zattera-js 0.1.0

package/dist/node/node_modules/@noble/secp256k1/index.js

@@ -0,0 +1,578 @@
+/*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
+const secp256k1_CURVE = {
+  p: 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2fn,
+  n: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n,
+  b: 7n,
+  Gx: 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798n,
+  Gy: 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8n
+};
+const { p: P, n: N, Gx, Gy, b: _b } = secp256k1_CURVE;
+const L = 32;
+const L2 = 64;
+const err = (m = "") => {
+  throw new Error(m);
+};
+const isBig = (n) => typeof n === "bigint";
+const isStr = (s) => typeof s === "string";
+const isBytes = (a) => a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+const abytes = (a, l) => !isBytes(a) || typeof l === "number" && l > 0 && a.length !== l ? err("Uint8Array expected") : a;
+const u8n = (len) => new Uint8Array(len);
+const u8fr = (buf) => Uint8Array.from(buf);
+const padh = (n, pad) => n.toString(16).padStart(pad, "0");
+const bytesToHex = (b) => Array.from(abytes(b)).map((e) => padh(e, 2)).join("");
+const C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+const _ch = (ch) => {
+  if (ch >= C._0 && ch <= C._9)
+    return ch - C._0;
+  if (ch >= C.A && ch <= C.F)
+    return ch - (C.A - 10);
+  if (ch >= C.a && ch <= C.f)
+    return ch - (C.a - 10);
+  return;
+};
+const hexToBytes = (hex) => {
+  const e = "hex invalid";
+  if (!isStr(hex))
+    return err(e);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    return err(e);
+  const array = u8n(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = _ch(hex.charCodeAt(hi));
+    const n2 = _ch(hex.charCodeAt(hi + 1));
+    if (n1 === void 0 || n2 === void 0)
+      return err(e);
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+};
+const toU8 = (a, len) => abytes(isStr(a) ? hexToBytes(a) : u8fr(abytes(a)), len);
+const cr = () => globalThis?.crypto;
+const subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined");
+const concatBytes = (...arrs) => {
+  const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0));
+  let pad = 0;
+  arrs.forEach((a) => {
+    r.set(a, pad);
+    pad += a.length;
+  });
+  return r;
+};
+const randomBytes = (len = L) => {
+  const c = cr();
+  return c.getRandomValues(u8n(len));
+};
+const big = BigInt;
+const arange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
+const M = (a, b = P) => {
+  const r = a % b;
+  return r >= 0n ? r : b + r;
+};
+const modN = (a) => M(a, N);
+const invert = (num, md) => {
+  if (num === 0n || md <= 0n)
+    err("no inverse n=" + num + " mod=" + md);
+  let a = M(num, md), b = md, x = 0n, u = 1n;
+  while (a !== 0n) {
+    const q = b / a, r = b % a;
+    const m = x - u * q;
+    b = a, a = r, x = u, u = m;
+  }
+  return b === 1n ? M(x, md) : err("no inverse");
+};
+const apoint = (p) => p instanceof Point ? p : err("Point expected");
+const koblitz = (x) => M(M(x * x) * x + _b);
+const afield0 = (n) => arange(n, 0n, P);
+const afield = (n) => arange(n, 1n, P);
+const agroup = (n) => arange(n, 1n, N);
+const isEven = (y) => (y & 1n) === 0n;
+const u8of = (n) => Uint8Array.of(n);
+const getPrefix = (y) => u8of(isEven(y) ? 2 : 3);
+const lift_x = (x) => {
+  const c = koblitz(afield(x));
+  let r = 1n;
+  for (let num = c, e = (P + 1n) / 4n; e > 0n; e >>= 1n) {
+    if (e & 1n)
+      r = r * num % P;
+    num = num * num % P;
+  }
+  return M(r * r) === c ? r : err("sqrt invalid");
+};
+class Point {
+  static BASE;
+  static ZERO;
+  px;
+  py;
+  pz;
+  constructor(px, py, pz) {
+    this.px = afield0(px);
+    this.py = afield(py);
+    this.pz = afield0(pz);
+    Object.freeze(this);
+  }
+  /** Convert Uint8Array or hex string to Point. */
+  static fromBytes(bytes) {
+    abytes(bytes);
+    let p = void 0;
+    const head = bytes[0];
+    const tail = bytes.subarray(1);
+    const x = sliceBytesNumBE(tail, 0, L);
+    const len = bytes.length;
+    if (len === L + 1 && [2, 3].includes(head)) {
+      let y = lift_x(x);
+      const evenY = isEven(y);
+      const evenH = isEven(big(head));
+      if (evenH !== evenY)
+        y = M(-y);
+      p = new Point(x, y, 1n);
+    }
+    if (len === L2 + 1 && head === 4)
+      p = new Point(x, sliceBytesNumBE(tail, L, L2), 1n);
+    return p ? p.assertValidity() : err("bad point: not on curve");
+  }
+  /** Equality check: compare points P&Q. */
+  equals(other) {
+    const { px: X1, py: Y1, pz: Z1 } = this;
+    const { px: X2, py: Y2, pz: Z2 } = apoint(other);
+    const X1Z2 = M(X1 * Z2);
+    const X2Z1 = M(X2 * Z1);
+    const Y1Z2 = M(Y1 * Z2);
+    const Y2Z1 = M(Y2 * Z1);
+    return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
+  }
+  is0() {
+    return this.equals(I);
+  }
+  /** Flip point over y coordinate. */
+  negate() {
+    return new Point(this.px, M(-this.py), this.pz);
+  }
+  /** Point doubling: P+P, complete formula. */
+  double() {
+    return this.add(this);
+  }
+  /**
+   * Point addition: P+Q, complete, exception-free formula
+   * (Renes-Costello-Batina, algo 1 of [2015/1060](https://eprint.iacr.org/2015/1060)).
+   * Cost: `12M + 0S + 3*a + 3*b3 + 23add`.
+   */
+  // prettier-ignore
+  add(other) {
+    const { px: X1, py: Y1, pz: Z1 } = this;
+    const { px: X2, py: Y2, pz: Z2 } = apoint(other);
+    const a = 0n;
+    const b = _b;
+    let X3 = 0n, Y3 = 0n, Z3 = 0n;
+    const b3 = M(b * 3n);
+    let t0 = M(X1 * X2), t1 = M(Y1 * Y2), t2 = M(Z1 * Z2), t3 = M(X1 + Y1);
+    let t4 = M(X2 + Y2);
+    t3 = M(t3 * t4);
+    t4 = M(t0 + t1);
+    t3 = M(t3 - t4);
+    t4 = M(X1 + Z1);
+    let t5 = M(X2 + Z2);
+    t4 = M(t4 * t5);
+    t5 = M(t0 + t2);
+    t4 = M(t4 - t5);
+    t5 = M(Y1 + Z1);
+    X3 = M(Y2 + Z2);
+    t5 = M(t5 * X3);
+    X3 = M(t1 + t2);
+    t5 = M(t5 - X3);
+    Z3 = M(a * t4);
+    X3 = M(b3 * t2);
+    Z3 = M(X3 + Z3);
+    X3 = M(t1 - Z3);
+    Z3 = M(t1 + Z3);
+    Y3 = M(X3 * Z3);
+    t1 = M(t0 + t0);
+    t1 = M(t1 + t0);
+    t2 = M(a * t2);
+    t4 = M(b3 * t4);
+    t1 = M(t1 + t2);
+    t2 = M(t0 - t2);
+    t2 = M(a * t2);
+    t4 = M(t4 + t2);
+    t0 = M(t1 * t4);
+    Y3 = M(Y3 + t0);
+    t0 = M(t5 * t4);
+    X3 = M(t3 * X3);
+    X3 = M(X3 - t0);
+    t0 = M(t3 * t1);
+    Z3 = M(t5 * Z3);
+    Z3 = M(Z3 + t0);
+    return new Point(X3, Y3, Z3);
+  }
+  /**
+   * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
+   * Uses {@link wNAF} for base point.
+   * Uses fake point to mitigate side-channel leakage.
