 <= b.length; ) {
2900
- const { s0, s1, s2, s3 } = encrypt(xk, b[i2 + 0], b[i2 + 1], b[i2 + 2], b[i2 + 3]);
2901
- o[i2++] = s0, o[i2++] = s1, o[i2++] = s2, o[i2++] = s3;
2902
- }
2903
- if (pcks5) {
2904
- const tmp32 = padPCKS(plaintext.subarray(i2 * 4));
2905
- const { s0, s1, s2, s3 } = encrypt(xk, tmp32[0], tmp32[1], tmp32[2], tmp32[3]);
2906
- o[i2++] = s0, o[i2++] = s1, o[i2++] = s2, o[i2++] = s3;
2907
- }
2908
- xk.fill(0);
2909
- return _out;
2910
- },
2911
- decrypt: (ciphertext, dst) => {
2912
- validateBlockDecrypt(ciphertext);
2913
- const xk = expandKeyDecLE(key);
2914
- const out = getDst(ciphertext.length, dst);
2915
- const b = u32(ciphertext);
2916
- const o = u32(out);
2917
- for (let i2 = 0; i2 + 4 <= b.length; ) {
2918
- const { s0, s1, s2, s3 } = decrypt(xk, b[i2 + 0], b[i2 + 1], b[i2 + 2], b[i2 + 3]);
2919
- o[i2++] = s0, o[i2++] = s1, o[i2++] = s2, o[i2++] = s3;
2920
- }
2921
- xk.fill(0);
2922
- return validatePCKS(out, pcks5);
2923
- }
2924
- };
2925
- });
2926
- var cbc = wrapCipher({ blockSize: 16, nonceLength: 16 }, function cbc2(key, iv, opts = {}) {
2927
- bytes3(key);
2928
- bytes3(iv, 16);
2929
- const pcks5 = !opts.disablePadding;
2930
- return {
2931
- encrypt: (plaintext, dst) => {
2932
- const xk = expandKeyLE(key);
2933
- const { b, o, out: _out } = validateBlockEncrypt(plaintext, pcks5, dst);
2934
- const n32 = u32(iv);
2935
- let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];
2936
- let i2 = 0;
2937
- for (; i2 + 4 <= b.length; ) {
2938
- s0 ^= b[i2 + 0], s1 ^= b[i2 + 1], s2 ^= b[i2 + 2], s3 ^= b[i2 + 3];
2939
- ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));
2940
- o[i2++] = s0, o[i2++] = s1, o[i2++] = s2, o[i2++] = s3;
2941
- }
2942
- if (pcks5) {
2943
- const tmp32 = padPCKS(plaintext.subarray(i2 * 4));
2944
- s0 ^= tmp32[0], s1 ^= tmp32[1], s2 ^= tmp32[2], s3 ^= tmp32[3];
2945
- ({ s0, s1, s2, s3 } = encrypt(xk, s0, s1, s2, s3));
2946
- o[i2++] = s0, o[i2++] = s1, o[i2++] = s2, o[i2++] = s3;
2947
- }
2948
- xk.fill(0);
2949
- return _out;
2950
- },
2951
- decrypt: (ciphertext, dst) => {
2952
- validateBlockDecrypt(ciphertext);
2953
- const xk = expandKeyDecLE(key);
2954
- const n32 = u32(iv);
2955
- const out = getDst(ciphertext.length, dst);
2956
- const b = u32(ciphertext);
2957
- const o = u32(out);
2958
- let s0 = n32[0], s1 = n32[1], s2 = n32[2], s3 = n32[3];
2959
- for (let i2 = 0; i2 + 4 <= b.length; ) {
2960
- const ps0 = s0, ps1 = s1, ps2 = s2, ps3 = s3;
2961
- s0 = b[i2 + 0], s1 = b[i2 + 1], s2 = b[i2 + 2], s3 = b[i2 + 3];
2962
- const { s0: o0, s1: o1, s2: o2, s3: o3 } = decrypt(xk, s0, s1, s2, s3);
2963
- o[i2++] = o0 ^ ps0, o[i2++] = o1 ^ ps1, o[i2++] = o2 ^ ps2, o[i2++] = o3 ^ ps3;
2964
- }
2965
- xk.fill(0);
2966
- return validatePCKS(out, pcks5);
2967
- }
2968
- };
2969
- });
2970
- function computeTag(fn, isLE4, key, data, AAD) {
2971
- const h = fn.create(key, data.length + (AAD?.length || 0));
2972
- if (AAD)
2973
- h.update(AAD);
2974
- h.update(data);
2975
- const num = new Uint8Array(16);
2976
- const view = createView3(num);
2977
- if (AAD)
2978
- setBigUint643(view, 0, BigInt(AAD.length * 8), isLE4);
2979
- setBigUint643(view, 8, BigInt(data.length * 8), isLE4);
2980
- h.update(num);
2981
- return h.digest();
2982
- }
2983
- var gcm = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function gcm2(key, nonce, AAD) {
2984
- bytes3(nonce);
2985
- if (nonce.length === 0)
2986
- throw new Error("aes/gcm: empty nonce");
2987
- const tagLength = 16;
2988
- function _computeTag(authKey, tagMask, data) {
2989
- const tag = computeTag(ghash, false, authKey, data, AAD);
2990
- for (let i2 = 0; i2 < tagMask.length; i2++)
2991
- tag[i2] ^= tagMask[i2];
2992
- return tag;
2993
- }
2994
- function deriveKeys() {
2995
- const xk = expandKeyLE(key);
2996
- const authKey = EMPTY_BLOCK.slice();
2997
- const counter = EMPTY_BLOCK.slice();
2998
- ctr32(xk, false, counter, counter, authKey);
2999
- if (nonce.length === 12) {
3000
- counter.set(nonce);
3001
- } else {
3002
- const nonceLen = EMPTY_BLOCK.slice();
3003
- const view = createView3(nonceLen);
3004
- setBigUint643(view, 8, BigInt(nonce.length * 8), false);
3005
- ghash.create(authKey).update(nonce).update(nonceLen).digestInto(counter);
3006
- }
3007
- const tagMask = ctr32(xk, false, counter, EMPTY_BLOCK);
3008
- return { xk, authKey, counter, tagMask };
3009
- }
3010
- return {
3011
- encrypt: (plaintext) => {
3012
- bytes3(plaintext);
3013
- const { xk, authKey, counter, tagMask } = deriveKeys();
3014
- const out = new Uint8Array(plaintext.length + tagLength);
3015
- ctr32(xk, false, counter, plaintext, out);
3016
- const tag = _computeTag(authKey, tagMask, out.subarray(0, out.length - tagLength));
3017
- out.set(tag, plaintext.length);
3018
- xk.fill(0);
3019
- return out;
3020
- },
3021
- decrypt: (ciphertext) => {
3022
- bytes3(ciphertext);
3023
- if (ciphertext.length < tagLength)
3024
- throw new Error(`aes/gcm: ciphertext less than tagLen (${tagLength})`);
3025
- const { xk, authKey, counter, tagMask } = deriveKeys();
3026
- const data = ciphertext.subarray(0, -tagLength);
3027
- const passedTag = ciphertext.subarray(-tagLength);
3028
- const tag = _computeTag(authKey, tagMask, data);
3029
- if (!equalBytes2(tag, passedTag))
3030
- throw new Error("aes/gcm: invalid ghash tag");
3031
- const out = ctr32(xk, false, counter, data);
3032
- authKey.fill(0);
3033
- tagMask.fill(0);
3034
- xk.fill(0);
3035
- return out;
3036
- }
3037
- };
3038
- });
3039
- var limit = (name, min, max) => (value) => {
3040
- if (!Number.isSafeInteger(value) || min > value || value > max)
3041
- throw new Error(`${name}: invalid value=${value}, must be [${min}..${max}]`);
3042
- };
3043
- var siv = wrapCipher({ blockSize: 16, nonceLength: 12, tagLength: 16 }, function siv2(key, nonce, AAD) {
3044
- const tagLength = 16;
3045
- const AAD_LIMIT = limit("AAD", 0, 2 ** 36);
3046
- const PLAIN_LIMIT = limit("plaintext", 0, 2 ** 36);
3047
- const NONCE_LIMIT = limit("nonce", 12, 12);
3048
- const CIPHER_LIMIT = limit("ciphertext", 16, 2 ** 36 + 16);
3049
- bytes3(nonce);
3050
- NONCE_LIMIT(nonce.length);
3051
- if (AAD) {
3052
- bytes3(AAD);
3053
- AAD_LIMIT(AAD.length);
3054
- }
3055
- function deriveKeys() {
3056
- const len = key.length;
3057
- if (len !== 16 && len !== 24 && len !== 32)
3058
- throw new Error(`key length must be 16, 24 or 32 bytes, got: ${len} bytes`);
3059
- const xk = expandKeyLE(key);
3060
- const encKey = new Uint8Array(len);
3061
- const authKey = new Uint8Array(16);
3062
- const n32 = u32(nonce);
3063
- let s0 = 0, s1 = n32[0], s2 = n32[1], s3 = n32[2];
