logos-messaging/OpChan
1
0
Fork 0
mirror of https://github.com/logos-messaging/OpChan.git synced 2026-01-04 05:43:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpChan/dist/assets/secp256k1-BjJYwyg8.js
Danish Arora 75dd710c11
chore: setup workspace
2025-09-11 14:29:55 +05:30

2 lines
26 KiB
JavaScript
Raw Blame History

import{ab as ce,ac as ae,ad as le,ae as ue,af as de}from"./index-Cr5N_0pd.js";/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const zt=BigInt(0),It=BigInt(1);function lt(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Tt(e){if(!lt(e))throw new Error("Uint8Array expected")}function ct(e,n){if(typeof n!="boolean")throw new Error(e+" boolean expected, got "+n)}function dt(e){const n=e.toString(16);return n.length&1?"0"+n:n}function $t(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?zt:BigInt("0x"+e)}const Wt=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",he=Array.from({length:256},(e,n)=>n.toString(16).padStart(2,"0"));function at(e){if(Tt(e),Wt)return e.toHex();let n="";for(let t=0;t<e.length;t++)n+=he[e[t]];return n}const D={_0:48,_9:57,A:65,F:70,a:97,f:102};function kt(e){if(e>=D._0&&e<=D._9)return e-D._0;if(e>=D.A&&e<=D.F)return e-(D.A-10);if(e>=D.a&&e<=D.f)return e-(D.a-10)}function ht(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(Wt)return Uint8Array.fromHex(e);const n=e.length,t=n/2;if(n%2)throw new Error("hex string expected, got unpadded hex of length "+n);const r=new Uint8Array(t);for(let i=0,s=0;i<t;i++,s+=2){const a=kt(e.charCodeAt(s)),u=kt(e.charCodeAt(s+1));if(a===void 0||u===void 0){const o=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+o+'" at index '+s)}r[i]=a*16+u}return r}function et(e){return $t(at(e))}function Dt(e){return Tt(e),$t(at(Uint8Array.from(e).reverse()))}function ut(e,n){return ht(e.toString(16).padStart(n*2,"0"))}function Gt(e,n){return ut(e,n).reverse()}function K(e,n,t){let r;if(typeof n=="string")try{r=ht(n)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if(lt(n))r=Uint8Array.from(n);else throw new Error(e+" must be hex string or Uint8Array");const i=r.length;if(typeof t=="number"&&i!==t)throw new Error(e+" of length "+t+" expected, got "+i);return r}function wt(...e){let n=0;for(let r=0;r<e.length;r++){const i=e[r];Tt(i),n+=i.length}const t=new Uint8Array(n);for(let r=0,i=0;r<e.length;r++){const s=e[r];t.set(s,i),i+=s.length}return t}const Et=e=>typeof e=="bigint"&&zt<=e;function Ut(e,n,t){return Et(e)&&Et(n)&&Et(t)&&n<=e&&e<t}function it(e,n,t,r){if(!Ut(n,t,r))throw new Error("expected valid "+e+": "+t+" <= n < "+r+", got "+n)}function we(e){let n;for(n=0;e>zt;e>>=It,n+=1);return n}const gt=e=>(It<<BigInt(e))-It,bt=e=>new Uint8Array(e),Ct=e=>Uint8Array.from(e);function ge(e,n,t){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof n!="number"||n<2)throw new Error("qByteLen must be a number");if(typeof t!="function")throw new Error("hmacFn must be a function");let r=bt(e),i=bt(e),s=0;const a=()=>{r.fill(1),i.fill(0),s=0},u=(...A)=>t(i,r,...A),o=(A=bt(0))=>{i=u(Ct([0]),A),r=u(),A.length!==0&&(i=u(Ct([1]),A),r=u())},d=()=>{if(s++>=1e3)throw new Error("drbg: tried 1000 values");let A=0;const I=[];for(;A<n;){r=u();const z=r.slice();I.push(z),A+=r.length}return wt(...I)};return(A,I)=>{a(),o(A);let z;for(;!