diff --git a/dist/elliptic.js b/dist/elliptic.js index f97b454..bc374cb 100644 --- a/dist/elliptic.js +++ b/dist/elliptic.js @@ -2252,8 +2252,27 @@ EC.prototype.genKeyPair = function genKeyPair(options) { } }; -EC.prototype._truncateToN = function _truncateToN(msg, truncOnly) { - var delta = msg.byteLength() * 8 - this.n.bitLength(); +EC.prototype._truncateToN = function _truncateToN(msg, truncOnly, bitLength) { + var byteLength; + if (BN.isBN(msg) || typeof msg === 'number') { + msg = new BN(msg, 16); + byteLength = msg.byteLength(); + } else if (typeof msg === 'object') { + // BN assumes an array-like input and asserts length + byteLength = msg.length; + msg = new BN(msg, 16); + } else { + // BN converts the value to string + var str = msg.toString(); + // HEX encoding + byteLength = (str.length + 1) >>> 1; + msg = new BN(str, 16); + } + // Allow overriding + if (typeof bitLength !== 'number') { + bitLength = byteLength * 8; + } + var delta = bitLength - this.n.bitLength(); if (delta > 0) msg = msg.ushrn(delta); if (!truncOnly && msg.cmp(this.n) >= 0) @@ -2271,7 +2290,7 @@ EC.prototype.sign = function sign(msg, key, enc, options) { options = {}; key = this.keyFromPrivate(key, enc); - msg = this._truncateToN(new BN(msg, 16)); + msg = this._truncateToN(msg, false, options.msgBitLength); // Zero-extend key to provide enough entropy var bytes = this.n.byteLength(); @@ -2327,8 +2346,11 @@ EC.prototype.sign = function sign(msg, key, enc, options) { } }; -EC.prototype.verify = function verify(msg, signature, key, enc) { - msg = this._truncateToN(new BN(msg, 16)); +EC.prototype.verify = function verify(msg, signature, key, enc, options) { + if (!options) + options = {}; + + msg = this._truncateToN(msg, false, options.msgBitLength); key = this.keyFromPublic(key, enc); signature = new Signature(signature, 'hex'); @@ -2530,8 +2552,8 @@ KeyPair.prototype.sign = function sign(msg, enc, options) { return this.ec.sign(msg, this, enc, options); }; -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); +KeyPair.prototype.verify = function verify(msg, signature, options) { + return this.ec.verify(msg, signature, this, undefined, options); }; KeyPair.prototype.inspect = function inspect() { @@ -8867,7 +8889,7 @@ utils.encode = function encode(arr, enc) { },{}],35:[function(require,module,exports){ module.exports={ "name": "elliptic", - "version": "6.5.7", + "version": "6.6.0", "description": "EC cryptography", "main": "lib/elliptic.js", "files": [ diff --git a/dist/elliptic.min.js b/dist/elliptic.min.js index 3e1c88a..aece113 100644 --- a/dist/elliptic.min.js +++ b/dist/elliptic.min.js @@ -1 +1 @@ -!function(e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).elliptic=e()}(function(){return function r(f,d,n){function a(t,e){if(!d[t]){if(!f[t]){var i="function"==typeof require&&require;if(!e&&i)return i(t,!0);if(s)return s(t,!0);throw(i=new Error("Cannot find module '"+t+"'")).code="MODULE_NOT_FOUND",i}i=d[t]={exports:{}},f[t][0].call(i.exports,function(e){return a(f[t][1][e]||e)},i,i.exports,r,f,d,n)}return d[t].exports}for(var s="function"==typeof require&&require,e=0;e>1]):n.mixedAdd(f[-c-1>>1].neg()):0>1]):n.add(f[-c-1>>1].neg())}return"affine"===e.type?n.toP():n},d.prototype._wnafMulAdd=function(e,t,i,r,f){for(var d,n=this._wnafT1,a=this._wnafT2,s=this._wnafT3,c=0,h=0;h>1]:A<0&&(d=a[_][-A-1>>1].neg()),y="affine"===d.type?y.mixedAdd(d):y.add(d))}}for(h=0;h=Math.ceil((e.bitLength()+1)/t.step)},n.prototype._getDoubles=function(e,t){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var i=[this],r=this,f=0;f":""},c.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},c.prototype._extDbl=function(){var e=this.x.redSqr(),t=this.y.redSqr(),i=(i=this.z.redSqr()).redIAdd(i),r=this.curve._mulA(e),f=this.x.redAdd(this.y).redSqr().redISub(e).redISub(t),d=r.redAdd(t),e=d.redSub(i),i=r.redSub(t),r=f.redMul(e),t=d.redMul(i),i=f.redMul(i),d=e.redMul(d);return this.curve.point(r,t,d,i)},c.prototype._projDbl=function(){var e,t,i,r,f,d,n=this.x.redAdd(this.y).redSqr(),a=this.x.redSqr(),s=this.y.redSqr();return d=this.curve.twisted?(f=(i=this.curve._mulA(a)).redAdd(s),this.zOne?(e=n.redSub(a).redSub(s).redMul(f.redSub(this.curve.two)),t=f.redMul(i.redSub(s)),f.redSqr().redSub(f).redSub(f)):(r=this.z.redSqr(),d=f.redSub(r).redISub(r),e=n.redSub(a).redISub(s).redMul(d),t=f.redMul(i.redSub(s)),f.redMul(d))):(i=a.redAdd(s),r=this.curve._mulC(this.z).redSqr(),d=i.redSub(r).redSub(r),e=this.curve._mulC(n.redISub(i)).redMul(d),t=this.curve._mulC(i).redMul(a.redISub(s)),i.redMul(d)),this.curve.point(e,t,d)},c.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},c.prototype._extAdd=function(e){var t=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),i=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),r=this.t.redMul(this.curve.dd).redMul(e.t),f=this.z.redMul(e.z.redAdd(e.z)),d=i.redSub(t),e=f.redSub(r),f=f.redAdd(r),r=i.redAdd(t),i=d.redMul(e),t=f.redMul(r),r=d.redMul(r),f=e.redMul(f);return this.curve.point(i,t,f,r)},c.prototype._projAdd=function(e){var t,i=this.z.redMul(e.z),r=i.redSqr(),f=this.x.redMul(e.x),d=this.y.redMul(e.y),n=this.curve.d.redMul(f).redMul(d),a=r.redSub(n),n=r.redAdd(n),e=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(f).redISub(d),e=i.redMul(a).redMul(e),n=this.curve.twisted?(t=i.redMul(n).redMul(d.redSub(this.curve._mulA(f))),a.redMul(n)):(t=i.redMul(n).redMul(d.redSub(f)),this.curve._mulC(a).redMul(n));return this.curve.point(e,t,n)},c.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},c.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},c.prototype.mulAdd=function(e,t,i){return this.curve._wnafMulAdd(1,[this,t],[e,i],2,!1)},c.prototype.jmulAdd=function(e,t,i){return this.curve._wnafMulAdd(1,[this,t],[e,i],2,!0)},c.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},c.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},c.prototype.getX=function(){return this.normalize(),this.x.fromRed()},c.prototype.getY=function(){return this.normalize(),this.y.fromRed()},c.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},c.prototype.eqXToP=function(e){var t=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(t))return!0;for(var i=e.clone(),r=this.curve.redN.redMul(this.z);;){if(i.iadd(this.curve.n),0<=i.cmp(this.curve.p))return!1;if(t.redIAdd(r),0===this.x.cmp(t))return!0}},c.prototype.toP=c.prototype.normalize,c.prototype.mixedAdd=c.prototype.add},{"../utils":15,"./base":2,"bn.js":16,inherits:32}],4:[function(e,t,i){"use strict";i.base=e("./base"),i.short=e("./short"),i.mont=e("./mont"),i.edwards=e("./edwards")},{"./base":2,"./edwards":3,"./mont":5,"./short":6}],5:[function(e,t,i){"use strict";var r=e("bn.js"),f=e("inherits"),d=e("./base"),n=e("../utils");function a(e){d.call(this,"mont",e),this.a=new r(e.a,16).toRed(this.red),this.b=new r(e.b,16).toRed(this.red),this.i4=new r(4).toRed(this.red).redInvm(),this.two=new r(2).toRed(this.red),this.a24=this.i4.redMul(this.a.redAdd(this.two))}function s(e,t,i){d.BasePoint.call(this,e,"projective"),null===t&&null===i?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new r(t,16),this.z=new r(i,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}f(a,d),(t.exports=a).prototype.validate=function(e){var t=e.normalize().x,e=t.redSqr(),t=e.redMul(t).redAdd(e.redMul(this.a)).redAdd(t);return 0===t.redSqrt().redSqr().cmp(t)},f(s,d.BasePoint),a.prototype.decodePoint=function(e,t){return this.point(n.toArray(e,t),1)},a.prototype.point=function(e,t){return new s(this,e,t)},a.prototype.pointFromJSON=function(e){return s.fromJSON(this,e)},s.prototype.precompute=function(){},s.prototype._encode=function(){return this.getX().toArray("be",this.curve.p.byteLength())},s.fromJSON=function(e,t){return new s(e,t[0],t[1]||e.one)},s.prototype.inspect=function(){return this.isInfinity()?"":""},s.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},s.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),t=this.x.redSub(this.z).redSqr(),i=e.redSub(t),e=e.redMul(t),i=i.redMul(t.redAdd(this.curve.a24.redMul(i)));return this.curve.point(e,i)},s.prototype.add=function(){throw new Error("Not supported on Montgomery curve")},s.prototype.diffAdd=function(e,t){var i=this.x.redAdd(this.z),r=this.x.redSub(this.z),f=e.x.redAdd(e.z),i=e.x.redSub(e.z).redMul(i),f=f.redMul(r),r=t.z.redMul(i.redAdd(f).redSqr()),f=t.x.redMul(i.redISub(f).redSqr());return this.curve.point(r,f)},s.prototype.mul=function(e){for(var t=e.clone(),i=this,r=this.curve.point(null,null),f=[];0!==t.cmpn(0);t.iushrn(1))f.push(t.andln(1));for(var d=f.length-1;0<=d;d--)0===f[d]?(i=i.diffAdd(r,this),r=r.dbl()):(r=i.diffAdd(r,this),i=i.dbl());return r},s.prototype.mulAdd=function(){throw new Error("Not supported on Montgomery curve")},s.prototype.jumlAdd=function(){throw new Error("Not supported on Montgomery curve")},s.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},s.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},s.prototype.getX=function(){return this.normalize(),this.x.fromRed()}},{"../utils":15,"./base":2,"bn.js":16,inherits:32}],6:[function(e,t,i){"use strict";var r=e("../utils"),y=e("bn.js"),f=e("inherits"),d=e("./base"),n=r.assert;function a(e){d.call(this,"short",e),this.a=new y(e.a,16).toRed(this.red),this.b=new y(e.b,16).toRed(this.red),this.tinv=this.two.redInvm(),this.zeroA=0===this.a.fromRed().cmpn(0),this.threeA=0===this.a.fromRed().sub(this.p).cmpn(-3),this.endo=this._getEndomorphism(e),this._endoWnafT1=new Array(4),this._endoWnafT2=new Array(4)}function s(e,t,i,r){d.BasePoint.call(this,e,"affine"),null===t&&null===i?(this.x=null,this.y=null,this.inf=!0):(this.x=new y(t,16),this.y=new y(i,16),r&&(this.x.forceRed(this.curve.red),this.y.forceRed(this.curve.red)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.inf=!1)}function c(e,t,i,r){d.BasePoint.call(this,e,"jacobian"),null===t&&null===i&&null===r?(this.x=this.curve.one,this.y=this.curve.one,this.z=new y(0)):(this.x=new y(t,16),this.y=new y(i,16),this.z=new y(r,16)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.zOne=this.z===this.curve.one}f(a,d),(t.exports=a).prototype._getEndomorphism=function(e){var t,i,r;if(this.zeroA&&this.g&&this.n&&1===this.p.modn(3))return i=(e.beta?new y(e.beta,16):i=(r=this._getEndoRoots(this.p))[0].cmp(r[1])<0?r[0]:r[1]).toRed(this.red),e.lambda?t=new y(e.lambda,16):(r=this._getEndoRoots(this.n),0===this.g.mul(r[0]).x.cmp(this.g.x.redMul(i))?t=r[0]:(t=r[1],n(0===this.g.mul(t).x.cmp(this.g.x.redMul(i))))),{beta:i,lambda:t,basis:e.basis?e.basis.map(function(e){return{a:new y(e.a,16),b:new y(e.b,16)}}):this._getEndoBasis(t)}},a.prototype._getEndoRoots=function(e){var t=e===this.p?this.red:y.mont(e),i=new y(2).toRed(t).redInvm(),e=i.redNeg(),i=new y(3).toRed(t).redNeg().redSqrt().redMul(i);return[e.redAdd(i).fromRed(),e.redSub(i).fromRed()]},a.prototype._getEndoBasis=function(e){for(var t,i,r,f,d,n,a,s=this.n.ushrn(Math.floor(this.n.bitLength()/2)),c=e,h=this.n.clone(),o=new y(1),u=new y(0),b=new y(0),l=new y(1),p=0;0!==c.cmpn(0);){var m=h.div(c),v=h.sub(m.mul(c)),g=b.sub(m.mul(o)),m=l.sub(m.mul(u));if(!r&&v.cmp(s)<0)t=a.neg(),i=o,r=v.neg(),f=g;else if(r&&2==++p)break;h=c,c=a=v,b=o,o=g,l=u,u=m}d=v.neg(),n=g;e=r.sqr().add(f.sqr());return 0<=d.sqr().add(n.sqr()).cmp(e)&&(d=t,n=i),r.negative&&(r=r.neg(),f=f.neg()),d.negative&&(d=d.neg(),n=n.neg()),[{a:r,b:f},{a:d,b:n}]},a.prototype._endoSplit=function(e){var t=this.endo.basis,i=t[0],r=t[1],f=r.b.mul(e).divRound(this.n),d=i.b.neg().mul(e).divRound(this.n),n=f.mul(i.a),t=d.mul(r.a),i=f.mul(i.b),r=d.mul(r.b);return{k1:e.sub(n).sub(t),k2:i.add(r).neg()}},a.prototype.pointFromX=function(e,t){var i=(e=!(e=new y(e,16)).red?e.toRed(this.red):e).redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),r=i.redSqrt();if(0!==r.redSqr().redSub(i).cmp(this.zero))throw new Error("invalid point");i=r.fromRed().isOdd();return(t&&!i||!t&&i)&&(r=r.redNeg()),this.point(e,r)},a.prototype.validate=function(e){if(e.inf)return!0;var t=e.x,i=e.y,e=this.a.redMul(t),e=t.redSqr().redMul(t).redIAdd(e).redIAdd(this.b);return 0===i.redSqr().redISub(e).cmpn(0)},a.prototype._endoWnafMulAdd=function(e,t,i){for(var r=this._endoWnafT1,f=this._endoWnafT2,d=0;d":""},s.prototype.isInfinity=function(){return this.inf},s.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var t=this.y.redSub(e.y),e=(t=0!==t.cmpn(0)?t.redMul(this.x.redSub(e.x).redInvm()):t).redSqr().redISub(this.x).redISub(e.x),t=t.redMul(this.x.redSub(e)).redISub(this.y);return this.curve.point(e,t)},s.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var t=this.curve.a,i=this.x.redSqr(),e=e.redInvm(),t=i.redAdd(i).redIAdd(i).redIAdd(t).redMul(e),e=t.redSqr().redISub(this.x.redAdd(this.x)),t=t.redMul(this.x.redSub(e)).redISub(this.y);return this.curve.point(e,t)},s.prototype.getX=function(){return this.x.fromRed()},s.prototype.getY=function(){return this.y.fromRed()},s.prototype.mul=function(e){return e=new y(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},s.prototype.mulAdd=function(e,t,i){t=[this,t],i=[e,i];return this.curve.endo?this.curve._endoWnafMulAdd(t,i):this.curve._wnafMulAdd(1,t,i,2)},s.prototype.jmulAdd=function(e,t,i){t=[this,t],i=[e,i];return this.curve.endo?this.curve._endoWnafMulAdd(t,i,!0):this.curve._wnafMulAdd(1,t,i,2,!0)},s.