3064
- let counter = 0;
3065
- for (const derivedKey of [authKey, encKey].map(u32)) {
3066
- const d32 = u32(derivedKey);
3067
- for (let i2 = 0; i2 < d32.length; i2 += 2) {
3068
- const { s0: o0, s1: o1 } = encrypt(xk, s0, s1, s2, s3);
3069
- d32[i2 + 0] = o0;
3070
- d32[i2 + 1] = o1;
3071
- s0 = ++counter;
3072
- }
3073
- }
3074
- xk.fill(0);
3075
- return { authKey, encKey: expandKeyLE(encKey) };
3076
- }
3077
- function _computeTag(encKey, authKey, data) {
3078
- const tag = computeTag(polyval, true, authKey, data, AAD);
3079
- for (let i2 = 0; i2 < 12; i2++)
3080
- tag[i2] ^= nonce[i2];
3081
- tag[15] &= 127;
3082
- const t32 = u32(tag);
3083
- let s0 = t32[0], s1 = t32[1], s2 = t32[2], s3 = t32[3];
3084
- ({ s0, s1, s2, s3 } = encrypt(encKey, s0, s1, s2, s3));
3085
- t32[0] = s0, t32[1] = s1, t32[2] = s2, t32[3] = s3;
3086
- return tag;
3087
- }
3088
- function processSiv(encKey, tag, input) {
3089
- let block = tag.slice();
3090
- block[15] |= 128;
3091
- return ctr32(encKey, true, block, input);
3092
- }
3093
- return {
3094
- encrypt: (plaintext) => {
3095
- bytes3(plaintext);
3096
- PLAIN_LIMIT(plaintext.length);
3097
- const { encKey, authKey } = deriveKeys();
3098
- const tag = _computeTag(encKey, authKey, plaintext);
3099
- const out = new Uint8Array(plaintext.length + tagLength);
3100
- out.set(tag, plaintext.length);
3101
- out.set(processSiv(encKey, tag, plaintext));
3102
- encKey.fill(0);
3103
- authKey.fill(0);
3104
- return out;
3105
- },
3106
- decrypt: (ciphertext) => {
3107
- bytes3(ciphertext);
3108
- CIPHER_LIMIT(ciphertext.length);
3109
- const tag = ciphertext.subarray(-tagLength);
3110
- const { encKey, authKey } = deriveKeys();
3111
- const plaintext = processSiv(encKey, tag, ciphertext.subarray(0, -tagLength));
3112
- const expectedTag = _computeTag(encKey, authKey, plaintext);
3113
- encKey.fill(0);
3114
- authKey.fill(0);
3115
- if (!equalBytes2(tag, expectedTag))
3116
- throw new Error("invalid polyval tag");
3117
- return plaintext;
3118
- }
3119
- };
3120
- });
3121
-
3122
- // node_modules/@scure/base/lib/esm/index.js
3123
- function assertNumber(n) {
3124
- if (!Number.isSafeInteger(n))
3125
- throw new Error(`Wrong integer: ${n}`);
3126
- }
3127
- function chain(...args) {
3128
- const wrap = (a, b) => (c) => a(b(c));
3129
- const encode = Array.from(args).reverse().reduce((acc, i2) => acc ? wrap(acc, i2.encode) : i2.encode, void 0);
3130
- const decode = args.reduce((acc, i2) => acc ? wrap(acc, i2.decode) : i2.decode, void 0);
3131
- return { encode, decode };
3132
- }
3133
- function alphabet(alphabet2) {
3134
- return {
3135
- encode: (digits) => {
3136
- if (!Array.isArray(digits) || digits.length && typeof digits[0] !== "number")
3137
- throw new Error("alphabet.encode input should be an array of numbers");
3138
- return digits.map((i2) => {
3139
- assertNumber(i2);
3140
- if (i2 < 0 || i2 >= alphabet2.length)
3141
- throw new Error(`Digit index outside alphabet: ${i2} (alphabet: ${alphabet2.length})`);
3142
- return alphabet2[i2];
3143
- });
3144
- },
3145
- decode: (input) => {
3146
- if (!Array.isArray(input) || input.length && typeof input[0] !== "string")
3147
- throw new Error("alphabet.decode input should be array of strings");
3148
- return input.map((letter) => {
3149
- if (typeof letter !== "string")
3150
- throw new Error(`alphabet.decode: not string element=${letter}`);
3151
- const index = alphabet2.indexOf(letter);
3152
- if (index === -1)
3153
- throw new Error(`Unknown letter: "${letter}". Allowed: ${alphabet2}`);
3154
- return index;
3155
- });
3156
- }
3157
- };
3158
- }
3159
- function join(separator = "") {
3160
- if (typeof separator !== "string")
3161
- throw new Error("join separator should be string");
3162
- return {
3163
- encode: (from) => {
3164
- if (!Array.isArray(from) || from.length && typeof from[0] !== "string")
3165
- throw new Error("join.encode input should be array of strings");
3166
- for (let i2 of from)
3167
- if (typeof i2 !== "string")
3168
- throw new Error(`join.encode: non-string input=${i2}`);
3169
- return from.join(separator);
3170
- },
3171
- decode: (to) => {
3172
- if (typeof to !== "string")
3173
- throw new Error("join.decode input should be string");
3174
- return to.split(separator);
3175
- }
3176
- };
3177
- }
3178
- function padding(bits, chr = "=") {
3179
- assertNumber(bits);
3180
- if (typeof chr !== "string")
3181
- throw new Error("padding chr should be string");
3182
- return {
3183
- encode(data) {
3184
- if (!Array.isArray(data) || data.length && typeof data[0] !== "string")
3185
- throw new Error("padding.encode input should be array of strings");
3186
- for (let i2 of data)
3187
- if (typeof i2 !== "string")
3188
- throw new Error(`padding.encode: non-string input=${i2}`);
3189
- while (data.length * bits % 8)
3190
- data.push(chr);
3191
- return data;
3192
- },
3193
- decode(input) {
3194
- if (!Array.isArray(input) || input.length && typeof input[0] !== "string")
3195
- throw new Error("padding.encode input should be array of strings");
3196
- for (let i2 of input)
3197
- if (typeof i2 !== "string")
3198
- throw new Error(`padding.decode: non-string input=${i2}`);
3199
- let end = input.length;
3200
- if (end * bits % 8)
3201
- throw new Error("Invalid padding: string should have whole number of bytes");
3202
- for (; end > 0 && input[end - 1] === chr; end--) {
3203
- if (!((end - 1) * bits % 8))
3204
- throw new Error("Invalid padding: string has too much padding");
3205
- }
3206
- return input.slice(0, end);
3207
- }
3208
- };
3209
- }
3210
- function normalize(fn) {
3211
- if (typeof fn !== "function")
3212
- throw new Error("normalize fn should be function");
3213
- return { encode: (from) => from, decode: (to) => fn(to) };
3214
- }
3215
- function convertRadix(data, from, to) {
3216
- if (from < 2)
3217
- throw new Error(`convertRadix: wrong from=${from}, base cannot be less than 2`);
3218
- if (to < 2)
3219
- throw new Error(`convertRadix: wrong to=${to}, base cannot be less than 2`);
3220
- if (!Array.isArray(data))
3221
- throw new Error("convertRadix: data should be array");
3222
- if (!data.length)
3223
- return [];
3224
- let pos = 0;
3225
- const res = [];
3226
- const digits = Array.from(data);
3227
- digits.forEach((d) => {
3228
- assertNumber(d);
3229
- if (d < 0 || d >= from)
3230
- throw new Error(`Wrong integer: ${d}`);
3231
- });
3232
- while (true) {
3233
- let carry = 0;
3234
- let done = true;
3235
- for (let i2 = pos; i2 < digits.length; i2++) {
3236
- const digit = digits[i2];
3237
- const digitBase = from * carry + digit;
