diff --git a/css/main.css b/css/main.css
new file mode 100644
index 0000000..fdd3d2a
--- /dev/null
+++ b/css/main.css
@@ -0,0 +1,852 @@
+* {
+ padding: 0;
+ margin: 0;
+ box-sizing: border-box;
+ font-family: "Roboto", sans-serif;
+}
+
+:root {
+ font-size: clamp(1rem, 1.2vmax, 1.5rem);
+}
+
+html,
+body {
+ height: 100%;
+}
+
+body {
+ --accent-color: #3d5afe;
+ --accent-color-rgb: 77, 119, 255;
+ --secondary-color: #ffac2e;
+ --text-color: 34, 34, 34;
+ --foreground-color: 252, 253, 255;
+ --background-color: 241, 243, 248;
+ --danger-color: rgb(255, 75, 75);
+ --green: #1cad59;
+ --yellow: rgb(220, 165, 0);
+ color: rgba(var(--text-color), 1);
+ background-color: rgba(var(--foreground-color), 1);
+}
+
+body[data-theme=dark] {
+ --accent-color: #92a2ff;
+ --accent-color-rgb: 160, 182, 255;
+ --secondary-color: #d60739;
+ --text-color: 210, 210, 210;
+ --foreground-color: 27, 28, 29;
+ --background-color: 21, 22, 22;
+ --danger-color: rgb(255, 106, 106);
+ --green: #00e676;
+ --yellow: rgb(255, 213, 5);
+}
+body[data-theme=dark] ::-webkit-calendar-picker-indicator {
+ filter: invert(1);
+}
+
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+ letter-spacing: -0.01em;
+ font-weight: 700;
+}
+
+p,
+strong {
+ line-height: 1.7;
+ color: rgba(var(--text-color), 0.9);
+ max-width: 70ch;
+ font-size: 0.9rem;
+}
+
+img {
+ -o-object-fit: cover;
+ object-fit: cover;
+}
+
+a:where([class]) {
+ color: inherit;
+ text-decoration: none;
+}
+a:where([class]):focus-visible {
+ box-shadow: 0 0 0 0.1rem rgba(var(--text-color), 1) inset;
+}
+
+a {
+ color: var(--accent-color);
+}
+
+a:-webkit-any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+a:-moz-any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+a:any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+input[type=datetime-local] {
+ width: 100%;
+ padding: 0.8rem 0.6rem;
+ border: none;
+ border-radius: 0.5rem;
+ font-weight: 500;
+ font-family: inherit;
+ font-size: inherit;
+ color: inherit;
+ background-color: rgba(var(--text-color), 0.06);
+}
+input[type=datetime-local]:focus {
+ outline: none;
+ box-shadow: 0 0 0 0.1rem var(--accent-color);
+}
+
+button,
+.button {
+ -webkit-user-select: none;
+ -moz-user-select: none;
+ user-select: none;
+ position: relative;
+ display: inline-flex;
+ border: none;
+ background-color: transparent;
+ overflow: hidden;
+ color: inherit;
+ -webkit-tap-highlight-color: transparent;
+ align-items: center;
+ font-size: 0.9rem;
+ font-weight: 500;
+ white-space: nowrap;
+ padding: 0.5rem 1rem;
+ border-radius: 0.5rem;
+ justify-content: center;
+ flex-shrink: 0;
+}
+button:focus-visible,
+.button:focus-visible {
+ outline: var(--accent-color) solid medium;
+}
+button:not(:disabled),
+.button:not(:disabled) {
+ cursor: pointer;
+}
+
+.button {
+ background-color: rgba(var(--text-color), 0.02);
+ border: solid thin rgba(var(--text-color), 0.06);
+}
+.button--primary {
+ padding: 0.8rem 1rem;
+ color: rgba(var(--background-color), 1);
+ background-color: var(--accent-color);
+}
+.button--primary .icon {
+ fill: rgba(var(--background-color), 1);
+}
+.button--colored {
+ color: var(--accent-color);
+}
+.button--colored .icon {
+ fill: var(--accent-color);
+}
+.button--danger {
+ background-color: rgba(255, 115, 115, 0.062745098);
+ color: var(--danger-color);
+}
+.button--danger .icon {
+ fill: var(--danger-color);
+}
+.button--small {
+ padding: 0.4rem 0.6rem;
+}
+.button--outlined {
+ border: solid var(--accent-color) 1px;
+ background-color: transparent;
+ color: var(--accent-color);
+}
+.button--outlined .icon {
+ fill: var(--accent-color);
+}
+.button--transparent {
+ background-color: transparent;
+}
+
+button:disabled {
+ opacity: 0.4;
+ cursor: not-allowed;
+ filter: saturate(0);
+}
+
+.cta {
+ text-transform: uppercase;
+ font-size: 0.8rem;
+ font-weight: 700;
+ letter-spacing: 0.05em;
+ padding: 0.8rem 1rem;
+}
+
+.icon {
+ width: 1.2rem;
+ height: 1.2rem;
+ fill: rgba(var(--text-color), 0.8);
+ flex-shrink: 0;
+}
+
+.icon-only {
+ padding: 0.5rem;
+ border-radius: 0.3rem;
+ aspect-ratio: 1/1;
+}
+
+a:-webkit-any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+a:-moz-any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+a:any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+details summary {
+ display: flex;
+ -webkit-user-select: none;
+ -moz-user-select: none;
+ user-select: none;
+ cursor: pointer;
+ align-items: center;
+ gap: 1rem;
+ color: var(--accent-color);
+}
+
+details[open] summary {
+ margin-bottom: 1rem;
+}
+details[open] > summary .down-arrow {
+ transform: rotate(180deg);
+}
+
+fieldset {
+ border: none;
+}
+
+sm-input {
+ --border-radius: 0.5rem;
+ --background-color: rgba(var(--foreground-color), 1);
+}
+
+sm-spinner {
+ --size: 1.3rem;
+ --stroke-width: 0.1rem;
+}
+
+sm-chips {
+ --gap: 0.3rem;
+}
+
+sm-chip {
+ position: relative;
+ font-size: 0.9rem;
+ --border-radius: 0.5rem;
+ --padding: 0.5rem 0.8rem;
+ --background: rgba(var(--text-color), 0.06);
+ -webkit-user-select: none;
+ -moz-user-select: none;
+ user-select: none;
+ font-weight: 500;
+}
+sm-chip[selected] {
+ --background: var(--accent-color);
+ color: rgba(var(--background-color), 1);
+}
+
+sm-select {
+ font-size: 0.9rem;
+ font-weight: 500;
+ --padding: 0.6rem 0.3rem 0.6rem 0.6rem;
+}
+
+sm-option {
+ font-size: 0.9rem;
+}
+
+ul {
+ list-style: none;
+}
+
+.interact {
+ position: relative;
+ overflow: hidden;
+ cursor: pointer;
+ -webkit-tap-highlight-color: transparent;
+}
+
+.overflow-ellipsis {
+ width: 100%;
+ overflow: hidden;
+ white-space: nowrap;
+ text-overflow: ellipsis;
+}
+
+.wrap-around {
+ overflow-wrap: break-word;
+ word-wrap: break-word;
+ word-break: break-word;
+}
+
+.full-bleed {
+ grid-column: 1/-1;
+}
+
+.uppercase {
+ text-transform: uppercase;
+}
+
+.capitalize {
+ text-transform: capitalize;
+}
+
+.sticky {
+ position: -webkit-sticky;
+ position: sticky;
+}
+
+.top-0 {
+ top: 0;
+}
+
+.flex {
+ display: flex;
+}
+
+.flex-wrap {
+ flex-wrap: wrap;
+}
+
+.flex-1 {
+ flex: 1;
+}
+
+.flex-shrink-0 {
+ flex-shrink: 0;
+}
+
+.grid {
+ display: grid;
+}
+
+.flow-column {
+ grid-auto-flow: column;
+}
+
+.gap-0-3 {
+ gap: 0.3rem;
+}
+
+.gap-0-5 {
+ gap: 0.5rem;
+}
+
+.gap-1 {
+ gap: 1rem;
+}
+
+.gap-1-5 {
+ gap: 1.5rem;
+}
+
+.gap-2 {
+ gap: 2rem;
+}
+
+.gap-3 {
+ gap: 3rem;
+}
+
+.text-align-right {
+ text-align: right;
+}
+
+.text-align-left {
+ text-align: left;
+}
+
+.align-items-start {
+ align-items: flex-start;
+}
+
+.align-items-center {
+ align-items: center;
+}
+
+.align-content-start {
+ align-content: flex-start;
+}
+
+.align-start {
+ align-content: flex-start;
+}
+
+.align-center {
+ align-items: center;
+}
+
+.align-end {
+ align-items: flex-end;
+}
+
+.text-center {
+ text-align: center;
+}
+
+.justify-start {
+ justify-items: start;
+}
+
+.justify-content-start {
+ justify-content: start;
+}
+
+.justify-content-center {
+ justify-content: center;
+}
+
+.justify-items-center {
+ justify-items: center;
+}
+
+.justify-right {
+ margin-left: auto;
+}
+
+.align-self-start {
+ align-self: start;
+}
+
+.align-self-center {
+ align-self: center;
+}
+
+.align-self-end {
+ align-self: end;
+}
+
+.justify-self-center {
+ justify-self: center;
+}
+
+.justify-self-start {
+ justify-self: start;
+}
+
+.justify-self-end {
+ justify-self: end;
+}
+
+.flex-direction-column {
+ flex-direction: column;
+}
+
+.space-between {
+ justify-content: space-between;
+}
+
+.space-evenly {
+ justify-content: space-evenly;
+}
+
+.w-100 {
+ width: 100%;
+}
+
+.h-100 {
+ height: 100%;
+}
+
+.padding-block-1 {
+ padding-block: 1rem;
+}
+
+.margin-right-0-3 {
+ margin-right: 0.3rem;
+}
+
+.margin-right-0-5 {
+ margin-right: 0.5rem;
+}
+
+.margin-right-1 {
+ margin-right: 1rem;
+}
+
+.margin-left-0-5 {
+ margin-left: 0.5rem;
+}
+
+.margin-left-auto {
+ margin-left: auto;
+}
+
+.margin-right-auto {
+ margin-right: auto;
+}
+
+.margin-top-1 {
+ margin-top: 1rem;
+}
+
+.margin-bottom-0-5 {
+ margin-bottom: 0.5rem;
+}
+
+.margin-bottom-1 {
+ margin-bottom: 1rem;
+}
+
+.margin-bottom-2 {
+ margin-bottom: 2rem;
+}
+
+.margin-block-0-5 {
+ margin-block: 0.5rem;
+}
+
+.margin-block-1 {
+ margin-block: 1rem;
+}
+
+.margin-block-1-5 {
+ margin-block: 1.5rem;
+}
+
+.margin-inline-1 {
+ margin-inline: 1rem;
+}
+
+.margin-inline-1-5 {
+ margin-inline: 1.5rem;
+}
+
+.hidden {
+ display: none !important;
+}
+
+.h1 {
+ font-size: 2.5rem;
+}
+
+.h2 {
+ font-size: 2rem;
+}
+
+.h3 {
+ font-size: 1.4rem;
+}
+
+.h4 {
+ font-size: 1rem;
+}
+
+.h5 {
+ font-size: 0.8rem;
+}
+
+.grid-3 {
+ grid-template-columns: 1fr auto auto;
+}
+
+.flow-column {
+ grid-auto-flow: column;
+}
+
+.w-100 {
+ width: 100%;
+}
+
+.color-0-8 {
+ color: rgba(var(--text-color), 0.8);
+}
+
+.weight-400 {
+ font-weight: 400;
+}
+
+.weight-500 {
+ font-weight: 500;
+}
+
+.ws-pre-line {
+ white-space: pre-line;
+}
+
+.card {
+ background-color: rgba(var(--foreground-color), 1);
+ border-radius: 0.5rem;
+ padding: max(1rem, 3vw);
+}
+
+.ripple {
+ height: 8rem;
+ width: 8rem;
+ position: absolute;
+ border-radius: 50%;
+ transform: scale(0);
+ background: radial-gradient(circle, rgba(var(--text-color), 0.3) 0%, rgba(0, 0, 0, 0) 50%);
+ pointer-events: none;
+}
+
+.interactive {
+ position: relative;
+ overflow: hidden;
+ cursor: pointer;
+ -webkit-tap-highlight-color: transparent;
+}
+
+.observe-empty-state:empty {
+ display: none;
+}
+
+.observe-empty-state:not(:empty) ~ .empty-state {
+ display: none;
+}
+
+.password-field label {
+ display: flex;
+ flex-shrink: 0;
+}
+.password-field label input:checked ~ .visible {
+ display: none;
+}
+.password-field label input:not(:checked) ~ .invisible {
+ display: none;
+}
+
+.multi-state-button {
+ display: grid;
+ text-align: center;
+ align-items: center;
+ justify-items: center;
+ isolation: isolate;
+}
+.multi-state-button > * {
+ grid-area: 1/1/2/2;
+}
+.multi-state-button button {
+ z-index: 1;
+ width: 100%;
+}
+
+#confirmation_popup,
+#prompt_popup {
+ flex-direction: column;
+}
+#confirmation_popup h4,
+#prompt_popup h4 {
+ margin-bottom: 1rem;
+}
+#confirmation_popup sm-button,
+#prompt_popup sm-button {
+ margin: 0;
+}
+#confirmation_popup .flex,
+#prompt_popup .flex {
+ padding: 0;
+ margin-top: 1rem;
+}
+#confirmation_popup .flex sm-button:first-of-type,
+#prompt_popup .flex sm-button:first-of-type {
+ margin-right: 0.6rem;
+ margin-left: auto;
+}
+
+#prompt_message {
+ margin-bottom: 1.5rem;
+}
+
+.popup__header {
+ position: relative;
+ display: grid;
+ gap: 0.5rem;
+ width: 100%;
+ padding: 0 1.5rem;
+ align-items: center;
+}
+.popup__header > * {
+ grid-row: 1;
+}
+.popup__header h3,
+.popup__header h4 {
+ grid-column: 1/-1;
+ justify-self: center;
+ align-self: center;
+}
+.popup__header__close {
+ grid-column: 1;
+ margin-left: -1rem;
+ justify-self: flex-start;
+}
+
+ul[type=circle],
+menu[type=circle] {
+ padding: 1.5rem 2.5rem;
+ list-style: circle;
+}
+ul[type=circle] li,
+menu[type=circle] li {
+ margin-bottom: 1rem;
+}
+ul[type=circle] li:last-of-type,
+menu[type=circle] li:last-of-type {
+ margin-bottom: 0;
+}
+ul,
+menu {
+ list-style: none;
+}
+
+.page {
+ display: flex;
+ flex-direction: column;
+}
+
+#main_header {
+ display: grid;
+ grid-template-columns: 1fr auto;
+ gap: 1rem;
+ padding: 1rem;
+}
+
+#logo {
+ color: inherit;
+ margin-right: auto;
+}
+
+.app-brand {
+ display: flex;
+ gap: 0.3rem;
+ align-items: center;
+}
+.app-brand .icon {
+ height: 1.2rem;
+ width: 1.2rem;
+}
+
+.app-name__company {
+ font-size: 0.8rem;
+ font-weight: 500;
+ color: rgba(var(--text-color), 0.8);
+}
+
+theme-toggle {
+ justify-self: end;
+ align-self: center;
+}
+
+.label {
+ text-transform: capitalize;
+ font-size: 0.8rem;
+ margin-bottom: 0.3rem;
+ color: rgba(var(--text-color), 0.8);
+ margin-top: 1.5rem;
+ font-weight: 500;
+}
+.label:first-of-type {
+ margin-top: 0;
+}
+.label + :is(h1, h2, h3, h4, h5, h6, p, span, sm-copy, a) {
+ font-weight: 700;
+}
+
+main {
+ display: grid;
+ gap: 2rem;
+ padding: 1.5rem;
+}
+main > * {
+ max-width: 36rem;
+ margin: 0 auto;
+}
+main h2 {
+ margin-top: 10vw;
+}
+
+#input_wrapper {
+ display: grid;
+ gap: 0.5rem;
+}
+
+#eth_balance_wrapper {
+ background-color: rgba(var(--text-color), 0.06);
+ padding: max(1rem, 1.5vw);
+ border-radius: 0.5rem;
+ width: 100%;
+}
+#eth_balance_wrapper li:not(:last-of-type) {
+ border-bottom: solid thin rgba(var(--text-color), 0.3);
+ padding-bottom: 0.5rem;
+}
+
+@media only screen and (max-width: 640px) {
+ .hide-on-small {
+ display: none;
+ }
+}
+@media only screen and (min-width: 640px) {
+ sm-popup {
+ --width: 24rem;
+ }
+ .popup__header {
+ padding: 1rem 1.5rem 0 1.5rem;
+ }
+ #input_wrapper {
+ grid-template-columns: 1fr auto;
+ }
+}
+@media only screen and (min-width: 1280px) {
+ .page {
+ margin: 0 8vw;
+ }
+}
+@media (hover: hover) {
+ .hover {
+ cursor: pointer;
+ }
+ ::-webkit-scrollbar {
+ width: 0.5rem;
+ height: 0.5rem;
+ }
+ ::-webkit-scrollbar-thumb {
+ background: rgba(var(--text-color), 0.3);
+ border-radius: 1rem;
+ }
+ ::-webkit-scrollbar-thumb:hover {
+ background: rgba(var(--text-color), 0.5);
+ }
+ .interact:not([disabled]) {
+ transition: background-color 0.3s;
+ }
+ .interact:not([disabled]):hover {
+ background-color: rgba(var(--text-color), 0.06);
+ }
+ .button:not([disabled]) {
+ transition: background-color 0.3s, filter 0.3s;
+ }
+ .button:not([disabled]):hover {
+ filter: contrast(2);
+ }
+}
+@media (prefers-reduced-motion) {
+ ::view-transition-group(*),
+::view-transition-old(*),
+::view-transition-new(*) {
+ -webkit-animation: none !important;
+ animation: none !important;
+ }
+}
\ No newline at end of file
diff --git a/css/main.min.css b/css/main.min.css
new file mode 100644
index 0000000..1ab6dbd
--- /dev/null
+++ b/css/main.min.css
@@ -0,0 +1 @@
+*{padding:0;margin:0;box-sizing:border-box;font-family:"Roboto",sans-serif}:root{font-size:clamp(1rem,1.2vmax,1.5rem)}html,body{height:100%}body{--accent-color: #3d5afe;--accent-color-rgb: 77, 119, 255;--secondary-color: #ffac2e;--text-color: 34, 34, 34;--foreground-color: 252, 253, 255;--background-color: 241, 243, 248;--danger-color: rgb(255, 75, 75);--green: #1cad59;--yellow: rgb(220, 165, 0);color:rgba(var(--text-color), 1);background-color:rgba(var(--foreground-color), 1)}body[data-theme=dark]{--accent-color: #92a2ff;--accent-color-rgb: 160, 182, 255;--secondary-color: #d60739;--text-color: 210, 210, 210;--foreground-color: 27, 28, 29;--background-color: 21, 22, 22;--danger-color: rgb(255, 106, 106);--green: #00e676;--yellow: rgb(255, 213, 5)}body[data-theme=dark] ::-webkit-calendar-picker-indicator{filter:invert(1)}h1,h2,h3,h4,h5,h6{letter-spacing:-0.01em;font-weight:700}p,strong{line-height:1.7;color:rgba(var(--text-color), 0.9);max-width:70ch;font-size:.9rem}img{-o-object-fit:cover;object-fit:cover}a:where([class]){color:inherit;text-decoration:none}a:where([class]):focus-visible{box-shadow:0 0 0 .1rem rgba(var(--text-color), 1) inset}a{color:var(--accent-color)}a:-webkit-any-link:focus-visible{outline:rgba(var(--text-color), 1) .1rem solid}a:-moz-any-link:focus-visible{outline:rgba(var(--text-color), 1) .1rem solid}a:any-link:focus-visible{outline:rgba(var(--text-color), 1) .1rem solid}input[type=datetime-local]{width:100%;padding:.8rem .6rem;border:none;border-radius:.5rem;font-weight:500;font-family:inherit;font-size:inherit;color:inherit;background-color:rgba(var(--text-color), 0.06)}input[type=datetime-local]:focus{outline:none;box-shadow:0 0 0 .1rem var(--accent-color)}button,.button{-webkit-user-select:none;-moz-user-select:none;user-select:none;position:relative;display:inline-flex;border:none;background-color:rgba(0,0,0,0);overflow:hidden;color:inherit;-webkit-tap-highlight-color:rgba(0,0,0,0);align-items:center;font-size:.9rem;font-weight:500;white-space:nowrap;padding:.5rem 1rem;border-radius:.5rem;justify-content:center;flex-shrink:0}button:focus-visible,.button:focus-visible{outline:var(--accent-color) solid medium}button:not(:disabled),.button:not(:disabled){cursor:pointer}.button{background-color:rgba(var(--text-color), 0.02);border:solid thin rgba(var(--text-color), 0.06)}.button--primary{padding:.8rem 1rem;color:rgba(var(--background-color), 1);background-color:var(--accent-color)}.button--primary .icon{fill:rgba(var(--background-color), 1)}.button--colored{color:var(--accent-color)}.button--colored .icon{fill:var(--accent-color)}.button--danger{background-color:rgba(255,115,115,.062745098);color:var(--danger-color)}.button--danger .icon{fill:var(--danger-color)}.button--small{padding:.4rem .6rem}.button--outlined{border:solid var(--accent-color) 1px;background-color:rgba(0,0,0,0);color:var(--accent-color)}.button--outlined .icon{fill:var(--accent-color)}.button--transparent{background-color:rgba(0,0,0,0)}button:disabled{opacity:.4;cursor:not-allowed;filter:saturate(0)}.cta{text-transform:uppercase;font-size:.8rem;font-weight:700;letter-spacing:.05em;padding:.8rem 1rem}.icon{width:1.2rem;height:1.2rem;fill:rgba(var(--text-color), 0.8);flex-shrink:0}.icon-only{padding:.5rem;border-radius:.3rem;aspect-ratio:1/1}a:-webkit-any-link:focus-visible{outline:rgba(var(--text-color), 1) .1rem solid}a:-moz-any-link:focus-visible{outline:rgba(var(--text-color), 1) .1rem solid}a:any-link:focus-visible{outline:rgba(var(--text-color), 1) .1rem solid}details summary{display:flex;-webkit-user-select:none;-moz-user-select:none;user-select:none;cursor:pointer;align-items:center;gap:1rem;color:var(--accent-color)}details[open] summary{margin-bottom:1rem}details[open]>summary .down-arrow{transform:rotate(180deg)}fieldset{border:none}sm-input{--border-radius: 0.5rem;--background-color: rgba(var(--foreground-color), 1)}sm-spinner{--size: 1.3rem;--stroke-width: 0.1rem}sm-chips{--gap: 0.3rem}sm-chip{position:relative;font-size:.9rem;--border-radius: 0.5rem;--padding: 0.5rem 0.8rem;--background: rgba(var(--text-color), 0.06);-webkit-user-select:none;-moz-user-select:none;user-select:none;font-weight:500}sm-chip[selected]{--background: var(--accent-color);color:rgba(var(--background-color), 1)}sm-select{font-size:.9rem;font-weight:500;--padding: 0.6rem 0.3rem 0.6rem 0.6rem}sm-option{font-size:.9rem}ul{list-style:none}.interact{position:relative;overflow:hidden;cursor:pointer;-webkit-tap-highlight-color:rgba(0,0,0,0)}.overflow-ellipsis{width:100%;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.wrap-around{overflow-wrap:break-word;word-wrap:break-word;word-break:break-word}.full-bleed{grid-column:1/-1}.uppercase{text-transform:uppercase}.capitalize{text-transform:capitalize}.sticky{position:-webkit-sticky;position:sticky}.top-0{top:0}.flex{display:flex}.flex-wrap{flex-wrap:wrap}.flex-1{flex:1}.flex-shrink-0{flex-shrink:0}.grid{display:grid}.flow-column{grid-auto-flow:column}.gap-0-3{gap:.3rem}.gap-0-5{gap:.5rem}.gap-1{gap:1rem}.gap-1-5{gap:1.5rem}.gap-2{gap:2rem}.gap-3{gap:3rem}.text-align-right{text-align:right}.text-align-left{text-align:left}.align-items-start{align-items:flex-start}.align-items-center{align-items:center}.align-content-start{align-content:flex-start}.align-start{align-content:flex-start}.align-center{align-items:center}.align-end{align-items:flex-end}.text-center{text-align:center}.justify-start{justify-items:start}.justify-content-start{justify-content:start}.justify-content-center{justify-content:center}.justify-items-center{justify-items:center}.justify-right{margin-left:auto}.align-self-start{align-self:start}.align-self-center{align-self:center}.align-self-end{align-self:end}.justify-self-center{justify-self:center}.justify-self-start{justify-self:start}.justify-self-end{justify-self:end}.flex-direction-column{flex-direction:column}.space-between{justify-content:space-between}.space-evenly{justify-content:space-evenly}.w-100{width:100%}.h-100{height:100%}.padding-block-1{padding-block:1rem}.margin-right-0-3{margin-right:.3rem}.margin-right-0-5{margin-right:.5rem}.margin-right-1{margin-right:1rem}.margin-left-0-5{margin-left:.5rem}.margin-left-auto{margin-left:auto}.margin-right-auto{margin-right:auto}.margin-top-1{margin-top:1rem}.margin-bottom-0-5{margin-bottom:.5rem}.margin-bottom-1{margin-bottom:1rem}.margin-bottom-2{margin-bottom:2rem}.margin-block-0-5{margin-block:.5rem}.margin-block-1{margin-block:1rem}.margin-block-1-5{margin-block:1.5rem}.margin-inline-1{margin-inline:1rem}.margin-inline-1-5{margin-inline:1.5rem}.hidden{display:none !important}.h1{font-size:2.5rem}.h2{font-size:2rem}.h3{font-size:1.4rem}.h4{font-size:1rem}.h5{font-size:.8rem}.grid-3{grid-template-columns:1fr auto auto}.flow-column{grid-auto-flow:column}.w-100{width:100%}.color-0-8{color:rgba(var(--text-color), 0.8)}.weight-400{font-weight:400}.weight-500{font-weight:500}.ws-pre-line{white-space:pre-line}.card{background-color:rgba(var(--foreground-color), 1);border-radius:.5rem;padding:max(1rem,3vw)}.ripple{height:8rem;width:8rem;position:absolute;border-radius:50%;transform:scale(0);background:radial-gradient(circle, rgba(var(--text-color), 0.3) 0%, rgba(0, 0, 0, 0) 50%);pointer-events:none}.interactive{position:relative;overflow:hidden;cursor:pointer;-webkit-tap-highlight-color:rgba(0,0,0,0)}.observe-empty-state:empty{display:none}.observe-empty-state:not(:empty)~.empty-state{display:none}.password-field label{display:flex;flex-shrink:0}.password-field label input:checked~.visible{display:none}.password-field label input:not(:checked)~.invisible{display:none}.multi-state-button{display:grid;text-align:center;align-items:center;justify-items:center;isolation:isolate}.multi-state-button>*{grid-area:1/1/2/2}.multi-state-button button{z-index:1;width:100%}#confirmation_popup,#prompt_popup{flex-direction:column}#confirmation_popup h4,#prompt_popup h4{margin-bottom:1rem}#confirmation_popup sm-button,#prompt_popup sm-button{margin:0}#confirmation_popup .flex,#prompt_popup .flex{padding:0;margin-top:1rem}#confirmation_popup .flex sm-button:first-of-type,#prompt_popup .flex sm-button:first-of-type{margin-right:.6rem;margin-left:auto}#prompt_message{margin-bottom:1.5rem}.popup__header{position:relative;display:grid;gap:.5rem;width:100%;padding:0 1.5rem;align-items:center}.popup__header>*{grid-row:1}.popup__header h3,.popup__header h4{grid-column:1/-1;justify-self:center;align-self:center}.popup__header__close{grid-column:1;margin-left:-1rem;justify-self:flex-start}ul[type=circle],menu[type=circle]{padding:1.5rem 2.5rem;list-style:circle}ul[type=circle] li,menu[type=circle] li{margin-bottom:1rem}ul[type=circle] li:last-of-type,menu[type=circle] li:last-of-type{margin-bottom:0}ul,menu{list-style:none}.page{display:flex;flex-direction:column}#main_header{display:grid;grid-template-columns:1fr auto;gap:1rem;padding:1rem}#logo{color:inherit;margin-right:auto}.app-brand{display:flex;gap:.3rem;align-items:center}.app-brand .icon{height:1.2rem;width:1.2rem}.app-name__company{font-size:.8rem;font-weight:500;color:rgba(var(--text-color), 0.8)}theme-toggle{justify-self:end;align-self:center}.label{text-transform:capitalize;font-size:.8rem;margin-bottom:.3rem;color:rgba(var(--text-color), 0.8);margin-top:1.5rem;font-weight:500}.label:first-of-type{margin-top:0}.label+:is(h1,h2,h3,h4,h5,h6,p,span,sm-copy,a){font-weight:700}main{display:grid;gap:2rem;padding:1.5rem}main>*{max-width:36rem;margin:0 auto}main h2{margin-top:10vw}#input_wrapper{display:grid;gap:.5rem}#eth_balance_wrapper{background-color:rgba(var(--text-color), 0.06);padding:max(1rem,1.5vw);border-radius:.5rem;width:100%}#eth_balance_wrapper li:not(:last-of-type){border-bottom:solid thin rgba(var(--text-color), 0.3);padding-bottom:.5rem}@media only screen and (max-width: 640px){.hide-on-small{display:none}}@media only screen and (min-width: 640px){sm-popup{--width: 24rem}.popup__header{padding:1rem 1.5rem 0 1.5rem}#input_wrapper{grid-template-columns:1fr auto}}@media only screen and (min-width: 1280px){.page{margin:0 8vw}}@media(hover: hover){.hover{cursor:pointer}::-webkit-scrollbar{width:.5rem;height:.5rem}::-webkit-scrollbar-thumb{background:rgba(var(--text-color), 0.3);border-radius:1rem}::-webkit-scrollbar-thumb:hover{background:rgba(var(--text-color), 0.5)}.interact:not([disabled]){transition:background-color .3s}.interact:not([disabled]):hover{background-color:rgba(var(--text-color), 0.06)}.button:not([disabled]){transition:background-color .3s,filter .3s}.button:not([disabled]):hover{filter:contrast(2)}}@media(prefers-reduced-motion){::view-transition-group(*),::view-transition-old(*),::view-transition-new(*){-webkit-animation:none !important;animation:none !important}}
\ No newline at end of file
diff --git a/css/main.scss b/css/main.scss
new file mode 100644
index 0000000..1b26dfc
--- /dev/null
+++ b/css/main.scss
@@ -0,0 +1,793 @@
+* {
+ padding: 0;
+ margin: 0;
+ box-sizing: border-box;
+ font-family: "Roboto", sans-serif;
+}
+
+:root {
+ font-size: clamp(1rem, 1.2vmax, 1.5rem);
+}
+
+html,
+body {
+ height: 100%;
+}
+
+body {
+ --accent-color: #3d5afe;
+ --accent-color-rgb: 77, 119, 255;
+ --secondary-color: #ffac2e;
+ --text-color: 34, 34, 34;
+ --foreground-color: 252, 253, 255;
+ --background-color: 241, 243, 248;
+ --danger-color: rgb(255, 75, 75);
+ --green: #1cad59;
+ --yellow: rgb(220, 165, 0);
+ color: rgba(var(--text-color), 1);
+ background-color: rgba(var(--foreground-color), 1);
+}
+
+body[data-theme="dark"] {
+ --accent-color: #92a2ff;
+ --accent-color-rgb: 160, 182, 255;
+ --secondary-color: #d60739;
+ --text-color: 210, 210, 210;
+ --foreground-color: 27, 28, 29;
+ --background-color: 21, 22, 22;
+ --danger-color: rgb(255, 106, 106);
+ --green: #00e676;
+ --yellow: rgb(255, 213, 5);
+ ::-webkit-calendar-picker-indicator {
+ filter: invert(1);
+ }
+}
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+ letter-spacing: -0.01em;
+ font-weight: 700;
+ // font-family: "Rubik", sans-serif;
+}
+p,
+strong {
+ line-height: 1.7;
+ color: rgba(var(--text-color), 0.9);
+ max-width: 70ch;
+ font-size: 0.9rem;
+}
+
+img {
+ object-fit: cover;
+}
+
+a:where([class]) {
+ color: inherit;
+ text-decoration: none;
+
+ &:focus-visible {
+ box-shadow: 0 0 0 0.1rem rgba(var(--text-color), 1) inset;
+ }
+}
+a {
+ color: var(--accent-color);
+}
+
+a:any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+input[type="datetime-local"] {
+ width: 100%;
+ padding: 0.8rem 0.6rem;
+ border: none;
+ border-radius: 0.5rem;
+ font-weight: 500;
+ font-family: inherit;
+ font-size: inherit;
+ color: inherit;
+ background-color: rgba(var(--text-color), 0.06);
+ &:focus {
+ outline: none;
+ box-shadow: 0 0 0 0.1rem var(--accent-color);
+ }
+}
+button,
+.button {
+ user-select: none;
+ position: relative;
+ display: inline-flex;
+ border: none;
+ background-color: transparent;
+ overflow: hidden;
+ color: inherit;
+ -webkit-tap-highlight-color: transparent;
+ align-items: center;
+ font-size: 0.9rem;
+ font-weight: 500;
+ white-space: nowrap;
+ padding: 0.5rem 1rem;
+ border-radius: 0.5rem;
+ justify-content: center;
+ flex-shrink: 0;
+ &:focus-visible {
+ outline: var(--accent-color) solid medium;
+ }
+
+ &:not(:disabled) {
+ cursor: pointer;
+ }
+}
+
+.button {
+ background-color: rgba(var(--text-color), 0.02);
+ border: solid thin rgba(var(--text-color), 0.06);
+ &--primary {
+ padding: 0.8rem 1rem;
+ color: rgba(var(--background-color), 1);
+ background-color: var(--accent-color);
+
+ .icon {
+ fill: rgba(var(--background-color), 1);
+ }
+ }
+ &--colored {
+ color: var(--accent-color);
+ .icon {
+ fill: var(--accent-color);
+ }
+ }
+ &--danger {
+ background-color: #ff737310;
+ color: var(--danger-color);
+ .icon {
+ fill: var(--danger-color);
+ }
+ }
+
+ &--small {
+ padding: 0.4rem 0.6rem;
+ }
+
+ &--outlined {
+ border: solid var(--accent-color) 1px;
+ background-color: transparent;
+ color: var(--accent-color);
+ .icon {
+ fill: var(--accent-color);
+ }
+ }
+ &--transparent {
+ background-color: transparent;
+ }
+}
+button:disabled {
+ opacity: 0.4;
+ cursor: not-allowed;
+ filter: saturate(0);
+}
+
+.cta {
+ text-transform: uppercase;
+ font-size: 0.8rem;
+ font-weight: 700;
+ letter-spacing: 0.05em;
+ padding: 0.8rem 1rem;
+}
+
+.icon {
+ width: 1.2rem;
+ height: 1.2rem;
+ fill: rgba(var(--text-color), 0.8);
+ flex-shrink: 0;
+}
+
+.icon-only {
+ padding: 0.5rem;
+ border-radius: 0.3rem;
+ aspect-ratio: 1/1;
+}
+
+a:any-link:focus-visible {
+ outline: rgba(var(--text-color), 1) 0.1rem solid;
+}
+
+details summary {
+ display: flex;
+ user-select: none;
+ cursor: pointer;
+ align-items: center;
+ gap: 1rem;
+ color: var(--accent-color);
+}
+
+details[open] {
+ & summary {
+ margin-bottom: 1rem;
+ }
+
+ & > summary .down-arrow {
+ transform: rotate(180deg);
+ }
+}
+fieldset {
+ border: none;
+}
+sm-input {
+ --border-radius: 0.5rem;
+ --background-color: rgba(var(--foreground-color), 1);
+}
+
+sm-spinner {
+ --size: 1.3rem;
+ --stroke-width: 0.1rem;
+}
+
+sm-chips {
+ --gap: 0.3rem;
+}
+
+sm-chip {
+ position: relative;
+ font-size: 0.9rem;
+ --border-radius: 0.5rem;
+ --padding: 0.5rem 0.8rem;
+ --background: rgba(var(--text-color), 0.06);
+ user-select: none;
+ font-weight: 500;
+ &[selected] {
+ --background: var(--accent-color);
+ color: rgba(var(--background-color), 1);
+ }
+}
+sm-select {
+ font-size: 0.9rem;
+ font-weight: 500;
+ --padding: 0.6rem 0.3rem 0.6rem 0.6rem;
+}
+sm-option {
+ font-size: 0.9rem;
+}
+ul {
+ list-style: none;
+}
+.interact {
+ position: relative;
+ overflow: hidden;
+ cursor: pointer;
+ -webkit-tap-highlight-color: transparent;
+}
+.overflow-ellipsis {
+ width: 100%;
+ overflow: hidden;
+ white-space: nowrap;
+ text-overflow: ellipsis;
+}
+
+.wrap-around {
+ overflow-wrap: break-word;
+ word-wrap: break-word;
+ word-break: break-word;
+}
+
+.full-bleed {
+ grid-column: 1/-1;
+}
+
+.uppercase {
+ text-transform: uppercase;
+}
+
+.capitalize {
+ text-transform: capitalize;
+}
+
+.sticky {
+ position: sticky;
+}
+
+.top-0 {
+ top: 0;
+}
+
+.flex {
+ display: flex;
+}
+
+.flex-wrap {
+ flex-wrap: wrap;
+}
+
+.flex-1 {
+ flex: 1;
+}
+.flex-shrink-0 {
+ flex-shrink: 0;
+}
+
+.grid {
+ display: grid;
+}
+
+.flow-column {
+ grid-auto-flow: column;
+}
+
+.gap-0-3 {
+ gap: 0.3rem;
+}
+
+.gap-0-5 {
+ gap: 0.5rem;
+}
+
+.gap-1 {
+ gap: 1rem;
+}
+
+.gap-1-5 {
+ gap: 1.5rem;
+}
+
+.gap-2 {
+ gap: 2rem;
+}
+
+.gap-3 {
+ gap: 3rem;
+}
+
+.text-align-right {
+ text-align: right;
+}
+.text-align-left {
+ text-align: left;
+}
+
+.align-items-start {
+ align-items: flex-start;
+}
+.align-items-center {
+ align-items: center;
+}
+.align-content-start {
+ align-content: flex-start;
+}
+
+.align-start {
+ align-content: flex-start;
+}
+
+.align-center {
+ align-items: center;
+}
+
+.align-end {
+ align-items: flex-end;
+}
+
+.text-center {
+ text-align: center;
+}
+
+.justify-start {
+ justify-items: start;
+}
+.justify-content-start {
+ justify-content: start;
+}
+
+.justify-content-center {
+ justify-content: center;
+}
+.justify-items-center {
+ justify-items: center;
+}
+
+.justify-right {
+ margin-left: auto;
+}
+.align-self-start {
+ align-self: start;
+}
+.align-self-center {
+ align-self: center;
+}
+
+.align-self-end {
+ align-self: end;
+}
+
+.justify-self-center {
+ justify-self: center;
+}
+
+.justify-self-start {
+ justify-self: start;
+}
+
+.justify-self-end {
+ justify-self: end;
+}
+
+.flex-direction-column {
+ flex-direction: column;
+}
+
+.space-between {
+ justify-content: space-between;
+}
+.space-evenly {
+ justify-content: space-evenly;
+}
+
+.w-100 {
+ width: 100%;
+}
+
+.h-100 {
+ height: 100%;
+}
+
+.padding-block-1 {
+ padding-block: 1rem;
+}
+
+.margin-right-0-3 {
+ margin-right: 0.3rem;
+}
+.margin-right-0-5 {
+ margin-right: 0.5rem;
+}
+.margin-right-1 {
+ margin-right: 1rem;
+}
+
+.margin-left-0-5 {
+ margin-left: 0.5rem;
+}
+
+.margin-left-auto {
+ margin-left: auto;
+}
+.margin-right-auto {
+ margin-right: auto;
+}
+.margin-top-1 {
+ margin-top: 1rem;
+}
+.margin-bottom-0-5 {
+ margin-bottom: 0.5rem;
+}
+.margin-bottom-1 {
+ margin-bottom: 1rem;
+}
+.margin-bottom-2 {
+ margin-bottom: 2rem;
+}
+
+.margin-block-0-5 {
+ margin-block: 0.5rem;
+}
+.margin-block-1 {
+ margin-block: 1rem;
+}
+
+.margin-block-1-5 {
+ margin-block: 1.5rem;
+}
+
+.margin-inline-1 {
+ margin-inline: 1rem;
+}
+
+.margin-inline-1-5 {
+ margin-inline: 1.5rem;
+}
+
+.hidden {
+ display: none !important;
+}
+
+.h1 {
+ font-size: 2.5rem;
+}
+
+.h2 {
+ font-size: 2rem;
+}
+
+.h3 {
+ font-size: 1.4rem;
+}
+
+.h4 {
+ font-size: 1rem;
+}
+
+.h5 {
+ font-size: 0.8rem;
+}
+
+.grid-3 {
+ grid-template-columns: 1fr auto auto;
+}
+
+.flow-column {
+ grid-auto-flow: column;
+}
+.w-100 {
+ width: 100%;
+}
+
+.color-0-8 {
+ color: rgba(var(--text-color), 0.8);
+}
+
+.weight-400 {
+ font-weight: 400;
+}
+
+.weight-500 {
+ font-weight: 500;
+}
+.ws-pre-line {
+ white-space: pre-line;
+}
+
+.card {
+ background-color: rgba(var(--foreground-color), 1);
+ border-radius: 0.5rem;
+ padding: max(1rem, 3vw);
+}
+
+.ripple {
+ height: 8rem;
+ width: 8rem;
+ position: absolute;
+ border-radius: 50%;
+ transform: scale(0);
+ background: radial-gradient(
+ circle,
+ rgba(var(--text-color), 0.3) 0%,
+ rgba(0, 0, 0, 0) 50%
+ );
+ pointer-events: none;
+}
+.interactive {
+ position: relative;
+ overflow: hidden;
+ cursor: pointer;
+ -webkit-tap-highlight-color: transparent;
+}
+
+.observe-empty-state:empty {
+ display: none;
+}
+
+.observe-empty-state:not(:empty) ~ .empty-state {
+ display: none;
+}
+.password-field {
+ label {
+ display: flex;
+ flex-shrink: 0;
+ input:checked ~ .visible {
+ display: none;
+ }
+ input:not(:checked) ~ .invisible {
+ display: none;
+ }
+ }
+}
+.multi-state-button {
+ display: grid;
+ text-align: center;
+ align-items: center;
+ justify-items: center;
+ isolation: isolate;
+ & > * {
+ grid-area: 1/1/2/2;
+ }
+ button {
+ z-index: 1;
+ width: 100%;
+ }
+}
+
+#confirmation_popup,
+#prompt_popup {
+ flex-direction: column;
+ h4 {
+ margin-bottom: 1rem;
+ }
+ sm-button {
+ margin: 0;
+ }
+ .flex {
+ padding: 0;
+ margin-top: 1rem;
+ sm-button:first-of-type {
+ margin-right: 0.6rem;
+ margin-left: auto;
+ }
+ }
+}
+#prompt_message {
+ margin-bottom: 1.5rem;
+}
+
+.popup__header {
+ position: relative;
+ display: grid;
+ gap: 0.5rem;
+ width: 100%;
+ padding: 0 1.5rem;
+ align-items: center;
+ & > * {
+ grid-row: 1;
+ }
+ h3,
+ h4 {
+ grid-column: 1/-1;
+ justify-self: center;
+ align-self: center;
+ }
+ &__close {
+ grid-column: 1;
+ margin-left: -1rem;
+ justify-self: flex-start;
+ }
+}
+ul,
+menu {
+ &[type="circle"] {
+ padding: 1.5rem 2.5rem;
+ list-style: circle;
+ li {
+ margin-bottom: 1rem;
+ &:last-of-type {
+ margin-bottom: 0;
+ }
+ }
+ }
+ & {
+ list-style: none;
+ }
+}
+.page {
+ display: flex;
+ flex-direction: column;
+}
+#main_header {
+ display: grid;
+ grid-template-columns: 1fr auto;
+ gap: 1rem;
+ padding: 1rem;
+}
+#logo {
+ color: inherit;
+ margin-right: auto;
+}
+.app-brand {
+ display: flex;
+ gap: 0.3rem;
+ align-items: center;
+ .icon {
+ height: 1.2rem;
+ width: 1.2rem;
+ }
+}
+.app-name {
+ &__company {
+ font-size: 0.8rem;
+ font-weight: 500;
+ color: rgba(var(--text-color), 0.8);
+ }
+}
+theme-toggle {
+ justify-self: end;
+ align-self: center;
+}
+.label {
+ text-transform: capitalize;
+ font-size: 0.8rem;
+ margin-bottom: 0.3rem;
+ color: rgba(var(--text-color), 0.8);
+ margin-top: 1.5rem;
+ font-weight: 500;
+ &:first-of-type {
+ margin-top: 0;
+ }
+ & + :is(h1, h2, h3, h4, h5, h6, p, span, sm-copy, a) {
+ font-weight: 700;
+ }
+}
+main {
+ display: grid;
+ gap: 2rem;
+ padding: 1.5rem;
+ & > * {
+ max-width: 36rem;
+ margin: 0 auto;
+ }
+ h2 {
+ margin-top: 10vw;
+ }
+}
+#input_wrapper {
+ display: grid;
+ gap: 0.5rem;
+}
+#eth_balance_wrapper {
+ background-color: rgba(var(--text-color), 0.06);
+ padding: max(1rem, 1.5vw);
+ border-radius: 0.5rem;
+ width: 100%;
+ li {
+ &:not(:last-of-type) {
+ border-bottom: solid thin rgba(var(--text-color), 0.3);
+ padding-bottom: 0.5rem;
+ }
+ }
+}
+@media only screen and (max-width: 640px) {
+ .hide-on-small {
+ display: none;
+ }
+}
+@media only screen and (min-width: 640px) {
+ sm-popup {
+ --width: 24rem;
+ }
+ .popup__header {
+ padding: 1rem 1.5rem 0 1.5rem;
+ }
+ #input_wrapper {
+ grid-template-columns: 1fr auto;
+ }
+}
+@media only screen and (min-width: 1280px) {
+ .page {
+ margin: 0 8vw;
+ }
+}
+@media (hover: hover) {
+ .hover {
+ cursor: pointer;
+ }
+ ::-webkit-scrollbar {
+ width: 0.5rem;
+ height: 0.5rem;
+ }
+
+ ::-webkit-scrollbar-thumb {
+ background: rgba(var(--text-color), 0.3);
+ border-radius: 1rem;
+
+ &:hover {
+ background: rgba(var(--text-color), 0.5);
+ }
+ }
+ .interact:not([disabled]) {
+ transition: background-color 0.3s;
+ &:hover {
+ background-color: rgba(var(--text-color), 0.06);
+ }
+ }
+ .button:not([disabled]) {
+ transition: background-color 0.3s, filter 0.3s;
+ &:hover {
+ filter: contrast(2);
+ }
+ }
+}
+@media (prefers-reduced-motion) {
+ ::view-transition-group(*),
+ ::view-transition-old(*),
+ ::view-transition-new(*) {
+ animation: none !important;
+ }
+}
diff --git a/index.html b/index.html
index 7cddae1..3f34a3c 100644
--- a/index.html
+++ b/index.html
@@ -1,2 +1,242 @@
-
-
+
+
+
+
+
+
+ ETH Connect
+
+
+
+
+
+
+
+
+
+
+
+
+
RanchiMall
+
+ Eth Connect
+
+
+
+ Check USDC/USDT balance
+
+
+
+
+
+
+
+
Balance
+
+ -
+
USDC
+ 0
+
+ -
+
USDT
+ 0
+
+
+
+
${icon}
` : ""} ${action ? `` : ""} `, action && notification.querySelector(".action").addEventListener("click", action.callback), notification.querySelector(".close").addEventListener("click", (() => { this.removeNotification(notification) })), pinned || setTimeout((() => { this.removeNotification(notification, this.isBigViewport ? "left" : "top") }), timeout), notification } push(message, options = {}) { const notification = this.createNotification(message, options); return this.isBigViewport ? this.notificationPanel.append(notification) : this.notificationPanel.prepend(notification), notification.scrollIntoView({ behavior: "smooth" }), this.notificationPanel.animate([{ transform: `translateY(${this.isBigViewport ? "" : "-"}${notification.clientHeight}px)` }, { transform: "none" }], this.animationOptions), notification.animate([{ transform: "translateY(-1rem)", opacity: "0" }, { transform: "none", opacity: "1" }], this.animationOptions).onfinish = e => { e.target.commitStyles(), e.target.cancel() }, notification.id } removeNotification(notification, direction = "left") { if (!notification) return; const sign = "left" === direction || "top" === direction ? "-" : "+"; this.isBigViewport || "top" !== direction ? notification.animate([{ transform: this.currentX ? `translateX(${this.currentX}px)` : "none", opacity: "1" }, { transform: `translateX(calc(${sign}${Math.abs(this.currentX)}px ${sign} 1rem))`, opacity: "0" }], this.animationOptions).onfinish = () => { notification.remove() } : notification.animate([{ transform: this.currentX ? `translateY(${this.currentX}px)` : "none", opacity: "1" }, { transform: `translateY(calc(${sign}${Math.abs(this.currentX)}px ${sign} 1rem))`, opacity: "0" }], this.animationOptions).onfinish = () => { notification.remove() } } remove(id) { const notification = this.notificationPanel.querySelector(`#${id}`); notification && this.removeNotification(notification) } clearAll() { Array.from(this.notificationPanel.children).forEach((child => { this.removeNotification(child) })) } handleTouchMove(e) { this.currentX = e.touches[0].clientX - this.startX, this.currentTarget.style.transform = `translateX(${this.currentX}px)` } handleOrientationChange(e) { this.isBigViewport = e.matches, e.matches } connectedCallback() { this.handleOrientationChange(this.mediaQuery), this.mediaQuery.addEventListener("change", this.handleOrientationChange), this.notificationPanel.addEventListener("touchstart", (e => { e.target.closest(".close") ? this.removeNotification(e.target.closest(".notification")) : e.target.closest(".notification") && (this.swipeThreshold = e.target.closest(".notification").getBoundingClientRect().width / 2, this.currentTarget = e.target.closest(".notification"), this.startTime = Date.now(), this.startX = e.touches[0].clientX, this.startY = e.touches[0].clientY, this.notificationPanel.addEventListener("touchmove", this.handleTouchMove, { passive: !0 })) }), { passive: !0 }), this.notificationPanel.addEventListener("touchend", (e => { this.endX = e.changedTouches[0].clientX, this.endY = e.changedTouches[0].clientY, this.swipeDistance = Math.abs(this.endX - this.startX), this.swipeTime = Date.now() - this.startTime, this.endX > this.startX ? this.swipeDirection = "right" : this.swipeDirection = "left", this.swipeTime < this.swipeTimeThreshold ? this.swipeDistance > 50 && this.removeNotification(this.currentTarget, this.swipeDirection) : this.swipeDistance > this.swipeThreshold ? this.removeNotification(this.currentTarget, this.swipeDirection) : this.currentTarget.animate([{ transform: `translateX(${this.currentX}px)` }, { transform: "none" }], this.animationOptions).onfinish = e => { e.target.commitStyles(), e.target.cancel() }, this.notificationPanel.removeEventListener("touchmove", this.handleTouchMove), this.currentX = 0 })) } disconnectedCallback() { mediaQueryList.removeEventListener("change", handleOrientationChange) } });
+const spinner = document.createElement("template"); spinner.innerHTML = ''; class SpinnerLoader extends HTMLElement { constructor() { super(), this.attachShadow({ mode: "open" }).append(spinner.content.cloneNode(!0)) } } window.customElements.define("sm-spinner", SpinnerLoader);
+const themeToggle = document.createElement("template"); themeToggle.innerHTML = ' '; class ThemeToggle extends HTMLElement { constructor() { super(), this.attachShadow({ mode: "open" }).append(themeToggle.content.cloneNode(!0)), this.isChecked = !1, this.hasTheme = "light", this.toggleState = this.toggleState.bind(this), this.fireEvent = this.fireEvent.bind(this), this.handleThemeChange = this.handleThemeChange.bind(this) } static get observedAttributes() { return ["checked"] } daylight() { this.hasTheme = "light", document.body.dataset.theme = "light", this.setAttribute("aria-checked", "false") } nightlight() { this.hasTheme = "dark", document.body.dataset.theme = "dark", this.setAttribute("aria-checked", "true") } toggleState() { if (!document.startViewTransition) return this.toggleAttribute("checked"), void this.fireEvent(); document.startViewTransition(() => { this.toggleAttribute("checked"), this.fireEvent() }) } handleKeyDown(e) { " " === e.key && this.toggleState() } handleThemeChange(e) { e.detail.theme !== this.hasTheme && ("dark" === e.detail.theme ? this.setAttribute("checked", "") : this.removeAttribute("checked")) } fireEvent() { this.dispatchEvent(new CustomEvent("themechange", { bubbles: !0, composed: !0, detail: { theme: this.hasTheme } })) } connectedCallback() { this.setAttribute("role", "switch"), this.setAttribute("aria-label", "theme toggle"), "dark" === localStorage.getItem(`${window.location.hostname}-theme`) ? (this.nightlight(), this.setAttribute("checked", "")) : "light" === localStorage.getItem(`${window.location.hostname}-theme`) ? (this.daylight(), this.removeAttribute("checked")) : window.matchMedia("(prefers-color-scheme: dark)").matches ? (this.nightlight(), this.setAttribute("checked", "")) : (this.daylight(), this.removeAttribute("checked")), this.addEventListener("click", this.toggleState), this.addEventListener("keydown", this.handleKeyDown), document.addEventListener("themechange", this.handleThemeChange) } disconnectedCallback() { this.removeEventListener("click", this.toggleState), this.removeEventListener("keydown", this.handleKeyDown), document.removeEventListener("themechange", this.handleThemeChange) } attributeChangedCallback(e, t, n) { "checked" === e && (this.hasAttribute("checked") ? (this.nightlight(), localStorage.setItem(`${window.location.hostname}-theme`, "dark")) : (this.daylight(), localStorage.setItem(`${window.location.hostname}-theme`, "light"))) } } window.customElements.define("theme-toggle", ThemeToggle);
\ No newline at end of file
diff --git a/scripts/components.min.js b/scripts/components.min.js
new file mode 100644
index 0000000..3ad16b2
--- /dev/null
+++ b/scripts/components.min.js
@@ -0,0 +1 @@
+const smCopy=document.createElement("template");smCopy.innerHTML='',customElements.define("sm-copy",class extends HTMLElement{constructor(){super(),this.attachShadow({mode:"open"}).append(smCopy.content.cloneNode(!0)),this.copyContent=this.shadowRoot.querySelector(".copy-content"),this.copyButton=this.shadowRoot.querySelector(".copy-button"),this.copy=this.copy.bind(this)}static get observedAttributes(){return["value"]}set value(t){this.setAttribute("value",t)}get value(){return this.getAttribute("value")}fireEvent(){this.dispatchEvent(new CustomEvent("copy",{composed:!0,bubbles:!0,cancelable:!0}))}copy(){navigator.clipboard.writeText(this.getAttribute("value")).then((t=>this.fireEvent())).catch((t=>console.error(t)))}connectedCallback(){this.copyButton.addEventListener("click",this.copy)}attributeChangedCallback(t,n,o){if("value"===t){const t=this.copyContent.querySelector("slot");if(!t)return;const n=t.assignedNodes();n&&n.length||(t.textContent=o)}}disconnectedCallback(){this.copyButton.removeEventListener("click",this.copy)}});const smForm=document.createElement("template");smForm.innerHTML=' ',customElements.define("sm-form",class extends HTMLElement{constructor(){super(),this.attachShadow({mode:"open"}).append(smForm.content.cloneNode(!0)),this.form=this.shadowRoot.querySelector("form"),this.invalidFieldsCount,this.skipSubmit=!1,this.isFormValid=void 0,this.supportedElements="input, sm-input, sm-textarea, sm-checkbox, tags-input, file-input, sm-switch, sm-radio",this.formElements=[],this._requiredElements=[]}static get observedAttributes(){return["skip-submit"]}get validity(){return this.isFormValid}debounce=(callback,wait)=>{let timeoutId=null;return(...args)=>{window.clearTimeout(timeoutId),timeoutId=window.setTimeout((()=>{callback.apply(null,args)}),wait)}};_checkValidity=()=>{this.submitButton&&0!==this._requiredElements.length&&(this.invalidFieldsCount=0,this._requiredElements.forEach((([elem,isWC])=>{(!elem.disabled&&isWC&&!elem.isValid||!isWC&&!elem.checkValidity())&&this.invalidFieldsCount++})),this.isFormValid!==(0===this.invalidFieldsCount)&&(this.isFormValid=0===this.invalidFieldsCount,this.dispatchEvent(new CustomEvent(this.isFormValid?"valid":"invalid",{bubbles:!0,composed:!0})),this.skipSubmit||(this.submitButton.disabled=!this.isFormValid)))};handleKeydown=e=>{if("Enter"===e.key&&e.target.tagName.includes("INPUT"))if(0===this.invalidFieldsCount)this.submitButton&&this.submitButton.click(),this.dispatchEvent(new CustomEvent("submit",{bubbles:!0,composed:!0}));else for(const[elem,isWC]of this._requiredElements)if(isWC?!elem.isValid:!elem.checkValidity()){(elem?.shadowRoot?.lastElementChild||elem).animate([{transform:"translateX(-1rem)"},{transform:"translateX(1rem)"},{transform:"translateX(-0.5rem)"},{transform:"translateX(0.5rem)"},{transform:"translateX(0)"}],{duration:300,easing:"ease"}),isWC?(elem.focusIn(),"SM-INPUT"===elem.tagName&&""===elem.value.trim()&&elem.showError()):elem.focus();break}};reset=()=>{this.formElements.forEach((([elem,isWC])=>{if(isWC)elem.reset();else switch(elem.type){case"checkbox":case"radio":elem.checked=!1;break;default:elem.value=""}})),this._checkValidity()};elementsChanged=()=>{this.formElements=[...this.querySelectorAll(this.supportedElements)].map((elem=>[elem,elem.tagName.includes("-")])),this._requiredElements=this.formElements.filter((([elem])=>elem.hasAttribute("required"))),this.submitButton=this.querySelector('[variant="primary"], [type="submit"]'),this.resetButton=this.querySelector('[type="reset"]'),this.resetButton&&this.resetButton.addEventListener("click",this.reset),this._checkValidity()};checkIfSupported=elem=>1===elem.nodeType&&(elem.tagName.includes("-")||"input"===elem.tagName||elem.querySelector(this.supportedElements));connectedCallback(){const updateFormDecedents=this.debounce(this.elementsChanged,100);this.addEventListener("input",this.debounce(this._checkValidity,100)),this.addEventListener("keydown",this.debounce(this.handleKeydown,100)),this.shadowRoot.querySelector("slot").addEventListener("slotchange",updateFormDecedents),this.mutationObserver=new MutationObserver((mutations=>{mutations.forEach((mutation=>{("childList"===mutation.type&&[...mutation.addedNodes].some((node=>this.checkIfSupported(node)))||[...mutation.removedNodes].some((node=>this.checkIfSupported(node))))&&updateFormDecedents()}))})),this.mutationObserver.observe(this,{childList:!0,subtree:!0})}attributeChangedCallback(name,oldValue,newValue){"skip-submit"===name&&(this.skipSubmit=this.hasAttribute("skip-submit"))}disconnectedCallback(){this.removeEventListener("input",this.debounce(this._checkValidity,100)),this.removeEventListener("keydown",this.debounce(this.handleKeydown,100)),this.mutationObserver.disconnect()}});const smInput=document.createElement("template");smInput.innerHTML=' ',customElements.define("sm-input",class SmInput extends HTMLElement{static hasAppendedStyles=!1;#validationState={validatedFor:void 0,isValid:!1,errorMessage:"Please fill out this field."};constructor(){super(),this.attachShadow({mode:"open"}).append(smInput.content.cloneNode(!0)),this.inputParent=this.shadowRoot.querySelector(".input"),this.input=this.shadowRoot.querySelector("input"),this.clearBtn=this.shadowRoot.querySelector(".clear"),this.placeholderElement=this.shadowRoot.querySelector(".placeholder"),this.outerContainer=this.shadowRoot.querySelector(".outer-container"),this.optionList=this.shadowRoot.querySelector(".datalist"),this._helperText="",this.isRequired=!1,this.datalist=[],this.validationFunction=void 0,this.reflectedAttributes=["value","required","disabled","type","inputmode","readonly","min","max","pattern","minlength","maxlength","step","list","autocomplete"]}static get observedAttributes(){return["value","placeholder","required","disabled","type","inputmode","readonly","min","max","pattern","minlength","maxlength","step","helper-text","error-text","list"]}get value(){return this.input.value}set value(val){val!==this.input.value&&(this.input.value=val,this._value=val,this.checkInput())}get placeholder(){return this.getAttribute("placeholder")}set placeholder(val){this.setAttribute("placeholder",val)}get type(){return this.getAttribute("type")}set type(val){this.setAttribute("type",val)}get validity(){return this.input.validity}get disabled(){return this.hasAttribute("disabled")}set disabled(value){value?(this.inputParent.classList.add("disabled"),this.setAttribute("disabled","")):(this.inputParent.classList.remove("disabled"),this.removeAttribute("disabled"))}get readOnly(){return this.hasAttribute("readonly")}set readOnly(value){value?this.setAttribute("readonly",""):this.removeAttribute("readonly")}set customValidation(val){val&&(this.validationFunction=val)}set errorText(val){this.#validationState.errorText=val}showError=(errorText=this.#validationState.errorText)=>{const appendedNew=this.appendFeedbackElement();this.feedbackPopover.innerHTML=` ${errorText} `,this.feedbackPopover.dataset.state="error",appendedNew&&this.feedbackPopover.animate([{transform:"scale(0.95)",opacity:0},{transform:"scale(1)",opacity:1}],{duration:200,easing:"ease",fill:"forwards"})};set helperText(val){this._helperText=val}get isValid(){if(this.#validationState.validatedFor===this.input.value)return this.#validationState.isValid;const _isValid=this.input.checkValidity();let _validity={isValid:!0,errorText:""};return this.validationFunction&&(_validity=this.validationFunction(this.input.value)),_isValid&&_validity.isValid?(this.setAttribute("valid",""),this.removeAttribute("invalid"),this.hideFeedback()):(this.removeAttribute("valid"),this.setAttribute("invalid",""),""!==this.value.trim()&&(_validity.errorText||this.#validationState.errorText)&&this.showError(_validity.errorText||this.#validationState.errorText)),this.#validationState.validatedFor=this.input.value,this.#validationState.isValid=_isValid&&_validity.isValid,this.#validationState.errorText=_validity.errorText||this.#validationState.errorText,this.#validationState.isValid}reset=()=>{this.value=""};clear=()=>{this.value="",this.input.focus(),this.fireEvent()};focusIn=()=>{this.input.focus()};focusOut=()=>{this.input.blur()};fireEvent=()=>{let event=new Event("input",{bubbles:!0,cancelable:!0,composed:!0});this.dispatchEvent(event)};searchDatalist=searchKey=>{const filteredData=this.datalist.filter((item=>item.toLowerCase().includes(searchKey.toLowerCase())));if(filteredData.sort(((a,b)=>a.toLowerCase().indexOf(searchKey.toLowerCase())-b.toLowerCase().indexOf(searchKey.toLowerCase()))),filteredData.length){if(this.optionList.children.length>filteredData.length){const optionsToRemove=this.optionList.children.length-filteredData.length;for(let i=0;i{if(this.optionList.children[index])this.optionList.children[index].textContent=item;else{const option=document.createElement("li");option.textContent=item,option.classList.add("datalist-item"),option.setAttribute("tabindex","0"),this.optionList.appendChild(option)}})),this.optionList.classList.remove("hidden")}else this.optionList.classList.add("hidden")};checkInput=e=>{this.hasAttribute("readonly")||(""!==this.input.value?this.clearBtn.classList.remove("hidden"):this.clearBtn.classList.add("hidden")),this.hasAttribute("placeholder")&&""!==this.getAttribute("placeholder").trim()&&(""!==this.input.value?(this.shouldAnimatePlaceholder&&this.inputParent.classList.add("animate-placeholder"),this.placeholderElement.classList.toggle("hidden",!this.shouldAnimatePlaceholder),this.datalist.length&&(this.searchTimeout&&clearTimeout(this.searchTimeout),this.searchTimeout=setTimeout((()=>{this.searchDatalist(this.input.value.trim())}),100))):(this.shouldAnimatePlaceholder&&this.inputParent.classList.remove("animate-placeholder"),this.placeholderElement.classList.remove("hidden"),this.hideFeedback(),this.datalist.length&&(this.optionList.innerHTML="",this.optionList.classList.add("hidden"))))};allowOnlyNum=e=>{e.ctrlKey||1===e.key.length&&(("."!==e.key||!e.target.value.includes(".")&&0!