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},s.prototype.neg=function(e){if(this.inf)return this;var t,i=this.curve.point(this.x,this.y.redNeg());return e&&this.precomputed&&(t=this.precomputed,e=function(e){return e.neg()},i.precomputed={naf:t.naf&&{wnd:t.naf.wnd,points:t.naf.points.map(e)},doubles:t.doubles&&{step:t.doubles.step,points:t.doubles.points.map(e)}}),i},s.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},f(c,d.BasePoint),a.prototype.jpoint=function(e,t,i){return new c(this,e,t,i)},c.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),t=e.redSqr(),i=this.x.redMul(t),e=this.y.redMul(t).redMul(e);return this.curve.point(i,e)},c.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},c.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var t=e.z.redSqr(),i=this.z.redSqr(),r=this.x.redMul(t),f=e.x.redMul(i),d=this.y.redMul(t.redMul(e.z)),n=e.y.redMul(i.redMul(this.z)),t=r.redSub(f),i=d.redSub(n);if(0===t.cmpn(0))return 0!==i.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();f=t.redSqr(),n=f.redMul(t),r=r.redMul(f),f=i.redSqr().redIAdd(n).redISub(r).redISub(r),n=i.redMul(r.redISub(f)).redISub(d.redMul(n)),t=this.z.redMul(e.z).redMul(t);return this.curve.jpoint(f,n,t)},c.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var t=this.z.redSqr(),i=this.x,r=e.x.redMul(t),f=this.y,d=e.y.redMul(t).redMul(this.z),e=i.redSub(r),t=f.redSub(d);if(0===e.cmpn(0))return 0!==t.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();r=e.redSqr(),d=r.redMul(e),i=i.redMul(r),r=t.redSqr().redIAdd(d).redISub(i).redISub(i),d=t.redMul(i.redISub(r)).redISub(f.redMul(d)),e=this.z.redMul(e);return this.curve.jpoint(r,d,e)},c.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var t=this,i=0;i":""},c.prototype.isInfinity=function(){return 0===this.z.cmpn(0)}},{"../utils":15,"./base":2,"bn.js":16,inherits:32}],7:[function(e,t,i){"use strict";var r,f=i,i=e("hash.js"),d=e("./curve"),n=e("./utils").assert;function a(e){"short"===e.type?this.curve=new d.short(e):"edwards"===e.type?this.curve=new d.edwards(e):this.curve=new d.mont(e),this.g=this.curve.g,this.n=this.curve.n,this.hash=e.hash,n(this.g.validate(),"Invalid curve"),n(this.g.mul(this.n).isInfinity(),"Invalid curve, G*N != O")}function s(t,i){Object.defineProperty(f,t,{configurable:!0,enumerable:!0,get:function(){var e=new a(i);return Object.defineProperty(f,t,{configurable:!0,enumerable:!0,value:e}),e}})}f.PresetCurve=a,s("p192",{type:"short",prime:"p192",p:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff",a:"ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc",b:"64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1",n:"ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831",hash:i.sha256,gRed:!1,g:["188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012","07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811"]}),s("p224",{type:"short",prime:"p224",p:"ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001",a:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe",b:"b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4",n:"ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d",hash:i.sha256,gRed:!1,g:["b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21","bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34"]}),s("p256",{type:"short",prime:null,p:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff",a:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc",b:"5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b",n:"ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551",hash:i.sha256,gRed:!1,g:["6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296","4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5"]}),s("p384",{type:"short",prime:null,p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 ffffffff",a:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 fffffffc",b:"b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef",n:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 f4372ddf 581a0db2 48b0a77a ecec196a ccc52973",hash:i.sha384,gRed:!1,g:["aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7","3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f"]}),s("p521",{type:"short",prime:null,p:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff",a:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffc",b:"00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b 99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd 3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00",n:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409",hash:i.sha512,gRed:!1,g:["000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66","00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 3fad0761 353c7086 a272c240 88be9476 9fd16650"]}),s("curve25519",{type:"mont",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"76d06",b:"1",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:i.sha256,gRed:!1,g:["9"]}),s("ed25519",{type:"edwards",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"-1",c:"1",d:"52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:i.sha256,gRed:!1,g:["216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a","6666666666666666666666666666666666666666666666666666666666666658"]});try{r=e("./precomputed/secp256k1")}catch(e){r=void 0}s("secp256k1",{type:"short",prime:"k256",p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f",a:"0",b:"7",n:"ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141",h:"1",hash:i.sha256,beta:"7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee",lambda:"5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72",basis:[{a:"3086d221a7d46bcde86c90e49284eb15",b:"-e4437ed6010e88286f547fa90abfe4c3"},{a:"114ca50f7a8e2f3f657c1108d9d44cfd8",b:"3086d221a7d46bcde86c90e49284eb15"}],gRed:!1,g:["79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",r]})},{"./curve":4,"./precomputed/secp256k1":14,"./utils":15,"hash.js":19}],8:[function(e,t,i){"use strict";var u=e("bn.js"),b=e("hmac-drbg"),r=e("../utils"),f=e("../curves"),d=e("brorand"),a=r.assert,n=e("./key"),l=e("./signature");function s(e){if(!(this instanceof s))return new s(e);"string"==typeof e&&(a(Object.prototype.hasOwnProperty.call(f,e),"Unknown curve "+e),e=f[e]),e instanceof f.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}(t.exports=s).prototype.keyPair=function(e){return new n(this,e)},s.prototype.keyFromPrivate=function(e,t){return n.fromPrivate(this,e,t)},s.prototype.keyFromPublic=function(e,t){return n.fromPublic(this,e,t)},s.prototype.genKeyPair=function(e){e=e||{};for(var t=new b({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||d(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()}),i=this.n.byteLength(),r=this.n.sub(new u(2));;){var f=new u(t.generate(i));if(!(0>1;if(0<=n.cmp(this.curve.p.umod(this.curve.n))&&i)throw new Error("Unable to find sencond key candinate");n=i?this.curve.pointFromX(n.add(this.curve.n),e):this.curve.pointFromX(n,e);t=t.r.invm(f),d=f.sub(d).mul(t).umod(f),f=r.mul(t).umod(f);return this.g.mulAdd(d,n,f)},s.prototype.getKeyRecoveryParam=function(e,t,i,r){if(null!==(t=new l(t,r)).recoveryParam)return t.recoveryParam;for(var f,d=0;d<4;d++){try{f=this.recoverPubKey(e,t,d)}catch(e){continue}if(f.eq(i))return d}throw new Error("Unable to find valid recovery factor")}},{"../curves":7,"../utils":15,"./key":9,"./signature":10,"bn.js":16,brorand:17,"hmac-drbg":31}],9:[function(e,t,i){"use strict";var r=e("bn.js"),f=e("../utils").assert;function d(e,t){this.ec=e,this.priv=null,this.pub=null,t.priv&&this._importPrivate(t.priv,t.privEnc),t.pub&&this._importPublic(t.pub,t.pubEnc)}(t.exports=d).fromPublic=function(e,t,i){return t instanceof d?t:new d(e,{pub:t,pubEnc:i})},d.fromPrivate=function(e,t,i){return t instanceof d?t:new d(e,{priv:t,privEnc:i})},d.prototype.validate=function(){var e=this.getPublic();return e.isInfinity()?{result:!1,reason:"Invalid public key"}:e.validate()?e.mul(this.ec.curve.n).isInfinity()?{result:!0,reason:null}:{result:!1,reason:"Public key * N != O"}:{result:!1,reason:"Public key is not a point"}},d.prototype.getPublic=function(e,t){return"string"==typeof e&&(t=e,e=null),this.pub||(this.pub=this.ec.g.mul(this.priv)),t?this.pub.encode(t,e):this.pub},d.prototype.getPrivate=function(e){return"hex"===e?this.priv.toString(16,2):this.priv},d.prototype._importPrivate=function(e,t){this.priv=new r(e,t||16),this.priv=this.priv.umod(this.ec.curve.n)},d.prototype._importPublic=function(e,t){if(e.x||e.y)return"mont"===this.ec.curve.type?f(e.x,"Need x coordinate"):"short"!==this.ec.curve.type&&"edwards"!==this.ec.curve.type||f(e.x&&e.y,"Need both x and y coordinate"),void(this.pub=this.ec.curve.point(e.x,e.y));this.pub=this.ec.curve.decodePoint(e,t)},d.prototype.derive=function(e){return e.validate()||f(e.validate(),"public point not validated"),e.mul(this.priv).getX()},d.prototype.sign=function(e,t,i){return this.ec.sign(e,this,t,i)},d.prototype.verify=function(e,t){return this.ec.verify(e,t,this)},d.prototype.inspect=function(){return""}},{"../utils":15,"bn.js":16}],10:[function(e,t,i){"use strict";var f=e("bn.js"),d=e("../utils"),r=d.assert;function n(e,t){if(e instanceof n)return e;this._importDER(e,t)||(r(e.r&&e.s,"Signature without r or s"),this.r=new f(e.r,16),this.s=new f(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}function a(){this.place=0}function s(e,t){var i=e[t.place++];if(!(128&i))return i;var r=15&i;if(0==r||4>>=0;return!(f<=127)&&(t.place=n,f)}function c(e){for(var t=0,i=e.length-1;!e[t]&&!(128&e[t+1])&&t>>3);for(e.push(128|i);--i;)e.push(t>>>(i<<3)&255);e.push(t)}}(t.exports=n).prototype._importDER=function(e,t){e=d.toArray(e,t);var i=new a;if(48!==e[i.place++])return!1;var r=s(e,i);if(!1===r)return!1;if(r+i.place!==e.length)return!1;if(2!==e[i.place++])return!1;t=s(e,i);if(!1===t)return!1;if(0!=(128&e[i.place]))return!1;r=e.slice(i.place,t+i.place);if(i.place+=t,2!==e[i.place++])return!1;t=s(e,i);if(!1===t)return!1;if(e.length!==t+i.place)return!1;if(0!=(128&e[i.place]))return!1;i=e.slice(i.place,t+i.place);if(0===r[0]){if(!(128&r[1]))return!1;r=r.slice(1)}if(0===i[0]){if(!(128&i[1]))return!1;i=i.slice(1)}return this.r=new f(r),this.s=new f(i),!(this.recoveryParam=null)},n.prototype.toDER=function(e){var t=this.r.toArray(),i=this.s.toArray();for(128&t[0]&&(t=[0].concat(t)),128&i[0]&&(i=[0].concat(i)),t=c(t),i=c(i);!(i[0]||128&i[1]);)i=i.slice(1);var r=[2];h(r,t.length),(r=r.concat(t)).push(2),h(r,i.length);t=r.concat(i),r=[48];return h(r,t.length),r=r.concat(t),d.encode(r,e)}},{"../utils":15,"bn.js":16}],11:[function(e,t,i){"use strict";var r=e("hash.js"),f=e("../curves"),d=e("../utils"),n=d.assert,a=d.parseBytes,s=e("./key"),c=e("./signature");function h(e){if(n("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof h))return new h(e);e=f[e].curve,this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=r.sha512}(t.exports=h).prototype.sign=function(e,t){e=a(e);var i=this.keyFromSecret(t),r=this.hashInt(i.messagePrefix(),e),f=this.g.mul(r),t=this.encodePoint(f),i=this.hashInt(t,i.pubBytes(),e).mul(i.priv()),i=r.add(i).umod(this.curve.n);return this.makeSignature({R:f,S:i,Rencoded:t})},h.prototype.verify=function(e,t,i){if(e=a(e),(t=this.makeSignature(t)).S().gte(t.eddsa.curve.n)||t.S().isNeg())return!1;var r=this.keyFromPublic(i),i=this.hashInt(t.Rencoded(),r.pubBytes(),e),e=this.g.mul(t.S());return t.R().add(r.pub().mul(i)).eq(e)},h.prototype.hashInt=function(){for(var e=this.hash(),t=0;t>1)-1>1)-s:s,n.isubn(a)):a=0,r[f]=a,n.iushrn(1)}return r},r.getJSF=function(e,t){var i=[[],[]];e=e.clone(),t=t.clone();for(var r,f=0,d=0;0>>26-n&67108863,26<=(n+=24)&&(n-=26,r++);else if("le"===i)for(r=d=0;d>>26-n&67108863,26<=(n+=24)&&(n-=26,r++);return this.strip()},m.prototype._parseHex=function(e,t){this.length=Math.ceil((e.length-t)/6),this.words=new Array(this.length);for(var i,r=0;r>>26-f&4194303,26<=(f+=24)&&(f-=26,d++);r+6!==t&&(i=n(e,t,r+6),this.words[d]|=i<>>26-f&4194303),this.strip()},m.prototype._parseBase=function(e,t,i){this.words=[0];for(var r=0,f=this.length=1;f<=67108863;f*=t)r++;r--,f=f/t|0;for(var d=e.length-i,n=d%r,a=Math.min(d,d-n)+i,s=0,c=i;c"};var u=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],b=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],l=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function f(e,t,i){i.negative=t.negative^e.negative;var r=e.length+t.length|0,r=(i.length=r)-1|0,f=67108863&(o=(0|e.words[0])*(0|t.words[0])),d=o/67108864|0;i.words[0]=f;for(var n=1;n>>26,s=67108863&d,c=Math.min(n,t.length-1),h=Math.max(0,n-e.length+1);h<=c;h++){var o,u=n-h|0;a+=(o=(0|e.words[u])*(0|t.words[h])+s)/67108864|0,s=67108863&o}i.words[n]=0|s,d=0|a}return 0!==d?i.words[n]=0|d:i.length--,i.strip()}m.prototype.toString=function(e,t){if(t=0|t||1,16===(e=e||10)||"hex"===e){a="";for(var i=0,r=0,f=0;f>>24-i&16777215)||f!==this.length-1?u[6-n.length]+n+a:n+a;26<=(i+=2)&&(i-=26,f--)}for(0!==r&&(a=r.toString(16)+a);a.length%t!=0;)a="0"+a;return a=0!==this.negative?"-"+a:a}if(e===(0|e)&&2<=e&&e<=36){var s=b[e],c=l[e];for(a="",(h=this.clone()).negative=0;!h.isZero();){var h,o=h.modn(c).toString(e);a=(h=h.idivn(c)).isZero()?o+a:u[s-o.length]+o+a}for(this.isZero()&&(a="0"+a);a.length%t!=0;)a="0"+a;return a=0!