(z=I(d()));)o();return a(),z}}const me={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||lt(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,n)=>n.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function mt(e,n,t={}){const r=(i,s,a)=>{const u=me[s];if(typeof u!="function")throw new Error("invalid validator function");const o=e[i];if(!(a&&o===void 0)&&!u(o,e))throw new Error("param "+String(i)+" is invalid. Expected "+s+", got "+o)};for(const[i,s]of Object.entries(n))r(i,s,!1);for(const[i,s]of Object.entries(t))r(i,s,!0);return e}function Vt(e){const n=new WeakMap;return(t,...r)=>{const i=n.get(t);if(i!==void 0)return i;const s=e(t,...r);return n.set(t,s),s}}/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Y=BigInt(0),V=BigInt(1),tt=BigInt(2),pe=BigInt(3),Xt=BigInt(4),Ft=BigInt(5),Qt=BigInt(8);function M(e,n){const t=e%n;return t>=Y?t:n+t}function j(e,n,t){let r=e;for(;n-- >Y;)r*=r,r%=t;return r}function Ot(e,n){if(e===Y)throw new Error("invert: expected non-zero number");if(n<=Y)throw new Error("invert: expected positive modulus, got "+n);let t=M(e,n),r=n,i=Y,s=V;for(;t!==Y;){const u=r/t,o=r%t,d=i-s*u;r=t,t=o,i=s,s=d}if(r!==V)throw new Error("invert: does not exist");return M(i,n)}function Jt(e,n){const t=(e.ORDER+V)/Xt,r=e.pow(n,t);if(!e.eql(e.sqr(r),n))throw new Error("Cannot find square root");return r}function ye(e,n){const t=(e.ORDER-Ft)/Qt,r=e.mul(n,tt),i=e.pow(r,t),s=e.mul(n,i),a=e.mul(e.mul(s,tt),i),u=e.mul(s,e.sub(a,e.ONE));if(!e.eql(e.sqr(u),n))throw new Error("Cannot find square root");return u}function Ee(e){if(e<BigInt(3))throw new Error("sqrt is not defined for small field");let n=e-V,t=0;for(;n%tt===Y;)n/=tt,t++;let r=tt;const i=Lt(e);for(;Ht(i,r)===1;)if(r++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(t===1)return Jt;let s=i.pow(r,n);const a=(n+V)/tt;return function(o,d){if(o.is0(d))return d;if(Ht(o,d)!==1)throw new Error("Cannot find square root");let m=t,A=o.mul(o.ONE,s),I=o.pow(d,n),z=o.pow(d,a);for(;!o.eql(I,o.ONE);){if(o.is0(I))return o.ZERO;let T=1,g=o.sqr(I);for(;!o.eql(g,o.ONE);)if(T++,g=o.sqr(g),T===m)throw new Error("Cannot find square root");const k=V<<BigInt(m-T-1),U=o.pow(A,k);m=T,A=o.sqr(U),I=o.mul(I,A),z=o.mul(z,U)}return z}}function be(e){return e%Xt===pe?Jt:e%Qt===Ft?ye:Ee(e)}const Be=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function ve(e){const n={ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"},t=Be.reduce((r,i)=>(r[i]="function",r),n);return mt(e,t)}function xe(e,n,t){if(t<Y)throw new Error("invalid exponent, negatives unsupported");if(t===Y)return e.ONE;if(t===V)return n;let r=e.ONE,i=n;for(;t>Y;)t&V&&(r=e.mul(r,i)),i=e.sqr(i),t>>=V;return r}function te(e,n,t=!1){const r=new Array(n.length).fill(t?e.ZERO:void 0),i=n.reduce((a,u,o)=>e.is0(u)?a:(r[o]=a,e.mul(a,u)),e.ONE),s=e.inv(i);return n.reduceRight((a,u,o)=>e.is0(u)?a:(r[o]=e.mul(a,r[o]),e.mul(a,u)),s),r}function Ht(e,n){const t=(e.ORDER-V)/tt,r=e.pow(n,t),i=e.eql(r,e.ONE),s=e.eql(r,e.ZERO),a=e.eql(r,e.neg(e.ONE));if(!i&&!s&&!a)throw new Error("invalid Legendre symbol result");return i?1:s?0:-1}function ee(e,n){n!==void 0&&ce(n);const t=n!