==e.target.value.length)&&["0","1","2","3","4","5","6","7","8","9","."].includes(e.key)||e.preventDefault())};handleOptionClick=e=>{this.input.value=e.target.textContent,this.optionList.classList.add("hidden"),this.input.focus()};handleInputNavigation=e=>{"ArrowDown"===e.key?(e.preventDefault(),this.optionList.children.length&&this.optionList.children[0].focus()):"ArrowUp"===e.key&&(e.preventDefault(),this.optionList.children.length&&this.optionList.children[this.optionList.children.length-1].focus())};handleDatalistNavigation=e=>{"ArrowUp"===e.key?(e.preventDefault(),this.shadowRoot.activeElement.previousElementSibling?this.shadowRoot.activeElement.previousElementSibling.focus():this.input.focus()):"ArrowDown"===e.key?(e.preventDefault(),this.shadowRoot.activeElement.nextElementSibling?this.shadowRoot.activeElement.nextElementSibling.focus():this.input.focus()):"Enter"!==e.key&&" "!==e.key||(e.preventDefault(),this.input.value=e.target.textContent,this.optionList.classList.add("hidden"),this.input.focus())};handleFocus=e=>{this.datalist.length&&this.searchDatalist(this.input.value.trim())};handleBlur=e=>{this.datalist.length&&this.optionList.classList.add("hidden")};applyGlobalCustomValidation=()=>{if(void 0!==window.smCompConfig&&window.smCompConfig["sm-input"]){const config=window.smCompConfig["sm-input"].find((config=>this.matches(config.selector)));this.customValidation=config?.customValidation}};updatePosition=()=>{requestAnimationFrame((()=>{if(this.dimensions=this.getBoundingClientRect(),this.scrollingParentDimensions=this.scrollingParent.getBoundingClientRect(),0===this.dimensions.width||0===this.dimensions.height)return;let topOffset=this.dimensions.top-this.scrollingParentDimensions.top+this.dimensions.height,leftOffset=this.dimensions.left-this.scrollingParentDimensions.left;const maxWidth=this.dimensions.width;this.feedbackPopover.style=`top: ${topOffset}px; left: ${leftOffset}px; max-width: ${maxWidth}px;`}))};appendFeedbackElement=()=>!this.feedbackPopover&&(this.feedbackPopover=document.createElement("div"),this.feedbackPopover.className="feedback-popover",this.feedbackPopover.setAttribute("aria-live","polite"),this.containment=this.closest("[data-sm-containment]"),this.scrollingParent=this.getNearestScrollingParent(this),(this.containment||this.scrollingParent).appendChild(this.feedbackPopover),""===this.scrollingParent.style.position&&(this.scrollingParent.style.position="relative"),this.containment||(this.observerHidFeedback=!1,this.intersectionObserver=new IntersectionObserver((entries=>{if(this.feedbackPopover)if(entries[0].isIntersecting){if(!this.observerHidFeedback)return;this.feedbackPopover.classList.remove("hidden"),this.observerHidFeedback=!1}else this.feedbackPopover.classList.add("hidden"),this.observerHidFeedback=!0})).observe(this)),this.updatePosition(),window.addEventListener("resize",this.updatePosition,{passive:!0}),!0);getNearestScrollingParent=element=>{let parent=element.parentNode;for(;parent;){if(parent.scrollHeight>parent.clientHeight||parent.scrollWidth>parent.clientWidth||parent.tagName.includes("SM-")||parent.hasAttribute("data-scrollable"))return parent;parent=parent.parentNode}return document.body};hideFeedback=()=>{this.feedbackPopover&&(this.feedbackPopover.animate([{transform:"none",opacity:1},{transform:"scale(0.95)",opacity:0}],{duration:100,easing:"ease-in-out",fill:"forwards"}).onfinish=()=>{this.intersectionObserver?.disconnect(),this.feedbackPopover.remove(),this.feedbackPopover=null,window.removeEventListener("resize",this.updatePosition,{passive:!0})})};connectedCallback(){SmInput.hasAppendedStyles||(document.head.insertAdjacentHTML("beforeend",""),SmInput.hasAppendedStyles=!0),this.shouldAnimatePlaceholder=this.hasAttribute("animate"),this.shouldAnimatePlaceholder&&""!==this.placeholderElement&&this.value&&(this.inputParent.classList.add("animate-placeholder"),this.placeholderElement.classList.remove("hidden")),this.setAttribute("role","textbox"),"loading"===document.readyState?window.addEventListener("load",this.applyGlobalCustomValidation,{once:!0}):this.applyGlobalCustomValidation(),this.input.addEventListener("input",this.checkInput),this.clearBtn.addEventListener("click",this.clear),this.datalist.length&&(this.optionList.addEventListener("click",this.handleOptionClick),this.input.addEventListener("keydown",this.handleInputNavigation),this.optionList.addEventListener("keydown",this.handleDatalistNavigation)),this.input.addEventListener("focusin",this.handleFocus),this.addEventListener("focusout",this.handleBlur)}attributeChangedCallback(name,oldValue,newValue){if(oldValue!==newValue)switch(this.reflectedAttributes.includes(name)&&(this.hasAttribute(name)?this.input.setAttribute(name,this.getAttribute(name)?this.getAttribute(name):""):this.input.removeAttribute(name)),name){case"placeholder":this.placeholderElement.textContent=newValue,this.setAttribute("aria-label",newValue);break;case"value":this.checkInput();break;case"type":this.hasAttribute("type")&&"number"===this.getAttribute("type")?(this.input.setAttribute("inputmode","decimal"),this.input.addEventListener("keydown",this.allowOnlyNum)):this.input.removeEventListener("keydown",this.allowOnlyNum);break;case"helper-text":this._helperText=newValue;break;case"error-text":this.#validationState.errorText=newValue;break;case"required":this.isRequired=this.hasAttribute("required"),this.isRequired?this.setAttribute("aria-required","true"):this.setAttribute("aria-required","false");break;case"readonly":this.hasAttribute("readonly")?this.inputParent.classList.add("readonly"):this.inputParent.classList.remove("readonly");break;case"disabled":this.hasAttribute("disabled")?this.inputParent.classList.add("disabled"):this.inputParent.classList.remove("disabled");break;case"list":this.hasAttribute("list")&&""!==this.getAttribute("list").trim()&&(this.datalist=this.getAttribute("list").split(","))}}disconnectedCallback(){this.input.removeEventListener("input",this.checkInput),this.clearBtn.removeEventListener("click",this.clear),this.input.removeEventListener("keydown",this.allowOnlyNum),this.optionList.removeEventListener("click",this.handleOptionClick),this.input.removeEventListener("keydown",this.handleInputNavigation),this.optionList.removeEventListener("keydown",this.handleDatalistNavigation),this.input.removeEventListener("focusin",this.handleFocus),this.removeEventListener("focusout",this.handleBlur),window.removeEventListener("resize",this.updatePosition,{passive:!0}),this.feedbackPopover&&this.feedbackPopover.remove(),this.intersectionObserver&&this.intersectionObserver.disconnect()}});const smNotifications=document.createElement("template");smNotifications.innerHTML=" ",customElements.define("sm-notifications",class extends HTMLElement{constructor(){super(),this.shadow=this.attachShadow({mode:"open"}).append(smNotifications.content.cloneNode(!0)),this.notificationPanel=this.shadowRoot.querySelector(".notification-panel"),this.animationOptions={duration:300,fill:"forwards",easing:"cubic-bezier(0.175, 0.885, 0.32, 1.275)"},this.push=this.push.bind(this),this.createNotification=this.createNotification.bind(this),this.removeNotification=this.removeNotification.bind(this),this.clearAll=this.clearAll.bind(this),this.remove=this.remove.bind(this),this.handleTouchMove=this.handleTouchMove.bind(this),this.startX=0,this.currentX=0,this.endX=0,this.swipeDistance=0,this.swipeDirection="",this.swipeThreshold=0,this.startTime=0,this.swipeTime=0,this.swipeTimeThreshold=200,this.currentTarget=null,this.notificationTimeout=5e3,this.mediaQuery=window.matchMedia("(min-width: 640px)"),this.handleOrientationChange=this.handleOrientationChange.bind(this),this.isBigViewport=!1}set timeout(value){isNaN(value)||(this.notificationTimeout=value)}randString(length){let result="";for(let i=0;i${icon}`:""} ${action?``:""} `,action&¬ification.querySelector(".action").addEventListener("click",action.callback),notification.querySelector(".close").addEventListener("click",(()=>{this.removeNotification(notification)})),pinned||setTimeout((()=>{this.removeNotification(notification,this.isBigViewport?"left":"top")}),timeout),notification}push(message,options={}){const notification=this.createNotification(message,options);return this.isBigViewport?this.notificationPanel.append(notification):this.notificationPanel.prepend(notification),notification.scrollIntoView({behavior:"smooth"}),this.notificationPanel.animate([{transform:`translateY(${this.isBigViewport?"":"-"}${notification.clientHeight}px)`},{transform:"none"}],this.animationOptions),notification.animate([{transform:"translateY(-1rem)",opacity:"0"},{transform:"none",opacity:"1"}],this.animationOptions).onfinish=e=>{e.target.commitStyles(),e.target.cancel()},notification.id}removeNotification(notification,direction="left"){if(!notification)return;const sign="left"===direction||"top"===direction?"-":"+";this.isBigViewport||"top"!==direction?notification.animate([{transform:this.currentX?`translateX(${this.currentX}px)`:"none",opacity:"1"},{transform:`translateX(calc(${sign}${Math.abs(this.currentX)}px ${sign} 1rem))`,opacity:"0"}],this.animationOptions).onfinish=()=>{notification.remove()}:notification.animate([{transform:this.currentX?`translateY(${this.currentX}px)`:"none",opacity:"1"},{transform:`translateY(calc(${sign}${Math.abs(this.currentX)}px ${sign} 1rem))`,opacity:"0"}],this.animationOptions).onfinish=()=>{notification.remove()}}remove(id){const notification=this.notificationPanel.querySelector(`#${id}`);notification&&this.removeNotification(notification)}clearAll(){Array.from(this.notificationPanel.children).forEach((child=>{this.removeNotification(child)}))}handleTouchMove(e){this.currentX=e.touches[0].clientX-this.startX,this.currentTarget.style.transform=`translateX(${this.currentX}px)`}handleOrientationChange(e){this.isBigViewport=e.matches,e.matches}connectedCallback(){this.handleOrientationChange(this.mediaQuery),this.mediaQuery.addEventListener("change",this.handleOrientationChange),this.notificationPanel.addEventListener("touchstart",(e=>{e.target.closest(".close")?this.removeNotification(e.target.closest(".notification")):e.target.closest(".notification")&&(this.swipeThreshold=e.target.closest(".notification").getBoundingClientRect().width/2,this.currentTarget=e.target.closest(".notification"),this.startTime=Date.now(),this.startX=e.touches[0].clientX,this.startY=e.touches[0].clientY,this.notificationPanel.addEventListener("touchmove",this.handleTouchMove,{passive:!0}))}),{passive:!0}),this.notificationPanel.addEventListener("touchend",(e=>{this.endX=e.changedTouches[0].clientX,this.endY=e.changedTouches[0].clientY,this.swipeDistance=Math.abs(this.endX-this.startX),this.swipeTime=Date.now()-this.startTime,this.endX>this.startX?this.swipeDirection="right":this.swipeDirection="left",this.swipeTime50&&this.removeNotification(this.currentTarget,this.swipeDirection):this.swipeDistance>this.swipeThreshold?this.removeNotification(this.currentTarget,this.swipeDirection):this.currentTarget.animate([{transform:`translateX(${this.currentX}px)`},{transform:"none"}],this.animationOptions).onfinish=e=>{e.target.commitStyles(),e.target.cancel()},this.notificationPanel.removeEventListener("touchmove",this.handleTouchMove),this.currentX=0}))}disconnectedCallback(){mediaQueryList.removeEventListener("change",handleOrientationChange)}});const spinner=document.createElement("template");spinner.innerHTML='';class SpinnerLoader extends HTMLElement{constructor(){super(),this.attachShadow({mode:"open"}).append(spinner.content.cloneNode(!0))}}window.customElements.define("sm-spinner",SpinnerLoader);const themeToggle=document.createElement("template");themeToggle.innerHTML=' ';class ThemeToggle extends HTMLElement{constructor(){super(),this.attachShadow({mode:"open"}).append(themeToggle.content.cloneNode(!0)),this.isChecked=!1,this.hasTheme="light",this.toggleState=this.toggleState.bind(this),this.fireEvent=this.fireEvent.bind(this),this.handleThemeChange=this.handleThemeChange.bind(this)}static get observedAttributes(){return["checked"]}daylight(){this.hasTheme="light",document.body.dataset.theme="light",this.setAttribute("aria-checked","false")}nightlight(){this.hasTheme="dark",document.body.dataset.theme="dark",this.setAttribute("aria-checked","true")}toggleState(){if(!document.startViewTransition)return this.toggleAttribute("checked"),void this.fireEvent();document.startViewTransition((()=>{this.toggleAttribute("checked"),this.fireEvent()}))}handleKeyDown(e){" "===e.key&&this.toggleState()}handleThemeChange(e){e.detail.theme!==this.hasTheme&&("dark"===e.detail.theme?this.setAttribute("checked",""):this.removeAttribute("checked"))}fireEvent(){this.dispatchEvent(new CustomEvent("themechange",{bubbles:!0,composed:!0,detail:{theme:this.hasTheme}}))}connectedCallback(){this.setAttribute("role","switch"),this.setAttribute("aria-label","theme toggle"),"dark"===localStorage.getItem(`${window.location.hostname}-theme`)?(this.nightlight(),this.setAttribute("checked","")):"light"===localStorage.getItem(`${window.location.hostname}-theme`)?(this.daylight(),this.removeAttribute("checked")):window.matchMedia("(prefers-color-scheme: dark)").matches?(this.nightlight(),this.setAttribute("checked","")):(this.daylight(),this.removeAttribute("checked")),this.addEventListener("click",this.toggleState),this.addEventListener("keydown",this.handleKeyDown),document.addEventListener("themechange",this.handleThemeChange)}disconnectedCallback(){this.removeEventListener("click",this.toggleState),this.removeEventListener("keydown",this.handleKeyDown),document.removeEventListener("themechange",this.handleThemeChange)}attributeChangedCallback(e,t,n){"checked"===e&&(this.hasAttribute("checked")?(this.nightlight(),localStorage.setItem(`${window.location.hostname}-theme`,"dark")):(this.daylight(),localStorage.setItem(`${window.location.hostname}-theme`,"light")))}}window.customElements.define("theme-toggle",ThemeToggle);
\ No newline at end of file
diff --git a/scripts/floCrypto.js b/scripts/floCrypto.js
new file mode 100644
index 0000000..f1e14d3
--- /dev/null
+++ b/scripts/floCrypto.js
@@ -0,0 +1,530 @@
+(function (EXPORTS) { //floCrypto v2.3.6a
+ /* FLO Crypto Operators */
+ 'use strict';
+ const floCrypto = EXPORTS;
+
+ const p = BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16);
+ const ecparams = EllipticCurve.getSECCurveByName("secp256k1");
+ const ascii_alternatives = `‘ '\n’ '\n“ "\n” "\n– --\n— ---\n≥ >=\n≤ <=\n≠ !=\n× *\n÷ /\n← <-\n→ ->\n↔ <->\n⇒ =>\n⇐ <=\n⇔ <=>`;
+ const exponent1 = () => p.add(BigInteger.ONE).divide(BigInteger("4"));
+ coinjs.compressed = true; //defaulting coinjs compressed to true;
+
+ function calculateY(x) {
+ let exp = exponent1();
+ // x is x value of public key in BigInteger format without 02 or 03 or 04 prefix
+ return x.modPow(BigInteger("3"), p).add(BigInteger("7")).mod(p).modPow(exp, p)
+ }
+
+ function getUncompressedPublicKey(compressedPublicKey) {
+ // Fetch x from compressedPublicKey
+ let pubKeyBytes = Crypto.util.hexToBytes(compressedPublicKey);
+ const prefix = pubKeyBytes.shift() // remove prefix
+ let prefix_modulus = prefix % 2;
+ pubKeyBytes.unshift(0) // add prefix 0
+ let x = new BigInteger(pubKeyBytes)
+ let xDecimalValue = x.toString()
+ // Fetch y
+ let y = calculateY(x);
+ let yDecimalValue = y.toString();
+ // verify y value
+ let resultBigInt = y.mod(BigInteger("2"));
+ let check = resultBigInt.toString() % 2;
+ if (prefix_modulus !== check)
+ yDecimalValue = y.negate().mod(p).toString();
+ return {
+ x: xDecimalValue,
+ y: yDecimalValue
+ };
+ }
+
+ function getSenderPublicKeyString() {
+ let privateKey = ellipticCurveEncryption.senderRandom();
+ var senderPublicKeyString = ellipticCurveEncryption.senderPublicString(privateKey);
+ return {
+ privateKey: privateKey,
+ senderPublicKeyString: senderPublicKeyString
+ }
+ }
+
+ function deriveSharedKeySender(receiverPublicKeyHex, senderPrivateKey) {
+ let receiverPublicKeyString = getUncompressedPublicKey(receiverPublicKeyHex);
+ var senderDerivedKey = ellipticCurveEncryption.senderSharedKeyDerivation(
+ receiverPublicKeyString.x, receiverPublicKeyString.y, senderPrivateKey);
+ return senderDerivedKey;
+ }
+
+ function deriveSharedKeyReceiver(senderPublicKeyString, receiverPrivateKey) {
+ return ellipticCurveEncryption.receiverSharedKeyDerivation(
+ senderPublicKeyString.XValuePublicString, senderPublicKeyString.YValuePublicString, receiverPrivateKey);
+ }
+
+ function getReceiverPublicKeyString(privateKey) {
+ return ellipticCurveEncryption.receiverPublicString(privateKey);
+ }
+
+ function wifToDecimal(pk_wif, isPubKeyCompressed = false) {
+ let pk = Bitcoin.Base58.decode(pk_wif)
+ pk.shift()
+ pk.splice(-4, 4)
+ //If the private key corresponded to a compressed public key, also drop the last byte (it should be 0x01).
+ if (isPubKeyCompressed == true) pk.pop()
+ pk.unshift(0)
+ let privateKeyDecimal = BigInteger(pk).toString()
+ let privateKeyHex = Crypto.util.bytesToHex(pk)
+ return {
+ privateKeyDecimal: privateKeyDecimal,
+ privateKeyHex: privateKeyHex
+ }
+ }
+
+ //generate a random Interger within range
+ floCrypto.randInt = function (min, max) {
+ min = Math.ceil(min);
+ max = Math.floor(max);
+ return Math.floor(securedMathRandom() * (max - min + 1)) + min;
+ }
+
+ //generate a random String within length (options : alphaNumeric chars only)
+ floCrypto.randString = function (length, alphaNumeric = true) {
+ var result = '';
+ var characters = alphaNumeric ? 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789' :
+ 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_+-./*?@#&$<>=[]{}():';
+ for (var i = 0; i < length; i++)
+ result += characters.charAt(Math.floor(securedMathRandom() * characters.length));
+ return result;
+ }
+
+ //Encrypt Data using public-key
+ floCrypto.encryptData = function (data, receiverPublicKeyHex) {
+ var senderECKeyData = getSenderPublicKeyString();
+ var senderDerivedKey = deriveSharedKeySender(receiverPublicKeyHex, senderECKeyData.privateKey);
+ let senderKey = senderDerivedKey.XValue + senderDerivedKey.YValue;
+ let secret = Crypto.AES.encrypt(data, senderKey);
+ return {
+ secret: secret,
+ senderPublicKeyString: senderECKeyData.senderPublicKeyString
+ };
+ }
+
+ //Decrypt Data using private-key
+ floCrypto.decryptData = function (data, privateKeyHex) {
+ var receiverECKeyData = {};
+ if (typeof privateKeyHex !== "string") throw new Error("No private key found.");
+ let privateKey = wifToDecimal(privateKeyHex, true);
+ if (typeof privateKey.privateKeyDecimal !== "string") throw new Error("Failed to detremine your private key.");
+ receiverECKeyData.privateKey = privateKey.privateKeyDecimal;
+ var receiverDerivedKey = deriveSharedKeyReceiver(data.senderPublicKeyString, receiverECKeyData.privateKey);
+ let receiverKey = receiverDerivedKey.XValue + receiverDerivedKey.YValue;
+ let decryptMsg = Crypto.AES.decrypt(data.secret, receiverKey);
+ return decryptMsg;
+ }
+
+ //Sign data using private-key
+ floCrypto.signData = function (data, privateKeyHex) {
+ var key = new Bitcoin.ECKey(privateKeyHex);
+ var messageHash = Crypto.SHA256(data);
+ var messageSign = Bitcoin.ECDSA.sign(messageHash, key.priv);
+ var sighex = Crypto.util.bytesToHex(messageSign);
+ return sighex;
+ }
+
+ //Verify signatue of the data using public-key
+ floCrypto.verifySign = function (data, signatureHex, publicKeyHex) {
+ var msgHash = Crypto.SHA256(data);
+ var sigBytes = Crypto.util.hexToBytes(signatureHex);
+ var publicKeyPoint = ecparams.getCurve().decodePointHex(publicKeyHex);
+ var verify = Bitcoin.ECDSA.verify(msgHash, sigBytes, publicKeyPoint);
+ return verify;
+ }
+
+ //Generates a new flo ID and returns private-key, public-key and floID
+ const generateNewID = floCrypto.generateNewID = function () {
+ var key = new Bitcoin.ECKey(false);
+ key.setCompressed(true);
+ return {
+ floID: key.getBitcoinAddress(),
+ pubKey: key.getPubKeyHex(),
+ privKey: key.getBitcoinWalletImportFormat()
+ }
+ }
+
+ Object.defineProperties(floCrypto, {
+ newID: {
+ get: () => generateNewID()
+ },
+ hashID: {
+ value: (str) => {
+ let bytes = ripemd160(Crypto.SHA256(str, { asBytes: true }), { asBytes: true });
+ bytes.unshift(bitjs.pub);
+ var hash = Crypto.SHA256(Crypto.SHA256(bytes, {
+ asBytes: true
+ }), {
+ asBytes: true
+ });
+ var checksum = hash.slice(0, 4);
+ return bitjs.Base58.encode(bytes.concat(checksum));
+ }
+ },
+ tmpID: {
+ get: () => {
+ let bytes = Crypto.util.randomBytes(20);
+ bytes.unshift(bitjs.pub);
+ var hash = Crypto.SHA256(Crypto.SHA256(bytes, {
+ asBytes: true
+ }), {
+ asBytes: true
+ });
+ var checksum = hash.slice(0, 4);
+ return bitjs.Base58.encode(bytes.concat(checksum));
+ }
+ }
+ });
+
+ //Returns public-key from private-key
+ floCrypto.getPubKeyHex = function (privateKeyHex) {
+ if (!privateKeyHex)
+ return null;
+ var key = new Bitcoin.ECKey(privateKeyHex);
+ if (key.priv == null)
+ return null;
+ key.setCompressed(true);
+ return key.getPubKeyHex();
+ }
+
+ //Returns flo-ID from public-key or private-key
+ floCrypto.getFloID = function (keyHex) {
+ if (!keyHex)
+ return null;
+ try {
+ var key = new Bitcoin.ECKey(keyHex);
+ if (key.priv == null)
+ key.setPub(keyHex);
+ return key.getBitcoinAddress();
+ } catch {
+ return null;
+ }
+ }
+
+ floCrypto.getAddress = function (privateKeyHex, strict = false) {
+ if (!privateKeyHex)
+ return;
+ var key = new Bitcoin.ECKey(privateKeyHex);
+ if (key.priv == null)
+ return null;
+ key.setCompressed(true);
+ let pubKey = key.getPubKeyHex(),
+ version = bitjs.Base58.decode(privateKeyHex)[0];
+ switch (version) {
+ case coinjs.priv: //BTC
+ return coinjs.bech32Address(pubKey).address;
+ case bitjs.priv: //FLO
+ return bitjs.pubkey2address(pubKey);
+ default:
+ return strict ? false : bitjs.pubkey2address(pubKey); //default to FLO address (if strict=false)
+ }
+ }
+
+ //Verify the private-key for the given public-key or flo-ID
+ floCrypto.verifyPrivKey = function (privateKeyHex, pubKey_floID, isfloID = true) {
+ if (!privateKeyHex || !pubKey_floID)
+ return false;
+ try {
+ var key = new Bitcoin.ECKey(privateKeyHex);
+ if (key.priv == null)
+ return false;
+ key.setCompressed(true);
+ if (isfloID && pubKey_floID == key.getBitcoinAddress())
+ return true;
+ else if (!isfloID && pubKey_floID.toUpperCase() == key.getPubKeyHex().toUpperCase())
+ return true;
+ else
+ return false;
+ } catch {
+ return null;
+ }
+ }
+
+ floCrypto.getMultisigAddress = function (publicKeyList, requiredSignatures) {
+ if (!Array.isArray(publicKeyList) || !publicKeyList.length)
+ return null;
+ if (!Number.isInteger(requiredSignatures) || requiredSignatures < 1 || requiredSignatures > publicKeyList.length)
+ return null;
+ try {
+ var multisig = bitjs.pubkeys2multisig(publicKeyList, requiredSignatures);
+ return multisig;
+ } catch {
+ return null;
+ }
+ }
+
+ floCrypto.decodeRedeemScript = function (redeemScript) {
+ try {
+ var decoded = bitjs.transaction().decodeRedeemScript(redeemScript);
+ return decoded;
+ } catch {
+ return null;
+ }
+ }
+
+ //Check if the given flo-id is valid or not
+ floCrypto.validateFloID = function (floID, regularOnly = false) {
+ if (!floID)
+ return false;
+ try {
+ let addr = new Bitcoin.Address(floID);
+ if (regularOnly && addr.version != Bitcoin.Address.standardVersion)
+ return false;
+ return true;
+ } catch {
+ return false;
+ }
+ }
+
+ //Check if the given address (any blockchain) is valid or not
+ floCrypto.validateAddr = function (address, std = true, bech = true) {
+ let raw = decodeAddress(address);
+ if (!raw)
+ return false;
+ if (typeof raw.version !== 'undefined') { //legacy or segwit
+ if (std == false)
+ return false;
+ else if (std === true || (!Array.isArray(std) && std === raw.version) || (Array.isArray(std) && std.includes(raw.version)))
+ return true;
+ else
+ return false;
+ } else if (typeof raw.bech_version !== 'undefined') { //bech32
+ if (bech === false)
+ return false;
+ else if (bech === true || (!Array.isArray(bech) && bech === raw.bech_version) || (Array.isArray(bech) && bech.includes(raw.bech_version)))
+ return true;
+ else
+ return false;
+ } else //unknown
+ return false;
+ }
+
+ //Check the public-key (or redeem-script) for the address (any blockchain)
+ floCrypto.verifyPubKey = function (pubKeyHex, address) {
+ let raw = decodeAddress(address);
+ if (!raw)
+ return;
+ let pub_hash = Crypto.util.bytesToHex(ripemd160(Crypto.SHA256(Crypto.util.hexToBytes(pubKeyHex), { asBytes: true })));
+ if (typeof raw.bech_version !== 'undefined' && raw.bytes.length == 32) //bech32-multisig
+ raw.hex = Crypto.util.bytesToHex(ripemd160(raw.bytes, { asBytes: true }));
+ return pub_hash === raw.hex;
+ }
+
+ //Convert the given address (any blockchain) to equivalent floID
+ floCrypto.toFloID = function (address, options = null) {
+ if (!address)
+ return;
+ let raw = decodeAddress(address);
+ if (!raw)
+ return;
+ else if (options) { //if (optional) version check is passed
+ if (typeof raw.version !== 'undefined' && (!options.std || !options.std.includes(raw.version)))
+ return;
+ if (typeof raw.bech_version !== 'undefined' && (!options.bech || !options.bech.includes(raw.bech_version)))
+ return;
+ }
+ raw.bytes.unshift(bitjs.pub);
+ let hash = Crypto.SHA256(Crypto.SHA256(raw.bytes, {
+ asBytes: true
+ }), {
+ asBytes: true
+ });
+ return bitjs.Base58.encode(raw.bytes.concat(hash.slice(0, 4)));
+ }
+
+ //Convert raw address bytes to floID
+ floCrypto.rawToFloID = function (raw_bytes) {
+ if (typeof raw_bytes === 'string')
+ raw_bytes = Crypto.util.hexToBytes(raw_bytes);
+ if (raw_bytes.length != 20)
+ return null;
+ raw_bytes.unshift(bitjs.pub);
+ let hash = Crypto.SHA256(Crypto.SHA256(raw_bytes, {
+ asBytes: true
+ }), {
+ asBytes: true
+ });
+ return bitjs.Base58.encode(raw_bytes.concat(hash.slice(0, 4)));
+ }
+
+ //Convert the given multisig address (any blockchain) to equivalent multisig floID
+ floCrypto.toMultisigFloID = function (address, options = null) {
+ if (!address)
+ return;
+ let raw = decodeAddress(address);
+ if (!raw)
+ return;
+ else if (options) { //if (optional) version check is passed
+ if (typeof raw.version !== 'undefined' && (!options.std || !options.std.includes(raw.version)))
+ return;
+ if (typeof raw.bech_version !== 'undefined' && (!options.bech || !options.bech.includes(raw.bech_version)))
+ return;
+ }
+ if (typeof raw.bech_version !== 'undefined') {
+ if (raw.bytes.length != 32) return; //multisig bech address have 32 bytes
+ //multisig-bech:hash=SHA256 whereas multisig:hash=r160(SHA265), thus ripemd160 the bytes from multisig-bech
+ raw.bytes = ripemd160(raw.bytes, {
+ asBytes: true
+ });
+ }
+ raw.bytes.unshift(bitjs.multisig);
+ let hash = Crypto.SHA256(Crypto.SHA256(raw.bytes, {
+ asBytes: true
+ }), {
+ asBytes: true
+ });
+ return bitjs.Base58.encode(raw.bytes.concat(hash.slice(0, 4)));
+ }
+
+ //Checks if the given addresses (any blockchain) are same (w.r.t keys)
+ floCrypto.isSameAddr = function (addr1, addr2) {
+ if (!addr1 || !addr2)
+ return;
+ let raw1 = decodeAddress(addr1),
+ raw2 = decodeAddress(addr2);
+ if (!raw1 || !raw2)
+ return false;
+ else {
+ if (typeof raw1.bech_version !== 'undefined' && raw1.bytes.length == 32) //bech32-multisig
+ raw1.hex = Crypto.util.bytesToHex(ripemd160(raw1.bytes, { asBytes: true }));
+ if (typeof raw2.bech_version !== 'undefined' && raw2.bytes.length == 32) //bech32-multisig
+ raw2.hex = Crypto.util.bytesToHex(ripemd160(raw2.bytes, { asBytes: true }));
+ return raw1.hex === raw2.hex;
+ }
+ }
+
+ const decodeAddress = floCrypto.decodeAddr = function (address) {
+ if (!address)
+ return;
+ else if (address.length == 33 || address.length == 34) { //legacy encoding
+ let decode = bitjs.Base58.decode(address);
+ let bytes = decode.slice(0, decode.length - 4);
+ let checksum = decode.slice(decode.length - 4),
+ hash = Crypto.SHA256(Crypto.SHA256(bytes, {
+ asBytes: true
+ }), {
+ asBytes: true
+ });
+ return (hash[0] != checksum[0] || hash[1] != checksum[1] || hash[2] != checksum[2] || hash[3] != checksum[3]) ? null : {
+ version: bytes.shift(),
+ hex: Crypto.util.bytesToHex(bytes),
+ bytes
+ }
+ } else if (address.length == 42 || address.length == 62) { //bech encoding
+ let decode = coinjs.bech32_decode(address);
+ if (decode) {
+ let bytes = decode.data;
+ let bech_version = bytes.shift();
+ bytes = coinjs.bech32_convert(bytes, 5, 8, false);
+ return {
+ bech_version,
+ hrp: decode.hrp,
+ hex: Crypto.util.bytesToHex(bytes),
+ bytes
+ }
+ } else
+ return null;
+ }
+ }
+
+ //Split the str using shamir's Secret and Returns the shares
+ floCrypto.createShamirsSecretShares = function (str, total_shares, threshold_limit) {
+ try {
+ if (str.length > 0) {
+ var strHex = shamirSecretShare.str2hex(str);
+ var shares = shamirSecretShare.share(strHex, total_shares, threshold_limit);
+ return shares;
+ }
+ return false;
+ } catch {
+ return false
+ }
+ }
+
+ //Returns the retrived secret by combining the shamirs shares
+ const retrieveShamirSecret = floCrypto.retrieveShamirSecret = function (sharesArray) {
+ try {
+ if (sharesArray.length > 0) {
+ var comb = shamirSecretShare.combine(sharesArray.slice(0, sharesArray.length));
+ comb = shamirSecretShare.hex2str(comb);
+ return comb;
+ }
+ return false;
+ } catch {
+ return false;
+ }
+ }
+
+ //Verifies the shares and str
+ floCrypto.verifyShamirsSecret = function (sharesArray, str) {
+ if (!str)
+ return null;
+ else if (retrieveShamirSecret(sharesArray) === str)
+ return true;
+ else
+ return false;
+ }
+
+ const validateASCII = floCrypto.validateASCII = function (string, bool = true) {
+ if (typeof string !== "string")
+ return null;
+ if (bool) {
+ let x;
+ for (let i = 0; i < string.length; i++) {
+ x = string.charCodeAt(i);
+ if (x < 32 || x > 127)
+ return false;
+ }
+ return true;
+ } else {
+ let x, invalids = {};
+ for (let i = 0; i < string.length; i++) {
+ x = string.charCodeAt(i);
+ if (x < 32 || x > 127)
+ if (x in invalids)
+ invalids[string[i]].push(i)
+ else
+ invalids[string[i]] = [i];
+ }
+ if (Object.keys(invalids).length)
+ return invalids;
+ else
+ return true;
+ }
+ }
+
+ floCrypto.convertToASCII = function (string, mode = 'soft-remove') {
+ let chars = validateASCII(string, false);
+ if (chars === true)
+ return string;
+ else if (chars === null)
+ return null;
+ let convertor, result = string,
+ refAlt = {};
+ ascii_alternatives.split('\n').forEach(a => refAlt[a[0]] = a.slice(2));
+ mode = mode.toLowerCase();
+ if (mode === "hard-unicode")
+ convertor = (c) => `\\u${('000' + c.charCodeAt().toString(16)).slice(-4)}`;
+ else if (mode === "soft-unicode")
+ convertor = (c) => refAlt[c] || `\\u${('000' + c.charCodeAt().toString(16)).slice(-4)}`;
+ else if (mode === "hard-remove")
+ convertor = c => "";
+ else if (mode === "soft-remove")
+ convertor = c => refAlt[c] || "";
+ else
+ return null;
+ for (let c in chars)
+ result = result.replaceAll(c, convertor(c));
+ return result;
+ }
+
+ floCrypto.revertUnicode = function (string) {
+ return string.replace(/\\u[\dA-F]{4}/gi,
+ m => String.fromCharCode(parseInt(m.replace(/\\u/g, ''), 16)));
+ }
+
+})('object' === typeof module ? module.exports : window.floCrypto = {});
\ No newline at end of file
diff --git a/scripts/floEthereum.js b/scripts/floEthereum.js
new file mode 100644
index 0000000..52488d0
--- /dev/null
+++ b/scripts/floEthereum.js
@@ -0,0 +1,51 @@
+(function (EXPORTS) { //floEthereum v1.0.1a
+ /* FLO Ethereum Operators */
+ /* Make sure you added Taproot, Keccak, FLO and BTC Libraries before */
+ 'use strict';
+ const floEthereum = EXPORTS;
+
+const ethAddressFromPrivateKey = floEthereum.ethAddressFromPrivateKey = function(privateKey){
+ var t1,t2,t3,t4;
+
+ t1 = secp.Point.fromPrivateKey(hex.decode(privateKey));
+ if (!t1.hasEvenY()) { t1 = t1.negate(); }
+ t2 = t1.x.toString(16) + t1.y.toString(16);
+ t3 = keccak.keccak_256(Crypto.util.hexToBytes(t2));
+ t4 = keccak.extractLast20Bytes(t3);
+ return "0x" + t4;
+}
+
+const ethAddressFromCompressedPublicKey = floEthereum.ethAddressFromCompressedPublicKey = function(compressedPublicKey){
+ var t1,t2,t3,t4;
+ t1 = coinjs.compressedToUncompressed(compressedPublicKey);
+ t2 = t1.slice(2);
+ t3 = keccak.keccak_256(Crypto.util.hexToBytes(t2));
+ t4 = keccak.extractLast20Bytes(t3);
+ return "0x" + t4;
+}
+
+const ethPrivateKeyFromUntweakedPrivateKey = floEthereum.ethPrivateKeyFromUntweakedPrivateKey = function(untweakedPrivateKey) {
+ var t1;
+ t1 = hex.encode(taproot.taprootTweakPrivKey(hex.decode(untweakedPrivateKey)));
+ return t1;
+}
+
+const ethAddressFromUntweakedPrivateKey = floEthereum.ethAddressFromUntweakedPrivateKey = function(untweakedPrivateKey) {
+ var t1,t2;
+ t1 = hex.encode(taproot.taprootTweakPrivKey(hex.decode(untweakedPrivateKey)));
+ t2 = ethAddressFromPrivateKey(t1);
+ return t2;
+}
+
+const ethAddressFromTaprootAddress = floEthereum.ethAddressFromTaprootAddress = function(taprootAddress) {
+ var t1,t2,t3,t4;
+ t1 = coinjs.addressDecode(taprootAddress);
+ t2 = t1.outstring.slice(4);
+ t3 = "02" + t2;
+ t4 = ethAddressFromCompressedPublicKey(t3);
+ return t4;
+}
+
+
+
+})('object' === typeof module ? module.exports : window.floEthereum = {});
diff --git a/scripts/keccak.js b/scripts/keccak.js
new file mode 100644
index 0000000..bc672df
--- /dev/null
+++ b/scripts/keccak.js
@@ -0,0 +1,674 @@
+(function () {
+ 'use strict';
+
+ var INPUT_ERROR = 'input is invalid type';
+ var FINALIZE_ERROR = 'finalize already called';
+ var WINDOW = typeof window === 'object';
+ var root = WINDOW ? (window.keccak = window.keccak || {}) : {};
+ if (root.JS_SHA3_NO_WINDOW) {
+ WINDOW = false;
+ }
+ var WEB_WORKER = !WINDOW && typeof self === 'object';
+ var NODE_JS = !root.JS_SHA3_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node;
+ if (NODE_JS) {
+ root = global;
+ } else if (WEB_WORKER) {
+ root = self;
+ }
+ var COMMON_JS = !root.JS_SHA3_NO_COMMON_JS && typeof module === 'object' && module.exports;
+ var AMD = typeof define === 'function' && define.amd;
+ var ARRAY_BUFFER = !root.JS_SHA3_NO_ARRAY_BUFFER && typeof ArrayBuffer !== 'undefined';
+ var HEX_CHARS = '0123456789abcdef'.split('');
+ var SHAKE_PADDING = [31, 7936, 2031616, 520093696];
+ var CSHAKE_PADDING = [4, 1024, 262144, 67108864];
+ var KECCAK_PADDING = [1, 256, 65536, 16777216];
+ var PADDING = [6, 1536, 393216, 100663296];
+ var SHIFT = [0, 8, 16, 24];
+ var RC = [1, 0, 32898, 0, 32906, 2147483648, 2147516416, 2147483648, 32907, 0, 2147483649,
+ 0, 2147516545, 2147483648, 32777, 2147483648, 138, 0, 136, 0, 2147516425, 0,
+ 2147483658, 0, 2147516555, 0, 139, 2147483648, 32905, 2147483648, 32771,
+ 2147483648, 32770, 2147483648, 128, 2147483648, 32778, 0, 2147483658, 2147483648,
+ 2147516545, 2147483648, 32896, 2147483648, 2147483649, 0, 2147516424, 2147483648];
+ var BITS = [224, 256, 384, 512];
+ var SHAKE_BITS = [128, 256];
+ var OUTPUT_TYPES = ['hex', 'buffer', 'arrayBuffer', 'array', 'digest'];
+ var CSHAKE_BYTEPAD = {
+ '128': 168,
+ '256': 136
+ };
+
+
+ var isArray = root.JS_SHA3_NO_NODE_JS || !Array.isArray
+ ? function (obj) {
+ return Object.prototype.toString.call(obj) === '[object Array]';
+ }
+ : Array.isArray;
+
+ var isView = (ARRAY_BUFFER && (root.JS_SHA3_NO_ARRAY_BUFFER_IS_VIEW || !ArrayBuffer.isView))
+ ? function (obj) {
+ return typeof obj === 'object' && obj.buffer && obj.buffer.constructor === ArrayBuffer;
+ }
+ : ArrayBuffer.isView;
+
+ // [message: string, isString: bool]
+ var formatMessage = function (message) {
+ var type = typeof message;
+ if (type === 'string') {
+ return [message, true];
+ }
+ if (type !== 'object' || message === null) {
+ throw new Error(INPUT_ERROR);
+ }
+ if (ARRAY_BUFFER && message.constructor === ArrayBuffer) {
+ return [new Uint8Array(message), false];
+ }
+ if (!isArray(message) && !isView(message)) {
+ throw new Error(INPUT_ERROR);
+ }
+ return [message, false];
+ }
+
+ var empty = function (message) {
+ return formatMessage(message)[0].length === 0;
+ };
+
+ var createOutputMethod = function (bits, padding, outputType) {
+ return function (message) {
+ return new Keccak(bits, padding, bits).update(message)[outputType]();
+ };
+ };
+
+ var createShakeOutputMethod = function (bits, padding, outputType) {
+ return function (message, outputBits) {
+ return new Keccak(bits, padding, outputBits).update(message)[outputType]();
+ };
+ };
+
+ var createCshakeOutputMethod = function (bits, padding, outputType) {
+ return function (message, outputBits, n, s) {
+ return methods['cshake' + bits].update(message, outputBits, n, s)[outputType]();
+ };
+ };
+
+ var createKmacOutputMethod = function (bits, padding, outputType) {
+ return function (key, message, outputBits, s) {
+ return methods['kmac' + bits].update(key, message, outputBits, s)[outputType]();
+ };
+ };
+
+ var createOutputMethods = function (method, createMethod, bits, padding) {
+ for (var i = 0; i < OUTPUT_TYPES.length; ++i) {
+ var type = OUTPUT_TYPES[i];
+ method[type] = createMethod(bits, padding, type);
+ }
+ return method;
+ };
+
+ var createMethod = function (bits, padding) {
+ var method = createOutputMethod(bits, padding, 'hex');
+ method.create = function () {
+ return new Keccak(bits, padding, bits);
+ };
+ method.update = function (message) {
+ return method.create().update(message);
+ };
+ return createOutputMethods(method, createOutputMethod, bits, padding);
+ };
+
+ var createShakeMethod = function (bits, padding) {
+ var method = createShakeOutputMethod(bits, padding, 'hex');
+ method.create = function (outputBits) {
+ return new Keccak(bits, padding, outputBits);
+ };
+ method.update = function (message, outputBits) {
+ return method.create(outputBits).update(message);
+ };
+ return createOutputMethods(method, createShakeOutputMethod, bits, padding);
+ };
+
+ var createCshakeMethod = function (bits, padding) {
+ var w = CSHAKE_BYTEPAD[bits];
+ var method = createCshakeOutputMethod(bits, padding, 'hex');
+ method.create = function (outputBits, n, s) {
+ if (empty(n) && empty(s)) {
+ return methods['shake' + bits].create(outputBits);
+ } else {
+ return new Keccak(bits, padding, outputBits).bytepad([n, s], w);
+ }
+ };
+ method.update = function (message, outputBits, n, s) {
+ return method.create(outputBits, n, s).update(message);
+ };
+ return createOutputMethods(method, createCshakeOutputMethod, bits, padding);
+ };
+
+ var createKmacMethod = function (bits, padding) {
+ var w = CSHAKE_BYTEPAD[bits];
+ var method = createKmacOutputMethod(bits, padding, 'hex');
+ method.create = function (key, outputBits, s) {
+ return new Kmac(bits, padding, outputBits).bytepad(['KMAC', s], w).bytepad([key], w);
+ };
+ method.update = function (key, message, outputBits, s) {
+ return method.create(key, outputBits, s).update(message);
+ };
+ return createOutputMethods(method, createKmacOutputMethod, bits, padding);
+ };
+
+ var algorithms = [
+ { name: 'keccak', padding: KECCAK_PADDING, bits: BITS, createMethod: createMethod },
+ { name: 'sha3', padding: PADDING, bits: BITS, createMethod: createMethod },
+ { name: 'shake', padding: SHAKE_PADDING, bits: SHAKE_BITS, createMethod: createShakeMethod },
+ { name: 'cshake', padding: CSHAKE_PADDING, bits: SHAKE_BITS, createMethod: createCshakeMethod },
+ { name: 'kmac', padding: CSHAKE_PADDING, bits: SHAKE_BITS, createMethod: createKmacMethod }
+ ];
+
+ var methods = {}, methodNames = [];
+
+ for (var i = 0; i < algorithms.length; ++i) {
+ var algorithm = algorithms[i];
+ var bits = algorithm.bits;
+ for (var j = 0; j < bits.length; ++j) {
+ var methodName = algorithm.name + '_' + bits[j];
+ methodNames.push(methodName);
+ methods[methodName] = algorithm.createMethod(bits[j], algorithm.padding);
+ if (algorithm.name !== 'sha3') {
+ var newMethodName = algorithm.name + bits[j];
+ methodNames.push(newMethodName);
+ methods[newMethodName] = methods[methodName];
+ }
+ }
+ }
+
+methodNames.push("extractLast20Bytes");
+methods["extractLast20Bytes"] = extractLast20Bytes;
+
+
+ function Keccak(bits, padding, outputBits) {
+ this.blocks = [];
+ this.s = [];
+ this.padding = padding;
+ this.outputBits = outputBits;
+ this.reset = true;
+ this.finalized = false;
+ this.block = 0;
+ this.start = 0;
+ this.blockCount = (1600 - (bits << 1)) >> 5;
+ this.byteCount = this.blockCount << 2;
+ this.outputBlocks = outputBits >> 5;
+ this.extraBytes = (outputBits & 31) >> 3;
+
+ for (var i = 0; i < 50; ++i) {
+ this.s[i] = 0;
+ }
+ }
+
+ Keccak.prototype.update = function (message) {
+ if (this.finalized) {
+ throw new Error(FINALIZE_ERROR);
+ }
+ var result = formatMessage(message);
+ message = result[0];
+ var isString = result[1];
+ var blocks = this.blocks, byteCount = this.byteCount, length = message.length,
+ blockCount = this.blockCount, index = 0, s = this.s, i, code;
+
+ while (index < length) {
+ if (this.reset) {
+ this.reset = false;
+ blocks[0] = this.block;
+ for (i = 1; i < blockCount + 1; ++i) {
+ blocks[i] = 0;
+ }
+ }
+ if (isString) {
+ for (i = this.start; index < length && i < byteCount; ++index) {
+ code = message.charCodeAt(index);
+ if (code < 0x80) {
+ blocks[i >> 2] |= code << SHIFT[i++ & 3];
+ } else if (code < 0x800) {
+ blocks[i >> 2] |= (0xc0 | (code >> 6)) << SHIFT[i++ & 3];
+ blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];
+ } else if (code < 0xd800 || code >= 0xe000) {
+ blocks[i >> 2] |= (0xe0 | (code >> 12)) << SHIFT[i++ & 3];
+ blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3];
+ blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];
+ } else {
+ code = 0x10000 + (((code & 0x3ff) << 10) | (message.charCodeAt(++index) & 0x3ff));
+ blocks[i >> 2] |= (0xf0 | (code >> 18)) << SHIFT[i++ & 3];
+ blocks[i >> 2] |= (0x80 | ((code >> 12) & 0x3f)) << SHIFT[i++ & 3];
+ blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3];
+ blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];
+ }
+ }
+ } else {
+ for (i = this.start; index < length && i < byteCount; ++index) {
+ blocks[i >> 2] |= message[index] << SHIFT[i++ & 3];
+ }
+ }
+ this.lastByteIndex = i;
+ if (i >= byteCount) {
+ this.start = i - byteCount;
+ this.block = blocks[blockCount];
+ for (i = 0; i < blockCount; ++i) {
+ s[i] ^= blocks[i];
+ }
+ f(s);
+ this.reset = true;
+ } else {
+ this.start = i;
+ }
+ }
+ return this;
+ };
+
+ Keccak.prototype.encode = function (x, right) {
+ var o = x & 255, n = 1;
+ var bytes = [o];
+ x = x >> 8;
+ o = x & 255;
+ while (o > 0) {
+ bytes.unshift(o);
+ x = x >> 8;
+ o = x & 255;
+ ++n;
+ }
+ if (right) {
+ bytes.push(n);
+ } else {
+ bytes.unshift(n);
+ }
+ this.update(bytes);
+ return bytes.length;
+ };
+
+ Keccak.prototype.encodeString = function (str) {
+ var result = formatMessage(str);
+ str = result[0];
+ var isString = result[1];
+ var bytes = 0, length = str.length;
+ if (isString) {
+ for (var i = 0; i < str.length; ++i) {
+ var code = str.charCodeAt(i);
+ if (code < 0x80) {
+ bytes += 1;
+ } else if (code < 0x800) {
+ bytes += 2;
+ } else if (code < 0xd800 || code >= 0xe000) {
+ bytes += 3;
+ } else {
+ code = 0x10000 + (((code & 0x3ff) << 10) | (str.charCodeAt(++i) & 0x3ff));
+ bytes += 4;
+ }
+ }
+ } else {
+ bytes = length;
+ }
+ bytes += this.encode(bytes * 8);
+ this.update(str);
+ return bytes;
+ };
+
+ Keccak.prototype.bytepad = function (strs, w) {
+ var bytes = this.encode(w);
+ for (var i = 0; i < strs.length; ++i) {
+ bytes += this.encodeString(strs[i]);
+ }
+ var paddingBytes = (w - bytes % w) % w;
+ var zeros = [];
+ zeros.length = paddingBytes;
+ this.update(zeros);
+ return this;
+ };
+
+ Keccak.prototype.finalize = function () {
+ if (this.finalized) {
+ return;
+ }
+ this.finalized = true;
+ var blocks = this.blocks, i = this.lastByteIndex, blockCount = this.blockCount, s = this.s;
+ blocks[i >> 2] |= this.padding[i & 3];
+ if (this.lastByteIndex === this.byteCount) {
+ blocks[0] = blocks[blockCount];
+ for (i = 1; i < blockCount + 1; ++i) {
+ blocks[i] = 0;
+ }
+ }
+ blocks[blockCount - 1] |= 0x80000000;
+ for (i = 0; i < blockCount; ++i) {
+ s[i] ^= blocks[i];
+ }
+ f(s);
+ };
+
+ Keccak.prototype.toString = Keccak.prototype.hex = function () {
+ this.finalize();
+
+ var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks,
+ extraBytes = this.extraBytes, i = 0, j = 0;
+ var hex = '', block;
+ while (j < outputBlocks) {
+ for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) {
+ block = s[i];
+ hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F] +
+ HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F] +
+ HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F] +
+ HEX_CHARS[(block >> 28) & 0x0F] + HEX_CHARS[(block >> 24) & 0x0F];
+ }
+ if (j % blockCount === 0) {
+ f(s);
+ i = 0;
+ }
+ }
+ if (extraBytes) {
+ block = s[i];
+ hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F];
+ if (extraBytes > 1) {
+ hex += HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F];
+ }
+ if (extraBytes > 2) {
+ hex += HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F];
+ }
+ }
+ return hex;
+ };
+
+ Keccak.prototype.arrayBuffer = function () {
+ this.finalize();
+
+ var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks,
+ extraBytes = this.extraBytes, i = 0, j = 0;
+ var bytes = this.outputBits >> 3;
+ var buffer;
+ if (extraBytes) {
+ buffer = new ArrayBuffer((outputBlocks + 1) << 2);
+ } else {
+ buffer = new ArrayBuffer(bytes);
+ }
+ var array = new Uint32Array(buffer);
+ while (j < outputBlocks) {
+ for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) {
+ array[j] = s[i];
+ }
+ if (j % blockCount === 0) {
+ f(s);
+ }
+ }
+ if (extraBytes) {
+ array[i] = s[i];
+ buffer = buffer.slice(0, bytes);
+ }
+ return buffer;
+ };
+
+ Keccak.prototype.buffer = Keccak.prototype.arrayBuffer;
+
+ Keccak.prototype.digest = Keccak.prototype.array = function () {
+ this.finalize();
+
+ var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks,
+ extraBytes = this.extraBytes, i = 0, j = 0;
+ var array = [], offset, block;
+ while (j < outputBlocks) {
+ for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) {
+ offset = j << 2;
+ block = s[i];
+ array[offset] = block & 0xFF;
+ array[offset + 1] = (block >> 8) & 0xFF;
+ array[offset + 2] = (block >> 16) & 0xFF;
+ array[offset + 3] = (block >> 24) & 0xFF;
+ }
+ if (j % blockCount === 0) {
+ f(s);
+ }
+ }
+ if (extraBytes) {
+ offset = j << 2;
+ block = s[i];
+ array[offset] = block & 0xFF;
+ if (extraBytes > 1) {
+ array[offset + 1] = (block >> 8) & 0xFF;
+ }
+ if (extraBytes > 2) {
+ array[offset + 2] = (block >> 16) & 0xFF;
+ }
+ }
+ return array;
+ };
+
+ function Kmac(bits, padding, outputBits) {
+ Keccak.call(this, bits, padding, outputBits);
+ }
+
+ Kmac.prototype = new Keccak();
+
+ Kmac.prototype.finalize = function () {
+ this.encode(this.outputBits, true);
+ return Keccak.prototype.finalize.call(this);
+ };
+
+ var f = function (s) {
+ var h, l, n, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9,
+ b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16, b17,
+ b18, b19, b20, b21, b22, b23, b24, b25, b26, b27, b28, b29, b30, b31, b32, b33,
+ b34, b35, b36, b37, b38, b39, b40, b41, b42, b43, b44, b45, b46, b47, b48, b49;
+ for (n = 0; n < 48; n += 2) {
+ c0 = s[0] ^ s[10] ^ s[20] ^ s[30] ^ s[40];
+ c1 = s[1] ^ s[11] ^ s[21] ^ s[31] ^ s[41];
+ c2 = s[2] ^ s[12] ^ s[22] ^ s[32] ^ s[42];
+ c3 = s[3] ^ s[13] ^ s[23] ^ s[33] ^ s[43];
+ c4 = s[4] ^ s[14] ^ s[24] ^ s[34] ^ s[44];
+ c5 = s[5] ^ s[15] ^ s[25] ^ s[35] ^ s[45];
+ c6 = s[6] ^ s[16] ^ s[26] ^ s[36] ^ s[46];
+ c7 = s[7] ^ s[17] ^ s[27] ^ s[37] ^ s[47];
+ c8 = s[8] ^ s[18] ^ s[28] ^ s[38] ^ s[48];
+ c9 = s[9] ^ s[19] ^ s[29] ^ s[39] ^ s[49];
+
+ h = c8 ^ ((c2 << 1) | (c3 >>> 31));
+ l = c9 ^ ((c3 << 1) | (c2 >>> 31));
+ s[0] ^= h;
+ s[1] ^= l;
+ s[10] ^= h;
+ s[11] ^= l;
+ s[20] ^= h;
+ s[21] ^= l;
+ s[30] ^= h;
+ s[31] ^= l;
+ s[40] ^= h;
+ s[41] ^= l;
+ h = c0 ^ ((c4 << 1) | (c5 >>> 31));
+ l = c1 ^ ((c5 << 1) | (c4 >>> 31));
+ s[2] ^= h;
+ s[3] ^= l;
+ s[12] ^= h;
+ s[13] ^= l;
+ s[22] ^= h;
+ s[23] ^= l;
+ s[32] ^= h;
+ s[33] ^= l;
+ s[42] ^= h;
+ s[43] ^= l;
+ h = c2 ^ ((c6 << 1) | (c7 >>> 31));
+ l = c3 ^ ((c7 << 1) | (c6 >>> 31));
+ s[4] ^= h;
+ s[5] ^= l;
+ s[14] ^= h;
+ s[15] ^= l;
+ s[24] ^= h;
+ s[25] ^= l;
+ s[34] ^= h;
+ s[35] ^= l;
+ s[44] ^= h;
+ s[45] ^= l;
+ h = c4 ^ ((c8 << 1) | (c9 >>> 31));
+ l = c5 ^ ((c9 << 1) | (c8 >>> 31));
+ s[6] ^= h;
+ s[7] ^= l;
+ s[16] ^= h;
+ s[17] ^= l;
+ s[26] ^= h;
+ s[27] ^= l;
+ s[36] ^= h;
+ s[37] ^= l;
+ s[46] ^= h;
+ s[47] ^= l;
+ h = c6 ^ ((c0 << 1) | (c1 >>> 31));
+ l = c7 ^ ((c1 << 1) | (c0 >>> 31));
+ s[8] ^= h;
+ s[9] ^= l;
+ s[18] ^= h;
+ s[19] ^= l;
+ s[28] ^= h;
+ s[29] ^= l;
+ s[38] ^= h;
+ s[39] ^= l;
+ s[48] ^= h;
+ s[49] ^= l;
+
+ b0 = s[0];
+ b1 = s[1];
+ b32 = (s[11] << 4) | (s[10] >>> 28);
+ b33 = (s[10] << 4) | (s[11] >>> 28);
+ b14 = (s[20] << 3) | (s[21] >>> 29);
+ b15 = (s[21] << 3) | (s[20] >>> 29);
+ b46 = (s[31] << 9) | (s[30] >>> 23);
+ b47 = (s[30] << 9) | (s[31] >>> 23);
+ b28 = (s[40] << 18) | (s[41] >>> 14);
+ b29 = (s[41] << 18) | (s[40] >>> 14);
+ b20 = (s[2] << 1) | (s[3] >>> 31);
+ b21 = (s[3] << 1) | (s[2] >>> 31);
+ b2 = (s[13] << 12) | (s[12] >>> 20);
+ b3 = (s[12] << 12) | (s[13] >>> 20);
+ b34 = (s[22] << 10) | (s[23] >>> 22);
+ b35 = (s[23] << 10) | (s[22] >>> 22);
+ b16 = (s[33] << 13) | (s[32] >>> 19);
+ b17 = (s[32] << 13) | (s[33] >>> 19);
+ b48 = (s[42] << 2) | (s[43] >>> 30);
+ b49 = (s[43] << 2) | (s[42] >>> 30);
+ b40 = (s[5] << 30) | (s[4] >>> 2);
+ b41 = (s[4] << 30) | (s[5] >>> 2);
+ b22 = (s[14] << 6) | (s[15] >>> 26);
+ b23 = (s[15] << 6) | (s[14] >>> 26);
+ b4 = (s[25] << 11) | (s[24] >>> 21);
+ b5 = (s[24] << 11) | (s[25] >>> 21);
+ b36 = (s[34] << 15) | (s[35] >>> 17);
+ b37 = (s[35] << 15) | (s[34] >>> 17);
+ b18 = (s[45] << 29) | (s[44] >>> 3);
+ b19 = (s[44] << 29) | (s[45] >>> 3);
+ b10 = (s[6] << 28) | (s[7] >>> 4);
+ b11 = (s[7] << 28) | (s[6] >>> 4);
+ b42 = (s[17] << 23) | (s[16] >>> 9);
+ b43 = (s[16] << 23) | (s[17] >>> 9);
+ b24 = (s[26] << 25) | (s[27] >>> 7);
+ b25 = (s[27] << 25) | (s[26] >>> 7);
+ b6 = (s[36] << 21) | (s[37] >>> 11);
+ b7 = (s[37] << 21) | (s[36] >>> 11);
+ b38 = (s[47] << 24) | (s[46] >>> 8);
+ b39 = (s[46] << 24) | (s[47] >>> 8);
+ b30 = (s[8] << 27) | (s[9] >>> 5);
+ b31 = (s[9] << 27) | (s[8] >>> 5);
+ b12 = (s[18] << 20) | (s[19] >>> 12);
+ b13 = (s[19] << 20) | (s[18] >>> 12);
+ b44 = (s[29] << 7) | (s[28] >>> 25);
+ b45 = (s[28] << 7) | (s[29] >>> 25);
+ b26 = (s[38] << 8) | (s[39] >>> 24);
+ b27 = (s[39] << 8) | (s[38] >>> 24);
+ b8 = (s[48] << 14) | (s[49] >>> 18);
+ b9 = (s[49] << 14) | (s[48] >>> 18);
+
+ s[0] = b0 ^ (~b2 & b4);
+ s[1] = b1 ^ (~b3 & b5);
+ s[10] = b10 ^ (~b12 & b14);
+ s[11] = b11 ^ (~b13 & b15);
+ s[20] = b20 ^ (~b22 & b24);
+ s[21] = b21 ^ (~b23 & b25);
+ s[30] = b30 ^ (~b32 & b34);
+ s[31] = b31 ^ (~b33 & b35);
+ s[40] = b40 ^ (~b42 & b44);
+ s[41] = b41 ^ (~b43 & b45);
+ s[2] = b2 ^ (~b4 & b6);
+ s[3] = b3 ^ (~b5 & b7);
+ s[12] = b12 ^ (~b14 & b16);
+ s[13] = b13 ^ (~b15 & b17);
+ s[22] = b22 ^ (~b24 & b26);
+ s[23] = b23 ^ (~b25 & b27);
+ s[32] = b32 ^ (~b34 & b36);
+ s[33] = b33 ^ (~b35 & b37);
+ s[42] = b42 ^ (~b44 & b46);
+ s[43] = b43 ^ (~b45 & b47);
+ s[4] = b4 ^ (~b6 & b8);
+ s[5] = b5 ^ (~b7 & b9);
+ s[14] = b14 ^ (~b16 & b18);
+ s[15] = b15 ^ (~b17 & b19);
+ s[24] = b24 ^ (~b26 & b28);
+ s[25] = b25 ^ (~b27 & b29);
+ s[34] = b34 ^ (~b36 & b38);
+ s[35] = b35 ^ (~b37 & b39);
+ s[44] = b44 ^ (~b46 & b48);
+ s[45] = b45 ^ (~b47 & b49);
+ s[6] = b6 ^ (~b8 & b0);
+ s[7] = b7 ^ (~b9 & b1);
+ s[16] = b16 ^ (~b18 & b10);
+ s[17] = b17 ^ (~b19 & b11);
+ s[26] = b26 ^ (~b28 & b20);
+ s[27] = b27 ^ (~b29 & b21);
+ s[36] = b36 ^ (~b38 & b30);
+ s[37] = b37 ^ (~b39 & b31);
+ s[46] = b46 ^ (~b48 & b40);
+ s[47] = b47 ^ (~b49 & b41);
+ s[8] = b8 ^ (~b0 & b2);
+ s[9] = b9 ^ (~b1 & b3);
+ s[18] = b18 ^ (~b10 & b12);
+ s[19] = b19 ^ (~b11 & b13);
+ s[28] = b28 ^ (~b20 & b22);
+ s[29] = b29 ^ (~b21 & b23);
+ s[38] = b38 ^ (~b30 & b32);
+ s[39] = b39 ^ (~b31 & b33);
+ s[48] = b48 ^ (~b40 & b42);
+ s[49] = b49 ^ (~b41 & b43);
+
+ s[0] ^= RC[n];
+ s[1] ^= RC[n + 1];
+ }
+ };
+
+function extractLast20Bytes(hexString, addPrefix) {
+ // Ensure the input hexString has '0x' prefix
+ if (!hexString.startsWith('0x')) {
+ hexString = '0x' + hexString;
+ }
+
+ // Remove '0x' prefix and parse the hex string to a BigInt
+ var bigIntValue = BigInt(hexString);
+
+ // Extract the last 20 bytes (160 bits) from the BigInt
+ var last20Bytes = bigIntValue & BigInt('0x' + 'f'.repeat(40)); // 0xf is 4 bits in hexadecimal, repeated 40 times for 160 bits
+
+ // Convert the result back to a hexadecimal string
+ var result = last20Bytes.toString(16).padStart(40, '0'); // 40 characters for 160 bits
+
+ // Add '0x' prefix if addPrefix is truthy
+ if (addPrefix) {
+ result = '0x' + result;
+ }
+
+ return result;
+}
+
+ if (typeof root.keccak === 'object') {
+ Object.assign(root.keccak, methods);
+ }
+
+ if (COMMON_JS) {
+ module.exports = methods;
+ } else {
+ for (i = 0; i < methodNames.length; ++i) {
+ root[methodNames[i]] = methods[methodNames[i]];
+ }
+ if (AMD) {
+ define(function () {
+ return methods;
+ });
+ }
+ }
+})();
+
diff --git a/scripts/tap_combined.js b/scripts/tap_combined.js
new file mode 100644
index 0000000..b5e5179
--- /dev/null
+++ b/scripts/tap_combined.js
@@ -0,0 +1,8428 @@
+/******
+ *
+ START OF BASE SECTION
+ *
+ *
+ ******/
+/*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+
+var base = {};
+var taproot = {};
+var secp = {};
+var hashmini = {};
+
+(function () {
+ base.bytes = base.stringToBytes = base.str = base.bytesToString = base.hex = base.utf8 = base.bech32m = base.bech32 = base.base58check = base.base58xmr = base.base58xrp = base.base58flickr = base.base58 = base.base64url = base.base64 = base.base32crockford = base.base32hex = base.base32 = base.base16 = base.utils = base.assertNumber = void 0;
+ // Utilities
+ function assertNumber(n) {
+ if (!Number.isSafeInteger(n))
+ throw new Error("Wrong integer: ".concat(n));
+ }
+ base.assertNumber = assertNumber;
+ function chain() {
+ var args = [];
+ for (var _i = 0; _i < arguments.length; _i++) {
+ args[_i] = arguments[_i];
+ }
+ // Wrap call in closure so JIT can inline calls
+ var wrap = function (a, b) { return function (c) { return a(b(c)); }; };
+ // Construct chain of args[-1].encode(args[-2].encode([...]))