==this.negative?"-"+a:a}p(!1,"Base should be between 2 and 36")},m.prototype.toNumber=function(){var e=this.words[0];return 2===this.length?e+=67108864*this.words[1]:3===this.length&&1===this.words[2]?e+=4503599627370496+67108864*this.words[1]:2>>=13),64<=t&&(e+=7,t>>>=7),8<=t&&(e+=4,t>>>=4),2<=t&&(e+=2,t>>>=2),e+t},m.prototype._zeroBits=function(e){if(0===e)return 26;var t=e,e=0;return 0==(8191&t)&&(e+=13,t>>>=13),0==(127&t)&&(e+=7,t>>>=7),0==(15&t)&&(e+=4,t>>>=4),0==(3&t)&&(e+=2,t>>>=2),0==(1&t)&&e++,e},m.prototype.bitLength=function(){var e=this.words[this.length-1],e=this._countBits(e);return 26*(this.length-1)+e},m.prototype.zeroBits=function(){if(this.isZero())return 0;for(var e=0,t=0;te.length?this.clone().ior(e):e.clone().ior(this)},m.prototype.uor=function(e){return this.length>e.length?this.clone().iuor(e):e.clone().iuor(this)},m.prototype.iuand=function(e){for(var t=this.length>e.length?e:this,i=0;ie.length?this.clone().iand(e):e.clone().iand(this)},m.prototype.uand=function(e){return this.length>e.length?this.clone().iuand(e):e.clone().iuand(this)},m.prototype.iuxor=function(e){for(var t,i=this.length>e.length?(t=this,e):(t=e,this),r=0;re.length?this.clone().ixor(e):e.clone().ixor(this)},m.prototype.uxor=function(e){return this.length>e.length?this.clone().iuxor(e):e.clone().iuxor(this)},m.prototype.inotn=function(e){p("number"==typeof e&&0<=e);var t=0|Math.ceil(e/26),e=e%26;this._expand(t),0>26-e),this.strip()},m.prototype.notn=function(e){return this.clone().inotn(e)},m.prototype.setn=function(e,t){p("number"==typeof e&&0<=e);var i=e/26|0,e=e%26;return this._expand(1+i),this.words[i]=t?this.words[i]|1<e.length?(i=this,e):(i=e,this);for(var f=0,d=0;d>>26;for(;0!==f&&d>>26;if(this.length=i.length,0!==f)this.words[this.length]=f,this.length++;else if(i!==this)for(;de.length?this.clone().iadd(e):e.clone().iadd(this)},m.prototype.isub=function(e){if(0!==e.negative){e.negative=0;var t=this.iadd(e);return e.negative=1,t._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(e),this.negative=1,this._normSign();var i,r,f=this.cmp(e);if(0===f)return this.negative=0,this.length=1,this.words[0]=0,this;r=0>26,this.words[n]=67108863&t;for(;0!==d&&n>26,this.words[n]=67108863&t;if(0===d&&n>>13,c=0|r[1],h=8191&c,o=c>>>13,u=0|r[2],b=8191&u,l=u>>>13,p=0|r[3],m=8191&p,v=p>>>13,g=0|r[4],y=8191&g,M=g>>>13,w=0|r[5],S=8191&w,_=w>>>13,A=0|r[6],x=8191&A,I=A>>>13,z=0|r[7],q=8191&z,R=z>>>13,k=0|r[8],P=8191&k,j=k>>>13,N=0|r[9],E=8191&N,B=N>>>13,L=0|f[0],O=8191&L,F=L>>>13,T=0|f[1],C=8191&T,Z=T>>>13,J=0|f[2],H=8191&J,D=J>>>13,X=0|f[3],K=8191&X,V=X>>>13,W=0|f[4],U=8191&W,Y=W>>>13,G=0|f[5],Q=8191&G,$=G>>>13,n=0|f[6],c=8191&n,u=n>>>13,p=0|f[7],g=8191&p,w=p>>>13,A=0|f[8],z=8191&A,k=A>>>13,r=0|f[9],N=8191&r,L=r>>>13;i.negative=e.negative^t.negative,i.length=19;var X=(0+Math.imul(a,O)|0)+((8191&(J=Math.imul(a,F)+Math.imul(s,O)|0))<<13)|0,ee=(Math.imul(s,F)+(J>>>13)|0)+(X>>>26)|0;X&=67108863,T=Math.imul(h,O),J=Math.imul(h,F)+Math.imul(o,O)|0,W=Math.imul(o,F);G=(ee+(T+Math.imul(a,C)|0)|0)+((8191&(J=(J+Math.imul(a,Z)|0)+Math.imul(s,C)|0))<<13)|0;ee=((W+Math.imul(s,Z)|0)+(J>>>13)|0)+(G>>>26)|0,G&=67108863,T=Math.imul(b,O),J=Math.imul(b,F)+Math.imul(l,O)|0,W=Math.imul(l,F),T=T+Math.imul(h,C)|0,J=(J+Math.imul(h,Z)|0)+Math.imul(o,C)|0,W=W+Math.imul(o,Z)|0;n=(ee+(T+Math.imul(a,H)|0)|0)+((8191&(J=(J+Math.imul(a,D)|0)+Math.imul(s,H)|0))<<13)|0;ee=((W+Math.imul(s,D)|0)+(J>>>13)|0)+(n>>>26)|0,n&=67108863,T=Math.imul(m,O),J=Math.imul(m,F)+Math.imul(v,O)|0,W=Math.imul(v,F),T=T+Math.imul(b,C)|0,J=(J+Math.imul(b,Z)|0)+Math.imul(l,C)|0,W=W+Math.imul(l,Z)|0,T=T+Math.imul(h,H)|0,J=(J+Math.imul(h,D)|0)+Math.imul(o,H)|0,W=W+Math.imul(o,D)|0;p=(ee+(T+Math.imul(a,K)|0)|0)+((8191&(J=(J+Math.imul(a,V)|0)+Math.imul(s,K)|0))<<13)|0;ee=((W+Math.imul(s,V)|0)+(J>>>13)|0)+(p>>>26)|0,p&=67108863,T=Math.imul(y,O),J=Math.imul(y,F)+Math.imul(M,O)|0,W=Math.imul(M,F),T=T+Math.imul(m,C)|0,J=(J+Math.imul(m,Z)|0)+Math.imul(v,C)|0,W=W+Math.imul(v,Z)|0,T=T+Math.imul(b,H)|0,J=(J+Math.imul(b,D)|0)+Math.imul(l,H)|0,W=W+Math.imul(l,D)|0,T=T+Math.imul(h,K)|0,J=(J+Math.imul(h,V)|0)+Math.imul(o,K)|0,W=W+Math.imul(o,V)|0;A=(ee+(T+Math.imul(a,U)|0)|0)+((8191&(J=(J+Math.imul(a,Y)|0)+Math.imul(s,U)|0))<<13)|0;ee=((W+Math.imul(s,Y)|0)+(J>>>13)|0)+(A>>>26)|0,A&=67108863,T=Math.imul(S,O),J=Math.imul(S,F)+Math.imul(_,O)|0,W=Math.imul(_,F),T=T+Math.imul(y,C)|0,J=(J+Math.imul(y,Z)|0)+Math.imul(M,C)|0,W=W+Math.imul(M,Z)|0,T=T+Math.imul(m,H)|0,J=(J+Math.imul(m,D)|0)+Math.imul(v,H)|0,W=W+Math.imul(v,D)|0,T=T+Math.imul(b,K)|0,J=(J+Math.imul(b,V)|0)+Math.imul(l,K)|0,W=W+Math.imul(l,V)|0,T=T+Math.imul(h,U)|0,J=(J+Math.imul(h,Y)|0)+Math.imul(o,U)|0,W=W+Math.imul(o,Y)|0;f=(ee+(T+Math.imul(a,Q)|0)|0)+((8191&(J=(J+Math.imul(a,$)|0)+Math.imul(s,Q)|0))<<13)|0;ee=((W+Math.imul(s,$)|0)+(J>>>13)|0)+(f>>>26)|0,f&=67108863,T=Math.imul(x,O),J=Math.imul(x,F)+Math.imul(I,O)|0,W=Math.imul(I,F),T=T+Math.imul(S,C)|0,J=(J+Math.imul(S,Z)|0)+Math.imul(_,C)|0,W=W+Math.imul(_,Z)|0,T=T+Math.imul(y,H)|0,J=(J+Math.imul(y,D)|0)+Math.imul(M,H)|0,W=W+Math.imul(M,D)|0,T=T+Math.imul(m,K)|0,J=(J+Math.imul(m,V)|0)+Math.imul(v,K)|0,W=W+Math.imul(v,V)|0,T=T+Math.imul(b,U)|0,J=(J+Math.imul(b,Y)|0)+Math.imul(l,U)|0,W=W+Math.imul(l,Y)|0,T=T+Math.imul(h,Q)|0,J=(J+Math.imul(h,$)|0)+Math.imul(o,Q)|0,W=W+Math.imul(o,$)|0;r=(ee+(T+Math.imul(a,c)|0)|0)+((8191&(J=(J+Math.imul(a,u)|0)+Math.imul(s,c)|0))<<13)|0;ee=((W+Math.imul(s,u)|0)+(J>>>13)|0)+(r>>>26)|0,r&=67108863,T=Math.imul(q,O),J=Math.imul(q,F)+Math.imul(R,O)|0,W=Math.imul(R,F),T=T+Math.imul(x,C)|0,J=(J+Math.imul(x,Z)|0)+Math.imul(I,C)|0,W=W+Math.imul(I,Z)|0,T=T+Math.imul(S,H)|0,J=(J+Math.imul(S,D)|0)+Math.imul(_,H)|0,W=W+Math.imul(_,D)|0,T=T+Math.imul(y,K)|0,J=(J+Math.imul(y,V)|0)+Math.imul(M,K)|0,W=W+Math.imul(M,V)|0,T=T+Math.imul(m,U)|0,J=(J+Math.imul(m,Y)|0)+Math.imul(v,U)|0,W=W+Math.imul(v,Y)|0,T=T+Math.imul(b,Q)|0,J=(J+Math.imul(b,$)|0)+Math.imul(l,Q)|0,W=W+Math.imul(l,$)|0,T=T+Math.imul(h,c)|0,J=(J+Math.imul(h,u)|0)+Math.imul(o,c)|0,W=W+Math.imul(o,u)|0;e=(ee+(T+Math.imul(a,g)|0)|0)+((8191&(J=(J+Math.imul(a,w)|0)+Math.imul(s,g)|0))<<13)|0;ee=((W+Math.imul(s,w)|0)+(J>>>13)|0)+(e>>>26)|0,e&=67108863,T=Math.imul(P,O),J=Math.imul(P,F)+Math.imul(j,O)|0,W=Math.imul(j,F),T=T+Math.imul(q,C)|0,J=(J+Math.imul(q,Z)|0)+Math.imul(R,C)|0,W=W+Math.imul(R,Z)|0,T=T+Math.imul(x,H)|0,J=(J+Math.imul(x,D)|0)+Math.imul(I,H)|0,W=W+Math.imul(I,D)|0,T=T+Math.imul(S,K)|0,J=(J+Math.imul(S,V)|0)+Math.imul(_,K)|0,W=W+Math.imul(_,V)|0,T=T+Math.imul(y,U)|0,J=(J+Math.imul(y,Y)|0)+Math.imul(M,U)|0,W=W+Math.imul(M,Y)|0,T=T+Math.imul(m,Q)|0,J=(J+Math.imul(m,$)|0)+Math.imul(v,Q)|0,W=W+Math.imul(v,$)|0,T=T+Math.imul(b,c)|0,J=(J+Math.imul(b,u)|0)+Math.imul(l,c)|0,W=W+Math.imul(l,u)|0,T=T+Math.imul(h,g)|0,J=(J+Math.imul(h,w)|0)+Math.imul(o,g)|0,W=W+Math.imul(o,w)|0;t=(ee+(T+Math.imul(a,z)|0)|0)+((8191&(J=(J+Math.imul(a,k)|0)+Math.imul(s,z)|0))<<13)|0;ee=((W+Math.imul(s,k)|0)+(J>>>13)|0)+(t>>>26)|0,t&=67108863,T=Math.imul(E,O),J=Math.imul(E,F)+Math.imul(B,O)|0,W=Math.imul(B,F),T=T+Math.imul(P,C)|0,J=(J+Math.imul(P,Z)|0)+Math.imul(j,C)|0,W=W+Math.imul(j,Z)|0,T=T+Math.imul(q,H)|0,J=(J+Math.imul(q,D)|0)+Math.imul(R,H)|0,W=W+Math.imul(R,D)|0,T=T+Math.imul(x,K)|0,J=(J+Math.imul(x,V)|0)+Math.imul(I,K)|0,W=W+Math.imul(I,V)|0,T=T+Math.imul(S,U)|0,J=(J+Math.imul(S,Y)|0)+Math.imul(_,U)|0,W=W+Math.imul(_,Y)|0,T=T+Math.imul(y,Q)|0,J=(J+Math.imul(y,$)|0)+Math.imul(M,Q)|0,W=W+Math.imul(M,$)|0,T=T+Math.imul(m,c)|0,J=(J+Math.imul(m,u)|0)+Math.imul(v,c)|0,W=W+Math.imul(v,u)|0,T=T+Math.imul(b,g)|0,J=(J+Math.imul(b,w)|0)+Math.imul(l,g)|0,W=W+Math.imul(l,w)|0,T=T+Math.imul(h,z)|0,J=(J+Math.imul(h,k)|0)+Math.imul(o,z)|0,W=W+Math.imul(o,k)|0;a=(ee+(T+Math.imul(a,N)|0)|0)+((8191&(J=(J+Math.imul(a,L)|0)+Math.imul(s,N)|0))<<13)|0;ee=((W+Math.imul(s,L)|0)+(J>>>13)|0)+(a>>>26)|0,a&=67108863,T=Math.imul(E,C),J=Math.imul(E,Z)+Math.imul(B,C)|0,W=Math.imul(B,Z),T=T+Math.imul(P,H)|0,J=(J+Math.imul(P,D)|0)+Math.imul(j,H)|0,W=W+Math.imul(j,D)|0,T=T+Math.imul(q,K)|0,J=(J+Math.imul(q,V)|0)+Math.imul(R,K)|0,W=W+Math.imul(R,V)|0,T=T+Math.imul(x,U)|0,J=(J+Math.imul(x,Y)|0)+Math.imul(I,U)|0,W=W+Math.imul(I,Y)|0,T=T+Math.imul(S,Q)|0,J=(J+Math.imul(S,$)|0)+Math.imul(_,Q)|0,W=W+Math.imul(_,$)|0,T=T+Math.imul(y,c)|0,J=(J+Math.imul(y,u)|0)+Math.imul(M,c)|0,W=W+Math.imul(M,u)|0,T=T+Math.imul(m,g)|0,J=(J+Math.imul(m,w)|0)+Math.imul(v,g)|0,W=W+Math.imul(v,w)|0,T=T+Math.imul(b,z)|0,J=(J+Math.imul(b,k)|0)+Math.imul(l,z)|0,W=W+Math.imul(l,k)|0;h=(ee+(T+Math.imul(h,N)|0)|0)+((8191&(J=(J+Math.imul(h,L)|0)+Math.imul(o,N)|0))<<13)|0;ee=((W+Math.imul(o,L)|0)+(J>>>13)|0)+(h>>>26)|0,h&=67108863,T=Math.imul(E,H),J=Math.imul(E,D)+Math.imul(B,H)|0,W=Math.imul(B,D),T=T+Math.imul(P,K)|0,J=(J+Math.imul(P,V)|0)+Math.imul(j,K)|0,W=W+Math.imul(j,V)|0,T=T+Math.imul(q,U)|0,J=(J+Math.imul(q,Y)|0)+Math.imul(R,U)|0,W=W+Math.imul(R,Y)|0,T=T+Math.imul(x,Q)|0,J=(J+Math.imul(x,$)|0)+Math.imul(I,Q)|0,W=W+Math.imul(I,$)|0,T=T+Math.imul(S,c)|0,J=(J+Math.imul(S,u)|0)+Math.imul(_,c)|0,W=W+Math.imul(_,u)|0,T=T+Math.imul(y,g)|0,J=(J+Math.imul(y,w)|0)+Math.imul(M,g)|0,W=W+Math.imul(M,w)|0,T=T+Math.imul(m,z)|0,J=(J+Math.imul(m,k)|0)+Math.imul(v,z)|0,W=W+Math.imul(v,k)|0;b=(ee+(T+Math.imul(b,N)|0)|0)+((8191&(J=(J+Math.imul(b,L)|0)+Math.imul(l,N)|0))<<13)|0;ee=((W+Math.imul(l,L)|0)+(J>>>13)|0)+(b>>>26)|0,b&=67108863,T=Math.imul(E,K),J=Math.imul(E,V)+Math.imul(B,K)|0,W=Math.imul(B,V),T=T+Math.imul(P,U)|0,J=(J+Math.imul(P,Y)|0)+Math.imul(j,U)|0,W=W+Math.imul(j,Y)|0,T=T+Math.imul(q,Q)|0,J=(J+Math.imul(q,$)|0)+Math.imul(R,Q)|0,W=W+Math.imul(R,$)|0,T=T+Math.imul(x,c)|0,J=(J+Math.imul(x,u)|0)+Math.imul(I,c)|0,W=W+Math.imul(I,u)|0,T=T+Math.imul(S,g)|0,J=(J+Math.imul(S,w)|0)+Math.imul(_,g)|0,W=W+Math.imul(_,w)|0,T=T+Math.imul(y,z)|0,J=(J+Math.imul(y,k)|0)+Math.imul(M,z)|0,W=W+Math.imul(M,k)|0;m=(ee+(T+Math.imul(m,N)|0)|0)+((8191&(J=(J+Math.imul(m,L)|0)+Math.imul(v,N)|0))<<13)|0;ee=((W+Math.imul(v,L)|0)+(J>>>13)|0)+(m>>>26)|0,m&=67108863,T=Math.imul(E,U),J=Math.imul(E,Y)+Math.imul(B,U)|0,W=Math.imul(B,Y),T=T+Math.imul(P,Q)|0,J=(J+Math.imul(P,$)|0)+Math.imul(j,Q)|0,W=W+Math.imul(j,$)|0,T=T+Math.imul(q,c)|0,J=(J+Math.imul(q,u)|0)+Math.imul(R,c)|0,W=W+Math.imul(R,u)|0,T=T+Math.imul(x,g)|0,J=(J+Math.imul(x,w)|0)+Math.imul(I,g)|0,W=W+Math.imul(I,w)|0,T=T+Math.imul(S,z)|0,J=(J+Math.imul(S,k)|0)+Math.imul(_,z)|0,W=W+Math.imul(_,k)|0;y=(ee+(T+Math.imul(y,N)|0)|0)+((8191&(J=(J+Math.imul(y,L)|0)+Math.imul(M,N)|0))<<13)|0;ee=((W+Math.imul(M,L)|0)+(J>>>13)|0)+(y>>>26)|0,y&=67108863,T=Math.imul(E,Q),J=Math.imul(E,$)+Math.imul(B,Q)|0,W=Math.imul(B,$),T=T+Math.imul(P,c)|0,J=(J+Math.imul(P,u)|0)+Math.imul(j,c)|0,W=W+Math.imul(j,u)|0,T=T+Math.imul(q,g)|0,J=(J+Math.imul(q,w)|0)+Math.imul(R,g)|0,W=W+Math.imul(R,w)|0,T=T+Math.imul(x,z)|0,J=(J+Math.imul(x,k)|0)+Math.imul(I,z)|0,W=W+Math.imul(I,k)|0;S=(ee+(T+Math.imul(S,N)|0)|0)+((8191&(J=(J+Math.imul(S,L)|0)+Math.imul(_,N)|0))<<13)|0;ee=((W+Math.imul(_,L)|0)+(J>>>13)|0)+(S>>>26)|0,S&=67108863,T=Math.imul(E,c),J=Math.imul(E,u)+Math.imul(B,c)|0,W=Math.imul(B,u),T=T+Math.imul(P,g)|0,J=(J+Math.imul(P,w)|0)+Math.imul(j,g)|0,W=W+Math.imul(j,w)|0,T=T+Math.imul(q,z)|0,J=(J+Math.imul(q,k)|0)+Math.imul(R,z)|0,W=W+Math.imul(R,k)|0;x=(ee+(T+Math.imul(x,N)|0)|0)+((8191&(J=(J+Math.imul(x,L)|0)+Math.imul(I,N)|0))<<13)|0;ee=((W+Math.imul(I,L)|0)+(J>>>13)|0)+(x>>>26)|0,x&=67108863,T=Math.imul(E,g),J=Math.imul(E,w)+Math.imul(B,g)|0,W=Math.imul(B,w),T=T+Math.imul(P,z)|0,J=(J+Math.imul(P,k)|0)+Math.imul(j,z)|0,W=W+Math.imul(j,k)|0;q=(ee+(T+Math.imul(q,N)|0)|0)+((8191&(J=(J+Math.imul(q,L)|0)+Math.imul(R,N)|0))<<13)|0;ee=((W+Math.imul(R,L)|0)+(J>>>13)|0)+(q>>>26)|0,q&=67108863,T=Math.imul(E,z),J=Math.imul(E,k)+Math.imul(B,z)|0,W=Math.imul(B,k);P=(ee+(T+Math.imul(P,N)|0)|0)+((8191&(J=(J+Math.imul(P,L)|0)+Math.imul(j,N)|0))<<13)|0;ee=((W+Math.imul(j,L)|0)+(J>>>13)|0)+(P>>>26)|0,P&=67108863;N=(ee+Math.imul(E,N)|0)+((8191&(J=Math.imul(E,L)+Math.imul(B,N)|0))<<13)|0;return ee=(Math.imul(B,L)+(J>>>13)|0)+(N>>>26)|0,N&=67108863,d[0]=X,d[1]=G,d[2]=n,d[3]=p,d[4]=A,d[5]=f,d[6]=r,d[7]=e,d[8]=t,d[9]=a,d[10]=h,d[11]=b,d[12]=m,d[13]=y,d[14]=S,d[15]=x,d[16]=q,d[17]=P,d[18]=N,0!=ee&&(d[19]=ee,i.length++),i};function a(e,t,i){return(new s).mulp(e,t,i)}function s(e,t){this.x=e,this.y=t}Math.imul||(d=f),m.prototype.mulTo=function(e,t){var i=this.length+e.length,t=(10===this.length&&10===e.length?d:i<63?f:i<1024?function(e,t,i){i.negative=t.negative^e.negative,i.length=e.length+t.length;for(var r=0,f=0,d=0;d>>26)|0)>>>26,n&=67108863}i.words[d]=a,r=n,n=f}return 0!==r?i.words[d]=r:i.length--,i.strip()}:a)(this,e,t);return t},s.prototype.makeRBT=function(e){for(var t=new Array(e),i=m.prototype._countBits(e)-1,r=0;r>=1;return r},s.prototype.permute=function(e,t,i,r,f,d){for(var n=0;n>>=1)i++;return 1<>>=13,i[2*d+1]=8191&f,f>>>=13;for(d=2*t;d>=26,t+=r/67108864|0,t+=f>>>26,this.words[i]=67108863&f}return 0!==t&&(this.words[i]=t,this.length++),this},m.prototype.muln=function(e){return this.clone().imuln(e)},m.prototype.sqr=function(){return this.mul(this)},m.prototype.isqr=function(){return this.imul(this.clone())},m.prototype.pow=function(e){var t=function(e){for(var t=new Array(e.bitLength()),i=0;i>>f}return t}(e);if(0===t.length)return new m(1);for(var i=this,r=0;r>>26-t<<26-t;if(0!