3238
- if (!Number.isSafeInteger(digitBase) || from * carry / from !== carry || digitBase - digit !== from * carry) {
3239
- throw new Error("convertRadix: carry overflow");
3240
- }
3241
- carry = digitBase % to;
3242
- digits[i2] = Math.floor(digitBase / to);
3243
- if (!Number.isSafeInteger(digits[i2]) || digits[i2] * to + carry !== digitBase)
3244
- throw new Error("convertRadix: carry overflow");
3245
- if (!done)
3246
- continue;
3247
- else if (!digits[i2])
3248
- pos = i2;
3249
- else
3250
- done = false;
3251
- }
3252
- res.push(carry);
3253
- if (done)
3254
- break;
3255
- }
3256
- for (let i2 = 0; i2 < data.length - 1 && data[i2] === 0; i2++)
3257
- res.push(0);
3258
- return res.reverse();
3259
- }
3260
- var gcd = (a, b) => !b ? a : gcd(b, a % b);
3261
- var radix2carry = (from, to) => from + (to - gcd(from, to));
3262
- function convertRadix2(data, from, to, padding2) {
3263
- if (!Array.isArray(data))
3264
- throw new Error("convertRadix2: data should be array");
3265
- if (from <= 0 || from > 32)
3266
- throw new Error(`convertRadix2: wrong from=${from}`);
3267
- if (to <= 0 || to > 32)
3268
- throw new Error(`convertRadix2: wrong to=${to}`);
3269
- if (radix2carry(from, to) > 32) {
3270
- throw new Error(`convertRadix2: carry overflow from=${from} to=${to} carryBits=${radix2carry(from, to)}`);
3271
- }
3272
- let carry = 0;
3273
- let pos = 0;
3274
- const mask = 2 ** to - 1;
3275
- const res = [];
3276
- for (const n of data) {
3277
- assertNumber(n);
3278
- if (n >= 2 ** from)
3279
- throw new Error(`convertRadix2: invalid data word=${n} from=${from}`);
3280
- carry = carry << from | n;
3281
- if (pos + from > 32)
3282
- throw new Error(`convertRadix2: carry overflow pos=${pos} from=${from}`);
3283
- pos += from;
3284
- for (; pos >= to; pos -= to)
3285
- res.push((carry >> pos - to & mask) >>> 0);
3286
- carry &= 2 ** pos - 1;
3287
- }
3288
- carry = carry << to - pos & mask;
3289
- if (!padding2 && pos >= from)
3290
- throw new Error("Excess padding");
3291
- if (!padding2 && carry)
3292
- throw new Error(`Non-zero padding: ${carry}`);
3293
- if (padding2 && pos > 0)
3294
- res.push(carry >>> 0);
3295
- return res;
3296
- }
3297
- function radix(num) {
3298
- assertNumber(num);
3299
- return {
3300
- encode: (bytes4) => {
3301
- if (!(bytes4 instanceof Uint8Array))
3302
- throw new Error("radix.encode input should be Uint8Array");
3303
- return convertRadix(Array.from(bytes4), 2 ** 8, num);
3304
- },
3305
- decode: (digits) => {
3306
- if (!Array.isArray(digits) || digits.length && typeof digits[0] !== "number")
3307
- throw new Error("radix.decode input should be array of strings");
3308
- return Uint8Array.from(convertRadix(digits, num, 2 ** 8));
3309
- }
3310
- };
3311
- }
3312
- function radix2(bits, revPadding = false) {
3313
- assertNumber(bits);
3314
- if (bits <= 0 || bits > 32)
3315
- throw new Error("radix2: bits should be in (0..32]");
3316
- if (radix2carry(8, bits) > 32 || radix2carry(bits, 8) > 32)
3317
- throw new Error("radix2: carry overflow");
3318
- return {
3319
- encode: (bytes4) => {
3320
- if (!(bytes4 instanceof Uint8Array))
3321
- throw new Error("radix2.encode input should be Uint8Array");
3322
- return convertRadix2(Array.from(bytes4), 8, bits, !revPadding);
3323
- },
3324
- decode: (digits) => {
3325
- if (!Array.isArray(digits) || digits.length && typeof digits[0] !== "number")
3326
- throw new Error("radix2.decode input should be array of strings");
3327
- return Uint8Array.from(convertRadix2(digits, bits, 8, revPadding));
3328
- }
3329
- };
3330
- }
3331
- function unsafeWrapper(fn) {
3332
- if (typeof fn !== "function")
3333
- throw new Error("unsafeWrapper fn should be function");
3334
- return function(...args) {
3335
- try {
3336
- return fn.apply(null, args);
3337
- } catch (e) {
3338
- }
3339
- };
3340
- }
3341
- var base16 = chain(radix2(4), alphabet("0123456789ABCDEF"), join(""));
3342
- var base32 = chain(radix2(5), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"), padding(5), join(""));
3343
- var base32hex = chain(radix2(5), alphabet("0123456789ABCDEFGHIJKLMNOPQRSTUV"), padding(5), join(""));
3344
- var base32crockford = chain(radix2(5), alphabet("0123456789ABCDEFGHJKMNPQRSTVWXYZ"), join(""), normalize((s) => s.toUpperCase().replace(/O/g, "0").replace(/[IL]/g, "1")));
3345
- var base64 = chain(radix2(6), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"), padding(6), join(""));
3346
- var base64url = chain(radix2(6), alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"), padding(6), join(""));
3347
- var genBase58 = (abc) => chain(radix(58), alphabet(abc), join(""));
3348
- var base58 = genBase58("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz");
3349
- var base58flickr = genBase58("123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ");
3350
- var base58xrp = genBase58("rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz");
3351
- var XMR_BLOCK_LEN = [0, 2, 3, 5, 6, 7, 9, 10, 11];
3352
- var base58xmr = {
3353
- encode(data) {
3354
- let res = "";
3355
- for (let i2 = 0; i2 < data.length; i2 += 8) {
3356
- const block = data.subarray(i2, i2 + 8);
3357
- res += base58.encode(block).padStart(XMR_BLOCK_LEN[block.length], "1");
3358
- }
3359
- return res;
3360
- },
3361
- decode(str) {
3362
- let res = [];
3363
- for (let i2 = 0; i2 < str.length; i2 += 11) {
3364
- const slice = str.slice(i2, i2 + 11);
3365
- const blockLen = XMR_BLOCK_LEN.indexOf(slice.length);
3366
- const block = base58.decode(slice);
3367
- for (let j = 0; j < block.length - blockLen; j++) {
3368
- if (block[j] !== 0)
3369
- throw new Error("base58xmr: wrong padding");
3370
- }
3371
- res = res.concat(Array.from(block.slice(block.length - blockLen)));
3372
- }
3373
- return Uint8Array.from(res);
3374
- }
3375
- };
3376
- var BECH_ALPHABET = chain(alphabet("qpzry9x8gf2tvdw0s3jn54khce6mua7l"), join(""));
3377
- var POLYMOD_GENERATORS = [996825010, 642813549, 513874426, 1027748829, 705979059];
3378
- function bech32Polymod(pre) {
3379
- const b = pre >> 25;
3380
- let chk = (pre & 33554431) << 5;
3381
- for (let i2 = 0; i2 < POLYMOD_GENERATORS.length; i2++) {
3382
- if ((b >> i2 & 1) === 1)
3383
- chk ^= POLYMOD_GENERATORS[i2];
3384
- }
3385
- return chk;
3386
- }
3387
- function bechChecksum(prefix, words, encodingConst = 1) {
3388
- const len = prefix.length;
3389
- let chk = 1;
3390
- for (let i2 = 0; i2 < len; i2++) {
3391
- const c = prefix.charCodeAt(i2);
3392
- if (c < 33 || c > 126)
3393
- throw new Error(`Invalid prefix (${prefix})`);
3394
- chk = bech32Polymod(chk) ^ c >> 5;