==void 0?n:e.toString(2).length,r=Math.ceil(t/8);return{nBitLength:t,nByteLength:r}}function Lt(e,n,t=!1,r={}){if(e<=Y)throw new Error("invalid field: expected ORDER > 0, got "+e);const{nBitLength:i,nByteLength:s}=ee(e,n);if(s>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let a;const u=Object.freeze({ORDER:e,isLE:t,BITS:i,BYTES:s,MASK:gt(i),ZERO:Y,ONE:V,create:o=>M(o,e),isValid:o=>{if(typeof o!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof o);return Y<=o&&o<e},is0:o=>o===Y,isOdd:o=>(o&V)===V,neg:o=>M(-o,e),eql:(o,d)=>o===d,sqr:o=>M(o*o,e),add:(o,d)=>M(o+d,e),sub:(o,d)=>M(o-d,e),mul:(o,d)=>M(o*d,e),pow:(o,d)=>xe(u,o,d),div:(o,d)=>M(o*Ot(d,e),e),sqrN:o=>o*o,addN:(o,d)=>o+d,subN:(o,d)=>o-d,mulN:(o,d)=>o*d,inv:o=>Ot(o,e),sqrt:r.sqrt||(o=>(a||(a=be(e)),a(u,o))),toBytes:o=>t?Gt(o,s):ut(o,s),fromBytes:o=>{if(o.length!==s)throw new Error("Field.fromBytes: expected "+s+" bytes, got "+o.length);return t?Dt(o):et(o)},invertBatch:o=>te(u,o),cmov:(o,d,m)=>m?d:o});return Object.freeze(u)}function ne(e){if(typeof e!="bigint")throw new Error("field order must be bigint");const n=e.toString(2).length;return Math.ceil(n/8)}function re(e){const n=ne(e);return n+Math.ceil(n/2)}function Se(e,n,t=!1){const r=e.length,i=ne(n),s=re(n);if(r<16||r<s||r>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+r);const a=t?Dt(e):et(e),u=M(a,n-V)+V;return t?Gt(u,i):ut(u,i)}/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const Mt=BigInt(0),qt=BigInt(1);function Bt(e,n){const t=n.negate();return e?t:n}function oe(e,n){if(!Number.isSafeInteger(e)||e<=0||e>n)throw new Error("invalid window size, expected [1.."+n+"], got W="+e)}function vt(e,n){oe(e,n);const t=Math.ceil(n/e)+1,r=2**(e-1),i=2**e,s=gt(e),a=BigInt(e);return{windows:t,windowSize:r,mask:s,maxNumber:i,shiftBy:a}}function Yt(e,n,t){const{windowSize:r,mask:i,maxNumber:s,shiftBy:a}=t;let u=Number(e&i),o=e>>a;u>r&&(u-=s,o+=qt);const d=n*r,m=d+Math.abs(u)-1,A=u===0,I=u<0,z=n%2!==0;return{nextN:o,offset:m,isZero:A,isNeg:I,isNegF:z,offsetF:d}}function Ae(e,n){if(!Array.isArray(e))throw new Error("array expected");e.forEach((t,r)=>{if(!(t instanceof n))throw new Error("invalid point at index "+r)})}function Ne(e,n){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((t,r)=>{if(!n.isValid(t))throw new Error("invalid scalar at index "+r)})}const xt=new WeakMap,ie=new WeakMap;function St(e){return ie.get(e)||1}function Ie(e,n){return{constTimeNegate:Bt,hasPrecomputes(t){return St(t)!==1},unsafeLadder(t,r,i=e.ZERO){let s=t;for(;r>Mt;)r&qt&&(i=i.add(s)),s=s.double(),r>>=qt;return i},precomputeWindow(t,r){const{windows:i,windowSize:s}=vt(r,n),a=[];let u=t,o=u;for(let d=0;d<i;d++){o=u,a.push(o);for(let m=1;m<s;m++)o=o.add(u),a.push(o);u=o.double()}return a},wNAF(t,r,i){let s=e.ZERO,a=e.BASE;const u=vt(t,n);for(let o=0;o<u.windows;o++){const{nextN:d,offset:m,isZero:A,isNeg:I,isNegF:z,offsetF:T}=Yt(i,o,u);i=d,A?a=a.add(Bt(z,r[T])):s=s.add(Bt(I,r[m]))}return{p:s,f:a}},wNAFUnsafe(t,r,i,s=e.ZERO){const a=vt(t,n);for(let u=0;u<a.windows&&i!==Mt;u++){const{nextN:o,offset:d,isZero:m,isNeg:A}=Yt(i,u,a);if(i=o,!m){const I=r[d];s=s.add(A?I.negate():I)}}return s},getPrecomputes(t,r,i){let s=xt.get(r);return s||(s=this.precomputeWindow(r,t),t!