=t){for(var f=0,d=0;d>>26-t}f&&(this.words[d]=f,this.length++)}if(0!=i){for(d=this.length-1;0<=d;d--)this.words[d+i]=this.words[d];for(d=0;d>>f<d)for(this.length-=d,s=0;s>>f,c=h&n}return a&&0!==c&&(a.words[a.length++]=c),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},m.prototype.ishrn=function(e,t,i){return p(0===this.negative),this.iushrn(e,t,i)},m.prototype.shln=function(e){return this.clone().ishln(e)},m.prototype.ushln=function(e){return this.clone().iushln(e)},m.prototype.shrn=function(e){return this.clone().ishrn(e)},m.prototype.ushrn=function(e){return this.clone().iushrn(e)},m.prototype.testn=function(e){p("number"==typeof e&&0<=e);var t=e%26,e=(e-t)/26,t=1<>>t<>26)-(a/67108864|0);this.words[n+i]=67108863&r}for(;n>26,this.words[n+i]=67108863&r;if(0===d)return this.strip();for(p(-1===d),n=d=0;n>26,this.words[n]=67108863&r;return this.negative=1,this.strip()},m.prototype._wordDiv=function(e,t){var i=this.length-e.length,r=this.clone(),f=e,d=0|f.words[f.length-1];0!=(i=26-this._countBits(d))&&(f=f.ushln(i),r.iushln(i),d=0|f.words[f.length-1]);var n,a=r.length-f.length;if("mod"!==t){(n=new m(null)).length=1+a,n.words=new Array(n.length);for(var s=0;sthis.length||this.cmp(e)<0?{div:new m(0),mod:this}:1===e.length?"div"===t?{div:this.divn(e.words[0]),mod:null}:"mod"===t?{div:null,mod:new m(this.modn(e.words[0]))}:{div:this.divn(e.words[0]),mod:new m(this.modn(e.words[0]))}:this._wordDiv(e,t);var r,f,d},m.prototype.div=function(e){return this.divmod(e,"div",!1).div},m.prototype.mod=function(e){return this.divmod(e,"mod",!1).mod},m.prototype.umod=function(e){return this.divmod(e,"mod",!0).mod},m.prototype.divRound=function(e){var t=this.divmod(e);if(t.mod.isZero())return t.div;var i=0!==t.div.negative?t.mod.isub(e):t.mod,r=e.ushrn(1),e=e.andln(1),r=i.cmp(r);return r<0||1===e&&0===r?t.div:0!==t.div.negative?t.div.isubn(1):t.div.iaddn(1)},m.prototype.modn=function(e){p(e<=67108863);for(var t=(1<<26)%e,i=0,r=this.length-1;0<=r;r--)i=(t*i+(0|this.words[r]))%e;return i},m.prototype.idivn=function(e){p(e<=67108863);for(var t=0,i=this.length-1;0<=i;i--){var r=(0|this.words[i])+67108864*t;this.words[i]=r/e|0,t=r%e}return this.strip()},m.prototype.divn=function(e){return this.clone().idivn(e)},m.prototype.egcd=function(e){p(0===e.negative),p(!e.isZero());for(var t=this,i=e.clone(),t=0!==t.negative?t.umod(e):t.clone(),r=new m(1),f=new m(0),d=new m(0),n=new m(1),a=0;t.isEven()&&i.isEven();)t.iushrn(1),i.iushrn(1),++a;for(var s=i.clone(),c=t.clone();!t.isZero();){for(var h=0,o=1;0==(t.words[0]&o)&&h<26;++h,o<<=1);if(0>>26;f&=67108863,this.words[r]=f}return 0!==i&&(this.words[r]=i,this.length++),this},m.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},m.prototype.cmpn=function(e){var t=e<0;return 0===this.negative||t?0===this.negative&&t?1:(this.strip(),e=1e.length)return 1;if(this.lengththis.n;);e=t>>22,f=d}f>>>=22,0===(e.words[r-10]=f)&&10>>=26,e.words[i]=f,t=r}return 0!==t&&(e.words[e.length++]=t),e},m._prime=function(e){if(c[e])return c[e];var t;if("k256"===e)t=new v;else if("p224"===e)t=new g;else if("p192"===e)t=new y;else{if("p25519"!==e)throw new Error("Unknown prime "+e);t=new M}return c[e]=t},w.prototype._verify1=function(e){p(0===e.negative,"red works only with positives"),p(e.red,"red works only with red numbers")},w.prototype._verify2=function(e,t){p(0==(e.negative|t.negative),"red works only with positives"),p(e.red&&e.red===t.red,"red works only with red numbers")},w.prototype.imod=function(e){return(this.prime?this.prime.ireduce(e):e.umod(this.m))._forceRed(this)},w.prototype.neg=function(e){return e.isZero()?e.clone():this.m.sub(e)._forceRed(this)},w.prototype.add=function(e,t){this._verify2(e,t);t=e.add(t);return 0<=t.cmp(this.m)&&t.isub(this.m),t._forceRed(this)},w.prototype.iadd=function(e,t){this._verify2(e,t);t=e.iadd(t);return 0<=t.cmp(this.m)&&t.isub(this.m),t},w.prototype.sub=function(e,t){this._verify2(e,t);t=e.sub(t);return t.cmpn(0)<0&&t.iadd(this.m),t._forceRed(this)},w.prototype.isub=function(e,t){this._verify2(e,t);t=e.isub(t);return t.cmpn(0)<0&&t.iadd(this.m),t},w.prototype.shl=function(e,t){return this._verify1(e),this.imod(e.ushln(t))},w.prototype.imul=function(e,t){return this._verify2(e,t),this.imod(e.imul(t))},w.prototype.mul=function(e,t){return this._verify2(e,t),this.imod(e.mul(t))},w.prototype.isqr=function(e){return this.imul(e,e.clone())},w.prototype.sqr=function(e){return this.mul(e,e)},w.prototype.sqrt=function(e){if(e.isZero())return e.clone();var t=this.m.andln(3);if(p(t%2==1),3===t){t=this.m.add(new m(1)).iushrn(2);return this.pow(e,t)}for(var i=this.m.subn(1),r=0;!i.isZero()&&0===i.andln(1);)r++,i.iushrn(1);p(!i.isZero());for(var f=new m(1).toRed(this),d=f.redNeg(),n=this.m.subn(1).iushrn(1),a=new m(2*(a=this.m.bitLength())*a).toRed(this);0!==this.pow(a,n).cmp(d);)a.redIAdd(d);for(var s=this.pow(a,i),c=this.pow(e,i.addn(1).iushrn(1)),h=this.pow(e,i),o=r;0!==h.cmp(f);){for(var u=h,b=0;0!==u.cmp(f);b++)u=u.redSqr();p(b>c&1;f!==i[0]&&(f=this.sqr(f)),0!=h||0!==d?(d<<=1,d|=h,(4===++n||0===r&&0===c)&&(f=this.mul(f,i[d]),d=n=0)):n=0}a=26}return f},w.prototype.convertTo=function(e){var t=e.umod(this.m);return t===e?t.clone():t},w.prototype.convertFrom=function(e){e=e.clone();return e.red=null,e},m.mont=function(e){return new S(e)},i(S,w),S.prototype.convertTo=function(e){return this.imod(e.ushln(this.shift))},S.prototype.convertFrom=function(e){e=this.imod(e.mul(this.rinv));return e.red=null,e},S.prototype.imul=function(e,t){if(e.isZero()||t.isZero())return e.words[0]=0,e.length=1,e;e=e.imul(t),t=e.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),e=e.isub(t).iushrn(this.shift),t=e;return 0<=e.cmp(this.m)?t=e.isub(this.m):e.cmpn(0)<0&&(t=e.iadd(this.m)),t._forceRed(this)},S.prototype.mul=function(e,t){if(e.isZero()||t.isZero())return new m(0)._forceRed(this);e=e.mul(t),t=e.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),e=e.isub(t).iushrn(this.shift),t=e;return 0<=e.cmp(this.m)?t=e.isub(this.m):e.cmpn(0)<0&&(t=e.iadd(this.m)),t._forceRed(this)},S.prototype.invm=function(e){return this.imod(e._invmp(this.m).mul(this.r2))._forceRed(this)}}(void 0===e||e,this)},{buffer:18}],17:[function(e,t,i){var r;function f(e){this.rand=e}if(t.exports=function(e){return(r=r||new f(null)).generate(e)},(t.exports.Rand=f).prototype.generate=function(e){return this._rand(e)},f.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var t=new Uint8Array(e),i=0;i=this._delta8){t=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-t,e.length),0===this.pending.length&&(this.pending=null),e=r.join32(e,0,e.length-t,this.endian);for(var i=0;i>>24&255,r[f++]=e>>>16&255,r[f++]=e>>>8&255,r[f++]=255&e}else for(r[f++]=255&e,r[f++]=e>>>8&255,r[f++]=e>>>16&255,r[f++]=e>>>24&255,r[f++]=0,r[f++]=0,r[f++]=0,r[f++]=0,d=8;dthis.blockSize&&(e=(new this.Hash).update(e).digest()),f(e.length<=this.blockSize);for(var t=e.length;t>>3},i.g1_256=function(e){return r(e,17)^r(e,19)^e>>>10}},{"../utils":30}],30:[function(e,t,i){"use strict";var s=e("minimalistic-assert"),e=e("inherits");function d(e){return(e>>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}function r(e){return 1===e.length?"0"+e:e}function n(e){return 7===e.length?"0"+e:6===e.length?"00"+e:5===e.length?"000"+e:4===e.length?"0000"+e:3===e.length?"00000"+e:2===e.length?"000000"+e:1===e.length?"0000000"+e:e}i.inherits=e,i.toArray=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var i,r,f=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),n=0;n>6|192,f[d++]=63&a|128):(r=n,55296!=(64512&(i=e).charCodeAt(r))||r<0||r+1>=i.length||56320!=(64512&i.charCodeAt(r+1))?f[d++]=a>>12|224:(a=65536+((1023&a)<<10)+(1023&e.charCodeAt(++n)),f[d++]=a>>18|240,f[d++]=a>>12&63|128),f[d++]=a>>6&63|128,f[d++]=63&a|128)}else for(n=0;n>>0}return f},i.split32=function(e,t){for(var i=new Array(4*e.length),r=0,f=0;r>>24,i[f+1]=d>>>16&255,i[f+2]=d>>>8&255,i[f+3]=255&d):(i[f+3]=d>>>24,i[f+2]=d>>>16&255,i[f+1]=d>>>8&255,i[f]=255&d)}return i},i.rotr32=function(e,t){return e>>>t|e<<32-t},i.rotl32=function(e,t){return e<>>32-t},i.sum32=function(e,t){return e+t>>>0},i.sum32_3=function(e,t,i){return e+t+i>>>0},i.sum32_4=function(e,t,i,r){return e+t+i+r>>>0},i.sum32_5=function(e,t,i,r,f){return e+t+i+r+f>>>0},i.sum64=function(e,t,i,r){var f=e[t],d=r+e[t+1]>>>0,f=(d>>0,e[t+1]=d},i.sum64_hi=function(e,t,i,r){return(t+r>>>0>>0},i.sum64_lo=function(e,t,i,r){return t+r>>>0},i.sum64_4_hi=function(e,t,i,r,f,d,n,a){var s=0,c=t;return s+=(c=c+r>>>0)>>0)>>0)>>0},i.sum64_4_lo=function(e,t,i,r,f,d,n,a){return t+r+d+a>>>0},i.sum64_5_hi=function(e,t,i,r,f,d,n,a,s,c){var h=0,o=t;return h+=(o=o+r>>>0)>>0)>>0)>>0)>>0},i.sum64_5_lo=function(e,t,i,r,f,d,n,a,s,c){return t+r+d+a+c>>>0},i.rotr64_hi=function(e,t,i){return(t<<32-i|e>>>i)>>>0},i.rotr64_lo=function(e,t,i){return(e<<32-i|t>>>i)>>>0},i.shr64_hi=function(e,t,i){return e>>>i},i.shr64_lo=function(e,t,i){return(e<<32-i|t>>>i)>>>0}},{inherits:32,"minimalistic-assert":33}],31:[function(e,t,i){"use strict";var r=e("hash.js"),d=e("minimalistic-crypto-utils"),f=e("minimalistic-assert");function n(e){if(!(this instanceof n))return new n(e);this.hash=e.hash,this.predResist=!!e.predResist,this.outLen=this.hash.outSize,this.minEntropy=e.minEntropy||this.hash.hmacStrength,this._reseed=null,this.reseedInterval=null,this.K=null,this.V=null;var t=d.toArray(e.entropy,e.entropyEnc||"hex"),i=d.toArray(e.nonce,e.nonceEnc||"hex"),e=d.toArray(e.pers,e.persEnc||"hex");f(t.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(t,i,e)}(t.exports=n).prototype._init=function(e,t,i){i=e.concat(t).concat(i);this.K=new Array(this.outLen/8),this.V=new Array(this.outLen/8);for(var r=0;r=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(i||[])),this._reseed=1},n.prototype.generate=function(e,t,i,r){if(this._reseed>this.reseedInterval)throw new Error("Reseed is required");"string"!=typeof t&&(r=i,i=t,t=null),i&&(i=d.toArray(i,r||"hex"),this._update(i));for(var f=[];f.length>8,f=255&f;d?i.push(d,f):i.push(f)}return i},i.zero2=r,i.toHex=f,i.encode=function(e,t){return"hex"===t?f(e):e}},{}],35:[function(e,t,i){t.exports={name:"elliptic",version:"6.5.7",description:"EC cryptography",main:"lib/elliptic.js",files:["lib"],scripts:{lint:"eslint lib test","lint:fix":"npm run lint -- --fix",unit:"istanbul test _mocha --reporter=spec test/index.js",test:"npm run lint && npm run unit",version:"grunt dist && git add dist/"},repository:{type:"git",url:"git@github.com:indutny/elliptic"},keywords:["EC","Elliptic","curve","Cryptography"],author:"Fedor Indutny ",license:"MIT",bugs:{url:"https://github.com/indutny/elliptic/issues"},homepage:"https://github.com/indutny/elliptic",devDependencies:{brfs:"^2.0.2",coveralls:"^3.1.0",eslint:"^7.6.0",grunt:"^1.2.1","grunt-browserify":"^5.3.0","grunt-cli":"^1.3.2","grunt-contrib-connect":"^3.0.0","grunt-contrib-copy":"^1.0.0","grunt-contrib-uglify":"^5.0.0","grunt-mocha-istanbul":"^5.0.2","grunt-saucelabs":"^9.0.1",istanbul:"^0.4.5",mocha:"^8.0.1"},dependencies:{"bn.js":"^4.11.9",brorand:"^1.1.0","hash.js":"^1.0.0","hmac-drbg":"^1.0.1",inherits:"^2.0.4","minimalistic-assert":"^1.0.1","minimalistic-crypto-utils":"^1.0.1"}}},{}]},{},[1])(1)}); \ No newline at end of file +!function(e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define([],e):("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).elliptic=e()}(function(){return function r(f,d,n){function a(t,e){if(!d[t]){if(!f[t]){var i="function"==typeof require&&require;if(!e&&i)return i(t,!0);if(s)return s(t,!0);throw(i=new Error("Cannot find module '"+t+"'")).code="MODULE_NOT_FOUND",i}i=d[t]={exports:{}},f[t][0].call(i.exports,function(e){return a(f[t][1][e]||e)},i,i.exports,r,f,d,n)}return d[t].exports}for(var s="function"==typeof require&&require,e=0;e>1]):n.mixedAdd(f[-c-1>>1].neg()):0>1]):n.add(f[-c-1>>1].neg())}return"affine"===e.type?n.toP():n},d.prototype._wnafMulAdd=function(e,t,i,r,f){for(var d,n=this._wnafT1,a=this._wnafT2,s=this._wnafT3,c=0,h=0;h>1]:A<0&&(d=a[_][-A-1>>1].neg()),y="affine"===d.type?y.mixedAdd(d):y.add(d))}}for(h=0;h=Math.ceil((e.bitLength()+1)/t.step)},n.prototype._getDoubles=function(e,t){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var i=[this],r=this,f=0;f":""},c.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},c.prototype._extDbl=function(){var e=this.x.redSqr(),t=this.y.redSqr(),i=(i=this.z.redSqr()).redIAdd(i),r=this.curve._mulA(e),f=this.x.redAdd(this.y).redSqr().redISub(e).redISub(t),d=r.redAdd(t),e=d.redSub(i),i=r.redSub(t),r=f.redMul(e),t=d.redMul(i),i=f.redMul(i),d=e.redMul(d);return this.curve.point(r,t,d,i)},c.prototype._projDbl=function(){var e,t,i,r,f,d,n=this.x.redAdd(this.y).redSqr(),a=this.x.redSqr(),s=this.y.redSqr();return d=this.curve.twisted?(f=(i=this.curve._mulA(a)).redAdd(s),this.zOne?(e=n.redSub(a).redSub(s).redMul(f.redSub(this.curve.two)),t=f.redMul(i.redSub(s)),f.redSqr().redSub(f).redSub(f)):(r=this.z.redSqr(),d=f.redSub(r).redISub(r),e=n.redSub(a).redISub(s).redMul(d),t=f.redMul(i.redSub(s)),f.redMul(d))):(i=a.redAdd(s),r=this.curve._mulC(this.z).redSqr(),d=i.redSub(r).redSub(r),e=this.curve._mulC(n.redISub(i)).redMul(d),t=this.curve._mulC(i).redMul(a.redISub(s)),i.redMul(d)),this.curve.point(e,t,d)},c.