lerko/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
b50ff60540dc9a10950d0f4f135c457c435cbf2a
portfolio/node_modules/.cache/babel-loader/2a20b85aefca6be041fd910c8be980d7.json
Tyler Koenig c612b7d702 applying transfer to react app
2021-09-20 16:54:47 -04:00

1 line
52 KiB
JSON
Raw Blame History

{"ast":null,"code":"// Basic Javascript Elliptic Curve implementation\n// Ported loosely from BouncyCastle's Java EC code\n// Only Fp curves implemented for now\n// Requires jsbn.js and jsbn2.js\nvar BigInteger = require('jsbn').BigInteger;\n\nvar Barrett = BigInteger.prototype.Barrett; // ----------------\n// ECFieldElementFp\n// constructor\n\nfunction ECFieldElementFp(q, x) {\n this.x = x; // TODO if(x.compareTo(q) >= 0) error\n\n this.q = q;\n}\n\nfunction feFpEquals(other) {\n if (other == this) return true;\n return this.q.equals(other.q) && this.x.equals(other.x);\n}\n\nfunction feFpToBigInteger() {\n return this.x;\n}\n\nfunction feFpNegate() {\n return new ECFieldElementFp(this.q, this.x.negate().mod(this.q));\n}\n\nfunction feFpAdd(b) {\n return new ECFieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q));\n}\n\nfunction feFpSubtract(b) {\n return new ECFieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q));\n}\n\nfunction feFpMultiply(b) {\n return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q));\n}\n\nfunction feFpSquare() {\n return new ECFieldElementFp(this.q, this.x.square().mod(this.q));\n}\n\nfunction feFpDivide(b) {\n return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod(this.q));\n}\n\nECFieldElementFp.prototype.equals = feFpEquals;\nECFieldElementFp.prototype.toBigInteger = feFpToBigInteger;\nECFieldElementFp.prototype.negate = feFpNegate;\nECFieldElementFp.prototype.add = feFpAdd;\nECFieldElementFp.prototype.subtract = feFpSubtract;\nECFieldElementFp.prototype.multiply = feFpMultiply;\nECFieldElementFp.prototype.square = feFpSquare;\nECFieldElementFp.prototype.divide = feFpDivide; // ----------------\n// ECPointFp\n// constructor\n\nfunction ECPointFp(curve, x, y, z) {\n this.curve = curve;\n this.x = x;\n this.y = y; // Projective coordinates: either zinv == null or z * zinv == 1\n // z and zinv are just BigIntegers, not fieldElements\n\n if (z == null) {\n this.z = BigInteger.ONE;\n } else {\n this.z = z;\n }\n\n this.zinv = null; //TODO: compression flag\n}\n\nfunction pointFpGetX() {\n if (this.zinv == null) {\n this.zinv = this.z.modInverse(this.curve.q);\n }\n\n var r = this.x.toBigInteger().multiply(this.zinv);\n this.curve.reduce(r);\n return this.curve.fromBigInteger(r);\n}\n\nfunction pointFpGetY() {\n if (this.zinv == null) {\n this.zinv = this.z.modInverse(this.curve.q);\n }\n\n var r = this.y.toBigInteger().multiply(this.zinv);\n this.curve.reduce(r);\n return this.curve.fromBigInteger(r);\n}\n\nfunction pointFpEquals(other) {\n if (other == this) return true;\n if (this.isInfinity()) return other.isInfinity();\n if (other.isInfinity()) return this.isInfinity();\n var u, v; // u = Y2 * Z1 - Y1 * Z2\n\n u = other.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(other.z)).mod(this.curve.q);\n if (!u.equals(BigInteger.ZERO)) return false; // v = X2 * Z1 - X1 * Z2\n\n v = other.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(other.z)).mod(this.curve.q);\n return v.equals(BigInteger.ZERO);\n}\n\nfunction pointFpIsInfinity() {\n if (this.x == null && this.y == null) return true;\n return this.z.equals(BigInteger.ZERO) && !this.y.toBigInteger().equals(BigInteger.ZERO);\n}\n\nfunction pointFpNegate() {\n return new ECPointFp(this.curve, this.x, this.y.negate(), this.z);\n}\n\nfunction pointFpAdd(b) {\n if (this.isInfinity()) return b;\n if (b.isInfinity()) return this; // u = Y2 * Z1 - Y1 * Z2\n\n var u = b.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(b.z)).mod(this.curve.q); // v = X2 * Z1 - X1 * Z2\n\n var v = b.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(b.z)).mod(this.curve.q);\n\n if (BigInteger.ZERO.equals(v)) {\n if (BigInteger.ZERO.equals(u)) {\n return this.twice(); // this == b, so double\n }\n\n return this.curve.getInfinity(); // this = -b, so infinity\n }\n\n var THREE = new BigInteger(\"3\");\n var x1 = this.x.toBigInteger();\n var y1 = this.y.toBigInteger();\n var x2 = b.x.toBigInteger();\n var y2 = b.y.toBigInteger();\n var v2 = v.square();\n var v3 = v2.multiply(v);\n var x1v2 = x1.multiply(v2);\n var zu2 = u.square().multiply(this.z); // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)\n\n var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.q); // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3\n\n var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.q); // z3 = v^3 * z1 * z2\n\n var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.q);\n return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);\n}\n\nfunction pointFpTwice() {\n if (this.isInfinity()) return this;\n if (this.y.toBigInteger().signum() == 0) return this.curve.getInfinity(); // TODO: optimized handling of constants\n\n var THREE = new BigInteger(\"3\");\n var x1 = this.x.toBigInteger();\n var y1 = this.y.toBigInteger();\n var y1z1 = y1.multiply(this.z);\n var y1sqz1 = y1z1.multiply(y1).mod(this.curve.q);\n var a = this.curve.a.toBigInteger(); // w = 3 * x1^2 + a * z1^2\n\n var w = x1.square().multiply(THREE);\n\n if (!BigInteger.ZERO.equals(a)) {\n w = w.add(this.z.square().multiply(a));\n }\n\n w = w.mod(this.curve.q); //this.curve.reduce(w);\n // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)\n\n var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.q); // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3\n\n var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.square().multiply(w)).mod(this.curve.q); // z3 = 8 * (y1 * z1)^3\n\n var z3 = y1z1.square().multiply(y1z1).shiftLeft(3).mod(this.curve.q);\n return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);\n} // Simple NAF (Non-Adjacent Form) multiplication algorithm\n// TODO: modularize the multiplication algorithm\n\n\nfunction pointFpMultiply(k) {\n if (this.isInfinity()) return this;\n if (k.signum() == 0) return this.curve.getInfinity();\n var e = k;\n var h = e.multiply(new BigInteger(\"3\"));\n var neg = this.negate();\n var R = this;\n var i;\n\n for (i = h.bitLength() - 2; i > 0; --i) {\n R = R.twice();\n var hBit = h.testBit(i);\n var eBit = e.testBit(i);\n\n if (hBit != eBit) {\n R = R.add(hBit ? this : neg);\n }\n }\n\n return