==1&&xt.set(r,i(s))),s},wNAFCached(t,r,i){const s=St(t);return this.wNAF(s,this.getPrecomputes(s,t,i),r)},wNAFCachedUnsafe(t,r,i,s){const a=St(t);return a===1?this.unsafeLadder(t,r,s):this.wNAFUnsafe(a,this.getPrecomputes(a,t,i),r,s)},setWindowSize(t,r){oe(r,n),ie.set(t,r),xt.delete(t)}}}function Oe(e,n,t,r){Ae(t,e),Ne(r,n);const i=t.length,s=r.length;if(i!==s)throw new Error("arrays of points and scalars must have equal length");const a=e.ZERO,u=we(BigInt(i));let o=1;u>12?o=u-3:u>4?o=u-2:u>0&&(o=2);const d=gt(o),m=new Array(Number(d)+1).fill(a),A=Math.floor((n.BITS-1)/o)*o;let I=a;for(let z=A;z>=0;z-=o){m.fill(a);for(let g=0;g<s;g++){const k=r[g],U=Number(k>>BigInt(z)&d);m[U]=m[U].add(t[g])}let T=a;for(let g=m.length-1,k=a;g>0;g--)k=k.add(m[g]),T=T.add(k);if(I=I.add(T),z!==0)for(let g=0;g<o;g++)I=I.double()}return I}function se(e){return ve(e.Fp),mt(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...ee(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function jt(e){e.lowS!==void 0&&ct("lowS",e.lowS),e.prehash!==void 0&&ct("prehash",e.prehash)}function qe(e){const n=se(e);mt(n,{a:"field",b:"field"},{allowInfinityPoint:"boolean",allowedPrivateKeyLengths:"array",clearCofactor:"function",fromBytes:"function",isTorsionFree:"function",toBytes:"function",wrapPrivateKey:"boolean"});const{endo:t,Fp:r,a:i}=n;if(t){if(!r.eql(i,r.ZERO))throw new Error("invalid endo: CURVE.a must be 0");if(typeof t!="object"||typeof t.beta!="bigint"||typeof t.splitScalar!="function")throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function')}return Object.freeze({...n})}class Re extends Error{constructor(n=""){super(n)}}const G={Err:Re,_tlv:{encode:(e,n)=>{const{Err:t}=G;if(e<0||e>256)throw new t("tlv.encode: wrong tag");if(n.length&1)throw new t("tlv.encode: unpadded data");const r=n.length/2,i=dt(r);if(i.length/2&128)throw new t("tlv.encode: long form length too big");const s=r>127?dt(i.length/2|128):"";return dt(e)+s+i+n},decode(e,n){const{Err:t}=G;let r=0;if(e<0||e>256)throw new t("tlv.encode: wrong tag");if(n.length<2||n[r++]!==e)throw new t("tlv.decode: wrong tlv");const i=n[r++],s=!!(i&128);let a=0;if(!s)a=i;else{const o=i&127;if(!o)throw new t("tlv.decode(long): indefinite length not supported");if(o>4)throw new t("tlv.decode(long): byte length is too big");const d=n.subarray(r,r+o);if(d.length!==o)throw new t("tlv.decode: length bytes not complete");if(d[0]===0)throw new t("tlv.decode(long): zero leftmost byte");for(const m of d)a=a<<8|m;if(r+=o,a<128)throw new t("tlv.decode(long): not minimal encoding")}const u=n.subarray(r,r+a);if(u.length!==a)throw new t("tlv.decode: wrong value length");return{v:u,l:n.subarray(r+a)}}},_int:{encode(e){const{Err:n}=G;if(e<X)throw new n("integer: negative integers are not allowed");let t=dt(e);if(Number.parseInt(t[0],16)&8&&(t="00"+t),t.length&1)throw new n("unexpected DER parsing assertion: unpadded hex");return t},decode(e){const{Err:n}=G;if(e[0]&128)throw new n("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new n("invalid signature integer: unnecessary leading zero");return et(e)}},toSig(e){const{Err:n,_int:t,_tlv:r}=G,i=K("signature",e),{v:s,l:a}=r.decode(48,i);if(a.length)throw new n("invalid signature: left bytes after parsing");const{v:u,l:o}=r.decode(2,s),{v:d,l:m}=r.decode(2,o);if(m.length)throw new n("invalid signature: left bytes after parsing");return{r:t.decode(u),s:t.decode(d)}},hexFromSig(e){const{_tlv:n,_int:t}=G,r=n.encode(2,t.encode(e.r)),i=n.encode(2,t.encode(e.s)),s=r+i;return n.encode(48,s)}};function At(e,n){return at(ut(e,n))}const X=BigInt(0),L=BigInt(1);BigInt(2);const Nt=BigInt(3),Ze=BigInt(4);function ze(e){const n=qe(e),{Fp:t}=n,r=Lt(n.n,n.nBitLength),i=n.toBytes||((x,f,h)=>{const p=f.toAffine();return wt(Uint8Array.from([4]),t.toBytes(p.x),t.toBytes(p.y))}),s=n.fromBytes||(x=>{const f=x.subarray(1),h=t.fromBytes(f.subarray(0,t.BYTES)),p=t.fromBytes(f.subarray(t.BYTES,2*t.BYTES));return{x:h,y:p}});function a(x){const{a:f,b:h}=n,p=t.sqr(x),B=t.mul(p,x);return t.add(t.add(B,t.mul(x,f)),h)}function u(x,f){const h=t.sqr(f),p=a(x);return t.eql(h,p)}if(!u(n.Gx,n.Gy))throw new Error("bad curve params: generator point");const o=t.mul(t.pow(n.a,Nt),Ze),d=t.mul(t.sqr(n.b),BigInt(27));if(t.is0(t.add(o,d)))throw new Error("bad curve params: a or b");function m(x){return Ut(x,L,n.n)}function A(x){const{allowedPrivateKeyLengths:f,nByteLength:h,wrapPrivateKey:p,n:B}=n;if(f&&typeof x!="bigint"){if(lt(x)&&(x=at(x)),typeof x!="string"||!f.includes(x.length))throw new Error("invalid private key");x=x.padStart(h*2,"0")}let O;try{O=typeof x=="bigint"?x:et(K("private key",x,h))}catch{throw new Error("invalid private key, expected hex or "+h+" bytes, got "+typeof x)}return p&&(O=M(O,B)),it("private key",O,L,B),O}function I(x){if(!(x instanceof g))throw new Error("ProjectivePoint expected")}const z=Vt((x,f)=>{const{px:h,py:p,pz:B}=x;if(t.eql(B,t.ONE))return{x:h,y:p};const O=x.is0();f==null&&(f=O?t.ONE:t.inv(B));const R=t.mul(h,f),q=t.mul(p,f),y=t.mul(B,f);if(O)return{x:t.ZERO,y:t.ZERO};if(!t.eql(y,t.ONE))throw new Error("invZ was invalid");return{x:R,y:q}}),T=Vt(x=>{if(x.is0()){if(n.allowInfinityPoint&&!t.is0(x.py))return;throw new Error("bad point: ZERO")}const{x:f,y:h}=x.toAffine();if(!t.isValid(f)||!t.isValid(h))throw new Error("bad point: x or y not FE");if(!u(f,h))throw new Error("bad point: equation left != right");if(!x.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});class g{constructor(f,h,p){if(f==null||!t.isValid(f))throw new Error("x required");if(h==null||!t.isValid(h)||t.is0(h))throw new Error("y required");if(p==null||!t.isValid(p))throw new Error("z required");this.px=f,this.py=h,this.pz=p,Object.freeze(this)}static fromAffine(f){const{x:h,y:p}=f||{};if(!f||!t.isValid(h)||!t.isValid(p))throw new Error("invalid affine point");if(f instanceof g)throw new Error("projective point not allowed");const B=O=>t.eql(O,t.ZERO);return B(h)&&B(p)?g.ZERO:new g(h,p,t.ONE)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static normalizeZ(f){const h=te(t,f.map(p=>p.pz));return f.map((p,B)=>p.toAffine(h[B])).map(g.fromAffine)}static fromHex(f){const h=g.fromAffine(s(K("pointHex",f)));return h.assertValidity(),h}static fromPrivateKey(f){return g.BASE.multiply(A(f))}static msm(f,h){return Oe(g,r,f,h)}_setWindowSize(f){$.setWindowSize(this,f)}assertValidity(){T(this)}hasEvenY(){const{y:f}=this.toAffine();if(t.isOdd)return!t.isOdd(f);throw new Error("Field doesn't support isOdd")}equals(f){I(f);const{px:h,py:p,pz:B}=this,{px:O,py:R,pz:q}=f,y=t.eql(t.mul(h,q),t.mul(O,B)),N=t.eql(t.mul(p,q),t.mul(R,B));return