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},c.prototype._extAdd=function(e){var t=this.y.redSub(this.x).redMul(e.y.redSub(e.x)),i=this.y.redAdd(this.x).redMul(e.y.redAdd(e.x)),r=this.t.redMul(this.curve.dd).redMul(e.t),f=this.z.redMul(e.z.redAdd(e.z)),d=i.redSub(t),e=f.redSub(r),f=f.redAdd(r),r=i.redAdd(t),i=d.redMul(e),t=f.redMul(r),r=d.redMul(r),f=e.redMul(f);return this.curve.point(i,t,f,r)},c.prototype._projAdd=function(e){var t,i=this.z.redMul(e.z),r=i.redSqr(),f=this.x.redMul(e.x),d=this.y.redMul(e.y),n=this.curve.d.redMul(f).redMul(d),a=r.redSub(n),n=r.redAdd(n),e=this.x.redAdd(this.y).redMul(e.x.redAdd(e.y)).redISub(f).redISub(d),e=i.redMul(a).redMul(e),n=this.curve.twisted?(t=i.redMul(n).redMul(d.redSub(this.curve._mulA(f))),a.redMul(n)):(t=i.redMul(n).redMul(d.redSub(f)),this.curve._mulC(a).redMul(n));return this.curve.point(e,t,n)},c.prototype.add=function(e){return this.isInfinity()?e:e.isInfinity()?this:this.curve.extended?this._extAdd(e):this._projAdd(e)},c.prototype.mul=function(e){return this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve._wnafMul(this,e)},c.prototype.mulAdd=function(e,t,i){return this.curve._wnafMulAdd(1,[this,t],[e,i],2,!1)},c.prototype.jmulAdd=function(e,t,i){return this.curve._wnafMulAdd(1,[this,t],[e,i],2,!0)},c.prototype.normalize=function(){if(this.zOne)return this;var e=this.z.redInvm();return this.x=this.x.redMul(e),this.y=this.y.redMul(e),this.t&&(this.t=this.t.redMul(e)),this.z=this.curve.one,this.zOne=!0,this},c.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},c.prototype.getX=function(){return this.normalize(),this.x.fromRed()},c.prototype.getY=function(){return this.normalize(),this.y.fromRed()},c.prototype.eq=function(e){return this===e||0===this.getX().cmp(e.getX())&&0===this.getY().cmp(e.getY())},c.prototype.eqXToP=function(e){var t=e.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(t))return!0;for(var i=e.clone(),r=this.curve.redN.redMul(this.z);;){if(i.iadd(this.curve.n),0<=i.cmp(this.curve.p))return!1;if(t.redIAdd(r),0===this.x.cmp(t))return!0}},c.prototype.toP=c.prototype.normalize,c.prototype.mixedAdd=c.prototype.add},{"../utils":15,"./base":2,"bn.js":16,inherits:32}],4:[function(e,t,i){"use strict";i.base=e("./base"),i.short=e("./short"),i.mont=e("./mont"),i.edwards=e("./edwards")},{"./base":2,"./edwards":3,"./mont":5,"./short":6}],5:[function(e,t,i){"use strict";var r=e("bn.js"),f=e("inherits"),d=e("./base"),n=e("../utils");function a(e){d.call(this,"mont",e),this.a=new r(e.a,16).toRed(this.red),this.b=new r(e.b,16).toRed(this.red),this.i4=new r(4).toRed(this.red).redInvm(),this.two=new r(2).toRed(this.red),this.a24=this.i4.redMul(this.a.redAdd(this.two))}function s(e,t,i){d.BasePoint.call(this,e,"projective"),null===t&&null===i?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new r(t,16),this.z=new r(i,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}f(a,d),(t.exports=a).prototype.validate=function(e){var t=e.normalize().x,e=t.redSqr(),t=e.redMul(t).redAdd(e.redMul(this.a)).redAdd(t);return 0===t.redSqrt().redSqr().cmp(t)},f(s,d.BasePoint),a.prototype.decodePoint=function(e,t){return this.point(n.toArray(e,t),1)},a.prototype.point=function(e,t){return new s(this,e,t)},a.prototype.pointFromJSON=function(e){return s.fromJSON(this,e)},s.prototype.precompute=function(){},s.prototype._encode=function(){return this.getX().toArray("be",this.curve.p.byteLength())},s.fromJSON=function(e,t){return new s(e,t[0],t[1]||e.one)},s.prototype.inspect=function(){return this.isInfinity()?"":""},s.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},s.prototype.dbl=function(){var e=this.x.redAdd(this.z).redSqr(),t=this.x.redSub(this.z).redSqr(),i=e.redSub(t),e=e.redMul(t),i=i.redMul(t.redAdd(this.curve.a24.redMul(i)));return this.curve.point(e,i)},s.prototype.add=function(){throw new Error("Not supported on Montgomery curve")},s.prototype.diffAdd=function(e,t){var i=this.x.redAdd(this.z),r=this.x.redSub(this.z),f=e.x.redAdd(e.z),i=e.x.redSub(e.z).redMul(i),f=f.redMul(r),r=t.z.redMul(i.redAdd(f).redSqr()),f=t.x.redMul(i.redISub(f).redSqr());return this.curve.point(r,f)},s.prototype.mul=function(e){for(var t=e.clone(),i=this,r=this.curve.point(null,null),f=[];0!==t.cmpn(0);t.iushrn(1))f.push(t.andln(1));for(var d=f.length-1;0<=d;d--)0===f[d]?(i=i.diffAdd(r,this),r=r.dbl()):(r=i.diffAdd(r,this),i=i.dbl());return r},s.prototype.mulAdd=function(){throw new Error("Not supported on Montgomery curve")},s.prototype.jumlAdd=function(){throw new Error("Not supported on Montgomery curve")},s.prototype.eq=function(e){return 0===this.getX().cmp(e.getX())},s.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},s.prototype.getX=function(){return this.normalize(),this.x.fromRed()}},{"../utils":15,"./base":2,"bn.js":16,inherits:32}],6:[function(e,t,i){"use strict";var r=e("../utils"),y=e("bn.js"),f=e("inherits"),d=e("./base"),n=r.assert;function a(e){d.call(this,"short",e),this.a=new y(e.a,16).toRed(this.red),this.b=new y(e.b,16).toRed(this.red),this.tinv=this.two.redInvm(),this.zeroA=0===this.a.fromRed().cmpn(0),this.threeA=0===this.a.fromRed().sub(this.p).cmpn(-3),this.endo=this._getEndomorphism(e),this._endoWnafT1=new Array(4),this._endoWnafT2=new Array(4)}function s(e,t,i,r){d.BasePoint.call(this,e,"affine"),null===t&&null===i?(this.x=null,this.y=null,this.inf=!0):(this.x=new y(t,16),this.y=new y(i,16),r&&(this.x.forceRed(this.curve.red),this.y.forceRed(this.curve.red)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.inf=!1)}function c(e,t,i,r){d.BasePoint.call(this,e,"jacobian"),null===t&&null===i&&null===r?(this.x=this.curve.one,this.y=this.curve.one,this.z=new y(0)):(this.x=new y(t,16),this.y=new y(i,16),this.z=new y(r,16)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.zOne=this.z===this.curve.one}f(a,d),(t.exports=a).prototype._getEndomorphism=function(e){var t,i,r;if(this.zeroA&&this.g&&this.n&&1===this.p.modn(3))return i=(e.beta?new y(e.beta,16):i=(r=this._getEndoRoots(this.p))[0].cmp(r[1])<0?r[0]:r[1]).toRed(this.red),e.lambda?t=new y(e.lambda,16):(r=this._getEndoRoots(this.n),0===this.g.mul(r[0]).x.cmp(this.g.x.redMul(i))?t=r[0]:(t=r[1],n(0===this.g.mul(t).x.cmp(this.g.x.redMul(i))))),{beta:i,lambda:t,basis:e.basis?e.basis.map(function(e){return{a:new y(e.a,16),b:new y(e.b,16)}}):this._getEndoBasis(t)}},a.prototype._getEndoRoots=function(e){var t=e===this.p?this.red:y.mont(e),i=new y(2).toRed(t).redInvm(),e=i.redNeg(),i=new y(3).toRed(t).redNeg().redSqrt().redMul(i);return[e.redAdd(i).fromRed(),e.redSub(i).fromRed()]},a.prototype._getEndoBasis=function(e){for(var t,i,r,f,d,n,a,s=this.n.ushrn(Math.floor(this.n.bitLength()/2)),c=e,h=this.n.clone(),o=new y(1),u=new y(0),b=new y(0),l=new y(1),p=0;0!==c.cmpn(0);){var m=h.div(c),v=h.sub(m.mul(c)),g=b.sub(m.mul(o)),m=l.sub(m.mul(u));if(!r&&v.cmp(s)<0)t=a.neg(),i=o,r=v.neg(),f=g;else if(r&&2==++p)break;h=c,c=a=v,b=o,o=g,l=u,u=m}d=v.neg(),n=g;e=r.sqr().add(f.sqr());return 0<=d.sqr().add(n.sqr()).cmp(e)&&(d=t,n=i),r.negative&&(r=r.neg(),f=f.neg()),d.negative&&(d=d.neg(),n=n.neg()),[{a:r,b:f},{a:d,b:n}]},a.prototype._endoSplit=function(e){var t=this.endo.basis,i=t[0],r=t[1],f=r.b.mul(e).divRound(this.n),d=i.b.neg().mul(e).divRound(this.n),n=f.mul(i.a),t=d.mul(r.a),i=f.mul(i.b),r=d.mul(r.b);return{k1:e.sub(n).sub(t),k2:i.add(r).neg()}},a.prototype.pointFromX=function(e,t){var i=(e=!(e=new y(e,16)).red?e.toRed(this.red):e).redSqr().redMul(e).redIAdd(e.redMul(this.a)).redIAdd(this.b),r=i.redSqrt();if(0!==r.redSqr().redSub(i).cmp(this.zero))throw new Error("invalid point");i=r.fromRed().isOdd();return(t&&!i||!t&&i)&&(r=r.redNeg()),this.point(e,r)},a.prototype.validate=function(e){if(e.inf)return!0;var t=e.x,i=e.y,e=this.a.redMul(t),e=t.redSqr().redMul(t).redIAdd(e).redIAdd(this.b);return 0===i.redSqr().redISub(e).cmpn(0)},a.prototype._endoWnafMulAdd=function(e,t,i){for(var r=this._endoWnafT1,f=this._endoWnafT2,d=0;d":""},s.prototype.isInfinity=function(){return this.inf},s.prototype.add=function(e){if(this.inf)return e;if(e.inf)return this;if(this.eq(e))return this.dbl();if(this.neg().eq(e))return this.curve.point(null,null);if(0===this.x.cmp(e.x))return this.curve.point(null,null);var t=this.y.redSub(e.y),e=(t=0!==t.cmpn(0)?t.redMul(this.x.redSub(e.x).redInvm()):t).redSqr().redISub(this.x).redISub(e.x),t=t.redMul(this.x.redSub(e)).redISub(this.y);return this.curve.point(e,t)},s.prototype.dbl=function(){if(this.inf)return this;var e=this.y.redAdd(this.y);if(0===e.cmpn(0))return this.curve.point(null,null);var t=this.curve.a,i=this.x.redSqr(),e=e.redInvm(),t=i.redAdd(i).redIAdd(i).redIAdd(t).redMul(e),e=t.redSqr().redISub(this.x.redAdd(this.x)),t=t.redMul(this.x.redSub(e)).redISub(this.y);return this.curve.point(e,t)},s.prototype.getX=function(){return this.x.fromRed()},s.prototype.getY=function(){return this.y.fromRed()},s.prototype.mul=function(e){return e=new y(e,16),this.isInfinity()?this:this._hasDoubles(e)?this.curve._fixedNafMul(this,e):this.curve.endo?this.curve._endoWnafMulAdd([this],[e]):this.curve._wnafMul(this,e)},s.prototype.mulAdd=function(e,t,i){t=[this,t],i=[e,i];return this.curve.endo?this.curve._endoWnafMulAdd(t,i):this.curve._wnafMulAdd(1,t,i,2)},s.prototype.jmulAdd=function(e,t,i){t=[this,t],i=[e,i];return this.curve.endo?this.curve._endoWnafMulAdd(t,i,!0):this.curve._wnafMulAdd(1,t,i,2,!0)},s.prototype.eq=function(e){return this===e||this.inf===e.inf&&(this.inf||0===this.x.cmp(e.x)&&0===this.y.cmp(e.y))},s.prototype.neg=function(e){if(this.inf)return this;var t,i=this.curve.point(this.x,this.y.redNeg());return e&&this.precomputed&&(t=this.precomputed,e=function(e){return e.neg()},i.precomputed={naf:t.naf&&{wnd:t.naf.wnd,points:t.naf.points.map(e)},doubles:t.doubles&&{step:t.doubles.step,points:t.doubles.points.map(e)}}),i},s.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},f(c,d.BasePoint),a.prototype.jpoint=function(e,t,i){return new c(this,e,t,i)},c.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var e=this.z.redInvm(),t=e.redSqr(),i=this.x.redMul(t),e=this.y.redMul(t).redMul(e);return this.curve.point(i,e)},c.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},c.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var t=e.z.redSqr(),i=this.z.redSqr(),r=this.x.redMul(t),f=e.x.redMul(i),d=this.y.redMul(t.redMul(e.z)),n=e.y.redMul(i.redMul(this.z)),t=r.redSub(f),i=d.redSub(n);if(0===t.cmpn(0))return 0!==i.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();f=t.redSqr(),n=f.redMul(t),r=r.redMul(f),f=i.redSqr().redIAdd(n).redISub(r).redISub(r),n=i.redMul(r.redISub(f)).redISub(d.redMul(n)),t=this.z.redMul(e.z).redMul(t);return this.curve.jpoint(f,n,t)},c.prototype.mixedAdd=function(e){if(this.isInfinity())return e.toJ();if(e.isInfinity())return this;var t=this.z.redSqr(),i=this.x,r=e.x.redMul(t),f=this.y,d=e.y.redMul(t).redMul(this.z),e=i.redSub(r),t=f.redSub(d);if(0===e.cmpn(0))return 0!==t.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();r=e.redSqr(),d=r.redMul(e),i=i.redMul(r),r=t.redSqr().redIAdd(d).redISub(i).redISub(i),d=t.redMul(i.redISub(r)).redISub(f.redMul(d)),e=this.z.redMul(e);return this.curve.jpoint(r,d,e)},c.prototype.dblp=function(e){if(0===e)return this;if(this.isInfinity())return this;if(!e)return this.dbl();if(this.curve.zeroA||this.curve.threeA){for(var t=this,i=0;i":""},c.prototype.isInfinity=function(){return 0===this.z.cmpn(0)}},{"../utils":15,"./base":2,"bn.js":16,inherits:32}],7:[function(e,t,i){"use strict";var r,f=i,i=e("hash.js"),d=e("./curve"),n=e("./utils").assert;function a(e){"short"===e.type?this.curve=new d.short(e):"edwards"===e.type?this.curve=new d.edwards(e):this.curve=new d.mont(e),this.g=this.curve.g,this.n=this.curve.n,this.hash=e.hash,n(this.g.validate(),"Invalid curve"),n(this.g.mul(this.n).isInfinity(),"Invalid curve, G*N != O")}function s(t,i){Object.defineProperty(f,t,{configurable:!0,enumerable:!0,get:function(){var e=new a(i);return Object.defineProperty(f,t,{configurable:!0,enumerable:!0,value:e}),e}})}f.PresetCurve=a,s("p192",{type:"short",prime:"p192",p:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff",a:"ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc",b:"64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1",n:"ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831",hash:i.sha256,gRed:!1,g:["188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012","07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811"]}),s("p224",{type:"short",prime:"p224",p:"ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001",a:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe",b:"b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4",n:"ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d",hash:i.sha256,gRed:!1,g:["b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21","bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34"]}),s("p256",{type:"short",prime:null,p:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff",a:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc",b:"5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b",n:"ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551",hash:i.sha256,gRed:!1,g:["6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296","4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5"]}),s("p384",{type:"short",prime:null,p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 