From c533e85807951bef698cd44fcb5f64d5ed1deb34 Mon Sep 17 00:00:00 2001 From: Kurdistan Tech Ministry Date: Sun, 1 Feb 2026 08:00:57 +0300 Subject: [PATCH] feat: add @pezkuwi/scure-sr25519 with bizinikiwi signing context --- packages/scure-sr25519/.gitignore | 2 + packages/scure-sr25519/README.md | 35 ++ packages/scure-sr25519/lib/esm/index.d.ts | 64 +++ packages/scure-sr25519/lib/esm/index.d.ts.map | 1 + packages/scure-sr25519/lib/esm/index.js | 472 +++++++++++++++++ packages/scure-sr25519/lib/esm/index.js.map | 1 + packages/scure-sr25519/lib/esm/package.json | 6 + packages/scure-sr25519/lib/index.d.ts | 64 +++ packages/scure-sr25519/lib/index.d.ts.map | 1 + packages/scure-sr25519/lib/index.js | 481 ++++++++++++++++++ packages/scure-sr25519/lib/index.js.map | 1 + packages/scure-sr25519/package.json | 24 + 12 files changed, 1152 insertions(+) create mode 100644 packages/scure-sr25519/.gitignore create mode 100644 packages/scure-sr25519/README.md create mode 100644 packages/scure-sr25519/lib/esm/index.d.ts create mode 100644 packages/scure-sr25519/lib/esm/index.d.ts.map create mode 100644 packages/scure-sr25519/lib/esm/index.js create mode 100644 packages/scure-sr25519/lib/esm/index.js.map create mode 100644 packages/scure-sr25519/lib/esm/package.json create mode 100644 packages/scure-sr25519/lib/index.d.ts create mode 100644 packages/scure-sr25519/lib/index.d.ts.map create mode 100644 packages/scure-sr25519/lib/index.js create mode 100644 packages/scure-sr25519/lib/index.js.map create mode 100644 packages/scure-sr25519/package.json diff --git a/packages/scure-sr25519/.gitignore b/packages/scure-sr25519/.gitignore new file mode 100644 index 0000000..552f221 --- /dev/null +++ b/packages/scure-sr25519/.gitignore @@ -0,0 +1,2 @@ +node_modules/ +*.log diff --git a/packages/scure-sr25519/README.md b/packages/scure-sr25519/README.md new file mode 100644 index 0000000..0637715 --- /dev/null +++ b/packages/scure-sr25519/README.md @@ -0,0 +1,35 @@ +# @pezkuwi/scure-sr25519 + +SR25519 cryptography for PezkuwiChain with **bizinikiwi** signing context. + +Fork of [@scure/sr25519](https://github.com/paulmillr/scure-sr25519) with PezkuwiChain-specific signing context. + +## Installation + +```bash +npm install @pezkuwi/scure-sr25519 +``` + +## Usage + +```javascript +import { getPublicKey, sign, verify, secretFromSeed } from '@pezkuwi/scure-sr25519'; + +// Generate keypair from 32-byte seed +const secret = secretFromSeed(seed); +const publicKey = getPublicKey(secret); + +// Sign message +const signature = sign(secret, message); + +// Verify +const valid = verify(message, signature, publicKey); +``` + +## Difference from @scure/sr25519 + +This package uses `bizinikiwi` as the signing context instead of `substrate`. + +## License + +MIT diff --git a/packages/scure-sr25519/lib/esm/index.d.ts b/packages/scure-sr25519/lib/esm/index.d.ts new file mode 100644 index 0000000..706c74b --- /dev/null +++ b/packages/scure-sr25519/lib/esm/index.d.ts @@ -0,0 +1,64 @@ +import { RistrettoPoint } from '@noble/curves/ed25519.js'; +type Point = typeof RistrettoPoint.BASE; +type Data = string | Uint8Array; +export type RNG = (bytes: number) => Uint8Array; +declare class Strobe128 { + state: Uint8Array; + state32: Uint32Array; + pos: number; + posBegin: number; + curFlags: number; + constructor(protocolLabel: Data); + private keccakF1600; + private runF; + private absorb; + private squeeze; + private overwrite; + private beginOp; + metaAD(data: Data, more: boolean): void; + AD(data: Data, more: boolean): void; + PRF(len: number, more: boolean): Uint8Array; + KEY(data: Data, more: boolean): void; + clone(): Strobe128; + clean(): void; +} +declare class Merlin { + strobe: Strobe128; + constructor(label: Data); + appendMessage(label: Data, message: Data): void; + challengeBytes(label: Data, len: number): Uint8Array; + clean(): void; +} +declare class SigningContext extends Merlin { + private rng; + constructor(name: string, rng?: RNG); + label(label: Data): void; + bytes(bytes: Uint8Array): this; + protoName(label: Data): void; + commitPoint(label: Data, point: Point): void; + challengeScalar(label: Data): bigint; + witnessScalar(label: Data, nonceSeeds?: Uint8Array[]): bigint; + witnessBytes(label: Data, len: number, nonceSeeds?: Uint8Array[]): Uint8Array; +} +export declare function getPublicKey(secretKey: Uint8Array): Uint8Array; +export declare function secretFromSeed(seed: Uint8Array): Uint8Array; +export declare function fromKeypair(pair: Uint8Array): Uint8Array; +export declare function sign(secretKey: Uint8Array, message: Uint8Array, rng?: RNG): Uint8Array; +export declare function verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean; +export declare function getSharedSecret(secretKey: Uint8Array, publicKey: Uint8Array): Uint8Array; +export declare const HDKD: { + secretSoft(secretKey: Uint8Array, chainCode: Uint8Array, rng?: RNG): Uint8Array; + publicSoft(publicKey: Uint8Array, chainCode: Uint8Array): Uint8Array; + secretHard(secretKey: Uint8Array, chainCode: Uint8Array): Uint8Array; +}; +export declare const vrf: { + sign(msg: Uint8Array, secretKey: Uint8Array, ctx: Uint8Array, extra: Uint8Array, rng: RNG): Uint8Array; + verify(msg: Uint8Array, signature: Uint8Array, publicKey: Uint8Array, ctx?: Uint8Array, extra?: Uint8Array, rng?: RNG): boolean; +}; +export declare const __tests: { + Strobe128: typeof Strobe128; + Merlin: typeof Merlin; + SigningContext: typeof SigningContext; +}; +export {}; +//# sourceMappingURL=index.d.ts.map \ No newline at end of file diff --git a/packages/scure-sr25519/lib/esm/index.d.ts.map b/packages/scure-sr25519/lib/esm/index.d.ts.map new file mode 100644 index 0000000..31c2c5c --- /dev/null +++ b/packages/scure-sr25519/lib/esm/index.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../index.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAW,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAQnE,KAAK,KAAK,GAAG,OAAO,cAAc,CAAC,IAAI,CAAC;AACxC,KAAK,IAAI,GAAG,MAAM,GAAG,UAAU,CAAC;AAChC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,UAAU,CAAC;AAiDhD,cAAM,SAAS;IACb,KAAK,EAAE,UAAU,CAAuB;IACxC,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,MAAM,CAAK;IAChB,QAAQ,EAAE,MAAM,CAAK;IACrB,QAAQ,EAAE,MAAM,CAAK;gBACT,aAAa,EAAE,IAAI;IAO/B,OAAO,CAAC,WAAW;IAGnB,OAAO,CAAC,IAAI;IASZ,OAAO,CAAC,MAAM;IAOd,OAAO,CAAC,OAAO;IASf,OAAO,CAAC,SAAS;IAMjB,OAAO,CAAC,OAAO;IAkBf,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI;IAIvC,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI;IAInC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,UAAU;IAI3C,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI;IAKpC,KAAK,IAAI,SAAS;IAQlB,KAAK,IAAI,IAAI;CAMd;AAKD,cAAM,MAAM;IACV,MAAM,EAAE,SAAS,CAAC;gBACN,KAAK,EAAE,IAAI;IAIvB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,GAAG,IAAI;IAM/C,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,GAAG,UAAU;IAMpD,KAAK,IAAI,IAAI;CAGd;AAGD,cAAM,cAAe,SAAQ,MAAM;IACjC,OAAO,CAAC,GAAG,CAAM;gBACL,IAAI,EAAE,MAAM,EAAE,GAAG,GAAE,GAAiB;IAIhD,KAAK,CAAC,KAAK,EAAE,IAAI,GAAG,IAAI;IAGxB,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAI9B,SAAS,CAAC,KAAK,EAAE,IAAI,GAAG,IAAI;IAG5B,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,GAAG,IAAI;IAG5C,eAAe,CAAC,KAAK,EAAE,IAAI,GAAG,MAAM;IAGpC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,UAAU,GAAE,UAAU,EAAO,GAAG,MAAM;IAGjE,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,GAAE,UAAU,EAAO,GAAG,UAAU;CAelF;AAUD,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU,CAI9D;AACD,wBAAgB,cAAc,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAa3D;AAGD,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAUxD;AAID,wBAAgB,IAAI,CAClB,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,GAAG,GAAE,GAAiB,GACrB,UAAU,CAoBZ;AACD,wBAAgB,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAwBjG;AACD,wBAAgB,eAAe,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAOxF;AAGD,eAAO,MAAM,IAAI,EAAE;IACjB,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,UAAU,CAAC;IAChF,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAAC;IACrE,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAAC;CAmDtE,CAAC;AA4DF,eAAO,MAAM,GAAG,EAAE;IAChB,IAAI,CACF,GAAG,EAAE,UAAU,EACf,SAAS,EAAE,UAAU,EACrB,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,GAAG,GACP,UAAU,CAAC;IACd,MAAM,CACJ,GAAG,EAAE,UAAU,EACf,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,UAAU,EACrB,GAAG,CAAC,EAAE,UAAU,EAChB,KAAK,CAAC,EAAE,UAAU,EAClB,GAAG,CAAC,EAAE,GAAG,GACR,OAAO,CAAC;CAoDZ,CAAC;AAGF,eAAO,MAAM,OAAO,EAAE;IACpB,SAAS,EAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,EAAE,OAAO,MAAM,CAAC;IACtB,cAAc,EAAE,OAAO,cAAc,CAAC;CAKvC,CAAC"} \ No newline at end of file diff --git a/packages/scure-sr25519/lib/esm/index.js b/packages/scure-sr25519/lib/esm/index.js new file mode 100644 index 0000000..ceb4316 --- /dev/null +++ b/packages/scure-sr25519/lib/esm/index.js @@ -0,0 +1,472 @@ +/** + * Minimal JS implementation of sr25519 cryptography for Polkadot. + * + * Uses [Merlin](https://merlin.cool/index.html), + * a transcript construction, built on [Strobe](https://strobe.sourceforge.io). + * Merlin ensures two parties agree on the same state when communicating. + * + * More: https://wiki.polkadot.network/docs/learn-cryptography. + */ +import { mod } from '@noble/curves/abstract/modular.js'; +import { aInRange, bitMask, bytesToNumberLE, equalBytes, isBytes, numberToBytesLE, } from '@noble/curves/abstract/utils.js'; +import { ed25519, RistrettoPoint } from '@noble/curves/ed25519.js'; +import { keccakP } from '@noble/hashes/sha3.js'; +import { sha512 } from '@noble/hashes/sha512.js'; +import { concatBytes, randomBytes, u32, utf8ToBytes } from '@noble/hashes/utils.js'; +// prettier-ignore +const _0n = BigInt(0), _3n = BigInt(3); +function toData(d) { + if (typeof d === 'string') + return utf8ToBytes(d); + if (isBytes(d)) + return d; + throw new Error('Wrong data'); +} +// Could've used bytes from hashes/assert, but we add extra arg +function abytes(title, b, ...lengths) { + if (!isBytes(b)) + throw new Error(`${title}: Uint8Array expected`); + if (lengths.length && !lengths.includes(b.length)) + throw new Error(`${title}: Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function checkU32(title, n) { + if (!Number.isSafeInteger(n) || n < 0 || n > 4294967295) + throw new Error(`${title}: wrong u32 integer: ${n}`); + return n; +} +function cleanBytes(...list) { + for (const t of list) + t.fill(0); +} +const EMPTY = Uint8Array.of(); +const CURVE_ORDER = ed25519.CURVE.n; +function parseScalar(title, bytes) { + abytes(title, bytes, 32); + const n = bytesToNumberLE(bytes); + aInRange(title, n, _0n, CURVE_ORDER); + return n; +} +const modN = (n) => mod(n, CURVE_ORDER); +// STROBE128 (minimal version required for Merlin) +// - https://strobe.sourceforge.io/specs/ +// We can implement full version, but seems nobody uses this much. +const STROBE_R = 166; +const Flags = { + I: 1, + A: 1 << 1, + C: 1 << 2, + T: 1 << 3, + M: 1 << 4, + K: 1 << 5, +}; +// Differences: suffix, additional methods/flags +class Strobe128 { + constructor(protocolLabel) { + this.state = new Uint8Array(200); + this.pos = 0; + this.posBegin = 0; + this.curFlags = 0; + this.state.set([1, STROBE_R + 2, 1, 0, 1, 96], 0); + this.state.set(utf8ToBytes('STROBEv1.0.2'), 6); + this.state32 = u32(this.state); + this.keccakF1600(); + this.metaAD(protocolLabel, false); + } + keccakF1600() { + keccakP(this.state32); + } + runF() { + this.state[this.pos] ^= this.posBegin; + this.state[this.pos + 1] ^= 0x04; + this.state[STROBE_R + 1] ^= 0x80; + this.keccakF1600(); + this.pos = 0; + this.posBegin = 0; + } + // keccak.update() + absorb(data) { + for (let i = 0; i < data.length; i++) { + this.state[this.pos++] ^= data[i]; + if (this.pos === STROBE_R) + this.runF(); + } + } + // keccak.xof() + squeeze(len) { + const data = new Uint8Array(len); + for (let i = 0; i < data.length; i++) { + data[i] = this.state[this.pos]; + this.state[this.pos++] = 0; + if (this.pos === STROBE_R) + this.runF(); + } + return data; + } + overwrite(data) { + for (let i = 0; i < data.length; i++) { + this.state[this.pos++] = data[i]; + if (this.pos === STROBE_R) + this.runF(); + } + } + beginOp(flags, more) { + if (more) { + if (this.curFlags !== flags) { + throw new Error(`Continued op with changed flags from ${this.curFlags.toString(2)} to ${flags.toString(2)}`); + } + return; + } + if ((flags & Flags.T) !== 0) + throw new Error('T flag is not supported'); + const oldBegin = this.posBegin; + this.posBegin = this.pos + 1; + this.curFlags = flags; + this.absorb(new Uint8Array([oldBegin, flags])); + const forceF = (flags & (Flags.C | Flags.K)) !== 0; + if (forceF && this.pos !== 0) + this.runF(); + } + // Public API + metaAD(data, more) { + this.beginOp(Flags.M | Flags.A, more); + this.absorb(toData(data)); + } + AD(data, more) { + this.beginOp(Flags.A, more); + this.absorb(toData(data)); + } + PRF(len, more) { + this.beginOp(Flags.I | Flags.A | Flags.C, more); + return this.squeeze(len); + } + KEY(data, more) { + this.beginOp(Flags.A | Flags.C, more); + this.overwrite(toData(data)); + } + // Utils + clone() { + const n = new Strobe128('0'); // tmp + n.pos = this.pos; + n.posBegin = this.posBegin; + n.state.set(this.state); + n.curFlags = this.curFlags; + return n; + } + clean() { + this.state.fill(0); // also clears state32, because same buffer + this.pos = 0; + this.curFlags = 0; + this.posBegin = 0; + } +} +// /STROBE128 +// Merlin +// https://merlin.cool/index.html +class Merlin { + constructor(label) { + this.strobe = new Strobe128('Merlin v1.0'); + this.appendMessage('dom-sep', label); + } + appendMessage(label, message) { + this.strobe.metaAD(label, false); + checkU32('Merlin.appendMessage', message.length); + this.strobe.metaAD(numberToBytesLE(message.length, 4), true); + this.strobe.AD(message, false); + } + challengeBytes(label, len) { + this.strobe.metaAD(label, false); + checkU32('Merlin.challengeBytes', len); + this.strobe.metaAD(numberToBytesLE(len, 4), true); + return this.strobe.PRF(len, false); + } + clean() { + this.strobe.clean(); + } +} +// /Merlin +// Merlin signging context/transcript (sr25519 specific stuff, Merlin and Strobe are generic (but minimal)) +class SigningContext extends Merlin { + constructor(name, rng = randomBytes) { + super(name); + this.rng = rng; + } + label(label) { + this.appendMessage('', label); + } + bytes(bytes) { + this.appendMessage('sign-bytes', bytes); + return this; + } + protoName(label) { + this.appendMessage('proto-name', label); + } + commitPoint(label, point) { + this.appendMessage(label, point.toRawBytes()); + } + challengeScalar(label) { + return modN(bytesToNumberLE(this.challengeBytes(label, 64))); + } + witnessScalar(label, nonceSeeds = []) { + return modN(bytesToNumberLE(this.witnessBytes(label, 64, nonceSeeds))); + } + witnessBytes(label, len, nonceSeeds = []) { + checkU32('SigningContext.witnessBytes', len); + const strobeRng = this.strobe.clone(); + for (const ns of nonceSeeds) { + strobeRng.metaAD(label, false); + checkU32('SigningContext.witnessBytes nonce length', ns.length); + strobeRng.metaAD(numberToBytesLE(ns.length, 4), true); + strobeRng.KEY(ns, false); + } + const random = this.rng(32); + strobeRng.metaAD('rng', false); + strobeRng.KEY(random, false); + strobeRng.metaAD(numberToBytesLE(len, 4), false); + return strobeRng.PRF(len, false); + } +} +// /Merlin signing context +const MASK = bitMask(256); +// == (n * CURVE.h) % CURVE_BIT_MASK +const encodeScalar = (n) => numberToBytesLE((n << _3n) & MASK, 32); +// n / CURVE.h +const decodeScalar = (n) => bytesToNumberLE(n) >> _3n; +// NOTE: secretKey is 64 bytes (key + nonce). This required for HDKD, since key can be derived not only from seed, but from other keys. +export function getPublicKey(secretKey) { + abytes('secretKey', secretKey, 64); + const scalar = decodeScalar(secretKey.subarray(0, 32)); + return RistrettoPoint.BASE.multiply(scalar).toRawBytes(); +} +export function secretFromSeed(seed) { + abytes('seed', seed, 32); + const r = sha512(seed); + // NOTE: different from ed25519 + r[0] &= 248; + r[31] &= 63; + r[31] |= 64; + // this will strip upper 3 bits and lower 3 bits + const key = encodeScalar(decodeScalar(r.subarray(0, 32))); + const nonce = r.subarray(32, 64); + const res = concatBytes(key, nonce); + cleanBytes(key, nonce, r); + return res; +} +// Seems like ed25519 keypair? Generates keypair from other keypair in ed25519 format +// NOTE: not exported from wasm. Do we need this at all? +export function fromKeypair(pair) { + abytes('keypair', pair, 96); + const sk = pair.subarray(0, 32); + const nonce = pair.subarray(32, 64); + const pubBytes = pair.subarray(64, 96); + const key = encodeScalar(bytesToNumberLE(sk)); + const realPub = getPublicKey(pair.subarray(0, 64)); + if (!equalBytes(pubBytes, realPub)) + throw new Error('wrong public key'); + // No need to clean since subarray's + return concatBytes(key, nonce, realPub); +} +// Basic sign. NOTE: context is currently constant. Please open issue if you need different one. +const BIZINIKIWI_CONTEXT = utf8ToBytes('bizinikiwi'); +export function sign(secretKey, message, rng = randomBytes) { + abytes('message', message); + abytes('secretKey', secretKey, 64); + const t = new SigningContext('SigningContext', rng); + t.label(BIZINIKIWI_CONTEXT); + t.bytes(message); + const keyScalar = decodeScalar(secretKey.subarray(0, 32)); + const nonce = secretKey.subarray(32, 64); + const pubPoint = RistrettoPoint.fromHex(getPublicKey(secretKey)); + t.protoName('Schnorr-sig'); + t.commitPoint('sign:pk', pubPoint); + const r = t.witnessScalar('signing', [nonce]); + const R = RistrettoPoint.BASE.multiply(r); + t.commitPoint('sign:R', R); + const k = t.challengeScalar('sign:c'); + const s = modN(k * keyScalar + r); + const res = concatBytes(R.toRawBytes(), numberToBytesLE(s, 32)); + res[63] |= 128; // add Schnorrkel marker + t.clean(); + return res; +} +export function verify(message, signature, publicKey) { + abytes('message', message); + abytes('signature', signature, 64); + abytes('publicKey', publicKey, 32); + if ((signature[63] & 128) === 0) + throw new Error('Schnorrkel marker missing'); + const sBytes = Uint8Array.from(signature.subarray(32, 64)); // copy before modification + sBytes[31] &= 127; // remove Schnorrkel marker + const R = RistrettoPoint.fromHex(signature.subarray(0, 32)); + const s = bytesToNumberLE(sBytes); + aInRange('s', s, _0n, CURVE_ORDER); // Just in case, it will be checked at multiplication later + const t = new SigningContext('SigningContext'); + t.label(BIZINIKIWI_CONTEXT); + t.bytes(message); + const pubPoint = RistrettoPoint.fromHex(publicKey); + if (pubPoint.equals(RistrettoPoint.ZERO)) + return false; + t.protoName('Schnorr-sig'); + t.commitPoint('sign:pk', pubPoint); + t.commitPoint('sign:R', R); + const