y&&N}negate(){return new g(this.px,t.neg(this.py),this.pz)}double(){const{a:f,b:h}=n,p=t.mul(h,Nt),{px:B,py:O,pz:R}=this;let q=t.ZERO,y=t.ZERO,N=t.ZERO,E=t.mul(B,B),_=t.mul(O,O),l=t.mul(R,R),c=t.mul(B,O);return c=t.add(c,c),N=t.mul(B,R),N=t.add(N,N),q=t.mul(f,N),y=t.mul(p,l),y=t.add(q,y),q=t.sub(_,y),y=t.add(_,y),y=t.mul(q,y),q=t.mul(c,q),N=t.mul(p,N),l=t.mul(f,l),c=t.sub(E,l),c=t.mul(f,c),c=t.add(c,N),N=t.add(E,E),E=t.add(N,E),E=t.add(E,l),E=t.mul(E,c),y=t.add(y,E),l=t.mul(O,R),l=t.add(l,l),E=t.mul(l,c),q=t.sub(q,E),N=t.mul(l,_),N=t.add(N,N),N=t.add(N,N),new g(q,y,N)}add(f){I(f);const{px:h,py:p,pz:B}=this,{px:O,py:R,pz:q}=f;let y=t.ZERO,N=t.ZERO,E=t.ZERO;const _=n.a,l=t.mul(n.b,Nt);let c=t.mul(h,O),w=t.mul(p,R),S=t.mul(B,q),b=t.add(h,p),v=t.add(O,R);b=t.mul(b,v),v=t.add(c,w),b=t.sub(b,v),v=t.add(h,B);let Z=t.add(O,q);return v=t.mul(v,Z),Z=t.add(c,S),v=t.sub(v,Z),Z=t.add(p,B),y=t.add(R,q),Z=t.mul(Z,y),y=t.add(w,S),Z=t.sub(Z,y),E=t.mul(_,v),y=t.mul(l,S),E=t.add(y,E),y=t.sub(w,E),E=t.add(w,E),N=t.mul(y,E),w=t.add(c,c),w=t.add(w,c),S=t.mul(_,S),v=t.mul(l,v),w=t.add(w,S),S=t.sub(c,S),S=t.mul(_,S),v=t.add(v,S),c=t.mul(w,v),N=t.add(N,c),c=t.mul(Z,v),y=t.mul(b,y),y=t.sub(y,c),c=t.mul(b,w),E=t.mul(Z,E),E=t.add(E,c),new g(y,N,E)}subtract(f){return this.add(f.negate())}is0(){return this.equals(g.ZERO)}wNAF(f){return $.wNAFCached(this,f,g.normalizeZ)}multiplyUnsafe(f){const{endo:h,n:p}=n;it("scalar",f,X,p);const B=g.ZERO;if(f===X)return B;if(this.is0()||f===L)return this;if(!h||$.hasPrecomputes(this))return $.wNAFCachedUnsafe(this,f,g.normalizeZ);let{k1neg:O,k1:R,k2neg:q,k2:y}=h.splitScalar(f),N=B,E=B,_=this;for(;R>X||y>X;)R&L&&(N=N.add(_)),y&L&&(E=E.add(_)),_=_.double(),R>>=L,y>>=L;return O&&(N=N.negate()),q&&(E=E.negate()),E=new g(t.mul(E.px,h.beta),E.py,E.pz),N.add(E)}multiply(f){const{endo:h,n:p}=n;it("scalar",f,L,p);let B,O;if(h){const{k1neg:R,k1:q,k2neg:y,k2:N}=h.splitScalar(f);let{p:E,f:_}=this.wNAF(q),{p:l,f:c}=this.wNAF(N);E=$.constTimeNegate(R,E),l=$.constTimeNegate(y,l),l=new g(t.mul(l.px,h.beta),l.py,l.pz),B=E.add(l),O=_.add(c)}else{const{p:R,f:q}=this.wNAF(f);B=R,O=q}return g.normalizeZ([B,O])[0]}multiplyAndAddUnsafe(f,h,p){const B=g.BASE,O=(q,y)=>y===X||y===L||!q.equals(B)?q.multiplyUnsafe(y):q.multiply(y),R=O(this,h).add(O(f,p));return R.is0()?void 0:R}toAffine(f){return z(this,f)}isTorsionFree(){const{h:f,isTorsionFree:h}=n;if(f===L)return!0;if(h)return h(g,this);throw new Error("isTorsionFree() has not been declared for the elliptic curve")}clearCofactor(){const{h:f,clearCofactor:h}=n;return f===L?this:h?h(g,this):this.multiplyUnsafe(n.h)}toRawBytes(f=!0){return ct("isCompressed",f),this.assertValidity(),i(g,this,f)}toHex(f=!0){return ct("isCompressed",f),at(this.toRawBytes(f))}}g.BASE=new g(n.Gx,n.Gy,t.ONE),g.ZERO=new g(t.ZERO,t.ONE,t.ZERO);const{endo:k,nBitLength:U}=n,$=Ie(g,k?Math.ceil(U/2):U);return{CURVE:n,ProjectivePoint:g,normPrivateKeyToScalar:A,weierstrassEquation:a,isWithinCurveOrder:m}}function Te(e){const n=se(e);return mt(n,{hash:"hash",hmac:"function",randomBytes:"function"},{bits2int:"function",bits2int_modN:"function",lowS:"boolean"}),Object.freeze({lowS:!0,...n})}function Ue(e){const n=Te(e),{Fp:t,n:r,nByteLength:i,nBitLength:s}=n,a=t.BYTES+1,u=2*t.BYTES+1;function