+ var encode = Array.from(args)
+ .reverse()
+ .reduce(function (acc, i) { return (acc ? wrap(acc, i.encode) : i.encode); }, undefined);
+ // Construct chain of args[0].decode(args[1].decode(...))
+ var decode = args.reduce(function (acc, i) { return (acc ? wrap(acc, i.decode) : i.decode); }, undefined);
+ return { encode: encode, decode: decode };
+ }
+ // Encodes integer radix representation to array of strings using alphabet and back
+ function alphabet(alphabet) {
+ return {
+ encode: function (digits) {
+ if (!Array.isArray(digits) || (digits.length && typeof digits[0] !== 'number'))
+ throw new Error('alphabet.encode input should be an array of numbers');
+ return digits.map(function (i) {
+ assertNumber(i);
+ if (i < 0 || i >= alphabet.length)
+ throw new Error("Digit index outside alphabet: ".concat(i, " (alphabet: ").concat(alphabet.length, ")"));
+ return alphabet[i];
+ });
+ },
+ decode: function (input) {
+ if (!Array.isArray(input) || (input.length && typeof input[0] !== 'string'))
+ throw new Error('alphabet.decode input should be array of strings');
+ return input.map(function (letter) {
+ if (typeof letter !== 'string')
+ throw new Error("alphabet.decode: not string element=".concat(letter));
+ var index = alphabet.indexOf(letter);
+ if (index === -1)
+ throw new Error("Unknown letter: \"".concat(letter, "\". Allowed: ").concat(alphabet));
+ return index;
+ });
+ },
+ };
+ }
+ function join(separator) {
+ if (separator === void 0) { separator = ''; }
+ if (typeof separator !== 'string')
+ throw new Error('join separator should be string');
+ return {
+ encode: function (from) {
+ if (!Array.isArray(from) || (from.length && typeof from[0] !== 'string'))
+ throw new Error('join.encode input should be array of strings');
+ for (var _i = 0, from_1 = from; _i < from_1.length; _i++) {
+ var i = from_1[_i];
+ if (typeof i !== 'string')
+ throw new Error("join.encode: non-string input=".concat(i));
+ }
+ return from.join(separator);
+ },
+ decode: function (to) {
+ if (typeof to !== 'string')
+ throw new Error('join.decode input should be string');
+ return to.split(separator);
+ },
+ };
+ }
+ // Pad strings array so it has integer number of bits
+ function padding(bits, chr) {
+ if (chr === void 0) { chr = '='; }
+ assertNumber(bits);
+ if (typeof chr !== 'string')
+ throw new Error('padding chr should be string');
+ return {
+ encode: function (data) {
+ if (!Array.isArray(data) || (data.length && typeof data[0] !== 'string'))
+ throw new Error('padding.encode input should be array of strings');
+ for (var _i = 0, data_1 = data; _i < data_1.length; _i++) {
+ var i = data_1[_i];
+ if (typeof i !== 'string')
+ throw new Error("padding.encode: non-string input=".concat(i));
+ }
+ while ((data.length * bits) % 8)
+ data.push(chr);
+ return data;
+ },
+ decode: function (input) {
+ if (!Array.isArray(input) || (input.length && typeof input[0] !== 'string'))
+ throw new Error('padding.encode input should be array of strings');
+ for (var _i = 0, input_1 = input; _i < input_1.length; _i++) {
+ var i = input_1[_i];
+ if (typeof i !== 'string')
+ throw new Error("padding.decode: non-string input=".concat(i));
+ }
+ var end = input.length;
+ if ((end * bits) % 8)
+ throw new Error('Invalid padding: string should have whole number of bytes');
+ for (; end > 0 && input[end - 1] === chr; end--) {
+ if (!(((end - 1) * bits) % 8))
+ throw new Error('Invalid padding: string has too much padding');
+ }
+ return input.slice(0, end);
+ },
+ };
+ }
+ function normalize(fn) {
+ if (typeof fn !== 'function')
+ throw new Error('normalize fn should be function');
+ return { encode: function (from) { return from; }, decode: function (to) { return fn(to); } };
+ }
+ // NOTE: it has quadratic time complexity
+ function convertRadix(data, from, to) {
+ // base 1 is impossible
+ if (from < 2)
+ throw new Error("convertRadix: wrong from=".concat(from, ", base cannot be less than 2"));
+ if (to < 2)
+ throw new Error("convertRadix: wrong to=".concat(to, ", base cannot be less than 2"));
+ if (!Array.isArray(data))
+ throw new Error('convertRadix: data should be array');
+ if (!data.length)
+ return [];
+ var pos = 0;
+ var res = [];
+ var digits = Array.from(data);
+ digits.forEach(function (d) {
+ assertNumber(d);
+ if (d < 0 || d >= from)
+ throw new Error("Wrong integer: ".concat(d));
+ });
+ while (true) {
+ var carry = 0;
+ var done = true;
+ for (var i = pos; i < digits.length; i++) {
+ var digit = digits[i];
+ var digitBase = from * carry + digit;
+ if (!Number.isSafeInteger(digitBase) ||
+ (from * carry) / from !== carry ||
+ digitBase - digit !== from * carry) {
+ throw new Error('convertRadix: carry overflow');
+ }
+ carry = digitBase % to;
+ digits[i] = Math.floor(digitBase / to);
+ if (!Number.isSafeInteger(digits[i]) || digits[i] * to + carry !== digitBase)
+ throw new Error('convertRadix: carry overflow');
+ if (!done)
+ continue;
+ else if (!digits[i])
+ pos = i;
+ else
+ done = false;
+ }
+ res.push(carry);
+ if (done)
+ break;
+ }
+ for (var i = 0; i < data.length - 1 && data[i] === 0; i++)
+ res.push(0);
+ return res.reverse();
+ }
+ var gcd = function (a, b) { return (!b ? a : gcd(b, a % b)); };
+ var radix2carry = function (from, to) { return from + (to - gcd(from, to)); };
+ // BigInt is 5x slower
+ function convertRadix2(data, from, to, padding) {
+ if (!Array.isArray(data))
+ throw new Error('convertRadix2: data should be array');
+ if (from <= 0 || from > 32)
+ throw new Error("convertRadix2: wrong from=".concat(from));
+ if (to <= 0 || to > 32)
+ throw new Error("convertRadix2: wrong to=".concat(to));
+ if (radix2carry(from, to) > 32) {
+ throw new Error("convertRadix2: carry overflow from=".concat(from, " to=").concat(to, " carryBits=").concat(radix2carry(from, to)));
+ }
+ var carry = 0;
+ var pos = 0; // bitwise position in current element
+ var mask = Math.pow(2, to) - 1;
+ var res = [];
+ for (var _i = 0, data_2 = data; _i < data_2.length; _i++) {
+ var n = data_2[_i];
+ assertNumber(n);
+ if (n >= Math.pow(2, from))
+ throw new Error("convertRadix2: invalid data word=".concat(n, " from=").concat(from));
+ carry = (carry << from) | n;
+ if (pos + from > 32)
+ throw new Error("convertRadix2: carry overflow pos=".concat(pos, " from=").concat(from));
+ pos += from;
+ for (; pos >= to; pos -= to)
+ res.push(((carry >> (pos - to)) & mask) >>> 0);
+ carry &= Math.pow(2, pos) - 1; // clean carry, otherwise it will cause overflow
+ }
+ carry = (carry << (to - pos)) & mask;
+ if (!padding && pos >= from)
+ throw new Error('Excess padding');
+ if (!padding && carry)
+ throw new Error("Non-zero padding: ".concat(carry));
+ if (padding && pos > 0)
+ res.push(carry >>> 0);
+ return res;
+ }
+ function radix(num) {
+ assertNumber(num);
+ return {
+ encode: function (bytes) {
+ if (!(bytes instanceof Uint8Array))
+ throw new Error('radix.encode input should be Uint8Array');
+ return convertRadix(Array.from(bytes), Math.pow(2, 8), num);
+ },
+ decode: function (digits) {
+ if (!Array.isArray(digits) || (digits.length && typeof digits[0] !== 'number'))
+ throw new Error('radix.decode input should be array of strings');
+ return Uint8Array.from(convertRadix(digits, num, Math.pow(2, 8)));
+ },
+ };
+ }
+ // If both bases are power of same number (like `2**8 <-> 2**64`),
+ // there is a linear algorithm. For now we have implementation for power-of-two bases only
+ function radix2(bits, revPadding) {
+ if (revPadding === void 0) { revPadding = false; }
+ assertNumber(bits);
+ if (bits <= 0 || bits > 32)
+ throw new Error('radix2: bits should be in (0..32]');
+ if (radix2carry(8, bits) > 32 || radix2carry(bits, 8) > 32)
+ throw new Error('radix2: carry overflow');
+ return {
+ encode: function (bytes) {
+ if (!(bytes instanceof Uint8Array))
+ throw new Error('radix2.encode input should be Uint8Array');
+ return convertRadix2(Array.from(bytes), 8, bits, !revPadding);
+ },
+ decode: function (digits) {
+ if (!Array.isArray(digits) || (digits.length && typeof digits[0] !== 'number'))
+ throw new Error('radix2.decode input should be array of strings');
+ return Uint8Array.from(convertRadix2(digits, bits, 8, revPadding));
+ },
+ };
+ }
+ function unsafeWrapper(fn) {
+ if (typeof fn !== 'function')
+ throw new Error('unsafeWrapper fn should be function');
+ return function () {
+ var args = [];
+ for (var _i = 0; _i < arguments.length; _i++) {
+ args[_i] = arguments[_i];
+ }
+ try {
+ return fn.apply(null, args);
+ }
+ catch (e) { }
+ };
+ }
+ function checksum(len, fn) {
+ assertNumber(len);
+ if (typeof fn !== 'function')
+ throw new Error('checksum fn should be function');
+ return {
+ encode: function (data) {
+ if (!(data instanceof Uint8Array))
+ throw new Error('checksum.encode: input should be Uint8Array');
+ var checksum = fn(data).slice(0, len);
+ var res = new Uint8Array(data.length + len);
+ res.set(data);
+ res.set(checksum, data.length);
+ return res;
+ },
+ decode: function (data) {
+ if (!(data instanceof Uint8Array))
+ throw new Error('checksum.decode: input should be Uint8Array');
+ var payload = data.slice(0, -len);
+ var newChecksum = fn(payload).slice(0, len);
+ var oldChecksum = data.slice(-len);
+ for (var i = 0; i < len; i++)
+ if (newChecksum[i] !== oldChecksum[i])
+ throw new Error('Invalid checksum');
+ return payload;
+ },
+ };
+ }
+ base.utils = { alphabet: alphabet, chain: chain, checksum: checksum, radix: radix, radix2: radix2, join: join, padding: padding };
+ // RFC 4648 aka RFC 3548
+ // ---------------------
+ base.base16 = chain(radix2(4), alphabet('0123456789ABCDEF'), join(''));
+ base.base32 = chain(radix2(5), alphabet('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'), padding(5), join(''));
+ base.base32hex = chain(radix2(5), alphabet('0123456789ABCDEFGHIJKLMNOPQRSTUV'), padding(5), join(''));
+ base.base32crockford = chain(radix2(5), alphabet('0123456789ABCDEFGHJKMNPQRSTVWXYZ'), join(''), normalize(function (s) { return s.toUpperCase().replace(/O/g, '0').replace(/[IL]/g, '1'); }));
+ base.base64 = chain(radix2(6), alphabet('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'), padding(6), join(''));
+ base.base64url = chain(radix2(6), alphabet('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_'), padding(6), join(''));
+ // base58 code
+ // -----------
+ var genBase58 = function (abc) { return chain(radix(58), alphabet(abc), join('')); };
+ base.base58 = genBase58('123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz');
+ base.base58flickr = genBase58('123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ');
+ base.base58xrp = genBase58('rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz');
+ // xmr ver is done in 8-byte blocks (which equals 11 chars in decoding). Last (non-full) block padded with '1' to size in XMR_BLOCK_LEN.
+ // Block encoding significantly reduces quadratic complexity of base58.
+ // Data len (index) -> encoded block len
+ var XMR_BLOCK_LEN = [0, 2, 3, 5, 6, 7, 9, 10, 11];
+ base.base58xmr = {
+ encode: function (data) {
+ var res = '';
+ for (var i = 0; i < data.length; i += 8) {
+ var block = data.subarray(i, i + 8);
+ res += base.base58.encode(block).padStart(XMR_BLOCK_LEN[block.length], '1');
+ }
+ return res;
+ },
+ decode: function (str) {
+ var res = [];
+ for (var i = 0; i < str.length; i += 11) {
+ var slice = str.slice(i, i + 11);
+ var blockLen = XMR_BLOCK_LEN.indexOf(slice.length);
+ var block = base.base58.decode(slice);
+ for (var j = 0; j < block.length - blockLen; j++) {
+ if (block[j] !== 0)
+ throw new Error('base58xmr: wrong padding');
+ }
+ res = res.concat(Array.from(block.slice(block.length - blockLen)));
+ }
+ return Uint8Array.from(res);
+ },
+ };
+ var base58check = function (sha256) {
+ return chain(checksum(4, function (data) { return sha256(sha256(data)); }), base.base58);
+ };
+ base.base58check = base58check;
+ var BECH_ALPHABET = chain(alphabet('qpzry9x8gf2tvdw0s3jn54khce6mua7l'), join(''));
+ var POLYMOD_GENERATORS = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3];
+ function bech32Polymod(pre) {
+ var b = pre >> 25;
+ var chk = (pre & 0x1ffffff) << 5;
+ for (var i = 0; i < POLYMOD_GENERATORS.length; i++) {
+ if (((b >> i) & 1) === 1)
+ chk ^= POLYMOD_GENERATORS[i];
+ }
+ return chk;
+ }
+ function bechChecksum(prefix, words, encodingConst) {
+ if (encodingConst === void 0) { encodingConst = 1; }
+ var len = prefix.length;
+ var chk = 1;
+ for (var i = 0; i < len; i++) {
+ var c = prefix.charCodeAt(i);
+ if (c < 33 || c > 126)
+ throw new Error("Invalid prefix (".concat(prefix, ")"));
+ chk = bech32Polymod(chk) ^ (c >> 5);
+ }
+ chk = bech32Polymod(chk);
+ for (var i = 0; i < len; i++)
+ chk = bech32Polymod(chk) ^ (prefix.charCodeAt(i) & 0x1f);
+ for (var _i = 0, words_1 = words; _i < words_1.length; _i++) {
+ var v = words_1[_i];
+ chk = bech32Polymod(chk) ^ v;
+ }
+ for (var i = 0; i < 6; i++)
+ chk = bech32Polymod(chk);
+ chk ^= encodingConst;
+ return BECH_ALPHABET.encode(convertRadix2([chk % Math.pow(2, 30)], 30, 5, false));
+ }
+ function genBech32(encoding) {
+ var ENCODING_CONST = encoding === 'bech32' ? 1 : 0x2bc830a3;
+ var _words = radix2(5);
+ var fromWords = _words.decode;
+ var toWords = _words.encode;
+ var fromWordsUnsafe = unsafeWrapper(fromWords);
+ function encode(prefix, words, limit) {
+ if (limit === void 0) { limit = 90; }
+ if (typeof prefix !== 'string')
+ throw new Error("bech32.encode prefix should be string, not ".concat(typeof prefix));
+ if (!Array.isArray(words) || (words.length && typeof words[0] !== 'number'))
+ throw new Error("bech32.encode words should be array of numbers, not ".concat(typeof words));
+ var actualLength = prefix.length + 7 + words.length;
+ if (limit !== false && actualLength > limit)
+ throw new TypeError("Length ".concat(actualLength, " exceeds limit ").concat(limit));
+ prefix = prefix.toLowerCase();
+ return "".concat(prefix, "1").concat(BECH_ALPHABET.encode(words)).concat(bechChecksum(prefix, words, ENCODING_CONST));
+ }
+ function decode(str, limit) {
+ if (limit === void 0) { limit = 90; }
+ if (typeof str !== 'string')
+ throw new Error("bech32.decode input should be string, not ".concat(typeof str));
+ if (str.length < 8 || (limit !== false && str.length > limit))
+ throw new TypeError("Wrong string length: ".concat(str.length, " (").concat(str, "). Expected (8..").concat(limit, ")"));
+ // don't allow mixed case
+ var lowered = str.toLowerCase();
+ if (str !== lowered && str !== str.toUpperCase())
+ throw new Error("String must be lowercase or uppercase");
+ str = lowered;
+ var sepIndex = str.lastIndexOf('1');
+ if (sepIndex === 0 || sepIndex === -1)
+ throw new Error("Letter \"1\" must be present between prefix and data only");
+ var prefix = str.slice(0, sepIndex);
+ var _words = str.slice(sepIndex + 1);
+ if (_words.length < 6)
+ throw new Error('Data must be at least 6 characters long');
+ var words = BECH_ALPHABET.decode(_words).slice(0, -6);
+ var sum = bechChecksum(prefix, words, ENCODING_CONST);
+ if (!_words.endsWith(sum))
+ throw new Error("Invalid checksum in ".concat(str, ": expected \"").concat(sum, "\""));
+ return { prefix: prefix, words: words };
+ }
+ var decodeUnsafe = unsafeWrapper(decode);
+ function decodeToBytes(str) {
+ var _a = decode(str, false), prefix = _a.prefix, words = _a.words;
+ return { prefix: prefix, words: words, bytes: fromWords(words) };
+ }
+ return { encode: encode, decode: decode, decodeToBytes: decodeToBytes, decodeUnsafe: decodeUnsafe, fromWords: fromWords, fromWordsUnsafe: fromWordsUnsafe, toWords: toWords };
+ }
+ base.bech32 = genBech32('bech32');
+ base.bech32m = genBech32('bech32m');
+ base.utf8 = {
+ encode: function (data) { return new TextDecoder().decode(data); },
+ decode: function (str) { return new TextEncoder().encode(str); },
+ };
+ base.hex = chain(radix2(4), alphabet('0123456789abcdef'), join(''), normalize(function (s) {
+ if (typeof s !== 'string' || s.length % 2)
+ throw new TypeError("hex.decode: expected string, got ".concat(typeof s, " with length ").concat(s.length));
+ return s.toLowerCase();
+ }));
+ // prettier-ignore
+ var CODERS = {
+ utf8: base.utf8,
+ hex: base.hex,
+ base16: base.base16,
+ base32: base.base32,
+ base64: base.base64,
+ base64url: base.base64url,
+ base58: base.base58,
+ base58xmr: base.base58xmr
+ };
+ var coderTypeError = "Invalid encoding type. Available types: ".concat(Object.keys(CODERS).join(', '));
+ var bytesToString = function (type, bytes) {
+ if (typeof type !== 'string' || !CODERS.hasOwnProperty(type))
+ throw new TypeError(coderTypeError);
+ if (!(bytes instanceof Uint8Array))
+ throw new TypeError('bytesToString() expects Uint8Array');
+ return CODERS[type].encode(bytes);
+ };
+ base.bytesToString = bytesToString;
+ base.str = base.bytesToString; // as in python, but for bytes only
+ var stringToBytes = function (type, str) {
+ if (!CODERS.hasOwnProperty(type))
+ throw new TypeError(coderTypeError);
+ if (typeof str !== 'string')
+ throw new TypeError('stringToBytes() expects string');
+ return CODERS[type].decode(str);
+ };
+ base.stringToBytes = stringToBytes;
+ base.bytes = base.stringToBytes;
+
+
+ /****
+ *
+ *
+ START OF SECP AND SCHNORR SECTION
+ *
+ *
+ *****/
+
+
+ const _nodeResolve_empty = {};
+
+ const nodeCrypto = /*#__PURE__*/Object.freeze({
+ __proto__: null,
+ 'default': _nodeResolve_empty
+ });
+
+ /*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
+ var _0n = BigInt(0);
+ var _1n = BigInt(1);
+ var _2n = BigInt(2);
+ var _3n = BigInt(3);
+ var _8n = BigInt(8);
+ const CURVE = Object.freeze({
+ a: _0n,
+ b: BigInt(7),
+ P: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
+ n: BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'),
+ h: _1n,
+ Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
+ Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
+ beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
+ });
+ function weistrass(x) {
+ const { a, b } = CURVE;
+ const x2 = mod(x * x);
+ const x3 = mod(x2 * x);
+ return mod(x3 + a * x + b);
+ }
+ const USE_ENDOMORPHISM = CURVE.a === _0n;
+ class ShaError extends Error {
+ constructor(message) {
+ super(message);
+ }
+ }
+ class JacobianPoint {
+ constructor(x, y, z) {
+ this.x = x;
+ this.y = y;
+ this.z = z;
+ }
+ static fromAffine(p) {
+ if (!(p instanceof Point)) {
+ throw new TypeError('JacobianPoint#fromAffine: expected Point');
+ }
+ return new JacobianPoint(p.x, p.y, _1n);
+ }
+ static toAffineBatch(points) {
+ const toInv = invertBatch(points.map((p) => p.z));
+ return points.map((p, i) => p.toAffine(toInv[i]));
+ }
+ static normalizeZ(points) {
+ return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
+ }
+ equals(other) {
+ if (!(other instanceof JacobianPoint))
+ throw new TypeError('JacobianPoint expected');
+ const { x: X1, y: Y1, z: Z1 } = this;
+ const { x: X2, y: Y2, z: Z2 } = other;
+ const Z1Z1 = mod(Z1 * Z1);
+ const Z2Z2 = mod(Z2 * Z2);
+ const U1 = mod(X1 * Z2Z2);
+ const U2 = mod(X2 * Z1Z1);
+ const S1 = mod(mod(Y1 * Z2) * Z2Z2);
+ const S2 = mod(mod(Y2 * Z1) * Z1Z1);
+ return U1 === U2 && S1 === S2;
+ }
+ negate() {
+ return new JacobianPoint(this.x, mod(-this.y), this.z);
+ }
+ double() {
+ const { x: X1, y: Y1, z: Z1 } = this;
+ const A = mod(X1 * X1);
+ const B = mod(Y1 * Y1);
+ const C = mod(B * B);
+ const x1b = X1 + B;
+ const D = mod(_2n * (mod(x1b * x1b) - A - C));
+ const E = mod(_3n * A);
+ const F = mod(E * E);
+ const X3 = mod(F - _2n * D);
+ const Y3 = mod(E * (D - X3) - _8n * C);
+ const Z3 = mod(_2n * Y1 * Z1);
+ return new JacobianPoint(X3, Y3, Z3);
+ }
+ add(other) {
+ if (!(other instanceof JacobianPoint))
+ throw new TypeError('JacobianPoint expected');
+ const { x: X1, y: Y1, z: Z1 } = this;
+ const { x: X2, y: Y2, z: Z2 } = other;
+ if (X2 === _0n || Y2 === _0n)
+ return this;
+ if (X1 === _0n || Y1 === _0n)
+ return other;
+ const Z1Z1 = mod(Z1 * Z1);
+ const Z2Z2 = mod(Z2 * Z2);
+ const U1 = mod(X1 * Z2Z2);
+ const U2 = mod(X2 * Z1Z1);
+ const S1 = mod(mod(Y1 * Z2) * Z2Z2);
+ const S2 = mod(mod(Y2 * Z1) * Z1Z1);
+ const H = mod(U2 - U1);
+ const r = mod(S2 - S1);
+ if (H === _0n) {
+ if (r === _0n) {
+ return this.double();
+ }
+ else {
+ return JacobianPoint.ZERO;
+ }
+ }
+ const HH = mod(H * H);
+ const HHH = mod(H * HH);
+ const V = mod(U1 * HH);
+ const X3 = mod(r * r - HHH - _2n * V);
+ const Y3 = mod(r * (V - X3) - S1 * HHH);
+ const Z3 = mod(Z1 * Z2 * H);
+ return new JacobianPoint(X3, Y3, Z3);
+ }
+ subtract(other) {
+ return this.add(other.negate());
+ }
+ multiplyUnsafe(scalar) {
+ const P0 = JacobianPoint.ZERO;
+ if (typeof scalar === 'bigint' && scalar === _0n)
+ return P0;
+ let n = normalizeScalar(scalar);
+ if (n === _1n)
+ return this;
+ if (!USE_ENDOMORPHISM) {
+ let p = P0;
+ let d = this;
+ while (n > _0n) {
+ if (n & _1n)
+ p = p.add(d);
+ d = d.double();
+ n >>= _1n;
+ }
+ return p;
+ }
+ let { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
+ let k1p = P0;
+ let k2p = P0;
+ let d = this;
+ while (k1 > _0n || k2 > _0n) {
+ if (k1 & _1n)
+ k1p = k1p.add(d);
+ if (k2 & _1n)
+ k2p = k2p.add(d);
+ d = d.double();
+ k1 >>= _1n;
+ k2 >>= _1n;
+ }
+ if (k1neg)
+ k1p = k1p.negate();
+ if (k2neg)
+ k2p = k2p.negate();
+ k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
+ return k1p.add(k2p);
+ }
+ precomputeWindow(W) {
+ const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
+ const points = [];
+ let p = this;
+ let base = p;
+ for (let window = 0; window < windows; window++) {
+ base = p;
+ points.push(base);
+ for (let i = 1; i < 2 ** (W - 1); i++) {
+ base = base.add(p);
+ points.push(base);
+ }
+ p = base.double();
+ }
+ return points;
+ }
+ wNAF(n, affinePoint) {
+ if (!affinePoint && this.equals(JacobianPoint.BASE))
+ affinePoint = Point.BASE;
+ const W = (affinePoint && affinePoint._WINDOW_SIZE) || 1;
+ if (256 % W) {
+ throw new Error('Point#wNAF: Invalid precomputation window, must be power of 2');
+ }
+ let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
+ if (!precomputes) {
+ precomputes = this.precomputeWindow(W);
+ if (affinePoint && W !== 1) {
+ precomputes = JacobianPoint.normalizeZ(precomputes);
+ pointPrecomputes.set(affinePoint, precomputes);
+ }
+ }
+ let p = JacobianPoint.ZERO;
+ let f = JacobianPoint.ZERO;
+ const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
+ const windowSize = 2 ** (W - 1);
+ const mask = BigInt(2 ** W - 1);
+ const maxNumber = 2 ** W;
+ const shiftBy = BigInt(W);
+ for (let window = 0; window < windows; window++) {
+ const offset = window * windowSize;
+ let wbits = Number(n & mask);
+ n >>= shiftBy;
+ if (wbits > windowSize) {
+ wbits -= maxNumber;
+ n += _1n;
+ }
+ if (wbits === 0) {
+ let pr = precomputes[offset];
+ if (window % 2)
+ pr = pr.negate();
+ f = f.add(pr);
+ }
+ else {
+ let cached = precomputes[offset + Math.abs(wbits) - 1];
+ if (wbits < 0)
+ cached = cached.negate();
+ p = p.add(cached);
+ }
+ }
+ return { p, f };
+ }
+ multiply(scalar, affinePoint) {
+ let n = normalizeScalar(scalar);
+ let point;
+ let fake;
+ if (USE_ENDOMORPHISM) {
+ const { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
+ let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
+ let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
+ if (k1neg)
+ k1p = k1p.negate();
+ if (k2neg)
+ k2p = k2p.negate();
+ k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
+ point = k1p.add(k2p);
+ fake = f1p.add(f2p);
+ }
+ else {
+ const { p, f } = this.wNAF(n, affinePoint);
+ point = p;
+ fake = f;
+ }
+ return JacobianPoint.normalizeZ([point, fake])[0];
+ }
+ toAffine(invZ = invert(this.z)) {
+ const { x, y, z } = this;
+ const iz1 = invZ;
+ const iz2 = mod(iz1 * iz1);
+ const iz3 = mod(iz2 * iz1);
+ const ax = mod(x * iz2);
+ const ay = mod(y * iz3);
+ const zz = mod(z * iz1);
+ if (zz !== _1n)
+ throw new Error('invZ was invalid');
+ return new Point(ax, ay);
+ }
+ }
+ JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
+ JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
+ const pointPrecomputes = new WeakMap();
+ class Point {
+ constructor(x, y) {
+ this.x = x;
+ this.y = y;
+ }
+ _setWindowSize(windowSize) {
+ this._WINDOW_SIZE = windowSize;
+ pointPrecomputes.delete(this);
+ }
+ hasEvenY() {
+ return this.y % _2n === _0n;
+ }
+ static fromCompressedHex(bytes) {
+ const isShort = bytes.length === 32;
+ const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
+ if (!isValidFieldElement(x))
+ throw new Error('Point is not on curve');
+ const y2 = weistrass(x);
+ let y = sqrtMod(y2);
+ const isYOdd = (y & _1n) === _1n;
+ if (isShort) {
+ if (isYOdd)
+ y = mod(-y);
+ }
+ else {
+ const isFirstByteOdd = (bytes[0] & 1) === 1;
+ if (isFirstByteOdd !== isYOdd)
+ y = mod(-y);
+ }
+ const point = new Point(x, y);
+ point.assertValidity();
+ return point;
+ }
+ static fromUncompressedHex(bytes) {
+ const x = bytesToNumber(bytes.subarray(1, 33));
+ const y = bytesToNumber(bytes.subarray(33, 65));
+ const point = new Point(x, y);
+ point.assertValidity();
+ return point;
+ }
+ static fromHex(hex) {
+ const bytes = ensureBytes(hex);
+ const len = bytes.length;
+ const header = bytes[0];
+ if (len === 32 || (len === 33 && (header === 0x02 || header === 0x03))) {
+ return this.fromCompressedHex(bytes);
+ }
+ if (len === 65 && header === 0x04)
+ return this.fromUncompressedHex(bytes);
+ throw new Error(`Point.fromHex: received invalid point. Expected 32-33 compressed bytes or 65 uncompressed bytes, not ${len}`);
+ }
+ static fromPrivateKey(privateKey) {
+ return Point.BASE.multiply(normalizePrivateKey(privateKey));
+ }
+ static fromSignature(msgHash, signature, recovery) {
+ msgHash = ensureBytes(msgHash);
+ const h = truncateHash(msgHash);
+ const { r, s } = normalizeSignature(signature);
+ if (recovery !== 0 && recovery !== 1) {
+ throw new Error('Cannot recover signature: invalid recovery bit');
+ }
+ const prefix = recovery & 1 ? '03' : '02';
+ const R = Point.fromHex(prefix + numTo32bStr(r));
+ const { n } = CURVE;
+ const rinv = invert(r, n);
+ const u1 = mod(-h * rinv, n);
+ const u2 = mod(s * rinv, n);
+ const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
+ if (!Q)
+ throw new Error('Cannot recover signature: point at infinify');
+ Q.assertValidity();
+ return Q;
+ }
+ toRawBytes(isCompressed = false) {
+ return hexToBytes(this.toHex(isCompressed));
+ }
+ toHex(isCompressed = false) {
+ const x = numTo32bStr(this.x);
+ if (isCompressed) {
+ const prefix = this.hasEvenY() ? '02' : '03';
+ return `${prefix}${x}`;
+ }
+ else {
+ return `04${x}${numTo32bStr(this.y)}`;
+ }
+ }
+ toHexX() {
+ return this.toHex(true).slice(2);
+ }
+ toRawX() {
+ return this.toRawBytes(true).slice(1);
+ }
+ assertValidity() {
+ const msg = 'Point is not on elliptic curve';
+ const { x, y } = this;
+ if (!isValidFieldElement(x) || !isValidFieldElement(y))
+ throw new Error(msg);
+ const left = mod(y * y);
+ const right = weistrass(x);
+ if (mod(left - right) !== _0n)
+ throw new Error(msg);
+ }
+ equals(other) {
+ return this.x === other.x && this.y === other.y;
+ }
+ negate() {
+ return new Point(this.x, mod(-this.y));
+ }
+ double() {
+ return JacobianPoint.fromAffine(this).double().toAffine();
+ }
+ add(other) {
+ return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
+ }
+ subtract(other) {
+ return this.add(other.negate());
+ }
+ multiply(scalar) {
+ return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
+ }
+ multiplyAndAddUnsafe(Q, a, b) {
+ const P = JacobianPoint.fromAffine(this);
+ const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
+ const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
+ const sum = aP.add(bQ);
+ return sum.equals(JacobianPoint.ZERO) ? undefined : sum.toAffine();
+ }
+ }
+ Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
+ Point.ZERO = new Point(_0n, _0n);
+ function sliceDER(s) {
+ return Number.parseInt(s[0], 16) >= 8 ? '00' + s : s;
+ }
+ function parseDERInt(data) {
+ if (data.length < 2 || data[0] !== 0x02) {
+ throw new Error(`Invalid signature integer tag: ${bytesToHex(data)}`);
+ }
+ const len = data[1];
+ const res = data.subarray(2, len + 2);
+ if (!len || res.length !== len) {
+ throw new Error(`Invalid signature integer: wrong length`);
+ }
+ if (res[0] === 0x00 && res[1] <= 0x7f) {
+ throw new Error('Invalid signature integer: trailing length');
+ }
+ return { data: bytesToNumber(res), left: data.subarray(len + 2) };
+ }
+ function parseDERSignature(data) {
+ if (data.length < 2 || data[0] != 0x30) {
+ throw new Error(`Invalid signature tag: ${bytesToHex(data)}`);
+ }
+ if (data[1] !== data.length - 2) {
+ throw new Error('Invalid signature: incorrect length');
+ }
+ const { data: r, left: sBytes } = parseDERInt(data.subarray(2));
+ const { data: s, left: rBytesLeft } = parseDERInt(sBytes);
+ if (rBytesLeft.length) {
+ throw new Error(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
+ }
+ return { r, s };
+ }
+ class Signature {
+ constructor(r, s) {
+ this.r = r;
+ this.s = s;
+ this.assertValidity();
+ }
+ static fromCompact(hex) {
+ const arr = hex instanceof Uint8Array;
+ const name = 'Signature.fromCompact';
+ if (typeof hex !== 'string' && !arr)
+ throw new TypeError(`${name}: Expected string or Uint8Array`);
+ const str = arr ? bytesToHex(hex) : hex;
+ if (str.length !== 128)
+ throw new Error(`${name}: Expected 64-byte hex`);
+ return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
+ }
+ static fromDER(hex) {
+ const arr = hex instanceof Uint8Array;
+ if (typeof hex !== 'string' && !arr)
+ throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
+ const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
+ return new Signature(r, s);
+ }
+ static fromHex(hex) {
+ return this.fromDER(hex);
+ }
+ assertValidity() {
+ const { r, s } = this;
+ if (!isWithinCurveOrder(r))
+ throw new Error('Invalid Signature: r must be 0 < r < n');
+ if (!isWithinCurveOrder(s))
+ throw new Error('Invalid Signature: s must be 0 < s < n');
+ }
+ hasHighS() {
+ const HALF = CURVE.n >> _1n;
+ return this.s > HALF;
+ }
+ normalizeS() {
+ return this.hasHighS() ? new Signature(this.r, CURVE.n - this.s) : this;
+ }
+ toDERRawBytes(isCompressed = false) {
+ return hexToBytes(this.toDERHex(isCompressed));
+ }
+ toDERHex(isCompressed = false) {
+ const sHex = sliceDER(numberToHexUnpadded(this.s));
+ if (isCompressed)
+ return sHex;
+ const rHex = sliceDER(numberToHexUnpadded(this.r));
+ const rLen = numberToHexUnpadded(rHex.length / 2);
+ const sLen = numberToHexUnpadded(sHex.length / 2);
+ const length = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
+ return `30${length}02${rLen}${rHex}02${sLen}${sHex}`;
+ }
+ toRawBytes() {
+ return this.toDERRawBytes();
+ }
+ toHex() {
+ return this.toDERHex();
+ }
+ toCompactRawBytes() {
+ return hexToBytes(this.toCompactHex());
+ }
+ toCompactHex() {
+ return numTo32bStr(this.r) + numTo32bStr(this.s);
+ }
+ }
+ function concatBytes(...arrays) {
+ if (!arrays.every((b) => b instanceof Uint8Array))
+ throw new Error('Uint8Array list expected');
+ if (arrays.length === 1)
+ return arrays[0];
+ const length = arrays.reduce((a, arr) => a + arr.length, 0);
+ const result = new Uint8Array(length);
+ for (let i = 0, pad = 0; i < arrays.length; i++) {
+ const arr = arrays[i];
+ result.set(arr, pad);
+ pad += arr.length;
+ }
+ return result;
+ }
+ var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
+ function bytesToHex(uint8a) {
+ if (!(uint8a instanceof Uint8Array))
+ throw new Error('Expected Uint8Array');
+ let hex = '';
+ for (let i = 0; i < uint8a.length; i++) {
+ hex += hexes[uint8a[i]];
+ }
+ return hex;
+ }
+
+ secp.bytesToHex = bytesToHex
+
+ const POW_2_256 = BigInt('0x10000000000000000000000000000000000000000000000000000000000000000');
+ function numTo32bStr(num) {
+ if (typeof num !== 'bigint')
+ throw new Error('Expected bigint');
+ if (!(_0n <= num && num < POW_2_256))
+ throw new Error('Expected number < 2^256');
+ return num.toString(16).padStart(64, '0');
+ }
+ function numTo32b(num) {
+ const b = hexToBytes(numTo32bStr(num));
+ if (b.length !== 32)
+ throw new Error('Error: expected 32 bytes');
+ return b;
+ }
+ function numberToHexUnpadded(num) {
+ const hex = num.toString(16);
+ return hex.length & 1 ? `0${hex}` : hex;
+ }
+ function hexToNumber(hex) {
+ if (typeof hex !== 'string') {
+ throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
+ }
+ return BigInt(`0x${hex}`);
+ }
+
+ secp.hexToNumber = hexToNumber;
+
+ function hexToBytes(hex) {
+ if (typeof hex !== 'string') {
+ throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
+ }
+ if (hex.length % 2)
+ throw new Error('hexToBytes: received invalid unpadded hex' + hex.length);
+ const array = new Uint8Array(hex.length / 2);
+ for (let i = 0; i < array.length; i++) {
+ const j = i * 2;
+ const hexByte = hex.slice(j, j + 2);
+ const byte = Number.parseInt(hexByte, 16);
+ if (Number.isNaN(byte) || byte < 0)
+ throw new Error('Invalid byte sequence');
+ array[i] = byte;
+ }
+ return array;
+ }
+
+ secp.hexToBytes = hexToBytes;
+
+ function bytesToNumber(bytes) {
+ return hexToNumber(bytesToHex(bytes));
+ }
+
+ secp.bytesToNumber = bytesToNumber;
+
+ function ensureBytes(hex) {
+ return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
+ }
+ function normalizeScalar(num) {
+ if (typeof num === 'number' && Number.isSafeInteger(num) && num > 0)
+ return BigInt(num);
+ if (typeof num === 'bigint' && isWithinCurveOrder(num))
+ return num;
+ throw new TypeError('Expected valid private scalar: 0 < scalar < curve.n');
+ }
+ function mod(a, b = CURVE.P) {
+ const result = a % b;
+ return result >= _0n ? result : b + result;
+ }
+ function pow2(x, power) {
+ const { P } = CURVE;
+ let res = x;
+ while (power-- > _0n) {
+ res *= res;
+ res %= P;
+ }
+ return res;
+ }
+ function sqrtMod(x) {
+ const { P } = CURVE;
+ const _6n = BigInt(6);
+ const _11n = BigInt(11);
+ const _22n = BigInt(22);
+ const _23n = BigInt(23);
+ const _44n = BigInt(44);
+ const _88n = BigInt(88);
+ const b2 = (x * x * x) % P;
+ const b3 = (b2 * b2 * x) % P;
+ const b6 = (pow2(b3, _3n) * b3) % P;
+ const b9 = (pow2(b6, _3n) * b3) % P;
+ const b11 = (pow2(b9, _2n) * b2) % P;
+ const b22 = (pow2(b11, _11n) * b11) % P;
+ const b44 = (pow2(b22, _22n) * b22) % P;
+ const b88 = (pow2(b44, _44n) * b44) % P;
+ const b176 = (pow2(b88, _88n) * b88) % P;
+ const b220 = (pow2(b176, _44n) * b44) % P;
+ const b223 = (pow2(b220, _3n) * b3) % P;
+ const t1 = (pow2(b223, _23n) * b22) % P;
+ const t2 = (pow2(t1, _6n) * b2) % P;
+ return pow2(t2, _2n);
+ }
+ function invert(number, modulo = CURVE.P) {
+ if (number === _0n || modulo <= _0n) {
+ throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
+ }
+ let a = mod(number, modulo);
+ let b = modulo;
+ let x = _0n, u = _1n;
+ while (a !== _0n) {
+ const q = b / a;
+ const r = b % a;
+ const m = x - u * q;
+ b = a, a = r, x = u, u = m;
+ }
+ const gcd = b;
+ if (gcd !== _1n)
+ throw new Error('invert: does not exist');
+ return mod(x, modulo);
+ }
+ function invertBatch(nums, p = CURVE.P) {
+ const scratch = new Array(nums.length);
+ const lastMultiplied = nums.reduce((acc, num, i) => {
+ if (num === _0n)
+ return acc;
+ scratch[i] = acc;
+ return mod(acc * num, p);
+ }, _1n);
+ const inverted = invert(lastMultiplied, p);
+ nums.reduceRight((acc, num, i) => {
+ if (num === _0n)
+ return acc;
+ scratch[i] = mod(acc * scratch[i], p);
+ return mod(acc * num, p);
+ }, inverted);
+ return scratch;
+ }
+ const divNearest = (a, b) => (a + b / _2n) / b;
+ const ENDO = {
+ a1: BigInt('0x3086d221a7d46bcde86c90e49284eb15'),
+ b1: -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'),
+ a2: BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'),
+ b2: BigInt('0x3086d221a7d46bcde86c90e49284eb15'),
+ POW_2_128: BigInt('0x100000000000000000000000000000000'),
+ };
+ function splitScalarEndo(k) {
+ const { n } = CURVE;
+ const { a1, b1, a2, b2, POW_2_128 } = ENDO;
+ const c1 = divNearest(b2 * k, n);
+ const c2 = divNearest(-b1 * k, n);
+ let k1 = mod(k - c1 * a1 - c2 * a2, n);
+ let k2 = mod(-c1 * b1 - c2 * b2, n);
+ const k1neg = k1 > POW_2_128;
+ const k2neg = k2 > POW_2_128;
+ if (k1neg)
+ k1 = n - k1;
+ if (k2neg)
+ k2 = n - k2;
+ if (k1 > POW_2_128 || k2 > POW_2_128) {
+ throw new Error('splitScalarEndo: Endomorphism failed, k=' + k);
+ }
+ return { k1neg, k1, k2neg, k2 };
+ }
+ function truncateHash(hash) {
+ const { n } = CURVE;
+ const byteLength = hash.length;
+ const delta = byteLength * 8 - 256;
+ let h = bytesToNumber(hash);
+ if (delta > 0)
+ h = h >> BigInt(delta);
+ if (h >= n)
+ h -= n;
+ return h;
+ }
+ let _sha256Sync;
+ let _hmacSha256Sync;
+ class HmacDrbg {
+ constructor() {
+ this.v = new Uint8Array(32).fill(1);
+ this.k = new Uint8Array(32).fill(0);
+ this.counter = 0;
+ }
+ hmac(...values) {
+ return utils.hmacSha256(this.k, ...values);
+ }
+ hmacSync(...values) {
+ return _hmacSha256Sync(this.k, ...values);
+ }
+ checkSync() {
+ if (typeof _hmacSha256Sync !== 'function')
+ throw new ShaError('hmacSha256Sync needs to be set');
+ }
+ incr() {
+ if (this.counter >= 1000)
+ throw new Error('Tried 1,000 k values for sign(), all were invalid');
+ this.counter += 1;
+ }
+ async reseed(seed = new Uint8Array()) {
+ this.k = await this.hmac(this.v, Uint8Array.from([0x00]), seed);
+ this.v = await this.hmac(this.v);
+ if (seed.length === 0)
+ return;
+ this.k = await this.hmac(this.v, Uint8Array.from([0x01]), seed);
+ this.v = await this.hmac(this.v);
+ }
+ reseedSync(seed = new Uint8Array()) {
+ this.checkSync();
+ this.k = this.hmacSync(this.v, Uint8Array.from([0x00]), seed);
+ this.v = this.hmacSync(this.v);
+ if (seed.length === 0)
+ return;
+ this.k = this.hmacSync(this.v, Uint8Array.from([0x01]), seed);
+ this.v = this.hmacSync(this.v);
+ }
+ async generate() {
+ this.incr();
+ this.v = await this.hmac(this.v);
+ return this.v;
+ }
+ generateSync() {
+ this.checkSync();
+ this.incr();
+ this.v = this.hmacSync(this.v);
+ return this.v;
+ }
+ }
+ function isWithinCurveOrder(num) {
+ return _0n < num && num < CURVE.n;
+ }
+ function isValidFieldElement(num) {
+ return _0n < num && num < CURVE.P;
+ }
+ function kmdToSig(kBytes, m, d) {
+ const k = bytesToNumber(kBytes);
+ if (!isWithinCurveOrder(k))
+ return;
+ const { n } = CURVE;
+ const q = Point.BASE.multiply(k);
+ const r = mod(q.x, n);
+ if (r === _0n)
+ return;
+ const s = mod(invert(k, n) * mod(m + d * r, n), n);
+ if (s === _0n)
+ return;
+ const sig = new Signature(r, s);
+ const recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
+ return { sig, recovery };
+ }
+ function normalizePrivateKey(key) {
+ let num;
+ if (typeof key === 'bigint') {
+ num = key;
+ }
+ else if (typeof key === 'number' && Number.isSafeInteger(key) && key > 0) {
+ num = BigInt(key);
+ }
+ else if (typeof key === 'string') {
+ if (key.length !== 64)
+ throw new Error('Expected 32 bytes of private key');
+ num = hexToNumber(key);
+ }
+ else if (key instanceof Uint8Array) {
+ if (key.length !== 32)
+ throw new Error('Expected 32 bytes of private key');
+ num = bytesToNumber(key);
+ }
+ else {
+ throw new TypeError('Expected valid private key');
+ }
+ if (!isWithinCurveOrder(num))
+ throw new Error('Expected private key: 0 < key < n');
+ return num;
+ }
+ function normalizePublicKey(publicKey) {
+ if (publicKey instanceof Point) {
+ publicKey.assertValidity();
+ return publicKey;
+ }
+ else {
+ return Point.fromHex(publicKey);
+ }
+ }
+ function normalizeSignature(signature) {
+ if (signature instanceof Signature) {
+ signature.assertValidity();
+ return signature;
+ }
+ try {
+ return Signature.fromDER(signature);
+ }
+ catch (error) {
+ return Signature.fromCompact(signature);
+ }
+ }
+ function getPublicKey(privateKey, isCompressed = false) {
+ return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);
+ }
+ function recoverPublicKey(msgHash, signature, recovery, isCompressed = false) {
+ return Point.fromSignature(msgHash, signature, recovery).toRawBytes(isCompressed);
+ }
+ function isProbPub(item) {
+ const arr = item instanceof Uint8Array;
+ const str = typeof item === 'string';
+ const len = (arr || str) && item.length;
+ if (arr)
+ return len === 33 || len === 65;
+ if (str)
+ return len === 66 || len === 130;
+ if (item instanceof Point)
+ return true;
+ return false;
+ }
+ function getSharedSecret(privateA, publicB, isCompressed = false) {
+ if (isProbPub(privateA))
+ throw new TypeError('getSharedSecret: first arg must be private key');
+ if (!isProbPub(publicB))
+ throw new TypeError('getSharedSecret: second arg must be public key');
+ const b = normalizePublicKey(publicB);
+ b.assertValidity();
+ return b.multiply(normalizePrivateKey(privateA)).toRawBytes(isCompressed);
+ }
+ function bits2int(bytes) {
+ const slice = bytes.length > 32 ? bytes.slice(0, 32) : bytes;
+ return bytesToNumber(slice);
+ }
+ function bits2octets(bytes) {
+ const z1 = bits2int(bytes);
+ const z2 = mod(z1, CURVE.n);
+ return int2octets(z2 < _0n ? z1 : z2);
+ }
+ function int2octets(num) {
+ return numTo32b(num);
+ }
+ function initSigArgs(msgHash, privateKey, extraEntropy) {
+ if (msgHash == null)
+ throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
+ const h1 = ensureBytes(msgHash);
+ const d = normalizePrivateKey(privateKey);
+ const seedArgs = [int2octets(d), bits2octets(h1)];
+ if (extraEntropy != null) {
+ if (extraEntropy === true)
+ extraEntropy = utils.randomBytes(32);
+ const e = ensureBytes(extraEntropy);
+ if (e.length !== 32)
+ throw new Error('sign: Expected 32 bytes of extra data');
+ seedArgs.push(e);
+ }
+ const seed = concatBytes(...seedArgs);
+ const m = bits2int(h1);
+ return { seed, m, d };
+ }
+ function finalizeSig(recSig, opts) {
+ let { sig, recovery } = recSig;
+ const { canonical, der, recovered } = Object.assign({ canonical: true, der: true }, opts);
+ if (canonical && sig.hasHighS()) {
+ sig = sig.normalizeS();
+ recovery ^= 1;
+ }
+ const hashed = der ? sig.toDERRawBytes() : sig.toCompactRawBytes();
+ return recovered ? [hashed, recovery] : hashed;
+ }
+ async function sign(msgHash, privKey, opts = {}) {
+ const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
+ let sig;
+ const drbg = new HmacDrbg();
+ await drbg.reseed(seed);
+ while (!(sig = kmdToSig(await drbg.generate(), m, d)))
+ await drbg.reseed();
+ return finalizeSig(sig, opts);
+ }
+ function signSync(msgHash, privKey, opts = {}) {
+ const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
+ let sig;
+ const drbg = new HmacDrbg();
+ drbg.reseedSync(seed);
+ while (!(sig = kmdToSig(drbg.generateSync(), m, d)))
+ drbg.reseedSync();
+ return finalizeSig(sig, opts);
+ }
+ const vopts = { strict: true };
+ function verify(signature, msgHash, publicKey, opts = vopts) {
+ let sig;
+ try {
+ sig = normalizeSignature(signature);
+ msgHash = ensureBytes(msgHash);
+ }
+ catch (error) {
+ return false;
+ }
+ const { r, s } = sig;
+ if (opts.strict && sig.hasHighS())
+ return false;
+ const h = truncateHash(msgHash);
+ let P;
+ try {
+ P = normalizePublicKey(publicKey);
+ }
+ catch (error) {
+ return false;
+ }
+ const { n } = CURVE;
+ const sinv = invert(s, n);
+ const u1 = mod(h * sinv, n);
+ const u2 = mod(r * sinv, n);
+ const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
+ if (!R)
+ return false;
+ const v = mod(R.x, n);
+ return v === r;
+ }
+ function schnorrChallengeFinalize(ch) {
+ return mod(bytesToNumber(ch), CURVE.n);
+ }
+ class SchnorrSignature {
+ constructor(r, s) {
+ this.r = r;
+ this.s = s;
+ this.assertValidity();
+ }
+ static fromHex(hex) {
+ const bytes = ensureBytes(hex);
+ if (bytes.length !== 64)
+ throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${bytes.length}`);
+ const r = bytesToNumber(bytes.subarray(0, 32));
+ const s = bytesToNumber(bytes.subarray(32, 64));
+ return new SchnorrSignature(r, s);
+ }
+ assertValidity() {
+ const { r, s } = this;
+ if (!isValidFieldElement(r) || !isWithinCurveOrder(s))
+ throw new Error('Invalid signature');
+ }
+ toHex() {
+ return numTo32bStr(this.r) + numTo32bStr(this.s);
+ }
+ toRawBytes() {
+ return hexToBytes(this.toHex());
+ }
+ }
+ function schnorrGetPublicKey(privateKey) {
+ return Point.fromPrivateKey(privateKey).toRawX();
+ }
+ class InternalSchnorrSignature {
+ constructor(message, privateKey, auxRand = utils.randomBytes()) {
+ if (message == null)
+ throw new TypeError(`sign: Expected valid message, not "${message}"`);
+ this.m = ensureBytes(message);
+ const { x, scalar } = this.getScalar(normalizePrivateKey(privateKey));
+ this.px = x;
+ this.d = scalar;
+ this.rand = ensureBytes(auxRand);
+ if (this.rand.length !== 32)
+ throw new TypeError('sign: Expected 32 bytes of aux randomness');
+ }
+ getScalar(priv) {
+ const point = Point.fromPrivateKey(priv);
+ const scalar = point.hasEvenY() ? priv : CURVE.n - priv;
+ return { point, scalar, x: point.toRawX() };
+ }
+ initNonce(d, t0h) {
+ return numTo32b(d ^ bytesToNumber(t0h));
+ }
+ finalizeNonce(k0h) {
+ const k0 = mod(bytesToNumber(k0h), CURVE.n);
+ if (k0 === _0n)
+ throw new Error('sign: Creation of signature failed. k is zero');
+ const { point: R, x: rx, scalar: k } = this.getScalar(k0);
+ return { R, rx, k };
+ }
+ finalizeSig(R, k, e, d) {
+ return new SchnorrSignature(R.x, mod(k + e * d, CURVE.n)).toRawBytes();
+ }
+ error() {
+ throw new Error('sign: Invalid signature produced');
+ }
+ async calc() {
+ const { m, d, px, rand } = this;
+ const tag = utils.taggedHash;
+ const t = this.initNonce(d, await tag(TAGS.aux, rand));
+ const { R, rx, k } = this.finalizeNonce(await tag(TAGS.nonce, t, px, m));
+ const e = schnorrChallengeFinalize(await tag(TAGS.challenge, rx, px, m));
+ const sig = this.finalizeSig(R, k, e, d);
+ if (!(await schnorrVerify(sig, m, px)))
+ this.error();
+ return sig;
+ }
+ calcSync() {
+ const { m, d, px, rand } = this;
+ const tag = utils.taggedHashSync;
+ const t = this.initNonce(d, tag(TAGS.aux, rand));
+ const { R, rx, k } = this.finalizeNonce(tag(TAGS.nonce, t, px, m));
+ const e = schnorrChallengeFinalize(tag(TAGS.challenge, rx, px, m));
+ const sig = this.finalizeSig(R, k, e, d);
+ if (!schnorrVerifySync(sig, m, px))
+ this.error();
+ return sig;
+ }
+ }
+ async function schnorrSign(msg, privKey, auxRand) {
+ return new InternalSchnorrSignature(msg, privKey, auxRand).calc();
+ }
+ function schnorrSignSync(msg, privKey, auxRand) {
+ return new InternalSchnorrSignature(msg, privKey, auxRand).calcSync();
+ }
+ function initSchnorrVerify(signature, message, publicKey) {
+ const raw = signature instanceof SchnorrSignature;
+ const sig = raw ? signature : SchnorrSignature.fromHex(signature);
+ if (raw)
+ sig.assertValidity();
+ return {
+ ...sig,
+ m: ensureBytes(message),
+ P: normalizePublicKey(publicKey),
+ };
+ }
+ function finalizeSchnorrVerify(r, P, s, e) {
+ const R = Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), mod(-e, CURVE.n));
+ if (!R || !R.hasEvenY() || R.x !== r)
+ return false;
+ return true;
+ }
+ async function schnorrVerify(signature, message, publicKey) {
+ try {
+ const { r, s, m, P } = initSchnorrVerify(signature, message, publicKey);
+ const e = schnorrChallengeFinalize(await utils.taggedHash(TAGS.challenge, numTo32b(r), P.toRawX(), m));
+ return finalizeSchnorrVerify(r, P, s, e);
+ }
+ catch (error) {
+ return false;
+ }
+ }
+ function schnorrVerifySync(signature, message, publicKey) {
+ try {
+ const { r, s, m, P } = initSchnorrVerify(signature, message, publicKey);
+ const e = schnorrChallengeFinalize(utils.taggedHashSync(TAGS.challenge, numTo32b(r), P.toRawX(), m));
+ return finalizeSchnorrVerify(r, P, s, e);
+ }
+ catch (error) {
+ if (error instanceof ShaError)
+ throw error;
+ return false;
+ }
+ }
+ const schnorr = {
+ Signature: SchnorrSignature,
+ getPublicKey: schnorrGetPublicKey,
+ sign: schnorrSign,
+ verify: schnorrVerify,
+ signSync: schnorrSignSync,
+ verifySync: schnorrVerifySync,
+ };
+ Point.BASE._setWindowSize(8);
+ const crypto = {
+ node: nodeCrypto,
+ web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined,
+ };
+ const TAGS = {
+ challenge: 'BIP0340/challenge',
+ aux: 'BIP0340/aux',
+ nonce: 'BIP0340/nonce',
+ };
+ const TAGGED_HASH_PREFIXES = {};
+ var utils = {
+ bytesToHex,
+ hexToBytes,
+ randomBytes,
+ concatBytes,
+ mod,
+ invert,
+ isValidPrivateKey(privateKey) {
+ try {
+ normalizePrivateKey(privateKey);
+ return true;
+ }
+ catch (error) {
+ return false;
+ }
+ },
+ _bigintTo32Bytes: numTo32b,
+ _normalizePrivateKey: normalizePrivateKey,
+ hashToPrivateKey: (hash) => {
+ hash = ensureBytes(hash);
+ if (hash.length < 40 || hash.length > 1024)
+ throw new Error('Expected 40-1024 bytes of private key as per FIPS 186');
+ const num = mod(bytesToNumber(hash), CURVE.n - _1n) + _1n;
+ return numTo32b(num);
+ },
+ randomBytes: (bytesLength = 32) => {
+ if (crypto.web) {
+ return crypto.web.getRandomValues(new Uint8Array(bytesLength));
+ }
+ else if (crypto.node) {
+ const { randomBytes } = crypto.node;
+ return Uint8Array.from(randomBytes(bytesLength));
+ }
+ else {
+ throw new Error("The environment doesn't have randomBytes function");
+ }
+ },
+ randomPrivateKey: () => {
+ return utils.hashToPrivateKey(utils.randomBytes(40));
+ },
+ sha256: async (...messages) => {
+ if (crypto.web) {
+ const buffer = await crypto.web.subtle.digest('SHA-256', concatBytes(...messages));
+ return new Uint8Array(buffer);
+ }
+ else if (crypto.node) {
+ const { createHash } = crypto.node;
+ const hash = createHash('sha256');
+ messages.forEach((m) => hash.update(m));
+ return Uint8Array.from(hash.digest());
+ }
+ else {
+ throw new Error("The environment doesn't have sha256 function");
+ }
+ },
+ hmacSha256: async (key, ...messages) => {
+ if (crypto.web) {
+ const ckey = await crypto.web.subtle.importKey('raw', key, { name: 'HMAC', hash: { name: 'SHA-256' } }, false, ['sign']);
+ const message = concatBytes(...messages);
+ const buffer = await crypto.web.subtle.sign('HMAC', ckey, message);
+ return new Uint8Array(buffer);
+ }
+ else if (crypto.node) {
+ const { createHmac } = crypto.node;
+ const hash = createHmac('sha256', key);
+ messages.forEach((m) => hash.update(m));
+ return Uint8Array.from(hash.digest());
+ }
+ else {
+ throw new Error("The environment doesn't have hmac-sha256 function");
+ }
+ },
+ sha256Sync: undefined,
+ hmacSha256Sync: undefined,
+ taggedHash: async (tag, ...messages) => {
+ let tagP = TAGGED_HASH_PREFIXES[tag];
+ if (tagP === undefined) {
+ const tagH = await utils.sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
+ tagP = concatBytes(tagH, tagH);
+ TAGGED_HASH_PREFIXES[tag] = tagP;
+ }
+ return utils.sha256(tagP, ...messages);
+ },
+ taggedHashSync: (tag, ...messages) => {
+ if (typeof _sha256Sync !== 'function')
+ throw new ShaError('sha256Sync is undefined, you need to set it');
+ let tagP = TAGGED_HASH_PREFIXES[tag];
+ if (tagP === undefined) {
+ const tagH = _sha256Sync(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
+ tagP = concatBytes(tagH, tagH);
+ TAGGED_HASH_PREFIXES[tag] = tagP;
+ }
+ return _sha256Sync(tagP, ...messages);
+ },
+ precompute(windowSize = 8, point = Point.BASE) {
+ const cached = point === Point.BASE ? point : new Point(point.x, point.y);
+ cached._setWindowSize(windowSize);
+ cached.multiply(_3n);
+ return cached;
+ },
+ };
+ Object.defineProperties(utils, {
+ sha256Sync: {
+ configurable: false,
+ get() {
+ return _sha256Sync;
+ },
+ set(val) {
+ if (!_sha256Sync)
+ _sha256Sync = val;
+ },
+ },
+ hmacSha256Sync: {
+ configurable: false,
+ get() {
+ return _hmacSha256Sync;
+ },
+ set(val) {
+ if (!_hmacSha256Sync)
+ _hmacSha256Sync = val;
+ },
+ },
+ });
+
+ //var secp = {};
+
+ secp.CURVE = CURVE;
+ secp.Point = Point;
+ secp.Signature = Signature;
+ secp.getPublicKey = getPublicKey;
+ secp.getSharedSecret = getSharedSecret;
+ secp.recoverPublicKey = recoverPublicKey;
+ secp.schnorr = schnorr;
+ secp.sign = sign;
+ secp.signSync = signSync;
+ secp.utils = utils;
+ secp.verify = verify;
+
+
+
+ /******
+ *
+ START OF HASH SECTION
+ *
+ *
+ ******/
+
+
+ //hashmini = {};
+ /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+ // Cast array to different type
+ const u8 = (arr) => new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
+ const u32 = (arr) => new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+ // Cast array to view
+ const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+ // The rotate right (circular right shift) operation for uint32
+ const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
+ const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
+ // There is almost no big endian hardware, but js typed arrays uses platform specific endianness.
+ // So, just to be sure not to corrupt anything.
+ if (!isLE)
+ throw new Error('Non little-endian hardware is not supported');
+ var hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
+ /**
+ * @example bytesToHex(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]))
+ */
+ function bytesToHex(uint8a) {
+ // pre-caching improves the speed 6x
+ if (!(uint8a instanceof Uint8Array))
+ throw new Error('Uint8Array expected');
+ let hex = '';
+ for (let i = 0; i < uint8a.length; i++) {
+ hex += hexes[uint8a[i]];
+ }
+ return hex;
+ }
+ /**
+ * @example hexToBytes('deadbeef')
+ */
+ function hexToBytes(hex) {
+ if (typeof hex !== 'string') {
+ throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
+ }
+ if (hex.length % 2)
+ throw new Error('hexToBytes: received invalid unpadded hex');
+ const array = new Uint8Array(hex.length / 2);
+ for (let i = 0; i < array.length; i++) {
+ const j = i * 2;
+ const hexByte = hex.slice(j, j + 2);
+ const byte = Number.parseInt(hexByte, 16);
+ if (Number.isNaN(byte) || byte < 0)
+ throw new Error('Invalid byte sequence');
+ array[i] = byte;
+ }
+ return array;
+ }
+ // There is no setImmediate in browser and setTimeout is slow. However, call to async function will return Promise
+ // which will be fullfiled only on next scheduler queue processing step and this is exactly what we need.
+ const nextTick = async () => { };
+ // Returns control to thread each 'tick' ms to avoid blocking
+ async function asyncLoop(iters, tick, cb) {
+ let ts = Date.now();
+ for (let i = 0; i < iters; i++) {
+ cb(i);
+ // Date.now() is not monotonic, so in case if clock goes backwards we return return control too
+ const diff = Date.now() - ts;
+ if (diff >= 0 && diff < tick)
+ continue;
+ await nextTick();
+ ts += diff;
+ }
+ }
+ function utf8ToBytes(str) {
+ if (typeof str !== 'string') {
+ throw new TypeError(`utf8ToBytes expected string, got ${typeof str}`);
+ }
+ return new TextEncoder().encode(str);
+ }
+ function toBytes(data) {
+ if (typeof data === 'string')
+ data = utf8ToBytes(data);
+ if (!(data instanceof Uint8Array))
+ throw new TypeError(`Expected input type is Uint8Array (got ${typeof data})`);
+ return data;
+ }
+ // For runtime check if class implements interface
+ class Hash {
+ // Safe version that clones internal state
+ clone() {
+ return this._cloneInto();
+ }
+ }
+ // Check if object doens't have custom constructor (like Uint8Array/Array)
+ var isPlainObject = (obj) => Object.prototype.toString.call(obj) === '[object Object]' && obj.constructor === Object;
+ function checkOpts(defaults, opts) {
+ if (opts !== undefined && (typeof opts !== 'object' || !isPlainObject(opts)))
+ throw new TypeError('Options should be object or undefined');
+ const merged = Object.assign(defaults, opts);
+ return merged;
+ }
+ function wrapConstructor(hashConstructor) {
+ const hashC = (message) => hashConstructor().update(toBytes(message)).digest();
+ const tmp = hashConstructor();
+ hashC.outputLen = tmp.outputLen;
+ hashC.blockLen = tmp.blockLen;
+ hashC.create = () => hashConstructor();
+ return hashC;
+ }
+ function wrapConstructorWithOpts(hashCons) {
+ const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();
+ const tmp = hashCons({});
+ hashC.outputLen = tmp.outputLen;
+ hashC.blockLen = tmp.blockLen;
+ hashC.create = (opts) => hashCons(opts);
+ return hashC;
+ }
+ /**
+ * Secure PRNG
+ */
+ function randomBytes(bytesLength = 32) {
+ if (crypto.crypto.web) {
+ return crypto.crypto.web.getRandomValues(new Uint8Array(bytesLength));
+ }
+ else if (crypto.crypto.node) {
+ return new Uint8Array(crypto.crypto.node.randomBytes(bytesLength).buffer);
+ }
+ else {
+ throw new Error("The environment doesn't have randomBytes function");
+ }
+ }
+
+ function number(n) {
+ if (!Number.isSafeInteger(n) || n < 0)
+ throw new Error(`Wrong positive integer: ${n}`);
+ }
+ function bool(b) {
+ if (typeof b !== 'boolean')
+ throw new Error(`Expected boolean, not ${b}`);
+ }
+ function bytes(b, ...lengths) {
+ if (!(b instanceof Uint8Array))
+ throw new TypeError('Expected Uint8Array');
+ if (lengths.length > 0 && !lengths.includes(b.length))
+ throw new TypeError(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
+ }
+ function isNumber(inputValue) {
+ return !isNaN(parseFloat(inputValue)) && isFinite(inputValue);
+ }
+ function hash(hash) {
+ if (typeof hash !== 'function' || typeof hash.create !== 'function')
+ throw new Error('Hash should be wrapped by utils.wrapConstructor');
+ //ROHIT I put it inTry catch block because it was crashing the Transaction Signature
+ try {
+ isNumber(hash.outputLen);
+ isNumber(hash.blockLen);
+ } catch (error) {
+ return;
+ }
+ }
+
+ /* //ORIGINAL FUNCTION
+ function hash(hash) {
+ if (typeof hash !== 'function' || typeof hash.create !== 'function')
+ throw new Error('Hash should be wrapped by utils.wrapConstructor');
+
+ number(hash.outputLen);
+ number(hash.blockLen);
+
+ }*/
+
+ function exists(instance, checkFinished = true) {
+ if (instance.destroyed)
+ throw new Error('Hash instance has been destroyed');
+ if (checkFinished && instance.finished)
+ throw new Error('Hash#digest() has already been called');
+ }
+ function output(out, instance) {
+ bytes(out);
+ const min = instance.outputLen;
+ if (out.length < min) {
+ throw new Error(`digestInto() expects output buffer of length at least ${min}`);
+ }
+ }
+ const assert = {
+ number,
+ bool,
+ bytes,
+ hash,
+ exists,
+ output,
+ };
+
+ // prettier-ignore
+ const SIGMA$1 = new Uint8Array([
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
+ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
+ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
+ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
+ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
+ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
+ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
+ // For BLAKE2b, the two extra permutations for rounds 10 and 11 are SIGMA[10..11] = SIGMA[0..1].
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+ ]);
+ class BLAKE2 extends Hash {
+ constructor(blockLen, outputLen, opts = {}, keyLen, saltLen, persLen) {
+ super();
+ this.blockLen = blockLen;
+ this.outputLen = outputLen;
+ this.length = 0;
+ this.pos = 0;
+ this.finished = false;
+ this.destroyed = false;
+ assert.number(blockLen);
+ assert.number(outputLen);
+ assert.number(keyLen);
+ if (outputLen < 0 || outputLen > keyLen)
+ throw new Error('Blake2: outputLen bigger than keyLen');
+ if (opts.key !== undefined && (opts.key.length < 1 || opts.key.length > keyLen))
+ throw new Error(`Key should be up 1..${keyLen} byte long or undefined`);
+ if (opts.salt !== undefined && opts.salt.length !== saltLen)
+ throw new Error(`Salt should be ${saltLen} byte long or undefined`);
+ if (opts.personalization !== undefined && opts.personalization.length !== persLen)
+ throw new Error(`Personalization should be ${persLen} byte long or undefined`);
+ this.buffer32 = u32((this.buffer = new Uint8Array(blockLen)));
+ }
+ update(data) {
+ assert.exists(this);
+ // Main difference with other hashes: there is flag for last block,
+ // so we cannot process current block before we know that there
+ // is the next one. This significantly complicates logic and reduces ability
+ // to do zero-copy processing
+ const { blockLen, buffer, buffer32 } = this;
+ data = toBytes(data);
+ const len = data.length;
+ for (let pos = 0; pos < len;) {
+ // If buffer is full and we still have input (don't process last block, same as blake2s)
+ if (this.pos === blockLen) {
+ this.compress(buffer32, 0, false);
+ this.pos = 0;
+ }
+ const take = Math.min(blockLen - this.pos, len - pos);
+ const dataOffset = data.byteOffset + pos;
+ // full block && aligned to 4 bytes && not last in input
+ if (take === blockLen && !(dataOffset % 4) && pos + take < len) {
+ const data32 = new Uint32Array(data.buffer, dataOffset, Math.floor((len - pos) / 4));
+ for (let pos32 = 0; pos + blockLen < len; pos32 += buffer32.length, pos += blockLen) {
+ this.length += blockLen;
+ this.compress(data32, pos32, false);
+ }
+ continue;
+ }
+ buffer.set(data.subarray(pos, pos + take), this.pos);
+ this.pos += take;
+ this.length += take;
+ pos += take;
+ }
+ return this;
+ }
+ digestInto(out) {
+ assert.exists(this);
+ assert.output(out, this);
+ const { pos, buffer32 } = this;
+ this.finished = true;
+ // Padding
+ this.buffer.subarray(pos).fill(0);
+ this.compress(buffer32, 0, true);
+ const out32 = u32(out);
+ this.get().forEach((v, i) => (out32[i] = v));
+ }
+ digest() {
+ const { buffer, outputLen } = this;
+ this.digestInto(buffer);
+ const res = buffer.slice(0, outputLen);
+ this.destroy();
+ return res;
+ }
+ _cloneInto(to) {
+ const { buffer, length, finished, destroyed, outputLen, pos } = this;
+ to || (to = new this.constructor({ dkLen: outputLen }));
+ to.set(...this.get());
+ to.length = length;
+ to.finished = finished;
+ to.destroyed = destroyed;
+ to.outputLen = outputLen;
+ to.buffer.set(buffer);
+ to.pos = pos;
+ return to;
+ }
+ }
+
+ const U32_MASK64 = BigInt(2 ** 32 - 1);
+ const _32n = BigInt(32);
+ // We are not using BigUint64Array, because they are extremely slow as per 2022
+ function fromBig(n, le = false) {
+ if (le)
+ return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
+ return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+ }
+ function split(lst, le = false) {
+ let Ah = new Uint32Array(lst.length);
+ let Al = new Uint32Array(lst.length);
+ for (let i = 0; i < lst.length; i++) {
+ const { h, l } = fromBig(lst[i], le);
+ [Ah[i], Al[i]] = [h, l];
+ }
+ return [Ah, Al];
+ }
+ const toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);
+ // for Shift in [0, 32)
+ const shrSH = (h, l, s) => h >>> s;
+ const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
+ // Right rotate for Shift in [1, 32)
+ const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));
+ const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
+ // Right rotate for Shift in (32, 64), NOTE: 32 is special case.
+ const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));
+ const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));
+ // Right rotate for shift===32 (just swaps l&h)
+ const rotr32H = (h, l) => l;
+ const rotr32L = (h, l) => h;
+ // Left rotate for Shift in [1, 32)
+ const rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));
+ const rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));
+ // Left rotate for Shift in (32, 64), NOTE: 32 is special case.
+ const rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));
+ const rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));
+ // JS uses 32-bit signed integers for bitwise operations which means we cannot
+ // simple take carry out of low bit sum by shift, we need to use division.
+ // Removing "export" has 5% perf penalty -_-
+ function add(Ah, Al, Bh, Bl) {
+ const l = (Al >>> 0) + (Bl >>> 0);
+ return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };
+ }
+ // Addition with more than 2 elements
+ const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
+ const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;
+ const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
+ const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;
+ const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
+ const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;
+ // prettier-ignore
+ const u64 = {
+ fromBig, split, toBig,
+ shrSH, shrSL,
+ rotrSH, rotrSL, rotrBH, rotrBL,
+ rotr32H, rotr32L,
+ rotlSH, rotlSL, rotlBH, rotlBL,
+ add, add3L, add3H, add4L, add4H, add5H, add5L,
+ };
+
+ // Same as SHA-512 but LE
+ // prettier-ignore
+ const IV$2 = new Uint32Array([
+ 0xf3bcc908, 0x6a09e667, 0x84caa73b, 0xbb67ae85, 0xfe94f82b, 0x3c6ef372, 0x5f1d36f1, 0xa54ff53a,
+ 0xade682d1, 0x510e527f, 0x2b3e6c1f, 0x9b05688c, 0xfb41bd6b, 0x1f83d9ab, 0x137e2179, 0x5be0cd19
+ ]);
+ // Temporary buffer
+ const BUF$1 = new Uint32Array(32);
+ // Mixing function G splitted in two halfs
+ function G1$1(a, b, c, d, msg, x) {
+ // NOTE: V is LE here
+ const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
+ let Al = BUF$1[2 * a], Ah = BUF$1[2 * a + 1]; // prettier-ignore
+ let Bl = BUF$1[2 * b], Bh = BUF$1[2 * b + 1]; // prettier-ignore
+ let Cl = BUF$1[2 * c], Ch = BUF$1[2 * c + 1]; // prettier-ignore
+ let Dl = BUF$1[2 * d], Dh = BUF$1[2 * d + 1]; // prettier-ignore
+ // v[a] = (v[a] + v[b] + x) | 0;
+ let ll = u64.add3L(Al, Bl, Xl);
+ Ah = u64.add3H(ll, Ah, Bh, Xh);
+ Al = ll | 0;
+ // v[d] = rotr(v[d] ^ v[a], 32)
+ ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
+ ({ Dh, Dl } = { Dh: u64.rotr32H(Dh, Dl), Dl: u64.rotr32L(Dh, Dl) });
+ // v[c] = (v[c] + v[d]) | 0;
+ ({ h: Ch, l: Cl } = u64.add(Ch, Cl, Dh, Dl));
+ // v[b] = rotr(v[b] ^ v[c], 24)
+ ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
+ ({ Bh, Bl } = { Bh: u64.rotrSH(Bh, Bl, 24), Bl: u64.rotrSL(Bh, Bl, 24) });
+ (BUF$1[2 * a] = Al), (BUF$1[2 * a + 1] = Ah);
+ (BUF$1[2 * b] = Bl), (BUF$1[2 * b + 1] = Bh);
+ (BUF$1[2 * c] = Cl), (BUF$1[2 * c + 1] = Ch);
+ (BUF$1[2 * d] = Dl), (BUF$1[2 * d + 1] = Dh);
+ }
+ function G2$1(a, b, c, d, msg, x) {
+ // NOTE: V is LE here
+ const Xl = msg[x], Xh = msg[x + 1]; // prettier-ignore
+ let Al = BUF$1[2 * a], Ah = BUF$1[2 * a + 1]; // prettier-ignore
+ let Bl = BUF$1[2 * b], Bh = BUF$1[2 * b + 1]; // prettier-ignore
+ let Cl = BUF$1[2 * c], Ch = BUF$1[2 * c + 1]; // prettier-ignore
+ let Dl = BUF$1[2 * d], Dh = BUF$1[2 * d + 1]; // prettier-ignore
+ // v[a] = (v[a] + v[b] + x) | 0;
+ let ll = u64.add3L(Al, Bl, Xl);
+ Ah = u64.add3H(ll, Ah, Bh, Xh);
+ Al = ll | 0;
+ // v[d] = rotr(v[d] ^ v[a], 16)
+ ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
+ ({ Dh, Dl } = { Dh: u64.rotrSH(Dh, Dl, 16), Dl: u64.rotrSL(Dh, Dl, 16) });
+ // v[c] = (v[c] + v[d]) | 0;
+ ({ h: Ch, l: Cl } = u64.add(Ch, Cl, Dh, Dl));
+ // v[b] = rotr(v[b] ^ v[c], 63)
+ ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
+ ({ Bh, Bl } = { Bh: u64.rotrBH(Bh, Bl, 63), Bl: u64.rotrBL(Bh, Bl, 63) });
+ (BUF$1[2 * a] = Al), (BUF$1[2 * a + 1] = Ah);
+ (BUF$1[2 * b] = Bl), (BUF$1[2 * b + 1] = Bh);
+ (BUF$1[2 * c] = Cl), (BUF$1[2 * c + 1] = Ch);
+ (BUF$1[2 * d] = Dl), (BUF$1[2 * d + 1] = Dh);
+ }
+ class BLAKE2b extends BLAKE2 {
+ constructor(opts = {}) {
+ super(128, opts.dkLen === undefined ? 64 : opts.dkLen, opts, 64, 16, 16);
+ // Same as SHA-512, but LE
+ this.v0l = IV$2[0] | 0;
+ this.v0h = IV$2[1] | 0;
+ this.v1l = IV$2[2] | 0;
+ this.v1h = IV$2[3] | 0;
+ this.v2l = IV$2[4] | 0;
+ this.v2h = IV$2[5] | 0;
+ this.v3l = IV$2[6] | 0;
+ this.v3h = IV$2[7] | 0;
+ this.v4l = IV$2[8] | 0;
+ this.v4h = IV$2[9] | 0;
+ this.v5l = IV$2[10] | 0;
+ this.v5h = IV$2[11] | 0;
+ this.v6l = IV$2[12] | 0;
+ this.v6h = IV$2[13] | 0;
+ this.v7l = IV$2[14] | 0;
+ this.v7h = IV$2[15] | 0;
+ const keyLength = opts.key ? opts.key.length : 0;
+ this.v0l ^= this.outputLen | (keyLength << 8) | (0x01 << 16) | (0x01 << 24);
+ if (opts.salt) {
+ const salt = u32(toBytes(opts.salt));
+ this.v4l ^= salt[0];
+ this.v4h ^= salt[1];
+ this.v5l ^= salt[2];
+ this.v5h ^= salt[3];
+ }
+ if (opts.personalization) {
+ const pers = u32(toBytes(opts.personalization));
+ this.v6l ^= pers[0];
+ this.v6h ^= pers[1];
+ this.v7l ^= pers[2];
+ this.v7h ^= pers[3];
+ }
+ if (opts.key) {
+ // Pad to blockLen and update
+ const tmp = new Uint8Array(this.blockLen);
+ tmp.set(toBytes(opts.key));
+ this.update(tmp);
+ }
+ }
+ // prettier-ignore
+ get() {
+ let { v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h } = this;
+ return [v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h];
+ }
+ // prettier-ignore
+ set(v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h) {
+ this.v0l = v0l | 0;
+ this.v0h = v0h | 0;
+ this.v1l = v1l | 0;
+ this.v1h = v1h | 0;
+ this.v2l = v2l | 0;
+ this.v2h = v2h | 0;
+ this.v3l = v3l | 0;
+ this.v3h = v3h | 0;
+ this.v4l = v4l | 0;
+ this.v4h = v4h | 0;
+ this.v5l = v5l | 0;
+ this.v5h = v5h | 0;
+ this.v6l = v6l | 0;
+ this.v6h = v6h | 0;
+ this.v7l = v7l | 0;
+ this.v7h = v7h | 0;
+ }
+ compress(msg, offset, isLast) {
+ this.get().forEach((v, i) => (BUF$1[i] = v)); // First half from state.
+ BUF$1.set(IV$2, 16); // Second half from IV.
+ let { h, l } = u64.fromBig(BigInt(this.length));
+ BUF$1[24] = IV$2[8] ^ l; // Low word of the offset.
+ BUF$1[25] = IV$2[9] ^ h; // High word.
+ // Invert all bits for last block
+ if (isLast) {
+ BUF$1[28] = ~BUF$1[28];
+ BUF$1[29] = ~BUF$1[29];
+ }
+ let j = 0;
+ const s = SIGMA$1;
+ for (let i = 0; i < 12; i++) {
+ G1$1(0, 4, 8, 12, msg, offset + 2 * s[j++]);
+ G2$1(0, 4, 8, 12, msg, offset + 2 * s[j++]);
+ G1$1(1, 5, 9, 13, msg, offset + 2 * s[j++]);
+ G2$1(1, 5, 9, 13, msg, offset + 2 * s[j++]);
+ G1$1(2, 6, 10, 14, msg, offset + 2 * s[j++]);
+ G2$1(2, 6, 10, 14, msg, offset + 2 * s[j++]);
+ G1$1(3, 7, 11, 15, msg, offset + 2 * s[j++]);
+ G2$1(3, 7, 11, 15, msg, offset + 2 * s[j++]);
+ G1$1(0, 5, 10, 15, msg, offset + 2 * s[j++]);
+ G2$1(0, 5, 10, 15, msg, offset + 2 * s[j++]);
+ G1$1(1, 6, 11, 12, msg, offset + 2 * s[j++]);
+ G2$1(1, 6, 11, 12, msg, offset + 2 * s[j++]);
+ G1$1(2, 7, 8, 13, msg, offset + 2 * s[j++]);
+ G2$1(2, 7, 8, 13, msg, offset + 2 * s[j++]);
+ G1$1(3, 4, 9, 14, msg, offset + 2 * s[j++]);
+ G2$1(3, 4, 9, 14, msg, offset + 2 * s[j++]);
+ }
+ this.v0l ^= BUF$1[0] ^ BUF$1[16];
+ this.v0h ^= BUF$1[1] ^ BUF$1[17];
+ this.v1l ^= BUF$1[2] ^ BUF$1[18];
+ this.v1h ^= BUF$1[3] ^ BUF$1[19];
+ this.v2l ^= BUF$1[4] ^ BUF$1[20];
+ this.v2h ^= BUF$1[5] ^ BUF$1[21];
+ this.v3l ^= BUF$1[6] ^ BUF$1[22];
+ this.v3h ^= BUF$1[7] ^ BUF$1[23];
+ this.v4l ^= BUF$1[8] ^ BUF$1[24];
+ this.v4h ^= BUF$1[9] ^ BUF$1[25];
+ this.v5l ^= BUF$1[10] ^ BUF$1[26];
+ this.v5h ^= BUF$1[11] ^ BUF$1[27];
+ this.v6l ^= BUF$1[12] ^ BUF$1[28];
+ this.v6h ^= BUF$1[13] ^ BUF$1[29];
+ this.v7l ^= BUF$1[14] ^ BUF$1[30];
+ this.v7h ^= BUF$1[15] ^ BUF$1[31];
+ BUF$1.fill(0);
+ }
+ destroy() {
+ this.destroyed = true;
+ this.buffer32.fill(0);
+ this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ }
+ }
+ /**
+ * BLAKE2b - optimized for 64-bit platforms. JS doesn't have uint64, so it's slower than BLAKE2s.
+ * @param msg - message that would be hashed
+ * @param opts - dkLen, key, salt, personalization
+ */
+ const blake2b = wrapConstructorWithOpts((opts) => new BLAKE2b(opts));
+
+ // Initial state:
+ // first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19)
+ // same as SHA-256
+ // prettier-ignore
+ const IV$1 = new Uint32Array([
+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+ ]);
+ // Mixing function G splitted in two halfs
+ function G1(a, b, c, d, x) {
+ a = (a + b + x) | 0;
+ d = rotr(d ^ a, 16);
+ c = (c + d) | 0;
+ b = rotr(b ^ c, 12);
+ return { a, b, c, d };
+ }
+ function G2(a, b, c, d, x) {
+ a = (a + b + x) | 0;
+ d = rotr(d ^ a, 8);
+ c = (c + d) | 0;
+ b = rotr(b ^ c, 7);
+ return { a, b, c, d };
+ }
+ // prettier-ignore
+ function compress(s, offset, msg, rounds, v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15) {
+ let j = 0;
+ for (let i = 0; i < rounds; i++) {
+ ({ a: v0, b: v4, c: v8, d: v12 } = G1(v0, v4, v8, v12, msg[offset + s[j++]]));
+ ({ a: v0, b: v4, c: v8, d: v12 } = G2(v0, v4, v8, v12, msg[offset + s[j++]]));
+ ({ a: v1, b: v5, c: v9, d: v13 } = G1(v1, v5, v9, v13, msg[offset + s[j++]]));
+ ({ a: v1, b: v5, c: v9, d: v13 } = G2(v1, v5, v9, v13, msg[offset + s[j++]]));
+ ({ a: v2, b: v6, c: v10, d: v14 } = G1(v2, v6, v10, v14, msg[offset + s[j++]]));
+ ({ a: v2, b: v6, c: v10, d: v14 } = G2(v2, v6, v10, v14, msg[offset + s[j++]]));
+ ({ a: v3, b: v7, c: v11, d: v15 } = G1(v3, v7, v11, v15, msg[offset + s[j++]]));
+ ({ a: v3, b: v7, c: v11, d: v15 } = G2(v3, v7, v11, v15, msg[offset + s[j++]]));
+ ({ a: v0, b: v5, c: v10, d: v15 } = G1(v0, v5, v10, v15, msg[offset + s[j++]]));
+ ({ a: v0, b: v5, c: v10, d: v15 } = G2(v0, v5, v10, v15, msg[offset + s[j++]]));
+ ({ a: v1, b: v6, c: v11, d: v12 } = G1(v1, v6, v11, v12, msg[offset + s[j++]]));
+ ({ a: v1, b: v6, c: v11, d: v12 } = G2(v1, v6, v11, v12, msg[offset + s[j++]]));
+ ({ a: v2, b: v7, c: v8, d: v13 } = G1(v2, v7, v8, v13, msg[offset + s[j++]]));
+ ({ a: v2, b: v7, c: v8, d: v13 } = G2(v2, v7, v8, v13, msg[offset + s[j++]]));
+ ({ a: v3, b: v4, c: v9, d: v14 } = G1(v3, v4, v9, v14, msg[offset + s[j++]]));
+ ({ a: v3, b: v4, c: v9, d: v14 } = G2(v3, v4, v9, v14, msg[offset + s[j++]]));
+ }
+ return { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 };
+ }
+ class BLAKE2s extends BLAKE2 {
+ constructor(opts = {}) {
+ super(64, opts.dkLen === undefined ? 32 : opts.dkLen, opts, 32, 8, 8);
+ // Internal state, same as SHA-256
+ this.v0 = IV$1[0] | 0;
+ this.v1 = IV$1[1] | 0;
+ this.v2 = IV$1[2] | 0;
+ this.v3 = IV$1[3] | 0;
+ this.v4 = IV$1[4] | 0;
+ this.v5 = IV$1[5] | 0;
+ this.v6 = IV$1[6] | 0;
+ this.v7 = IV$1[7] | 0;
+ const keyLength = opts.key ? opts.key.length : 0;
+ this.v0 ^= this.outputLen | (keyLength << 8) | (0x01 << 16) | (0x01 << 24);
+ if (opts.salt) {
+ const salt = u32(toBytes(opts.salt));
+ this.v4 ^= salt[0];
+ this.v5 ^= salt[1];
+ }
+ if (opts.personalization) {
+ const pers = u32(toBytes(opts.personalization));
+ this.v6 ^= pers[0];
+ this.v7 ^= pers[1];
+ }
+ if (opts.key) {
+ // Pad to blockLen and update
+ const tmp = new Uint8Array(this.blockLen);
+ tmp.set(toBytes(opts.key));
+ this.update(tmp);
+ }
+ }
+ get() {
+ const { v0, v1, v2, v3, v4, v5, v6, v7 } = this;
+ return [v0, v1, v2, v3, v4, v5, v6, v7];
+ }
+ // prettier-ignore
+ set(v0, v1, v2, v3, v4, v5, v6, v7) {
+ this.v0 = v0 | 0;
+ this.v1 = v1 | 0;
+ this.v2 = v2 | 0;
+ this.v3 = v3 | 0;
+ this.v4 = v4 | 0;
+ this.v5 = v5 | 0;
+ this.v6 = v6 | 0;
+ this.v7 = v7 | 0;
+ }
+ compress(msg, offset, isLast) {
+ const { h, l } = u64.fromBig(BigInt(this.length));
+ // prettier-ignore
+ const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA$1, offset, msg, 10, this.v0, this.v1, this.v2, this.v3, this.v4, this.v5, this.v6, this.v7, IV$1[0], IV$1[1], IV$1[2], IV$1[3], l ^ IV$1[4], h ^ IV$1[5], isLast ? ~IV$1[6] : IV$1[6], IV$1[7]);
+ this.v0 ^= v0 ^ v8;
+ this.v1 ^= v1 ^ v9;
+ this.v2 ^= v2 ^ v10;
+ this.v3 ^= v3 ^ v11;
+ this.v4 ^= v4 ^ v12;
+ this.v5 ^= v5 ^ v13;
+ this.v6 ^= v6 ^ v14;
+ this.v7 ^= v7 ^ v15;
+ }
+ destroy() {
+ this.destroyed = true;
+ this.buffer32.fill(0);
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
+ }
+ }
+ /**
+ * BLAKE2s - optimized for 32-bit platforms. JS doesn't have uint64, so it's faster than BLAKE2b.
+ * @param msg - message that would be hashed
+ * @param opts - dkLen, key, salt, personalization
+ */
+ const blake2s = wrapConstructorWithOpts((opts) => new BLAKE2s(opts));
+
+ // Flag bitset
+ var Flags;
+ (function (Flags) {
+ Flags[Flags["CHUNK_START"] = 1] = "CHUNK_START";
+ Flags[Flags["CHUNK_END"] = 2] = "CHUNK_END";
+ Flags[Flags["PARENT"] = 4] = "PARENT";
+ Flags[Flags["ROOT"] = 8] = "ROOT";
+ Flags[Flags["KEYED_HASH"] = 16] = "KEYED_HASH";
+ Flags[Flags["DERIVE_KEY_CONTEXT"] = 32] = "DERIVE_KEY_CONTEXT";
+ Flags[Flags["DERIVE_KEY_MATERIAL"] = 64] = "DERIVE_KEY_MATERIAL";
+ })(Flags || (Flags = {}));
+ const SIGMA = (() => {
+ const Id = Array.from({ length: 16 }, (_, i) => i);
+ const permute = (arr) => [2, 6, 3, 10, 7, 0, 4, 13, 1, 11, 12, 5, 9, 14, 15, 8].map((i) => arr[i]);
+ const res = [];
+ for (let i = 0, v = Id; i < 7; i++, v = permute(v))
+ res.push(...v);
+ return Uint8Array.from(res);
+ })();
+ // Why is this so slow? It should be 6x faster than blake2b.
+ // - There is only 30% reduction in number of rounds from blake2s
+ // - This function uses tree mode to achive parallelisation via SIMD and threading,
+ // however in JS we don't have threads and SIMD, so we get only overhead from tree structure
+ // - It is possible to speed it up via Web Workers, hovewer it will make code singnificantly more
+ // complicated, which we are trying to avoid, since this library is intended to be used
+ // for cryptographic purposes. Also, parallelization happens only on chunk level (1024 bytes),
+ // which won't really benefit small inputs.
+ class BLAKE3 extends BLAKE2 {
+ constructor(opts = {}, flags = 0) {
+ super(64, opts.dkLen === undefined ? 32 : opts.dkLen, {}, Number.MAX_SAFE_INTEGER, 0, 0);
+ this.flags = 0 | 0;
+ this.chunkPos = 0; // Position of current block in chunk
+ this.chunksDone = 0; // How many chunks we already have
+ this.stack = [];
+ // Output
+ this.posOut = 0;
+ this.bufferOut32 = new Uint32Array(16);
+ this.chunkOut = 0; // index of output chunk
+ this.enableXOF = true;
+ this.outputLen = opts.dkLen === undefined ? 32 : opts.dkLen;
+ assert.number(this.outputLen);
+ if (opts.key !== undefined && opts.context !== undefined)
+ throw new Error('Blake3: only key or context can be specified at same time');
+ else if (opts.key !== undefined) {
+ const key = toBytes(opts.key);
+ if (key.length !== 32)
+ throw new Error('Blake3: key should be 32 byte');
+ this.IV = u32(key);
+ this.flags = flags | Flags.KEYED_HASH;
+ }
+ else if (opts.context !== undefined) {
+ const context_key = new BLAKE3({ dkLen: 32 }, Flags.DERIVE_KEY_CONTEXT)
+ .update(opts.context)
+ .digest();
+ this.IV = u32(context_key);
+ this.flags = flags | Flags.DERIVE_KEY_MATERIAL;
+ }
+ else {
+ this.IV = IV$1.slice();
+ this.flags = flags;
+ }
+ this.state = this.IV.slice();
+ this.bufferOut = u8(this.bufferOut32);
+ }
+ // Unused
+ get() {
+ return [];
+ }
+ set() { }
+ b2Compress(counter, flags, buf, bufPos = 0) {
+ const { state: s, pos } = this;
+ const { h, l } = u64.fromBig(BigInt(counter), true);
+ // prettier-ignore
+ const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, bufPos, buf, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], IV$1[0], IV$1[1], IV$1[2], IV$1[3], h, l, pos, flags);
+ s[0] = v0 ^ v8;
+ s[1] = v1 ^ v9;
+ s[2] = v2 ^ v10;
+ s[3] = v3 ^ v11;
+ s[4] = v4 ^ v12;
+ s[5] = v5 ^ v13;
+ s[6] = v6 ^ v14;
+ s[7] = v7 ^ v15;
+ }
+ compress(buf, bufPos = 0, isLast = false) {
+ // Compress last block
+ let flags = this.flags;
+ if (!this.chunkPos)
+ flags |= Flags.CHUNK_START;
+ if (this.chunkPos === 15 || isLast)
+ flags |= Flags.CHUNK_END;
+ if (!isLast)
+ this.pos = this.blockLen;
+ this.b2Compress(this.chunksDone, flags, buf, bufPos);
+ this.chunkPos += 1;
+ // If current block is last in chunk (16 blocks), then compress chunks
+ if (this.chunkPos === 16 || isLast) {
+ let chunk = this.state;
+ this.state = this.IV.slice();
+ // If not the last one, compress only when there are trailing zeros in chunk counter
+ // chunks used as binary tree where current stack is path. Zero means current leaf is finished and can be compressed.
+ // 1 (001) - leaf not finished (just push current chunk to stack)
+ // 2 (010) - leaf finished at depth=1 (merge with last elm on stack and push back)
+ // 3 (011) - last leaf not finished
+ // 4 (100) - leafs finished at depth=1 and depth=2
+ for (let last, chunks = this.chunksDone + 1; isLast || !(chunks & 1); chunks >>= 1) {
+ if (!(last = this.stack.pop()))
+ break;
+ this.buffer32.set(last, 0);
+ this.buffer32.set(chunk, 8);
+ this.pos = this.blockLen;
+ this.b2Compress(0, this.flags | Flags.PARENT, this.buffer32, 0);
+ chunk = this.state;
+ this.state = this.IV.slice();
+ }
+ this.chunksDone++;
+ this.chunkPos = 0;
+ this.stack.push(chunk);
+ }
+ this.pos = 0;
+ }
+ _cloneInto(to) {
+ to = super._cloneInto(to);
+ const { IV, flags, state, chunkPos, posOut, chunkOut, stack, chunksDone } = this;
+ to.state.set(state.slice());
+ to.stack = stack.map((i) => Uint32Array.from(i));
+ to.IV.set(IV);
+ to.flags = flags;
+ to.chunkPos = chunkPos;
+ to.chunksDone = chunksDone;
+ to.posOut = posOut;
+ to.chunkOut = chunkOut;
+ to.enableXOF = this.enableXOF;
+ to.bufferOut32.set(this.bufferOut32);
+ return to;
+ }
+ destroy() {
+ this.destroyed = true;
+ this.state.fill(0);
+ this.buffer32.fill(0);
+ this.IV.fill(0);
+ this.bufferOut32.fill(0);
+ for (let i of this.stack)
+ i.fill(0);
+ }
+ // Same as b2Compress, but doesn't modify state and returns 16 u32 array (instead of 8)
+ b2CompressOut() {
+ const { state: s, pos, flags, buffer32, bufferOut32: out32 } = this;
+ const { h, l } = u64.fromBig(BigInt(this.chunkOut++));
+ // prettier-ignore
+ const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(SIGMA, 0, buffer32, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], IV$1[0], IV$1[1], IV$1[2], IV$1[3], l, h, pos, flags);
+ out32[0] = v0 ^ v8;
+ out32[1] = v1 ^ v9;
+ out32[2] = v2 ^ v10;
+ out32[3] = v3 ^ v11;
+ out32[4] = v4 ^ v12;
+ out32[5] = v5 ^ v13;
+ out32[6] = v6 ^ v14;
+ out32[7] = v7 ^ v15;
+ out32[8] = s[0] ^ v8;
+ out32[9] = s[1] ^ v9;
+ out32[10] = s[2] ^ v10;
+ out32[11] = s[3] ^ v11;
+ out32[12] = s[4] ^ v12;
+ out32[13] = s[5] ^ v13;
+ out32[14] = s[6] ^ v14;
+ out32[15] = s[7] ^ v15;
+ this.posOut = 0;
+ }
+ finish() {
+ if (this.finished)
+ return;
+ this.finished = true;
+ // Padding
+ this.buffer.fill(0, this.pos);
+ // Process last chunk
+ let flags = this.flags | Flags.ROOT;
+ if (this.stack.length) {
+ flags |= Flags.PARENT;
+ this.compress(this.buffer32, 0, true);
+ this.chunksDone = 0;
+ this.pos = this.blockLen;
+ }
+ else {
+ flags |= (!this.chunkPos ? Flags.CHUNK_START : 0) | Flags.CHUNK_END;
+ }
+ this.flags = flags;
+ this.b2CompressOut();
+ }
+ writeInto(out) {
+ assert.exists(this, false);
+ assert.bytes(out);
+ this.finish();
+ const { blockLen, bufferOut } = this;
+ for (let pos = 0, len = out.length; pos < len;) {
+ if (this.posOut >= blockLen)
+ this.b2CompressOut();
+ const take = Math.min(blockLen - this.posOut, len - pos);
+ out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+ this.posOut += take;
+ pos += take;
+ }
+ return out;
+ }
+ xofInto(out) {
+ if (!this.enableXOF)
+ throw new Error('XOF is not possible after digest call');
+ return this.writeInto(out);
+ }
+ xof(bytes) {
+ assert.number(bytes);
+ return this.xofInto(new Uint8Array(bytes));
+ }
+ digestInto(out) {
+ assert.output(out, this);
+ if (this.finished)
+ throw new Error('digest() was already called');
+ this.enableXOF = false;
+ this.writeInto(out);
+ this.destroy();
+ return out;
+ }
+ digest() {
+ return this.digestInto(new Uint8Array(this.outputLen));
+ }
+ }
+ /**
+ * BLAKE3 hash function.
+ * @param msg - message that would be hashed
+ * @param opts - dkLen, key, context
+ */
+ const blake3 = wrapConstructorWithOpts((opts) => new BLAKE3(opts));
+
+ // HMAC (RFC 2104)
+ class HMAC extends Hash {
+ constructor(hash, _key) {
+ super();
+ this.finished = false;
+ this.destroyed = false;
+ assert.hash(hash);
+ const key = toBytes(_key);
+ this.iHash = hash.create();
+ if (typeof this.iHash.update !== 'function')
+ throw new TypeError('Expected instance of class which extends utils.Hash');
+ this.blockLen = this.iHash.blockLen;
+ this.outputLen = this.iHash.outputLen;
+ const blockLen = this.blockLen;
+ const pad = new Uint8Array(blockLen);
+ // blockLen can be bigger than outputLen
+ pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
+ for (let i = 0; i < pad.length; i++)
+ pad[i] ^= 0x36;
+ this.iHash.update(pad);
+ // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone
+ this.oHash = hash.create();
+ // Undo internal XOR && apply outer XOR
+ for (let i = 0; i < pad.length; i++)
+ pad[i] ^= 0x36 ^ 0x5c;
+ this.oHash.update(pad);
+ pad.fill(0);
+ }
+ update(buf) {
+ assert.exists(this);
+ this.iHash.update(buf);
+ return this;
+ }
+ digestInto(out) {
+ assert.exists(this);
+ assert.bytes(out, this.outputLen);
+ this.finished = true;
+ this.iHash.digestInto(out);
+ this.oHash.update(out);
+ this.oHash.digestInto(out);
+ this.destroy();
+ }
+ digest() {
+ const out = new Uint8Array(this.oHash.outputLen);
+ this.digestInto(out);
+ return out;
+ }
+ _cloneInto(to) {
+ // Create new instance without calling constructor since key already in state and we don't know it.
+ to || (to = Object.create(Object.getPrototypeOf(this), {}));
+ const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
+ to = to;
+ to.finished = finished;
+ to.destroyed = destroyed;
+ to.blockLen = blockLen;
+ to.outputLen = outputLen;
+ to.oHash = oHash._cloneInto(to.oHash);
+ to.iHash = iHash._cloneInto(to.iHash);
+ return to;
+ }
+ destroy() {
+ this.destroyed = true;
+ this.oHash.destroy();
+ this.iHash.destroy();
+ }
+ }
+ /**
+ * HMAC: RFC2104 message authentication code.
+ * @param hash - function that would be used e.g. sha256
+ * @param key - message key
+ * @param message - message data
+ */
+ const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
+ hmac.create = (hash, key) => new HMAC(hash, key);
+
+ // HKDF (RFC 5869)
+ // https://soatok.blog/2021/11/17/understanding-hkdf/
+ /**
+ * HKDF-Extract(IKM, salt) -> PRK
+ * Arguments position differs from spec (IKM is first one, since it is not optional)
+ * @param hash
+ * @param ikm
+ * @param salt
+ * @returns
+ */
+ function extract(hash, ikm, salt) {
+ assert.hash(hash);
+ // NOTE: some libraries treat zero-length array as 'not provided';
+ // we don't, since we have undefined as 'not provided'
+ // https://github.com/RustCrypto/KDFs/issues/15
+ if (salt === undefined)
+ salt = new Uint8Array(hash.outputLen); // if not provided, it is set to a string of HashLen zeros
+ return hmac(hash, toBytes(salt), toBytes(ikm));
+ }
+ // HKDF-Expand(PRK, info, L) -> OKM
+ const HKDF_COUNTER = new Uint8Array([0]);
+ const EMPTY_BUFFER = new Uint8Array();
+ /**
+ * HKDF-expand from the spec.
+ * @param prk - a pseudorandom key of at least HashLen octets (usually, the output from the extract step)
+ * @param info - optional context and application specific information (can be a zero-length string)
+ * @param length - length of output keying material in octets
+ */
+ function expand(hash, prk, info, length = 32) {
+ assert.hash(hash);
+ assert.number(length);
+ if (length > 255 * hash.outputLen)
+ throw new Error('Length should be <= 255*HashLen');
+ const blocks = Math.ceil(length / hash.outputLen);
+ if (info === undefined)
+ info = EMPTY_BUFFER;
+ // first L(ength) octets of T
+ const okm = new Uint8Array(blocks * hash.outputLen);
+ // Re-use HMAC instance between blocks
+ const HMAC = hmac.create(hash, prk);
+ const HMACTmp = HMAC._cloneInto();
+ const T = new Uint8Array(HMAC.outputLen);
+ for (let counter = 0; counter < blocks; counter++) {
+ HKDF_COUNTER[0] = counter + 1;
+ // T(0) = empty string (zero length)
+ // T(N) = HMAC-Hash(PRK, T(N-1) | info | N)
+ HMACTmp.update(counter === 0 ? EMPTY_BUFFER : T)
+ .update(info)
+ .update(HKDF_COUNTER)
+ .digestInto(T);
+ okm.set(T, hash.outputLen * counter);
+ HMAC._cloneInto(HMACTmp);
+ }
+ HMAC.destroy();
+ HMACTmp.destroy();
+ T.fill(0);
+ HKDF_COUNTER.fill(0);
+ return okm.slice(0, length);
+ }
+ /**
+ * HKDF (RFC 5869): extract + expand in one step.
+ * @param hash - hash function that would be used (e.g. sha256)
+ * @param ikm - input keying material, the initial key
+ * @param salt - optional salt value (a non-secret random value)
+ * @param info - optional context and application specific information
+ * @param length - length of output keying material in octets
+ */
+ const hkdf = (hash, ikm, salt, info, length) => expand(hash, extract(hash, ikm, salt), info, length);
+
+ // Common prologue and epilogue for sync/async functions
+ function pbkdf2Init(hash, _password, _salt, _opts) {
+ assert.hash(hash);
+ const opts = checkOpts({ dkLen: 32, asyncTick: 10 }, _opts);
+ const { c, dkLen, asyncTick } = opts;
+ assert.number(c);
+ assert.number(dkLen);
+ assert.number(asyncTick);
+ if (c < 1)
+ throw new Error('PBKDF2: iterations (c) should be >= 1');
+ const password = toBytes(_password);
+ const salt = toBytes(_salt);
+ // DK = PBKDF2(PRF, Password, Salt, c, dkLen);
+ const DK = new Uint8Array(dkLen);
+ // U1 = PRF(Password, Salt + INT_32_BE(i))
+ const PRF = hmac.create(hash, password);
+ const PRFSalt = PRF._cloneInto().update(salt);
+ return { c, dkLen, asyncTick, DK, PRF, PRFSalt };
+ }
+ function pbkdf2Output(PRF, PRFSalt, DK, prfW, u) {
+ PRF.destroy();
+ PRFSalt.destroy();
+ if (prfW)
+ prfW.destroy();
+ u.fill(0);
+ return DK;
+ }
+ /**
+ * PBKDF2-HMAC: RFC 2898 key derivation function
+ * @param hash - hash function that would be used e.g. sha256
+ * @param password - password from which a derived key is generated
+ * @param salt - cryptographic salt
+ * @param opts - {c, dkLen} where c is work factor and dkLen is output message size
+ */
+ function pbkdf2$1(hash, password, salt, opts) {
+ const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
+ let prfW; // Working copy
+ const arr = new Uint8Array(4);
+ const view = createView(arr);
+ const u = new Uint8Array(PRF.outputLen);
+ // DK = T1 + T2 + ⋯ + Tdklen/hlen
+ for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
+ // Ti = F(Password, Salt, c, i)
+ const Ti = DK.subarray(pos, pos + PRF.outputLen);
+ view.setInt32(0, ti, false);
+ // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
+ // U1 = PRF(Password, Salt + INT_32_BE(i))
+ (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
+ Ti.set(u.subarray(0, Ti.length));
+ for (let ui = 1; ui < c; ui++) {
+ // Uc = PRF(Password, Uc−1)
+ PRF._cloneInto(prfW).update(u).digestInto(u);
+ for (let i = 0; i < Ti.length; i++)
+ Ti[i] ^= u[i];
+ }
+ }
+ return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
+ }
+ async function pbkdf2Async(hash, password, salt, opts) {
+ const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
+ let prfW; // Working copy
+ const arr = new Uint8Array(4);
+ const view = createView(arr);
+ const u = new Uint8Array(PRF.outputLen);
+ // DK = T1 + T2 + ⋯ + Tdklen/hlen
+ for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
+ // Ti = F(Password, Salt, c, i)
+ const Ti = DK.subarray(pos, pos + PRF.outputLen);
+ view.setInt32(0, ti, false);
+ // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
+ // U1 = PRF(Password, Salt + INT_32_BE(i))
+ (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
+ Ti.set(u.subarray(0, Ti.length));
+ await asyncLoop(c - 1, asyncTick, (i) => {
+ // Uc = PRF(Password, Uc−1)
+ PRF._cloneInto(prfW).update(u).digestInto(u);
+ for (let i = 0; i < Ti.length; i++)
+ Ti[i] ^= u[i];
+ });
+ }
+ return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
+ }
+
+ // Polyfill for Safari 14
+ function setBigUint64(view, byteOffset, value, isLE) {
+ if (typeof view.setBigUint64 === 'function')
+ return view.setBigUint64(byteOffset, value, isLE);
+ const _32n = BigInt(32);
+ const _u32_max = BigInt(0xffffffff);
+ const wh = Number((value >> _32n) & _u32_max);
+ const wl = Number(value & _u32_max);
+ const h = isLE ? 4 : 0;
+ const l = isLE ? 0 : 4;
+ view.setUint32(byteOffset + h, wh, isLE);
+ view.setUint32(byteOffset + l, wl, isLE);
+ }
+ // Base SHA2 class (RFC 6234)
+ class SHA2 extends Hash {
+ constructor(blockLen, outputLen, padOffset, isLE) {
+ super();
+ this.blockLen = blockLen;
+ this.outputLen = outputLen;
+ this.padOffset = padOffset;
+ this.isLE = isLE;
+ this.finished = false;
+ this.length = 0;
+ this.pos = 0;
+ this.destroyed = false;
+ this.buffer = new Uint8Array(blockLen);
+ this.view = createView(this.buffer);
+ }
+ update(data) {
+ assert.exists(this);
+ const { view, buffer, blockLen } = this;
+ data = toBytes(data);
+ const len = data.length;
+ for (let pos = 0; pos < len;) {
+ const take = Math.min(blockLen - this.pos, len - pos);
+ // Fast path: we have at least one block in input, cast it to view and process
+ if (take === blockLen) {
+ const dataView = createView(data);
+ for (; blockLen <= len - pos; pos += blockLen)
+ this.process(dataView, pos);
+ continue;
+ }
+ buffer.set(data.subarray(pos, pos + take), this.pos);
+ this.pos += take;
+ pos += take;
+ if (this.pos === blockLen) {
+ this.process(view, 0);
+ this.pos = 0;
+ }
+ }
+ this.length += data.length;
+ this.roundClean();
+ return this;
+ }
+ digestInto(out) {
+ assert.exists(this);
+ assert.output(out, this);
+ this.finished = true;
+ // Padding
+ // We can avoid allocation of buffer for padding completely if it
+ // was previously not allocated here. But it won't change performance.