+   * @param n scalar by which point is multiplied
+   * @param safe safe mode guards against timing attacks; unsafe mode is faster
+   */
+  multiply(n, safe = true) {
+    if (!safe && n === 0n)
+      return I;
+    agroup(n);
+    if (n === 1n)
+      return this;
+    if (this.equals(G))
+      return wNAF(n).p;
+    let p = I;
+    let f = G;
+    for (let d = this; n > 0n; d = d.double(), n >>= 1n) {
+      if (n & 1n)
+        p = p.add(d);
+      else if (safe)
+        f = f.add(d);
+    }
+    return p;
+  }
+  /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
+  toAffine() {
+    const { px: x, py: y, pz: z } = this;
+    if (this.equals(I))
+      return { x: 0n, y: 0n };
+    if (z === 1n)
+      return { x, y };
+    const iz = invert(z, P);
+    if (M(z * iz) !== 1n)
+      err("inverse invalid");
+    return { x: M(x * iz), y: M(y * iz) };
+  }
+  /** Checks if the point is valid and on-curve. */
+  assertValidity() {
+    const { x, y } = this.toAffine();
+    afield(x);
+    afield(y);
+    return M(y * y) === koblitz(x) ? this : err("bad point: not on curve");
+  }
+  /** Converts point to 33/65-byte Uint8Array. */
+  toBytes(isCompressed = true) {
+    const { x, y } = this.assertValidity().toAffine();
+    const x32b = numTo32b(x);
+    if (isCompressed)
+      return concatBytes(getPrefix(y), x32b);
+    return concatBytes(u8of(4), x32b, numTo32b(y));
+  }
+  /** Create 3d xyz point from 2d xy. (0, 0) => (0, 1, 0), not (0, 0, 1) */
+  static fromAffine(ap) {
+    const { x, y } = ap;
+    return x === 0n && y === 0n ? I : new Point(x, y, 1n);
+  }
+  toHex(isCompressed) {
+    return bytesToHex(this.toBytes(isCompressed));
+  }
+  static fromPrivateKey(k) {
+    return G.multiply(toPrivScalar(k));
+  }
+  static fromHex(hex) {
+    return Point.fromBytes(toU8(hex));
+  }
+  get x() {
+    return this.toAffine().x;
+  }
+  get y() {
+    return this.toAffine().y;
+  }
+  toRawBytes(isCompressed) {
+    return this.toBytes(isCompressed);
+  }
+}
+const G = new Point(Gx, Gy, 1n);
+const I = new Point(0n, 1n, 0n);
+Point.BASE = G;
+Point.ZERO = I;
+const doubleScalarMulUns = (R, u1, u2) => {
+  return G.multiply(u1, false).add(R.multiply(u2, false)).assertValidity();
+};
+const bytesToNumBE = (b) => big("0x" + (bytesToHex(b) || "0"));
+const sliceBytesNumBE = (b, from, to) => bytesToNumBE(b.subarray(from, to));
+const B256 = 2n ** 256n;
+const numTo32b = (num) => hexToBytes(padh(arange(num, 0n, B256), L2));
+const toPrivScalar = (pr) => {
+  const num = isBig(pr) ? pr : bytesToNumBE(toU8(pr, L));
+  return arange(num, 1n, N, "private key invalid 3");
+};
+const highS = (n) => n > N >> 1n;
+const getPublicKey = (privKey, isCompressed = true) => {
+  return G.multiply(toPrivScalar(privKey)).toBytes(isCompressed);
+};
+let Signature$1 = class Signature {
+  r;
+  s;
+  recovery;
+  constructor(r, s, recovery) {
+    this.r = agroup(r);
+    this.s = agroup(s);
+    if (recovery != null)
+      this.recovery = recovery;
+    Object.freeze(this);
+  }
+  /** Create signature from 64b compact (r || s) representation. */
+  static fromBytes(b) {
+    abytes(b, L2);
+    const r = sliceBytesNumBE(b, 0, L);
+    const s = sliceBytesNumBE(b, L, L2);
+    return new Signature(r, s);
+  }
+  toBytes() {
+    const { r, s } = this;
+    return concatBytes(numTo32b(r), numTo32b(s));
+  }
+  /** Copy signature, with newly added recovery bit. */
+  addRecoveryBit(bit) {
+    return new Signature(this.r, this.s, bit);
+  }
+  hasHighS() {
+    return highS(this.s);
+  }
+  toCompactRawBytes() {
+    return this.toBytes();
+  }
+  toCompactHex() {
+    return bytesToHex(this.toBytes());
+  }
+  recoverPublicKey(msg) {
+    return recoverPublicKey(this, msg);
+  }
+  static fromCompact(hex) {
+    return Signature.fromBytes(toU8(hex, L2));
+  }
+  assertValidity() {
+    return this;
+  }
+  normalizeS() {
+    const { r, s, recovery } = this;
+    return highS(s) ? new Signature(r, modN(-s), recovery) : this;
+  }
+};
+const bits2int = (bytes) => {
+  const delta = bytes.length * 8 - 256;
+  if (delta > 1024)
+    err("msg invalid");
+  const num = bytesToNumBE(bytes);
+  return delta > 0 ? num >> big(delta) : num;
+};
+const bits2int_modN = (bytes) => modN(bits2int(abytes(bytes)));
+const signOpts = { lowS: true };
+const veriOpts = { lowS: true };
+const prepSig = (msgh, priv, opts = signOpts) => {
+  if (["der", "recovered", "canonical"].some((k) => k in opts))
+    err("option not supported");
+  let { lowS, extraEntropy } = opts;
+  if (lowS == null)
+    lowS = true;
+  const i2o = numTo32b;
+  const h1i = bits2int_modN(toU8(msgh));
+  const h1o = i2o(h1i);
+  const d = toPrivScalar(priv);
+  const seed = [i2o(d), h1o];
+  if (extraEntropy)
+    seed.push(extraEntropy === true ? randomBytes(L) : toU8(extraEntropy));
+  const m = h1i;
+  const k2sig = (kBytes) => {
+    const k = bits2int(kBytes);
+    if (!(1n <= k && k < N))
+      return;
+    const q = G.multiply(k).toAffine();
+    const r = modN(q.x);
+    if (r === 0n)
+      return;
+    const ik = invert(k, N);
+    const s = modN(ik * modN(m + modN(d * r)));
+    if (s === 0n)
+      return;
+    let normS = s;
+    let recovery = (q.x === r ? 0 : 2) | Number(q.y & 1n);
+    if (lowS && highS(s)) {
+      normS = modN(-s);
+      recovery ^= 1;
+    }
+    return new Signature$1(r, normS, recovery);
+  };
+  return { seed: concatBytes(...seed), k2sig };
+};
+const hmacDrbg = (asynchronous) => {
+  let v = u8n(L);
+  let k = u8n(L);
+  let i = 0;
+  const NULL = u8n(0);
+  const reset = () => {
+    v.fill(1);
+    k.fill(0);
+    i = 0;
+  };
+  const max = 1e3;
+  const _e = "drbg: tried 1000 values";
+  {
+    const h = (...b) => etc.hmacSha256Async(k, v, ...b);
+    const reseed = async (seed = NULL) => {
+      k = await h(u8of(0), seed);
+      v = await h();
+      if (seed.length === 0)
+        return;
+      k = await h(u8of(1), seed);
+      v = await h();
+    };
+    const gen = async () => {
+      if (i++ >= max)
+        err(_e);
+      v = await h();
+      return v;
+    };
+    return async (seed, pred) => {
+      reset();
+      await reseed(seed);
+      let res = void 0;
+      while (!(res = pred(await gen())))
+        await reseed();
+      reset();
+      return res;
+    };
+  }
+};
+const signAsync = async (msgh, priv, opts = signOpts) => {
+  const { seed, k2sig } = prepSig(msgh, priv, opts);
+  const sig = await hmacDrbg()(seed, k2sig);
+  return sig;
+};
+const verify = (sig, msgh, pub, opts = veriOpts) => {
+  let { lowS } = opts;
+  if (lowS == null)
+    lowS = true;
+  if ("strict" in opts)
+    err("option not supported");
+  let sigg;
+  const rs = sig && typeof sig === "object" && "r" in sig;
+  if (!rs && toU8(sig).length !== L2)
+    err("signature must be 64 bytes");
+  try {
+    sigg = rs ? new Signature$1(sig.r, sig.s) : Signature$1.fromCompact(sig);
+    const h = bits2int_modN(toU8(msgh));
+    const P2 = Point.fromBytes(toU8(pub));
+    const { r, s } = sigg;
+    if (lowS && highS(s))
+      return false;
+    const is = invert(s, N);
+    const u1 = modN(h * is);
+    const u2 = modN(r * is);
+    const R = doubleScalarMulUns(P2, u1, u2).toAffine();
+    const v = modN(R.x);
+    return v === r;
+  } catch (error) {
+    return false;
+  }
+};
+const recoverPublicKey = (sig, msgh) => {
+  const { r, s, recovery } = sig;
+  if (![0, 1, 2, 3].includes(recovery))
+    err("recovery id invalid");
+  const h = bits2int_modN(toU8(msgh, L));
+  const radj = recovery === 2 || recovery === 3 ? r + N : r;
+  afield(radj);
+  const head = getPrefix(big(recovery));
+  const Rb = concatBytes(head, numTo32b(radj));
+  const R = Point.fromBytes(Rb);
+  const ir = invert(radj, N);
+  const u1 = modN(-h * ir);
+  const u2 = modN(s * ir);
+  return doubleScalarMulUns(R, u1, u2);
+};
+const getSharedSecret = (privA, pubB, isCompressed = true) => {