R;\n} // Compute this*j + x*k (simultaneous multiplication)\n\n\nfunction pointFpMultiplyTwo(j, x, k) {\n var i;\n if (j.bitLength() > k.bitLength()) i = j.bitLength() - 1;else i = k.bitLength() - 1;\n var R = this.curve.getInfinity();\n var both = this.add(x);\n\n while (i >= 0) {\n R = R.twice();\n\n if (j.testBit(i)) {\n if (k.testBit(i)) {\n R = R.add(both);\n } else {\n R = R.add(this);\n }\n } else {\n if (k.testBit(i)) {\n R = R.add(x);\n }\n }\n\n --i;\n }\n\n return R;\n}\n\nECPointFp.prototype.getX = pointFpGetX;\nECPointFp.prototype.getY = pointFpGetY;\nECPointFp.prototype.equals = pointFpEquals;\nECPointFp.prototype.isInfinity = pointFpIsInfinity;\nECPointFp.prototype.negate = pointFpNegate;\nECPointFp.prototype.add = pointFpAdd;\nECPointFp.prototype.twice = pointFpTwice;\nECPointFp.prototype.multiply = pointFpMultiply;\nECPointFp.prototype.multiplyTwo = pointFpMultiplyTwo; // ----------------\n// ECCurveFp\n// constructor\n\nfunction ECCurveFp(q, a, b) {\n this.q = q;\n this.a = this.fromBigInteger(a);\n this.b = this.fromBigInteger(b);\n this.infinity = new ECPointFp(this, null, null);\n this.reducer = new Barrett(this.q);\n}\n\nfunction curveFpGetQ() {\n return this.q;\n}\n\nfunction curveFpGetA() {\n return this.a;\n}\n\nfunction curveFpGetB() {\n return this.b;\n}\n\nfunction curveFpEquals(other) {\n if (other == this) return true;\n return this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b);\n}\n\nfunction curveFpGetInfinity() {\n return this.infinity;\n}\n\nfunction curveFpFromBigInteger(x) {\n return new ECFieldElementFp(this.q, x);\n}\n\nfunction curveReduce(x) {\n this.reducer.reduce(x);\n} // for now, work with hex strings because they're easier in JS\n\n\nfunction curveFpDecodePointHex(s) {\n switch (parseInt(s.substr(0, 2), 16)) {\n // first byte\n case 0:\n return this.infinity;\n\n case 2:\n case 3:\n // point compression not supported yet\n return null;\n\n case 4:\n case 6:\n case 7:\n var len = (s.length - 2) / 2;\n var xHex = s.substr(2, len);\n var yHex = s.substr(len + 2, len);\n return new ECPointFp(this, this.fromBigInteger(new BigInteger(xHex, 16)), this.fromBigInteger(new BigInteger(yHex, 16)));\n\n default:\n // unsupported\n return null;\n }\n}\n\nfunction curveFpEncodePointHex(p) {\n if (p.isInfinity()) return \"00\";\n var xHex = p.getX().toBigInteger().toString(16);\n var yHex = p.getY().toBigInteger().toString(16);\n var oLen = this.getQ().toString(16).length;\n if (oLen % 2 != 0) oLen++;\n\n while (xHex.length < oLen) {\n xHex = \"0\" + xHex;\n }\n\n while (yHex.length < oLen) {\n yHex = \"0\" + yHex;\n }\n\n return \"04\" + xHex + yHex;\n}\n\nECCurveFp.prototype.getQ = curveFpGetQ;\nECCurveFp.prototype.getA = curveFpGetA;\nECCurveFp.prototype.getB = curveFpGetB;\nECCurveFp.prototype.equals = curveFpEquals;\nECCurveFp.prototype.getInfinity = curveFpGetInfinity;\nECCurveFp.prototype.fromBigInteger = curveFpFromBigInteger;\nECCurveFp.prototype.reduce = curveReduce; //ECCurveFp.prototype.decodePointHex = curveFpDecodePointHex;\n\nECCurveFp.prototype.encodePointHex = curveFpEncodePointHex; // from: https://github.com/kaielvin/jsbn-ec-point-compression\n\nECCurveFp.prototype.decodePointHex = function (s) {\n var yIsEven;\n\n switch (parseInt(s.substr(0, 2), 16)) {\n // first byte\n case 0:\n return this.infinity;\n\n case 2:\n yIsEven = false;\n\n case 3:\n if (yIsEven == undefined) yIsEven = true;\n var len = s.length - 2;\n var xHex = s.substr(2, len);\n var x = this.fromBigInteger(new BigInteger(xHex, 16));\n var alpha = x.multiply(x.square().add(this.getA())).add(this.getB());\n var beta = alpha.sqrt();\n if (beta == null) throw \"Invalid point compression\";\n var betaValue = beta.toBigInteger();\n\n if (betaValue.testBit(0) != yIsEven) {\n // Use the other root\n beta = this.fromBigInteger(this.getQ().subtract(betaValue));\n }\n\n return new ECPointFp(this, x, beta);\n\n case 4:\n case 6:\n case 7:\n var len = (s.length - 2) / 2;\n var xHex = s.substr(2, len);\n var yHex = s.substr(len + 2, len);\n return new ECPointFp(this, this.fromBigInteger(new BigInteger(xHex, 16)), this.fromBigInteger(new BigInteger(yHex, 16)));\n\n default:\n // unsupported\n return null;\n }\n};\n\nECCurveFp.prototype.encodeCompressedPointHex = function (p) {\n if (p.isInfinity()) return \"00\";\n var xHex = p.getX().toBigInteger().toString(16);\n var oLen = this.getQ().toString(16).length;\n if (oLen % 2 != 0) oLen++;\n\n while (xHex.length < oLen) xHex = \"0\" + xHex;\n\n var yPrefix;\n if (p.getY().toBigInteger().isEven()) yPrefix = \"02\";else yPrefix = \"03\";\n return yPrefix + xHex;\n};\n\nECFieldElementFp.prototype.getR = function () {\n if (this.r != undefined) return this.r;\n this.r = null;\n var bitLength = this.q.bitLength();\n\n if (bitLength > 128) {\n var firstWord = this.q.shiftRight(bitLength - 64);\n\n if (firstWord.intValue() == -1) {\n this.r = BigInteger.ONE.shiftLeft(bitLength).subtract(this.q);\n }\n }\n\n return this.r;\n};\n\nECFieldElementFp.prototype.modMult = function (x1, x2) {\n return this.modReduce(x1.multiply(x2));\n};\n\nECFieldElementFp.prototype.modReduce = function (x) {\n if (this.getR() != null) {\n var qLen = q.bitLength();\n\n while (x.bitLength() > qLen + 1) {\n var u = x.shiftRight(qLen);\n var v = x.subtract(u.shiftLeft(qLen));\n\n if (!this.getR().equals(BigInteger.ONE)) {\n u = u.multiply(this.getR());\n }\n\n x = u.add(v);\n }\n\n while (x.compareTo(q) >= 0) {\n x = x.subtract(q);\n }\n } else {\n x = x.mod(q);\n }\n\n return x;\n};\n\nECFieldElementFp.prototype.sqrt = function () {\n if (!this.q.testBit(0)) throw \"unsupported\"; // p mod 4 == 3\n\n if (this.q.testBit(1)) {\n var z = new ECFieldElementFp(this.q, this.x.modPow(this.q.shiftRight(2).add(BigInteger.ONE), this.q));\n return z.square().equals(this) ? z : null;\n } // p mod 4 == 1\n\n\n var qMinusOne = this.q.subtract(BigInteger.ONE);\n var legendreExponent = qMinusOne.shiftRight(1);\n\n if (!this.x.modPow(legendreExponent, this.q).equals(BigInteger.ONE)) {\n return null;\n }\n\n var u = qMinusOne.shiftRight(2);\n var k = u.shiftLeft(1).add(BigInteger.ONE);\n var Q = this.x;\n var fourQ = modDouble(modDouble(Q));\n var U, V;\n\n do {\n var P;\n\n do {\n P = new BigInteger(this.q.bitLength(), new SecureRandom());\n } while (P.compareTo(this.q) >= 0 || !P.multiply(P).subtract(fourQ).modPow(legendreExponent, this.q).equals(qMinusOne));\n\n var result = this.lucasSequence(P, Q, k);\n