+ const { buffer, view, blockLen, isLE } = this;
+ let { pos } = this;
+ // append the bit '1' to the message
+ buffer[pos++] = 0b10000000;
+ this.buffer.subarray(pos).fill(0);
+ // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
+ if (this.padOffset > blockLen - pos) {
+ this.process(view, 0);
+ pos = 0;
+ }
+ // Pad until full block byte with zeros
+ for (let i = pos; i < blockLen; i++)
+ buffer[i] = 0;
+ // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
+ // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
+ // So we just write lowest 64 bits of that value.
+ setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
+ this.process(view, 0);
+ const oview = createView(out);
+ this.get().forEach((v, i) => oview.setUint32(4 * i, v, isLE));
+ }
+ digest() {
+ const { buffer, outputLen } = this;
+ this.digestInto(buffer);
+ const res = buffer.slice(0, outputLen);
+ this.destroy();
+ return res;
+ }
+ _cloneInto(to) {
+ to || (to = new this.constructor());
+ to.set(...this.get());
+ const { blockLen, buffer, length, finished, destroyed, pos } = this;
+ to.length = length;
+ to.pos = pos;
+ to.finished = finished;
+ to.destroyed = destroyed;
+ if (length % blockLen)
+ to.buffer.set(buffer);
+ return to;
+ }
+ }
+
+ // https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
+ // https://homes.esat.kuleuven.be/~bosselae/ripemd160/pdf/AB-9601/AB-9601.pdf
+ const Rho = new Uint8Array([7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8]);
+ const Id = Uint8Array.from({ length: 16 }, (_, i) => i);
+ const Pi = Id.map((i) => (9 * i + 5) % 16);
+ let idxL = [Id];
+ let idxR = [Pi];
+ for (let i = 0; i < 4; i++)
+ for (let j of [idxL, idxR])
+ j.push(j[i].map((k) => Rho[k]));
+ const shifts = [
+ [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],
+ [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],
+ [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],
+ [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],
+ [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5],
+ ].map((i) => new Uint8Array(i));
+ const shiftsL = idxL.map((idx, i) => idx.map((j) => shifts[i][j]));
+ const shiftsR = idxR.map((idx, i) => idx.map((j) => shifts[i][j]));
+ const Kl = new Uint32Array([0x00000000, 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xa953fd4e]);
+ const Kr = new Uint32Array([0x50a28be6, 0x5c4dd124, 0x6d703ef3, 0x7a6d76e9, 0x00000000]);
+ // The rotate left (circular left shift) operation for uint32
+ const rotl$1 = (word, shift) => (word << shift) | (word >>> (32 - shift));
+ // It's called f() in spec.
+ function f(group, x, y, z) {
+ if (group === 0)
+ return x ^ y ^ z;
+ else if (group === 1)
+ return (x & y) | (~x & z);
+ else if (group === 2)
+ return (x | ~y) ^ z;
+ else if (group === 3)
+ return (x & z) | (y & ~z);
+ else
+ return x ^ (y | ~z);
+ }
+ // Temporary buffer, not used to store anything between runs
+ const BUF = new Uint32Array(16);
+ class RIPEMD160 extends SHA2 {
+ constructor() {
+ super(64, 20, 8, true);
+ this.h0 = 0x67452301 | 0;
+ this.h1 = 0xefcdab89 | 0;
+ this.h2 = 0x98badcfe | 0;
+ this.h3 = 0x10325476 | 0;
+ this.h4 = 0xc3d2e1f0 | 0;
+ }
+ get() {
+ const { h0, h1, h2, h3, h4 } = this;
+ return [h0, h1, h2, h3, h4];
+ }
+ set(h0, h1, h2, h3, h4) {
+ this.h0 = h0 | 0;
+ this.h1 = h1 | 0;
+ this.h2 = h2 | 0;
+ this.h3 = h3 | 0;
+ this.h4 = h4 | 0;
+ }
+ process(view, offset) {
+ for (let i = 0; i < 16; i++, offset += 4)
+ BUF[i] = view.getUint32(offset, true);
+ // prettier-ignore
+ let al = this.h0 | 0, ar = al, bl = this.h1 | 0, br = bl, cl = this.h2 | 0, cr = cl, dl = this.h3 | 0, dr = dl, el = this.h4 | 0, er = el;
+ // Instead of iterating 0 to 80, we split it into 5 groups
+ // And use the groups in constants, functions, etc. Much simpler
+ for (let group = 0; group < 5; group++) {
+ const rGroup = 4 - group;
+ const hbl = Kl[group], hbr = Kr[group]; // prettier-ignore
+ const rl = idxL[group], rr = idxR[group]; // prettier-ignore
+ const sl = shiftsL[group], sr = shiftsR[group]; // prettier-ignore
+ for (let i = 0; i < 16; i++) {
+ const tl = (rotl$1(al + f(group, bl, cl, dl) + BUF[rl[i]] + hbl, sl[i]) + el) | 0;
+ al = el, el = dl, dl = rotl$1(cl, 10) | 0, cl = bl, bl = tl; // prettier-ignore
+ }
+ // 2 loops are 10% faster
+ for (let i = 0; i < 16; i++) {
+ const tr = (rotl$1(ar + f(rGroup, br, cr, dr) + BUF[rr[i]] + hbr, sr[i]) + er) | 0;
+ ar = er, er = dr, dr = rotl$1(cr, 10) | 0, cr = br, br = tr; // prettier-ignore
+ }
+ }
+ // Add the compressed chunk to the current hash value
+ this.set((this.h1 + cl + dr) | 0, (this.h2 + dl + er) | 0, (this.h3 + el + ar) | 0, (this.h4 + al + br) | 0, (this.h0 + bl + cr) | 0);
+ }
+ roundClean() {
+ BUF.fill(0);
+ }
+ destroy() {
+ this.destroyed = true;
+ this.buffer.fill(0);
+ this.set(0, 0, 0, 0, 0);
+ }
+ }
+ /**
+ * RIPEMD-160 - a hash function from 1990s.
+ * @param message - msg that would be hashed
+ */
+ const ripemd160 = wrapConstructor(() => new RIPEMD160());
+
+ // Choice: a ? b : c
+ const Chi = (a, b, c) => (a & b) ^ (~a & c);
+ // Majority function, true if any two inpust is true
+ const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
+ // Round constants:
+ // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
+ // prettier-ignore
+ const SHA256_K = new Uint32Array([
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ ]);
+ // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
+ // prettier-ignore
+ const IV = new Uint32Array([
+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+ ]);
+ // Temporary buffer, not used to store anything between runs
+ // Named this way because it matches specification.
+ const SHA256_W = new Uint32Array(64);
+ class SHA256 extends SHA2 {
+ constructor() {
+ super(64, 32, 8, false);
+ // We cannot use array here since array allows indexing by variable
+ // which means optimizer/compiler cannot use registers.
+ this.A = IV[0] | 0;
+ this.B = IV[1] | 0;
+ this.C = IV[2] | 0;
+ this.D = IV[3] | 0;
+ this.E = IV[4] | 0;
+ this.F = IV[5] | 0;
+ this.G = IV[6] | 0;
+ this.H = IV[7] | 0;
+ }
+ get() {
+ const { A, B, C, D, E, F, G, H } = this;
+ return [A, B, C, D, E, F, G, H];
+ }
+ // prettier-ignore
+ set(A, B, C, D, E, F, G, H) {
+ this.A = A | 0;
+ this.B = B | 0;
+ this.C = C | 0;
+ this.D = D | 0;
+ this.E = E | 0;
+ this.F = F | 0;
+ this.G = G | 0;
+ this.H = H | 0;
+ }
+ process(view, offset) {
+ // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
+ for (let i = 0; i < 16; i++, offset += 4)
+ SHA256_W[i] = view.getUint32(offset, false);
+ for (let i = 16; i < 64; i++) {
+ const W15 = SHA256_W[i - 15];
+ const W2 = SHA256_W[i - 2];
+ const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);
+ const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);
+ SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;
+ }
+ // Compression function main loop, 64 rounds
+ let { A, B, C, D, E, F, G, H } = this;
+ for (let i = 0; i < 64; i++) {
+ const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
+ const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
+ const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
+ const T2 = (sigma0 + Maj(A, B, C)) | 0;
+ H = G;
+ G = F;
+ F = E;
+ E = (D + T1) | 0;
+ D = C;
+ C = B;
+ B = A;
+ A = (T1 + T2) | 0;
+ }
+ // Add the compressed chunk to the current hash value
+ A = (A + this.A) | 0;
+ B = (B + this.B) | 0;
+ C = (C + this.C) | 0;
+ D = (D + this.D) | 0;
+ E = (E + this.E) | 0;
+ F = (F + this.F) | 0;
+ G = (G + this.G) | 0;
+ H = (H + this.H) | 0;
+ this.set(A, B, C, D, E, F, G, H);
+ }
+ roundClean() {
+ SHA256_W.fill(0);
+ }
+ destroy() {
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
+ this.buffer.fill(0);
+ }
+ }
+ /**
+ * SHA2-256 hash function
+ * @param message - data that would be hashed
+ */
+ const sha256 = wrapConstructor(() => new SHA256());
+
+ // RFC 7914 Scrypt KDF
+ // Left rotate for uint32
+ const rotl = (a, b) => (a << b) | (a >>> (32 - b));
+ // The main Scrypt loop: uses Salsa extensively.
+ // Six versions of the function were tried, this is the fastest one.
+ // prettier-ignore
+ function XorAndSalsa(prev, pi, input, ii, out, oi) {
+ // Based on https://cr.yp.to/salsa20.html
+ // Xor blocks
+ let y00 = prev[pi++] ^ input[ii++], y01 = prev[pi++] ^ input[ii++];
+ let y02 = prev[pi++] ^ input[ii++], y03 = prev[pi++] ^ input[ii++];
+ let y04 = prev[pi++] ^ input[ii++], y05 = prev[pi++] ^ input[ii++];
+ let y06 = prev[pi++] ^ input[ii++], y07 = prev[pi++] ^ input[ii++];
+ let y08 = prev[pi++] ^ input[ii++], y09 = prev[pi++] ^ input[ii++];
+ let y10 = prev[pi++] ^ input[ii++], y11 = prev[pi++] ^ input[ii++];
+ let y12 = prev[pi++] ^ input[ii++], y13 = prev[pi++] ^ input[ii++];
+ let y14 = prev[pi++] ^ input[ii++], y15 = prev[pi++] ^ input[ii++];
+ // Save state to temporary variables (salsa)
+ let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
+ // Main loop (salsa)
+ for (let i = 0; i < 8; i += 2) {
+ x04 ^= rotl(x00 + x12 | 0, 7);
+ x08 ^= rotl(x04 + x00 | 0, 9);
+ x12 ^= rotl(x08 + x04 | 0, 13);
+ x00 ^= rotl(x12 + x08 | 0, 18);
+ x09 ^= rotl(x05 + x01 | 0, 7);
+ x13 ^= rotl(x09 + x05 | 0, 9);
+ x01 ^= rotl(x13 + x09 | 0, 13);
+ x05 ^= rotl(x01 + x13 | 0, 18);
+ x14 ^= rotl(x10 + x06 | 0, 7);
+ x02 ^= rotl(x14 + x10 | 0, 9);
+ x06 ^= rotl(x02 + x14 | 0, 13);
+ x10 ^= rotl(x06 + x02 | 0, 18);
+ x03 ^= rotl(x15 + x11 | 0, 7);
+ x07 ^= rotl(x03 + x15 | 0, 9);
+ x11 ^= rotl(x07 + x03 | 0, 13);
+ x15 ^= rotl(x11 + x07 | 0, 18);
+ x01 ^= rotl(x00 + x03 | 0, 7);
+ x02 ^= rotl(x01 + x00 | 0, 9);
+ x03 ^= rotl(x02 + x01 | 0, 13);
+ x00 ^= rotl(x03 + x02 | 0, 18);
+ x06 ^= rotl(x05 + x04 | 0, 7);
+ x07 ^= rotl(x06 + x05 | 0, 9);
+ x04 ^= rotl(x07 + x06 | 0, 13);
+ x05 ^= rotl(x04 + x07 | 0, 18);
+ x11 ^= rotl(x10 + x09 | 0, 7);
+ x08 ^= rotl(x11 + x10 | 0, 9);
+ x09 ^= rotl(x08 + x11 | 0, 13);
+ x10 ^= rotl(x09 + x08 | 0, 18);
+ x12 ^= rotl(x15 + x14 | 0, 7);
+ x13 ^= rotl(x12 + x15 | 0, 9);
+ x14 ^= rotl(x13 + x12 | 0, 13);
+ x15 ^= rotl(x14 + x13 | 0, 18);
+ }
+ // Write output (salsa)
+ out[oi++] = (y00 + x00) | 0;
+ out[oi++] = (y01 + x01) | 0;
+ out[oi++] = (y02 + x02) | 0;
+ out[oi++] = (y03 + x03) | 0;
+ out[oi++] = (y04 + x04) | 0;
+ out[oi++] = (y05 + x05) | 0;
+ out[oi++] = (y06 + x06) | 0;
+ out[oi++] = (y07 + x07) | 0;
+ out[oi++] = (y08 + x08) | 0;
+ out[oi++] = (y09 + x09) | 0;
+ out[oi++] = (y10 + x10) | 0;
+ out[oi++] = (y11 + x11) | 0;
+ out[oi++] = (y12 + x12) | 0;
+ out[oi++] = (y13 + x13) | 0;
+ out[oi++] = (y14 + x14) | 0;
+ out[oi++] = (y15 + x15) | 0;
+ }
+ function BlockMix(input, ii, out, oi, r) {
+ // The block B is r 128-byte chunks (which is equivalent of 2r 64-byte chunks)
+ let head = oi + 0;
+ let tail = oi + 16 * r;
+ for (let i = 0; i < 16; i++)
+ out[tail + i] = input[ii + (2 * r - 1) * 16 + i]; // X ← B[2r−1]
+ for (let i = 0; i < r; i++, head += 16, ii += 16) {
+ // We write odd & even Yi at same time. Even: 0bXXXXX0 Odd: 0bXXXXX1
+ XorAndSalsa(out, tail, input, ii, out, head); // head[i] = Salsa(blockIn[2*i] ^ tail[i-1])
+ if (i > 0)
+ tail += 16; // First iteration overwrites tmp value in tail
+ XorAndSalsa(out, head, input, (ii += 16), out, tail); // tail[i] = Salsa(blockIn[2*i+1] ^ head[i])
+ }
+ }
+ // Common prologue and epilogue for sync/async functions
+ function scryptInit(password, salt, _opts) {
+ // Maxmem - 1GB+1KB by default
+ const opts = checkOpts({
+ dkLen: 32,
+ asyncTick: 10,
+ maxmem: 1024 ** 3 + 1024,
+ }, _opts);
+ const { N, r, p, dkLen, asyncTick, maxmem, onProgress } = opts;
+ assert.number(N);
+ assert.number(r);
+ assert.number(p);
+ assert.number(dkLen);
+ assert.number(asyncTick);
+ assert.number(maxmem);
+ if (onProgress !== undefined && typeof onProgress !== 'function')
+ throw new Error('progressCb should be function');
+ const blockSize = 128 * r;
+ const blockSize32 = blockSize / 4;
+ if (N <= 1 || (N & (N - 1)) !== 0 || N >= 2 ** (blockSize / 8) || N > 2 ** 32) {
+ // NOTE: we limit N to be less than 2**32 because of 32 bit variant of Integrify function
+ // There is no JS engines that allows alocate more than 4GB per single Uint8Array for now, but can change in future.
+ throw new Error('Scrypt: N must be larger than 1, a power of 2, less than 2^(128 * r / 8) and less than 2^32');
+ }
+ if (p < 0 || p > ((2 ** 32 - 1) * 32) / blockSize) {
+ throw new Error('Scrypt: p must be a positive integer less than or equal to ((2^32 - 1) * 32) / (128 * r)');
+ }
+ if (dkLen < 0 || dkLen > (2 ** 32 - 1) * 32) {
+ throw new Error('Scrypt: dkLen should be positive integer less than or equal to (2^32 - 1) * 32');
+ }
+ const memUsed = blockSize * (N + p);
+ if (memUsed > maxmem) {
+ throw new Error(`Scrypt: parameters too large, ${memUsed} (128 * r * (N + p)) > ${maxmem} (maxmem)`);
+ }
+ // [B0...Bp−1] ← PBKDF2HMAC-SHA256(Passphrase, Salt, 1, blockSize*ParallelizationFactor)
+ // Since it has only one iteration there is no reason to use async variant
+ const B = pbkdf2$1(sha256, password, salt, { c: 1, dkLen: blockSize * p });
+ const B32 = u32(B);
+ // Re-used between parallel iterations. Array(iterations) of B
+ const V = u32(new Uint8Array(blockSize * N));
+ const tmp = u32(new Uint8Array(blockSize));
+ let blockMixCb = () => { };
+ if (onProgress) {
+ const totalBlockMix = 2 * N * p;
+ // Invoke callback if progress changes from 10.01 to 10.02
+ // Allows to draw smooth progress bar on up to 8K screen
+ const callbackPer = Math.max(Math.floor(totalBlockMix / 10000), 1);
+ let blockMixCnt = 0;
+ blockMixCb = () => {
+ blockMixCnt++;
+ if (onProgress && (!(blockMixCnt % callbackPer) || blockMixCnt === totalBlockMix))
+ onProgress(blockMixCnt / totalBlockMix);
+ };
+ }
+ return { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick };
+ }
+ function scryptOutput(password, dkLen, B, V, tmp) {
+ const res = pbkdf2$1(sha256, password, B, { c: 1, dkLen });
+ B.fill(0);
+ V.fill(0);
+ tmp.fill(0);
+ return res;
+ }
+ /**
+ * Scrypt KDF from RFC 7914.
+ * @param password - pass
+ * @param salt - salt
+ * @param opts - parameters
+ * - `N` is cpu/mem work factor (power of 2 e.g. 2**18)
+ * - `r` is block size (8 is common), fine-tunes sequential memory read size and performance
+ * - `p` is parallelization factor (1 is common)
+ * - `dkLen` is output key length in bytes e.g. 32.
+ * - `asyncTick` - (default: 10) max time in ms for which async function can block execution
+ * - `maxmem` - (default: `1024 ** 3 + 1024` aka 1GB+1KB). A limit that the app could use for scrypt
+ * - `onProgress` - callback function that would be executed for progress report
+ * @returns Derived key
+ */
+ function scrypt$1(password, salt, opts) {
+ const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb } = scryptInit(password, salt, opts);
+ for (let pi = 0; pi < p; pi++) {
+ const Pi = blockSize32 * pi;
+ for (let i = 0; i < blockSize32; i++)
+ V[i] = B32[Pi + i]; // V[0] = B[i]
+ for (let i = 0, pos = 0; i < N - 1; i++) {
+ BlockMix(V, pos, V, (pos += blockSize32), r); // V[i] = BlockMix(V[i-1]);
+ blockMixCb();
+ }
+ BlockMix(V, (N - 1) * blockSize32, B32, Pi, r); // Process last element
+ blockMixCb();
+ for (let i = 0; i < N; i++) {
+ // First u32 of the last 64-byte block (u32 is LE)
+ const j = B32[Pi + blockSize32 - 16] % N; // j = Integrify(X) % iterations
+ for (let k = 0; k < blockSize32; k++)
+ tmp[k] = B32[Pi + k] ^ V[j * blockSize32 + k]; // tmp = B ^ V[j]
+ BlockMix(tmp, 0, B32, Pi, r); // B = BlockMix(B ^ V[j])
+ blockMixCb();
+ }
+ }
+ return scryptOutput(password, dkLen, B, V, tmp);
+ }
+ /**
+ * Scrypt KDF from RFC 7914.
+ */
+ async function scryptAsync(password, salt, opts) {
+ const { N, r, p, dkLen, blockSize32, V, B32, B, tmp, blockMixCb, asyncTick } = scryptInit(password, salt, opts);
+ for (let pi = 0; pi < p; pi++) {
+ const Pi = blockSize32 * pi;
+ for (let i = 0; i < blockSize32; i++)
+ V[i] = B32[Pi + i]; // V[0] = B[i]
+ let pos = 0;
+ await asyncLoop(N - 1, asyncTick, (i) => {
+ BlockMix(V, pos, V, (pos += blockSize32), r); // V[i] = BlockMix(V[i-1]);
+ blockMixCb();
+ });
+ BlockMix(V, (N - 1) * blockSize32, B32, Pi, r); // Process last element
+ blockMixCb();
+ await asyncLoop(N, asyncTick, (i) => {
+ // First u32 of the last 64-byte block (u32 is LE)
+ const j = B32[Pi + blockSize32 - 16] % N; // j = Integrify(X) % iterations
+ for (let k = 0; k < blockSize32; k++)
+ tmp[k] = B32[Pi + k] ^ V[j * blockSize32 + k]; // tmp = B ^ V[j]
+ BlockMix(tmp, 0, B32, Pi, r); // B = BlockMix(B ^ V[j])
+ blockMixCb();
+ });
+ }
+ return scryptOutput(password, dkLen, B, V, tmp);
+ }
+
+ // Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):
+ // prettier-ignore
+ const [SHA512_Kh, SHA512_Kl] = u64.split([
+ '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',
+ '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',
+ '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',
+ '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',
+ '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',
+ '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',
+ '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',
+ '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',
+ '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',
+ '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',
+ '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',
+ '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',
+ '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',
+ '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',
+ '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',
+ '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',
+ '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',
+ '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',
+ '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',
+ '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'
+ ].map(n => BigInt(n)));
+ // Temporary buffer, not used to store anything between runs
+ const SHA512_W_H = new Uint32Array(80);
+ const SHA512_W_L = new Uint32Array(80);
+ class SHA512 extends SHA2 {
+ constructor() {
+ super(128, 64, 16, false);
+ // We cannot use array here since array allows indexing by variable which means optimizer/compiler cannot use registers.
+ // Also looks cleaner and easier to verify with spec.
+ // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
+ // h -- high 32 bits, l -- low 32 bits
+ this.Ah = 0x6a09e667 | 0;
+ this.Al = 0xf3bcc908 | 0;
+ this.Bh = 0xbb67ae85 | 0;
+ this.Bl = 0x84caa73b | 0;
+ this.Ch = 0x3c6ef372 | 0;
+ this.Cl = 0xfe94f82b | 0;
+ this.Dh = 0xa54ff53a | 0;
+ this.Dl = 0x5f1d36f1 | 0;
+ this.Eh = 0x510e527f | 0;
+ this.El = 0xade682d1 | 0;
+ this.Fh = 0x9b05688c | 0;
+ this.Fl = 0x2b3e6c1f | 0;
+ this.Gh = 0x1f83d9ab | 0;
+ this.Gl = 0xfb41bd6b | 0;
+ this.Hh = 0x5be0cd19 | 0;
+ this.Hl = 0x137e2179 | 0;
+ }
+ // prettier-ignore
+ get() {
+ const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+ return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
+ }
+ // prettier-ignore
+ set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {
+ this.Ah = Ah | 0;
+ this.Al = Al | 0;
+ this.Bh = Bh | 0;
+ this.Bl = Bl | 0;
+ this.Ch = Ch | 0;
+ this.Cl = Cl | 0;
+ this.Dh = Dh | 0;
+ this.Dl = Dl | 0;
+ this.Eh = Eh | 0;
+ this.El = El | 0;
+ this.Fh = Fh | 0;
+ this.Fl = Fl | 0;
+ this.Gh = Gh | 0;
+ this.Gl = Gl | 0;
+ this.Hh = Hh | 0;
+ this.Hl = Hl | 0;
+ }
+ process(view, offset) {
+ // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array
+ for (let i = 0; i < 16; i++, offset += 4) {
+ SHA512_W_H[i] = view.getUint32(offset);
+ SHA512_W_L[i] = view.getUint32((offset += 4));
+ }
+ for (let i = 16; i < 80; i++) {
+ // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)
+ const W15h = SHA512_W_H[i - 15] | 0;
+ const W15l = SHA512_W_L[i - 15] | 0;
+ const s0h = u64.rotrSH(W15h, W15l, 1) ^ u64.rotrSH(W15h, W15l, 8) ^ u64.shrSH(W15h, W15l, 7);
+ const s0l = u64.rotrSL(W15h, W15l, 1) ^ u64.rotrSL(W15h, W15l, 8) ^ u64.shrSL(W15h, W15l, 7);
+ // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)
+ const W2h = SHA512_W_H[i - 2] | 0;
+ const W2l = SHA512_W_L[i - 2] | 0;
+ const s1h = u64.rotrSH(W2h, W2l, 19) ^ u64.rotrBH(W2h, W2l, 61) ^ u64.shrSH(W2h, W2l, 6);
+ const s1l = u64.rotrSL(W2h, W2l, 19) ^ u64.rotrBL(W2h, W2l, 61) ^ u64.shrSL(W2h, W2l, 6);
+ // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];
+ const SUMl = u64.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
+ const SUMh = u64.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
+ SHA512_W_H[i] = SUMh | 0;
+ SHA512_W_L[i] = SUMl | 0;
+ }
+ let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+ // Compression function main loop, 80 rounds
+ for (let i = 0; i < 80; i++) {
+ // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)
+ const sigma1h = u64.rotrSH(Eh, El, 14) ^ u64.rotrSH(Eh, El, 18) ^ u64.rotrBH(Eh, El, 41);
+ const sigma1l = u64.rotrSL(Eh, El, 14) ^ u64.rotrSL(Eh, El, 18) ^ u64.rotrBL(Eh, El, 41);
+ //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
+ const CHIh = (Eh & Fh) ^ (~Eh & Gh);
+ const CHIl = (El & Fl) ^ (~El & Gl);
+ // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]
+ // prettier-ignore
+ const T1ll = u64.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
+ const T1h = u64.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
+ const T1l = T1ll | 0;
+ // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)
+ const sigma0h = u64.rotrSH(Ah, Al, 28) ^ u64.rotrBH(Ah, Al, 34) ^ u64.rotrBH(Ah, Al, 39);
+ const sigma0l = u64.rotrSL(Ah, Al, 28) ^ u64.rotrBL(Ah, Al, 34) ^ u64.rotrBL(Ah, Al, 39);
+ const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);
+ const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);
+ Hh = Gh | 0;
+ Hl = Gl | 0;
+ Gh = Fh | 0;
+ Gl = Fl | 0;
+ Fh = Eh | 0;
+ Fl = El | 0;
+ ({ h: Eh, l: El } = u64.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
+ Dh = Ch | 0;
+ Dl = Cl | 0;
+ Ch = Bh | 0;
+ Cl = Bl | 0;
+ Bh = Ah | 0;
+ Bl = Al | 0;
+ const All = u64.add3L(T1l, sigma0l, MAJl);
+ Ah = u64.add3H(All, T1h, sigma0h, MAJh);
+ Al = All | 0;
+ }
+ // Add the compressed chunk to the current hash value
+ ({ h: Ah, l: Al } = u64.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
+ ({ h: Bh, l: Bl } = u64.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
+ ({ h: Ch, l: Cl } = u64.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
+ ({ h: Dh, l: Dl } = u64.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
+ ({ h: Eh, l: El } = u64.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
+ ({ h: Fh, l: Fl } = u64.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
+ ({ h: Gh, l: Gl } = u64.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
+ ({ h: Hh, l: Hl } = u64.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
+ this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
+ }
+ roundClean() {
+ SHA512_W_H.fill(0);
+ SHA512_W_L.fill(0);
+ }
+ destroy() {
+ this.buffer.fill(0);
+ this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+ }
+ }
+ class SHA512_256 extends SHA512 {
+ constructor() {
+ super();
+ // h -- high 32 bits, l -- low 32 bits
+ this.Ah = 0x22312194 | 0;
+ this.Al = 0xfc2bf72c | 0;
+ this.Bh = 0x9f555fa3 | 0;
+ this.Bl = 0xc84c64c2 | 0;
+ this.Ch = 0x2393b86b | 0;
+ this.Cl = 0x6f53b151 | 0;
+ this.Dh = 0x96387719 | 0;
+ this.Dl = 0x5940eabd | 0;
+ this.Eh = 0x96283ee2 | 0;
+ this.El = 0xa88effe3 | 0;
+ this.Fh = 0xbe5e1e25 | 0;
+ this.Fl = 0x53863992 | 0;
+ this.Gh = 0x2b0199fc | 0;
+ this.Gl = 0x2c85b8aa | 0;
+ this.Hh = 0x0eb72ddc | 0;
+ this.Hl = 0x81c52ca2 | 0;
+ this.outputLen = 32;
+ }
+ }
+ class SHA384 extends SHA512 {
+ constructor() {
+ super();
+ // h -- high 32 bits, l -- low 32 bits
+ this.Ah = 0xcbbb9d5d | 0;
+ this.Al = 0xc1059ed8 | 0;
+ this.Bh = 0x629a292a | 0;
+ this.Bl = 0x367cd507 | 0;
+ this.Ch = 0x9159015a | 0;
+ this.Cl = 0x3070dd17 | 0;
+ this.Dh = 0x152fecd8 | 0;
+ this.Dl = 0xf70e5939 | 0;
+ this.Eh = 0x67332667 | 0;
+ this.El = 0xffc00b31 | 0;
+ this.Fh = 0x8eb44a87 | 0;
+ this.Fl = 0x68581511 | 0;
+ this.Gh = 0xdb0c2e0d | 0;
+ this.Gl = 0x64f98fa7 | 0;
+ this.Hh = 0x47b5481d | 0;
+ this.Hl = 0xbefa4fa4 | 0;
+ this.outputLen = 48;
+ }
+ }
+ const sha512 = wrapConstructor(() => new SHA512());
+ wrapConstructor(() => new SHA512_256());
+ wrapConstructor(() => new SHA384());
+
+ // Various per round constants calculations
+ const [SHA3_PI, SHA3_ROTL, _SHA3_IOTA] = [[], [], []];
+ var _0n = BigInt(0);
+ var _1n = BigInt(1);
+ var _2n = BigInt(2);
+ var _7n = BigInt(7);
+ const _256n = BigInt(256);
+ const _0x71n = BigInt(0x71);
+ for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
+ // Pi
+ [x, y] = [y, (2 * x + 3 * y) % 5];
+ SHA3_PI.push(2 * (5 * y + x));
+ // Rotational
+ SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);
+ // Iota
+ let t = _0n;
+ for (let j = 0; j < 7; j++) {
+ R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;
+ if (R & _2n)
+ t ^= _1n << ((_1n << BigInt(j)) - _1n);
+ }
+ _SHA3_IOTA.push(t);
+ }
+ const [SHA3_IOTA_H, SHA3_IOTA_L] = u64.split(_SHA3_IOTA, true);
+ // Left rotation (without 0, 32, 64)
+ const rotlH = (h, l, s) => s > 32 ? u64.rotlBH(h, l, s) : u64.rotlSH(h, l, s);
+ const rotlL = (h, l, s) => s > 32 ? u64.rotlBL(h, l, s) : u64.rotlSL(h, l, s);
+ // Same as keccakf1600, but allows to skip some rounds
+ function keccakP(s, rounds = 24) {
+ const B = new Uint32Array(5 * 2);
+ // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)
+ for (let round = 24 - rounds; round < 24; round++) {
+ // Theta θ
+ for (let x = 0; x < 10; x++)
+ B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
+ for (let x = 0; x < 10; x += 2) {
+ const idx1 = (x + 8) % 10;
+ const idx0 = (x + 2) % 10;
+ const B0 = B[idx0];
+ const B1 = B[idx0 + 1];
+ const Th = rotlH(B0, B1, 1) ^ B[idx1];
+ const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
+ for (let y = 0; y < 50; y += 10) {
+ s[x + y] ^= Th;
+ s[x + y + 1] ^= Tl;
+ }
+ }
+ // Rho (ρ) and Pi (π)
+ let curH = s[2];
+ let curL = s[3];
+ for (let t = 0; t < 24; t++) {
+ const shift = SHA3_ROTL[t];
+ const Th = rotlH(curH, curL, shift);
+ const Tl = rotlL(curH, curL, shift);
+ const PI = SHA3_PI[t];
+ curH = s[PI];
+ curL = s[PI + 1];
+ s[PI] = Th;
+ s[PI + 1] = Tl;
+ }
+ // Chi (χ)
+ for (let y = 0; y < 50; y += 10) {
+ for (let x = 0; x < 10; x++)
+ B[x] = s[y + x];
+ for (let x = 0; x < 10; x++)
+ s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
+ }
+ // Iota (ι)
+ s[0] ^= SHA3_IOTA_H[round];
+ s[1] ^= SHA3_IOTA_L[round];
+ }
+ B.fill(0);
+ }
+ class Keccak extends Hash {
+ // NOTE: we accept arguments in bytes instead of bits here.
+ constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
+ super();
+ this.blockLen = blockLen;
+ this.suffix = suffix;
+ this.outputLen = outputLen;
+ this.enableXOF = enableXOF;
+ this.rounds = rounds;
+ this.pos = 0;
+ this.posOut = 0;
+ this.finished = false;
+ this.destroyed = false;
+ // Can be passed from user as dkLen
+ assert.number(outputLen);
+ // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes
+ if (0 >= this.blockLen || this.blockLen >= 200)
+ throw new Error('Sha3 supports only keccak-f1600 function');
+ this.state = new Uint8Array(200);
+ this.state32 = u32(this.state);
+ }
+ keccak() {
+ keccakP(this.state32, this.rounds);
+ this.posOut = 0;
+ this.pos = 0;
+ }
+ update(data) {
+ assert.exists(this);
+ const { blockLen, state } = this;
+ data = toBytes(data);
+ const len = data.length;
+ for (let pos = 0; pos < len;) {
+ const take = Math.min(blockLen - this.pos, len - pos);
+ for (let i = 0; i < take; i++)
+ state[this.pos++] ^= data[pos++];
+ if (this.pos === blockLen)
+ this.keccak();
+ }
+ return this;
+ }
+ finish() {
+ if (this.finished)
+ return;
+ this.finished = true;
+ const { state, suffix, pos, blockLen } = this;
+ // Do the padding
+ state[pos] ^= suffix;
+ if ((suffix & 0x80) !== 0 && pos === blockLen - 1)
+ this.keccak();
+ state[blockLen - 1] ^= 0x80;
+ this.keccak();
+ }
+ writeInto(out) {
+ assert.exists(this, false);
+ assert.bytes(out);
+ this.finish();
+ const bufferOut = this.state;
+ const { blockLen } = this;
+ for (let pos = 0, len = out.length; pos < len;) {
+ if (this.posOut >= blockLen)
+ this.keccak();
+ const take = Math.min(blockLen - this.posOut, len - pos);
+ out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+ this.posOut += take;
+ pos += take;
+ }
+ return out;
+ }
+ xofInto(out) {
+ // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF
+ if (!this.enableXOF)
+ throw new Error('XOF is not possible for this instance');
+ return this.writeInto(out);
+ }
+ xof(bytes) {
+ assert.number(bytes);
+ return this.xofInto(new Uint8Array(bytes));
+ }
+ digestInto(out) {
+ assert.output(out, this);
+ if (this.finished)
+ throw new Error('digest() was already called');
+ this.writeInto(out);
+ this.destroy();
+ return out;
+ }
+ digest() {
+ return this.digestInto(new Uint8Array(this.outputLen));
+ }
+ destroy() {
+ this.destroyed = true;
+ this.state.fill(0);
+ }
+ _cloneInto(to) {
+ const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
+ to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
+ to.state32.set(this.state32);
+ to.pos = this.pos;
+ to.posOut = this.posOut;
+ to.finished = this.finished;
+ to.rounds = rounds;
+ // Suffix can change in cSHAKE
+ to.suffix = suffix;
+ to.outputLen = outputLen;
+ to.enableXOF = enableXOF;
+ to.destroyed = this.destroyed;
+ return to;
+ }
+ }
+ const gen = (suffix, blockLen, outputLen) => wrapConstructor(() => new Keccak(blockLen, suffix, outputLen));
+ const sha3_224 = gen(0x06, 144, 224 / 8);
+ /**
+ * SHA3-256 hash function
+ * @param message - that would be hashed
+ */
+ const sha3_256 = gen(0x06, 136, 256 / 8);
+ const sha3_384 = gen(0x06, 104, 384 / 8);
+ const sha3_512 = gen(0x06, 72, 512 / 8);
+ const keccak_224 = gen(0x01, 144, 224 / 8);
+ /**
+ * keccak-256 hash function. Different from SHA3-256.
+ * @param message - that would be hashed
+ */
+ const keccak_256 = gen(0x01, 136, 256 / 8);
+ const keccak_384 = gen(0x01, 104, 384 / 8);
+ const keccak_512 = gen(0x01, 72, 512 / 8);
+ const genShake = (suffix, blockLen, outputLen) => wrapConstructorWithOpts((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));
+ genShake(0x1f, 168, 128 / 8);
+ genShake(0x1f, 136, 256 / 8);
+
+ // cSHAKE && KMAC (NIST SP800-185)
+ function leftEncode(n) {
+ const res = [n & 0xff];
+ n >>= 8;
+ for (; n > 0; n >>= 8)
+ res.unshift(n & 0xff);
+ res.unshift(res.length);
+ return new Uint8Array(res);
+ }
+ function rightEncode(n) {
+ const res = [n & 0xff];
+ n >>= 8;
+ for (; n > 0; n >>= 8)
+ res.unshift(n & 0xff);
+ res.push(res.length);
+ return new Uint8Array(res);
+ }
+ function chooseLen(opts, outputLen) {
+ return opts.dkLen === undefined ? outputLen : opts.dkLen;
+ }
+ const toBytesOptional = (buf) => (buf !== undefined ? toBytes(buf) : new Uint8Array([]));
+ // NOTE: second modulo is necessary since we don't need to add padding if current element takes whole block
+ const getPadding = (len, block) => new Uint8Array((block - (len % block)) % block);
+ // Personalization
+ function cshakePers(hash, opts = {}) {
+ if (!opts || (!opts.personalization && !opts.NISTfn))
+ return hash;
+ // Encode and pad inplace to avoid unneccesary memory copies/slices (so we don't need to zero them later)
+ // bytepad(encode_string(N) || encode_string(S), 168)
+ const blockLenBytes = leftEncode(hash.blockLen);
+ const fn = toBytesOptional(opts.NISTfn);
+ const fnLen = leftEncode(8 * fn.length); // length in bits
+ const pers = toBytesOptional(opts.personalization);
+ const persLen = leftEncode(8 * pers.length); // length in bits
+ if (!fn.length && !pers.length)
+ return hash;
+ hash.suffix = 0x04;
+ hash.update(blockLenBytes).update(fnLen).update(fn).update(persLen).update(pers);
+ let totalLen = blockLenBytes.length + fnLen.length + fn.length + persLen.length + pers.length;
+ hash.update(getPadding(totalLen, hash.blockLen));
+ return hash;
+ }
+ const gencShake = (suffix, blockLen, outputLen) => wrapConstructorWithOpts((opts = {}) => cshakePers(new Keccak(blockLen, suffix, chooseLen(opts, outputLen), true), opts));
+ const cshake128 = gencShake(0x1f, 168, 128 / 8);
+ const cshake256 = gencShake(0x1f, 136, 256 / 8);
+ class KMAC extends Keccak {
+ constructor(blockLen, outputLen, enableXOF, key, opts = {}) {
+ super(blockLen, 0x1f, outputLen, enableXOF);
+ cshakePers(this, { NISTfn: 'KMAC', personalization: opts.personalization });
+ key = toBytes(key);
+ // 1. newX = bytepad(encode_string(K), 168) || X || right_encode(L).
+ const blockLenBytes = leftEncode(this.blockLen);
+ const keyLen = leftEncode(8 * key.length);
+ this.update(blockLenBytes).update(keyLen).update(key);
+ const totalLen = blockLenBytes.length + keyLen.length + key.length;
+ this.update(getPadding(totalLen, this.blockLen));
+ }
+ finish() {
+ if (!this.finished)
+ this.update(rightEncode(this.enableXOF ? 0 : this.outputLen * 8)); // outputLen in bits
+ super.finish();
+ }
+ _cloneInto(to) {
+ // Create new instance without calling constructor since key already in state and we don't know it.
+ // Force "to" to be instance of KMAC instead of Sha3.
+ if (!to) {
+ to = Object.create(Object.getPrototypeOf(this), {});
+ to.state = this.state.slice();
+ to.blockLen = this.blockLen;
+ to.state32 = u32(to.state);
+ }
+ return super._cloneInto(to);
+ }
+ clone() {
+ return this._cloneInto();
+ }
+ }
+ function genKmac(blockLen, outputLen, xof = false) {
+ const kmac = (key, message, opts) => kmac.create(key, opts).update(message).digest();
+ kmac.create = (key, opts = {}) => new KMAC(blockLen, chooseLen(opts, outputLen), xof, key, opts);
+ return kmac;
+ }
+ const kmac128 = genKmac(168, 128 / 8);
+ const kmac256 = genKmac(136, 256 / 8);
+ genKmac(168, 128 / 8, true);
+ genKmac(136, 256 / 8, true);
+ // Kangaroo
+ // Same as NIST rightEncode, but returns [0] for zero string
+ function rightEncodeK12(n) {
+ const res = [];
+ for (; n > 0; n >>= 8)
+ res.unshift(n & 0xff);
+ res.push(res.length);
+ return new Uint8Array(res);
+ }
+ const EMPTY = new Uint8Array([]);
+ class KangarooTwelve extends Keccak {
+ constructor(blockLen, leafLen, outputLen, rounds, opts) {
+ super(blockLen, 0x07, outputLen, true, rounds);
+ this.leafLen = leafLen;
+ this.chunkLen = 8192;
+ this.chunkPos = 0; // Position of current block in chunk
+ this.chunksDone = 0; // How many chunks we already have
+ const { personalization } = opts;
+ this.personalization = toBytesOptional(personalization);
+ }
+ update(data) {
+ data = toBytes(data);
+ const { chunkLen, blockLen, leafLen, rounds } = this;
+ for (let pos = 0, len = data.length; pos < len;) {
+ if (this.chunkPos == chunkLen) {
+ if (this.leafHash)
+ super.update(this.leafHash.digest());
+ else {
+ this.suffix = 0x06; // Its safe to change suffix here since its used only in digest()
+ super.update(new Uint8Array([3, 0, 0, 0, 0, 0, 0, 0]));
+ }
+ this.leafHash = new Keccak(blockLen, 0x0b, leafLen, false, rounds);
+ this.chunksDone++;
+ this.chunkPos = 0;
+ }
+ const take = Math.min(chunkLen - this.chunkPos, len - pos);
+ const chunk = data.subarray(pos, pos + take);
+ if (this.leafHash)
+ this.leafHash.update(chunk);
+ else
+ super.update(chunk);
+ this.chunkPos += take;
+ pos += take;
+ }
+ return this;
+ }
+ finish() {
+ if (this.finished)
+ return;
+ const { personalization } = this;
+ this.update(personalization).update(rightEncodeK12(personalization.length));
+ // Leaf hash
+ if (this.leafHash) {
+ super.update(this.leafHash.digest());
+ super.update(rightEncodeK12(this.chunksDone));
+ super.update(new Uint8Array([0xff, 0xff]));
+ }
+ super.finish.call(this);
+ }
+ destroy() {
+ super.destroy.call(this);
+ if (this.leafHash)
+ this.leafHash.destroy();
+ // We cannot zero personalization buffer since it is user provided and we don't want to mutate user input
+ this.personalization = EMPTY;
+ }
+ _cloneInto(to) {
+ const { blockLen, leafLen, leafHash, outputLen, rounds } = this;
+ to || (to = new KangarooTwelve(blockLen, leafLen, outputLen, rounds, {}));
+ super._cloneInto(to);
+ if (leafHash)
+ to.leafHash = leafHash._cloneInto(to.leafHash);
+ to.personalization.set(this.personalization);
+ to.leafLen = this.leafLen;
+ to.chunkPos = this.chunkPos;
+ to.chunksDone = this.chunksDone;
+ return to;
+ }
+ clone() {
+ return this._cloneInto();
+ }
+ }
+ // Default to 32 bytes, so it can be used without opts
+ const k12 = wrapConstructorWithOpts((opts = {}) => new KangarooTwelve(168, 32, chooseLen(opts, 32), 12, opts));
+ // MarsupilamiFourteen
+ const m14 = wrapConstructorWithOpts((opts = {}) => new KangarooTwelve(136, 64, chooseLen(opts, 64), 14, opts));
+
+ // A tiny KDF for various applications like AES key-gen
+ const SCRYPT_FACTOR = 2 ** 19;
+ const PBKDF2_FACTOR = 2 ** 17;
+ // Scrypt KDF
+ function scrypt(password, salt) {
+ return scrypt$1(password, salt, { N: SCRYPT_FACTOR, r: 8, p: 1, dkLen: 32 });
+ }
+ // PBKDF2-HMAC-SHA256
+ function pbkdf2(password, salt) {
+ return pbkdf2$1(sha256, password, salt, { c: PBKDF2_FACTOR, dkLen: 32 });
+ }
+ // Combines two 32-byte byte arrays
+ function xor32(a, b) {
+ bytes(a, 32);
+ bytes(b, 32);
+ const arr = new Uint8Array(32);
+ for (let i = 0; i < 32; i++) {
+ arr[i] = a[i] ^ b[i];
+ }
+ return arr;
+ }
+ function strHasLength(str, min, max) {
+ return typeof str === 'string' && str.length >= min && str.length <= max;
+ }
+ /**
+ * Derives main seed. Takes a lot of time. Prefer `eskdf` method instead.
+ */
+ function deriveMainSeed(username, password) {
+ if (!strHasLength(username, 8, 255))
+ throw new Error('invalid username');
+ if (!strHasLength(password, 8, 255))
+ throw new Error('invalid password');
+ const scr = scrypt(password + '\u{1}', username + '\u{1}');
+ const pbk = pbkdf2(password + '\u{2}', username + '\u{2}');
+ const res = xor32(scr, pbk);
+ scr.fill(0);
+ pbk.fill(0);
+ return res;
+ }
+ /**
+ * Converts protocol & accountId pair to HKDF salt & info params.
+ */
+ function getSaltInfo(protocol, accountId = 0) {
+ // Note that length here also repeats two lines below
+ // We do an additional length check here to reduce the scope of DoS attacks
+ if (!(strHasLength(protocol, 3, 15) && /^[a-z0-9]{3,15}$/.test(protocol))) {
+ throw new Error('invalid protocol');
+ }
+ // Allow string account ids for some protocols
+ const allowsStr = /^password\d{0,3}|ssh|tor|file$/.test(protocol);
+ let salt; // Extract salt. Default is undefined.
+ if (typeof accountId === 'string') {
+ if (!allowsStr)
+ throw new Error('accountId must be a number');
+ if (!strHasLength(accountId, 1, 255))
+ throw new Error('accountId must be valid string');
+ salt = toBytes(accountId);
+ }
+ else if (Number.isSafeInteger(accountId)) {
+ if (accountId < 0 || accountId > 2 ** 32 - 1)
+ throw new Error('invalid accountId');
+ // Convert to Big Endian Uint32
+ salt = new Uint8Array(4);
+ createView(salt).setUint32(0, accountId, false);
+ }
+ else {
+ throw new Error(`accountId must be a number${allowsStr ? ' or string' : ''}`);
+ }
+ const info = toBytes(protocol);
+ return { salt, info };
+ }
+ function countBytes(num) {
+ if (typeof num !== 'bigint' || num <= BigInt(128))
+ throw new Error('invalid number');
+ return Math.ceil(num.toString(2).length / 8);
+ }
+ /**
+ * Parses keyLength and modulus options to extract length of result key.
+ * If modulus is used, adds 64 bits to it as per FIPS 186 B.4.1 to combat modulo bias.
+ */
+ function getKeyLength(options) {
+ if (!options || typeof options !== 'object')
+ return 32;
+ const hasLen = 'keyLength' in options;
+ const hasMod = 'modulus' in options;
+ if (hasLen && hasMod)
+ throw new Error('cannot combine keyLength and modulus options');
+ if (!hasLen && !hasMod)
+ throw new Error('must have either keyLength or modulus option');
+ // FIPS 186 B.4.1 requires at least 64 more bits
+ const l = hasMod ? countBytes(options.modulus) + 8 : options.keyLength;
+ if (!(typeof l === 'number' && l >= 16 && l <= 8192))
+ throw new Error('invalid keyLength');
+ return l;
+ }
+ /**
+ * Converts key to bigint and divides it by modulus. Big Endian.
+ * Implements FIPS 186 B.4.1, which removes 0 and modulo bias from output.
+ */
+ function modReduceKey(key, modulus) {
+ const _1 = BigInt(1);
+ const num = BigInt('0x' + bytesToHex(key)); // check for ui8a, then bytesToNumber()
+ const res = (num % (modulus - _1)) + _1; // Remove 0 from output
+ if (res < _1)
+ throw new Error('expected positive number'); // Guard against bad values
+ const len = key.length - 8; // FIPS requires 64 more bits = 8 bytes
+ const hex = res.toString(16).padStart(len * 2, '0'); // numberToHex()
+ const bytes = hexToBytes(hex);
+ if (bytes.length !== len)
+ throw new Error('invalid length of result key');
+ return bytes;
+ }
+ /**
+ * ESKDF
+ * @param username - username, email, or identifier, min: 8 characters, should have enough entropy
+ * @param password - password, min: 8 characters, should have enough entropy
+ * @example
+ * const kdf = await eskdf('example-university', 'beginning-new-example');
+ * const key = kdf.deriveChildKey('aes', 0);
+ * console.log(kdf.fingerprint);
+ * kdf.expire();
+ */
+ async function eskdf(username, password) {
+ // We are using closure + object instead of class because
+ // we want to make `seed` non-accessible for any external function.
+ let seed = deriveMainSeed(username, password);
+ function deriveCK(protocol, accountId = 0, options) {
+ bytes(seed, 32);
+ // Validates protocol & accountId
+ const { salt, info } = getSaltInfo(protocol, accountId);
+ // Validates options
+ const keyLength = getKeyLength(options);
+ const key = hkdf(sha256, seed, salt, info, keyLength);
+ // Modulus has already been validated
+ return options && 'modulus' in options ? modReduceKey(key, options.modulus) : key;
+ }
+ function expire() {
+ if (seed)
+ seed.fill(1);
+ seed = undefined;
+ }
+ // prettier-ignore
+ const fingerprint = Array.from(deriveCK('fingerprint', 0))
+ .slice(0, 6)
+ .map((char) => char.toString(16).padStart(2, '0').toUpperCase())
+ .join(':');
+ return Object.freeze({ deriveChildKey: deriveCK, expire, fingerprint });
+ }
+
+
+ // var utils = { bytesToHex, randomBytes }; CHECK THIS
+
+ var sha256_1 = {};//require("@noble/hashes/sha256");
+ sha256_1.sha256 = sha256;
+
+ var hmac_1 = {}; // require("@noble/hashes/hmac");
+ hmac_1.hmac = hmac;
+
+ var ripemd160_1 = {}; // require("@noble/hashes/ripemd160");
+ ripemd160_1.ripemd160 = ripemd160;
+
+ hashmini.blake2b = blake2b;
+ hashmini.blake2s = blake2s;
+ hashmini.blake3 = blake3;
+ hashmini.cshake128 = cshake128;
+ hashmini.cshake256 = cshake256;
+ hashmini.eskdf = eskdf;
+ hashmini.hkdf = hkdf;
+ hashmini.hmac = hmac;
+ hashmini.k12 = k12;
+ hashmini.keccak_224 = keccak_224;
+ hashmini.keccak_256 = keccak_256;
+ hashmini.keccak_384 = keccak_384;
+ hashmini.keccak_512 = keccak_512;
+ hashmini.kmac128 = kmac128;
+ hashmini.kmac256 = kmac256;
+ hashmini.m14 = m14;
+ hashmini.pbkdf2 = pbkdf2$1;
+ hashmini.pbkdf2Async = pbkdf2Async;
+ hashmini.ripemd160 = ripemd160;
+ hashmini.scrypt = scrypt$1;
+ hashmini.scryptAsync = scryptAsync;
+ hashmini.sha256 = sha256;
+ hashmini.sha3_224 = sha3_224;
+ hashmini.sha3_256 = sha3_256;
+ hashmini.sha3_384 = sha3_384;
+ hashmini.sha3_512 = sha3_512;
+ hashmini.sha512 = sha512;
+ hashmini.utils = utils;
+
+
+ Object.defineProperty(hashmini, '__esModule', { value: true });
+
+
+
+
+ /******
+ *
+ START OF MICRO PACKED SECTION
+ *
+ *
+ ******/
+
+
+ var P = {};
+ /* //ROHIT THIS FUNCTION IS CREATING PROBLEMS
+ var __assign = (this && this.__assign) || function () {
+ __assign = Object.assign || function(t) {
+ for (var s, i = 1, n = arguments.length; i < n; i++) {
+ s = arguments[i];
+ for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+ t[p] = s[p];
+ }
+ return t;
+ };
+ return __assign.apply(this, arguments);
+ };*/
+
+ //Alternative implementation through ChatGPT
+ var __assign = (this && this.__assign) || function () {
+ return Object.assign.apply(Object, arguments);
+ };
+
+
+ Object.defineProperty(P, "__esModule", { value: true });
+ P.magicBytes = P.magic = P.optional = P.flagged = P.flag = P.bytesFormatted = P.lazy = P.validate = P.apply = P.hex = P.cstring = P.string = P.bytes = P.bool = P.I8 = P.U8 = P.I16BE = P.I16LE = P.U16BE = P.U16LE = P.I32BE = P.I32LE = P.U32BE = P.U32LE = P.int = P.I64BE = P.I64LE = P.U64BE = P.U64LE = P.I128BE = P.I128LE = P.U128BE = P.U128LE = P.I256BE = P.I256LE = P.U256BE = P.U256LE = P.bigint = P.bits = P.coders = P.isCoder = P.wrap = P.checkBounds = P.Writer = P.Reader = P.isBytes = P.concatBytes = P.equalBytes = P.NULL = P.EMPTY = void 0;
+ P.debug = P.nothing = P.base64armor = P.pointer = P.padRight = P.padLeft = P.ZeroPad = P.bitset = P.mappedTag = P.tag = P.map = P.array = P.prefix = P.tuple = P.struct = P.constant = void 0;
+ //NOT NEEDED AFTTER INTEGRATION var base = require("@scure/base");
+ /**
+ * TODO:
+ * - Holes, simplify pointers. Hole is some sized element which is skipped at encoding,
+ * but later other elements can write to it by path
+ * - Composite / tuple keys for dict
+ * - Web UI for easier debugging. We can wrap every coder to something that would write
+ * start & end positions to; and we can colorize specific bytes used by specific coder
+ */
+ // Useful default values
+ P.EMPTY = new Uint8Array(); // Empty bytes array
+ P.NULL = new Uint8Array([0]); // NULL
+ function equalBytes(a, b) {
+ if (a.length !== b.length)
+ return false;
+ for (var i = 0; i < a.length; i++)
+ if (a[i] !== b[i])
+ return false;
+ return true;
+ }
+ P.equalBytes = equalBytes;
+ function concatBytes() {
+ var arrays = [];
+ for (var _i = 0; _i < arguments.length; _i++) {
+ arrays[_i] = arguments[_i];
+ }
+ if (arrays.length === 1)
+ return arrays[0];
+ var length = arrays.reduce(function (a, arr) { return a + arr.length; }, 0);
+ var result = new Uint8Array(length);
+ for (var i = 0, pad = 0; i < arrays.length; i++) {
+ var arr = arrays[i];
+ result.set(arr, pad);
+ pad += arr.length;
+ }
+ return result;
+ }
+ P.concatBytes = concatBytes;
+ var isBytes = function (b) { return b instanceof Uint8Array; };
+ P.isBytes = isBytes;
+ // Utils
+ var Reader = /** @class */ (function () {
+ function Reader(data, path, fieldPath) {
+ if (path === void 0) { path = []; }
+ if (fieldPath === void 0) { fieldPath = []; }
+ this.data = data;
+ this.path = path;
+ this.fieldPath = fieldPath;
+ this.pos = 0;
+ this.hasPtr = false;
+ this.bitBuf = 0;
+ this.bitPos = 0;
+ }
+ Reader.prototype.err = function (msg) {
+ return new Error("Reader(".concat(this.fieldPath.join('/'), "): ").concat(msg));
+ };
+ // read bytes by absolute offset
+ Reader.prototype.absBytes = function (n) {
+ if (n > this.data.length)
+ throw new Error('absBytes: Unexpected end of buffer');
+ return this.data.subarray(n);
+ };
+ Reader.prototype.bytes = function (n, peek) {
+ if (peek === void 0) { peek = false; }
+ if (this.bitPos)
+ throw this.err('readBytes: bitPos not empty');
+ if (!Number.isFinite(n))
+ throw this.err("readBytes: wrong length=".concat(n));
+ if (this.pos + n > this.data.length)
+ throw this.err('readBytes: Unexpected end of buffer');
+ var slice = this.data.subarray(this.pos, this.pos + n);
+ if (!peek)
+ this.pos += n;
+ return slice;
+ };
+ Reader.prototype.byte = function (peek) {
+ if (peek === void 0) { peek = false; }
+ if (this.bitPos)
+ throw this.err('readByte: bitPos not empty');
+ return this.data[peek ? this.pos : this.pos++];
+ };
+ Object.defineProperty(Reader.prototype, "leftBytes", {
+ get: function () {
+ return this.data.length - this.pos;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Reader.prototype.isEnd = function () {
+ return this.pos >= this.data.length && !this.bitPos;
+ };
+ Reader.prototype.length = function (len) {
+ var byteLen;
+ if (isCoder(len))
+ byteLen = Number(len.decodeStream(this));
+ else if (typeof len === 'number')
+ byteLen = len;
+ else if (typeof len === 'string')
+ byteLen = getPath(this.path, len.split('/'));
+ if (typeof byteLen === 'bigint')
+ byteLen = Number(byteLen);
+ if (typeof byteLen !== 'number')
+ throw this.err("Wrong length: ".concat(byteLen));
+ return byteLen;
+ };
+ // Note: bits reads in BE (left to right) mode: (0b1000_0000).readBits(1) == 1
+ Reader.prototype.bits = function (bits) {
+ if (bits > 32)
+ throw this.err('BitReader: cannot read more than 32 bits in single call');
+ var out = 0;
+ while (bits) {
+ if (!this.bitPos) {
+ this.bitBuf = this.data[this.pos++];
+ this.bitPos = 8;
+ }
+ var take = Math.min(bits, this.bitPos);
+ this.bitPos -= take;
+ // out = (out << take) | ((this.bitBuf >> this.bitPos) & (Math.pow(2, take) - 1));
+ out = (out << take) | ((this.bitBuf >> this.bitPos) & (BigInt(2) ** BigInt(take) - 1));
+ // this.bitBuf &= Math.pow(2, this.bitPos) - 1;
+ this.bitBuf &= BigInt(2) ** BigInt(this.bitPos) - 1;
+ bits -= take;
+ }
+ // Fix signed integers
+ return out >>> 0;
+ };
+ Reader.prototype.find = function (needle, pos) {
+ if (pos === void 0) { pos = this.pos; }
+ if (!(0, P.isBytes)(needle))
+ throw this.err("find: needle is not bytes! ".concat(needle));
+ if (this.bitPos)
+ throw this.err('findByte: bitPos not empty');
+ if (!needle.length)
+ throw this.err("find: needle is empty");
+ // indexOf should be faster than full equalBytes check
+ for (var idx = pos; (idx = this.data.indexOf(needle[0], idx)) !== -1; idx++) {
+ if (idx === -1)
+ return;
+ var leftBytes = this.data.length - idx;
+ if (leftBytes < needle.length)
+ return;
+ if (equalBytes(needle, this.data.subarray(idx, idx + needle.length)))
+ return idx;
+ }
+ };
+ Reader.prototype.finish = function () {
+ if (this.isEnd() || this.hasPtr)
+ return;
+ throw this.err("".concat(this.leftBytes, " bytes ").concat(this.bitPos, " bits left after unpack: ").concat(base.hex.encode(this.data.slice(this.pos))));
+ };
+ Reader.prototype.fieldPathPush = function (s) {
+ this.fieldPath.push(s);
+ };
+ Reader.prototype.fieldPathPop = function () {
+ this.fieldPath.pop();
+ };
+ return Reader;
+ }());
+ P.Reader = Reader;
+ var Writer = /** @class */ (function () {
+ function Writer(path, fieldPath) {
+ if (path === void 0) { path = []; }
+ if (fieldPath === void 0) { fieldPath = []; }
+ this.path = path;
+ this.fieldPath = fieldPath;
+ this.buffers = [];
+ this.pos = 0;
+ this.ptrs = [];
+ this.bitBuf = 0;
+ this.bitPos = 0;
+ }
+ Writer.prototype.err = function (msg) {
+ return new Error("Writer(".concat(this.fieldPath.join('/'), "): ").concat(msg));
+ };
+ Writer.prototype.bytes = function (b) {
+ if (this.bitPos)
+ throw this.err('writeBytes: ends with non-empty bit buffer');
+ this.buffers.push(b);
+ this.pos += b.length;
+ };
+ Writer.prototype.byte = function (b) {
+ if (this.bitPos)
+ throw this.err('writeByte: ends with non-empty bit buffer');
+ this.buffers.push(new Uint8Array([b]));
+ this.pos++;
+ };
+ Object.defineProperty(Writer.prototype, "buffer", {
+ get: function () {
+ if (this.bitPos)
+ throw this.err('buffer: ends with non-empty bit buffer');
+ var buf = concatBytes.apply(void 0, this.buffers);
+ for (var _i = 0, _a = this.ptrs; _i < _a.length; _i++) {
+ var ptr = _a[_i];
+ var pos = buf.length;
+ buf = concatBytes(buf, ptr.buffer);
+ var val = ptr.ptr.encode(pos);
+ for (var i = 0; i < val.length; i++)
+ buf[ptr.pos + i] = val[i];
+ }
+ return buf;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Writer.prototype.length = function (len, value) {
+ if (len === null)
+ return;
+ if (isCoder(len))
+ return len.encodeStream(this, value);
+ var byteLen;
+ if (typeof len === 'number')
+ byteLen = len;
+ else if (typeof len === 'string')
+ byteLen = getPath(this.path, len.split('/'));
+ if (typeof byteLen === 'bigint')
+ byteLen = Number(byteLen);
+ if (byteLen === undefined || byteLen !== value)
+ throw this.err("Wrong length: ".concat(byteLen, " len=").concat(len, " exp=").concat(value));
+ };
+ Writer.prototype.bits = function (value, bits) {
+ if (bits > 32)
+ throw this.err('writeBits: cannot write more than 32 bits in single call');
+ // if (value >= Math.pow(2, bits))
+ if (value >= BigInt(2) ** BigInt(bits))
+ throw this.err("writeBits: value (".concat(value, ") >= 2**bits (").concat(bits, ")"));
+ while (bits) {
+ var take = Math.min(bits, 8 - this.bitPos);
+ this.bitBuf = (this.bitBuf << take) | (value >> (bits - take));
+ this.bitPos += take;
+ bits -= take;
+ // value &= Math.pow(2, bits) - 1;
+ value &= BigInt(2) ** BigInt(bits) - 1;
+ if (this.bitPos === 8) {
+ this.bitPos = 0;
+ this.buffers.push(new Uint8Array([this.bitBuf]));
+ this.pos++;
+ }
+ }
+ };
+ Writer.prototype.fieldPathPush = function (s) {
+ this.fieldPath.push(s);
+ };
+ Writer.prototype.fieldPathPop = function () {
+ this.fieldPath.pop();
+ };
+ return Writer;
+ }());
+ P.Writer = Writer;
+ // Immutable LE<->BE
+ var swap = function (b) { return Uint8Array.from(b).reverse(); };
+ function checkBounds(p, value, bits, signed) {
+ if (signed) {
+ // [-(2**(32-1)), 2**(32-1)-1]
+ // var signBit = Math.pow(2n, (bits - 1n));
+ var signBit = BigInt(2n) ** BigInt((bits - 1n));
+
+ if (value < -signBit || value >= signBit)
+ throw p.err('sInt: value out of bounds');
+ }
+ else {
+ // [0, 2**32-1]
+ // if (0n > value || value >= Math.pow(2n, bits))
+ if (0n > value || value >= BigInt(2n) ** BigInt(bits))//Math.pow(2n, bits))
+ throw p.err('uInt: value out of bounds');
+ }
+ }
+ P.checkBounds = checkBounds;
+ // Wrap stream encoder into generic encoder
+ function wrap(inner) {
+ return __assign(__assign({}, inner), {
+ encode: function (value) {
+ var w = new Writer();
+ inner.encodeStream(w, value);
+ return w.buffer;
+ }, decode: function (data) {
+ var r = new Reader(data);
+ var res = inner.decodeStream(r);
+ r.finish();
+ return res;
+ }
+ });
+ }
+ P.wrap = wrap;
+ function getPath(objPath, path) {
+ objPath = Array.from(objPath);
+ var i = 0;
+ for (; i < path.length; i++) {
+ if (path[i] === '..')