+  return Point.fromBytes(toU8(pubB)).multiply(toPrivScalar(privA)).toBytes(isCompressed);
+};
+const hashToPrivateKey = (hash) => {
+  hash = toU8(hash);
+  if (hash.length < L + 8 || hash.length > 1024)
+    err("expected 40-1024b");
+  const num = M(bytesToNumBE(hash), N - 1n);
+  return numTo32b(num + 1n);
+};
+const _sha = "SHA-256";
+const etc = {
+  hexToBytes,
+  bytesToHex,
+  concatBytes,
+  bytesToNumberBE: bytesToNumBE,
+  numberToBytesBE: numTo32b,
+  mod: M,
+  invert,
+  // math utilities
+  hmacSha256Async: async (key, ...msgs) => {
+    const s = subtle();
+    const name = "HMAC";
+    const k = await s.importKey("raw", key, { name, hash: { name: _sha } }, false, ["sign"]);
+    return u8n(await s.sign(name, k, concatBytes(...msgs)));
+  },
+  hmacSha256Sync: void 0,
+  // For TypeScript. Actual logic is below
+  hashToPrivateKey,
+  randomBytes
+};
+const W = 8;
+const scalarBits = 256;
+const pwindows = Math.ceil(scalarBits / W) + 1;
+const pwindowSize = 2 ** (W - 1);
+const precompute = () => {
+  const points = [];
+  let p = G;
+  let b = p;
+  for (let w = 0; w < pwindows; w++) {
+    b = p;
+    points.push(b);
+    for (let i = 1; i < pwindowSize; i++) {
+      b = b.add(p);
+      points.push(b);
+    }
+    p = b.double();
+  }
+  return points;
+};
+let Gpows = void 0;
+const ctneg = (cnd, p) => {
+  const n = p.negate();
+  return cnd ? n : p;
+};
+const wNAF = (n) => {
+  const comp = Gpows || (Gpows = precompute());
+  let p = I;
+  let f = G;
+  const pow_2_w = 2 ** W;
+  const maxNum = pow_2_w;
+  const mask = big(pow_2_w - 1);
+  const shiftBy = big(W);
+  for (let w = 0; w < pwindows; w++) {
+    let wbits = Number(n & mask);
+    n >>= shiftBy;
+    if (wbits > pwindowSize) {
+      wbits -= maxNum;
+      n += 1n;
+    }
+    const off = w * pwindowSize;
+    const offF = off;
+    const offP = off + Math.abs(wbits) - 1;
+    const isEven2 = w % 2 !== 0;
+    const isNeg = wbits < 0;
+    if (wbits === 0) {
+      f = f.add(ctneg(isEven2, comp[offF]));
+    } else {
+      p = p.add(ctneg(isNeg, comp[offP]));
+    }
+  }
+  return { p, f };
+};
+export {
+  secp256k1_CURVE as CURVE,
+  Point,
+  Point as ProjectivePoint,
+  Signature$1 as Signature,
+  etc,
+  getPublicKey,
+  getSharedSecret,
+  signAsync,
+  verify
+};
+//# sourceMappingURL=index.js.map

package/dist/node/node_modules/@noble/secp256k1/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../../../../../node_modules/@noble/secp256k1/index.js"],"sourcesContent":["/*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */\n/**\n * 4KB JS implementation of secp256k1 ECDSA / Schnorr signatures & ECDH.\n * Compliant with RFC6979 & BIP340.\n * @module\n */\n/**\n * Curve params. secp256k1 is short weierstrass / koblitz curve. Equation is y² == x³ + ax + b.\n * * P = `2n**256n-2n**32n-2n**977n` // field over which calculations are done\n * * N = `2n**256n - 0x14551231950b75fc4402da1732fc9bebfn` // group order, amount of curve points\n * * h = `1n` // cofactor\n * * a = `0n` // equation param\n * * b = `7n` // equation param\n * * Gx, Gy are coordinates of Generator / base point\n */\nconst secp256k1_CURVE = {\n    p: 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2fn,\n    n: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n,\n    h: 1n,\n    a: 0n,\n    b: 7n,\n    Gx: 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798n,\n    Gy: 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8n,\n};\nconst { p: P, n: N, Gx, Gy, b: _b } = secp256k1_CURVE;\nconst L = 32; // field / group byte length\nconst L2 = 64;\n// Helpers and Precomputes sections are reused between libraries\n// ## Helpers\n// ----------\n// error helper, messes-up stack trace\nconst err = (m = '') => {\n    throw new Error(m);\n};\nconst isBig = (n) => typeof n === 'bigint'; // is big integer\nconst isStr = (s) => typeof s === 'string'; // is string\nconst isBytes = (a) => a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');\n/** assert is Uint8Array (of specific length) */\nconst abytes = (a, l) => !isBytes(a) || (typeof l === 'number' && l > 0 && a.length !== l)\n    ? err('Uint8Array expected')\n    : a;\n/** create Uint8Array */\nconst u8n = (len) => new Uint8Array(len);\nconst u8fr = (buf) => Uint8Array.from(buf);\nconst padh = (n, pad) => n.toString(16).padStart(pad, '0');\nconst bytesToHex = (b) => Array.from(abytes(b))\n    .map((e) => padh(e, 2))\n    .join('');\nconst C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 }; // ASCII characters\nconst _ch = (ch) => {\n    if (ch >= C._0 && ch <= C._9)\n        return ch - C._0; // '2' => 50-48\n    if (ch >= C.A && ch <= C.F)\n        return ch - (C.A - 10); // 'B' => 66-(65-10)\n    if (ch >= C.a && ch <= C.f)\n        return ch - (C.a - 10); // 'b' => 98-(97-10)\n    return;\n};\nconst hexToBytes = (hex) => {\n    const e = 'hex invalid';\n    if (!isStr(hex))\n        return err(e);\n    const hl = hex.length;\n    const al = hl / 2;\n    if (hl % 2)\n        return err(e);\n    const array = u8n(al);\n    for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n        // treat each char as ASCII\n        const n1 = _ch(hex.charCodeAt(hi)); // parse first char, multiply it by 16\n        const n2 = _ch(hex.charCodeAt(hi + 1)); // parse second char\n        if (n1 === undefined || n2 === undefined)\n            return err(e);\n        array[ai] = n1 * 16 + n2; // example: 'A9' => 10*16 + 9\n    }\n    return array;\n};\n/** normalize hex or ui8a to ui8a */\nconst toU8 = (a, len) => abytes(isStr(a) ? hexToBytes(a) : u8fr(abytes(a)), len);\nconst cr = () => globalThis?.crypto; // WebCrypto is available in all modern environments\nconst subtle = () => cr()?.subtle ?? err('crypto.subtle must be defined');\n// prettier-ignore\nconst concatBytes = (...arrs) => {\n    const r = u8n(arrs.reduce((sum, a) => sum + abytes(a).length, 0)); // create u8a of summed length\n    let pad = 0; // walk through each array,\n    arrs.forEach(a => { r.set(a, pad); pad += a.length; }); // ensure they have proper type\n    return r;\n};\n/** WebCrypto OS-level CSPRNG (random number generator). Will throw when not available. */\nconst randomBytes = (len = L) => {\n    const c = cr();\n    return c.getRandomValues(u8n(len));\n};\nconst big = BigInt;\nconst arange = (n, min, max, msg = 'bad number: out of range') => isBig(n) && min <= n && n < max ? n : err(msg);\n/** modular division */\nconst M = (a, b = P) => {\n    const r = a % b;\n    return r >= 0n ? r : b + r;\n};\nconst modN = (a) => M(a, N);\n/** Modular inversion using eucledian GCD (non-CT). No negative exponent for now. */\n// prettier-ignore\nconst invert = (num, md) => {\n    if (num === 0n || md <= 0n)\n        err('no inverse n=' + num + ' mod=' + md);\n    let a = M(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;\n    while (a !== 0n) {\n        const q = b / a, r = b % a;\n        const m = x - u * q, n = y - v * q;\n        b = a, a = r, x = u, y = v, u = m, v = n;\n    }\n    return b === 1n ? M(x, md) : err('no inverse'); // b is gcd at this point\n};\nconst callHash = (name) => {\n    // @ts-ignore\n    const fn = etc[name];\n    if (typeof fn !== 'function')\n        err('hashes.' + name + ' not set');\n    return fn;\n};\nconst apoint = (p) => (p instanceof Point ? p : err('Point expected'));\n// ## End of Helpers\n// -----------------\n/** secp256k1 formula. Koblitz curves are subclass of weierstrass curves with a=0, making it x³+b */\nconst koblitz = (x) => M(M(x * x) * x + _b);\n/** assert is field element or 0 */\nconst afield0 = (n) => arange(n, 0n, P);\n/** assert is field element */\nconst afield = (n) => arange(n, 1n, P);\n/** assert is group elem */\nconst agroup = (n) => arange(n, 1n, N);\nconst isEven = (y) => (y & 1n) === 0n;\n/** create Uint8Array of byte n */\nconst u8of = (n) => Uint8Array.of(n);\nconst getPrefix = (y) => u8of(isEven(y) ? 