const lib = (fn) => { var exports = null; return () => { exports = exports || fn(); return exports; }; }; const lib_inherits = lib(() => { return function inherits(ctor, superCtor) { if (superCtor) { ctor.super_ = superCtor ctor.prototype = Object.create(superCtor.prototype, { constructor: { value: ctor, enumerable: false, writable: true, configurable: true } }) } }; }); const lib_buffer = lib(() => { var exports = {}; exports.Buffer = Buffer exports.INSPECT_MAX_BYTES = 50 /** * If `Buffer.TYPED_ARRAY_SUPPORT`: * === true Use Uint8Array implementation (fastest) * === false Use Object implementation (most compatible, even IE6) * * Browsers that support typed arrays are IE 10+, Firefox 4+, Chrome 7+, Safari 5.1+, * Opera 11.6+, iOS 4.2+. * * Due to various browser bugs, sometimes the Object implementation will be used even * when the browser supports typed arrays. * * Note: * * - Firefox 4-29 lacks support for adding new properties to `Uint8Array` instances, * See: https://bugzilla.mozilla.org/show_bug.cgi?id=695438. * * - Chrome 9-10 is missing the `TypedArray.prototype.subarray` function. * * - IE10 has a broken `TypedArray.prototype.subarray` function which returns arrays of * incorrect length in some situations. * We detect these buggy browsers and set `Buffer.TYPED_ARRAY_SUPPORT` to `false` so they * get the Object implementation, which is slower but behaves correctly. */ Buffer.TYPED_ARRAY_SUPPORT = true; /* * Export kMaxLength after typed array support is determined. */ exports.kMaxLength = kMaxLength() function typedArraySupport () { try { var arr = new Uint8Array(1) arr.__proto__ = {__proto__: Uint8Array.prototype, foo: function () { return 42 }} return arr.foo() === 42 && // typed array instances can be augmented typeof arr.subarray === 'function' && // chrome 9-10 lack `subarray` arr.subarray(1, 1).byteLength === 0 // ie10 has broken `subarray` } catch (e) { return false } } function kMaxLength () { return Buffer.TYPED_ARRAY_SUPPORT ? 0x7fffffff : 0x3fffffff } function createBuffer (that, length) { if (kMaxLength() < length) { throw new RangeError('Invalid typed array length') } if (Buffer.TYPED_ARRAY_SUPPORT) { // Return an augmented `Uint8Array` instance, for best performance that = new Uint8Array(length) that.__proto__ = Buffer.prototype } else { // Fallback: Return an object instance of the Buffer class if (that === null) { that = new Buffer(length) } that.length = length } return that } /** * The Buffer constructor returns instances of `Uint8Array` that have their * prototype changed to `Buffer.prototype`. Furthermore, `Buffer` is a subclass of * `Uint8Array`, so the returned instances will have all the node `Buffer` methods * and the `Uint8Array` methods. Square bracket notation works as expected -- it * returns a single octet. * * The `Uint8Array` prototype remains unmodified. */ function Buffer (arg, encodingOrOffset, length) {}; function from (that, value, encodingOrOffset, length) { return fromString(that, value, encodingOrOffset) } /** * Functionally equivalent to Buffer(arg, encoding) but throws a TypeError * if value is a number. * Buffer.from(str[, encoding]) * Buffer.from(array) * Buffer.from(buffer) * Buffer.from(arrayBuffer[, byteOffset[, length]]) **/ Buffer.from = function (value, encodingOrOffset, length) { return from(null, value, encodingOrOffset, length) } if (Buffer.TYPED_ARRAY_SUPPORT) { Buffer.prototype.__proto__ = Uint8Array.prototype Buffer.__proto__ = Uint8Array if (typeof Symbol !== 'undefined' && Symbol.species && Buffer[Symbol.species] === Buffer) { // Fix subarray() in ES2016. See: https://github.com/feross/buffer/pull/97 Object.defineProperty(Buffer, Symbol.species, { value: null, configurable: true }) } } function fromString (that, string, encoding) { var length = byteLength(string, encoding) | 0 that = createBuffer(that, length) var actual = that.write(string, encoding) if (actual !== length) { that = that.slice(0, actual) } return that } Buffer.isBuffer = function isBuffer (b) { return !!(b != null && b._isBuffer) } function byteLength (string, encoding) { return string.length >>> 1; } Buffer.byteLength = byteLength // The property is used by `Buffer.isBuffer` and `is-buffer` (in Safari 5-7) to detect // Buffer instances. Buffer.prototype._isBuffer = true function hexWrite (buf, string, offset, length) { offset = Number(offset) || 0 var remaining = buf.length - offset if (!length) { length = remaining } else { length = Number(length) if (length > remaining) { length = remaining } } // must be an even number of digits var strLen = string.length if (strLen % 2 !== 0) throw new TypeError('Invalid hex string') if (length > strLen / 2) { length = strLen / 2 } for (var i = 0; i < length; ++i) { var parsed = parseInt(string.substr(i * 2, 2), 16) if (isNaN(parsed)) return i buf[offset + i] = parsed } return i } Buffer.prototype.write = function write (string, offset, length, encoding) { return hexWrite(this, string, 0, this.length); } return exports; }); const lib_assert = lib(() => { var exports = {}; exports = assert; function assert(val, msg) { if (!val) throw new Error(msg || 'Assertion failed'); } assert.equal = function assertEqual(l, r, msg) {/*NOTUSED*/}; return exports; }); const lib_utils_a = lib(() => { "use strict"; var exports = {}; var utils = exports; var minAssert = lib_assert(); var minUtils = lib_utils_c(); utils.assert = minAssert; utils.toArray = minUtils.toArray; utils.zero2 = minUtils.zero2; utils.toHex = minUtils.toHex; utils.encode = minUtils.encode; // Represent num in a w-NAF form function getNAF(num, w, bits) { var naf = new Array(Math.max(num.bitLength(), bits) + 1); naf.fill(0); var ws = 1 << (w + 1); var k = num.clone(); for (var i = 0; i < naf.length; i++) { var z; var mod = k.andln(ws - 1); if (k.isOdd()) { if (mod > (ws >> 1) - 1) z = (ws >> 1) - mod; else z = mod; k.isubn(z); } else { z = 0; } naf[i] = z; k.iushrn(1); } return naf; } utils.getNAF = getNAF; // Represent k1, k2 in a Joint Sparse Form function getJSF(k1, k2) { var jsf = [ [], [] ]; k1 = k1.clone(); k2 = k2.clone(); var d1 = 0; var d2 = 0; while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { // First phase var m14 = (k1.andln(3) + d1) & 3; var m24 = (k2.andln(3) + d2) & 3; if (m14 === 3) m14 = -1; if (m24 === 3) m24 = -1; var u1; if ((m14 & 1) === 0) { u1 = 0; } else { var m8 = (k1.andln(7) + d1) & 7; if ((m8 === 3 || m8 === 5) && m24 === 2) u1 = -m14; else u1 = m14; } jsf[0].push(u1); var u2; if ((m24 & 1) === 0) { u2 = 0; } else { var m8 = (k2.andln(7) + d2) & 7; if ((m8 === 3 || m8 === 5) && m14 === 2) u2 = -m24; else u2 = m24; } jsf[1].push(u2); // Second phase if (2 * d1 === u1 + 1) d1 = 1 - d1; if (2 * d2 === u2 + 1) d2 = 1 - d2; k1.iushrn(1); k2.iushrn(1); } return jsf; } utils.getJSF = getJSF; function parseBytes(bytes) {/*NOTUSED*/} utils.parseBytes = parseBytes; function intFromLE(bytes) {/*NOTUSED*/} utils.intFromLE = intFromLE; return exports; }); const lib_utils_b = lib(() => { "use strict"; var exports = {}; var assert = lib_assert(); var