3395
- }
3396
- chk = bech32Polymod(chk);
3397
- for (let i2 = 0; i2 < len; i2++)
3398
- chk = bech32Polymod(chk) ^ prefix.charCodeAt(i2) & 31;
3399
- for (let v of words)
3400
- chk = bech32Polymod(chk) ^ v;
3401
- for (let i2 = 0; i2 < 6; i2++)
3402
- chk = bech32Polymod(chk);
3403
- chk ^= encodingConst;
3404
- return BECH_ALPHABET.encode(convertRadix2([chk % 2 ** 30], 30, 5, false));
3405
- }
3406
- function genBech32(encoding) {
3407
- const ENCODING_CONST = encoding === "bech32" ? 1 : 734539939;
3408
- const _words = radix2(5);
3409
- const fromWords = _words.decode;
3410
- const toWords = _words.encode;
3411
- const fromWordsUnsafe = unsafeWrapper(fromWords);
3412
- function encode(prefix, words, limit2 = 90) {
3413
- if (typeof prefix !== "string")
3414
- throw new Error(`bech32.encode prefix should be string, not ${typeof prefix}`);
3415
- if (!Array.isArray(words) || words.length && typeof words[0] !== "number")
3416
- throw new Error(`bech32.encode words should be array of numbers, not ${typeof words}`);
3417
- const actualLength = prefix.length + 7 + words.length;
3418
- if (limit2 !== false && actualLength > limit2)
3419
- throw new TypeError(`Length ${actualLength} exceeds limit ${limit2}`);
3420
- prefix = prefix.toLowerCase();
3421
- return `${prefix}1${BECH_ALPHABET.encode(words)}${bechChecksum(prefix, words, ENCODING_CONST)}`;
3422
- }
3423
- function decode(str, limit2 = 90) {
3424
- if (typeof str !== "string")
3425
- throw new Error(`bech32.decode input should be string, not ${typeof str}`);
3426
- if (str.length < 8 || limit2 !== false && str.length > limit2)
3427
- throw new TypeError(`Wrong string length: ${str.length} (${str}). Expected (8..${limit2})`);
3428
- const lowered = str.toLowerCase();
3429
- if (str !== lowered && str !== str.toUpperCase())
3430
- throw new Error(`String must be lowercase or uppercase`);
3431
- str = lowered;
3432
- const sepIndex = str.lastIndexOf("1");
3433
- if (sepIndex === 0 || sepIndex === -1)
3434
- throw new Error(`Letter "1" must be present between prefix and data only`);
3435
- const prefix = str.slice(0, sepIndex);
3436
- const _words2 = str.slice(sepIndex + 1);
3437
- if (_words2.length < 6)
3438
- throw new Error("Data must be at least 6 characters long");
3439
- const words = BECH_ALPHABET.decode(_words2).slice(0, -6);
3440
- const sum = bechChecksum(prefix, words, ENCODING_CONST);
3441
- if (!_words2.endsWith(sum))
3442
- throw new Error(`Invalid checksum in ${str}: expected "${sum}"`);
3443
- return { prefix, words };
3444
- }
3445
- const decodeUnsafe = unsafeWrapper(decode);
3446
- function decodeToBytes(str) {
3447
- const { prefix, words } = decode(str, false);
3448
- return { prefix, words, bytes: fromWords(words) };
3449
- }
3450
- return { encode, decode, decodeToBytes, decodeUnsafe, fromWords, fromWordsUnsafe, toWords };
3451
- }
3452
- var bech32 = genBech32("bech32");
3453
- var bech32m = genBech32("bech32m");
3454
- var utf8 = {
3455
- encode: (data) => new TextDecoder().decode(data),
3456
- decode: (str) => new TextEncoder().encode(str)
3457
- };
3458
- var hex = chain(radix2(4), alphabet("0123456789abcdef"), join(""), normalize((s) => {
3459
- if (typeof s !== "string" || s.length % 2)
3460
- throw new TypeError(`hex.decode: expected string, got ${typeof s} with length ${s.length}`);
3461
- return s.toLowerCase();
3462
- }));
3463
- var CODERS = {
3464
- utf8,
3465
- hex,
3466
- base16,
3467
- base32,
3468
- base64,
3469
- base64url,
3470
- base58,
3471
- base58xmr
3472
- };
3473
- var coderTypeError = `Invalid encoding type. Available types: ${Object.keys(CODERS).join(", ")}`;
3474
-
3475
- // node_modules/@noble/ciphers/esm/_poly1305.js
3476
- var u8to16 = (a, i2) => a[i2++] & 255 | (a[i2++] & 255) << 8;
3477
- var Poly1305 = class {
3478
- constructor(key) {
3479
- this.blockLen = 16;
3480
- this.outputLen = 16;
3481
- this.buffer = new Uint8Array(16);
3482
- this.r = new Uint16Array(10);
3483
- this.h = new Uint16Array(10);
3484
- this.pad = new Uint16Array(8);
3485
- this.pos = 0;
3486
- this.finished = false;
3487
- key = toBytes3(key);
3488
- bytes3(key, 32);
3489
- const t0 = u8to16(key, 0);
3490
- const t1 = u8to16(key, 2);
3491
- const t2 = u8to16(key, 4);
3492
- const t3 = u8to16(key, 6);
3493
- const t4 = u8to16(key, 8);
3494
- const t5 = u8to16(key, 10);
3495
- const t6 = u8to16(key, 12);
3496
- const t7 = u8to16(key, 14);
3497
- this.r[0] = t0 & 8191;
3498
- this.r[1] = (t0 >>> 13 | t1 << 3) & 8191;
3499
- this.r[2] = (t1 >>> 10 | t2 << 6) & 7939;
3500
- this.r[3] = (t2 >>> 7 | t3 << 9) & 8191;
3501
- this.r[4] = (t3 >>> 4 | t4 << 12) & 255;
3502
- this.r[5] = t4 >>> 1 & 8190;
3503
- this.r[6] = (t4 >>> 14 | t5 << 2) & 8191;
3504
- this.r[7] = (t5 >>> 11 | t6 << 5) & 8065;
3505
- this.r[8] = (t6 >>> 8 | t7 << 8) & 8191;
3506
- this.r[9] = t7 >>> 5 & 127;
3507
- for (let i2 = 0; i2 < 8; i2++)
3508
- this.pad[i2] = u8to16(key, 16 + 2 * i2);
3509
- }
3510
- process(data, offset, isLast = false) {
3511
- const hibit = isLast ? 0 : 1 << 11;
3512
- const { h, r } = this;
3513
- const r0 = r[0];
3514
- const r1 = r[1];
3515
- const r2 = r[2];
3516
- const r3 = r[3];
3517
- const r4 = r[4];
3518
- const r5 = r[5];
3519
- const r6 = r[6];
3520
- const r7 = r[7];
3521
- const r8 = r[8];
3522
- const r9 = r[9];
3523
- const t0 = u8to16(data, offset + 0);
3524
- const t1 = u8to16(data, offset + 2);
3525
- const t2 = u8to16(data, offset + 4);
3526
- const t3 = u8to16(data, offset + 6);
3527
- const t4 = u8to16(data, offset + 8);
3528
- const t5 = u8to16(data, offset + 10);
3529
- const t6 = u8to16(data, offset + 12);
3530
- const t7 = u8to16(data, offset + 14);
3531
- let h0 = h[0] + (t0 & 8191);
3532
- let h1 = h[1] + ((t0 >>> 13 | t1 << 3) & 8191);
3533
- let h2 = h[2] + ((t1 >>> 10 | t2 << 6) & 8191);
3534
- let h3 = h[3] + ((t2 >>> 7 | t3 << 9) & 8191);
3535
- let h4 = h[4] + ((t3 >>> 4 | t4 << 12) & 8191);
3536
- let h5 = h[5] + (t4 >>> 1 & 8191);
3537
- let h6 = h[6] + ((t4 >>> 14 | t5 << 2) & 8191);
3538
- let h7 = h[7] + ((t5 >>> 11 | t6 << 5) & 8191);
3539
- let h8 = h[8] + ((t6 >>> 8 | t7 << 8) & 8191);
3540
- let h9 = h[9] + (t7 >>> 5 | hibit);
3541
- let c = 0;
3542
- let d0 = c + h0 * r0 + h1 * (5 * r9) + h2 * (5 * r8) + h3 * (5 * r7) + h4 * (5 * r6);
3543
- c = d0 >>> 13;
3544
- d0 &= 8191;
3545
- d0 += h5 * (5 * r5) + h6 * (5 * r4) + h7 * (5 * r3) + h8 * (5 * r2) + h9 * (5 * r1);
3546
- c += d0 >>> 13;
3547
- d0 &= 8191;
3548
- let d1 = c + h0 * r1 + h1 * r0 + h2 * (5 * r9) + h3 * (5 * r8) + h4 * (5 * r7);
3549
- c = d1 >>> 13;
3550
- d1 &= 8191;
3551