o(l){return M(l,r)}function d(l){return Ot(l,r)}const{ProjectivePoint:m,normPrivateKeyToScalar:A,weierstrassEquation:I,isWithinCurveOrder:z}=ze({...n,toBytes(l,c,w){const S=c.toAffine(),b=t.toBytes(S.x),v=wt;return ct("isCompressed",w),w?v(Uint8Array.from([c.hasEvenY()?2:3]),b):v(Uint8Array.from([4]),b,t.toBytes(S.y))},fromBytes(l){const c=l.length,w=l[0],S=l.subarray(1);if(c===a&&(w===2||w===3)){const b=et(S);if(!Ut(b,L,t.ORDER))throw new Error("Point is not on curve");const v=I(b);let Z;try{Z=t.sqrt(v)}catch(P){const H=P instanceof Error?": "+P.message:"";throw new Error("Point is not on curve"+H)}const C=(Z&L)===L;return(w&1)===1!==C&&(Z=t.neg(Z)),{x:b,y:Z}}else if(c===u&&w===4){const b=t.fromBytes(S.subarray(0,t.BYTES)),v=t.fromBytes(S.subarray(t.BYTES,2*t.BYTES));return{x:b,y:v}}else{const b=a,v=u;throw new Error("invalid Point, expected length of "+b+", or uncompressed "+v+", got "+c)}}});function T(l){const c=r>>L;return l>c}function g(l){return T(l)?o(-l):l}const k=(l,c,w)=>et(l.slice(c,w));class U{constructor(c,w,S){it("r",c,L,r),it("s",w,L,r),this.r=c,this.s=w,S!=null&&(this.recovery=S),Object.freeze(this)}static fromCompact(c){const w=i;return c=K("compactSignature",c,w*2),new U(k(c,0,w),k(c,w,2*w))}static fromDER(c){const{r:w,s:S}=G.toSig(K("DER",c));return new U(w,S)}assertValidity(){}addRecoveryBit(c){return new U(this.r,this.s,c)}recoverPublicKey(c){const{r:w,s:S,recovery:b}=this,v=B(K("msgHash",c));if(b==null||![0,1,2,3].includes(b))throw new Error("recovery id invalid");const Z=b===2||b===3?w+n.n:w;if(Z>=t.ORDER)throw new Error("recovery id 2 or 3 invalid");const C=b&1?"03":"02",W=m.fromHex(C+At(Z,t.BYTES)),P=d(Z),H=o(-v*P),nt=o(S*P),F=m.BASE.multiplyAndAddUnsafe(W,H,nt);if(!F)throw new Error("point at infinify");return F.assertValidity(),F}hasHighS(){return T(this.s)}normalizeS(){return this.hasHighS()?new U(this.r,o(-this.s),this.recovery):this}toDERRawBytes(){return ht(this.toDERHex())}toDERHex(){return G.hexFromSig(this)}toCompactRawBytes(){return ht(this.toCompactHex())}toCompactHex(){const c=i;return At(this.r,c)+At(this.s,c)}}const $={isValidPrivateKey(l){try{return A(l),!0}catch{return!1}},normPrivateKeyToScalar:A,randomPrivateKey:()=>{const l=re(n.n);return Se(n.randomBytes(l),n.n)},precompute(l=8,c=m.BASE){return c._setWindowSize(l),c.multiply(BigInt(3)),c}};function x(l,c=!0){return m.fromPrivateKey(l).toRawBytes(c)}function f(l){if(typeof l=="bigint")return!1;if(l instanceof m)return!0;const w=K("key",l).length,S=t.BYTES,b=S+1,v=2*S+1;if(!(n.allowedPrivateKeyLengths||i===b))return w===b||w===v}function h(l,c,w=!0){if(f(l)===!0)throw new Error("first arg must be private key");if(f(c)===!1)throw new Error("second arg must be public key");return m.fromHex(c).multiply(A(l)).toRawBytes(w)}const p=n.bits2int||function(l){if(l.length>8192)throw new Error("input is too large");const c=et(l),w=l.length*8-s;return w>0?c>>BigInt(w):c},B=n.bits2int_modN||function(l){return o(p(l))},O=gt(s);function R(l){return it("num < 2^"+s,l,X,O),ut(l,i)}function q(l,c,w=y){if(["recovered","canonical"].some(Q=>Q in w))throw new Error("sign() legacy options not supported");const{hash:S,randomBytes:b}=n;let{lowS:v,prehash:Z,extraEntropy:C}=w;v==null&&(v=!0),l=K("msgHash",l),jt(w),Z&&(l=K("prehashed msgHash",S(l)));const W=B(l),P=A(c),H=[R(P),R(W)];if(C!