inherits = lib_inherits(); exports.inherits = inherits; function isSurrogatePair(msg, i) {/*NOTUSED*/} function toArray(msg, enc) { if (Array.isArray(msg)) return msg.slice(); if (!msg) return []; var res = []; if (typeof msg === 'string') { if (!enc) { // Inspired by stringToUtf8ByteArray() in closure-library by Google // https://github.com/google/closure-library/blob/8598d87242af59aac233270742c8984e2b2bdbe0/closure/goog/crypt/crypt.js#L117-L143 // Apache License 2.0 // https://github.com/google/closure-library/blob/master/LICENSE var p = 0; for (var i = 0; i < msg.length; i++) { var c = msg.charCodeAt(i); if (c < 128) { res[p++] = c; } else if (c < 2048) { res[p++] = (c >> 6) | 192; res[p++] = (c & 63) | 128; } else if (isSurrogatePair(msg, i)) { c = 0x10000 + ((c & 0x03FF) << 10) + (msg.charCodeAt(++i) & 0x03FF); res[p++] = (c >> 18) | 240; res[p++] = ((c >> 12) & 63) | 128; res[p++] = ((c >> 6) & 63) | 128; res[p++] = (c & 63) | 128; } else { res[p++] = (c >> 12) | 224; res[p++] = ((c >> 6) & 63) | 128; res[p++] = (c & 63) | 128; } } } else if (enc === 'hex') { msg = msg.replace(/[^a-z0-9]+/ig, ''); if (msg.length % 2 !== 0) msg = '0' + msg; for (i = 0; i < msg.length; i += 2) res.push(parseInt(msg[i] + msg[i + 1], 16)); } } else { for (i = 0; i < msg.length; i++) res[i] = msg[i] | 0; } return res; } exports.toArray = toArray; function join32(msg, start, end, endian) { var len = end - start; assert(len % 4 === 0); var res = new Array(len / 4); for (var i = 0, k = start; i < res.length; i++, k += 4) { var w; if (endian === 'big') w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; else w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; res[i] = w >>> 0; } return res; } exports.join32 = join32; function split32(msg, endian) { var res = new Array(msg.length * 4); for (var i = 0, k = 0; i < msg.length; i++, k += 4) { var m = msg[i]; if (endian === 'big') { res[k] = m >>> 24; res[k + 1] = (m >>> 16) & 0xff; res[k + 2] = (m >>> 8) & 0xff; res[k + 3] = m & 0xff; } else { res[k + 3] = m >>> 24; res[k + 2] = (m >>> 16) & 0xff; res[k + 1] = (m >>> 8) & 0xff; res[k] = m & 0xff; } } return res; } exports.split32 = split32; function rotr32(w, b) { return (w >>> b) | (w << (32 - b)); } exports.rotr32 = rotr32; function sum32(a, b) { return (a + b) >>> 0; } exports.sum32 = sum32; function sum32_4(a, b, c, d) { return (a + b + c + d) >>> 0; } exports.sum32_4 = sum32_4; function sum32_5(a, b, c, d, e) { return (a + b + c + d + e) >>> 0; } exports.sum32_5 = sum32_5; return exports; }); const lib_bytes = lib(() => { var exports = {}; const length = a => (a.length - 2) / 2; const flatten = a => "0x" + a.reduce((r, s) => r + s.slice(2), ""); const slice = (i, j, bs) => "0x" + bs.slice(i * 2 + 2, j * 2 + 2); const pad = (l, hex) => hex.length === l * 2 + 2 ? hex : pad(l, "0x" + "0" + hex.slice(2)); const fromNumber = num => { let hex = num.toString(16); return hex.length % 2 === 0 ? "0x" + hex : "0x0" + hex; }; const toNumber = hex => parseInt(hex.slice(2), 16); const concat = (a, b) => a.concat(b.slice(2)); const fromNat = bn => bn === "0x0" ? "0x" : bn.length % 2 === 0 ? bn : "0x0" + bn.slice(2); const toNat = bn => bn[2] === "0" ? "0x" + bn.slice(3) : bn; exports = { length, flatten, slice, pad, fromNumber, toNumber, fromNat, toNat, }; return exports; }); const lib_hash_common = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_b(); var assert = lib_assert(); function BlockHash() { this.pending = null; this.pendingTotal = 0; this.blockSize = this.constructor.blockSize; this.outSize = this.constructor.outSize; this.hmacStrength = this.constructor.hmacStrength; this.padLength = this.constructor.padLength / 8; this.endian = 'big'; this._delta8 = this.blockSize / 8; this._delta32 = this.blockSize / 32; } exports.BlockHash = BlockHash; BlockHash.prototype.update = function update(msg, enc) { // Convert message to array, pad it, and join into 32bit blocks msg = utils.toArray(msg, enc); if (!this.pending) this.pending = msg; else this.pending = this.pending.concat(msg); this.pendingTotal += msg.length; // Enough data, try updating if (this.pending.length >= this._delta8) { msg = this.pending; // Process pending data in blocks var r = msg.length % this._delta8; this.pending = msg.slice(msg.length - r, msg.length); if (this.pending.length === 0) this.pending = null; msg = utils.join32(msg, 0, msg.length - r, this.endian); for (var i = 0; i < msg.length; i += this._delta32) this._update(msg, i, i + this._delta32); } return this; }; BlockHash.prototype.digest = function digest(enc) { this.update(this._pad()); assert(this.pending === null); return this._digest(enc); }; BlockHash.prototype._pad = function pad() { var len = this.pendingTotal; var bytes = this._delta8; var k = bytes - ((len + this.padLength) % bytes); var res = new Array(k + this.padLength); res[0] = 0x80; for (var i = 1; i < k; i++) res[i] = 0; // Append length len <<= 3; if (this.endian === 'big') { for (var t = 8; t < this.padLength; t++) res[i++] = 0; res[i++] = 0; res[i++] = 0; res[i++] = 0; res[i++] = 0; res[i++] = (len >>> 24) & 0xff; res[i++] = (len >>> 16) & 0xff; res[i++] = (len >>> 8) & 0xff; res[i++] = len & 0xff; } else { res[i++] = len & 0xff; res[i++] = (len >>> 8) & 0xff; res[i++] = (len >>> 16) & 0xff; res[i++] = (len >>> 24) & 0xff; res[i++] = 0; res[i++] = 0; res[i++] = 0; res[i++] = 0; for (t = 8; t < this.padLength; t++) res[i++] = 0; } return res; }; return exports; }); const lib_keccak = lib(() => { var exports = {}; const HEX_CHARS = '0123456789abcdef'.split(''); const KECCAK_PADDING = [1, 256, 65536, 16777216]; const SHIFT = [0, 8, 16, 24]; const RC = [1, 0, 32898, 0, 32906, 2147483648, 2147516416, 2147483648, 32907, 0, 2147483649, 0, 2147516545, 2147483648, 32777, 2147483648, 138, 0, 136, 0, 2147516425, 0, 2147483658, 0, 2147516555, 0, 139, 2147483648, 32905, 2147483648, 32771, 2147483648, 32770, 2147483648, 128, 2147483648, 32778, 0, 2147483658, 2147483648, 2147516545, 2147483648, 32896, 2147483648, 2147483649, 0, 2147516424, 2147483648]; const Keccak = bits => ({ blocks: [], reset: true, block: 0, start: 0, blockCount: 1600 - (bits << 1) >> 5, outputBlocks: bits >> 5, s: (s => [].concat(s, s, s, s, s))([0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) }); const update = (state, message) => { var length = message.length, blocks = state.blocks, byteCount = state.blockCount << 2, blockCount = state.blockCount, outputBlocks = state.outputBlocks, s = state.s, index = 0, i, code; // update while (index < length) { if (state.reset) { state.reset = false; blocks[0] = state.block; for (i = 1; i < blockCount + 1; ++i) { blocks[i] = 0; } } if (typeof message !