k = t.challengeScalar('sign:c'); + const sP = RistrettoPoint.BASE.multiply(s); + const RR = pubPoint.negate().multiply(k).add(sP); + t.clean(); + cleanBytes(sBytes); + return RR.equals(R); +} +export function getSharedSecret(secretKey, publicKey) { + abytes('secretKey', secretKey, 64); + abytes('publicKey', publicKey, 32); + const keyScalar = decodeScalar(secretKey.subarray(0, 32)); + const pubPoint = RistrettoPoint.fromHex(publicKey); + if (pubPoint.equals(RistrettoPoint.ZERO)) + throw new Error('wrong public key (infinity)'); + return pubPoint.multiply(keyScalar).toRawBytes(); +} +// Derive +export const HDKD = { + secretSoft(secretKey, chainCode, rng = randomBytes) { + abytes('secretKey', secretKey, 64); + abytes('chainCode', chainCode, 32); + const masterScalar = decodeScalar(secretKey.subarray(0, 32)); + const masterNonce = secretKey.subarray(32, 64); + const pubPoint = RistrettoPoint.fromHex(getPublicKey(secretKey)); + const t = new SigningContext('SchnorrRistrettoHDKD', rng); + t.bytes(EMPTY); + t.appendMessage('chain-code', chainCode); + t.commitPoint('public-key', pubPoint); + const scalar = t.challengeScalar('HDKD-scalar'); + const hdkdChainCode = t.challengeBytes('HDKD-chaincode', 32); + const nonceSeed = concatBytes(numberToBytesLE(masterScalar, 32), masterNonce); + const nonce = t.witnessBytes('HDKD-nonce', 32, [masterNonce, nonceSeed]); + const key = encodeScalar(modN(masterScalar + scalar)); + const res = concatBytes(key, nonce); + cleanBytes(key, nonce, nonceSeed, hdkdChainCode); + t.clean(); + return res; + }, + publicSoft(publicKey, chainCode) { + abytes('publicKey', publicKey, 32); + abytes('chainCode', chainCode, 32); + const pubPoint = RistrettoPoint.fromHex(publicKey); + const t = new SigningContext('SchnorrRistrettoHDKD'); + t.bytes(EMPTY); + t.appendMessage('chain-code', chainCode); + t.commitPoint('public-key', pubPoint); + const scalar = t.challengeScalar('HDKD-scalar'); + t.challengeBytes('HDKD-chaincode', 32); + t.clean(); + return pubPoint.add(RistrettoPoint.BASE.multiply(scalar)).toRawBytes(); + }, + secretHard(secretKey, chainCode) { + abytes('secretKey', secretKey, 64); + abytes('chainCode', chainCode, 32); + const key = numberToBytesLE(decodeScalar(secretKey.subarray(0, 32)), 32); + const t = new SigningContext('SchnorrRistrettoHDKD'); + t.bytes(EMPTY); + t.appendMessage('chain-code', chainCode); + t.appendMessage('secret-key', key); + const msk = t.challengeBytes('HDKD-hard', 32); + const hdkdChainCode = t.challengeBytes('HDKD-chaincode', 32); + t.clean(); + const res = secretFromSeed(msk); + cleanBytes(key, msk, hdkdChainCode); + t.clean(); + return res; + }, +}; +const dleq = { + proove(keyScalar, nonce, pubPoint, t, input, output) { + t.protoName('DLEQProof'); + t.commitPoint('vrf:h', input); + const r = t.witnessScalar(`proving${'\0'}0`, [nonce]); + const R = RistrettoPoint.BASE.multiply(r); + t.commitPoint('vrf:R=g^r', R); + const Hr = input.multiply(r); + t.commitPoint('vrf:h^r', Hr); + t.commitPoint('vrf:pk', pubPoint); + t.commitPoint('vrf:h^sk', output); + const c = t.challengeScalar('prove'); + const s = modN(r - c * keyScalar); + return { proof: { c, s }, proofBatchable: { R, Hr, s } }; + }, + verify(pubPoint, t, input, output, proof) { + if (pubPoint.equals(RistrettoPoint.ZERO)) + return false; + t.protoName('DLEQProof'); + t.commitPoint('vrf:h', input); + const R = pubPoint.multiply(proof.c).add(RistrettoPoint.BASE.multiply(proof.s)); + t.commitPoint('vrf:R=g^r', R); + const Hr = output.multiply(proof.c).add(input.multiply(proof.s)); + t.commitPoint('vrf:h^r', Hr); + t.commitPoint('vrf:pk', pubPoint); + t.commitPoint('vrf:h^sk', output); + const realC = t.challengeScalar('prove'); + if (proof.c === realC) + return { R, Hr, s: proof.s }; // proofBatchable + return false; + }, +}; +// VRF: Verifiable Random Function +function initVRF(ctx, msg, extra, pubPoint, rng = randomBytes) { + const t = new SigningContext('SigningContext', rng); + t.label(ctx); + t.bytes(msg); + t.commitPoint('vrf-nm-pk', pubPoint); + const hash = t.challengeBytes('VRFHash', 64); + const input = RistrettoPoint.hashToCurve(hash); + const transcript = new SigningContext('VRF', rng); + if (extra.length) + transcript.label(extra); + t.clean(); + cleanBytes(hash); + return { input, t: transcript }; +} +export const vrf = { + sign(msg, secretKey, ctx = EMPTY, extra = EMPTY, rng = randomBytes) { + abytes('msg', msg); + abytes('secretKey', secretKey, 64); + abytes('ctx', ctx); + abytes('extra', extra); + const keyScalar = decodeScalar(secretKey.subarray(0, 32)); + const nonce = secretKey.subarray(32, 64); + const pubPoint = RistrettoPoint.fromHex(getPublicKey(secretKey)); + const { input, t } = initVRF(ctx, msg, extra, pubPoint, rng); + const output = input.multiply(keyScalar); + const p = { input, output }; + const { proof } = dleq.proove(keyScalar, nonce, pubPoint, t, input, output); + const cBytes = numberToBytesLE(proof.c, 32); + const sBytes = numberToBytesLE(proof.s, 32); + const res = concatBytes(p.output.toRawBytes(), cBytes, sBytes); + cleanBytes(nonce, cBytes, sBytes); + return res; + }, + verify(msg, signature, publicKey, ctx = EMPTY, extra = EMPTY, rng = randomBytes) { + abytes('msg', msg); + abytes('signature', signature, 96); // O(point) || c(scalar) || s(scalar) + abytes('pubkey', publicKey, 32); + abytes('ctx', ctx); + abytes('extra', extra); + const pubPoint = RistrettoPoint.fromHex(publicKey); + if (pubPoint.equals(RistrettoPoint.ZERO)) + return false; + const proof = { + c: parseScalar('signature.c', signature.subarray(32, 64)), + s: parseScalar('signature.s', signature.subarray(64, 96)), + }; + const { input, t } = initVRF(ctx, msg, extra, pubPoint, rng); + const output = RistrettoPoint.fromHex(signature.subarray(0, 32)); + if (output.equals(RistrettoPoint.ZERO)) + throw new Error('vrf.verify: wrong output point (identity)'); + const proofBatchable = dleq.verify(pubPoint, t, input, output, proof); + return proofBatchable === false ? false : true; + }, +}; +// NOTE: for tests only, don't use +export const __tests = { + Strobe128, + Merlin, + SigningContext, +}; +//# sourceMappingURL=index.js.map \ No newline at end of file diff --git a/packages/scure-sr25519/lib/esm/index.js.map b/packages/scure-sr25519/lib/esm/index.js.map new file mode 100644 index 0000000..180f695 --- /dev/null +++ b/packages/scure-sr25519/lib/esm/index.js.map @@ -0,0 +1 @@ +{"version":3,"file":"index.js","sourceRoot":"","sources":["../../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,GAAG,EAAE,MAAM,mCAAmC,CAAC;AACxD,OAAO,EACL,QAAQ,EACR,OAAO,EACP,eAAe,EACf,UAAU,EACV,OAAO,EACP,eAAe,GAChB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAEpF,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAMvC,SAAS,MAAM,CAAC,CAAO;IACrB,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC;IACjD,IAAI,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACzB,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;AAChC,CAAC;AACD,+DAA+D;AAC/D,SAAS,MAAM,CAAC,KAAa,EAAE,CAAa,EAAE,GAAG,OAAiB;IAChE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,uBAAuB,CAAC,CAAC;IAClE,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,mCAAmC,OAAO,mBAAmB,CAAC,CAAC,MAAM,EAAE,CAChF,CAAC;AACN,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,CAAS;IACxC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,UAAa;QACxD,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,wBAAwB,CAAC,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,GAAG,IAAkB;IACvC,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,EAAE,CAAC;AAC9B,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AACpC,SAAS,WAAW,CAAC,KAAa,EAAE,KAAiB;IACnD,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACzB,MAAM,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,QAAQ,CAAC,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IACrC,OAAO,CAAC,CAAC;AACX,CAAC;AACD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;AAChD,kDAAkD;AAClD,yCAAyC;AACzC,kEAAkE;AAClE,MAAM,QAAQ,GAAW,GAAG,CAAC;AAC7B,MAAM,KAAK,GAAG;IACZ,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;CACD,CAAC;AAEX,gDAAgD;AAChD,MAAM,SAAS;IAMb,YAAY,aAAmB;QAL/B,UAAK,GAAe,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QAExC,QAAG,GAAW,CAAC,CAAC;QAChB,aAAQ,GAAW,CAAC,CAAC;QACrB,aAAQ,GAAW,CAAC,CAAC;QAEnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IACO,WAAW;QACjB,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IACO,IAAI;QACV,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QACjC,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QACb,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,kBAAkB;IACV,MAAM,CAAC,IAAgB;QAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IACD,eAAe;IACP,OAAO,CAAC,GAAW;QACzB,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;YAC3B,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACO,SAAS,CAAC,IAAgB;QAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IACO,OAAO,CAAC,KAAa,EAAE,IAAa;QAC1C,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,wCAAwC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAC5F,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;IACD,aAAa;IACb,MAAM,CAAC,IAAU,EAAE,IAAa;QAC9B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,EAAE,CAAC,IAAU,EAAE,IAAa;QAC1B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC5B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,GAAG,CAAC,GAAW,EAAE,IAAa;QAC5B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IACD,GAAG,CAAC,IAAU,EAAE,IAAa;QAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,QAAQ;IACR,KAAK;QACH,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;QACpC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,OAAO,CAAC,CAAC;IACX,CAAC;IACD,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,2CAA2C;QAC/D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QACb,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;IACpB,CAAC;CACF;AACD,aAAa;AAEb,SAAS;AACT,iCAAiC;AACjC,MAAM,MAAM;IAEV,YAAY,KAAW;QACrB,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CAAC,aAAa,CAAC,CAAC;QAC3C,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC;IACD,aAAa,CAAC,KAAW,EAAE,OAAa;QACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACjC,CAAC;IACD,cAAc,CAAC,KAAW,EAAE,GAAW;QACrC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,QAAQ,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IACD,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF;AACD,UAAU;AACV,2GAA2G;AAC3G,MAAM,cAAe,SAAQ,MAAM;IAEjC,YAAY,IAAY,EAAE,MAAW,WAAW;QAC9C,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IACD,KAAK,CAAC,KAAW;QACf,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC;IACD,KAAK,CAAC,KAAiB;QACrB,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,SAAS,CAAC,KAAW;QACnB,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,WAAW,CAAC,KAAW,EAAE,KAAY;QACnC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,eAAe,CAAC,KAAW;QACzB,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,aAAa,CAAC,KAAW,EAAE,aAA2B,EAAE;QACtD,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACzE,CAAC;IACD,YAAY,CAAC,KAAW,EAAE,GAAW,EAAE,aAA2B,EAAE;QAClE,QAAQ,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/B,QAAQ,CAAC,0CAA0C,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAChE,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YACtD,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/B,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7B,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;CACF;AACD,0BAA0B;AAE1B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;AAC1B,oCAAoC;AACpC,MAAM,YAAY,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,CAAC,CAAC;AAC3E,cAAc;AACd,MAAM,YAAY,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;AAElE,uIAAuI;AACvI,MAAM,UAAU,YAAY,CAAC,SAAqB;IAChD,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACvD,OAAO,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,CAAC;AAC3D,CAAC;AACD,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC7C,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACzB,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACvB,+BAA+B;IAC/B,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IACZ,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACZ,gDAAgD;IAChD,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACpC,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1B,OAAO,GAAG,CAAC;AACb,CAAC;AACD,qFAAqF;AACrF,wDAAwD;AACxD,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,YAAY,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACxE,oCAAoC;IACpC,OAAO,WAAW,CAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,gGAAgG;AAChG,MAAM,iBAAiB,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;AACnD,MAAM,UAAU,IAAI,CAClB,SAAqB,EACrB,OAAmB,EACnB,MAAW,WAAW;IAEtB,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3B,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACpD,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9C,MAAM,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,CAAC,UAAU,EAAE,EAAE,eAAe,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAChE,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,wBAAwB;IACxC,CAAC,CAAC,KAAK,EAAE,CAAC;IACV,OAAO,GAAG,CAAC;AACb,CAAC;AACD,MAAM,UAAU,MAAM,CAAC,OAAmB,EAAE,SAAqB,EAAE,SAAqB;IACtF,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3B,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,GAAW,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACvF,MAAM,CAAC,EAAE,CAAC,IAAI,GAAW,CAAC,CAAC,2BAA2B;IACtD,MAAM,CAAC,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5D,MAAM,CAAC,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAClC,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,2DAA2D;IAC/F,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,KAAK,EAAE,CAAC;IACV,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC;AACD,MAAM,UAAU,eAAe,CAAC,SAAqB,EAAE,SAAqB;IAC1E,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACzF,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,UAAU,EAAE,CAAC;AACnD,CAAC;AAED,SAAS;AACT,MAAM,CAAC,MAAM,IAAI,GAIb;IACF,UAAU,CAAC,SAAqB,EAAE,SAAqB,EAAE,MAAW,WAAW;QAC7E,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,YAAY,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;QAC1D,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAChD,MAAM,aAAa,GAAG,CAAC,CAAC,cAAc,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,WAAW,CAAC,eAAe,CAAC,YAAY,EAAE,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QAC9E,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,YAAY,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QACzE,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACpC,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;QACjD,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,OAAO,GAAG,CAAC;IACb,CAAC;IACD,UAAU,CAAC,SAAqB,EAAE,SAAqB;QACrD,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,sBAAsB,CAAC,CAAC;QACrD,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAChD,CAAC,CAAC,cAAc,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QACvC,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,OAAO,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;IACzE,CAAC;IACD,UAAU,CAAC,SAAqB,EAAE,SAAqB;QACrD,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,eAAe,CAAC,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,sBAAsB,CAAC,CAAC;QACrD,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,CAAC,CAAC,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC9C,MAAM,aAAa,GAAG,CAAC,CAAC,cAAc,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAChC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;QACpC,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,OAAO,GAAG,CAAC;IACb,CAAC;CACF,CAAC;AAGF,MAAM,IAAI,GAAG;IACX,MAAM,CACJ,SAAiB,EACjB,KAAiB,EACjB,QAAe,EACf,CAAiB,EACjB,KAAY,EACZ,MAAa;QAEb,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACzB,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QACtD,MAAM,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,EAAW,EAAE,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;IACpE,CAAC;IACD,MAAM,CAAC,QAAe,EAAE,CAAiB,EAAE,KAAY,EAAE,MAAa,EAAE,KAAY;QAClF,IAAI,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACzB,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAChF,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,KAAK,CAAC,CAAC,KAAK,KAAK;YAAE,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,iBAAiB;QACtE,OAAO,KAAK,CAAC;IACf,CAAC;CACF,CAAC;AACF,kCAAkC;AAClC,SAAS,OAAO,CACd,GAAe,EACf,GAAe,EACf,KAAiB,EACjB,QAAe,EACf,MAAW,WAAW;IAEtB,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACpD,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACb,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACb,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,CAAC,CAAC,cAAc,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,MAAM;QAAE,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,KAAK,EAAE,CAAC;IACV,UAAU,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;AAClC,CAAC;AACD,MAAM,CAAC,MAAM,GAAG,GAgBZ;IACF,IAAI,CACF,GAAe,EACf,SAAqB,EACrB,MAAkB,KAAK,EACvB,QAAoB,KAAK,EACzB,MAAW,WAAW;QAEtB,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvB,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;QACjE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/D,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAClC,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,CACJ,GAAe,EACf,SAAqB,EACrB,SAAqB,EACrB,MAAkB,KAAK,EACvB,QAAoB,KAAK,EACzB,MAAW,WAAW;QAEtB,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,qCAAqC;QACzE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvB,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,MAAM,KAAK,GAAU;YACnB,CAAC,EAAE,WAAW,CAAC,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YACzD,CAAC,EAAE,WAAW,CAAC,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;SAC1D,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACjE,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACtE,OAAO,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IACjD,CAAC;CACF,CAAC;AAEF,kCAAkC;AAClC,MAAM,CAAC,MAAM,OAAO,GAIhB;IACF,SAAS;IACT,MAAM;IACN,cAAc;CACf,CAAC"} \ No newline at end of file diff --git a/packages/scure-sr25519/lib/esm/package.json b/packages/scure-sr25519/lib/esm/package.json new file mode 100644 index 0000000..84021b1 --- /dev/null +++ b/packages/scure-sr25519/lib/esm/package.json @@ -0,0 +1,6 @@ +{ + "type": "module", + "browser": { + "crypto": false + } +} diff --git a/packages/scure-sr25519/lib/index.d.ts b/packages/scure-sr25519/lib/index.d.ts new file mode 100644 index 0000000..706c74b --- /dev/null +++ b/packages/scure-sr25519/lib/index.d.ts @@ -0,0 +1,64 @@ +import { RistrettoPoint } from '@noble/curves/ed25519.js'; +type Point = typeof RistrettoPoint.BASE; +type Data = string | Uint8Array; +export type RNG = (bytes: number) => Uint8Array; +declare class Strobe128 { + state: Uint8Array; + state32: Uint32Array; + pos: number; + posBegin: number; + curFlags: number; + constructor(protocolLabel: Data); + private keccakF1600; + private runF; + private absorb; + private squeeze; + private overwrite; + private beginOp; + metaAD(data: Data, more: boolean): void; + AD(data: Data, more: boolean): void; + PRF(len: number, more: boolean): Uint8Array; + KEY(data: Data, more: boolean): void; + clone(): Strobe128; + clean(): void; +} +declare class Merlin { + strobe: Strobe128; + constructor(label: Data); + appendMessage(label: Data, message: Data): void; + challengeBytes(label: Data, len: number): Uint8Array; + clean(): void; +} +declare class SigningContext extends Merlin { + private rng; + constructor(name: string, rng?: RNG); + label(label: Data): void; + bytes(bytes: Uint8Array): this; + protoName(label: Data): void; + commitPoint(label: Data, point: Point): void; + challengeScalar(label: Data): bigint; + witnessScalar(label: Data, nonceSeeds?: Uint8Array[]): bigint; + witnessBytes(label: Data, len: number, nonceSeeds?: Uint8Array[]): Uint8Array; +} +export declare function getPublicKey(secretKey: Uint8Array): Uint8Array; +export declare function secretFromSeed(seed: Uint8Array): Uint8Array; +export declare function fromKeypair(pair: Uint8Array): Uint8Array; +export declare function sign(secretKey: Uint8Array, message: Uint8Array, rng?: RNG): Uint8Array; +export declare function verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean; +export declare function getSharedSecret(secretKey: Uint8Array, publicKey: Uint8Array): Uint8Array; +export declare const HDKD: { + secretSoft(secretKey: Uint8Array, chainCode: Uint8Array, rng?: RNG): Uint8Array; + publicSoft(publicKey: Uint8Array, chainCode: Uint8Array): Uint8Array; + secretHard(secretKey: Uint8Array, chainCode: Uint8Array): Uint8Array; +}; +export declare const vrf: { + sign(msg: Uint8Array, secretKey: Uint8Array, ctx: Uint8Array, extra: Uint8Array, rng: RNG): Uint8Array; + verify(msg: Uint8Array, signature: Uint8Array, publicKey: Uint8Array, ctx?: Uint8Array, extra?: Uint8Array, rng?: RNG): boolean; +}; +export declare const __tests: { + Strobe128: typeof Strobe128; + Merlin: typeof Merlin; + SigningContext: typeof SigningContext; +}; +export {}; +//# sourceMappingURL=index.d.ts.map \ No newline at end of file diff --git a/packages/scure-sr25519/lib/index.d.ts.map b/packages/scure-sr25519/lib/index.d.ts.map new file mode 100644 index 0000000..f7daa22 --- /dev/null +++ b/packages/scure-sr25519/lib/index.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAW,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAQnE,KAAK,KAAK,GAAG,OAAO,cAAc,CAAC,IAAI,CAAC;AACxC,KAAK,IAAI,GAAG,MAAM,GAAG,UAAU,CAAC;AAChC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,UAAU,CAAC;AAiDhD,cAAM,SAAS;IACb,KAAK,EAAE,UAAU,CAAuB;IACxC,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,MAAM,CAAK;IAChB,QAAQ,EAAE,MAAM,CAAK;IACrB,QAAQ,EAAE,MAAM,CAAK;gBACT,aAAa,EAAE,IAAI;IAO/B,OAAO,CAAC,WAAW;IAGnB,OAAO,CAAC,IAAI;IASZ,OAAO,CAAC,MAAM;IAOd,OAAO,CAAC,OAAO;IASf,OAAO,CAAC,SAAS;IAMjB,OAAO,CAAC,OAAO;IAkBf,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI;IAIvC,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI;IAInC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,UAAU;IAI3C,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI;IAKpC,KAAK,IAAI,SAAS;IAQlB,KAAK,IAAI,IAAI;CAMd;AAKD,cAAM,MAAM;IACV,MAAM,EAAE,SAAS,CAAC;gBACN,KAAK,EAAE,IAAI;IAIvB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,GAAG,IAAI;IAM/C,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,GAAG,UAAU;IAMpD,KAAK,IAAI,IAAI;CAGd;AAGD,cAAM,cAAe,SAAQ,MAAM;IACjC,OAAO,CAAC,GAAG,CAAM;gBACL,IAAI,EAAE,MAAM,EAAE,GAAG,GAAE,GAAiB;IAIhD,KAAK,CAAC,KAAK,EAAE,IAAI,GAAG,IAAI;IAGxB,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAI9B,SAAS,CAAC,KAAK,EAAE,IAAI,GAAG,IAAI;IAG5B,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,GAAG,IAAI;IAG5C,eAAe,CAAC,KAAK,EAAE,IAAI,GAAG,MAAM;IAGpC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,UAAU,GAAE,UAAU,EAAO,GAAG,MAAM;IAGjE,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,GAAE,UAAU,EAAO,GAAG,UAAU;CAelF;AAUD,wBAAgB,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU,CAI9D;AACD,wBAAgB,cAAc,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAa3D;AAGD,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAUxD;AAID,wBAAgB,IAAI,CAClB,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,GAAG,GAAE,GAAiB,GACrB,UAAU,CAoBZ;AACD,wBAAgB,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAwBjG;AACD,wBAAgB,eAAe,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAOxF;AAGD,eAAO,MAAM,IAAI,EAAE;IACjB,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,GAAG,GAAG,UAAU,CAAC;IAChF,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAAC;IACrE,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAAC;CAmDtE,CAAC;AA4DF,eAAO,MAAM,GAAG,EAAE;IAChB,IAAI,CACF,GAAG,EAAE,UAAU,EACf,SAAS,EAAE,UAAU,EACrB,GAAG,EAAE,UAAU,EACf,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,GAAG,GACP,UAAU,CAAC;IACd,MAAM,CACJ,GAAG,EAAE,UAAU,EACf,SAAS,EAAE,UAAU,EACrB,SAAS,EAAE,UAAU,EACrB,GAAG,CAAC,EAAE,UAAU,EAChB,KAAK,CAAC,EAAE,UAAU,EAClB,GAAG,CAAC,EAAE,GAAG,GACR,OAAO,CAAC;CAoDZ,CAAC;AAGF,eAAO,MAAM,OAAO,EAAE;IACpB,SAAS,EAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,EAAE,OAAO,MAAM,CAAC;IACtB,cAAc,EAAE,OAAO,cAAc,CAAC;CAKvC,CAAC"} \ No newline at end of file diff --git a/packages/scure-sr25519/lib/index.js b/packages/scure-sr25519/lib/index.js new file mode 100644 index 0000000..d4e4628 --- /dev/null +++ b/packages/scure-sr25519/lib/index.js @@ -0,0 +1,481 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.__tests = exports.vrf = exports.HDKD = void 0; +exports.getPublicKey = getPublicKey; +exports.secretFromSeed = secretFromSeed; +exports.fromKeypair = fromKeypair; +exports.sign = sign; +exports.verify = verify; +exports.getSharedSecret = getSharedSecret; +/** + * Minimal JS implementation of sr25519 cryptography for Polkadot. + * + * Uses [Merlin](https://merlin.cool/index.html), + * a transcript construction, built on [Strobe](https://strobe.sourceforge.io). + * Merlin ensures two parties agree on the same state when communicating. + * + * More: https://wiki.polkadot.network/docs/learn-cryptography. + */ +const modular_js_1 = require("@noble/curves/abstract/modular.js"); +const utils_js_1 = require("@noble/curves/abstract/utils.js"); +const ed25519_js_1 = require("@noble/curves/ed25519.js"); +const sha3_js_1 = require("@noble/hashes/sha3.js"); +const sha512_js_1 = require("@noble/hashes/sha512.js"); +const utils_js_2 = require("@noble/hashes/utils.js"); +// prettier-ignore +const _0n = BigInt(0), _3n = BigInt(3); +function toData(d) { + if (typeof d === 'string') + return (0, utils_js_2.utf8ToBytes)(d); + if ((0, utils_js_1.isBytes)(d)) + return d; + throw new Error('Wrong data'); +} +// Could've used bytes from hashes/assert, but we add extra arg +function abytes(title, b, ...lengths) { + if (!(0, utils_js_1.isBytes)(b)) + throw new Error(`${title}: Uint8Array expected`); + if (lengths.length && !lengths.includes(b.length)) + throw new Error(`${title}: Uint8Array expected of length ${lengths}, not of length=${b.length}`); +} +function checkU32(title, n) { + if (!Number.isSafeInteger(n) || n < 0 || n > 4294967295) + throw new Error(`${title}: wrong u32 integer: ${n}`); + return n; +} +function cleanBytes(...list) { + for (const t of list) + t.fill(0); +} +const EMPTY = Uint8Array.of(); +const CURVE_ORDER = ed25519_js_1.ed25519.CURVE.n; +function parseScalar(title, bytes) { + abytes(title, bytes, 32); + const n = (0, utils_js_1.bytesToNumberLE)(bytes); + (0, utils_js_1.aInRange)(title, n, _0n, CURVE_ORDER); + return n; +} +const modN = (n) => (0, modular_js_1.mod)(n, CURVE_ORDER); +// STROBE128 (minimal version required for Merlin) +// - https://strobe.sourceforge.io/specs/ +// We can implement full version, but seems nobody uses this much. +const STROBE_R = 166; +const Flags = { + I: 1, + A: 1 << 1, + C: 1 << 2, + T: 1 << 3, + M: 1 << 4, + K: 1 << 5, +}; +// Differences: suffix, additional methods/flags +class Strobe128 { + constructor(protocolLabel) { + this.state = new Uint8Array(200); + this.pos = 0; + this.posBegin = 0; + this.curFlags = 0; + this.state.set([1, STROBE_R + 2, 1, 0, 1, 96], 0); + this.state.set((0, utils_js_2.utf8ToBytes)('STROBEv1.0.2'), 6); + this.state32 = (0, utils_js_2.u32)(this.state); + this.keccakF1600(); + this.metaAD(protocolLabel, false); + } + keccakF1600() { + (0, sha3_js_1.keccakP)(this.state32); + } + runF() { + this.state[this.pos] ^= this.posBegin; + this.state[this.pos + 1] ^= 0x04; + this.state[STROBE_R + 1] ^= 0x80; + this.keccakF1600(); + this.pos = 0; + this.posBegin = 0; + } + // keccak.update() + absorb(data) { + for (let i = 0; i < data.length; i++) { + this.state[this.pos++] ^= data[i]; + if (this.pos === STROBE_R) + this.runF(); + } + } + // keccak.xof() + squeeze(len) { + const data = new Uint8Array(len); + for (let i = 0; i < data.length; i++) { + data[i] = this.state[this.pos]; + this.state[this.pos++] = 0; + if (this.pos === STROBE_R) + this.runF(); + } + return data; + } + overwrite(data) { + for (let i = 0; i < data.length; i++) { + this.state[this.pos++] = data[i]; + if (this.pos === STROBE_R) + this.runF(); + } + } + beginOp(flags, more) { + if (more) { + if (this.curFlags !