- d1 += h5 * (5 * r6) + h6 * (5 * r5) + h7 * (5 * r4) + h8 * (5 * r3) + h9 * (5 * r2);
3552
- c += d1 >>> 13;
3553
- d1 &= 8191;
3554
- let d2 = c + h0 * r2 + h1 * r1 + h2 * r0 + h3 * (5 * r9) + h4 * (5 * r8);
3555
- c = d2 >>> 13;
3556
- d2 &= 8191;
3557
- d2 += h5 * (5 * r7) + h6 * (5 * r6) + h7 * (5 * r5) + h8 * (5 * r4) + h9 * (5 * r3);
3558
- c += d2 >>> 13;
3559
- d2 &= 8191;
3560
- let d3 = c + h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * (5 * r9);
3561
- c = d3 >>> 13;
3562
- d3 &= 8191;
3563
- d3 += h5 * (5 * r8) + h6 * (5 * r7) + h7 * (5 * r6) + h8 * (5 * r5) + h9 * (5 * r4);
3564
- c += d3 >>> 13;
3565
- d3 &= 8191;
3566
- let d4 = c + h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0;
3567
- c = d4 >>> 13;
3568
- d4 &= 8191;
3569
- d4 += h5 * (5 * r9) + h6 * (5 * r8) + h7 * (5 * r7) + h8 * (5 * r6) + h9 * (5 * r5);
3570
- c += d4 >>> 13;
3571
- d4 &= 8191;
3572
- let d5 = c + h0 * r5 + h1 * r4 + h2 * r3 + h3 * r2 + h4 * r1;
3573
- c = d5 >>> 13;
3574
- d5 &= 8191;
3575
- d5 += h5 * r0 + h6 * (5 * r9) + h7 * (5 * r8) + h8 * (5 * r7) + h9 * (5 * r6);
3576
- c += d5 >>> 13;
3577
- d5 &= 8191;
3578
- let d6 = c + h0 * r6 + h1 * r5 + h2 * r4 + h3 * r3 + h4 * r2;
3579
- c = d6 >>> 13;
3580
- d6 &= 8191;
3581
- d6 += h5 * r1 + h6 * r0 + h7 * (5 * r9) + h8 * (5 * r8) + h9 * (5 * r7);
3582
- c += d6 >>> 13;
3583
- d6 &= 8191;
3584
- let d7 = c + h0 * r7 + h1 * r6 + h2 * r5 + h3 * r4 + h4 * r3;
3585
- c = d7 >>> 13;
3586
- d7 &= 8191;
3587
- d7 += h5 * r2 + h6 * r1 + h7 * r0 + h8 * (5 * r9) + h9 * (5 * r8);
3588
- c += d7 >>> 13;
3589
- d7 &= 8191;
3590
- let d8 = c + h0 * r8 + h1 * r7 + h2 * r6 + h3 * r5 + h4 * r4;
3591
- c = d8 >>> 13;
3592
- d8 &= 8191;
3593
- d8 += h5 * r3 + h6 * r2 + h7 * r1 + h8 * r0 + h9 * (5 * r9);
3594
- c += d8 >>> 13;
3595
- d8 &= 8191;
3596
- let d9 = c + h0 * r9 + h1 * r8 + h2 * r7 + h3 * r6 + h4 * r5;
3597
- c = d9 >>> 13;
3598
- d9 &= 8191;
3599
- d9 += h5 * r4 + h6 * r3 + h7 * r2 + h8 * r1 + h9 * r0;
3600
- c += d9 >>> 13;
3601
- d9 &= 8191;
3602
- c = (c << 2) + c | 0;
3603
- c = c + d0 | 0;
3604
- d0 = c & 8191;
3605
- c = c >>> 13;
3606
- d1 += c;
3607
- h[0] = d0;
3608
- h[1] = d1;
3609
- h[2] = d2;
3610
- h[3] = d3;
3611
- h[4] = d4;
3612
- h[5] = d5;
3613
- h[6] = d6;
3614
- h[7] = d7;
3615
- h[8] = d8;
3616
- h[9] = d9;
3617
- }
3618
- finalize() {
3619
- const { h, pad } = this;
3620
- const g = new Uint16Array(10);
3621
- let c = h[1] >>> 13;
3622
- h[1] &= 8191;
3623
- for (let i2 = 2; i2 < 10; i2++) {
3624
- h[i2] += c;
3625
- c = h[i2] >>> 13;
3626
- h[i2] &= 8191;
3627
- }
3628
- h[0] += c * 5;
3629
- c = h[0] >>> 13;
3630
- h[0] &= 8191;
3631
- h[1] += c;
3632
- c = h[1] >>> 13;
3633
- h[1] &= 8191;
3634
- h[2] += c;
3635
- g[0] = h[0] + 5;
3636
- c = g[0] >>> 13;
3637
- g[0] &= 8191;
3638
- for (let i2 = 1; i2 < 10; i2++) {
3639
- g[i2] = h[i2] + c;
3640
- c = g[i2] >>> 13;
3641
- g[i2] &= 8191;
3642
- }
3643
- g[9] -= 1 << 13;
3644
- let mask = (c ^ 1) - 1;
3645
- for (let i2 = 0; i2 < 10; i2++)
3646
- g[i2] &= mask;
3647
- mask = ~mask;
3648
- for (let i2 = 0; i2 < 10; i2++)
3649
- h[i2] = h[i2] & mask | g[i2];
3650
- h[0] = (h[0] | h[1] << 13) & 65535;
3651
- h[1] = (h[1] >>> 3 | h[2] << 10) & 65535;
3652
- h[2] = (h[2] >>> 6 | h[3] << 7) & 65535;
3653
- h[3] = (h[3] >>> 9 | h[4] << 4) & 65535;
3654
- h[4] = (h[4] >>> 12 | h[5] << 1 | h[6] << 14) & 65535;
3655
- h[5] = (h[6] >>> 2 | h[7] << 11) & 65535;
3656
- h[6] = (h[7] >>> 5 | h[8] << 8) & 65535;
3657
- h[7] = (h[8] >>> 8 | h[9] << 5) & 65535;
3658
- let f = h[0] + pad[0];
3659
- h[0] = f & 65535;
3660
- for (let i2 = 1; i2 < 8; i2++) {
3661
- f = (h[i2] + pad[i2] | 0) + (f >>> 16) | 0;
3662
- h[i2] = f & 65535;
3663
- }
3664
- }
3665
- update(data) {
3666
- exists3(this);
3667
- const { buffer, blockLen } = this;
3668
- data = toBytes3(data);
3669
- const len = data.length;
3670
- for (let pos = 0; pos < len; ) {
3671
- const take = Math.min(blockLen - this.pos, len - pos);
3672
- if (take === blockLen) {
3673
- for (; blockLen <= len - pos; pos += blockLen)
3674
- this.process(data, pos);
3675
- continue;
3676
- }
3677
- buffer.set(data.subarray(pos, pos + take), this.pos);
3678
- this.pos += take;
3679
- pos += take;
3680
- if (this.pos === blockLen) {
3681
- this.process(buffer, 0, false);
3682
- this.pos = 0;
3683
- }
3684
- }
3685
- return this;
3686
- }
3687
- destroy() {
3688
- this.h.fill(0);
3689
- this.r.fill(0);
3690
- this.buffer.fill(0);
3691
- this.pad.fill(0);
3692
- }
3693
- digestInto(out) {
3694
- exists3(this);
3695
- output3(out, this);
3696
- this.finished = true;
3697
- const { buffer, h } = this;
3698
- let { pos } = this;
3699
- if (pos) {
3700
- buffer[pos++] = 1;
3701
- for (; pos < 16; pos++)
3702
- buffer[pos] = 0;
3703
- this.process(buffer, 0, true);
3704
- }
3705
- this.finalize();
3706
- let opos = 0;
3707
- for (let i2 = 0; i2 < 8; i2++) {
3708
- out[opos++] = h[i2] >>> 0;
3709
- out[opos++] = h[i2] >>> 8;
3710
- }
3711
- return out;
3712
- }
3713
- digest() {
3714
- const { buffer, outputLen } = this;
3715
- this.digestInto(buffer);
3716
- const res = buffer.slice(0, outputLen);
3717
- this.destroy();
3718
- return res;
3719
- }
3720
- };
3721
- function wrapConstructorWithKey2(hashCons) {
3722
- const hashC = (msg, key) => hashCons(key).update(toBytes3(msg)).digest();
3723
- const tmp = hashCons(new Uint8Array(32));
3724
- hashC.outputLen = tmp.outputLen;
3725
- hashC.blockLen = tmp.blockLen;
3726
- hashC.create = (key) => hashCons(key);
3727
- return hashC;
3728
- }
3729
- var poly1305 = wrapConstructorWithKey2((key) => new Poly1305(key));
3730
-
3731
- // node_modules/@noble/ciphers/esm/_arx.js
3732
- var sigma16 = utf8ToBytes4("expand 16-byte k");
3733
- var sigma32 = utf8ToBytes4("expand 32-byte k");
3734
- var sigma16_32 = u32(sigma16);
3735
- var sigma32_32 = u32(sigma32);
3736
- function rotl(a, b) {
3737
- return a << b | a >>> 32 - b;
3738
- }
3739
- function isAligned32(b) {
3740
- return b.byteOffset % 4 === 0;
3741
- }
3742
- var BLOCK_LEN = 64;
3743
- var BLOCK_LEN32 = 16;
3744
- var MAX_COUNTER = 2 ** 32 - 1;
3745
- var U32_EMPTY = new Uint32Array();
3746
- function runCipher(core, sigma, key, nonce, data, output4, counter, rounds) {
3747
- const len = data.length;
3748
- const block = new Uint8Array(BLOCK_LEN);
3749
- const b32 = u32(block);
3750
- const isAligned = isAligned32(data) && isAligned32(output4);
3751
- const d32 = isAligned ? u32(data) : U32_EMPTY;
3752
- const o32 = isAligned ? u32(output4) : U32_EMPTY;
3753
- for (let pos = 0; pos < len; counter++) {
3754
- core(sigma, key, nonce, b32, counter, rounds);