0x02 : 0x03);\n/** lift_x from BIP340 calculates square root. Validates x, then validates root*root. */\nconst lift_x = (x) => {\n    // Let c = x³ + 7 mod p. Fail if x ≥ p. (also fail if x < 1)\n    const c = koblitz(afield(x));\n    // c = √y\n    // y = c^((p+1)/4) mod p\n    // This formula works for fields p = 3 mod 4 -- a special, fast case.\n    // Paper: \"Square Roots from 1;24,51,10 to Dan Shanks\".\n    let r = 1n;\n    for (let num = c, e = (P + 1n) / 4n; e > 0n; e >>= 1n) {\n        // powMod: modular exponentiation.\n        if (e & 1n)\n            r = (r * num) % P; // Uses exponentiation by squaring.\n        num = (num * num) % P; // Not constant-time.\n    }\n    return M(r * r) === c ? r : err('sqrt invalid'); // check if result is valid\n};\n/** Point in 3d xyz projective coordinates. 3d takes less inversions than 2d. */\nclass Point {\n    static BASE;\n    static ZERO;\n    px;\n    py;\n    pz;\n    constructor(px, py, pz) {\n        this.px = afield0(px);\n        this.py = afield(py); // y can't be 0 in Projective\n        this.pz = afield0(pz);\n        Object.freeze(this);\n    }\n    /** Convert Uint8Array or hex string to Point. */\n    static fromBytes(bytes) {\n        abytes(bytes);\n        let p = undefined;\n        // First byte is prefix, rest is data. There are 2 kinds: compressed & uncompressed:\n        // * [0x02 or 0x03][32-byte x coordinate]\n        // * [0x04]        [32-byte x coordinate][32-byte y coordinate]\n        const head = bytes[0];\n        const tail = bytes.subarray(1);\n        const x = sliceBytesNumBE(tail, 0, L);\n        const len = bytes.length;\n        // Compressed 33-byte point, 0x02 or 0x03 prefix\n        if (len === L + 1 && [0x02, 0x03].includes(head)) {\n            // Equation is y² == x³ + ax + b. We calculate y from x.\n            // y = √y²; there are two solutions: y, -y. Determine proper solution based on prefix\n            let y = lift_x(x);\n            const evenY = isEven(y);\n            const evenH = isEven(big(head));\n            if (evenH !== evenY)\n                y = M(-y);\n            p = new Point(x, y, 1n);\n        }\n        // Uncompressed 65-byte point, 0x04 prefix\n        if (len === L2 + 1 && head === 0x04)\n            p = new Point(x, sliceBytesNumBE(tail, L, L2), 1n);\n        // Validate point\n        return p ? p.assertValidity() : err('bad point: not on curve');\n    }\n    /** Equality check: compare points P&Q. */\n    equals(other) {\n        const { px: X1, py: Y1, pz: Z1 } = this;\n        const { px: X2, py: Y2, pz: Z2 } = apoint(other); // checks class equality\n        const X1Z2 = M(X1 * Z2);\n        const X2Z1 = M(X2 * Z1);\n        const Y1Z2 = M(Y1 * Z2);\n        const Y2Z1 = M(Y2 * Z1);\n        return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n    }\n    is0() {\n        return this.equals(I);\n    }\n    /** Flip point over y coordinate. */\n    negate() {\n        return new Point(this.px, M(-this.py), this.pz);\n    }\n    /** Point doubling: P+P, complete formula. */\n    double() {\n        return this.add(this);\n    }\n    /**\n     * Point addition: P+Q, complete, exception-free formula\n     * (Renes-Costello-Batina, algo 1 of [2015/1060](https://eprint.iacr.org/2015/1060)).\n     * Cost: `12M + 0S + 3*a + 3*b3 + 23add`.\n     */\n    // prettier-ignore\n    add(other) {\n        const { px: X1, py: Y1, pz: Z1 } = this;\n        const { px: X2, py: Y2, pz: Z2 } = apoint(other);\n        const a = 0n;\n        const b = _b;\n        let X3 = 0n, Y3 = 0n, Z3 = 0n;\n        const b3 = M(b * 3n);\n        let t0 = M(X1 * X2), t1 = M(Y1 * Y2), t2 = M(Z1 * Z2), t3 = M(X1 + Y1); // step 1\n        let t4 = M(X2 + Y2); // step 5\n        t3 = M(t3 * t4);\n        t4 = M(t0 + t1);\n        t3 = M(t3 - t4);\n        t4 = M(X1 + Z1);\n        let t5 = M(X2 + Z2); // step 10\n        t4 = M(t4 * t5);\n        t5 = M(t0 + t2);\n        t4 = M(t4 - t5);\n        t5 = M(Y1 + Z1);\n        X3 = M(Y2 + Z2); // step 15\n        t5 = M(t5 * X3);\n        X3 = M(t1 + t2);\n        t5 = M(t5 - X3);\n        Z3 = M(a * t4);\n        X3 = M(b3 * t2); // step 20\n        Z3 = M(X3 + Z3);\n        X3 = M(t1 - Z3);\n        Z3 = M(t1 + Z3);\n        Y3 = M(X3 * Z3);\n        t1 = M(t0 + t0); // step 25\n        t1 = M(t1 + t0);\n        t2 = M(a * t2);\n        t4 = M(b3 * t4);\n        t1 = M(t1 + t2);\n        t2 = M(t0 - t2); // step 30\n        t2 = M(a * t2);\n        t4 = M(t4 + t2);\n        t0 = M(t1 * t4);\n        Y3 = M(Y3 + t0);\n        t0 = M(t5 * t4); // step 35\n        X3 = M(t3 * X3);\n        X3 = M(X3 - t0);\n        t0 = M(t3 * t1);\n        Z3 = M(t5 * Z3);\n        Z3 = M(Z3 + t0); // step 40\n        return new Point(X3, Y3, Z3);\n    }\n    /**\n     * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.\n     * Uses {@link wNAF} for base point.\n     * Uses fake point to mitigate side-channel leakage.\n     * @param n scalar by which point is multiplied\n     * @param safe safe mode guards against timing attacks; unsafe mode is faster\n     */\n    multiply(n, safe = true) {\n        if (!safe && n === 0n)\n            return I;\n        agroup(n);\n        if (n === 1n)\n            return this;\n        if (this.equals(G))\n            return wNAF(n).p;\n        // init result point & fake point\n        let p = I;\n        let f = G;\n        for (let d = this; n > 0n; d = d.double(), n >>= 1n) {\n            // if bit is present, add to point\n            // if not present, add to fake, for timing safety\n            if (n & 1n)\n                p = p.add(d);\n            else if (safe)\n                f = f.add(d);\n        }\n        return p;\n    }\n    /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */\n    toAffine() {\n        const { px: x, py: y, pz: z } = this;\n        // fast-paths for ZERO point OR Z=1\n        if (this.equals(I))\n            return { x: 0n, y: 0n };\n        if (z === 1n)\n            return { x, y };\n        const iz = invert(z, P);\n        // (Z * Z^-1) must be 1, otherwise bad math\n        if (M(z * iz) !== 1n)\n            err('inverse invalid');\n        // x = X*Z^-1; y = Y*Z^-1\n        return { x: M(x * iz), y: M(y * iz) };\n    }\n    /** Checks if the point is valid and on-curve. */\n    assertValidity() {\n        const { x, y } = this.toAffine(); // convert to 2d xy affine point.\n        afield(x); // must be in range 1 <= x,y < P\n        afield(y);\n        // y² == x³ + ax + b, equation sides must be equal\n        return M(y * y) === koblitz(x) ? this : err('bad point: not on curve');\n    }\n    /** Converts point to 33/65-byte Uint8Array. */\n    toBytes(isCompressed = true) {\n        const { x, y } = this.assertValidity().toAffine();\n        const x32b = numTo32b(x);\n        if (isCompressed)\n            return concatBytes(getPrefix(y), x32b);\n        return concatBytes(u8of(0x04), x32b, numTo32b(y));\n    }\n    /** Create 3d xyz point from 2d xy. (0, 0) => (0, 1, 0), not (0, 0, 1) */\n    static fromAffine(ap) {\n        const { x, y } = ap;\n        return x === 0n && y === 0n ? I : new Point(x, y, 1n);\n    }\n    toHex(isCompressed) {\n        return bytesToHex(this.toBytes(isCompressed));\n    }\n    static fromPrivateKey(k) {\n        return G.multiply(toPrivScalar(k));\n    }\n    static fromHex(hex) {\n        return Point.fromBytes(toU8(hex));\n    }\n    get x() {\n        return this.toAffine().x;\n    }\n    get y() {\n        return this.toAffine().y;\n    }\n    toRawBytes(isCompressed) {\n        return this.toBytes(isCompressed);\n    }\n}\n/** Generator / base point */\nconst G = new Point(Gx, Gy, 1n);\n/** Identity / zero point */\nconst I = new Point(0n, 1n, 0n);\n// Static aliases\nPoint.BASE = G;\nPoint.ZERO = I;\n/** `Q = u1⋅G + u2⋅R`. Verifies Q is not ZERO. Unsafe: non-CT. */\nconst doubleScalarMulUns = (R, u1, u2) => {\n    return G.multiply(u1, false).add(R.multiply(u2, false)).assertValidity();\n};\nconst bytesToNumBE = (b) => big('0x' + (bytesToHex(b) || '0'));\nconst sliceBytesNumBE = (b, from, to) => bytesToNumBE(b.subarray(from, to));\nconst B256 = 2n ** 256n; // secp256k1 is weierstrass curve. Equation is x³ + ax + b.