ffffffff",a:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 fffffffc",b:"b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef",n:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 f4372ddf 581a0db2 48b0a77a ecec196a ccc52973",hash:i.sha384,gRed:!1,g:["aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7","3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f"]}),s("p521",{type:"short",prime:null,p:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff",a:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffc",b:"00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b 99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd 3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00",n:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409",hash:i.sha512,gRed:!1,g:["000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66","00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 3fad0761 353c7086 a272c240 88be9476 9fd16650"]}),s("curve25519",{type:"mont",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"76d06",b:"1",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:i.sha256,gRed:!1,g:["9"]}),s("ed25519",{type:"edwards",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"-1",c:"1",d:"52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:i.sha256,gRed:!1,g:["216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a","6666666666666666666666666666666666666666666666666666666666666658"]});try{r=e("./precomputed/secp256k1")}catch(e){r=void 0}s("secp256k1",{type:"short",prime:"k256",p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f",a:"0",b:"7",n:"ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141",h:"1",hash:i.sha256,beta:"7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee",lambda:"5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72",basis:[{a:"3086d221a7d46bcde86c90e49284eb15",b:"-e4437ed6010e88286f547fa90abfe4c3"},{a:"114ca50f7a8e2f3f657c1108d9d44cfd8",b:"3086d221a7d46bcde86c90e49284eb15"}],gRed:!1,g:["79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",r]})},{"./curve":4,"./precomputed/secp256k1":14,"./utils":15,"hash.js":19}],8:[function(e,t,i){"use strict";var u=e("bn.js"),b=e("hmac-drbg"),r=e("../utils"),f=e("../curves"),d=e("brorand"),a=r.assert,n=e("./key"),l=e("./signature");function s(e){if(!(this instanceof s))return new s(e);"string"==typeof e&&(a(Object.prototype.hasOwnProperty.call(f,e),"Unknown curve "+e),e=f[e]),e instanceof f.PresetCurve&&(e={curve:e}),this.curve=e.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=e.curve.g,this.g.precompute(e.curve.n.bitLength()+1),this.hash=e.hash||e.curve.hash}(t.exports=s).prototype.keyPair=function(e){return new n(this,e)},s.prototype.keyFromPrivate=function(e,t){return n.fromPrivate(this,e,t)},s.prototype.keyFromPublic=function(e,t){return n.fromPublic(this,e,t)},s.prototype.genKeyPair=function(e){e=e||{};for(var t=new b({hash:this.hash,pers:e.pers,persEnc:e.persEnc||"utf8",entropy:e.entropy||d(this.hash.hmacStrength),entropyEnc:e.entropy&&e.entropyEnc||"utf8",nonce:this.n.toArray()}),i=this.n.byteLength(),r=this.n.sub(new u(2));;){var f=new u(t.generate(i));if(!(0>>1,new u(r,16));i=(i="number"!=typeof i?8*f:i)-this.n.bitLength();return 0>1;if(0<=n.cmp(this.curve.p.umod(this.curve.n))&&i)throw new Error("Unable to find sencond key candinate");n=i?this.curve.pointFromX(n.add(this.curve.n),e):this.curve.pointFromX(n,e);t=t.r.invm(f),d=f.sub(d).mul(t).umod(f),f=r.mul(t).umod(f);return this.g.mulAdd(d,n,f)},s.prototype.getKeyRecoveryParam=function(e,t,i,r){if(null!==(t=new l(t,r)).recoveryParam)return t.recoveryParam;for(var f,d=0;d<4;d++){try{f=this.recoverPubKey(e,t,d)}catch(e){continue}if(f.eq(i))return d}throw new Error("Unable to find valid recovery factor")}},{"../curves":7,"../utils":15,"./key":9,"./signature":10,"bn.js":16,brorand:17,"hmac-drbg":31}],9:[function(e,t,i){"use strict";var r=e("bn.js"),f=e("../utils").assert;function d(e,t){this.ec=e,this.priv=null,this.pub=null,t.priv&&this._importPrivate(t.priv,t.privEnc),t.pub&&this._importPublic(t.pub,t.pubEnc)}(t.exports=d).fromPublic=function(e,t,i){return t instanceof d?t:new d(e,{pub:t,pubEnc:i})},d.fromPrivate=function(e,t,i){return t instanceof d?t:new d(e,{priv:t,privEnc:i})},d.prototype.validate=function(){var e=this.getPublic();return e.isInfinity()?{result:!1,reason:"Invalid public key"}:e.validate()?e.mul(this.ec.curve.n).isInfinity()?{result:!0,reason:null}:{result:!1,reason:"Public key * N != O"}:{result:!1,reason:"Public key is not a point"}},d.prototype.getPublic=function(e,t){return"string"==typeof e&&(t=e,e=null),this.pub||(this.pub=this.ec.g.mul(this.priv)),t?this.pub.encode(t,e):this.pub},d.prototype.getPrivate=function(e){return"hex"===e?this.priv.toString(16,2):this.priv},d.prototype._importPrivate=function(e,t){this.priv=new r(e,t||16),this.priv=this.priv.umod(this.ec.curve.n)},d.prototype._importPublic=function(e,t){if(e.x||e.y)return"mont"===this.ec.curve.type?f(e.x,"Need x coordinate"):"short"!==this.ec.curve.type&&"edwards"!==this.ec.curve.type||f(e.x&&e.y,"Need both x and y coordinate"),void(this.pub=this.ec.curve.point(e.x,e.y));this.pub=this.ec.curve.decodePoint(e,t)},d.prototype.derive=function(e){return e.validate()||f(e.validate(),"public point not validated"),e.mul(this.priv).getX()},d.prototype.sign=function(e,t,i){return this.ec.sign(e,this,t,i)},d.prototype.verify=function(e,t,i){return this.ec.verify(e,t,this,void 0,i)},d.prototype.inspect=function(){return""}},{"../utils":15,"bn.js":16}],10:[function(e,t,i){"use strict";var f=e("bn.js"),d=e("../utils"),r=d.assert;function n(e,t){if(e instanceof n)return e;this._importDER(e,t)||(r(e.r&&e.s,"Signature without r or s"),this.r=new f(e.r,16),this.s=new f(e.s,16),void 0===e.recoveryParam?this.recoveryParam=null:this.recoveryParam=e.recoveryParam)}function a(){this.place=0}function s(e,t){var i=e[t.place++];if(!(128&i))return i;var r=15&i;if(0==r||4>>=0;return!(f<=127)&&(t.place=n,f)}function c(e){for(var t=0,i=e.length-1;!e[t]&&!(128&e[t+1])&&t>>3);for(e.push(128|i);--i;)e.push(t>>>(i<<3)&255);e.push(t)}}(t.exports=n).prototype._importDER=function(e,t){e=d.toArray(e,t);var i=new a;if(48!==e[i.place++])return!1;var r=s(e,i);if(!1===r)return!1;if(r+i.place!==e.length)return!1;if(2!==e[i.place++])return!1;t=s(e,i);if(!1===t)return!1;if(0!=(128&e[i.place]))return!1;r=e.slice(i.place,t+i.place);if(i.place+=t,2!==e[i.place++])return!1;t=s(e,i);if(!1===t)return!1;if(e.length!==t+i.place)return!1;if(0!=(128&e[i.place]))return!1;i=e.slice(i.place,t+i.place);if(0===r[0]){if(!(128&r[1]))return!1;r=r.slice(1)}if(0===i[0]){if(!(128&i[1]))return!1;i=i.slice(1)}return this.r=new f(r),this.s=new f(i),!(this.recoveryParam=null)},n.prototype.toDER=function(e){var t=this.r.toArray(),i=this.s.toArray();for(128&t[0]&&(t=[0].concat(t)),128&i[0]&&(i=[0].concat(i)),t=c(t),i=c(i);!(i[0]||128&i[1]);)i=i.slice(1);var r=[2];h(r,t.length),(r=r.concat(t)).push(2),h(r,i.length);t=r.concat(i),r=[48];return h(r,t.length),r=r.concat(t),d.encode(r,e)}},{"../utils":15,"bn.js":16}],11:[function(e,t,i){"use strict";var r=e("hash.js"),f=e("../curves"),d=e("../utils"),n=d.assert,a=d.parseBytes,s=e("./key"),c=e("./signature");function h(e){if(n("ed25519"===e,"only tested with ed25519 so far"),!(this instanceof h))return new h(e);e=f[e].curve,this.curve=e,this.g=e.g,this.g.precompute(e.n.bitLength()+1),this.pointClass=e.point().constructor,this.encodingLength=Math.ceil(e.n.bitLength()/8),this.hash=r.sha512}(t.exports=h).prototype.sign=function(e,t){e=a(e);var i=this.keyFromSecret(t),r=this.hashInt(i.messagePrefix(),e),f=this.g.mul(r),t=this.encodePoint(f),i=this.hashInt(t,i.pubBytes(),e).mul(i.priv()),i=r.add(i).umod(this.curve.n);return this.makeSignature({R:f,S:i,Rencoded:t})},h.prototype.verify=function(e,t,i){if(e=a(e),(t=this.makeSignature(t)).S().gte(t.eddsa.curve.n)||t.S().isNeg())return!1;var r=this.keyFromPublic(i),i=this.hashInt(t.Rencoded(),r.pubBytes(),e),e=this.g.mul(t.S());return t.R().add(r.pub().mul(i)).eq(e)},h.prototype.hashInt=function(){for(var e=this.hash(),t=0;t>1)-1>1)-s:s,n.isubn(a)):a=0,r[f]=a,n.iushrn(1)}return r},r.getJSF=function(e,t){var i=[[],[]];e=e.clone(),t=t.clone();for(var r,f=0,d=0;0>>26-n&67108863,26<=(n+=24)&&(n-=26,r++);else if("le"===i)for(r=d=0;d>>26-n&67108863,26<=(n+=24)&&(n-=26,r++);return this.strip()},m.prototype._parseHex=function(e,t){this.length=Math.ceil((e.length-t)/6),this.words=new Array(this.length);for(var i,r=0;r>>26-f&4194303,26<=(f+=24)&&(f-=26,d++);r+6!==t&&(i=n(e,t,r+6),this.words[d]|=i<>>26-f&4194303),this.strip()},m.prototype._parseBase=function(e,t,i){this.words=[0];for(var r=0,f=this.length=1;f<=67108863;f*=t)r++;r--,f=f/t|0;for(var d=e.length-i,n=d%r,a=Math.min(d,d-n)+i,s=0,c=i;c"};var u=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],b=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],l=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function f(e,t,i){i.negative=t.negative^e.negative;var r=e.length+t.length|0,r=(i.length=r)-1|0,f=67108863&(o=(0|e.words[0])*(0|t.words[0])),d=o/67108864|0;i.words[0]=f;for(var n=1;n>>26,s=67108863&d,c=Math.min(n,t.length-1),h=Math.max(0,n-e.length+1);h<=c;h++){var o,u=n-h|0;a+=(o=(0|e.words[u])*(0|t.words[h])+s)/67108864|0,s=67108863&o}i.words[n]=0|s,d=0|a}return 0!==d?i.words[n]=0|d:i.length--,i.strip()}m.prototype.toString=function(e,t){if(t=0|t||1,16===(e=e||10)||"hex"===e){a="";for(var i=0,r=0,f=0;f>>24-i&16777215)||f!==this.length-1?u[6-n.length]+n+a:n+a;26<=(i+=2)&&(i-=26,f--)}for(0!==r&&(a=r.toString(16)+a);a.length%t!=0;)a="0"+a;return a=0!==this.negative?"-"+a:a}if(e===(0|e)&&2<=e&&e<=36){var s=b[e],c=l[e];for(a="",(h=this.clone()).negative=0;!h.isZero();){var h,o=h.modn(c).toString(e);a=(h=h.idivn(c)).isZero()?o+a:u[s-o.length]+o+a}for(this.isZero()&&(a="0"+a);a.length%t!=0;)a="0"+a;return a=0!==this.negative?"-"+a:a}p(!1,"Base should be between 2 and 36")},m.prototype.toNumber=function(){var e=this.words[0];return 2===this.length?e+=67108864*this.words[1]:3===this.length&&1===this.words[2]?e+=4503599627370496+67108864*this.words[1]:2>>=13),64<=t&&(e+=7,t>>>=7),8<=t&&(e+=4,t>>>=4),2<=t&&(e+=2,t>>>=2),e+t},m.prototype._zeroBits=function(e){if(0===e)return 26;var t=e,e=0;return 0==(8191&t)&&(e+=13,t>>>=13),0==(127&t)&&(e+=7,t>>>=7),0==(15&t)&&(e+=4,t>>>=4),0==(3&t)&&(e+=2,t>>>=2),0==(1&t)&&e++,e},m.prototype.bitLength=function(){var e=this.words[this.length-1],e=this._countBits(e);return 26*(this.length-1)+e},m.prototype.zeroBits=function(){if(this.isZero())return 0;for(var e=0,t=0;te.length?this.clone().ior(e):e.clone().ior(this)},m.prototype.uor=function(e){return this.length>e.length?this.clone().iuor(e):e.clone().iuor(this)},m.prototype.iuand=function(e){for(var t=this.length>e.length?e:this,i=0;ie.length?this.clone().iand(e):e.clone().iand(this)},m.prototype.uand=function(e){return this.length>e.length?this.clone().iuand(e):e.clone().iuand(this)},m.prototype.iuxor=function(e){for(var t,i=this.length>e.length?(t=this,e):(t=e,this),r=0;re.length?this.clone().ixor(e):e.clone().ixor(this)},m.prototype.uxor=function(e){return this.length>e.length?this.clone().iuxor(e):e.clone().iuxor(this)},m.prototype.inotn=function(e){p("number"==typeof e&&0<=e);var t=0|Math.ceil(e/26),e=e%26;this._expand(t),0>26-e),this.strip()},m.prototype.notn=function(e){return this.clone().inotn(e)},m.prototype.setn=function(e,t){p("number"==typeof e&&0<=e);var i=e/26|0,e=e%26;return this._expand(1+i),this.words[i]=t?this.words[i]|1<e.length?(i=this,e):(i=e,this);for(var f=0,d=0;d>>26;for(;0!==f&&d>>26;if(this.length=i.length,0!==f)this.words[this.length]=f,this.length++;else if(i!==this)for(;de.length?this.clone().iadd(e):e.clone().iadd(this)},m.prototype.isub=function(e){if(0!==e.negative){e.negative=0;var t=this.iadd(e);return e.negative=1,t._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(e),this.negative=1,this._normSign();var i,r,f=this.cmp(e);if(0===f)return this.negative=0,this.length=1,this.words[0]=0,this;r=0>26,this.words[n]=67108863&t;for(;0!