3755
- if (counter >= MAX_COUNTER)
3756
- throw new Error("arx: counter overflow");
3757
- const take = Math.min(BLOCK_LEN, len - pos);
3758
- if (isAligned && take === BLOCK_LEN) {
3759
- const pos32 = pos / 4;
3760
- if (pos % 4 !== 0)
3761
- throw new Error("arx: invalid block position");
3762
- for (let j = 0, posj; j < BLOCK_LEN32; j++) {
3763
- posj = pos32 + j;
3764
- o32[posj] = d32[posj] ^ b32[j];
3765
- }
3766
- pos += BLOCK_LEN;
3767
- continue;
3768
- }
3769
- for (let j = 0, posj; j < take; j++) {
3770
- posj = pos + j;
3771
- output4[posj] = data[posj] ^ block[j];
3772
- }
3773
- pos += take;
3774
- }
3775
- }
3776
- function createCipher(core, opts) {
3777
- const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts({ allowShortKeys: false, counterLength: 8, counterRight: false, rounds: 20 }, opts);
3778
- if (typeof core !== "function")
3779
- throw new Error("core must be a function");
3780
- number3(counterLength);
3781
- number3(rounds);
3782
- bool2(counterRight);
3783
- bool2(allowShortKeys);
3784
- return (key, nonce, data, output4, counter = 0) => {
3785
- bytes3(key);
3786
- bytes3(nonce);
3787
- bytes3(data);
3788
- const len = data.length;
3789
- if (!output4)
3790
- output4 = new Uint8Array(len);
3791
- bytes3(output4);
3792
- number3(counter);
3793
- if (counter < 0 || counter >= MAX_COUNTER)
3794
- throw new Error("arx: counter overflow");
3795
- if (output4.length < len)
3796
- throw new Error(`arx: output (${output4.length}) is shorter than data (${len})`);
3797
- const toClean = [];
3798
- let l = key.length, k, sigma;
3799
- if (l === 32) {
3800
- k = key.slice();
3801
- toClean.push(k);
3802
- sigma = sigma32_32;
3803
- } else if (l === 16 && allowShortKeys) {
3804
- k = new Uint8Array(32);
3805
- k.set(key);
3806
- k.set(key, 16);
3807
- sigma = sigma16_32;
3808
- toClean.push(k);
3809
- } else {
3810
- throw new Error(`arx: invalid 32-byte key, got length=${l}`);
3811
- }
3812
- if (!isAligned32(nonce)) {
3813
- nonce = nonce.slice();
3814
- toClean.push(nonce);
3815
- }
3816
- const k32 = u32(k);
3817
- if (extendNonceFn) {
3818
- if (nonce.length !== 24)
3819
- throw new Error(`arx: extended nonce must be 24 bytes`);
3820
- extendNonceFn(sigma, k32, u32(nonce.subarray(0, 16)), k32);
3821
- nonce = nonce.subarray(16);
3822
- }
3823
- const nonceNcLen = 16 - counterLength;
3824
- if (nonceNcLen !== nonce.length)
3825
- throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);
3826
- if (nonceNcLen !== 12) {
3827
- const nc = new Uint8Array(12);
3828
- nc.set(nonce, counterRight ? 0 : 12 - nonce.length);
3829
- nonce = nc;
3830
- toClean.push(nonce);
3831
- }
3832
- const n32 = u32(nonce);
3833
- runCipher(core, sigma, k32, n32, data, output4, counter, rounds);
3834
- while (toClean.length > 0)
3835
- toClean.pop().fill(0);
3836
- return output4;
3837
- };
3838
- }
3839
-
3840
- // node_modules/@noble/ciphers/esm/chacha.js
3841
- function chachaCore(s, k, n, out, cnt, rounds = 20) {
3842
- let y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2];
3843
- let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
3844
- for (let r = 0; r < rounds; r += 2) {
3845
- x00 = x00 + x04 | 0;
3846
- x12 = rotl(x12 ^ x00, 16);
3847
- x08 = x08 + x12 | 0;
3848
- x04 = rotl(x04 ^ x08, 12);
3849
- x00 = x00 + x04 | 0;
3850
- x12 = rotl(x12 ^ x00, 8);
3851
- x08 = x08 + x12 | 0;
3852
- x04 = rotl(x04 ^ x08, 7);
3853
- x01 = x01 + x05 | 0;
3854
- x13 = rotl(x13 ^ x01, 16);
3855
- x09 = x09 + x13 | 0;
3856
- x05 = rotl(x05 ^ x09, 12);
3857
- x01 = x01 + x05 | 0;
3858
- x13 = rotl(x13 ^ x01, 8);
3859
- x09 = x09 + x13 | 0;
3860
- x05 = rotl(x05 ^ x09, 7);
3861
- x02 = x02 + x06 | 0;
3862
- x14 = rotl(x14 ^ x02, 16);
3863
- x10 = x10 + x14 | 0;
3864
- x06 = rotl(x06 ^ x10, 12);
3865
- x02 = x02 + x06 | 0;
3866
- x14 = rotl(x14 ^ x02, 8);
3867
- x10 = x10 + x14 | 0;
3868
- x06 = rotl(x06 ^ x10, 7);
3869
- x03 = x03 + x07 | 0;
3870
- x15 = rotl(x15 ^ x03, 16);
3871
- x11 = x11 + x15 | 0;
3872
- x07 = rotl(x07 ^ x11, 12);
3873
- x03 = x03 + x07 | 0;
3874
- x15 = rotl(x15 ^ x03, 8);
3875
- x11 = x11 + x15 | 0;
3876
- x07 = rotl(x07 ^ x11, 7);
3877
- x00 = x00 + x05 | 0;
3878
- x15 = rotl(x15 ^ x00, 16);
3879
- x10 = x10 + x15 | 0;
3880
- x05 = rotl(x05 ^ x10, 12);
3881
- x00 = x00 + x05 | 0;
3882
- x15 = rotl(x15 ^ x00, 8);
3883
- x10 = x10 + x15 | 0;
3884
- x05 = rotl(x05 ^ x10, 7);
3885
- x01 = x01 + x06 | 0;
3886
- x12 = rotl(x12 ^ x01, 16);
3887
- x11 = x11 + x12 | 0;
3888
- x06 = rotl(x06 ^ x11, 12);
3889
- x01 = x01 + x06 | 0;
3890
- x12 = rotl(x12 ^ x01, 8);
3891
- x11 = x11 + x12 | 0;
3892
- x06 = rotl(x06 ^ x11, 7);
3893
- x02 = x02 + x07 | 0;
3894
- x13 = rotl(x13 ^ x02, 16);
3895
- x08 = x08 + x13 | 0;
3896
- x07 = rotl(x07 ^ x08, 12);
3897
- x02 = x02 + x07 | 0;
3898
- x13 = rotl(x13 ^ x02, 8);
3899
- x08 = x08 + x13 | 0;
3900
- x07 = rotl(x07 ^ x08, 7);
3901
- x03 = x03 + x04 | 0;
3902
- x14 = rotl(x14 ^ x03, 16);
3903
- x09 = x09 + x14 | 0;
3904
- x04 = rotl(x04 ^ x09, 12);
3905
- x03 = x03 + x04 | 0;
3906
- x14 = rotl(x14 ^ x03, 8);
3907
- x09 = x09 + x14 | 0;
3908
- x04 = rotl(x04 ^ x09, 7);
3909
- }
3910
- let oi = 0;
3911
- out[oi++] = y00 + x00 | 0;
3912
- out[oi++] = y01 + x01 | 0;
3913
- out[oi++] = y02 + x02 | 0;
3914
- out[oi++] = y03 + x03 | 0;
3915
- out[oi++] = y04 + x04 | 0;
3916
- out[oi++] = y05 + x05 | 0;
3917
- out[oi++] = y06 + x06 | 0;
3918
- out[oi++] = y07 + x07 | 0;
3919
- out[oi++] = y08 + x08 | 0;
3920
- out[oi++] = y09 + x09 | 0;
3921
- out[oi++] = y10 + x10 | 0;
3922
- out[oi++] = y11 + x11 | 0;
3923
- out[oi++] = y12 + x12 | 0;
3924
- out[oi++] = y13 + x13 | 0;
3925
- out[oi++] = y14 + x14 | 0;
3926
- out[oi++] = y15 + x15 | 0;
3927
- }
3928
- function hchacha(s, k, i2, o32) {
3929
- let x00 = s[0], x01 = s[1], x02 = s[2], x03 = s[3], x04 = k[0], x05 = k[1], x06 = k[2], x07 = k[3], x08 = k[4], x09 = k[5], x10 = k[6], x11 = k[7], x12 = i2[0], x13 = i2[1], x14 = i2[2], x15 = i2[3];
3930
- for (let r = 0; r < 20; r += 2) {
3931
- x00 = x00 + x04 | 0;
3932
- x12 = rotl(x12 ^ x00, 16);
3933
- x08 = x08 + x12 | 0;
3934
- x04 = rotl(x04 ^ x08, 12);
3935
- x00 = x00 + x04 | 0;
3936
- x12 = rotl(x12 ^ x00, 8);
3937
- x08 = x08 + x12 | 0;
3938
- x04 = rotl(x04 ^ x08, 7);
3939
- x01 = x01 + x05 | 0;
3940
- x13 = rotl(x13 ^ x01, 16);
3941
- x09 = x09 + x13 | 0;
3942
- x05 = rotl(x05 ^ x09, 12);
3943
- x01 = x01 + x05 | 0;
3944
- x13 = rotl(x13 ^ x01, 8);
3945
- x09 = x09 + x13 | 0;
3946
- x05 = rotl(x05 ^ x09, 7);
3947
- x02 = x02 + x06 | 0;
3948
- x14 = rotl(x14 ^ x02, 16);
3949
- x10 = x10 + x14 | 0;