\n/** Number to 32b. Must be 0 <= num < B256. validate, pad, to bytes. */\nconst numTo32b = (num) => hexToBytes(padh(arange(num, 0n, B256), L2));\n/** Normalize private key to scalar (bigint). Verifies scalar is in range 1<s<N */\nconst toPrivScalar = (pr) => {\n    const num = isBig(pr) ? pr : bytesToNumBE(toU8(pr, L));\n    return arange(num, 1n, N, 'private key invalid 3');\n};\n/** For Signature malleability, validates sig.s is bigger than N/2. */\nconst highS = (n) => n > N >> 1n;\n/** Creates 33/65-byte public key from 32-byte private key. */\nconst getPublicKey = (privKey, isCompressed = true) => {\n    return G.multiply(toPrivScalar(privKey)).toBytes(isCompressed);\n};\n/** ECDSA Signature class. Supports only compact 64-byte representation, not DER. */\nclass Signature {\n    r;\n    s;\n    recovery;\n    constructor(r, s, recovery) {\n        this.r = agroup(r); // 1 <= r < N\n        this.s = agroup(s); // 1 <= s < N\n        if (recovery != null)\n            this.recovery = recovery;\n        Object.freeze(this);\n    }\n    /** Create signature from 64b compact (r || s) representation. */\n    static fromBytes(b) {\n        abytes(b, L2);\n        const r = sliceBytesNumBE(b, 0, L);\n        const s = sliceBytesNumBE(b, L, L2);\n        return new Signature(r, s);\n    }\n    toBytes() {\n        const { r, s } = this;\n        return concatBytes(numTo32b(r), numTo32b(s));\n    }\n    /** Copy signature, with newly added recovery bit. */\n    addRecoveryBit(bit) {\n        return new Signature(this.r, this.s, bit);\n    }\n    hasHighS() {\n        return highS(this.s);\n    }\n    toCompactRawBytes() {\n        return this.toBytes();\n    }\n    toCompactHex() {\n        return bytesToHex(this.toBytes());\n    }\n    recoverPublicKey(msg) {\n        return recoverPublicKey(this, msg);\n    }\n    static fromCompact(hex) {\n        return Signature.fromBytes(toU8(hex, L2));\n    }\n    assertValidity() {\n        return this;\n    }\n    normalizeS() {\n        const { r, s, recovery } = this;\n        return highS(s) ? new Signature(r, modN(-s), recovery) : this;\n    }\n}\n/**\n * RFC6979: ensure ECDSA msg is X bytes, convert to BigInt.\n * RFC suggests optional truncating via bits2octets.\n * FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits,\n * which matches bits2int. bits2int can produce res>N.\n */\nconst bits2int = (bytes) => {\n    const delta = bytes.length * 8 - 256;\n    if (delta > 1024)\n        err('msg invalid'); // our CUSTOM check, \"just-in-case\": prohibit long inputs\n    const num = bytesToNumBE(bytes);\n    return delta > 0 ? num >> big(delta) : num;\n};\n/** int2octets can't be used; pads small msgs with 0: BAD for truncation as per RFC vectors */\nconst bits2int_modN = (bytes) => modN(bits2int(abytes(bytes)));\nconst signOpts = { lowS: true };\nconst veriOpts = { lowS: true };\n// RFC6979 signature generation, preparation step.\nconst prepSig = (msgh, priv, opts = signOpts) => {\n    if (['der', 'recovered', 'canonical'].some((k) => k in opts))\n        // legacy opts\n        err('option not supported');\n    let { lowS, extraEntropy } = opts; // generates low-s sigs by default\n    if (lowS == null)\n        lowS = true; // RFC6979 3.2: we skip step A\n    const i2o = numTo32b; // int to octets\n    const h1i = bits2int_modN(toU8(msgh)); // msg bigint\n    const h1o = i2o(h1i); // msg octets\n    const d = toPrivScalar(priv); // validate private key, convert to bigint\n    const seed = [i2o(d), h1o]; // Step D of RFC6979 3.2\n    /** RFC6979 3.6: additional k' (optional). See {@link ExtraEntropy}. */\n    // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')\n    if (extraEntropy)\n        seed.push(extraEntropy === true ? randomBytes(L) : toU8(extraEntropy));\n    const m = h1i; // convert msg to bigint\n    // Converts signature params into point w r/s, checks result for validity.\n    // To transform k => Signature:\n    // q = k⋅G\n    // r = q.x mod n\n    // s = k^-1(m + rd) mod n\n    const k2sig = (kBytes) => {\n        // RFC 6979 Section 3.2, step 3: k = bits2int(T)\n        // Important: all mod() calls here must be done over N\n        const k = bits2int(kBytes);\n        if (!(1n <= k && k < N))\n            return; // Check 0 < k < CURVE.n\n        const q = G.multiply(k).toAffine(); // q = k⋅G\n        const r = modN(q.x); // r = q.x mod n\n        if (r === 0n)\n            return;\n        const ik = invert(k, N); // k^-1 mod n, NOT mod P\n        const s = modN(ik * modN(m + modN(d * r))); // s = k^-1(m + rd) mod n\n        if (s === 0n)\n            return;\n        let normS = s; // normalized S\n        let recovery = (q.x === r ? 0 : 2) | Number(q.y & 1n); // recovery bit (2 or 3, when q.x > n)\n        if (lowS && highS(s)) {\n            // if lowS was passed, ensure s is always\n            normS = modN(-s); // in the bottom half of CURVE.n\n            recovery ^= 1;\n        }\n        return new Signature(r, normS, recovery); // use normS, not s\n    };\n    return { seed: concatBytes(...seed), k2sig };\n};\n// HMAC-DRBG from NIST 800-90. Minimal, non-full-spec - used for RFC6979 signatures.\nconst hmacDrbg = (asynchronous) => {\n    let v = u8n(L); // Steps B, C of RFC6979 3.2: set hashLen\n    let k = u8n(L); // In our case, it's always equal to L\n    let i = 0; // Iterations counter, will throw when over max\n    const NULL = u8n(0);\n    const reset = () => {\n        v.fill(1);\n        k.fill(0);\n        i = 0;\n    };\n    const max = 1000;\n    const _e = 'drbg: tried 1000 values';\n    if (asynchronous) {\n        // asynchronous=true\n        // h = hmac(K || V || ...)\n        const h = (...b) => etc.hmacSha256Async(k, v, ...b);\n        const reseed = async (seed = NULL) => {\n            // HMAC-DRBG reseed() function. Steps D-G\n            k = await h(u8of(0x00), seed); // k = hmac(K || V || 0x00 || seed)\n            v = await h(); // v = hmac(K || V)\n            if (seed.length === 0)\n                return;\n            k = await h(u8of(0x01), seed); // k = hmac(K || V || 0x01 || seed)\n            v = await h(); // v = hmac(K || V)\n        };\n        // HMAC-DRBG generate() function\n        const gen = async () => {\n            if (i++ >= max)\n                err(_e);\n            v = await h(); // v = hmac(K || V)\n            return v; // this diverges from noble-curves: we don't allow arbitrary output len!\n        };\n        // Do not reuse returned fn for more than 1 sig:\n        // 1) it's slower (JIT screws up). 2. unsafe (async race conditions)\n        return async (seed, pred) => {\n            reset();\n            await reseed(seed); // Steps D-G\n            let res = undefined; // Step H: grind until k is in [1..n-1]\n            while (!(res = pred(await gen())))\n                await reseed(); // test predicate until it returns ok\n            reset();\n            return res;\n        };\n    }\n    else {\n        // asynchronous=false; same as above, but synchronous\n        // h = hmac(K || V || ...)\n        const h = (...b) => callHash('hmacSha256Sync')(k, v, ...b);\n        const reseed = (seed = NULL) => {\n            // HMAC-DRBG reseed() function. Steps D-G\n            k = h(u8of(0x00), seed); // k = hmac(k || v || 0x00 || seed)\n            v = h(); // v = hmac(k || v)\n            if (seed.length === 0)\n                return;\n            k = h(u8of(0x01), seed); // k = hmac(k || v || 0x01 || seed)\n            v = h(); // v = hmac(k || v)\n        };\n        // HMAC-DRBG generate() function\n        const gen = () => {\n            if (i++ >= max)\n                err(_e);\n            v = h(); // v = hmac(k || v)\n            return v; // this diverges from noble-curves: we don't allow arbitrary output len!