== flags) { + throw new Error(`Continued op with changed flags from ${this.curFlags.toString(2)} to ${flags.toString(2)}`); + } + return; + } + if ((flags & Flags.T) !== 0) + throw new Error('T flag is not supported'); + const oldBegin = this.posBegin; + this.posBegin = this.pos + 1; + this.curFlags = flags; + this.absorb(new Uint8Array([oldBegin, flags])); + const forceF = (flags & (Flags.C | Flags.K)) !== 0; + if (forceF && this.pos !== 0) + this.runF(); + } + // Public API + metaAD(data, more) { + this.beginOp(Flags.M | Flags.A, more); + this.absorb(toData(data)); + } + AD(data, more) { + this.beginOp(Flags.A, more); + this.absorb(toData(data)); + } + PRF(len, more) { + this.beginOp(Flags.I | Flags.A | Flags.C, more); + return this.squeeze(len); + } + KEY(data, more) { + this.beginOp(Flags.A | Flags.C, more); + this.overwrite(toData(data)); + } + // Utils + clone() { + const n = new Strobe128('0'); // tmp + n.pos = this.pos; + n.posBegin = this.posBegin; + n.state.set(this.state); + n.curFlags = this.curFlags; + return n; + } + clean() { + this.state.fill(0); // also clears state32, because same buffer + this.pos = 0; + this.curFlags = 0; + this.posBegin = 0; + } +} +// /STROBE128 +// Merlin +// https://merlin.cool/index.html +class Merlin { + constructor(label) { + this.strobe = new Strobe128('Merlin v1.0'); + this.appendMessage('dom-sep', label); + } + appendMessage(label, message) { + this.strobe.metaAD(label, false); + checkU32('Merlin.appendMessage', message.length); + this.strobe.metaAD((0, utils_js_1.numberToBytesLE)(message.length, 4), true); + this.strobe.AD(message, false); + } + challengeBytes(label, len) { + this.strobe.metaAD(label, false); + checkU32('Merlin.challengeBytes', len); + this.strobe.metaAD((0, utils_js_1.numberToBytesLE)(len, 4), true); + return this.strobe.PRF(len, false); + } + clean() { + this.strobe.clean(); + } +} +// /Merlin +// Merlin signging context/transcript (sr25519 specific stuff, Merlin and Strobe are generic (but minimal)) +class SigningContext extends Merlin { + constructor(name, rng = utils_js_2.randomBytes) { + super(name); + this.rng = rng; + } + label(label) { + this.appendMessage('', label); + } + bytes(bytes) { + this.appendMessage('sign-bytes', bytes); + return this; + } + protoName(label) { + this.appendMessage('proto-name', label); + } + commitPoint(label, point) { + this.appendMessage(label, point.toRawBytes()); + } + challengeScalar(label) { + return modN((0, utils_js_1.bytesToNumberLE)(this.challengeBytes(label, 64))); + } + witnessScalar(label, nonceSeeds = []) { + return modN((0, utils_js_1.bytesToNumberLE)(this.witnessBytes(label, 64, nonceSeeds))); + } + witnessBytes(label, len, nonceSeeds = []) { + checkU32('SigningContext.witnessBytes', len); + const strobeRng = this.strobe.clone(); + for (const ns of nonceSeeds) { + strobeRng.metaAD(label, false); + checkU32('SigningContext.witnessBytes nonce length', ns.length); + strobeRng.metaAD((0, utils_js_1.numberToBytesLE)(ns.length, 4), true); + strobeRng.KEY(ns, false); + } + const random = this.rng(32); + strobeRng.metaAD('rng', false); + strobeRng.KEY(random, false); + strobeRng.metaAD((0, utils_js_1.numberToBytesLE)(len, 4), false); + return strobeRng.PRF(len, false); + } +} +// /Merlin signing context +const MASK = (0, utils_js_1.bitMask)(256); +// == (n * CURVE.h) % CURVE_BIT_MASK +const encodeScalar = (n) => (0, utils_js_1.numberToBytesLE)((n << _3n) & MASK, 32); +// n / CURVE.h +const decodeScalar = (n) => (0, utils_js_1.bytesToNumberLE)(n) >> _3n; +// NOTE: secretKey is 64 bytes (key + nonce). This required for HDKD, since key can be derived not only from seed, but from other keys. +function getPublicKey(secretKey) { + abytes('secretKey', secretKey, 64); + const scalar = decodeScalar(secretKey.subarray(0, 32)); + return ed25519_js_1.RistrettoPoint.BASE.multiply(scalar).toRawBytes(); +} +function secretFromSeed(seed) { + abytes('seed', seed, 32); + const r = (0, sha512_js_1.sha512)(seed); + // NOTE: different from ed25519 + r[0] &= 248; + r[31] &= 63; + r[31] |= 64; + // this will strip upper 3 bits and lower 3 bits + const key = encodeScalar(decodeScalar(r.subarray(0, 32))); + const nonce = r.subarray(32, 64); + const res = (0, utils_js_2.concatBytes)(key, nonce); + cleanBytes(key, nonce, r); + return res; +} +// Seems like ed25519 keypair? Generates keypair from other keypair in ed25519 format +// NOTE: not exported from wasm. Do we need this at all? +function fromKeypair(pair) { + abytes('keypair', pair, 96); + const sk = pair.subarray(0, 32); + const nonce = pair.subarray(32, 64); + const pubBytes = pair.subarray(64, 96); + const key = encodeScalar((0, utils_js_1.bytesToNumberLE)(sk)); + const realPub = getPublicKey(pair.subarray(0, 64)); + if (!(0, utils_js_1.equalBytes)(pubBytes, realPub)) + throw new Error('wrong public key'); + // No need to clean since subarray's + return (0, utils_js_2.concatBytes)(key, nonce, realPub); +} +// Basic sign. NOTE: context is currently constant. Please open issue if you need different one. +const BIZINIKIWI_CONTEXT = (0, utils_js_2.utf8ToBytes)('bizinikiwi'); +function sign(secretKey, message, rng = utils_js_2.randomBytes) { + abytes('message', message); + abytes('secretKey', secretKey, 64); + const t = new SigningContext('SigningContext', rng); + t.label(BIZINIKIWI_CONTEXT); + t.bytes(message); + const keyScalar = decodeScalar(secretKey.subarray(0, 32)); + const nonce = secretKey.subarray(32, 64); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(getPublicKey(secretKey)); + t.protoName('Schnorr-sig'); + t.commitPoint('sign:pk', pubPoint); + const r = t.witnessScalar('signing', [nonce]); + const R = ed25519_js_1.RistrettoPoint.BASE.multiply(r); + t.commitPoint('sign:R', R); + const k = t.challengeScalar('sign:c'); + const s = modN(k * keyScalar + r); + const res = (0, utils_js_2.concatBytes)(R.toRawBytes(), (0, utils_js_1.numberToBytesLE)(s, 32)); + res[63] |= 128; // add Schnorrkel marker + t.clean(); + return res; +} +function verify(message, signature, publicKey) { + abytes('message', message); + abytes('signature', signature, 64); + abytes('publicKey', publicKey, 32); + if ((signature[63] & 128) === 0) + throw new Error('Schnorrkel marker missing'); + const sBytes = Uint8Array.from(signature.subarray(32, 64)); // copy before modification + sBytes[31] &= 127; // remove Schnorrkel marker + const R = ed25519_js_1.RistrettoPoint.fromHex(signature.subarray(0, 32)); + const s = (0, utils_js_1.bytesToNumberLE)(sBytes); + (0, utils_js_1.aInRange)('s', s, _0n, CURVE_ORDER); // Just in case, it will be checked at multiplication later + const t = new SigningContext('SigningContext'); + t.label(BIZINIKIWI_CONTEXT); + t.bytes(message); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(publicKey); + if (pubPoint.equals(ed25519_js_1.RistrettoPoint.ZERO)) + return false; + t.protoName('Schnorr-sig'); + t.commitPoint('sign:pk', pubPoint); + t.commitPoint('sign:R', R); + const k = t.challengeScalar('sign:c'); + const sP = ed25519_js_1.RistrettoPoint.BASE.multiply(s); + const RR = pubPoint.negate().multiply(k).add(sP); + t.clean(); + cleanBytes(sBytes); + return RR.equals(R); +} +function getSharedSecret(secretKey, publicKey) { + abytes('secretKey', secretKey, 64); + abytes('publicKey', publicKey, 32); + const keyScalar = decodeScalar(secretKey.subarray(0, 32)); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(publicKey); + if (pubPoint.equals(ed25519_js_1.RistrettoPoint.ZERO)) + throw new Error('wrong public key (infinity)'); + return pubPoint.multiply(keyScalar).toRawBytes(); +} +// Derive +exports.HDKD = { + secretSoft(secretKey, chainCode, rng = utils_js_2.randomBytes) { + abytes('secretKey', secretKey, 64); + abytes('chainCode', chainCode, 32); + const masterScalar = decodeScalar(secretKey.subarray(0, 32)); + const masterNonce = secretKey.subarray(32, 64); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(getPublicKey(secretKey)); + const t = new SigningContext('SchnorrRistrettoHDKD', rng); + t.bytes(EMPTY); + t.appendMessage('chain-code', chainCode); + t.commitPoint('public-key', pubPoint); + const scalar = t.challengeScalar('HDKD-scalar'); + const hdkdChainCode = t.challengeBytes('HDKD-chaincode', 32); + const nonceSeed = (0, utils_js_2.concatBytes)((0, utils_js_1.numberToBytesLE)(masterScalar, 32), masterNonce); + const nonce = t.witnessBytes('HDKD-nonce', 32, [masterNonce, nonceSeed]); + const key = encodeScalar(modN(masterScalar + scalar)); + const res = (0, utils_js_2.concatBytes)(key, nonce); + cleanBytes(key, nonce, nonceSeed, hdkdChainCode); + t.clean(); + return res; + }, + publicSoft(publicKey, chainCode) { + abytes('publicKey', publicKey, 32); + abytes('chainCode', chainCode, 32); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(publicKey); + const t = new SigningContext('SchnorrRistrettoHDKD'); + t.bytes(EMPTY); + t.appendMessage('chain-code', chainCode); + t.commitPoint('public-key', pubPoint); + const scalar = t.challengeScalar('HDKD-scalar'); + t.challengeBytes('HDKD-chaincode', 32); + t.clean(); + return pubPoint.add(ed25519_js_1.RistrettoPoint.BASE.multiply(scalar)).toRawBytes(); + }, + secretHard(secretKey, chainCode) { + abytes('secretKey', secretKey, 64); + abytes('chainCode', chainCode, 32); + const key = (0, utils_js_1.numberToBytesLE)(decodeScalar(secretKey.subarray(0, 32)), 32); + const t = new