U = result[0];\n V = result[1];\n\n if (this.modMult(V, V).equals(fourQ)) {\n // Integer division by 2, mod q\n if (V.testBit(0)) {\n V = V.add(q);\n }\n\n V = V.shiftRight(1);\n return new ECFieldElementFp(q, V);\n }\n } while (U.equals(BigInteger.ONE) || U.equals(qMinusOne));\n\n return null;\n};\n\nECFieldElementFp.prototype.lucasSequence = function (P, Q, k) {\n var n = k.bitLength();\n var s = k.getLowestSetBit();\n var Uh = BigInteger.ONE;\n var Vl = BigInteger.TWO;\n var Vh = P;\n var Ql = BigInteger.ONE;\n var Qh = BigInteger.ONE;\n\n for (var j = n - 1; j >= s + 1; --j) {\n Ql = this.modMult(Ql, Qh);\n\n if (k.testBit(j)) {\n Qh = this.modMult(Ql, Q);\n Uh = this.modMult(Uh, Vh);\n Vl = this.modReduce(Vh.multiply(Vl).subtract(P.multiply(Ql)));\n Vh = this.modReduce(Vh.multiply(Vh).subtract(Qh.shiftLeft(1)));\n } else {\n Qh = Ql;\n Uh = this.modReduce(Uh.multiply(Vl).subtract(Ql));\n Vh = this.modReduce(Vh.multiply(Vl).subtract(P.multiply(Ql)));\n Vl = this.modReduce(Vl.multiply(Vl).subtract(Ql.shiftLeft(1)));\n }\n }\n\n Ql = this.modMult(Ql, Qh);\n Qh = this.modMult(Ql, Q);\n Uh = this.modReduce(Uh.multiply(Vl).subtract(Ql));\n Vl = this.modReduce(Vh.multiply(Vl).subtract(P.multiply(Ql)));\n Ql = this.modMult(Ql, Qh);\n\n for (var j = 1; j <= s; ++j) {\n Uh = this.modMult(Uh, Vl);\n Vl = this.modReduce(Vl.multiply(Vl).subtract(Ql.shiftLeft(1)));\n Ql = this.modMult(Ql, Ql);\n }\n\n return [Uh, Vl];\n};\n\nvar exports = {\n ECCurveFp: ECCurveFp,\n ECPointFp: ECPointFp,\n ECFieldElementFp: ECFieldElementFp\n};\nmodule.exports = exports;","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/ecc-jsbn/lib/ec.js"],"names":["BigInteger","require","Barrett","prototype","ECFieldElementFp","q","x","feFpEquals","other","equals","feFpToBigInteger","feFpNegate","negate","mod","feFpAdd","b","add","toBigInteger","feFpSubtract","subtract","feFpMultiply","multiply","feFpSquare","square","feFpDivide","modInverse","divide","ECPointFp","curve","y","z","ONE","zinv","pointFpGetX","r","reduce","fromBigInteger","pointFpGetY","pointFpEquals","isInfinity","u","v","ZERO","pointFpIsInfinity","pointFpNegate","pointFpAdd","twice","getInfinity","THREE","x1","y1","x2","y2","v2","v3","x1v2","zu2","x3","shiftLeft","y3","z3","pointFpTwice","signum","y1z1","y1sqz1","a","w","pointFpMultiply","k","e","h","neg","R","i","bitLength","hBit","testBit","eBit","pointFpMultiplyTwo","j","both","getX","getY","multiplyTwo","ECCurveFp","infinity","reducer","curveFpGetQ","curveFpGetA","curveFpGetB","curveFpEquals","curveFpGetInfinity","curveFpFromBigInteger","curveReduce","curveFpDecodePointHex","s","parseInt","substr","len","length","xHex","yHex","curveFpEncodePointHex","p","toString","oLen","getQ","getA","getB","encodePointHex","decodePointHex","yIsEven","undefined","alpha","beta","sqrt","betaValue","encodeCompressedPointHex","yPrefix","isEven","getR","firstWord","shiftRight","intValue","modMult","modReduce","qLen","compareTo","modPow","qMinusOne","legendreExponent","Q","fourQ","modDouble","U","V","P","SecureRandom","result","lucasSequence","n","getLowestSetBit","Uh","Vl","TWO","Vh","Ql","Qh","exports","module"],"mappings":"AAAA;AACA;AACA;AAEA;AACA,IAAIA,UAAU,GAAGC,OAAO,CAAC,MAAD,CAAP,CAAgBD,UAAjC;;AACA,IAAIE,OAAO,GAAGF,UAAU,CAACG,SAAX,CAAqBD,OAAnC,C,CAEA;AACA;AAEA;;AACA,SAASE,gBAAT,CAA0BC,CAA1B,EAA4BC,CAA5B,EAA+B;AAC3B,OAAKA,CAAL,GAASA,CAAT,CAD2B,CAE3B;;AACA,OAAKD,CAAL,GAASA,CAAT;AACH;;AAED,SAASE,UAAT,CAAoBC,KAApB,EAA2B;AACvB,MAAGA,KAAK,IAAI,IAAZ,EAAkB,OAAO,IAAP;AAClB,SAAQ,KAAKH,CAAL,CAAOI,MAAP,CAAcD,KAAK,CAACH,CAApB,KAA0B,KAAKC,CAAL,CAAOG,MAAP,CAAcD,KAAK,CAACF,CAApB,CAAlC;AACH;;AAED,SAASI,gBAAT,GAA4B;AACxB,SAAO,KAAKJ,CAAZ;AACH;;AAED,SAASK,UAAT,GAAsB;AAClB,SAAO,IAAIP,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6B,KAAKC,CAAL,CAAOM,MAAP,GAAgBC,GAAhB,CAAoB,KAAKR,CAAzB,CAA7B,CAAP;AACH;;AAED,SAASS,OAAT,CAAiBC,CAAjB,EAAoB;AAChB,SAAO,IAAIX,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6B,KAAKC,CAAL,CAAOU,GAAP,CAAWD,CAAC,CAACE,YAAF,EAAX,EAA6BJ,GAA7B,CAAiC,KAAKR,CAAtC,CAA7B,CAAP;AACH;;AAED,SAASa,YAAT,CAAsBH,CAAtB,EAAyB;AACrB,SAAO,IAAIX,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6B,KAAKC,CAAL,CAAOa,QAAP,CAAgBJ,CAAC,CAACE,YAAF,EAAhB,EAAkCJ,GAAlC,CAAsC,KAAKR,CAA3C,CAA7B,CAAP;AACH;;AAED,SAASe,YAAT,CAAsBL,CAAtB,EAAyB;AACrB,SAAO,IAAIX,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6B,KAAKC,CAAL,CAAOe,QAAP,CAAgBN,CAAC,CAACE,YAAF,EAAhB,EAAkCJ,GAAlC,CAAsC,KAAKR,CAA3C,CAA7B,CAAP;AACH;;AAED,SAASiB,UAAT,GAAsB;AAClB,SAAO,IAAIlB,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6B,KAAKC,CAAL,CAAOiB,MAAP,GAAgBV,GAAhB,CAAoB,KAAKR,CAAzB,CAA7B,CAAP;AACH;;AAED,SAASmB,UAAT,CAAoBT,CAApB,EAAuB;AACnB,SAAO,IAAIX,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6B,KAAKC,CAAL,CAAOe,QAAP,CAAgBN,CAAC,CAACE,YAAF,GAAiBQ,UAAjB,CAA4B,KAAKpB,CAAjC,CAAhB,EAAqDQ,GAArD,CAAyD,KAAKR,CAA9D,CAA7B,CAAP;AACH;;AAEDD,gBAAgB,CAACD,SAAjB,CAA2BM,MAA3B,GAAoCF,UAApC;AACAH,gBAAgB,CAACD,SAAjB,CAA2Bc,YAA3B,GAA0CP,gBAA1C;AACAN,gBAAgB,CAACD,SAAjB,CAA2BS,MAA3B,GAAoCD,UAApC;AACAP,gBAAgB,CAACD,SAAjB,CAA2Ba,GAA3B,GAAiCF,OAAjC;AACAV,gBAAgB,CAACD,SAAjB,CAA2BgB,QAA3B,GAAsCD,YAAtC;AACAd,gBAAgB,CAACD,SAAjB,CAA2BkB,QAA3B,GAAsCD,YAAtC;AACAhB,gBAAgB,CAACD,SAAjB,CAA2BoB,MAA3B,GAAoCD,UAApC;AACAlB,gBAAgB,CAACD,SAAjB,CAA2BuB,MAA3B,GAAoCF,UAApC,C,CAEA;AACA;AAEA;;AACA,SAASG,SAAT,CAAmBC,KAAnB,EAAyBtB,CAAzB,EAA2BuB,CAA3B,EAA6BC,CAA7B,EAAgC;AAC5B,OAAKF,KAAL,GAAaA,KAAb;AACA,OAAKtB,CAAL,GAASA,CAAT;AACA,OAAKuB,CAAL,GAASA,CAAT,CAH4B,CAI5B;AACA;;AACA,MAAGC,CAAC,IAAI,IAAR,EAAc;AACZ,SAAKA,CAAL,GAAS9B,UAAU,CAAC+B,GAApB;AACD,GAFD,MAGK;AACH,SAAKD,CAAL,GAASA,CAAT;AACD;;AACD,OAAKE,IAAL,GAAY,IAAZ,CAZ4B,CAa5B;AACH;;AAED,SAASC,WAAT,GAAuB;AACnB,MAAG,KAAKD,IAAL,IAAa,IAAhB,EAAsB;AACpB,SAAKA,IAAL,GAAY,KAAKF,CAAL,CAAOL,UAAP,CAAkB,KAAKG,KAAL,CAAWvB,CAA7B,CAAZ;AACD;;AACD,MAAI6B,CAAC,GAAG,KAAK5B,CAAL,CAAOW,YAAP,GAAsBI,QAAtB,CAA+B,KAAKW,IAApC,CAAR;AACA,OAAKJ,KAAL,CAAWO,MAAX,CAAkBD,CAAlB;AACA,SAAO,KAAKN,KAAL,CAAWQ,cAAX,CAA0BF,CAA1B,CAAP;AACH;;AAED,SAASG,WAAT,GAAuB;AACnB,MAAG,KAAKL,IAAL,IAAa,IAAhB,EAAsB;AACpB,SAAKA,IAAL,GAAY,KAAKF,CAAL,CAAOL,UAAP,CAAkB,KAAKG,KAAL,CAAWvB,CAA7B,CAAZ;AACD;;AACD,MAAI6B,CAAC,GAAG,KAAKL,CAAL,CAAOZ,YAAP,GAAsBI,QAAtB,CAA+B,KAAKW,IAApC,CAAR;AACA,OAAKJ,KAAL,CAAWO,MAAX,CAAkBD,CAAlB;AACA,SAAO,KAAKN,KAAL,CAAWQ,cAAX,CAA0BF,CAA1B,CAAP;AACH;;AAED,SAASI,aAAT,CAAuB9B,KAAvB,EAA8B;AAC1B,MAAGA,KAAK,IAAI,IAAZ,EAAkB,OAAO,IAAP;AAClB,MAAG,KAAK+B,UAAL,EAAH,EAAsB,OAAO/B,KAAK,CAAC+B,UAAN,EAAP;AACtB,MAAG/B,KAAK,CAAC+B,UAAN,EAAH,EAAuB,OAAO,KAAKA,UAAL,EAAP;AACvB,MAAIC,CAAJ,EAAOC,CAAP,CAJ0B,CAK1B;;AACAD,EAAAA,CAAC,GAAGhC,KAAK,CAACqB,CAAN,CAAQZ,YAAR,GAAuBI,QAAvB,CAAgC,KAAKS,CAArC,EAAwCX,QAAxC,CAAiD,KAAKU,CAAL,CAAOZ,YAAP,GAAsBI,QAAtB,CAA+Bb,KAAK,CAACsB,CAArC,CAAjD,EAA0FjB,GAA1F,CAA8F,KAAKe,KAAL,CAAWvB,CAAzG,CAAJ;AACA,MAAG,CAACmC,CAAC,CAAC/B,MAAF,CAAST,UAAU,CAAC0C,IAApB,CAAJ,EAA+B,OAAO,KAAP,CAPL,CAQ1B;;AACAD,EAAAA,CAAC,GAAGjC,KAAK,CAACF,CAAN,CAAQW,YAAR,GAAuBI,QAAvB,CAAgC,KAAKS,CAArC,EAAwCX,QAAxC,CAAiD,KAAKb,CAAL,CAAOW,YAAP,GAAsBI,QAAtB,CAA+Bb,KAAK,CAACsB,CAArC,CAAjD,EAA0FjB,GAA1F,CAA8F,KAAKe,KAAL,CAAWvB,CAAzG,CAAJ;AACA,SAAOoC,CAAC,CAAChC,MAAF,CAAST,UAAU,CAAC0C,IAApB,CAAP;AACH;;AAED,SAASC,iBAAT,GAA6B;AACzB,MAAI,KAAKrC,CAAL,IAAU,IAAX,IAAqB,KAAKuB,CAAL,IAAU,IAAlC,EAAyC,OAAO,IAAP;AACzC,SAAO,KAAKC,CAAL,CAAOrB,MAAP,CAAcT,UAAU,CAAC0C,IAAzB,KAAkC,CAAC,KAAKb,CAAL,CAAOZ,YAAP,GAAsBR,MAAtB,CAA6BT,UAAU,CAAC0C,IAAxC,CAA1C;AACH;;AAED,SAASE,aAAT,GAAyB;AACrB,SAAO,IAAIjB,SAAJ,CAAc,KAAKC,KAAnB,EAA0B,KAAKtB,CAA/B,EAAkC,KAAKuB,CAAL,CAAOjB,MAAP,EAAlC,EAAmD,KAAKkB,CAAxD,CAAP;AACH;;AAED,SAASe,UAAT,CAAoB9B,CAApB,EAAuB;AACnB,MAAG,KAAKwB,UAAL,EAAH,EAAsB,OAAOxB,CAAP;AACtB,MAAGA,CAAC,CAACwB,UAAF,EAAH,EAAmB,OAAO,IAAP,CAFA,CAInB;;AACA,MAAIC,CAAC,GAAGzB,CAAC,CAACc,CAAF,CAAIZ,YAAJ,GAAmBI,QAAnB,CAA4B,KAAKS,CAAjC,EAAoCX,QAApC,CAA6C,KAAKU,CAAL,CAAOZ,YAAP,GAAsBI,QAAtB,CAA+BN,CAAC,CAACe,CAAjC,CAA7C,EAAkFjB,GAAlF,CAAsF,KAAKe,KAAL,CAAWvB,CAAjG,CAAR,CALmB,CAMnB;;AACA,MAAIoC,CAAC,GAAG1B,CAAC,CAACT,CAAF,CAAIW,YAAJ,GAAmBI,QAAnB,CAA4B,KAAKS,CAAjC,EAAoCX,QAApC,CAA6C,KAAKb,CAAL,CAAOW,YAAP,GAAsBI,QAAtB,CAA+BN,CAAC,CAACe,CAAjC,CAA7C,EAAkFjB,GAAlF,CAAsF,KAAKe,KAAL,CAAWvB,CAAjG,CAAR;;AAEA,MAAGL,UAAU,CAAC0C,IAAX,CAAgBjC,MAAhB,CAAuBgC,CAAvB,CAAH,EAA8B;AAC1B,QAAGzC,UAAU,CAAC0C,IAAX,CAAgBjC,MAAhB,CAAuB+B,CAAvB,CAAH,EAA8B;AAC1B,aAAO,KAAKM,KAAL,EAAP,CAD0B,CACL;AACxB;;AACR,WAAO,KAAKlB,KAAL,CAAWmB,WAAX,EAAP,CAJiC,CAIA;AAC7B;;AAED,MAAIC,KAAK,GAAG,IAAIhD,UAAJ,CAAe,GAAf,CAAZ;AACA,MAAIiD,EAAE,GAAG,KAAK3C,CAAL,CAAOW,YAAP,EAAT;AACA,MAAIiC,EAAE,GAAG,KAAKrB,CAAL,CAAOZ,YAAP,EAAT;AACA,MAAIkC,EAAE,GAAGpC,CAAC,CAACT,CAAF,CAAIW,YAAJ,EAAT;AACA,MAAImC,EAAE,GAAGrC,CAAC,CAACc,CAAF,CAAIZ,YAAJ,EAAT;AAEA,MAAIoC,EAAE,GAAGZ,CAAC,CAAClB,MAAF,EAAT;AACA,MAAI+B,EAAE,GAAGD,EAAE,CAAChC,QAAH,CAAYoB,CAAZ,CAAT;AACA,MAAIc,IAAI,GAAGN,EAAE,CAAC5B,QAAH,CAAYgC,EAAZ,CAAX;AACA,MAAIG,GAAG,GAAGhB,CAAC,CAACjB,MAAF,GAAWF,QAAX,CAAoB,KAAKS,CAAzB,CAAV,CAzBmB,CA2BnB;;AACA,MAAI2B,EAAE,GAAGD,GAAG,CAACrC,QAAJ,CAAaoC,IAAI,CAACG,SAAL,CAAe,CAAf,CAAb,EAAgCrC,QAAhC,CAAyCN,CAAC,CAACe,CAA3C,EAA8CX,QAA9C,CAAuDmC,EAAvD,EAA2DjC,QAA3D,CAAoEoB,CAApE,EAAuE5B,GAAvE,CAA2E,KAAKe,KAAL,CAAWvB,CAAtF,CAAT,CA5BmB,CA6BnB;;AACA,MAAIsD,EAAE,GAAGJ,IAAI,CAAClC,QAAL,CAAc2B,KAAd,EAAqB3B,QAArB,CAA8BmB,CAA9B,EAAiCrB,QAAjC,CAA0C+B,EAAE,CAAC7B,QAAH,CAAYiC,EAAZ,CAA1C,EAA2DnC,QAA3D,CAAoEqC,GAAG,CAACnC,QAAJ,CAAamB,CAAb,CAApE,EAAqFnB,QAArF,CAA8FN,CAAC,CAACe,CAAhG,EAAmGd,GAAnG,CAAuGwB,CAAC,CAACnB,QAAF,CAAWiC,EAAX,CAAvG,EAAuHzC,GAAvH,CAA2H,KAAKe,KAAL,CAAWvB,CAAtI,CAAT,CA9BmB,CA+BnB;;AACA,MAAIuD,EAAE,GAAGN,EAAE,CAACjC,QAAH,CAAY,KAAKS,CAAjB,EAAoBT,QAApB,CAA6BN,CAAC,CAACe,CAA/B,EAAkCjB,GAAlC,CAAsC,KAAKe,KAAL,CAAWvB,CAAjD,CAAT;AAEA,SAAO,IAAIsB,SAAJ,CAAc,KAAKC,KAAnB,EAA0B,KAAKA,KAAL,CAAWQ,cAAX,CAA0BqB,EAA1B,CAA1B,EAAyD,KAAK7B,KAAL,CAAWQ,cAAX,CAA0BuB,EAA1B,CAAzD,EAAwFC,EAAxF,CAAP;AACH;;AAED,SAASC,YAAT,GAAwB;AACpB,MAAG,KAAKtB,UAAL,EAAH,EAAsB,OAAO,IAAP;AACtB,MAAG,KAAKV,CAAL,CAAOZ,YAAP,GAAsB6C,MAAtB,MAAkC,CAArC,EAAwC,OAAO,KAAKlC,KAAL,CAAWmB,WAAX,EAAP,CAFpB,CAIpB;;AACA,MAAIC,KAAK,GAAG,IAAIhD,UAAJ,CAAe,GAAf,CAAZ;AACA,MAAIiD,EAAE,GAAG,KAAK3C,CAAL,CAAOW,YAAP,EAAT;AACA,MAAIiC,EAAE,GAAG,KAAKrB,CAAL,CAAOZ,YAAP,EAAT;AAEA,MAAI8C,IAAI,GAAGb,EAAE,CAAC7B,QAAH,CAAY,KAAKS,CAAjB,CAAX;AACA,MAAIkC,MAAM,GAAGD,IAAI,CAAC1C,QAAL,CAAc6B,EAAd,EAAkBrC,GAAlB,CAAsB,KAAKe,KAAL,CAAWvB,CAAjC,CAAb;AACA,MAAI4D,CAAC,GAAG,KAAKrC,KAAL,CAAWqC,CAAX,CAAahD,YAAb,EAAR,CAXoB,CAapB;;AACA,MAAIiD,CAAC,GAAGjB,EAAE,CAAC1B,MAAH,GAAYF,QAAZ,CAAqB2B,KAArB,CAAR;;AACA,MAAG,CAAChD,UAAU,CAAC0C,IAAX,CAAgBjC,MAAhB,CAAuBwD,CAAvB,CAAJ,EAA+B;AAC7BC,IAAAA,CAAC,GAAGA,CAAC,CAAClD,GAAF,CAAM,KAAKc,CAAL,CAAOP,MAAP,GAAgBF,QAAhB,CAAyB4C,CAAzB,CAAN,CAAJ;AACD;;AACDC,EAAAA,CAAC,GAAGA,CAAC,CAACrD,GAAF,CAAM,KAAKe,KAAL,CAAWvB,CAAjB,CAAJ,CAlBoB,CAmBpB;AACA;;AACA,MAAIoD,EAAE,GAAGS,CAAC,CAAC3C,MAAF,GAAWJ,QAAX,CAAoB8B,EAAE,CAACS,SAAH,CAAa,CAAb,EAAgBrC,QAAhB,CAAyB2C,MAAzB,CAApB,EAAsDN,SAAtD,CAAgE,CAAhE,EAAmErC,QAAnE,CAA4E0C,IAA5E,EAAkFlD,GAAlF,CAAsF,KAAKe,KAAL,CAAWvB,CAAjG,CAAT,CArBoB,CAsBpB;;AACA,MAAIsD,EAAE,GAAGO,CAAC,CAAC7C,QAAF,CAAW2B,KAAX,EAAkB3B,QAAlB,CAA2B4B,EAA3B,EAA+B9B,QAA/B,CAAwC6C,MAAM,CAACN,SAAP,CAAiB,CAAjB,CAAxC,EAA6DA,SAA7D,CAAuE,CAAvE,EAA0ErC,QAA1E,CAAmF2C,MAAnF,EAA2F7C,QAA3F,CAAoG+C,CAAC,CAAC3C,MAAF,GAAWF,QAAX,CAAoB6C,CAApB,CAApG,EAA4HrD,GAA5H,CAAgI,KAAKe,KAAL,CAAWvB,CAA3I,CAAT,CAvBoB,CAwBpB;;AACA,MAAIuD,EAAE,GAAGG,IAAI,CAACxC,MAAL,GAAcF,QAAd,CAAuB0C,IAAvB,EAA6BL,SAA7B,CAAuC,CAAvC,EAA0C7C,GAA1C,CAA8C,KAAKe,KAAL,CAAWvB,CAAzD,CAAT;AAEA,SAAO,IAAIsB,SAAJ,CAAc,KAAKC,KAAnB,EAA0B,KAAKA,KAAL,CAAWQ,cAAX,CAA0BqB,EAA1B,CAA1B,EAAyD,KAAK7B,KAAL,CAAWQ,cAAX,CAA0BuB,EAA1B,CAAzD,EAAwFC,EAAxF,CAAP;AACH,C,CAED;AACA;;;AACA,SAASO,eAAT,CAAyBC,CAAzB,EAA4B;AACxB,MAAG,KAAK7B,UAAL,EAAH,EAAsB,OAAO,IAAP;AACtB,MAAG6B,CAAC,CAACN,MAAF,MAAc,CAAjB,EAAoB,OAAO,KAAKlC,KAAL,CAAWmB,WAAX,EAAP;AAEpB,MAAIsB,CAAC,GAAGD,CAAR;AACA,MAAIE,CAAC,GAAGD,CAAC,CAAChD,QAAF,CAAW,IAAIrB,UAAJ,CAAe,GAAf,CAAX,CAAR;AAEA,MAAIuE,GAAG,GAAG,KAAK3D,MAAL,EAAV;AACA,MAAI4D,CAAC,GAAG,IAAR;AAEA,MAAIC,CAAJ;;AACA,OAAIA,CAAC,GAAGH,CAAC,CAACI,SAAF,KAAgB,CAAxB,EAA2BD,CAAC,GAAG,CAA/B,EAAkC,EAAEA,CAApC,EAAuC;AAC1CD,IAAAA,CAAC,GAAGA,CAAC,CAAC1B,KAAF,EAAJ;AAEA,QAAI6B,IAAI,GAAGL,CAAC,CAACM,OAAF,CAAUH,CAAV,CAAX;AACA,QAAII,IAAI,GAAGR,CAAC,CAACO,OAAF,CAAUH,CAAV,CAAX;;AAEA,QAAIE,IAAI,IAAIE,IAAZ,EAAkB;AACdL,MAAAA,CAAC,GAAGA,CAAC,CAACxD,GAAF,CAAM2D,IAAI,GAAG,IAAH,GAAUJ,GAApB,CAAJ;AACH;AACG;;AAED,SAAOC,CAAP;AACH,C,CAED;;;AACA,SAASM,kBAAT,CAA4BC,CAA5B,EAA8BzE,CAA9B,EAAgC8D,CAAhC,EAAmC;AACjC,MAAIK,CAAJ;AACA,MAAGM,CAAC,CAACL,SAAF,KAAgBN,CAAC,CAACM,SAAF,EAAnB,EACED,CAAC,GAAGM,CAAC,CAACL,SAAF,KAAgB,CAApB,CADF,KAGED,CAAC,GAAGL,CAAC,CAACM,SAAF,KAAgB,CAApB;AAEF,MAAIF,CAAC,GAAG,KAAK5C,KAAL,CAAWmB,WAAX,EAAR;AACA,MAAIiC,IAAI,GAAG,KAAKhE,GAAL,CAASV,CAAT,CAAX;;AACA,SAAMmE,CAAC,IAAI,CAAX,EAAc;AACZD,IAAAA,CAAC,GAAGA,CAAC,CAAC1B,KAAF,EAAJ;;AACA,QAAGiC,CAAC,CAACH,OAAF,CAAUH,CAAV,CAAH,EAAiB;AACf,UAAGL,CAAC,CAACQ,OAAF,CAAUH,CAAV,CAAH,EAAiB;AACfD,QAAAA,CAAC,GAAGA,CAAC,CAACxD,GAAF,CAAMgE,IAAN,CAAJ;AACD,OAFD,MAGK;AACHR,QAAAA,CAAC,GAAGA,CAAC,CAACxD,GAAF,CAAM,IAAN,CAAJ;AACD;AACF,KAPD,MAQK;AACH,UAAGoD,CAAC,CAACQ,OAAF,CAAUH,CAAV,CAAH,EAAiB;AACfD,QAAAA,CAAC,GAAGA,CAAC,CAACxD,GAAF,CAAMV,CAAN,CAAJ;AACD;AACF;;AACD,MAAEmE,CAAF;AACD;;AAED,SAAOD,CAAP;AACD;;AAED7C,SAAS,CAACxB,SAAV,CAAoB8E,IAApB,GAA2BhD,WAA3B;AACAN,SAAS,CAACxB,SAAV,CAAoB+E,IAApB,GAA2B7C,WAA3B;AACAV,SAAS,CAACxB,SAAV,CAAoBM,MAApB,GAA6B6B,aAA7B;AACAX,SAAS,CAACxB,SAAV,CAAoBoC,UAApB,GAAiCI,iBAAjC;AACAhB,SAAS,CAACxB,SAAV,CAAoBS,MAApB,GAA6BgC,aAA7B;AACAjB,SAAS,CAACxB,SAAV,CAAoBa,GAApB,GAA0B6B,UAA1B;AACAlB,SAAS,CAACxB,SAAV,CAAoB2C,KAApB,GAA4Be,YAA5B;AACAlC,SAAS,CAACxB,SAAV,CAAoBkB,QAApB,GAA+B8C,eAA/B;AACAxC,SAAS,CAACxB,SAAV,CAAoBgF,WAApB,GAAkCL,kBAAlC,C,CAEA;AACA;AAEA;;AACA,SAASM,SAAT,CAAmB/E,CAAnB,EAAqB4D,CAArB,EAAuBlD,CAAvB,EAA0B;AACtB,OAAKV,CAAL,GAASA,CAAT;AACA,OAAK4D,CAAL,GAAS,KAAK7B,cAAL,CAAoB6B,CAApB,CAAT;AACA,OAAKlD,CAAL,GAAS,KAAKqB,cAAL,CAAoBrB,CAApB,CAAT;AACA,OAAKsE,QAAL,GAAgB,IAAI1D,SAAJ,CAAc,IAAd,EAAoB,IAApB,EAA0B,IAA1B,CAAhB;AACA,OAAK2D,OAAL,GAAe,IAAIpF,OAAJ,CAAY,KAAKG,CAAjB,CAAf;AACH;;AAED,SAASkF,WAAT,GAAuB;AACnB,SAAO,KAAKlF,CAAZ;AACH;;AAED,SAASmF,WAAT,GAAuB;AACnB,SAAO,KAAKvB,CAAZ;AACH;;AAED,SAASwB,WAAT,GAAuB;AACnB,SAAO,KAAK1E,CAAZ;AACH;;AAED,SAAS2E,aAAT,CAAuBlF,KAAvB,EAA8B;AAC1B,MAAGA,KAAK,IAAI,IAAZ,EAAkB,OAAO,IAAP;AAClB,SAAO,KAAKH,CAAL,CAAOI,MAAP,CAAcD,KAAK,CAACH,CAApB,KAA0B,KAAK4D,CAAL,CAAOxD,MAAP,CAAcD,KAAK,CAACyD,CAApB,CAA1B,IAAoD,KAAKlD,CAAL,CAAON,MAAP,CAAcD,KAAK,CAACO,CAApB,CAA3D;AACH;;AAED,SAAS4E,kBAAT,GAA8B;AAC1B,SAAO,KAAKN,QAAZ;AACH;;AAED,SAASO,qBAAT,CAA+BtF,CAA/B,EAAkC;AAC9B,SAAO,IAAIF,gBAAJ,CAAqB,KAAKC,CAA1B,EAA6BC,CAA7B,CAAP;AACH;;AAED,SAASuF,WAAT,CAAqBvF,CAArB,EAAwB;AACpB,OAAKgF,OAAL,CAAanD,MAAb,CAAoB7B,CAApB;AACH,C,CAED;;;AACA,SAASwF,qBAAT,CAA+BC,CAA/B,EAAkC;AAC9B,UAAOC,QAAQ,CAACD,CAAC,CAACE,MAAF,CAAS,CAAT,EAAW,CAAX,CAAD,EAAgB,EAAhB,CAAf;AAAsC;AACtC,SAAK,CAAL;AACH,aAAO,KAAKZ,QAAZ;;AACG,SAAK,CAAL;AACA,SAAK,CAAL;AACH;AACA,aAAO,IAAP;;AACG,SAAK,CAAL;AACA,SAAK,CAAL;AACA,SAAK,CAAL;AACH,UAAIa,GAAG,GAAG,CAACH,CAAC,CAACI,MAAF,GAAW,CAAZ,IAAiB,CAA3B;AACA,UAAIC,IAAI,GAAGL,CAAC,CAACE,MAAF,CAAS,CAAT,EAAYC,GAAZ,CAAX;AACA,UAAIG,IAAI,GAAGN,CAAC,CAACE,MAAF,CAASC,GAAG,GAAC,CAAb,EAAgBA,GAAhB,CAAX;AAEA,aAAO,IAAIvE,SAAJ,CAAc,IAAd,EACA,KAAKS,cAAL,CAAoB,IAAIpC,UAAJ,CAAeoG,IAAf,EAAqB,EAArB,CAApB,CADA,EAEA,KAAKhE,cAAL,CAAoB,IAAIpC,UAAJ,CAAeqG,IAAf,EAAqB,EAArB,CAApB,CAFA,CAAP;;AAIG;AAAS;AACZ,aAAO,IAAP;AAnBG;AAqBH;;AAED,SAASC,qBAAT,CAA+BC,CAA/B,EAAkC;AACjC,MAAIA,CAAC,CAAChE,UAAF,EAAJ,EAAoB,OAAO,IAAP;AACpB,MAAI6D,IAAI,GAAGG,CAAC,CAACtB,IAAF,GAAShE,YAAT,GAAwBuF,QAAxB,CAAiC,EAAjC,CAAX;AACA,MAAIH,IAAI,GAAGE,CAAC,CAACrB,IAAF,GAASjE,YAAT,GAAwBuF,QAAxB,CAAiC,EAAjC,CAAX;AACA,MAAIC,IAAI,GAAG,KAAKC,IAAL,GAAYF,QAAZ,CAAqB,EAArB,EAAyBL,MAApC;AACA,MAAKM,IAAI,GAAG,CAAR,IAAc,CAAlB,EAAqBA,IAAI;;AACzB,SAAOL,IAAI,CAACD,MAAL,GAAcM,IAArB,EAA2B;AAC1BL,IAAAA,IAAI,GAAG,MAAMA,IAAb;AACA;;AACD,SAAOC,IAAI,CAACF,MAAL,GAAcM,IAArB,EAA2B;AAC1BJ,IAAAA,IAAI,GAAG,MAAMA,IAAb;AACA;;AACD,SAAO,OAAOD,IAAP,GAAcC,IAArB;AACA;;AAEDjB,SAAS,CAACjF,SAAV,CAAoBuG,IAApB,GAA2BnB,WAA3B;AACAH,SAAS,CAACjF,SAAV,CAAoBwG,IAApB,GAA2BnB,WAA3B;AACAJ,SAAS,CAACjF,SAAV,CAAoByG,IAApB,GAA2BnB,WAA3B;AACAL,SAAS,CAACjF,SAAV,CAAoBM,MAApB,GAA6BiF,aAA7B;AACAN,SAAS,CAACjF,SAAV,CAAoB4C,WAApB,GAAkC4C,kBAAlC;AACAP,SAAS,CAACjF,SAAV,CAAoBiC,cAApB,GAAqCwD,qBAArC;AACAR,SAAS,CAACjF,SAAV,CAAoBgC,MAApB,GAA6B0D,WAA7B,C,CACA;;AACAT,SAAS,CAACjF,SAAV,CAAoB0G,cAApB,GAAqCP,qBAArC,C,CAEA;;AACAlB,SAAS,CAACjF,SAAV,CAAoB2G,cAApB,GAAqC,UAASf,CAAT,EACrC;AACC,MAAIgB,OAAJ;;AACG,UAAOf,QAAQ,CAACD,CAAC,CAACE,MAAF,CAAS,CAAT,EAAW,CAAX,CAAD,EAAgB,EAAhB,CAAf;AAAsC;AACtC,SAAK,CAAL;AACH,aAAO,KAAKZ,QAAZ;;AACG,SAAK,CAAL;AACH0B,MAAAA,OAAO,GAAG,KAAV;;AACG,SAAK,CAAL;AACH,UAAGA,OAAO,IAAIC,SAAd,EAAyBD,OAAO,GAAG,IAAV;AACzB,UAAIb,GAAG,GAAGH,CAAC,CAACI,MAAF,GAAW,CAArB;AACA,UAAIC,IAAI,GAAGL,CAAC,CAACE,MAAF,CAAS,CAAT,EAAYC,GAAZ,CAAX;AACA,UAAI5F,CAAC,GAAG,KAAK8B,cAAL,CAAoB,IAAIpC,UAAJ,CAAeoG,IAAf,EAAoB,EAApB,CAApB,CAAR;AACA,UAAIa,KAAK,GAAG3G,CAAC,CAACe,QAAF,CAAWf,CAAC,CAACiB,MAAF,GAAWP,GAAX,CAAe,KAAK2F,IAAL,EAAf,CAAX,EAAwC3F,GAAxC,CAA4C,KAAK4F,IAAL,EAA5C,CAAZ;AACA,UAAIM,IAAI,GAAGD,KAAK,CAACE,IAAN,EAAX;AAEG,UAAID,IAAI,IAAI,IAAZ,EAAkB,MAAM,2BAAN;AAElB,UAAIE,SAAS,GAAGF,IAAI,CAACjG,YAAL,EAAhB;;AACA,UAAImG,SAAS,CAACxC,OAAV,CAAkB,CAAlB,KAAwBmC,OAA5B,EACA;AACI;AACAG,QAAAA,IAAI,GAAG,KAAK9E,cAAL,CAAoB,KAAKsE,IAAL,GAAYvF,QAAZ,CAAqBiG,SAArB,CAApB,CAAP;AACH;;AACD,aAAO,IAAIzF,SAAJ,CAAc,IAAd,EAAmBrB,CAAnB,EAAqB4G,IAArB,CAAP;;AACA,SAAK,CAAL;AACA,SAAK,CAAL;AACA,SAAK,CAAL;AACH,UAAIhB,GAAG,GAAG,CAACH,CAAC,CAACI,MAAF,GAAW,CAAZ,IAAiB,CAA3B;AACA,UAAIC,IAAI,GAAGL,CAAC,CAACE,MAAF,CAAS,CAAT,EAAYC,GAAZ,CAAX;AACA,UAAIG,IAAI,GAAGN,CAAC,CAACE,MAAF,CAASC,GAAG,GAAC,CAAb,EAAgBA,GAAhB,CAAX;AAEA,aAAO,IAAIvE,SAAJ,CAAc,IAAd,EACA,KAAKS,cAAL,CAAoB,IAAIpC,UAAJ,CAAeoG,IAAf,EAAqB,EAArB,CAApB,CADA,EAEA,KAAKhE,cAAL,CAAoB,IAAIpC,UAAJ,CAAeqG,IAAf,EAAqB,EAArB,CAApB,CAFA,CAAP;;AAIG;AAAS;AACZ,aAAO,IAAP;AAlCG;AAoCH,CAvCD;;AAwCAjB,SAAS,CAACjF,SAAV,CAAoBkH,wBAApB,GAA+C,UAASd,CAAT,EAC/C;AACC,MAAIA,CAAC,CAAChE,UAAF,EAAJ,EAAoB,OAAO,IAAP;AACpB,MAAI6D,IAAI,GAAGG,CAAC,CAACtB,IAAF,GAAShE,YAAT,GAAwBuF,QAAxB,CAAiC,EAAjC,CAAX;AACA,MAAIC,IAAI,GAAG,KAAKC,IAAL,GAAYF,QAAZ,CAAqB,EAArB,EAAyBL,MAApC;AACA,MAAKM,IAAI,GAAG,CAAR,IAAc,CAAlB,EAAqBA,IAAI;;AACzB,SAAOL,IAAI,CAACD,MAAL,GAAcM,IAArB,EACCL,IAAI,GAAG,MAAMA,IAAb;;AACD,MAAIkB,OAAJ;AACA,MAAGf,CAAC,CAACrB,IAAF,GAASjE,YAAT,GAAwBsG,MAAxB,EAAH,EAAqCD,OAAO,GAAG,IAAV,CAArC,KACqCA,OAAO,GAAG,IAAV;AAErC,SAAOA,OAAO,GAAGlB,IAAjB;AACA,CAbD;;AAgBAhG,gBAAgB,CAACD,SAAjB,CAA2BqH,IAA3B,GAAkC,YAClC;AACC,MAAG,KAAKtF,CAAL,IAAU8E,SAAb,EAAwB,OAAO,KAAK9E,CAAZ;AAErB,OAAKA,CAAL,GAAS,IAAT;AACA,MAAIwC,SAAS,GAAG,KAAKrE,CAAL,CAAOqE,SAAP,EAAhB;;AACA,MAAIA,SAAS,GAAG,GAAhB,EACA;AACI,QAAI+C,SAAS,GAAG,KAAKpH,CAAL,CAAOqH,UAAP,CAAkBhD,SAAS,GAAG,EAA9B,CAAhB;;AACA,QAAI+C,SAAS,CAACE,QAAV,MAAwB,CAAC,CAA7B,EACA;AACI,WAAKzF,CAAL,GAASlC,UAAU,CAAC+B,GAAX,CAAe2B,SAAf,CAAyBgB,SAAzB,EAAoCvD,QAApC,CAA6C,KAAKd,CAAlD,CAAT;AACH;AACJ;;AACD,SAAO,KAAK6B,CAAZ;AACH,CAfD;;AAgBA9B,gBAAgB,CAACD,SAAjB,CAA2ByH,OAA3B,GAAqC,UAAS3E,EAAT,EAAYE,EAAZ,EACrC;AACI,SAAO,KAAK0E,SAAL,CAAe5E,EAAE,CAAC5B,QAAH,CAAY8B,EAAZ,CAAf,CAAP;AACH,CAHD;;AAIA/C,gBAAgB,CAACD,SAAjB,CAA2B0H,SAA3B,GAAuC,UAASvH,CAAT,EACvC;AACI,MAAI,KAAKkH,IAAL,MAAe,IAAnB,EACA;AACI,QAAIM,IAAI,GAAGzH,CAAC,CAACqE,SAAF,EAAX;;AACA,WAAOpE,CAAC,CAACoE,SAAF,KAAiBoD,IAAI,GAAG,CAA/B,EACA;AACI,UAAItF,CAAC,GAAGlC,CAAC,CAACoH,UAAF,CAAaI,IAAb,CAAR;AACA,UAAIrF,CAAC,GAAGnC,CAAC,CAACa,QAAF,CAAWqB,CAAC,CAACkB,SAAF,CAAYoE,IAAZ,CAAX,CAAR;;AACA,UAAI,CAAC,KAAKN,IAAL,GAAY/G,MAAZ,CAAmBT,UAAU,CAAC+B,GAA9B,CAAL,EACA;AACIS,QAAAA,CAAC,GAAGA,CAAC,CAACnB,QAAF,CAAW,KAAKmG,IAAL,EAAX,CAAJ;AACH;;AACDlH,MAAAA,CAAC,GAAGkC,CAAC,CAACxB,GAAF,CAAMyB,CAAN,CAAJ;AACH;;AACD,WAAOnC,CAAC,CAACyH,SAAF,CAAY1H,CAAZ,KAAkB,CAAzB,EACA;AACIC,MAAAA,CAAC,GAAGA,CAAC,CAACa,QAAF,CAAWd,CAAX,CAAJ;AACH;AACJ,GAjBD,MAmBA;AACIC,IAAAA,CAAC,GAAGA,CAAC,CAACO,GAAF,CAAMR,CAAN,CAAJ;AACH;;AACD,SAAOC,CAAP;AACH,CAzBD;;AA0BAF,gBAAgB,CAACD,SAAjB,CAA2BgH,IAA3B,GAAkC,YAClC;AACI,MAAI,CAAC,KAAK9G,CAAL,CAAOuE,OAAP,CAAe,CAAf,CAAL,EAAwB,MAAM,aAAN,CAD5B,CAGI;;AACA,MAAI,KAAKvE,CAAL,CAAOuE,OAAP,CAAe,CAAf,CAAJ,EACA;AACC,QAAI9C,CAAC,GAAG,IAAI1B,gBAAJ,CAAqB,KAAKC,CAA1B,EAA4B,KAAKC,CAAL,CAAO0H,MAAP,CAAc,KAAK3H,CAAL,CAAOqH,UAAP,CAAkB,CAAlB,EAAqB1G,GAArB,CAAyBhB,UAAU,CAAC+B,GAApC,CAAd,EAAuD,KAAK1B,CAA5D,CAA5B,CAAR;AACA,WAAOyB,CAAC,CAACP,MAAF,GAAWd,MAAX,CAAkB,IAAlB,IAA0BqB,CAA1B,GAA8B,IAArC;AACA,GARL,CAUI;;;AACA,MAAImG,SAAS,GAAG,KAAK5H,CAAL,CAAOc,QAAP,CAAgBnB,UAAU,CAAC+B,GAA3B,CAAhB;AAEA,MAAImG,gBAAgB,GAAGD,SAAS,CAACP,UAAV,CAAqB,CAArB,CAAvB;;AACA,MAAI,CAAE,KAAKpH,CAAL,CAAO0H,MAAP,CAAcE,gBAAd,EAAgC,KAAK7H,CAArC,EAAwCI,MAAxC,CAA+CT,UAAU,CAAC+B,GAA1D,CAAN,EACA;AACI,WAAO,IAAP;AACH;;AAED,MAAIS,CAAC,GAAGyF,SAAS,CAACP,UAAV,CAAqB,CAArB,CAAR;AACA,MAAItD,CAAC,GAAG5B,CAAC,CAACkB,SAAF,CAAY,CAAZ,EAAe1C,GAAf,CAAmBhB,UAAU,CAAC+B,GAA9B,CAAR;AAEA,MAAIoG,CAAC,GAAG,KAAK7H,CAAb;AACA,MAAI8H,KAAK,GAAGC,SAAS,CAACA,SAAS,CAACF,CAAD,CAAV,CAArB;AAEA,MAAIG,CAAJ,EAAOC,CAAP;;AACA,KACA;AACI,QAAIC,CAAJ;;AACA,OACA;AACIA,MAAAA,CAAC,GAAG,IAAIxI,UAAJ,CAAe,KAAKK,CAAL,CAAOqE,SAAP,EAAf,EAAmC,IAAI+D,YAAJ,EAAnC,CAAJ;AACH,KAHD,QAIOD,CAAC,CAACT,SAAF,CAAY,KAAK1H,CAAjB,KAAuB,CAAvB,IACA,CAAEmI,CAAC,CAACnH,QAAF,CAAWmH,CAAX,EAAcrH,QAAd,CAAuBiH,KAAvB,EAA8BJ,MAA9B,CAAqCE,gBAArC,EAAuD,KAAK7H,CAA5D,EAA+DI,MAA/D,CAAsEwH,SAAtE,CALT;;AAOA,QAAIS,MAAM,GAAG,KAAKC,aAAL,CAAmBH,CAAnB,EAAsBL,CAAtB,EAAyB/D,CAAzB,CAAb;AACAkE,IAAAA,CAAC,GAAGI,MAAM,CAAC,CAAD,CAAV;AACAH,IAAAA,CAAC,GAAGG,MAAM,CAAC,CAAD,CAAV;;AAEA,QAAI,KAAKd,OAAL,CAAaW,CAAb,EAAgBA,CAAhB,EAAmB9H,MAAnB,CAA0B2H,KAA1B,CAAJ,EACA;AACI;AACA,UAAIG,CAAC,CAAC3D,OAAF,CAAU,CAAV,CAAJ,EACA;AACI2D,QAAAA,CAAC,GAAGA,CAAC,CAACvH,GAAF,CAAMX,CAAN,CAAJ;AACH;;AAEDkI,MAAAA,CAAC,GAAGA,CAAC,CAACb,UAAF,CAAa,CAAb,CAAJ;AAEA,aAAO,IAAItH,gBAAJ,CAAqBC,CAArB,EAAuBkI,CAAvB,CAAP;AACH;AACJ,GA1BD,QA2BOD,CAAC,CAAC7H,MAAF,CAAST,UAAU,CAAC+B,GAApB,KAA4BuG,CAAC,CAAC7H,MAAF,CAASwH,SAAT,CA3BnC;;AA6BA,SAAO,IAAP;AACH,CAzDD;;AA0DA7H,gBAAgB,CAACD,SAAjB,CAA2BwI,aAA3B,GAA2C,UAASH,CAAT,EAAWL,CAAX,EAAa/D,CAAb,EAC3C;AACI,MAAIwE,CAAC,GAAGxE,CAAC,CAACM,SAAF,EAAR;AACA,MAAIqB,CAAC,GAAG3B,CAAC,CAACyE,eAAF,EAAR;AAEA,MAAIC,EAAE,GAAG9I,UAAU,CAAC+B,GAApB;AACA,MAAIgH,EAAE,GAAG/I,UAAU,CAACgJ,GAApB;AACA,MAAIC,EAAE,GAAGT,CAAT;AACA,MAAIU,EAAE,GAAGlJ,UAAU,CAAC+B,GAApB;AACA,MAAIoH,EAAE,GAAGnJ,UAAU,CAAC+B,GAApB;;AAEA,OAAK,IAAIgD,CAAC,GAAG6D,CAAC,GAAG,CAAjB,EAAoB7D,CAAC,IAAIgB,CAAC,GAAG,CAA7B,EAAgC,EAAEhB,CAAlC,EACA;AACImE,IAAAA,EAAE,GAAG,KAAKtB,OAAL,CAAasB,EAAb,EAAiBC,EAAjB,CAAL;;AAEA,QAAI/E,CAAC,CAACQ,OAAF,CAAUG,CAAV,CAAJ,EACA;AACIoE,MAAAA,EAAE,GAAG,KAAKvB,OAAL,CAAasB,EAAb,EAAiBf,CAAjB,CAAL;AACAW,MAAAA,EAAE,GAAG,KAAKlB,OAAL,CAAakB,EAAb,EAAiBG,EAAjB,CAAL;AACAF,MAAAA,EAAE,GAAG,KAAKlB,SAAL,CAAeoB,EAAE,CAAC5H,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyBqH,CAAC,CAACnH,QAAF,CAAW6H,EAAX,CAAzB,CAAf,CAAL;AACAD,MAAAA,EAAE,GAAG,KAAKpB,SAAL,CAAeoB,EAAE,CAAC5H,QAAH,CAAY4H,EAAZ,EAAgB9H,QAAhB,CAAyBgI,EAAE,CAACzF,SAAH,CAAa,CAAb,CAAzB,CAAf,CAAL;AACH,KAND,MAQA;AACIyF,MAAAA,EAAE,GAAGD,EAAL;AACAJ,MAAAA,EAAE,GAAG,KAAKjB,SAAL,CAAeiB,EAAE,CAACzH,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyB+H,EAAzB,CAAf,CAAL;AACAD,MAAAA,EAAE,GAAG,KAAKpB,SAAL,CAAeoB,EAAE,CAAC5H,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyBqH,CAAC,CAACnH,QAAF,CAAW6H,EAAX,CAAzB,CAAf,CAAL;AACAH,MAAAA,EAAE,GAAG,KAAKlB,SAAL,CAAekB,EAAE,CAAC1H,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyB+H,EAAE,CAACxF,SAAH,CAAa,CAAb,CAAzB,CAAf,CAAL;AACH;AACJ;;AAEDwF,EAAAA,EAAE,GAAG,KAAKtB,OAAL,CAAasB,EAAb,EAAiBC,EAAjB,CAAL;AACAA,EAAAA,EAAE,GAAG,KAAKvB,OAAL,CAAasB,EAAb,EAAiBf,CAAjB,CAAL;AACAW,EAAAA,EAAE,GAAG,KAAKjB,SAAL,CAAeiB,EAAE,CAACzH,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyB+H,EAAzB,CAAf,CAAL;AACAH,EAAAA,EAAE,GAAG,KAAKlB,SAAL,CAAeoB,EAAE,CAAC5H,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyBqH,CAAC,CAACnH,QAAF,CAAW6H,EAAX,CAAzB,CAAf,CAAL;AACAA,EAAAA,EAAE,GAAG,KAAKtB,OAAL,CAAasB,EAAb,EAAiBC,EAAjB,CAAL;;AAEA,OAAK,IAAIpE,CAAC,GAAG,CAAb,EAAgBA,CAAC,IAAIgB,CAArB,EAAwB,EAAEhB,CAA1B,EACA;AACI+D,IAAAA,EAAE,GAAG,KAAKlB,OAAL,CAAakB,EAAb,EAAiBC,EAAjB,CAAL;AACAA,IAAAA,EAAE,GAAG,KAAKlB,SAAL,CAAekB,EAAE,CAAC1H,QAAH,CAAY0H,EAAZ,EAAgB5H,QAAhB,CAAyB+H,EAAE,CAACxF,SAAH,CAAa,CAAb,CAAzB,CAAf,CAAL;AACAwF,IAAAA,EAAE,GAAG,KAAKtB,OAAL,CAAasB,EAAb,EAAiBA,EAAjB,CAAL;AACH;;AAED,SAAO,CAAEJ,EAAF,EAAMC,EAAN,CAAP;AACH,CA7CD;;AA+CA,IAAIK,OAAO,GAAG;AACZhE,EAAAA,SAAS,EAAEA,SADC;AAEZzD,EAAAA,SAAS,EAAEA,SAFC;AAGZvB,EAAAA,gBAAgB,EAAEA;AAHN,CAAd;AAMAiJ,MAAM,CAACD,OAAP,GAAiBA,OAAjB","sourcesContent":["// Basic Javascript Elliptic Curve implementation\n// Ported loosely from BouncyCastle's Java EC code\n// Only Fp curves implemented for now\n\n// Requires jsbn.js and jsbn2.js\nvar BigInteger = require('jsbn').BigInteger\nvar Barrett = BigInteger.prototype.Barrett\n\n// ----------------\n// ECFieldElementFp\n\n// constructor\nfunction ECFieldElementFp(q,x) {\n this.x = x;\n // TODO if(x.compareTo(q) >= 0) error\n this.q = q;\n}\n\nfunction feFpEquals(other) {\n if(other == this) return true;\n return (this.q.equals(other.q) && this.x.equals(other.x));\n}\n\nfunction feFpToBigInteger() {\n return this.x;\n}\n\nfunction feFpNegate() {\n return new ECFieldElementFp(this.q, this.x.negate().mod(this.q));\n}\n\nfunction feFpAdd(b) {\n return new ECFieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q));\n}\n\nfunction feFpSubtract(b) {\n return new ECFieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q));\n}\n\nfunction feFpMultiply(b) {\n return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q));\n}\n\nfunction feFpSquare() {\n return new ECFieldElementFp(this.q, this.x.square().mod(this.q));\n}\n\nfunction feFpDivide(b) {\n return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod(this.q));\n}\n\nECFieldElementFp.prototype.equals = feFpEquals;\nECFieldElementFp.prototype.toBigInteger = feFpToBigInteger;\nECFieldElementFp.prototype.negate = feFpNegate;\nECFieldElementFp.prototype.add = feFpAdd;\nECFieldElementFp.prototype.subtract = feFpSubtract;\nECFieldElementFp.prototype.multiply = feFpMultiply;\nECFieldElementFp.prototype.square = feFpSquare;\nECFieldElementFp.prototype.divide = feFpDivide;\n\n// ----------------\n// ECPointFp\n\n// constructor\nfunction ECPointFp(curve,x,y,z) {\n this.curve = curve;\n this.x = x;\n this.y = y;\n // Projective coordinates: either zinv == null or z * zinv == 1\n // z and zinv are just BigIntegers, not fieldElements\n if(z == null) {\n this.z = BigInteger.ONE;\n }\n else {\n this.z = z;\n }\n this.zinv = null;\n //TODO: compression flag\n}\n\nfunction pointFpGetX() {\n if(this.zinv == null) {\n this.zinv = this.z.modInverse(this.curve.q);\n }\n var r = this.x.toBigInteger().multiply(this.zinv);\n this.curve.reduce(r);\n return this.curve.fromBigInteger(r);\n}\n\nfunction pointFpGetY() {\n if(this.zinv == null) {\n this.zinv = this.z.modInverse(this.curve.q);\n }\n var r = this.y.toBigInteger().multiply(this.zinv);\n this.curve.reduce(r);\n return this.curve.fromBigInteger(r);\n}\n\nfunction pointFpEquals(other) {\n if(other == this) return true;\n if(this.isInfinity()) return other.isInfinity();\n if(other.isInfinity()) return this.isInfinity();\n var u, v;\n // u = Y2 * Z1 - Y1 * Z2\n u = other.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(other.z)).mod(this.curve.q);\n if(!u.equals(BigInteger.ZERO)) return false;\n // v = X2 * Z1 - X1 * Z2\n v = other.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(other.z)).mod(this.curve.q);\n return v.equals(BigInteger.ZERO);\n}\n\nfunction pointFpIsInfinity() {\n if((this.x == null) && (this.y == null)) return true;\n return this.z.equals(BigInteger.ZERO) && !this.y.toBigInteger().equals(BigInteger.ZERO);\n}\n\nfunction pointFpNegate() {\n return new ECPointFp(this.curve, this.x, this.y.negate(), this.z);\n}\n\nfunction pointFpAdd(b) {\n if(this.isInfinity()) return b;\n if(b.isInfinity()) return this;\n\n // u = Y2 * Z1 - Y1 * Z2\n var u = b.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(b.z)).mod(this.curve.q);\n // v = X2 * Z1 - X1 * Z2\n var v = b.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(b.z)).mod(this.curve.q);\n\n if(BigInteger.ZERO.equals(v)) {\n if(BigInteger.ZERO.equals(u)) {\n return this.twice(); // this == b, so double\n }\n\treturn this.curve.getInfinity(); // this = -b, so infinity\n }\n\n var THREE = new BigInteger(\"3\");\n var x1 = this.x.toBigInteger();\n var y1 = this.y.toBigInteger();\n var x2 = b.x.toBigInteger();\n var y2 = b.y.toBigInteger();\n\n var v2 = v.square();\n var v3 = v2.multiply(v);\n var x1v2 = x1.multiply(v2);\n var zu2 = u.square().multiply(this.z);\n\n // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)\n var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.q);\n // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3\n var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.q);\n // z3 = v^3 * z1 * z2\n var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.q);\n\n return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);\n}\n\nfunction pointFpTwice() {\n if(this.isInfinity()) return this;\n if(this.y.toBigInteger().signum() == 0) return this.curve.getInfinity();\n\n // TODO: optimized handling of constants\n var THREE = new BigInteger(\"3\");\n var x1 = this.x.toBigInteger();\n var y1 = this.y.toBigInteger();\n\n var y1z1 = y1.multiply(this.z);\n var y1sqz1 = y1z1.multiply(y1).mod(this.curve.q);\n var a = this.curve.a.toBigInteger();\n\n // w = 3 * x1^2 + a * z1^2\n var w = x1.square().multiply(THREE);\n if(!BigInteger.ZERO.equals(a)) {\n w = w.add(this.z.square().multiply(a));\n }\n w = w.mod(this.curve.q);\n //this.curve.reduce(w);\n // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)\n var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.q);\n // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3\n var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.square().multiply(w)).mod(this.curve.q);\n // z3 = 8 * (y1 * z1)^3\n var z3 = y1z1.square().multiply(y1z1).shiftLeft(3).mod(this.curve.q);\n\n return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);\n}\n\n// Simple NAF (Non-Adjacent Form) multiplication algorithm\n// TODO: modularize the multiplication algorithm\nfunction pointFpMultiply(k) {\n if(this.isInfinity()) return this;\n if(k.signum() == 0) return this.curve.getInfinity();\n\n var e = k;\n var h = e.multiply(new BigInteger(\"3\"));\n\n var neg = this.negate();\n var R = this;\n\n var i;\n for(i = h.bitLength() - 2; i > 0; --i) {\n\tR = R.twice();\n\n\tvar hBit = h.testBit(i);\n\tvar eBit = e.testBit(i);\n\n\tif (hBit != eBit) {\n\t R = R.add(hBit ? this : neg);\n\t}\n }\n\n return R;\n}\n\n// Compute this*j + x*k (simultaneous multiplication)\nfunction pointFpMultiplyTwo(j,x,k) {\n var i;\n if(j.bitLength() > k.bitLength())\n i = j.bitLength() - 1;\n else\n i = k.bitLength() - 1;\n\n var R = this.curve.getInfinity();\n var both = this.add(x);\n while(i >= 0) {\n R = R.twice();\n if(j.testBit(i)) {\n if(k.testBit(i)) {\n R = R.add(both);\n }\n else {\n R = R.add(this);\n }\n }\n else {\n if(k.testBit(i)) {\n R = R.add(x);\n }\n }\n --i;\n }\n\n return R;\n}\n\nECPointFp.prototype.getX = pointFpGetX;\nECPointFp.prototype.getY = pointFpGetY;\nECPointFp.prototype.equals = pointFpEquals;\nECPointFp.prototype.isInfinity = pointFpIsInfinity;\nECPointFp.prototype.negate = pointFpNegate;\nECPointFp.prototype.add = pointFpAdd;\nECPointFp.prototype.twice = pointFpTwice;\nECPointFp.prototype.multiply = pointFpMultiply;\nECPointFp.prototype.multiplyTwo = pointFpMultiplyTwo;\n\n// ----------------\n// ECCurveFp\n\n// constructor\nfunction ECCurveFp(q,a,b) {\n this.q = q;\n this.a = this.fromBigInteger(a);\n this.b = this.fromBigInteger(b);\n this.infinity = new ECPointFp(this, null, null);\n this.reducer = new Barrett(this.q);\n}\n\nfunction curveFpGetQ() {\n return this.q;\n}\n\nfunction curveFpGetA() {\n return this.a;\n}\n\nfunction curveFpGetB() {\n return this.b;\n}\n\nfunction curveFpEquals(other) {\n if(other == this) return true;\n return(this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b));\n}\n\nfunction curveFpGetInfinity() {\n return this.infinity;\n}\n\nfunction curveFpFromBigInteger(x) {\n return new ECFieldElementFp(this.q, x);\n}\n\nfunction curveReduce(x) {\n this.reducer.reduce(x);\n}\n\n// for now, work with hex strings because they're easier in JS\nfunction curveFpDecodePointHex(s) {\n