\n        };\n        // Do not reuse returned fn for more than 1 sig:\n        // 1) it's slower (JIT screws up). 2. unsafe (async race conditions)\n        return (seed, pred) => {\n            reset();\n            reseed(seed); // Steps D-G\n            let res = undefined; // Step H: grind until k is in [1..n-1]\n            while (!(res = pred(gen())))\n                reseed(); // test predicate until it returns ok\n            reset();\n            return res;\n        };\n    }\n};\n/**\n * Sign a msg hash using secp256k1. Async.\n * Follows [SEC1](https://secg.org/sec1-v2.pdf) 4.1.2 & RFC6979.\n * It's suggested to enable hedging ({@link ExtraEntropy}) to prevent fault attacks.\n * @param msgh - message HASH, not message itself e.g. sha256(message)\n * @param priv - private key\n * @param opts - `lowS: true` prevents malleability, `extraEntropy: true` enables hedging\n */\nconst signAsync = async (msgh, priv, opts = signOpts) => {\n    // Re-run drbg until k2sig returns ok\n    const { seed, k2sig } = prepSig(msgh, priv, opts);\n    const sig = await hmacDrbg(true)(seed, k2sig);\n    return sig;\n};\n/**\n * Sign a msg hash using secp256k1.\n * Follows [SEC1](https://secg.org/sec1-v2.pdf) 4.1.2 & RFC6979.\n * It's suggested to enable hedging ({@link ExtraEntropy}) to prevent fault attacks.\n * @param msgh - message HASH, not message itself e.g. sha256(message)\n * @param priv - private key\n * @param opts - `lowS: true` prevents malleability, `extraEntropy: true` enables hedging\n * @example\n * const sig = sign(sha256('hello'), privKey, { extraEntropy: true }).toBytes();\n */\nconst sign = (msgh, priv, opts = signOpts) => {\n    // Re-run drbg until k2sig returns ok\n    const { seed, k2sig } = prepSig(msgh, priv, opts);\n    const sig = hmacDrbg(false)(seed, k2sig);\n    return sig;\n};\n/**\n * Verify a signature using secp256k1.\n * Follows [SEC1](https://secg.org/sec1-v2.pdf) 4.1.4.\n * Default lowS=true, prevents malleability.\n * @param sig - signature, 64-byte or Signature instance\n * @param msgh - message HASH, not message itself e.g. sha256(message)\n * @param pub - public key\n * @param opts - { lowS: true } is default, prohibits s >= CURVE.n/2 to prevent malleability\n */\nconst verify = (sig, msgh, pub, opts = veriOpts) => {\n    let { lowS } = opts;\n    if (lowS == null)\n        lowS = true;\n    if ('strict' in opts)\n        err('option not supported');\n    let sigg;\n    // Previous ver supported DER sigs.\n    // We throw error when DER is suspected now.\n    const rs = sig && typeof sig === 'object' && 'r' in sig;\n    if (!rs && toU8(sig).length !== L2)\n        err('signature must be 64 bytes');\n    try {\n        sigg = rs ? new Signature(sig.r, sig.s) : Signature.fromCompact(sig);\n        const h = bits2int_modN(toU8(msgh)); // Truncate hash\n        const P = Point.fromBytes(toU8(pub)); // Validate public key\n        const { r, s } = sigg;\n        if (lowS && highS(s))\n            return false; // lowS bans sig.s >= CURVE.n/2\n        const is = invert(s, N); // s^-1\n        const u1 = modN(h * is); // u1 = hs^-1 mod n\n        const u2 = modN(r * is); // u2 = rs^-1 mod n\n        const R = doubleScalarMulUns(P, u1, u2).toAffine(); // R = u1⋅G + u2⋅P\n        // Stop if R is identity / zero point. Check is done inside `doubleScalarMulUns`\n        const v = modN(R.x); // R.x must be in N's field, not P's\n        return v === r; // mod(R.x, n) == r\n    }\n    catch (error) {\n        return false;\n    }\n};\n/**\n * ECDSA public key recovery. Requires msg hash and recovery id.\n * Follows [SEC1](https://secg.org/sec1-v2.pdf) 4.1.6.\n */\nconst recoverPublicKey = (sig, msgh) => {\n    const { r, s, recovery } = sig;\n    // 0 or 1 recovery id determines sign of \"y\" coordinate.\n    // 2 or 3 means q.x was >N.\n    if (![0, 1, 2, 3].includes(recovery))\n        err('recovery id invalid');\n    const h = bits2int_modN(toU8(msgh, L)); // Truncate hash\n    const radj = recovery === 2 || recovery === 3 ? r + N : r;\n    afield(radj); // ensure q.x is still a field element\n    const head = getPrefix(big(recovery)); // head is 0x02 or 0x03\n    const Rb = concatBytes(head, numTo32b(radj)); // concat head + r\n    const R = Point.fromBytes(Rb);\n    const ir = invert(radj, N); // r^-1\n    const u1 = modN(-h * ir); // -hr^-1\n    const u2 = modN(s * ir); // sr^-1\n    return doubleScalarMulUns(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)\n};\n/**\n * Elliptic Curve Diffie-Hellman (ECDH) on secp256k1.\n * Result is **NOT hashed**. Use hash or KDF on it if you need.\n * @param privA private key A\n * @param pubB public key B\n * @param isCompressed 33-byte (true) or 65-byte (false) output\n * @returns public key C\n */\nconst getSharedSecret = (privA, pubB, isCompressed = true) => {\n    return Point.fromBytes(toU8(pubB)).multiply(toPrivScalar(privA)).toBytes(isCompressed);\n};\n// FIPS 186 B.4.1 compliant key generation produces private keys with modulo bias being neglible.\n// takes >N+8 bytes, returns (hash mod n-1)+1\nconst hashToPrivateKey = (hash) => {\n    hash = toU8(hash);\n    if (hash.length < L + 8 || hash.length > 1024)\n        err('expected 40-1024b');\n    const num = M(bytesToNumBE(hash), N - 1n);\n    return numTo32b(num + 1n);\n};\nconst randomPrivateKey = () => hashToPrivateKey(randomBytes(L + 16)); // FIPS 186 B.4.1.\nconst _sha = 'SHA-256';\n/** Math, hex, byte helpers. Not in `utils` because utils share API with noble-curves. */\nconst etc = {\n    hexToBytes: hexToBytes,\n    bytesToHex: bytesToHex,\n    concatBytes: concatBytes,\n    bytesToNumberBE: bytesToNumBE,\n    numberToBytesBE: numTo32b,\n    mod: M,\n    invert: invert, // math utilities\n    hmacSha256Async: async (key, ...msgs) => {\n        const s = subtle();\n        const name = 'HMAC';\n        const k = await s.importKey('raw', key, { name, hash: { name: _sha } }, false, ['sign']);\n        return u8n(await s.sign(name, k, concatBytes(...msgs)));\n    },\n    hmacSha256Sync: undefined, // For TypeScript. Actual logic is below\n    hashToPrivateKey: hashToPrivateKey,\n    randomBytes: randomBytes,\n};\n/** Curve-specific utilities for private keys. */\nconst utils = {\n    normPrivateKeyToScalar: toPrivScalar,\n    isValidPrivateKey: (key) => {\n        try {\n            return !!toPrivScalar(key);\n        }\n        catch (e) {\n            return false;\n        }\n    },\n    randomPrivateKey: randomPrivateKey,\n    precompute: (w = 8, p = G) => {\n        p.multiply(3n);\n        w;\n        return p;\n    },\n};\n// ## Precomputes\n// --------------\nconst W = 8; // W is window size\nconst scalarBits = 256;\nconst pwindows = Math.ceil(scalarBits / W) + 1; // 33 for W=8\nconst pwindowSize = 2 ** (W - 1); // 128 for W=8\nconst precompute = () => {\n    const points = [];\n    let p = G;\n    let b = p;\n    for (let w = 0; w < pwindows; w++) {\n        b = p;\n        points.push(b);\n        for (let i = 1; i < pwindowSize; i++) {\n            b = b.add(p);\n            points.push(b);\n        } // i=1, bc we skip 0\n        p = b.double();\n    }\n    return points;\n};\nlet Gpows = undefined; // precomputes for base point G\n// const-time negate\nconst ctneg = (cnd, p) => {\n    const n = p.negate();\n    return cnd ? n : p;\n};\n/**\n * Precomputes give 12x faster getPublicKey(), 10x sign(), 2x verify() by\n * caching multiples of G (base point). Cache is stored in 32MB of RAM.\n * Any time `G.multiply` is done, precomputes are used.\n * Not used for getSharedSecret, which instead multiplies random pubkey `P.multiply`.