SigningContext('SchnorrRistrettoHDKD'); + t.bytes(EMPTY); + t.appendMessage('chain-code', chainCode); + t.appendMessage('secret-key', key); + const msk = t.challengeBytes('HDKD-hard', 32); + const hdkdChainCode = t.challengeBytes('HDKD-chaincode', 32); + t.clean(); + const res = secretFromSeed(msk); + cleanBytes(key, msk, hdkdChainCode); + t.clean(); + return res; + }, +}; +const dleq = { + proove(keyScalar, nonce, pubPoint, t, input, output) { + t.protoName('DLEQProof'); + t.commitPoint('vrf:h', input); + const r = t.witnessScalar(`proving${'\0'}0`, [nonce]); + const R = ed25519_js_1.RistrettoPoint.BASE.multiply(r); + t.commitPoint('vrf:R=g^r', R); + const Hr = input.multiply(r); + t.commitPoint('vrf:h^r', Hr); + t.commitPoint('vrf:pk', pubPoint); + t.commitPoint('vrf:h^sk', output); + const c = t.challengeScalar('prove'); + const s = modN(r - c * keyScalar); + return { proof: { c, s }, proofBatchable: { R, Hr, s } }; + }, + verify(pubPoint, t, input, output, proof) { + if (pubPoint.equals(ed25519_js_1.RistrettoPoint.ZERO)) + return false; + t.protoName('DLEQProof'); + t.commitPoint('vrf:h', input); + const R = pubPoint.multiply(proof.c).add(ed25519_js_1.RistrettoPoint.BASE.multiply(proof.s)); + t.commitPoint('vrf:R=g^r', R); + const Hr = output.multiply(proof.c).add(input.multiply(proof.s)); + t.commitPoint('vrf:h^r', Hr); + t.commitPoint('vrf:pk', pubPoint); + t.commitPoint('vrf:h^sk', output); + const realC = t.challengeScalar('prove'); + if (proof.c === realC) + return { R, Hr, s: proof.s }; // proofBatchable + return false; + }, +}; +// VRF: Verifiable Random Function +function initVRF(ctx, msg, extra, pubPoint, rng = utils_js_2.randomBytes) { + const t = new SigningContext('SigningContext', rng); + t.label(ctx); + t.bytes(msg); + t.commitPoint('vrf-nm-pk', pubPoint); + const hash = t.challengeBytes('VRFHash', 64); + const input = ed25519_js_1.RistrettoPoint.hashToCurve(hash); + const transcript = new SigningContext('VRF', rng); + if (extra.length) + transcript.label(extra); + t.clean(); + cleanBytes(hash); + return { input, t: transcript }; +} +exports.vrf = { + sign(msg, secretKey, ctx = EMPTY, extra = EMPTY, rng = utils_js_2.randomBytes) { + abytes('msg', msg); + abytes('secretKey', secretKey, 64); + abytes('ctx', ctx); + abytes('extra', extra); + const keyScalar = decodeScalar(secretKey.subarray(0, 32)); + const nonce = secretKey.subarray(32, 64); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(getPublicKey(secretKey)); + const { input, t } = initVRF(ctx, msg, extra, pubPoint, rng); + const output = input.multiply(keyScalar); + const p = { input, output }; + const { proof } = dleq.proove(keyScalar, nonce, pubPoint, t, input, output); + const cBytes = (0, utils_js_1.numberToBytesLE)(proof.c, 32); + const sBytes = (0, utils_js_1.numberToBytesLE)(proof.s, 32); + const res = (0, utils_js_2.concatBytes)(p.output.toRawBytes(), cBytes, sBytes); + cleanBytes(nonce, cBytes, sBytes); + return res; + }, + verify(msg, signature, publicKey, ctx = EMPTY, extra = EMPTY, rng = utils_js_2.randomBytes) { + abytes('msg', msg); + abytes('signature', signature, 96); // O(point) || c(scalar) || s(scalar) + abytes('pubkey', publicKey, 32); + abytes('ctx', ctx); + abytes('extra', extra); + const pubPoint = ed25519_js_1.RistrettoPoint.fromHex(publicKey); + if (pubPoint.equals(ed25519_js_1.RistrettoPoint.ZERO)) + return false; + const proof = { + c: parseScalar('signature.c', signature.subarray(32, 64)), + s: parseScalar('signature.s', signature.subarray(64, 96)), + }; + const { input, t } = initVRF(ctx, msg, extra, pubPoint, rng); + const output = ed25519_js_1.RistrettoPoint.fromHex(signature.subarray(0, 32)); + if (output.equals(ed25519_js_1.RistrettoPoint.ZERO)) + throw new Error('vrf.verify: wrong output point (identity)'); + const proofBatchable = dleq.verify(pubPoint, t, input, output, proof); + return proofBatchable === false ? false : true; + }, +}; +// NOTE: for tests only, don't use +exports.__tests = { + Strobe128, + Merlin, + SigningContext, +}; +//# sourceMappingURL=index.js.map \ No newline at end of file diff --git a/packages/scure-sr25519/lib/index.js.map b/packages/scure-sr25519/lib/index.js.map new file mode 100644 index 0000000..74b6f4b --- /dev/null +++ b/packages/scure-sr25519/lib/index.js.map @@ -0,0 +1 @@ +{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":";;;AA4PA,oCAIC;AACD,wCAaC;AAGD,kCAUC;AAID,oBAwBC;AACD,wBAwBC;AACD,0CAOC;AAxVD;;;;;;;;GAQG;AACH,kEAAwD;AACxD,8DAOyC;AACzC,yDAAmE;AACnE,mDAAgD;AAChD,uDAAiD;AACjD,qDAAoF;AAEpF,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAMvC,SAAS,MAAM,CAAC,CAAO;IACrB,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAA,sBAAW,EAAC,CAAC,CAAC,CAAC;IACjD,IAAI,IAAA,kBAAO,EAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACzB,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;AAChC,CAAC;AACD,+DAA+D;AAC/D,SAAS,MAAM,CAAC,KAAa,EAAE,CAAa,EAAE,GAAG,OAAiB;IAChE,IAAI,CAAC,IAAA,kBAAO,EAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,uBAAuB,CAAC,CAAC;IAClE,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,mCAAmC,OAAO,mBAAmB,CAAC,CAAC,MAAM,EAAE,CAChF,CAAC;AACN,CAAC;AAED,SAAS,QAAQ,CAAC,KAAa,EAAE,CAAS;IACxC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,UAAa;QACxD,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,wBAAwB,CAAC,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,GAAG,IAAkB;IACvC,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,EAAE,CAAC;AAC9B,MAAM,WAAW,GAAG,oBAAO,CAAC,KAAK,CAAC,CAAC,CAAC;AACpC,SAAS,WAAW,CAAC,KAAa,EAAE,KAAiB;IACnD,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACzB,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,KAAK,CAAC,CAAC;IACjC,IAAA,mBAAQ,EAAC,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IACrC,OAAO,CAAC,CAAC;AACX,CAAC;AACD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,WAAW,CAAC,CAAC;AAChD,kDAAkD;AAClD,yCAAyC;AACzC,kEAAkE;AAClE,MAAM,QAAQ,GAAW,GAAG,CAAC;AAC7B,MAAM,KAAK,GAAG;IACZ,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;IACT,CAAC,EAAE,CAAC,IAAI,CAAC;CACD,CAAC;AAEX,gDAAgD;AAChD,MAAM,SAAS;IAMb,YAAY,aAAmB;QAL/B,UAAK,GAAe,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QAExC,QAAG,GAAW,CAAC,CAAC;QAChB,aAAQ,GAAW,CAAC,CAAC;QACrB,aAAQ,GAAW,CAAC,CAAC;QAEnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAA,sBAAW,EAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,IAAA,cAAG,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IACO,WAAW;QACjB,IAAA,iBAAO,EAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IACO,IAAI;QACV,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QACjC,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QACb,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,kBAAkB;IACV,MAAM,CAAC,IAAgB;QAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;YAClC,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IACD,eAAe;IACP,OAAO,CAAC,GAAW;QACzB,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;YAC3B,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACO,SAAS,CAAC,IAAgB;QAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,IAAI,CAAC,GAAG,KAAK,QAAQ;gBAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IACO,OAAO,CAAC,KAAa,EAAE,IAAa;QAC1C,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,wCAAwC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAC5F,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;IACD,aAAa;IACb,MAAM,CAAC,IAAU,EAAE,IAAa;QAC9B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,EAAE,CAAC,IAAU,EAAE,IAAa;QAC1B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC5B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,GAAG,CAAC,GAAW,EAAE,IAAa;QAC5B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IACD,GAAG,CAAC,IAAU,EAAE,IAAa;QAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,QAAQ;IACR,KAAK;QACH,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;QACpC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,OAAO,CAAC,CAAC;IACX,CAAC;IACD,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,2CAA2C;QAC/D,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QACb,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;IACpB,CAAC;CACF;AACD,aAAa;AAEb,SAAS;AACT,iCAAiC;AACjC,MAAM,MAAM;IAEV,YAAY,KAAW;QACrB,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CAAC,aAAa,CAAC,CAAC;QAC3C,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC;IACD,aAAa,CAAC,KAAW,EAAE,OAAa;QACtC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAA,0BAAe,EAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACjC,CAAC;IACD,cAAc,CAAC,KAAW,EAAE,GAAW;QACrC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QACjC,QAAQ,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAA,0BAAe,EAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IACD,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACF;AACD,UAAU;AACV,2GAA2G;AAC3G,MAAM,cAAe,SAAQ,MAAM;IAEjC,YAAY,IAAY,EAAE,MAAW,sBAAW;QAC9C,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IACD,KAAK,CAAC,KAAW;QACf,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC;IACD,KAAK,CAAC,KAAiB;QACrB,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,SAAS,CAAC,KAAW;QACnB,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,WAAW,CAAC,KAAW,EAAE,KAAY;QACnC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,eAAe,CAAC,KAAW;QACzB,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,aAAa,CAAC,KAAW,EAAE,aAA2B,EAAE;QACtD,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;IACzE,CAAC;IACD,YAAY,CAAC,KAAW,EAAE,GAAW,EAAE,aAA2B,EAAE;QAClE,QAAQ,