== "string") { for (i = state.start; index < length && i < byteCount; ++index) { blocks[i >> 2] |= message[index] << SHIFT[i++ & 3]; } } else { for (i = state.start; index < length && i < byteCount; ++index) { code = message.charCodeAt(index); if (code < 0x80) { blocks[i >> 2] |= code << SHIFT[i++ & 3]; } else if (code < 0x800) { blocks[i >> 2] |= (0xc0 | code >> 6) << SHIFT[i++ & 3]; blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3]; } else if (code < 0xd800 || code >= 0xe000) { blocks[i >> 2] |= (0xe0 | code >> 12) << SHIFT[i++ & 3]; blocks[i >> 2] |= (0x80 | code >> 6 & 0x3f) << SHIFT[i++ & 3]; blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3]; } else { code = 0x10000 + ((code & 0x3ff) << 10 | message.charCodeAt(++index) & 0x3ff); blocks[i >> 2] |= (0xf0 | code >> 18) << SHIFT[i++ & 3]; blocks[i >> 2] |= (0x80 | code >> 12 & 0x3f) << SHIFT[i++ & 3]; blocks[i >> 2] |= (0x80 | code >> 6 & 0x3f) << SHIFT[i++ & 3]; blocks[i >> 2] |= (0x80 | code & 0x3f) << SHIFT[i++ & 3]; } } } state.lastByteIndex = i; if (i >= byteCount) { state.start = i - byteCount; state.block = blocks[blockCount]; for (i = 0; i < blockCount; ++i) { s[i] ^= blocks[i]; } f(s); state.reset = true; } else { state.start = i; } } // finalize i = state.lastByteIndex; blocks[i >> 2] |= KECCAK_PADDING[i & 3]; if (state.lastByteIndex === byteCount) { blocks[0] = blocks[blockCount]; for (i = 1; i < blockCount + 1; ++i) { blocks[i] = 0; } } blocks[blockCount - 1] |= 0x80000000; for (i = 0; i < blockCount; ++i) { s[i] ^= blocks[i]; } f(s); // toString var hex = '', j = 0, block; i = 0; while (j < outputBlocks) { for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) { block = s[i]; hex += HEX_CHARS[block >> 4 & 0x0F] + HEX_CHARS[block & 0x0F] + HEX_CHARS[block >> 12 & 0x0F] + HEX_CHARS[block >> 8 & 0x0F] + HEX_CHARS[block >> 20 & 0x0F] + HEX_CHARS[block >> 16 & 0x0F] + HEX_CHARS[block >> 28 & 0x0F] + HEX_CHARS[block >> 24 & 0x0F]; } if (j % blockCount === 0) { f(s); i = 0; } } return "0x" + hex; }; const f = s => { var h, l, n, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16, b17, b18, b19, b20, b21, b22, b23, b24, b25, b26, b27, b28, b29, b30, b31, b32, b33, b34, b35, b36, b37, b38, b39, b40, b41, b42, b43, b44, b45, b46, b47, b48, b49; for (n = 0; n < 48; n += 2) { c0 = s[0] ^ s[10] ^ s[20] ^ s[30] ^ s[40]; c1 = s[1] ^ s[11] ^ s[21] ^ s[31] ^ s[41]; c2 = s[2] ^ s[12] ^ s[22] ^ s[32] ^ s[42]; c3 = s[3] ^ s[13] ^ s[23] ^ s[33] ^ s[43]; c4 = s[4] ^ s[14] ^ s[24] ^ s[34] ^ s[44]; c5 = s[5] ^ s[15] ^ s[25] ^ s[35] ^ s[45]; c6 = s[6] ^ s[16] ^ s[26] ^ s[36] ^ s[46]; c7 = s[7] ^ s[17] ^ s[27] ^ s[37] ^ s[47]; c8 = s[8] ^ s[18] ^ s[28] ^ s[38] ^ s[48]; c9 = s[9] ^ s[19] ^ s[29] ^ s[39] ^ s[49]; h = c8 ^ (c2 << 1 | c3 >>> 31); l = c9 ^ (c3 << 1 | c2 >>> 31); s[0] ^= h; s[1] ^= l; s[10] ^= h; s[11] ^= l; s[20] ^= h; s[21] ^= l; s[30] ^= h; s[31] ^= l; s[40] ^= h; s[41] ^= l; h = c0 ^ (c4 << 1 | c5 >>> 31); l = c1 ^ (c5 << 1 | c4 >>> 31); s[2] ^= h; s[3] ^= l; s[12] ^= h; s[13] ^= l; s[22] ^= h; s[23] ^= l; s[32] ^= h; s[33] ^= l; s[42] ^= h; s[43] ^= l; h = c2 ^ (c6 << 1 | c7 >>> 31); l = c3 ^ (c7 << 1 | c6 >>> 31); s[4] ^= h; s[5] ^= l; s[14] ^= h; s[15] ^= l; s[24] ^= h; s[25] ^= l; s[34] ^= h; s[35] ^= l; s[44] ^= h; s[45] ^= l; h = c4 ^ (c8 << 1 | c9 >>> 31); l = c5 ^ (c9 << 1 | c8 >>> 31); s[6] ^= h; s[7] ^= l; s[16] ^= h; s[17] ^= l; s[26] ^= h; s[27] ^= l; s[36] ^= h; s[37] ^= l; s[46] ^= h; s[47] ^= l; h = c6 ^ (c0 << 1 | c1 >>> 31); l = c7 ^ (c1 << 1 | c0 >>> 31); s[8] ^= h; s[9] ^= l; s[18] ^= h; s[19] ^= l; s[28] ^= h; s[29] ^= l; s[38] ^= h; s[39] ^= l; s[48] ^= h; s[49] ^= l; b0 = s[0]; b1 = s[1]; b32 = s[11] << 4 | s[10] >>> 28; b33 = s[10] << 4 | s[11] >>> 28; b14 = s[20] << 3 | s[21] >>> 29; b15 = s[21] << 3 | s[20] >>> 29; b46 = s[31] << 9 | s[30] >>> 23; b47 = s[30] << 9 | s[31] >>> 23; b28 = s[40] << 18 | s[41] >>> 14; b29 = s[41] << 18 | s[40] >>> 14; b20 = s[2] << 1 | s[3] >>> 31; b21 = s[3] << 1 | s[2] >>> 31; b2 = s[13] << 12 | s[12] >>> 20; b3 = s[12] << 12 | s[13] >>> 20; b34 = s[22] << 10 | s[23] >>> 22; b35 = s[23] << 10 | s[22] >>> 22; b16 = s[33] << 13 | s[32] >>> 19; b17 = s[32] << 13 | s[33] >>> 19; b48 = s[42] << 2 | s[43] >>> 30; b49 = s[43] << 2 | s[42] >>> 30; b40 = s[5] << 30 | s[4] >>> 2; b41 = s[4] << 30 | s[5] >>> 2; b22 = s[14] << 6 | s[15] >>> 26; b23 = s[15] << 6 | s[14] >>> 26; b4 = s[25] << 11 | s[24] >>> 21; b5 = s[24] << 11 | s[25] >>> 21; b36 = s[34] << 15 | s[35] >>> 17; b37 = s[35] << 15 | s[34] >>> 17; b18 = s[45] << 29 | s[44] >>> 3; b19 = s[44] << 29 | s[45] >>> 3; b10 = s[6] << 28 | s[7] >>> 4; b11 = s[7] << 28 | s[6] >>> 4; b42 = s[17] << 23 | s[16] >>> 9; b43 = s[16] << 23 | s[17] >>> 9; b24 = s[26] << 25 | s[27] >>> 7; b25 = s[27] << 25 | s[26] >>> 7; b6 = s[36] << 21 | s[37] >>> 11; b7 = s[37] << 21 | s[36] >>> 11; b38 = s[47] << 24 | s[46] >>> 8; b39 = s[46] << 24 | s[47] >>> 8; b30 = s[8] << 27 | s[9] >>> 5; b31 = s[9] << 27 | s[8] >>> 5; b12 = s[18] << 20 | s[19] >>> 12; b13 = s[19] << 20 | s[18] >>> 12; b44 = s[29] << 7 | s[28] >>> 25; b45 = s[28] << 7 | s[29] >>> 25; b26 = s[38] << 8 | s[39] >>> 24; b27 = s[39] << 8 | s[38] >>> 24; b8 = s[48] << 14 | s[49] >>> 18; b9 = s[49] << 14 | s[48] >>> 18; s[0] = b0 ^ ~b2 & b4; s[1] = b1 ^ ~b3 & b5; s[10] = b10 ^ ~b12 & b14; s[11] = b11 ^ ~b13 & b15; s[20] = b20 ^ ~b22 & b24; s[21] = b21 ^ ~b23 & b25; s[30] = b30 ^ ~b32 & b34; s[31] = b31 ^ ~b33 & b35; s[40] = b40 ^ ~b42 & b44; s[41] = b41 ^ ~b43 & b45; s[2] = b2 ^ ~b4 & b6; s[3] = b3 ^ ~b5 & b7; s[12] = b12 ^ ~b14 & b16; s[13] = b13 ^ ~b15 & b17; s[22] = b22 ^ ~b24 & b26; s[23] = b23 ^ ~b25 & b27; s[32] = b32 ^ ~b34 & b36; s[33] = b33 ^ ~b35 & b37; s[42] = b42 ^ ~b44 & b46; s[43] = b43 ^ ~b45 & b47; s[4] = b4 ^ ~b6 & b8; s[5] = b5 ^ ~b7 & b9; s[14] = b14 ^ ~b16 & b18; s[15] = b15 ^ ~b17 & b19; s[24] = b24 ^ ~b26 & b28; s[25] = b25 ^ ~b27 & b29; s[34] = b34 ^ ~b36 & b38; s[35] = b35 ^ ~b37 & b39; s[44] = b44 ^ ~b46 & b48; s[45] = b45 ^ ~b47 & b49; s[6] = b6 ^ ~b8 & b0; s[7] = b7 ^ ~b9 & b1; s[16] = b16 ^ ~b18 & b10; s[17] = b17 ^ ~b19 & b11; s[26] = b26 ^ ~b28 & b20; s[27] = b27 ^ ~b29 & b21; s[36] = b36 ^ ~b38 & b30; s[37] = b37 ^ ~b39 & b31; s[46] = b46 ^ ~b48 & b40; s[47] = b47 ^ ~b49 & b41; s[8] = b8 ^ ~b0 & b2; s[9] = b9 ^ ~b1 & b3; s[18] = b18 ^ ~b10 & b12; s[19] = b19 ^ ~b11 & b13; s[28] = b28 ^ ~b20 & b22; s[29] = b29 ^ ~b21 & b23; s[38] = b38 ^ ~b30 & b32; s[39] = b39 ^ ~b31 & b33; s[48] = b48 ^ ~b40 & b42; s[49] = b49 ^ ~b41 & b43; s[0] ^= RC[n]; s[1] ^= RC[n + 1]; } }; const keccak = bits => (str, force_utf8 = false) => { var msg; if (str.slice(0, 2) === "0x" && !force_utf8) { msg = []; for (var i = 2, l = str.length; i < l; i += 2) msg.push(parseInt(str.slice(i, i + 2), 16)); } else { msg = str; } return update(Keccak(bits, bits), msg); }; exports = {keccak256: keccak(256)}; return exports; }); const lib_elliptic = lib(() => { "use strict"; var exports = {}; var elliptic = exports; elliptic.utils = lib_utils_a(); elliptic.curves = lib_curves(); // Protocols elliptic.ec = lib_elliptic_ec(); return exports; }); const lib_base = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_a(); var getNAF = utils.getNAF; var getJSF = utils.getJSF; var assert = utils.assert; function BaseCurve(type, conf) { this.type = type; this.p = new BN(conf.p, 16); // Use Montgomery, when there is no fast reduction for the prime this.red = conf.prime ? BN.red(conf.prime) : BN.mont(this.p); // Useful for many curves this.zero = new BN(0).toRed(this.red); this.one = new BN(1).toRed(this.red); this.two = new BN(2).toRed(this.red); // Curve configuration, optional this.n = conf.n && new BN(conf.n, 16); this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); // Temporary arrays this._wnafT1 = new Array(4); this._wnafT2 = new Array(4); this._wnafT3 = new Array(4); this._wnafT4 = new Array(4); this._bitLength = this.n ? this.n.bitLength() : 0; // Generalized Greg Maxwell's trick var adjustCount = this.n && this.p.div(this.n); if (!adjustCount || adjustCount.cmpn(100) > 0) { this.redN = null; } else { this._maxwellTrick = true; this.redN = this.n.toRed(this.red); } } exports = BaseCurve; BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { assert(p.precomputed); var doubles = p._getDoubles(); var naf = getNAF(k, 1, this._bitLength); var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); I /= 3; // Translate into more windowed form var repr = []; for (var j = 0; j < naf.length; j += doubles.step) { var nafW = 0; for (var K = j + doubles.step - 1; k >= j; k--) nafW = (nafW << 1) + naf[K]; repr.push(nafW); } var a = this.jpoint(null, null, null); var b = this.jpoint(null, null, null); for (var i = I; i > 0; i--) { for (var j = 0; j < repr.length; j++) { var nafW = repr[j]; if (nafW === i) b = b.mixedAdd(doubles.points[j]); else if (nafW === -i) b = b.mixedAdd(doubles.points[j].neg()); } a = a.add(b); } return a.toP(); }; BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, points, coeffs, len, jacobianResult) { var wndWidth = this._wnafT1; var wnd = this._wnafT2; var naf = this._wnafT3; // Fill all arrays var max = 0; for (var i = 0; i < len; i++) { var p = points[i]; var nafPoints = p._getNAFPoints(defW); wndWidth[i] = nafPoints.wnd; wnd[i] = nafPoints.points; } // Comb small window NAFs for (var i = len - 1; i >= 1; i -= 2) { var a = i - 1; var b = i; if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { naf[a] = getNAF(coeffs[a], wndWidth[a], this._bitLength); naf[b] = getNAF(coeffs[b], wndWidth[b], this._bitLength); max = Math.max(naf[a].length, max); max = Math.max(naf[b].length, max); continue; } var comb = [ points[a], /* 1 */ null, /* 3 */ null, /* 5 */ points[b] /* 7 */ ]; // Try to avoid Projective points, if possible if (points[a].y.cmp(points[b].y) === 0) { comb[1] = points[a].add(points[b]); comb[2] = points[a].toJ().mixedAdd(points[b].neg()); } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { comb[1] = points[a].toJ().mixedAdd(points[b]); comb[2] = points[a].add(points[b].neg()); } else { comb[1] = points[a].toJ().mixedAdd(points[b]); comb[2] = points[a].toJ().mixedAdd(points[b].neg()); } var index = [ -3, /* -1 -1 */ -1, /* -1 0 */ -5, /* -1 1 */ -7, /* 0 -1 */ 0, /* 0 0 */ 7, /* 0 1 */ 5, /* 1 -1 */ 1, /* 1 0 */ 3 /* 1 1 */ ]; var jsf = getJSF(coeffs[a], coeffs[b]); max = Math.max(jsf[0].length, max); naf[a] = new Array(max); naf[b] = new Array(max); for (var j = 0; j < max; j++) { var ja = jsf[0][j] | 0; var jb = jsf[1][j] | 0; naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; naf[b][j] = 0; wnd[a] = comb; } } var acc = this.jpoint(null, null, null); var tmp = this._wnafT4; for (var i = max; i >= 0; i--) { var k = 0; while (i >= 0) { var zero = true; for (var j = 0; j < len; j++) { tmp[j] = naf[j][i] | 0; if (tmp[j] !== 0) zero = false; } if (!zero) break; k++; i--; } if (i >= 0) k++; acc = acc.dblp(k); if (i < 0) break; for (var j = 0; j < len; j++) { var z = tmp[j]; var p; if (z === 0) continue; else if (z > 0) p = wnd[j][(z - 1) >> 1]; else if (z < 0) p = wnd[j][(-z - 1) >> 1].neg(); if (p.type === 'affine') acc = acc.mixedAdd(p); else acc = acc.add(p); } } // Zeroify references for (var i = 0; i < len; i++) wnd[i] = null; if (jacobianResult) return acc; else return acc.toP(); }; function BasePoint(curve, type) { this.curve = curve; this.type = type; this.precomputed = null; } BaseCurve.BasePoint = BasePoint; BasePoint.prototype.validate = function validate() { return this.curve.validate(this); }; BasePoint.prototype._encode = function _encode(compact) { var len = this.curve.p.byteLength(); var x = this.getX().toArray('be', len); if (compact) return [ this.getY().isEven() ? 0x02 : 0x03 ].concat(x); return [ 0x04 ].concat(x, this.getY().toArray('be', len)) ; }; BasePoint.prototype.encode = function encode(enc, compact) { return utils.encode(this._encode(compact), enc); }; BasePoint.prototype.precompute = function precompute(power) { if (this.precomputed) return this; var precomputed = { doubles: null, naf: null, beta: null }; precomputed.naf = this._getNAFPoints(8); precomputed.doubles = this._getDoubles(4, power); precomputed.beta = this._getBeta(); this.precomputed = precomputed; return this; }; BasePoint.prototype._hasDoubles = function _hasDoubles(k) { if (!this.precomputed) return false; var doubles = this.precomputed.doubles; if (!doubles) return false; return doubles.points.length >= Math.ceil((k.bitLength() + 1) / doubles.step); }; BasePoint.prototype._getDoubles = function _getDoubles(step, power) { if (this.precomputed && this.precomputed.doubles) return this.precomputed.doubles; var doubles = [ this ]; var acc = this; for (var i = 0; i < power; i += step) { for (var j = 0; j < step; j++) acc = acc.dbl(); doubles.push(acc); } return { step: step, points: doubles }; }; BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { if (this.precomputed && this.precomputed.naf) return this.precomputed.naf; var res = [ this ]; var max = (1 << wnd) - 1; var dbl = max === 1 ? null : this.dbl(); for (var i = 1; i < max; i++) res[i] = res[i - 1].add(dbl); return { wnd: wnd, points: res }; }; return exports; }); const lib_curves = lib(() => { "use strict"; var exports = {}; var curves = exports; var hash = lib_hash(); var utils = lib_utils_a(); var assert = utils.assert; function PresetCurve(options) { var curve = lib_curve(); this.curve = new curve(options); this.g = this.curve.g; this.n = this.curve.n; this.hash = options.hash; assert(this.g.validate(), 'Invalid curve'); assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, G*N != O'); } curves.PresetCurve = PresetCurve; function defineCurve(name, options) { Object.defineProperty(curves, name, { configurable: true, enumerable: true, get: function() { var curve = new PresetCurve(options); Object.defineProperty(curves, name, { configurable: true, enumerable: true, value: curve }); return curve; } }); } defineCurve('secp256k1', { type: 'short', prime: 'k256', p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', a: '0', b: '7', n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', h: '1', hash: hash.sha256, // Precomputed endomorphism beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', basis: [ { a: '3086d221a7d46bcde86c90e49284eb15', b: '-e4437ed6010e88286f547fa90abfe4c3' }, { a: '114ca50f7a8e2f3f657c1108d9d44cfd8', b: '3086d221a7d46bcde86c90e49284eb15' } ], gRed: false, g: [ '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', {} ] }); return