\n *\n * w-ary non-adjacent form (wNAF) precomputation method is 10% slower than windowed method,\n * but takes 2x less RAM. RAM reduction is possible by utilizing `.subtract`.\n *\n * !! Precomputes can be disabled by commenting-out call of the wNAF() inside Point#multiply().\n */\nconst wNAF = (n) => {\n    const comp = Gpows || (Gpows = precompute());\n    let p = I;\n    let f = G; // f must be G, or could become I in the end\n    const pow_2_w = 2 ** W; // 256 for W=8\n    const maxNum = pow_2_w; // 256 for W=8\n    const mask = big(pow_2_w - 1); // 255 for W=8 == mask 0b11111111\n    const shiftBy = big(W); // 8 for W=8\n    for (let w = 0; w < pwindows; w++) {\n        let wbits = Number(n & mask); // extract W bits.\n        n >>= shiftBy; // shift number by W bits.\n        if (wbits > pwindowSize) {\n            wbits -= maxNum;\n            n += 1n;\n        } // split if bits > max: +224 => 256-32\n        const off = w * pwindowSize;\n        const offF = off; // offsets, evaluate both\n        const offP = off + Math.abs(wbits) - 1;\n        const isEven = w % 2 !== 0; // conditions, evaluate both\n        const isNeg = wbits < 0;\n        if (wbits === 0) {\n            // off == I: can't add it. Adding random offF instead.\n            f = f.add(ctneg(isEven, comp[offF])); // bits are 0: add garbage to fake point\n        }\n        else {\n            p = p.add(ctneg(isNeg, comp[offP])); // bits are 1: add to result point\n        }\n    }\n    return { p, f }; // return both real and fake points for JIT\n};\n// !! Remove the export below to easily use in REPL / browser console\nexport { secp256k1_CURVE as CURVE, etc, getPublicKey, getSharedSecret, Point, Point as ProjectivePoint, sign, signAsync, Signature, utils, verify, };\n"],"names":["Signature","P","isEven"],"mappings":"AAAA;AAeK,MAAC,kBAAkB;AAAA,EACpB,GAAG;AAAA,EACH,GAAG;AAAA,EAGH,GAAG;AAAA,EACH,IAAI;AAAA,EACJ,IAAI;AACR;AACA,MAAM,EAAE,GAAG,GAAG,GAAG,GAAG,IAAI,IAAI,GAAG,GAAE,IAAK;AACtC,MAAM,IAAI;AACV,MAAM,KAAK;AAKX,MAAM,MAAM,CAAC,IAAI,OAAO;AACpB,QAAM,IAAI,MAAM,CAAC;AACrB;AACA,MAAM,QAAQ,CAAC,MAAM,OAAO,MAAM;AAClC,MAAM,QAAQ,CAAC,MAAM,OAAO,MAAM;AAClC,MAAM,UAAU,CAAC,MAAM,aAAa,cAAe,YAAY,OAAO,CAAC,KAAK,EAAE,YAAY,SAAS;AAEnG,MAAM,SAAS,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAM,OAAO,MAAM,YAAY,IAAI,KAAK,EAAE,WAAW,IAClF,IAAI,qBAAqB,IACzB;AAEN,MAAM,MAAM,CAAC,QAAQ,IAAI,WAAW,GAAG;AACvC,MAAM,OAAO,CAAC,QAAQ,WAAW,KAAK,GAAG;AACzC,MAAM,OAAO,CAAC,GAAG,QAAQ,EAAE,SAAS,EAAE,EAAE,SAAS,KAAK,GAAG;AACzD,MAAM,aAAa,CAAC,MAAM,MAAM,KAAK,OAAO,CAAC,CAAC,EACzC,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,EACrB,KAAK,EAAE;AACZ,MAAM,IAAI,EAAE,IAAI,IAAI,IAAI,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAG;AACvD,MAAM,MAAM,CAAC,OAAO;AAChB,MAAI,MAAM,EAAE,MAAM,MAAM,EAAE;AACtB,WAAO,KAAK,EAAE;AAClB,MAAI,MAAM,EAAE,KAAK,MAAM,EAAE;AACrB,WAAO,MAAM,EAAE,IAAI;AACvB,MAAI,MAAM,EAAE,KAAK,MAAM,EAAE;AACrB,WAAO,MAAM,EAAE,IAAI;AACvB;AACJ;AACA,MAAM,aAAa,CAAC,QAAQ;AACxB,QAAM,IAAI;AACV,MAAI,CAAC,MAAM,GAAG;AACV,WAAO,IAAI,CAAC;AAChB,QAAM,KAAK,IAAI;AACf,QAAM,KAAK,KAAK;AAChB,MAAI,KAAK;AACL,WAAO,IAAI,CAAC;AAChB,QAAM,QAAQ,IAAI,EAAE;AACpB,WAAS,KAAK,GAAG,KAAK,GAAG,KAAK,IAAI,MAAM,MAAM,GAAG;AAE7C,UAAM,KAAK,IAAI,IAAI,WAAW,EAAE,CAAC;AACjC,UAAM,KAAK,IAAI,IAAI,WAAW,KAAK,CAAC,CAAC;AACrC,QAAI,OAAO,UAAa,OAAO;AAC3B,aAAO,IAAI,CAAC;AAChB,UAAM,EAAE,IAAI,KAAK,KAAK;AAAA,EAC1B;AACA,SAAO;AACX;AAEA,MAAM,OAAO,CAAC,GAAG,QAAQ,OAAO,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,GAAG,GAAG;AAC/E,MAAM,KAAK,MAAM,YAAY;AAC7B,MAAM,SAAS,MAAM,GAAE,GAAI,UAAU,IAAI,+BAA+B;AAExE,MAAM,cAAc,IAAI,SAAS;AAC7B,QAAM,IAAI,IAAI,KAAK,OAAO,CAAC,KAAK,MAAM,MAAM,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;AAChE,MAAI,MAAM;AACV,OAAK,QAAQ,OAAK;AAAE,MAAE,IAAI,GAAG,GAAG;AAAG,WAAO,EAAE;AAAA,EAAQ,CAAC;AACrD,SAAO;AACX;AAEA,MAAM,cAAc,CAAC,MAAM,MAAM;AAC7B,QAAM,IAAI,GAAE;AACZ,SAAO,EAAE,gBAAgB,IAAI,GAAG,CAAC;AACrC;AACA,MAAM,MAAM;AACZ,MAAM,SAAS,CAAC,GAAG,KAAK,KAAK,MAAM,+BAA+B,MAAM,CAAC,KAAK,OAAO,KAAK,IAAI,MAAM,IAAI,IAAI,GAAG;AAE/G,MAAM,IAAI,CAAC,GAAG,IAAI,MAAM;AACpB,QAAM,IAAI,IAAI;AACd,SAAO,KAAK,KAAK,IAAI,IAAI;AAC7B;AACA,MAAM,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;AAG1B,MAAM,SAAS,CAAC,KAAK,OAAO;AACxB,MAAI,QAAQ,MAAM,MAAM;AACpB,QAAI,kBAAkB,MAAM,UAAU,EAAE;AACzC,MAAC,IAAI,EAAE,KAAK,EAAE,GAAG,IAAI,IAAI,IAAI,IAAY,IAAI;AAChD,SAAO,MAAM,IAAI;AACb,UAAM,IAAI,IAAI,GAAG,IAAI,IAAI;AACpB,UAAC,IAAI,IAAI,IAAI;AAClB,QAAI,GAAG,IAAI,GAAG,IAAI,GAAU,IAAI;AAAA,EACpC;AACA,SAAO,MAAM,KAAK,EAAE,GAAG,EAAE,IAAI,IAAI,YAAY;AACjD;AAQA,MAAM,SAAS,CAAC,MAAO,aAAa,QAAQ,IAAI,IAAI,gBAAgB;AAIpE,MAAM,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;AAE1C,MAAM,UAAU,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC;AAEtC,MAAM,SAAS,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC;AAErC,MAAM,SAAS,CAAC,MAAM,OAAO,GAAG,IAAI,CAAC;AACrC,MAAM,SAAS,CAAC,OAAO,IAAI,QAAQ;AAEnC,MAAM,OAAO,CAAC,MAAM,WAAW,GAAG,CAAC;AACnC,MAAM,YAAY,CAAC,MAAM,KAAK,OAAO,CAAC,IAAI,IAAO,CAAI;AAErD,MAAM,SAAS,CAAC,MAAM;AAElB,QAAM,IAAI,QAAQ,OAAO,CAAC,CAAC;AAK3B,MAAI,IAAI;AACR,WAAS,MAAM,GAAG,KAAK,IAAI,MAAM,IAAI,IAAI,IAAI,MAAM,IAAI;AAEnD,QAAI,IAAI;AACJ,UAAK,IAAI,MAAO;AACpB,UAAO,MAAM,MAAO;AAAA,EACxB;AACA,SAAO,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI,IAAI,cAAc;AAClD;AAEA,MAAM,MAAM;AAAA,EACR,OAAO;AAAA,EACP,OAAO;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY,IAAI,IAAI,IAAI;AACpB,SAAK,KAAK,QAAQ,EAAE;AACpB,SAAK,KAAK,OAAO,EAAE;AACnB,SAAK,KAAK,QAAQ,EAAE;AACpB,WAAO,OAAO,IAAI;AAAA,EACtB;AAAA;AAAA,EAEA,OAAO,UAAU,OAAO;AACpB,WAAO,KAAK;AACZ,QAAI,IAAI;AAIR,UAAM,OAAO,MAAM,CAAC;AACpB,UAAM,OAAO,MAAM,SAAS,CAAC;AAC7B,UAAM,IAAI,gBAAgB,MAAM,GAAG,CAAC;AACpC,UAAM,MAAM,MAAM;AAElB,QAAI,QAAQ,IAAI,KAAK,CAAC,GAAM,CAAI,EAAE,SAAS,IAAI,GAAG;AAG9C,UAAI,IAAI,OAAO,CAAC;AAChB,YAAM,QAAQ,OAAO,CAAC;AACtB,YAAM,QAAQ,OAAO,IAAI,IAAI,CAAC;AAC9B,UAAI,UAAU;AACV,YAAI,EAAE,CAAC,CAAC;AACZ,UAAI,IAAI,MAAM,GAAG,GAAG,EAAE;AAAA,IAC1B;AAEA,QAAI,QAAQ,KAAK,KAAK,SAAS;AAC3B,UAAI,IAAI,MAAM,GAAG,gBAAgB,MAAM,GAAG,EAAE,GAAG,EAAE;AAErD,WAAO,IAAI,EAAE,eAAc,IAAK,IAAI,yBAAyB;AAAA,EACjE;AAAA;AAAA,EAEA,OAAO,OAAO;AACV,UAAM,EAAE,IAAI,IAAI,IAAI,IAAI,IAAI,GAAE,IAAK;AACnC,UAAM,EAAE,IAAI,IAAI,IAAI,IAAI,IAAI,GAAE,IAAK,OAAO,KAAK;AAC/C,UAAM,OAAO,EAAE,KAAK,EAAE;AACtB,UAAM,OAAO,EAAE,KAAK,EAAE;AACtB,UAAM,OAAO,EAAE,KAAK,EAAE;AACtB,UAAM,OAAO,EAAE,KAAK,EAAE;AACtB,WAAO,SAAS,QAAQ,SAAS;AAAA,EACrC;AAAA,EACA,MAAM;AACF,WAAO,KAAK,OAAO,CAAC;AAAA,EACxB;AAAA;AAAA,EAEA,SAAS;AACL,WAAO,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,EAAE;AAAA,EAClD;AAAA;AAAA,EAEA,SAAS;AACL,WAAO,KAAK,IAAI,IAAI;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAI,OAAO;AACP,UAAM,EAAE,IAAI,IAAI,IAAI,IAAI,IAAI,GAAE,IAAK;AACnC,UAAM,EAAE,IAAI,IAAI,IAAI,IAAI,IAAI,GAAE,IAAK,OAAO,KAAK;AAC/C,UAAM,IAAI;AACV,UAAM,IAAI;AACV,QAAI,KAAK,IAAI,KAAK,IAAI,KAAK;AAC3B,UAAM,KAAK,EAAE,IAAI,EAAE;AACnB,QAAI,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE;AACrE,QAAI,KAAK,EAAE,KAAK,EAAE;AAClB,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,QAAI,KAAK,EAAE,KAAK,EAAE;AAClB,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,IAAI,EAAE;AACb,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,IAAI,EAAE;AACb,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,IAAI,EAAE;AACb,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,SAAK,EAAE,KAAK,EAAE;AACd,WAAO,IAAI,MAAM,IAAI,IAAI,EAAE;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,SAAS,GAAG,OAAO,MAAM;AACrB,QAAI,CAAC,QAAQ,MAAM;AACf,aAAO;AACX,WAAO,CAAC;AACR,QAAI,MAAM;AACN,aAAO;AACX,QAAI,KAAK,OAAO,CAAC;AACb,aAAO,KAAK,CAAC,EAAE;AAEnB,QAAI,IAAI;AACR,QAAI,IAAI;AACR,aAAS,IAAI,MAAM,IAAI,IAAI,IAAI,EAAE,OAAM,GAAI,MAAM,IAAI;AAGjD,UAAI,IAAI;AACJ,YAAI,EAAE,IAAI,CAAC;AAAA,eACN;AACL,YAAI,EAAE,IAAI,CAAC;AAAA,IACnB;AACA,WAAO;AAAA,EACX;AAAA;AAAA,EAEA,WAAW;AACP,UAAM,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,EAAC,IAAK;AAEhC,QAAI,KAAK,OAAO,CAAC;AACb,aAAO,EAAE,GAAG,IAAI,GAAG,GAAE;AACzB,QAAI,MAAM;AACN,aAAO,EAAE,GAAG,EAAC;AACjB,UAAM,KAAK,OAAO,GAAG,CAAC;AAEtB,QAAI,EAAE,IAAI,EAAE,MAAM;AACd,UAAI,iBAAiB;AAEzB,WAAO,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