==d&&n>26,this.words[n]=67108863&t;if(0===d&&n>>13,c=0|r[1],h=8191&c,o=c>>>13,u=0|r[2],b=8191&u,l=u>>>13,p=0|r[3],m=8191&p,v=p>>>13,g=0|r[4],y=8191&g,M=g>>>13,w=0|r[5],S=8191&w,_=w>>>13,A=0|r[6],x=8191&A,I=A>>>13,z=0|r[7],q=8191&z,R=z>>>13,k=0|r[8],P=8191&k,j=k>>>13,N=0|r[9],E=8191&N,B=N>>>13,L=0|f[0],O=8191&L,F=L>>>13,T=0|f[1],C=8191&T,Z=T>>>13,J=0|f[2],H=8191&J,D=J>>>13,X=0|f[3],K=8191&X,V=X>>>13,W=0|f[4],U=8191&W,Y=W>>>13,G=0|f[5],Q=8191&G,$=G>>>13,n=0|f[6],c=8191&n,u=n>>>13,p=0|f[7],g=8191&p,w=p>>>13,A=0|f[8],z=8191&A,k=A>>>13,r=0|f[9],N=8191&r,L=r>>>13;i.negative=e.negative^t.negative,i.length=19;var X=(0+Math.imul(a,O)|0)+((8191&(J=Math.imul(a,F)+Math.imul(s,O)|0))<<13)|0,ee=(Math.imul(s,F)+(J>>>13)|0)+(X>>>26)|0;X&=67108863,T=Math.imul(h,O),J=Math.imul(h,F)+Math.imul(o,O)|0,W=Math.imul(o,F);G=(ee+(T+Math.imul(a,C)|0)|0)+((8191&(J=(J+Math.imul(a,Z)|0)+Math.imul(s,C)|0))<<13)|0;ee=((W+Math.imul(s,Z)|0)+(J>>>13)|0)+(G>>>26)|0,G&=67108863,T=Math.imul(b,O),J=Math.imul(b,F)+Math.imul(l,O)|0,W=Math.imul(l,F),T=T+Math.imul(h,C)|0,J=(J+Math.imul(h,Z)|0)+Math.imul(o,C)|0,W=W+Math.imul(o,Z)|0;n=(ee+(T+Math.imul(a,H)|0)|0)+((8191&(J=(J+Math.imul(a,D)|0)+Math.imul(s,H)|0))<<13)|0;ee=((W+Math.imul(s,D)|0)+(J>>>13)|0)+(n>>>26)|0,n&=67108863,T=Math.imul(m,O),J=Math.imul(m,F)+Math.imul(v,O)|0,W=Math.imul(v,F),T=T+Math.imul(b,C)|0,J=(J+Math.imul(b,Z)|0)+Math.imul(l,C)|0,W=W+Math.imul(l,Z)|0,T=T+Math.imul(h,H)|0,J=(J+Math.imul(h,D)|0)+Math.imul(o,H)|0,W=W+Math.imul(o,D)|0;p=(ee+(T+Math.imul(a,K)|0)|0)+((8191&(J=(J+Math.imul(a,V)|0)+Math.imul(s,K)|0))<<13)|0;ee=((W+Math.imul(s,V)|0)+(J>>>13)|0)+(p>>>26)|0,p&=67108863,T=Math.imul(y,O),J=Math.imul(y,F)+Math.imul(M,O)|0,W=Math.imul(M,F),T=T+Math.imul(m,C)|0,J=(J+Math.imul(m,Z)|0)+Math.imul(v,C)|0,W=W+Math.imul(v,Z)|0,T=T+Math.imul(b,H)|0,J=(J+Math.imul(b,D)|0)+Math.imul(l,H)|0,W=W+Math.imul(l,D)|0,T=T+Math.imul(h,K)|0,J=(J+Math.imul(h,V)|0)+Math.imul(o,K)|0,W=W+Math.imul(o,V)|0;A=(ee+(T+Math.imul(a,U)|0)|0)+((8191&(J=(J+Math.imul(a,Y)|0)+Math.imul(s,U)|0))<<13)|0;ee=((W+Math.imul(s,Y)|0)+(J>>>13)|0)+(A>>>26)|0,A&=67108863,T=Math.imul(S,O),J=Math.imul(S,F)+Math.imul(_,O)|0,W=Math.imul(_,F),T=T+Math.imul(y,C)|0,J=(J+Math.imul(y,Z)|0)+Math.imul(M,C)|0,W=W+Math.imul(M,Z)|0,T=T+Math.imul(m,H)|0,J=(J+Math.imul(m,D)|0)+Math.imul(v,H)|0,W=W+Math.imul(v,D)|0,T=T+Math.imul(b,K)|0,J=(J+Math.imul(b,V)|0)+Math.imul(l,K)|0,W=W+Math.imul(l,V)|0,T=T+Math.imul(h,U)|0,J=(J+Math.imul(h,Y)|0)+Math.imul(o,U)|0,W=W+Math.imul(o,Y)|0;f=(ee+(T+Math.imul(a,Q)|0)|0)+((8191&(J=(J+Math.imul(a,$)|0)+Math.imul(s,Q)|0))<<13)|0;ee=((W+Math.imul(s,$)|0)+(J>>>13)|0)+(f>>>26)|0,f&=67108863,T=Math.imul(x,O),J=Math.imul(x,F)+Math.imul(I,O)|0,W=Math.imul(I,F),T=T+Math.imul(S,C)|0,J=(J+Math.imul(S,Z)|0)+Math.imul(_,C)|0,W=W+Math.imul(_,Z)|0,T=T+Math.imul(y,H)|0,J=(J+Math.imul(y,D)|0)+Math.imul(M,H)|0,W=W+Math.imul(M,D)|0,T=T+Math.imul(m,K)|0,J=(J+Math.imul(m,V)|0)+Math.imul(v,K)|0,W=W+Math.imul(v,V)|0,T=T+Math.imul(b,U)|0,J=(J+Math.imul(b,Y)|0)+Math.imul(l,U)|0,W=W+Math.imul(l,Y)|0,T=T+Math.imul(h,Q)|0,J=(J+Math.imul(h,$)|0)+Math.imul(o,Q)|0,W=W+Math.imul(o,$)|0;r=(ee+(T+Math.imul(a,c)|0)|0)+((8191&(J=(J+Math.imul(a,u)|0)+Math.imul(s,c)|0))<<13)|0;ee=((W+Math.imul(s,u)|0)+(J>>>13)|0)+(r>>>26)|0,r&=67108863,T=Math.imul(q,O),J=Math.imul(q,F)+Math.imul(R,O)|0,W=Math.imul(R,F),T=T+Math.imul(x,C)|0,J=(J+Math.imul(x,Z)|0)+Math.imul(I,C)|0,W=W+Math.imul(I,Z)|0,T=T+Math.imul(S,H)|0,J=(J+Math.imul(S,D)|0)+Math.imul(_,H)|0,W=W+Math.imul(_,D)|0,T=T+Math.imul(y,K)|0,J=(J+Math.imul(y,V)|0)+Math.imul(M,K)|0,W=W+Math.imul(M,V)|0,T=T+Math.imul(m,U)|0,J=(J+Math.imul(m,Y)|0)+Math.imul(v,U)|0,W=W+Math.imul(v,Y)|0,T=T+Math.imul(b,Q)|0,J=(J+Math.imul(b,$)|0)+Math.imul(l,Q)|0,W=W+Math.imul(l,$)|0,T=T+Math.imul(h,c)|0,J=(J+Math.imul(h,u)|0)+Math.imul(o,c)|0,W=W+Math.imul(o,u)|0;e=(ee+(T+Math.imul(a,g)|0)|0)+((8191&(J=(J+Math.imul(a,w)|0)+Math.imul(s,g)|0))<<13)|0;ee=((W+Math.imul(s,w)|0)+(J>>>13)|0)+(e>>>26)|0,e&=67108863,T=Math.imul(P,O),J=Math.imul(P,F)+Math.imul(j,O)|0,W=Math.imul(j,F),T=T+Math.imul(q,C)|0,J=(J+Math.imul(q,Z)|0)+Math.imul(R,C)|0,W=W+Math.imul(R,Z)|0,T=T+Math.imul(x,H)|0,J=(J+Math.imul(x,D)|0)+Math.imul(I,H)|0,W=W+Math.imul(I,D)|0,T=T+Math.imul(S,K)|0,J=(J+Math.imul(S,V)|0)+Math.imul(_,K)|0,W=W+Math.imul(_,V)|0,T=T+Math.imul(y,U)|0,J=(J+Math.imul(y,Y)|0)+Math.imul(M,U)|0,W=W+Math.imul(M,Y)|0,T=T+Math.imul(m,Q)|0,J=(J+Math.imul(m,$)|0)+Math.imul(v,Q)|0,W=W+Math.imul(v,$)|0,T=T+Math.imul(b,c)|0,J=(J+Math.imul(b,u)|0)+Math.imul(l,c)|0,W=W+Math.imul(l,u)|0,T=T+Math.imul(h,g)|0,J=(J+Math.imul(h,w)|0)+Math.imul(o,g)|0,W=W+Math.imul(o,w)|0;t=(ee+(T+Math.imul(a,z)|0)|0)+((8191&(J=(J+Math.imul(a,k)|0)+Math.imul(s,z)|0))<<13)|0;ee=((W+Math.imul(s,k)|0)+(J>>>13)|0)+(t>>>26)|0,t&=67108863,T=Math.imul(E,O),J=Math.imul(E,F)+Math.imul(B,O)|0,W=Math.imul(B,F),T=T+Math.imul(P,C)|0,J=(J+Math.imul(P,Z)|0)+Math.imul(j,C)|0,W=W+Math.imul(j,Z)|0,T=T+Math.imul(q,H)|0,J=(J+Math.imul(q,D)|0)+Math.imul(R,H)|0,W=W+Math.imul(R,D)|0,T=T+Math.imul(x,K)|0,J=(J+Math.imul(x,V)|0)+Math.imul(I,K)|0,W=W+Math.imul(I,V)|0,T=T+Math.imul(S,U)|0,J=(J+Math.imul(S,Y)|0)+Math.imul(_,U)|0,W=W+Math.imul(_,Y)|0,T=T+Math.imul(y,Q)|0,J=(J+Math.imul(y,$)|0)+Math.imul(M,Q)|0,W=W+Math.imul(M,$)|0,T=T+Math.imul(m,c)|0,J=(J+Math.imul(m,u)|0)+Math.imul(v,c)|0,W=W+Math.imul(v,u)|0,T=T+Math.imul(b,g)|0,J=(J+Math.imul(b,w)|0)+Math.imul(l,g)|0,W=W+Math.imul(l,w)|0,T=T+Math.imul(h,z)|0,J=(J+Math.imul(h,k)|0)+Math.imul(o,z)|0,W=W+Math.imul(o,k)|0;a=(ee+(T+Math.imul(a,N)|0)|0)+((8191&(J=(J+Math.imul(a,L)|0)+Math.imul(s,N)|0))<<13)|0;ee=((W+Math.imul(s,L)|0)+(J>>>13)|0)+(a>>>26)|0,a&=67108863,T=Math.imul(E,C),J=Math.imul(E,Z)+Math.imul(B,C)|0,W=Math.imul(B,Z),T=T+Math.imul(P,H)|0,J=(J+Math.imul(P,D)|0)+Math.imul(j,H)|0,W=W+Math.imul(j,D)|0,T=T+Math.imul(q,K)|0,J=(J+Math.imul(q,V)|0)+Math.imul(R,K)|0,W=W+Math.imul(R,V)|0,T=T+Math.imul(x,U)|0,J=(J+Math.imul(x,Y)|0)+Math.imul(I,U)|0,W=W+Math.imul(I,Y)|0,T=T+Math.imul(S,Q)|0,J=(J+Math.imul(S,$)|0)+Math.imul(_,Q)|0,W=W+Math.imul(_,$)|0,T=T+Math.imul(y,c)|0,J=(J+Math.imul(y,u)|0)+Math.imul(M,c)|0,W=W+Math.imul(M,u)|0,T=T+Math.imul(m,g)|0,J=(J+Math.imul(m,w)|0)+Math.imul(v,g)|0,W=W+Math.imul(v,w)|0,T=T+Math.imul(b,z)|0,J=(J+Math.imul(b,k)|0)+Math.imul(l,z)|0,W=W+Math.imul(l,k)|0;h=(ee+(T+Math.imul(h,N)|0)|0)+((8191&(J=(J+Math.imul(h,L)|0)+Math.imul(o,N)|0))<<13)|0;ee=((W+Math.imul(o,L)|0)+(J>>>13)|0)+(h>>>26)|0,h&=67108863,T=Math.imul(E,H),J=Math.imul(E,D)+Math.imul(B,H)|0,W=Math.imul(B,D),T=T+Math.imul(P,K)|0,J=(J+Math.imul(P,V)|0)+Math.imul(j,K)|0,W=W+Math.imul(j,V)|0,T=T+Math.imul(q,U)|0,J=(J+Math.imul(q,Y)|0)+Math.imul(R,U)|0,W=W+Math.imul(R,Y)|0,T=T+Math.imul(x,Q)|0,J=(J+Math.imul(x,$)|0)+Math.imul(I,Q)|0,W=W+Math.imul(I,$)|0,T=T+Math.imul(S,c)|0,J=(J+Math.imul(S,u)|0)+Math.imul(_,c)|0,W=W+Math.imul(_,u)|0,T=T+Math.imul(y,g)|0,J=(J+Math.imul(y,w)|0)+Math.imul(M,g)|0,W=W+Math.imul(M,w)|0,T=T+Math.imul(m,z)|0,J=(J+Math.imul(m,k)|0)+Math.imul(v,z)|0,W=W+Math.imul(v,k)|0;b=(ee+(T+Math.imul(b,N)|0)|0)+((8191&(J=(J+Math.imul(b,L)|0)+Math.imul(l,N)|0))<<13)|0;ee=((W+Math.imul(l,L)|0)+(J>>>13)|0)+(b>>>26)|0,b&=67108863,T=Math.imul(E,K),J=Math.imul(E,V)+Math.imul(B,K)|0,W=Math.imul(B,V),T=T+Math.imul(P,U)|0,J=(J+Math.imul(P,Y)|0)+Math.imul(j,U)|0,W=W+Math.imul(j,Y)|0,T=T+Math.imul(q,Q)|0,J=(J+Math.imul(q,$)|0)+Math.imul(R,Q)|0,W=W+Math.imul(R,$)|0,T=T+Math.imul(x,c)|0,J=(J+Math.imul(x,u)|0)+Math.imul(I,c)|0,W=W+Math.imul(I,u)|0,T=T+Math.imul(S,g)|0,J=(J+Math.imul(S,w)|0)+Math.imul(_,g)|0,W=W+Math.imul(_,w)|0,T=T+Math.imul(y,z)|0,J=(J+Math.imul(y,k)|0)+Math.imul(M,z)|0,W=W+Math.imul(M,k)|0;m=(ee+(T+Math.imul(m,N)|0)|0)+((8191&(J=(J+Math.imul(m,L)|0)+Math.imul(v,N)|0))<<13)|0;ee=((W+Math.imul(v,L)|0)+(J>>>13)|0)+(m>>>26)|0,m&=67108863,T=Math.imul(E,U),J=Math.imul(E,Y)+Math.imul(B,U)|0,W=Math.imul(B,Y),T=T+Math.imul(P,Q)|0,J=(J+Math.imul(P,$)|0)+Math.imul(j,Q)|0,W=W+Math.imul(j,$)|0,T=T+Math.imul(q,c)|0,J=(J+Math.imul(q,u)|0)+Math.imul(R,c)|0,W=W+Math.imul(R,u)|0,T=T+Math.imul(x,g)|0,J=(J+Math.imul(x,w)|0)+Math.imul(I,g)|0,W=W+Math.imul(I,w)|0,T=T+Math.imul(S,z)|0,J=(J+Math.imul(S,k)|0)+Math.imul(_,z)|0,W=W+Math.imul(_,k)|0;y=(ee+(T+Math.imul(y,N)|0)|0)+((8191&(J=(J+Math.imul(y,L)|0)+Math.imul(M,N)|0))<<13)|0;ee=((W+Math.imul(M,L)|0)+(J>>>13)|0)+(y>>>26)|0,y&=67108863,T=Math.imul(E,Q),J=Math.imul(E,$)+Math.imul(B,Q)|0,W=Math.imul(B,$),T=T+Math.imul(P,c)|0,J=(J+Math.imul(P,u)|0)+Math.imul(j,c)|0,W=W+Math.imul(j,u)|0,T=T+Math.imul(q,g)|0,J=(J+Math.imul(q,w)|0)+Math.imul(R,g)|0,W=W+Math.imul(R,w)|0,T=T+Math.imul(x,z)|0,J=(J+Math.imul(x,k)|0)+Math.imul(I,z)|0,W=W+Math.imul(I,k)|0;S=(ee+(T+Math.imul(S,N)|0)|0)+((8191&(J=(J+Math.imul(S,L)|0)+Math.imul(_,N)|0))<<13)|0;ee=((W+Math.imul(_,L)|0)+(J>>>13)|0)+(S>>>26)|0,S&=67108863,T=Math.imul(E,c),J=Math.imul(E,u)+Math.imul(B,c)|0,W=Math.imul(B,u),T=T+Math.imul(P,g)|0,J=(J+Math.imul(P,w)|0)+Math.imul(j,g)|0,W=W+Math.imul(j,w)|0,T=T+Math.imul(q,z)|0,J=(J+Math.imul(q,k)|0)+Math.imul(R,z)|0,W=W+Math.imul(R,k)|0;x=(ee+(T+Math.imul(x,N)|0)|0)+((8191&(J=(J+Math.imul(x,L)|0)+Math.imul(I,N)|0))<<13)|0;ee=((W+Math.imul(I,L)|0)+(J>>>13)|0)+(x>>>26)|0,x&=67108863,T=Math.imul(E,g),J=Math.imul(E,w)+Math.imul(B,g)|0,W=Math.imul(B,w),T=T+Math.imul(P,z)|0,J=(J+Math.imul(P,k)|0)+Math.imul(j,z)|0,W=W+Math.imul(j,k)|0;q=(ee+(T+Math.imul(q,N)|0)|0)+((8191&(J=(J+Math.imul(q,L)|0)+Math.imul(R,N)|0))<<13)|0;ee=((W+Math.imul(R,L)|0)+(J>>>13)|0)+(q>>>26)|0,q&=67108863,T=Math.imul(E,z),J=Math.imul(E,k)+Math.imul(B,z)|0,W=Math.imul(B,k);P=(ee+(T+Math.imul(P,N)|0)|0)+((8191&(J=(J+Math.imul(P,L)|0)+Math.imul(j,N)|0))<<13)|0;ee=((W+Math.imul(j,L)|0)+(J>>>13)|0)+(P>>>26)|0,P&=67108863;N=(ee+Math.imul(E,N)|0)+((8191&(J=Math.imul(E,L)+Math.imul(B,N)|0))<<13)|0;return ee=(Math.imul(B,L)+(J>>>13)|0)+(N>>>26)|0,N&=67108863,d[0]=X,d[1]=G,d[2]=n,d[3]=p,d[4]=A,d[5]=f,d[6]=r,d[7]=e,d[8]=t,d[9]=a,d[10]=h,d[11]=b,d[12]=m,d[13]=y,d[14]=S,d[15]=x,d[16]=q,d[17]=P,d[18]=N,0!=ee&&(d[19]=ee,i.length++),i};function a(e,t,i){return(new s).mulp(e,t,i)}function s(e,t){this.x=e,this.y=t}Math.imul||(d=f),m.prototype.mulTo=function(e,t){var i=this.length+e.length,t=(10===this.length&&10===e.length?d:i<63?f:i<1024?function(e,t,i){i.negative=t.negative^e.negative,i.length=e.length+t.length;for(var r=0,f=0,d=0;d>>26)|0)>>>26,n&=67108863}i.words[d]=a,r=n,n=f}return 0!==r?i.words[d]=r:i.length--,i.strip()}:a)(this,e,t);return t},s.prototype.makeRBT=function(e){for(var t=new Array(e),i=m.prototype._countBits(e)-1,r=0;r>=1;return r},s.prototype.permute=function(e,t,i,r,f,d){for(var n=0;n>>=1)i++;return 1<>>=13,i[2*d+1]=8191&f,f>>>=13;for(d=2*t;d>=26,t+=r/67108864|0,t+=f>>>26,this.words[i]=67108863&f}return 0!==t&&(this.words[i]=t,this.length++),this},m.prototype.muln=function(e){return this.clone().imuln(e)},m.prototype.sqr=function(){return this.mul(this)},m.prototype.isqr=function(){return this.imul(this.clone())},m.prototype.pow=function(e){var t=function(e){for(var t=new Array(e.bitLength()),i=0;i>>f}return t}(e);if(0===t.length)return new m(1);for(var i=this,r=0;r>>26-t<<26-t;if(0!=t){for(var f=0,d=0;d>>26-t}f&&(this.words[d]=f,this.length++)}if(0!=i){for(d=this.length-1;0<=d;d--)this.words[d+i]=this.words[d];for(d=0;d>>f<d)for(this.length-=d,s=0;s>>f,c=h&n}return a&&0!==c&&(a.words[a.length++]=c),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},m.prototype.ishrn=function(e,t,i){return p(0===this.negative),this.iushrn(e,t,i)},m.prototype.shln=function(e){return this.clone().ishln(e)},m.prototype.ushln=function(e){return this.clone().iushln(e)},m.prototype.shrn=function(e){return this.clone().ishrn(e)},m.prototype.ushrn=function(e){return this.clone().iushrn(e)},m.prototype.testn=function(e){p("number"==typeof e&&0<=e);var t=e%26,e=(e-t)/26,t=1<>>t<>26)-(a/67108864|0);this.words[n+i]=67108863&r}for(;n>26,this.words[n+i]=67108863&r;if(0===d)return this.strip();for(p(-1===d),n=d=0;n>26,this.words[n]=67108863&r;return this.negative=1,this.strip()},m.prototype._wordDiv=function(e,t){var i=this.length-e.length,r=this.clone(),f=e,d=0|f.words[f.length-1];0!=(i=26-this._countBits(d))&&(f=f.ushln(i),r.iushln(i),d=0|f.words[f.length-1]);var n,a=r.length-f.length;if("mod"!==t){(n=new m(null)).length=1+a,n.words=new Array(n.length);for(var s=0;sthis.length||this.cmp(e)<0?{div:new m(0),mod:this}:1===e.length?"div"===t?{div:this.divn(e.words[0]),mod:null}:"mod"===t?{div:null,mod:new m(this.modn(e.words[0]))}:{div:this.divn(e.words[0]),mod:new m(this.modn(e.words[0]))}:this._wordDiv(e,t);var r,f,d},m.prototype.div=function(e){return this.divmod(e,"div",!1).div},m.prototype.mod=function(e){return this.divmod(e,"mod",!1).mod},m.prototype.umod=function(e){return this.divmod(e,"mod",!0).mod},m.prototype.divRound=function(e){var t=this.divmod(e);if(t.mod.isZero())return t.div;var i=0!==t.div.negative?t.mod.isub(e):t.mod,r=e.ushrn(1),e=e.andln(1),r=i.cmp(r);return r<0||1===e&&0===r?t.div:0!==t.div.negative?t.div.isubn(1):t.div.iaddn(1)},m.prototype.modn=function(e){p(e<=67108863);for(var t=(1<<26)%e,i=0,r=this.length-1;0<=r;r--)i=(t*i+(0|this.words[r]))%e;return i},m.prototype.idivn=function(e){p(e<=67108863);for(var t=0,i=this.length-1;0<=i;i--){var r=(0|this.words[i])+67108864*t;this.words[i]=r/e|0,t=r%e}return this.strip()},m.prototype.divn=function(e){return this.clone().idivn(e)},m.prototype.egcd=function(e){p(0===e.negative),p(!e.isZero());for(var t=this,i=e.clone(),t=0!==t.negative?t.umod(e):t.clone(),r=new m(1),f=new m(0),d=new m(0),n=new m(1),a=0;t.isEven()&&i.isEven();)t.iushrn(1),i.iushrn(1),++a;for(var s=i.clone(),c=t.clone();!t.isZero();){for(var h=0,o=1;0==(t.words[0]&o)&&h<26;++h,o<<=1);if(0>>26;f&=67108863,this.words[r]=f}return 0!==i&&(this.words[r]=i,this.length++),this},m.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},m.prototype.cmpn=function(e){var t=e<0;return 0===this.negative||t?0===this.negative&&t?1:(this.strip(),e=1e.length)return 1;if(this.lengththis.n;);e=t>>22,f=d}f>>>=22,0===(e.words[r-10]=f)&&10>>=26,e.words[i]=f,t=r}return 0!==t&&(e.words[e.length++]=t),e},m._prime=function(e){if(c[e])return c[e];var t;if("k256"===e)t=new v;else if("p224"===e)t=new g;else if("p192"===e)t=new y;else{if("p25519"!