exports; }); const lib_hash = lib(() => { var exports = {}; var hash = exports; hash.utils = lib_utils_b(); hash.common = lib_hash_common(); hash.sha = {sha256: lib_sha()}; hash.hmac = lib_hmac(); hash.sha256 = hash.sha.sha256; return exports; }); const lib_account = lib(() => { var exports = {}; /* WEBPACK VAR INJECTION */(function(Buffer) { const Bytes = lib_bytes(); const elliptic = lib_elliptic(); const secp256k1 = new elliptic.ec("secp256k1"); // eslint-disable-line const { keccak256 } = lib_keccak(); const Nat = { fromString: str => { const bn = "0x" + (str.slice(0, 2) === "0x" ? new BN(str.slice(2), 16) : new BN(str, 10)).toString("hex"); return bn === "0x0" ? "0x" : bn; } }; const addressChecksum = address => { const addressHash = keccak256(address.slice(2).toLowerCase()); let checksumAddress = "0x"; for (let i = 0; i < 40; i++) checksumAddress += parseInt(addressHash[i + 2], 16) > 7 ? address[i + 2].toUpperCase() : address[i + 2].toLowerCase(); return checksumAddress; }; const addressFromKey = privateKey => { const buffer = Buffer.from(privateKey.slice(2), "hex"); const ecKey = secp256k1.keyFromPrivate(buffer); const publicKey = "0x" + ecKey.getPublic(false, 'hex').slice(2); const publicHash = keccak256(publicKey); const address = addressChecksum("0x" + publicHash.slice(-40)); return address; }; const encodeSignature = ([v, r, s]) => Bytes.flatten([r, s, v]); const decodeSignature = hex => [Bytes.slice(64, Bytes.length(hex), hex), Bytes.slice(0, 32, hex), Bytes.slice(32, 64, hex)]; const signMessage = (hash, privateKey, addToV = 27) => { const signature = secp256k1.keyFromPrivate(Buffer.from(privateKey.slice(2), "hex")).sign(Buffer.from(hash.slice(2), "hex"), { canonical: true }); return encodeSignature([Nat.fromString(Bytes.fromNumber(addToV + signature.recoveryParam)), Bytes.pad(32, Bytes.fromNat("0x" + signature.r.toString(16))), Bytes.pad(32, Bytes.fromNat("0x" + signature.s.toString(16)))]); }; const signerAddress = (hash, signature) => { const vals = decodeSignature(signature); const vrs = { v: Bytes.toNumber(vals[0]), r: vals[1].slice(2), s: vals[2].slice(2) }; const ecPublicKey = secp256k1.recoverPubKey(Buffer.from(hash.slice(2), "hex"), vrs, vrs.v < 2 ? vrs.v : 1 - vrs.v % 2); // because odd vals mean v=0... sadly that means v=0 means v=1... I hate that const publicKey = "0x" + ecPublicKey.encode("hex", false).slice(2); const publicHash = keccak256(publicKey); const address = addressChecksum("0x" + publicHash.slice(-40)); return address; }; exports = { addressChecksum, addressFromKey, signMessage, signerAddress, }; /* WEBPACK VAR INJECTION */}.call(this, lib_buffer().Buffer)) return exports; }); const lib_utils_c = lib(() => { "use strict"; var exports = {}; var utils = exports; function toArray(msg, enc) { if (Array.isArray(msg)) return msg.slice(); if (!msg) return []; var res = []; if (typeof msg !== 'string') { for (var i = 0; i < msg.length; i++) res[i] = msg[i] | 0; return res; } if (enc === 'hex') { msg = msg.replace(/[^a-z0-9]+/ig, ''); if (msg.length % 2 !== 0) msg = '0' + msg; for (var i = 0; i < msg.length; i += 2) res.push(parseInt(msg[i] + msg[i + 1], 16)); } else { for (var i = 0; i < msg.length; i++) { var c = msg.charCodeAt(i); var hi = c >> 8; var lo = c & 0xff; if (hi) res.push(hi, lo); else res.push(lo); } } return res; } utils.toArray = toArray; function zero2(word) { if (word.length === 1) return '0' + word; else return word; } utils.zero2 = zero2; function toHex(msg) { var res = ''; for (var i = 0; i < msg.length; i++) res += zero2(msg[i].toString(16)); return res; } utils.toHex = toHex; utils.encode = function encode(arr, enc) { if (enc === 'hex') return toHex(arr); else return arr; }; return exports; }); const lib_sha_common = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_b(); var rotr32 = utils.rotr32; function ft_1(s, x, y, z) {/*NOTUSED*/} exports.ft_1 = ft_1; function ch32(x, y, z) { return (x & y) ^ ((~x) & z); } exports.ch32 = ch32; function maj32(x, y, z) { return (x & y) ^ (x & z) ^ (y & z); } exports.maj32 = maj32; function p32(x, y, z) {/*NOTUSED*/} exports.p32 = p32; function s0_256(x) { return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22); } exports.s0_256 = s0_256; function s1_256(x) { return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25); } exports.s1_256 = s1_256; function g0_256(x) { return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3); } exports.g0_256 = g0_256; function g1_256(x) { return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10); } exports.g1_256 = g1_256; return exports; }); const lib_sha = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_b(); var common = lib_hash_common(); var shaCommon = lib_sha_common(); var assert = lib_assert(); var sum32 = utils.sum32; var sum32_4 = utils.sum32_4; var sum32_5 = utils.sum32_5; var ch32 = shaCommon.ch32; var maj32 = shaCommon.maj32; var s0_256 = shaCommon.s0_256; var s1_256 = shaCommon.s1_256; var g0_256 = shaCommon.g0_256; var g1_256 = shaCommon.g1_256; var BlockHash = common.BlockHash; var sha256_K = [ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 ]; function SHA256() { if (!(this instanceof SHA256)) return new SHA256(); BlockHash.call(this); this.h = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ]; this.k = sha256_K; this.W = new Array(64); } utils.inherits(SHA256, BlockHash); exports = SHA256; SHA256.blockSize = 512; SHA256.outSize = 256; SHA256.hmacStrength = 192; SHA256.padLength = 64; SHA256.prototype._update = function _update(msg, start) { var W = this.W; for (var i = 0; i < 16; i++) W[i] = msg[start + i]; for (; i < W.length; i++) W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]); var a = this.h[0]; var b = this.h[1]; var c = this.h[2]; var d = this.h[3]; var e = this.h[4]; var f = this.h[5]; var g = this.h[6]; var h = this.h[7]; assert(this.k.length === W.length); for (i = 0; i < W.length; i++) { var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]); var T2 = sum32(s0_256(a), maj32(a, b, c)); h = g; g = f; f = e; e = sum32(d, T1); d = c; c = b; b = a; a = sum32(T1, T2); } this.h[0] = sum32(this.h[0], a); this.h[1] = sum32(this.h[1], b); this.h[2] = sum32(this.h[2], c); this.h[3] = sum32(this.h[3], d); this.h[4] = sum32(this.h[4], e); this.h[5] = sum32(this.h[5], f); this.h[6] = sum32(this.h[6], g); this.h[7] = sum32(this.h[7], h); }; SHA256.prototype._digest = function digest(enc) { if (enc === 'hex') return utils.toHex32(this.h, 'big'); else return utils.split32(this.h, 'big'); }; return exports; }); const lib_curve = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_a(); var inherits = lib_inherits(); var Base = lib_base(); var assert = utils.assert; function ShortCurve(conf) { Base.call(this, 'short', conf); this.a = new BN(conf.a, 16).toRed(this.red); this.b = new BN(conf.b, 16).toRed(this.red); this.tinv = this.two.redInvm(); this.zeroA = this.a.fromRed().cmpn(0) === 0; this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; // If the curve is endomorphic, precalculate beta and lambda this.endo = this._getEndomorphism(conf); this._endoWnafT1 = new Array(4); this._endoWnafT2 = new Array(4); } inherits(ShortCurve, Base); exports = ShortCurve; ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { // No efficient endomorphism if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) return; // Compute beta and lambda, that lambda * P = (beta * Px; Py) var beta; var lambda; if (conf.beta) { beta = new BN(conf.beta, 16).toRed(this.red); } else { var betas = this._getEndoRoots(this.p); // Choose the smallest beta beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; beta = beta.toRed(this.red); } if (conf.lambda) { lambda = new BN(conf.lambda, 16); } else { // Choose the lambda that is matching selected beta var lambdas = this._getEndoRoots(this.n); if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { lambda = lambdas[0]; } else { lambda = lambdas[1]; assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); } } // Get basis vectors, used for balanced length-two representation var basis; if (conf.basis) { basis = conf.basis.map(function(vec) { return { a: new BN(vec.a, 16), b: new BN(vec.b, 16) }; }); } else { basis = this._getEndoBasis(lambda); } return { beta: beta, lambda: lambda, basis: basis }; }; ShortCurve.prototype._endoSplit = function _endoSplit(k) { var basis = this.endo.basis; var v1 = basis[0]; var v2 = basis[1]; var c1 = v2.b.mul(k).divRound(this.n); var c2 = v1.b.neg().mul(k).divRound(this.n); var p1 = c1.mul(v1.a); var p2 = c2.mul(v2.a); var q1 = c1.mul(v1.b); var q2 = c2.mul(v2.b); // Calculate answer var k1 = k.sub(p1).sub(p2); var k2 = q1.add(q2).neg(); return { k1: k1, k2: k2 }; }; ShortCurve.prototype.pointFromX = function pointFromX(x, odd) { x = new BN(x, 16); if (!x.red) x = x.toRed(this.red); var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); var y = y2.redSqrt(); if (y.redSqr().redSub(y2).cmp(this.zero) !== 0) throw new Error('invalid point'); // XXX Is there any way to tell if the number is odd without converting it // to non-red form? var isOdd = y.fromRed().isOdd(); if (odd && !isOdd || !odd && isOdd) y = y.redNeg(); return this.point(x, y); }; ShortCurve.prototype.validate = function validate(point) { if (point.inf) return true; var x = point.x; var y = point.y; var ax = this.a.redMul(x); var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); return y.redSqr().redISub(rhs).cmpn(0) === 0; }; ShortCurve.prototype._endoWnafMulAdd = function _endoWnafMulAdd(points, coeffs, jacobianResult) { var npoints = this._endoWnafT1; var ncoeffs = this._endoWnafT2; for (var i = 0; i < points.length; i++) { var split = this._endoSplit(coeffs[i]); var p = points[i]; var beta = p._getBeta(); if (split.k1.negative) { split.k1.ineg(); p = p.neg(true); } if (split.k2.negative) { split.k2.ineg(); beta = beta.neg(true); } npoints[i * 2] = p; npoints[i * 2 + 1] = beta; ncoeffs[i * 2] = split.k1; ncoeffs[i * 2 + 1] = split.k2; } var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2, jacobianResult); // Clean-up references to points and coefficients for (var j = 0; j < i * 2; j++) { npoints[j] = null; ncoeffs[j] = null; } return res; }; function Point(curve, x, y, isRed) { Base.BasePoint.call(this, curve, 'affine'); if (x === null && y === null) { this.x = null; this.y = null; this.inf = true; } else { this.x = new BN(x, 16); this.y = new BN(y, 16); // Force redgomery representation when loading from JSON if (isRed) { this.x.forceRed(this.curve.red); this.y.forceRed(this.curve.red); } if (!this.x.red) this.x = this.x.toRed(this.curve.red); if (!this.y.red) this.y = this.y.toRed(this.curve.red); this.inf = false; } } inherits(Point, Base.BasePoint); ShortCurve.prototype.point = function point(x, y, isRed) { return new Point(this, x, y, isRed); }; ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { return Point.fromJSON(this, obj, red); }; Point.prototype._getBeta = function _getBeta() { if (!this.curve.endo) return; var pre = this.precomputed; if (pre && pre.beta) return pre.beta; var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); if (pre) { var curve = this.curve; var endoMul = function(p) { return curve.point(p.x.redMul(curve.endo.beta), p.y); }; pre.beta = beta; beta.precomputed = { beta: null, naf: pre.naf && { wnd: pre.naf.wnd, points: pre.naf.points.map(endoMul) }, doubles: pre.doubles && { step: pre.doubles.step, points: pre.doubles.points.map(endoMul) } }; } return beta; }; Point.prototype.toJSON = function toJSON() {/*NOTUSED*/}; Point.fromJSON = function fromJSON(curve, obj, red) { if (typeof obj === 'string') obj = JSON.parse(obj); var res = curve.point(obj[0], obj[1], red); if (!obj[2]) return res; function obj2point(obj) { return curve.point(obj[0], obj[1], red); } var pre = obj[2]; res.precomputed = { beta: null, doubles: pre.doubles && { step: pre.doubles.step, points: [ res ].concat(pre.doubles.points.map(obj2point)) }, naf: pre.naf && { wnd: pre.naf.wnd, points: [ res ].concat(pre.naf.points.map(obj2point)) } }; return res; }; Point.prototype.isInfinity = function isInfinity() { return this.inf; }; Point.prototype.add = function add(p) { // O + P = P if (this.inf) return p; // P + O = P if (p.inf) return this; // P + P = 2P if (this.eq(p)) return this.dbl(); // P + (-P) = O if (this.neg().eq(p)) return this.curve.point(null, null); // P + Q = O if (this.x.cmp(p.x) === 0) return this.curve.point(null, null); var c = this.y.redSub(p.y); if (c.cmpn(0) !== 0) c = c.redMul(this.x.redSub(p.x).redInvm()); var nx = c.redSqr().redISub(this.x).redISub(p.x); var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); return this.curve.point(nx, ny); }; Point.prototype.getX = function getX() { return this.x.fromRed(); }; Point.prototype.getY = function getY() { return this.y.fromRed(); }; Point.prototype.mul = function mul(k) { k = new BN(k, 16); if (this.isInfinity()) return this; else if (this._hasDoubles(k)) return this.curve._fixedNafMul(this, k); else if (this.curve.endo) return this.curve._endoWnafMulAdd([ this ], [ k ]); else return this.curve._wnafMul(this, k); }; Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { var points = [ this, p2 ]; var coeffs = [ k1, k2 ]; if (this.curve.endo) return this.curve._endoWnafMulAdd(points, coeffs); else return this.curve._wnafMulAdd(1, points, coeffs, 2); }; Point.prototype.eq = function eq(p) { return this === p || this.inf === p.inf && (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); }; Point.prototype.neg = function neg(_precompute) { if (this.inf) return this; var res = this.curve.point(this.x, this.y.redNeg()); if (_precompute && this.precomputed) { var pre = this.precomputed; var negate = function(p) { return p.neg(); }; res.precomputed = { naf: pre.naf && { wnd: pre.naf.wnd, points: pre.naf.points.map(negate) }, doubles: pre.doubles && { step: pre.doubles.step, points: pre.doubles.points.map(negate) } }; } return res; }; Point.prototype.toJ = function toJ() { if (this.inf) return this.curve.jpoint(null, null, null); var res = this.curve.jpoint(this.x, this.y, this.curve.one); return res; }; function