switch(parseInt(s.substr(0,2), 16)) { // first byte\n case 0:\n\treturn this.infinity;\n case 2:\n case 3:\n\t// point compression not supported yet\n\treturn null;\n case 4:\n case 6:\n case 7:\n\tvar len = (s.length - 2) / 2;\n\tvar xHex = s.substr(2, len);\n\tvar yHex = s.substr(len+2, len);\n\n\treturn new ECPointFp(this,\n\t\t\t this.fromBigInteger(new BigInteger(xHex, 16)),\n\t\t\t this.fromBigInteger(new BigInteger(yHex, 16)));\n\n default: // unsupported\n\treturn null;\n }\n}\n\nfunction curveFpEncodePointHex(p) {\n\tif (p.isInfinity()) return \"00\";\n\tvar xHex = p.getX().toBigInteger().toString(16);\n\tvar yHex = p.getY().toBigInteger().toString(16);\n\tvar oLen = this.getQ().toString(16).length;\n\tif ((oLen % 2) != 0) oLen++;\n\twhile (xHex.length < oLen) {\n\t\txHex = \"0\" + xHex;\n\t}\n\twhile (yHex.length < oLen) {\n\t\tyHex = \"0\" + yHex;\n\t}\n\treturn \"04\" + xHex + yHex;\n}\n\nECCurveFp.prototype.getQ = curveFpGetQ;\nECCurveFp.prototype.getA = curveFpGetA;\nECCurveFp.prototype.getB = curveFpGetB;\nECCurveFp.prototype.equals = curveFpEquals;\nECCurveFp.prototype.getInfinity = curveFpGetInfinity;\nECCurveFp.prototype.fromBigInteger = curveFpFromBigInteger;\nECCurveFp.prototype.reduce = curveReduce;\n//ECCurveFp.prototype.decodePointHex = curveFpDecodePointHex;\nECCurveFp.prototype.encodePointHex = curveFpEncodePointHex;\n\n// from: https://github.com/kaielvin/jsbn-ec-point-compression\nECCurveFp.prototype.decodePointHex = function(s)\n{\n\tvar yIsEven;\n switch(parseInt(s.substr(0,2), 16)) { // first byte\n case 0:\n\treturn this.infinity;\n case 2:\n\tyIsEven = false;\n case 3:\n\tif(yIsEven == undefined) yIsEven = true;\n\tvar len = s.length - 2;\n\tvar xHex = s.substr(2, len);\n\tvar x = this.fromBigInteger(new BigInteger(xHex,16));\n\tvar alpha = x.multiply(x.square().add(this.getA())).add(this.getB());\n\tvar beta = alpha.sqrt();\n\n if (beta == null) throw \"Invalid point compression\";\n\n var betaValue = beta.toBigInteger();\n if (betaValue.testBit(0) != yIsEven)\n {\n // Use the other root\n beta = this.fromBigInteger(this.getQ().subtract(betaValue));\n }\n return new ECPointFp(this,x,beta);\n case 4:\n case 6:\n case 7:\n\tvar len = (s.length - 2) / 2;\n\tvar xHex = s.substr(2, len);\n\tvar yHex = s.substr(len+2, len);\n\n\treturn new ECPointFp(this,\n\t\t\t this.fromBigInteger(new BigInteger(xHex, 16)),\n\t\t\t this.fromBigInteger(new BigInteger(yHex, 16)));\n\n default: // unsupported\n\treturn null;\n }\n}\nECCurveFp.prototype.encodeCompressedPointHex = function(p)\n{\n\tif (p.isInfinity()) return \"00\";\n\tvar xHex = p.getX().toBigInteger().toString(16);\n\tvar oLen = this.getQ().toString(16).length;\n\tif ((oLen % 2) != 0) oLen++;\n\twhile (xHex.length < oLen)\n\t\txHex = \"0\" + xHex;\n\tvar yPrefix;\n\tif(p.getY().toBigInteger().isEven()) yPrefix = \"02\";\n\telse yPrefix = \"03\";\n\n\treturn yPrefix + xHex;\n}\n\n\nECFieldElementFp.prototype.getR = function()\n{\n\tif(this.r != undefined) return this.r;\n\n this.r = null;\n var bitLength = this.q.bitLength();\n if (bitLength > 128)\n {\n var firstWord = this.q.shiftRight(bitLength - 64);\n if (firstWord.intValue() == -1)\n {\n this.r = BigInteger.ONE.shiftLeft(bitLength).subtract(this.q);\n }\n }\n return this.r;\n}\nECFieldElementFp.prototype.modMult = function(x1,x2)\n{\n return this.modReduce(x1.multiply(x2));\n}\nECFieldElementFp.prototype.modReduce = function(x)\n{\n if (this.getR() != null)\n {\n var qLen = q.bitLength();\n while (x.bitLength() > (qLen + 1))\n {\n var u = x.shiftRight(qLen);\n var v = x.subtract(u.shiftLeft(qLen));\n if (!this.getR().equals(BigInteger.ONE))\n {\n u = u.multiply(this.getR());\n }\n x = u.add(v); \n }\n while (x.compareTo(q) >= 0)\n {\n x = x.subtract(q);\n }\n }\n else\n {\n x = x.mod(q);\n }\n return x;\n}\nECFieldElementFp.prototype.sqrt = function()\n{\n if (!this.q.testBit(0)) throw \"unsupported\";\n\n // p mod 4 == 3\n if (this.q.testBit(1))\n {\n \tvar z = new ECFieldElementFp(this.q,this.x.modPow(this.q.shiftRight(2).add(BigInteger.ONE),this.q));\n \treturn z.square().equals(this) ? z : null;\n }\n\n // p mod 4 == 1\n var qMinusOne = this.q.subtract(BigInteger.ONE);\n\n var legendreExponent = qMinusOne.shiftRight(1);\n if (!(this.x.modPow(legendreExponent, this.q).equals(BigInteger.ONE)))\n {\n return null;\n }\n\n var u = qMinusOne.shiftRight(2);\n var k = u.shiftLeft(1).add(BigInteger.ONE);\n\n var Q = this.x;\n var fourQ = modDouble(modDouble(Q));\n\n var U, V;\n do\n {\n var P;\n do\n {\n P = new BigInteger(this.q.bitLength(), new SecureRandom());\n }\n while (P.compareTo(this.q) >= 0\n || !(P.multiply(P).subtract(fourQ).modPow(legendreExponent, this.q).equals(qMinusOne)));\n\n var result = this.lucasSequence(P, Q, k);\n U = result[0];\n V = result[1];\n\n if (this.modMult(V, V).equals(fourQ))\n {\n // Integer division by 2, mod q\n if (V.testBit(0))\n {\n V = V.add(q);\n }\n\n V = V.shiftRight(1);\n\n return new ECFieldElementFp(q,V);\n }\n }\n while (U.equals(BigInteger.ONE) || U.equals(qMinusOne));\n\n return null;\n}\nECFieldElementFp.prototype.lucasSequence = function(P,Q,k)\n{\n var n = k.bitLength();\n var s = k.getLowestSetBit();\n\n var Uh = BigInteger.ONE;\n var Vl = BigInteger.TWO;\n var Vh = P;\n var Ql = BigInteger.ONE;\n var Qh = BigInteger.ONE;\n\n for (var j = n - 1; j >= s + 1; --j)\n {\n Ql = this.modMult(Ql, Qh);\n\n if (k.testBit(j))\n {\n Qh = this.modMult(Ql, Q);\n Uh = this.modMult(Uh, Vh);\n Vl = this.modReduce(Vh.multiply(Vl).subtract(P.multiply(Ql)));\n Vh = this.modReduce(Vh.multiply(Vh).subtract(Qh.shiftLeft(1)));\n }\n else\n {\n Qh = Ql;\n Uh = this.modReduce(Uh.multiply(Vl).subtract(Ql));\n Vh = this.modReduce(Vh.multiply(Vl).subtract(P.multiply(Ql)));\n Vl = this.modReduce(Vl.multiply(Vl).subtract(Ql.shiftLeft(1)));\n }\n }\n\n Ql = this.modMult(Ql, Qh);\n Qh = this.modMult(Ql, Q);\n Uh = this.modReduce(Uh.multiply(Vl).subtract(Ql));\n Vl = this.modReduce(Vh.multiply(Vl).subtract(P.multiply(Ql)));\n Ql = this.modMult(Ql, Qh);\n\n for (var j = 1; j <= s; ++j)\n {\n Uh = this.modMult(Uh, Vl);\n Vl = this.modReduce(Vl.multiply(Vl).subtract(Ql.shiftLeft(1)));\n Ql = this.modMult(Ql, Ql);\n }\n\n return [ Uh, Vl ];\n}\n\nvar exports = {\n ECCurveFp: ECCurveFp,\n ECPointFp: ECPointFp,\n ECFieldElementFp: ECFieldElementFp\n}\n\nmodule.exports = exports\n"]},"metadata":{},"sourceType":"script"}
Reference in New Issue View Git Blame Copy Permalink