=null&&C!==!1){const Q=C===!0?b(t.BYTES):C;H.push(K("extraEntropy",Q))}const nt=wt(...H),F=W;function pt(Q){const rt=p(Q);if(!z(rt))return;const yt=d(rt),st=m.BASE.multiply(rt).toAffine(),J=o(st.x);if(J===X)return;const ft=o(yt*o(F+J*P));if(ft===X)return;let ot=(st.x===J?0:2)|Number(st.y&L),_t=ft;return v&&T(ft)&&(_t=g(ft),ot^=1),new U(J,_t,ot)}return{seed:nt,k2sig:pt}}const y={lowS:n.lowS,prehash:!1},N={lowS:n.lowS,prehash:!1};function E(l,c,w=y){const{seed:S,k2sig:b}=q(l,c,w),v=n;return ge(v.hash.outputLen,v.nByteLength,v.hmac)(S,b)}m.BASE._setWindowSize(8);function _(l,c,w,S=N){const b=l;c=K("msgHash",c),w=K("publicKey",w);const{lowS:v,prehash:Z,format:C}=S;if(jt(S),"strict"in S)throw new Error("options.strict was renamed to lowS");if(C!==void 0&&C!=="compact"&&C!=="der")throw new Error("format must be compact or der");const W=typeof b=="string"||lt(b),P=!W&&!C&&typeof b=="object"&&b!==null&&typeof b.r=="bigint"&&typeof b.s=="bigint";if(!W&&!P)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");let H,nt;try{if(P&&(H=new U(b.r,b.s)),W){try{C!=="compact"&&(H=U.fromDER(b))}catch(ot){if(!(ot instanceof G.Err))throw ot}!H&&C!=="der"&&(H=U.fromCompact(b))}nt=m.fromHex(w)}catch{return!1}if(!H||v&&H.hasHighS())return!1;Z&&(c=n.hash(c));const{r:F,s:pt}=H,Q=B(c),rt=d(pt),yt=o(Q*rt),st=o(F*rt),J=m.BASE.multiplyAndAddUnsafe(nt,yt,st)?.toAffine();return J?o(J.x)===F:!1}return{CURVE:n,getPublicKey:x,getSharedSecret:h,sign:E,verify:_,ProjectivePoint:m,Signature:U,utils:$}}/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */function Le(e){return{hash:e,hmac:(n,...t)=>ae(e,n,le(...t)),randomBytes:ue}}function _e(e,n){const t=r=>Ue({...e,...Le(r)});return{...t(n),create:t}}/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const fe=BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),Kt=BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),ke=BigInt(0),Ce=BigInt(1),Rt=BigInt(2),Pt=(e,n)=>(e+n/Rt)/n;function Ve(e){const n=fe,t=BigInt(3),r=BigInt(6),i=BigInt(11),s=BigInt(22),a=BigInt(23),u=BigInt(44),o=BigInt(88),d=e*e*e%n,m=d*d*e%n,A=j(m,t,n)*m%n,I=j(A,t,n)*m%n,z=j(I,Rt,n)*d%n,T=j(z,i,n)*z%n,g=j(T,s,n)*T%n,k=j(g,u,n)*g%n,U=j(k,o,n)*k%n,$=j(U,u,n)*g%n,x=j($,t,n)*m%n,f=j(x,a,n)*T%n,h=j(f,r,n)*d%n,p=j(h,Rt,n);if(!Zt.eql(Zt.sqr(p),e))throw new Error("Cannot find square root");return p}const Zt=Lt(fe,void 0,void 0,{sqrt:Ve}),Me=_e({a:ke,b:BigInt(7),Fp:Zt,n:Kt,Gx:BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),Gy:BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),h:BigInt(1),lowS:!0,endo:{beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),splitScalar:e=>{const n=Kt,t=BigInt("0x3086d221a7d46bcde86c90e49284eb15"),r=-Ce*BigInt("0xe4437ed6010e88286f547fa90abfe4c3"),i=BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),s=t,a=BigInt("0x100000000000000000000000000000000"),u=Pt(s*e,n),o=Pt(-r*e,n);let d=M(e-u*t-o*i,n),m=M(-u*r-o*s,n);const A=d>a,I=m>a;if(A&&(d=n-d),I&&(m=n-m),d>a||m>a)throw new Error("splitScalar: Endomorphism failed, k="+e);return{k1neg:A,k1:d,k2neg:I,k2:m}}}},de);export{Me as secp256k1};
Reference in New Issue View Git Blame Copy Permalink