,EAAC;AAAA,EACvC;AAAA;AAAA,EAEA,iBAAiB;AACb,UAAM,EAAE,GAAG,EAAC,IAAK,KAAK,SAAQ;AAC9B,WAAO,CAAC;AACR,WAAO,CAAC;AAER,WAAO,EAAE,IAAI,CAAC,MAAM,QAAQ,CAAC,IAAI,OAAO,IAAI,yBAAyB;AAAA,EACzE;AAAA;AAAA,EAEA,QAAQ,eAAe,MAAM;AACzB,UAAM,EAAE,GAAG,EAAC,IAAK,KAAK,eAAc,EAAG,SAAQ;AAC/C,UAAM,OAAO,SAAS,CAAC;AACvB,QAAI;AACA,aAAO,YAAY,UAAU,CAAC,GAAG,IAAI;AACzC,WAAO,YAAY,KAAK,CAAI,GAAG,MAAM,SAAS,CAAC,CAAC;AAAA,EACpD;AAAA;AAAA,EAEA,OAAO,WAAW,IAAI;AAClB,UAAM,EAAE,GAAG,EAAC,IAAK;AACjB,WAAO,MAAM,MAAM,MAAM,KAAK,IAAI,IAAI,MAAM,GAAG,GAAG,EAAE;AAAA,EACxD;AAAA,EACA,MAAM,cAAc;AAChB,WAAO,WAAW,KAAK,QAAQ,YAAY,CAAC;AAAA,EAChD;AAAA,EACA,OAAO,eAAe,GAAG;AACrB,WAAO,EAAE,SAAS,aAAa,CAAC,CAAC;AAAA,EACrC;AAAA,EACA,OAAO,QAAQ,KAAK;AAChB,WAAO,MAAM,UAAU,KAAK,GAAG,CAAC;AAAA,EACpC;AAAA,EACA,IAAI,IAAI;AACJ,WAAO,KAAK,SAAQ,EAAG;AAAA,EAC3B;AAAA,EACA,IAAI,IAAI;AACJ,WAAO,KAAK,SAAQ,EAAG;AAAA,EAC3B;AAAA,EACA,WAAW,cAAc;AACrB,WAAO,KAAK,QAAQ,YAAY;AAAA,EACpC;AACJ;AAEA,MAAM,IAAI,IAAI,MAAM,IAAI,IAAI,EAAE;AAE9B,MAAM,IAAI,IAAI,MAAM,IAAI,IAAI,EAAE;AAE9B,MAAM,OAAO;AACb,MAAM,OAAO;AAEb,MAAM,qBAAqB,CAAC,GAAG,IAAI,OAAO;AACtC,SAAO,EAAE,SAAS,IAAI,KAAK,EAAE,IAAI,EAAE,SAAS,IAAI,KAAK,CAAC,EAAE,eAAc;AAC1E;AACA,MAAM,eAAe,CAAC,MAAM,IAAI,QAAQ,WAAW,CAAC,KAAK,IAAI;AAC7D,MAAM,kBAAkB,CAAC,GAAG,MAAM,OAAO,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;AAC1E,MAAM,OAAO,MAAM;AAEnB,MAAM,WAAW,CAAC,QAAQ,WAAW,KAAK,OAAO,KAAK,IAAI,IAAI,GAAG,EAAE,CAAC;AAEpE,MAAM,eAAe,CAAC,OAAO;AACzB,QAAM,MAAM,MAAM,EAAE,IAAI,KAAK,aAAa,KAAK,IAAI,CAAC,CAAC;AACrD,SAAO,OAAO,KAAK,IAAI,GAAG,uBAAuB;AACrD;AAEA,MAAM,QAAQ,CAAC,MAAM,IAAI,KAAK;AAEzB,MAAC,eAAe,CAAC,SAAS,eAAe,SAAS;AACnD,SAAO,EAAE,SAAS,aAAa,OAAO,CAAC,EAAE,QAAQ,YAAY;AACjE;AAEA,IAAA,cAAA,MAAM,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAY,GAAG,GAAG,UAAU;AACxB,SAAK,IAAI,OAAO,CAAC;AACjB,SAAK,IAAI,OAAO,CAAC;AACjB,QAAI,YAAY;AACZ,WAAK,WAAW;AACpB,WAAO,OAAO,IAAI;AAAA,EACtB;AAAA;AAAA,EAEA,OAAO,UAAU,GAAG;AAChB,WAAO,GAAG,EAAE;AACZ,UAAM,IAAI,gBAAgB,GAAG,GAAG,CAAC;AACjC,UAAM,IAAI,gBAAgB,GAAG,GAAG,EAAE;AAClC,WAAO,IAAI,UAAU,GAAG,CAAC;AAAA,EAC7B;AAAA,EACA,UAAU;AACN,UAAM,EAAE,GAAG,EAAC,IAAK;AACjB,WAAO,YAAY,SAAS,CAAC,GAAG,SAAS,CAAC,CAAC;AAAA,EAC/C;AAAA;AAAA,EAEA,eAAe,KAAK;AAChB,WAAO,IAAI,UAAU,KAAK,GAAG,KAAK,GAAG,GAAG;AAAA,EAC5C;AAAA,EACA,WAAW;AACP,WAAO,MAAM,KAAK,CAAC;AAAA,EACvB;AAAA,EACA,oBAAoB;AAChB,WAAO,KAAK,QAAO;AAAA,EACvB;AAAA,EACA,eAAe;AACX,WAAO,WAAW,KAAK,SAAS;AAAA,EACpC;AAAA,EACA,iBAAiB,KAAK;AAClB,WAAO,iBAAiB,MAAM,GAAG;AAAA,EACrC;AAAA,EACA,OAAO,YAAY,KAAK;AACpB,WAAO,UAAU,UAAU,KAAK,KAAK,EAAE,CAAC;AAAA,EAC5C;AAAA,EACA,iBAAiB;AACb,WAAO;AAAA,EACX;AAAA,EACA,aAAa;AACT,UAAM,EAAE,GAAG,GAAG,SAAQ,IAAK;AAC3B,WAAO,MAAM,CAAC,IAAI,IAAI,UAAU,GAAG,KAAK,CAAC,CAAC,GAAG,QAAQ,IAAI;AAAA,EAC7D;AACJ;AAOA,MAAM,WAAW,CAAC,UAAU;AACxB,QAAM,QAAQ,MAAM,SAAS,IAAI;AACjC,MAAI,QAAQ;AACR,QAAI,aAAa;AACrB,QAAM,MAAM,aAAa,KAAK;AAC9B,SAAO,QAAQ,IAAI,OAAO,IAAI,KAAK,IAAI;AAC3C;AAEA,MAAM,gBAAgB,CAAC,UAAU,KAAK,SAAS,OAAO,KAAK,CAAC,CAAC;AAC7D,MAAM,WAAW,EAAE,MAAM,KAAI;AAC7B,MAAM,WAAW,EAAE,MAAM,KAAI;AAE7B,MAAM,UAAU,CAAC,MAAM,MAAM,OAAO,aAAa;AAC7C,MAAI,CAAC,OAAO,aAAa,WAAW,EAAE,KAAK,CAAC,MAAM,KAAK,IAAI;AAEvD,QAAI,sBAAsB;AAC9B,MAAI,EAAE,MAAM,aAAY,IAAK;AAC7B,MAAI,QAAQ;AACR,WAAO;AACX,QAAM,MAAM;AACZ,QAAM,MAAM,cAAc,KAAK,IAAI,CAAC;AACpC,QAAM,MAAM,IAAI,GAAG;AACnB,QAAM,IAAI,aAAa,IAAI;AAC3B,QAAM,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG;AAGzB,MAAI;AACA,SAAK,KAAK,iBAAiB,OAAO,YAAY,CAAC,IAAI,KAAK,YAAY,CAAC;AACzE,QAAM,IAAI;AAMV,QAAM,QAAQ,CAAC,WAAW;AAGtB,UAAM,IAAI,SAAS,MAAM;AACzB,QAAI,EAAE,MAAM,KAAK,IAAI;AACjB;AACJ,UAAM,IAAI,EAAE,SAAS,CAAC,EAAE,SAAQ;AAChC,UAAM,IAAI,KAAK,EAAE,CAAC;AAClB,QAAI,MAAM;AACN;AACJ,UAAM,KAAK,OAAO,GAAG,CAAC;AACtB,UAAM,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC;AACzC,QAAI,MAAM;AACN;AACJ,QAAI,QAAQ;AACZ,QAAI,YAAY,EAAE,MAAM,IAAI,IAAI,KAAK,OAAO,EAAE,IAAI,EAAE;AACpD,QAAI,QAAQ,MAAM,CAAC,GAAG;AAElB,cAAQ,KAAK,CAAC,CAAC;AACf,kBAAY;AAAA,IAChB;AACA,WAAO,IAAIA,YAAU,GAAG,OAAO,QAAQ;AAAA,EAC3C;AACA,SAAO,EAAE,MAAM,YAAY,GAAG,IAAI,GAAG,MAAK;AAC9C;AAEA,MAAM,WAAW,CAAC,iBAAiB;AAC/B,MAAI,IAAI,IAAI,CAAC;AACb,MAAI,IAAI,IAAI,CAAC;AACb,MAAI,IAAI;AACR,QAAM,OAAO,IAAI,CAAC;AAClB,QAAM,QAAQ,MAAM;AAChB,MAAE,KAAK,CAAC;AACR,MAAE,KAAK,CAAC;AACR,QAAI;AAAA,EACR;AACA,QAAM,MAAM;AACZ,QAAM,KAAK;AACO;AAGd,UAAM,IAAI,IAAI,MAAM,IAAI,gBAAgB,GAAG,GAAG,GAAG,CAAC;AAClD,UAAM,SAAS,OAAO,OAAO,SAAS;AAElC,UAAI,MAAM,EAAE,KAAK,CAAI,GAAG,IAAI;AAC5B,UAAI,MAAM;AACV,UAAI,KAAK,WAAW;AAChB;AACJ,UAAI,MAAM,EAAE,KAAK,CAAI,GAAG,IAAI;AAC5B,UAAI,MAAM;IACd;AAEA,UAAM,MAAM,YAAY;AACpB,UAAI,OAAO;AACP,YAAI,EAAE;AACV,UAAI,MAAM;AACV,aAAO;AAAA,IACX;AAGA,WAAO,OAAO,MAAM,SAAS;AACzB,YAAK;AACL,YAAM,OAAO,IAAI;AACjB,UAAI,MAAM;AACV,aAAO,EAAE,MAAM,KAAK,MAAM,IAAG,CAAE;AAC3B,cAAM,OAAM;AAChB,YAAK;AACL,aAAO;AAAA,IACX;AAAA,EACJ;AAiCJ;AASK,MAAC,YAAY,OAAO,MAAM,MAAM,OAAO,aAAa;AAErD,QAAM,EAAE,MAAM,MAAK,IAAK,QAAQ,MAAM,MAAM,IAAI;AAChD,QAAM,MAAM,MAAM,SAAa,EAAE,MAAM,KAAK;AAC5C,SAAO;AACX;AA0BK,MAAC,SAAS,CAAC,KAAK,MAAM,KAAK,OAAO,aAAa;AAChD,MAAI,EAAE,KAAI,IAAK;AACf,MAAI,QAAQ;AACR,WAAO;AACX,MAAI,YAAY;AACZ,QAAI,sBAAsB;AAC9B,MAAI;AAGJ,QAAM,KAAK,OAAO,OAAO,QAAQ,YAAY,OAAO;AACpD,MAAI,CAAC,MAAM,KAAK,GAAG,EAAE,WAAW;AAC5B,QAAI,4BAA4B;AACpC,MAAI;AACA,WAAO,KAAK,IAAIA,YAAU,IAAI,GAAG,IAAI,CAAC,IAAIA,YAAU,YAAY,GAAG;AACnE,UAAM,IAAI,cAAc,KAAK,IAAI,CAAC;AAClC,UAAMC,KAAI,MAAM,UAAU,KAAK,GAAG,CAAC;AACnC,UAAM,EAAE,GAAG,EAAC,IAAK;AACjB,QAAI,QAAQ,MAAM,CAAC;AACf,aAAO;AACX,UAAM,KAAK,OAAO,GAAG,CAAC;AACtB,UAAM,KAAK,KAAK,IAAI,EAAE;AACtB,UAAM,KAAK,KAAK,IAAI,EAAE;AACtB,UAAM,IAAI,mBAAmBA,IAAG,IAAI,EAAE,EAAE;AAExC,UAAM,IAAI,KAAK,EAAE,CAAC;AAClB,WAAO,MAAM;AAAA,EACjB,SACO,OAAO;AACV,WAAO;AAAA,EACX;AACJ;AAKA,MAAM,mBAAmB,CAAC,KAAK,SAAS;AACpC,QAAM,EAAE,GAAG,GAAG,SAAQ,IAAK;AAG3B,MAAI,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,SAAS,QAAQ;AAC/B,QAAI,qBAAqB;AAC7B,QAAM,IAAI,cAAc,KAAK,MAAM,CAAC,CAAC;AACrC,QAAM,OAAO,aAAa,KAAK,aAAa,IAAI,IAAI,IAAI;AACxD,SAAO,IAAI;AACX,QAAM,OAAO,UAAU,IAAI,QAAQ,CAAC;AACpC,QAAM,KAAK,YAAY,MAAM,SAAS,IAAI,CAAC;AAC3C,QAAM,IAAI,MAAM,UAAU,EAAE;AAC5B,QAAM,KAAK,OAAO,MAAM,CAAC;AACzB,QAAM,KAAK,KAAK,CAAC,IAAI,EAAE;AACvB,QAAM,KAAK,KAAK,IAAI,EAAE;AACtB,SAAO,mBAAmB,GAAG,IAAI,EAAE;AACvC;AASK,MAAC,kBAAkB,CAAC,OAAO,MAAM,eAAe,SAAS;AAC1D,SAAO,MAAM,UAAU,KAAK,IAAI,CAAC,EAAE,SAAS,aAAa,KAAK,CAAC,EAAE,QAAQ,YAAY;AACzF;AAGA,MAAM,mBAAmB,CAAC,SAAS;AAC/B,SAAO,KAAK,IAAI;AAChB,MAAI,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS;AACrC,QAAI,mBAAmB;AAC3B,QAAM,MAAM,EAAE,aAAa,IAAI,GAAG,IAAI,EAAE;AACxC,SAAO,SAAS,MAAM,EAAE;AAC5B;AAEA,MAAM,OAAO;AAER,MAAC,MAAM;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA,iBAAiB;AAAA,EACjB,iBAAiB;AAAA,EACjB,KAAK;AAAA,EACL;AAAA;AAAA,EACA,iBAAiB,OAAO,QAAQ,SAAS;AACrC,UAAM,IAAI,OAAM;AAChB,UAAM,OAAO;AACb,UAAM,IAAI,MAAM,EAAE,UAAU,OAAO,KAAK,EAAE,MAAM,MAAM,EAAE,MAAM,KAAI,EAAE,GAAI,OAAO,CAAC,MAAM,CAAC;AACvF,WAAO,IAAI,MAAM,EAAE,KAAK,MAAM,GAAG,YAAY,GAAG,IAAI,CAAC,CAAC;AAAA,EAC1D;AAAA,EACA,gBAAgB;AAAA;AAAA,EAChB;AAAA,EACA;AACJ;AAqBA,MAAM,IAAI;AACV,MAAM,aAAa;AACnB,MAAM,WAAW,KAAK,KAAK,aAAa,CAAC,IAAI;AAC7C,MAAM,cAAc,MAAM,IAAI;AAC9B,MAAM,aAAa,MAAM;AACrB,QAAM,SAAS,CAAA;AACf,MAAI,IAAI;AACR,MAAI,IAAI;AACR,WAAS,IAAI,GAAG,IAAI,UAAU,KAAK;AAC/B,QAAI;AACJ,WAAO,KAAK,CAAC;AACb,aAAS,IAAI,GAAG,IAAI,aAAa,KAAK;AAClC,UAAI,EAAE,IAAI,CAAC;AACX,aAAO,KAAK,CAAC;AAAA,IACjB;AACA,QAAI,EAAE,OAAM;AAAA,EAChB;AACA,SAAO;AACX;AACA,IAAI,QAAQ;AAEZ,MAAM,QAAQ,CAAC,KAAK,MAAM;AACtB,QAAM,IAAI,EAAE,OAAM;AAClB,SAAO,MAAM,IAAI;AACrB;AAYA,MAAM,OAAO,CAAC,MAAM;AAChB,QAAM,OAAO,UAAU,QAAQ,WAAU;AACzC,MAAI,IAAI;AACR,MAAI,IAAI;AACR,QAAM,UAAU,KAAK;AACrB,QAAM,SAAS;AACf,QAAM,OAAO,IAAI,UAAU,CAAC;AAC5B,QAAM,UAAU,IAAI,CAAC;AACrB,WAAS,IAAI,GAAG,IAAI,UAAU,KAAK;AAC/B,QAAI,QAAQ,OAAO,IAAI,IAAI;AAC3B,UAAM;AACN,QAAI,QAAQ,aAAa;AACrB,eAAS;AACT,WAAK;AAAA,IACT;AACA,UAAM,MAAM,IAAI;AAChB,UAAM,OAAO;AACb,UAAM,OAAO,MAAM,KAAK,IAAI,KAAK,IAAI;AACrC,UAAMC,UAAS,IAAI,MAAM;AACzB,UAAM,QAAQ,QAAQ;AACtB,QAAI,UAAU,GAAG;AAEb,UAAI,EAAE,IAAI,MAAMA,SAAQ,KAAK,IAAI,CAAC,CAAC;AAAA,IACvC,OACK;AACD,UAAI,EAAE,IAAI,MAAM,OAAO,KAAK,IAAI,CAAC,CAAC;AAAA,IACtC;AAAA,EACJ;AACA,SAAO,EAAE,GAAG;AAChB;","x_google_ignoreList":[0]}