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/B,QAAQ,CAAC,0CAA0C,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAChE,SAAS,CAAC,MAAM,CAAC,IAAA,0BAAe,EAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YACtD,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,SAAS,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/B,SAAS,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7B,SAAS,CAAC,MAAM,CAAC,IAAA,0BAAe,EAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;CACF;AACD,0BAA0B;AAE1B,MAAM,IAAI,GAAG,IAAA,kBAAO,EAAC,GAAG,CAAC,CAAC;AAC1B,oCAAoC;AACpC,MAAM,YAAY,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,CAAC,CAAC;AAC3E,cAAc;AACd,MAAM,YAAY,GAAG,CAAC,CAAa,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,CAAC,IAAI,GAAG,CAAC;AAElE,uIAAuI;AACvI,SAAgB,YAAY,CAAC,SAAqB;IAChD,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACvD,OAAO,2BAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,CAAC;AAC3D,CAAC;AACD,SAAgB,cAAc,CAAC,IAAgB;IAC7C,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IACzB,MAAM,CAAC,GAAG,IAAA,kBAAM,EAAC,IAAI,CAAC,CAAC;IACvB,+BAA+B;IAC/B,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IACZ,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACZ,gDAAgD;IAChD,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACpC,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAC1B,OAAO,GAAG,CAAC;AACb,CAAC;AACD,qFAAqF;AACrF,wDAAwD;AACxD,SAAgB,WAAW,CAAC,IAAgB;IAC1C,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAA,0BAAe,EAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACnD,IAAI,CAAC,IAAA,qBAAU,EAAC,QAAQ,EAAE,OAAO,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACxE,oCAAoC;IACpC,OAAO,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,gGAAgG;AAChG,MAAM,iBAAiB,GAAG,IAAA,sBAAW,EAAC,WAAW,CAAC,CAAC;AACnD,SAAgB,IAAI,CAClB,SAAqB,EACrB,OAAmB,EACnB,MAAW,sBAAW;IAEtB,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3B,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACpD,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9C,MAAM,CAAC,GAAG,2BAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,CAAC,CAAC,UAAU,EAAE,EAAE,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAChE,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,wBAAwB;IACxC,CAAC,CAAC,KAAK,EAAE,CAAC;IACV,OAAO,GAAG,CAAC;AACb,CAAC;AACD,SAAgB,MAAM,CAAC,OAAmB,EAAE,SAAqB,EAAE,SAAqB;IACtF,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC3B,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,GAAW,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACvF,MAAM,CAAC,EAAE,CAAC,IAAI,GAAW,CAAC,CAAC,2BAA2B;IACtD,MAAM,CAAC,GAAG,2BAAc,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5D,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,MAAM,CAAC,CAAC;IAClC,IAAA,mBAAQ,EAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,2DAA2D;IAC/F,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAC3B,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACjB,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,CAAC,2BAAc,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACvD,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,2BAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,KAAK,EAAE,CAAC;IACV,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,CAAC;AACD,SAAgB,eAAe,CAAC,SAAqB,EAAE,SAAqB;IAC1E,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,QAAQ,CAAC,MAAM,CAAC,2BAAc,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACzF,OAAO,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,UAAU,EAAE,CAAC;AACnD,CAAC;AAED,SAAS;AACI,QAAA,IAAI,GAIb;IACF,UAAU,CAAC,SAAqB,EAAE,SAAqB,EAAE,MAAW,sBAAW;QAC7E,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,YAAY,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;QAC1D,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAChD,MAAM,aAAa,GAAG,CAAC,CAAC,cAAc,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,IAAA,sBAAW,EAAC,IAAA,0BAAe,EAAC,YAAY,EAAE,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QAC9E,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,YAAY,EAAE,EAAE,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;QACzE,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACpC,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;QACjD,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,OAAO,GAAG,CAAC;IACb,CAAC;IACD,UAAU,CAAC,SAAqB,EAAE,SAAqB;QACrD,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,sBAAsB,CAAC,CAAC;QACrD,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,CAAC,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAChD,CAAC,CAAC,cAAc,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QACvC,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,OAAO,QAAQ,CAAC,GAAG,CAAC,2BAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;IACzE,CAAC;IACD,UAAU,CAAC,SAAqB,EAAE,SAAqB;QACrD,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,IAAA,0BAAe,EAAC,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,sBAAsB,CAAC,CAAC;QACrD,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACf,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACzC,CAAC,CAAC,aAAa,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,CAAC,CAAC,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC9C,MAAM,aAAa,GAAG,CAAC,CAAC,cAAc,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAChC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,aAAa,CAAC,CAAC;QACpC,CAAC,CAAC,KAAK,EAAE,CAAC;QACV,OAAO,GAAG,CAAC;IACb,CAAC;CACF,CAAC;AAGF,MAAM,IAAI,GAAG;IACX,MAAM,CACJ,SAAiB,EACjB,KAAiB,EACjB,QAAe,EACf,CAAiB,EACjB,KAAY,EACZ,MAAa;QAEb,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACzB,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,CAAC,aAAa,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QACtD,MAAM,CAAC,GAAG,2BAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,EAAW,EAAE,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;IACpE,CAAC;IACD,MAAM,CAAC,QAAe,EAAE,CAAiB,EAAE,KAAY,EAAE,MAAa,EAAE,KAAY;QAClF,IAAI,QAAQ,CAAC,MAAM,CAAC,2BAAc,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACzB,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,2BAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAChF,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC9B,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAClC,CAAC,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,KAAK,CAAC,CAAC,KAAK,KAAK;YAAE,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,iBAAiB;QACtE,OAAO,KAAK,CAAC;IACf,CAAC;CACF,CAAC;AACF,kCAAkC;AAClC,SAAS,OAAO,CACd,GAAe,EACf,GAAe,EACf,KAAiB,EACjB,QAAe,EACf,MAAW,sBAAW;IAEtB,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IACpD,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACb,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACb,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,CAAC,CAAC,cAAc,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,2BAAc,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,MAAM;QAAE,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC,CAAC,KAAK,EAAE,CAAC;IACV,UAAU,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;AAClC,CAAC;AACY,QAAA,GAAG,GAgBZ;IACF,IAAI,CACF,GAAe,EACf,SAAqB,EACrB,MAAkB,KAAK,EACvB,QAAoB,KAAK,EACzB,MAAW,sBAAW;QAEtB,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvB,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;QACjE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAC5B,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,IAAA,0BAAe,EAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAA,0BAAe,EAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAC/D,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QAClC,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,CACJ,GAAe,EACf,SAAqB,EACrB,SAAqB,EACrB,MAAkB,KAAK,EACvB,QAAoB,KAAK,EACzB,MAAW,sBAAW;QAEtB,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,qCAAqC;QACzE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACnB,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACvB,MAAM,QAAQ,GAAG,2BAAc,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,QAAQ,CAAC,MAAM,CAAC,2BAAc,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACvD,MAAM,KAAK,GAAU;YACnB,CAAC,EAAE,WAAW,CAAC,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YACzD,CAAC,EAAE,WAAW,CAAC,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;SAC1D,CAAC;QACF,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,2BAAc,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACjE,IAAI,MAAM,CAAC,MAAM,CAAC,2BAAc,CAAC,IAAI,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACtE,OAAO,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IACjD,CAAC;CACF,CAAC;AAEF,kCAAkC;AACrB,QAAA,OAAO,GAIhB;IACF,SAAS;IACT,MAAM;IACN,cAAc;CACf,CAAC"} \ No newline at end of file diff --git a/packages/scure-sr25519/package.json b/packages/scure-sr25519/package.json new file mode 100644 index 0000000..ae38f4b --- /dev/null +++ b/packages/scure-sr25519/package.json @@ -0,0 +1,24 @@ +{ + "name": "@pezkuwi/scure-sr25519", + "version": "0.2.0", + "description": "SR25519 cryptography for PezkuwiChain with bizinikiwi signing context", + "main": "lib/index.js", + "module": "lib/esm/index.js", + "types": "lib/index.d.ts", + "exports": { + ".": { + "import": "./lib/esm/index.js", + "require": "./lib/index.js" + } + }, + "dependencies": { + "@noble/curves": "~1.9.2", + "@noble/hashes": "~1.8.0" + }, + "repository": { + "type": "git", + "url": "https://github.com/pezkuwichain/pezkuwi-scure-sr25519" + }, + "author": "PezkuwiChain", + "license": "MIT" +}