JPoint(curve, x, y, z) { Base.BasePoint.call(this, curve, 'jacobian'); if (x === null && y === null && z === null) { this.x = this.curve.one; this.y = this.curve.one; this.z = new BN(0); } else { this.x = new BN(x, 16); this.y = new BN(y, 16); this.z = new BN(z, 16); } if (!this.x.red) this.x = this.x.toRed(this.curve.red); if (!this.y.red) this.y = this.y.toRed(this.curve.red); if (!this.z.red) this.z = this.z.toRed(this.curve.red); this.zOne = this.z === this.curve.one; } inherits(JPoint, Base.BasePoint); ShortCurve.prototype.jpoint = function jpoint(x, y, z) { return new JPoint(this, x, y, z); }; JPoint.prototype.toP = function toP() { if (this.isInfinity()) return this.curve.point(null, null); var zinv = this.z.redInvm(); var zinv2 = zinv.redSqr(); var ax = this.x.redMul(zinv2); var ay = this.y.redMul(zinv2).redMul(zinv); return this.curve.point(ax, ay); }; JPoint.prototype.neg = function neg() { return this.curve.jpoint(this.x, this.y.redNeg(), this.z); }; JPoint.prototype.add = function add(p) { // O + P = P if (this.isInfinity()) return p; // P + O = P if (p.isInfinity()) return this; // 12M + 4S + 7A var pz2 = p.z.redSqr(); var z2 = this.z.redSqr(); var u1 = this.x.redMul(pz2); var u2 = p.x.redMul(z2); var s1 = this.y.redMul(pz2.redMul(p.z)); var s2 = p.y.redMul(z2.redMul(this.z)); var h = u1.redSub(u2); var r = s1.redSub(s2); if (h.cmpn(0) === 0) { if (r.cmpn(0) !== 0) return this.curve.jpoint(null, null, null); else return this.dbl(); } var h2 = h.redSqr(); var h3 = h2.redMul(h); var v = u1.redMul(h2); var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); var nz = this.z.redMul(p.z).redMul(h); return this.curve.jpoint(nx, ny, nz); }; JPoint.prototype.mixedAdd = function mixedAdd(p) { // O + P = P if (this.isInfinity()) return p.toJ(); // P + O = P if (p.isInfinity()) return this; // 8M + 3S + 7A var z2 = this.z.redSqr(); var u1 = this.x; var u2 = p.x.redMul(z2); var s1 = this.y; var s2 = p.y.redMul(z2).redMul(this.z); var h = u1.redSub(u2); var r = s1.redSub(s2); if (h.cmpn(0) === 0) { if (r.cmpn(0) !== 0) return this.curve.jpoint(null, null, null); else return this.dbl(); } var h2 = h.redSqr(); var h3 = h2.redMul(h); var v = u1.redMul(h2); var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); var nz = this.z.redMul(h); return this.curve.jpoint(nx, ny, nz); }; JPoint.prototype.dblp = function dblp(pow) { if (pow === 0) return this; if (this.isInfinity()) return this; if (!pow) return this.dbl(); if (this.curve.zeroA || this.curve.threeA) { var r = this; for (var i = 0; i < pow; i++) r = r.dbl(); return r; } // 1M + 2S + 1A + N * (4S + 5M + 8A) // N = 1 => 6M + 6S + 9A var a = this.curve.a; var tinv = this.curve.tinv; var jx = this.x; var jy = this.y; var jz = this.z; var jz4 = jz.redSqr().redSqr(); // Reuse results var jyd = jy.redAdd(jy); for (var i = 0; i < pow; i++) { var jx2 = jx.redSqr(); var jyd2 = jyd.redSqr(); var jyd4 = jyd2.redSqr(); var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); var t1 = jx.redMul(jyd2); var nx = c.redSqr().redISub(t1.redAdd(t1)); var t2 = t1.redISub(nx); var dny = c.redMul(t2); dny = dny.redIAdd(dny).redISub(jyd4); var nz = jyd.redMul(jz); if (i + 1 < pow) jz4 = jz4.redMul(jyd4); jx = nx; jz = nz; jyd = dny; } return this.curve.jpoint(jx, jyd.redMul(tinv), jz); }; JPoint.prototype.dbl = function dbl() { if (this.isInfinity()) return this; if (this.curve.zeroA) return this._zeroDbl(); else if (this.curve.threeA) return this._threeDbl(); else return this._dbl(); }; JPoint.prototype._zeroDbl = function _zeroDbl() { var nx; var ny; var nz; // Z = 1 if (this.zOne) { // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html // #doubling-mdbl-2007-bl // 1M + 5S + 14A // XX = X1^2 var xx = this.x.redSqr(); // YY = Y1^2 var yy = this.y.redSqr(); // YYYY = YY^2 var yyyy = yy.redSqr(); // S = 2 * ((X1 + YY)^2 - XX - YYYY) var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); s = s.redIAdd(s); // M = 3 * XX + a; a = 0 var m = xx.redAdd(xx).redIAdd(xx); // T = M ^ 2 - 2*S var t = m.redSqr().redISub(s).redISub(s); // 8 * YYYY var yyyy8 = yyyy.redIAdd(yyyy); yyyy8 = yyyy8.redIAdd(yyyy8); yyyy8 = yyyy8.redIAdd(yyyy8); // X3 = T nx = t; // Y3 = M * (S - T) - 8 * YYYY ny = m.redMul(s.redISub(t)).redISub(yyyy8); // Z3 = 2*Y1 nz = this.y.redAdd(this.y); } else { // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html // #doubling-dbl-2009-l // 2M + 5S + 13A // A = X1^2 var a = this.x.redSqr(); // B = Y1^2 var b = this.y.redSqr(); // C = B^2 var c = b.redSqr(); // D = 2 * ((X1 + B)^2 - A - C) var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); d = d.redIAdd(d); // E = 3 * A var e = a.redAdd(a).redIAdd(a); // F = E^2 var f = e.redSqr(); // 8 * C var c8 = c.redIAdd(c); c8 = c8.redIAdd(c8); c8 = c8.redIAdd(c8); // X3 = F - 2 * D nx = f.redISub(d).redISub(d); // Y3 = E * (D - X3) - 8 * C ny = e.redMul(d.redISub(nx)).redISub(c8); // Z3 = 2 * Y1 * Z1 nz = this.y.redMul(this.z); nz = nz.redIAdd(nz); } return this.curve.jpoint(nx, ny, nz); }; JPoint.prototype.isInfinity = function isInfinity() { // XXX This code assumes that zero is always zero in red return this.z.cmpn(0) === 0; }; return exports; }); const lib_hmac = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_b(); var assert = lib_assert(); function Hmac(hash, key, enc) { if (!(this instanceof Hmac)) return new Hmac(hash, key, enc); this.Hash = hash; this.blockSize = hash.blockSize / 8; this.outSize = hash.outSize / 8; this.inner = null; this.outer = null; this._init(utils.toArray(key, enc)); } exports = Hmac; Hmac.prototype._init = function init(key) { // Shorten key, if needed if (key.length > this.blockSize) key = new this.Hash().update(key).digest(); assert(key.length <= this.blockSize); // Add padding to key for (var i = key.length; i < this.blockSize; i++) key.push(0); for (i = 0; i < key.length; i++) key[i] ^= 0x36; this.inner = new this.Hash().update(key); // 0x36 ^ 0x5c = 0x6a for (i = 0; i < key.length; i++) key[i] ^= 0x6a; this.outer = new this.Hash().update(key); }; Hmac.prototype.update = function update(msg, enc) { this.inner.update(msg, enc); return this; }; Hmac.prototype.digest = function digest(enc) { this.outer.update(this.inner.digest()); return this.outer.digest(enc); }; return exports; }); const lib_elliptic_ec = lib(() => { "use strict"; var exports = {}; var HmacDRBG = lib_hmac_drgb(); var utils = lib_utils_a(); var curves = lib_curves(); var assert = utils.assert; var KeyPair = lib_keypair(); var Signature = lib_signature(); function EC(options) { if (!