3950
- x06 = rotl(x06 ^ x10, 12);
3951
- x02 = x02 + x06 | 0;
3952
- x14 = rotl(x14 ^ x02, 8);
3953
- x10 = x10 + x14 | 0;
3954
- x06 = rotl(x06 ^ x10, 7);
3955
- x03 = x03 + x07 | 0;
3956
- x15 = rotl(x15 ^ x03, 16);
3957
- x11 = x11 + x15 | 0;
3958
- x07 = rotl(x07 ^ x11, 12);
3959
- x03 = x03 + x07 | 0;
3960
- x15 = rotl(x15 ^ x03, 8);
3961
- x11 = x11 + x15 | 0;
3962
- x07 = rotl(x07 ^ x11, 7);
3963
- x00 = x00 + x05 | 0;
3964
- x15 = rotl(x15 ^ x00, 16);
3965
- x10 = x10 + x15 | 0;
3966
- x05 = rotl(x05 ^ x10, 12);
3967
- x00 = x00 + x05 | 0;
3968
- x15 = rotl(x15 ^ x00, 8);
3969
- x10 = x10 + x15 | 0;
3970
- x05 = rotl(x05 ^ x10, 7);
3971
- x01 = x01 + x06 | 0;
3972
- x12 = rotl(x12 ^ x01, 16);
3973
- x11 = x11 + x12 | 0;
3974
- x06 = rotl(x06 ^ x11, 12);
3975
- x01 = x01 + x06 | 0;
3976
- x12 = rotl(x12 ^ x01, 8);
3977
- x11 = x11 + x12 | 0;
3978
- x06 = rotl(x06 ^ x11, 7);
3979
- x02 = x02 + x07 | 0;
3980
- x13 = rotl(x13 ^ x02, 16);
3981
- x08 = x08 + x13 | 0;
3982
- x07 = rotl(x07 ^ x08, 12);
3983
- x02 = x02 + x07 | 0;
3984
- x13 = rotl(x13 ^ x02, 8);
3985
- x08 = x08 + x13 | 0;
3986
- x07 = rotl(x07 ^ x08, 7);
3987
- x03 = x03 + x04 | 0;
3988
- x14 = rotl(x14 ^ x03, 16);
3989
- x09 = x09 + x14 | 0;
3990
- x04 = rotl(x04 ^ x09, 12);
3991
- x03 = x03 + x04 | 0;
3992
- x14 = rotl(x14 ^ x03, 8);
3993
- x09 = x09 + x14 | 0;
3994
- x04 = rotl(x04 ^ x09, 7);
3995
- }
3996
- let oi = 0;
3997
- o32[oi++] = x00;
3998
- o32[oi++] = x01;
3999
- o32[oi++] = x02;
4000
- o32[oi++] = x03;
4001
- o32[oi++] = x12;
4002
- o32[oi++] = x13;
4003
- o32[oi++] = x14;
4004
- o32[oi++] = x15;
4005
- }
4006
- var chacha20 = /* @__PURE__ */ createCipher(chachaCore, {
4007
- counterRight: false,
4008
- counterLength: 4,
4009
- allowShortKeys: false
4010
- });
4011
- var xchacha20 = /* @__PURE__ */ createCipher(chachaCore, {
4012
- counterRight: false,
4013
- counterLength: 8,
4014
- extendNonceFn: hchacha,
4015
- allowShortKeys: false
4016
- });
4017
- var ZEROS162 = /* @__PURE__ */ new Uint8Array(16);
4018
- var updatePadded = (h, msg) => {
4019
- h.update(msg);
4020
- const left = msg.length % 16;
4021
- if (left)
4022
- h.update(ZEROS162.subarray(left));
4023
- };
4024
- var ZEROS322 = /* @__PURE__ */ new Uint8Array(32);
4025
- function computeTag2(fn, key, nonce, data, AAD) {
4026
- const authKey = fn(key, nonce, ZEROS322);
4027
- const h = poly1305.create(authKey);
4028
- if (AAD)
4029
- updatePadded(h, AAD);
4030
- updatePadded(h, data);
4031
- const num = new Uint8Array(16);
4032
- const view = createView3(num);
4033
- setBigUint643(view, 0, BigInt(AAD ? AAD.length : 0), true);
4034
- setBigUint643(view, 8, BigInt(data.length), true);
4035
- h.update(num);
4036
- const res = h.digest();
4037
- authKey.fill(0);
4038
- return res;
4039
- }
4040
- var _poly1305_aead = (xorStream) => (key, nonce, AAD) => {
4041
- const tagLength = 16;
4042
- bytes3(key, 32);
4043
- bytes3(nonce);
4044
- return {
4045
- encrypt: (plaintext, output4) => {
4046
- const plength = plaintext.length;
4047
- const clength = plength + tagLength;
4048
- if (output4) {
4049
- bytes3(output4, clength);
4050
- } else {
4051
- output4 = new Uint8Array(clength);
4052
- }
4053
- xorStream(key, nonce, plaintext, output4, 1);
4054
- const tag = computeTag2(xorStream, key, nonce, output4.subarray(0, -tagLength), AAD);
4055
- output4.set(tag, plength);
4056
- return output4;
4057
- },
4058
- decrypt: (ciphertext, output4) => {
4059
- const clength = ciphertext.length;
4060
- const plength = clength - tagLength;
4061
- if (clength < tagLength)
4062
- throw new Error(`encrypted data must be at least ${tagLength} bytes`);
4063
- if (output4) {
4064
- bytes3(output4, plength);
4065
- } else {
4066
- output4 = new Uint8Array(plength);
4067
- }
4068
- const data = ciphertext.subarray(0, -tagLength);
4069
- const passedTag = ciphertext.subarray(-tagLength);
4070
- const tag = computeTag2(xorStream, key, nonce, data, AAD);
4071
- if (!equalBytes2(passedTag, tag))
4072
- throw new Error("invalid tag");
4073
- xorStream(key, nonce, data, output4, 1);
4074
- return output4;
4075
- }
4076
- };
4077
- };
4078
- var chacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 12, tagLength: 16 }, _poly1305_aead(chacha20));
4079
- var xchacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 24, tagLength: 16 }, _poly1305_aead(xchacha20));
4080
-
4081
- // node_modules/@noble/hashes/esm/hmac.js
4082
- var HMAC2 = class extends Hash {
4083
- constructor(hash3, _key) {
4084
- super();
4085
- this.finished = false;
4086
- this.destroyed = false;
4087
- assert_default.hash(hash3);
4088
- const key = toBytes(_key);
4089
- this.iHash = hash3.create();
4090
- if (typeof this.iHash.update !== "function")
4091
- throw new Error("Expected instance of class which extends utils.Hash");
4092
- this.blockLen = this.iHash.blockLen;
4093
- this.outputLen = this.iHash.outputLen;
4094
- const blockLen = this.blockLen;
4095
- const pad = new Uint8Array(blockLen);
4096
- pad.set(key.length > blockLen ? hash3.create().update(key).digest() : key);
4097
- for (let i2 = 0; i2 < pad.length; i2++)
4098
- pad[i2] ^= 54;
4099
- this.iHash.update(pad);
4100
- this.oHash = hash3.create();
4101
- for (let i2 = 0; i2 < pad.length; i2++)
4102
- pad[i2] ^= 54 ^ 92;
4103
- this.oHash.update(pad);
4104
- pad.fill(0);
4105
- }
4106
- update(buf) {
4107
- assert_default.exists(this);
4108
- this.iHash.update(buf);
4109
- return this;
4110
- }
4111
- digestInto(out) {
4112
- assert_default.exists(this);
4113
- assert_default.bytes(out, this.outputLen);
4114
- this.finished = true;
4115
- this.iHash.digestInto(out);
4116
- this.oHash.update(out);
4117
- this.oHash.digestInto(out);
4118
- this.destroy();
4119
- }
4120
- digest() {
4121
- const out = new Uint8Array(this.oHash.outputLen);
4122
- this.digestInto(out);
4123
- return out;
4124
- }
4125
- _cloneInto(to) {
4126
- to || (to = Object.create(Object.getPrototypeOf(this), {}));
4127
- const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
4128
- to = to;
4129
- to.finished = finished;
4130
- to.destroyed = destroyed;
4131
- to.blockLen = blockLen;
4132
- to.outputLen = outputLen;
4133
- to.oHash = oHash._cloneInto(to.oHash);
4134
- to.iHash = iHash._cloneInto(to.iHash);
4135
- return to;
4136
- }
4137
- destroy() {
4138
- this.destroyed = true;
4139
- this.oHash.destroy();
4140
- this.iHash.destroy();
4141
- }
4142
- };
4143
- var hmac2 = (hash3, key, message) => new HMAC2(hash3, key).update(message).digest();
4144
- hmac2.create = (hash3, key) => new HMAC2(hash3, key);
4145
-
4146