+ objPath.pop();
+ else
+ break;
+ }
+ var cur = objPath.pop();
+ for (; i < path.length; i++) {
+ if (!cur || cur[path[i]] === undefined)
+ return undefined;
+ cur = cur[path[i]];
+ }
+ return cur;
+ }
+ function isCoder(elm) {
+ return (typeof elm.encode === 'function' &&
+ typeof elm.encodeStream === 'function' &&
+ typeof elm.decode === 'function' &&
+ typeof elm.decodeStream === 'function');
+ }
+ P.isCoder = isCoder;
+ // Coders (like in @scure/base) for common operations
+ // TODO:
+ // - move to base? very generic converters, not releated to base and packed
+ // - encode/decode -> from/to? coder->convert?
+ function dict() {
+ return {
+ encode: function (from) {
+ var to = {};
+ for (var _i = 0, from_1 = from; _i < from_1.length; _i++) {
+ var _a = from_1[_i], name = _a[0], value = _a[1];
+ if (to[name] !== undefined)
+ throw new Error("coders.dict: same key(".concat(name, ") appears twice in struct"));
+ to[name] = value;
+ }
+ return to;
+ },
+ decode: function (to) { return Object.entries(to); },
+ };
+ }
+ // Safely converts bigint to number
+ // Sometimes pointers / tags use u64 or other big numbers which cannot be represented by number,
+ // but we still can use them since real value will be smaller than u32
+ var number = {
+ encode: function (from) {
+ if (from > BigInt(Number.MAX_SAFE_INTEGER))
+ throw new Error("coders.number: element bigger than MAX_SAFE_INTEGER=".concat(from));
+ return Number(from);
+ },
+ decode: function (to) { return BigInt(to); },
+ // decode: function (to) {if (!isNaN(to)) { return BigInt(to);} else { return to;} },
+ };
+ function tsEnum(e) {
+ return {
+ encode: function (from) { return e[from]; },
+ decode: function (to) { return e[to]; },
+ };
+ }
+ function decimal(precision) {
+ //var decimalMask = Math.pow(10n, BigInt(precision)); //CHECK THIS
+ var decimalMask = BitInt(10n) ** BigInt(precision);
+ return {
+ encode: function (from) {
+ var s = (from < 0n ? -from : from).toString(10);
+ var sep = s.length - precision;
+ if (sep < 0) {
+ s = s.padStart(s.length - sep, '0');
+ sep = 0;
+ }
+ var i = s.length - 1;
+ for (; i >= sep && s[i] === '0'; i--)
+ ;
+ var _a = [s.slice(0, sep), s.slice(sep, i + 1)], int = _a[0], frac = _a[1];
+ if (!int)
+ int = '0';
+ if (from < 0n)
+ int = '-' + int;
+ if (!frac)
+ return int;
+ return "".concat(int, ".").concat(frac);
+ },
+ decode: function (to) {
+ var neg = false;
+ if (to.startsWith('-')) {
+ neg = true;
+ to = to.slice(1);
+ }
+ var sep = to.indexOf('.');
+ sep = sep === -1 ? to.length : sep;
+ var _a = [to.slice(0, sep), to.slice(sep + 1)], intS = _a[0], fracS = _a[1];
+ var int = BigInt(intS) * decimalMask;
+ var fracLen = Math.min(fracS.length, precision);
+ // var frac = BigInt(fracS.slice(0, fracLen)) * Math.pow(10n, BigInt(precision - fracLen));
+ var frac = BigInt(fracS.slice(0, fracLen)) * (BigInt(10n) ** BigInt(precision - fracLen));
+ var value = int + frac;
+ return neg ? -value : value;
+ },
+ };
+ }
+
+ /**
+ * Allows to split big conditional coders into a small one; also sort of parser combinator:
+ *
+ * `encode = [Ae, Be]; decode = [Ad, Bd]`
+ * ->
+ * `match([{encode: Ae, decode: Ad}, {encode: Be; decode: Bd}])`
+ *
+ * 1. It is easier to reason: encode/decode of specific part are closer to each other
+ * 2. Allows composable coders and ability to add conditions on runtime
+ * @param lst
+ * @returns
+ */
+ function match(lst) {
+ return {
+ encode: function (from) {
+ for (var _i = 0, lst_1 = lst; _i < lst_1.length; _i++) {
+ var c = lst_1[_i];
+ var elm = c.encode(from);
+ if (elm !== undefined)
+ return elm;
+ }
+ throw new Error("match/encode: cannot find match in ".concat(from));
+ },
+ decode: function (to) {
+ for (var _i = 0, lst_2 = lst; _i < lst_2.length; _i++) {
+ var c = lst_2[_i];
+ var elm = c.decode(to);
+ if (elm !== undefined)
+ return elm;
+ }
+ throw new Error("match/decode: cannot find match in ".concat(to));
+ },
+ };
+ }
+ P.coders = { dict: dict, number: number, tsEnum: tsEnum, decimal: decimal, match: match };
+ // PackedCoders
+ var bits = function (len) {
+ return wrap({
+ encodeStream: function (w, value) { return w.bits(value, len); },
+ decodeStream: function (r) { return r.bits(len); },
+ });
+ };
+ P.bits = bits;
+ var bigint = function (size, le, signed) {
+ if (le === void 0) { le = false; }
+ if (signed === void 0) { signed = false; }
+ return wrap({
+ size: size,
+ encodeStream: function (w, value) {
+ if (typeof value !== 'number' && typeof value !== 'bigint')
+ throw w.err("bigint: invalid value: ".concat(value));
+ var _value = BigInt(value);
+ var bLen = BigInt(size);
+ checkBounds(w, _value, 8n * bLen, !!signed);
+ // var signBit = Math.pow(2n, (8n * bLen - 1n));
+ var signBit = BigInt(2n) ** BigInt(8n * bLen - 1n);
+
+ if (signed && _value < 0)
+ _value = _value | signBit;
+ var b = [];
+ for (var i = 0; i < size; i++) {
+ b.push(Number(_value & 255n));
+ _value >>= 8n;
+ }
+ var res = new Uint8Array(b).reverse();
+ w.bytes(le ? res.reverse() : res);
+ },
+ decodeStream: function (r) {
+ var bLen = BigInt(size);
+ var value = r.bytes(size);
+ if (le)
+ value = swap(value);
+ var b = swap(value);
+ //var signBit = Math.pow(2n, (8n * bLen - 1n));
+ var signBit = BigInt(2n) ** BigInt(8n * bLen - 1n);
+ var res = 0n;
+ for (var i = 0; i < b.length; i++)
+ res |= BigInt(b[i]) << (8n * BigInt(i));
+ if (signed && res & signBit)
+ res = (res ^ signBit) - signBit;
+ checkBounds(r, res, 8n * bLen, !!signed);
+ return res;
+ },
+ });
+ };
+ P.bigint = bigint;
+ P.U256LE = (0, P.bigint)(32, true);
+ P.U256BE = (0, P.bigint)(32, false);
+ P.I256LE = (0, P.bigint)(32, true, true);
+ P.I256BE = (0, P.bigint)(32, false, true);
+ P.U128LE = (0, P.bigint)(16, true);
+ P.U128BE = (0, P.bigint)(16, false);
+ P.I128LE = (0, P.bigint)(16, true, true);
+ P.I128BE = (0, P.bigint)(16, false, true);
+ P.U64LE = (0, P.bigint)(8, true);
+ P.U64BE = (0, P.bigint)(8, false);
+ P.I64LE = (0, P.bigint)(8, true, true);
+ P.I64BE = (0, P.bigint)(8, false, true);
+ var int = function (size, le, signed) {
+ if (le === void 0) { le = false; }
+ if (signed === void 0) { signed = false; }
+ if (size > 6)
+ throw new Error('int supports size up to 6 bytes (48 bits), for other use bigint');
+ return apply((0, P.bigint)(size, le, signed), P.coders.number);
+ };
+ P.int = int;
+ P.U32LE = (0, P.int)(4, true);
+ P.U32BE = (0, P.int)(4, false);
+ P.I32LE = (0, P.int)(4, true, true);
+ P.I32BE = (0, P.int)(4, false, true);
+ P.U16LE = (0, P.int)(2, true);
+ P.U16BE = (0, P.int)(2, false);
+ P.I16LE = (0, P.int)(2, true, true);
+ P.I16BE = (0, P.int)(2, false, true);
+ P.U8 = (0, P.int)(1, false);
+ P.I8 = (0, P.int)(1, false, true);
+ P.bool = wrap({
+ size: 1,
+ encodeStream: function (w, value) { return w.byte(value ? 1 : 0); },
+ decodeStream: function (r) {
+ var value = r.byte();
+ if (value !== 0 && value !== 1)
+ throw r.err("bool: invalid value ".concat(value));
+ return value === 1;
+ },
+ });
+ // Can be done w array, but specific implementation should be
+ // faster: no need to create js array of numbers.
+ var bytes = function (len, le) {
+ if (le === void 0) { le = false; }
+ return wrap({
+ size: typeof len === 'number' ? len : undefined,
+ encodeStream: function (w, value) {
+ if (!(0, P.isBytes)(value))
+ throw w.err("bytes: invalid value ".concat(value));
+ if (!(0, P.isBytes)(len))
+ w.length(len, value.length);
+ w.bytes(le ? swap(value) : value);
+ if ((0, P.isBytes)(len))
+ w.bytes(len);
+ },
+ decodeStream: function (r) {
+ var bytes;
+ if ((0, P.isBytes)(len)) {
+ var tPos = r.find(len);
+ if (!tPos)
+ throw r.err("bytes: cannot find terminator");
+ bytes = r.bytes(tPos - r.pos);
+ r.bytes(len.length);
+ }
+ else
+ bytes = r.bytes(len === null ? r.leftBytes : r.length(len));
+ return le ? swap(bytes) : bytes;
+ },
+ });
+ };
+ P.bytes = bytes;
+ var string = function (len, le) {
+ if (le === void 0) { le = false; }
+ var inner = (0, P.bytes)(len, le);
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) { return inner.encodeStream(w, base.utf8.decode(value)); },
+ decodeStream: function (r) { return base.utf8.encode(inner.decodeStream(r)); },
+ });
+ };
+ P.string = string;
+ P.cstring = (0, P.string)(P.NULL);
+ var hex = function (len, le, withZero) {
+ if (le === void 0) { le = false; }
+ if (withZero === void 0) { withZero = false; }
+ var inner = (0, P.bytes)(len, le);
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) {
+ if (withZero && !value.startsWith('0x'))
+ throw new Error('hex(withZero=true).encode input should start with 0x');
+ var bytes = base.hex.decode(withZero ? value.slice(2) : value);
+ return inner.encodeStream(w, bytes);
+ },
+ decodeStream: function (r) {
+ return (withZero ? '0x' : '') + base.hex.encode(inner.decodeStream(r));
+ },
+ });
+ };
+ P.hex = hex;
+ // Interoperability with base
+ function apply(inner, b) {
+ if (!isCoder(inner))
+ throw new Error("apply: invalid inner value ".concat(inner));
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) {
+ var innerValue;
+ try {
+ innerValue = b.decode(value);
+ }
+ catch (e) {
+ throw w.err('' + e);
+ }
+ return inner.encodeStream(w, innerValue);
+ },
+ decodeStream: function (r) {
+ var innerValue = inner.decodeStream(r);
+ try {
+ return b.encode(innerValue);
+ }
+ catch (e) {
+ throw r.err('' + e);
+ }
+ },
+ });
+ }
+ P.apply = apply;
+ // Additional check of values both on encode and decode steps.
+ // E.g. to force uint32 to be 1..10
+ function validate(inner, fn) {
+ if (!isCoder(inner))
+ throw new Error("validate: invalid inner value ".concat(inner));
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) { return inner.encodeStream(w, fn(value)); },
+ decodeStream: function (r) { return fn(inner.decodeStream(r)); },
+ });
+ }
+ P.validate = validate;
+ function lazy(fn) {
+ return wrap({
+ encodeStream: function (w, value) { return fn().encodeStream(w, value); },
+ decodeStream: function (r) { return fn().decodeStream(r); },
+ });
+ }
+ P.lazy = lazy;
+ var bytesFormatted = function (len, fmt, le) {
+ if (le === void 0) { le = false; }
+ var inner = (0, P.bytes)(len, le);
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) { return inner.encodeStream(w, base.bytes(fmt, value)); },
+ decodeStream: function (r) { return base.str(fmt, inner.decodeStream(r)); },
+ });
+ };
+ P.bytesFormatted = bytesFormatted;
+ // Returns true if some marker exists, otherwise false. Xor argument flips behaviour
+ var flag = function (flagValue, xor) {
+ if (xor === void 0) { xor = false; }
+ return wrap({
+ size: flagValue.length,
+ encodeStream: function (w, value) {
+ if (!!value !== xor)
+ w.bytes(flagValue);
+ },
+ decodeStream: function (r) {
+ var hasFlag = r.leftBytes >= flagValue.length;
+ if (hasFlag) {
+ hasFlag = equalBytes(r.bytes(flagValue.length, true), flagValue);
+ // Found flag, advance cursor position
+ if (hasFlag)
+ r.bytes(flagValue.length);
+ }
+ // hasFlag ^ xor
+ return hasFlag !== xor;
+ },
+ });
+ };
+ P.flag = flag;
+ // Decode/encode only if flag found
+ function flagged(path, inner, def) {
+ if (!isCoder(inner))
+ throw new Error("flagged: invalid inner value ".concat(inner));
+ return wrap({
+ encodeStream: function (w, value) {
+ if (typeof path === 'string') {
+ if (getPath(w.path, path.split('/')))
+ inner.encodeStream(w, value);
+ else if (def)
+ inner.encodeStream(w, def);
+ }
+ else {
+ path.encodeStream(w, !!value);
+ if (!!value)
+ inner.encodeStream(w, value);
+ else if (def)
+ inner.encodeStream(w, def);
+ }
+ },
+ decodeStream: function (r) {
+ var hasFlag = false;
+ if (typeof path === 'string')
+ hasFlag = getPath(r.path, path.split('/'));
+ else
+ hasFlag = path.decodeStream(r);
+ // If there is a flag -- decode and return value
+ if (hasFlag)
+ return inner.decodeStream(r);
+ else if (def)
+ inner.decodeStream(r);
+ },
+ });
+ }
+ P.flagged = flagged;
+ function optional(flag, inner, def) {
+ if (!isCoder(flag) || !isCoder(inner))
+ throw new Error("optional: invalid flag or inner value flag=".concat(flag, " inner=").concat(inner));
+ return wrap({
+ size: def !== undefined && flag.size && inner.size ? flag.size + inner.size : undefined,
+ encodeStream: function (w, value) {
+ flag.encodeStream(w, !!value);
+ if (value)
+ inner.encodeStream(w, value);
+ else if (def !== undefined)
+ inner.encodeStream(w, def);
+ },
+ decodeStream: function (r) {
+ if (flag.decodeStream(r))
+ return inner.decodeStream(r);
+ else if (def !== undefined)
+ inner.decodeStream(r);
+ },
+ });
+ }
+ P.optional = optional;
+ function magic(inner, constant, check) {
+ if (check === void 0) { check = true; }
+ if (!isCoder(inner))
+ throw new Error("flagged: invalid inner value ".concat(inner));
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) { return inner.encodeStream(w, constant); },
+ decodeStream: function (r) {
+ var value = inner.decodeStream(r);
+ if ((check && typeof value !== 'object' && value !== constant) ||
+ ((0, P.isBytes)(constant) && !equalBytes(constant, value))) {
+ throw r.err("magic: invalid value: ".concat(value, " !== ").concat(constant));
+ }
+ return;
+ },
+ });
+ }
+ P.magic = magic;
+ var magicBytes = function (constant) {
+ var c = typeof constant === 'string' ? base.utf8.decode(constant) : constant;
+ return magic((0, P.bytes)(c.length), c);
+ };
+ P.magicBytes = magicBytes;
+ function constant(c) {
+ return wrap({
+ encodeStream: function (w, value) {
+ if (value !== c)
+ throw new Error("constant: invalid value ".concat(value, " (exp: ").concat(c, ")"));
+ },
+ decodeStream: function (r) { return c; },
+ });
+ }
+ P.constant = constant;
+ function sizeof(fields) {
+ var size = 0;
+ for (var _i = 0, fields_1 = fields; _i < fields_1.length; _i++) {
+ var f = fields_1[_i];
+ if (!f.size)
+ return;
+ size += f.size;
+ }
+ return size;
+ }
+ function struct(fields) {
+ if (Array.isArray(fields))
+ throw new Error('Packed.Struct: got array instead of object');
+ return wrap({
+ size: sizeof(Object.values(fields)),
+ encodeStream: function (w, value) {
+ if (typeof value !== 'object' || value === null)
+ throw w.err("struct: invalid value ".concat(value));
+ w.path.push(value);
+ for (var name in fields) {
+ w.fieldPathPush(name);
+ var field = fields[name];
+ field.encodeStream(w, value[name]);
+ w.fieldPathPop();
+ }
+ w.path.pop();
+ },
+ decodeStream: function (r) {
+ var res = {};
+ r.path.push(res);
+ for (var name in fields) {
+ r.fieldPathPush(name);
+ res[name] = fields[name].decodeStream(r);
+ r.fieldPathPop();
+ }
+ r.path.pop();
+ return res;
+ },
+ });
+ }
+ P.struct = struct;
+ function tuple(fields) {
+ if (!Array.isArray(fields))
+ throw new Error("Packed.Tuple: got ".concat(typeof fields, " instead of array"));
+ return wrap({
+ size: sizeof(fields),
+ encodeStream: function (w, value) {
+ if (!Array.isArray(value))
+ throw w.err("tuple: invalid value ".concat(value));
+ w.path.push(value);
+ for (var i = 0; i < fields.length; i++) {
+ w.fieldPathPush('' + i);
+ fields[i].encodeStream(w, value[i]);
+ w.fieldPathPop();
+ }
+ w.path.pop();
+ },
+ decodeStream: function (r) {
+ var res = [];
+ r.path.push(res);
+ for (var i = 0; i < fields.length; i++) {
+ r.fieldPathPush('' + i);
+ res.push(fields[i].decodeStream(r));
+ r.fieldPathPop();
+ }
+ r.path.pop();
+ return res;
+ },
+ });
+ }
+ P.tuple = tuple;
+ function prefix(len, inner) {
+ if (!isCoder(inner))
+ throw new Error("prefix: invalid inner value ".concat(inner));
+ if ((0, P.isBytes)(len))
+ throw new Error("prefix: len cannot be Uint8Array");
+ var b = (0, P.bytes)(len);
+ return wrap({
+ size: typeof len === 'number' ? len : undefined,
+ encodeStream: function (w, value) {
+ var wChild = new Writer(w.path, w.fieldPath);
+ inner.encodeStream(wChild, value);
+ b.encodeStream(w, wChild.buffer);
+ },
+ decodeStream: function (r) {
+ var data = b.decodeStream(r);
+ return inner.decodeStream(new Reader(data, r.path, r.fieldPath));
+ },
+ });
+ }
+ P.prefix = prefix;
+ function array(len, inner) {
+ if (!isCoder(inner))
+ throw new Error("array: invalid inner value ".concat(inner));
+ return wrap({
+ size: typeof len === 'number' && inner.size ? len * inner.size : undefined,
+ encodeStream: function (w, value) {
+ if (!Array.isArray(value))
+ throw w.err("array: invalid value ".concat(value));
+ if (!(0, P.isBytes)(len))
+ w.length(len, value.length);
+ w.path.push(value);
+ for (var i = 0; i < value.length; i++) {
+ w.fieldPathPush('' + i);
+ var elm = value[i];
+ var startPos = w.pos;
+ inner.encodeStream(w, elm);
+ if ((0, P.isBytes)(len)) {
+ // Terminator is bigger than elm size, so skip
+ if (len.length > w.pos - startPos)
+ continue;
+ var data = w.buffer.subarray(startPos, w.pos);
+ // There is still possible case when multiple elements create terminator,
+ // but it is hard to catch here, will be very slow
+ if (equalBytes(data.subarray(0, len.length), len))
+ throw w.err("array: inner element encoding same as separator. elm=".concat(elm, " data=").concat(data));
+ }
+ w.fieldPathPop();
+ }
+ w.path.pop();
+ if ((0, P.isBytes)(len))
+ w.bytes(len);
+ },
+ decodeStream: function (r) {
+ var res = [];
+ if (len === null) {
+ var i = 0;
+ r.path.push(res);
+ while (!r.isEnd()) {
+ r.fieldPathPush('' + i++);
+ res.push(inner.decodeStream(r));
+ r.fieldPathPop();
+ if (inner.size && r.leftBytes < inner.size)
+ break;
+ }
+ r.path.pop();
+ }
+ else if ((0, P.isBytes)(len)) {
+ var i = 0;
+ r.path.push(res);
+ while (true) {
+ if (equalBytes(r.bytes(len.length, true), len)) {
+ // Advance cursor position if terminator found
+ r.bytes(len.length);
+ break;
+ }
+ r.fieldPathPush('' + i++);
+ res.push(inner.decodeStream(r));
+ r.fieldPathPop();
+ }
+ r.path.pop();
+ }
+ else {
+ r.fieldPathPush('arrayLen');
+ var length = r.length(len);
+ r.fieldPathPop();
+ r.path.push(res);
+ for (var i = 0; i < length; i++) {
+ r.fieldPathPush('' + i);
+ res.push(inner.decodeStream(r));
+ r.fieldPathPop();
+ }
+ r.path.pop();
+ }
+ return res;
+ },
+ });
+ }
+ P.array = array;
+ function map(inner, variants) {
+ if (!isCoder(inner))
+ throw new Error("map: invalid inner value ".concat(inner));
+ var variantNames = new Map();
+ for (var k in variants)
+ variantNames.set(variants[k], k);
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) {
+ if (typeof value !== 'string')
+ throw w.err("map: invalid value ".concat(value));
+ if (!(value in variants))
+ throw w.err("Map: unknown variant: ".concat(value));
+ inner.encodeStream(w, variants[value]);
+ },
+ decodeStream: function (r) {
+ var variant = inner.decodeStream(r);
+ var name = variantNames.get(variant);
+ if (name === undefined)
+ throw r.err("Enum: unknown value: ".concat(variant, " ").concat(Array.from(variantNames.keys())));
+ return name;
+ },
+ });
+ }
+ P.map = map;
+ function tag(tag, variants) {
+ if (!isCoder(tag))
+ throw new Error("tag: invalid tag value ".concat(tag));
+ return wrap({
+ size: tag.size,
+ encodeStream: function (w, value) {
+ var TAG = value.TAG, data = value.data;
+ var dataType = variants[TAG];
+ if (!dataType)
+ throw w.err("Tag: invalid tag ".concat(TAG.toString()));
+ tag.encodeStream(w, TAG);
+ dataType.encodeStream(w, data);
+ },
+ decodeStream: function (r) {
+ var TAG = tag.decodeStream(r);
+ var dataType = variants[TAG];
+ if (!dataType)
+ throw r.err("Tag: invalid tag ".concat(TAG));
+ return { TAG: TAG, data: dataType.decodeStream(r) };
+ },
+ });
+ }
+ P.tag = tag;
+ // Takes {name: [value, coder]}
+ function mappedTag(tagCoder, variants) {
+ if (!isCoder(tagCoder))
+ throw new Error("mappedTag: invalid tag value ".concat(tag));
+ var mapValue = {};
+ var tagValue = {};
+ for (var key in variants) {
+ mapValue[key] = variants[key][0];
+ tagValue[key] = variants[key][1];
+ }
+ return tag(map(tagCoder, mapValue), tagValue);
+ }
+ P.mappedTag = mappedTag;
+ function bitset(names, pad) {
+ if (pad === void 0) { pad = false; }
+ return wrap({
+ encodeStream: function (w, value) {
+ if (typeof value !== 'object' || value === null)
+ throw w.err("bitset: invalid value ".concat(value));
+ for (var i = 0; i < names.length; i++)
+ w.bits(+value[names[i]], 1);
+ if (pad && names.length % 8)
+ w.bits(0, 8 - (names.length % 8));
+ },
+ decodeStream: function (r) {
+ var out = {};
+ for (var i = 0; i < names.length; i++)
+ out[names[i]] = !!r.bits(1);
+ if (pad && names.length % 8)
+ r.bits(8 - (names.length % 8));
+ return out;
+ },
+ });
+ }
+ P.bitset = bitset;
+ var ZeroPad = function (_) { return 0; };
+ P.ZeroPad = ZeroPad;
+ function padLength(blockSize, len) {
+ if (len % blockSize === 0)
+ return 0;
+ return blockSize - (len % blockSize);
+ }
+ function padLeft(blockSize, inner, padFn) {
+ if (!isCoder(inner))
+ throw new Error("padLeft: invalid inner value ".concat(inner));
+ var _padFn = padFn || P.ZeroPad;
+ if (!inner.size)
+ throw new Error('padLeft with dynamic size argument is impossible');
+ return wrap({
+ size: inner.size + padLength(blockSize, inner.size),
+ encodeStream: function (w, value) {
+ var padBytes = padLength(blockSize, inner.size);
+ for (var i = 0; i < padBytes; i++)
+ w.byte(_padFn(i));
+ inner.encodeStream(w, value);
+ },
+ decodeStream: function (r) {
+ r.bytes(padLength(blockSize, inner.size));
+ return inner.decodeStream(r);
+ },
+ });
+ }
+ P.padLeft = padLeft;
+ function padRight(blockSize, inner, padFn) {
+ if (!isCoder(inner))
+ throw new Error("padRight: invalid inner value ".concat(inner));
+ var _padFn = padFn || P.ZeroPad;
+ return wrap({
+ size: inner.size ? inner.size + padLength(blockSize, inner.size) : undefined,
+ encodeStream: function (w, value) {
+ var pos = w.pos;
+ inner.encodeStream(w, value);
+ var padBytes = padLength(blockSize, w.pos - pos);
+ for (var i = 0; i < padBytes; i++)
+ w.byte(_padFn(i));
+ },
+ decodeStream: function (r) {
+ var start = r.pos;
+ var res = inner.decodeStream(r);
+ r.bytes(padLength(blockSize, r.pos - start));
+ return res;
+ },
+ });
+ }
+ P.padRight = padRight;
+ function pointer(ptr, inner, sized) {
+ if (sized === void 0) { sized = false; }
+ if (!isCoder(ptr))
+ throw new Error("pointer: invalid ptr value ".concat(ptr));
+ if (!isCoder(inner))
+ throw new Error("pointer: invalid inner value ".concat(inner));
+ if (!ptr.size)
+ throw new Error('Pointer: unsized ptr');
+ return wrap({
+ size: sized ? ptr.size : undefined,
+ encodeStream: function (w, value) {
+ var start = w.pos;
+ ptr.encodeStream(w, 0);
+ w.ptrs.push({ pos: start, ptr: ptr, buffer: inner.encode(value) });
+ },
+ decodeStream: function (r) {
+ var ptrVal = ptr.decodeStream(r);
+ // This check enforces termination of parser, if there is backwards pointers,
+ // then it is possible to create loop and cause DoS.
+ if (ptrVal < r.pos)
+ throw new Error('pointer.decodeStream pointer less than position');
+ r.hasPtr = true;
+ var rChild = new Reader(r.absBytes(ptrVal), r.path, r.fieldPath);
+ return inner.decodeStream(rChild);
+ },
+ });
+ }
+ P.pointer = pointer;
+ // lineLen: gpg=64, ssh=70
+ function base64armor(name, lineLen, inner, checksum) {
+ var markBegin = "-----BEGIN ".concat(name.toUpperCase(), "-----");
+ var markEnd = "-----END ".concat(name.toUpperCase(), "-----");
+ return {
+ encode: function (value) {
+ var data = inner.encode(value);
+ var encoded = base.base64.encode(data);
+ var lines = [];
+ for (var i = 0; i < encoded.length; i += lineLen) {
+ var s = encoded.slice(i, i + lineLen);
+ if (s.length)
+ lines.push("".concat(encoded.slice(i, i + lineLen), "\n"));
+ }
+ var body = lines.join('');
+ if (checksum)
+ body += "=".concat(base.base64.encode(checksum(data)), "\n");
+ return "".concat(markBegin, "\n\n").concat(body).concat(markEnd, "\n");
+ },
+ decode: function (s) {
+ var lines = s.replace(markBegin, '').replace(markEnd, '').trim().split('\n');
+ lines = lines.map(function (l) { return l.replace('\r', '').trim(); });
+ if (checksum && lines[lines.length - 1].startsWith('=')) {
+ var body = base.base64.decode(lines.slice(0, -1).join(''));
+ var cs = lines[lines.length - 1].slice(1);
+ var realCS = base.base64.encode(checksum(body));
+ if (realCS !== cs)
+ throw new Error("Base64Armor: invalid checksum ".concat(cs, " instead of ").concat(realCS));
+ return inner.decode(body);
+ }
+ return inner.decode(base.base64.decode(lines.join('')));
+ },
+ };
+ }
+ P.base64armor = base64armor;
+ // Does nothing at all
+ P.nothing = magic((0, P.bytes)(0), P.EMPTY);
+ function debug(inner) {
+ if (!isCoder(inner))
+ throw new Error("debug: invalid inner value ".concat(inner));
+ var log = function (name, rw, value) {
+ console.log("DEBUG/".concat(name, "(").concat(rw.fieldPath.join('/'), "):"), { type: typeof value, value: value });
+ return value;
+ };
+ return wrap({
+ size: inner.size,
+ encodeStream: function (w, value) { return inner.encodeStream(w, log('encode', w, value)); },
+ decodeStream: function (r) { return log('decode', r, inner.decodeStream(r)); },
+ });
+ }
+ P.debug = debug;
+
+
+ /******
+ *
+ START OF TAPROOT SECTION
+ *
+ *
+ ******/
+
+ var __assign = (this && this.__assign) || function () {
+ __assign = Object.assign || function (t) {
+ for (var s, i = 1, n = arguments.length; i < n; i++) {
+ s = arguments[i];
+ for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+ t[p] = s[p];
+ }
+ return t;
+ };
+ return __assign.apply(this, arguments);
+ };
+ var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+ if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+ if (ar || !(i in from)) {
+ if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+ ar[i] = from[i];
+ }
+ }
+ return to.concat(ar || Array.prototype.slice.call(from));
+ };
+ //var taproot = {};
+ Object.defineProperty(taproot, "__esModule", { value: true });
+ taproot.Transaction = taproot.tapLeafHash = taproot.TAP_LEAF_VERSION = taproot._sortPubkeys = taproot.SigHashCoder = taproot.SignatureHash = taproot.Address = taproot.WIF = taproot.parseWitnessProgram = taproot.programToWitness = taproot.OutScript = taproot.p2tr_ms = taproot.p2tr_pk = taproot.p2tr_ns = taproot.combinations = taproot.p2tr = taproot.TAPROOT_UNSPENDABLE_KEY = taproot.taprootListToTree = taproot.p2ms = taproot.p2wpkh = taproot.p2wsh = taproot.p2sh = taproot.p2pkh = taproot.p2pk = taproot.RawPSBTV2 = taproot.RawPSBTV0 = taproot._DebugPSBT = taproot._RawPSBTV2 = taproot._RawPSBTV0 = taproot.TaprootControlBlock = taproot.RawTx = taproot.RawWitness = taproot.RawOutput = taproot.RawInput = taproot.VarBytes = taproot.BTCArray = taproot.CompactSize = taproot.Script = taproot.OPNum = taproot.OP = taproot.cmp = taproot.decimal = taproot.DEFAULT_SEQUENCE = taproot.DEFAULT_LOCKTIME = taproot.DEFAULT_VERSION = taproot.PRECISION = taproot.NETWORK = taproot.taprootTweakPubkey = taproot.taprootTweakPrivKey = taproot.base58check = void 0;
+ taproot.PSBTCombine = taproot.bip32Path = taproot.sortedMultisig = taproot.multisig = taproot.getAddress = void 0;
+ /*! micro-btc-signer - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+
+ /*****
+ // ALL OF THESE ARE INTEGRATED ABOVE
+
+ var secp = require("@noble/secp256k1");
+ var base = require("@scure/base");
+ var sha256_1 = require("@noble/hashes/sha256");
+ var hmac_1 = require("@noble/hashes/hmac");
+ var ripemd160_1 = require("@noble/hashes/ripemd160");
+ var P = require("micro-packed");
+ *****/
+
+ var hash160 = function (msg) { return (0, ripemd160_1.ripemd160)((0, sha256_1.sha256)(msg)); };
+ var sha256x2 = function () {
+ var msgs = [];
+ for (var _i = 0; _i < arguments.length; _i++) {
+ msgs[_i] = arguments[_i];
+ }
+ return (0, sha256_1.sha256)((0, sha256_1.sha256)(concat.apply(void 0, msgs)));
+ };
+ var concat = P.concatBytes;
+ // Make base58check work
+ taproot.base58check = base.base58check(sha256_1.sha256);
+ // Enable sync API for noble-secp256k1
+ secp.utils.hmacSha256Sync = function (key) {
+ var msgs = [];
+ for (var _i = 1; _i < arguments.length; _i++) {
+ msgs[_i - 1] = arguments[_i];
+ }
+ return (0, hmac_1.hmac)(sha256_1.sha256, key, concat.apply(void 0, msgs));
+ };
+ secp.utils.sha256Sync = function () {
+ var msgs = [];
+ for (var _i = 0; _i < arguments.length; _i++) {
+ msgs[_i] = arguments[_i];
+ }
+ return (0, sha256_1.sha256)(concat.apply(void 0, msgs));
+ };
+ var taggedHash = secp.utils.taggedHashSync;
+ var PubT;
+ (function (PubT) {
+ PubT[PubT["ecdsa"] = 0] = "ecdsa";
+ PubT[PubT["schnorr"] = 1] = "schnorr";
+ })(PubT || (PubT = {}));
+ var validatePubkey = function (pub, type) {
+ var len = pub.length;
+ if (type === PubT.ecdsa) {
+ if (len === 32)
+ throw new Error('Expected non-Schnorr key');
+ }
+ else if (type === PubT.schnorr) {
+ if (len !== 32)
+ throw new Error('Expected 32-byte Schnorr key');
+ }
+ else {
+ throw new Error('Unknown key type');
+ }
+ secp.Point.fromHex(pub); // does assertValidity
+ return pub;
+ };
+ function isValidPubkey(pub, type) {
+ try {
+ return !!validatePubkey(pub, type);
+ }
+ catch (e) {
+ return false;
+ }
+ }
+ // Not best way, but closest to bitcoin implementation (easier to check)
+ var hasLowR = function (sig) { return secp.Signature.fromHex(sig).toCompactRawBytes()[0] < 0x80; };
+ // TODO: move to @noble/secp256k1?
+ function signECDSA(hash, privateKey, lowR) {
+ if (lowR === void 0) { lowR = false; }
+ var sig = secp.signSync(hash, privateKey, { canonical: true });
+ if (lowR && !hasLowR(sig)) {
+ var extraEntropy = new Uint8Array(32);
+ for (var cnt = 0; cnt < Number.MAX_SAFE_INTEGER; cnt++) {
+ extraEntropy.set(P.U32LE.encode(cnt));
+ sig = secp.signSync(hash, privateKey, { canonical: true, extraEntropy: extraEntropy });
+ if (hasLowR(sig))
+ break;
+ }
+ }
+ return sig;
+ }
+ function taprootTweakPrivKey(privKey, merkleRoot) {
+ if (merkleRoot === void 0) { merkleRoot = new Uint8Array(); }
+ var n = secp.CURVE.n;
+ var priv = secp.utils._normalizePrivateKey(privKey);
+ var point = secp.Point.fromPrivateKey(priv);
+ var tweak = taggedHash('TapTweak', point.toRawX(), merkleRoot);
+ var privWithProperY = point.hasEvenY() ? priv : n - priv;
+ var tweaked = secp.utils.mod(privWithProperY + secp.utils._normalizePrivateKey(tweak), n);
+ return secp.utils._bigintTo32Bytes(tweaked);
+ }
+ taproot.taprootTweakPrivKey = taprootTweakPrivKey;
+ function taprootTweakPubkey(pubKey, h) {
+ var tweak = taggedHash('TapTweak', pubKey, h);
+ var tweaked = secp.Point.fromHex(pubKey).add(secp.Point.fromPrivateKey(tweak));
+ return [tweaked.toRawX(), !tweaked.hasEvenY()];
+ }
+ taproot.taprootTweakPubkey = taprootTweakPubkey;
+ // Can be 33 or 64 bytes
+ var PubKeyECDSA = P.validate(P.bytes(null), function (pub) { return validatePubkey(pub, PubT.ecdsa); });
+ var PubKeySchnorr = P.validate(P.bytes(32), function (pub) { return validatePubkey(pub, PubT.schnorr); });
+ var SignatureSchnorr = P.validate(P.bytes(null), function (sig) {
+ if (sig.length !== 64 && sig.length !== 65)
+ throw new Error('Schnorr signature should be 64 or 65 bytes long');
+ return sig;
+ });
+ function uniqPubkey(pubkeys) {
+ var map = {};
+ for (var _i = 0, pubkeys_1 = pubkeys; _i < pubkeys_1.length; _i++) {
+ var pub = pubkeys_1[_i];
+ var key = base.hex.encode(pub);
+ if (map[key])
+ throw new Error("Multisig: non-uniq pubkey: ".concat(pubkeys.map(base.hex.encode)));
+ map[key] = true;
+ }
+ }
+ taproot.NETWORK = {
+ bech32: 'bc',
+ pubKeyHash: 0x00,
+ scriptHash: 0x05,
+ wif: 0x80,
+ };
+ taproot.PRECISION = 8;
+ taproot.DEFAULT_VERSION = 2;
+ taproot.DEFAULT_LOCKTIME = 0;
+ taproot.DEFAULT_SEQUENCE = 4294967293;
+ var EMPTY32 = new Uint8Array(32);
+ // Utils
+ //ROHIT taproot.Decimal = 8;
+ //taproot.Decimal = P.coders.decimal(taproot.PRECISION);//CHECK THIS
+
+
+ var decimal = {};
+ decimal.decode = function (numberAsString) { return parseInt(numberAsString * 100000000) };
+ taproot.decimal = decimal;
+
+
+ class Decimal {
+ static decode(bitcoinAmount) {
+ const bitcoinInSatoshis = BigInt(Math.floor(parseFloat(bitcoinAmount) * 100000000));
+ return bitcoinInSatoshis;
+ }
+
+ static encode(satoshis) {
+ const bitcoinAmount = (Number(satoshis) / 100000000).toFixed(8);
+ return bitcoinAmount;
+ }
+ }
+
+ taproot.Decimal = Decimal;
+
+
+ function cmp(a, b) {
+ if (a instanceof Uint8Array && b instanceof Uint8Array) {
+ // -1 -> a a==b, 1 -> a>b
+ var len = Math.min(a.length, b.length);
+ for (var i = 0; i < len; i++)
+ if (a[i] != b[i])
+ return Math.sign(a[i] - b[i]);
+ return Math.sign(a.length - b.length);
+ }
+ else if (a instanceof Uint8Array || b instanceof Uint8Array)
+ throw new Error("cmp: wrong values a=".concat(a, " b=").concat(b));
+ if ((typeof a === 'bigint' && typeof b === 'number') ||
+ (typeof a === 'number' && typeof b === 'bigint')) {
+ a = BigInt(a);
+ b = BigInt(b);
+ }
+ if (a === undefined || b === undefined)
+ throw new Error("cmp: wrong values a=".concat(a, " b=").concat(b));
+ // Default js comparasion
+ return Number(a > b) - Number(a < b);
+ }
+ taproot.cmp = cmp;
+ // Coders
+ // prettier-ignore
+ var OP;
+ (function (OP) {
+ OP[OP["OP_0"] = 0] = "OP_0";
+ OP[OP["PUSHDATA1"] = 76] = "PUSHDATA1";
+ OP[OP["PUSHDATA2"] = 77] = "PUSHDATA2";
+ OP[OP["PUSHDATA4"] = 78] = "PUSHDATA4";
+ OP[OP["1NEGATE"] = 79] = "1NEGATE";
+ OP[OP["RESERVED"] = 80] = "RESERVED";
+ OP[OP["OP_1"] = 81] = "OP_1";
+ OP[OP["OP_2"] = 82] = "OP_2";
+ OP[OP["OP_3"] = 83] = "OP_3";
+ OP[OP["OP_4"] = 84] = "OP_4";
+ OP[OP["OP_5"] = 85] = "OP_5";
+ OP[OP["OP_6"] = 86] = "OP_6";
+ OP[OP["OP_7"] = 87] = "OP_7";
+ OP[OP["OP_8"] = 88] = "OP_8";
+ OP[OP["OP_9"] = 89] = "OP_9";
+ OP[OP["OP_10"] = 90] = "OP_10";
+ OP[OP["OP_11"] = 91] = "OP_11";
+ OP[OP["OP_12"] = 92] = "OP_12";
+ OP[OP["OP_13"] = 93] = "OP_13";
+ OP[OP["OP_14"] = 94] = "OP_14";
+ OP[OP["OP_15"] = 95] = "OP_15";
+ OP[OP["OP_16"] = 96] = "OP_16";
+ // Control
+ OP[OP["NOP"] = 97] = "NOP";
+ OP[OP["VER"] = 98] = "VER";
+ OP[OP["IF"] = 99] = "IF";
+ OP[OP["NOTIF"] = 100] = "NOTIF";
+ OP[OP["VERIF"] = 101] = "VERIF";
+ OP[OP["VERNOTIF"] = 102] = "VERNOTIF";
+ OP[OP["ELSE"] = 103] = "ELSE";
+ OP[OP["ENDIF"] = 104] = "ENDIF";
+ OP[OP["VERIFY"] = 105] = "VERIFY";
+ OP[OP["RETURN"] = 106] = "RETURN";
+ // Stack
+ OP[OP["TOALTSTACK"] = 107] = "TOALTSTACK";
+ OP[OP["FROMALTSTACK"] = 108] = "FROMALTSTACK";
+ OP[OP["2DROP"] = 109] = "2DROP";
+ OP[OP["2DUP"] = 110] = "2DUP";
+ OP[OP["3DUP"] = 111] = "3DUP";
+ OP[OP["2OVER"] = 112] = "2OVER";
+ OP[OP["2ROT"] = 113] = "2ROT";
+ OP[OP["2SWAP"] = 114] = "2SWAP";
+ OP[OP["IFDUP"] = 115] = "IFDUP";
+ OP[OP["DEPTH"] = 116] = "DEPTH";
+ OP[OP["DROP"] = 117] = "DROP";
+ OP[OP["DUP"] = 118] = "DUP";
+ OP[OP["NIP"] = 119] = "NIP";
+ OP[OP["OVER"] = 120] = "OVER";
+ OP[OP["PICK"] = 121] = "PICK";
+ OP[OP["ROLL"] = 122] = "ROLL";
+ OP[OP["ROT"] = 123] = "ROT";
+ OP[OP["SWAP"] = 124] = "SWAP";
+ OP[OP["TUCK"] = 125] = "TUCK";
+ // Splice
+ OP[OP["CAT"] = 126] = "CAT";
+ OP[OP["SUBSTR"] = 127] = "SUBSTR";
+ OP[OP["LEFT"] = 128] = "LEFT";
+ OP[OP["RIGHT"] = 129] = "RIGHT";
+ OP[OP["SIZE"] = 130] = "SIZE";
+ // Boolean logic
+ OP[OP["INVERT"] = 131] = "INVERT";
+ OP[OP["AND"] = 132] = "AND";
+ OP[OP["OR"] = 133] = "OR";
+ OP[OP["XOR"] = 134] = "XOR";
+ OP[OP["EQUAL"] = 135] = "EQUAL";
+ OP[OP["EQUALVERIFY"] = 136] = "EQUALVERIFY";
+ OP[OP["RESERVED1"] = 137] = "RESERVED1";
+ OP[OP["RESERVED2"] = 138] = "RESERVED2";
+ // Numbers
+ OP[OP["1ADD"] = 139] = "1ADD";
+ OP[OP["1SUB"] = 140] = "1SUB";
+ OP[OP["2MUL"] = 141] = "2MUL";
+ OP[OP["2DIV"] = 142] = "2DIV";
+ OP[OP["NEGATE"] = 143] = "NEGATE";
+ OP[OP["ABS"] = 144] = "ABS";
+ OP[OP["NOT"] = 145] = "NOT";
+ OP[OP["0NOTEQUAL"] = 146] = "0NOTEQUAL";
+ OP[OP["ADD"] = 147] = "ADD";
+ OP[OP["SUB"] = 148] = "SUB";
+ OP[OP["MUL"] = 149] = "MUL";
+ OP[OP["DIV"] = 150] = "DIV";
+ OP[OP["MOD"] = 151] = "MOD";
+ OP[OP["LSHIFT"] = 152] = "LSHIFT";
+ OP[OP["RSHIFT"] = 153] = "RSHIFT";
+ OP[OP["BOOLAND"] = 154] = "BOOLAND";
+ OP[OP["BOOLOR"] = 155] = "BOOLOR";
+ OP[OP["NUMEQUAL"] = 156] = "NUMEQUAL";
+ OP[OP["NUMEQUALVERIFY"] = 157] = "NUMEQUALVERIFY";
+ OP[OP["NUMNOTEQUAL"] = 158] = "NUMNOTEQUAL";
+ OP[OP["LESSTHAN"] = 159] = "LESSTHAN";
+ OP[OP["GREATERTHAN"] = 160] = "GREATERTHAN";
+ OP[OP["LESSTHANOREQUAL"] = 161] = "LESSTHANOREQUAL";
+ OP[OP["GREATERTHANOREQUAL"] = 162] = "GREATERTHANOREQUAL";
+ OP[OP["MIN"] = 163] = "MIN";
+ OP[OP["MAX"] = 164] = "MAX";
+ OP[OP["WITHIN"] = 165] = "WITHIN";
+ // Crypto
+ OP[OP["RIPEMD160"] = 166] = "RIPEMD160";
+ OP[OP["SHA1"] = 167] = "SHA1";
+ OP[OP["SHA256"] = 168] = "SHA256";
+ OP[OP["HASH160"] = 169] = "HASH160";
+ OP[OP["HASH256"] = 170] = "HASH256";
+ OP[OP["CODESEPARATOR"] = 171] = "CODESEPARATOR";
+ OP[OP["CHECKSIG"] = 172] = "CHECKSIG";
+ OP[OP["CHECKSIGVERIFY"] = 173] = "CHECKSIGVERIFY";
+ OP[OP["CHECKMULTISIG"] = 174] = "CHECKMULTISIG";
+ OP[OP["CHECKMULTISIGVERIFY"] = 175] = "CHECKMULTISIGVERIFY";
+ // Expansion
+ OP[OP["NOP1"] = 176] = "NOP1";
+ OP[OP["CHECKLOCKTIMEVERIFY"] = 177] = "CHECKLOCKTIMEVERIFY";
+ OP[OP["CHECKSEQUENCEVERIFY"] = 178] = "CHECKSEQUENCEVERIFY";
+ OP[OP["NOP4"] = 179] = "NOP4";
+ OP[OP["NOP5"] = 180] = "NOP5";
+ OP[OP["NOP6"] = 181] = "NOP6";
+ OP[OP["NOP7"] = 182] = "NOP7";
+ OP[OP["NOP8"] = 183] = "NOP8";
+ OP[OP["NOP9"] = 184] = "NOP9";
+ OP[OP["NOP10"] = 185] = "NOP10";
+ // BIP 342
+ OP[OP["CHECKSIGADD"] = 186] = "CHECKSIGADD";
+ // Invalid
+ OP[OP["INVALID"] = 255] = "INVALID";
+ })(OP = taproot.OP || (taproot.OP = {}));
+ // OP_\n to numeric value
+ // TODO: maybe add numbers to script parser for this case?
+ // prettier-ignore
+ var OPNum;
+ (function (OPNum) {
+ OPNum[OPNum["OP_0"] = 0] = "OP_0";
+ OPNum[OPNum["OP_1"] = 1] = "OP_1";
+ OPNum[OPNum["OP_2"] = 2] = "OP_2";
+ OPNum[OPNum["OP_3"] = 3] = "OP_3";
+ OPNum[OPNum["OP_4"] = 4] = "OP_4";
+ OPNum[OPNum["OP_5"] = 5] = "OP_5";
+ OPNum[OPNum["OP_6"] = 6] = "OP_6";
+ OPNum[OPNum["OP_7"] = 7] = "OP_7";
+ OPNum[OPNum["OP_8"] = 8] = "OP_8";
+ OPNum[OPNum["OP_9"] = 9] = "OP_9";
+ OPNum[OPNum["OP_10"] = 10] = "OP_10";
+ OPNum[OPNum["OP_11"] = 11] = "OP_11";
+ OPNum[OPNum["OP_12"] = 12] = "OP_12";
+ OPNum[OPNum["OP_13"] = 13] = "OP_13";
+ OPNum[OPNum["OP_14"] = 14] = "OP_14";
+ OPNum[OPNum["OP_15"] = 15] = "OP_15";
+ OPNum[OPNum["OP_16"] = 16] = "OP_16";
+ })(OPNum = taproot.OPNum || (taproot.OPNum = {}));
+ function OPtoNumber(op) {
+ if (typeof op === 'string' && OP[op] !== undefined && OPNum[op] !== undefined)
+ return OPNum[op];
+ }
+ // Converts script bytes to parsed script
+ // 5221030000000000000000000000000000000000000000000000000000000000000001210300000000000000000000000000000000000000000000000000000000000000022103000000000000000000000000000000000000000000000000000000000000000353ae
+ // =>
+ // OP_2
+ // 030000000000000000000000000000000000000000000000000000000000000001
+ // 030000000000000000000000000000000000000000000000000000000000000002
+ // 030000000000000000000000000000000000000000000000000000000000000003
+ // OP_3
+ // CHECKMULTISIG
+ // TODO: simplify like CompactSize?
+ taproot.Script = P.wrap({
+ encodeStream: function (w, value) {
+ for (var _i = 0, value_1 = value; _i < value_1.length; _i++) {
+ var o = value_1[_i];
+ if (typeof o === 'string') {
+ if (OP[o] === undefined)
+ throw new Error("Unknown opcode=".concat(o));
+ w.byte(OP[o]);
+ continue;
+ }
+ var len = o.length;
+ if (len < OP.PUSHDATA1)
+ w.byte(len);
+ else if (len <= 0xff) {
+ w.byte(OP.PUSHDATA1);
+ w.byte(len);
+ }
+ else if (len <= 0xffff) {
+ w.byte(OP.PUSHDATA2);
+ w.bytes(P.U16LE.encode(len));
+ }
+ else {
+ w.byte(OP.PUSHDATA4);
+ w.bytes(P.U32LE.encode(len));
+ }
+ w.bytes(o);
+ }
+ },
+ decodeStream: function (r) {
+ var out = [];
+ while (!r.isEnd()) {
+ var cur = r.byte();
+ // if 0 < cur < 78
+ if (OP.OP_0 < cur && cur <= OP.PUSHDATA4) {
+ var len = void 0;
+ if (cur < OP.PUSHDATA1)
+ len = cur;
+ else if (cur === OP.PUSHDATA1)
+ len = P.U8.decodeStream(r);
+ else if (cur === OP.PUSHDATA2)
+ len = P.U16LE.decodeStream(r);
+ else if (cur === OP.PUSHDATA4)
+ len = P.U32LE.decodeStream(r);
+ else
+ throw new Error('Should be not possible');
+ out.push(r.bytes(len));
+ }
+ else {
+ var op = OP[cur];
+ if (op === undefined)
+ throw new Error("Unknown opcode=".concat(cur.toString(16)));
+ out.push(op);
+ }
+ }
+ return out;
+ },
+ });
+ // BTC specific variable length integer encoding
+ // https://en.bitcoin.it/wiki/Protocol_documentation#Variable_length_integer
+ var CSLimits = {
+ 0xfd: [0xfd, 2, 253n, 65535n],
+ 0xfe: [0xfe, 4, 65536n, 4294967295n],
+ 0xff: [0xff, 8, 4294967296n, 18446744073709551615n],
+ };
+ taproot.CompactSize = P.wrap({
+ encodeStream: function (w, value) {
+ if (typeof value === 'number')
+ value = BigInt(value);
+ if (0n <= value && value <= 252n)
+ return w.byte(Number(value));
+ for (var _i = 0, _a = Object.values(CSLimits); _i < _a.length; _i++) {
+ var _b = _a[_i], flag = _b[0], bytes = _b[1], start = _b[2], stop = _b[3];
+ if (start > value || value > stop)
+ continue;
+ w.byte(flag);
+ for (var i = 0; i < bytes; i++)
+ w.byte(Number((value >> (8n * BigInt(i))) & 0xffn));
+ return;
+ }
+ throw w.err("VarInt too big: ".concat(value));
+ },
+ decodeStream: function (r) {
+ var b0 = r.byte();
+ if (b0 <= 0xfc)
+ return BigInt(b0);
+ var _a = CSLimits[b0], _ = _a[0], bytes = _a[1], start = _a[2];
+ var num = 0n;
+ for (var i = 0; i < bytes; i++)
+ num |= BigInt(r.byte()) << (8n * BigInt(i));
+ if (num < start)
+ throw r.err("Wrong CompactSize(".concat(8 * bytes, ")"));
+ return num;
+ },
+ });
+ // Same thing, but in number instead of bigint. Checks for safe integer inside
+ var CompactSizeLen = P.apply(taproot.CompactSize, P.coders.number);
+ // Array of size
+ var BTCArray = function (t) { return P.array(taproot.CompactSize, t); };
+ taproot.BTCArray = BTCArray;
+ // ui8a of size
+ taproot.VarBytes = P.bytes(taproot.CompactSize);
+ taproot.RawInput = P.struct({
+ hash: P.bytes(32, true),
+ index: P.U32LE,
+ finalScriptSig: taproot.VarBytes,
+ sequence: P.U32LE, // ?
+ });
+ taproot.RawOutput = P.struct({ amount: P.U64LE, script: taproot.VarBytes });
+ var EMPTY_OUTPUT = {
+ amount: 0xffffffffffffffffn,
+ script: P.EMPTY,
+ };
+ // SegWit v0 stack of witness buffers
+ taproot.RawWitness = P.array(CompactSizeLen, taproot.VarBytes);
+ // https://en.bitcoin.it/wiki/Protocol_documentation#tx
+ // TODO: more tests. Unsigned tx has version=2 for some reason,
+ // probably we're exporting broken unsigned tx
+ // Related: https://github.com/bitcoin/bips/blob/master/bip-0068.mediawiki
+ var _RawTx = P.struct({
+ version: P.I32LE,
+ segwitFlag: P.flag(new Uint8Array([0x00, 0x01])),
+ inputs: (0, taproot.BTCArray)(taproot.RawInput),
+ outputs: (0, taproot.BTCArray)(taproot.RawOutput),
+ witnesses: P.flagged('segwitFlag', P.array('inputs/length', taproot.RawWitness)),
+ // Need to handle that?
+ // < 500000000 Block number at which this transaction is unlocked
+ // >= 500000000 UNIX timestamp at which this transaction is unlocked
+ lockTime: P.U32LE,
+ });
+ function validateRawTx(tx) {
+ if (tx.segwitFlag && tx.witnesses && !tx.witnesses.length)
+ throw new Error('Segwit flag with empty witnesses array');
+ return tx;
+ }
+ taproot.RawTx = P.validate(_RawTx, validateRawTx);
+ var BIP32Der = P.struct({
+ fingerprint: P.U32BE,
+ path: P.array(null, P.U32LE),
+ });
+ //
+ var _TaprootControlBlock = P.struct({
+ version: P.U8,
+ internalKey: P.bytes(32),
+ merklePath: P.array(null, P.bytes(32)),
+ });
+ taproot.TaprootControlBlock = P.validate(_TaprootControlBlock, function (cb) {
+ if (cb.merklePath.length > 128)
+ throw new Error('TaprootControlBlock: merklePath should be of length 0..128 (inclusive)');
+ return cb;
+ });
+ var TaprootBIP32Der = P.struct({
+ hashes: P.array(CompactSizeLen, P.bytes(32)),
+ der: BIP32Der,
+ });
+ // {name: [tag, keyCoder, valueCoder]}
+ var PSBTGlobal = {
+ // TODO: RAW TX here
+ unsignedTx: [0x00, false, taproot.RawTx, [0], [2], [0]],
+ // The 78 byte serialized extended public key as defined by BIP 32.