(this instanceof EC)) return new EC(options); // Shortcut `elliptic.ec(curve-name)` if (typeof options === 'string') { assert(curves.hasOwnProperty(options), 'Unknown curve ' + options); options = curves[options]; } // Shortcut for `elliptic.ec(elliptic.curves.curveName)` if (options instanceof curves.PresetCurve) options = { curve: options }; this.curve = options.curve.curve; this.n = this.curve.n; this.nh = this.n.ushrn(1); this.g = this.curve.g; // Point on curve this.g = options.curve.g; this.g.precompute(options.curve.n.bitLength() + 1); // Hash for function for DRBG this.hash = options.hash || options.curve.hash; } exports = EC; EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { return KeyPair.fromPrivate(this, priv, enc); }; EC.prototype._truncateToN = function truncateToN(msg, truncOnly) { var delta = msg.byteLength() * 8 - this.n.bitLength(); if (delta > 0) msg = msg.ushrn(delta); if (!truncOnly && msg.cmp(this.n) >= 0) return msg.sub(this.n); else return msg; }; EC.prototype.sign = function sign(msg, key, enc, options) { if (typeof enc === 'object') { options = enc; enc = null; } if (!options) options = {}; key = this.keyFromPrivate(key, enc); msg = this._truncateToN(new BN(msg, 16)); // Zero-extend key to provide enough entropy var bytes = this.n.byteLength(); var bkey = key.getPrivate().toArray('be', bytes); // Zero-extend nonce to have the same byte size as N var nonce = msg.toArray('be', bytes); // Instantiate Hmac_DRBG var drbg = new HmacDRBG({ hash: this.hash, entropy: bkey, nonce: nonce, pers: options.pers, persEnc: options.persEnc || 'utf8' }); // Number of bytes to generate var ns1 = this.n.sub(new BN(1)); for (var iter = 0; true; iter++) { var k = options.k ? options.k(iter) : new BN(drbg.generate(this.n.byteLength())); k = this._truncateToN(k, true); if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) continue; var kp = this.g.mul(k); if (kp.isInfinity()) continue; var kpX = kp.getX(); var r = kpX.umod(this.n); if (r.cmpn(0) === 0) continue; var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)); s = s.umod(this.n); if (s.cmpn(0) === 0) continue; var recoveryParam = (kp.getY().isOdd() ? 1 : 0) | (kpX.cmp(r) !== 0 ? 2 : 0); // Use complement of `s`, if it is > `n / 2` if (options.canonical && s.cmp(this.nh) > 0) { s = this.n.sub(s); recoveryParam ^= 1; } return new Signature({ r: r, s: s, recoveryParam: recoveryParam }); } }; EC.prototype.recoverPubKey = function(msg, signature, j, enc) { assert((3 & j) === j, 'The recovery param is more than two bits'); signature = new Signature(signature, enc); var n = this.n; var e = new BN(msg); var r = signature.r; var s = signature.s; // A set LSB signifies that the y-coordinate is odd var isYOdd = j & 1; var isSecondKey = j >> 1; if (r.cmp(this.curve.p.umod(this.curve.n)) >= 0 && isSecondKey) throw new Error('Unable to find sencond key candinate'); // 1.1. Let x = r + jn. if (isSecondKey) r = this.curve.pointFromX(r.add(this.curve.n), isYOdd); else r = this.curve.pointFromX(r, isYOdd); var rInv = signature.r.invm(n); var s1 = n.sub(e).mul(rInv).umod(n); var s2 = s.mul(rInv).umod(n); // 1.6.1 Compute Q = r^-1 (sR - eG) // Q = r^-1 (sR + -eG) return this.g.mulAdd(s1, r, s2); }; return exports; }); const lib_hmac_drgb = lib(() => { "use strict"; var exports = {}; var hash = lib_hash(); var utils = lib_utils_c(); var assert = lib_assert(); function HmacDRBG(options) { if (!(this instanceof HmacDRBG)) return new HmacDRBG(options); this.hash = options.hash; this.predResist = !!options.predResist; this.outLen = this.hash.outSize; this.minEntropy = options.minEntropy || this.hash.hmacStrength; this._reseed = null; this.reseedInterval = null; this.K = null; this.V = null; var entropy = utils.toArray(options.entropy, options.entropyEnc || 'hex'); var nonce = utils.toArray(options.nonce, options.nonceEnc || 'hex'); var pers = utils.toArray(options.pers, options.persEnc || 'hex'); assert(entropy.length >= (this.minEntropy / 8), 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); this._init(entropy, nonce, pers); } exports = HmacDRBG; HmacDRBG.prototype._init = function init(entropy, nonce, pers) { var seed = entropy.concat(nonce).concat(pers); this.K = new Array(this.outLen / 8); this.V = new Array(this.outLen / 8); for (var i = 0; i < this.V.length; i++) { this.K[i] = 0x00; this.V[i] = 0x01; } this._update(seed); this._reseed = 1; this.reseedInterval = 0x1000000000000; // 2^48 }; HmacDRBG.prototype._hmac = function hmac() { return new hash.hmac(this.hash, this.K); }; HmacDRBG.prototype._update = function update(seed) { var kmac = this._hmac() .update(this.V) .update([ 0x00 ]); if (seed) kmac = kmac.update(seed); this.K = kmac.digest(); this.V = this._hmac().update(this.V).digest(); if (!seed) return; this.K = this._hmac() .update(this.V) .update([ 0x01 ]) .update(seed) .digest(); this.V = this._hmac().update(this.V).digest(); }; HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { if (this._reseed > this.reseedInterval) throw new Error('Reseed is required'); // Optional encoding if (typeof enc !== 'string') { addEnc = add; add = enc; enc = null; } // Optional additional data if (add) { add = utils.toArray(add, addEnc || 'hex'); this._update(add); } var temp = []; while (temp.length < len) { this.V = this._hmac().update(this.V).digest(); temp = temp.concat(this.V); } var res = temp.slice(0, len); this._update(add); this._reseed++; return utils.encode(res, enc); }; return exports; }); const lib_keypair = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_a(); var assert = utils.assert; function KeyPair(ec, options) { this.ec = ec; this.priv = null; this.pub = null; // KeyPair(ec, { priv: ..., pub: ... }) if (options.priv) this._importPrivate(options.priv, options.privEnc); if (options.pub) this._importPublic(options.pub, options.pubEnc); } exports = KeyPair; KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { if (priv instanceof KeyPair) return priv; return new KeyPair(ec, { priv: priv, privEnc: enc }); }; KeyPair.prototype.getPublic = function getPublic(compact, enc) { // compact is optional argument if (typeof compact === 'string') { enc = compact; compact = null; } if (!this.pub) this.pub = this.ec.g.mul(this.priv); if (!enc) return this.pub; return this.pub.encode(enc, compact); }; KeyPair.prototype.getPrivate = function getPrivate(enc) { if (enc === 'hex') return this.priv.toString(16, 2); else return this.priv; }; KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { this.priv = new BN(key, enc || 16); // Ensure that the priv won't be bigger than n, otherwise we may fail // in fixed multiplication method this.priv = this.priv.umod(this.ec.curve.n); }; // ECDSA KeyPair.prototype.sign = function sign(msg, enc, options) { return this.ec.sign(msg, this, enc, options); }; return exports; }); const lib_signature = lib(() => { "use strict"; var exports = {}; var utils = lib_utils_a(); var assert = utils.assert; function Signature(options, enc) { if (options instanceof Signature) return options; assert(options.r && options.s, 'Signature without r or s'); this.r = new BN(options.r, 16); this.s = new BN(options.s, 16); if (options.recoveryParam === undefined) this.recoveryParam = null; else this.recoveryParam = options.recoveryParam; } exports = Signature; function Position() { this.place = 0; } return exports; }); var acc = lib_account(); var addressChecksum = acc.addressChecksum; var addressFromKey = acc.addressFromKey; var signMessage = acc.signMessage; var signerAddress = acc.signerAddress; var keccak256 = lib_keccak().keccak256;