- // node_modules/@noble/hashes/esm/hkdf.js
4147
- var HKDF_COUNTER = new Uint8Array([0]);
4148
- var EMPTY_BUFFER = new Uint8Array();
4149
-
4150
- // node_modules/nostr-tools/lib/esm/nip46.js
4151
- var verifiedSymbol = Symbol("verified");
4152
- var isRecord = (obj) => obj instanceof Object;
4153
- function validateEvent(event) {
4154
- if (!isRecord(event))
4155
- return false;
4156
- if (typeof event.kind !== "number")
4157
- return false;
4158
- if (typeof event.content !== "string")
4159
- return false;
4160
- if (typeof event.created_at !== "number")
4161
- return false;
4162
- if (typeof event.pubkey !== "string")
4163
- return false;
4164
- if (!event.pubkey.match(/^[a-f0-9]{64}$/))
4165
- return false;
4166
- if (!Array.isArray(event.tags))
4167
- return false;
4168
- for (let i2 = 0; i2 < event.tags.length; i2++) {
4169
- let tag = event.tags[i2];
4170
- if (!Array.isArray(tag))
4171
- return false;
4172
- for (let j = 0; j < tag.length; j++) {
4173
- if (typeof tag[j] === "object")
4174
- return false;
4175
- }
4176
- }
4177
- return true;
4178
- }
4179
- var utf8Decoder = new TextDecoder("utf-8");
4180
- var utf8Encoder = new TextEncoder();
4181
- var JS = class {
4182
- generateSecretKey() {
4183
- return schnorr.utils.randomPrivateKey();
4184
- }
4185
- getPublicKey(secretKey) {
4186
- return bytesToHex(schnorr.getPublicKey(secretKey));
4187
- }
4188
- finalizeEvent(t, secretKey) {
4189
- const event = t;
4190
- event.pubkey = bytesToHex(schnorr.getPublicKey(secretKey));
4191
- event.id = getEventHash(event);
4192
- event.sig = bytesToHex(schnorr.sign(getEventHash(event), secretKey));
4193
- event[verifiedSymbol] = true;
4194
- return event;
4195
- }
4196
- verifyEvent(event) {
4197
- if (typeof event[verifiedSymbol] === "boolean")
4198
- return event[verifiedSymbol];
4199
- const hash3 = getEventHash(event);
4200
- if (hash3 !== event.id) {
4201
- event[verifiedSymbol] = false;
4202
- return false;
4203
- }
4204
- try {
4205
- const valid = schnorr.verify(event.sig, hash3, event.pubkey);
4206
- event[verifiedSymbol] = valid;
4207
- return valid;
4208
- } catch (err) {
4209
- event[verifiedSymbol] = false;
4210
- return false;
4211
- }
4212
- }
4213
- };
4214
- function serializeEvent(evt) {
4215
- if (!validateEvent(evt))
4216
- throw new Error("can't serialize event with wrong or missing properties");
4217
- return JSON.stringify([0, evt.pubkey, evt.created_at, evt.kind, evt.tags, evt.content]);
4218
- }
4219
- function getEventHash(event) {
4220
- let eventHash = sha2562(utf8Encoder.encode(serializeEvent(event)));
4221
- return bytesToHex(eventHash);
4222
- }
4223
- var i = new JS();
4224
- var generateSecretKey = i.generateSecretKey;
4225
- var getPublicKey = i.getPublicKey;
4226
- var finalizeEvent = i.finalizeEvent;
4227
- var verifyEvent = i.verifyEvent;
4228
- var NIP05_REGEX = /^(?:([\w.+-]+)@)?([\w_-]+(\.[\w_-]+)+)$/;
4229
- var _fetch;
4230
- try {
4231
- _fetch = fetch;
4232
- } catch {
4233
- }
4234
- var _WebSocket;
4235
- try {
4236
- _WebSocket = WebSocket;
4237
- } catch {
4238
- }
4239
- var _fetch2;
4240
- try {
4241
- _fetch2 = fetch;
4242
- } catch {
4243
- }
4244
- var BUNKER_REGEX = /^bunker:\/\/([0-9a-f]{64})\??([?\/\w:.=&%-]*)$/;
4245
- async function parseBunkerInput(input) {
4246
- let match = input.match(BUNKER_REGEX);
4247
- if (match) {
4248
- try {
4249
- const pubkey = match[1];
4250
- const qs = new URLSearchParams(match[2]);
4251
- return {
4252
- pubkey,
4253
- relays: qs.getAll("relay"),
4254
- secret: qs.get("secret")
4255
- };
4256
- } catch (_err) {
4257
- }
4258
- }
4259
- return queryBunkerProfile(input);
4260
- }
4261
- async function queryBunkerProfile(nip05) {
4262
- const match = nip05.match(NIP05_REGEX);
4263
- if (!match)
4264
- return null;
4265
- const [_, name = "_", domain] = match;
4266
- try {
4267
- const url = `https://${domain}/.well-known/nostr.json?name=${name}`;
4268
- const res = await (await _fetch2(url, { redirect: "error" })).json();
4269
- let pubkey = res.names[name];
4270
- let relays = res.nip46[pubkey] || [];
4271
- return { pubkey, relays, secret: null };
4272
- } catch (_err) {
4273
- return null;
4274
- }
4275
- }
4276
-
4277
- // src/lib.ts
4278
- var localStorageKeys = {
4279
- ORIGIN: "wnj:origin",
4280
- CLIENT_SECRET: "wnj:clientSecret",
4281
- Y_POS: "wnj:ypos",
4282
- CALLBACK_TOKEN: "wnj:callbackToken",
4283
- BUNKER_POINTER: "wnj:bunkerPointer"
4284
- };
4285
-
4286
3
  // iframe/iframe.ts
4
+ var SHARED_BUNKER_KEY = "wnj:root:sharedBunker";
4287
5
  window.onmessage = async (ev) => {
4288
- if (!ev.origin.startsWith("https://join.the-nostr.org") && !ev.origin.startsWith("http://localhost:6711")) {
4289
- return;
4290
- }
4291
- const { bunker } = ev.data;
6
+ const { bunker, getbunker } = ev.data;
4292
7
  if (bunker) {
4293
- const bp = await parseBunkerInput(bunker);
4294
- if (bp) {
4295
- localStorage.setItem(localStorageKeys.BUNKER_POINTER, JSON.stringify(bp));
8
+ if (!ev.origin.startsWith("https://join.the-nostr.org") && !ev.origin.startsWith("http://localhost:6711")) {
9
+ return;
10
+ }
11
+ if (bunker) {
12
+ localStorage.setItem(SHARED_BUNKER_KEY, bunker);
4296
13
  } else {
4297
14
  console.error("wnj iframe got an invalid bunker url:", bunker);
4298
15
  }
4299
16
  }
17
+ if (getbunker) {
18
+ const bunker2 = localStorage.getItem(SHARED_BUNKER_KEY);
19
+ window.parent.postMessage({ bunker: bunker2 }, "*");
20
+ }
4300
21
  };
4301
22
  })();
4302
- /*! Bundled license information:
4303
-
4304
- @noble/hashes/esm/utils.js:
4305
- (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4306
-
4307
- @noble/hashes/esm/utils.js:
4308
- (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4309
-
4310
- @noble/curves/esm/abstract/utils.js:
4311
- (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4312
-
4313
- @noble/curves/esm/abstract/modular.js:
4314
- (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4315
-
4316
- @noble/curves/esm/abstract/curve.js:
4317
- (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4318
-
4319
- @noble/curves/esm/abstract/weierstrass.js:
4320
- (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4321
-
4322
- @noble/curves/esm/_shortw_utils.js:
4323
- (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4324
-
4325
- @noble/curves/esm/secp256k1.js:
4326
- (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4327
-
4328
- @noble/ciphers/esm/utils.js:
4329
- (*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) *)
4330
-
4331
- @scure/base/lib/esm/index.js:
4332
- (*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4333
- */