+ xpub: [0x01, P.bytes(78), BIP32Der, [], [], [0, 2]],
+ txVersion: [0x02, false, P.U32LE, [2], [0], [2]],
+ fallbackLocktime: [0x03, false, P.U32LE, [], [0], [2]],
+ inputCount: [0x04, false, CompactSizeLen, [2], [0], [2]],
+ outputCount: [0x05, false, CompactSizeLen, [2], [0], [2]],
+ // bitfield
+ txModifiable: [0x06, false, P.U8, [], [0], [2]],
+ version: [0xfb, false, P.U32LE, [], [], [0, 2]],
+ // key =
+ propietary: [0xfc, P.bytes(null), P.bytes(null), [], [], [0, 2]],
+ };
+ var PSBTInput = {
+ nonWitnessUtxo: [0x00, false, taproot.RawTx, [], [], [0, 2]],
+ witnessUtxo: [0x01, false, taproot.RawOutput, [], [], [0, 2]],
+ partialSig: [0x02, PubKeyECDSA, P.bytes(null), [], [], [0, 2]],
+ sighashType: [0x03, false, P.U32LE, [], [], [0, 2]],
+ redeemScript: [0x04, false, P.bytes(null), [], [], [0, 2]],
+ witnessScript: [0x05, false, P.bytes(null), [], [], [0, 2]],
+ bip32Derivation: [0x06, PubKeyECDSA, BIP32Der, [], [], [0, 2]],
+ finalScriptSig: [0x07, false, P.bytes(null), [], [], [0, 2]],
+ finalScriptWitness: [0x08, false, taproot.RawWitness, [], [], [0, 2]],
+ porCommitment: [0x09, false, P.bytes(null), [], [], [0, 2]],
+ ripemd160: [0x0a, P.bytes(20), P.bytes(null), [], [], [0, 2]],
+ sha256: [0x0b, P.bytes(32), P.bytes(null), [], [], [0, 2]],
+ hash160: [0x0c, P.bytes(20), P.bytes(null), [], [], [0, 2]],
+ hash256: [0x0d, P.bytes(32), P.bytes(null), [], [], [0, 2]],
+ hash: [0x0e, false, P.bytes(32), [2], [0], [2]],
+ index: [0x0f, false, P.U32LE, [2], [0], [2]],
+ sequence: [0x10, false, P.U32LE, [], [0], [2]],
+ requiredTimeLocktime: [0x11, false, P.U32LE, [], [0], [2]],
+ requiredHeightLocktime: [0x12, false, P.U32LE, [], [0], [2]],
+ tapKeySig: [0x13, false, SignatureSchnorr, [], [], [0, 2]],
+ tapScriptSig: [
+ 0x14,
+ P.struct({ pubKey: PubKeySchnorr, leafHash: P.bytes(32) }),
+ SignatureSchnorr,
+ [],
+ [],
+ [0, 2],
+ ],
+ // value = <8-bit uint leaf version>
+ tapLeafScript: [0x15, taproot.TaprootControlBlock, P.bytes(null), [], [], [0, 2]],
+ tapBip32Derivation: [0x16, P.bytes(32), TaprootBIP32Der, [], [], [0, 2]],
+ tapInternalKey: [0x17, false, PubKeySchnorr, [], [], [0, 2]],
+ tapMerkleRoot: [0x18, false, P.bytes(32), [], [], [0, 2]],
+ propietary: [0xfc, P.bytes(null), P.bytes(null), [], [], [0, 2]],
+ };
+ // All other keys removed when finalizing
+ var PSBTInputFinalKeys = [
+ 'hash',
+ 'sequence',
+ 'index',
+ 'witnessUtxo',
+ 'nonWitnessUtxo',
+ 'finalScriptSig',
+ 'finalScriptWitness',
+ 'unknown',
+ ];
+ // Can be modified even on signed input
+ var PSBTInputUnsignedKeys = [
+ 'partialSig',
+ 'finalScriptSig',
+ 'finalScriptWitness',
+ 'tapKeySig',
+ 'tapScriptSig',
+ ];
+ var PSBTOutput = {
+ redeemScript: [0x00, false, P.bytes(null), [], [], [0, 2]],
+ witnessScript: [0x01, false, P.bytes(null), [], [], [0, 2]],
+ bip32Derivation: [0x02, PubKeyECDSA, BIP32Der, [], [], [0, 2]],
+ amount: [0x03, false, P.I64LE, [2], [0], [2]],
+ script: [0x04, false, P.bytes(null), [2], [0], [2]],
+ tapInternalKey: [0x05, false, PubKeySchnorr, [], [], [0, 2]],
+ /*
+ {<8-bit uint depth> <8-bit uint leaf version> }*
+ */
+ tapTree: [
+ 0x06,
+ false,
+ P.array(null, P.struct({
+ depth: P.U8,
+ version: P.U8,
+ script: taproot.VarBytes,
+ })),
+ [],
+ [],
+ [0, 2],
+ ],
+ tapBip32Derivation: [0x07, PubKeySchnorr, TaprootBIP32Der, [], [], [0, 2]],
+ propietary: [0xfc, P.bytes(null), P.bytes(null), [], [], [0, 2]],
+ };
+ // Can be modified even on signed input
+ var PSBTOutputUnsignedKeys = [];
+ var PSBTKeyPair = P.array(P.NULL, P.struct({
+ // := WHERE keylen = len(keytype)+len(keydata)
+ key: P.prefix(CompactSizeLen, P.struct({ type: CompactSizeLen, key: P.bytes(null) })),
+ // :=
+ value: P.bytes(CompactSizeLen),
+ }));
+ var PSBTUnknownKey = P.struct({ type: CompactSizeLen, key: P.bytes(null) });
+ // Key cannot be 'unknown', value coder cannot be array for elements with empty key
+ function PSBTKeyMap(psbtEnum) {
+ // -> Record
+ var byType = {};
+ for (var k in psbtEnum) {
+ var _a = psbtEnum[k], num = _a[0], kc = _a[1], vc = _a[2];
+ byType[num] = [k, kc, vc];
+ }
+ return P.wrap({
+ encodeStream: function (w, value) {
+ var out = [];
+ var _loop_1 = function (name) {
+ var val = value[name];
+ if (val === undefined)
+ return "continue";
+ var _c = psbtEnum[name], type_1 = _c[0], kc = _c[1], vc = _c[2];
+ if (!kc)
+ out.push({ key: { type: type_1, key: P.EMPTY }, value: vc.encode(val) });
+ else {
+ // TODO: check here if there is duplicate keys
+ var kv = val.map(function (_a) {
+ var k = _a[0], v = _a[1];
+ return [
+ kc.encode(k),
+ vc.encode(v),
+ ];
+ });
+ // sort by keys
+ kv.sort(function (a, b) { return cmp(a[0], b[0]); });
+ for (var _d = 0, kv_1 = kv; _d < kv_1.length; _d++) {
+ var _e = kv_1[_d], key = _e[0], value_2 = _e[1];
+ out.push({ key: { key: key, type: type_1 }, value: value_2 });
+ }
+ }
+ };
+ // Because we use order of psbtEnum, keymap is sorted here
+ for (var name in psbtEnum) {
+ _loop_1(name);
+ }
+ if (value.unknown) {
+ value.unknown.sort(function (a, b) { return cmp(a[0], b[0]); });
+ for (var _i = 0, _a = value.unknown; _i < _a.length; _i++) {
+ var _b = _a[_i], k = _b[0], v = _b[1];
+ out.push({ key: PSBTUnknownKey.decode(k), value: v });
+ }
+ }
+ PSBTKeyPair.encodeStream(w, out);
+ },
+ decodeStream: function (r) {
+ var raw = PSBTKeyPair.decodeStream(r);
+ var out = {};
+ var noKey = {};
+ for (var _i = 0, raw_1 = raw; _i < raw_1.length; _i++) {
+ var elm = raw_1[_i];
+ var name = 'unknown';
+ var key = elm.key.key;
+ var value = elm.value;
+ if (byType[elm.key.type]) {
+ var _a = byType[elm.key.type], _name = _a[0], kc = _a[1], vc = _a[2];
+ name = _name;
+ if (!kc && key.length) {
+ throw new Error("PSBT: Non-empty key for ".concat(name, " (key=").concat(base.hex.encode(key), " value=").concat(base.hex.encode(value)));
+ }
+ key = kc ? kc.decode(key) : undefined;
+ value = vc.decode(value);
+ if (!kc) {
+ if (out[name])
+ throw new Error("PSBT: Same keys: ".concat(name, " (key=").concat(key, " value=").concat(value, ")"));
+ out[name] = value;
+ noKey[name] = true;
+ continue;
+ }
+ }
+ else {
+ // For unknown: add key type inside key
+ key = PSBTUnknownKey.encode({ type: elm.key.type, key: elm.key.key });
+ }
+ // Only keyed elements at this point
+ if (noKey[name])
+ throw new Error("PSBT: Key type with empty key and no key=".concat(name, " val=").concat(value));
+ if (!out[name])
+ out[name] = [];
+ out[name].push([key, value]);
+ }
+ return out;
+ },
+ });
+ }
+ // Basic sanity check for scripts
+ function checkWSH(s, witnessScript) {
+ if (!P.equalBytes(s.hash, (0, sha256_1.sha256)(witnessScript)))
+ throw new Error('checkScript: wsh wrong witnessScript hash');
+ var w = taproot.OutScript.decode(witnessScript);
+ if (w.type === 'tr' || w.type === 'tr_ns' || w.type === 'tr_ms')
+ throw new Error("checkScript: P2".concat(w.type, " cannot be wrapped in P2SH"));
+ if (w.type === 'wpkh' || w.type === 'sh')
+ throw new Error("checkScript: P2".concat(w.type, " cannot be wrapped in P2WSH"));
+ }
+ function checkScript(script, redeemScript, witnessScript) {
+ // TODO: revalidate
+ if (script) {
+ var s = taproot.OutScript.decode(script);
+ // TODO: ms||pk maybe work, but there will be no address
+ if (s.type === 'tr_ns' || s.type === 'tr_ms' || s.type === 'ms' || s.type == 'pk')
+ throw new Error("checkScript: non-wrapped ".concat(s.type));
+ if (s.type === 'sh' && redeemScript) {
+ if (!P.equalBytes(s.hash, hash160(redeemScript)))
+ throw new Error('checkScript: sh wrong redeemScript hash');
+ var r = taproot.OutScript.decode(redeemScript);
+ if (r.type === 'tr' || r.type === 'tr_ns' || r.type === 'tr_ms')
+ throw new Error("checkScript: P2".concat(r.type, " cannot be wrapped in P2SH"));
+ // Not sure if this unspendable, but we cannot represent this via PSBT
+ if (r.type === 'sh')
+ throw new Error('checkScript: P2SH cannot be wrapped in P2SH');
+ }
+ if (s.type === 'wsh' && witnessScript)
+ checkWSH(s, witnessScript);
+ }
+ if (redeemScript) {
+ var r = taproot.OutScript.decode(redeemScript);
+ if (r.type === 'wsh' && witnessScript)
+ checkWSH(r, witnessScript);
+ }
+ }
+ var PSBTInputCoder = P.validate(PSBTKeyMap(PSBTInput), function (i) {
+ if (i.finalScriptWitness && !i.finalScriptWitness.length)
+ throw new Error('validateInput: wmpty finalScriptWitness');
+ //if (i.finalScriptSig && !i.finalScriptSig.length) throw new Error('validateInput: empty finalScriptSig');
+ if (i.partialSig && !i.partialSig.length)
+ throw new Error('Empty partialSig');
+ if (i.partialSig)
+ for (var _i = 0, _a = i.partialSig; _i < _a.length; _i++) {
+ var _b = _a[_i], k = _b[0], v = _b[1];
+ validatePubkey(k, PubT.ecdsa);
+ }
+ if (i.bip32Derivation)
+ for (var _c = 0, _d = i.bip32Derivation; _c < _d.length; _c++) {
+ var _e = _d[_c], k = _e[0], v = _e[1];
+ validatePubkey(k, PubT.ecdsa);
+ }
+ // Locktime = unsigned little endian integer greater than or equal to 500000000 representing
+ if (i.requiredTimeLocktime !== undefined && i.requiredTimeLocktime < 500000000)
+ throw new Error("validateInput: wrong timeLocktime=".concat(i.requiredTimeLocktime));
+ // unsigned little endian integer greater than 0 and less than 500000000
+ if (i.requiredHeightLocktime !== undefined &&
+ (i.requiredHeightLocktime <= 0 || i.requiredHeightLocktime >= 500000000))
+ throw new Error("validateInput: wrong heighLocktime=".concat(i.requiredHeightLocktime));
+ if (i.nonWitnessUtxo && i.index !== undefined) {
+ var last = i.nonWitnessUtxo.outputs.length - 1;
+ if (i.index > last)
+ throw new Error("validateInput: index(".concat(i.index, ") not in nonWitnessUtxo"));
+ var prevOut = i.nonWitnessUtxo.outputs[i.index];
+ if (i.witnessUtxo &&
+ (!P.equalBytes(i.witnessUtxo.script, prevOut.script) ||
+ i.witnessUtxo.amount !== prevOut.amount))
+ throw new Error('validateInput: witnessUtxo different from nonWitnessUtxo');
+ }
+ if (i.tapLeafScript) {
+ // tap leaf version appears here twice: in control block and at the end of script
+ for (var _f = 0, _g = i.tapLeafScript; _f < _g.length; _f++) {
+ var _h = _g[_f], k = _h[0], v = _h[1];
+ if ((k.version & 254) !== v[v.length - 1])
+ throw new Error('validateInput: tapLeafScript version mimatch');
+ if (v[v.length - 1] & 1)
+ throw new Error('validateInput: tapLeafScript version has parity bit!');
+ }
+ }
+ return i;
+ });
+ var PSBTOutputCoder = P.validate(PSBTKeyMap(PSBTOutput), function (o) {
+ if (o.bip32Derivation)
+ for (var _i = 0, _a = o.bip32Derivation; _i < _a.length; _i++) {
+ var _b = _a[_i], k = _b[0], v = _b[1];
+ validatePubkey(k, PubT.ecdsa);
+ }
+ return o;
+ });
+ var PSBTGlobalCoder = P.validate(PSBTKeyMap(PSBTGlobal), function (g) {
+ var version = g.version || 0;
+ if (version === 0) {
+ if (!g.unsignedTx)
+ throw new Error('PSBTv0: missing unsignedTx');
+ if (g.unsignedTx.segwitFlag || g.unsignedTx.witnesses)
+ throw new Error('PSBTv0: witness in unsingedTx');
+ for (var _i = 0, _a = g.unsignedTx.inputs; _i < _a.length; _i++) {
+ var inp = _a[_i];
+ if (inp.finalScriptSig && inp.finalScriptSig.length)
+ throw new Error('PSBTv0: input scriptSig found in unsignedTx');
+ }
+ }
+ return g;
+ });
+ taproot._RawPSBTV0 = P.struct({
+ magic: P.magic(P.string(new Uint8Array([0xff])), 'psbt'),
+ global: PSBTGlobalCoder,
+ inputs: P.array('global/unsignedTx/inputs/length', PSBTInputCoder),
+ outputs: P.array(null, PSBTOutputCoder),
+ });
+ taproot._RawPSBTV2 = P.struct({
+ magic: P.magic(P.string(new Uint8Array([0xff])), 'psbt'),
+ global: PSBTGlobalCoder,
+ inputs: P.array('global/inputCount', PSBTInputCoder),
+ outputs: P.array('global/outputCount', PSBTOutputCoder),
+ });
+ taproot._DebugPSBT = P.struct({
+ magic: P.magic(P.string(new Uint8Array([0xff])), 'psbt'),
+ items: P.array(null, P.apply(P.array(P.NULL, P.tuple([P.hex(CompactSizeLen), P.bytes(taproot.CompactSize)])), P.coders.dict())),
+ });
+ function validatePSBTFields(version, info, lst) {
+ for (var k in lst) {
+ if (k === 'unknown')
+ continue;
+ if (!info[k])
+ continue;
+ var _a = info[k].slice(-3), reqInc = _a[0], reqExc = _a[1], allowInc = _a[2];
+ if (reqExc.includes(version) || !allowInc.includes(version))
+ throw new Error("PSBTv".concat(version, ": field ").concat(k, " is not allowed"));
+ }
+ for (var k in info) {
+ var _b = info[k].slice(-3), reqInc = _b[0], reqExc = _b[1], allowInc = _b[2];
+ if (reqInc.includes(version) && lst[k] === undefined)
+ throw new Error("PSBTv".concat(version, ": missing required field ").concat(k));
+ }
+ }
+ function cleanPSBTFields(version, info, lst) {
+ var out = {};
+ for (var k in lst) {
+ if (k !== 'unknown') {
+ if (!info[k])
+ continue;
+ var _a = info[k].slice(-3), reqInc = _a[0], reqExc = _a[1], allowInc = _a[2];
+ if (reqExc.includes(version) || !allowInc.includes(version))
+ continue;
+ }
+ out[k] = lst[k];
+ }
+ return out;
+ }
+ function validatePSBT(tx) {
+ var version = (tx && tx.global && tx.global.version) || 0;
+ validatePSBTFields(version, PSBTGlobal, tx.global);
+ for (var _i = 0, _a = tx.inputs; _i < _a.length; _i++) {
+ var i = _a[_i];
+ validatePSBTFields(version, PSBTInput, i);
+ }
+ for (var _b = 0, _c = tx.outputs; _b < _c.length; _b++) {
+ var o = _c[_b];
+ validatePSBTFields(version, PSBTOutput, o);
+ }
+ // We allow only one empty element at the end of map (compat with bitcoinjs-lib bug)
+ var inputCount = !version ? tx.global.unsignedTx.inputs.length : tx.global.inputCount;
+ if (tx.inputs.length < inputCount)
+ throw new Error('Not enough inputs');
+ var inputsLeft = tx.inputs.slice(inputCount);
+ if (inputsLeft.length > 1 || (inputsLeft.length && Object.keys(inputsLeft[0]).length))
+ throw new Error("Unexpected inputs left in tx=".concat(inputsLeft));
+ // Same for inputs
+ var outputCount = !version ? tx.global.unsignedTx.outputs.length : tx.global.outputCount;
+ if (tx.outputs.length < outputCount)
+ throw new Error('Not outputs inputs');
+ var outputsLeft = tx.outputs.slice(outputCount);
+ if (outputsLeft.length > 1 || (outputsLeft.length && Object.keys(outputsLeft[0]).length))
+ throw new Error("Unexpected outputs left in tx=".concat(outputsLeft));
+ return tx;
+ }
+ // Check if object doens't have custom constructor (like Uint8Array/Array)
+ var isPlainObject = function (obj) {
+ return Object.prototype.toString.call(obj) === '[object Object]' && obj.constructor === Object;
+ };
+ function type(v) {
+ if (v instanceof Uint8Array)
+ return 'bytes';
+ if (Array.isArray(v))
+ return 'array';
+ if (['number', 'string', 'bigint', 'boolean', 'undefined'].includes(typeof v))
+ return typeof v;
+ if (v === null)
+ return 'null'; // typeof null=object
+ if (isPlainObject(v))
+ return 'object';
+ throw new Error("Unknown type=".concat(v));
+ }
+ // Basic structure merge: object = {...old, ...new}, arrays = old.concat(new). other -> replace
+ // function merge(
+ // psbtEnum: T,
+ // val: PSBTKeyMapKeys,
+ // cur?: PSBTKeyMapKeys
+ // ): PSBTKeyMapKeys {
+ // }
+ function mergeKeyMap(psbtEnum, val, cur, allowedFields) {
+ var res = __assign(__assign({}, cur), val);
+ var _loop_2 = function (k) {
+ var key = k;
+ var _a = psbtEnum[key], _ = _a[0], kC = _a[1], vC = _a[2];
+ var cannotChange = allowedFields && !allowedFields.includes(k);
+ if (val[k] === undefined && k in val) {
+ if (cannotChange)
+ throw new Error("Cannot remove signed field=".concat(k));
+ delete res[k];
+ }
+ else if (kC) {
+ var oldKV = (cur && cur[k] ? cur[k] : []);
+ var newKV = val[key];
+ if (newKV) {
+ if (!Array.isArray(newKV))
+ throw new Error("keyMap(".concat(k, "): KV pairs should be [k, v][]"));
+ // Decode hex in k-v
+ newKV = newKV.map(function (val) {
+ if (val.length !== 2)
+ throw new Error("keyMap(".concat(k, "): KV pairs should be [k, v][]"));
+ return [
+ typeof val[0] === 'string' ? kC.decode(base.hex.decode(val[0])) : val[0],
+ typeof val[1] === 'string' ? vC.decode(base.hex.decode(val[1])) : val[1],
+ ];
+ });
+ var map_1 = {};
+ var add = function (kStr, k, v) {
+ if (map_1[kStr] === undefined) {
+ map_1[kStr] = [k, v];
+ return;
+ }
+ var oldVal = base.hex.encode(vC.encode(map_1[kStr][1]));
+ var newVal = base.hex.encode(vC.encode(v));
+ if (oldVal !== newVal)
+ throw new Error("keyMap(".concat(key, "): same key=").concat(kStr, " oldVal=").concat(oldVal, " newVal=").concat(newVal));
+ };
+ for (var _i = 0, oldKV_1 = oldKV; _i < oldKV_1.length; _i++) {
+ var _b = oldKV_1[_i], k_1 = _b[0], v = _b[1];
+ var kStr = base.hex.encode(kC.encode(k_1));
+ add(kStr, k_1, v);
+ }
+ for (var _c = 0, newKV_1 = newKV; _c < newKV_1.length; _c++) {
+ var _d = newKV_1[_c], k_2 = _d[0], v = _d[1];
+ var kStr = base.hex.encode(kC.encode(k_2));
+ // undefined removes previous value
+ if (v === undefined)
+ delete map_1[kStr];
+ else
+ add(kStr, k_2, v);
+ }
+ res[key] = Object.values(map_1);
+ }
+ }
+ else if (typeof res[k] === 'string') {
+ res[k] = vC.decode(base.hex.decode(res[k]));
+ }
+ };
+ // All arguments can be provided as hex
+ for (var k in psbtEnum) {
+ _loop_2(k);
+ }
+ // Remove unknown keys
+ for (var k in res)
+ if (!psbtEnum[k])
+ delete res[k];
+ return res;
+ }
+ taproot.RawPSBTV0 = P.validate(taproot._RawPSBTV0, validatePSBT);
+ taproot.RawPSBTV2 = P.validate(taproot._RawPSBTV2, validatePSBT);
+ // (TxHash, Idx)
+ var TxHashIdx = P.struct({ hash: P.bytes(32, true), index: P.U32LE });
+ // /Coders
+ var isBytes = function (b) { return b instanceof Uint8Array; };
+ var OutPK = {
+ encode: function (from) {
+ if (from.length !== 2 ||
+ !P.isBytes(from[0]) ||
+ !isValidPubkey(from[0], PubT.ecdsa) ||
+ from[1] !== 'CHECKSIG')
+ return;
+ return { type: 'pk', pubkey: from[0] };
+ },
+ decode: function (to) { return (to.type === 'pk' ? [to.pubkey, 'CHECKSIG'] : undefined); },
+ };
+ var p2pk = function (pubkey, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ if (!isValidPubkey(pubkey, PubT.ecdsa))
+ throw new Error('P2PK: invalid publicKey');
+ return {
+ type: 'pk',
+ script: taproot.OutScript.encode({ type: 'pk', pubkey: pubkey }),
+ };
+ };
+ taproot.p2pk = p2pk;
+ var OutPKH = {
+ encode: function (from) {
+ if (from.length !== 5 || from[0] !== 'DUP' || from[1] !== 'HASH160' || !isBytes(from[2]))
+ return;
+ if (from[3] !== 'EQUALVERIFY' || from[4] !== 'CHECKSIG')
+ return;
+ return { type: 'pkh', hash: from[2] };
+ },
+ decode: function (to) {
+ return to.type === 'pkh' ? ['DUP', 'HASH160', to.hash, 'EQUALVERIFY', 'CHECKSIG'] : undefined;
+ },
+ };
+ var p2pkh = function (publicKey, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ if (!isValidPubkey(publicKey, PubT.ecdsa))
+ throw new Error('P2PKH: invalid publicKey');
+ var hash = hash160(publicKey);
+ return {
+ type: 'pkh',
+ script: taproot.OutScript.encode({ type: 'pkh', hash: hash }),
+ address: Address(network).encode({ type: 'pkh', hash: hash }),
+ };
+ };
+ taproot.p2pkh = p2pkh;
+ var OutSH = {
+ encode: function (from) {
+ if (from.length !== 3 || from[0] !== 'HASH160' || !isBytes(from[1]) || from[2] !== 'EQUAL')
+ return;
+ return { type: 'sh', hash: from[1] };
+ },
+ decode: function (to) {
+ return to.type === 'sh' ? ['HASH160', to.hash, 'EQUAL'] : undefined;
+ },
+ };
+ var p2sh = function (child, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ var hash = hash160(child.script);
+ var script = taproot.OutScript.encode({ type: 'sh', hash: hash });
+ checkScript(script, child.script, child.witnessScript);
+ var res = {
+ type: 'sh',
+ redeemScript: child.script,
+ script: taproot.OutScript.encode({ type: 'sh', hash: hash }),
+ address: Address(network).encode({ type: 'sh', hash: hash }),
+ };
+ if (child.witnessScript)
+ res.witnessScript = child.witnessScript;
+ return res;
+ };
+ taproot.p2sh = p2sh;
+ var OutWSH = {
+ encode: function (from) {
+ if (from.length !== 2 || from[0] !== 'OP_0' || !isBytes(from[1]))
+ return;
+ if (from[1].length !== 32)
+ return;
+ return { type: 'wsh', hash: from[1] };
+ },
+ decode: function (to) { return (to.type === 'wsh' ? ['OP_0', to.hash] : undefined); },
+ };
+ var p2wsh = function (child, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ var hash = (0, sha256_1.sha256)(child.script);
+ var script = taproot.OutScript.encode({ type: 'wsh', hash: hash });
+ checkScript(script, undefined, child.script);
+ return {
+ type: 'wsh',
+ witnessScript: child.script,
+ script: taproot.OutScript.encode({ type: 'wsh', hash: hash }),
+ address: Address(network).encode({ type: 'wsh', hash: hash }),
+ };
+ };
+ taproot.p2wsh = p2wsh;
+ var OutWPKH = {
+ encode: function (from) {
+ if (from.length !== 2 || from[0] !== 'OP_0' || !isBytes(from[1]))
+ return;
+ if (from[1].length !== 20)
+ return;
+ return { type: 'wpkh', hash: from[1] };
+ },
+ decode: function (to) { return (to.type === 'wpkh' ? ['OP_0', to.hash] : undefined); },
+ };
+ var p2wpkh = function (publicKey, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ if (!isValidPubkey(publicKey, PubT.ecdsa))
+ throw new Error('P2WPKH: invalid publicKey');
+ if (publicKey.length === 65)
+ throw new Error('P2WPKH: uncompressed public key');
+ var hash = hash160(publicKey);
+ return {
+ type: 'wpkh',
+ script: taproot.OutScript.encode({ type: 'wpkh', hash: hash }),
+ address: Address(network).encode({ type: 'wpkh', hash: hash }),
+ };
+ };
+ taproot.p2wpkh = p2wpkh;
+ var OutMS = {
+ encode: function (from) {
+ var last = from.length - 1;
+ if (from[last] !== 'CHECKMULTISIG')
+ return;
+ var m = OPtoNumber(from[0]);
+ var n = OPtoNumber(from[last - 1]);
+ if (m === undefined || n === undefined)
+ throw new Error('OutScript.encode/multisig wrong params');
+ var pubkeys = from.slice(1, -2); // Any is ok, check in for later
+ if (n !== pubkeys.length)
+ throw new Error('OutScript.encode/multisig: wrong length');
+ return { type: 'ms', m: m, pubkeys: pubkeys }; // we don't need n, since it is the same as pubkeys
+ },
+ // checkmultisig(n, ..pubkeys, m)
+ decode: function (to) {
+ return to.type === 'ms'
+ ? __spreadArray(__spreadArray(["OP_".concat(to.m)], to.pubkeys, true), ["OP_".concat(to.pubkeys.length), 'CHECKMULTISIG'], false) : undefined;
+ },
+ };
+ var p2ms = function (m, pubkeys, allowSamePubkeys) {
+ if (allowSamePubkeys === void 0) { allowSamePubkeys = false; }
+ if (!allowSamePubkeys)
+ uniqPubkey(pubkeys);
+ return { type: 'ms', script: taproot.OutScript.encode({ type: 'ms', pubkeys: pubkeys, m: m }) };
+ };
+ taproot.p2ms = p2ms;
+ var OutTR = {
+ encode: function (from) {
+ if (from.length !== 2 || from[0] !== 'OP_1' || !isBytes(from[1]))
+ return;
+ return { type: 'tr', pubkey: from[1] };
+ },
+ decode: function (to) { return (to.type === 'tr' ? ['OP_1', to.pubkey] : undefined); },
+ };
+ // Helper for generating binary tree from list, with weights
+ function taprootListToTree(taprootList) {
+ // Clone input in order to not corrupt it
+ var lst = Array.from(taprootList);
+ // We have at least 2 elements => can create branch
+ while (lst.length >= 2) {
+ // Sort: elements with smallest weight are in the end of queue
+ lst.sort(function (a, b) { return (b.weight || 1) - (a.weight || 1); });
+ var b = lst.pop();
+ var a = lst.pop();
+ var weight = ((a === null || a === void 0 ? void 0 : a.weight) || 1) + ((b === null || b === void 0 ? void 0 : b.weight) || 1);
+ lst.push({
+ weight: weight,
+ // Unwrap children array
+ childs: [a.childs || a, b.childs || b],
+ });
+ }
+ // At this point there is always 1 element in lst
+ var last = lst[0];
+ return (last.childs || last);
+ }
+ taproot.taprootListToTree = taprootListToTree;
+ function checkTaprootScript(script, allowUnknowOutput) {
+ if (allowUnknowOutput === void 0) { allowUnknowOutput = false; }
+ var out = taproot.OutScript.decode(script);
+ if (out.type === 'unknown' && allowUnknowOutput)
+ return;
+ if (!['tr_ns', 'tr_ms'].includes(out.type))
+ throw new Error("P2TR: invalid leaf script=".concat(out.type));
+ }
+ //Contructs a binary tree from a list of scripts
+ function taprootHashTree(tree, allowUnknowOutput) {
+ var _a;
+ if (allowUnknowOutput === void 0) { allowUnknowOutput = false; }
+ if (!tree)
+ throw new Error('taprootHashTree: empty tree');
+ if (Array.isArray(tree) && tree.length === 1)
+ tree = tree[0];
+ // Terminal node (leaf)
+ if (!Array.isArray(tree)) {
+ var version = tree.leafVersion, leafScript = tree.script, tapInternalKey = tree.tapInternalKey;
+ // Earliest tree walk where we can validate tapScripts
+ if (tree.tapLeafScript || (tree.tapMerkleRoot && !P.equalBytes(tree.tapMerkleRoot, P.EMPTY)))
+ throw new Error('P2TR: tapRoot leafScript cannot have tree');
+ // Just to be sure that it is spendable
+ if (tapInternalKey && P.equalBytes(tapInternalKey, taproot.TAPROOT_UNSPENDABLE_KEY))
+ throw new Error('P2TR: tapRoot leafScript cannot have unspendble key');
+ var script = typeof leafScript === 'string' ? base.hex.decode(leafScript) : leafScript;
+ checkTaprootScript(script, allowUnknowOutput);
+ return {
+ type: 'leaf',
+ tapInternalKey: tapInternalKey,
+ version: version,
+ script: script,
+ hash: (0, taproot.tapLeafHash)(script, version),
+ };
+ }
+ // If tree / branch is not binary tree, convert it
+ if (tree.length !== 2)
+ tree = taprootListToTree(tree);
+ if (tree.length !== 2)
+ throw new Error('hashTree: non binary tree!');
+ // branch
+ // NOTE: both nodes should exist
+ var left = taprootHashTree(tree[0], allowUnknowOutput);
+ var right = taprootHashTree(tree[1], allowUnknowOutput);
+ // We cannot swap left/right here, since it will change structure of tree
+ var _b = [left.hash, right.hash], lH = _b[0], rH = _b[1];
+ if (cmp(rH, lH) === -1)
+ _a = [rH, lH], lH = _a[0], rH = _a[1];
+ return { type: 'branch', left: left, right: right, hash: taggedHash('TapBranch', lH, rH) };
+ }
+ taproot.taprootHashTree = taprootHashTree;
+
+ //Adds a path element to a binary tree
+ function taprootAddPath(tree, path) {
+ if (path === void 0) { path = []; }
+ if (!tree)
+ throw new Error("taprootAddPath: empty tree");
+ if (tree.type === 'leaf')
+ return __assign(__assign({}, tree), { path: path });
+ if (tree.type !== 'branch')
+ throw new Error("taprootAddPath: wrong type=".concat(tree));
+ return __assign(__assign({}, tree), {
+ path: path,
+ // Left element has right hash in path and otherwise
+ left: taprootAddPath(tree.left, __spreadArray([tree.right.hash], path, true)), right: taprootAddPath(tree.right, __spreadArray([tree.left.hash], path, true))
+ });
+ }
+ taproot.taprootAddPath = taprootAddPath;
+
+ //Flattens the tree
+ function taprootWalkTree(tree) {
+ if (!tree)
+ throw new Error("taprootAddPath: empty tree");
+ if (tree.type === 'leaf')
+ return [tree];
+ if (tree.type !== 'branch')
+ throw new Error("taprootWalkTree: wrong type=".concat(tree));
+ return __spreadArray(__spreadArray([], taprootWalkTree(tree.left), true), taprootWalkTree(tree.right), true);
+ }
+ taproot.taprootWalkTree = taprootWalkTree;
+
+ // Another stupid decision, where lack of standard affects security.
+ // Multisig needs to be generated with some key.
+ // We are using approach from BIP 341/bitcoinjs-lib: SHA256(uncompressedDER(SECP256K1_GENERATOR_POINT))
+ // It is possible to switch SECP256K1_GENERATOR_POINT with some random point;
+ // but it's too complex to prove.
+ // Also used by bitcoin-core and bitcoinjs-lib
+ taproot.TAPROOT_UNSPENDABLE_KEY = (0, sha256_1.sha256)(secp.Point.BASE.toRawBytes(false));
+ // Works as key OR tree.
+ // If we only have tree, need to add unspendable key, otherwise
+ // complex multisig wallet can be spent by owner of key only. See TAPROOT_UNSPENDABLE_KEY
+ function p2tr(internalPubKey, tree, network, allowUnknowOutput) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ if (allowUnknowOutput === void 0) { allowUnknowOutput = false; }
+ // Unspendable
+ if (!internalPubKey && !tree)
+ throw new Error('p2tr: should have pubKey or scriptTree (or both)');
+ var pubKey = typeof internalPubKey === 'string'
+ ? base.hex.decode(internalPubKey)
+ : internalPubKey || taproot.TAPROOT_UNSPENDABLE_KEY;
+ if (!isValidPubkey(pubKey, PubT.schnorr))
+ throw new Error('p2tr: non-schnorr pubkey');
+ var hashedTree = tree ? taprootAddPath(taprootHashTree(tree, allowUnknowOutput)) : undefined;
+ var tapMerkleRoot = hashedTree ? hashedTree.hash : undefined;
+ var _a = taprootTweakPubkey(pubKey, tapMerkleRoot || P.EMPTY), tweakedPubkey = _a[0], parity = _a[1];
+ var leaves;
+ if (hashedTree) {
+ leaves = taprootWalkTree(hashedTree).map(function (l) {
+ return (__assign(__assign({}, l), {
+ controlBlock: taproot.TaprootControlBlock.encode({
+ version: (l.version || taproot.TAP_LEAF_VERSION) + +parity,
+ internalKey: l.tapInternalKey || pubKey,
+ merklePath: l.path,
+ })
+ }));
+ });
+ }
+ var tapLeafScript;
+ if (leaves) {
+ tapLeafScript = leaves.map(function (l) {
+ return [
+ taproot.TaprootControlBlock.decode(l.controlBlock),
+ concat(l.script, new Uint8Array([l.version || taproot.TAP_LEAF_VERSION])),
+ ];
+ });
+ }
+ var res = {
+ type: 'tr',
+ script: taproot.OutScript.encode({ type: 'tr', pubkey: tweakedPubkey }),
+ address: Address(network).encode({ type: 'tr', pubkey: tweakedPubkey }),
+ // For tests
+ tweakedPubkey: tweakedPubkey,
+ // PSBT stuff
+ tapInternalKey: pubKey,
+ };
+ // Just in case someone would want to select a specific script
+ if (leaves)
+ res.leaves = leaves;
+ if (tapLeafScript)
+ res.tapLeafScript = tapLeafScript;
+ if (tapMerkleRoot)
+ res.tapMerkleRoot = tapMerkleRoot;
+ return res;
+ }
+ taproot.p2tr = p2tr;
+ var OutTRNS = {
+ encode: function (from) {
+ var last = from.length - 1;
+ if (from[last] !== 'CHECKSIG')
+ return;
+ var pubkeys = [];
+ for (var i = 0; i < last; i++) {
+ var elm = from[i];
+ if (i & 1) {
+ if (elm !== 'CHECKSIGVERIFY')
+ // ROHIT Removing throw, and replacing with return to let the process continue
+ //throw new Error('OutScript.encode/tr_ns: wrong element');
+ return;
+ if (i === last - 1)
+ // ROHIT Removing throw, and replacing with return to let the process continue
+ //throw new Error('OutScript.encode/tr_ns: wrong element');
+ return;
+ continue;
+ }
+ if (!isBytes(elm))
+ //ROHIT TO SOLVE CHEKKSIG ERROR
+ //throw new Error('OutScript.encode/tr_ns: wrong element');
+ return;
+ pubkeys.push(elm);
+ }
+ return { type: 'tr_ns', pubkeys: pubkeys };
+ },
+ decode: function (to) {
+ if (to.type !== 'tr_ns')
+ return;
+ var out = [];
+ for (var i = 0; i < to.pubkeys.length - 1; i++)
+ out.push(to.pubkeys[i], 'CHECKSIGVERIFY');
+ out.push(to.pubkeys[to.pubkeys.length - 1], 'CHECKSIG');
+ return out;
+ },
+ };
+ // Returns all combinations of size M from lst
+ function combinations(m, list) {
+ var res = [];
+ if (!Array.isArray(list))
+ throw new Error('combinations: lst arg should be array');
+ var n = list.length;
+ if (m > n)
+ throw new Error('combinations: m > lst.length, no combinations possible');
+ /*
+ Basically works as M nested loops like:
+ for (;idx[0]= 0 && idx[i] > n - m + i; i--) {
+ idx[i] = 0;
+ // Overflow in idx[0], break
+ if (i === 0)
+ break main;
+ idx[i - 1] += 1;
+ }
+ // Propagate: idx[i+1] = idx[idx]+1
+ for (i += 1; i < idx.length; i++)
+ idx[i] = idx[i - 1] + 1;
+ }
+ return res;
+ }
+ taproot.combinations = combinations;
+ /**
+ * M-of-N multi-leaf wallet via p2tr_ns. If m == n, single script is emitted.
+ * Takes O(n^2) if m != n. 99-of-100 is ok, 5-of-100 is not.
+ * `2-of-[A,B,C] => [A,B] | [A,C] | [B,C]`
+ */
+ var p2tr_ns = function (m, pubkeys, allowSamePubkeys) {
+ if (allowSamePubkeys === void 0) { allowSamePubkeys = false; }
+ if (!allowSamePubkeys)
+ uniqPubkey(pubkeys);
+ return combinations(m, pubkeys).map(function (i) {
+ return ({
+ type: 'tr_ns',
+ script: taproot.OutScript.encode({ type: 'tr_ns', pubkeys: i }),
+ });
+ });
+ };
+ taproot.p2tr_ns = p2tr_ns;
+ // Taproot public key (case of p2tr_ns)
+ var p2tr_pk = function (pubkey) { return (0, taproot.p2tr_ns)(1, [pubkey], undefined)[0]; };
+ taproot.p2tr_pk = p2tr_pk;
+ var OutTRMS = {
+ encode: function (from) {
+ var last = from.length - 1;
+ if (from[last] !== 'NUMEQUAL' || from[1] !== 'CHECKSIG')
+ return;
+ var pubkeys = [];
+ var m = OPtoNumber(from[last - 1]);
+ if (m === undefined)
+ return;
+ for (var i = 0; i < last - 1; i++) {
+ var elm = from[i];
+ if (i & 1) {
+ if (elm !== (i === 1 ? 'CHECKSIG' : 'CHECKSIGADD'))
+ throw new Error('OutScript.encode/tr_ms: wrong element');
+ continue;
+ }
+ if (!isBytes(elm))
+ throw new Error('OutScript.encode/tr_ms: wrong key element');
+ pubkeys.push(elm);
+ }
+ return { type: 'tr_ms', pubkeys: pubkeys, m: m };
+ },
+ decode: function (to) {
+ if (to.type !== 'tr_ms')
+ return;
+ var out = [to.pubkeys[0], 'CHECKSIG'];
+ for (var i = 1; i < to.pubkeys.length; i++)
+ out.push(to.pubkeys[i], 'CHECKSIGADD');
+ out.push("OP_".concat(to.m), 'NUMEQUAL');
+ return out;
+ },
+ };
+ function p2tr_ms(m, pubkeys, allowSamePubkeys) {
+ if (allowSamePubkeys === void 0) { allowSamePubkeys = false; }
+ if (!allowSamePubkeys)
+ uniqPubkey(pubkeys);
+ return {
+ type: 'tr_ms',
+ script: taproot.OutScript.encode({ type: 'tr_ms', pubkeys: pubkeys, m: m }),
+ };
+ }
+ taproot.p2tr_ms = p2tr_ms;
+ var OutUnknown = {
+ encode: function (from) {
+ return { type: 'unknown', script: taproot.Script.encode(from) };
+ },
+ decode: function (to) {
+ return to.type === 'unknown' ? taproot.Script.decode(to.script) : undefined;
+ },
+ };
+ // /Payments
+ var OutScripts = [
+ OutPK,
+ OutPKH,
+ OutSH,
+ OutWSH,
+ OutWPKH,
+ OutMS,
+ OutTR,
+ OutTRNS,
+ OutTRMS,
+ OutUnknown,
+ ];
+ // TODO: we can support user supplied output scripts now
+ // - addOutScript
+ // - removeOutScript
+ // - We can do that as log we modify array in-place
+ var _OutScript = P.apply(taproot.Script, P.coders.match(OutScripts));
+ // We can validate this once, because of packed & coders
+ taproot.OutScript = P.validate(_OutScript, function (i) {
+ if (i.type === 'pk' && !isValidPubkey(i.pubkey, PubT.ecdsa))
+ throw new Error('OutScript/pk: wrong key');
+ if ((i.type === 'pkh' || i.type === 'sh' || i.type === 'wpkh') &&
+ (!isBytes(i.hash) || i.hash.length !== 20))
+ throw new Error("OutScript/".concat(i.type, ": wrong hash"));
+ if (i.type === 'wsh' && (!isBytes(i.hash) || i.hash.length !== 32))
+ throw new Error("OutScript/wsh: wrong hash");
+ if (i.type === 'tr' && (!isBytes(i.pubkey) || !isValidPubkey(i.pubkey, PubT.schnorr)))
+ throw new Error('OutScript/tr: wrong taproot public key');
+ if (i.type === 'ms' || i.type === 'tr_ns' || i.type === 'tr_ms')
+ if (!Array.isArray(i.pubkeys))
+ throw new Error('OutScript/multisig: wrong pubkeys array');
+ if (i.type === 'ms') {
+ var n = i.pubkeys.length;
+ for (var _i = 0, _a = i.pubkeys; _i < _a.length; _i++) {
+ var p = _a[_i];
+ if (!isValidPubkey(p, PubT.ecdsa))
+ throw new Error('OutScript/multisig: wrong pubkey');
+ }
+ if (i.m <= 0 || n > 16 || i.m > n)
+ throw new Error('OutScript/multisig: invalid params');
+ }
+ if (i.type === 'tr_ns' || i.type === 'tr_ms') {
+ for (var _b = 0, _c = i.pubkeys; _b < _c.length; _b++) {
+ var p = _c[_b];
+ if (!isValidPubkey(p, PubT.schnorr))
+ throw new Error("OutScript/".concat(i.type, ": wrong pubkey"));
+ }
+ }
+ if (i.type === 'tr_ms') {
+ var n = i.pubkeys.length;
+ if (i.m <= 0 || n > 16 || i.m > n)
+ throw new Error('OutScript/tr_ms: invalid params');
+ }
+ return i;
+ });
+ // Address
+ // TODO: clean-up
+ function validateWitness(version, data) {
+ if (data.length < 2 || data.length > 40)
+ throw new Error('Witness: invalid length');
+ if (version > 16)
+ throw new Error('Witness: invalid version');
+ if (version === 0 && !(data.length === 20 || data.length === 32))
+ throw new Error('Witness: invalid length for version');
+ }
+ taproot.validateWitness = validateWitness;
+ function programToWitness(version, data, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ validateWitness(version, data);
+ var coder = version === 0 ? base.bech32 : base.bech32m;
+ return coder.encode(network.bech32, [version].concat(coder.toWords(data)));
+ }
+ taproot.programToWitness = programToWitness;
+ // TODO: remove?
+ function parseWitnessProgram(version, data) {
+ validateWitness(version, data);
+ var encodedVersion = version > 0 ? version + 0x50 : version;
+ return concat(new Uint8Array([encodedVersion]), taproot.VarBytes.encode(Uint8Array.from(data)));
+ }
+ taproot.parseWitnessProgram = parseWitnessProgram;
+ function formatKey(hashed, prefix) {
+ return taproot.base58check.encode(concat(Uint8Array.from(prefix), hashed));
+ }
+ function WIF(network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ return {
+ encode: function (privKey) {
+ var compressed = concat(privKey, new Uint8Array([0x01]));
+ return formatKey(compressed.subarray(0, 33), [network.wif]);
+ },
+ decode: function (wif) {
+ var parsed = taproot.base58check.decode(wif);
+ if (parsed[0] !== network.wif)
+ throw new Error('Wrong WIF prefix');
+ parsed = parsed.subarray(1);
+ // Check what it is. Compressed flag?
+ if (parsed.length !== 33)
+ throw new Error('Wrong WIF length');
+ if (parsed[32] !== 0x01)
+ throw new Error('Wrong WIF postfix');
+ return parsed.subarray(0, -1);
+ },
+ };
+ }
+ taproot.WIF = WIF;
+ // Returns OutType, which can be used to create outscript
+ function Address(network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ return {
+ encode: function (from) {
+ var type = from.type;
+ if (type === 'wpkh')
+ return programToWitness(0, from.hash, network);
+ else if (type === 'wsh')
+ return programToWitness(0, from.hash, network);
+ else if (type === 'tr')
+ return programToWitness(1, from.pubkey, network);
+ else if (type === 'pkh')
+ return formatKey(from.hash, [network.pubKeyHash]);
+ else if (type === 'sh')
+ return formatKey(from.hash, [network.scriptHash]);
+ return 1;
+ },
+ decode: function (address) {
+ if (address.length < 14 || address.length > 74)
+ throw new Error('Invalid address length');
+ // Bech32
+ if (network.bech32 && address.toLowerCase().startsWith(network.bech32)) {
+ var res = void 0;
+ try {
+ res = base.bech32.decode(address);
+ if (res.words[0] !== 0)
+ throw new Error("bech32: wrong version=".concat(res.words[0]));
+ }
+ catch (_) {
+ // Starting from version 1 it is decoded as bech32m
+ res = base.bech32m.decode(address);
+ if (res.words[0] === 0)
+ throw new Error("bech32m: wrong version=".concat(res.words[0]));
+ }
+ if (res.prefix !== network.bech32)
+ throw new Error("wrong bech32 prefix=".concat(res.prefix));
+ var _a = res.words, version = _a[0], program = _a.slice(1);
+ var data_1 = base.bech32.fromWords(program);
+ validateWitness(version, data_1);
+ if (version === 0 && data_1.length === 32)
+ return { type: 'wsh', hash: data_1 };
+ else if (version === 0 && data_1.length === 20)
+ return { type: 'wpkh', hash: data_1 };
+ else if (version === 1 && data_1.length === 32)
+ return { type: 'tr', pubkey: data_1 };
+ else
+ throw new Error('Unkown witness program');
+ }
+ var data = base.base58.decode(address);
+ if (data.length !== 25)
+ throw new Error('Invalid base58 address');
+ // Pay To Public Key Hash
+ if (data[0] === network.pubKeyHash) {
+ var bytes = base.base58.decode(address);
+ return { type: 'pkh', hash: bytes.slice(1, bytes.length - 4) };
+ }
+ else if (data[0] === network.scriptHash) {
+ var bytes = base.base58.decode(address);
+ return {
+ type: 'sh',
+ hash: base.base58.decode(address).slice(1, bytes.length - 4),
+ };
+ }
+ throw new Error("Invalid address prefix=".concat(data[0]));
+ },
+ };
+ }
+ taproot.Address = Address;
+ // /Address
+ var SignatureHash;
+ (function (SignatureHash) {
+ SignatureHash[SignatureHash["DEFAULT"] = 0] = "DEFAULT";
+ SignatureHash[SignatureHash["ALL"] = 1] = "ALL";
+ SignatureHash[SignatureHash["NONE"] = 2] = "NONE";
+ SignatureHash[SignatureHash["SINGLE"] = 3] = "SINGLE";
+ SignatureHash[SignatureHash["ANYONECANPAY"] = 128] = "ANYONECANPAY";
+ SignatureHash[SignatureHash["ALL_SIGHASH_ANYONECANPAY"] = 129] = "ALL_SIGHASH_ANYONECANPAY";
+ SignatureHash[SignatureHash["NONE_SIGHASH_ANYONECANPAY"] = 130] = "NONE_SIGHASH_ANYONECANPAY";
+ SignatureHash[SignatureHash["SINGLE_SIGHASH_ANYONECANPAY"] = 131] = "SINGLE_SIGHASH_ANYONECANPAY";
+ })(SignatureHash = taproot.SignatureHash || (taproot.SignatureHash = {}));
+ taproot.SigHashCoder = P.apply(P.U32LE, P.coders.tsEnum(SignatureHash));
+ function sum(arr) {
+ return arr.map(function (n) { return BigInt(n); }).reduce(function (a, b) { return a + b; });
+ }
+ // TODO: encoder maybe?
+ function unpackSighash(hashType) {
+ var masked = hashType & 31;
+ return {
+ isAny: !!(hashType & 128),
+ isNone: masked === 2,
+ isSingle: masked === 3,
+ };
+ }
+ var _sortPubkeys = function (pubkeys) { return Array.from(pubkeys).sort(cmp); };
+ taproot._sortPubkeys = _sortPubkeys;
+ var def = {
+ sequence: function (n) { return (n === undefined ? taproot.DEFAULT_SEQUENCE : n); },
+ lockTime: function (n) { return (n === undefined ? taproot.DEFAULT_LOCKTIME : n); },
+ };
+ taproot.TAP_LEAF_VERSION = 0xc0;
+ var tapLeafHash = function (script, version) {
+ if (version === void 0) { version = taproot.TAP_LEAF_VERSION; }
+ return taggedHash('TapLeaf', new Uint8Array([version]), taproot.VarBytes.encode(script));
+ };
+ taproot.tapLeafHash = tapLeafHash;
+ function getTaprootKeys(privKey, pubKey, internalKey, merkleRoot) {
+ if (merkleRoot === void 0) { merkleRoot = P.EMPTY; }
+ if (P.equalBytes(internalKey, pubKey)) {
+ privKey = taprootTweakPrivKey(privKey, merkleRoot);
+ pubKey = secp.schnorr.getPublicKey(privKey);
+ }
+ return { privKey: privKey, pubKey: pubKey };
+ }
+ taproot.getTaprootKeys = getTaprootKeys;
+ var Transaction = /** @class */ (function () {
+ // function Transaction(version, lockTime, PSBTVersion,opts) { //Changed the position of opts so that it can test examples work
+ function Transaction(opts, version, lockTime, PSBTVersion) {
+ if (version === void 0) { version = taproot.DEFAULT_VERSION; }
+ if (lockTime === void 0) { lockTime = 0; }
+ if (PSBTVersion === void 0) { PSBTVersion = 0; }
+ if (opts === void 0) { opts = {}; }
+ this.PSBTVersion = PSBTVersion;
+ this.opts = opts;
+ this.global = {};
+ this.inputs = [];
+ this.outputs = [];
+ if (lockTime !== taproot.DEFAULT_LOCKTIME)
+ this.global.fallbackLocktime = lockTime;
+ this.global.txVersion = version;
+ }
+ // Import
+ Transaction.fromRaw = function (raw, opts) {
+ if (opts === void 0) { opts = {}; }
+ var parsed = taproot.RawTx.decode(raw);
+ var tx = new Transaction(parsed.version, parsed.lockTime, undefined, opts);
+ for (var _i = 0, _a = parsed.outputs; _i < _a.length; _i++) {
+ var o = _a[_i];
+ tx.addOutput(o);
+ }
+ tx.outputs = parsed.outputs;
+ tx.inputs = parsed.inputs;
+ if (parsed.witnesses) {
+ for (var i = 0; i < parsed.witnesses.length; i++)
+ tx.inputs[i].finalScriptWitness = parsed.witnesses[i];
+ }
+ return tx;
+ };
+ // PSBT
+ Transaction.fromPSBT = function (psbt, opts) {
+ if (opts === void 0) { opts = {}; }
+ var parsed;
+ try {
+ parsed = taproot.RawPSBTV0.decode(psbt);
+ }
+ catch (e0) {
+ try {
+ parsed = taproot.RawPSBTV2.decode(psbt);
+ }
+ catch (e2) {
+ // Throw error for v0 parsing, since it popular, otherwise it would be shadowed by v2 error
+ throw e0;
+ }
+ }
+ var version = parsed.global.version || 0;
+ var unsigned = parsed.global.unsignedTx;
+ var txVersion = !version ? unsigned === null || unsigned === void 0 ? void 0 : unsigned.version : parsed.global.txVersion;
+ var lockTime = !version ? unsigned === null || unsigned === void 0 ? void 0 : unsigned.lockTime : parsed.global.fallbackLocktime;
+ var tx = new Transaction(txVersion, lockTime, version, opts);
+ // We need slice here, because otherwise
+ var inputCount = !version ? unsigned === null || unsigned === void 0 ? void 0 : unsigned.inputs.length : parsed.global.inputCount;
+ tx.inputs = parsed.inputs.slice(0, inputCount).map(function (i, j) {
+ var _a;
+ return (__assign(__assign({ finalScriptSig: P.EMPTY }, (_a = parsed.global.unsignedTx) === null || _a === void 0 ? void 0 : _a.inputs[j]), i));
+ });
+ var outputCount = !version ? unsigned === null || unsigned === void 0 ? void 0 : unsigned.outputs.length : parsed.global.outputCount;
+ tx.outputs = parsed.outputs.slice(0, outputCount).map(function (i, j) {
+ var _a;
+ return (__assign(__assign({}, i), (_a = parsed.global.unsignedTx) === null || _a === void 0 ? void 0 : _a.outputs[j]));
+ });
+ tx.global = __assign(__assign({}, parsed.global), { txVersion: txVersion }); // just in case propietary/unknown fields
+ if (lockTime !== taproot.DEFAULT_LOCKTIME)
+ tx.global.fallbackLocktime = lockTime;
+ return tx;
+ };
+ Transaction.prototype.toPSBT = function (ver) {
+ if (ver === void 0) { ver = this.PSBTVersion; }
+ var inputs = this.inputs.map(function (i) { return cleanPSBTFields(ver, PSBTInput, i); });
+ for (var _i = 0, inputs_1 = inputs; _i < inputs_1.length; _i++) {
+ var inp = inputs_1[_i];
+ // Don't serialize empty fields
+ if (inp.partialSig && !inp.partialSig.length)
+ delete inp.partialSig;
+ if (inp.finalScriptSig && !inp.finalScriptSig.length)
+ delete inp.finalScriptSig;
+ if (inp.finalScriptWitness && !inp.finalScriptWitness.length)
+ delete inp.finalScriptWitness;
+ }
+ var outputs = this.outputs.map(function (i) { return cleanPSBTFields(ver, PSBTOutput, i); });
+ if (ver && ver !== 2)
+ throw new Error("Wrong PSBT version=".concat(ver));
+ var global = __assign({}, this.global);
+ if (!ver) {
+ global.unsignedTx = taproot.RawTx.decode(this.unsignedTx);
+ delete global.fallbackLocktime;
+ delete global.txVersion;
+ }
+ else {
+ global.version = ver;
+ global.txVersion = this.version;
+ global.inputCount = this.inputs.length;
+ global.outputCount = this.outputs.length;
+ if (global.fallbackLocktime && global.fallbackLocktime === taproot.DEFAULT_LOCKTIME)
+ delete global.fallbackLocktime;
+ }
+ if (this.opts.bip174jsCompat) {
+ if (!inputs.length)
+ inputs.push({});
+ if (!outputs.length)
+ outputs.push({});
+ }
+ return (ver === 2 ? taproot.RawPSBTV2 : taproot.RawPSBTV0).encode({
+ global: global,
+ inputs: inputs,
+ outputs: outputs,
+ });
+ };
+ Object.defineProperty(Transaction.prototype, "lockTime", {
+ // BIP370 lockTime (https://github.com/bitcoin/bips/blob/master/bip-0370.mediawiki#determining-lock-time)
+ get: function () {
+ var height = taproot.DEFAULT_LOCKTIME;
+ var heightCnt = 0;
+ var time = taproot.DEFAULT_LOCKTIME;
+ var timeCnt = 0;
+ for (var _i = 0, _a = this.inputs; _i < _a.length; _i++) {
+ var i = _a[_i];
+ if (i.requiredHeightLocktime) {
+ height = Math.max(height, i.requiredHeightLocktime);
+ heightCnt++;
+ }
+ if (i.requiredTimeLocktime) {
+ time = Math.max(time, i.requiredTimeLocktime);
+ timeCnt++;
+ }
+ }
+ if (heightCnt && heightCnt >= timeCnt)
+ return height;
+ if (time !== taproot.DEFAULT_LOCKTIME)
+ return time;
+ return this.global.fallbackLocktime || taproot.DEFAULT_LOCKTIME;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "version", {
+ get: function () {
+ // Should be not possible
+ if (this.global.txVersion === undefined)
+ throw new Error('No global.txVersion');
+ return this.global.txVersion;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Transaction.prototype.inputStatus = function (idx) {
+ this.checkInputIdx(idx);
+ var input = this.inputs[idx];
+ // Finalized
+ if (input.finalScriptSig && input.finalScriptSig.length)
+ return 'finalized';
+ if (input.finalScriptWitness && input.finalScriptWitness.length)
+ return 'finalized';
+ // Signed taproot
+ if (input.tapKeySig)
+ return 'signed';
+ if (input.tapScriptSig && input.tapScriptSig.length)
+ return 'signed';
+ // Signed
+ if (input.partialSig && input.partialSig.length)
+ return 'signed';
+ return 'unsigned';
+ };
+ // TODO: re-use in preimages
+ Transaction.prototype.inputSighash = function (idx) {
+ this.checkInputIdx(idx);
+ var sighash = this.inputType(this.inputs[idx]).sighash;
+ // ALL or DEFAULT -- everything signed
+ // NONE -- all inputs + no outputs
+ // SINGLE -- all inputs + output with same index
+ // ALL + ANYONE -- specific input + all outputs
+ // NONE + ANYONE -- specific input + no outputs
+ // SINGLE -- specific inputs + output with same index
+ var sigOutputs = sighash === SignatureHash.DEFAULT ? SignatureHash.ALL : sighash & 3;
+ var sigInputs = sighash & SignatureHash.ANYONECANPAY;
+ return { sigInputs: sigInputs, sigOutputs: sigOutputs };
+ };
+ Transaction.prototype.signStatus = function () {
+ // if addInput or addOutput is not possible, then all inputs or outputs are signed
+ var addInput = true, addOutput = true;
+ var inputs = [], outputs = [];
+ for (var idx = 0; idx < this.inputs.length; idx++) {
+ var status = this.inputStatus(idx);
+ // Unsigned input doesn't affect anything
+ if (status === 'unsigned')
+ continue;
+ var _a = this.inputSighash(idx), sigInputs = _a.sigInputs, sigOutputs = _a.sigOutputs;
+ // Input type
+ if (sigInputs === SignatureHash.ANYONECANPAY)
+ inputs.push(idx);
+ else
+ addInput = false;
+ // Output type
+ if (sigOutputs === SignatureHash.ALL)
+ addOutput = false;
+ else if (sigOutputs === SignatureHash.SINGLE)
+ outputs.push(idx);
+ else if (sigOutputs === SignatureHash.NONE) {
+ // Doesn't affect any outputs at all
+ }
+ else
+ throw new Error("Wrong signature hash output type: ".concat(sigOutputs));
+ }
+ return { addInput: addInput, addOutput: addOutput, inputs: inputs, outputs: outputs };
+ };
+ Object.defineProperty(Transaction.prototype, "isFinal", {
+ get: function () {
+ for (var idx = 0; idx < this.inputs.length; idx++)
+ if (this.inputStatus(idx) !== 'finalized')
+ return false;
+ return true;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "hasWitnesses", {
+ // Info utils
+ get: function () {
+ var out = false;
+ for (var _i = 0, _a = this.inputs; _i < _a.length; _i++) {
+ var i = _a[_i];
+ if (i.finalScriptWitness && i.finalScriptWitness.length)
+ out = true;
+ }
+ return out;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "weight", {
+ // https://en.bitcoin.it/wiki/Weight_units
+ get: function () {
+ if (!this.isFinal)
+ throw new Error('Transaction is not finalized');
+ // TODO: Can we find out how much witnesses/script will be used before signing?