==e)throw new Error("Unknown prime "+e);t=new M}return c[e]=t},w.prototype._verify1=function(e){p(0===e.negative,"red works only with positives"),p(e.red,"red works only with red numbers")},w.prototype._verify2=function(e,t){p(0==(e.negative|t.negative),"red works only with positives"),p(e.red&&e.red===t.red,"red works only with red numbers")},w.prototype.imod=function(e){return(this.prime?this.prime.ireduce(e):e.umod(this.m))._forceRed(this)},w.prototype.neg=function(e){return e.isZero()?e.clone():this.m.sub(e)._forceRed(this)},w.prototype.add=function(e,t){this._verify2(e,t);t=e.add(t);return 0<=t.cmp(this.m)&&t.isub(this.m),t._forceRed(this)},w.prototype.iadd=function(e,t){this._verify2(e,t);t=e.iadd(t);return 0<=t.cmp(this.m)&&t.isub(this.m),t},w.prototype.sub=function(e,t){this._verify2(e,t);t=e.sub(t);return t.cmpn(0)<0&&t.iadd(this.m),t._forceRed(this)},w.prototype.isub=function(e,t){this._verify2(e,t);t=e.isub(t);return t.cmpn(0)<0&&t.iadd(this.m),t},w.prototype.shl=function(e,t){return this._verify1(e),this.imod(e.ushln(t))},w.prototype.imul=function(e,t){return this._verify2(e,t),this.imod(e.imul(t))},w.prototype.mul=function(e,t){return this._verify2(e,t),this.imod(e.mul(t))},w.prototype.isqr=function(e){return this.imul(e,e.clone())},w.prototype.sqr=function(e){return this.mul(e,e)},w.prototype.sqrt=function(e){if(e.isZero())return e.clone();var t=this.m.andln(3);if(p(t%2==1),3===t){t=this.m.add(new m(1)).iushrn(2);return this.pow(e,t)}for(var i=this.m.subn(1),r=0;!i.isZero()&&0===i.andln(1);)r++,i.iushrn(1);p(!i.isZero());for(var f=new m(1).toRed(this),d=f.redNeg(),n=this.m.subn(1).iushrn(1),a=new m(2*(a=this.m.bitLength())*a).toRed(this);0!==this.pow(a,n).cmp(d);)a.redIAdd(d);for(var s=this.pow(a,i),c=this.pow(e,i.addn(1).iushrn(1)),h=this.pow(e,i),o=r;0!==h.cmp(f);){for(var u=h,b=0;0!==u.cmp(f);b++)u=u.redSqr();p(b>c&1;f!==i[0]&&(f=this.sqr(f)),0!=h||0!==d?(d<<=1,d|=h,(4===++n||0===r&&0===c)&&(f=this.mul(f,i[d]),d=n=0)):n=0}a=26}return f},w.prototype.convertTo=function(e){var t=e.umod(this.m);return t===e?t.clone():t},w.prototype.convertFrom=function(e){e=e.clone();return e.red=null,e},m.mont=function(e){return new S(e)},i(S,w),S.prototype.convertTo=function(e){return this.imod(e.ushln(this.shift))},S.prototype.convertFrom=function(e){e=this.imod(e.mul(this.rinv));return e.red=null,e},S.prototype.imul=function(e,t){if(e.isZero()||t.isZero())return e.words[0]=0,e.length=1,e;e=e.imul(t),t=e.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),e=e.isub(t).iushrn(this.shift),t=e;return 0<=e.cmp(this.m)?t=e.isub(this.m):e.cmpn(0)<0&&(t=e.iadd(this.m)),t._forceRed(this)},S.prototype.mul=function(e,t){if(e.isZero()||t.isZero())return new m(0)._forceRed(this);e=e.mul(t),t=e.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),e=e.isub(t).iushrn(this.shift),t=e;return 0<=e.cmp(this.m)?t=e.isub(this.m):e.cmpn(0)<0&&(t=e.iadd(this.m)),t._forceRed(this)},S.prototype.invm=function(e){return this.imod(e._invmp(this.m).mul(this.r2))._forceRed(this)}}(void 0===e||e,this)},{buffer:18}],17:[function(e,t,i){var r;function f(e){this.rand=e}if(t.exports=function(e){return(r=r||new f(null)).generate(e)},(t.exports.Rand=f).prototype.generate=function(e){return this._rand(e)},f.prototype._rand=function(e){if(this.rand.getBytes)return this.rand.getBytes(e);for(var t=new Uint8Array(e),i=0;i=this._delta8){t=(e=this.pending).length%this._delta8;this.pending=e.slice(e.length-t,e.length),0===this.pending.length&&(this.pending=null),e=r.join32(e,0,e.length-t,this.endian);for(var i=0;i>>24&255,r[f++]=e>>>16&255,r[f++]=e>>>8&255,r[f++]=255&e}else for(r[f++]=255&e,r[f++]=e>>>8&255,r[f++]=e>>>16&255,r[f++]=e>>>24&255,r[f++]=0,r[f++]=0,r[f++]=0,r[f++]=0,d=8;dthis.blockSize&&(e=(new this.Hash).update(e).digest()),f(e.length<=this.blockSize);for(var t=e.length;t>>3},i.g1_256=function(e){return r(e,17)^r(e,19)^e>>>10}},{"../utils":30}],30:[function(e,t,i){"use strict";var s=e("minimalistic-assert"),e=e("inherits");function d(e){return(e>>>24|e>>>8&65280|e<<8&16711680|(255&e)<<24)>>>0}function r(e){return 1===e.length?"0"+e:e}function n(e){return 7===e.length?"0"+e:6===e.length?"00"+e:5===e.length?"000"+e:4===e.length?"0000"+e:3===e.length?"00000"+e:2===e.length?"000000"+e:1===e.length?"0000000"+e:e}i.inherits=e,i.toArray=function(e,t){if(Array.isArray(e))return e.slice();if(!e)return[];var i,r,f=[];if("string"==typeof e)if(t){if("hex"===t)for((e=e.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(e="0"+e),n=0;n>6|192,f[d++]=63&a|128):(r=n,55296!=(64512&(i=e).charCodeAt(r))||r<0||r+1>=i.length||56320!=(64512&i.charCodeAt(r+1))?f[d++]=a>>12|224:(a=65536+((1023&a)<<10)+(1023&e.charCodeAt(++n)),f[d++]=a>>18|240,f[d++]=a>>12&63|128),f[d++]=a>>6&63|128,f[d++]=63&a|128)}else for(n=0;n>>0}return f},i.split32=function(e,t){for(var i=new Array(4*e.length),r=0,f=0;r>>24,i[f+1]=d>>>16&255,i[f+2]=d>>>8&255,i[f+3]=255&d):(i[f+3]=d>>>24,i[f+2]=d>>>16&255,i[f+1]=d>>>8&255,i[f]=255&d)}return i},i.rotr32=function(e,t){return e>>>t|e<<32-t},i.rotl32=function(e,t){return e<>>32-t},i.sum32=function(e,t){return e+t>>>0},i.sum32_3=function(e,t,i){return e+t+i>>>0},i.sum32_4=function(e,t,i,r){return e+t+i+r>>>0},i.sum32_5=function(e,t,i,r,f){return e+t+i+r+f>>>0},i.sum64=function(e,t,i,r){var f=e[t],d=r+e[t+1]>>>0,f=(d>>0,e[t+1]=d},i.sum64_hi=function(e,t,i,r){return(t+r>>>0>>0},i.sum64_lo=function(e,t,i,r){return t+r>>>0},i.sum64_4_hi=function(e,t,i,r,f,d,n,a){var s=0,c=t;return s+=(c=c+r>>>0)>>0)>>0)>>0},i.sum64_4_lo=function(e,t,i,r,f,d,n,a){return t+r+d+a>>>0},i.sum64_5_hi=function(e,t,i,r,f,d,n,a,s,c){var h=0,o=t;return h+=(o=o+r>>>0)>>0)>>0)>>0)>>0},i.sum64_5_lo=function(e,t,i,r,f,d,n,a,s,c){return t+r+d+a+c>>>0},i.rotr64_hi=function(e,t,i){return(t<<32-i|e>>>i)>>>0},i.rotr64_lo=function(e,t,i){return(e<<32-i|t>>>i)>>>0},i.shr64_hi=function(e,t,i){return e>>>i},i.shr64_lo=function(e,t,i){return(e<<32-i|t>>>i)>>>0}},{inherits:32,"minimalistic-assert":33}],31:[function(e,t,i){"use strict";var r=e("hash.js"),d=e("minimalistic-crypto-utils"),f=e("minimalistic-assert");function n(e){if(!(this instanceof n))return new n(e);this.hash=e.hash,this.predResist=!!e.predResist,this.outLen=this.hash.outSize,this.minEntropy=e.minEntropy||this.hash.hmacStrength,this._reseed=null,this.reseedInterval=null,this.K=null,this.V=null;var t=d.toArray(e.entropy,e.entropyEnc||"hex"),i=d.toArray(e.nonce,e.nonceEnc||"hex"),e=d.toArray(e.pers,e.persEnc||"hex");f(t.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init(t,i,e)}(t.exports=n).prototype._init=function(e,t,i){i=e.concat(t).concat(i);this.K=new Array(this.outLen/8),this.V=new Array(this.outLen/8);for(var r=0;r=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update(e.concat(i||[])),this._reseed=1},n.prototype.generate=function(e,t,i,r){if(this._reseed>this.reseedInterval)throw new Error("Reseed is required");"string"!=typeof t&&(r=i,i=t,t=null),i&&(i=d.toArray(i,r||"hex"),this._update(i));for(var f=[];f.length>8,f=255&f;d?i.push(d,f):i.push(f)}return i},i.zero2=r,i.toHex=f,i.encode=function(e,t){return"hex"===t?f(e):e}},{}],35:[function(e,t,i){t.exports={name:"elliptic",version:"6.6.0",description:"EC cryptography",main:"lib/elliptic.js",files:["lib"],scripts:{lint:"eslint lib test","lint:fix":"npm run lint -- --fix",unit:"istanbul test _mocha --reporter=spec test/index.js",test:"npm run lint && npm run unit",version:"grunt dist && git add dist/"},repository:{type:"git",url:"git@github.com:indutny/elliptic"},keywords:["EC","Elliptic","curve","Cryptography"],author:"Fedor Indutny ",license:"MIT",bugs:{url:"https://github.com/indutny/elliptic/issues"},homepage:"https://github.com/indutny/elliptic",devDependencies:{brfs:"^2.0.2",coveralls:"^3.1.0",eslint:"^7.6.0",grunt:"^1.2.1","grunt-browserify":"^5.3.0","grunt-cli":"^1.3.2","grunt-contrib-connect":"^3.0.0","grunt-contrib-copy":"^1.0.0","grunt-contrib-uglify":"^5.0.0","grunt-mocha-istanbul":"^5.0.2","grunt-saucelabs":"^9.0.1",istanbul:"^0.4.5",mocha:"^8.0.1"},dependencies:{"bn.js":"^4.11.9",brorand:"^1.1.0","hash.js":"^1.0.0","hmac-drbg":"^1.0.1",inherits:"^2.0.4","minimalistic-assert":"^1.0.1","minimalistic-crypto-utils":"^1.0.1"}}},{}]},{},[1])(1)}); \ No newline at end of file diff --git a/lib/elliptic/ec/index.js b/lib/elliptic/ec/index.js index 8b58781..b382b62 100644 --- a/lib/elliptic/ec/index.js +++ b/lib/elliptic/ec/index.js @@ -78,8 +78,27 @@ EC.prototype.genKeyPair = function genKeyPair(options) { } }; -EC.prototype._truncateToN = function _truncateToN(msg, truncOnly) { - var delta = msg.byteLength() * 8 - this.n.bitLength(); +EC.prototype._truncateToN = function _truncateToN(msg, truncOnly, bitLength) { + var byteLength; + if (BN.isBN(msg) || typeof msg === 'number') { + msg = new BN(msg, 16); + byteLength = msg.byteLength(); + } else if (typeof msg === 'object') { + // BN assumes an array-like input and asserts length + byteLength = msg.length; + msg = new BN(msg, 16); + } else { + // BN converts the value to string + var str = msg.toString(); + // HEX encoding + byteLength = (str.length + 1) >>> 1; + msg = new BN(str, 16); + } + // Allow overriding + if (typeof bitLength !== 'number') { + bitLength = byteLength * 8; + } + var delta = bitLength - this.n.bitLength(); if (delta > 0) msg = msg.ushrn(delta); if (!truncOnly && msg.cmp(this.n) >= 0) @@ -97,7 +116,7 @@ EC.prototype.sign = function sign(msg, key, enc, options) { options = {}; key = this.keyFromPrivate(key, enc); - msg = this._truncateToN(new BN(msg, 16)); + msg = this._truncateToN(msg, false, options.msgBitLength); // Zero-extend key to provide enough entropy var bytes = this.n.byteLength(); @@ -153,8 +172,11 @@ EC.prototype.sign = function sign(msg, key, enc, options) { } }; -EC.prototype.verify = function verify(msg, signature, key, enc) { - msg = this._truncateToN(new BN(msg, 16)); +EC.prototype.verify = function verify(msg, signature, key, enc, options) { + if (!options) + options = {}; + + msg = this._truncateToN(msg, false, options.msgBitLength); key = this.keyFromPublic(key, enc); signature = new Signature(signature, 'hex'); diff --git a/lib/elliptic/ec/key.js b/lib/elliptic/ec/key.js index 55bf299..595cfb2 100644 --- a/lib/elliptic/ec/key.js +++ b/lib/elliptic/ec/key.js @@ -111,8 +111,8 @@ KeyPair.prototype.sign = function sign(msg, enc, options) { return this.ec.sign(msg, this, enc, options); }; -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); +KeyPair.prototype.verify = function verify(msg, signature, options) { + return this.ec.verify(msg, signature, this, undefined, options); }; KeyPair.prototype.inspect = function inspect() { diff --git a/package-lock.json b/package-lock.json index 755ed1f..d6a908f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { "name": "elliptic", - "version": "6.5.7", + "version": "6.6.0", "lockfileVersion": 2, "requires": true, "packages": { "": { - "version": "6.5.7", + "version": "6.6.0", "license": "MIT", "dependencies": { "bn.js": "^4.11.9", diff --git a/package.json b/package.json index d419b35..580cf56 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "elliptic", - "version": "6.5.7", + "version": "6.6.0", "description": "EC cryptography", "main": "lib/elliptic.js", "files": [ diff --git a/test/ecdsa-test.js b/test/ecdsa-test.js index fc73289..4e34c92 100644 --- a/test/ecdsa-test.js +++ b/test/ecdsa-test.js @@ -489,6 +489,50 @@ describe('ECDSA', function() { }); }); + it('Wycheproof special hash case with hex', function() { + var curve = new elliptic.ec('p192'); + var msg = + '00000000690ed426ccf17803ebe2bd0884bcd58a1bb5e7477ead3645f356e7a9'; + var sig = '303502186f20676c0d04fc40ea55d5702f798355787363a9' + + '1e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf5' + + '56a2034288885b'; + var pub = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deb' + + 'a28150de1be6cb4376523006beff30ff09b4049125ced29723'; + var pubKey = curve.keyFromPublic(pub, 'hex'); + assert(pubKey.verify(msg, sig) === true); + }); + + it('Wycheproof special hash case with Array', function() { + var curve = new elliptic.ec('p192'); + var msg = [ + 0x00, 0x00, 0x00, 0x00, 0x69, 0x0e, 0xd4, 0x26, 0xcc, 0xf1, 0x78, + 0x03, 0xeb, 0xe2, 0xbd, 0x08, 0x84, 0xbc, 0xd5, 0x8a, 0x1b, 0xb5, + 0xe7, 0x47, 0x7e, 0xad, 0x36, 0x45, 0xf3, 0x56, 0xe7, 0xa9, + ]; + var sig = '303502186f20676c0d04fc40ea55d5702f798355787363a9' + + '1e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf5' + + '56a2034288885b'; + var pub = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deb' + + 'a28150de1be6cb4376523006beff30ff09b4049125ced29723'; + var pubKey = curve.keyFromPublic(pub, 'hex'); + assert(pubKey.verify(msg, sig) === true); + }); + + it('Wycheproof special hash case with BN', function() { + var curve = new elliptic.ec('p192'); + var msg = new BN( + '00000000690ed426ccf17803ebe2bd0884bcd58a1bb5e7477ead3645f356e7a9', + 16, + ); + var sig = '303502186f20676c0d04fc40ea55d5702f798355787363a9' + + '1e97a7e50219009d1c8c171b2b02e7d791c204c17cea4cf5' + + '56a2034288885b'; + var pub = '04cd35a0b18eeb8fcd87ff019780012828745f046e785deb' + + 'a28150de1be6cb4376523006beff30ff09b4049125ced29723'; + var pubKey = curve.keyFromPublic(pub, 'hex'); + assert(pubKey.verify(msg, sig, { msgBitLength: 32 * 8 }) === true); + }); + describe('Signature', function () { it('recoveryParam is 0', function () { var sig = new Signature({ r: '00', s: '00', recoveryParam: 0 });