+ var out = 32;
+ if (this.hasWitnesses)
+ out += 2;
+ out += 4 * CompactSizeLen.encode(this.inputs.length).length;
+ out += 4 * CompactSizeLen.encode(this.outputs.length).length;
+ for (var _i = 0, _a = this.inputs; _i < _a.length; _i++) {
+ var i = _a[_i];
+ out += 160 + 4 * taproot.VarBytes.encode(i.finalScriptSig).length;
+ }
+ for (var _b = 0, _c = this.outputs; _b < _c.length; _b++) {
+ var o = _c[_b];
+ out += 32 + 4 * taproot.VarBytes.encode(o.script).length;
+ }
+ if (this.hasWitnesses) {
+ for (var _d = 0, _e = this.inputs; _d < _e.length; _d++) {
+ var i = _e[_d];
+ if (i.finalScriptWitness)
+ out += taproot.RawWitness.encode(i.finalScriptWitness).length;
+ }
+ }
+ return out;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "vsize", {
+ get: function () {
+ return Math.ceil(this.weight / 4);
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Transaction.prototype.toBytes = function (withScriptSig, withWitness) {
+ if (withScriptSig === void 0) { withScriptSig = false; }
+ if (withWitness === void 0) { withWitness = false; }
+ return taproot.RawTx.encode({
+ version: this.version,
+ lockTime: this.lockTime,
+ inputs: this.inputs.map(function (i) { return (__assign(__assign({}, i), { finalScriptSig: (withScriptSig && i.finalScriptSig) || P.EMPTY })); }),
+ outputs: this.outputs,
+ witnesses: this.inputs.map(function (i) { return i.finalScriptWitness || []; }),
+ segwitFlag: withWitness && this.hasWitnesses,
+ });
+ };
+ Object.defineProperty(Transaction.prototype, "unsignedTx", {
+ get: function () {
+ return this.toBytes(false, false);
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "hex", {
+ get: function () {
+ return base.hex.encode(this.toBytes(true, this.hasWitnesses));
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "hash", {
+ // TODO: hash requires non-empty script in inputs, why?
+ get: function () {
+ if (!this.isFinal)
+ throw new Error('Transaction is not finalized');
+ return base.hex.encode(sha256x2(this.toBytes(true)));
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(Transaction.prototype, "id", {
+ get: function () {
+ if (!this.isFinal)
+ throw new Error('Transaction is not finalized');
+ return base.hex.encode(sha256x2(this.toBytes(true)).reverse());
+ },
+ enumerable: false,
+ configurable: true
+ });
+ // Input stuff
+ Transaction.prototype.checkInputIdx = function (idx) {
+ if (!Number.isSafeInteger(idx) || 0 > idx || idx >= this.inputs.length)
+ throw new Error("Wrong input index=".concat(idx));
+ };
+ // Modification
+ Transaction.prototype.normalizeInput = function (i, cur, allowedFields) {
+
+ var res = __assign(__assign({}, cur), i);
+ if (res.sequence === undefined)
+ res.sequence = taproot.DEFAULT_SEQUENCE;
+ if (res.hash === undefined && typeof res.txid === 'string')
+ res.hash = base.hex.decode(res.txid);
+ if (res.hash === undefined && typeof res.txid === 'object')
+ res.hash = res.txid;
+ if (typeof res.hash === 'string')
+ res.hash = base.hex.decode(res.hash).reverse();
+
+ if (res.tapMerkleRoot === null)
+ delete res.tapMerkleRoot;
+ if (res.hash === undefined || res.index === undefined)
+ throw new Error('Transaction/input: hash and index required');
+ res = mergeKeyMap(PSBTInput, res, cur, allowedFields);
+ PSBTInputCoder.encode(res);
+
+ // Cannot move in PSBTInputCoder, since it requires opts for parsing
+ if (res.nonWitnessUtxo) {
+ var outputs = res.nonWitnessUtxo.outputs;
+ if (outputs.length - 1 < res.index)
+ throw new Error('nonWitnessUtxo: incorect output index');
+ var tx = Transaction.fromRaw(taproot.RawTx.encode(res.nonWitnessUtxo), this.opts);
+ var hash = base.hex.encode(res.hash);
+ if (tx.id !== hash)
+ //ROHIT UNDONE var txid = base.hex.encode(res.txid);
+ //ROHIT UNDONE if (tx.id !== txid)
+ throw new Error("nonWitnessUtxo: wrong hash, exp=".concat(txid, " got=").concat(tx.id));
+ }
+ // TODO: use this.prevout?
+ var prevOut;
+ if (res.nonWitnessUtxo && i.index !== undefined)
+ prevOut = res.nonWitnessUtxo.outputs[res.index];
+ else if (res.witnessUtxo)
+ prevOut = res.witnessUtxo;
+ if (!this.opts.disableScriptCheck)
+ checkScript(prevOut && prevOut.script, res.redeemScript, res.witnessScript);
+ return res;
+ };
+ Transaction.prototype.addInput = function (input) {
+ if (!this.signStatus().addInput)
+ throw new Error('Tx has signed inputs, cannot add new one');
+ this.inputs.push(this.normalizeInput(input));
+ //ROHIT ATTEMPT UNDONE this.inputs.push(this.normalizeInput(this.inputs,input));
+ return this.inputs.length - 1;
+ };
+ Transaction.prototype.updateInput = function (idx, input) {
+ this.checkInputIdx(idx);
+ var allowedFields = undefined;
+ var status = this.signStatus();
+ if (!status.addInput || status.inputs.includes(idx))
+ allowedFields = PSBTInputUnsignedKeys;
+ this.inputs[idx] = this.normalizeInput(input, this.inputs[idx], allowedFields);
+ };
+ // Output stuff
+ Transaction.prototype.checkOutputIdx = function (idx) {
+ if (!Number.isSafeInteger(idx) || 0 > idx || idx >= this.outputs.length)
+ throw new Error("Wrong output index=".concat(idx));
+ };
+ Transaction.prototype.normalizeOutput = function (o, cur, allowedFields) {
+ var res = __assign(__assign({}, cur), o);
+ if (res.amount !== undefined)
+ res.amount = typeof res.amount === 'string' ? taproot.decimal.decode(res.amount) : res.amount;
+ res = mergeKeyMap(PSBTOutput, res, cur, allowedFields);
+ PSBTOutputCoder.encode(res);
+ if (res.script === undefined || res.amount === undefined)
+ throw new Error('Transaction/output: script and amount required');
+ if (!this.opts.allowUnknowOutput && taproot.OutScript.decode(res.script).type === 'unknown') {
+ throw new Error('Transaction/output: unknown output script type, there is a chance that input is unspendable. Pass allowUnkownScript=true, if you sure');
+ }
+ if (!this.opts.disableScriptCheck)
+ checkScript(res.script, res.redeemScript, res.witnessScript);
+ return res;
+ };
+ Transaction.prototype.addOutput = function (o) {
+ if (!this.signStatus().addOutput)
+ throw new Error('Tx has signed outputs, cannot add new one');
+ this.outputs.push(this.normalizeOutput(o));
+ return this.outputs.length - 1;
+ };
+ Transaction.prototype.updateOutput = function (idx, output) {
+ this.checkOutputIdx(idx);
+ var allowedFields = undefined;
+ var status = this.signStatus();
+ if (!status.addOutput || status.outputs.includes(idx))
+ allowedFields = PSBTOutputUnsignedKeys;
+ this.outputs[idx] = this.normalizeOutput(output, this.outputs[idx], allowedFields);
+ };
+ Transaction.prototype.addOutputAddress = function (address, amount, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ return this.addOutput({
+ script: taproot.OutScript.encode(Address(network).decode(address)),
+ amount: typeof amount === 'string' ? taproot.decimal.decode(amount) : amount,
+ });
+ };
+ Object.defineProperty(Transaction.prototype, "fee", {
+ // Utils
+ get: function () {
+ var res = 0n;
+ for (var _i = 0, _a = this.inputs; _i < _a.length; _i++) {
+ var i = _a[_i];
+ var prevOut = this.prevOut(i);
+ if (!prevOut)
+ throw new Error('Empty input amount');
+ res += prevOut.amount;
+ }
+ for (var _b = 0, _c = this.outputs; _b < _c.length; _b++) {
+ var i = _c[_b];
+ res -= i.amount;
+ }
+ return res;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ // Signing
+ // Based on https://github.com/bitcoin/bitcoin/blob/5871b5b5ab57a0caf9b7514eb162c491c83281d5/test/functional/test_framework/script.py#L624
+ // There is optimization opportunity to re-use hashes for multiple inputs for witness v0/v1,
+ // but we are trying to be less complicated for audit purpose for now.
+ Transaction.prototype.preimageLegacy = function (idx, prevOutScript, hashType) {
+ var _a = unpackSighash(hashType), isAny = _a.isAny, isNone = _a.isNone, isSingle = _a.isSingle;
+ if (idx < 0 || !Number.isSafeInteger(idx))
+ throw new Error("Invalid input idx=".concat(idx));
+ if ((isSingle && idx >= this.outputs.length) || idx >= this.inputs.length)
+ return P.U256BE.encode(1n);
+ prevOutScript = taproot.Script.encode(taproot.Script.decode(prevOutScript).filter(function (i) { return i !== 'CODESEPARATOR'; }));
+ var inputs = this.inputs.map(function (input, inputIdx) { return (__assign(__assign({}, input), { finalScriptSig: inputIdx === idx ? prevOutScript : P.EMPTY })); });
+ if (isAny)
+ inputs = [inputs[idx]];
+ else if (isNone || isSingle) {
+ inputs = inputs.map(function (input, inputIdx) { return (__assign(__assign({}, input), { sequence: inputIdx === idx ? def.sequence(input.sequence) : 0 })); });
+ }
+ var outputs = this.outputs;
+ if (isNone)
+ outputs = [];
+ else if (isSingle) {
+ outputs = this.outputs.slice(0, idx).fill(EMPTY_OUTPUT).concat([outputs[idx]]);
+ }
+ var tmpTx = taproot.RawTx.encode({
+ lockTime: this.lockTime,
+ version: this.version,
+ segwitFlag: false,
+ inputs: inputs,
+ outputs: outputs,
+ });
+ return sha256x2(tmpTx, P.I32LE.encode(hashType));
+ };
+ Transaction.prototype.preimageWitnessV0 = function (idx, prevOutScript, hashType, amount) {
+ var _a = unpackSighash(hashType), isAny = _a.isAny, isNone = _a.isNone, isSingle = _a.isSingle;
+ var inputHash = EMPTY32;
+ var sequenceHash = EMPTY32;
+ var outputHash = EMPTY32;
+ var inputs = this.inputs;
+ if (!isAny)
+ inputHash = sha256x2.apply(void 0, inputs.map(TxHashIdx.encode));
+ if (!isAny && !isSingle && !isNone)
+ sequenceHash = sha256x2.apply(void 0, inputs.map(function (i) { return P.U32LE.encode(def.sequence(i.sequence)); }));
+ if (!isSingle && !isNone) {
+ outputHash = sha256x2.apply(void 0, this.outputs.map(taproot.RawOutput.encode));
+ }
+ else if (isSingle && idx < this.outputs.length)
+ outputHash = sha256x2(taproot.RawOutput.encode(this.outputs[idx]));
+ var input = inputs[idx];
+ return sha256x2(P.I32LE.encode(this.version), inputHash, sequenceHash, P.bytes(32, true).encode(input.hash), P.U32LE.encode(input.index), taproot.VarBytes.encode(prevOutScript), P.U64LE.encode(amount), P.U32LE.encode(def.sequence(input.sequence)), outputHash, P.U32LE.encode(this.lockTime), P.U32LE.encode(hashType));
+ };
+ Transaction.prototype.preimageWitnessV1 = function (idx, prevOutScript, hashType, amount, codeSeparator, leafScript, leafVer, annex) {
+ if (codeSeparator === void 0) { codeSeparator = -1; }
+ if (leafVer === void 0) { leafVer = 0xc0; }
+ if (!Array.isArray(amount) || this.inputs.length !== amount.length)
+ throw new Error("Invalid amounts array=".concat(amount));
+ if (!Array.isArray(prevOutScript) || this.inputs.length !== prevOutScript.length)
+ throw new Error("Invalid prevOutScript array=".concat(prevOutScript));
+ var out = [
+ P.U8.encode(0),
+ P.U8.encode(hashType),
+ P.I32LE.encode(this.version),
+ P.U32LE.encode(this.lockTime),
+ ];
+ var outType = hashType === SignatureHash.DEFAULT ? SignatureHash.ALL : hashType & 3;
+ var inType = hashType & SignatureHash.ANYONECANPAY;
+ if (inType !== SignatureHash.ANYONECANPAY) {
+ out.push.apply(out, [
+ this.inputs.map(TxHashIdx.encode),
+ amount.map(P.U64LE.encode),
+ prevOutScript.map(taproot.VarBytes.encode),
+ this.inputs.map(function (i) { return P.U32LE.encode(def.sequence(i.sequence)); }),
+ ].map(function (i) { return (0, sha256_1.sha256)(concat.apply(void 0, i)); }));
+ }
+ if (outType === SignatureHash.ALL) {
+ out.push((0, sha256_1.sha256)(concat.apply(void 0, this.outputs.map(taproot.RawOutput.encode))));
+ }
+ var spendType = (annex ? 1 : 0) | (leafScript ? 2 : 0);
+ out.push(new Uint8Array([spendType]));
+ if (inType === SignatureHash.ANYONECANPAY) {
+ var inp = this.inputs[idx];
+ out.push(TxHashIdx.encode(inp), P.U64LE.encode(amount[idx]), taproot.VarBytes.encode(prevOutScript[idx]), P.U32LE.encode(def.sequence(inp.sequence)));
+ }
+ else
+ out.push(P.U32LE.encode(idx));
+ if (spendType & 1)
+ out.push((0, sha256_1.sha256)(taproot.VarBytes.encode(annex)));
+ if (outType === SignatureHash.SINGLE)
+ out.push(idx < this.outputs.length ? (0, sha256_1.sha256)(taproot.RawOutput.encode(this.outputs[idx])) : EMPTY32);
+ if (leafScript)
+ out.push((0, taproot.tapLeafHash)(leafScript, leafVer), P.U8.encode(0), P.I32LE.encode(codeSeparator));
+ return taggedHash.apply(void 0, __spreadArray(['TapSighash'], out, false));
+ };
+ // Utils for sign/finalize
+ // Used pretty often, should be fast
+ Transaction.prototype.prevOut = function (input) {
+ if (input.nonWitnessUtxo)
+ return input.nonWitnessUtxo.outputs[input.index];
+ else if (input.witnessUtxo)
+ return input.witnessUtxo;
+ else
+ throw new Error('Cannot find previous output info.');
+ };
+ Transaction.prototype.inputType = function (input) {
+ // TODO: check here if non-segwit tx + no nonWitnessUtxo
+ var txType = 'legacy';
+ var defaultSighash = SignatureHash.ALL;
+ var prevOut = this.prevOut(input);
+ var first = taproot.OutScript.decode(prevOut.script);
+ var type = first.type;
+ var cur = first;
+ var stack = [first];
+ if (first.type === 'tr') {
+ defaultSighash = SignatureHash.DEFAULT;
+ return {
+ txType: 'taproot',
+ type: 'tr',
+ last: first,
+ lastScript: prevOut.script,
+ defaultSighash: defaultSighash,
+ sighash: input.sighashType || defaultSighash,
+ };
+ }
+ else {
+ if (first.type === 'wpkh' || first.type === 'wsh')
+ txType = 'segwit';
+ if (first.type === 'sh') {
+ if (!input.redeemScript)
+ throw new Error('inputType: sh without redeemScript');
+ var child = taproot.OutScript.decode(input.redeemScript);
+ if (child.type === 'wpkh' || child.type === 'wsh')
+ txType = 'segwit';
+ stack.push(child);
+ cur = child;
+ type += "-".concat(child.type);
+ }
+ // wsh can be inside sh
+ if (cur.type === 'wsh') {
+ if (!input.witnessScript)
+ throw new Error('inputType: wsh without witnessScript');
+ var child = taproot.OutScript.decode(input.witnessScript);
+ if (child.type === 'wsh')
+ txType = 'segwit';
+ stack.push(child);
+ cur = child;
+ type += "-".concat(child.type);
+ }
+ // TODO: check for uncompressed public keys in segwit tx
+ var last = stack[stack.length - 1];
+ if (last.type === 'sh' || last.type === 'wsh')
+ throw new Error('inputType: sh/wsh cannot be terminal type');
+ var lastScript = taproot.OutScript.encode(last);
+ var res = {
+ type: type,
+ txType: txType,
+ last: last,
+ lastScript: lastScript,
+ defaultSighash: defaultSighash,
+ sighash: input.sighashType || defaultSighash,
+ };
+ return res;
+ }
+ };
+ // TODO: signer can be privateKey OR instance of bip32 HD stuff
+ Transaction.prototype.signIdx = function (privateKey, idx, allowedSighash, _auxRand) {
+ this.checkInputIdx(idx);
+ var input = this.inputs[idx];
+ var inputType = this.inputType(input);
+ // Handle BIP32 HDKey
+ if (!(privateKey instanceof Uint8Array)) {
+ if (!input.bip32Derivation || !input.bip32Derivation.length)
+ throw new Error('bip32Derivation: empty');
+ var signers = input.bip32Derivation
+ .filter(function (i) { return i[1].fingerprint == privateKey.fingerprint; })
+ .map(function (_a) {
+ var pubKey = _a[0], path = _a[1].path;
+ var s = privateKey;
+ for (var _i = 0, path_1 = path; _i < path_1.length; _i++) {
+ var i = path_1[_i];
+ s = s.deriveChild(i);
+ }
+ if (!P.equalBytes(s.publicKey, pubKey))
+ throw new Error('bip32Derivation: wrong pubKey');
+ if (!s.privateKey)
+ throw new Error('bip32Derivation: no privateKey');
+ return s;
+ });
+ if (!signers.length)
+ throw new Error("bip32Derivation: no items with fingerprint=".concat(privateKey.fingerprint));
+ var signed = false;
+ for (var _i = 0, signers_1 = signers; _i < signers_1.length; _i++) {
+
+ var s = signers_1[_i];
+ if (this.signIdx(s.privateKey, idx))
+ signed = true;
+ }
+ return signed;
+ }
+ // Sighash checks
+ // Just for compat with bitcoinjs-lib, so users won't face unexpected behaviour.
+ if (!allowedSighash)
+ allowedSighash = [inputType.defaultSighash];
+ var sighash = inputType.sighash;
+ if (!allowedSighash.includes(sighash)) {
+ throw new Error("Input with not allowed sigHash=".concat(sighash, ". Allowed: ").concat(allowedSighash.join(', ')));
+ }
+ // NOTE: it is possible to sign these inputs for legacy/segwit v0 (but no taproot!),
+ // however this was because of bug in bitcoin-core, which remains here because of consensus.
+ // If this is absolutely neccessary for you workflow, please open issue. For now it is disable to
+ // avoid complicated workflow where SINGLE will block adding new outputs
+ var _a = this.inputSighash(idx), sigInputs = _a.sigInputs, sigOutputs = _a.sigOutputs;
+ if (sigOutputs === SignatureHash.SINGLE && idx >= this.outputs.length) {
+ throw new Error("Input with sighash SINGLE, but there is no output with corresponding index=".concat(idx));
+ }
+ // Actual signing
+ // Taproot
+ var prevOut = this.prevOut(input);
+ if (inputType.txType === 'taproot') {
+ if (input.tapBip32Derivation)
+ throw new Error('tapBip32Derivation unsupported');
+ var prevOuts = this.inputs.map(this.prevOut);
+ var prevOutScript = prevOuts.map(function (i) { return i.script; });
+ var amount = prevOuts.map(function (i) { return i.amount; });
+ var signed = false;
+ var schnorrPub = secp.schnorr.getPublicKey(privateKey);
+ var merkleRoot = input.tapMerkleRoot || P.EMPTY;
+ if (input.tapInternalKey) {
+ // internal + tweak = tweaked key
+ // if internal key == current public key, we need to tweak private key,
+ // otherwise sign as is. bitcoinjs implementation always wants tweaked
+ // priv key to be provided
+ var _b = getTaprootKeys(privateKey, schnorrPub, input.tapInternalKey, merkleRoot), pubKey = _b.pubKey, privKey = _b.privKey;
+ var _c = taprootTweakPubkey(input.tapInternalKey, merkleRoot), taprootPubKey = _c[0], parity = _c[1];
+ if (P.equalBytes(taprootPubKey, pubKey)) {
+ var hash = this.preimageWitnessV1(idx, prevOutScript, sighash, amount);
+ var sig = concat(secp.schnorr.signSync(hash, privKey, _auxRand), sighash !== SignatureHash.DEFAULT ? new Uint8Array([sighash]) : P.EMPTY);
+ this.updateInput(idx, { tapKeySig: sig });
+ signed = true;
+ }
+ }
+ if (input.tapLeafScript) {
+ input.tapScriptSig = input.tapScriptSig || [];
+ var _loop_3 = function (cb, _script) {
+ var script = _script.subarray(0, -1);
+ var scriptDecoded = taproot.Script.decode(script);
+ var ver = _script[_script.length - 1];
+ var hash = (0, taproot.tapLeafHash)(script, ver);
+ var _j = getTaprootKeys(privateKey, schnorrPub, cb.internalKey, P.EMPTY // Because we cannot have nested taproot tree
+ ), pubKey = _j.pubKey, privKey = _j.privKey;
+ var pos = scriptDecoded.findIndex(function (i) { return i instanceof Uint8Array && P.equalBytes(i, pubKey); });
+ // Skip if there is no public key in tapLeafScript
+ if (pos === -1)
+ return "continue";
+ var msg = this_1.preimageWitnessV1(idx, prevOutScript, sighash, amount, undefined, script, ver);
+ var sig = concat(secp.schnorr.signSync(msg, privKey, _auxRand), sighash !== SignatureHash.DEFAULT ? new Uint8Array([sighash]) : P.EMPTY);
+ this_1.updateInput(idx, { tapScriptSig: [[{ pubKey: pubKey, leafHash: hash }, sig]] });
+ signed = true;
+ };
+ var this_1 = this;
+ for (var _d = 0, _e = input.tapLeafScript; _d < _e.length; _d++) {
+ var _f = _e[_d], cb = _f[0], _script = _f[1];
+ _loop_3(cb, _script);
+ }
+ }
+ if (!signed)
+ throw new Error('No taproot scripts signed');
+ return true;
+ }
+ else {
+ // only compressed keys are supported for now
+ var pubKey = secp.getPublicKey(privateKey, true);
+ // TODO: replace with explicit checks
+ // Check if script has public key or its has inside
+ var hasPubkey = false;
+ var pubKeyHash = hash160(pubKey);
+ for (var _g = 0, _h = taproot.Script.decode(inputType.lastScript); _g < _h.length; _g++) {
+ var i = _h[_g];
+ if (i instanceof Uint8Array && (P.equalBytes(i, pubKey) || P.equalBytes(i, pubKeyHash)))
+ hasPubkey = true;
+ }
+ if (!hasPubkey)
+ throw new Error("Input script doesn't have pubKey: ".concat(inputType.lastScript));
+ var hash = void 0;
+ if (inputType.txType === 'legacy') {
+ if (!this.opts.allowLegacyWitnessUtxo && !input.nonWitnessUtxo) {
+ throw new Error("Transaction/sign: legacy input without nonWitnessUtxo, can result in attack that forces paying higher fees. Pass allowLegacyWitnessUtxo=true, if you sure");
+ }
+ hash = this.preimageLegacy(idx, inputType.lastScript, sighash);
+ }
+ else if (inputType.txType === 'segwit') {
+ var script = inputType.lastScript;
+ // If wpkh OR sh-wpkh, wsh-wpkh is impossible, so looks ok
+ // TODO: re-check
+ if (inputType.last.type === 'wpkh')
+ script = taproot.OutScript.encode({ type: 'pkh', hash: inputType.last.hash });
+ hash = this.preimageWitnessV0(idx, script, sighash, prevOut.amount);
+ }
+ else
+ throw new Error("Transaction/sign: unknown tx type: ".concat(inputType.txType));
+ var sig = signECDSA(hash, privateKey, this.opts.lowR);
+ this.updateInput(idx, {
+ partialSig: [[pubKey, concat(sig, new Uint8Array([sighash]))]],
+ });
+ }
+ return true;
+ };
+ // TODO: this is bad API. Will work if user creates and signs tx, but if
+ // there is some complex workflow with exchanging PSBT and signing them,
+ // then it is better to validate which output user signs. How could a better API look like?
+ // Example: user adds input, sends to another party, then signs received input (mixer etc),
+ // another user can add different input for same key and user will sign it.
+ // Even worse: another user can add bip32 derivation, and spend money from different address.
+ Transaction.prototype.sign = function (privateKey, allowedSighash, _auxRand) {
+ //debugger; //ROHIT
+ var num = 0;
+ for (var i = 0; i < this.inputs.length; i++) {
+ try {
+ if (this.signIdx(privateKey, i, allowedSighash, _auxRand))
+ num++;
+ }
+ catch (e) { }
+ }
+ if (!num)
+ throw new Error('No inputs signed');
+ return num;
+ };
+ Transaction.prototype.finalizeIdx = function (idx) {
+ this.checkInputIdx(idx);
+ if (this.fee < 0n)
+ throw new Error('Outputs spends more than inputs amount');
+ var input = this.inputs[idx];
+ var inputType = this.inputType(input);
+ // Taproot finalize
+ if (inputType.txType === 'taproot') {
+ if (input.tapKeySig)
+ input.finalScriptWitness = [input.tapKeySig];
+ else if (input.tapLeafScript && input.tapScriptSig) {
+ // TODO: this works the same as bitcoinjs lib fork, however it is not secure,
+ // since we add signatures to script which we don't understand.
+ // Maybe it is better to disable it?
+ // Proper way will be to create check for known scripts, however MuSig, p2tr_ns and other
+ // scripts are still not standard; and it will take significant amount of work for them.
+ // Sort leafs by control block length. TODO: maybe need to check script length too?
+ var leafs = input.tapLeafScript.sort(function (a, b) {
+ return taproot.TaprootControlBlock.encode(a[0]).length - taproot.TaprootControlBlock.encode(b[0]).length;
+ });
+ var _loop_4 = function (cb, _script) {
+ // Last byte is version
+ var script = _script.slice(0, -1);
+ var ver = _script[_script.length - 1];
+ var outScript_1 = taproot.OutScript.decode(script);
+ var hash = (0, taproot.tapLeafHash)(script, ver);
+ var scriptSig = input.tapScriptSig.filter(function (i) { return P.equalBytes(i[0].leafHash, hash); });
+ var signatures = [];
+ if (outScript_1.type === 'tr_ms') {
+ var m = outScript_1.m;
+ var pubkeys = outScript_1.pubkeys;
+ var added = 0;
+ var _loop_6 = function (pub) {
+ var sigIdx = scriptSig.findIndex(function (i) { return P.equalBytes(i[0].pubKey, pub); });
+ // Should have exact amount of signatures (more -- will fail)
+ if (added === m || sigIdx === -1) {
+ signatures.push(P.EMPTY);
+ return "continue";
+ }
+ signatures.push(scriptSig[sigIdx][1]);
+ added++;
+ };
+ for (var _c = 0, pubkeys_3 = pubkeys; _c < pubkeys_3.length; _c++) {
+ var pub = pubkeys_3[_c];
+ _loop_6(pub);
+ }
+ // Should be exact same as m
+ if (added !== m)
+ return "continue";
+ }
+ else if (outScript_1.type === 'tr_ns') {
+ var _loop_7 = function (pub) {
+ var sigIdx = scriptSig.findIndex(function (i) { return P.equalBytes(i[0].pubKey, pub); });
+ if (sigIdx === -1)
+ return "continue";
+ signatures.push(scriptSig[sigIdx][1]);
+ };
+ for (var _d = 0, _e = outScript_1.pubkeys; _d < _e.length; _d++) {
+ var pub = _e[_d];
+ _loop_7(pub);
+ }
+ if (signatures.length !== outScript_1.pubkeys.length)
+ return "continue";
+ }
+ else if (outScript_1.type === 'unknown' && this_2.opts.allowUnknowInput) {
+ // Trying our best to sign what we can
+ var scriptDecoded_1 = taproot.Script.decode(script);
+ signatures = scriptSig
+ .map(function (_a) {
+ var pubKey = _a[0].pubKey, signature = _a[1];
+ var pos = scriptDecoded_1.findIndex(function (i) { return i instanceof Uint8Array && P.equalBytes(i, pubKey); });
+ if (pos === -1)
+ throw new Error('finalize/taproot: cannot find position of pubkey in script');
+ return { signature: signature, pos: pos };
+ })
+ // Reverse order (because witness is stack and we take last element first from it)
+ .sort(function (a, b) { return a.pos - b.pos; })
+ .map(function (i) { return i.signature; });
+ if (!signatures.length)
+ return "continue";
+ }
+ else
+ throw new Error('Finalize: Unknown tapLeafScript');
+ // Witness is stack, so last element will be used first
+ input.finalScriptWitness = signatures
+ .reverse()
+ .concat([script, taproot.TaprootControlBlock.encode(cb)]);
+ return "break";
+ };
+ var this_2 = this;
+ for (var _i = 0, leafs_1 = leafs; _i < leafs_1.length; _i++) {
+ var _a = leafs_1[_i], cb = _a[0], _script = _a[1];
+ var state_1 = _loop_4(cb, _script);
+ if (state_1 === "break")
+ break;
+ }
+ if (!input.finalScriptWitness)
+ throw new Error('finalize/taproot: empty witness');
+ }
+ else
+ throw new Error('finalize/taproot: unknown input');
+ // Clean input
+ for (var k in input)
+ if (!PSBTInputFinalKeys.includes(k))
+ delete input[k];
+ return;
+ }
+ var outScript = inputType.lastScript;
+ var isSegwit = inputType.txType === 'segwit';
+ if (!input.partialSig || !input.partialSig.length)
+ throw new Error('Not enough partial sign');
+ // TODO: this is completely broken, fix.
+ var inputScript;
+ var witness = [];
+ // TODO: move input scripts closer to payments/output scripts
+ // Multisig
+ if (inputType.last.type === 'ms') {
+ var m = inputType.last.m;
+ var pubkeys = inputType.last.pubkeys;
+ var signatures = [];
+ var _loop_5 = function (pub) {
+ var sign = input.partialSig.find(function (s) { return P.equalBytes(pub, s[0]); });
+ if (!sign)
+ return "continue";
+ signatures.push(sign[1]);
+ };
+ // partial: [pubkey, sign]
+ for (var _b = 0, pubkeys_2 = pubkeys; _b < pubkeys_2.length; _b++) {
+ var pub = pubkeys_2[_b];
+ _loop_5(pub);
+ }
+ signatures = signatures.slice(0, m);
+ if (signatures.length !== m) {
+ throw new Error("Multisig: wrong signatures count, m=".concat(m, " n=").concat(pubkeys.length, " signatures=").concat(signatures.length));
+ }
+ inputScript = taproot.Script.encode(__spreadArray(['OP_0'], signatures, true));
+ }
+ else if (inputType.last.type === 'pk') {
+ inputScript = taproot.Script.encode([input.partialSig[0][1]]);
+ }
+ else if (inputType.last.type === 'pkh') {
+ // check if output is correct here
+ inputScript = taproot.Script.encode([input.partialSig[0][1], input.partialSig[0][0]]);
+ }
+ else if (inputType.last.type === 'wpkh') {
+ // check if output is correct here
+ inputScript = P.EMPTY;
+ witness = [input.partialSig[0][1], input.partialSig[0][0]];
+ }
+ else if (inputType.last.type === 'unknown' && !this.opts.allowUnknowInput)
+ throw new Error('Unknown inputs not allowed');
+ var finalScriptSig, finalScriptWitness;
+ if (input.witnessScript) {
+ // P2WSH
+ if (inputScript && inputScript.length > 0 && outScript && outScript.length > 0) {
+ witness = taproot.Script.decode(inputScript).map(function (i) {
+ if (i === 'OP_0')
+ return P.EMPTY;
+ if (i instanceof Uint8Array)
+ return i;
+ throw new Error("Wrong witness op=".concat(i));
+ });
+ }
+ if (witness && outScript)
+ witness = witness.concat(outScript);
+ outScript = taproot.Script.encode(['OP_0', (0, sha256_1.sha256)(outScript)]);
+ inputScript = P.EMPTY;
+ }
+ if (isSegwit)
+ finalScriptWitness = witness;
+ if (input.redeemScript) {
+ // P2SH
+ finalScriptSig = taproot.Script.encode(__spreadArray(__spreadArray([], taproot.Script.decode(inputScript), true), [outScript], false));
+ }
+ else if (!isSegwit)
+ finalScriptSig = inputScript;
+ if (!finalScriptSig && !finalScriptWitness)
+ throw new Error('Unknown error finalizing input');
+ if (finalScriptSig)
+ input.finalScriptSig = finalScriptSig;
+ if (finalScriptWitness)
+ input.finalScriptWitness = finalScriptWitness;
+ // Clean input
+ for (var k in input)
+ if (!PSBTInputFinalKeys.includes(k))
+ delete input[k];
+ };
+ Transaction.prototype.finalize = function () {
+ for (var i = 0; i < this.inputs.length; i++)
+ this.finalizeIdx(i);
+ };
+ Transaction.prototype.extract = function () {
+ if (!this.isFinal)
+ throw new Error('Transaction has unfinalized inputs');
+ if (!this.outputs.length)
+ throw new Error('Transaction has no outputs');
+ // TODO: Check if inputs.amount >= outputs.amount
+ return this.toBytes(true, true);
+ };
+ Transaction.prototype.combine = function (other) {
+ for (var _i = 0, _a = ['PSBTVersion', 'version', 'lockTime']; _i < _a.length; _i++) {
+ var k = _a[_i];
+ if (this[k] !== other[k])
+ throw new Error("Transaction/combine: different ".concat(k, " this=").concat(this[k], " other=").concat(other[k]));
+ }
+ for (var _b = 0, _c = ['inputs', 'outputs']; _b < _c.length; _b++) {
+ var k = _c[_b];
+ if (this[k].length !== other[k].length) {
+ throw new Error("Transaction/combine: different ".concat(k, " length this=").concat(this[k].length, " other=").concat(other[k].length));
+ }
+ }
+ var thisUnsigned = this.global.unsignedTx ? taproot.RawTx.encode(this.global.unsignedTx) : P.EMPTY;
+ var otherUnsigned = other.global.unsignedTx ? taproot.RawTx.encode(other.global.unsignedTx) : P.EMPTY;
+ if (!P.equalBytes(thisUnsigned, otherUnsigned))
+ throw new Error("Transaction/combine: different unsigned tx");
+ this.global = mergeKeyMap(PSBTGlobal, this.global, other.global);
+ for (var i = 0; i < this.inputs.length; i++)
+ this.updateInput(i, other.inputs[i]);
+ for (var i = 0; i < this.outputs.length; i++)
+ this.updateOutput(i, other.outputs[i]);
+ return this;
+ };
+ return Transaction;
+ }());
+ taproot.Transaction = Transaction;
+ // User facing API?
+ // Simple pubkey address, without complex scripts
+ function getAddress(type, privKey, network) {
+ if (network === void 0) { network = taproot.NETWORK; }
+ if (type === 'tr') {
+ return p2tr(secp.schnorr.getPublicKey(privKey), undefined, network).address;
+ }
+ var pubKey = secp.getPublicKey(privKey, true);
+ if (type === 'pkh')
+ return (0, taproot.p2pkh)(pubKey, network).address;
+ if (type === 'wpkh')
+ return (0, taproot.p2wpkh)(pubKey, network).address;
+ throw new Error("getAddress: unknown type=".concat(type));
+ }
+ taproot.getAddress = getAddress;
+ // TODO: rewrite
+ function multisig(m, pubkeys, sorted, witness) {
+ if (sorted === void 0) { sorted = false; }
+ if (witness === void 0) { witness = false; }
+ var ms = (0, taproot.p2ms)(m, sorted ? (0, taproot._sortPubkeys)(pubkeys) : pubkeys);
+ return witness ? (0, taproot.p2wsh)(ms) : (0, taproot.p2sh)(ms);
+ }
+ taproot.multisig = multisig;
+ function sortedMultisig(m, pubkeys, witness) {
+ if (witness === void 0) { witness = false; }
+ return multisig(m, pubkeys, true, witness);
+ }
+ taproot.sortedMultisig = sortedMultisig;
+ // Copy-pase from bip32 derive, maybe do something like 'bip32.parsePath'?
+ var HARDENED_OFFSET = 0x80000000;
+ function bip32Path(path) {
+ var out = [];
+ if (!/^[mM]'?/.test(path))
+ throw new Error('Path must start with "m" or "M"');
+ if (/^[mM]'?$/.test(path))
+ return out;
+ var parts = path.replace(/^[mM]'?\//, '').split('/');
+ for (var _i = 0, parts_1 = parts; _i < parts_1.length; _i++) {
+ var c = parts_1[_i];
+ var m = /^(\d+)('?)$/.exec(c);
+ if (!m || m.length !== 3)
+ throw new Error("Invalid child index: ".concat(c));
+ var idx = +m[1];
+ if (!Number.isSafeInteger(idx) || idx >= HARDENED_OFFSET)
+ throw new Error('Invalid index');
+ // hardened key
+ if (m[2] === "'")
+ idx += HARDENED_OFFSET;
+ out.push(idx);
+ }
+ return out;
+ }
+ taproot.bip32Path = bip32Path;
+ function PSBTCombine(psbts) {
+ if (!psbts || !Array.isArray(psbts) || !psbts.length)
+ throw new Error('PSBTCombine: wrong PSBT list');
+ var tx = Transaction.fromPSBT(psbts[0]);
+ for (var i = 1; i < psbts.length; i++)
+ tx.combine(Transaction.fromPSBT(psbts[i]));
+ return tx.toPSBT();
+ }
+ taproot.PSBTCombine = PSBTCombine;
+ function numberToScriptArray(number) {
+
+ array = coinjs.numToBytes(number);
+ let lastIndex = array.length - 1;
+ while (lastIndex >= 0 && array[lastIndex] === 0) {
+ lastIndex--;
+ }
+ array.splice(lastIndex + 1);
+ return array;
+ }
+ taproot.numberToScriptArray = numberToScriptArray;
+})();
+
+//Inserting these two lines so that Paul Miller Github tests can work.
+var hex = base.hex;
+var btc = taproot;
+var Transaction = taproot.Transaction;
+var secp256k1_schnorr = secp.schnorr;
+var secp256k1 = secp;
+var schnorr = secp.schnorr;
+
+//ChatGPT replaced code for deeStrictEqual and should
+function deepStrictEqual(actual, expected) {
+ if (typeof actual !== 'object' || typeof expected !== 'object') {
+ const result = actual === expected;
+ console.log(`deepStrictEqual: ${result ? 'Success' : 'Failure'} - Actual: ${actual}, Expected: ${expected}`);
+ return result;
+ }
+
+ const actualKeys = Object.keys(actual);
+ const expectedKeys = Object.keys(expected);
+
+ if (actualKeys.length !== expectedKeys.length) {
+ console.log(`deepStrictEqual: Failure - Different number of keys`);
+ return false;
+ }
+
+ for (const key of actualKeys) {
+ if (!deepStrictEqual(actual[key], expected[key])) {
+ console.log(`deepStrictEqual: Failure - Property '${key}' mismatch`);
+ return false;
+ }
+ }
+
+ console.log(`deepStrictEqual: Success`);
+ return true;
+}
+
+// Test suite function (replaced with should)
+function should(suiteDescription, tests) {
+ console.log(`Running test suite: ${suiteDescription}`);
+ tests();
+}
+
+
+// Test runner function
+function test(testDescription, testFunction) {
+ try {
+ testFunction();
+ } catch (error) {
+ logResult(false, `${testDescription} - ${error}`);
+ }
+}
+
+// Log test result
+function logResult(result, message) {
+ if (result) {
+ console.log(`YESSS ${message}`);
+ } else {
+ console.error(`NO!!! ${message}`);
+ }
+}
+
+function throws(func) {
+ try {
+ func();
+ console.log(`throws: Failure - No exception was thrown`);
+ return false;
+ } catch (error) {
+ console.log(`throws: Success - Exception was thrown: ${error}`);
+ return true;
+ }
+}
+
+// End of ChatGPT test functions
+
+function demonstrateNestedArray(nestedArray) {
+
+ console.log("Original nestedArray:");
+ console.log(nestedArray);
+
+ console.log("\nAccessing elements:");
+
+
+ console.log("\nIterating through nestedArray:");
+ for (var i = 0; i < nestedArray.length; i++) {
+ if (Array.isArray(nestedArray[i])) {
+ console.log("Element at index", i, "is an array:", nestedArray[i]);
+ for (var j = 0; j < nestedArray[i].length; j++) {
+ console.log(" Element at index", j, ":", nestedArray[i][j]);
+ }
+ } else {
+ console.log("Element at index", i, ":", nestedArray[i]);
+ }
+ }
+}
+
+//START OF BIP32 SECTION
+/*! scure-bip32 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */
+var bip32 = {};
+(function () {
+ var HDKey = /** @class */ (function () {
+
+ var hmac = hashmini.hmac;
+ var ripemd160 = hashmini.ripemd160;
+ var sha256 = hashmini.sha256;
+ var sha512 = hashmini.sha512;
+ //var _assert_1 = require("@noble/hashes/_assert");
+ var utils_1 = hashmini.utils;
+ var modular_1 = secp.utils;
+ //var base_1 = base;
+ var Point = secp.Point;
+ var base58check = (0, base.base58check)(sha256);
+
+ function _assert_1(condition, message = "Assertion failed") {
+ if (!condition) {
+ throw new Error(message);
+ }
+ }
+
+ function _assert_1(value, length, message = "Value is not a Uint8Array or does not have the expected length") {
+ if (!(value instanceof Uint8Array)) {
+ throw new Error(message);
+ }
+ }
+
+ const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+
+ var __assign = (this && this.__assign) || function () {
+ return Object.assign.apply(Object, arguments);
+ };
+
+
+ function utf8ToBytes(str) {
+ if (typeof str !== 'string') {
+ throw new TypeError(`utf8ToBytes expected string, got ${typeof str}`);
+ }
+ return new TextEncoder().encode(str);
+ }
+
+
+ function bytesToNumber(bytes) {
+ return BigInt("0x".concat((0, utils_1.bytesToHex)(bytes)));
+ }
+ function numberToBytes(num) {
+ return (0, utils_1.hexToBytes)(num.toString(16).padStart(64, '0'));
+ }
+ var MASTER_SECRET = (0, utf8ToBytes)('Bitcoin seed');
+ // Bitcoin hardcoded by default
+ var BITCOIN_VERSIONS = { private: 0x0488ade4, public: 0x0488b21e };
+ var HARDENED_OFFSET = 0x80000000;
+ var hash160 = function (data) { return (0, ripemd160)((0, sha256)(data)); };
+ var fromU32 = function (data) { return (0, createView)(data).getUint32(0, false); };
+ var toU32 = function (n) {
+ if (!Number.isSafeInteger(n) || n < 0 || n > Math.pow(2, 32) - 1) {
+ throw new Error("Invalid number=".concat(n, ". Should be from 0 to 2 ** 32 - 1"));
+ }
+ var buf = new Uint8Array(4);
+ (0, createView)(buf).setUint32(0, n, false);
+ return buf;
+ };
+
+ function HDKey(opt) {
+ this.depth = 0;
+ this.index = 0;
+ this.chainCode = null;
+ this.parentFingerprint = 0;
+ if (!opt || typeof opt !== 'object') {
+ throw new Error('HDKey.constructor must not be called directly');
+ }
+ this.versions = opt.versions || BITCOIN_VERSIONS;
+ this.depth = opt.depth || 0;
+ this.chainCode = opt.chainCode;
+ this.index = opt.index || 0;
+ this.parentFingerprint = opt.parentFingerprint || 0;
+ if (!this.depth) {
+ if (this.parentFingerprint || this.index) {
+ throw new Error('HDKey: zero depth with non-zero index/parent fingerprint');
+ }
+ }
+ if (opt.publicKey && opt.privateKey) {
+ throw new Error('HDKey: publicKey and privateKey at same time.');
+ }
+ if (opt.privateKey) {
+ if (!secp.utils.isValidPrivateKey(opt.privateKey)) {
+ throw new Error('Invalid private key');
+ }
+ this.privKey =
+ typeof opt.privateKey === 'bigint' ? opt.privateKey : bytesToNumber(opt.privateKey);
+ this.privKeyBytes = numberToBytes(this.privKey);
+ this.pubKey = secp.getPublicKey(opt.privateKey, true);
+ }
+ else if (opt.publicKey) {
+ this.pubKey = Point.fromHex(opt.publicKey).toRawBytes(true); // force compressed point
+ }
+ else {
+ throw new Error('HDKey: no public or private key provided');
+ }
+ this.pubHash = hash160(this.pubKey);
+ }
+ Object.defineProperty(HDKey.prototype, "fingerprint", {
+ get: function () {
+ if (!this.pubHash) {
+ throw new Error('No publicKey set!');
+ }
+ return fromU32(this.pubHash);
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(HDKey.prototype, "identifier", {
+ get: function () {
+ return this.pubHash;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(HDKey.prototype, "pubKeyHash", {
+ get: function () {
+ return this.pubHash;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(HDKey.prototype, "privateKey", {
+ get: function () {
+ return this.privKeyBytes || null;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(HDKey.prototype, "publicKey", {
+ get: function () {
+ return this.pubKey || null;
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(HDKey.prototype, "privateExtendedKey", {
+ get: function () {
+ var priv = this.privateKey;
+ if (!priv) {
+ throw new Error('No private key');
+ }
+ return base58check.encode(this.serialize(this.versions.private, (0, utils_1.concatBytes)(new Uint8Array([0]), priv)));
+ },
+ enumerable: false,
+ configurable: true
+ });
+ Object.defineProperty(HDKey.prototype, "publicExtendedKey", {
+ get: function () {
+ if (!this.pubKey) {
+ throw new Error('No public key');
+ }
+ return base58check.encode(this.serialize(this.versions.public, this.pubKey));
+ },
+ enumerable: false,
+ configurable: true
+ });
+ HDKey.fromMasterSeed = function (seed, versions) {
+ if (versions === void 0) { versions = BITCOIN_VERSIONS; }
+ (0, _assert_1)(seed);
+ if (8 * seed.length < 128 || 8 * seed.length > 512) {
+ throw new Error("HDKey: wrong seed length=".concat(seed.length, ". Should be between 128 and 512 bits; 256 bits is advised)"));
+ }
+ var I = (0, hmac)(sha512, MASTER_SECRET, seed);
+ return new HDKey({
+ versions: versions,
+ chainCode: I.slice(32),
+ privateKey: I.slice(0, 32),
+ });
+ };
+ HDKey.fromExtendedKey = function (base58key, versions) {
+ if (versions === void 0) { versions = BITCOIN_VERSIONS; }
+ // => version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33)
+ var keyBuffer = base58check.decode(base58key);
+ var keyView = (0, createView)(keyBuffer);
+ var version = keyView.getUint32(0, false);
+ var opt = {
+ versions: versions,
+ depth: keyBuffer[4],
+ parentFingerprint: keyView.getUint32(5, false),
+ index: keyView.getUint32(9, false),
+ chainCode: keyBuffer.slice(13, 45),
+ };
+ var key = keyBuffer.slice(45);
+ var isPriv = key[0] === 0;
+ if (version !== versions[isPriv ? 'private' : 'public']) {
+ throw new Error('Version mismatch');
+ }
+ if (isPriv) {
+ return new HDKey(__assign(__assign({}, opt), { privateKey: key.slice(1) }));
+ }
+ else {
+ return new HDKey(__assign(__assign({}, opt), { publicKey: key }));
+ }
+ };
+ HDKey.fromJSON = function (json) {
+ return HDKey.fromExtendedKey(json.xpriv);
+ };
+ HDKey.prototype.derive = function (path) {
+ if (!/^[mM]'?/.test(path)) {
+ throw new Error('Path must start with "m" or "M"');
+ }
+ if (/^[mM]'?$/.test(path)) {
+ return this;
+ }
+ var parts = path.replace(/^[mM]'?\//, '').split('/');
+ // tslint:disable-next-line
+ var child = this;
+ for (var _i = 0, parts_1 = parts; _i < parts_1.length; _i++) {
+ var c = parts_1[_i];
+ var m = /^(\d+)('?)$/.exec(c);
+ var m1 = m && m[1];
+ if (!m || m.length !== 3 || typeof m1 !== 'string') {
+ throw new Error("Invalid child index: ".concat(c));
+ }
+ var idx = +m1;
+ if (!Number.isSafeInteger(idx) || idx >= HARDENED_OFFSET) {
+ throw new Error('Invalid index');
+ }
+ // hardened key
+ if (m[2] === "'") {
+ idx += HARDENED_OFFSET;
+ }
+ child = child.deriveChild(idx);
+ }
+ return child;
+ };
+ HDKey.prototype.deriveChild = function (index) {
+ if (!this.pubKey || !this.chainCode) {
+ throw new Error('No publicKey or chainCode set');
+ }
+ var data = toU32(index);
+ if (index >= HARDENED_OFFSET) {
+ // Hardened
+ var priv = this.privateKey;
+ if (!priv) {
+ throw new Error('Could not derive hardened child key');
+ }
+ // Hardened child: 0x00 || ser256(kpar) || ser32(index)
+ data = (0, utils_1.concatBytes)(new Uint8Array([0]), priv, data);
+ }
+ else {
+ // Normal child: serP(point(kpar)) || ser32(index)
+ data = (0, utils_1.concatBytes)(this.pubKey, data);
+ }
+ var I = (0, hmac)(sha512, this.chainCode, data);
+ var childTweak = bytesToNumber(I.slice(0, 32));
+ var chainCode = I.slice(32);
+ if (!secp.utils.isValidPrivateKey(childTweak)) {
+ throw new Error('Tweak bigger than curve order');
+ }
+ var opt = {
+ versions: this.versions,
+ chainCode: chainCode,
+ depth: this.depth + 1,
+ parentFingerprint: this.fingerprint,
+ index: index,
+ };
+ try {
+ // Private parent key -> private child key
+ if (this.privateKey) {
+ var added = (0, modular_1.mod)(this.privKey + childTweak, secp.CURVE.n);
+ if (!secp.utils.isValidPrivateKey(added)) {
+ throw new Error('The tweak was out of range or the resulted private key is invalid');
+ }
+ opt.privateKey = added;
+ }
+ else {
+ var added = Point.fromHex(this.pubKey).add(Point.fromPrivateKey(childTweak));
+ // Cryptographically impossible: hmac-sha512 preimage would need to be found
+ if (added.equals(Point.ZERO)) {
+ throw new Error('The tweak was equal to negative P, which made the result key invalid');
+ }
+ opt.publicKey = added.toRawBytes(true);
+ }
+ return new HDKey(opt);
+ }
+ catch (err) {
+ return this.deriveChild(index + 1);
+ }
+ };
+ HDKey.prototype.sign = function (hash) {
+ if (!this.privateKey) {
+ throw new Error('No privateKey set!');
+ }
+ (0, _assert_1)(hash, 32);
+ return secp.sign(hash, this.privKey).toCompactRawBytes();
+ };
+ HDKey.prototype.verify = function (hash, signature) {
+ (0, _assert_1)(hash, 32);
+ (0, _assert_1)(signature, 64);
+ if (!this.publicKey) {
+ throw new Error('No publicKey set!');
+ }
+ var sig;
+ try {
+ sig = secp.Signature.fromCompact(signature);
+ }
+ catch (error) {
+ return false;
+ }
+ return secp.verify(sig, hash, this.publicKey);
+ };
+ HDKey.prototype.wipePrivateData = function () {
+ this.privKey = undefined;
+ if (this.privKeyBytes) {
+ this.privKeyBytes.fill(0);
+ this.privKeyBytes = undefined;
+ }
+ return this;
+ };
+ HDKey.prototype.toJSON = function () {
+ return {
+ xpriv: this.privateExtendedKey,
+ xpub: this.publicExtendedKey,
+ };
+ };
+ HDKey.prototype.serialize = function (version, key) {
+ if (!this.chainCode) {
+ throw new Error('No chainCode set');
+ }
+ (0, _assert_1)(key, 33);
+ // version(4) || depth(1) || fingerprint(4) || index(4) || chain(32) || key(33)
+ return (0, utils_1.concatBytes)(toU32(version), new Uint8Array([this.depth]), toU32(this.parentFingerprint), toU32(this.index), this.chainCode, key);
+ };
+ return HDKey;
+ }());
+ bip32.HDKey = HDKey
+})();
+var HDKey = bip32.HDKey;
+
diff --git a/scripts/usdc_balance.js b/scripts/usdc_balance.js
new file mode 100644
index 0000000..b0f21e6
--- /dev/null
+++ b/scripts/usdc_balance.js
@@ -0,0 +1,51 @@
+let isMetamaskConnected = false;
+function connectToMetaMask() {
+ if (typeof window.ethereum === "undefined")
+ return console.log("Please install MetaMask.");
+ return ethereum
+ .request({ method: 'eth_requestAccounts' })
+ .then(() => {
+ console.log('MetaMask connected');
+ isMetamaskConnected = true;
+ })
+ .catch((error) => {
+ if (error.code === 4001) {
+ // EIP-1193 userRejectedRequest error
+ console.log('Please connect to MetaMask.');
+ } else {
+ console.error(error);
+ }
+ isMetamaskConnected = false;
+ });
+}
+// connectToMetaMask();
+async function checkUSDCBalance(ethAddress) {
+ try {
+ if (!isMetamaskConnected) {
+ await connectToMetaMask();
+ }
+ const provider = new ethers.providers.Web3Provider(window.ethereum);
+
+ const usdcContractAddress = "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"; // USDC contract address on Ethereum mainnet
+ const usdcContract = new ethers.Contract(usdcContractAddress, ["function balanceOf(address) view returns (uint256)"], provider);
+ const balance = await usdcContract.balanceOf(ethAddress);
+ return balance;
+ } catch (e) {
+ console.log(e);
+ }
+}
+
+async function checkUSDTBalance(ethAddress) {
+ try {
+ if (!isMetamaskConnected) {
+ await connectToMetaMask();
+ }
+ const provider = new ethers.providers.Web3Provider(window.ethereum);
+ const usdtContractAddress = "0xdac17f958d2ee523a2206206994597c13d831ec7"; // USDT contract address on Ethereum mainnet
+ const usdtContract = new ethers.Contract(usdtContractAddress, ["function balanceOf(address) view returns (uint256)"], provider);
+ const balance = await usdtContract.balanceOf(ethAddress);
+ return balance;
+ } catch (e) {
+ console.log(e);
+ }
+}
diff --git a/scripts/usdc_balance.min.js b/scripts/usdc_balance.min.js
new file mode 100644
index 0000000..239c96a
--- /dev/null
+++ b/scripts/usdc_balance.min.js
@@ -0,0 +1 @@
+let isMetamaskConnected=!1;function connectToMetaMask(){return void 0===window.ethereum?console.log("Please install MetaMask."):ethereum.request({method:"eth_requestAccounts"}).then((()=>{console.log("MetaMask connected"),isMetamaskConnected=!0})).catch((error=>{4001===error.code?console.log("Please connect to MetaMask."):console.error(error),isMetamaskConnected=!1}))}async function checkUSDCBalance(ethAddress){try{isMetamaskConnected||await connectToMetaMask();const provider=new ethers.providers.Web3Provider(window.ethereum),usdcContractAddress="0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48",usdcContract=new ethers.Contract(usdcContractAddress,["function balanceOf(address) view returns (uint256)"],provider);return await usdcContract.balanceOf(ethAddress)}catch(e){console.log(e)}}async function checkUSDTBalance(ethAddress){try{isMetamaskConnected||await connectToMetaMask();const provider=new ethers.providers.Web3Provider(window.ethereum),usdtContractAddress="0xdac17f958d2ee523a2206206994597c13d831ec7",usdtContract=new ethers.Contract(usdtContractAddress,["function balanceOf(address) view returns (uint256)"],provider);return await usdtContract.balanceOf(ethAddress)}catch(e){console.log(e)}}
\ No newline at end of file
diff --git a/usdc_balance.js b/usdc_balance.js
deleted file mode 100644
index 91aaddd..0000000
--- a/usdc_balance.js
+++ /dev/null
@@ -1,41 +0,0 @@
-
-async function checkUSDCBalance(ethAddress) {
- // Connect to MetaMask provider
- if (typeof window.ethereum !== "undefined") {
- await window.ethereum.enable();
- const provider = new ethers.providers.Web3Provider(window.ethereum);
-
- const usdcContractAddress = "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"; // USDC contract address on Ethereum mainnet
- const userAddress = ethAddress; // Replace YOUR_USER_ADDRESS with the Ethereum address you want to check the balance for
-
- const usdcContract = new ethers.Contract(usdcContractAddress, ["function balanceOf(address) view returns (uint256)"], provider);
- const balance = await usdcContract.balanceOf(userAddress);
-
- console.log(`USDC Balance of ${userAddress}: ${ethers.utils.formatUnits(balance, 6)} USDC`);
- } else {
- console.error("MetaMask is not installed.");
- }
-}
-
-checkUSDCBalance("0x5554ce73657b676739da605f3bc7c56dcbeb681c");
-
-
-async function checkUSDTBalance(ethAddress) {
- // Connect to MetaMask provider
- if (typeof window.ethereum !== "undefined") {
- await window.ethereum.enable();
- const provider = new ethers.providers.Web3Provider(window.ethereum);
-
- const usdtContractAddress = "0xdac17f958d2ee523a2206206994597c13d831ec7"; // USDT contract address on Ethereum mainnet
- const userAddress = ethAddress; // Replace YOUR_USER_ADDRESS with the Ethereum address you want to check the balance for
-
- const usdtContract = new ethers.Contract(usdtContractAddress, ["function balanceOf(address) view returns (uint256)"], provider);
- const balance = await usdtContract.balanceOf(userAddress);
-
- console.log(`USDT Balance of ${userAddress}: ${ethers.utils.formatUnits(balance, 6)} USDT`);
- } else {
- console.error("MetaMask is not installed.");
- }
-}
-
-checkUSDTBalance("0x5554ce73657b676739da605f3bc7c56dcbeb681c");